First rule of thumb in trade secrets litigation? A trade secret must be kept secret. It is painfully obvious, but modern practitioners must not grow complacent due to the convenience of electronic filing. Although trade secrets law does not command absolute secrecy, a recent e-filing snafu in HMS Holdings Corp. v. Arendt offers a cautionary tale from New York on how one botched upload could jeopardize a client’s most prized possession.
A 22-year-old Canadian hacker has been sentenced to federal prison by a Delaware court for engaging in a conspiracy to break into the computer networks of several large gaming companies, to steal trade secret and other information related to unreleased products, and to commit criminal copyright infringement. According to the Government’s Sentencing Memorandum, David Pokora of Ontario, sentenced last Thursday was “a leading member in an international computer hacking ring . . . that committed numerous unlawful intrusions into the computer networks of various technology companies involved in the $22 billion-dollar video gaming industry.” The conspiracy’s victims included Microsoft, Epic Games (which develops the highly popular “Gears of War” series), and Activision Blizzard (which published, among many other successful games, “Call of Duty: Modern Warfare 3”). Pokora and his co-conspirators committed their intrusions by stealing the identities of over ten thousand employees and business partners of the victim companies. And they stole intellectual property valued by the Government “at over $100 million, but almost certainly exceeding $1 billion.”
Declaring cybercrime a “national emergency,” President Obama today empowered Treasury to freeze assets that are the fruits of cybercrime, according to an Executive Order issued this afternoon. The agency can block money or property in the United States or in the control of any United States person determined to have engaged in “cyber-enabled activities” originating or directed from outside the United States. Targeted activities include harming computer networks in critical infrastructure sectors; significantly disrupting a computer network; or causing significant misappropriation of trade secrets and other protected information. The EO also enables seizure of money or property of any persons involved in misappropriating trade secrets by “cyber-enabled means” that impact the national security, foreign policy, or economic health or financial stability of the United States.
TSW is tracking the EO and will report further developments.
One of the biggest challenges the cyber-security field faces today—aside from outright hacking—is the fact that employees’ data is increasingly portable. Data portability can be a major boon for employers. For instance, it may allow an employer to offer its employees the ability to work remotely (something that can improve employees’ work/life balance, or could be a reasonable accommodation for an employee’s disability). However, data portability can also present major risks for an employer, particularly if an employee stands to profit from misuse of that information.
Imagine that you are the General Director of a company (the Russian equivalent of an American CEO), and your information security department finds out that an employee, who you have long suspected of industrial espionage, has sent important confidential information belonging to the company to his personal email address. In that situation, what would you do? Would you (a) do nothing for the moment and wait until you have more definite proof of industrial espionage; (b) make the employee tell you why he sent the information to his personal email address; or (c) dismiss the employee? Clearly, you need to find out who the information is being sent to and maintain your reputation for enforcing the rules.
Orrick’s Chris Ottenweller and Derek Knerr recently took to Law360 to review recent cases involving theories of third-party liability for trade secret misappropriation. New employees are one obvious source of potential liability if they bring to the job information obtained from their prior employer. But in recent years companies have also increasingly faced suits based on relationships with contractors and vendors. Chris and Derek offer some practical considerations to help companies mitigate potential liability in the first place.