Saturday, October 22, 2016

Trade Secrets in Databases

Database as a Trade Secret

Trade secrets in database records fall victim to many who seek the potential value of stored records from a variety of entities, either from government agencies and competitor businesses, to also include medical and financial enterprises, and even from their own employer or client.  Intruding into another’s database is becoming too common in our economy and database intrusion was a pivotal issue in a landmark Ninth Circuit case, United States v. Nosal.  While the case largely engaged discussion on the scope of the Computer Fraud and Abuse Act (“CFAA”), 18 U.S.C. § 1030, the case also addressed the issues of trade secrets under the Economic Espionage Act (“EEA”), 18 U.S.C. § 1831 et seq.[1]  As the Ninth Circuit notes in its Order, Nosal was convicted on two counts of trade secret theft under the EEA.  Nosal was charged with unauthorized downloading, copying and duplicating of trade secrets and unauthorized receipt and possession of stolen trade secrets which violated §§ 1832(a)(2) & (a)(4) of the EEA.

The key to the analysis of the handling of the trade secret intrusion issue of the case was the sufficiency of the evidence to support a finding.  The Court weighed into the Economic Espionage Act and determined that the EEA requires that there be intent to convert a trade secret and intending or knowing that the offense will injure [an] owner of that trade secret.  In so doing it saw that the requirement of Nosal knowing that the receipt or possession of a trade secret with knowledge that it was “stolen or appropriated, obtained, or converted without authorization, was instrumental in laying the foundation for establishing the condition for a violation.  Though Nosal challenged the sufficiency by raising that the information culled was sourced from public records and that it could not be deemed as a misappropriation of a trade secret, or for that matter, a trade secret.

The Court made a clear distinction by analogizing the subject before it to other trade secret cases involving technical drawings, scientific formulas, specimens and data results in research, or aeronautical assessments in engineering designs. The Court reasoned that the EEA’s scope is not limited to select segments of the industry, but that the EEA encompasses financial and business information.[2]  While it cited the definition of trade secrets under the Act, it emphasized technical as well as financial and business information that is intended by the owner to be kept secret because of the economic value import of the secret itself.  Furthermore, the Court reasoned that its value was engendered by it not being generally known to the public.[3]  The Court opined that what Nosal sought and acquired was “classic examples of a trade secret that derives from an amalgam of public and proprietary source data”  and that the “data came from public sources and other data came from internal, confidential sources.”[4]  The Court gave import to the effort and system of research and algorithm employed to compose the record database that made it unique and not commonly searched information.

As the Ninth Circuit so clearly articulated about the characteristic of the data record sought by Nosal, “Instead, the nature of the trade secret and its value stemmed from the unique integration, compilation, cultivation, and sorting of, and the aggressive protections applied to, the Searcher database.”[5]  Its analysis borrowed from an Eight Circuit case, Conseco[6] and a Tenth Circuit case, Hertz[7] where customer lists were taken by employees.  The customer lists in question were unique by their form, manner of cataloging, and analysis that was involved in the list’s composition.  The Eight Circuit stated that they were trade secrets as they are ““specialized” computer program that was “unique” to Conseco.””  Similar to the Hertz case, the process involved to gather and organize the data made it a trade secret.

In essence, the purported value of a data record to be become and be considered a trade secret originates in the manner in which the owner pursued its composition, characteristic, cataloging, purpose, use, and its intended unique use and storage from others to use and see.  Its custodial handling is as well important to analyze, especially how it is dealt with in personnel policies and employment manuals for employees to follow and management to enforce.

[1] Computer Fraud and Abuse Act of 1986, Pub. L. No. 99-474. , § 2(g)(4), 100 Stat. 1213-15.  CFAA was later expanded to protect any computer “used in interstate or foreign commerce or communication.” Economic Espionage Act of 1996, Pub. L. 104-294, § 201(4)(B), 110 Stat. 3488, 3493 (codified as amended at 18 U.S.C. § 1030(e)(2)(B)).
[2] Order, Ninth Circuit, #14-10037, at p. 32.

[3] Footnote 15 of the Order stated as follows: Congress recently amended § 1839, replacing “the public” with “another person who can obtain economic value from the disclosure or use of the information.” Defend Trade Secrets Act of 2016, Pub. L. No. 114-153, § 2(b)(1)(A), 130 Stat. 376, 380.
[4] Order, at p. 34.

[5] Order, at p. 34.
[6]Conseco Finance Servicing Corp. v. North American Mortgage Co., 381 F.3d 811 (8th Cir. 2004).

[7] Hertz v. Luzenac Grp., 576 F.3d 1103, 1114 (10th Cir. 2009) (holding that a customer list may be a trade secret where “it is the end result of a long process of culling the relevant information from lengthy and diverse sources, even if the original sources are publicly available”).

Lorenzo Law Firm is “Working to Protect your Business, Ideas, and Property on the Web." Copyright 2016, all rights reserved Lorenzo Law Firm, P.A.

Tuesday, October 11, 2016

Internet Information the Malady of Doxing, “You’ve been Doxed”

Internet information that is available to read on the Internet about someone or anyone to see is startling.  There is a lot to be said about the amount of information available on the Internet.  Many are surprised on how their information got on the Internet and the ease with which public information and personal information can be retrieved and researched.  It goes without saying about how freely users of social media disclose their personal information.  Some personal information may seem benign and harmless but put together with key identifying credentials and someone’s life is open for all to read on the Internet.  Data brokers play an integral role in the vast amount of aggregated information that floats around the Internet.
What others do with the available information on the Internet about someone presents the malady of doxing.  Why would it be important to anyone to know that a particular individual had a speeding ticket fifteen years ago, other than to a potential employer for employment involving driving? Why would anyone be interested that someone filed bankruptcy, other than an employer or a financial institution resorted to for a home loan?  There is indeed a lot that is unsaid about Internet doxing and where the line crosses into cyber bullying and possible online defamation.
At first blush, one would consider that publicly accessible information is benign and does not have weight to its impact on the person.  Furthermore, one would consider that the reporting of the researched information about someone is as well harmless, especially if the information is considered a public record.  What is missed in that calculus is the use of the information and the motive for sharing the information on the Internet.  What is also missed in that calculus is whether the information posted on the Internet about someone is factual and is it accurate.  This consideration raises defamation and invasion of privacy questions that could very well render the poster of the Internet content liable to the exposed talked about person.  Worse is when the person posting was negligent in posting on the Internet false information about someone.  The careless disregard for the truth by the person posting information and content on the Internet about someone else runs a great risk of facing a solid defamation lawsuit including other defamation related counts. Such careless disregard for the truth is compounded when that person knew or should have known the truth to be other than what was communicated on the Internet.
Simply speaking, retrieving otherwise private information about someone on the Internet may cross the line and essentially be considered a form of harassment or cyber bullying. States across the United States have promulgated such provisions addressing cyberbullying and online harassment.  Both California and New Jersey have vehemently addressed the problem with using the Internet to harass someone and New Jersey has even considered it a crime.  It is also outlandish to collect a person’s home address, date of birth, and other personal information through an unauthorized background check and drop it into the Internet realm without permission.  Such an act could face serious charges.
The damaging impact upon the doxxed individual is compounded by virtue of the Internet.  The original post could be deleted from the Internet but there is also the possibility that the posted content goes viral with hundreds or thousands of views and comments cross-linking sharing the post.  Of course, thus far this post has been referring to the indexed realm of the Internet that is captured by search engines such as Google, Bing, Yandex, Vimeo, Dogpile, and Yahoo, just to name a few.  The far open and far reaching content in the unindexed Internet realm stands to linger for years on the Internet and available for anyone to read.  As this post had briefly commented, the malady of doxing presents an unavoidable issue for everyone to wrestle with for years to come as information lingers on the internet as it is propagated further perpetuating its effect.

Originally posted at

Lorenzo Law Firm is “Working to Protect your Business, Ideas, and Property on the Web." Copyright 2016, all rights reserved Lorenzo Law Firm, P.A.