Thank you for sharing!

Your article was successfully shared with the contacts you provided.
When a number of blogs posted secret details and drawings of Apple Computer’s new music technology — code-named Asteroid — Apple’s lawyers did what lawyers do: They sued the Web sites to find out the posters’ identities and sources. In March a judge in Santa Clara, Calif., allowed Apple to enforce the subpoenas, rejecting the bloggers’ claims that as “journalists” they were entitled to legal protection for their sources. Judge James Kleinberg ruled that the details of the Asteroid project, as purloined trade secrets, were stolen property. Even though the trade secrets were widely available online, the bloggers were trafficking in stolen goods, Judge Kleinberg ruled, and they were not entitled to legal protection for their sources. The case looked like a victory for Apple, but by the time the decision came down, the company had already lost the war. Its trade secrets were no longer secrets. Protecting trade secrets after they’ve been posted online is a bit like locking the barn door after the horse is stolen. Indeed, unlike Judge Kleinberg, the majority of courts considering the issue have found that stolen trade secrets posted online cannot be protected. In the old days, companies were worried principally about competitors stealing secrets. However, technology has changed the nature of trade secrets. The Internet has made publishers of everyone: Today there is a new and potentially more dangerous phenomenon afoot. Individuals now obtain improper access to trade secrets, not to use them, but to publicize them. This is not the first time that one of the defendants in the Apple litigation has gotten into trouble for posting secrets. In May 2000 Adobe Systems sued AppleInsider.com for posting a product review of its Acrobat and ImageReady software, which had not yet been publicly released. Other Web site operators have faced similar threats. In October 2003 Diebold, Incorporated, demanded that a Web site remove links to other sites that were posting correspondence about Diebold’s voting machines. Ford Motor Co. went after BlueOvalNews.com for posting internal corporate documents in 1999. And when bloggers posted screen shots of Microsoft’s new mobile operating system in January 2005, they received nasty letters demanding removal of these pictures from Microsoft’s lawyers. The problem is, these letters don’t move fast enough. By the time they are sent, both factually and legally, the trade secrets are gone. Most forms of intellectual property derive value from their public nature — music, movies, and books tend to be valuable because they are known and popular, and trademarks become more valuable as they become associated with the provider of goods or services. Trade secrets, on the other hand, are valuable because they are secret, and only for as long as they remain so. The federal Economic Espionage Act of 1996 parallels various state trade secret laws by requiring that the holder of the trade secret take “reasonable steps” to protect a trade secret, and that the trade secret not be generally known. These aspects are difficult to maintain in the electronic age. A trade secret is only secret if it is not “readily ascertainable” through proper means. Courts first applied this principle to online posting of alleged trade secrets almost a decade ago, when a disgruntled former Scientologist posted religious tracts on a message board hosted by Internet service provider Netcom. The Church sued the poster and Netcom, demanding the removal of the trade secret. Assuming that the teachings were, in fact, trade secrets, and that they had initially been obtained improperly, the court nonetheless denied the injunction because, once posted, it was readily ascertainable, and therefore no longer a trade secret. Typically, if information is posted for a short period of time, a trade secret owner can try to get a court order to remove the data. The limited time that the information was online may be a factor in determining whether the secret is truly public. For example, if during the course of litigation, a filing containing a trade secret is inadvertently filed without a protective order, the fact that the information was briefly in the public domain does not necessarily destroy its trade secret character. When Andrew Bunner posted the source code that enabled DVD copy protection to be defeated, DVD manufacturers sought to enjoin the posting under trade secret law. But such an injunction was essentially moot because, as the California appellate court noted, “By the time [the] lawsuit was filed hundreds of Web sites had posted the program, enabling untold numbers of persons to download it and to use it.” The Bunner court concluded “that which is in the public domain cannot be removed by action of the states under the guise of trade secret protection.” In the past, a company could take some solace in the fact that it suffered genuine damages when a trade secret made its way into the hands of a competitor. A court could enjoin the use of the trade secret, force its return, or order the disgorgement of profits. There aren’t any profits to disgorge when the data thief’s goal is to publicize rather than exploit the trade secret, and injunctions don’t work when the information has already been highly publicized. (However, it is unlikely that a company seeking a trade secret from a competitor could likely escape its legal obligations by having a corrupt employee initially “post” the secret and then rely on this line of cases — the secret will still have been obtained by them improperly.) The Netcom and Bunner courts did not preclude damage lawsuits. But let’s face reality: It is highly unlikely that bloggers, typically college students or recent graduates, have significant assets from which to pay any judgment. Apple is more interested in finding out which of its employees “leaked” the information than in, say, forfeiting a graduate student’s ThinkPad. Of course, even the judgment-proof can go to jail. When 19-year-old college student Igor Serebryany posted secret information about how to circumvent satellite TV scrambling (which he learned while copying documents for a law firm), he found himself on the end of a federal indictment in December 2004. But such criminal cases are rare. To make matters worse, the filing of the lawsuit itself is essentially an admission that the company can’t protect its assets — an admission that may not inspire investor confidence. In the electronic world, trade secrets are frequently located on servers that contain massive amounts of data. Access restrictions to these servers may be nothing more than a user ID and password, with tens of thousands of employees with actual or potential access to the network. Information security vulnerabilities, unpatched systems, misconfigured firewalls, spyware, Trojan Horse programs, or computer viruses further weaken the overall limits to access of such trade secrets. The speed and insecurity of unencrypted e-mail, coupled with employees, vendors, and contractors working around the globe, often from home, or insecure wireless networks, create many more opportunities for these trade secrets to go astray. Backing up data and storing it remotely enhances disaster recovery capability, but also increases the likelihood that the information will be compromised. Small USB “thumb drives,” portable external hard drives, servers accessible by PDA and cell phone, and even Apple’s own iPod are used to “offload” corporate information onto a massive storage device. Increasingly, companies will see trade secrets migrate to the Internet and become public. While effective monitoring of blogs and extraordinarily prompt responses may help take down this information once it leaks, the better approach is to prevent the information from leaking in the first place. This requires training and education about what constitutes a trade secret, control over information access, and overall IT security over the long run. Until then, there’s not much for companies to do, except wait for the phone call. From 1984 to 1991 Mark D. Rasch led the U.S. Department of Justice’s criminal division’s efforts to investigate and prosecute computer and high technology crime. He is currently senior vice president and chief security counsel for Internet security firm Solutionary, and is based in Bethesda, Md.

This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.

To view this content, please continue to their sites.

Not a Lexis Advance® Subscriber?
Subscribe Now

Not a Bloomberg Law Subscriber?
Subscribe Now

Why am I seeing this?

LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.

For questions call 1-877-256-2472 or contact us at [email protected]

Reprints & Licensing
Mentioned in a Law.com story?

License our industry-leading legal content to extend your thought leadership and build your brand.


ALM Legal Publication Newsletters

Sign Up Today and Never Miss Another Story.

As part of your digital membership, you can sign up for an unlimited number of a wide range of complimentary newsletters. Visit your My Account page to make your selections. Get the timely legal news and critical analysis you cannot afford to miss. Tailored just for you. In your inbox. Every day.

Copyright © 2021 ALM Media Properties, LLC. All Rights Reserved.