Unfair Competition & Trade Secrets Counsel - The latest news and innovative strategies for protecting trade secrets and preventing unfair competition

By Dylan Wiseman

On December 28, 2012, President Obama enacted the Theft of Trade Secrets Clarification Act of 2012, which clarifies the scope of the Economic Espionage Act of 1996 (18 U.S.C. §§ 1831-39). The newly enacted amendments are intended to reverse the recent Second Circuit decision in United States v. Aleynikov, 676 F.3d 71 (2d Cir. 2012). 

In the heavily-criticized Aleynikov decision, the Second Circuit overturned a conviction against a former employee accused of stealing trade secret computer source code under the Economic Espionage Act. To understand purpose of the Theft of Trade Secrets Clarification Act, it is necessary to review the facts of the Aleynikov ruling. 

In Aleynikov, the defendant was previously employed by Goldman Sachs & Co. as a computer programmer. He helped develop source code for the company’s proprietary high-frequency trading (HFT) system that was used in securities and commodities trading for making large volumes of trades within fractions of a second. On the last day of his employment in June 2009, he encrypted and uploaded more than 500,000 lines of source code for the HFT system to a server in Germany. After uploading the source code, the defendant deleted the encryption program and his history of computer commands. When he returned to his home in New Jersey, he then downloaded the encrypted source code for use at his new employment with a Chicago-based startup that sought to create its own HFT system. In July 2009, after returning from Chicago following a meeting with his new employer’s principals with a flash drive and a laptop containing portions of the Goldman HFT source code, he was arrested by the FBI. 

Continue Reading

By Harry Jones

Increasingly, employers who suffer data breaches from employees are using the Computer Fraud and Abuse Act (CFAA) to trigger federal question jurisdiction and have the dispute heard in federal court. As a hybrid criminal-civil statute, the CFAA forbirds knowing and fraudulent access of computers without “authorization” or “exceeding authorized access” to further fraud and “obtain anything of value.” 

The federal courts of appeal have diverged in how to interpret the two “authorization” components (lacking or exceeding authorization) of the CFAA in civil suits. The Seventh Circuit, in International Airport Centers LLC v. Citrin, interpreted the CFAA broadly as a federal misappropriation statute, where disloyal abuse of prior permission to use employer computers robs the employee of “authorization.” The narrower and more popular view is the Ninth Circuit’s interpretation in U.S. v. Nosal, where the court concluded the CFAA offense of “exceeding authorized access” does not encompass the insider employee who merely violates computer use restrictions.” This interpretation was recently adopted by the Fourth Circuit. Adherents to Nosal rely on the rule of lenity, which strictly construes criminal laws in favor of defendants.

Continue Reading

By John Lassetter 

Trade secret disputes increasingly center on an ex-employee copying trade secret information from the former employer’s computer system and using that information to benefit his or her new employer. Civil claims under the federal Computer Fraud and Abuse Act (CFAA) can be a useful tool for employers seeking to enjoin ex-employees and competitors from benefiting from unlawfully obtained trade secret information and to recoup losses. In order to assert a civil claim under the CFAA, a plaintiff must plead losses aggregating at least $5,000 over a one-year period. The decision in Del Vecchio v. Amazon.com, Inc., No. C11-cv-00366-RSL, from the U.S. District Court for the Western District of Washington, indicates that employers asserting CFAA claims must plead facts that clearly reflect actual losses of $5,000 and facts connecting those losses to an ex-employee’s unlawful theft of trade secrets in order to survive a motion to dismiss. Employers should carefully detail the calculation of actual losses and facts reflecting the connection between those losses and the theft of the trade secrets in dispute to avoid dismissal of a CFAA claim. 

In Del Vecchio, the court granted the defendant company’s motion to dismiss the plaintiffs’ CFAA  claim. The plaintiffs were individuals who claimed that the company had unlawfully transferred cookies onto their computers. They alleged that the company had placed internet cookies on their computers against their wishes by “‘exploiting’ a known frailty in the cookie-filtering function of Microsoft’s Internet Explorer browser software” in violation of the CFAA. Citing the U.S. Supreme Court’s Iqbal/Twombly precedent requiring that a complaint “state a claim to relief plausible on its face,” the court in Vecchio dismissed the plaintiffs’ CFAA claim, finding that the plaintiffs failed to allege facts sufficient to demonstrate that a $5,000 loss had occurred.   

Continue Reading

By Lena K. Sims

Last week, the Ninth Circuit published its long awaited en banc decision, authored by Chief Judge Alex Kozinski, in United States v. Nosal [pdf].  The 9-2 reversal of the 3-judge appellate decision holds that the Computer Fraud and Abuse Act's phrase “exceeds authorized access” is limited to violations of restrictions on physical access to information and does not extend to violations of restrictions on the use of information.  Prosecution under the CFAA thus requires proof of “hacking” and employers will not be able to bring a claim for violation of the CFAA based on a violation of a computer use policy.    

The decision calls out for United States Supreme Court review.  It departs from the Fifth, Seventh and Eleventh Circuit decisions concerning interpretation of the same statutory language and criticizes those courts for taking a short-sighted approach that focused on the facts of the cases before them while criminalizing acts that are wide-spread, commonplace and trivial.  

Unlike those cases, the Nosal decision makes only a quick introductory recitation of the facts of the case.  Those following the case will recall that Nosal persuaded his former colleagues still working for his former employer to help him start a competing business by accessing information from the company’s database and then transferring that information to Nosal.  The employees had access to the database, but use of the information was restricted by policy:  “This product is intended to be used by Korn/Ferry employees for work on Korn/Ferry business only.”  Nosal was criminally prosecuted for aiding and abetting the employees in “exceeding their authorized access” with intent to defraud the employer.       

Continue Reading

By Kerry L. Middleton

Recently, a Minnesota federal district court construed the federal Computer Fraud and Abuse Act narrowly and dismissed an employer’s CFAA claim against three former high-level employees.   In Walsh Bishop Associates, Inc. v. O’Brien, et al. [pdf], the court held that civil liability under the CFAA does not extend to an employee’s alleged later misuse of information that the employee was authorized to access.  Thus, the court concluded that civil liability under the statute turns on whether the former employees were authorized to access the data at issue, not on whether the former employees allegedly misused the data after accessing it. 

The CFAA makes it unlawful for any person to obtain information from a computer by intentionally accessing the computer without authorization or by exceeding authorized access.  Employers frequently include a CFAA claim in suits against former employees for trade secret misappropriation.    

In Walsh Bishop, the defendants were former executive-level employees.  Among other things, the employer alleged that the defendants accessed documents the employer claimed were confidential and took those documents with them after leaving the employer’s employ.    

Continue Reading

By Eric C. Bellafronto and Michael E. Harvey

Employers often prohibit employees from using work computers for personal, non-work related purposes, but let’s say an employee accesses a work computer to plan a personal vacation to Hawaii or shop for clothes for a child.  Has the employee committed a federal crime?  The question of whether it is a federal crime for an employee to access a company computer for purposes outside the scope of a company’s computer policy was posed by the Ninth Circuit during a recent oral argument regarding the reach of the Computer Fraud and Abuse Act (“CFAA”), in the case of En Pointe Technologies, Inc. v. Sarcom, Inc., et al.

In January 2010, En Pointe filed a federal lawsuit against two former employees seeking $1,000,000 in damages.  En Pointe alleged that its former employees violated the CFAA by taking confidential information from company computers.  The CFAA is a federal law that prohibits certain actions that range from obtaining information from a computer without authorization, to damaging a computer through unauthorized access.  En Pointe alleged that its former employees unlawfully exceeded their authorization to access its computers and fraudulently obtained valuable company information.  The lower court dismissed the claims because the former employees were authorized to access En Pointe’s computers.  Therefore, the court reasoned that no violation of CFAA could have occurred – notwithstanding other laws protecting employer information. 

On appeal, En Pointe urged a three-judge panel to reinstate its CFAA claims based on the Ninth Circuit’s prior ruling in United States v. Nosal.  In that case, the court held that a CFAA claim may stand against former employees who obtain information from their employer’s computers in violation of a computer access policy. Highlighting the importance of the employer’s policy, the court reasoned that an employee may violate the CFAA by exceeding the employer’s restrictions on the employee’s use of the computer itself or the information contained in that computer.

Continue Reading

By Douglas A. Wickham

Almost instinctually, when learning that a present or former employee may have misappropriated trade secrets, employers quickly assess whether to take immediate action and seek temporary and permanent injunctions from civil courts.  However, the recent federal criminal prosecution and sentencing of a Wall Street computer programmer underscores the importance of criminal trade secrets prosecutions to deter future misbehavior.

Sergey Aleynikov was indicted [pdf] in February 2010 “on charges related to his theft of proprietary computer code concerning a high-frequency trading platform from his former employer, Goldman Sachs.”  In December 2010, Aleynikov was convicted after a trial in the Southern District of New York. 

In March 2011, U.S. District Judge Denise Cote in Manhattan sentenced Aleynikov to serve eight years and one month in federal prison.  Prior to sentencing, Aleynikov told the judge that “I never meant to cause Goldman any harm.  I did not intend to harm anyone.”  Judge Cote disagreed, however, concluding that “[h]e knew that what he was doing would harm Goldman Sachs.”

Continue Reading