Healthcare data is one of the most desirable forms of data for cyber criminals to steal because its value on the cyber black market — the Dark Web — is much higher than most other forms of data. While there are several reasons for this, the recent study Your Life, Repackaged and Resold: The Deep Web Exploitation of Health Sector Breach Victims, concluded Continue reading “Why is Healthcare Data So Valuable to Cyber Criminals?”
A few years ago Texas joined most other states and enacted its version of the Uniform Trade Secrets Act (UTSA, or Texas’ TUTSA). Recently, the federal Defend Trade Secrets Act (DTSA) became law. While there are quite a few similarities between these laws, there are also some substantial differences that you need to know to protect your businesses’ trade secrets. Continue reading “What You Need to Know About Protecting Trade Secrets Under State and Federal Law”
The Texas Supreme Court recently addressed the question of when a competitor’s corporate representative can be excluded from the courtroom in a trade secrets case. Continue reading “Can Parties be Excluded from the Courtroom in Trade Secrets Cases?”
Shawn Tuma was a guest the Down the Security Rabbithole podcast where he and hosts Rafal Los (@Wh1t3Rabbit) and Michael Santarcangelo (@Catalyst) discussed recent events in the world of cyber law. Continue reading “Cyber Law Update on #DtSR Podcast with Los, Santarcangelo and Tuma”
Trade secrets are the lifeblood of a company but it can be a difficult issue to understand.
Here is a free guide to help you identify and protect your company’s trade secrets.
Yes, Your Business Has Trade Secrets
Whether they realize it or not, virtually every business has trade secrets which can be as simple as something unique or remarkable about the way it makes a product or provides a service that sets it apart from the competition. This is something that gives the business a competitive advantage and is usually something it has spent significant time and resources to develop.
Unfortunately, in today’s business environment, honor and integrity are not always the rule and many businesses find their trade secrets are being taken and used to compete against them. This can come from as close as disloyal employees or local competitors to around the world from foreign state‐sponsored organizations engaging in industrial espionage.
Preparation is the Key to Successfully Protecting Your Businesses’ Trade Secrets
The first-time many businesses ever gives serious thought to their trade secrets is when they find that they have been taken. It is then that the business begins scrambling to identify its trade secrets and, assuming it can put together a comprehensive list, hopes and prays that it has satisfied the requirements for keeping that information protected under the law of trade secrets so that it can use the legal process to keep it from being used by the businesses’ competitors. To make matters worse, when the disclosure of trade secrets is being threatened and an injunction from a court is all that will stop it, Time is precious and every minutes can make the diﬀerence between winning or losing.
Here Is The Guide
Shawn Tuma has prepared a comprehensive Guide to help you understand how to identify and protect your businesses’ trade secrets. The Guide provides a step-by-step explanation of everything from what trade secrets are in general, to how to identify your own businesses’ trade secrets, to the most common threats against trade secrets, and how to protect against those threats.
You can download a free .pdf copy of the Guide by clicking on this link: Business Guide for Identifying and Protecting Trade Secrets
Once you have downloaded the Guide, you can be proactive in protecting your businesses’ trade secrets by using it to prepare for the problem before it ever arises and, in doing so, help reduce the chances that the problem will ever arise by:
- carefully evaluating what information it has that qualifies as trade secret information;
- implementing security measures, policies, and procedures to prevent the disclosure of that information and protect its trade secret status; and,
- in the event its trade secrets are ever compromised, be much better prepared to quickly and eﬃciently make its case in a court of law and successfully prevent others from using its trade secrets.
Shawn Tuma (@shawnetuma) is a business lawyer with an internationally recognized reputation in cybersecurity, computer fraud and data privacy law. He is a Cybersecurity & Data Privacy Partner at Scheef & Stone, LLP, a full-service commercial law firm in Texas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.
An employee, after leaving a company, is no longer authorized to continue accessing its data–regardless of what steps the company took. This is, and always has been, a no-no. But, not everyone seems to realize it.
The United States Court of Appeals for the Fourth Circuit recently affirmed a Computer Fraud and Abuse Act conviction for a man who used a backdoor into his former employer’s computer system to continue accessing data after he went to a competitor. The fact that his former employer had not changed his password did not dissuade the court.
The district court proceeding
The United States Court of Appeals for the Fourth Circuit, on Christmas Eve 2014, handed down the unpublished opinion United States v. Steele, 2014 WL 7331679 (4th Cir. Dec. 24, 2014). In Steele, the Court upheld the jury conviction for two misdemeanor and twelve felony counts for violating the unauthorized access prong of the Computer Fraud and Abuse Act (CFAA), 18 U.S.C. § 1030(a)(2)(C).
Steele, while not establishing new law, does illustrates an important distinction in employee computer and data misuse cases: misuse by current employees versus former employees. The notorious Circuit Split involves misuse by current employees but, when it comes to former employees, the law is clear. When the employment relationship terminates, so too does the now-former employee’s authorization to access the computer system and data.
Robert Steele worked as vice president of business development and also the backup systems administrator for Platinum Solutions, Inc. His role as a systems administrator gave him access to the company’s server, which allowed him to monitor email accounts and employee passwords. Platinum was eventually sold and became SRA and Steele resigned to go work for a competitor who also provided contract IT services to government defense agencies.
For nine months after his resignation from SRA, Steele continued to log in to the company’s computer server using a “backdoor” account he had used during his employment. Using this, he accessed the server almost 80,000 times during which he proceeded to access and download documents and emails related to the company’s contract bids–bids that were competitive to his new employer and, therefore, confidential trade secrets.
A jury convicted Steele for fourteen violations of the CFAA; he received a 48 month prison sentence and was ordered to pay $50,000 in fines, $1,200 in fees, and $335,977.68 in restitution. Steele appealed.
The court of appeals opinion
Of his grounds for appeal, the most relevant is Steele’s argument that his post-termination accesses of the servers were not “without authorization.” Steele argued that because the company did not change the password to this “backdoor” account following his resignation, he continued to have authorization to use the account to access the servers. He based this argument on the Fourth Circuit’s opinion in WEC Carolina Energy Solutions LLC v. Miller, 687 F.3d 199 (4th Cir. 2012).
In WEC Carolina, the Court dealt with the Circuit Split issue of a current employee using his employer’s computer system to obtain information that he then used for improper purposes and whether such use is in “excess of authorization” under § 1030(a)(2). The WEC Carolina Court adopted the narrow view which holds that § 1030(a)(2) prohibits a current employee from unlawfully accessing a protected computer but not from misusing information that he obtained while lawfully accessing the computer.
The Steele Court explained how this distinction applies to this case:
Importantly, this split focuses on employees who are authorized to access their employer’s computers but use the information they retrieve for an improper purpose. Steele’s case is distinguishable for one obvious reason: he was not an employee of SRA at the time the indictment alleges he improperly accessed the company’s server. In WEC Carolina, authorization did not hinge on employment status because that issue was not in dispute. Here, by contrast, the fact that Steele no longer worked for SRA when he accessed its server logically suggests that the authorization he enjoyed during his employment no longer existed.
* * *
Common sense aside, the evidence provides ample support for the jury’s verdict. SRA took steps to revoke Steele’s access to company information, including collecting Steele’s company-issued laptop, denying him physical access to the company’s offices, and generally terminating his main system access. And Steele himself recognized that his resignation effectively terminated any authority he had to access SRA’s server, promising in his resignation letter that he would not attempt to access the system thereafter. Just because SRA neglected to change a password on Steele’s backdoor account does not mean SRA intended for Steele to have continued access to its information.
As the Steele Court hinted, common sense or basic ethics, however one looks at it, should have been enough to tell Steele that after leaving SRA, he was no longer authorized to continue accessing its data. It wasn’t enough. Now he has 48 months to think about where he went wrong as well as how he is going to come up with nearly $400,000.
Shawn Tuma is a cybersecurity lawyer business leaders trust to help solve problems with cutting-edge issues involving computer fraud, cybersecurity, privacy and intellectual property law. He is a partner at Scheef & Stone, LLP, a full service commercial law firm in Texas that represents businesses of all sizes across the United States.
What is Cyber Espionage?
Corporate espionage, industrial espionage, and cyber espionage all generally mean the same thing: (1) intentionally targeting or acquiring trade secrets of companies to benefit any foreign government, foreign instrumentality, or foreign agent, (FBI) which means, in simpler terms, (2) espionage conducted to gain a commercial advantage (Wikipedia).
What is this not? This is not espionage to gain a national security advantage — it is to gain economic advantage. Of course, it could be argued that this is a distinction without a difference as an economic advantage could certainly help on national security matters as well, but that is going down too deep into the weeds. You need to understand the distinction.
I have been writing about cyber espionage for a while,
And, I have spoken about it at seminars where many people probably thought I was making that stuff up — you know, about the big bad conspiracy by foreign governments to steal valuable intellectual property from US businesses to give their countries’ businesses a competitive advantage.
But I have to admit, it is really nice to have validation from a reputable source — the United States Department of Justice.
An Example of Cyber Espionage
This week the news is abuzz about a lawsuit brought by the United States Department of Justice in the United States District Court for the Western District of Pennsylvania against five officers of the Chinese People’s Liberation Army: Wang Dong, Sun Kailiang, Wen Xinyu, Huang Zhenyu and Gu Chunhui.
The Indictment charges the Chinese officers with six offenses:
- Conspiring to commit computer fraud and abuse (Computer Fraud and Abuse Act, 18 U.S.C. § 1030(b));
- Wrongful access of a protected computer for financial gain (Computer Fraud and Abuse Act, 18 U.S.C. §§ 1030(a)(2)(C), 1030(c)(2)(B)(i)-(iii), and 2);
- Wrongful transmission to damage a protected computer (Computer Fraud and Abuse Act, 18 U.S.C. §§ 1030(a)(5)(A), 1030(c)(4)(B), and 2);
- Aggravated identity theft (Identity Theft Act, 18 U.S.C. §§ 1028A(a)(1), (b), (c)(4), and 2);
- Economic espionage (Economic Espionage Act, 18 U.S.C. §§ 1831(a)(2), (a)(4), and 2); and
- Trade secret theft (Trade Secrets Act, 18 U.S.C. §§ 1832(a)(2), (a)(4), and 2).
The Indictment, based off of an FBI investigation, alleges that from 2006 to 2014 the officers actions targeted six US companies (Westinghouse Electric Co. (Westinghouse), U.S. subsidiaries of SolarWorld AG (SolarWorld), United States Steel Corp. (U.S. Steel), Allegheny Technologies Inc. (ATI), the United Steel, Paper and Forestry, Rubber, Manufacturing, Energy, Allied Industrial and Service Workers International Union (USW) and Alcoa Inc.) with hacking into the computer systems of the companies and engaging in the following conduct (see DOJ Summary):
In 2010, while Westinghouse was building four AP1000 power plants in China and negotiating other terms of the construction with a Chinese SOE (SOE-1), including technology transfers, Sun stole confidential and proprietary technical and design specifications for pipes, pipe supports, and pipe routing within the AP1000 plant buildings.
Additionally, in 2010 and 2011, while Westinghouse was exploring other business ventures with SOE-1, Sun stole sensitive, non-public, and deliberative e-mails belonging to senior decision-makers responsible for Westinghouse’s business relationship with SOE-1.
In 2012, at about the same time the Commerce Department found that Chinese solar product manufacturers had “dumped” products into U.S. markets at prices below fair value, Wen and at least one other, unidentified co-conspirator stole thousands of files including information about SolarWorld’s cash flow, manufacturing metrics, production line information, costs, and privileged attorney-client communications relating to ongoing trade litigation, among other things. Such information would have enabled a Chinese competitor to target SolarWorld’s business operations aggressively from a variety of angles.
In 2010, U.S. Steel was participating in trade cases with Chinese steel companies, including one particular state-owned enterprise (SOE-2). Shortly before the scheduled release of a preliminary determination in one such litigation, Sun sent spearphishing e-mails to U.S. Steel employees, some of whom were in a division associated with the litigation. Some of these e-mails resulted in the installation of malware on U.S. Steel computers. Three days later, Wang stole hostnames and descriptions of U.S. Steel computers (including those that controlled physical access to company facilities and mobile device access to company networks). Wang thereafter took steps to identify and exploit vulnerable servers on that list.
In 2012, ATI was engaged in a joint venture with SOE-2, competed with SOE-2, and was involved in a trade dispute with SOE-2. In April of that year, Wen gained access to ATI’s network and stole network credentials for virtually every ATI employee.
In 2012, USW was involved in public disputes over Chinese trade practices in at least two industries. At or about the time USW issued public statements regarding those trade disputes and related legislative proposals, Wen stole e-mails from senior USW employees containing sensitive, non-public, and deliberative information about USW strategies, including strategies related to pending trade disputes. USW’s computers continued to beacon to the conspiracy’s infrastructure until at least early 2013.
About three weeks after Alcoa announced a partnership with a Chinese state-owned enterprise (SOE-3) in February 2008, Sun sent a spearphishing e-mail to Alcoa. Thereafter, in or about June 2008, unidentified individuals stole thousands of e-mail messages and attachments from Alcoa’s computers, including internal discussions concerning that transaction.
Does Your Business Have Trade Secrets?
If your business has trade secrets (and it does), you must protect them. To do this you need to take affirmative steps to identify those trade secrets and implement policies and procedures to protect them from disclosure, whether intentionally or unintentionally, by insiders and outsiders alike. I have made it easy for you to get started.
All you need to do is use this free guide that I prepared to walk you through the process and, of course, feel free to let me know if you have any questions along the way: Texas Business Guide: Identifying and Protecting Trade Secrets Under the (New) Texas Uniform Trade Secrets Act
About the author
Shawn Tuma is a lawyer who is experienced in advising clients on digital business risk which includes complex digital information law and intellectual property issues. This includes things such as trade secrets litigation and misappropriation of trade secrets (under common law and the Texas Uniform Trade Secrets Act), unfair competition, and cyber crimes such as the Computer Fraud and Abuse Act; helping companies with data security issues from assessing their data security strengths and vulnerabilities, helping them implement policies and procedures for better securing their data, preparing data breach incident response plans, leading them through responses to a data breach, and litigating disputes that have arisen from data breaches. Shawn is a partner at BrittonTuma, a boutique business law firm with offices near the border of Frisco and Plano, Texas which is located minutes from the District Courts of Collin County, Texas and the Plano Court of the United States District Court, Eastern District of Texas. He represents clients in lawsuits across the Dallas / Fort Worth Metroplex including state and federal courts in Collin County, Denton County, Dallas County, and Tarrant County, which are all courts in which he regularly handles cases (as well as throughout the nation pro hac vice). Tuma regularly serves as a consultant to other lawyers on issues within his area of expertise and also serves as local counsel for attorneys with cases in the District Courts of Collin County, Texas, the United States District Court, Eastern District of Texas, and the United States District Court, Northern District of Texas.
This morning I have the privilege of speaking at the Collin County Bench Bar Conference and talking with a tremendous group of Collin County Judges and Lawyers about the risks that lawyers, their clients, and their law practices face from data insecurity issues.
Here is the Prezi presentation that I will be using – take a look and tell me what you think! Cyber Fraud, Data Breaches, and Corporate Espionage: How They Impact Your Law Practice
p.s. The theme for the weekend is The Kentucky Derby if you were wondering how the horse fit in!
Corporate espionage (industrial espionage) is a favorite topic of mine. I have written and presented on the subject quite a bit and, while I am never sure how my readers react when I write about this, I do carefully watch the look on my audience members’ faces when I first mention the issue. The story their eyes tell is interesting.
The story of “why should I care about this?”
At first they usually have a glazed over look with no emotion or reaction — as if they are thinking “this is just another lawyer using fancy lawyer words but whatever he is talking about, it doesn’t apply to anything that I do” and they politely sit there feigning paying attention.
And then, I tell them about the cases where Chinese state-sponsored groups had “insiders” planted in companies like Motorola or DuPont to steal their proprietary trade secrets. Their reaction does not change — as if they are thinking “yeah, ok, whatever, my company is not Motorola or DuPont or anything like it — we are a small shop and nobody cares that much about what we have.”
And then, trying to get their attention with something they have heard about, I mention Target and the massive and expensive Target breach. Their reaction does not change — as if they are thinking “dude, why are you telling me this? My company is nothing like Target — we could barely even be a supplier to Target, why would anyone care about us?”
And then, I ask them if they have ever heard of Fazio Mechanical Services — knowing they have no idea of who that is.
So I ask them to raise their hands if they’ve ever heard of Fazio Mechanical Services — and usually no one raises their hands but at least now they are listening …
So I go on to explain that
- Fazio Mechanical Services is (or should I say was) a vendor to Target and that it was a breach of Fazio’s computer system through an email spear phishing attack that ultimately allowed the hackers to breach the Target system;
- While no one may have cared about getting Fazio’s information, Fazio’s system was very valuable to the hackers because it provided an intrusion point into the Target system — which made attacking Fazio very valuable, strategically, to the hackers;
- Hackers are smart and very strategic and now that they have seen a great example of how effective using indirect methods, such as third party vendors, to attack their primary target has been and they will likely do it again;
- Even if they do not believe their company is a high value target to hackers, if one of their suppliers, vendors, or other business associates may be, it could be their system that is used to become that intrusion point to reach the high value target, and
- If that were to happen, their business would likely be the next Fazio and they would probably be looking for new employment.
What does this have to do with hacking through a Chinese Restaurant Takeout Menu (website)?
This usually brings the abstract notion of “corporate espionage” to reality for them. I was reminded of this when I read a recent article in the New York Times titled Hackers Lurking in Vents and Soda Machines that provides a great explanation of how hackers use this indirect method of attack on their primary targets. Here are a few poignant quotes but you should read the whole article:
Unable to breach the computer network at a big oil company, hackers infected with malware the online menu of a Chinese restaurant that was popular with employees. When the workers browsed the menu, they inadvertently downloaded code that gave the attackers a foothold in the business’s vast computer network.
* * *
Hackers in the recent Target payment card breach gained access to the retailer’s records through its heating and cooling system. In other cases, hackers have used printers, thermostats and videoconferencing equipment.
Companies have always needed to be diligent in keeping ahead of hackers — email and leaky employee devices are an old problem — but the situation has grown increasingly complex and urgent as countless third parties are granted remote access to corporate systems. This access comes through software controlling all kinds of services a company needs: heating, ventilation and air-conditioning; billing, expense and human-resources management systems; graphics and data analytics functions; health insurance providers; and even vending machines.
This is a serious problem — even your company needs to pay attention to it, even if no one in your company likes Chinese takeout.
About the author
Shawn Tuma is a lawyer who is experienced in advising clients on complex digital information law and intellectual property issues. These issues include things such as trade secrets litigation and misappropriation of trade secrets (under common law and the Texas Uniform Trade Secrets Act), unfair competition, and cyber crimes such as the Computer Fraud and Abuse Act; helping companies with data security issues from assessing their data security strengths and vulnerabilities, helping them implement policies and procedures for better securing their data, preparing data breach incident response plans, leading them through responses to a data breach, and litigating disputes that have arisen from data breaches. Shawn is a partner at BrittonTuma, a boutique business law firm with offices near the border of Frisco and Plano, Texas which is located minutes from the District Courts of Collin County, Texas and the Plano Court of the United States District Court, Eastern District of Texas. He represents clients in lawsuits across the Dallas / Fort Worth Metroplex including state and federal courts in Collin County, Denton County, Dallas County, and Tarrant County, which are all courts in which he regularly handles cases (as well as throughout the nation pro hac vice). Tuma regularly serves as a consultant to other lawyers on issues within his area of expertise and also serves as local counsel for attorneys with cases in the District Courts of Collin County, Texas, the United States District Court, Eastern District of Texas, and the United States District Court, Northern District of Texas.
When can a competitor use litigation to find out your company’s trade secret information?
Let me explain it this way …
What if it was your businesses’ valuable information?
Pause for a moment and imagine that your business is the industry leading innovator in its field because, through your effort and resources, you have developed secret tricks and techniques for how to do things that your customers love and that is what makes your business so successful. You keep these tricks and techniques so secret that only the most trusted people inside your company — those who have a need to know them — have access to and know these secrets.
These secrets are what the law calls trade secrets. They are what most real people (i.e., non-lawyers) call the “crown jewels”, “keys to the kingdom”, or the “secret sauce” — they are that important.
Now, imagine that your fiercest competitor, who is called FierceCo, knows you have secret ways for how you do things, but does not know what those secrets are. FierceCo has tried for years to find out what they are but has never succeeded. Now FierceCo has met an enterprising lawyer and has a new plan.
Would you want your competitor to get your valuable trade secret information simply by suing you?
FierceCo sues your business — for whatever made-up reason it can concoct — and demands that you disclose what your trade secrets are in the discovery in the lawsuit. Will it work? After all of these years of protecting your businesses’ trade secrets from FierceCo, will you now be required to turn over the “keys to the kingdom”?
Maybe, maybe not.
Your secret information that qualifies as trade secrets is privileged and, because of that privilege, the only way FierceCo can get it is if it can satisfy a specific test under the law. And then, even if FierceCo can get access to that information, the purposes for which it can use the information are severely restricted by court order and any violation of that order could land FierceCo in contempt of court. Contempt is not good — trust me on this.
The test under the Texas Common Law
The test that must be met was explained by the Dallas Court of Appeals in In re The Goodyear Tire & Rubber Co., 392 S.W.3d 687 (Tex. App.–Dallas 2010, orig. proceeding). In this case the court said that a party to a lawsuit can refuse to disclose their trade secrets, and prevent others from disclosing its trade secrets if
- Not disclosing the trade secrets will not tend to conceal fraud or otherwise work injustice;
- The party not wanting to disclose its trade secrets then shows that the information fits the definition of trade secrets; and
- The party requesting the information then establishs that the information is necessary for a fair adjudication of its claim or defense.
In our hypothetical case, this means that FierceCo must meet the burden of establishing that the information is necessary for a fair adjudication of its claim or defense or else the court cannot require it to be disclosed. This does not mean simply that it is relevant to the case. Instead, FierceCo “‘must demonstrate with specificity exactly how the lack of the information will impair the presentation of the case on the merits to the point that an unjust result is a real, rather than a merely possible, threat.'” Id. at 696. “This specificity showing must be made with regard to each category of information that” FierceCo requests and for which you assert the trade secret privilege. Id.
“A trial court abuses its discretion if it orders disclosure of trade secrets when the requesting party has not carried its burden to show the information is necessary for a fair adjudication of its claim.” Goodyear, 392 S.W.3d at 693.
The “new” test under the Texas Uniform Trade Secrets Act — substantively, it really is the same
While the 3 step test of Goodyear was under the common law of trade secrets, before Texas enacted the Texas Uniform Trade Secrets Act (TUTSA) (eff. 9/1/13), the test remains substantially the same under TUTSA. TUTSA specifically instructs the Texas courts to look to the cases from other jurisdictions that have adopted their version of the Uniform Trade Secrets Act, Tex. Civ. Prac. & Rem. Code § 134A.008, and the predominate test in those jurisdictions is substantially the same 3 step test.
In Bridgestone Americas Holding, Inc. v. Mayberry, 878 N.E.2d 189, 193 (Ind. 2007), the Supreme Court of Indiana explained the 3 step balancing test that is to be applied under the Uniform Trade Secrets Act when trade secret information is sought in discovery:
- The party opposing discovery must show that the information sought is a trade secret and that disclosure would be harmful.
- If trade secret status is established, the burden shifts to the party seeking discovery to show that the information is relevant and necessary to bring the matter to trial.
- If both parties satisfy their burden, the court must weigh the potential harm of disclosure against the need for the information in reaching a decision.
The focal point of the test should be on proof of real necessity
This 3 step balancing test has been adopted by other states and is the appropriate test for Texas courts to apply under TUTSA. The “necessity” prong is the one that should really be the focal point of the court’s analysis. To meet the burden of establishing the second step of the test, “the party seeking trade secret information cannot simply claim unfairness but must show ‘with specificity how the lack of the information will impair the presentation of the case on the merits to the point that an unjust result is a real, rather than a merely possible, threat.’”
Meanwhile, it is clear from the case law that establishing necessity is the heart of this three-part analysis. When necessity is established, courts frequently hold that the trade secret must be disclosed, albeit with some protection.
“Necessity” means that without discovery of the particular trade secret, the discovering party would be unable to present its case “to the point that an unjust result is a real, rather than a merely possible, threat.” In re Bridgestone/Firestone, Inc., 106 S.W.3d 730, 733 (Tex.2003). Implicit in this is the notion that suitable substitutes must be completely lacking.
The requesting party must meet a very high burden to establish a true necessity, as required, in order to obtain the trade secret information. This requires their showing of a true necessity with no suitable substitutes available to provide the requested information.
About the author
Shawn Tuma is a lawyer who is experienced in advising clients on complex digital information law and intellectual property issues such as trade secrets litigation and misappropriation of trade secrets (under common law and the Texas Uniform Trade Secrets Act), unfair competition, and cyber crimes such as the Computer Fraud and Abuse Act. He is a partner at BrittonTuma, a boutique business law firm with offices near the border of Frisco and Plano, Texas which is located minutes from the District Courts of Collin County, Texas and the Plano Court of the United States District Court, Eastern District of Texas. He represents clients in lawsuits across the Dallas / Fort Worth Metroplex including state and federal courts in Collin County, Denton County, Dallas County, and Tarrant County, which are all courts in which he regularly handles cases (as well as across the nation pro hac vice ). Tuma regularly serves as a consultant to other lawyers on issues within his area of expertise and also serves as local counsel for attorneys with cases in the District Courts of Collin County, Texas, the United States District Court, Eastern District of Texas, and the United States District Court, Northern District of Texas.