A few years ago Texas joined most other states and enacted its version of the Uniform Trade Secrets Act (UTSA, or Texas’ TUTSA). Recently, the federal Defend Trade Secrets Act (DTSA) became law. While there are quite a few similarities between these laws, there are also some substantial differences that you need to know to protect your businesses’ trade secrets. Continue reading What You Need to Know About Protecting Trade Secrets Under State and Federal Law
The Texas Supreme Court recently addressed the question of when a competitor’s corporate representative can be excluded from the courtroom in a trade secrets case. Continue reading Can Parties be Excluded from the Courtroom in Trade Secrets Cases?
Shawn Tuma was a guest the Down the Security Rabbithole podcast where he and hosts Rafal Los (@Wh1t3Rabbit) and Michael Santarcangelo (@Catalyst) discussed recent events in the world of cyber law. Continue reading Cyber Law Update on #DtSR Podcast with Los, Santarcangelo and Tuma
Trade secrets are the lifeblood of a company but it can be a difficult issue to understand.
Here is a free guide to help you identify and protect your company’s trade secrets.
Yes, Your Business Has Trade Secrets
Whether they realize it or not, virtually every business has trade secrets which can be as simple as something unique or remarkable about the way it makes a product or provides a service that sets it apart from the competition. This is something that gives the business a competitive advantage and is usually something it has spent significant time and resources to develop.
Unfortunately, in today’s business environment, honor and integrity are not always the rule and many businesses find their trade secrets are being taken and used to compete against them. This can come from as close as disloyal employees or local competitors to around the world from foreign state‐sponsored organizations engaging in industrial espionage.
Preparation is the Key to Successfully Protecting Your Businesses’ Trade Secrets
The first-time many businesses ever gives serious thought to their trade secrets is when they find that they have been taken. It is then that the business begins scrambling to identify its trade secrets and, assuming it can put together a comprehensive list, hopes and prays that it has satisfied the requirements for keeping that information protected under the law of trade secrets so that it can use the legal process to keep it from being used by the businesses’ competitors. To make matters worse, when the disclosure of trade secrets is being threatened and an injunction from a court is all that will stop it, Time is precious and every minutes can make the diﬀerence between winning or losing.
Here Is The Guide
Shawn Tuma has prepared a comprehensive Guide to help you understand how to identify and protect your businesses’ trade secrets. The Guide provides a step-by-step explanation of everything from what trade secrets are in general, to how to identify your own businesses’ trade secrets, to the most common threats against trade secrets, and how to protect against those threats.
You can download a free .pdf copy of the Guide by clicking on this link: Texas Business Guide for Identifying and Protecting Trade Secrets
Once you have downloaded the Guide, you can be proactive in protecting your businesses’ trade secrets by using it to prepare for the problem before it ever arises and, in doing so, help reduce the chances that the problem will ever arise by:
- carefully evaluating what information it has that qualifies as trade secret information;
- implementing security measures, policies, and procedures to prevent the disclosure of that information and protect its trade secret status; and,
- in the event its trade secrets are ever compromised, be much better prepared to quickly and eﬃciently make its case in a court of law and successfully prevent others from using its trade secrets.
About the author
Shawn Tuma is a lawyer who is experienced in advising clients on complex intellectual property issues such as trade secrets litigation and misappropriation of trade secrets (under common law and the Texas Uniform Trade Secrets Act), unfair competition, and cyber crimes such as the Computer Fraud and Abuse Act. He is a partner at Scheef & Stone, L.L.P., a business law firm with offices in Dallas and Frisco, Texas which is located minutes from the District Courts of Collin County, Texas and the Plano Court of the United States District Court, Eastern District of Texas. He represents clients in lawsuits across the Dallas / Fort Worth Metroplex including state and federal courts in Collin County, Denton County, Dallas County, and Tarrant County, which are all courts in which he regularly handles cases (as well as across the nation pro hac vice ). Tuma regularly serves as a consultant to other lawyers on issues within his area of expertise and also serves as local counsel for attorneys with cases in the District Courts of Collin County, Texas, the United States District Court, Eastern District of Texas, and the United States District Court, Northern District of Texas.
An employee, after leaving a company, is no longer authorized to continue accessing its data–regardless of what steps the company took. This is, and always has been, a no-no. But, not everyone seems to realize it.
The United States Court of Appeals for the Fourth Circuit recently affirmed a Computer Fraud and Abuse Act conviction for a man who used a backdoor into his former employer’s computer system to continue accessing data after he went to a competitor. The fact that his former employer had not changed his password did not dissuade the court.
The district court proceeding
The United States Court of Appeals for the Fourth Circuit, on Christmas Eve 2014, handed down the unpublished opinion United States v. Steele, 2014 WL 7331679 (4th Cir. Dec. 24, 2014). In Steele, the Court upheld the jury conviction for two misdemeanor and twelve felony counts for violating the unauthorized access prong of the Computer Fraud and Abuse Act (CFAA), 18 U.S.C. § 1030(a)(2)(C).
Steele, while not establishing new law, does illustrates an important distinction in employee computer and data misuse cases: misuse by current employees versus former employees. The notorious Circuit Split involves misuse by current employees but, when it comes to former employees, the law is clear. When the employment relationship terminates, so too does the now-former employee’s authorization to access the computer system and data.
Robert Steele worked as vice president of business development and also the backup systems administrator for Platinum Solutions, Inc. His role as a systems administrator gave him access to the company’s server, which allowed him to monitor email accounts and employee passwords. Platinum was eventually sold and became SRA and Steele resigned to go work for a competitor who also provided contract IT services to government defense agencies.
For nine months after his resignation from SRA, Steele continued to log in to the company’s computer server using a “backdoor” account he had used during his employment. Using this, he accessed the server almost 80,000 times during which he proceeded to access and download documents and emails related to the company’s contract bids–bids that were competitive to his new employer and, therefore, confidential trade secrets.
A jury convicted Steele for fourteen violations of the CFAA; he received a 48 month prison sentence and was ordered to pay $50,000 in fines, $1,200 in fees, and $335,977.68 in restitution. Steele appealed.
The court of appeals opinion
Of his grounds for appeal, the most relevant is Steele’s argument that his post-termination accesses of the servers were not “without authorization.” Steele argued that because the company did not change the password to this “backdoor” account following his resignation, he continued to have authorization to use the account to access the servers. He based this argument on the Fourth Circuit’s opinion in WEC Carolina Energy Solutions LLC v. Miller, 687 F.3d 199 (4th Cir. 2012).
In WEC Carolina, the Court dealt with the Circuit Split issue of a current employee using his employer’s computer system to obtain information that he then used for improper purposes and whether such use is in “excess of authorization” under § 1030(a)(2). The WEC Carolina Court adopted the narrow view which holds that § 1030(a)(2) prohibits a current employee from unlawfully accessing a protected computer but not from misusing information that he obtained while lawfully accessing the computer.
The Steele Court explained how this distinction applies to this case:
Importantly, this split focuses on employees who are authorized to access their employer’s computers but use the information they retrieve for an improper purpose. Steele’s case is distinguishable for one obvious reason: he was not an employee of SRA at the time the indictment alleges he improperly accessed the company’s server. In WEC Carolina, authorization did not hinge on employment status because that issue was not in dispute. Here, by contrast, the fact that Steele no longer worked for SRA when he accessed its server logically suggests that the authorization he enjoyed during his employment no longer existed.
* * *
Common sense aside, the evidence provides ample support for the jury’s verdict. SRA took steps to revoke Steele’s access to company information, including collecting Steele’s company-issued laptop, denying him physical access to the company’s offices, and generally terminating his main system access. And Steele himself recognized that his resignation effectively terminated any authority he had to access SRA’s server, promising in his resignation letter that he would not attempt to access the system thereafter. Just because SRA neglected to change a password on Steele’s backdoor account does not mean SRA intended for Steele to have continued access to its information.
As the Steele Court hinted, common sense or basic ethics, however one looks at it, should have been enough to tell Steele that after leaving SRA, he was no longer authorized to continue accessing its data. It wasn’t enough. Now he has 48 months to think about where he went wrong as well as how he is going to come up with nearly $400,000.
Shawn Tuma is a cybersecurity lawyer business leaders trust to help solve problems with cutting-edge issues involving computer fraud, cybersecurity, privacy and intellectual property law. He is a partner at Scheef & Stone, LLP, a full service commercial law firm in Texas that represents businesses of all sizes across the United States.