August 16, 2017

Is Metadata Protected by the Wiretap Act? Third Circuit: It Depends!

In general, “metadata” is data that describes other data and summarizes basic information about data, which can make finding and working with particular instances of data easier. But does that definition mean that metadata, such as URLs, are categorically non-content? For example, such a bright line distinction would mean that there is no substantive difference, for example, between the URL “www.webmd.com” and “www.webmd.com/alchoholabuse.” The former URL provides very little information about the visitor’s communications with WebMd, while the latter provides specific information other than simply the visitor was communication with WebMd. This is not an unimportant distinction since the federal Wiretap Act, which was enacted in 1968 to regulate telephone wiretapping prohibits the interception of the “contents” of a communication without the consent of a “party to the communication.” In 1986, Congress expanded the scope of the Wiretap Act to include computer networks. In an important privacy decision, on November 10, 2015, although the Third Circuit in In Re: Google Inc. Cookie Placement Privacy Litigation, dismissed the Wiretap Act claim under Rule 12(b)(6), it determined that obtaining URLs by Google did involve the collection of at least some content under the Wiretap Act.

Unbeknownst to many Internet users, a user’s visits to websites are recorded through the use of tracking cookies that have been previously placed on the user’s browser so when the user visits a Web site, the Web site can have a third-party site send to the user’s browser highly targeted advertisements. The litigation involved allegations that Google violated the Wiretap Act, the Stored Communications Act and the Computer Fraud and Abuse Act under federal law, and various California state laws include the right to privacy. With regard to the Wiretap Act, plaintiffs argued that the defendants violated the Wiretap Act on the grounds that the use of tracking cookies created a record of what websites users visited without their knowledge. Users could set their browsers to block these third party cookies, but he browser would not actually block them. In other words, advertising companies were able to gather this valuable information without the users’ knowledge. While the Third Circuit ultimately dismissed the Wiretap Act claims, the Third Circuit did find that Google’s actions amounted to “deceit and disregard” as it “not only contravened the cookie blockers—it held itself out as respecting ….” [Read more…]

“Not all Chinese are economic spies”

Here’s an article that was first published in The Hill on September 28, 2015.

The issue of Chinese economic espionage is likely to be one of the issues addressed when President Obama meets President Xi Jinping of China. This is a real and very serious issue. Economic espionage costs U.S. companies tens of billions of dollars in damages and causes the loss of thousands of U.S. jobs, and the FBI has identified China as the single greatest culprit. However, President Obama should also use this as an opportunity to apologize for the Justice Department’s misconduct in charging two Chinese-American U.S. citizens with economic espionage with the intention of benefitting China, and then abruptly dropping the charges after the evidence showed that there was no basis at all to charge the defendants, and they may have simply been caught up in a much broader dragnet aimed at combatting Chinese industrial espionage.

There is little doubt that Chinese government entities and Chinese companies are actively involved in economic espionage against U.S. companies and businesses. For example, a study I conducted found that, since the enactment of the Economic Espionage Act (“EEA”) in 1996, which the federal statute that criminalizes theft of trade secrets, more than 30% of all prosecutions involved Chinese citizens or naturalized U.S. citizens originally from China. In addition, in approximately 30% of the total EEA prosecutions, the defendant misappropriated the trade secrets to benefit the Chinese government, an existing Chinese company or to start a company there. Since 2008, approximately 50% of the cases have a China connection, and eight of ten prosecutions that the government has brought for state sponsored economic espionage involve an allegation of Chinese government involvement. [Read more…]

Intellectual Property and Computer Crimes Release 24 is Here

Release 24 to my book, Intellectual Property and Computer Crimes, is here. The release features major revisions to the chapters on criminal copyright infringement and the DMCA. It particular, it adds to the chapter on the DMCA a detailed analysis of the elements that the government must establish beyond a reasonable doubt to provide a violation of Sections 1201 and 1202 of the DMCA, including that the defendant must act “willfully.” It also discusses the regulatory exemptions under Section 1201(a)(1), including: (i) nonprofit entities; (ii) law enforcement; (iii) reverse engineering/interoperability of computer programs; (iv) encryption research; (v) preventing minors’ access to the Internet; (vi) protection of personally identifying information; and (vii) security testing.

New Computer Fraud and Abuse Act Appellate Case

The Ninth Circuit has decided an important Computer Fraud and Abuse Act case. In United States v. Christensen, the court overturned CFAA convictions for employee misuse of a sensitive database. The appeal also involved many other issues other than the CFAA. The defendants were connected with a famous investigative agency in Los Angeles, Pellicano Investigative Agency, which was known for high profile investigation of the rich and famous. Pellincano was convicted under the CFAA for bribing a Los Angeles police officer, Arneson, to get Arneson to access police databases to obtain confidential police information to help Pellicano. Pellicano also paid a telephone company technician Turner to pay another telephone company employee Wright to go into the telephone company database and obtain confidential data that Pellicano could use to install illegal wiretaps.

At trial, the defense did not challenge the jury instructions relating to the CFAA. The jury was instructed on the key question of authorization as follows:

[A] defendant exceeds authorized access . . . when the defendant accesses a computer with authorization but uses such access to obtain information in the computer that the defendant is not entitled to obtain.

Exercising plain error review because the issue was not challenged, the Ninth Circuit held that all the CFAA convictions must be overturned because the jury was obviously wrong. Under United States v. Nosal, the en banc Ninth Circuit had held that CFAA violations are “limited to violations of restrictions on access to information, and not restrictions on its use.” The Pellicano court held that the jury instruction violated the requirements of Nosal:

Although it was not obvious to the district court at the time, this definition of exceeding authorized access was flawed in that it allowed the jury to convict for unauthorized use of information rather than only for unauthorized access. Such an instruction is contrary to Nosal, and therefore the instruction constituted plain error.

The court continued:

The error was also prejudicial. Not anticipating Nosal, the government made no attempt to prove that Wright accessed any databases that she was not authorized to access in the course of doing her job. Although the government now contends that Wright’s use of the code “ERR” upon logging out in an attempt to cover her tracks constituted evidence of unauthorized access, we are not persuaded. “ERR” was a code that phone company employees were instructed to use if they accessed an account by accident. The use of that code did not necessarily prove that the employee was not authorized to access the database. Wright might have used the “ERR” code simply to divert suspicion as to what she was doing. That use of the “ERR” code may have violated company policy, but Wright may nonetheless have been authorized to access the database. Under Nosal, unauthorized use was not enough to support the convictions of Turner and Pellicano for aiding and abetting Wright’s CFAA violation.

The Ninth Circuit also reached a a similar conclusion on the convictions associated with Arneson’s misuse of information from the LAPD database. The government had contended that Nosal does not preclude criminal liability under the CFAA for violations of state or federal law that restrict access to certain types of information. See, e.g., 28 C.F.R. § 20.33(d) (restricting the dissemination of certain criminal history information). The court rejected this argument finding that while the state laws laws arguably prohibited Arneson’s conduct based on the way the information was used, as distinguished from the way it was accessed, this does not expand the reach of the CFAA. The Ninth Circuit pointed out that Congress has created other statutes under which a government employee who abuses his database access privileges may be punished, but it did not intend to expand the scope of the federal antihacking statute.

The Ninth Circuit also noted that the definition of unauthorized access under the CFAA is different from “access” under California Penal Code 502(h), which punishes one who “[k]nowingly accesses and without permission takes, copies, or makes use of any data from a computer, computer system, or computer network[.]” In turn, “Access” is defined as “to gain entry to, instruct, . . . or communicate with, the logical, arithmetical, or memory function resources of a computer, computer system, or computer network.” Cal. Penal Code § 502(b)(1).

The court found that defendants’ conduct violated 502(h) even thought it did not violate the CFAA rejecting defendants argument that the state statute should be interpreted consistent with the federal statute as interpreted by Nosal. The court pointed out that in contrast to the CFAA, the California statute does not require unauthorized access. It merely requires knowing access. What makes that access unlawful is that the person “without permission takes, copies, or makes use of” data on the computer. Cal. Penal Code § 502(c)(2). The focus is on unauthorized taking or use of information. In contrast, the CFAA criminalizes unauthorized access, not subsequent unauthorized use.

While the outcome of the case seems to be consistent with the Nosal decision since the evidence only established a use violation it is interesting to note that the Pellicano court found that the jury instruction with regard to exceeding authorized access to have been wrongly given, even though the jury instruction mirrored the definition found in 18 U.S.C. 1030(e)(6): “[T]he term ‘exceeds authorized access’ means to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter.” How can it be possible for a jury instruction to be an obviously mistaken statement of what the statute prohibits where it simply repeats the language of the text of the statute? In other words, is it possible for a jury instruction that mirrors the statute to be obviously wrong on the basis that it is inconsistent with the statute? I don’t know the answers these questions but it does highlight the need for Congress to amend the CFAA to clarify, among other things, what it means to access a computer without authorization or in excess of authorization.

One final point: by finding that the jury instruction was erroneous instead of finding that there was insufficient evidence for the defendants to have been convicted under the requirements of Nosal, the government may retry the defendants for violating the CFAA.

 

 

Congress Again Considers Civil Trade Secrets Legislation

Its that time of the year again when Congress considers legislation that would provide for civil remedies for theft of trade secrets. The Defend Trade Secrets Act of 2015 (S. 1890 and H.R. 3326) introduced on July 29, 2015, is based on the same standards for trade secret protection, and remedies for misappropriation, that are found in the Uniform Trade Secrets Act and the Economic Espionage Act of 1996 (“EEA”).
While similar attempts to pass such legislation have failed almost on a yearly basis, this year may finally prove different since the current legislation is supported by companies and associations in a broad array of industries, including biopharmaceutical, software, semiconductors, consumer goods, medical devices, automobiles, heavy equipment, chemicals, aerospace and agriculture. In addition, there is a new found recognition of the importance to protect trade secrets as a complement to the already existing federal statutes that protect trademarks, copyrights and patents

The Defend Trade Secrets Act would create a uniform, national standard for trade secret misappropriation, harmonizing U.S. law, and provide companies with the ability to protect themselves. In limited circumstances, the law would provide for ex parte seizure relief when time is of the essence and the thief would not obey an injunction.

Last year, Sen. Orrin Hatch, R-Utah, and Sen. Christopher Coons, D-Del., introduced the Defend Trade Secrets Act of 2014 (S. 2267), and similar legislation, the Trade Secrets Protection Act of 2014 (H.R. 5233), was subsequently introduced in the House of Representatives. Both the Senate and House Committees on the Judiciary held hearings on the legislation. The House Judiciary Committee voted without dissent to report the bill favorably just before the elections, and it was never considered by the full House.

The legislation, introduced last week by Sens. Hatch and Coons and four other senators in the Senate, and by Rep. Doug Collins, R-Ga., and Rep. Jerrold Nadler, D-N.Y., with 14 cosponsors in the House. It reflects a consensus that among our most valuable currency in the global marketplace is our knowledge and creativity.

 

Collection Of Information By 5 Largest Tech Companies

The revelations by Edward Snowden about the NSA’s collection of “metadata” on every phone call that is made in the U.S. has led to concerns about whether the government should be collecting this type of information and whether there are adequate safeguards as when and how the government may be permitted to use the information. Putting aside the host of legal and security issues associated with this program, most Americans probably still are not aware that, for example, the five largest tech companies, Google, Facebook, Apple, Amazon, and Yahoo collect information that contains far more personal details, and is available to the government for the asking. While the exact types of data collected differs somewhat amongst these tech giants, nearly all collect “ad clicks,” “browser information,” email addresses” “IP addresses,” “phone numbers,” “search queries,” etc. The companies aren’t stealing this information but are obtaining it without cost from users, who either don’t care or haven’t taken the time to read the privacy policies of the tech companies which give the companies free access to this information.

Perhaps, what is equally disturbing about the companies’ unfettered use of the information is the very limited legal protection given to such information. The primary and most important federal privacy law in the United States, The Stored Communications Act (SCA), which was originally enacted in 1986, to govern the privacy of computer network communications and grants Internet users a set of statutory privacy rights that limit the government’s power to access a person’s communications and records, but does not cover, for example, search queries. In other words, search records, such as whether a person visited a website for alcohol or drug addiction centers can be disclosed to the government without even a subpoena.

Moreover, while standing alone, each of the type of data may only pose a limited threat to an individual’s privacy, by combining the different types of data generates a precise, comprehensive record of a person’s public movements that reflects a wealth of detail about familial, political, professional, religious, and sexual associations that can be stored and mined for information years into the future, not only by the companies but by the government as well. Thus, if the search query for drug addiction or alcohol treatment is combined with ad clicks and phone numbers, a much more complete profile of the user is generated which is freely available to the government. Because the information can be acquired by the government at little or no cost there is no monetary restraint on the information collected by the government which can lead to the government having access a substantial quantum of information about any person whom the government wishes and may “’alter the relationship between citizen and government in a way that is inimical to democratic.”

James Madison, the principal author of the Bill of Rights, is reported to have observed, “Since the general civilization of mankind, I believe there are more instances of the abridgement of freedom by the people by gradual and silent encroachments by those in power than by violent and sudden usurpations.” Indeed, this data that can be freely obtained by the government at virtually no lower cost is just the type of “gradual and silent encroachment” into the very details of our lives that we as a society must be vigilant to prevent. Congress should carefully consider whether there should be limits on whether the government can obtain this information and how the information can be obtained. It is too important an issue for the government to decide without the knowledge and consent of the American public.

The Anti–Innovation Patent Act of 2015

Patent rights in the United States have been steadily eroding for a number of years. Decisions by the Roberts’ Supreme Court and the four-year old America Invents Act have substantially weakened the rights of patent owners. Now, Congress is on the verge of passing major revisions to the Patent Act, which, if enacted, would be a blunder of historical proportions and would pose a threat to American innovation. Large corporations have been able to convince Congress and the public, through a well-funded, organized and misleading PR campaign, that innovation is being threatened by patent troll, entities that abuse the system by extorting settlements and by bringing frivolous lawsuits. Indeed, the opposite is true. Without strong patent protection, venture capitalists and other investors will no longer want to take the risk of investing in companies whose value is based on technology that is difficult to protect under U.S. patent law. Many large universities that depend on revenue from licensing their patents to make up for decreasing federal funding will have significant financial short falls. Technology will suffer and jobs will be lost.

At a basic level it is not clear whether there is even a legitimate issue that needs to be addressed. Ostensibly, the PATENT Act in the Senate and the Innovation Act in the House are aimed to curb the practice of patent trolls, which, among other things, has allegedly caused a large increase in patent litigation and, consequently, imposes an unnecessary cost on legitimate businesses. However, the evidence suggests that patent litigation is actually on the downswing According to a recent Pricewaterhouse Coopers patent litigation survey the number of patent cases filed in 2014 dropped 13% as compared to 2013, after doubling between 2009 and 2013. [Read more…]

The St. Louis ‘Jailbirds’

This article first appeared in Yahoo Finance.

As was first reported by the New York Times, the FBI and Justice Department are investigating whether St. Louis Cardinals employees illegally hacked into networks owned and operated by the Houston Astros. The information allegedly obtained by the Cardinals contained information about potential trades, player evaluations and statistics. At least one commentator on ESPN has suggested that if the information was not the “work of significant efforts by Astros officials . . . not available elsewhere” and “if the Cardinals’ activity was just a dirty trick or an attempt at getting even with a former colleague, the hacking might not qualify as a crime.” This understanding is just plain wrong with regard to computer hacking and, if the information was not publicly available, the government may be able to also charge theft of trade secrets.

The case, believed to be the first corporate espionage case involving two professional sports teams may create a legal nightmare for the Cardinals and those employees who were involved in it, especially if higher level Cardinal employees were involved or had knowledge of the activity. In particular, the Cardinals and their employees may be subject to criminal liability under the Computer Fraud and Abuse Act (CFAA) and the Economic Espionage Act (EEA). This case is different however from cases where a company steals trade secrets from another company and the victim company can also bring a civil suit for damages because Major League Baseball by-laws do not permit one team from suing another team civilly, although under federal criminal laws the Astros as the victim would be entitled to restitution from the Cardinals for the amount of damage caused by the Redbirds.

First, with regard to potential criminal liability under the CFAA, the most relevant section prohibits anyone from “intentionally” accessing “a protected computer without authorization or in excess of authorization” and, thereby “obtained information.” There is no requirement that the information be “proprietary, non-public information” information, or that it is “the work product of significant efforts by Astros officials . . . not available elsewhere.” It simply must be information and there is no requirement that they “knew the were committing a crime,” or that they didn’t just see this as a “dirty trick.” Further, the term “obtained information” includes merely viewing information online. Even if the Cardinals breach was an unsophisticated effort, the circumvention of password requirements likely violates the CFAA.

However, without more, this only establishes that the Cardinals’ employees committed a misdemeanor and it is commonly understood that federal prosecutors are reluctant to charge misdemeanors, although in this case, given the notoriety of the matter, they may make an exception. Further, where the crime is committed for “purposes of commercial advantage or private personal gain,” the offense becomes a felony. Here, it seems likely that the offense was committed in order to provide the Cardinals with a competitive edge on the field, which would certainly qualify as “commercial advantage” and would provide the basis to bring felony charges. [Read more…]

Answers to Questions Regarding Chinese Economic Espionage

Over the past few weeks I have been interviewed by a number of Chinese media sources which are very concerned about the recent indictments in the U.S. of Chinese nationals. The indictments occurred shortly after the U.S. dropped similar charges against Sherry Chen, a Chinese-American, who worked for the National Weather Service before before being accused of espionage. The media in China has been extremely harsh in its coverage of these events and has claimed that the indictments are politically motivated and are also the result of anti-Chinese bias in the U.S. Below are questions I received from a reporter at China Daily and my answers to his questions.

Hello! I am Yilun Cheng from China Daily. I know that you have great expertise in industrial espionage and has been concerned with Chinese American issues, and I hope you can answer me a few questions on the latest case of six Chinese nationals arrested under the charge of economic espionage last Wednesday. 

Firstly, I am aware that you remain skeptical toward the espionage case against Chinese American Sherry Chen, and suspect that the arrest involved discrimination based on national origins. Do you think this case is of the same nature? Does “red scare” play a part?

It is difficult to say at this stage that this case is of the same nature as the Sherry Chen case, but everything that I’ve read about it suggests that it is not. Unlike, the Chen case, the government alleges that there was direct involvement by a Chinese state entity. This is a very serious allegation and will be very difficult for the government to prove. As a former federal prosecutor, who prosecuted one of the first cases in this area, I know how things work and I do not believe that such a charge would be made without high level approval and, more importantly, would not be brought unless the government believed that it had strong evidence to support the allegation. I do not believe that national origin played a role in bringing these charges. Over the past five years the majority of economic espionage cases involve a “China” connection. I do not believe that bringing these cases involved a “red scare,” rather the pattern of cases suggest that Chinese companies and certain Chinese state entities are targeting the trade secrets and intellectual property of U.S. companies. In many areas Chinese technology is simply less sophisticated than U.S. technology and it is far easier and less expensive for Chinese companies to steal technology than to develop it on their own. To explain most of the cases in terms other than this is being intellectually dishonest. Just because the U.S. government may have acted improperly in one case does not mean that the government is acting improperly in any other case. Again, it is wrong to suggest otherwise.

Also, a lot of Chinese citizens think that even if the charge turns out to be true, it is not espionage but only a matter of intellectual property. Do you agree that the prosecutor is overly exaggerating and politicizing the problem?

 No, I do not agree that this is a trivial problem. The U.S. remains the strongest economy in the world and is still the birthplace of the majority of major scientific and medical advancements. Much of this success is due to the high level of protection we accord intellectual property, including trade secrets. Unlike in China, protecting intellectual property is not a new concept in the U.S. but the protection of patents and copyrights is contained in our constitution which was written over 200 years ago. The U.S. has successfully balanced the public’s right to access new technology and inventions with the right of the inventor to financially profit from his work. If intellectual property is stolen, it is depriving inventors of what is rightfully theirs and creates a disincentive to create new and greater inventions. To suggest that it is only intellectual property fails to understand the importance that IP plays and has played in the success of the economy of the US. Intellectual property may be the most important asset of the U.S. and it is vital for us to continue to protect it. Once it has been stolen, especially by a foreign entity, it is very difficult to recover. Perhaps more Chinese will better appreciate the importance of IP when the shoe is on the other foot, meaning, that when non-Chinese companies are targeting Chinese companies for their IP, Chinese citizens will appreciate the importance of IP to the Chinese economy. Given the rapid strides that China is making, that day is not that far off. But until then, Chinese citizens and companies should understand that the U.S. regards the theft of Intellectual Property to be a very serious matter and should respect our laws to the same extent that Chinese citizens expect from the U.S.

Finally, do you think charges like this will antagonize Chinese Americans or Chinese nationals living in the US? Do you have any legal advice for them?

I would hope that these cases do not antagonize Chinese Americans or Chinese nationals living in the U.S. As I said earlier, I do not believe that this cases are racially motivated. They should have nothing to be concerned about so long as they obey the law. If specific questions arise in their work, they should contact a lawyer who is knowledgeable in this area for advice, such as me. Further, it is vitally important for Chinese companies who want to do business in the US or want to hire employees from the U.S. that they consult with U.S. lawyers about how to do it properly so as not be accused of illegal behavior. It is easy for companies to make mistakes if they don’t understand the law in this area and be accused of wrongdoing, however it is also easy to avoid making mistakes if the company understands the law and truly wants to follow it. It is entirely up to a company or an individual whether they wish to follow the law in this area or ignore the law and accept the consequences if they are caught: “Don’t do the crime if you don’t want to do the time.”

Not All Stolen Information Is a Trade Secret

In the past two weeks the United States has brought two cases against Chinese nationals for stealing trade secrets. First on May 21, 2015, the United States Attorney’s Office for the Central District of California unsealed a grand jury indictment against six Chinese citizens, including three who studied together at USC, over ten years ago. The indictment was unsealed when one of the six was arrested at the LA Airport while en route from China to attend a conference in the U.S. The indictment alleges violations of sections 1831 and 1832 under the Economic Espionage Act. The allegations of violations of section 1831 is particularly noteworthy because the government must prove that the theft was intended to benefit a foreign entity. The indictment claims that the men stole technology regarding how to filter unwanted noise from wireless devices such as cellphones, which is similar technology to what they had worked on while in the U.S. The theft was intended to benefit Tianjin University, a state-run educational institution. For a more detailed description of the charges, click here.

In the second case, the Chairman of the Physics department at Temple University was indicted for wire fraud in connection with providing magnesium diboride thin film superconducting technology to an entity in China.

Apart from the obvious fact that both indictments involve thefts that allegedly were intended to benefit a Chinese entity, the cases also highlight the difficulty in trade secret cases with distinguishing an individual’s use of his or her general knowledge or skill, which is permitted under the Economic Espionage Act and theft which is not. Understanding this distinction may be the difference between doing hard time in a federal penitentiary and having a long, successful and lucrative career.

The EEA does not apply to individuals who seek to capitalize on their lawfully developed knowledge, skill, or abilities. The legislative history makes clear that “the government cannot prosecute an individual for taking advantage of the general knowledge and skills or experience that he or she obtains by or during his tenure with a company. Allowing such prosecutions to go forward and allowing the risk of such charges to be brought would unduly endanger legitimate and desirable economic behavior.” The legislative history is clear that it is not enough to simply tie the theft to the defendant’s skill and experience, in order for the government to convict a defendant it must prove that “the particular material was stolen or misappropriated.”

Thus, for example, employees who change jobs cannot be prosecuted under the EEA on the grounds that they were exposed to a trade secret while employed without evidence that they misappropriated an actual trade secret. In many instances, it may be extremely difficult to distinguish between what is a protectable trade secret and what should be classified as general knowledge that an employee can take with him to a new employer and use there. Indeed, there are no standard tests to be applied. To the extent the information is known in the industry or is public then it likely should not be considered a trade secret. Whereas if the information is quite specific to the victim’s business or concerns technology that has not been made public, it is more likely to be regarded as a trade secret. In other words, what is not permitted is for employees to take confidential information about “products or processes” from their former employers to use for their, or a third party’s economic benefit. The EEA was “designed to prevent those employees (and their future employers) from taking advantage of confidential information gained, discovered, copied or taken while employed elsewhere.”

Because of the difficulty in distinguishing between the use of general knowledge and the theft of trade secrets, the government has cautioned prosecutors to be careful with charging individuals with theft of trade secrets where there is no tangible evidence of misappropriation.

A similar situation arises where an employee downloads computer files before departing for a new employer. This rightly should raise red flags with the employer but that fact standing alone does not mean that the employee has committed a crime. Under such a scenario it is a crime only when the downloaded information contained trade secrets and was not simply non-confidential information that was part of the employee’s “tool kit.” Indeed, in one instance, a defendant successfully asserted that the files he took with him to his new employer were part of his “took kit” and were not taken with the intent to economically benefit someone other than the owner of the trade secret as required by the EEA. The defendant copied 4,700 computer files belonging to his employer to an external hard drive shortly before leaving to start a job with a competitor. At trial, the defendant testified that, as was his custom when leaving one job for another, he downloaded all files relating to his work so that the would have a “tool kit,” or a reference library of his work files to draw upon in his future work. The files he downloaded contained both confidential and non-confidential information. The defendant testified that he intended to use only the non-confidential information.

The government presented evidence that the defendant accessed some of the files he downloaded while at his new job, but could not establish whether he accessed confidential information or not. The court found at a bench trial that the government failed to prove that defendant intended to convert the trade secrets to the economic benefit of someone other than his former employer. The court noted that the documents were obtained in the normal course of defendant’s employment and related to his work and then found that was nothing suspicious about the way the defendant initially obtained the documents and rejected the government’s assertion that defendant’s actions in copying files shortly before he left his job indicated that he intended to convert the trade secrets contained in the files to his own use. The court instead concluded that defendant’s actions were consistent with his “tool kit” explanation and that he amassed the information so could use the non-confidential information in the future. The court also focused on the fact that there was no evidence that the defendant attempted to delete any of the files from his former employer’s laptop, and that he accessed thousands of files on a particular day. The court also cited absence of proof that defendant had provided any trade secret information to his new employer.

It is likely that in both of these cases, the government will have to prove that information allegedly stolen by the defendants met the definition of a trade secret and that it was not simply general knowledge or part of the defendants’ tool kits. In most instances this is not an easy task.