Posted By: Lauren Proper
Intellectual property protection is becoming increasingly difficult and important as the internet advances. But unlike copyrights, trademarks and patents, trade secrets are a unique form of protected intellectual property in that they are subject to state law regulations and not federal.
Trade secrets are unlike traditional intellectual property in a number of significant ways that make their applicability to cyberspace particularly problematic. The Uniform Law Commission in 1979 issued the first Uniform Trade Secrets Act. To date, 47 states and the District of Columbia have adopted some form of this Act with slight variations. In Arizona, trade secrets are defined as:
information, including a formula, pattern, compilation, program, device, method, technique or process, that both:
(a) Derives independent economic value, actual or potential, from not being generally known to, and not being readily ascertainable by proper means by, other persons who can obtain economic value from its disclosure or use.
(b) Is the subject of efforts that are reasonable under the circumstances to maintain its secrecy. A.R.S. § 44-401.
The type of information subject to trade secret protection is similar in most jurisdictions. One component of trade secrets that is problematic in cyberspace is the requirement that reasonable efforts be made to keep the information secret. Posting this information online can destroy the reasonable efforts to maintain secrecy, though not entirely.
Using encryption or secure servers, FTP sites and other mechanisms to control access may provide the level of effort courts consider reasonable to protect the secrecy of this information. Once these secrets have been made public knowledge or remain readily available to the public, trade secret status is forfeited and cannot later be regained. See Religious Technology Center v. Netcom On-Line Communication Services, Inc., 923 F.Supp. 1231 (1995).
This issue manifests in a number of ways, but one increasingly common problem arises in customer list and database compilations websites keep. These lists generally include at a minimum e-mail addresses and their associated names or aliases and sometimes include far more information, including physical addresses, purchase histories and even credit card information. Clearly, these lists have inherent economic value, evidenced in part by the fact that many companies sell their customer lists to spammers. Not all companies sell these lists to third party companies, but compiling, keeping and protecting these lists are valuable.
Adobe Systems (“Adobe”) provides an excellent example to illustrate these concepts. Adobe maintains extensive and detailed customer lists with a wealth of information and takes steps to protect this information that include encrypting the databases as well as its website. Unlike online banking websites, which use secure servers to protect access to their users information, Adobe merely relies on encryption to protect its data. Issues with keeping this information secret while simultaneously making it available online have been highlighted by the alarming amount of hacking of this data.
Cyber espionage and theft are serious concerns for these companies. It is in Adobe’s best interest to protect the privacy of its customers because people will utilize Adobe services less or offer less information if customers are distrustful of Adobe’s security and safety measures. Security concerns increase exponentially when the information maintained by companies online deals with national security and classified documents or designs. Secrecy as it relates to protecting information on the Internet becomes synonymous with privacy interests.
Halfway through writing this post, ASU sent an e-mail to many (if not all) of its current and a large amount of previous students or employees informing them that the Adobe breach in October compromised users account information. While the e-mail mentioned that passwords and hints along with usernames became available after being posted online, ASU conveniently leaves out more serious security concerns linked to ASURITE accounts. These accounts are linked to social security numbers, home and mailing addresses, telephone numbers, class schedules and a host of other private information with potentially devastating security implications. In an unsurprising delegation of responsibility, the ASU e-mail accuses Adobe of “not protect[ing] user passwords to industry standards, and attackers were able to exploit that.”
Companies that are unable to protect their trade secrets and customer information online create privacy issues that reach beyond the Internet. In the United States, the FBI actively encourages companies to employ security mechanisms to protect their users’ information. This includes training and the InfraGard initiative. The InfraGard program centers on sharing information between public and private entities regarding cyber security breaches.
The government has been a major proponent of promoting cyber security initiatives for various reasons. Some of the major reasons for government involvement in protection of trade secrets and customer information online are: prevention of identity and monetary theft and protection of its own trade secrets.
Although most people do not consider trade secrets as they relate to the government, even a purely superficial inquiry reveals that surely there are technologies the government has developed and maintains an active interest in keeping those technologies secret. Secrecy as it relates to protecting information on the Internet becomes synonymous with privacy interests. Because the government employs many different private sector firms to assist with various aspects of business, a breach of the security networks of these private entities could result in revealing confidential information and governmental trade secrets.
Public-private partnerships like the FBI’s InfraGard initiative combined with a standard set of industry regulations may provide the most effective solutions for protecting trade secrets in cyberspace. When breaches like the latest Adobe hacking occur, the vulnerability of private information available online affects both company or governmental trade secrets and personal security. Although ASU accused Adobe of operating with security standards below average, perhaps the standards should be increased for everyone to provide an even greater level of protection. As the use of online servers and “cloud” storage increase, there may be a need for federal laws requiring a minimum standard for protection because as we have seen repeatedly trade secrets online pose more than just a threat to a business’ competitive advantage.