Interesting article over networkworld.com about the dangers of phishing scams. As you’ll read in the article, phishing scams have become very sophisticated and if anyone at your company who has access to confidential information falls prey, you’re trade secrets may be at risk. Phishing scams can surreptitiously install a keystroke logger and other programs that allow remote control of the PC. And they’re no longer limited to lower level employees. In fact, the practice of targeting corporate executives and other important employees even has a name–“Whaling.”
According to Lorrie Faith Cranor, director of the Carnegie Mellon University CyLab Usable Privacy and Security Laboratory, phishing plays on human vulnerabilities and is not strictly a technological problem. “Although we have shown that we can teach people to protect themselves from phishers, even those educated users must remain vigilant and may require periodic retraining to keep up with phishers’ evolving tactics.”
The article has a clever approach to raising awareness within your employees of the sophisticated phishing scams. A web-based program called PhishMe will send fake phishing emails to your employees. For anyone who falls for the fake emails and clicks the link, PhishMe will send instant feedback and training on how to spot genuine phishing emails. Great idea.
File this in the “ounce of prevention is worth a pound of cure” file. In other words, even if you follow the advice of this blog to fully protect yourself against trade secret misappropriation, the cheaper and better approach to any trade secret litigation is to avoid it in the first place. Taking this article to heart and ensuring that your key personnel are aware of the tactics and dangers of phishing scams may ultimately save you lots of headache and money, not to mention your competitive edge.
Biggest news is that Microsoft is getting into the trade secrets fray. Geek.com is reporting that Microsoft has sued its former employee Mike Mullor (no, it’s not what you think–this has nothing to do with an ex-employee taking other employees and trade secrets with him–although I can’t fault you for thinking so) for breach of contract, theft of confidential documents, non-disclosure of intentions, fraud, misappropriation of trade secrets, and unjust enrichment.
It appears that Mr. Mullor, who before beginning work at Microsoft, owned a company called Ancora that was no longer trading, applied for and got a job with Microsoft in 2005 and began compiling information allegedly in fulfillment of a scheme whereby he would take the information and then turnaround and sue Microsoft in a patent infringement case for his startup company.
According to the article: “Mullor thought he was covering his tracks by using software that deleted traces of him downloading files, but Microsoft managed to find the evidence it needed to prove he downloaded files.”
Microsoft “also managed to turn up e-mail evidence [that Mullor] was planning patent lawsuits from 2004, before he joined them.”
Mullor’s response: “These are shameful, dishonest attacks on my character by Microsoft — the company that stole my idea in the first place … Microsoft fired me for trying to protect my own invention — an invention I told them about before they ever hired me.”
Muller also claims that “Microsoft knew about the patent and Ancora and that he discussed it with Microsoft lawyers and their anti-piracy group before taking employment with the company.”
This could get very interesting. Stay tuned . . .
I took some time off for Christmas and the New Year, and then was slammed at work when I got back, but now that things have settled down a little I’ll be updating more frequently.
Thanks to all of you who check this blog frequently and I hope that you continue to do so. There’s a lot to catch up on and I will try and get to it, but time is limited because, you know, I have a day job. If you have anything that you are interested in hearing about that occurred over the last few months, please email me and I will respond. Otherwise, I will probably just move forward from today.
bostonherald.com is reporting that Andre Benjamin aka Andre 3000 of the musical group Outkast has been sued, along with the Cartoon Network and Turner Broadcasting, by Timothy McGee, a Boston postal worker, for $2 million in damages relating to animated series “Class of 3000.” The suit claims copyright infringement, breach of contract and misappropriation of trade secrets and requests damages “including but not limited to” all the profits from the show, legal fees and “whatever this court may deem additionally just and proper.” Unfortunately for McGee, the profits from the show aren’t that extensive as it has already been cancelled.
Timothy McGee, 33, a former art student, claims he developed “characters, artwork, storylines . . . and concepts” for an animated series he called “The Music Factory of the ’90s,” nearly 10 years before the oddly similar “Class” began airing on the Cartoon channel.
In 1997, the Boston guy submitted a proposal for his show to Michael Lazzo, then a vice president of programming for the Cartoon Network, and promptly received a rejection letter.
Nine years later, in November 2006, the Cartoon Network premiered “Class of 3000,” an animated series set in Atlanta.
Only time will tell if McGee has the goods to be able to hang this one on Andre. A good place to start will be any documentation he submitted to Lazzo in 1997, the rejection letter, and (if he’s lucky) a non-disclosure agreement. Oftentimes, when people pitch shows or ideas, the programming executive refuses to sign non-disclosures on the chance that they are pursuing a similar themed show already. These cases are notoriously hard to prove because of the passage of time and the difficulty of getting the right witnesses–is Lazzo still working for Cartoon Network (the article is unclear), and what documents still exist at Cartoon Network that might support McGee’s claim?
Another question, is it going to be worth it for McGee? This is not a question to be taken lightly. Even though you may have been wronged, a good business person will always, always conduct a cost-benefit analysis of pursuing a claim. If the damages aren’t great enough, there is little sense in filing a lawsuit and paying a lawyer lots of money just to achieve the satisfaction of knowing that a court of law agrees that you were wronged. A simple maxim: If the damages aren’t there, it is rarely worth it to litigate.
In this case, I see little reason to pursue this claim. Even if McGee were to win in spectacular fashion, the odds that an animated feature on the Cartoon Network that lasted for only two years will have generated enough profit to justify an award of $2 million is debatable.
We’ll keep you posted on this one.
I’m a little late on this one but, better late than never. According to marketwatch.com, ClearOne Communications was awarded in excess of $10 million by a jury in a federal trade secret case in Utah. ClearOne sued BiAmp Systems, WideBand Systems, Dr. Jun Yang (a former employee of ClearOne), Andrew Chiang, Lonnie Bowers and Versatile DSP, Inc. for misappropriation of trade secrets, breach of contract, breach of the covenant of good faith and fair dealing, and breach of fiduciary duty relating to the theft of algorithms and computer code.
On November 5, 2008, the jury returned a verdict in the Intellectual Property Case in favor of ClearOne and against all of the Defendants. Accordingly, the jury awarded ClearOne approximately $3.5 million in compensatory damages and $7.0 million in punitive damages. Among other things, the jury found that all of the Defendants willfully and maliciously misappropriated ClearOne’s trade secrets. Based on that finding, the court may also award ClearOne exemplary damages and reasonable attorneys’ fees. The court left in place the previously-entered preliminary injunction, pending ClearOne’s application for entry of a permanent injunction against the Defendants.
Big win for ClearOne and congratulations to the Magleby & Greenwood law firm who obviously did an exemplary job of presenting ClearOne’s case to the jury. Big wins like this typically mean that a company has paid attention to its trade secrets protection plan and adhered to its implementation, including, confidentiality agreements, exit interviews, password protections, limited access, etc. Your company should be doing the same thing.
Networkworld.com is reporting that Biswamohan Pani, a design engineer at Intel’s Hudson, Massachusetts offices before going to work for AMD, is accused of stealing $1 billion worth of trade secrets to help his new employer.
Key graph: “Pani is accused of accessing Intel’s network remotely and downloading 13 top-secret documents and other proprietary information related to methods for designing microprocessors, “including a document explaining how the encrypted documents could be reviewed when not connected to Intel’s computer system” the Telegram reports.”
Apparently AMD was unaware of the theft. “Prosecutors say Pani planned to use the secrets to advance his career at AMD. The information Pani allegedly downloaded “was worth more than $1 billion in research and development costs,” the Associated Press reported. Pani told investigators he downloaded the top-secret documents to help his wife, who works for Intel, the Telegram reports.”
The defense that he was just helping his wife is an interesting one. It will be interesting to see how it plays. Would the wife need the information that he accessed to do her job? Was the wife cleared to access the allegedly stolen documents? How did Pani access the documents? Using the wife’s clearance or his own clearance from when he used to work for Intel? There are a lot of unanswered questions and we’ll keep an eye out on this one. My guess is that the “I did it for my wife” defense won’t stand up to scrutiny. As far as trade secrets cases go, this is about as big as it gets and will be very interesting to follow.
One word of advice for Intel: If your ex-employees can access over $1 billion worth of information from a remote location after they have started work for your major competitor, your trade secrets protection plan needs some serious work. While it is all well and good to have confidentiality agreements, and the like in the event of something like this, doesn’t it just make sense to ensure that its secure from this type of misapproriation in the first place? $1 billion worth of information was available remotely? It’s an eye-popping amount of information to have floating in cyberspace, ripe for the plucking by ex-employees.
A very timely article over at Computerworld that identifies a faltering economy as a circumstance that leads to greater theft of trade secrets and destruction of sensitive information. The article states that companies should be even more vigilant at these times to protect their valuable assets from literally walking out the door. Good advice. In fact, companies should always be vigilant about their trade secrets, but especially now there are no excuses not to believe that your own employees (or future layoffs) will one day be competing against you using your own trade secrets, or destroying those very same trade secrets so that they are of no use to anyone.
As it is, one of the biggest threats to corporate data and systems traditionally has come from insiders, who with their privileged access to data and systems, have the potential ability do more accidental or malicious damage than even the outside attacker.
That threat greatly increases at times when companies are laying off staff, cutting back on raises and bonuses, deferring promotions, consolidating operations and outsourcing work to save money.
Remember, as you take steps to keep your company competitive in this very difficult market (layoffs, deferred promotions, no bonuses) you should also keep in mind the emotional state of your employees and how it will affect their actions vis-a-vis your trade secrets.
The article goes on to say: “Tough economic times create uncertainty in the workplace . . . . Employees for instance, can be worried about losing jobs and promotions, concerned about financial liabilities, mortgages and rising energy costs.” Shelley Kirkpatrick, director of assessment services at Management Concepts, a Vienna, Va.-based management consultancy, states: “When there is uncertainty, it creates stress for employees. It makes the company more vulnerable” to threats.
The threats can manifest themselves in a number of ways. Insiders with access to corporate information, such as customer data or corporate secrets, might want to steal or disclose it for financial gain or simply to get back at their companies. Those with technical-savvy might seek to sabotage corporate data and systems by planting malicious code and so-called logic bombs that are designed to delete data at a future date on critical systems.
The danger is not confined to such actions alone. Stressed, unhappy workers make easy targets for opportunistic rivals as well, Kirkpatrick said. “If I am a competitor looking for a good opportunity to get trade secrets out of my competition, I am going to go after the people who may be stressed emotionally,” she said.
It makes sense at this time to re-double efforts to ensure that your trade secrets are adequately protected. Review your trade secrets protection plans and update as necessary as you make the necessary economic decisions that will inevitably affect your employees in a negative way. And if you don’t have a trade secrets protection plan, get one quick and stick to it.
Yahoo.com is reporting that KFC, owner of one of the most famous corporate trade secrets out there–the secret handwritten recipe of 11 herbs and spices which exists on a yellowing sheet of paper signed by Colonel Sanders himself–is moving the recipe in order to revamp security. You can find the article here.
It’s always interesting to note the extremes that famous trade secret owners sometimes need to take to ensure that their trade secret remains secret. Similar to the secret recipe for Coca-Cola, only two company executives at a time know the 11 herbs and spices and their precise measurements.
“So important is the 68-year-old concoction that coats the chain’s Original Recipe chicken that only two company executives at any time have access to it. The company refuses to release their name or title, and it uses multiple suppliers who produce and blend the ingredients but know only a part of the entire contents. . . .”
“For more than 20 years, the recipe has been tucked away in a filing cabinet equipped with two combination locks in company headquarters. To reach the cabinet, the keepers of the recipe would first open up a vault and unlock three locks on a door that stood in front of the cabinet.
Vials of the herbs and spices are also stored in the secret filing cabinet.
“The smell is overwhelming when you open it,” said one of two keepers of the recipe in an interview at company headquarters.
The biggest prize, though, is a single sheet of notebook paper, yellowed by age, that lays out the entire formula — including exact amounts for each ingredient — written in pencil and signed by Sanders.”
While the majority of the readers of this blog do not have to worry about such high security, it is always interesting to note when the protection of these major trade secrets arises in the news.
This news may be a little old but it is worth posting as I am going to be following the progress of this case closely. You can find a link to the information here.
Actress Kate Hudson and ceebrity stylist David Babaii have been sued by 220 Laboratories Inc. in Los Angeles Superior Court over allegations that Hudson and Babaii misappropriated trade secret information relating to the ingredients of hair-care products (specifically Volcano Ash).
“220 Laboratories says it was the only supplier of volcanic ash in the USA and that it entered an “oral contract” with the Tinseltown twosome in August 2006 to develop and manufacture hair products. The company says it revealed their “confidential” ingredient list to Hudson and Babaii in November, and that the duo then took the ash samples and shopped around to find a cheaper deal.”
If the allegations are true and 220’s ingredients list can be categorized as trade secrets (i.e., not generally known to the public, and the subject of efforts to maintain the secrecy of the ingredient list) then 220 may have a pretty good case depending on how it is that Hudson and Babaii came into contact with the ingredient list. In other words, if they signed a confidentiality agreement that specifically stated ingredient lists as the subject of the confidential communication, then 220 stands a very good chance of prevailing. However, the use of the “oral contract” language makes me believe that there is no confidentiality agreement, just an agreement to do business together (which may be a separate claim, but not a trade secret misappropriation claim). If so, it will be interesting to see how 220 will claim that information for which they did not even go to the simple step of having a confidentiality agreement signed before disclosing can be classified as a trade secret.
In any event, if 220 is merely relying on an oral contract to do business together as a basis for their trade secret misappropriation lawsuit, then we can learn a few lessons here: (1) get any contract in writing before you place any reliance on the agreement; (2) before disclosing any sensitive information, get a confidentiality agreement. Had these two steps been followed by 220, their case would, most likely, be much stronger. I cannot stress this enough–use Confidentiality Agreements when disclosing sensitive information.
In a follow-up to a previous post which can be found here, “PETA has filed a request for a rehearing with the Mississippi Supreme Court after the justices ruled that the information PETA was seeking about animal experiments at Mississippi State University (MSU) for cat- and dog-food company Iams is exempt from public disclosure.” You can read about it here.
Key graph: “The Supreme Court ruled that details of the experiments’ protocols–such as the number of animals used, what surgeries were performed, and if any of the animals were killed–would reveal confidential business information and were, therefore, exempt from disclosure under the Mississippi Public Records Act. PETA asserts that the court failed to acknowledge that state law requires government entities to separate exempt material and release non-exempt material. And even though Iams presented no specific evidence that the requested material contained proprietary information, the court has denied PETA all the requested documents.”
This is an interesting case which pits trade secrets against the public’s right to know. Right now, the trade secrets are winning–which I think is a good thing. But who knows, maybe PETA is right and the documents should be made public. I can see arguments on both sides. We’ll continue to follow this intriguing matter.