Protecting and Managing Your Most Important Assets
Protecting and Managing Your Most Important Assets
Trade secret expert James Pooley shares his thoughts on the DTSA, how businesses can mitigate IP theft, and asset protection on a global level.
James Pooley is one of the world’s foremost experts in trade secret law and management. His legal treatise, Trade Secrets, updated semiannually, is the leading desk reference on the subject for lawyers. His career as a sought-after advisor, intellectual property (IP) litigator, and information-security expert spans four decades. His many leadership roles include his tenure as president of the American Intellectual Property Law Association, as well as the National Inventors Hall of Fame board’s chairman. On the international stage, Jim served as deputy director general of the World Intellectual Property Organization in Geneva from December 2009 to November 2014. In 2016, he was named to the IP Hall of Fame.
The Journal recently spoke with Jim, who shared his thoughts on the importance of trade secret protection in the global economy and how the Defend Trade Secrets Act (DTSA) has affected this practice area in the two years since it was signed into law. The following is an excerpt from the discussion.
Thank you for joining us, Jim. Can you give us a little background about where you grew up and whether there were any signs in your childhood that indicated an interest in intellectual property law?
I grew up in Wilmington, Delaware, where I think everyone in the community was affected to some degree by DuPont and the chemical industry. But I wasn’t very interested in science myself. I've frequently told people that my high school teachers would be very amused to find out what I've been doing as an adult.
I loved college geology because it got me outdoors, but the chemistry of it was a challenge. So, there wasn't anything about my upbringing that anticipated what I ended up doing. I was just very lucky to have landed in Palo Alto, CA, in the early 1970s after law school.
What would your classmates most remember about you from high school?
Well, they probably would remember me mostly as a Boy Scout. That was my main activity.
They would also remember me because my buddies and I created a feature-length movie our senior year. We went out and rented a camera and bought some 16-millimeter film and did a kind of James Bond spoof built around the school. It was a ton of fun.
Since then, you have developed world-renowned expertise in trade secret law. How did you decide to specialize in this area of law?
I certainly didn't plan that. I arrived in Palo Alto in the summer of 1972, having received a summer-job offer from an 11 lawyer firm, which is now Wilson Sonsini.
As Silicon Valley was developing, people were often leaving one company and moving to another, and very frequently, there were lawsuits against the people who left to do these startups. There weren’t so many lawyers around Palo Alto at that time, so I ended up working on these trade secret lawsuits simply because I was there, and I was a trial lawyer working with companies where these issues came up a lot.
After I had been doing this about seven years, I noticed that there was a common theme to every one of these cases, which was that someone had done something really dumb. And so it occurred to me that if people understood the basic rules of the road in leaving one company to go to another, and respecting the integrity of the trade secrets that they'd left behind, these lawsuits just wouldn't happen anymore.
Working with a publisher that I met on one of my cases, I decided to write a book on trade secrets, which was published in 1982, and six weeks later, a very big trade secret case broke, IBM-Hitachi, a criminal case where Japanese executives were being taken in handcuffs to the federal courthouse in San Jose. When the media needed someone to comment on what was going on, my book happened to be on their desk. So, it was another case of being in the right place at the right time. I started providing a lot of public commentary on trade secrets, and between that and the experience that I had developed, I just fell in love with this practice area. I eventually started teaching it, and then wrote a treatise.
It's now been a little over two years since the federal DTSA was signed into law. You recently testified before the House Judiciary Committee in D.C. as to whether the DTSA was working as intended. In your view, what were the problems that the DTSA was designed to solve?
The main issue was the patchwork nature of the laws and procedures that faced anyone who needed to enforce their trade secret rights. There was an array of state laws which varied to some extent and were administered at state- or county-level courts, making it a real challenge for companies that had actors in multiple states or internationally to address their concerns.
Many years ago, trade secret cases tended to be local, in part because information traveled only on paper, but once we moved into the computer age, and particularly the networked era, that old system of dealing at a state or local level with trade secret disputes wasn't working very well.
And so, the main reason for bringing federal civil law into the picture was to provide trade secret owners an opportunity to use the federal system, with its nationwide service and its common rules.
Now, when the act was first being considered, most of the focus was on a specific provision of the act that addressed ex parte seizures. That was something useful for a narrow set of circumstances, where you had some specific secrets that were about to be taken from the jurisdiction or destroyed unless you got very fast relief.
Do you believe the DTSA has accomplished its goals?
Yes, it has, or I should say it's well on its way to doing that. One of the expected advantages of having this federal system installed as an overlay – not as a substitute – in state-law adjudication of trade secrets was to achieve some level of harmonization. If you get harmonized rules and approaches, then enforcement of rights becomes more predictable and easier. We are starting to see federal courts look to the decisions of state courts that use the Uniform Trade Secrets Act, and state courts are now referring to federal court decisions. And federal judges in different districts throughout the country are referring to each other's decisions.
Plus, I think it's fair to say that those who thought that it might overwhelm the federal system are happy to see that there hasn't been an avalanche of cases. There's been a noticeable, but modest, increase in the workload of the federal courts over trade secret cases.
Do you foresee the need for any further tweaks or changes to make the DTSA even more effective?
There is one unsettled area that I think could benefit from greater attention, either legislatively or perhaps through the courts, and that has to do with the extra-territorial application of the DTSA. It's not entirely clear to what extent the DTSA applies to trade secret misappropriation that happens outside the U.S.
Section 1837 of the Economic Espionage Act, into which the DTSA was inserted, states the intent of Congress to apply the law extra-territorially as long as at least one act in furtherance of the offense happened in the U.S., or the offender is a U.S. citizen or permanent resident. And as you can tell from my emphasis on the words "offender" and "offense," that section is a little bit awkward to apply in a civil cause of action. In Sections 4 and 5 of the DTSA that were not codified, but were part of the bill, Congress found that any misappropriation of U.S.-based trade secrets occurring overseas must necessarily have an impact in this country, on our economy, lost jobs, etc.
If you take that expression by itself, that may be enough under existing Supreme Court jurisprudence to indicate that the law should be applied extra-territorially in a general way, but we don't know yet. We really don't have a definitive ruling from the courts, but we know that from the way trade secrets have to be distributed around the world as part of modern commerce, misappropriations happen overseas. And so, it will be very important over time to get clarity on the extent to which the DTSA can provide a robust tool for owners of secrets that happen to have been misappropriated outside of the U.S.
In your congressional testimony, you cited a National Science Foundation Census Bureau survey in which companies rated the importance of different types of IP laws in protecting their competitive advantages. According to the survey results, trade secrets were rated number one, rated at more than twice the level of patents. Did those results surprise you?
They did not surprise me. The first reason is that they were consistent with a similar survey that had been done in 2000 that indicated secrecy was at the forefront of measures taken by companies to protect competitive advantage. And it also was consistent with my own observations in working with companies regarding their intellectual-property and commercialization strategies. In many industries, like pharma and biotech, patents form an existential part of doing business, but for many other industries, they are simply one of a series of tools that are available.
And even in pharma and biotech, the secrecy of research and development is enormously important. It's important in order to preserve competitive advantage. It's important in order to be able to ever get a patent because you have to treat it as a trade secret to begin with.
As important as patents are, there is only a narrow band of information that qualifies as a patentable invention that's novel and not obvious, whereas trade secret law applies to protect any kind of information that's helpful to a business. And so the coverage is massively greater in terms of applying to information assets of modern business.
Over the past 40 years, we've shifted from a tangible asset-based economy to an intangible asset-based economy. In other words, data have become the primary asset of business these days, and data are protected mainly by secrecy. So no, the results of that survey did not surprise me, and I see it only going in a similar direction in terms of the impact of secrecy as a management tool going forward.
In light of IP-rights challenges, patentability restrictions such as Alice, and stricter damage standards in patent matters, it seems that the value of obtaining patents has taken a hit. Should companies re-evaluate the importance of trade secrets in their IP-protection strategies?
Yes. In industries where patentability issues have been hit pretty hard, looking at secrecy as an alternative way to protect information assets is extremely important.
In speaking to friends who are running intellectual property programs inside major companies, many of them have overseen a shift in the way that the company deals with their patent program. Everyone in the past had a patent committee that looked at disclosures and decided what to patent. Generally speaking, when something was determined not to justify patenting, it more or less fell to the cutting-room floor. These days, the approach is how you're going to protect these innovations if not through the patent system. How are we going to make sure that somebody in the organization is assigned to that task so that these assets get properly managed.
What are some of the decision points for a company to consider in determining whether to protect IP with patents, as opposed to trade secrets, understanding that once a trade secret is disclosed, the trade secret is gone? In addition, for some ideas and technologies, if you are going to sell it in the marketplace, that would be a big concern for using trade secrets if a competitor could take a look at it, reverse-engineer it, then figure it out on their own.
If you are putting out a product or service that reveals to the world the secrets of its composition, then you've lost it. You might have some first-mover advantage, but that's basically it.
And so, in situations where the innovation can be seen immediately or is relatively easy to reverse-engineer, you are much better off trying to find a way to use the patent system because you can get that extra period of protection.
On the other hand, we have the situation where innovations that are commercialized in secret, like process technology, are typically better protected by secrecy than by patenting because if you patent it, then you teach the world what it's all about.
In the 1940s, DuPont developed a revolutionary method for processing titanium dioxide and decided to maintain it as a trade secret rather than seek a patent. And that was, in part, because if someone else was using the process, particularly in a foreign country, there would be no way that they could find out. And so the best way to protect it was to keep it a secret, and they successfully did that for decades and decades, way longer than they would have had any patent protection. And they were able to spin off the business for a couple of billion dollars a few years ago. So, in the cases where you have technology that cannot be easily reverse-engineered, that's a very important reason to use secrecy instead of a patent.
Of course, there are some innovations that have such a short shelf life that patenting would almost be a waste of time. By the time you get the patent, it's no longer an advantage. So, one of the things that companies look at is: How long do we expect to be able to exploit this?
No matter how broadly trade secrets are used and applied, patents offer a unique kind of strength because patents allow you to exclude anyone else in the country from practicing the innovation, whereas with trade secrets, you take the risk that someone else is going to come up with the same thing and may even publish it. And so, you may lose the benefit at any time. So, patents are stronger, and particularly if you're preparing to license some of your technology or want to be able to do that, it's a good thing still to wrap it in a patent because it's generally easier to value.
For companies that decide to pursue trade secret-protection strategies for certain assets, are there any particular trapdoors or cautions that they should avoid to make their trade secret-protection strategies more effective?
The most important idea, and the most significant driver of success, is paying attention to the management of these assets. Many companies tend to think about them as kind of soaked into the woodwork, and they don't pay enough attention to the importance of active engagement.
These assets are volatile; they are vulnerable to loss. Studies have shown that 80 percent to 90 percent of information loss happens through employees or contractors who are trusted with access to these very important assets.
The biggest trapdoor for businesses is failing to focus on information security risk management. So much can be done in this area just by ensuring that you have the right policies and procedures in place, you're doing the right training, you have the right people involved running the program, you’re reviewing it for effectiveness over time, and so on. It doesn't take a whole lot of effort, and in any event the effort aligns with most companies' existing risk management and compliance programs.
At Stout, our team is involved in determining damages in disputes involving many different types of intellectual property. It appears to us that remedies for trade secret damages are still pretty wide open compared with damage remedies for other types of IP. Do you foresee that the DTSA might impose some stricter discipline in the determination of trade secret damages?
That's a very good question, and I think it's quite possible that we will see more frameworks and restrictions on trade secret damages simply because we have federal courts handling these cases under federal law. I would not be surprised if over time, we see some very illuminating commentary in the issued opinions of federal courts on what are the boundaries and touchpoints for calculating damages in trade secret cases.
Having said that, it's really important to remember the basic difference between patent damages and trade secret damages. Patent damages are based on the analysis of rights created under a federal statutory framework, and so, the issue has attracted a great deal of attention and analysis over the years, all grounded in the statute.
Trade secret damages ultimately and historically are grounded in the common law of tort, and tort law is designed mainly to provide full compensation to the victims of a wrong. Remember: Patents are a no-fault system. Trade- secret misappropriation is about fault, and so, that fundamental aspect of the law of secrecy informs how courts generally look at damages. So, you will see judges being very flexible in favor of the plaintiff because that's fundamentally how the law is supposed to work.
The DTSA provisions on damages are a direct reflection of the rules under common law, which provide the greatest recovery possible under several different theories: plaintiff’s loss, defendant’s gain, or a “royalty” measure. The plaintiff has a choice and can use one or two or three of them as long as they aren’t duplicative, and that means that, generally speaking, you can get what looks like very big verdicts that aren't constrained by some finer points of law, as you do with patents.
What should companies understand about the distinctions and differences between internal trade secret theft, such as theft by departing employees, and external trade secret theft, such as competitive espionage or hacking?
In general terms, the external, hacking-related espionage theft is more limited and harder to control than the internal issues. There's only so much you can do about hacking. It's important to address issues around information systems, your network, and to ensure that you've done as much as you can afford to do to install systems that allow rapid detection and response when you have a problem. But as we all know, there's a technological arms race where cyber hackers are concerned, and there's a limit to how much you can assure yourself that you are fully protected.
In contrast, we have frequent losses from internal operations through those whom we trust on a day-to-day basis that have access to our information. The most obvious example is the regular employee who is allowed access to the company's systems through a smartphone or a tablet or personal computer. And they take this everywhere they go, often using it to engage in robust sharing of everything that's happening in their life because they've been trained by social media to understand that sharing is good.
This is the same population that we have to deal with when they come in the next morning with those smartphones that they now use to access the company's networks as well as external ones. So, figuring out how to address the behavior of the workforce that has access to the secrets and training them to understand what the company considers to be confidential and their role in protecting it is, in my experience, far more effective in terms of mitigating the risk of loss than another program directed at cyber security.
Good advice. You are currently participating in a Sedona Conference Working Group on trade secrets, whose mission is to develop a set of guidelines to help federal and state judges do a better job in handling trade secret cases, and help companies do a better job in managing their intellectual assets. Can you give us a progress report on the activities of this working group?
The progress is very good, but we are still in the early stages. We are focusing on two topics to begin with. The first one relates to the issue of trade secret identification. The second one is about the employee life cycle. In other words, addressing the protection of secrets throughout the time that an employee comes, is recruited into the company, is trained, is supervised, and ultimately exits the company, and how companies should be looking at managing those issues.
At the end of a multiyear process, we expect to have a number of consensus-view statements on best practices for litigation and for managing information security within the company.
From 2009 to 2014, you served as deputy director general of the World Intellectual Property Organization. What were your impressions of the relative importance of intellectual property protection in the U.S. compared with other countries?
IP protection has always been very important to us as an economy, playing a critical role as a supporter and an accelerant for innovation in most industries. Over the years, the U.S. has been a leader in the international effort to promote the use of strong intellectual-property laws as a way to achieve economic development.
History teaches that countries that have thoughtful, robust intellectual property systems are much more likely to nurture domestic-innovation economies. And so, if they want to go in that direction, they need to embrace IP. You see it happening right now in China, where 15-20 years ago, there was a lot of concern that the Chinese economy was basically copying and not innovating. Now China has some leading world-class companies in many industries. And they have built a very strong patent system to support its domestic economy. This happened decades ago in Japan. It then happened in Korea.
In your recent congressional testimony, you sounded an alarm regarding 28 U.S.C. Section 1782, in which you suggested there is a danger in allowing foreign litigants to have access to testimony and other evidence from U.S. courts for use in foreign proceedings. You called this practice a one-way street for the acquisition and export of U.S. information. Please explain your concerns and what you think Congress should do to allay those concerns?
At a general level, I called this a one-way street because we offer this opportunity for foreign litigants to come here without insisting that they provide the same kind of access to evidence in their own countries. I think that the original assumption behind the statute was that if other countries saw how transparent and open we were about access to evidence, that they would institute similar procedures in their own countries, and we would achieve some level of reciprocity.
That has not happened, though, and there is no reciprocity built into this statute. The experiment has failed in terms of encouraging other countries to provide similar mechanisms so that U.S.-based organizations can get access to information in those jurisdictions. There is not a level playing field.
My more specific concern had to do with the maintenance of secrecy and confidentiality of information that's being handled in foreign jurisdictions. The assumption in most countries is that information that comes into a court is going to be publicly available.
This is certainly true throughout much of Europe, and it's one reason why the Europeans have drafted and promulgated the EU Trade Secrets Directive, one part of which requires that member states enact laws that will provide protections for confidential information that is produced in litigation.
And so we have this fundamental insecurity that exists in many other countries for information that's being handled by courts and, of course, by government agencies. Because 1782 applies very broadly to any court tribunal, and that includes, we now know, agencies of foreign governments, the information that's being sent over through Section 1782 necessarily is put at some level of risk.
What I suggested to Congress is that it require the federal judges who hear these petitions to engage in some analysis of the risk to the information and to require that protections be instituted in foreign jurisdictions for its use. This would be done as a condition of making the information available – get assurances that it will be protected when it gets to the foreign country. Some judges do that now on an ad hoc basis, but there's nothing in the statute that requires it.
Looking into your crystal ball, which industries or markets do you foresee as being most likely to face future IP challenges, and what do you see those challenges as being?
Any company that has to deal globally with secure information faces very high levels of risk in most other countries in the world. One of the reasons trade secret protection works well in the U.S. is that we have fairly easy access to proof. If you suspect that some secret has been stolen, you can start litigation and then get the information you need to prove what happened. In most of the rest of the world, you can't do that.
And so I hope over time that as a result of various actors, governments, and industry speaking about these issues and engaging in dialogue, we can find a way for companies, when they suspect they have a problem, to find and get access to the information wherever it is. This can happen in different ways.
I'm not suggesting that other countries adopt the U.S. system of litigation discovery, which has, in many ways, overburdened us, but there are ways, even in civil-law systems, to set up frameworks and protocols for the victim of a misappropriation to be able to get access to data, either through some form of seizure process or lowering the standard of proof that is required to initiate an action, and requiring the defendant to come forward and prove that it developed the information independently.
If we want to fully support companies that drive the global economy, we have to find ways to more realistically enforce trade secret rights.
Any last words of caution for our readers?
We just saw the Waymo v. Uber (“Waymo”) case, which is a reminder of the importance of managing risk around these very important assets. When Uber hired this fellow, [Anthony] Levandowski, away from Waymo, it took on a level of risk that it should have appreciated was almost existential for the company.
And yet, what it did about it actually exposed the company to more risk. Now, I'm not trying to make the point that Uber screwed up, but it's a reminder of the things that can go wrong in a rapidly evolving technological landscape, which is something that applies to an awful lot of companies these days.
When you hire away smart, experienced talent from a competitor, you face the risk that your valuable data assets may be tainted in some way, which could be a potentially massive problem. It is imperative to have careful management of these issues because they just don't come up in the same way that patent and copyright and trademark issues do – kind of clean and predictable. They tend to sneak up on you when you're not watching, or perhaps distracted by the excitement of an acquisition. Once you’ve been infected with someone else’s confidential data, extracting it can be complicated and expensive.