XX XXXXXX XXXXX XXXXX XX XX XX XX XX XX XX XX XXXX XX XXX XXXXXXX XX XX XX XX X XX XX XX XXXXXX XXXXXX XXXXX XX XX XXXXXX XXXXX XX XX XXXXXX XXXXXX XXXXXX XX XX XX XX XX XX XX XXXXX XXXX XX XXXX XXX XX XX XX XX XX XX XXXXX XX XX XXXXXX XXXXXX __________________________________ Spring 1993, Volume 1, Number 2 __________________________________ By George, Donaldson & Ford Attorneys at Law A Registered Limited Liability Partnership 1000 Norwood Tower 114 West Seventh Street Austin, Texas 78701 (512) 495-1400 (512) 499-0094 (FAX) gdf@well.sf.ca.us ___________________________________ Copyright (c) 1993 George, Donaldson & Ford, L.L.P. (Permission is granted freely to redistribute this newsletter in its entirety electronically.) ___________________________________ David H. Donaldson, Jr., Editor Peter D. Kennedy, Associate Editor ___________________________________ IN THIS ISSUE: 1. PLAINTIFFS WIN STEVE JACKSON GAMES CASE 2. DROP THAT FLOPPY! THEFT OF TRADE SECRETS 3. TRADE SECRETS: ANOTHER WEAPON AGAINST UNFAIR EX-EMPLOYEE COMPETITION 4. WHAT IS A TRADE SECRET? 5. CONTRACTING FOR CONFIDENTIALITY 6. THE ROLE OF EXPERTS IN COMPUTER COPYRIGHT INFRINGEMENT ACTIONS ====================================================================== 1. PLAINTIFFS WIN STEVE JACKSON GAMES CASE Last issue, we noted that an important and unusual case was pending in federal court in Austin, Texas -- the civil suit of a role- playing games publisher against the United States Secret Service. The Steve Jackson Games case has been avidly watched by computer enthusiasts all over. On March 12, 1993, Judge Sam Sparks decided that the US Secret Service broke the law when it searched Steve Jackson Games, seized its bulletin board system, and read and erased all the electronic mail contained on the board. Most observers have hailed it as a significant victory for computer user's freedom and privacy. On March 1, 1990, the Secret Service, in an early-morning raid, searched Steve Jackson Games. The agents took the company's bulletin board system (BBS) -- named "Illuminati" -- along with an employee's work computer, other computer equipment, and hundreds and hundreds of floppy disks. They took all recent versions of a soon-to-be-published game book, "GURPS Cyberpunk," including big parts of the draft which were publicly available on Illuminati. The next day, Steve Jackson tried to get copies of the seized files back from the Secret Service. He was given only a handful of files from one office computer. He was not allowed to touch the Illuminati computer or copy any of its files. After months of asking, the Secret Service returned most of the equipment taken, some of it worse for wear. By then, Steve Jackson had restarted Illuminati on a different computer. When the old Illuminati computer was finally given back, it turned out that all the electronic mail that had been on the board on March 1 had been read and deleted. Steve Jackson, his company, and three of the users of Illuminati whose mail had been erased sued the Secret Service for violating two laws -- the Privacy Protection Act of 1980 and provisions of the Electronic Communications Privacy Act of 1986. THE PRIVACY PROTECTION ACT OF 1980. In the late 1970's the Stanford Daily had been subjected to a disruptive search conducted by police officers in the paper's newsroom. The police were looking for notes and photos of a demonstration the newspaper had covered for a story, hoping the paper's files would identify suspects. The Supreme Court held in 1979 that the Stanford Daily had no First Amendment rights protecting it from such searches and seizures, so long as the officers were seeking evidence of a crime the paper had covered -- even though the newspaper was under no suspicion itself. Congress responded by passing the Privacy Protection Act of 1980, which, until Steve Jackson came along, was distinguished mostly by its lack of interpretation by courts. The Act basically creates a "subpoena only" rule for publishers. Law enforcement officials are not allowed to search for evidence of crimes in publishers' offices, or more accurately, the Act says they may not "search for or seize" publishers' "work product" or "documentary materials", essentially drafts of publications, writers' notes, and such. To get such material, the police must subpoena them, giving the publisher an opportunity to challenge the request, and avoiding the disruption of a search. The Act is located at 42 U.S.C.  2000aa, and every publisher and systems operator should be aware of it. The Act is quite broad, protecting from searches and seizures the work product and documentary materials of anyone who has "a purpose to disseminate to the public a newspaper, book, broadcast, or other similar form of public communication ..." It also has a big exception -- if the publisher is the person suspected in the criminal investigation, *unless* the crime suspected is the illegal receipt of information, such as knowingly receiving purloined secret government documents. THE ELECTRONIC COMMUNICATIONS PRIVACY ACT. Two provisions of the Electronic Communications Privacy Act (or ECPA) were paramount in the suit. The plaintiffs claimed the Secret Service violated two provisions -- one prohibiting unjustified "disclosure and use" of electronic communications (18 U.S.C.  2703); the other prohibiting "interception" of electronic communications (18 U.S.C.  2511(1)). The parties' positions were fairly simple and laid out well before trial. As for the Privacy Protection Act, Steve Jackson claimed that his company's publications, both in book form and on Illuminati, were obviously "work product" protected by the Act, and the government had no right to seize them, and therefore owed him money for the damage the raid caused his business. The government replied by claiming that (1) Steve Jackson Games' products are not the type of publications protected by the PPA; and anyway, (2) the Secret Service didn't *know* that Steve Jackson Games was a publisher when it raided its offices; and even then, (3) the Secret Service didn't *mean* to take the books, the books just came along when the computers and disks were taken. As for the e-mail, Steve Jackson and the other BBS users claimed that the seizure, disclosure, and deletion of the e-mail was both an unlawful "disclosure and use," and an "interception" of electronic communications in violation of the ECPA. The Secret Service replied that (1) there was no "interception" because the e-mail was just sitting there on the hard drive, not moving; and (2) the Secret Service didn't read the mail, but if it did, it was acting in good faith, because it had a search warrant authorizing it to seize Steve Jackson Games' "computers" and to read their contents. THE TRIAL. The plaintiffs (represented at trial by George, Donaldson & Ford) opened their case on January 29, 1993. The trial took the better part of four days. At trial, the Court was introduced to the labyrinthine E911 investigation of which the Steve Jackson Games raid was a minor part. Illuminati BBS was run in court, as it looked on March 1, 1990, and Steve Jackson walked Judge Sparks through his BBS, lingering on discussion areas such as "GURPS Old West" to give the Judge a taste of the scope and breadth of BBS publication and communication that the Secret Service had shut down. THE DECISION. Judge Sparks decided the case in February, 1993, in a long written opinion. The full text of the opinion is available on the Internet at ftp.eff.org, and on Illuminati itself (512-447-7866), and will be published in several specialized law reporters. Judge Sparks accepted the government's argument that the seizure of the BBS was not an "interception" of the e-mail, even mail that had not yet been read. Essentially, he decided that the definition of "interception" implicitly means "contemporaneous with the transmission"; that is, for there to be an interception, the government must position itself in the data stream, like a conventional wiretap. Since the e-mail was temporarily stored on the BBS hard drive, he held there was no contemporaneous interception. Ruling that there was no interception means two things. First, the plaintiffs did not receive the $10,000 minimum damages a violation of the "interception" law provides, even though the judge found the Secret Service had not acted in good faith. More importantly, it lowers the standard for seizing BBS e-mail -- and threatens to lower the standard for the seizure of all electronic communications that reside long enough in computer memory to be seized (which is most all computer communications, as far as I understand it). To "intercept" wire communications you need a court order, not just a routine search warrant. This ruling (which technically only applies in the Western District of Texas) means law enforcement is not limited in its seizure of BBSs by the higher standards required of wiretapping. The plaintiffs won the "disclosure and use" argument under the ECPA, getting back most of what was lost in the "interception" decision. First, Judge Sparks decided that the Secret Service or its agents had, in fact, read and deleted the electronic mail on Illuminati -- including mail of persons the Secret Service admittedly had no reason at all to suspect of any illegal activity. Next, he rejected the Secret Service's argument that its agents were acting in "good faith." While he didn't list all the reasons, quite a few are supported by the evidence: the Secret Service's investigation was "sloppy", he said, and there was no attempt to find out what Steve Jackson Games did as a business; the Secret Service was told the day of the raid that the company was a "publisher," and refused to make copies or return the files for months after they were done reviewing them; and the Secret Service apparently allowed the private mail of dozens of entirely innocent and unsuspecting people to be read and erased. The judge ruled that Steve Jackson, his company, and the three Illuminati users who joined Jackson in the suit were each entitled to a $1,000 award from the government, as provided by the ECPA. As for the Privacy Protection Act, the judge and Steve Jackson will probably always differ over how much money the raid cost the company, but on the law, the court's ruling was squarely in Jackson's favor. Although unconventional, the court found that Steve Jackson Games' publications were clearly covered by the Act, should not have been seized, and should have been promptly returned. At trial, the Secret Service agents had freely admitted they knew nothing about the Act. Former U.S. Attorney William Cook claimed he knew about it before the raid, but decided that Steve Jackson Games wasn't covered. The Privacy Protection Act (unlike the ECPA) allows no "good faith" excuses, however. Because the Secret Service was told on March 1 and afterwards that the company was a publishing business, there was little defense under the Act for the seizure of "GURPS Cyberpunk" or the other book drafts. Most of the over $50,000 damages awarded was due to this violation of the Privacy Protection Act. Steve Jackson Games publishes traditional books and magazines, with printed paper pages. Is the BBS operator who publishes only on- line articles protected, too? It's a question Judge Sparks did not need to address directly, but his opinion can and should be read to include the on-line publisher. The court's opinion includes the BBS files as material improperly seized, and the Act specifically includes work product in electronic form. Publishing via BBSs has become just like publishing a "newspaper, book, or broadcast or other similar form of publication..." -- the type of communications the Act protects. If the Privacy Protection Act is broadly understood to encompass electronic publishing (as it should) it should provide meaningful protection to innocent sysops whose boards may be used by some for illegal purposes. It should prevent the "preventative detention" of BBSs -- where boards are seized in investigations and held indefinitely -- which seems to be one crude means used to attack suspected criminal activity without bothering to actually prosecute a case. It should also force law enforcement to consider who the actual suspect is -- for instance, in the recent spate of seizures of BBSs for suspected copyright violations. The Privacy Protection Act should prevent law enforcement from seizing a sysop's board who is not suspected in engaging or condoning illegal activity. Those who have followed this case will note how little significance I've given the "Phrack" investigation and the overvaluation of the E911 document. The real significance of the Steve Jackson Games case was not knocking holes in any one investigation. It takes a first solid step in setting firm, discernable limits for criminal investigations involving computer communication. To focus on specific foibles of any one investigation misses the importance of what the court ruled the Secret Service did wrong. Out of ignorance or callousness, the Secret Service ignored legal rights of people not even suspected of crimes; people who simply shared common electronic space. The Steve Jackson Games case is of course not the definitive ruling on computer communications privacy, but it does establish that important principles apply equally to computer users: -- computer communications have protections similar to telephone and traditional mail protection, and that before the government reads a person's electronic mail, it should provide at least as much justification as it would to read a person's US mail. (As of this writing, there is still no decision whether the Secret Service (or Steve Jackson, for that matter) will appeal Judge Spark's rulings.) ______________________________________________________________________ 2. DROP THAT FLOPPY! THEFT OF TRADE SECRETS Some software firms have raised the stakes in the battle over trade secrets by making criminal complaints against former employees who take trade secrets. In September of 1992 the Wall Street Journal reported on Borland International's complaint to the Scotts Valley, California police that its Rival Symantec had hired away a product manager with expertise in programming applications in areas where the two firms were competing. (See "Borland International Accuses an Ex- Manager, Symantec of Theft of its Information," The Wall Street Journal, September 4, 1992.) Borland charged that the employee had disclosed proprietary marketing and strategic data to his new employer. This led to a grand jury inquiry into Symantec's role that, in turn, led to an indictment against two officers of Symantec (the president and the former Borland employee), alleging that they stole trade secrets from Borland. While trade secret theft is a hot topic in California now, Texas is much farther along the learning curve in dealing with the issue. In 1991, the Texas Court of Criminal Appeals affirmed the conviction of two former employees of Texas Instruments for theft of trade secrets. They copied some of TI's voice recognition programs when they left to set up their company Voice Control Systems. SCHALK v. STATE, 823 S.W.2d 633 (Tex. Crim. App. 1991). The conviction was under Texas Penal Code  31.05, which prohibits, without the owner's effective consent, knowingly taking a trade secret or communicating or transmitting a trade secret. Section 31.05 became effective in 1974. In 1989, the Texas Legislature made Section 31.05 relevant in civil litigation by passing the Texas Theft Liability Act. Texas Civ. Prac. & Rem. Code  134.001-005. The Theft Liability Act provides a statutory remedy against anyone who commits "theft," including theft under Texas Penal Code  31.05. The Act provides for recovery of actual damages, additional damages up to $1000, and recovery of attorneys' fees. Using  134.001, an employer can have the pleasure of calling his employee a thief and recover more than just the satisfaction of obtaining a criminal conviction. ______________________________________________________________________ 3. TRADE SECRETS: ANOTHER WEAPON AGAINST UNFAIR EX-EMPLOYEE COMPETITION Many intellectual property lawyers have concluded that copyright law no longer protects computer programs as well as it once did. At least where the alleged infringer has not literally copied the program or large segments of it, the courts are now stringent in their review of copyright infringement claims against such non-literal infringement. (See "When is a Computer Program a Copy?" Legal Bytes, Vol. 1, No. 1). Yet the same courts who place huge hurdles in the way of copyright infringement claims recognize the value and availability of trade secret claims. COMPUTER ASSOCIATES v. ALTAI, 982 F.2d 693 (2d Cir. 1992). Nothing is more frustrating for an employer than to spend time and money training an employee, exposing them to the company's research and development and market research, paying them to develop new products, and then have the employee leave and go to work for a competitor or open up their own company to produce a competing product. In many instances the employer faced with this problem sues to prevent the employee from competing with the former employer. Lacking an enforceable agreement with the employee that they will not compete (either because none was ever signed or because of technical problems with the agreement), many employers have tried claims of copyright infringement to sue both the former employee and the new employer. While exact and literal copying could support such claims, usually former employees and their new employers are not likely to commit exact and literal copying. More commonly they will use a new programming language and new coding to provide the same utility and functionality as the old program. Copyright infringement claims against non-literal copying have slammed into serious judicial barriers. Many employers are turning to the law of trade secrets to protect valuable know-how against misuse by former employees. Texas law of trade secrets, for example, provides some substantial protections for employers. Under Texas law one who discloses or uses another's trade secrets in breach of a confidential relationship or as a result of discovery of the trade secrets by improper means is liable for damages to the owner of the trade secret. HYDE CORP. v. HUFFINESS, 314 S.W.2d 763 (Tex. 1958), cert. denied, 358 U.S. 898 (1958). Computer programs can be protected as trade secrets. UNIVERSITY COMPUTING CO. v. LYKES- YOUNGSTOWN CORP., 504 F.2d 518 (5th Cir. 1974). When an employee acquires an intimate knowledge of an employer's business and recognizes that the employer desire secrecy, a confidential relationship arises. ZOECON INDUS. v. AMERICAN STOCKMAN, 713 F.2d 1174 (5th Cir. 1983). Putting this together, when employees are responsible for developing software whose source code and techniques are intended to be treated as a trade secret learn valuable, specific techniques developed to give that employer a competitive advantage that may not be used in the service of a later employer or in an independent business. This obligation arises as a matter of law, is perpetual, and can serve as a basis of legal action even without a formal, written agreement. This area is still fraught with uncertainty because the extent to which a computer program, techniques used within software or a combination of programs will be considered trade secrets will depend on the facts in each case. (See "What is a Trade Secret", below). Nevertheless, trade secret claims may still prove superior to complex and expensive comparison efforts in copyright cases. _____________________________________________________________________ 4. WHAT IS A TRADE SECRET? Texas law relies on the Restatement of Torts  757, Comment b, for its definition of trade secret: A trade secret may consist of any formula, pattern, device or compilation of information which is used in one's business, and which gives one an opportunity to obtain an advantage over competitors who do not know it or use it. The subject matter of a trade secret must be secret. . . so that, except by the use of improper methods there would be difficulty in acquiring the information. AN EXACT DEFINITION OF A TRADE SECRET IS NOT POSSIBLE. Some factors to be considered in determining whether given information constitutes a trade secret are: (1) the extent to which the information is known outside of his business; (2) the extent to which it is known by employees and others involved in his business; (3) the extent of measures taken by him to guard the secrecy of the information; (4) the value of the information to him and his competitors; (5) the amount of effort or money expended by him in developing the information; and (6) the ease or difficulty with which the information could be properly acquired or duplicated by others. (emphasis in original). HYDE CORP. v. HUFFINESS, 314 S.W.2d 763 (Tex. 1958), cert. denied, 358 U.S. 898 (1958). Many states (but not Texas) have adopted the Uniform Trade Secrets Act definition of trade secret: "information, including a formula, pattern, compilation, program, device, method, technique or process that (i) derives independent economic value, actual or potential, from not being generally known to, and not being readily ascertainable by proper means by, other persons who can obtain economic value from its disclosure or use, and (ii) is the subject of efforts that are reasonable under the circumstances to maintain its secrecy." So what does this mean for someone who develops computer products? The answers are forming slowly. Both definitions rely on common sense and specific fact patterns, but some general benchmarks are available. Assuming secrecy requirements are met, computer programs and hardware configurations, even those involving a combination of commonly available programs or equipment, can enjoy trade secret protection. See INTEGRATED CASH MANAGEMENT SERVICES v. DIGITAL TRANSACTIONS, 920 F.2d 171 (2d Cir. 1990) (interaction of generic utility programs that gave value to program was a protected trade secret). Use and manipulation of popular programs like d-base or Paradox to create specialized interactions or entries can qualify for trade secret protection even though the programs used are off the shelf. Conversely, employees who leave are entitled to earn a livelihood, so they are allowed to use the general knowledge, skill and expertise they may have developed during their employment in their new job. Such information is not considered trade secret. Continuing the example: an employee who learned to manipulate d-base or Paradox at her old employer could use those skills at her new job even if she could not duplicate the specialized interactions that were her previous employer's trade secrets. "The facts" will play an important role in any determination of what constitutes a trade secret. The only prediction that lawyers can safely make about whether a trade secret exists is that "it depends on the facts." ______________________________________________________________________ 5. CONTRACTING FOR CONFIDENTIALITY To reduce the uncertainty and define the terms and boundaries of an employee's obligation, many employers ask that employees sign written confidentiality agreements that define an employee's duties. The basic confidentiality agreement contains three elements: (1) a definition of the type of information, technology and techniques the employer considers to be of value and secret; (2) the employee's recognition that the employer considers these matters to be secret; and (3) the employee's agreement that he or she will keep such matters confidential even after leaving work with the employer. There are a number of advantages to such agreements. First, confidentiality agreements bring home to employees that the employer believes it has trade secrets and intends to protect them. An employee can't feign ignorance after signing such an agreement. Second, confidentiality agreements can narrow and articulate, for both parties, the matters that are considered trade secrets that the employee must keep confidential. This can provide the employee some comfort in knowing what can and what can't be talked about outside the office. Finally, a written confidentiality agreement, even if it does little more than put in writing the obligations an employee has under the common law, is a strong piece of evidence in any dispute. There it is, in writing, the employee's promise not to abscond with the inner knowledge. That promise, especially when in writing, can offer a favorable alternate route to preventing unfair competition from former employees. _____________________________________________________________________ 6. THE ROLE OF EXPERTS IN COMPUTER COPYRIGHT INFRINGEMENT ACTIONS Anyone contemplating a copyright lawsuit over computer software that is not a literal copy of the copyrighted software must deal with a necessary evil: expert witnesses. Back when the works protected by copyright were capable of understanding by a reasonably intelligent judge or layperson, courts had decided that they didn't need expert testimony to tell them what they could tell from their own senses. ARNSTEIN v. PORTER, 154 F.2d 464 (2d Cir. 1946). A judge or jury could look at artwork, hear a song, or watch a movie, compare it to the alleged infringing work, and decide whether they were "substantially similar." Incidentally, this also helped clients and lawyers make reasonable judgements about whether they could prove infringement and advise clients accordingly. As a result, most courts had ruled that expert testimony on substantial similarity was unnecessary and inadmissible in copyright cases. Computer programs have made decisions about copyright claims much more complicated. Now copyright claims involving computer programs, like patent claims, are nearly impossible to maintain or to defend without experts to provide advice and testimony. As courts have adopted complex tests about copyright infringement in computer programs, the relevant facts and law have moved beyond the comprehension of reasonably intelligent laypeople or judges without the help of experts. In a remarkable display of common sense, some courts have decided that these issues are much too complicated to tackle without expert testimony. For example, in COMPUTER ASSOCIATES v. ALTAI, 982 F.2d 693 (2d Cir. 1992), when the Second Circuit set out the latest and hottest definition of how computer programs must be compared for non-literal infringement claims, the appeals court also endorsed the trial court's decision to use expert testimony. The court explained that the familiar tests for substantial similarity developed in judging artistic or literary works didn't require expertise. But computer program copyright infringement cases involve highly complicated and technical subject matter and "are likely to be somewhat impenetrable by lay observers." Accordingly, the court allowed the trial court greater discretion in deciding whether to allow expert testimony. When are experts needed? Two areas have been the subject of expert testimony: determining copyrightable elements in the plaintiff's program and comparing programs. An expert is useful in determining the copyrightable elements in a computer program. Part of the most popular and current test for copyright infringement requires identifying and filtering out the unprotectable: (1) ideas; (2) expression necessarily incident to those ideas; (3) expression already in the public domain; (4) expression not original with the programmer; and (5) expression dictated by external factors such as compatibility with other programs, hardware requirements, and industry demands. Most (if not all) judges and juries will not know the industry, hardware requirements, and the history of expression in this area, which means they must rely on someone who does know such matters to inform them. Perhaps closer to the core issue, an expert will usually be needed to tell the court, after the filtering, whether the accused program is or is not substantially similar to the protectable aspects of the copyrighted program. Experts don't *decide* this issue, they merely give their opinions. The judge or a jury still remain as the ultimate trier of fact, but as a practical matter their judgement will depend not on their own evaluation of substantial similarity but on their judgement on the credibility of the experts. Recognizing that you need experts doesn't necessarily mean you have to pay big bucks: your own staff, including your programmer, may qualify as an expert in this area and provide inexpensive expertise to the court. But experience in this area matters: the same expert testified in two separate lawsuits - first as a court expert who convinced the court that a program did not infringe another company's program and then as a party's expert in another case where he convinced the court that a program was infringing. Obviously, selection and use of experts in this area is very important. ===================================================================== ABOUT THIS NEWSLETTER LEGAL BYTES is a service to our clients and friends. These articles are intended to be summaries and brief discussions of emerging legal issues in the field of computer law. They are not intended to be exhaustive discussions of the topics. Because of their nature, they should not be relied upon as legal advice or used as a basis for reaching a conclusion. If you have ideas or topics you would like to see discussed in LEGAL BYTES, drop us a line. ABOUT GEORGE, DONALDSON & FORD George, Donaldson & Ford is a registered limited liability partnership specializing in litigation and in counseling clients in a broad range of practice areas, including computer law, copyright, trademark, trade secrets, business, libel, invasion of privacy, and constitutional law. Attorneys at George, Donaldson & Ford are not board certified in any specialty. No designation has been made by the Texas Board of Legal Specialization for a Certificate of Special Competence in the area of computer law. ===================================================================== [end Legal Bytes 1-2.]