Trade Secrets in Outsourcing

October 9, 2009 by

Summary.

The ability to develop and protect trade secrets is an essential requirement for the development and maintenance of an enterprise’s competitive advantage.  This commentary discusses some of the business, contractual and criminal issues involved in trade secrets in outsourcing.  At a minimum, both users and providers of outsourced services should understand the nature and scope of trade secrets being used in the delivery of the services.

Business Issues.

Benefits to Service Provider.

Trade secrets give economic benefits to businesses by creating barriers to entry by competitors, facilitating and accelerating business processes that can be delivered to customers, and allowing the business’ employees, contractors and customers to collaborate efficiently.  However, a trade secret loses its power if it becomes public.  As a result, any business that has or uses trade secrets should take steps to protect and preserve them.  Outsourcing service providers normally are keen to adopt and maintain appropriate measures to protect their trade secrets.

Risks to the Service Customer.

Trade secrets create risks for the customer.  The service provider might not be willing to allow the customer to use the provider’s trade secrets after the service agreement expires.  Well-advised customers adopt appropriate protections to ensure their ability to continue operations whether or not the same service provider continues to render the required services.

Contractual Issues.

Protection of trade secrets can be achieved by several methods:

  • non-disclosure agreements;
  • restrictions on access to persons within the business itself, such as preventing persons in one group from accessing confidential business processes in another group;
  • retention of the key information in a small group of senior managers.

Intellectual Property.

Most laymen believe that trade secrets are a form of intellectual property.    Actually, they are not owned, but only kept confidential.  Indeed, many businesses in the same industry might know and use the same trade secrets in delivering goods or services to customers.  However, none of them owns the trade secret, since the others that know it have the lawful right to use it.  This assumes each acquired the knowledge without wrongful access to another’s secrets.

Trade Secret is Not a Patent.
Parties to an outsourcing contract should understand the differences between patents and trademarks.  In general, a patent is a governmentally-granted monopoly, for a statutorily defined limited period,  to make, use or sell products or services using an idea or process.  In general, a trade secret is not exclusive, is not made public and may be continued in use for an indefinite period.  An example of a trade secret is the secret formula for making Coca-Cola®, but not the formula for making soap.

Misappropriation of Trade Secret under Common Law.
Misappropriation of a trade secret is a well-recognized tort under common law in England and other countries that adopt the common law system.  Anyone who acquires knowledge of the trade secret by a disclosure that is not authorized can be held liable for “misappropriation” of the trade secret.  Such misappropriation is a tort, or violation of a common law duty that causes damage that can be foreseen when the misappropriation occurs.

Statutory Protection of Trade Secrets.
Trade secrecy rights arise out of both common law and state and federal statutes, as well as foreign laws.   In the United States, trade secrets are also protected by laws adopted by states.

WTO.
Article 39 of the Agreement on Trade-Related Intellectual Property under the GATT Uruguay Round likewise protects trade secrets in member countries of the World Trade Organization.

Trade Secret.
Fundamentally, a trade secret has three components.

  • The secret is some form of knowledge that is used in a business.
  • The owner derives economic or business benefit from the fact that such information is secret.
  • The owner has taken reasonable measures to keep such information secret.

Criminal Issues.

Criminal Abuse of Trade Secrets under the U.S. Economic Espionage Act of 1996.

The U.S. Economic Espionage Act of 1996 amended the federal criminal statutes to impose criminal penalties on persons who engage in misappropriation of trade secrets, whether for private gain or for a foreign government.  Protection of private trade secrets is therefore a matter of public policy.

Definition of Trade Secret.
The Economic Espionage Act of 1996 defines trade secret consistently with the common law.  The owner must derive economic or business benefit from the secrecy.  The owner must take reasonable protective measures.  And the information that is the trade secret can be very broadly defined as:

all forms and types of financial, business, scientific, technical, economic or engineering information, including patterns, plans, compilations, program devices, formulas, designs, prototypes, methods, techniques, processes, procedures, programs, or codes, whether tangible or intangible, and whether or how stored, compiled or memorialized physically, electronically, graphically, photographically, or in writing.”   18 U.S.C. 1839(3).

Economic Espionage.
In the case of espionage, the offense occurs when the misappropriation of trade secret is done “knowingly and without authorization,” while “intending or knowing that the offense will benefit any foreign government, foreign instrumentality or foreign agent.”   18 U.S.C. 1831(a).

“Economic espionage” occurs when such a person “steals, or without authorization, takes, carries away, or conceals, or by fraud, artifice, or deception, obtains a trade secret.”  18 U.S.C. 1831(a)(1).  Receipt of a stolen trade secret, attempted theft or attempted receipt, and conspiracy to do so, are also “economic espionage.”  18 U.S.C. 1831(a)(2), (a)(3), (a)(4) and (a)(5).

Theft of Trade Secrets.
Under the same law, the offense of “theft of trade secrets” occurs, when the same acts are undertaken “with intent to convert a trade secret…to the economic benefit of anyone other than the owner thereof” and “intending or knowing that the offense will injure any owner of that trade secret.”  18 U.S.C. 1832(a).  Similarly, receipt, attempted theft, attempted receipt and conspiracy are all predicate offenses for “theft of trade secrets.”

Penalties.
The penalties for espionage are more severe than for simple theft of trade secrets.  For economic espionage, individuals are subject to penalties of $500,000 and 15 years’ imprisonment per offense, while any “organization” that commits an offense is subject to a fine up to $10 million.    For theft of trade secrets, individuals are subject to fines and imprisonment of up to 10 years, while organizations are subject to fines up to $5 million.  18 U.S.C. 1831(b) and 1832(b).

Inapplicability to Trade in Services.
The Economic Espionage Act of 1996 does not necessarily protect trade secrets when there is a delivery or performance of services that use trade secrets in only one state in the Untied States, or where there is no resulting sale of a product.

Thus, in the case of “theft of trade secrets,” the offense exists only where the conversion (theft) of the trade secret “is related to or included in a product that is produced for or placed in interstate commerce or foreign commerce” of the United States.  18 U.S.C. 1832(a).  If the thief is in the business of providing services, then this statutory requirement would appear to fail.  Thus, customers that are consultants, advisors, or providers of intangibles (such as license rights, banking services, financial advice, etc.) would appear not to fall under this statute.

Place where Offense is Committed.
The Economic Espionage Act of 1996 covers conduct occurring anywhere in the world.  However, acts done outside the United States are only covered where either (1) the offender (a “natural person”) is a U.S. citizen or permanent resident alien or an “organization” organized under American law, or (2) an act in furtherance of the offense was committed in the United States.”  18 U.S.C. 1837.

Thus, economic espionage or theft of trade secrets could not occur if the act were done between non-resident aliens and there was no furthering act in the United States.

Criminal Abuse of Trade Secrets under the U.S. National Information Infrastructure Protection Act of 1996.

Similarly, the Economic Espionage Act of 1996 adopted a subtitle, the “National Information Infrastructure Protection Act of 1996,” that expands the scope of “protected” computers.  18 USC 1030.  Under prior law, private industry computers used in government and financial institutions enjoyed protection from unauthorized access.  The National Infrastructure Protection Act of 1996 expanded the scope of protection to include computers used in business.  The new law criminalized the act of making any unauthorized communication to third parties, or the unauthorized retention, of “information from any protected computer if the conduct involved an interstate or foreign communication.”  18 U.S.C. (a)(2)(C).   It is now illegal to attempt to extort “any money or thing of value” from any person, firm, governmental entity or other legal entity, by transmitting any communication (in interstate or foreign commerce of the United States) that contains a “threat to cause damage to a protected computer.”   18 U.S.C. 1830(a)(7).

Impact of Espionage Law on Outsourcing.
Outsourcing companies that manage “protected” computer networks for their clients must interpret this law.  Does it prevent an outsourcer from threatening to “damage” a computer in order to get paid the amount lawfully due under the contract?   The statute does not define “damage” to include consequential damage (where the client’s business is damaged but the client’s computers are not.  Rather, “damage” is defined as “any impairment to the integrity or availability of data, a program, a system or information” that where the impairment causes any one of three types of loss: (1) any loss of $5,000 or more in value during any one-year period “to one or more individuals,” (2) any actual or potential modification or impairment to “the medical examination, diagnosis, treatment, or case of one or more individuals, (3) any physical injury to any person, or (4) any threat to public health or safety.  18 U.S.C. (e)(8).

As a result, the National Information Infrastructure Protection Act of 1996 does prevent outsourcers from shutting down, or threatening to shut down, facilities or services that are used in providing medical, emergency or public safety services.

Criminal Prosecutions under the Espionage Act.
As of January 2003, only about 35 prosecutions had been filed against people accused of abusing trade secrets or threatening protected computers.   According to a January 2003 article by The Associated Press, prosecutors charged a college student with theft of hundreds of secret documents from a large national law firm where the student had worked as a summer clerk.  The student allegedly stole documents from files that his job required him to examine for purposes of litigation for the law firm’s client.  The student reportedly sent copies of such documents to three websites for posting, though he was not claimed to have done so in return for any money.  The trade secrets were owned by DirecTV, owned by Hughes Electronics Corp., which said that it had invested over $25 million in the development of its most recent “Period 4” anti-piracy access cards for viewer satellite TV signal descrambler boxes.   The recipient websites, none of which apparently solicited this particular set of secrets, reportedly were offering their readership information on how to obtain access to satellite television signals.

Lessons Learned from the Crimes of Others.
While this case focused on the prosecution of the allegedly rogue student, The Associated Press article did not discuss the vicarious liability of the national law firm that hired the student, or the liability of the national law firm for any negligence in the hiring or supervision of the student and the documents to which the student had access.

Service providers should adopt measures in the fields of document access, physical security of documentation and hiring and supervision of employees.  Ultimately, however, even a well-designed system to prevent “insider” abuses will not stop someone from abusing a trust.  However, even the independent abuse of trust by a rogue employee might not shield the employer.

International Outsourcing.

This U.S. legislation governs activity conducted in the United States.  It may cover foreign activity having an impact in the United States.  But extension of criminal jurisdiction one country’s laws into another country generally is treated as an infringement on sovereignty, and lacking in “comity” between nations, if there is no treaty or convention authorizing such extension.  Accordingly, contracting with foreign service providers  does not involve the same legal enforcement rights as a purely domestic American contract.

International Outsourcing: Business Judgment Factors

October 9, 2009 by

Summary.

Why do you need an international outsourcing strategy?  You might be negligent if you don’t have one.

Fiduciary Duty.

Directors are legally responsible for managing their companies.  They have a duty to exercise their own business judgment for the best interests of the company and its shareholders. Offshore outsourcing has matured in many industries to the point where it could arguably be a breach of that fiduciary duty not to send some work offshore.

The benefits to the company and shareholders of offshore outsourcing could include cheaper supplies, more competitive services by service providers or suppliers, lower cost of capital, speedier entry into the market and other reasons.

Against such benefits the directors must consider the commercial, legal, reputational, foreign currency, security, intellectual property, human resources and other risks involved in any outsourcing, particularly an international outsourcing.

Negligence.

Any lawyer will tell you what negligence is: you owe a duty to follow a standard of care, and when you fail to follow that standard of care, your failure proximately (predictably) causes the damage that actually results.

Business Judgment Rule.

One of the first principles of corporate governance is that the board of directors has a duty to exercise its business judgment in managing the affairs of a company.  This rule requires active decisions, not neglect.  Given the globalization of economy and the potential significant benefits of offshore outsourcing, it could be argued that every board of directors must consider international outsourcing.

Sarbanes-Oxley Act of 2002: Is Insourcing a Material Risk?

SEC regulations under the Sarbanes-Oxley Act requires disclosure of material contingencies.  See Sarbanes Oxley and Outsourcing.  Is it material not to seize business opportunities that could cut costs materially?

Investor Interest.

If your company’s shares are publicly traded, you need to consider the effect of your outsourcing strategy upon investors, particularly mutual fund managers and hedge fund managers.

Fund Manager’s Perspective.
In an interview published in The Wall Street Journal on January 28, 2003, Richard Lane, co-manager of a $650 million FMI Focus Fund, concluded that he would not invest his fund’s money in shares of companies that lack a “good outsourcing strategy to China.”   His rationale: “The companies that are faster at outsourcing either products or components … will get a leg up on the competition.”

Investment Banker’s Perspective.
Investment bankers advise on capital structures of companies.  A management tool that harnesses low-cost suppliers effectively frees capital for spending on core business opportunities.

“Join the Bandwagon” into Foreign Sourcing.

In February 2003, Foote Partners reported as many as 35 percent to 45 percent of U.S. and Canadian Information Technology workers will be outsourced – replaced by contractors, consultants, offshore technicians and part-time workers – by 2005. The survey, based on discussions with 1,880 private sector and government employers, found American companies “can’t afford to do application development in the U.S. anymore (because) the nature of the business has changed.”  Similarly, Forrester Research estimated in 2003 that the $4 billion in U.S. wages that floated offshore in 2000 will become a tidal wave of $136 billion – and 3.3 million IT-related jobs – by 2015. One reason: It’s now easier to contract maintenance and support via Web-based collaborative tools, high-speed data networks, cost-effective bandwidth and standardized business applications. U.S. IT workers facing displacement are encouraged to retrain in project management or technologies, such as IT security and wireless networking.

Caveat.

Outsourcing can involve considerable risk.  For example, the existence of foreign legislation for protection of intellectual property or data protection might be clear, but the local government’s enforcement policy and judicial experience might not be favorable.  Certain countries have a reputation for disregard of misappropriation of intellectual property rights despite laws protecting such rights.  Depending on the type of functions or operations that can be outsourced, such risks might be mitigated by special strategies.  Bierce & Kenerson, P.C. has advised multinational clients on such strategies.