By By Michael A. Gehret, Ed Roberson and Thomas Shields
This is the second in a two-part series on the protection of trade secrets. Part 1 ran in the July 31 issue of The Enterprise.
Pursuing the Thief
If your company does find itself in the unfortunate and unenviable position of having its trade secrets stolen, it should take swift action to minimize the dissemination of that information and the economic impact of the theft. Under federal law and the laws of most states, the misappropriation of trade secret information is a crime with harsh penalties. However, many companies that have been the victims of trade secret theft choose not to pursue criminal punishment, but instead take action to obtain civil relief.
The reasons for pursuing civil relief rather than criminal will vary, but often companies will go the civil litigation route because they view it as the quicker avenue to relief over which they have greater control. In a civil lawsuit, the company can choose when to file, whether it will seek emergency relief and ultimately whether it wants to dismiss the lawsuit and under what conditions. In a criminal action, the company may have influence over these decisions, but ultimately the decisions lie with the particular prosecuting authority.
If your company chooses to pursue civil relief in addition to or instead of criminal prosecution, the newly enacted Federal Defend Trade Secrets Act (DTSA), as well as state legislation, such as the Utah Trade Secrets Act (UTSA), provide significant remedies to victims of trade secret theft. These include enjoining the use of the information and compensating the victim company for the damages it has experienced as a result of the theft. Typically, one of the first actions a company will take in trade secret litigation is to seek an immediate injunction to prevent any use of the information by the accused thief and end user (new employer or company). In addition to injunctive relief, the DTSA allows the victim company to seek an ex parte seizure order, under which the court orders the U.S. marshalls to seize property of those accused of having the stolen information to prevent the use and dissemination of the stolen information.
Of course, it is one thing to have statutes that provide for these remedies, it is another thing for a company to prove they are entitled to them. If your company does file a trade secret lawsuit, it will need to establish through credible evidence that its secret information has been wrongfully taken and, in many instances, that its information is being wrongfully used by a competitor. This means that in all likelihood, your company and your attorney will be working with a computer forensics company to gather evidence of the misappropriation.
In the event that trade secret information has been misappropriated, a team of digital forensics experts can step in to not only search for digital footprints of any wrongdoing, but to also identify and securely destroy trade secret protected data in any unauthorized location.
Any time data is added to, removed from, moved, modified or deleted within a network or device, digital breadcrumbs indicating this change are left behind. Even for the most knowledgeable user, completely erasing this trail of evidence is nearly impossible. These digital breadcrumbs are referred to as metadata, which is simply “data about data.” This metadata is key in determining what, and possibly who, has accessed your data and what has been done with it.
In many cases, a forensics examiner starts by creating an exact forensic copy of an individual’s workstation, company issued laptop and mobile device. They may also create forensic copies of shared network drives, email and cloud storage accounts. These digital copies even contain deleted information, which can be reconstructed. Then, by working in these digital copies, the examiner combs through the metadata to retrace a user’s digital footprints.
One way this can be achieved is by analyzing the connected device logs of items such as USB drives, external hard drives, phones and tablets. An examiner can also identify activity in lists of frequently and recently accessed files and documents that are stored by Windows and Mac devices. These are just two of the vast number of ways in which digital evidence is gathered by carefully studying the metadata that lies under the hood. As a forensics investigator continues to dig deeper, they utilize previously uncovered evidence to direct their efforts in finding the next piece of evidence, and, hopefully, the smoking gun or flash drive.
While utilizing a physical storage device is one of the most common ways in which data is misappropriated from an organization, it is critical to also analyze email traffic, cloud storage and backups.
Once an opposing party’s data has been handed over in discovery, an e-discovery team composed of data and digital forensics experts can begin the task of determining whether or not protected trade secret data exists in the hands of a competitor or unauthorized individual. This can be accomplished by comparing opposing sets of data. Every piece of data, whether it be a PowerPoint slide, spreadsheet, photo, etc., has a unique digital signature that is only found with that specific piece of data. This digital signature is known as a hash value. By comparing these hash values, copies of an organization’s data can be quickly identified. Should a copy of protected data be altered (e.g., a Word document containing trade secret information where the originating organization’s name has been deleted or replaced), the unique hash value changes. However, technology exists to find near-duplicates across multiple datasets. During this process, an e-discovery vendor works with counsel to establish a threshold of the percentage in which two or more documents are similar. These near-duplicates can then be easily compared side by side and identified.
After misappropriated trade secret data has been identified, digital forensics experts can serve even further as a third-party data clean-up crew and delete and verify the deletion of data identified and agreed upon by counsel. Needless to say, in trade secret litigation, your digital forensics expert will play a critical role in the success of your case.
Trade secret theft is already pervasive, and it continues to get worse. It is time and money well spent to ensure that your company has in place protocols to protect access to its valuable information and to make it easier to detect and prove theft if it occurs.
Michael A. Gehret is a partner in the Salt Lake City office of Snell & Wilmer. His practice is concentrated in commercial litigation where he advises clients on a variety of intellectual property and regulatory matters.
Ed Roberson is director of business development for JourneyTEAM, a Utah based business technology consulting firm established in 1993. His practice focuses on helping companies bridge the gap between IT and the strategic operations of business units.
Thomas Shields is a senior discovery consultant with Xact Data Discovery’s Salt Lake City office. He consults with law firms, government agencies, and private corporations in areas of information governance, digital forensics, e-discovery and managed attorney review.