GLORY AND RISKS OF INFORMATION

GLORY AND RISKS OF INFORMATION –

Data Protection and Trade Secret

Kumiko Kitaoka

David Moore

BRUNDIDGE & STANGER PC

1

Outline of Today’s Presentation

Growing Interest and Concern

New Trade Secret Law around the globe

7-12 Hypothetical:

Hurts Business, People, Government

Intellectual Property?

Problem

1. Measures: NDA, Security

2. Independent value

3. Ownership

Critical technology in the coming decade

Key Sectors

Telecommunication

Health information

IoT

Trump to Biden

USChinaJapan

2

Soaring Value of Trade Secrets and DataRecent developments worldwide

Trade Secret protection is the only option in some situations:

(i) the earliest stages of innovation,

(ii) not eligible for patents or other intellectual property protection, such as biological processes, abstract ideas, business or commercial procedures, methods and plans.

vs

3


For example,

The U.S. courts invalidate claims directed to judicial

exceptions under 35 U.S.C. § 101.

❑Alice – abstract idea

❑Mayo/Myriad – natural products/phenomenon

The Court invalidated Myriad’s patent.

vs

4


Can Myriad maintain its market dominance by trade secrets?

Research institutions have collected and have kept a staggering volume of genetic data.

In favor of the improved analytical power, data are consolidated.

“Biobanks” are formed to correlate genetic/genomic data with health information of participants.

See Jorge L. Contreras, The False Promise of Health Data Ownership, 94 NYU L. REV. (2019) (global health data valued at $100 billion per year); Matthew Herper, Surprise! With $60 Million Genentech Deal, 23andMe Has A Business Plan, FORBES, (Jan. 6, 2015, 9:58 am), https://www.forbes.com/sites/matthewherper/2015/01/06/surprise-with-60-million-genentech-deal-23andme-has-a-business-plan/#3913bcbb2be9 (“[t]he deal is the first of ten 23andMe says it has signed with large pharmaceutical and biotech companies.”)

vs

5


AI + Machine Learning

Automated technical/operational

Improvement

Surpasses Human Analysis

Needs BIG Data6


1. JAPAN: 平成２７年不正競争防止法の改正

改正の背景:

i. 近年の営業秘密漏えいに関する大型事案. E.g., 新日鐵住金 VS. ポスコ

ii. 潜在成長力の抜本的な底上げを図り、持続的な成長軌道に乗せるためには、我が国の強みである優れた人財によって成し遂げられるイノベーションによって国際競争力を増進させることが必要不可欠。

iii. 一部の裁判例等において秘密管理性の認定が厳しいとの指摘や認定の予見可能性を高めるべきとの指摘がある

iv. 我が国の営業秘密侵害の他国と比較すると取締件数は少なく、近年、組織内にスパイを送り込む、企業 PC にデータ自動送信デバイスを埋め込むなど、漏えいの手口が多様化・巧妙化

v. 民事措置及び刑事罰について、真に実効性や抑止力向上のために必要な法制度はいかなるものかといった視点 7


1. JAPAN: 平成２７年不正競争防止法の改正

i. 最初の不正開示者から開示を受けた者（２次取得者）以降の者から不正開示を受けた者（３次取得者以降の者）の不正使用・不正開示行為を処罰対象に追加。

ii. 未遂行為の処罰

iii. 営業秘密侵害品の譲渡・輸出入等の規制 (特許権侵害品と同様に、他人の営業秘密の不正使用により生産した製品の譲渡・輸出入等を禁止。民事上の損害賠償請求と差止請求の対象とするとともに、刑事罰の対象にも追加)

iv. 国外犯処罰の範囲拡大

v. 一定の場合に、生産技術等の不正使用の事実について民事訴訟上の立証責任を転換。侵害者（被告）が「違法に取得した技術を使っていないこと」を立証

vi. 除斥期間の延長。営業秘密の不正使用に対する差止請求の期間制限（除斥期間）を延長（１０年→２０年）。

● https://www.meti.go.jp/policy/economy/chizai/chiteki/kaisei_archive.html#h30. 8

https://www.meti.go.jp/policy/economy/chizai/chiteki/kaisei_archive.html#h30


2. JAPAN: 平成30年不正競争防止法の改正

i. ID・パスワードなどの技術的な管理を施して提供されるデータ【限定提供データ】を不正に取得・使用等する行為を、新たに『不正競争行為』とし、これに対する差止請求権等の民事措置を創設する。

ii. 提供されるデータ=複数の企業間で提供・共有されることで、新たな事業の創出につながる

iii.コンテンツに施される暗号などのプロテクト技術【技術的制限手段】の効果を妨げ“プロテクト破りを可能とする装置の提供等に、保護対象にデータを追加するとともに、妨げる行為にサービスの提供等を追加する。

+

+ 技術的制限手段の効果を妨げる装置・プログラムなどの提供等

サービスの提供等

映像、音などのコンテンツの視聴等データの処理

9


1. JAPAN: 営業秘密漏えい、不正開示対策

✔営業秘密漏えいの防止に向け、我が国の企業において行われている、情報

体系の構築・ランク付け、ログ・パスワード、設計履歴の管理、人事管理

の確認といった取組を強化すべきである。

✔例えば、入社時に問題がなくても、キャリアアップして企業の重要情報に

アクセスできるようになったときに産業スパイに誘われ変貌する場合があ

ることから、人事管理と連携した取り組み強化が重要である。10

Modernizing Trade Secrets ProtectionRecent developments worldwide

● EUROPE: New Directive on Trade Secret Protection

1. In 2017, the European Union issued Directive 2016/943 on the protection of undisclosed know-how and business information to bring uniformity (effectively implementing TRIPS Article 39.2) and wider & stronger protection for trade secrets in member countries.

2. Directive covers the definition of trade secrets, lawful and unlawful acquisition, exceptions and measures against abusive litigations, damages and preservation of confidentiality during legal proceedings.

3. In Directive, trade secrets are not considered as an IP rights. But WIPO considers it as IPR.

4. To seek legal remedy, courts determine whether the trade secret holder has legitimate ownership of the information.

11

Leveraging Trade Secrets and DataRecent developments worldwide

● UNITED STATES: Federal and State Trade Secret Protection

1. 2016 Enactment of the Defend Trade Secrets Act (DTSA) created a federal civil cause of action for the misappropriation of a trade secret. Similar definition of TS with Uniform Trade Secret Act (UTSA).

2. Co-exists with state laws affording trade secret protection.

3. The possibility of a seizure order under “extraordinary circumstances”.

A court may enter an ex parte seizure order to “prevent the propagation or dissemination” of the trade secret.

4. Extensive Investigation and Enforcement of Corporate Espionage Cases.

E.g., In December 2014, the FBI announced that it had attributed cyber attacks on Sony Pictures Entertainment to the North Korean government. 4

12

U.S. Attorneys » Eastern District of New York » News

SHARE

Department of Justice

U.S. Attorney’s Office

Eastern District of New York

FOR IMMEDIATE RELEASE

Thursday, February 13, 2020

Chinese Telecommunications Conglomerate Huawei and Subsidiaries Charged in Racketeering Conspiracy and

Conspiracy to Steal Trade Secrets

Charges also Reveal Huawei’s Business in North Korea and Assistance to the Government of Iran in Performing Domestic Surveillance

WASHINGTON – A superseding indictment was returned yesterday in federal court in Brooklyn, New York, charging Huawei Technologies Co., Ltd. (Huawei), the world’s largest

telecommunications equipment manufacturer, and two U.S. subsidiaries with conspiracy to violate the Racketeer Influenced and Corrupt Organizations Act (RICO).

The 16-count superseding indictment also adds a charge of conspiracy to steal trade secrets stemming from the China-based company’s alleged long-running practice of using fraud and deception to

misappropriate sophisticated technology from U.S. counterparts.

The indicted defendants include Huawei and four official and unofficial subsidiaries — Huawei Device Co., Ltd. (Huawei Device), Huawei Device USA Inc. (Huawei USA), Futurewei Technologies,

Inc. (Futurewei) and Skycom Tech Co. Ltd. (Skycom) — as well as Huawei’s Chief Financial Officer (CFO) Wanzhou Meng (Meng).[1] The new superseding indictment also contains the charges from

the prior superseding indictment, which was unsealed in January 2019.

Richard P. Donoghue, United States Attorney for the Eastern District of New York; Brian A. Benczkowski, Assistant Attorney General of the Justice Department’s Criminal Division; John C. Demers,

Assistant Attorney General of the Justice Department’s National Security Division; and Christopher A. Wray, Director, Federal Bureau of Investigation (FBI), announced the charges.

Mr. Donoghue thanked the FBI, Homeland Security Investigations (HSI), U.S. Department of Commerce Office of Export Enforcement (OEE) and the Defense Criminal Investigative Service (DCIS)

agents who are investigating this case for their tireless work and dedication.13

https://www.justice.gov/usao

https://www.justice.gov/usao-edny

https://www.justice.gov/usao-edny/pr

https://www.justice.gov/usao-edny/pr/chinese-telecommunications-conglomerate-huawei-and-subsidiaries-charged-racketeering#_ftn1

Deepening Concern about Trade Secrets and Data

Recent developments worldwide

● CHINA: New Trade Secret Law

1993 Chinese Law against Unfair Competition (Article 10) – Amended in 2017 and 2019.

i. Addresses illicit use of trade secrets and the act of electronic intrusion of trade secret information.

ii. Confidentiality between employer and employees, between licensor and licensees

iii. Covers aiding of a trade secret theft.

iv. Introduces punitive damages.

v. Shifting burden of proof to a defendant. When preliminary evidence that a plaintiff has taken measures to keep the information secret and reasonably demonstrate that the secret information has been misappropriated, the alleged infringer shall prove that there is no such misappropriation

14

Cybercrime Map

1

2

15

Cyber crimes target remote working employeessince the 2020 economic lockdown

● The average total cost of a data breach increased by nearly 10% $3.86 M to $4.24 M 2020 to 2021, the largest single year cost increase in the last seven years.

● Remote working and digital transformation due to the COVID-19 pandemic increased the average total cost of a data breach.

● Healthcare organizations experienced the highest average cost of a data breach, for the eleventh year in a row.

● Organizations with fully deployed security AI and automation experienced breach costs of $2.90 million, compared to $6.71 million at organizations without security AI and automation.

16

Hypothetical scenario

Glory works as associate counsel at Seven Twelve, a US subsidiary of a Japanese corporation. ST operates convenience stores and gas stations in Virginia, Maryland, DC, Pennsylvania, Japan, and Germany.

Customers use credit and debit cards at cashiers or pumps of stores to pay for gas or goods. Seven Twelve retains customer information and stores in servers located in Richmond, VA. 17


In September 2019, VISA and other card companies sent an alarm to retail stores that criminal actors increasingly target point-of-sale systems at fuel dispenser merchants due to the slower migration to chip technology on many terminals. Glory was made aware of the warning, and she asked her supervisor for any necessary action. The supervisor advised Glory to check on recommendations by security experts. Glory obtained an industry data security standards and made sure:

18


1) Installed and maintained a firewall configuration to protect cardholder data at devices,

2) Changed vendor-supplied default passwords to strong passwords,3) Continued to retain unreadable sensitive authentication data after

card authorization, 4) Encrypted transmission of data, 5) Updated anti-virus software and malware detection, 19


6) Established a process to identify security vulnerabilities, including immediate adoption of security patches, web-based administrative access,

7) Restricted the number of employees who have access to the data system, and made them sign an NDA

8) Implemented a strict policy for vendors/affiliates to follow when using the company’s system,

9) Used appropriate facility entry control systems, 10) Made and disseminated a security policy to all employees

20


• Riskwei is an Indian corporation with new mobile payment technology used in Southeast

Asia.

• ST was approached by Riskwei to install a more secure card payment system.

• ST entered into a purchase agreement of a card-processing system with Riskwei. It

provided Riskwei’s duty to regularly inspect devices at ST’s stores and take measures to

maintain ST’s confidential information.

• Riskwei engineers were required to show a name badge and go through a visitor

registration at each store in order to enter ST’s store. 21


● Riskwei, having achieved huge success in Asian countries, was yet to grasp a solid customer base in the US. Engineering Team of Riskwei (India) was constantly pressured to augment its operability with US customers.

● Riskwei’s Chief of Technology urged Riskwei’s U.S. engineers to trick ST’s employees into disclosing ST’s operational system. Engineers asked ST’s managers about such data but failed to get any info.

● Riskwei’s U.S. engineers visited ST’s Virginia store to inspect the card system, and accidentally saw an unattended computer with running operational system. They operated it and took pictures. When a store manager caught them touching the computer, Riskwei engineers tried to cover it up. The manager reported the incident to Glory.

22


• A Turkish hacker “Devid” searched ST’s weak spots to hack and steal confidential data, discovered an unprotected router in ST's internet addresses. Devid used the router to successfully access ST’s server in Virginia and spent a week to sort through the server.

• Devid found personal data on millions of ST’s customers, and he downloaded the data on October 10, 2021.

• Devid used stolen credit card information and obtained several million-dollar electronics/crypto currencies. Devid even sells stolen information on black market.

23


● October 12, 2021, one customer was approached by Riskwei’s marketing and asked to sign up

for their app-based payment system. She suspected that her personal data kept at ST was being

used by Riskwei and complained to ST.

● October 14, thousands of ST’s customers’ credit cards were used by an organized crime group.

●What Glory should do now?

24

Glory’s action

1. t

2. t

3. t

4. t

File a Cyber crime report at the police or FBI

Hire an outside cybersecurity firm to investigate the hacking incident

Hire a qualified lawyer of B&S to prepare for potential litigation

Fire the store manager and the IT 25

TRADE SECRET CLAIMS ???

● Trade Secret is “defined” almost identically in many countries, in accordance with

TRIPS and Directive, except India.

● In DTSA (a federal statute), all forms and types of financial, business, scientific,

technical, economic, or engineering information, including patterns, plans,

compilations, program devices, formulas, designs, prototypes, methods, techniques,

processes, procedures, programs, or codes, whether tangible or intangible, and

whether or how stored, compiled, or memorialized physically, electronically,

graphically, photographically, or in writing.

26

Q1

Can a trade secret exist in material or

process made of known components?

DEFINITION AND QUESTIONS

Yes

Q2

Can we protect an invention as a trade

secret if a published patent application

reciting such invention has been rejected?

DEFINITION AND QUESTIONS

Yes, in many cases

Case: An owner of a US patent and two trade secrets sued its rival for willful misappropriation of TS

and patent infringement.

Jury verdict: patent infringement and one trade secret misappropriation.

Damages: TS - $2,620,275.00.

Damages: Patent - $50,000

BBA Nonwovens Simpsonville, Inc. v. Superior Nonwovens, LLC, 303 F.3d 1332 (Fed. Cir. 2002)

+ enhanced damages of $50,000

+ punitive damages of $1,310,137.50

Reason: South Carolina initially adopted the UTSA, but later enacted the South Carolina Trade Secrets

Act ("SCTSA"), which expands the definition of trade secret by adding to the types of information.

“common law” that continues protection of combination of individually otherwise known matter when

the combination produces a new and useful advantage.

29

ST’S TRADE SECRET CLAIMS

● ST’s collection of customer information (including credit card details),

should fall within business information even if there was an unsecured

router in ST’s system.

○ST’s operational system (system architecture, UX/UI design,

methods of processing large data in a timely manner, etc.) should

fall within business and engineering information.

● Information like these is not a great candidate for patent protection.

30

● DTSA (a federal statute) requires:

i. the owner has taken reasonable measures to keep information secret;

ii. the information derives independent economic value, actual or potential,

from not being generally known to; and

iii. not being readily ascertainable through proper means by, another person

who can obtain economic value from the disclosure or use of the

information.

31

● Was ST’s customer information kept secret with reasonable measures for secrecy? Was it readily ascertainable? Did it have independent economic value?

❑ How was it collected and kept? What was included? Who had access to it and how? Is it readily ascertainable from information in public domain? ST enjoyed any competitive benefit from its secrecy?

❑ Could be trade secret even if there was an unsecured router in ST’s system. See The Good Drop LLC v. Hayes, No. 6:15-CV-00268-AA, 2016 WL 4134557, at *5 (D. Or. Aug. 1, 2016) (a customer list that is kept secret with a reasonable measure is TS); Haught v. Louis Berkman LLC, 417 F. Supp. 2d 777, 782 (N.D.W. Va. 2006) (confidential documents containing customer lists, potential customer lists, pricing information, profit margins, costs, personnel records and financial information); KeyView Labs, Inc. v. Barger, No. 8:20-CV-2131-T-36AEP, 2020 WL 8224618, at *4 (M.D. Fla. Dec. 22, 2020)


32

● Was ST’s computer system (architecture, UX/UI design, methods of processing large data in a timely manner, etc.) trade secrets?

❑ How was it created? Who had access to it and how? Is it readily ascertainable? Was the access through an unattended and unlocked computer a reasonable measure to protect its secrecy?

❑ Some of these can be TS. See AirWatch LLC v. Mobile Iron, Inc., No. 1:12-CV-3571-JEC, 2013 WL 4757491, at *3 (N.D. Ga. Sept. 4, 2013) (); Integrated Cash Mgmt. Serv., Inc. v. Dig. Transactions, Inc., 920 F.2d 171, 173–74 (2d Cir. 1990); Fabkom, Inc. v. R.W. Smith & Assocs., Inc., No. 95 Civ. 4552, 1996 WL 531873, at *6 (S.D.N.Y. Sept. 19, 1996) (system architecture is TS); Broker Genius, Inc. v. Zalta, 280 F. Supp. 3d 495, 515 (S.D.N.Y. 2017) (use of tiers and different cycling speeds to address scalability is protectable). But see Agency Solutions.Com, LLC v. TriZetto Grp., Inc., 819 F.Supp.2d 1001, 1028 (E.D.Cal.2011) (appearance and functionality are not TS); LinkCo, Inc. v. Fujitsu Ltd., 230 F. Supp. 2d 492, 499 (S.D.N.Y. 2002) (system’s architecture is not TS).


33

OTHER REMEDIES & PROBLEMS ???

1. Can Glory choose Japan as a place for litigation?

2. Can Glory choose to sue under a state statute protecting trade secrets?

3. How much is the cost of litigation?

4. Can ST get damages?

5. What is the prospect of criminal charge/prosecution against Riskwei and Devid?

6. Other claims?

7. ST is at risk of privacy lawsuit?

8. ST is at risk of shareholder lawsuit?

34

Register by sending an email to [email protected] with names of the attendee and his/her organization.

Professor Anderson teaches patent law, intellectual property, trade secrets, and property. His academic articles have been cited by a variety of sources, including the United States Supreme Court, the United States Court of Appeals for the Federal Circuit, and the New York Times.

Prior to entering academia, Professor Anderson clerked for Judge Alan D. Lourie of the U.S. Court of Appeals for the Federal Circuit. Before that, he also practiced patent litigation and intellectual property licensing at Latham & Watkins in Silicon Valley, California. Professor Anderson is a graduate of the University of Utah (B.S., Physics; minor in Creative Writing) and Harvard Law School (J.D.).

TRADE SECRET SPECIAL WEBINARProfessor Jonas Anderson: Washington College of Law/American University

November 5th Friday, 6:45 PM to 7:45 PM FREE

35

mailto:[email protected]

SPEAKER BIO

KUMIKO KITAOKA

[email protected]

▪ 東京大学工学部数理工学科卒。東京大学医学部医学科卒。ジョージワシントン

大学法学士号及び修士号取得。東京医科大学放射線科非常勤医師。

▪ 判事補として勤務後，国内の法律事務所で国際取引，医療過誤訴訟，知的財産

訴訟等を担当。現在BRUNDIDGE & STANGER特許法律事務所に勤務。

▪ 半導体特許、医薬品特許の出願、訴訟を経験。

▪ 東京国際知的財産仲裁センター /IACT SECRETARY GENERAL36

ご聴取ありがとうございました.

お時間があれば、私またはこのセミナーの主催者にご質問をお送りください。

ご意見、フィードバックは非常にありがたく、将来のウェビナーを計画調整するのに役立ちます。

TRADE SECRET SPECIAL WEBINARにご参加ください 37

Documents

GLORY AND RISKS OF INFORMATION