1. TRADE SECRETS IN CLOUD COMPUTING
[FINAL THESIS PAPER]
KHYATI DHULIA
UNIVERSITY OF WASHINGTON SCHOOL OF LAW
SPRING 2010
ADVISOR: PROF.G.ROBERT
2. Table of Contents
I. ABSTRACT...................................................................................................................................... 3
II. INTRODUCTION ............................................................................................................................ 3
III. BASIC INTRODUCTION TO CLOUD COMPUTING ........................................................................... 5
IV. OVERVIEW OF TRADE SECRET LAW.............................................................................................. 8
V. THE PROBLEM: TRADE SECRET LAW APPLIED TO CLOUD COMPUTING ........................................ 30
VI. MEASURES TO BE ADOPTED BY END USER TO SAFEGUARD TRADE SECRET UNDER REASONABLE
STANDARD TEST................................................................................................................................. 36
VII. CONCLUSION ........................................................................................................................... 41
2
3. I. Abstract
Trade secrets provide protection against the misappropriation of undisclosed information
which has economic value and which the owner has taken reasonable steps to protect from
disclosure. The paper analyzes and discusses the legal issues of hosting data in the cloud in
context of trade secret law. It starts with basic introduction to cloud computing and explains
the different types of services offered to the end user by the cloud service provider. It discusses
in detail the reasonable standard test under the doctrines of various judicial principles and
enumerates the steps, which the various courts have regarded as reasonable. It lists all
measures that the end user of cloud computing services can take to safeguard the trade secret
under reasonable standard test. The discussion goes on further to understand the various
jurisdictional issues that arise because the data in the cloud might be stored in different
locations. At the end, it provides a checklist that could help the end user to leverage the
benefits of cloud computing without losing the trade secret status of data or application.
II. Introduction
“If nature has made any one thing less susceptible than all others of exclusive property, it is the
action of the thinking power called an idea, which an individual may exclusively possess as long
as he keeps it to himself; but the moment it is divulged, it forces itself into the possession of
every one, and the receiver cannot dispossess himself of it”1.
1
Deborah Azar, Method to protect computer programs: the integration of copyright, trade secrets, and
anticircumvention measures. Utah L. Rev. 1395 (2008) Original Citation: Letter from Thomas Jefferson to
Isaac McPherson (Aug. 13, 1813), 13, THE WRITINGS OF THOMAS JEFFERSON 326, 333–34 (Albert Ellery
Bergh ed., 1907).
3
4. The quintessence of heart of the trade secret law2 is that the information is protected as long
as, it is kept a secret. Once the information is exposed, it loses the secrecy component and is
available for use to the rest of the world. Information technology is rapidly changing the
mechanism in which information is acquired, processed, organized and stored in various
applications. This explosive growth in the exchange of information brings new challenges to the
relevance and application of trade secret law3.
Moreover, the emergence of the Internet and digitalization are posing new challenges to the
old and established principles of trade secret law. The advent of Internet and digitalization has
a lasting impact in the manner, we protect and safeguard our trade secrets. Trade secret law
has not changed in last twenty years, and therefore emergence of electronic storage and
dissemination of company’s most prized business strains the law’s ability to protect valuable
information.4.The new technological breakthrough in the arena of technology is cloud
computing. When companies use cloud computing, they, no longer have to store data in their
own data centers but instead store it in cloud and leverage the economies of scale and resulting
cost savings. Information stored in safety of one’s house, office’s private server or hard disk in
comparison with storage in third party’s remote data center poses question not only about the
security of the information but also about protection accorded under regimes of law like trade
secret. Trade secret law is one of the most elusive and difficult concepts in the law to define5
2 Robert C. Dorr & Christopher Munch, Protecting Trade Secrets, Patents, Copyrights and Trade Marks,
§2.01[B], Third Edition, Wiley Law Pubns (1980)
3 Arbi. B. Good, Trade Secrets and the New Realities of the Internet Age 2.Marq. Intell. Prop. L. Rev. 51 (52‐54)
(1998)
4Babraa L. Moore. Protecting trade secrets on the Internet. Executive Counsel,
http://www.eapdlaw.com/files/News/44bbfbfe‐67c9‐407c‐a160
b3da02488307/Presentation/NewsAttachment/26a05ae8216c4dc983f5bc4b3d016c99/Protecting%20Trad
e%20Secrets_Barbara%20Moore.pdf
5 Lear Siegler, Inc. v. Ark‐Ell Springs, Inc., 569 F.2d 286, 288 (5th Cir. 1978)
4
5. and hence its applicability and adaptability to this virtualized world of computing is complicated
to comprehend. Storage of the valuable information in the far realms of the remote data
centers has several legal implications, which is outside the scope of this paper. However, this
paper will focus on cloud computing specifically in the context of reasonable standard test
under trade secrets law.
III. Basic Introduction to Cloud Computing
Innovation fosters technology and technology challenges the old school of thought of legalities.
Fostering innovation is the genesis of intellectual property law. In the past era, there have been
number of technological changes that have changed the way we live today. The manner in
which mass production of electricity in a single unit has changed the economics of scale, in a
similar fashion, cloud computing is changing the way in which companies store their data
and/or host applications. Nicholas Carr of Big Switch emphatically states that “Now, we are in
midst of another epochal transformation. What happened to the generation of power of century
ago is now happening to the processing of information in form of cloud computing”6. Typically,
the cloud computing infrastructure resides in a large data center and is managed by a third
party, who provides computing and storage resources, anywhere with an Internet connection7.
In Cloud Computing, the customers do not own the physical hardware but instead “rent” the
resources that are provided by the cloud service provider. Cloud computing has changed the
6
Nicholas Carr, The Big Switch Rewiring the world from Edison to Google, W. W. Norton & Company; Reprint
edition (January 19, 2009)
7 Paul T. Jaeger, Jimmy Lin & Justin M. Grimes, Cloud Computing and Information Policy: Computing in a Policy
Cloud? Forthcoming in the Journal of Information Technology and Politics. (unpublished) Forthcoming in the
Journal of Information Technology and Politics.
5
6. economics of scale for large and small enterprises by eliminating the upfront capital
expenditure (CapEx) on hardware, software, and services as they only pay for what they use8
Cloud Computing has been defined by National Institute of Standards and Technology, as
“Cloud computing is a model for enabling convenient, on‐demand network access to a shared
pool of configurable computing resources (e.g., networks, servers, storage, applications, and
services) that can be rapidly provisioned and released with minimal management effort or
service provider interaction. This cloud model promotes availability and is composed of five
essential characteristics, three service models, and four deployment models9”.
A computing model has five different layers‐ applications, software environments, software
infrastructure, software kernel, and hardware10. At the bottom of the stack, is physical
component of the system (hardware). Above that layer is the cloud application layer which
normally the end users accesses through web‐portals. The third layer is cloud environment
layer. The users of this layer are cloud application developers. The cloud service provider
supplies developers with a programming‐language‐level environment with a set of well‐defined
APIs to facilitate the interaction. This system or layer may also be termed as software as a
service. Above that layer is, the cloud software infrastructure layer which provides fundamental
resources to other higher‐level layers, which in turn can be used to construct new cloud
software environments or cloud applications11.
8 http://en.wikipedia.org/wiki/Cloud_computing
9
http://csrc.nist.gov/groups/SNS/cloud‐computing/
10
http://blog.bluelock.com/blog/5‐layer‐model
11
Lamia Youseff & Maria Butrico, Dilma Da Silva, Toward a Unified Ontology of Cloud Computing (explaining the
different layers in cloud)
(http://docs.google.com/viewer?a=v&q=cache:vyTr8TfjRjYJ:www.cs.ucsb.edu/~lyouseff/CCOntology/CloudOntolo
gy.pdf/
6
7. There are different types clouds computing models available to the end user to suit their
business needs: public clouds, private clouds and hybrid clouds.
Public Clouds: A public cloud is one based on the standard cloud computing model, in which
the cloud service provider makes resources, such as applications and storage, available to the
end user over the Internet12.
Private Cloud: In this computing model, the resources such as application and storage are only
accessible from within the company firewall and is available to only the company employees.
Hybrid Cloud: In this computing model, the end user will manage some resources in‐house or
private cloud and some in the public cloud.
Community Cloud: In this model, the resources are available and accessible to a selected group
of trusted partners. The cloud service provider offers different kinds of computing services to
the end users. These services include Infrastructure as a service (IAAS), Platform as a Service
(PAAS) and Software as a service (SaaS).
12
http://searchcloudcomputing.techtarget.com/sDefinition/0,,sid201_gci1356516,00.html
7
8. Infrastructure as a Service (IaaS): When the cloud service provider only offers the compute,
storage and networking infrastructure, typically a hosted virtualization environment as a
service, it is offering Infrastructure as a Service13.
Platform as a Service (PaaS): When the cloud service provider is offering an integrated
platform to the end user to build, test, and deploy and automatically scale applications14, it is
offering Platform as a Service. PaaS provides a higher level abstraction over IaaS.
Software as a Service (SaaS): When the software is offered as a service by the cloud service to
the end user, it is offering Software as a Service. This service provides rich functionality of the
application and where the customer does not have the need to install, operate or manage the
application but instead subscribes to service and pays by the user.
The Cloud Service Provider is different from the traditional hosting services because it provides
the end users more control through a set of well‐defined APIs to facilitate the interaction with
the cloud resources.
IV. Overview of Trade Secret Law
The privilege to compete with others includes a privilege to adopt their business methods, ideas
or processors of manufacture. However, such privilege has certain limitations imposed by
intellectual property law. Intellectual Property law regime serves to promote progress of useful
art and science. Patents and copyrights extend protection to the originator15 for a limited
period of time on condition of its disclosure to the public.
13
http://en.wikipedia.org/wiki/Cloud_computing
14
http://en.wikipedia.org/wiki/Cloud_computing
15
Roger M Milgrim, Milgrim on Trade Secret ,Vol. 1, §1.01[1],Matthew Bender and Company Inc. (Updated
2009)
8
11. The trade secret law has originated from common law. Since its emergence in the middle of the
nineteenth century, trade secret law has developed primarily as a creature of state common
law26. The cause of action for trade secret misappropriation was imported from English
common law to American common law in a series of mid‐nineteenth century decisions by the
highest courts of several eastern states27.
The main issues during that time were whether the courts of equity had the jurisdiction to grant
injunctive relief and whether the agreements not to use or disclose were void as unlawful
restraints of trade28. In 1968, Massachusetts Supreme Court in Peabody v. Norfolk29,
expounded the trade secret law in United States30. He stated in his landmark opinion that “if a
32
Taylor v Blanchard 36 Mass.523 (1837)
33
O.& W. Thum Co v. Tloczynski , 114 Milch.149,72 N.W.140 (1987)
34
Stone v Goss, 65 N.J.Eq.756,55A.736 (1903)
35
Pressed Steel Car Co v. Standard Steel Car Co,210, Pa. 464,60 A.4 (1904)
36
Donald Chisum & Micheal A Jacobs, Understanding Intellectual Property Law , § 3B[3],Lexisnexis/Matthew
Bender (October 30, 2004)
37
James W. Hill, Trade Secrets, Unjust Enrichment, and the Classification of Obligations,4 Va. J.L. & Tech. 2 (Spring
1999)
38
Roger E. Schecter & John R Thomas, Intellectual Property, the Law of Copyrights, Patents and Trade marks,
§24.2,West Publishing Company (April 2003)
39
Donald Chisum & Micheal A Jacobs, Understanding Intellectual Property Law , § 3B[3],Lexisnexis/Matthew
Bender (October 30, 2004)
40
James W. Hill, Trade Secrets, Unjust Enrichment, and the Classification of Obligations,4 Va. J.L. & Tech. 2 (Spring
1999)
41
Piper Julie, I have a secret? Applying the Uniform Trade Secrets Act to confidential information that does not rise
to the level of trade secret status. Marq. Intell. Prop. L. Rev. (2008). Original Citation 14 A.M.JUR.3d.Proof of Facts
619,§6 (2006)
42
Henry H. Perritt, Jr, Trade Secrets: A Practitioners Guide, Practising Law Institute (PLI); 2nd edition (January 1,
2005)
43
Andrew Beckerman‐Rodau, Trade Secrets‐The New Risks to Trade Secrets Posed by Computerization, Rutgers
Computer & Tech. L.J. Vol. 28 (2002)
44
Henry H. Perritt, Jr, Trade Secrets: A Practitioners Guide, Practising Law Institute (PLI); 2nd edition (January 1,
2005)
45
Restatement of Torts (Comment b)
11
12. man establishes and makes it valuable by its skill and attention, the good will of that business is
recognized by the law as property.”31
In Taylor v Blanchard32, the court accredited the principle that “public has no right to “a
business man’s trade secrets and that a contract for their exclusive use is not a restraint of
trade..” The other historical significance cases include O.& W. Thum Co v. Tloczynski33, Stone v
Goss34 and Pressed Steel Car Co v. Standard Steel Car Co35were most significant contributors to
the body of precedent that was primary authority for United States trade secret law in early
1930’s.36
Restatement of Torts
As part of the early 20th century, the American law Institute’s 1939 Restatement Of Torts
included two sections on trade secrets.37 However, trade secrets were not addressed in the
1978 Second Restatement of Torts. The American Law Institute concluded that trade secret law
had grown more dependent on Tort law than its many other general fields of law and upon
statutory developments38
Uniform Trade Secrets Act
In the 1980’s the states began to adopt the National Conference of Commissions Uniform Trade
Secret Act (UTSA). UTSA, largely codified the common law39. UTSA, is enacted in the majority of
states. UTSA, follows the Restatement of Torts, but also relies on subsequent case laws to
provide more and useful definitive legal standards40. National Conference of Commissions
Uniform Trade Secret recognized when drafting UTSA, that “trade secret protection is more
12
13. important now because there has been an unprecedented growth in computer,
biotechnological and communications industries”41
The Restatement (Third) of Unfair Competition
In 1994, the American Law Institute published the Restatement (Third) of Unfair competition42.
Under the Restatement (Third) of Unfair Competition, a trade secret is “any information that
can be used in the operation of a business or other enterprise that is sufficiently valuable and
secret to afford an actual or potential economic advantage over others.”
The Economic Espionage Act
The Economic Espionage creates a federal crime for theft of trade secrets43. It protects trade
secrets under two provisions namely, 18 U.S.C. § 1831(a) which criminalizes the theft of trade
secrets to benefit foreign powers and 18 U.S.C. § 1832, criminalizes their theft for commercial
or economic purposes44.
B. Data that Qualifies as a Trade Secret
The end user may store wide range of data in the cloud ranging from statistics, formulas, sales
records, customer information, pricing information, and source code. However, not all of them
would come within the ambit of trade secret protection. It is necessary for the purpose of
analysis to scrutinize the guidelines under respective definitions of Restatement of Torts and
Uniform Trade secrets Act. These definitions have laid out the prerequisites for qualification of
data/or information as trade secret.
13
14. A exact definition of trade secret is not possible under the Restatement”45 and hence it
contains list of factors that are determinative for purposes of ascertaining whether the data
would qualify as a trade secret46.
According to the definition under the Restatement, the trade secret would include “any
formula, pattern or device or compilation of information which is used in one’s business which
would give him a competitive edge, if such process or device for is continuously used in
operating the business rather then for a single use or ephemeral events”47
The Restatement contains six factors which include “ (a) the extent of information known to the
outside business, (b) known by employees and other people involved in business, (c)
reasonable measures taken, (d) amount of money expanded in developing the information and
the ease and the (e) value of the information (f) difficulty with which the information could be
properly acquired or duplicated by others“48 to be considered in determining whether given
information is trade secret or not. In other words in order to qualify as a trade secret, the
subject matter must escape from the mundane and the ordinary49. In addition to the subject
matter being mundane, reasonable efforts must have been made for secrecy50.
Under, Uniform Trade Secrets Act, a trade secret is any information including a “formula,
pattern, compilation, program, device, method, technique or process which has an
independent economic value and which is not generally known to the public and reasonable
46 Donald Chisum & Micheal A Jacobs, Understanding Intellectual Property Law § [3C][1][a],
Lexisnexis/Matthew Bender (October 30, 2004)
47 Restatement § 757 (Comment b)
48 Restatement of Torts
49 Milgrim on Trade Secrets, Roger M Milgrim , Definitional Aspects, §1.01[3] , 1‐223. Original Citation: Ed
Nowogroski Inc, v Rucker ,50 U.S.P.Q 2d 1268 137 Wash. 2d,427,971,P.2d 936,942‐945 (1999)
50 Roger M Milgrim, Milgrim on Trade Secret ,Vol. 1, §1.01[3] ,Matthew Bender and Company Inc. (Updated
2009) Original Citation: Buffets, Inc v Klinke, 73, F3d 965 (9th Cir.1996)
14
15. methods have been undertaken to safeguard it.”51 The legislators have drafted the definitions
of UTSA and Restatement of Torts to be inclusive in their approach which enable them to
encompass various other types of new information and/or data resultant of new innovations
and technological advances. However, whether particular information constitutes a trade
secret is a question of law in some jurisdictions and a question of fact in others52. The types of
information/data that has been accorded the trade secret status are scientific data such as
chemical process53, formulas54, manufacturing methods55, business plans and profits and loss
accounts56, customer lists57, computer programs58 employee knowhow59, pricing distribution
and marketing plans60.
C. Reasonable Standard Requirement Under Trade Secret law
“So long as the originator or possessor of the naked idea…keeps it to himself, it is his property,
but it ceases to be his own when he permits it to pass from him…..Ideas of this sort, in their
relation to property may be likened to the interest which a person may obtain in bees and birds
and fish in running streams, which are conspicuous instances of ferae naturae”. If the claimant
keeps them on his own premises, they become his qualified property, and absolutely his so long
as they do not escape. But if he permits them to go he cannot follow them”. A person reduces
information to “captivity” by keeping it secret and implementing precautions to protect against
51 Uniform Trade Secrets Act §1
52 Secure Servers Tech Inc v Time & Space Processing Inc, 722 F Supp. 1354 (E.D Va 1989)
53 SmithKline Beecham Pharmaceuticals Co v Merk & Co., 766 A.2d 422, 488 (Del.Super.Ct.200)
54 Joint Stock Soc’y v UDV N.Am., 104F. Supp.2d 390,409 (D. Del 2000)
55 Cobot Corp v Thai Tantalum,Inc. 25 USPQ2d 1619 (Del. Ch. 1992)
56 American Totalisator Co v. Autotote Ltd., No. 7268,1983 WL 21374 (Del.Ch. Aug 18, 1983)
57 Delmara Drilling Co v. American Well Sys, Inc, No 8221,1988 WL7396 (Del.Ch.Jan,26,1988)
58 American Totalisator Sys. v Automatic Totalisators (U.S.A) Ltd, No. 5562, 1978 WL 4479 (Del. Ch.Apr.
20,1978)
59 Bernard Personnel Consultants, Inc v Mazarella (No. 11660,1990 WL 124969 (Del.Ch.Aug 28,1990)
60 PepsiCo, Inc v. Redmond 54 F.3d 1262 (1995)
15
16. disclosure and diffusion61. The principal gatekeeper to trade secret status is that the
information must have been subjected to reasonable efforts to maintain secrecy62. The
reasonable efforts standard is probably the most important factor in determining whether a
trade secret holder owns a protectable trade secret63.
The tenet of reasonableness requirement is reflecting from the following judgments of various
courts.
In J.T. Healey & Son, Inc. v. James A. Murphy & Son, Inc., 64 the court reaffirmed the principle by
stating that, “[I]f the person entitled to a trade secret wishes to have its exclusive use in his
own business, he must not fail to take all proper and reasonable steps to keep it secret. . . ‘’
The corresponding trade secret laws of different states have established a generic rule of
application of reasonable efforts to determine trade secret status. Under Alabama law, among
other factors, reasonable effort to maintain secrecy is used as a benchmark to determine the
trade secret status65. (Unisource Worldwide, Inc v South Central Alabama Supply, LLC66). Under
Florida Law, it was held that to constitute a trade secret, the trade secret owner has to take
reasonable efforts to maintain secrecy. (Merrill Lynch , Pierce, Fenner & Smith, Inc. v Dumm67).
61 Robert G. Bone , Trade Secrecy, Innovation, and the Requirement of reasonable secrecy precautions.
62Roger,E Schecter, Intellectual Property, the Law of Copyrights, Patents and Trade marks, West Publishing
Company,April 2003.
63 Rowe A. Elizabeth. Contributory Negligence, Technology and Trade Secrets, (2009)
http://works.bepress.com/elizabeth_rowe/5 and MBL (USA) Corp, Diekman,445 N.E 2d 418,425 (III. App. Ct
1983) (“Although many factors should be considered to determine if a trade secret exists, what is primary
importance is whether and how an employer acts to keep the information secret”)
64
J.T. Healey & Son, Inc. v. James A. Murphy & Son, Inc., 357 Mass. 728, 737‐39 (1970)
65
Brian M Malsberger,Trade Secets: A state by state Survey, BNA Books (Bureau of National Affairs) (July
1997)
66
Unisource Worldwide, Inc v South Central Alabama Supply, LLC 199 F. Supp.2d 1194,1211 (M.D Ala.2001)
67
Merrill Lynch , Pierce, Fenner & Smith, Inc. v Dumm, 191 F.Supp.2d 1346,1351 (M.D. Fla.2002)
16
17. Under Kentucky law, it was held that when, plaintiff exercises no efforts to maintain secrecy of
the trade secret, then he loses his right to the trade secret status. (Rogers v Desa Int’l, Inc68).
Under Louisiana law, plaintiff has to undertake reasonable efforts to maintain secrecy (Reingold
v Swfitships, Inc69.) Similarly under the provisions of Ohio law, it is required that the trade
secret owner take has to undertake reasonable steps to maintain its secrecy. (Valco Cincinnati
Inc v. N&D Machining Serv., Inc70). Mostly all the states have summed up the requirement of
reasonableness ascertaining the trade secret status.
Though, reasonableness, which is a common legal test, is easy to state but hard to define.71 To
meet the reasonableness test, the law requires the trade secret owner to undertake actual
efforts to the extent that they are rigorous enough to force another to use, improper, illegal
and unethical means to discover a trade secret72.
One of the factors listed in the Restatement, which is considered in determining whether
particular information is a trade secret, is “the extent of measures taken by him (trade secret
owner) to guard the secrecy of the information.
UTSA requires that efforts to maintain secrecy “be reasonable under the circumstances”.
UTSA’s comment approvingly summarizes the common law requirement as follows73:
“[R]easonable measures to maintain secrecy have been held to include advising employees of
the existence of the trade secret, limiting access to trade secret on “need to know basis” and
68
Rogers v Desa Int’l, Inc,183 F. Supp 2d 955,958 (E.D. Mich. 2002)
69 th
Reingold v Swfitships, Inc, 126 F.3d 645,640,44 USPQ.2d 1481 (5 Cir 1997)
70
Valco Cincinnati Inc v. N&D Machining Serv., Inc, 492 N.E. 2d 814, 819 (Ohio 1996)
71 Robert G. Bone , Trade Secrecy, Innovation, and the Requirement of reasonable secrecy precautions.
72 Slaby, David W. ; Chapman, James C. ; O'Hara, Gregory,Trade Secret Protection: An Analysis of the Concept
Efforts Reasonable under the Circumstances to Maintain Secrecy,5 Santa Clara Computer & High Tech. L. J. 321
(1989)
73 Uniform Act Comment § 1.
17
18. controlling plant access. On the other hand public disclosure of information through display,
trade journal publications, advertising, or other carelessness can preclude protection.74
Hence, It is indeed important that careful efforts to preserve the trade secrecy would be
required by the end user to retain his rights in the trade secret after hosting his data in the
server of the cloud provider. However the level of secrecy and reasonableness required is not
reflected in the provisions of the law of either UTSA or Restatement of Torts. It is the duty of
the trade secret owner to protect its trade secrets. The burden of proving that reasonable steps
have been taken falls on the plaintiff75. The courts through their decisions have made it clear
that the trade secret owner, who is not vigilant about safe guarding its trade secrets, cannot
expect others to hold a higher obligation to preserve the secret.76 The level of reasonable
efforts taken is directly relative to the finding that the misappropriater has derived the trade
secret through improper means.
The courts have through numerous verdicts created homogenous yardstick to determine the
level of reasonableness required for maintaining the status of trade secret. An entity that has
taken reasonable steps to protect valuable business information only knows with certainty
whether a court will agree that the information is indeed a trade secret when the court actually
makes the determination77. The primary ruling in the various cases discussed herein below is
that the threshold of level of reasonableness is not very high and stringent.
74 Uniform Act Comment § 1.
75 Fisher Stoves Inc, v All Nighter Stoves, Inc 626 F. 2d
76 Fisher Stoves Inc, v All Nighter Stoves, Inc 626 F. 2d
77 Slaby, David W. ; Chapman, James C. ; O'Hara, Gregory ,Trade Secret Protection: An Analysis of the Concept
Efforts Reasonable under the Circumstances to Maintain Secrecy,5 Santa Clara Computer & High Tech. L. J. 321
(1989)
18
19. 1. E.I duPont deNemorus & Company v. Christopher78
The court noted that the law does not require unreasonable precautions to prevent another
from doing that he ought not to do in first place.
2. Tubular Threading, Inc. v. Scandaliato79
The court stated that “the efforts required to maintain secrecy are those reasonable under the
circumstances, and courts do not require extreme and unduly expensive procedures be taken
to protect trade secrets”80.
3. Sheets v. Yamaha Motors Corp81
The court stated, “that the trade secret owner needs to take steps that are reasonably
necessary under the circumstances to maintain secrecy.
4. Rockwell Graphics Systems, Inc82
The court stated, “Reasonableness is to be evaluated by comparing the costs of precautions
with the benefits”.
5. Compuserve Corp v. Serena Software Int’l Inc83
The court In this case held that “[o]ne need not make every conceivable effort to protect
secrecy”84.
As Judge Ponser has explained, “a balance between vigilance and practicality must be achieved:
“[T]he question is whether additional benefit in security could have exceeded [the]cost of
contemplated protection.”
78 E.I duPont deNemorus & Company v. Christophe, 431.F.2d 1012 (5th Cir.1970)
79 Tubular Threading, Inc. v. Scandaliato, 443 So.2d 712, 714 (La.Ct.App.1983).
80 Tubular Threading, Inc. v. Scandaliato, 443 So.2d 712, 714 (La.Ct.App.1983)
81 Sheets v. Yamaha Motors Corp, 849 F.2d at 183
82Sheets v. Yamaha Motors Corp, 925 F.2d at 179‐180
Compuserve Corp v. Serena Software Int’l Inc, 77 F. Supp. 2d. 816, 822
83
Compuserve Corp v. Serena Software Int’l Inc, 77 F. Supp. 2d. 816, 822
84
19
20. Hence, in the light of the cases, it could be emphatically stated, that the courts have taken a
view that extreme and unduly expensive procedures are not required to be taken to protect
trade secrets against flagrant industrial espionage85.
In determining that the trade secret owner has exercised reasonable diligence number of
factors are taken into consideration86. As UTSA or Restatement of Torts has not provided any
guidance on the reasonable efforts requirement, hence the sufficiency of the secrecy is judged
in the light of the circumstances, including the case laws and industry.
These underlying decisions of the courts underpin the guiding standards to the end users on
how to determine, if the reasonable standard test has been met. The test for determining
reasonableness standard is not consistent by the courts. However the courts look into the
following aspects (a) confidentiality agreements (b) control access to the data (c) information
generally known outside (d) expenditure to keep the information confidential (d) affirmative
steps to be taken
(i) Confidentiality and Non‐Disclosure Agreements
Courts have held that information may remain a trade secret even if the owner discloses the
information to its licensees, vendors, or third parties for limited purposes87. If the end user
discloses information to the cloud service provider under the terms of confidentiality and non‐
disclosure agreements, then the data might not lose its trade secret status. Courts have held
that information may remain a trade secret even if the owner discloses the information to its
85 Uniform Act Comment § 1
86 Uniform Trade Secrets Act, The; Klitzke, Ramon A.64 Marq. L. Rev. 277 (1980‐1981)
87 Roger M. Milgrim, Milgrim on Trade Secrets, §1.04, Matthew Bender, (1984)
20
21. licensees, vendors, or third parties for limited purposes88. Whether a transfer of trade secrets
to a cloud service provider extinguishes the trade secret has yet to be ruled upon.
Data that is disclosed by the end user to the cloud service provider is under the terms of the
confidentiality and non‐disclosure agreements. These agreements create a relationship of duty
of confidence between the parties and the cloud service provider is bound by the terms of the
agreements not to disclose or use the data of the end user. The decisions of the courts in
Saltman Engineering Coy Ld. v. Campbell Engineering Coy. Ld89 affirm that if information is given
by one trader to another in circumstances which make that information confidential, then the
second trader is disentitled to make use of the confidential information for purposes of trade
by way of competition with the first trader90.
Similarly, the courts in Lac Minerals Ltd. v. International Corona Resources Ltd., 91 and Coco v.
A.N. Clark (Engineers) Limited,92 held that “A duty of confidence arises when a person acquires
knowledge of confidential information, including trade secrets, under circumstances in which
the person has notice or agreed that the information is confidential”93. The court in Coco v A.N
Clark (Engineers) suggested, a test to determine if the duty of confidence arises between the
parties. It stated that “it is an objective one (test): whether a reasonable person standing in the
shoes of the recipient of the information would have realized that the information was given in
confidence”.
88 Roger M. Milgrim, Milgrim on Trade Secrets, §1.04, Matthew Bender, (1984)
89
Saltman Engineering Coy Ld. v. Campbell Engineering Coy. Ltd, (1948)
90
Saltman Engineering Coy Ld. v. Campbell Engineering Coy. Ltd, (1948)
91 Lac Minerals Ltd. v. International Corona Resources Ltd, [1989] 2 S.C.R. 574
92 Coco v. A.N. Clark (Engineers) Limited, [1969] R.P.C. 41 (Ch. D.)
93
Coco v. A.N. Clark (Engineers) Limited, [1969] R.P.C. 41 (Ch. D.)
21
22. The Delaware Court of Chancery in Data General Corp. v. Digital Computer Controls, Inc94, held
that Data General had taken adequate measures to protect the confidentiality of the diagrams,
stating, "dissemination is not significant if in confidence.”
It is to be noted that, breach of confidentiality gives rise to two independent legal claims: one
for misappropriation of trade secret; the other for breach of contract95.
The following are the summary of cases, which reflect the principal of confidentiality
relationship.
a. Technicon Data Sys. Corp v Curtis 1000, Inc96
Technicon, was a developer of hospital record system and the defendant, Curtis 1000 reversed
engineered the interface of a computerized system for storing hospital data. The court granted
preliminary injunction on the ground that various techniques were used by the plaintiff to
achieve secrecy, which included the use of confidentiality agreements97
b. Baystate Techs., Inc v. Bently Sys., Inc98
Baystate Technologies filed a complaint against Bentley Systems, Inc alleging misappropriation
of trade secrets in violation of M.G.L. c. 42 and copyright infringement99. Bently
misappropriated certain trade secrets in Baystate’s CAD software. One of the factors, the court
used for determining whether, the plaintiff’s actions and policies concerning the treatment of
94 Data General Corp. v. Digital Computer Controls, Inc, 357 A.2d 105, 188 U.S.P.Q. (BNA) 276 (Del. Ch. 1975)
95
Roger M. Milgrim, Milgrim on Trade Secrets, §1.04, Matthew Bender, (1984)
96 Technicon Data Sys. Corp v Curtis 1000, Inc, 224 U.S.P.Q. 286,290,1984‐2 CCH.
97 Roger M. Milgrim, Milgrim on Trade Secrets, §1.04, Matthew Bender, (1984)
98
Baystate Techs., Inc v. Bently Sys., Inc, 946 F.Supp.1079,1092 (D.Mass.1996)
99
Baystate Techs., Inc v. Bently Sys., Inc, 946 F.Supp.1079,1092 (D.Mass.1996)
22
23. its trade secret were sufficient to protect its claimed secrecy was the existence or absence of an
express agreement restricting disclosure100.
c. Electornic Data Sys.Corp. v. Heinemann101
In this case, the court held that the vindication of confidentiality agreements is one of the policy
considerations courts have recognized as reasons for trade secret protection.
d. J.T. Healy & Son, Inc. v. James A. Murphy & Son, Inc. & Ors102.
The court stated in this case, “one who claims that he has a trade secret must exercise eternal
vigilance. This calls for constant warnings to all persons to whom the trade secret has become
known and obtaining from each an agreement, preferably in writing, acknowledging its secrecy
and promising to respect it”103.
e. Holloman v O. Mustad & Sons (USA), Inc104.,
The court in this case, held that the trade secret law acquired through breach of confidential
relationship or discovered through improper means to be the proper subject of a
misappropriation claim105.
Termination of Confidentiality and Non‐Disclosure Agreements
Cloud service provider may take certain steps for security of data. However these steps might
create a hurdle, later when the agreement between them is terminated. If the agreement
between the cloud service provider and the end user is terminated, would the cloud service
100
Brian M Malsberger,Trade Secets: A state by state Survey, BNA Books,93, (Bureau of National Affairs) (July
1997)
101
Electornic Data Sys.Corp. v. Heinemann, 493 S.E 2d 132,134‐35(Ga.1997)
102
J.T. Healy & Son, Inc. v. James A. Murphy & Son, Inc. & Ors, 357 Mass. 728 (1970), 260 N.E.2d 723
103
J.T. Healy & Son, Inc. v. James A. Murphy & Son, Inc. & Ors, 357 Mass. 728 (1970), 260 N.E.2d 723
104
Holloman v O. Mustad & Sons (USA), Inc, 196 F. Supp.2d 450,459 (E.D Tex. 2002)
105 Holloman v O. Mustad & Sons (USA), Inc, 196 F. Supp.2d 450,459 (E.D Tex. 2002)
23
24. provider, be still bound by the terms of confidentiality and non‐disclosure agreements to
safeguard the original data as well as copies of data?
The decision of the court in Cadbury Schweppes v. FBI Foods Limited 106would provide a
guiding light to this dilemma of combination of technology and law. The facts of the case
pointed out, that a licensor revealed to the licensee, under license, confidential information
about a recipe for a tomato cocktail with clam broth. After receiving notice to terminate the
license, the licensee used the confidential information to develop a competing product. The
court held the licensee was under an obligation to protect the trade secret and the licensee
even after termination107.
Deletion of Multiple Copies After Termination of Confidentiality and Non‐Disclosure
Agreements.
Redundancy data would have a major impact after termination of the agreement(s).
Redundancy of data creates a hurdle because the cloud service provider has created multiple
copies of the data for security of data in event data is lost. A pertinent glitch would arise, for
end users who might later want to migrate their data from the cloud, and the user agreement
does not automatically provide for deletion of data from multiple locations.
Hence it is important for the interests of the end users, that the cloud service user agreements,
should create a provision to the effect that “the rights and the duties under the agreement will
survive even after the agreement ”. Further, a provision should be added “that the copies of the
data would be automatically deleted after the termination”
106 Cadbury Schweppes v. FBI Foods Limited , [1999] 1 S.C.R. 142
107 Cadbury Schweppes v. FBI Foods Limited , [1999] 1 S.C.R. 142
24
25. It is also important to note that it might not be possible to fully delete all the copies of the data,
since full data deletion is only possible by destroying a disk, which also stores data from other
clients. When a request to delete a cloud resource is made, this may not result in true wiping of
the data (as with most operating systems)108. Where complete data wiping is required, the
cloud service provider, should adhere to special procedures for complete wiping of the data.
(b) Control Access to the Data
The trade secret owner is required to undertake reasonable steps to ascertain that the data,
which is sought to be protected under the doctrine of trade secret law, is only accessed by
relevant people. If the cloud service provider authorizes the data to be shared by other users on
the shared server, the data might lose it trade secret status.
Moreover, the data of the end user is stored on a hypervisor of the cloud service provider,
which runs multiple operating systems on a single server. This enables multiple users to operate
on single server. Due to this multi‐tenancy factor of cloud, the end user might not have
complete control over the access of his data. Moreover the data, might be frequently appended
or updated or logs could be created for the billing purposes of the data. Hence, if the cloud
service provider does not execute a high control access regime, then the court may consider,
this as a default on the part of the cloud service provider.
Even though there is a business arrangement by the cloud service provider and the end user
and although, confidentiality and non‐disclosure agreements between the parties define the
contours of confidential relationship, end the user however should never simply leave the
details of the protection up to the Cloud Service provider without confirming that they are
108
European Network and Security Agency , Cloud Computing, Benefits ,Risks and Assessment, (Nov 2009).
25
26. robust109. In Carboline Co v. Lebeck110, the court held that the trade secret owner had not
taken reasonable measures to maintain secrecy where, among other things, it took no
measures to protect information in the hands of suppliers or customers111.
A another problem that could arise for the end user is that the data, could be replicated and
stored in diverse geographical locations, hence, it might be very difficult for the end user to
have complete control access to the data, as he may not be aware about the location of his
data storage.
Limited Control Access Due to Data Redundancy
To ensure durability and reliability of the end user data, the cloud services provider resorts to
data redundancy. They store multiple copies of the same data in multiple locations so that in
event of hardware failure or when disaster strikes a data center, the end user data always has
access to the data. Data redundancy system is adhered for the motive to combat system failure
and consequential loss of data. Cloud service provider achieves client data redundancy by
replicating full copies on different storage nodes112.
Data redundancy can be employed with technique of erasure‐correcting code to further
tolerate faults or server crash as user’s data grows in size and the original data from being
retrieved by the user113. The system has been engineered in such a way as to continue to fully
functional even in the event of a major service disruption within a datacenter. This redundancy
109 Vicotria A Cundiff, Reasonable Measures to Protect Trade Secret in a Digital Enviourment, Franklin Law
Review (2009)
110 Carboline Co v. Lebeck, 990 F.Supp.762,767,‐68 (E.D. Mo. 1997)
111Carboline Co v. Lebeck,990 F.Supp.762,767,‐68 (E.D. Mo. 1997)
112
Ranjit Nayak, Cloud Files Introduction Documentation Release 1.1.0.
113
Ranjit Nayak, Cloud Files Introduction Documentation Release 1.1.0.
26
27. could be achieved at the following levels – Data Replication, Business Data Replication and
Server Image Data Replication114
Level I: Data Replication
Cloud service providers use database management systems, usually with a master/slave
relationship between the original and the copies to replicate data115. In this system, two copies
of data are stored in the cloud .The original copy of the data is the termed as master file and
the copy of data is termed as the slave copy116.
Level 2‐Business Data Replication
Business data replication involves replication of only business data without operating system
and other applications117.
Level 3‐ Server Replication
In server replication, the data stored in the cloud is replicated along with the applications and
the operating system118.
Due to data replication, the end user might lose control over his data. The effect of multiple
replicated copies in the light on reasonable standard measure has to be ascertained for purpose
of safeguarding the rights of the trade secret holder. In a misappropriation claim, the end user
would have to prove that data, has not lost the trade secret status by the virtue limited control
access to the copies of the data. I propose, that end user should undertake reasonable
measures to ensure control over copies of data to prevent disclosure. The reasonable steps may
include encryption of all cached copies stored in different geographic locations.
114
Cloud Station, White Paper: Hybrid & Featured Cloud Management.
115
http://en.wikipedia.org/wiki/Replication_(computer_science)#Database_replication
116
Cloud Computing Panel, Portland (2010)
117
Cloud Station, White Paper: Hybrid & Featured Cloud Management
118
Cloud Station, White Paper: Hybrid & Featured Cloud Management
27
28. (c) Expenditure to preserve secrecy
The amount of expenditure incurred by the end user for creating a stronger wall to preserve
the secrecy of the data, is one of the determinative factors under reasonable standard test.
High expenditure incurred in using latest technology for encryption or installation of firewalls
would definitely favor the end user.
(d) Information generally known outside
It is axiomatic that publicly available information cannot qualify for trade secret status.119.
Information could easily lose its trade secret status through public disclosure. Even an act of
allowing a business visitor to see a secret plant process during a plant tour may be sufficient to
destroy trade secrecy120. Hence the first hurdle for the end user, in event that his trade secret
stored in the cloud is misappropriated would be proving that information stored by him has not
lost its trade secret status by virtue of the storage in this medium.
In Steinberg Moorad Dunn v. Dunn, Inc121, it was held that, one of the elements of trade secret
misappropriation claim is that the information must not have to be generally known.
In Ruckelshaus v. Monsanto Co.122, it was held that “Information that is of public knowledge or
that is generally known in an industry cannot be a trade secret.”123, Similarly, in Kewanee Oil Co.
v. Bicron Copr.,124, it was held that “the subject of a trade secret must be secret, and must not
119A. Elizabeth Rowe, Saving Trade Secret Disclosures on the Internet through Sequential Preservation, 42
Wake Forest L. Rev. 1 (Spring 2007)
120 G. Peter Albert, Whitesel Laff,& Saret Laff, Intellectual Property Law in Cyber Space, Whitesel & Saret Ltd,
(Precision Moulding & Frame, Inc v Simpson Door Co., 77 Wash.App.20,888 P.2d 1239 (1995)
121Steinberg Moorad & Dunn v Dunn Inc WL 3196234
122 Ruckelshaus v. Monsanto Co, 467 U.S. 986, 1002 (1984)
123
Ruckelshaus v. Monsanto Co, 467 U.S. 986, 1002 (1984)
124
Kewanee Oil Co. v. Bicron Copr, 416 U.S. 470, 475 (1974)
28
29. be of public knowledge or of a general knowledge in the trade or business.”125
However, it does not necessarily mean that, “generally known” equates to be known by the
general public. The comments in the UTSA clarify this perplexity to indicate that “generally
known” does not necessarily mean known by the general public126. If the principal persons who
can obtain economic benefit from information are aware of it, there is no trade secret127.
Religious Technology Ctr. v. Netcom On‐Line Communication Servs128., Inc.& DVD Copy Control
Ass’n Inc. v. Bunner129, reinstate that even if one person knows about the trade secret that
could derive economic benefit from it, then the data could lose its trade secret status.
Applying underlying principles of the above cases, to context of cloud computing, could it be
implied that, cloud service provider derives economic benefit from the data and therefore the
data is held to be generally known ? Riposte to this quandary lies in the provisions of the UTSA,
which provide an umbrella protection to the data shared with cloud service provider. Duty of
confidence imposed by confidential and non‐disclosure agreements protect the end user. It is
the principle right of the trade secret owner to grant access to the secret to others subject to
contractual duty not to use or disclose it [Milgrim on Trade Secrets, Roger Migrims, §4.01]
Hence the disclosure made to the cloud service provider under confidentiality terms would not
tantamount to disclosure which would enable the trade secret to be generally known.
(e) Affirmative steps to be taken to protect trade secret
The trade secret owner is required to undertake affirmative steps to protect his trade secret.
125
Kewanee Oil Co. v. Bicron Copr, 416 U.S. 470, 475 (1974)
126
A. Elizabeth Rowe, Saving Trade Secret Disclosures on the Internet through Sequential Preservation, 42
Wake Forest L. Rev. 1 (Spring 2007)
127 Uniform Act Comment § 1
128
Religious Technology Ctr. v. Netcom On‐Line Communication Servs, 10 Cal. Rptr. 3d (2004).
129
DVD Copy Control Ass’n Inc. v. Bunner, 1997 U.S. Dist. LEXIS 23572, (N.D. Cal. Jan. 3, 1997)
29
30. This principle is enumerated in the cases mentioned herein below.
a. Incase Inc v Timex Corp130
The First Circuit Court of Appeals states that in order to protect a trade secret, affirmative steps
must be taken to preserve its secrecy regarding a party against whom misappropriation is
claimed.
b. In Metallurgical Indus Indus. Inc v Fouretek, Inc131
The court in this case stated that, “efforts to protect secrecy are also tied to the requirement
that trade secrets have value indeed, whether or not a company took adequate steps to protect
a secret is an evidence of subjective belief that the information was a trade secret and thus
worthy of protection”.
V. The Problem: Trade Secret Law Applied to Cloud Computing
The modern development of technology significantly impacts intellectual property132. There has
been incredible change in the technology of computing in the past years. Cloud Computing has
been envisioned as the next‐ generation architecture of IT Enterprise133. The revolution from
storing data in the personal servers to the era of cloud computing has changed the way, we
have looked, understood and used information technology.
130 Incase Inc v Timex Corp, 488 F.3d 46,52‐53,83 U.S.P.Q.2d 1032 (Ist Cir.2007)
131 th
Metallurgical Indus Indus. Inc v Fouretek, Inc, 790 F.2d. 1195.1199‐1200 (5 Cir.1986)
132 Andrew Beckerman‐Rodau, Trade SecretsThe New Risks to Trade Secrets Posed by Computerization,
Rutgers Computer & Tech. L.J. Vol. 28 (2002)
133 Cong Wang, Qian Wang, & Kui Ren, Ensuring Data Storage Security in Cloud Computing, Computer Security–
ESORICS Springer (2009)
30
31. In contrast to traditional solutions, where the IT services are under proper physical, logical and
personnel controls, Cloud Computing moves the application software and databases to the
large data centers134.
Moving data into the cloud offers great convenience to users since they don’t have to care
about the complexities of direct hardware management.135 The business have now started to
rethink the way they use, buy and store information technology. Rather than devoting a lot of
cash for purchasing servers, they are plugging into the new grid‐Cloud Computing136. However
this recent type of paradigm shift to cloud computing imposes new challenges to intellectual
property law.
One of the challenges, which are imposed by this computing platform shift, is the traditional
outlook of trade secret law for protection of valuable data, which has a fixed mechanism of
managing and using valuable data. The new medium of storing valuable data in the virtualized
remote servers may entail risk of loss in trade secret status and the underlying protection under
the various provisions of the trade secret law.
The Cloud Service Provider stores the data of the end user in virtual servers in remote data
storage units. If such data qualifies for a trade secret protection under the Restatement of
Torts and UTSA, then it may have legal implications to the effect that, if reasonable measures to
protect the data from disclosure, are not undertaken, it would cease to be a trade secret. The
pertinent issue would be whether the current trade secret legal framework, appropriately
134 Cong Wang, Qian Wang, & Kui Ren, Ensuring Data Storage Security in Cloud Computing, Computer Security–
ESORICS Springer (2009)
135 Cong Wang, Qian Wang, & Kui Ren, Ensuring Data Storage Security in Cloud Computing, Computer Security–
ESORICS Springer (2009).
136
Nicholas Carr, The Big Switch Rewiring the world from Edison to Google, W. W. Norton & Company; Reprint
edition (January 19, 2009)
31
32. addresses the consequences of such disclosure. It is to be noted that even if the data is
accidently accessed by the cloud provider or the third party, it might lose its trade secret status.
In Kewanee Oil Co. v. Bicron Corp137, the court stated that even a bona fide trade secret is not
protected against discovery by fair means, including accidental disclosure.
A, cloud provider can access the virtual machine, where the data of the end user is stored and
they could also install backdoor log in to access the data. An end user is aware of these
underlying risks of storing his data on the cloud. If still the end user, is opting to store his data in
the cloud, could it be concluded, that he has migrated from the safety zone of trade secret
protection? In the early case of 1982, Palin Mfg Co v Water Technology Inc138, the court held
that one who has disclosed his trade secret to others without appropriate safeguards cannot
claim thereafter it to be a trade secret.
Consequently, if such data is misappropriated by the cloud service provider or unrelated third
party, then the protection accorded to the end user, under the provisions of underlying law,
would not be accorded.
Additionally, in this model, the data is distributed in diverse geographical regions for ensuring
the security of data. This may impose significant jurisdictional limitations on the utilization of
legal remedies to protect the data, since legal redress under our system is generally based on
the geographic locations139. However, all the data stored by the end user may not qualify as
trade secrets under Uniform Trade Secrets Act and Restatement. It is important for the
137 Kewanee Oil Co. v. Bicron Corp, 416 U.S. 470 (1883)
138 Palin Mfg Co v Water Technology Inc, 982 F.2d 1130 (1992)
139Andrew Beckerman‐Rodau, Trade SecretsThe New Risks to Trade Secrets Posed by Computerization, Rutgers
Computer & Tech. L.J. Vol. 28 (2002)
32
33. purposes of the analysis, to first demarcate between data protectable as trade secret from the
data that is not protected as trade secret.
A. Qualification of Data As Trade Secret In Context of Cloud Computing
The kinds of information/data stored in the cloud varies from industry to industry. Due to the
dynamic nature of scalability of the cloud, a number of developers are deploying their software
applications in the cloud140. The software applications deployed in the cloud might contain
source codes, which the developer might want to individually document and store in the cloud
for building newer version of applications in the cloud. Hence it is important to inquire whether
these software programs could be protected as trade secrets.
Software Programs/Applications: Protection As Trade Secrets
The end user will deploy software programs in the cloud. These software programs could be
protected as trade secrets. A computer program is considered as a trade secret under the
Florida law141. In Liberty Am.Ins. Group, Inc v. Westpoint Underwriters, L.L.C142, the court held
that “the subject software has independent economic value because it is not known to and is
not readily ascertainable by other persons who could derive economic value from its disclosure
and the plaintiff had taken reasonable measures to maintain secrecy of the software including
its source code” and hence the software could be regarded as trade secret.
140The Social and Economic Impact of the Cloud, Cloud Computing Panel Discussion Code Camp,
Portland.(May 22,2010)
141 Brian M Malsberger,Trade Secets: A state by state Survey, BNA Books (Bureau of National Affairs) (July
1997)
142 Liberty Am.Ins. Group, Inc v. Westpoint Underwriters, L.L.C 199 F.Supp. 2d 1271,1302 (M.D. Ga.1992)
33
34. The software code was comfortably found to be within the definition of trade secret
under Massachusetts law143. The design, technology and marketing plans of a software were
also held to be trade secrets in Alta Analytics, Inc v. Muuss144 on similar factors discussed in
Liberty Am.Ins. However the court in Hogan Sys., Inc v Cybersource Int’l, Inc145 diverting from
the decision in Bernard Personnel Consultants, Inc v Mazarella146 (which held that the employee
knowhow could be protected as trade secret) stated that “[g]eneral knowledge, skill and
experience in the computer software industry do not constitute as trade secret”.
Applications in the Cloud Containing Open Source Elements
In the cloud, various software applications are deployed on many instances and the cloud
provider would provide not only the necessary storage capacity but also computing
infrastructure to run the application in cloud. These software programs and/or applications
may have certain elements in the source code derived from open source software. The issue in
this scenario, would be, whether, such applications could be protected as trade secrets because
certain elements of code are already disseminated to public via open source medium. This issue
was resolved by United States Court of Appeals for the Tenth Circuit in, Rivendell Forest Prods.
v. Georgia‐Pacific Corp147, wherein it was held that "a trade secret can include a system where
the elements are in the public domain, but there has been accomplished an effective,
143
Brian M Malsberger,Trade Secets: A state by state Survey, BNA Books (Bureau of National Affairs) (July
1997) Original Citation: Harvard Apparatus , Inc v Cowen 130.F.Supp.2d.161 (D.Mass. 2001)
144
Alta Analytics, Inc v. Muuss, 75.F.Supp.2d 773,785, (S.D Ohio 1999)
145 th
Hogan Sys., Inc v Cybersource Int’l, Inc, 158 F.3d.319,324 48 U.S.P.Q. 2d.1668 (5 Cir.1998)
146
Bernard Personnel Consultants, Inc v Mazarella,1990 WL 124969
147 Rivendell Forest Prods. v. Georgia‐Pacific Corp, 28 F.3d 1042 (10th Cir. 1994)
34