Transcript Computer Law Association CyberSpaceCamp 2000

National Business Institute
Non-Competition Agreement
Enforcement in Illinois
Michael J. Silverman
Frederick R. Ball
Duane Morris LLP
227 West Monroe Street, Suite 3400
Chicago, Illinois 60606
(312) 499-6700
[email protected]
[email protected]
Margaret Ann (Peggy) Daley
Vice President and Managing Director
Pinkerton Consulting & Investigations
200 South Michigan Avenue, 20th Floor
Chicago, Illinois 60603
(312) 236-6363
[email protected]
1
Non-Competition Agreements

Non-competition agreements
under Illinois law
• Two types:


Ancillary to the sale of business
Employer-employee
2
Non-Competition Agreements

Ancillary to the sale of business
• Three-part test:



Necessary to protect buyer
Unoppressive to seller
Not harmful to public
3
Ancillary to Sale of Business

Must Show Demonstrable Injury
• Good will
• Trade secrets
4
Ancillary to Sale of Business

Good will
• Not accountant’s good will
• Likelihood of customer’s return
5
Ancillary to Sale of Business

Trade Secrets
(Discussed later)
6
Ancillary to Sale of Business


Protectable Interest
Three-Part Reasonableness Test
• Reasonable time and territory
• Not oppressive
• Not harm public
7
Employer-Employee Contracts

Strict Test
• Reasonable time, territory, activity
restrictions
• Protectable interest
• Question of law
8
Employer-Employee Contracts

Time Restrictions
• 1 to 2 years
9
Employer-Employee Contracts

Geographic Restrictions
• Coextensive with employer and
employee territory
10
Employer-Employee Contracts

Activity Restrictions
• Cannot limit competition
• Current customers of employee
11
Employer-Employee Contracts

Protectable Business Interest
• Confidential information
• Near permanent relationship
12
Trade Secrets
Definition of Trade Secret (Illinois Trade
Secrets Act, §2(d))

•
•
•
Information, included but not limited to, technical and
non-technical data, a formula, pattern, compilation,
program, device, method, technique, drawing,
process, financial data or a list of actual or potential
customers or suppliers that:
(1) is sufficiently secret to derive economic value,
actual or potential, from not being generally known to
other persons who can obtain economic value from its
disclosure or use; and
(2) is the subject of efforts that are reasonable under
the circumstances to maintain its secrecy or
confidentiality.
13
Trade Secrets

Establishing a Trade Secret
• In order to establish improper use of
trade secrets, there must be a showing
that the information at issue was (1)
secret (not generally known in the
industry); (2) misappropriated; and (3)
used in the appropriator’s business.
14
Trade Secrets

Am I a Trade Secret?
• Customer lists?
• Software?
• Business processes and methods?
• Tricks of the trade?
• Cost and pricing information?
• Marketing plans and strategies?
15
Trade Secrets

General knowledge related to customers
(such as addresses, contacts, phone
numbers) is not a trade secret under
Illinois law.
• Any other rule would force a departing
employee to perform a prefrontal lobotomy on
himself or herself. It would disserve the free
market goal of maximizing available resources
to foster competition. . . . [I]t would not strike a
proper balance between the purposes of trade
secret law and the strong policy in favor of fair
and vigorous business competition. Colson
Company v. Wittel, 210 Ill. App. 3d 1030, 1039,
569 N.E.2d 1082, 1087 app’l denied, 141 Ill. 2d
537, 580 N.E. 2d 110 (1991)
16
Trade Secrets

Key issues:
• Difficulty in developing or duplicating the
trade secret
• Availability of the information from other
sources
• Efforts to maintain secrecy
• General level of knowledge within the
industry
17
Trade Secrets

Efforts to protect trade secrets
• Extent to which information is known outside
the business.
• Extent to which information is known by
various employees and others involved in the
business.
• Measures taken to protect the secrecy of the
information.
• Value of the information to the business and
its competitors.
• Difficulty in duplicating or recreating the
information.
18
Trade Secrets

Measures taken to protect the secrecy of information
• Documents and materials marked “confidential”
• Employees, contractors, etc. execute confidentiality and nondisclosure agreements.
• Access to information is limited to only those with a need to
know it.
• Access to physical facilities is restricted.
• Access to logical (i.e. IT) facilities is restricted.
• Employee manuals require maintenance of confidentiality.
• Retention of employee documents, PC’s, files, etc. upon
termination.
• IT and IP policies limit disclosure and restrict use of firm
assets.
• Computer splash screen
• Surveillance of IT systems
19
Trade Secrets

Misappropriation
• Plaintiff must prove that the trade secret was
misappropriated and not independently
developed or obtained from a third party AND
• Plaintiff must prove the trade secret was used
in defendants’ business.
• Employees cannot be required to erase from
their minds all of the generalized information,
skills, knowledge and expertise developed on
the job
20
Trade Secrets

Inevitable Disclosure
Doctrine
• Plaintiff can obtain relief
even if it cannot prove that
the defendant is actually
using the trade secret.
• Plaintiff must show that the
defendant could not operate
without using the trade
secret.
21
Trade Secrets

•
•
•
•
•
•
•
•
Remedies under the Trade Secrets Act
Injunctions
Compelling affirmative acts to protect the trade
secret.
Damages
Actual loss
Unjust enrichment
If actual loss or unjust enrichment cannot be proved
by preponderance of the evidence, court can award a
reasonable royalty.
Double damages for willful and malicious
misappropriation
Attorneys fees may be awarded for: willful and
malicious theft of trade secret or bad faith claims of
misappropriation or entitlement to injunctive relief.
22
Investigation Thefts
& Technology
23
24
Overview





Best Hiring Practices
Who steals the secrets
How they steal the secrets
How to investigate the theft
How to protect yourself in the future
25
Best Practices

Conduct background checks on
• New Hires
• Contract Workers
• Existing employees
• Potential business partners
26
What to look for






Secure personal
life
Future oriented
Stable finances
Drug and alcohol
free
Community ties
Outside interests




Friendshipsexternally driven
No pattern of
criminal conduct
Emotionally stable
Good work history
27
Pre-employment Process

Application
• Complete work history (gaps
explained)
• Education as appropriate
• References
• Convictions explained
• Statement of truth
• Notice of expectations
28
Pre-employment Process


Drug screening
Background
verification
•
•
•
•
•
•
•
SSN
Criminal
Credit (?)
Employment
Reference
Education
MVR
29
Contract Workers




Contract Clause
Your Standards
Audit
Work Rules
30
Fair Credit Reporting Act





advance notice to the "consumer" (the employee
being investigated)
the employee's consent to the investigation
a description of the nature and scope of the
proposed investigation if the employee so
requests
release of the unredacted investigative report to
the employee; and
notice of FCRA rights prior to any adverse
employment action.
31
FCRA TIPS



Now and forever
release
Investigations
conducted through
inside or outside
counsel
Vail letter and
amendments
32
Bad Guy Methods
Attacks From
Outside
• Break-in
• Reproduction of
information
• Communication
interception
• Electronic
Surveillance &
Hacking


Attacks from
Within
• Stuffing the
briefcase
• Downloading
files
• Taking the Palm
Pilot
33
Who’s Taking Your Secrets
30% Employees
28% Former Employees
42% Foreign business, foreign
governments, vendors,
consultants or competitors
American Society of Industrial Security Survey
34
What Are they Taking?


Customer Lists/Pricing
Product Development
Information
Research Information
Sales Information
Manufacturing
Information
Strategic Plans
Cost Information
Personnel Information
35
Do You Protect Yourself From
Visitors?




Know who they are
Make them sign a confidentiality
agreement before taking the tour or
visiting the lab
Get agreements from potential deal
partners first before letting someone
“take a peek”
Never show ‘em the “A” material
36
Outsider Attacks Are Increasing
Number of Internet Incidents Reported
60,000
50,000
40,000
30,000
20,000
10,000
0
'88 '89 '90 '91 '92 '93 '94 '95 '96 '97 '98 '99 '00 '01
Source: NY Times
37
Attack by intent
January 2002 Survey of 2001 Attacks Cyberattacks
38
Industry Breakdown







Business Services
– 25%
High Tech – 14%
E-Commerce – 9%
Manufacturing –
8%
Health Care 6%
Media &
Entertainment –
6%
Power & Energy
5%
39
New Ways to Steal
Information
•
•
•
•
•
“Pen” drives
PC anywhere
Anonymous e-mail accounts
PDAs
Wireless Technology
40
41
New Technology May Defeat
IT Security – Examples:
Key chain or pen hard
drives



instant connection to
USB and configuration
via “plug-n-play”
technology
network generally not
aware of additional
device
capable of fast data
transfers (generally)
without audit log
42
New Technology May Defeat
IT Security – Examples:
Internet Access to
America On Line
and AOL Instant
Messenger –
• can send text of
confidential
information in real
time, generally
without log of
transmissions
43
New Technology May Defeat
IT Security – Examples:
In addition to Word or Excel
files, shared contact managers
(ACT, GroupWise, Outlook, etc.)
may also contain proprietary or
trade secret information in note
fields that is downloaded to
PDA’s
•
most PDA’s do not require
passwords before accessing data –
could loss or theft of PDA result in
loss of trade secret status? Given the
status of new technology, were
“reasonable efforts” employed. . . ?
44
New Technology May Defeat
IT Security – Examples:
USB Network Adapters




very inexpensive (i.e.,
<$20) and easy to use
configures itself upon
USB insertion to create
instant network access
generally works even if
resident network
adapter in computer
disabled
may permit access and
fast transfer from
desktop to laptop
computer
45
New Technology May Defeat
IT Security – Examples:
“Tracker” or
Monitoring Software




secret deployment –
“runs invisibly and
maintenance free”
permits remote
deployment over
network
Only $39.95!
frightening features
include . . .
46
New Technology May Defeat
IT Security – Examples:
Floppy Disks, CD-RW’s and
PCMCIA Micro drives



most new computers,
even laptops, come with
built-in CD-RW’s
external CD-RW’s have
USB “plug and play”
functionality
700 mb of data can be
copied, generally without
audit log, in a few
minutes . . .
47
New Ways to Hide Information
•
Steganography
•
Digital watermarking
•
One pixel protection a/k/a
“Web Beacons”
48
Steganography
•
•
•
•
Hiding one type of file within
another
Information arrives secretly at
destination
Looks like plain graphic image or
sound file
Example: “Hello World”
49
50
51
52
Hidden Message
53
54
Digital Watermarks
•An imperceptible signal
hidden in an audio clip or
an image
•Provide means of placing
additional information
within digital media so if
copies are made, rightful
ownership may be
determined
55
One Pixel Protection
“Web Beacons”
•
•
•
They are tracking devices, one
pixel in size, embedded in web
pages, executables or scripts
They track activity on the web
and report that activity back to
a third party
AKA: Web bugs, clear GIFs,
invisible GIFs, beacon GIFs
56
What Does a Web Beacon Track?
•
•
•
The address of the computer
that fetched the Web Beacon
Where that computer’s user
has been on the web
The location of the web surfer
online at that moment
57
Web Beacons
Used by companies like:
• DoubleClick
• MatchLogic
• Barnes and Noble
• Microsoft
• FedEx
• Quicken
58
Web Beacons
•
•
Can determine how many people
have visited a site and where
else those people travel on the
web
Can be used to help identify
attempted information theft and
trace those responsible
59
60
Conducting the Investigation


Meet with incident response team
Identify the problem(s) specifically
• Inside or outside issue





Determine if still underway or if
vulnerability still exists
Formulate an investigative plan
Consider the need for outside help
Consider the benefits of AttorneyClient protection
Get “buy in” from highest level
61
Formulate Investigative Plan



Preserve current evidence
• Log files and audit trails
• Interview critical personnel
Proactive
• Determine & narrow investigative focus
• Keystroke monitoring
• Continue and monitor vulnerability
• Assumed name e-mail to violator
Prepare to defend yourself & your actions
62
Investigating the Insider







Begin documenting investigation
Determine company policies that apply
Determine applicable state law
Determine privacy expectation / search office
space
Monitor outgoing and incoming e-mail
Look for ftp transmissions
Keystroke monitoring
63
Investigating the Insider






Obtain passwords
Decrypt files
When to interview
Locate chat rooms & BBS
Obtain laptop
Obtain “office computer” at
home
64
The Tech Investigation
Computer Forensics
• Analyzes every “bit” of data on a
platter
•
•
Will identify deleted files, emails,
and file fragments
Allows for text searching of key
terms for documents
65
Types of Recoverable Data
•
•
•
•
•
•
•
•
Temporary or transitory files
Swap files/cache files
Audit trails, computer and firewall logs, access lists
Archival and .wav files
Browser & cookie histories
Embedded information
Removable media
Peripherals (printer, fax, etc.)
66
Types of Electronic
Evidence







Hard drives (Key
players and admin
staff)
Notebook
Computers
Personal Digital
Assistants (Palm)
Zip Drives
CD’s
Diskettes
Removable media







Back up tapes
Electronic
archives- Network
Audit Logs
Servers and PC’s
in storage
Voice mail systems
Offsite storage
Mirror Sites
Employee
Monitoring
Software
67
Swap Files



Areas of disk where hard
drive is used as virtual
memory.
Swap files contain fragments
of e-mail, spreadsheets,
word processing documents,
and information pertaining
to recent Internet activity.
Data will be lost if computer
is turned back on.
68
Audit Trails and Computer Logs




Can provide a wealth of
information.
Record information about when,
where and who accessed the
system --- including exact date
and time.
Contains security related
information such as
unauthorized attempts to gain
access.
Identified documents created,
accessed, or deleted.
69
Browser and Cookie Histories



Will monitor the name and URL of
all web sites visited, often going
back many months
Useful for identifying employees
“posting” negative information to
chat rooms such as Yahoo and
Silicon Investor
Cookies may be a source of very
revealing information about the
user’s activities on the net
70
Email Headers
71
WinFax Logs
72
Example of “Embedded Information
73
Example of “Embedded Information
74
75
Financial & Computer Forensics
Financial forensics examines
 Financial statements & bank records –
checks, statements, advances
 Employee travel & expense reports
 Employee sick & vacation days

Telephone records –
office, cellular, fax -- &
other data
76
Financial & Computer Forensics
Sources of information
 Direct evidence, including life style analysis
 Indirect references to assets – travel to
locations, magazine subscriptions, purchase
receipts, equipment rentals

Inconsistencies generated
by comparing documents
with witness statements
77
Now What?

Three avenues
•Eat the loss (90% found
breaches, 34% reported to
FBI)
•Criminal referral
•Civil litigation
78
Now What?







Damage done*
Potential loss of business relationships*
Potential for embarrassment
Nature of offender
• Insider
• Competitor
• Hacker
Potential for repeated attacks
Strength of case
Lack of defenses
79
Criminal Referral: Good News








Savings on civil litigation costs
Sends a message
Potential search warrant - immediate
seizure
Wiretap/datatap
Law enforcement investigation
Grand jury subpoena
Trial subpoena
Professional investigators: FBI, USSS
or local law enforcement
80
81
Criminal Referral: Bad News









May request “open system” (honey pot)
Law enforcement backlog
Prosecutor’s backlog
Employee downtime
Loss of control
No “no publicity” guarantee
Complexity adds time
Prosecution inclination to add victims if an
outside attack
Declination due to available civil remedy
82
Civil Litigation: Good News

Immediate action
• TRO
• Injunction
• Recovery of property





Control retained
Recovery of property through
injunction
Attorney-Client privilege covers
inquiry
Sophisticated investigative services
Real time response
83
Civil Litigation: Bad News




Attorney’s fees billed hourly or
with flat rate
Consultant fees
Discovery tedious
Option to stop
84
“Once a trade secret is
posted to the internet,
it is effectively part of
the public domain,
impossible to retrieve”
Religious Technology Centers VESA. Netcon
On-Line Communications, Inc., No. Court-9520091 (N.D. California, September 22, 1995)
85
Practical Issues
86
Hypothetical
87
Thank you!
Michael J. Silverman
Frederick R. Ball
Duane Morris LLP
227 West Monroe Street, Suite 3400
Chicago, IL 60606
312.499.6707
[email protected]
[email protected]
Margaret Ann (Peggy) Daley
Pinkerton Consulting & Investigations
200 South Michigan Avenue, 20th Floor
Chicago, IL 60603
312.236.6363
[email protected]
CHI/170307
88