Florida Business Litigation Lawyer Blog
A previous article discussed how it is unlawful under the Florida Uniform Trade Secrets Act (FUTSA) to take a trade secret using “improper means.” As technology has developed, new methods of commercial reconnaissance can make it difficult to determine whether method was lawful acquisition or unlawful espionage. Peter Mavrick is a Fort Lauderdale business litigation lawyer, representing clients in breach of contract litigation, non-compete agreement litigation, trade secret litigation, trademark infringement litigation, and other legal disputes in federal and state courts and in arbitration.
Under FUTSA, it is unlawful for a business to misappropriate, use, or disclose another’s trade secrets when the business knew or had reason to know that it was acquired through “improper means.” § 688.002(2). While it is clear that “improper means” includes theft and other crimes, it is less obvious when the reconnaissance crosses the line and becomes unlawful. This line is further blurred as technology continues to develop to allow information to be acquired remotely.
In E. I. duPont deNemours & Co. v. Christopher, 431 F.2d 1012 (5th Cir. 1970), the United States Court of Appeals for the Fifth Circuit addressed whether the use of a plane to fly over the construction of a factory was an “improper means” to discover trade secrets. In this important federal court precedent, DuPont held that the use of spy planes was an improper means and explained the legal analysis of trade secret misappropriation:
We should not require a person or corporation to take unreasonable precautions to prevent another from doing that which he ought not do in the first place. Reasonable precautions against predatory eyes we may require, but an impenetrable fortress is an unreasonable requirement, and we are not disposed to burden industrial inventors with such a duty in order to protect the fruits of their efforts. ‘Improper’ will always be a word of many nuances, determined by time, place, and circumstances. We therefore need not proclaim a catalogue of commercial improprieties. Clearly, however, one of its commandments does say “thou shall not appropriate a trade secret through deviousness under circumstances in which countervailing defenses are not reasonably available.”
Following DuPont’s reasoning, most forms of espionage of a company itself, rather than the product, would qualify as improper means.
The increasing importance of the internet and other forms of digital communication has enabled more opportunities for reconnaissance. From the perspective of trade secret law, using the internet to hack into a business’ server to view or copy that information is not different from physically breaking into a company building and doing the same thing. As one federal court explained, “[t]here can be no doubt that the use of a computer software robot to hack into a computer system and to take or copy proprietary information is an improper means to obtain a trade secret, and thus is misappropriation under the [Uniform Trade Secrets Act].” Physicians Interactive v. Lathian Sys., Inc., CA 03-1193-A, 2003 WL 23018270 (E.D. Va. Dec. 5, 2003).
Computer reconnaissance does not necessarily have to involve hacking or the invasion of a business’ computer. For example, “website scraping” is a technique by which a bot is programmed to collect information being distributed by a website. This can be done through simply downloading what a website makes publicly available, or, it may be more complex by making various inquiries and compiling the responses to those inquiries. Such conduct might collect only the information the business is purposefully distributing.
Compulife Software Inc. v. Newman, 18-12004, 2020 WL 2549505 (11th Cir. May 20, 2020), is a recent federal appellate court precedent analyzing trade secret misappropriation in the context of modern technology. The parties in Compulife provided customers with insurance quotes based upon various data which was input by the user. Anyone using the website could input their own information and the plaintiff would automatically provide insurance quotes based upon that data.
While the Compulife plaintiff did not allow the users to view the database, it allowed a user to input their information after which the database would provide an output of insurance quotes based on the information provided by a user. While no single use of the service would reveal the entire database, it would reveal a very small portion of the database. It therefore would be possible to almost completely recreate the database by making every potential input and recording every potential output. The Compulife defendant created a bot that recreated this database by making hundreds of thousands of inquiries over a period of four days. The appellate court in Compulife explained the legal issue this way:
[T]he scraped quotes were not individually protectable trade secrets because each is readily available to the public—but that doesn’t in and of itself resolve the question whether, in effect, the database as a whole was misappropriated. Even if quotes aren’t trade secrets, taking enough of them must amount to misappropriation of the underlying secret at some point.
However, this sort of reconnaissance is arguably comparable to reverse engineering. The defendant essentially took hundreds of thousands of plaintiff’s products and thereby recreated how the product was made. Although the product in Compulife was not purchased in the market and disassembled, it was created through hundreds of thousands of inquiries made by the defendant by entering plaintiff’s website through false pretenses. The defendant was not actually inquiring with its own information, but instead providing the fake information of every possible permutation. Compulife, citing to the DuPont precedent, explained that “[a]ctions may be ‘improper’ for trade-secret purposes even if not independently unlawful.” Compulife further explained that, “while manually accessing quotes from [plaintiff’s] database is unlikely ever to constitute improper means, using a bot to collect an otherwise infeasible amount of data may well be—in the same way that using aerial photography may be improper when a secret is exposed to view from above.”
While Compulife did not settle the question as to whether internet scraping and other forms of internet reconnaissance qualify as an improper means, it clarified that such conduct may qualify as trade secret misappropriation. Peter Mavrick is a Fort Lauderdale business litigation attorney. This article does not serve as a substitute for legal advice tailored to a particular situation.