A misguided attempt to "defend trade secrets"

This morning, the Senate Judiciary Committee is going to be holding hearings about the "Defend Trade Secrets Act" (DTSA), a bill that would both create—for the first time—a federal cause of action for trade secret misappropriation, and provide for a broad set of new remedies for trade secret misappropriation (including the seizure of property "as necessary to prevent the propagation or dissemination of the trade secret that is the subject of the action"). [The full text of the bill is posted here]

The bill deserves more (and more critical) attention than it has received. Trade secrets, of course, have been much in the news of late—the Sony Hack, the accusations (and considerable supporting evidence) that Chinese government agents have been systematically hacking into sites containing corporate secrets of a large number of US corporations, charges that some 32 individuals conspired to obtain non-public corporate earnings information as part of what the SEC calls "one of the most intricate and sophisticated trading rings that we have ever seen, spanning the globe and involving dozens of individuals and entities … a scheme unprecedented in terms of the scope of the hacking, the number of traders, the number of securities traded and profits generated."

It's very serious stuff, and the urge for Congress to "do something" is understandable. If the "something" turns out to be the DTSA, though, it would be most unfortunate, for the DTSA will both (a) fail to do anything substantial about the problems of cyber-hacking and cyber-espionage, and (b) seriously muck up existing trade secret law, giving trade secret holders new weapons they can use for harassing legitimate activities and stifling competitors.

To begin with, note that the malfeasance on which the DTSA is focused—hacking into corporate servers, extracting valuable non-public information, and then using/disclosing that information—is already subject to substantial federal criminal penalties: in, among other places, the Computer Fraud and Abuse Act (criminalizing the hack itself) and the Economic Espionage Act (criminalizing the use/disclosure of the secrets obtained by the hack). So it's not like we don't have law to cover this particular species of misbehavior—we do. These hacking episodes occur not because we don't have law, but in spite of the law that we have, law that has been ineffective primarily because (a) we often can't find or identify the perpetrators, and (b) if we can, they're often beyond the range of US jurisdiction.

The DTSA would purportedly solve this problem using the same terrible idea that Congress tried (and had to abandon in the face of massive public opposition) back in 2011 for copyright infringement, in the ill-fated and much-derided SOPA and PIPA copyright bills: by going after the machines, authorizing private rightsholders to seize the tangible property—servers, domain names, storage media, and the like—through which the trade secrets are propagated or disseminated, and to do so through an ex parte proceeding —i.e., one in which the judge hears only from the complaining party, with the presence of the alleged perpetrator or the owner of the property being seized.

Based on an affidavit or verified complaint satisfying the requirements of this paragraph, the court may, upon ex parte application, issue an order providing for the seizure of property necessary to prevent the propagation or dissemination of the trade secret that is the subject of the action.

This is a terrible idea for trade secret protection for many of the same reasons it was a terrible idea for copyright protection. Giving private parties the right to disable printing presses or other instrumentalities of speech—the means by which people communicate with others—is a most dangerous enterprise. We usually call those kinds of orders "prior restraints," and they are, as they should be, disfavored in the law.

And allowing them to do so via ex parte proceedings, where the judge has not heard both sides of a dispute, is particularly dangerous. And this is particularly the case where trade secrets are involved, because of the inherently fact-dependent nature of most trade secret disputes, where the existence of a protectable trade secret and the distinction between information that is protected and information that is not protected, is usually in dispute and quite difficult to discern.

Along with 41 colleagues, I recently joined a letter submitted to the Committee opposing DTSA in which we tried to point out some of the ways in which putting this weapon in the hands of trade secret owners is likely to backfire, becoming a "strategic weapon" that will be used mostly for anti-competitive purposes that have nothing to do with preventing "cyber-espionage." [A more detailed critique of the ex parte seizure provisions can be found in this article by Eric Goldman, one of the authors of the law professors' letter]

It is often difficult, when considering intellectual property law, to see the downside of proposals meant to strengthen legal protection (while relatively easy to see the upside). Trade secret law has profound effects on employee mobility; the vast majority of trade secret litigation in this country involves employees moving from one company to another (and allegedly taking their former employer's trade secrets with them). The DTSA will have little or no effect on Chinese government agents, but it is likely to have a deeper and much more lasting effect on the health of the labor market in this country, and not for the better.

Let's hope that "holding hearings on the matter" is enough to satisfy Congress' need to "do something," and that this is the last we hear of this misguided legislative effort.