Home Posts tagged trade secrets

trade secrets

the gizmodo/jason chen/search warrant debacle

Posted on by No Comments ↓

There have been many views expressed on both the propriety of Gizmodo breaking the story on the next-gen iPhone as well as the subsequent search warrant executed by the police against Jason Chen, the Gizmodo reporter that broke the story. Needless to say, each side has its supporters. A good summary with links to contrasting views can be found on GigaOm.

I won’t rehash all the arguments either for or against the execution of the warrant or its validity – you can check out the link above for all of that. The only thing I did want to point out was the possibility that a previous, somewhat similar case, may perhaps have prompted the criminal investigation leading to the search warrant. O’Grady v. The Superior Court of Santa Clara County (pdf) was a case in 2006 that also involved Apple. Apple was seeking civil subpoenas to certain websites that published information that it claimed to be trade secrets, in order to discover the source of the disclosures. The publishers moved for a protective order, which was denied at trial. However, the protective order was granted on appeal.

Though there were various bases on which the court found in favour of the websites, the one that seems relevant to the Chen search warrant relates to the California reporter’s shield – the same California legislation cited by the chief operating officer of Gizmodo as making the search illegal. In short, the appeal court in O’Grady found that “any subpoenas seeking unpublished information from petitioners would be unenforceable through contempt proceedings in light of the California reporter’s shield (Cal. Const., art. I, § 2, subd (b); Evid. Code, § 1070)”.

More importantly, the appeal court had this to say about what was alleged by Apple to be criminal activity and reviewing the lower courts findings on same:

The court found petitioners’ assertion of a constitutional privilege “overstated” because “[r]eporters and their sources do not have a license to violate criminal laws such as Penal Code [section] 499c [(§ 499c)].” 8 The court assumed petitioners to be journalists, but wrote that “this is not the equivalent of a free pass” and that they could still be compelled to reveal information relating to a crime. The court repeatedly alluded to the supposed presence of criminal or larcenous conduct. The court also faulted petitioners for failing to establish “what public interest was served” by the publications in question. While acknowledging evidence that thousands of people were interested in the information in question, the court opined that “an interested public is not the same as the public interest.” The court implied that the publications in question were not “ ‘protected speech.’”

Though the appeal court didn’t dwell much further on the relevance of the alleged criminal acts to the California reporter’s shield in the body of the decision, the foonote to the excerpt above is rather informative:

8 Section 499c criminalizes the misappropriation or attempted misappropriation of trade secrets under specified circumstances. Although Apple alluded to this statute in its memorandum below, and does so again before us, it has never demonstrated that the facts here could establish a criminal theft of trade secrets. That offense requires proof of, among other things, “intent to deprive or withhold the control of [the] trade secret from its owner, or . . . to appropriate [the] trade secret to [the defendant’s] own use or to the use of another . . . .” (§ 499c, subd. (b).) Since Apple has never argued the point, no occasion is presented to consider whether the inferred circumstances of the disclosure here could be found to constitute a crime. For present purposes we are concerned only with an allegedly tortious disclosure of a trade secret presumably by an Apple employee.”

It would seem clear that the court took pains to distinguish between a tortious disclosure of a trade secret, versus a criminal misappropriation of a trade secret. And although the court does not make any findings as to what might have happened if there were a basis to claim of criminal wrongdoing, the implication of the note above is that the findings on appeal may well have been different, if only apple had presented any facts to establish a crime. (All that being said, the EFF has expressed the opinion that both the California shield law as well as the federal Privacy Protection Act would make such a search illegal, even if a crime were committed)

So here Apple is, facing a similar situation as in O’Grady, and knowing that it will likely have either very limited or no ability to successfully obtain civil subpoenas given the finding in O’Grady, but with a little crack in the door suggesting that if criminal misconduct could be successfully demonstrated, it may have some chance of success. That seems better than nothing.

Given the above, it seems logical that Apple would want to request the DA to commence a criminal investigation (though to be clear, reports indicate that the DA has declined to indicate who instigated the investigation), either for plain theft or for theft of trade secrets, in order to enable it to seek some sort of remedy for the leaked information, though I’ll admit that if the above is correct its not clear to me exactly what remedy Apple would be seeking – in contrast to O’Grady, the identity of the Apple rep who lost the phone (and all the gory details) is already public. Perhaps the identity of the person who picked it up (which doesn’t appear to be public)? Though I’m not sure what that gets Apple, other than perhaps fiery retribution against the fellow and disgorgement of his ill-gotten gains (the $5,000 that Gizmodo paid him for the phone). Will be interesting to see how it plays out.

arbitrary electronic search & seizure + us border = ok

Posted on by No Comments ↓

I imagine its not much of a surprise given the current environment in the states (as well as, to some extent, similar past rulings in the US). Wired reports arbitrary searches of electronics are OK:

Federal agents at the border do not need any reason to search through travelers’ laptops, cell phones or digital cameras for evidence of crimes, a federal appeals court ruled Monday, extending the government’s power to look through belongings like suitcases at the border to electronics.

Needless to say, consideration should be given to taking some steps to protect confidential or sensitive records that you would not want to be seized. And no, I don’t mean nudie pictures or the like, but things such as confidential information of your business, or that of third parties who have entrusted you with confidential information, or personal information. That being said, Wired also made this observation:

The 9th’s ruling did not, however, clarify whether a traveler has to help the government search his computer, by providing the login information, or what would happen when the government decided to search a laptop with encrypted data on the drive. The defendant in the case can appeal the decision to the U.S. Supreme Court, but the Court is unlikely to take up an issue that two separate appeals courts have agreed upon.

Alternatively, better to leave all sensitive data at the office and, if required, connect through a VPN, retrieve, then erase before crossing.

Well, at least we can thank our stars that the ruling doesn’t apply to “highly intrusive searches of the person”. Yet.

Update: The EFF has published an article on possible ways to minimize the risk of laptop searches. They point out that encryption might not be all that handy:

If, however, you don’t respond to CBP’s demands, the agency does have the authority to search, detain, and even prohibit you from entering the county. CBP has more authority to turn non-citizens away than it does to exclude U.S. persons from entering the country, but we don’t know how the agents are allowed to use this authority to execute searches or get access to password protected information. CBP also has the authority to seize your property at the border. Agents cannot seize anything they like (for example, your wedding ring), but we do not know what standards agents are told to follow to determine whether they can and should take your laptop but let you by.

Elaborating on my suggested approach, they point out the following:

Another option is to bring a clean laptop and get the information you need over the internet once you arrive at your destination, send your work product back, and then delete the data before returning to the United States. Historically, the Foreign Intelligence Surveillance Act (FISA) generally prohibited warrantless interception of this information exchange. However, the Protect America Act amended FISA so that surveillance of people reasonably believed to be located outside the United States no longer requires a warrant. Your email or telnet session can now be intercepted without a warrant. If all you are concerned about is keeping border agents from rummaging through your revealing vacation photos, you may not care. If you are dealing with trade secrets or confidential client data, an encrypted VPN is a better solution.

Anyway, worth a read if you do cross the border with sensitive information.

Another update: More advice from Bruce Schneier on how to deal with customs (both in the US and elsewhere) and also safeguard sensitive information. I particularly like this suggestion (which he offers after also suggesting the VPN approach that I mentioned above) though it does require a little white lie:

If you can’t [use a clean laptop and download via secure VPN], consider putting your sensitive data on a USB drive or even a camera memory card: even 16GB cards are reasonably priced these days. Encrypt it, of course, because it’s easy to lose something that small. Slip it in your pocket, and it’s likely to remain unnoticed even if the customs agent pokes through your laptop. If someone does discover it, you can try saying: “I don’t know what’s on there. My boss told me to give it to the head of the New York office.” If you’ve chosen a strong encryption password, you won’t care if he confiscates it.

Further update: US customs, presumably emboldened by the court’s decision, have published their official policy (PDF) describing arbitrary search. The good news is that the reaction, at least in some corners, is somewhat less than favourable. From a recent article in the Washington Post:

“The policies . . . are truly alarming,” said Sen. Russell Feingold (D-Wis.), who is probing the government’s border search practices. He said he intends to introduce legislation soon that would require reasonable suspicion for border searches, as well as prohibit profiling on race, religion or national origin.

There’s also some description of what the good folks at Customs would do, including treatment of privileged materials, etc. If you frequently travel to the US with sensitive business materials, you would do well to review the policy. I may post a summary at some point…

Also, another less than enthusiastic op-ed piece in USA Today.