Courtney Cox on Trade Secrets and Lying
Courtney Cox, a professor at Fordham University Law School, has a very interesting trade secret law article forthcoming in George Washington Law Review called "Legitimizing Lies." The article can be downloaded on SSRN.
Cox argues, in short, that trade secret law could generate an unexpected incentive for trade secret holders to "lie." The reason is that federal and state trade secret statutes require anyone who wishes to own a trade secret to take "reasonable" measures to keep that information secret, and in some instances deception—including deception effectuated by lies—may be the most reasonable way to keep something secret. For example, companies sometimes use "deception technology" in their cybersecurity systems "to trick hackers into thinking they are getting close to critical data.” (25). Cox highlights increasing use of a cybersecurity device, affectionately called the "honeypot," which operates as a decoy computer system that can lure away would-be hackers. (24).
Cox suggests that, to the extent deception-based information security becomes the most effective option for protecting secrets in a certain industry or context, then trade secret law may require taking that deceptive act. This is because the trade secret statutes, at the federal and state level, include taking "reasonable" measures to preserve secrecy as a necessary element of a plaintiff's trade secret case. Thus, the law encourages, or at least gives its blessing, to "lying."
This is not purely theoretical. I was surprised to see that Cox uncovered at least one case where a court seemed to accept the plaintiff's argument that use of a "honeypot" in cybersecurity was evidence of taking reasonable secrecy precautions. (28-29).* I was also fascinated to see Cox citing trade secret cases in which the court rejected trade secret defendants' attempt to raise "unclean hands" as equitable defenses, based on the argument that the plaintiff had (in Cox's terminology) lied in its security measures. **
True, none of these cases actually held that deception was required to satisfied reasonable secrecy precautions. But if you put all the pieces of Cox's argument together—the statutory requirement of reasonable secrecy precautions; the prevailing notion that what's "reasonable" depends on what's effective; increasing use of deception in information security; and some real-world trade secret cases in which deception technology is assessed— it doesn't seem impossible that this sort of "lying" could be a requisite element of a particular plaintiff's trade secret claim in the future. Predicting the future of the law is arguably the best kind of legal scholarship.
Is Taking Secrecy Precautions Really "Lying"; and is "Lying" Ever Really Required?
The biggest question one might have while reading this article is whether it's really fair to consider taking advantage of the most effective precautions available to protect information about one's own inventions, product designs, or customer lists, as a form of "lying" in any meaningful moral sense.
A major piece of Cox's argument is her broad definition of what counts as a "lie." Cox —who has a doctorate in philosophy — says she got the idea for this line of inquiry in a conversation about trade secrets, in which a professor recommended the book, "Legal Secrets: Equality and Efficiency in the Common Law" by Kim Lane Scheppele. This is just one of the many sources Cox cites in the first part of her paper, where she delves deeply into philosophy literature as well as legal scholarship about what counts as "lying."
Cox does not limit "lying" to just an intentional misstatement for the purpose of deceiving someone else. Instead, Cox defines lying as more akin to “deceptive practices”—statements (express or implied), actions, and omissions, among other things, that present falsehoods. She specifically does not limit lies to something we'd consider morally wrong, explaining that "the concept of deceptive practices, as used here, does not include a moral (or legal) judgment about whether the practice is wrong or improper." (11). In fact, Cox points out, the moral wrongness of a statement isn't necessarily what makes it a lie or not. Bluffing and "white lies" are still called lies, after all.
Only by defining lies so broadly is Cox able to characterize acts taken for the purpose of information security as lying. I think a lot of readers—certainly a lot of trade secret plaintiffs—might object to this characterization. Nonetheless, when one takes her argument at face value, it's a really interesting and thought-provoking line of inquiry. Deception could indeed be an inevitable feature of a quality information security in a broad range of contexts relevant to trade secret law—and not just in cybersecurity. For example, an individual might use a sharpie to mislabel a valuable folder or video as "Brandon's Wedding" in order to keep onlookers away. A seed farm containing valuable genetically modified crops might keep a sign up saying "beware of dogs" even though there is no dog. (Cox, 34). Cox even mentions that "major agricultural companies have been known to" (in her words) " 'lie' to each other about their 'ability to determine [a seed’s] parentage'" (22) —the idea being that, if the other company thinks they'll be caught, they will be less likely to try to steal your seed lines. That really stood out to me, because I've seen so many trade secret cases, both civil and criminal, involving theft of seed lines. So perhaps deception in the trade secret context isn't as uncommon as we might think, even if we may not actually call it "lying."
I agree with Cox's conclusion that if, under a "reasonableness" inquiry, deception is clearly what Judge Posner would consider the efficient way to secure information's secrecy according to a cost-benefit analysis, then the law would in a sense require that the putative trade secret owner perform the deception.
That said, as Cox notes, another key consideration in determining the sufficiency of secrecy precautions is whether the precautions afford "notice" that information is intended to be kept secret. At least some of the deceptive secrecy measures Cox discusses (like the honeypot) don't actually seem to give the same kind of notice as affirmative measures, like placing things in vaults or using visible confidentiality ledgers and NDAs. In some cases, the deception might be unknown to all but a few employees. This lack of notice could actually be a countervailing factor that prevents the measure from being classified as part of a legally "reasonable" secrecy measures program.
Broader Relevance For Other IP Regimes?
Cox argues trade secret law serves as a "case study" for a broader universe in which the law may encourage lying, thereby creating a conflict between a moral imperative against lying and what the legal system actually demands. I suspect Cox's analysis of the use of deceptive tactics in the trade secrets and cybersecurity context may be too specialized to have broad application. But it could nonetheless provide insights to the relationship between law and lying in other areas, including in other intellectual property regimes.
One of my favorite aspects of Cox's article is her observation that this is all a bit ironic, because trade secret law, like other IP regimes, has a strong basis in unfair competition and tort law. Trade secret law condemns the "bad acts" or "breach of duty" that defendants may have taken to acquire the plaintiff's secrets. So it would indeed be counterintuitive for the same legal regime to require the plaintiff, in order to be entitled a trade secret, to behave in deceptive or otherwise morally inappropriate ways.
This is one sense in which the article could have broader implications in other areas of intellectual property law, including copyright, trademark, and even patent law, where IP-holders may have taken deceptive steps to secure their rights. My IP law students just finished reading Feist vs. Rural, for example, where the copyright holder only discovered the defendant's illicit acts of copying by including fake phone book listings. So in Cox's framework, if the plaintiff had won (which it didn't in that case) then it would have been due to use of "lies." ("Four of these were fictitious listings that Rural had inserted into its directory to detect copying."). Cox flags this case as well, citing it as evidence that "there is actually a long and venerated history of using deception to protect industrial secrets and information assets ..." (Cox, 21, 23). Perhaps this is a possible future line of inquiry.
* Citing SolarCity Corp. v. Pure Solar Co., No. 5:16-cv-01814, 2016 WL 11019989, at *1 (C.D. Cal. Dec. 27, 2016).
** She cites a case, for example, in which defendant "attempted to raise an unclean hands defense to trade secret misappropriation, arguing that [plaintiff] Pioneer had lied when it told [defendant] Advanta that it was “monitoring Advanta’s commercial hybrids and had the ability to determine their parentage,” even though “Pioneer’s technology was not reliable for this purpose until” years later." (Cox, 30-31) (quoting Advanta USA, Inc. v. Pioneer Hi-Bred Int’l, Inc., No. 04-cv-238, 2004 WL 7346791, at *10 (W.D. Wisc. Oct. 28, 2004).
Labels: trade secret