Software and Trade Secrets: Rethinking IP Strategies after CLS v. Alice

by Robins Kaplan LLP
Contact

Historically, the patent system has provided broad protections to software innovations.  In the past, software patent holders could prevent competitor infringement without much need for a comprehensive disclosure of the software being patented.  Furthermore, the protections a patent offered often lasted long past the effective life of a software product.

But shifting patent standards generally and unpopular large awards for software infringement in particular have changed the software patent landscape.  The Supreme Court’s recent decision in Alice Corp. v. CLS Bank[1] —which preserves software patentability but requires “an inventive concept” beyond computer implementation of an abstract idea-reaffirms the difficulties that accompany current software patenting.  As a result, software innovators may find that, in some cases, trade secret law now offers the best method for protecting proprietary software advancements.

Trade secrets defined
State law serves as the primary source of trade secret law. In most states, a trade secret is defined as information, including a formula, pattern, compilation, program, device, method, technique, or process that meets two criteria:

   (1)  The secret derives value because it is not generally known or readily ascertainable by others.
   (2)  The innovator is making reasonable efforts to maintain the secrecy of those methods.

Software frequently has little difficulty meeting this standard. Software design is a constant effort to construct and refine efficient algorithms that distinguish the end product from the competition. Putting aside the benefits of open source software development, software companies often derive value in not simply releasing those methods to the public.

That secrecy is the fundamental difference between patent protection and trade secret protection. The quid pro quo of patent protection is that an applicant discloses what is being patented to the public. The patent application, therefore, can have profound impact on whether the software technique can be maintained as a trade secret. More importantly, as software patents become increasingly difficult to procure, the demands for disclosure of novel techniques will only increase.

Consequences of trade secret misappropriation
Trade secret law prohibits others from misappropriating trade secrets and provides remedies if they do. For most states, at its most basic level, “misappropriation” occurs when someone:

  • Acquires a trade secret knowing or having reason to know that the trade secret was acquired by improper means, or
  • Discloses or uses another’s trade secret without the owner’s permission.

A key theme for each type of misappropriation is the concept of acquisition of the secret through “improper means,” e.g., theft, bribery, misrepresentation, espionage, or not adhering to a duty to maintain secrecy.

If secrets are improperly disclosed, plaintiffs may seek money damages. Trade secret verdicts are increasingly taking their place on the intellectual property leaderboard with more than half of the largest intellectual property verdicts over the last year relating to trade secrets, not patents. Those verdicts include a multi-billion dollar award to St. Jude, a $919 million dollar verdict to DuPont (just recently overturned by the Fourth Circuit), and a $465.4 million verdict in favor of Lexar Media.

And, unlike patent claims, trade secret owners are not limited to the benefits of civil injunctive and money damages relief. Trade secret misappropriation also can result in criminal penalties. In certain circumstances, these penalties provide trade secret owners with alternative avenues for enforcement, including leveraging the government’s ability to obtain more expansive discovery (through search warrants) and assistance in recovery of stolen trade secrets.         

Advantages and drawbacks of trade secret protection
Trade secret protection’s advantages boil down to one word: secrecy. In particular, small and nascent software companies benefit from keeping confidential revolutionary or new algorithms, data structures, or methods for delivering content benefits— especially when it comes to competing against larger, well-funded rivals.

But protecting software through the trade secret mechanism does not come without risk. These include:

  • No protection to an owner when the secret is otherwise ascertainable by the public either through independent discovery or reverse engineering.
  • The possibility of patent infringement actions by companies that later attempt to patent similar technology.

The latter risk, however, was substantially mitigated by recently enacted patent reform legislation, the America Invents Act. Specifically, patent law now provides companies a defense to patent infringement based on prior commercial (and certain other) uses of a claimed invention, so long as that use occurred at least one year before the filing date of the invention or disclosure to the public. The protection now exists even if the use occurred in secret. Although nuanced, the defense provides a new level of protection against subsequently filed patents to companies that prefer to keep their innovation secret.

Keeping trade secrets secret
Once opting for trade secret protection, a software company must take reasonable steps to maintain the secrecy of the trade secret. Companies should consider several methods:

  • Inventory and identify trade secret materials: An important first step toward protecting the company’s secrets is figuring out what they are. This may not be as intuitive for a software company as it is for Coca-Cola, but, much like the secret recipe for Coca-Cola or the Colonel’s recipe of “eleven herbs and spices,” software companies know what makes their product unique and valuable. Trade secret protection is not just limited to the specific algorithm in code, but includes design and other internal documentation that may embody secret details.
  • Mark trade secret protected materials: Once a software company identifies its trade secrets, it should unambiguously mark them. Although source code might be difficult to mark as “confidential,” software companies should consider marking other documents to help eliminate any chance of accidental disclosure.
  • Keep software out of open source: Given that the objective is to maintain a trade secret, a software company should not release its secrets into the open source community or freely distribute its source code Instead, software companies should consider distributing software in compiled form.
  • Require employee confidentiality agreements: Software company employees should execute confidentiality and proprietary information agreements. These agreements eliminate any ambiguity regarding employees’ responsibilities to protect the company’s confidential material, establish protocols for any newly created innovations to be assigned to or remain the property of the company, and provide the company a mechanism to engage employees on the importance of secrecy from the onset of the employment relationship.
  • Adopt confidentiality policies: Company policies should ensure that all documents embodying the company’s secrets are clearly identified as confidential and are appropriately secured. Further, companies should examine social media policies to make sure that they clearly instruct employees not to divulge company confidential information when using social media. Finally, given the higher than average employee turnover experienced by software companies, companies maintain an effective exit interview process to remind employees of their obligations and ensure employees do not leave with the company’s secrets.
  • Ensure third parties sign confidentiality agreements: Third parties should also be instructed not to disclose material. Software companies often engage in joint development agreements, actively canvas for venture capital, or provide critical details about their software to potential customers. In each case, software companies should ensure proper non-disclosure or confidentiality agreements are in place, not only to ensure there is no question about whether materials can be disclosed, but, to establish who owns what whenever materials are exchanged.
  • Establish adequate physical security: Best practices in collaborative software design necessitate a code repository, which provides a means for monitoring and securing access to materials. In addition, all confidential materials—not just the source code—should be secured from prying eyes. Copying of these materials should be monitored and logged. Software companies should also consider other forms of standard physical security—both in its storage equipment and in the facilities housing them.

A software company is not obligated to do everything possible to secure its secrets, but, the more it does, the better chance it will have preventing misappropriation and demonstrating to a court that it took reasonable steps to protect those secrets.

Conclusion
After CLS v. Alice software innovators must think long and hard about the IP protections the want to cultivate.  When it comes to software patenting, the software industry must risk ongoing judicial and legislative support for curtailing patent protection in order to obtain the exclusion rights patents offer. Developing strategies for ensuring that software remains protectable as a trade secret offers an alternative to path to protection innovation—and avoiding the software patent battlefield that is sure to continue to claim programming innovations from software patenting’s better days.

[1] Alice Corporation Pty. Ltd. v. CLS Bank Int’l., __ U.S. ___ , 2014 U.S. Lexis 4303 (Sup.Ct. June 19, 2014).

 

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Robins Kaplan LLP | Attorney Advertising

Written by:

Robins Kaplan LLP
Contact
more
less

Robins Kaplan LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Privacy Policy (Updated: October 8, 2015):
hide

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.

Security

JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at info@jdsupra.com. In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at: info@jdsupra.com.

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.