TECH - Lawsuit Against ThinkSecret is Rotten
That has all changed. According to the Harvard Crimson, DePlume is a Harvard undergrad named Nicholas Ciarelli. Ciarelli, who is 19, has been running ThinkSecret since he was 13. In 2004, ThinkSecret successfully predicted the release of the iMac G5, iPod, and iPod Photo, among other Apple products.
Wired reported that the lawsuit, filed in the Superior Court of Santa Clara County (California) on January 4, 2005, alleged that Apple charged ThinkSecret with misappropriating trade secrets and asked for the source of the leaks and an injunction. According to the article, Apple has filed several lawsuits looking for the source of the leaks that Ciarelli and other web publishers who have made similar predictions in the past.
The Crimson reported that Ciarelli denies any wrong doing, claiming that he uses the same legal news-gathering techniques as any other journalist. The Crimson quoted Ciarelli as saying that he talked to sources, investigated tips, followed up on leads, and corroborated details.
The Crimson also goes into more details on the lawsuit, which makes it much more interesting than the Wired article. According to the Crimson, Apple’s lawsuit alleges that ThinkSecret illegally solicited Apple employees to violate confidentiality agreements and disclose the information online without the company’s permission. The article also says that complaint alleges that ThinkSecret, which invites visitors to provide anonymous tips, is misappropriating Apple’s trade secrets. ThinkSecret’s contact page does emphasize confidentiality. It provides an anonymous e-mail form and states that fax and voice submissions are kept strictly confidential. ThinkSecret also allows users to submit communications protected by PGP encryption.
The Crimson also quoted a Harvard law professor as saying that Ciarelli might be liable as a contributory infringer, which he describes as one who knows that others are violating the law directly and who facilitates it in some way.
So let’s look and see what we have here:
- Apple is claiming trade secret rights in something. Apparently, the company’s position is that the then-upcoming release of the iPod Shuffle, iWork, and Mac Mini were trade secrets when ThinkSecret predicted them, since as the Wired article noted, ThinkSecret did not reveal any sensitive information. It just released information that Apple was going to release anyway before Apple was going to release it.
- ThinkSecret acquired the information about the upcoming releases and published it before Apple intended for the information to be released.
- Apple claims that ThinkSecret encouraged Apple employees to violate confidentiality agreements by tipping the site off to the upcoming releases.
Aside from the fact that many seem to agree that Apple is making a public-relations blunder, I wonder about the merits of their claim.
According to the California Uniform Trade Secrets Act, a trade secret is "information, including a formula, pattern, compilation, program, device, method, technique, or process, that (1) derives independent economic value, actual or potential, from not being generally known to the public or to other persons who can obtain economic value from its disclosure or use; and (2) is the subject of efforts that are reasonable under the circumstances to maintain its secrecy."
The Act further provides that it is illegal to misappropriate trade secrets. It defines misappropriation as: (1) acquisition of a trade secret of another by one who knows or has reason to know that the trade secret was acquired by improper means; or (2) disclosure or use of a trade secret without express or implied consent by a person who (A) used improper means to acquire knowledge of the trade secret, or (B) at the time of disclosure or use knew or had reason to know that his or her knowledge of the trade secret was (i) derived from or through a person who utilized improper means to acquire it, (ii) acquired it under circumstances giving rise to a duty to maintain its secrecy or limit its use, or (iii) derived it from a person under a duty to the person seeking relief to maintain its secrecy, or (C) before a material change of his or her position knew or had reason to know that it was a trade secret and that knowledge of it had been acquired by accident or mistake.
The Act also prohibits the use of improper means to gain access to trade secrets. Improper means include theft, bribery, misrepresentation, breach or inducement of a breach of a duty to secrecy, or espionage. It does not include reverse engineering.
That leaves us with two threshold issues. Was the information a trade secret? if so, does any of Ciarelli’s conduct fall into any definition of "misappropriation?" And finally, did Ciarelli use any "improper means?"
Assuming that Apple’s employees sign agreements not to disclose confidential information, I think we can safely conclude that Apple took reasonable efforts to keep upcoming releases of its new products secret by attempting to enforce its confidentiality policy.
What I am more concerned with is whether the information had actual or potential independent economic value because nobody else knew about it until ThinkSecret ran its story. According to one intellectual property firm’s website, "this criteria is almost always proven when secrecy is proven, since companies typically do not put forth effort in a lawsuit to protect and recover control of valueless information."In this case, I’m not so sure. It seems to me that any lost sales of iPod Shuffles, iWork discs, and Mac Minis arising out of ThinkSecret’s actions would result more from the fact that Apple sued a teenaged Mac fan than from the fact that ThinkSecret accurately predicted the products’ release. ThinkSecret speculated on specifications and pricing of the iPod Shuffle, iWork suite, and Mac Mini, but it didn’t release anything that is typically considered valuable like customer data. The weight of precedent on the issue of independent economic value is certainly on Apple’s side here, but I don’t think it’s at all clear.
I have more concerns about the second and third issues in this case because a decision for Apple on them runs the risk of shutting down all rumor and insider publications everywhere. Remember, for there to be infringement, you need a trade secret and you have to have stolen it.
Did ThinkSecret steal anything? The answer may depend on what the actual conduct was. If Ciarelli or someone else working for the site actively contacted Apple employees and encouraged them to disclose information that was most likely protected by nondisclosure agreements, either by emphasizing the confidentiality of their submissions process or otherwise, then I think you do have misappropriation (disclosure without consent and inducement of Apple employee’s breach of a duty of secrecy). In essence, by encouraging insiders to violate their confidentiality agreements by emphasizing anonymity and confidentiality, Apple has a decent argument for inducement.
Somehow, I don’t think that this was the case. If it was, I doubt Apple would be trying to get the identity of ThinkSecret’s sources.
I think the second scenario is much more likely. Some insiders who frequent ThinkSecret decided to leak the information. Maybe they did it to generate publicity. Maybe they just thought consumers should know sooner rather than having to wait for Macworld. Whatever. So these insiders, for their own reasons, submitted the story through one of ThinkSecret’s many anonymous channels. Ciarelli in turn took what it had been given anonymously and posted it online.
Unless there is a court opinion establishing that someone can be secondarily liable for trade secret infringement, the Harvard law professor’s statements regarding contributory infringement are incorrect. Contributory infringement has been in the news a lot lately, but in the context of copyright law. The Uniform Trade Secrets Act, on the other hand, doesn’t provide for contributory infringement. Liability has to arise from misappropriation, which means that merely benefiting from someone else’s disclosure of a trade secret on your forum won’t get you there unless you misappropriated the trade secret yourself.
As a practical matter, I don’t think this is an issue in this case. If Ciarelli did the legwork that he claims he did, I think that a court would be likely to find that, in verifying the tip and deciding to post it to his website, he, not the original insider, is the primary actor. Therefore, the critical part of the analysis is whether or not he misappropriated anything.
Assuming the second hypothetical state of facts, where one or more insiders tipped ThinkSecret off of their own volition, let’s see if Ciarelli’s conduct falls into any of the categories of misappropriation.
The first is acquisition of a trade secret of another by one who knows or has reason to know that the trade secret was acquired by improper means. The Crimson quoted Ciarelli as saying that Apple did not feed him information. The issue here is whether Ciarelli knew or should have known that the information was acquired by improper means, most likely the breach of a duty of secrecy. So the question is whether Ciarelli knew or should have known that the insider breached a duty of secrecy when he made the tip. This is probably Apple’s strongest argument because the more research Ciarelli did into the tip, the more likely he would presumably be to discover that the information was generally protected. However, without identifying the informant, Ciarelli would have no way to know whether the insider was under a duty of secrecy to begin with. Ciarelli himself had no duty to keep Apple’s secrets. If the insider who gave him the tip didn’t either, then there were no improper means and therefore no misappropriation.
The second category of misappropriation is disclosure or use of a trade secret without express or implied consent. In this case, Apple’s strongest argument here is that Ciarelli disclosed trade secrets without express or implied consent when he knew or had reason to know that his or her knowledge of the trade secret was derived from or through a person who utilized improper means to acquire it or derived it from a person under a duty to the person seeking relief to maintain its secrecy. Again, the issue is the anonymity of the ThinkSecret contact site. Although an Apple insider might presumably be under a duty of secrecy to Apple, the fact that the website takes anonymous tips means that he could have no way to determine whether or not his informant had done so or not.
There is case law, in the form of DVDCCA v. Bunner, where the California Court of Appeals reversed an injunction prohibiting a website operator from posting a copy of the DeCSS source code, which allowed users to crack DVD copy protection. The court noted that the injunction was improper because the information had become common knowledge, and therefore no longer a trade secret, by the time the trial court granted an injunction against disclosure. Although the DVDCCA appealed the case to the California Supreme Court, it later gave up on the action.Personally, I think that there is a definite issue as to whether Ciarelli could be held liable for infringement in the first place due to the anonymity of his informants. However, I would really hate to see any kind of ruling that threatens the ability of website operators to acquire anonymous information without some kind of provision for protecting themselves from liability as trade secret infringers. Maybe a notice and takedown provision, like we have in the Digital Millennium Copyright Act, would work. At this point, I don’t know. But if this case goes anywhere, it will definitely merit very close scrutiny.
What does this mean for ThinkSecret? As a practical matter, it would appear to put a limitation on whether Apple could enjoin disclosures like the ones at issue. If Apple makes a public announcement a short time after the leak occurs, then it will destroy its own case. Therefore, it’s best bet would be to seek damages, which may include actual damages and unjust enrichment, and an injunction relative to the identities of ThinkSecret’s sources. Willful and malicious misappropriation can lead to an award of attorney’s fees, but I doubt that Apple could succeed on that claim because Ciarelli didn’t actually steal the information.
Damages are unlikely to be a big draw for Apple because it would be hard, if not impossible, to show that it stood to lose any money. It might claim that advertising revenues derived from people who visit ThinkSecret constitute unjust enrichment, but that isn’t going to be much money either.
It looks like the real meat, so to speak, would be an injunction requiring Ciarelli to either give up his sources or do something to enable him to do so. That way Apple could make examples of the informants and possibly prevent future leaks. And this is where I have grave reservations about this case.
If maintaining an anonymous contact system constitutes inducement of violation of a duty of secrecy, then basically Apple wants to make website operators its trade secret police. Protecting privacy should not be declared an improper act. Holding Ciarelli liable for trade secret infringement on the basis that his anonymous contact system is somehow part of trade secret misappropriation could essentially kill off ThinkSecret and all sites like it, or give companies like Apple total control over them
Personally, I think that there is a definite issue as to whether Ciarelli could be held liable for infringement in the first place due to the anonymity of his informants. However, I would really hate to see any kind of ruling that threatens the ability of website operators to acquire anonymous information without some kind of provision for protecting themselves from liability as trade secret infringers. Maybe a notice and takedown provision, like we have in the Digital Millennium Copyright Act, would work. At this point, I don’t know. But if this case goes anywhere, it will definitely merit very close scrutiny.