The Eleventh Circuit’s reasoning in the case this blog summarizes is encouraging for any tech company that licenses access to its proprietary information or makes some part of it publicly available. The decision holds that under Florida’s Uniform Trade Secret Law, these partial exposures of trade secrets to the public may not be fatal to a claim for trade secret misappropriation.
There is no question that the law continues to evolve in response to new technological developments. For example, corporate espionage has become easier in these days of computer hacking, thereby increasing the possibility of the theft of valuable proprietary information such as trade secrets. Does Florida’s Uniform Trade Secrets Act (FUTSA) adequately protect the trade secret owner from “high tech” misappropriation of trade secrets? The Eleventh Circuit Court of Appeals said yes in its 2020 decision in Compulife Software, Inc. v. Newman, et al., 959 F.3d 1288 (11th Cir. 2020). The court held that the statute’s verbiage was indeed applicable to this “industrial espionage” case. The court also solidified the FUTSA by clarifying the definition of misappropriation.
Plaintiff Compulife Software, Inc. sells access to its online databased of insurance premium information, which synthesizes publicly available insurers’ rate tables using its proprietary method and formula. It also provides life insurance quotes sourced from its online database. The data base is not static but consistently updates with current information about life insurer’s rate tables and allows for direct comparison across dozens of providers. Compulife licenses access to the data to its customers who are primarily life insurance agents who in turn seek to provide reliable insurance rate estimate to policyholders.
Interestingly, the lawsuit originating in the Southern District of Florida, did not include alleged violations of the Computer Fraud and Abuse Act (“CFAA”), the most commonly applied federal law to web scraping. Indeed, plaintiff refrained from pursuing many of the common claims that often appear in web scraping litigation, such as trespass to chattels, conversion, tortious interference with a contract, and unjust enrichment.
The defendants and Compulife are in direct competition. The lawsuit resulted from Compulife’s allegations that the defendants gained access to its database by falsely purporting to work for Compulife’s licensed customers, hiring a hacker to scrape data from Compulife’s database, and then using the scraped data to generate life insurance quotes on their own websites. Not surprisingly, the court described the case as one involving high-tech corporate espionage.
Website scraping using software programs known has “bots” has been quite common and is often considered legitimate. “Bad bots,” however, fetch content from a website with the intent of using it for purposes outside the site owner’s control. “Bad bots make up 20 percent of all web traffic and are used to conduct a variety of harmful activities, such as denial of service attacks, competitive data mining, online fraud, account hijacking, data theft, stealing of intellectual property, unauthorized vulnerability scans, spam and digital ad fraud.” See https://www.imperva.com/blog/is-web-scraping-illegal/.
The FUTSA requires the plaintiff to demonstrate that it: 1) possessed a trade secret; and 2) the secret was misappropriated. The magistrate in the district court did find that Compulife’s database contributed a trade secret but that the trade secret had not been misappropriated. The magistrate’s reasoning? Compulife had not identified what legal duty the defendants had violated.
The Eleventh Circuit found the magistrate’s reasoning erroneous. Under the FUTSA, a trade secret can be misappropriated by either acquisition, disclosure, or use. Compulife had alleged misappropriation by acquisition and use. Relying on the FUTSA’s own wording, the court noted that there are several varieties of misappropriation by use that do not depend on the existence of any external legal duty. Citing Fla. Stat. § 688.002(2)(b)1, 2a, and 3, the court explained that “[w]hen for instance, a defendant knows that his knowledge of a trade secret was acquired using ‘improper means,’ or that he has acquired knowledge of a trade secret ‘by accident or mistake’ and still uses it, such use is actionable misappropriation.” “Improper” is defined by the statute as means including theft, bribery, misrepresentation, breach or inducement of a breach of a duty to maintain secrecy, or espionage through electronic or other means. The court concluded that there was enough evidence that the database had been used by either improper means or accident or mistake and that these misappropriation theories must be determined before the court can dismiss a trade secret misappropriation claim.
The district court’s magistrate had also erred by finding that because the individual insurance quotes on Compulife’s website that the hacker scraped were publicly available, the database from which those quotes were sourced could not have been misappropriate by acquisition. The Eleventh Circuit disagreed and reasoned that even if the publicly available individual quotes did not merit trade secret protection, “taking enough of them must amount to misappropriation of the underlying secret at some point. Otherwise, there would be no substance to trade-secret protection for ‘compilations’ [of data] which the statute clearly provides. See Fla. Stat. § 688.002(4).
The court also concluded that the method of acquisition could determine whether the taking of the publicly available quotes constituted misappropriation. Here, the defendants did not merely manually access quotes from Compulife’s database wherein such manual copying would likely never constitute improper means. Instead, the defendant’s usage of a bot to collect an otherwise infeasible amount of data may well constitute misappropriation – in the same way that using aerial photography may be improper when a secret is exposed to view from above. Citing E.I. Dupont de Neumours & Co. v. Christopher, 431, F.2d 1012, 1014 (5th Cir. 1970), a case that had nothing to do with the difficult technical issues courts are asked to address today. The court vacated the magistrate’s dismissal of the misappropriation by acquisition claim and remanded the case.
CONCLUSION
The case is expected to have ramifications in the area of trade secret law by allowing plaintiffs to claim that usage of their “website” publicly presented trade secret information comprises trade secret misappropriation. Generally, publicly available information has not been deemed a trade secret. This commentator opines that the decision will not defeat the need for a case-by-case factual analysis. Relying on a 50-year-old non-tech case in support of their decision, the Compulife court clearly felt that that the defendants had “done the plaintiff wrong” and should be held accountable. The reach of the decision remains to be seen. It is therefore strongly recommended that any lawsuit involving trade secret misappropriation also includes counts such as those listed above in the event the claim for trade secret misappropriation fails.
THANK YOU FOR YOUR INTEREST IN THIS BLOG. AS USUAL THE CONTENT IS FOR INFORMATIONAL PURPOSES ONLY AND IS NOT LEGAL ADVICE.
Intellectual property law is a complex area of the law. Contact us for a complimentary consultation on patents, trademarks, trade secrets, and copyrights. Our mission is to serve innovators and creators in protecting the fruits of their hard work and ingenuity through our Client Creed: Conscientious, Rigorous, Energic, Empathetic, and Diligent legal services which cover both transactional and litigation services.
Have a question specific to trade secrets? Contact us for a complimentary trade secret checklist.
© 2021 by Troy & Schwartz, LLC
