How's My Driving?: Owner of Database for Professional Truck Drivers Prevails Despite Violating Several Trade Secret Rules of the Road
Sometimes a new trade secrets decision teaches best practices that clients should follow. Other decisions demonstrate that when the defendant's behavior is blatant enough, a trade secret plaintiff can prevail despite ignoring common best practices. A recent case, Miracorp, Inc. v. Big Rig Down, LLC, Johnson County, Kansas District Court, No. 08 CV 9528 (October 2, 2009), definitely falls into the latter category.
The case involved a company, Miracorp, which had put together over time and with much effort a database of service vendors (towing, tire repair, etc.) that truck drivers might need as they hauled their loads across the United States and Canada. Miracorp not only compiled the vendor names, but also vetted the vendors for quality. Miracorp made this annotated database available over a free Internet site and through sales of a CD containing the database, and Miracorp's intent was that users of both its website and CD be able to make only specific searches of the database, as opposed to being able to access the entire database. Apparently, Miracorp's website had no terms of service prohibiting accessing or copying for commercial purposes, nor did Miracorp attempt to impose any limits on what people could do with the CD after purchasing it. Defendants legitimately obtained a copy of the CD and--as they freely admitted--copied its entire contents, which defendants then used as the basis of their own competing site.
Miracorp sued in Kansas state court, obtaining initially a temporary restraining order preventing defendants' use of Miracorp's database and operation of defendants' competing website. Miracorp then sought to convert the TRO into a preliminary and permanent injunction. Miracorp persuaded District Judge Vano to issue the injunction, but it was a bumpy ride for all involved.
Initially, Miracorp's heavy reliance on the law of trade secrets is curious considering that Miracorp allowed the public to search the database apparently without restriction on dissemination of the search results. Copyright infringement would seem to have been an easier claim to prove. (Apparently, Miracorp's lawyers eventually realized this as the decision reports that Miracorp later filed a separate suit in federal court asserting copyright infringement.) It is also curious why Miracorp chose to distribute its CD through an outright sale, as opposed to a long-term license, and why Miracorp apparently imposed no limitations on disposition or use of the CD.
The court's decision finding that Miracorp had established a likelihood of success on its trade secrets misappropriation claim is interesting. Certainly, the court was on firm footing in holding that a compilation of otherwise publicly available information could be a trade secret. However, the court was generous in finding that Miracorp had reasonably protected its database compilation despite the fact that: (a) Miracorp did not label the database--either internally or outside the company--as confidential, and apparently did not impose limitations on the use or dissemination of its contents; (b) Miracorp's employees apparently were not required to sign confidentially agreements; (c) inside Miracorp, the database only was protected by password; (d) outside Miracorp, the CD given to purchasers was password protected but that security could be broken in less than 30 minutes using open source software available for free on the Internet; and (e) during a courtroom demonstration, the defendants were able to access the entire database from plaintiff's website due to a technician's oversight in not activating security on the server housing the website. Moreover, in overlooking all of those circumstances, the court focused on the plaintiff's subjective pure heart in intending to protect its database. In referring to the technician having "left open the door" to the website server, the court posed what it believed to be the dispositive question as, "Can it be true that when someone forgets to lock the door to the home that the family is, therefore, found to have given its consent to intruders, vandals or thieves? The court thinks not."
But what does consent have to do with whether the security efforts were objectively reasonable under the circumstances, which is the test under the Uniform Trade Secrets Act adopted by Kansas. Under that test, even assuming lack of consent, it may well not be reasonable to leave open the door to a company's most valuable asset for long periods of time or to distribute that asset in a CD that could be hacked with minimal effort.
At the end of the day, the real problem for the defendants may have been that they ran a red light: they openly admitted having copied Miracorp's database wholesale and having based their entire competing business on it. Even in the absence of express prohibitions on copying, that is behavior for which many courts will issue a ticket.
Well taken. I'm a hopeless driver myself.
Well I never. I'm a keen driver myself.
Great posting, I favorited your blog so I can visit again in the future, Thanks