It’s not enough for general counsel of software companies to have non-disclosure and non-compete agreements to protect your trade secrets — you want to also ensure they cover misappropriation adequately, Rocco Magni, an attorney with Susman Godfrey, says.
It’s hard to reverse-engineer algorithms and analytical formulas, but there are still plenty of ways a company can take advantage of your company’s work, Magni told Legal Dive.
If your company uses demonstrations to entice another company to use or subscribe to your software, for example, the interface and workflow can inadvertently open windows into your trade secrets, so you want to have controls around how you conduct these demonstrations, he said.
“You need to have NDAs in place with potential customers or be mindful about what is shown,” he said. “In a software environment, it’s not just the code or the algorithms, it’s the user interface, the process flows of the software, the decision-making you need to go through as you’re using it. So, that means don’t show what the software looks like unless it’s under an NDA, or only show non-trade secret parts of the software.”
Startups are especially vulnerable to loss of trade secrets because they often have the innovative technology that established companies are looking for and they might not yet know the importance of having strong NDAs and non-competes.
“I’ve had potential clients come to me and I look at their agreements, and they don’t have any use restrictions or they have weak use restrictions,” Magni said.
In a typical scenario, they’ll sign an agreement for the use of their technology by a company that then goes on to look under the hood and try to do the same thing, or make a better version of it, as a competing product.
This happened in a case Magni has been working on that’s on appeal. The company he’s representing won an award in the lower court of more than $700 million after it showed one of its customers tried to build a competing product using its technology.
In this case, his client was well-positioned to mount a challenge by having strong non-disclosure provisions in its contracts.
“They had good agreements in place that put restrictions on the uses that could be made of their software and that is the most important thing,” he said.
Strong agreements will include language that creates a cause of action if a counterparty is suspected of trying to reverse engineer, disassemble, decompile or build derivative products from a company’s software.
“All of those magic words need to be in your agreements,” he said.
Companies trying to misappropriate your technology is one of the main ways your trade secrets are at risk.
The other is when employees leave and take your trade secrets with them to another company. That makes the language in your non-compete agreements critical.
“It’s incredible how often employees leave with trade secrets,” he said, “whether the [key information] is in their email, on their work computers, or in documentation they kept.”
To win a trade secrets case, the company must show their information is in fact a trade secret, that it’s been misappropriated and that it’s been harmed by the misuse of the information.
It’s easier for your software to meet the definition of a trade secret than it is to get a patent, because for a patent, you must meet all the tests – obviousness, prior art, and so on – and those hurdles don’t apply with trade secrets.
“Some person could have written a paper about something 50 years ago and no one really followed up on it and it made its way to a product we keep secret,” he said. “That can still technically be a trade secret.”
On the other hand, you don’t get the protections you get under a patent, either.
“If Company A independently comes up with Company B’s patent, that’s still patent infringement,” he said. “Whereas, with a trade secret, if someone independently comes up with the same thing, then great, we’ll compete in the market.”
It can be hard to know if a customer is trying to misappropriate your technology, but if you can track the customer’s data use, that can signal you need to look more deeply into what’s going on.
“It depends on the technology that’s involved, but if you’ve got technology that tracks usage, in some way, even if it’s just APIs or downloads, and you can see large quantities of data that are getting pulled that maybe are inconsistent with normal usage of the product, that can be a red flag,” Magni said.
More important than how you come to suspect a problem is the protections you build into your agreements, he said.
“There’s general language you [want to have] that says a customer shall not reverse engineer, decompile or deconstruct the product, something along those lines, and second is what a customer can do with derivative works and who owns derivative works,” he said. “Does the company with the trade secret own the derivative work? That’s important to spell that out, or else just have a blank prohibition against creating derivative works.”