On Friday 30 May 2003 18:40, Curtis Rey wrote:

On Friday 30 May 2003 03:08 am, James Mohr wrote:

<my stuff snipped>

If this is indeed the case then there is the question of "diligence". It states that a company must take precautions to make its trade secrets secure and failure to show diligence is cause for forfeiture of IP and patent rights.

So, if SCO fired/laid off a substantial enough of its developer work force and did not take the steps that the courts feel it should have then SCO was negligent in securing access and use of their property. This is a matter of fact and can be reviewed on a number of legel sites... I have already seens the statutes that state this. Likewise a few on the list have stated this as well. Now the issue is proving this and I'm sure that if, as you elude to, this came from some disgruntled former employee then his/her testimony would most likely be a death toll to SCOs claim and case.

Cheers, Curtis.

Which could mean essentially that the patents, copyright, whatever governing the IP was no longer valid when SCO sold it to Caldera.

Well, I am not a "disgruntled former employee" because I left several years before the transfer. However, I can tell you that security was lax enough that it would never have passed a security audit. I can remember rummaging through the kernel code, TCP/IP, SMP, and many other places. At least that demonstrates that a would-be corporate spy would have had opportunity to access the trade secrets.

Hmmm. Before I spill the beans any more, maybe I just ought to talk with the IBM legal department.

Regards,

jimmo

On Friday 30 May 2003 17:20, Nick Zentena wrote:

Who would be crazy enough to admit they stole SCO IP? You think they might press criminal charges? They might just claim the person who received the goods should have known it was stolen. Just because you managed to steal something doesn't mean they didn't take reasonable care.

No need to go to disgruntled SCO employees. In the past plenty of schools held full AT&T Unix source code. The stuff was used to create BSD right? It was used in classes.

Nick

Very valid point. There are many, many places the code could have come from. However, it terms of "stealing" the code, one does not need to have stolen it to have it taint the Linux code. All one needs to have done is seen the code and used what you saw (even without copying it 1:1). Also what is the statute of limitation on that? It's been 7 years since the real SC had it last.

Regards,

jimmo

On Friday 30 May 2003 08:20 am, Nick Zentena wrote:

On May 30, 2003 12:36 pm, James Mohr wrote:

...

On Friday 30 May 2003 18:40, Curtis Rey wrote:

...

On Friday 30 May 2003 03:08 am, James Mohr wrote:

<my stuff snipped>

...

If this is indeed the case then there is the question of "diligence". It states that a company must take precautions to make its trade secrets secure and failure to show diligence is cause for forfeiture of IP and patent rights.

So, if SCO fired/laid off a substantial enough of its developer work force and did not take the steps that the courts feel it should have then SCO was negligent in securing access and use of their property. This is a matter of fact and can be reviewed on a number of legel sites... I have already seens the statutes that state this. Likewise a few on the list have stated this as well. Now the issue is proving this and I'm sure that if, as you elude to, this came from some disgruntled former employee then his/her testimony would most likely be a death toll to SCOs claim and case.

Cheers, Curtis.

Which could mean essentially that the patents, copyright, whatever governing the IP was no longer valid when SCO sold it to Caldera.

Well, I am not a "disgruntled former employee" because I left several years before the transfer. However, I can tell you that security was lax enough that it would never have passed a security audit. I can remember rummaging through the kernel code, TCP/IP, SMP, and many other places. At least that demonstrates that a would-be corporate spy would have had opportunity to access the trade secrets.

Hmmm. Before I spill the beans any more, maybe I just ought to talk with the IBM legal department.

Who would be crazy enough to admit they stole SCO IP? You think they might press criminal charges? They might just claim the person who received the goods should have known it was stolen. Just because you managed to steal something doesn't mean they didn't take reasonable care.

No need to go to disgruntled SCO employees. In the past plenty of schools held full AT&T Unix source code. The stuff was used to create BSD right? It was used in classes.

Nick

In the U.S. industrial espionage is not formally on the books as a crime. The crimes related to this would be such things as gaining access to property or premises illegally (e.g. unlawful entry. theft of documents, violation of an NDA/contract, etc..). But once the information is out it's out and frankly theirs little recourse after that.

Companies do it to each other all the time. If you can find a statute related to industrial espionage I would like to read it. Seriously, when I found out that this was the case I was a bit amazed. But the fact of the matter is there is no law related to industrial espionage. Tie this with the statutes about the responsiblities related to secure trade secrets and it's a very narrow line to defend. There are cases where stolen trade secrets were protected in the courts. But in these cases it was more a case of several violations as previously said and a collusional behavior of a company, e.g. there was evidence that company X hired and conspired to gain access to information or design with a 3rd party against company Y in such a manner the the very nature of the action was illegal from the it's inception and that extordinary measures had to be taken to circumvent protect measures in order to access it, and in doing so violated several State and Federal statutes.

If you would like I can give you a few links that explain this in detail, especially the area of taking the proper protective measures to perform due dilegence to protect ones properties and right. This is extremely true in relaionship to intenal use and employee access. It's on the books, seriously!

Cheers, Curtis.

On Friday 30 May 2003 10:23 am, Nick Zentena wrote:

On May 30, 2003 01:55 pm, Curtis Rey wrote:

...

In the U.S. industrial espionage is not formally on the books as a crime. The crimes related to this would be such things as gaining access to property or premises illegally (e.g. unlawful entry. theft of documents, violation of an NDA/contract, etc..). But once the information is out it's out and frankly theirs little recourse after that.

http://www.cybercrime.gov/18usc1832.htm

Not to mention even removing the copyright notice:

http://www.cybercrime.gov/17usc506.htm

http://articles.corporate.findlaw.com/articles/file/00355/008787

The last couple of paragraphs are what I find most telling (marked with ^^^^^^). As you have pointed out, and I have said. If person/s has had to go to extrordinary or uncommon means to gain a "trade secret" then it is assumed that this was done with malice and intent and therefore criminal in nature. However, the employer and/or trade secret holder must have taking measures to secure said trade secret/s and mantianed standards of security and diligence regarding these matters. I have not included an article related to diligence on the part of the trade secret holder. Since SCO gave code to IBM it is assumed that an NDA, confidentiality clause, and terms of use, etc were agreed upon. However, If the trade secret make the manner or article of the secret known to the extent that it can be come common knowledge, or simultaneously or in parallel be discovered or created then their is no assumption of right of protects. Please read the following and if you have further questions or comments I can relate more publications and case studies.

This is a very convoluted matter... But then it's litgitious in nature and mercurial in most case. SCO has had several inconsistencies and pair with others contentions (e.g. Novell) assumption made by a post related to a federal statute can be misleading if taking without any other context.

The "Secrecy" Requirement

The subject matter of a trade secret must be secret. Furr's Inc. v. United States Advertising Co., 385 S.W. 2d 456 (Tex. Civ. App.1964), cert. denied, 382 U.S. 824 (1964); Thermotics, Inc. v. Bat-Jac Tool Co., Inc., 541 S.W. 2d 255 (Tex. Civ. App. 1976). Trade secret protection, however, is not lost if the secret is discovered through "improper means." The UTSA defines "improper means" as "theft, bribery, misrepresentation, breach or inducement of a breach of a duty to maintain secrecy, or espionage through electronic or other means." The Restatement (Third) of Unfair Competition simply requires that the information be "secret." The comments state: "The rule stated in this Section [39] requires only secrecy sufficient to confer an actual or potential economic advantage upon one who possesses the information. Thus, the requirement of secrecy is satisfied if it would be difficult or costly for others who could exploit the information to acquire it without resort to the wrongful conduct proscribed under § 40." Comment f, Restatement (Third) of Unfair Competition, §39 (1995).

The Duty To Protect Trade Secrets

The trade secret owner is under a duty to take reasonable steps to preserve the secrecy of the trade secret. E.I. duPont deNemours & Co., Inc. v Christopher, 431 F.2d 1012 (5th Cir. 1970), cert. denied, 400 U.S. 1024 (1971). If the owner of a trade secret is subsequently found to have inadequately protected the secret, protection will be denied. The property is deemed to have been forfeited. One of the principal precautions taken to protect trade secrets is the use of employee non-disclosure or confidentiality agreements. Surgidev Corp. v. Eye Technology, Inc., 828 F.2d 452 (8th Cir. 1987) (requiring employees to sign nondisclosure agreements, restricting visitor access to sales and administrative areas, keeping customer information in locked files, and distributing customer information on a "need-to-know" basis was sufficient to meet the "reasonable precaution" test). The requirement to take reasonable steps to preserve the secrecy of the trade secret varies with the circumstances of each case, and simply having each employee sign confidentiality agreements may not be adequate to preserve trade secret protection if the other precautions taken are not sufficient. See Electro-Craft Corp. v. Controlled Motion, Inc., 332 N.W. 2d 890 (Minn. 1983); see also Junkunc v. S.J. Advanced Technology and Manufacturing Corp., 498 N.E. 2d 1179 (Ill. App. Ct. 1986).

Provisions for Employment Contracts to Protect Trade Secrets

In an effort to protect its assets, an employer, through employment contracts, can extract promises of nondisclosure of trade secrets from employees. Employment contracts can include a covenant not to compete, a nondisclosure agreement, incorporating by reference the Economic Espionage Act (18 U.S.C. §1832), and a covenant not to solicit. Such employment contracts also should require that employees return all company property upon separation, including any paper or electronic copies of company documents or other information. The employment agreement should require employees to submit to an exit interview. Furthermore, the employer should require employees to participate in a confidential information awareness orientation. If the employee does not know that the employer desires secrecy, the employee may not be held to have a confidential relationship with the employer, and the trade secret will be unprotected. The employment agreement, even if the relationship remains "at will," should require the employee to assign to the employer any trade secrets that were created by the employee in the course of employment. Otherwise, the employee may claim an interest in the trade secret. Finally, the employer may elect to include an arbitration clause in the employment agreements. These clauses require the employer and employee to waive their right to trial and to submit any disputes to binding arbitration. At the same time, these clauses should be drafted to exclude a claim for an injunction for violation of a non-compete, non-disclosure or non-solicitation agreement, thereby permitting the employer to seek emergency relief from a court for an injunction enjoining the conduct.

Practical Considerations To Protect Trade Secrets

Although the courts continually caution that the circumstances of each case will vary, several basic requirements for protecting trade secrets can be gleaned from the cases:

* Reasonable precautions against industrial espionage;

* Marking plans and documents "confidential;"

* Use of "confidentiality" legends, warnings and agreements;

* Restricting visitors and similar types of plant security;

* Locking up or otherwise securing sensitive information;

* Taking technical precautions, such as dividing the system into steps handled by different individuals or departments;

* Copy protection and embedded codes to trace copies; and

* Employee exit interviews. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ In the event of litigation, it should be clear that the employer has done everything reasonable within its power to protect its trade secrets. See Schalk v. State, 823 S.W. 2d 633 (Tex. Cr. App. 1991) (evaluating what constitutes requisite 'measures' to protect trade secret status), cert. denied, 503 U.S. 1006 (1992). "Vigilance in the area of trade secrets is required, particularly because once a trade secret is made public, all ownership is lost." Computer Associates Intern. v. Altai, Inc., 918 S.W. 2d 453, 457 (Tex. 1994).

The general rule is that the employer should make sure that its confidential information is accessible only to those with a "need to know" it. For a list of practical considerations to protect trade secrets see Appendix 4. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Cheers, Curtis.

Hmmm. Before I spill the beans any more, maybe I just ought to talk with the IBM legal department.

Regards,

jimmo

I would definately encourage you to do so. The case examples related to dilegence in protecting and securing ones trade secrets explicitly used the scenario of access parameters and industrial espionage. Given that you had access to pretty much anything you wanted (if I'm reading you right) then it can be assumed that this may have very well been common place. If this is the case then it can also be assumed that any level of employee had access as well regardless of the projects they were assigned and level of authority they had. In this case I would tend to strongly suggest, by action/omittion of action, that those at SCO did not concern themselves with the proper steps to "protect" their property.

In this event if SCO hired a contractor/subcontractor and allowed then carte blanche access to the code/property it is therefore assume that if this person divulged or used this information to another party outside of SCO it may have been a violation of an NDA but also negated SCO rights of protect to the property due to neglegent practices.

I mean lets be serious. If I set my TV on the front lawn by the sidewalk and then two days later see it gone, what do you think the courts would do to someone that took this? At most they'd probably tell the guy to give back the TV and that would be the end of it.... Certainly wouldn't prosecute him/her for larcony or any real intent to commit an offense or crime.

It reminds me of the Law proffessor that begins a lecture and at the beginning has the TA bring out a white horse. The professor is lecturing about the days subject and never acknowledges the white hores except briefly at the start by saying "ignore the horse". Then halfway through the lecture the Prof moves onto the topic of evidence and knowledge. In doing this he address the presence of the white horse saying that just becuase you tell a jury to disregard a statement or piece of evidence, you have already introduced a confounder to the case and it cannot be reasonably assume the the jury and others will be able to "forget" or "ignore" what was said or presented. In the case of securing IP and trade secrets the same premise applies. If it, in the course of exposure to assest, becomes knowledgable that something exists, it is encumbant upon the owner to secure this from those that may potentially utilize such knowledge. In failure to do so there is no reasonable expectation that once this becomes knowledge that the owner can control the use of that knowledge unless extordinary measures were taken to obtain it in the first place. In otherwords, if you don't do much to lock it down and make sure that only those with the "need to know" can acquire this info then it is assumed that it is commonly accessible and therefore deemed common knowledge.

Cheers, Curtis.