Tuesday, October 27, 2009

New Podcasts Available in Series on Common Legal Mistakes by International Companies

by John L. Watkins

Parts 3 and 4 of our podcast series on How International Companies Can Avoid Key Legal Mistakes in Doing Business in the U.S. are now available. In Part 3, we discuss why U.S. contracts are so long (in general, the freedom of contract generally favored in the U.S. includes with it the responsibility to consider and negotiate provisions carefully, and the failure to do so can create risks). We also discuss important legal provisions in contracts, including getting paid and delivery terms.

In Part 4, we continue the discussion of important legal terms that are frequently overlooked or misunderstood, including warranties, indemnities, termination provisions, and dispute resolution provisions.

The podcasts are available on iTunes (search "ctflegal" and download or subscribe), the firm's website, http://www.ctflegal.com/, or the firm's podcast page, http://www.ctflegal.blip.tv/.

We hope you will enjoy these and our other podcasts. Each podcast is actually a video podcast with slides that accompany the audio presentation.

Sunday, October 25, 2009

Trade Secret Prosecution Begins Under Federal Statute

By John L. Watkins

The protection of trade secrets through litigation has generally been limited to civil lawsuits, typically filed under state law statutory or common law provisions. This is true even though federal and state statutes have provided criminal penalties for trade secret misappropriation. The conventional wisdom was that prosecutors preferred pursuing more traditional crimes, perhaps lacked the resources to pursue trade secret violations, and preferred to leave enforcement to the aggrieved party's civil attorneys.

This approach and attitude may be changing. Last week, prosecutors in California began a trial against two individuals. The charges allege violation of the Economic Espionage Act, a federal statute adopted in 1996. According to press reports, the case involves the first jury trial in a case brought under the Act.

The Economic Espionage Act, 18 U.S.C. Section 1831, et seq. resembles many state trade secret statutes and provides broad criminal penalties for trade secret violations. Another federal statute that provides criminal and civil remedies, the Computer Fraud and Abuse Act, 18 U.S.C. Section 1030, et seq., may also come into play in trade secret cases. State statutes may also provide criminal remedies.

The increasing involvement of government authorities in enforcing remedies involving trade secrets certainly signals a new level of risk for those who may be considering taking or copying trade secrets. Many trade secret cases are brought against former employees who have left a company to join a competitor or to start a new business. The short answer for persons leaving a company is to be very careful and to have a very clear understanding with the employer about what can and cannot be taken.

I doubt, however, that the primary enforcement activity will shift from a company's civil litigation attorneys. Quite simply, the issue is one of control. In civil litigation, a company can decide whether to enforce its trade secret rights through litigation, the legal theories to be advanced, and can have a direct role in any resolution.

Friday, October 16, 2009

Update on Sidekick Incident

by John L. Watkins

Earlier this week, I discussed the incident regarding the apparent loss of data for users of the Sidekick phone sold by T-Mobile. Microsoft is now reporting on the T-Mobile website (10/15/09, 1:00 a.m. P.D.T.) that it believes it has recovered most, if not all, of the data.

Although this is good news, it appears that the incident has created considerable negative publicity for cloud computing generally. According to published reports, Microsoft is trying to limit the fallout from the incident, and has stated that the problem arose from technology used by its Danger Inc. subsidiary, which it describes as separate from Microsoft's other and core cloud based technologies.

It is heartening to know that considerable resources have been devoted to retrieving Sidekick users' data. At the same time, as reported in the original post, it appears that cloud providers still often contractually disclaim liability for loss of data.

It has been reported that at least two lawsuits have already been filed over the incident. It will be interesting to follow whether the lawsuits will be pursued if all or most of the data is in fact retrieved. I have not been able to determine whether the Sidekick terms and conditions disclaim liability. If they do, it will be interesting to see whether the limitations are enforced. Also, since the customer's relationship is presumably with T-Mobile and not Danger Inc., it will be interesting to see if any limitations will apply to Danger Inc.

Tuesday, October 13, 2009

Sidekick Episode Provides Real World Example of Cloud Computing Risks

by John L. Watkins


In a prior post, I wrote regarding both the promise of cloud computing, or software as a service, and the very real potential legal issues and conundrums faced by businesses considering moving some or all of their IT services and data to the "cloud." Perhaps the most fundamental issue is responsibility, or, more importantly, lack thereof, for lost data.

Recently, users of the Sidekick phone manufactured by Microsoft's subsidiary Danger experienced a loss of data first hand. According to published reports, contacts and photos stored on the phones were lost due to a server failure. One report indicated that the data was most likely permanently lost. However, as of this writing, T-Mobile, the distributor of the phone, stated on its website that "recent efforts indicate the prospects of recovering some lost content may now be possible." (Updated 10/12/09, 5:15 p.m. P.D.T.) The final outcome remains to be seen.

It is beyond question that many Sidekick users have been, at the least, severely inconvenienced by this event. The event puts in a very real context the possible loss of data by businesses considering using cloud based services. Consider the possible consequences of a catastrophic loss of data a doctor's office, an insurance agency, a law firm, or basically any other business.

As things presently exist, it appears that users of cloud based services may have little in the way of legal remedies. A very quick review of the terms and conditions for two of the best known cloud providers illustrate the issue. The Google Apps Premier Edition Agreement, paragraphs 14.1 and 14.2, disclaims liability for incidental and consequential damages and limits total liability to the amount paid by the customer to Google for services in the preceding twelve (12) months. The Agreement mandates California law and sets the exclusive venue for any dispute to be the courts in Santa Clara, CA. (Paragraph 15.10).

The Master Subscription Agreement for Salesforce.com, which is said to govern the free trial and any subsequent subscription, similarly limits liability, for any single incident, to the lesser of $500,000 or the amounts paid by the customer in the preceding twelve (12) months. (Paragraph 11.1). The Agreement also excludes incidental and consequential damages (Paragraph 11.2). The exclusive venue for litigation (for North American customers) is San Francisco, CA.

I have not researched the enforceability of these limitations under California law, but it is a pretty safe bet that the attorneys who drafted the terms and conditions have done so. Assuming the provisions are enforceable, it means, in common parlance, that a customer experiencing a service interruption or loss of data is out of luck. One prominent commentator, John C. Dvorak, has written that the Sidekick incident may "blow up the cloud," and that the end user license agreements limiting responsibility are the reason.

For a business considering cloud based computing, the Sidekick incident should provide fair warning. Technology is not perfect. Data loss does happen, and there may be no effective remedy. To be fair, this could also happen using a conventional network, and there may be no remedy in that instance as well. However, a business that backs up its data with a simple tape drive system has a pretty reasonable chance of recovering it in the event of a server failure. Any business considering a cloud based approach should, at the very least, have the provider's terms and conditions reviewed so that it can assess the risk it is assuming.

The lawyers who drafted these terms and conditions cannot be faulted: They are doing what lawyers are supposed to do. Sellers often limit liability, and with good reason. However, if machinery, as an example, breaks down, it can be repaired or replaced. The irretrievable loss of data is, at least from a real world perspective, different (the "legalities" may well be the same). Further, the failure of cloud providers to take legal responsibility may limit the widespread adoption of cloud based technology.

Please do not understand this as a blanket rejection of cloud based computing. I love Google's applications (after all, this is being written on Blogger) and have been very impressed by a demonstration of Salesforce. I also am a loyal (perhaps to a fault), T-Mobile customer (BlackBerry, not Sidekick!). Whether I would store critical data or confidential client information in the cloud, however, is another story, at least at this point in time.

I'm just an old lawyer from Atlanta, but it seems to me that if one of these companies were willing to accept some liability for data loss (such as, for example, a guarantee to restore data in a certain period of time or face some real liability), it would eliminate one of the key objections to cloud based technology. If the risk of data loss is truly minuscule, notwithstanding the Sidekick incident, this should be a risk that could be spread over a large user base for an incremental additional cost. It is even possible that an enterprising insurer is developing a product that could serve as a backstop. My guess is there is some money to be made here at a number of levels. Maybe that vendor is out there somewhere in the cloud.

Saturday, October 10, 2009

Why Judge's New Procedure on Confidentiality May Result in Increased Arbitration and Mediation

By John L. Watkins

The Hon. J. Owen Forrester, Senior Judge of the United States District Court for the Northern District of Georgia, recently announced a new case management procedure that will limit the parties from consenting to blanket protective orders to protect the confidentiality of documents in civil cases. Such orders typically permit the parties to designate documents as "confidential" or "attorney's eyes only" without the necessity of court review or intervention. These orders are fairly common in complex business cases. Judge Forrester's procedure requires that he review a document before it is designated confidential.

Judge Forrester explained the adoption of the procedure to be based on his view that the courts should generally be open to the public. It remains to be seen whether other judges in the Northern District of Georgia or other courts will adopt Judge Forrester's procedure. However, Judge Forrester is very respected, so it would not be surprising to see his view gain favor with other judges.

If Judge Forrester's procedure becomes more widespread, there may be some interesting consequences. This past week, I participated in an interesting panel discussion on arbitration before the Atlanta Bar Association's Alternative Dispute Resolution Section. Another panelist suggested that Judge Forrester's procedure might lead to an increased use of arbitration because arbitration procedures are typically confidential. In addition, because arbitration is a creature of contract, it would seem likely that any agreement by the parties on discovery and confidentiality would be followed by the arbitrators.

Another possibility is that the procedure will foster an even greater use of mediation, or will perhaps result in mediation being used earlier in the process. Mediation is by its nature an extremely confidential process. I have previously written about why this characteristic makes mediation particularly useful in cases involving intellectual property, including trade secrets.

As for litigation, Judge Forrester's procedure will definitely require the parties to take a more detailed and focused look at confidential information that is the subject of discovery. In some cases -- those where there really is very little confidential at issue -- Judge Forrester's procedure might streamline things because the parties will simply produce the information. On the other hand, in cases where confidentiality is truly in issue, the very careful and selective review and analysis required, along with possible resulting motions practice, may slow things down and will probably result in increased expense.

The only sure thing is that Judge Forrester's procedure will require parties and their counsel to think carefully through their options before filing suit or in conducting discovery.