At first glance, trade secret law and the CFAA could not be more different. Trade secret law is based on state law, while the CFAA is a federal law. The policies behind trade secret law general follow a state’s desire to incentivize innovation and reduce unfair competition, while also respecting the rights of employee and the greater public to use public information.[1] By contrast the CFAA was originally passed to address the relatively new threat of computer hacking of government and financial institutions.[2] Yet over the past several decades, as computers have emerged as ubiquitous tools used by nearly every business in the country, and with a series of amendments to the CFAA, the paths of trade secret law and the CFAA have converged.

The vast majority of states define trade secrets and trade secret misappropriation according to the framework set forth in the Uniform Trade Secret Act (“UTSA”).[3] For a piece of information to qualify as a trade secret under the UTSA the information must derive actual or potential “independent economic value” from the fact that it is secret, and reasonable efforts under the circumstances have been made “to maintain its secrecy.”[4] While trade secret misappropriation actions can involve defendants that are accused of corporate espionage or other bad acts, the vast majority of trade secret misappropriation involves departing employees who take information from their former employer when they start a new job with a competitor.[5]

Both the secrecy requirement and the reasonable efforts to maintain secrecy requirement of the UTSA serve an important policy function.[6] Namely, these restrictions significantly limit the types of information that falls under the statute.[7] As Stanford Professor Mark Lemley put it, “Secrecy is critical to ensuring that trade secret law does not interfere with robust competition or with the dissemination of new ideas.”[8]

By contrast, the CFAA imparts no secrecy requirement on the types of information that fall within its purview. In doing so the CFAA creates an opportunity for litigators to protect previously un-protectable non-trade secret information, and effectively bypass the policy concerns that led policy makers to exclude such information from coverage under the UTSA.[9]  Additionally, as a federal statute, the CFAA provides a previously unavailable means to assert any related state trade secret claims in federal court, via supplemental jurisdiction.[10]

This opportunity was not available to litigators, however, until the 1990s, when Congress passed two amendments that dramatically altered the scope of the statute’s applicability and utility.[11] In 1994 Congress added a private civil right of action designed to provide an opportunity for private parties to offset any damages incurred as a result of a violation of the statute.[12] In 1996 Congress enlarged the scope of the statute to apply to any computer used in interstate commerce. Today, as a result of this amendment, the CFAA is applicable to any computer connected to the Internet.[13] These amendments taken together expanded a statute previously limited to criminal computer hacking, to include a private cause of action applicable to any computer user in the United States.

---

[1] Mark A. Lemley, The Surprising Virtues of Treating Trade Secrets As Ip Rights, 61 Stan. L. Rev. 311 (2008).

[2]H.R. Rep. No. 894, H.R. REP. 98-894, 12, 1984 U.S.C.C.A.N. 3689.

[3] The National Conference of Commissioners on Uniform State Laws commissioned and recommended the adoption of UTSA by all states in 1979. Today 47 States and the District of Columbia have adopted versions of the Act. Due to the overwhelming adoption of the UTSA this paper engages trade secret related concepts exclusively from the framework established by the UTSA. Other sources of trade secret definitions are found in the Restatement of Torts section 757and Restatement of Unfair Competition. 1-1 Milgrim on Trade Secrets § 1.01.

[4] U.T.S.A. § 1.4.

[5] See Bimbo Bakeries USA, Inc. v. Botticella, 613 F.3d 102 (3rd Cir. 2010); Morlife, Inc. v. Perry, 56 Cal. App. 4th 1514 (1997).

[6]Kyle W. Brenton, Trade Secret Law and the Computer Fraud and Abuse Act: Two Problems and Two Solutions, U. Ill. J.L. Tech. & Pol’y, Fall 2009, at 429, 449 (citing James Pooley, Trade Secrets § 1.02[6] (1998).

[7]Id.

[8] Mark A. Lemley, The Surprising Virtues of Treating Trade Secrets As Ip Rights, 61 Stan. L. Rev. 311, 343 (2008).

[9]18 U.S.C.A. § 1030.

[10] 28 U.S.C. § 1367.

[11] Since its passage in 1986, Congress has amended the CFAA six times: 1989, 1994, 1996, 2001, 2002, and 2008.

[12] Graham M. Liccardi, The Computer Fraud and Abuse Act: A Vehicle for Litigating Trade Secrets in Federal Court, 8 J. Marshall Rev. Intell. Prop. L. 155, 160 (2008).

[13]Id.; 18 U.S.C. § 1030(e)(2): “the term “protected computer” means a computer . . . (B) which is used in or affecting interstate or foreign commerce or communication, including a computer located outside the United States that is used in a manner that affects interstate or foreign commerce or communication of the United States.”