|
 |
The Legal Line
By Ed Maldonado |
Dear Legal Line:
I am the owner of a company that provides tech and software support
for prepaid platforms. I have been hired by a client to build a
full platform website to allow them to become an online prepaid
service bureau. Part of the services that they contracted includes
my company custom designing the programming software application
to be used with their VoIP network. This includes all the billing
applications, real-time applications, web interfaces, reporting
management and the like. These applications are being programmed
entirely by myself and our company programmers, under the terms
of a written contract we have with the client.
The contract includes prohibitions on our programmers disclosing
any information about the client, its platform or the operation
of the system. Likewise, we have clauses to protect our proprietary
work in the software and warranties for our work with the client.
As the contract is written, I really have no problem. The problem
that I do have is with several employees and an ex-employee of the
client.
Part of my work with this project is to serve as the system administrator
for the client until the project is completed. I had several e-mails
from my client’s employees working on the project bounce back
to an ex-employee of the client that resigned. This ex-employee
worked on the project for several months, but was never able to
get the project going. He resigned a year ago and now has his own
consulting company doing the exact same type of work as I do. To
my knowledge, he has had no relationship whatsoever with my client
after he left his employment.
I read the emails thinking that they were old business issues so
I could re-direct them to people within my client’s staff.
The problem was that the substance of the emails concerned how I
was developing the network, how I was resolving application problems
and, how I improved the previous model that he had proposed. There
was also talk about how they (the employees) were slowing the process
down in order to set me up to fail. There were also several attachments
on network design. Designs that were made by myself for the client
and that should be proprietary to my company. I later found out
through the grapevine that this ex-employee has been talking to
his old friends in the company criticizing my company, our work,
and stating how he could do it better if the contract was transferred
to him. While this is still could just be a rumor, it all seems
credible.
The problem is that some of my client’s staff have now become
highly critical of how the work was being done and are trying to
micromanage the project. I realize that I need to do something now,
and do it fast. I am afraid of possible liability I may have because
I read the emails of the client’s employees. There really
is no policy between my client and me on that topic. I am also afraid
that this ex-employee will undermine my contract and more importantly,
the Intellectual Property protection rights I have in the software
solutions I am developing.
I know I need an attorney, but I don’t have the time or funds
for a protracted lawsuit with my client. My client is a large company
with deep pockets and will likely put up a heavy fight if I sue
them. Besides the contract between us has been working out well
aside from these issues. What kinds of things could be done before
actually suing my client for beaching this contract?
Victim of IP (Intellectual Property) Theft
Dear VoIPT:
There is a lot that could be done before reaching the point where
you sue under the contract. In fact, taking certain alternative
steps before actually launching a lawsuit may better prepare possible
evidence and/or claims against the real culprit here - the ex-employee
and his cohorts. The first of all of these steps is alerting your
client to the fact that persons within their employ, in conjunction
with an ex-employee, have the potential of being involved in this
breach of covenants regarding your proprietary works. You also need
to alert them that this activity may endanger the progress of the
project for which you have been contracted and the applicable timelines
and agreed upon goals.
For purposes of documenting yourself well, notice of this should
be in writing and delivered personally to an officer of your client’s
company that has authority to move on this, and more importantly,
that you trust. This notice should also ask them to assist you in
investigating this matter. Should you find your client’s management
open to assisting you in investigating all of this, there are a
wide array of options available. If they do not, you need local
counsel immediately because a lawsuit or similar legal action may
be the only way to hash this out.
Let’s just suppose that they agree to assist you. The question
really is where do you begin. From what you stated in your e-mail,
it is clear that you have a select number of persons communicating
about, and passing copies of, your proprietary work. You know this
because you read their e-mails as they bounced back within the network
that you are paid by your client to administer. While I understand
your concerns about violating the Computer Privacy Act because you
read the content of their e-mails, I do not see your actions truly
running afoul of the Act.
This is for two reasons. The first is that you were acting as an
agent of your client in administering the network. In the end, it
is your client’s network, and your duty is to them, not its
employees. You discovered these e-mails in the course of regular
business activity, in this case monitoring the network to re-direct
lost or missed e-mails, not from randomly reading legitimately sent
and received e-mails. Your activity was authorized, and, apparently
in the course of performing your duties under contract with the
client. The second reason that I do not see this discovery running
afoul of the Act is the reasonable expectation of privacy of the
employees. There is a substantial amount of case law that supports
that e-mails of a non-business nature sent via business e-mails
(and networks) do not give rise to a clear expectation of privacy.
These e-mails are intended to be used for legitimate business purposes.
This is why it is so important to have your client’s assistance.
They are really the ones with the vested legal position that their
employees have no expectation of privacy.
In any investigation of this matter, I believe it best that you
work side-by-side with your client and insist on this. You will
also need to review the work you and your company have done on the
project and clearly identify what is your proprietary information
or work on the project. Documentation, on your side, as to resolving
application problems, programming, patches and other items that
were done on behalf of the client that are proprietary will need
to be formally presented to the client in order to investigate.
The key here is to give your client the substance of what you believe
is rightfully yours in order to prevent a breach on their side.
The names of the client’s employees who are passing the information
via e-mail is also a critical element here. The gist of all of this
is to place all reasonable elements of investigating and resolving
this in the hands of the management of the client. The burden then
shifts to them to investigate in accordance with whatever employee
policies or contracts they may have outstanding. This includes employee
confidentiality covenants or policies in effect.
Another issue to check with the client is if there was any non-compete
or similar agreement signed by the ex-employee at the heart of this
matter when he resigned. These types of agreements are often kept
confidential, but this entirely depends on the terms of the agreement.
If it is made available to you, or your attorney, it may be helpful
in going after the culprit here. Specific terms in such an agreement
prohibiting this type of activity may push your client to send a
notice of potential breach of that contract to the ex-employee.
This could curtail any further efforts on his part.
In the end, your goals in this process are simple: don’t lose
your Intellectual Property rights to works done thus far, keep the
business relationship intact as much as possible, and retain as
much documentation as possible. Retaining local counsel may be a
good idea in any event. People tend to act more attentively when
attorney become involved in pre-litigation investigations. An attorney
would also be able to fit any evidence gathered into proper place
for discovery from the moment it is found. I guess the real question
remaining is how your client will respond to all of this. It may
be positive or negative depending on what is really happening.
Should you be able to identify a clear link between the ex-employee
and his cohorts, I think it best that you discuss with your attorney
the prospects for a preliminary injunction in combination with any
lawsuit you may have. It could prevent further distribution or use
of your proprietary works. A demand letter directed to the ex-employee
giving notice to cease and desist may also be in order. It would
give formal notice that you are on to his efforts to violate your
IP rights and shake his efforts up. These are point to definitely
bring to your attorney’s attention. Good luck on this matter.
Dear Legal Line:
This is just a friendly professional inquiry. I am also an attorney,
actually a solo practitioner, and I represent mostly small upstart
VoIP service providers. I have several incidents where my clients
were hacked at their gateways and were left with the bills for tens
of thousands of dollars. We have identified the hacking company
through our own investigation and are now advancing on claims on
the basis of civil theft, intentional interference with a business
relationship and unjust enrichment. Are there any other claims that
you are aware of that might be useful in such instances? I would
like to pack the claims as completely as possible. Your input is
welcomed.
Fellow Counsel
Dear Fellow Counsel:
Thank you for your inquiry and I hope this helps. I am not sure
if your claims are federal or state, however, at the federal level
there is a statue with remedy in both civil and criminal courts
depending on how you wish to proceed. This is under United States
Code Tile 17 (the precise cite is 17 USC 1030 (a) (4)) and it covers
unauthorized access into a private or public parties protected network
for fraudulent purposes or for access causing damage to the owner
of the network. Since VoIP networks function like most other private
protected networks, there may be room for applying the statue in
federal cases. I suggest you research it for your jurisdiction before
advancing it, as there is a substantial amount of case law that
has developed over the past three years in several jurisdictions.
Most of this supports the claims of victims but there are some anomalous
rulings in a few jurisdictions that place some limits.
The long and short of the federal statute itself is simple. Should
an authorized party access a protected computer network causing
damage to the owner, the owner has recourse under civil or criminal
causes. Since the focus of your claims at this point seem to be
damages, you may wish to explore the civil side. The requisites
are: 1) Un-authorized access by a party to a protected network of
the victim; 2) Identification with certainty of the unauthorized
accessing party; 3) Damages being caused in excess of $5,000.00
USD because of the unauthorized access per incident or cumulative.
The scope of the statute also includes users going beyond their
authorized access. For example, a tech reprogramming a limited access
password to gain full access to a network and thereafter causing
damages. The civil cause portion of the statute allows you to bring
action on the unauthorized accessing party for damages in federal
district court where the hacker resides. It can eliminate some of
the jurisdiction chasing that can occur when the hacker in an out-of-state
offender. Causation and damages are the real key to success of these
types of claims. So if you have the proof, it will make a strong
claim to use to seek recovery.
The criminal side is based upon the same elements with the added
element of criminal or fraudulent intent. The Department of Treasury
is generally responsible for investigating such incidents and it
largely falls upon the Secret Service. Usually this involves reporting
the incident to local law enforcement and being referred up the
chain of law enforcement jurisdiction. I, however, believe that
an inquiry to the local Secret Service branch or FBI would not hurt
in order to get the ball rolling in an investigation. Thank you
for thinking of Legal Line.
 |
|
.gif)
