Bloggers, trade secrets, and shield laws: How Apple shot itself in the foot

There’s an excellent article at MacDevcenter on Apple’s recent defeat in the Appeal Court in California in the so-called “Apple vs. the Bloggers case. It’s a very good, clear discussion of some of the aspects of the case, and well worth reading.

As a bonus, it includes a link to the decision itself, which runs to some 69 pages in PDF form. I’ve been reading it, and there’s a few interesting things in there that appear to have been missed by most commentators – including one which leads me to think that Apple simply shot itself in the foot, and ought to hire better lawyers.

The offending passage comes in a footnote, referring to the “Trade Secret” protection laws and Apple’s claim there under:

“Section 499c [the Trade Secret law] criminalizes the misappropriation or attempted misappropriation of trade secrets under specified circumstances. Although Apple alluded to this statute in its memorandum below, and does so again before us, it has never demonstrated that the facts here could establish a criminal theft of trade secrets. That offense requires proof of, among other things, ‘intent to deprive or withhold the control of [the] trade secret from its owner, or . . . to appropriate [the] trade secret to [the defendant’s] own use or to the use of another . . . .’ (§ 499c, subd. (b).) Since Apple has never argued the point, no occasion is presented to consider whether the inferred circumstances of the disclosure here could be found to constitute a crime. For present purposes we are concerned only with an allegedly tortious disclosure of a trade secret presumably by an Apple employee.”

In other words, Apple never argued before the court that the sites had violated the law on Trade Secrets, making it a criminal offence. Instead, it argued that
it required information from the sites in order to persue civil litigation against its own employees.

Why does this matter? Because it means that the petitioners – the sites – are not themselves defendents, which in turn makes their case for protection via both shield law and general “reporter’s priviledge” much stronger. As the judge puts it:

“If they were defendants, an analogy might be drawn between the requirement of a knowing and reckless falsehood in libel, and the various mental states that may be elements of a claim for violation of the trade secret laws. (See Civ. Code, § 3426.1, subd. (b).) But so long as petitioners are not parties, the validity of such a comparison is academic.”

Of course, the argument could be made that Apple is seeking to gain documents in order to show that the sites are party to the case – and it’s an argument that Apple makes. Unfortunately, the judge blows it out of the water:

“Apple argues that ‘. . . Petitioners may, in fact, be one or more of the Doe Defendants named in the complaint.’ This assertion is worse than speculative; it contradicts Apple’s own allegations that the Doe defendants are persons unknown to Apple. Petitioner O’Grady, at least, is not unknown to Apple, and was not unknown when the complaint was filed. Moreover Apple has repeatedly accused petitioners, if somewhat obliquely, of misappropriating trade secrets…Apple cannot have it both ways. If it is unprepared to charge petitioners with liability for trade secret misappropriation, it cannot count in its favor their status vis à vis the litigation, however culpable it may claim them to be.”

This is essentially legalese for “you goofed”. Apple knew that O’Grady et al had published what it claimed were its trade secrets – so why didn’t it join them specifically to the litigation, instead of refering to “John Does”? As the judgement puts it:

“If the plaintiff elects not to join a journalist as a defendant, it will hardly lie in the plaintiff’s mouth to insist that the journalist should be viewed and treated as if he had been joined. A plaintiff cannot decline to exercise the power to bring a person into the action, and then ask to be granted the fruits that would flow from an exercise of that power.”

And there’s more:

“Further, the discovery process is intended as a device to facilitate adjudication, not as an end in itself. To accept Apple’s position on the present point would empower betrayed employers to clothe themselves with the subpoena power merely by suing fictitious defendants, and then to use that power solely to identify treacherous employees for purposes of discipline, all without any intent of pursuing the underlying case to judgment… Our sympathy for employers in such a position cannot blind us to the gross impropriety of using the courts and their powers of compulsory process as a tool and adjunct of an employer’s personnel department.”

Ouch. In other words, Apple shot itself in the foot from the moment it failed to join O’Grady et al to the litigation from the start. By failing to do so, it undermined its own arguments and strengthened the case against it.

This wasn’t though, the only place where Apple was negligent. The company clearly failed to demonstrate to the court that it had exhausted alternative sources for finding the people that, according to its case, it was attempting to find: the employee(s) who leaked its information.

To recap on an important point of law, when attempting to force journalists to reveal a confidential source, the plaintiff must exhaust all other methods of finding the “leaker”. So what did Apple do? It questioned the employees who had access to the leaked information, and checked their work email records. However, that’s it: according to its court filings, which is all the court can go on, that’s all it did. There was no forensic examination of work PCs, no examination of log files other than email, no examination of network traffic. As the court puts it:

“For example, would server or workstation logs show that an employee had copied the file to a CD-ROM? Transferred it to a flash memory device? Printed a copy? Printed it to an image file and transferred that? Uploaded it to an off-site host using any of various file transfer protocols? Attached it to an email sent through a web-based mail server rather than through Apple’s own servers? Transferred it directly to a laptop or other portable computer? Without answers to these questions it is impossible to say that Apple “exhausted” other means of identifying the source of the leak. Yet Apple’s showing was entirely silent on these points even though petitioners asserted in the trial court that Apple had not ‘fully exploited internal computer forensics.’ Indeed, as we have noted, Apple did not even plainly describe in what form and by what means the file was originally distributed.”

In other words, again, “you goofed”. Apple may or may not have done all these things: however, by not filing accurate statements saying exactly this to the court, it left the court no option but to conclude it hadn’t exhausted all efforts – undermining its own case.

Even worse, it appears that verbal statements by Apple’s lawyers to the court undermined its case further. As the court states:

“In oral argument Apple exposed another weakness in its showing when counsel suggested that the Asteroid information might have been acquired through ‘electronic espionage’ by someone other than an employee. If this means that someone might have ‘hacked’ Apple’s network from outside, then Apple was required under Mitchell to demonstrate that it had investigated that possibility to the extent practicable. This it failed entirely to do.”

This isn’t just a “you goofed”, it’s a “you’re incompetant”.

Note that none of these arguments hinge on the status of the information as trade secrets, which is something that other commentators – notably John C Welch – have looked at. Personally, I think that the court makes a compelling case that Trade Secrets law, as formulated, does not protect marketing plans for products which contain no innovation. But even if it does, Apple’s case fails simply because it failed to do the correct legal homework. And for that, someone ought to get fired.