Trade Secrets
October 28, 2025
By Emily Poler
Remember the felonious financial and pharmaceutical mogul Martin “Pharma Bro” Shkreli? Back in 2015 he paid $2 million for the only copy of Once Upon a Time in Shaolin (the “Album”), a double CD by hip-hop collective Wu-Tang Clan. According to the Clan, their aim was to make a singular recording on the level of fine art (it also came in a fancy box) as a commentary on the devaluation of music in a digital world. Wu-Tang, to ensure the Album remained unique, required Shkreli to sign a restrictive purchase agreement preventing him or any subsequent buyer from copying or exploiting the album beyond certain permitted uses, such as a private listening party, for 88 years. What’s more, Shkreli (and any subsequent owner) could only resell the Album to a third-party under those same terms and conditions.
As we all know, things soon went downhill for the much-reviled Shkreli. In 2017, he was convicted on federal securities fraud charges and sentenced to seven years in prison and ordered to forfeit over $7 million in assets, including the Album. The forfeiture order also barred Shkreli from acting in any way that would harm the value of the forfeited assets.
Fast forward a few years to 2021, when PleasrDAO, a “Decentralized Autonomous Organization” of digital artists and NFT collectors who buy, fund and display culturally significant media for the purpose of creating “unique experiences,” purchased the Album for $4 million in crypto (naturally), later making a brief sample of it available to anyone who bought a $1 NFT it issued. (Each purchase reduces the time until the album can be revealed in its entirety by 88 seconds — the “unique experience” in this case).
Of course, Shkreli couldn’t just fade away into the background of the story. After his release from prison in 2022, Shkreli repeatedly proclaimed on social media (without any acknowledgment of the irony) that he had retained digital copies of the Album. He also hosted a “listening party” on Xwitter where almost 5,000 people listened to his broadcast of the album. Maybe he just forgot the rules? Oh, probably not.
Unsurprisingly, PleasrDAO was not happy with this. The organization filed a complaint against Shkreli alleging, among other things, violations of the Defend Trade Secrets Act (“DTSA”) and state trade secret law. Shkreli moved to dismiss these claims on grounds that PleasrDAO hadn’t alleged a “secret” sufficient to bring the album within the protection of trade secret law.
For those who may not be familiar with the DTSA and state trade secret law, they apply to a range of “financial, business, scientific, technical, economic, or engineering information….” Generally, this means things like customer lists, formulas, procedures, etc. To qualify for protection under these laws, the party possessing the information has to show that it has taken efforts to guard its secrecy and/or that it could not be easily duplicated by others.
Here’s where things get interesting. On September 25, 2025, the Court denied Shkreli’s motion to dismiss PleasrDAO’s trade secret claims, finding that, while ”the Album does not fit squarely within a category of business information or data that is traditionally protectable as trade secrets…,” at least at this stage of the litigation, the Plaintiff had adequately alleged that the Album could qualify as a trade secret. Why? Because the Court recognized the album was “subject to significant restrictions regarding its distribution” as Plaintiff took significant measures to protect its secrecy, and its value rests on the fact that it hadn’t been heard by the public at large. Here, the Court noted that the Album, unlike musical works that other courts previously found were NOT trade secrets, derived its value from the fact that it was intentionally “secret” as opposed to just unreleased.
This is an interesting decision and perhaps wholly unique given the weird facts of the case — an Album with only one copy, subject to an agreement prohibiting its duplication, and also worth a lot of money. My one big question, though, is whether the Album really qualifies as either “financial, business, scientific, technical, economic, or engineering information,” per the accepted definition of a trade secret. Just based on what trade secret law generally protects — financial data, prototypes, business plans — I’m not so sure. That said, plenty of courts have held that trade secret law protects all forms of business information, and while the Album doesn’t feel like business information to me, I can’t really come up with a good dividing line for what is or isn’t business information. This is particularly true given that the value of the Album is rooted in its being secret, and that PleasrDAO is literally in the business of providing “unique experiences,” which in this case is based on its method of slowly revealing that secret through its NFT offering.
In terms of wider implications, it’s conceivable that classifying this Album as a trade secret may open the possibility of a new category of trade secrets and encourage other creators and owners of art to try and protect their works under relevant law, especially as it pertains to digital art that is easily copyable but whose value is based on limiting access. The whole thing might, as in the title of one of the best-known Wu-Tang tracks, “Bring Da Ruckus” to our traditionally accepted definition of trade secrets.
September 24, 2024
Almost two years ago, I wrote about LinkedIn’s suit against hiQ Labs, Inc. In that case, LinkedIn sued hiQ Labs for scraping its users’ public profiles and selling the results as part of an employee training and retention tool. There, the Court found that hiQ Labs violated the social media company’s terms of service because, as it states very clearly in LinkedIn’s user agreement, “NO SCRAPING.” (I’m paraphrasing, loudly.)
We now have a second court decision ruling against scraping — but for a very different reason than in the hiQ action.
This time, the venue is the 11th Circuit Court of Appeals and it’s that court’s second decision in the case since the dispute began in 2016. In its first decision (back in 2020) the 11th Circuit wrote: “Warning: This gets pretty dense (and difficult) pretty quickly.” That’s true! But don’t be scared. I think we can summarize it all succinctly without getting lost.
The plaintiff is Compulife Software, Inc., whose products are a database and software that allows licensees (generally, insurance agents) to compare life insurance quotes. These agents/licensees can incorporate Compulife’s products into their websites, but the public can also access Compulife’s products on its own site, www.term4sale.com.
The defendants are a group of individuals who used bots to scrape Compulife’s publicly-accessible site and database and built their own, competing insurance quote site. This group (they never actually formed a business entity) obtained the source code for Compulife’s software under false pretenses. (One of the group’s members contacted Compulife, claiming that he worked for one of Compulife’s licensees, and asked for a copy of the source code. Compulife gave it to him.) The defendants’ used this code to engineer the scraping of Compulife’s website.
Based on this, Compulife accused the defendants of violating the federal Defend Trade Secrets Act, as well as the analogous Florida Uniform Trade Secrets Act. (There were also copyright infringement claims relating to defendants’ unauthorized use of Compulife’s software, but that’s for another day). To prevail on either claim, Compulife had to establish that (1) it had a trade secret, and (2) the defendants misappropriated Compulife’s trade secret.
Initially, the District Court held that Compulife didn’t have a protectable trade secret because its entire database could be accessed by the public. However, in its 2020 decision, the Appeals Court reversed this, concluding the database was indeed a trade secret because, among other things, Compulife “goes to great lengths to secure its database” and that even though the individual, publicly-available quotes on the Compulife site were not trade secrets, Compulife’s compilation of them could be.
On this latest appeal, the main issue was whether the defendants’ use of bots to scrape Compulife’s database was misappropriation. The 11th Circuit, in addition to reaffirming its original holding that Compulife’s database was a trade secret, concluded that defendants misappropriated that secret when they used bots to “commit a scraping attack that acquired millions of variable-dependent insurance quotes.” That quantity was a key factor: As the Court wrote, “even if individual quotes that are publicly available lack trade secret status, the whole compilation of them (which would be nearly impossible for a human to obtain through the website without scraping) can still be a trade secret,” and the defendants’ use of bots to do what a human could not manually accomplish represented improper means.
The Appeals Court, however, was careful not to condemn scraping as a whole, writing “[i]t is important to note that scraping and related technologies (like crawling) may be perfectly legitimate.” (Italics from the court’s opinion).
This seems pretty straightforward particularly given defendants’ acquisition of Compulife’s code under false pretenses. However, I’m curious to see future rulings that shed more light on when scraping is legitimate and, more importantly, what factors do courts look at to determine when scraping is ok and when it’s not? Is it the sheer volume of material taken? The impact on the plaintiff’s business? Something else?
When the 11th Circuit (or another court) enlightens us, I’m sure I’ll be back to write about it.
April 16, 2024
As you probably know, my practice focuses primarily on intellectual property law. Nonetheless, many of the cases I handle tend to cross over into other legal areas, and, for whatever reason, lately I’ve handled a bunch of matters related to restrictive covenants and trade secrets. It’s an area of law I’ve dealt with before, but this sudden uptick of cases at one time is definitely out of the ordinary. Maybe it is something in the water — or maybe it has to do with the Federal Trade Commission’s proposal to ban non-compete agreements, along with the New York State legislature passing a bill banning them (Governor Hochul vetoed it.) It’s hard to say. But it is an interesting, and, if you’re a business owner, important subject.
So let’s talk about restrictive covenants, trade secrets, how they relate to each other, and the enforceability of restrictive covenants because, based on my recent experience, there’s a good deal of misunderstanding — even among lawyers — about what restrictive covenants can and can’t do, what trade secrets actually are, and the enforceability of restrictive covenants.
A note about terminology: Media coverage of the FTC’s proposed ban or relevant state legislation focuses on “non-competes” — agreements where an employee agrees not to compete against his or her employer after leaving employment. In my view, non-competes are just one type of restrictive covenant — the umbrella term I’m using here. This term encompasses not just “non-competes,” but also agreements barring a former employee from soliciting his or her former employer’s customers, vendors, or employees.
Ok, let’s get down to business: Are restrictive covenants enforceable? The short (and very lawyerly) answer is: it depends. Under existing law, restrictive covenants are enforceable to the extent that they are necessary to protect the former employer’s legitimate interest(s), don’t impose an undue hardship on the employee, and aren’t harmful to the public.
These are key points. In New York (where I’m based), courts look at a couple of things (there are some variations between states) to determine if a restrictive covenant meets these criteria. For example, is the covenant for a reasonable time period and is it limited to a reasonable area? One that limits a former employee’s ability to work for companies that directly compete with the former employer for six months may well be reasonable. One that bars a former employee from working anywhere in the world for 50 years, though? Probably not.
In determining whether a restrictive covenant is reasonable, courts also look at whether it’s necessary to protect an employer’s interest. Usually this means that courts want to see that there are trade secrets, confidential information, and relationships an employee developed through his or her employment that need to be protected. In my experience, this is where we run into problems.
Have I seen people take their former employer’s trade secrets, or confidential or highly proprietary information, to their next job? Absolutely. But are there other cases where the information might not really be secret or proprietary? Yes, because there seem to be a lot of misconceptions about what really constitutes a trade secret or confidential information.
For starters, just because an employer calls something a trade secret or says something is confidential, doesn’t mean that a court is going to agree. In fact, courts understand these terms very differently from most people. I think that if you asked a group of reasonably well educated people whether an employer’s client list is a trade secret, most would probably say it is. However, unless it would be really hard or almost impossible to figure out the identity of the clients on that list, many courts will say that list is not not a trade secret. The same goes for a list of vendors.
In other words, in many circumstances, what people think are trade secrets aren’t actually trade secrets. In turn, this means that many restrictive covenants are less enforceable than many employers hope or believe.
However, there are a whole bunch of significant qualifications to this. Most importantly, just because a restrictive covenant may not be enforceable, or may be only partially enforceable, an employee doesn’t have the freedom to do whatever they want with their employer’s information. While someone is employed, they’re required to act in their employer’s best interests; they can’t, for example, influence a client to take its business elsewhere. Similarly, as a general rule, work product created during an employment relationship and on an employer’s equipment, belongs to the employer.
So while our governments and their agencies fight it out over changes to restrictive covenants, make sure you understand what any that apply to you or your company actually can enforce or prevent.
August 15, 2023
Earlier this summer, an attorney for the company once known as Twitter and now called X (more on the wisdom, or lack thereof, of this rebranding can be found here), sent a cease and desist letter to Meta (formerly known as Facebook). The letter accused Meta of engaging “in systematic, willful, and unlawful misappropriation of Twitter’s trade secrets and other intellectual property.” According to Twitter/X, Meta did this by hiring “dozens of former Twitter employees” that Meta knew “previously worked at Twitter; that these employees had and continue to have access to Twitter’s trade secrets and other highly confidential information; that these employees owe ongoing obligations to Twitter; and that many of these employees have improperly retained Twitter documents and electronic devices.” Twitter/X claimed that Meta relied on these former employees in developing Threads (a rival app to Twitter/X that Meta introduced in July).
Trade secrets can be an important source of value, but they generally get less attention than their more well-known intellectual property cousins — trademarks, copyrights, and patents. This probably has something to do with the fact that there wasn’t a federal trade secret law until Congress enacted the Defend Trade Secrets Act in 2016 and, in order to exist (or be the subject of litigation) trade secrets have to be, well, secret. Meaning that if a company thinks someone has stolen theirs, management may be leery of litigation that could provide details about the secrets in public court filings.
Does Elon Musk have a case against Meta? Maybe.
While there is no one definition of a trade secret, it is described in California’s version of the 1979 Uniform Trade Secrets Act as “information, including a formula, pattern, compilation, program, device, method, technique, or process” that provides economic value to its owner and is not generally known outside of the business. In this Twitter/X vs. Meta affair, the letter to Meta fails to specify anything about the nature of the supposed trade secrets or “other intellectual property” that the former Twitter employees had access to. And while Twitter’s lawyer asserts that Meta “deliberately” assigned the former Twitter employees to work on Threads, the letter doesn’t actually identify any such employees. As a result, it seems pretty unlikely that there’s much basis for Twitter/X’s claim. (In its response to Twitter’s letter, Meta states that no one on the Threads engineering team is a former Twitter employee.)
Twiter/X may also have a problem because, to qualify for protection, it has to have made “efforts that are reasonable under the circumstances to maintain its secrecy.” In the event of litigation, this would require it to show the time, effort, resources, and processes used to develop the secrets, as well as the value of the trade secrets and whether Twitter/X limited access to any secrets to those who need to know. This could be hard for Twitter/X if, numerous Twitter/X employees left the company with its trade secrets as the letter from Twitter/X’s lawyer indicates.
Moreover, if there are any trade secrets, Twitter/X needs to act quickly because, in determining the existence of a trade secret, courts may consider how vigilant it was in protecting its purported trade secrets. This means that if Twitter/X really believes its former employees are using its trade secrets to benefit Meta, it needs to quickly bring litigation (or arbitration) to enforce its rights. However, the fact that more than a month has passed since the letter to Meta from Twitter/X’s attorney without any legal action suggests that there’s not really a basis for a trade secret claim, and this is all just bluster from the world’s richest man.
Which no one would consider a secret at all.
May 15, 2019
Chances are you or your company use multiple software as a service or “SaaS” applications. They’re ubiquitous. This blog post was written using one — Google Docs. My firm uses one to keep its books and another to issue invoices.
One long running issue with these applications is what happens to the data in a SaaS platform.
Data, of course, is a hot commodity and most SaaS services want rights to as much of their customers’ data as possible. This allows them to use it to refine their offerings, repurpose it or, in some cases, monetize the data themselves.
In contrast, a SaaS user probably wants to retain as much control as possible over any data. There are many reasons for this. For example, to avoid privacy and compliance problems (especially in light of the GDPR, California’s Consumer Privacy Act, and similar laws that may be enacted in other states) and to protect the hard work and goodwill involved in gathering the data.
Thus, in negotiating SaaS contracts, one big sticking point is frequently who owns the data on a SaaS platform — the company who provided the data in the first place, or the SaaS vendor with the platform that analyzes, aggregates and/or alters it? While consumers might not have a lot of room for negotiation, where two companies are involved, there’s likely to be a lot of back and forth on this topic.
Generally speaking, these discussions are shaped by well-established principles governing the protection of trade secrets and, to a lesser extent, copyright law. The former focuses on what a database owner has done to protect its data from the outside world. The latter applies where the work to be protected is, to some degree, original. Because of this, copyright law is generally less important here because a database that is merely a collection of facts lacks the originality required for copyright protection.
The incorporation of data published on a public blockchain to any SaaS platform adds another wrinkle to any discussion about data ownership and protection. By way of background, a public blockchain is a blockchain network that is open to anyone. Bitcoin is one of the largest and best-known public blockchains. In contrast, as the name suggests, a private blockchain requires permission to publish information to it and, thus, limits who can publish and see information on the blockchain.
Obviously, publishing previously private information on a public blockchain changes the nature of the information when it makes the information public to the network. Probably the best example of this is cryptocurrency transactions. While it’s generally difficult to connect a transaction to a particular individual, the public blockchain for a cryptocurrency is a huge, publicly available collection of information that is open to anyone who wants to participate. This makes it difficult, if not impossible, to claim trade secret protection because publication of information on a public leger such as blockchain negates any claim that the information is secret.
Because of this there are limits to the degree to which anyone can claim ownership and — as a result — the right to control data on a public blockchain — there are still some issues that a user and SaaS vendor in this situation should discuss:
- Particularly in light of the GDPR, California’s Consumer Privacy Act and other similar laws, does the data contain any personally identifying information? If so, who is responsible under those laws for protecting it?
- What happens if there’s a data breach?
- Who owns the data that is altered/aggregated by the SaaS platform? How about the output from the SaaS platform?
- What can the SaaS vendor do (or not do) with the data it receives? Can the owner of the data license its use by the vendor?
