The Legal Line
Dear Legal Line:
I am the owner of a company that provides tech and software support for prepaid platforms. I have been hired by a client to build a full platform website to allow them to become an online prepaid service bureau. Part of the services that they contracted includes my company custom designing the programming software application to be used with their VoIP network. This includes all the billing applications, real-time applications, web interfaces, reporting management and the like. These applications are being programmed entirely by myself and our company programmers, under the terms of a written contract we have with the client.
The contract includes prohibitions on our programmers disclosing any information about the client, its platform or the operation of the system. Likewise, we have clauses to protect our proprietary work in the software and warranties for our work with the client. As the contract is written, I really have no problem. The problem that I do have is with several employees and an ex-employee of the client.
Part of my work with this project is to serve as the system administrator for the client until the project is completed. I had several e-mails from my client’s employees working on the project bounce back to an ex-employee of the client that resigned. This ex-employee worked on the project for several months, but was never able to get the project going. He resigned a year ago and now has his own consulting company doing the exact same type of work as I do. To my knowledge, he has had no relationship whatsoever with my client after he left his employment.
Continue reading this article
Please enter your email address:
I read the emails thinking that they were old business issues so I could re-direct them to people within my client’s staff. The problem was that the substance of the emails concerned how I was developing the network, how I was resolving application problems and, how I improved the previous model that he had proposed. There was also talk about how they (the employees) were slowing the process down in order to set me up to fail. There were also several attachments on network design. Designs that were made by myself for the client and that should be proprietary to my company. I later found out through the grapevine that this ex-employee has been talking to his old friends in the company criticizing my company, our work, and stating how he could do it better if the contract was transferred to him. While this is still could just be a rumor, it all seems credible.
The problem is that some of my client’s staff have now become highly critical of how the work was being done and are trying to micromanage the project. I realize that I need to do something now, and do it fast. I am afraid of possible liability I may have because I read the emails of the client’s employees. There really is no policy between my client and me on that topic. I am also afraid that this ex-employee will undermine my contract and more importantly, the Intellectual Property protection rights I have in the software solutions I am developing.
I know I need an attorney, but I don’t have the time or funds for a protracted lawsuit with my client. My client is a large company with deep pockets and will likely put up a heavy fight if I sue them. Besides the contract between us has been working out well aside from these issues. What kinds of things could be done before actually suing my client for beaching this contract?
Victim of IP (Intellectual Property) Theft
There is a lot that could be done before reaching the point where you sue under the contract. In fact, taking certain alternative steps before actually launching a lawsuit may better prepare possible evidence and/or claims against the real culprit here - the ex-employee and his cohorts. The first of all of these steps is alerting your client to the fact that persons within their employ, in conjunction with an ex-employee, have the potential of being involved in this breach of covenants regarding your proprietary works. You also need to alert them that this activity may endanger the progress of the project for which you have been contracted and the applicable timelines and agreed upon goals.
For purposes of documenting yourself well, notice of this should be in writing and delivered personally to an officer of your client’s company that has authority to move on this, and more importantly, that you trust. This notice should also ask them to assist you in investigating this matter. Should you find your client’s management open to assisting you in investigating all of this, there are a wide array of options available. If they do not, you need local counsel immediately because a lawsuit or similar legal action may be the only way to hash this out.
Let’s just suppose that they agree to assist you. The question really is where do you begin. From what you stated in your e-mail, it is clear that you have a select number of persons communicating about, and passing copies of, your proprietary work. You know this because you read their e-mails as they bounced back within the network that you are paid by your client to administer. While I understand your concerns about violating the Computer Privacy Act because you read the content of their e-mails, I do not see your actions truly running afoul of the Act.
This is for two reasons. The first is that you were acting as an agent of your client in administering the network. In the end, it is your client’s network, and your duty is to them, not its employees. You discovered these e-mails in the course of regular business activity, in this case monitoring the network to re-direct lost or missed e-mails, not from randomly reading legitimately sent and received e-mails. Your activity was authorized, and, apparently in the course of performing your duties under contract with the client. The second reason that I do not see this discovery running afoul of the Act is the reasonable expectation of privacy of the employees. There is a substantial amount of case law that supports that e-mails of a non-business nature sent via business e-mails (and networks) do not give rise to a clear expectation of privacy. These e-mails are intended to be used for legitimate business purposes. This is why it is so important to have your client’s assistance. They are really the ones with the vested legal position that their employees have no expectation of privacy.
In any investigation of this matter, I believe it best that you work side-by-side with your client and insist on this. You will also need to review the work you and your company have done on the project and clearly identify what is your proprietary information or work on the project. Documentation, on your side, as to resolving application problems, programming, patches and other items that were done on behalf of the client that are proprietary will need to be formally presented to the client in order to investigate. The key here is to give your client the substance of what you believe is rightfully yours in order to prevent a breach on their side. The names of the client’s employees who are passing the information via e-mail is also a critical element here. The gist of all of this is to place all reasonable elements of investigating and resolving this in the hands of the management of the client. The burden then shifts to them to investigate in accordance with whatever employee policies or contracts they may have outstanding. This includes employee confidentiality covenants or policies in effect.
Another issue to check with the client is if there was any non-compete or similar agreement signed by the ex-employee at the heart of this matter when he resigned. These types of agreements are often kept confidential, but this entirely depends on the terms of the agreement. If it is made available to you, or your attorney, it may be helpful in going after the culprit here. Specific terms in such an agreement prohibiting this type of activity may push your client to send a notice of potential breach of that contract to the ex-employee. This could curtail any further efforts on his part.
In the end, your goals in this process are simple: don’t lose your Intellectual Property rights to works done thus far, keep the business relationship intact as much as possible, and retain as much documentation as possible. Retaining local counsel may be a good idea in any event. People tend to act more attentively when attorney become involved in pre-litigation investigations. An attorney would also be able to fit any evidence gathered into proper place for discovery from the moment it is found. I guess the real question remaining is how your client will respond to all of this. It may be positive or negative depending on what is really happening.
Should you be able to identify a clear link between the ex-employee and his cohorts, I think it best that you discuss with your attorney the prospects for a preliminary injunction in combination with any lawsuit you may have. It could prevent further distribution or use of your proprietary works. A demand letter directed to the ex-employee giving notice to cease and desist may also be in order. It would give formal notice that you are on to his efforts to violate your IP rights and shake his efforts up. These are point to definitely bring to your attorney’s attention. Good luck on this matter.
Dear Legal Line:
This is just a friendly professional inquiry. I am also an attorney, actually a solo practitioner, and I represent mostly small upstart VoIP service providers. I have several incidents where my clients were hacked at their gateways and were left with the bills for tens of thousands of dollars. We have identified the hacking company through our own investigation and are now advancing on claims on the basis of civil theft, intentional interference with a business relationship and unjust enrichment. Are there any other claims that you are aware of that might be useful in such instances? I would like to pack the claims as completely as possible. Your input is welcomed.
Dear Fellow Counsel:
Thank you for your inquiry and I hope this helps. I am not sure if your claims are federal or state, however, at the federal level there is a statue with remedy in both civil and criminal courts depending on how you wish to proceed. This is under United States Code Tile 17 (the precise cite is 17 USC 1030 (a) (4)) and it covers unauthorized access into a private or public parties protected network for fraudulent purposes or for access causing damage to the owner of the network. Since VoIP networks function like most other private protected networks, there may be room for applying the statue in federal cases. I suggest you research it for your jurisdiction before advancing it, as there is a substantial amount of case law that has developed over the past three years in several jurisdictions. Most of this supports the claims of victims but there are some anomalous rulings in a few jurisdictions that place some limits.
The long and short of the federal statute itself is simple. Should an authorized party access a protected computer network causing damage to the owner, the owner has recourse under civil or criminal causes. Since the focus of your claims at this point seem to be damages, you may wish to explore the civil side. The requisites are: 1) Un-authorized access by a party to a protected network of the victim; 2) Identification with certainty of the unauthorized accessing party; 3) Damages being caused in excess of $5,000.00 USD because of the unauthorized access per incident or cumulative. The scope of the statute also includes users going beyond their authorized access. For example, a tech reprogramming a limited access password to gain full access to a network and thereafter causing damages. The civil cause portion of the statute allows you to bring action on the unauthorized accessing party for damages in federal district court where the hacker resides. It can eliminate some of the jurisdiction chasing that can occur when the hacker in an out-of-state offender. Causation and damages are the real key to success of these types of claims. So if you have the proof, it will make a strong claim to use to seek recovery.
The criminal side is based upon the same elements with the added element of criminal or fraudulent intent. The Department of Treasury is generally responsible for investigating such incidents and it largely falls upon the Secret Service. Usually this involves reporting the incident to local law enforcement and being referred up the chain of law enforcement jurisdiction. I, however, believe that an inquiry to the local Secret Service branch or FBI would not hurt in order to get the ball rolling in an investigation. Thank you for thinking of Legal Line.