Information Law and Policy Blog

Edwards v Andersen 44 Cal. 4th 937 (2008)

Edwards was an accountant working for Arthur Andersen when that company collapsed for its probably illegal work in the Enron scandal.  HSBC was going to hire Edwards when they bought out part of Andersen, but as part of the agreement between HSBC and Andersen, all Andersen employees had to sign a Termination of Non-compete Agreement before being taken on by HSBC.  This would absolve them from the Non-compete Agreement they had signed to start work with Andersen and release Andersen from any and all claims based on their employment there.  Scared that this was an attempt by Andersen to make him legally responsible for some of their wrongdoing, Edwards refused to sign the TONC agreement and was then fired by Andersen and not hired by HSBC.

Edwards is now suing Andersen for intentionally interfering with his prospective economic advantage going to work for HSBC.  But in order to do that, he needs to show an independently wrongful act, in this case, that the non-compete agreement they asked him to sign is void by Section 16600 and that the TONC waiver violated Labor Code Section 2802.  The discussion in this case is almost entirely about whether the non-compete agreement with Andersen was invalid under Section 16600.

It’s worth looking at California Business and Professions Code Section 16600 itself, it’s short and sweet:

16600.  Except as provided in this chapter, every contract by which anyone is restrained from engaging in a lawful profession, trade, or business of any kind is to that extent void.

Exceptions just relate to when you sell a business or are a partner in a business that’s dissolving, neither of which applies here.

California is rare in its determination that the public policy benefits of employee mobility outweigh the value to business of engaging in these agreements.  In court cases, “restrained” is taken pretty broadly — an agreement can be voided even if it doesn’t completely prohibit lawful profession, even if it just imposes a penalty for working for a competitor. Muggill v. Reuben H. Donnelley Corp. (1965) 62 Cal.2d 239, 242-243 [42 Cal. Rptr. 107, 398 P.2d 147]

Andersen argues that the Ninth Circuit has found a “narrow-restraint” exception, that these agreements can provide narrow limitations to your work, like preventing you from working for a specific client or penalizing you in some way for working for a competitor.  But the California Supreme Court thinks the Ninth Circuit is wrong, that no court in California buys it and that the Ninth Circuit relies on irrelevant California case law. They find for Edwards, that the non-compete agreement, narrow though it was, is invalid under California law.

Why has the Ninth Circuit been getting involved at all?  It appears that sometimes federal courts have to get involved in interpreting state law when there’s a diversity jurisdiction or a choice of law question.  But California gets to interpret its own laws, so the California Supreme Court wins, it seems like.

Though it isn’t discussed much, the California Supreme Court also rules that the TONC waiver of indemnity is unlawful under Labor Code Section 2802, which is also a nice short read.

Aymes v. Bonelli, 980 F.2d 857 (1992)

Aymes was hired by Bonelli (doing business as Island Swimming Sales) as a computer programmer in 1980, where he worked for two years.  During this time he created a series of programs (”CSALIB”) for maintaining internal processes at Island.  They had no written agreement.

The dispute is whether Aymes was an independent contractor of Island, or an employee, in order to determine the copyright status of the CSALIB applications.  If Aymes was an employee, then the program would have been created as “work-for-hire”, and thus Island would own the copyright.  As an independent contractor, Aymes as the creator of the software would own the copyright.  Aymes is claiming that there was an oral agreement that CSALIB would only be used on one computer, but Island ended up using it on multiple computers and thus Aymes could be owed additional compensation.

Facts:
- Aymes was under the general direction of Bonelli, who gave him significant guidance but was not a programmer
- Aymes received a graduate degree from Cornell’s School of Engineering in 1981
- Aymes did most programming at Island’s office, which was necessary due to the nature of the computer system
- Aymes was paid sometimes by the hour, and sometimes per-project
- Aymes did not receive health or other insurance benefits
- Island did not pay payroll taxes nor withhold salary for taxes, and was given an IRS form 1099 rather than the employee W-2 form
- Aymes worked occasionally for other companies over the course of the two years

Employee or independent contractor?

The original district court ruled that Aymes was an employee of Island.  The court of appeals had several issues with this and reversed the decision, ruling that Aymes was actually an independent contractor.  Since the original district court ruling, another case (Community for Creative Non-Violence v. Reid) had established the “Reid test”, a multi-factor test for determining a worker’s status as employee or independent contractor.

In light of the Reid test, the court of appeals issued the following comments along with its decision:
- It emphasized that the original finding did not weigh or otherwise be selective about each factor, simply applied them all equally
- Not all factors are relevant or equally important in any given case
- It emphasized that “Aymes was considered an independent contractor by Island” due to lack of benefits or tax payments.  The court underlined that this alone was usually indicative (and such has been the decision in every case using the Reid test since) of the worker’s status, and that Island could not treat Aymes as a contractor when it was convenient but then years later claim him as an employee

Aetna-Standard v. Rowland, 343 Pa. Super. 64 (1985)

Rowland was an employee of Aetna, and created a “plug mill receiving table” invention while employed there.  A patent was granted for this invention, which named Rowland and his supervisor as joint inventors.  Rowland was laid off from Aetna, and was asked to assign his portion of the patent over to Aetna, but refused.  His supervisor also no longer worked for Aetna, and was similarly requested to assign his interest in the patent, to which he agreed.

Does Aetna have a claim to the assignment of Rowland’s patent?

Does Aetna have a “shop right” (an irrevocable royalty-free license) to the invention?

The Court finds that Rowland holds a joint interest in the patent with Aetna, and that Aetna has a shop right for the invention’s use.

Issues:
- The mere existence of an employer-employee relationship does not entitle the employer to assignment of inventions by the employee during the employment
- A “shop right” arises when an employee creates an invention while on the employer’s time and expense — in this case, the table was designed at Aetna for a specific use and client, using Aetna’s resources

The Court stated, “given the personal, intellectual nature of the inventive process, the courts must otherwise hesitate to imply agreements to assign” although it may “readily grant the employer a shop right to use the invention”.

Wexler vs Greenberg (1960)

Overview

This case is about what right a business has to prevent an ex-employee from disclosing trade secrets after leaving the business and being hired by a competitor.

The trade secrets in question are the formulas for three cleaning products.

In this case, a chemist named Greenberg worked for a cleaning products company, Buckingham.  He left Buckingham of his own accord and was hired by one of Buckingham’s distributors, Brite Products Co.  Within a short time of Greenberg working at Brite, his new employer had begun a manufacturing business, and the company had begun making three cleaning products that were essentially identical to products made by Buckingham.

The case hinged on two points. 1. How had Greenberg come to know the ‘recipes’ for the cleaning products.  If it could be shown that Buckingham had taught Greenberg the formulas, then the court would have a problem with Greenberg’s giving the formulas to Brite.  But if Greenberg devised the formulas himself, then he would have the right to take them with him, unless…

2. He had entered into some binding covenant with his employer that expressly forbade him from doing so.

Issues

The court was mindful of any effect their decision would have in disrupting the mobility of employees (from one company to another). It was suggested that employees moving from one company to another was very conducive for technological advances (sharing of skills and minds across an industry). And in an age of atomic bombs and superpower rivalry, the court was hesitant to tamper with this employee mobility

The question of whether there is an implicit non disclosure covenant between employee and employer was visited.  In this case the court found that because Greenberg discovered the formulas himself, there was no implied secrecy covenant between employer and employee (as there would have been if the employer had given Greenberg the secret formulas).

Basically the court found that an employee has the right to use his general knowledge, experience, memory and skill at a future employer, so long as he didn’t disclose any trade secrets that the former employer had given him.

Lastly there is this concept of ‘fairly’ obtained trade secrets. “Ownership of a trade secret does not give the owner a monopoly in its use, but merely a proprietary right which equity protects against usurpation by unfair means.”  As long as trade secrets are ‘fairly’ gotten, it’s fine to use them.

———–

Whyte vs Schlage (2002)

Overview

This case has to do with trade secrets, and in particular whether the doctrine of inevitable disclosure applies in California.  Whyte is V.P. of Sales at Schlage Lock company. He resigns and is hired immediately by Kwikset Lock company a Schlage competitor.  Schlage accuses Whyte of giving Kwikset numerous trade secrets of various types, including details of Schlage’s sales contract with Home Depot (referred to as a line review).

Facts

Whyte signed a ‘confidentiality’ agreement with Schlage to protect their proprietary information. He did not sign a covenant not to compete.

Issues

The court ruled that Whyte did know some Schlage trade secrets that had to do with marketing strategy. But it also denied that other knowledge that Whyte had could be considered a trade secret. This included market research, and the Home Depot line review.  The court decided, for lack of evidence, that it had no reason to overturn the decision of the lower court that had found that Whyte did not threaten to or actually misappropriate Schlage’s trade secrets.  It is not clear what part of the testimony convinced the lower court that Whyte did not misappropriate the trade secrets. But cited Schlage’s evidence that Whyte disclosed trade secrets to Kwikset was circumstantial.

Misappropriation is generally speaking, improper acquisition of a trade secret or its nonconsensual use or disclosure.

Doctrine of Inevitable Disclosure – This is the idea that if an employee who knows trade secrets goes to work for another company in the same capacity as his previous job, he will inevitably share the trade secrets with the new company. (unless he has the ‘uncanny ability to compartmentalize information’) Therefore the former employer should have the right to prevent the employee going to the competitor.  The California court ruled to reject the Doctrine of Inevitable Disclosure in California because it is “contrary to Caliifornia law, and creates an after-the-fact covenant restricting employee mobility.”

<!–[if gte mso 9]> Normal.dotm 0 0 1 701 3931 University of California, Berkeley 80 17 4913 12.0 <![endif]–><!–[if gte mso 9]> 0 false 18 pt 18 pt 0 0 false false false <![endif]–><!–[if gte mso 9]> <![endif]–>

Jane Doe v XYC Corp (2005)

Overview of the Facts

An Employee of XYC Corporation repeatedly accessed ‘pornographic websites’, including child pornography using his work computer, and some of these incidents were reported to the management. Several of the reports were initially ignored, before the Employee was instructed to stop his misconduct and ‘non-business’ use of company computing and network infrastructure. However this did not result in the Employee permanently refraining from accessing pornographic material at the work site.

The Employee uploaded three nude and semi-nude images of his 10-year-old step daughter (Jill Doe) to gain access to a pornographic website. He had been secretly videotaping and photographing Jill at their home. Photographs of Jill found in a dumpster outside XYC corporation led to the Employees arrest. It was found that he had downloaded several pornographic photos on the work computer, had email correspondences and interactions with various websites regarding child pornography.

Major Issues Discussed

Plaintiff Jane Doe on behalf of her daughter Jill Doe appealed the decision to dismiss the XYC Corporation of its responsibility to monitor and report activities of the Employee, which would have helped to contain the harm to Jill Doe.

The initial summary judgment had dismissed XYC corporation on the grounds that it “had acted as a reasonably prudent corporation” by instructing the Employee to stop the misconduct. The corporation did not have a duty to invade the privacy of the Employee and also because the harm to the plaintiff (Jill Doe) was not inflicted on XYC Corporations property.

These dismissals are reversed by the appellate court, after an extended discussion of issues concerning

<!–[if !supportLists]–>a. <!–[endif]–>ability of XYC corporation to monitor the Employees activities

<!–[if !supportLists]–>b. <!–[endif]–>right of the corporation to monitor the said communications of the Employee

<!–[if !supportLists]–>c. <!–[endif]–>duty of the corporation to know about the activities regarding child pornography

<!–[if !supportLists]–>d. <!–[endif]–>duty to take action to prevent the continuation of the Employee’s activities. and

<!–[if !supportLists]–>e. <!–[endif]–>the harm to Jill, as a failure for the XYC corporation to act appropriately.

The court established the XYC Corporation did have the ability, and did monitor its Employee’s Internet activities, and on several occasions was aware of him surfing pornographic web sites, including those that concerned child pornography. XYC had clearly mentioned that communications and computer use was monitored and cannot be considered to be ‘private communications’, and that the Employee and no reasonable expectation of privacy.

In relation to the duty of XYC to take action to prevent the Employee’s actions, the court highlighted issues relating to a) Employee’s use of equipment owned by XYC for transmitting the images, b) the clear direction to report suspected ‘activities relating to material involving the sexual exploitation of minors’ as part of the Protection of Children from Sexual Predators Act of 1998. The court discussed the applicability of Restatement (Second) of Torts § 317 to computer equipment and Internet use, that have implications for how much Employers are responsible for their Employee’s activities, which bring harm to third parties.

The court found that § 317 was applicable because of the special relationship between the XYC Corporation and the Employee (employer-employee). XYC had ignored the information it had about the actions of the Employee. By investigating the employee, the employer would have discovered that the employee was involved with child pornography that posed threat to others, including (but not necessarily) Jill. This was only a possible action, and the court mentions that the establishment of a proximate cause presents a contested issue for a jury. However the court also stated that the assessment of ‘harm to plaintiff’ is outside of the scope of the current record, and remanded the case.

Some Implications for Employers

Employers need to monitor and assess Internet and computer usage, and take affirmative action and investigate to prevent harm to a third party. There should be clear policies that specify what communications can and which are not monitored, to shield against liabilities involving employee actions. In view of the Doe vs. XYC monitoring and privacy policies of corporations determine which communications are seen as private communications in court, and may affect the liability of an organization. “This case might (even) suggest that an employer’s strict orders regarding Internet policies provide little protection against liability if the employer knows of its employee’s illegal behavior.” (Johnson, Jamila. 2007). A widespread citing of the ruling could possibility have the effect of limiting monitoring and create greater privacy of employees at work.

Related Sources

Tort Law Overview [link]

§ 2252. Certain activities relating to material involving the sexual exploitation of minors [link]

Employee Internet Misuse: How Failing to Investigate Pornography May Lead to Tort Liability [link]

Five Challenges for Regulating the Global Information Society
by Pamela Samuelson

1. Old law or new law? Can existing laws be adapted to the regulation of the Internet or are new ones required?

• Convergence of media. Should internet streaming be treated like broadcast television? Like passive content providers? Should it depend on the way it’s delivered? The FCC has been hands-off in order to foster new business models and lower the cost of content & service delivery.
• Competition and Antitrust. ie Microsoft. Generally can be adapted for software and Net companies.
• Copyright. Generally adaptable, legislation is trying to keep pace with the technology.
• IP of databases. The EU protects the contents of databases, but the US and Japan are looking at unfair competition principles instead.
• Personal information privacy. The EU has highly legislated this, and Canada is working on it, but the US is leaning towards industry self-regulation.

2. Proportionality. How to form a reasonable and proportional response in new regulations?

• Indecent speech on the internet. The Communications Indecency Act (1996) was so broad as to interfere with the free speech of adults. Reno vs. ACLU (1997) ruled it unconstitutional. (You can’t make the entire Internet suitable for small children.)  In response, the Child’s Online Protection Act (COPA, 1998) regulated material “harmful to children” on commercial sites, though that too was deemed unconstitutional in 1999.
• Europe goes too far. In majority US views, EU database & personal data protections are disproportionately overprotective; they could harm legitimate business uses of databases and firms have incentives to protect personal data.
• Clinton. “Framework for Global Electronic Commerce”: Regulations should be predictable, minimalist, consistent, and simple to avoid disproportionate response.

3. Flexibility. Adapt to rapidly changing circumstances.

• Aim for technology-neutral
• Keep it simple. ie UETA vs UCITA – UCITA is more complex and advantages certian technologies; UETA may be more successful with its simplicity.
• Don’t legislate ahead of technology. ie ‘electronic agents.’ Wait for basis of commercial practice.
• Accurate over original. Reflect actual use.

4. Preserving Values.

• Value privacy vs use of cookies & data mining. EU legislated.
• Value encryption – munition or free speech?
• Fair use rights. If copyrighted materials have technical protections, can you circumvent the tech protection for fair use purposes?
• Fair use rights and contract law. Mass market licenses with terms that prohibit what would otherwise be fair use?

5. Transnational Cooperation.

• Possible ways: agree on guidelines first, one nation proposal as a basis for debate, reciprocity-based rules (ie EU privacy protection), policy interoperability.

Quote: “Information may be the principal commodity of an information economy in an information age, but policymakers need to realize that information is not just a commodity.  It is also an essential input to innovation, knowledge creation, education, and social and political discourse.  If information is commodified too much, these socialvalues may be impaired.”

Comment: Goal: legislating only when necessary, and to a reasonable degree that maintains flexibility, while also preserving societal values and cooperating with other countries. Seems like a great goal, but difficult to achieve.

Aviel D. Rubin, United States Election Assistance Commission, Hearing on Voluntary Voting Systems Guidelines, Panel on Voter Verified Paper Audit Trail, Washington D.C. (June 30, 2005).

ACCURATE: Public Comment on the 2005 Voluntary Voting System Guidelines. Submitted to the United States Election Assistance Commission. September 30, 2005

Background: This comment was written by a multi-institution, interdisciplinary, academic research project funded by the NSF’s “CyberTrust Program”. ACCURATE was established to improve election technology. This research group was established to investigate software archetecture, tamper-resistant hardware, cryptographic protocols and verificaiton systems. They also evaluate the system usability and how public policy can better safeguard voting nationwide.

Argument: Voting systems must ensure security, privacy, transparency, usability, accessibility and equality. The current guidelines do not do a good enough job tranlsating these democratic values into workable systems.

II. Framework for Voting System Assessment: 2005 guidelines fail to address the central structural flaws of the 1990 and 2002 standards that resulted in an election process with unacceptable levels of incidents and vulnerabilities.
The research group recommends four solutions for improving the Election Assistance Commission’s (EAC) process for certifying and evaluating voting systems.

III. Increase Transparency

• The EAC must formalize and regularize the development of the guidelines
• The process must incorporate a meaningful period for public comment
• EAC must facilitate greater government and public oversight of the testing an certification process
• Previous transparent functions of our election process must remain transparent and not hide behind proprietary electronic systems. They should be reviewed by independent experts

IV. Provide Enhanced Security

• The current guidelines are unable to provide assurance of security because their security evaluation process is inadequate
• The guidelines must focus on absence of functionality not just confirming functionality for security evaluation
• State-of-the-art usability testing by actual voters must be priority
• The guidelines should address issues of equality

V: Systems Perspective
Commenters argue that one should take the perspective of voting machines as one aspect of a system, rather than evaluating the machines as independent of the contexts they will be used in.  This means that field data ought to be used to influence design guidelines.  Field data includes things like poll worker and voter interaction with voting machines.  This kind of data is essential to developing voting systems where voters can vote “without confusion, without error, and without losing confidence in the system itself”.
With regards to accessibility, system design must take into consideration all types of people (all races, ages, classes, etc.) when evaluating usability.  The Guidelines must define the degree of usability to expect, moving away from mere functional testing, and must define this degree with respect to all groups of voters.  Additionally, accessibility is not just about allowing those with functional impairments to vote, but those with language barriers as well.
If we want to ensure a fair and just voting process, voter privacy must be respected, so independent voting is important. Because of this, these accessibility considerations must take place in design and not at the polling place (which usually takes the form of help from vote staff).
Within the design space, some examples of accessibility technologies that must be covered by the Guidelines are screen contrast, the rate of audio output (with special considerations for maintaining a conversational pitch), and the amount of alternate language options.
With all of these considerations in mind, the Guidelines must require that actual field data be fed back into the voting machine industry to correct any actual empirical problems that can be identified.  One means of gathering this field data would be parallel monitoring, a system of video taping pre-determined votes being cast and then comparing the video record with the vote data.  This would allow design decisions to be tested in an actual voting environment.  An added benefit of using field data is that it can indicate certain populations that experience more problems than others.

VI: Needed changes in development of the Guidelines
A continuous and ongoing certification and de-certification process is better than certifying a system just once.  Systems should be periodically re-examined based on new field data, for example. The commenters also ask that the Guidelines be implemented sooner than 2008.  Commenters also expressed the need for meaningful public comment.  This was in response in part to the comment period for the 2005 guidelines taking place just 3 days after their release.

Conclusion:
“Past elections have eroded public confidence in the trustworthiness, fairness and accuracy of voting systems and ultimately elections.  It is imperative to restore public confidence.  Voters and election-related jurisprudence demand that every vote has equal weight and each vote is counted.  Voters deserve to cast their votes with equal dignity without regard to disability or language.  Voting systems should accurately capture voter intent, be fully auditable, secure, and transparent enough to support meaningful public oversight.”

Comments:

Is it even possible to accommodate usability needs of all groups in the country?  Should we tolerate voters who just can’t understand simple digital technologies?  What should the line be where we say: any normal person could understand how to use a touch screen, we aren’t going to accommodate your needs in the design of our system?  And if this line must necessarily get drawn, how can we reconcile this with basic conceptions of democratic participation?

Re: Comments on RIN 1400-AB93 Electronic Passport

The government needs to consider the security & privacy implications of using RFID chips in passports.
The new data format increases risks, though it contains the same information that is on the data page of a passport and biometric data.

• Similar example: Magnetic data stripe on drivers’ licences used to verify age; some bars captured all of the data and used it for marketing purposes – feature creep from change of for.

Ease of data accessibility & capture:

• Skimming. Data can be read without the knowledge & consent of holder with an off-the-shelf RFID reader. Chips can be read from up to 30 feet away despite standards of 10cm.
• Eavesdropping. Interception of data while it is being accessed by a legitimate reader. Shielding readers proposed.
• Problems from skimming and eavesdropping: Identity theft, tracking of passport holders, black market value of passport makes holder a target.

Cloning:

• Creating fake passport copies. Relatively easy with commercial RFID chip + stolen passport.

Biometric instability:

• Proven inaccuracies could make false negatives the norm
• Current facial data included doesn’t qualify as biometrics

Making electronic passports more secure with simple measures:

• Encryption. Gov’t reasons for not, and why they fail:

• Data is visible on the data page of the passport anyway. But new data format has increased risks.
• Encrypted data will take longer to read. The small amount of data on the chip is fast to en/decrypt.
• Requires more technical coordination with other countries. Coordination exists under int’l Basic Access Control standards.

• Faraday cage. Passport cover should contain RF blocking material. Alternately, electronic lock on chip that must be swiped through a special reader to unlock, as endorsed by the EU.
• Biometrics Options. Facial biometrics maximum accuracy is 90%, which would be a massive problem on a large scale. Fingerprints more accurate, but still errors. Iris untested. Need a contingency plan for when biometrics fail.

Final request: use available technology to protect against known and obvious threats.

Comment: These are all logical recommendations, and it is surprising that basic security measures have not been seriously considered or implemented.

Cheers,

Alex, Laura, and Nathan

Last semester, I collected data from Facebook for a class project. The collected data was friendship network in each domain.

Generally speaking, I think your friend list should not be exposed to those who are not your friend unless you choose to expose. However, I was able to do that anyway through the API.

The Facebook API provides a function that confirms whether two IDs are friends or not. Another function confirms if an integer is valid ID of Facebook. Since Facebook ID is just an integer, I put two IDs ranging from 1 to 10000 and checked which two are friends. Let me illustrate the process below in detail.

By starting with (1-2), I tested through all possible pairs of IDs. Since CEO Zuckerburg’s ID is 4, he is also included in my collected data. More interestingly, the friend list of some IDs were not visible via a usual web browser.

After this experimental attempt, I realized that privacy could be sometimes compromised through APIs, because APIs could grant the access to private information to third-party entity. The access through API is sometimes freer than the one through normal web pages.

As APIs are more widely used, I think more consideration should be put into privacy concerns in the API area.

I used a contact form on a website yesterday to send a request for help. The company responded promptly this morning via email, but I noticed that there was more information in the email than I provided myself. The quoted reply portion of the email looked like this:

Name: [my name]
Comments: [my comments]
IP Address: 24.xxx.xxx.xxx
Country: UNITED STATES
Region: CALIFORNIA
City: BERKELEY

Matching IP addresses with specific geographic regions is not always accurate, but it definitely worked here to tell the company where I was writing from. Now with an automated lookup, this company can take information that seems anonymous and turn it into information that provides greater identification. Who knows what IPv6 will bring?

http://arstechnica.com/tech-policy/news/2009/04/headline-here.ars

As I mentioned in i202, TurnItIn.com is the company where my brother works. Located in downtown Oakland, the company provides plagiarism detection services for teachers and administrators, scanning through submitted papers and looking for similar phrases from a corpus of documents. The service also archives submitted papers so that they can be compared against papers that are submitted later on. Recently, a few students have tried to sue the company for copyright infringement, but a federal appeals court has ruled that this practice is fair use.