Beyond Technological Solutions for the Protection of Confidential Commercial Information on the Internet

C D Freedman is Herchel Smith Research Fellow in the Law ofIntellectual Property at Emmanuel College. He can be contacted at EmmanualCollege, University of Cambridge, Cambridge CB2 3AP or via e-mail at cdf25@cam.ac.uk

The Internet is no place for secrets, commercial or otherwise.

It is reasonable to assume that by now all prudent business people are wellaware that the Internet offers a variety of commercial opportunities. However,the desire to exploit these opportunities may very well result in situationswhich endanger the security of information that is better kept secret. The worstcase scenario in which confidential information is improperly disclosed to, oracquired by, another and finds its way onto the Internet is a highly problematicone for the law; the technological reality is that the Internet rememberseverything, forever. The recent furore respecting the disclosure of the names ofpersons said to be MI6 operatives on the Internet, allegedly by a former MI6member, has succinctly made the point that traditional legal remedies for breachof confidence may be insufficient in the modern technological context.

It is disappointing that what debate there has been respecting the protectionof confidential commercial information and the Internet has centred onindividual technologies rather than adapting generalised principles to themodern context. For example, the commercial issue that has garnered the mostpublic interest of late has been the regulation of cryptographic software andthe setting of uniform cryptographic standards for transacting business on theInternet. Whilst it may be tempting to conclude that the popular use of strongprivacy-enhancing technologies will somehow be the magic solution to combat allthreats of misappropriation, the reality is rather less convincing. It should beremembered that is not only the details of individual commercial transactionsthat are at risk, nor is criminal fraud the only harm to be avoided.

In this article, I shall outline some of the issues and present some thoughtson the necessity for the law to incorporate and supplement self-help strategieslike the use of cryptography. My two general points in response to the currentstate of affairs are these.

First, at the practical level, prudent business people in possession ofconfidential commercial information would be well advised to devise proactivesecurity strategies to minimise exposure of valuable information to the risk ofmisappropriation, and enforce intellectual property and other rights in suchinformation vigorously. At minimum, this means a comprehensive intellectualproperty protection program including periodical audits of information-handlingsystems and security initiatives, and the drafting of corporate policies to dealwith the use of information technology in relation to sensitive information.Such strategies, once devised, must be practised consistently if they are to bemeaningful.

Secondly, at the more abstract level of law reform, it should be recognisedthat the public has a strong interest in furthering the innovation cycle as thecreation of new wealth in post-industrial developed economies like our own isincreasingly based on technological development and the efficient exploitationof emerging technologies. Accordingly, present legal models in this area must beoverhauled to a certain extent to provide greater relief against practices whichinterfere with these interests – offensive trade practices that seek to obtaininformation illicitly and wilful breach of civil obligations with respect toconfidential commercial information. What is required, then, is a morecomprehensive model of liability incorporating conduct-based rules of civilliability and receipt-based rules of criminal liability. In addition, it may benecessary to broaden the range of remedial responses, perhaps even to includethe contentious ‘inevitable disclosure’ doctrine which has been developed inrecent years in American trade secrets law.

The Nature of the Risk

Confidential commercial information is at risk in two sets of scenariosprimarily based on motive, and themselves incorporating differing risk factors.

The risks associated with the acquisition by, or disclosure to, parties whoseek to gain from the information directly or indirectly is clearly the mostproblematic. These are circumstances where information is taken outside theclose circle of confidentiality negating its relative secrecy and inherentvalue. The hallmark of these situations is that the information in question isactively targeted for misappropriation by the confidant or by the ultimaterecipient; these are situations from the more mundane, where an employeeimproperly exploits confidential information belonging to his or her employer,to the less conventional but more worrying co-ordinated campaign of industrialespionage. One would think that the motive of enriching oneself at another’sexpense would seem to favour the position that a civil remedy alone would besufficient to deter such activities based on self-interest. However, it seemsclear that civil remedies are not always sufficient, especially where theplaintiff suffers a loss but the defendant does not necessarily obtain a directfinancial benefit.

Confidential information disclosed either negligently or purely throughmalice is equally dangerous. One example of note is the recently-withdrawnaction in the United States, Raytheon Corp v John Does and 21 Others,¹where Raytheon against 21 of its employees who divulged confidential informationowned by the plaintiff in Internet chat rooms. The firm was successful inobtaining subpoenas to a number of external e-mail service providers anddiscovered the employees’ true identities. The action was eventually withdrawnafter it was agreed that 4 of the 21 defendants would resign and the remainingwould be counselled as to the handling of confidential information and the risksassociated with the Internet. In these situations one would think that acombination of civil remedies and criminal sanctions together with the adoptionof internal policies respecting the proper control of information might be themost effective strategy. Sadly for Raytheon, it took a major incident to awakencorporate decision-makers and in-house counsel to the need for co-ordinatedinternal policies respecting the negligent disclosure of confidentialinformation on the Internet by employees.

The Legal Response

The law’s response to the misappropriation of confidential commercialinformation, on the Internet or elsewhere, begins from two negativepropositions.

First, the inability to exclude others from the use or possession ofconfidential information as is required in the normal legal sense of ownershipwould seem to deny that it is property in the legal sense of that term.Whilst the issue has not been definitively settled in English law,²the great weight of judicial and academic comment is inconsistent with ascribinga property characterisation to such information. This means that theusual civil remedies designed to enforce property rights and the normal criminallaw of theft are inapplicable.

Secondly, and in contrast to some continental systems and aspects of Americanlaw, English law traditionally disfavours an approach to these problems thatspeaks to norms of ‘unfair competition’ directly.³

In private English law, then, confidential information is indirectlyprotected from unauthorised use or disclosure through the enforcement ofobligations of confidentiality in relation to such information. Obligations maybe expressly or implicitly agreed to, or judicially constructed in appropriatecircumstances, as between the parties. It has been said that the protection ofconfidential information in the form of the equitable action for breach ofconfidence, the primary vehicle for civil liability outside contract, is suigeneris in the sense that it has arisen in a multi-jurisdictional fashion,emanating from principles of property, contract, and equity. In a general sense,the contours of the action will depend very much on the nature of theinformation sought to be protected, the parties to the action, and thecircumstances claimed to give rise to an enforceable obligation between theparties.

Where acquisition-based, or conduct-based, liability is sought, theapplication of the criminal law seems contingent on the misappropriative actbeing incidentally proscribed. Civil liability on the point is most uncertain.

Receipt-based Liability

This is an area where private law has developed sophisticated principles ofcivil liability in law and equity.

The most commonly accepted statement of the elements of the action for breachof confidence was given by Megarry J, as he then was, in Coco v A.N. Clark(Engineers) Ltd.⁴

‘… three elements are normally required if, apart from contract, a caseof breach of confidence is to succeed. First, the information itself, in thewords of Lord Greene MR… must ‘‘have the necessary quality ofconfidence about it’’. Secondly, that information must have been impartedin circumstances importing an obligation of confidence. Thirdly, there mustbe an unauthorised use of the information to the detriment of the partycommunicating it.’ (emphasis added.)

There are two areas that are problematic in relation to the action for breachof confidence. First, can the principle be extended to situations where theparties are not linked through a relationship of trust and confidence and whereliability is sought to be imposed based on the manner in which the informationwas illicitly obtained alone; I will consider this issue briefly below. Thesecond problematic area is the question of imposing criminal liability wherecivil liability is insufficient to deter misappropriative acts – for example,where the defendant is judgement-proof.

The Law Commission’s 1997 provisional recommendation supporting thecreation of a new offence of misuse of trade secrets is exactly on point and, Iwould suggest, appears to be an appropriate way forward in this area.⁵The model advocated restricts application of the criminal law to offensiveconduct in relation to unauthorised use or disclosure of a functionally definedsubset of confidential commercial information, ‘trade secrets’. Theorientation of the provisional draft law is to punish an offender who knowinglymisappropriates valuable information that is not ‘generally known’. Theoffence is not overly broad in scope and the Law Commission intends actualprosecutions to be instigated only in the worst cases and where the availabilityof civil remedies is inadequate in the circumstances of individual cases. Themost appropriate use of such sanctions would be to punish employees, co-venturers,consultants and others who rightfully acquire information but then knowingly andintentionally misuse it. The scope of the provisional model deliberately doesnot speak to illicit modes of acquisition or the question of industrialespionage.

Conduct-based Liability for Illicit Acquisition

There is an obvious need to balance policy interests where one seeks tosanction the defendant based solely on the method of acquisition itself;over-protection of information is to be avoided as much as under-protection, aseffective competition requires that information about the state of the marketand product development be reasonably ascertainable. However, and whilst it maybe true that business people have a legitimate interest in securing as muchinformation as possible on competitors and their products, it is in no one’sinterest to have a completely unregulated market-place. The Younger Commissiondescribed this fundamental consideration in these terms:⁶

‘The main difficulty in considering the acquisition of industrial andcommercial information is deciding where to draw the line between methods whichconsist of painstaking and legitimate gathering of business information andthose which the law should treat as illegal. Most people would agree that it ispart of the normal function of an efficient business man to be well-informed onhis competitor’s products, prices, sales promotions, and so forth; and mostpeople would agree that it would be quite wrong for him to steal his rival’stest samples or suborn his employees; but there are grey areas.’

Criminal liability does not proceed from a generalised approach based onmisappropriation directly; the lack of property takes the misappropriative actoutside the law of theft. Liability, then, is conditioned on the act itselfbeing incidentally proscribed under statute or common law. Whilst it is beyondthe scope of this paper to attempt an exhaustive analysis of the variouscriminal law proscriptions relevant to the remedy the mischief identified, Iwould suggest, much as the Law Commission recently advised,⁷that there are significant gaps in this incidental application of the criminallaw. One serious problem is the question of liability where one improperly usesaccess privileges to obtain information; though this would now seem to run foulof the Computer Misuse Act 1990 the correct approach has not yet beendefinitively settled as a matter of either criminal or civil liability.⁸

This is an undesirable state of affairs. One would think that the criminallaw ought to be able to relieve the reputable trader’s helplessness againstsocially offensive business practices.

What then of civil liability?

It would seem natural to look to private law for norms of actionable conductthat might be useful in determining complementary criminal standards.Unfortunately, this is an area in which civil liability is most uncertain. Thereare a number of inconsistent authorities as to whether a jurisdiction exists tofind liability based on an acquisitive method standing alone, and what the testto find such liability ought to be. Various conduct-based standards have beenproposed in the context of the equitable action of breach of confidence –amongst them that the act of acquisition was itself unlawful,⁹surreptitious,¹⁰ reprehensible,¹¹unconscionable,¹² wrongful,¹³and on the basis that the act falls under some generalised principle ofliability grounded in the flexible nature of the equitable jurisdiction itself.¹⁴Many respected authorities argue that liability based on any such approachimplicitly raises the spectre of liability imposed on highly idiosyncraticjudicial views of general or commercial morality.¹⁵This is a criticism that is not unique to breach of confidence claims butreflects a fundamental tension that has been at the root of the long-standingjudicial reluctance to import equitable doctrines into the commercial context.¹⁶

Clearly the state of the law on the point is wanting.

Endnotes

1. The claim for $25,000 in damages for misappropriation oftrade secrets was withdrawn on 20 May 1999 (Middlesex Sup. Ct., Mass.). Theemployees gossiped online about the company, specific officers, company plans,and finances.

2. The matter was left open by the House of Lords in the Spycatcherlitigation; Attorney General v Guardian Newspapers Ltd. (No. 2) [1990] 1AC 109 at p 281 per Lord Goff.

3. English law knows no tort of unfair competition; seegenerally, A Kamperman Sanders, Unfair Competition Law (Oxford: ClarendonPress, 1997). It is interesting to note the recent Canadian case of CadburySchweppes Inc. v FBI Foods Inc (1999), 167 DKR (4th) 577 (SCC), a breach ofconfidence case where the loss was characterised as ‘unfair competition [inthe sense] of having their own know-how, imparted in confidence, used againstthem’.

4. [1969] RPC 41 at p 47.

5. Law Commission for England and Wales, Legislating theCriminal Code: Misuse of Trade Secrets (CP No. 150, 1997).

6. Report of the Commission on Privacy (1972, Cmnd.5012), para. 489.

7. Consultation Paper on Misuse of Trade Secrets, para1.24.

8. The proposition accepted in DPP v Bignall [1998]Crim LR 53 was doubted in dicta by Lord Hobhouse in R v Bow StreetMetropolitan Stipendiary Magistrate ex parte Government of the USA (No 2)[1999] 3 WLR 620 (HL). For an example of a recent case where the issue wasaddressed only through the law of confidence, see Cantor FitzgeraldInternational v Tradition (UK) Ltd (1999) The Times, 19 May, per Pumfrey J.

9. Francome v Mirror Group Newspapers Ltd., [1984] 1WLR 892; ITC Film Distributors v Video Exchange [1982] Ch 431; DistillersCo (Biochemicals) Ltd v Times Newspapers Ltd [1975] QB 613, 621.

10. Lord Ashburton v Pape [1913] 2 Ch 469; Argyllv Argyll [1965] 1 All ER 611, 627; Butler v Board of Trade [1971] Ch680; Commonwealth v John Fairfax & Sons (1980), 147 CLR 39, 50 (Aust.HC); Webster v James Chapman & Co [1989] 3 All ER 939.

11. G Jones, ‘Restitution of Benefits Obtained in Breachof Another’s Confidence’ (1970), 86 LQR 463.

12. Franklin v Giddens [1978] Qd R 72.

13. Restatement of Torts (1939), *S757; Restatementof Unfair Competition (3rd) (1995), *S43. See also Ansell Rubber Co. PtyLtd v Allied Rubber Industries Pty Ltd [1967] VR 37.

14. Creation Records Ltd v The News Group [1997] EMLR444; Shelley Films Limited v Rex Features Limited [1994] EMLR 134.

15. WR Cornish, ‘Protection of Confidential Information inEnglish Law’ (1975), 6 IIC 43.

16. See Moorgate Tobacco Co Ltd v Philip Morris (No2) (1984), 156 CLR 414 (Aust HC), where the claim was raised in relation tobreach of confidence as well as being advanced on the purported tort of unfaircompetition.

17. Faccenda Chicken v Fowler [1987] Ch 117 at p’137-138.

18. Consultation Paper on Misuse of Trade Secrets,para 4.22.

19. See Restatement of Torts (1939), *S757; Restatementof Unfair Competition (3rd) (1995), *S39.

20. PepsiCo, Inc v Redmond, 54 F.3d 1262 (7th Cir.1995); Lumex, Inc v Highsmith, 919 F. Supp. 624 (E.D.N.Y. 1996); Merck& Co, Inc. v Lyon, 941 F.Supp. 1443 (M.D.N.C. 1996).

21. See generally Faccenda Chicken v Fowler [1987] Ch117; Balston v Headline Filters Ltd [1987] FSR 330; Lancashire FiresLtd v SA Lyons Ltd [1996] FSR 629.

22. Consultation Paper on Misuse of Trade Secrets,para 3.28.

23. Agreement on Trade-Related Aspects of IntellectualProperty Rights (TRIPs), Art 39, incorporating the provisions of the ParisConvention for the Protection of Industrial Property, Article 10bis.

24. There is a useful discussion of some of the relevantissues in F Henning-Bodewig, ‘International Protection Against UnfairCompetition – Art. 10bis Paris Convention, TRIPS and WIPO Model Provisions’(1999), 30 IIC 166.

Moving Forward to More Effective Strategies

Having taken the position that there is a need for individual action as wellas law reform, I should like to offer a few thoughts on some of the moreimportant issues.

The Need to Combine Legal and Technological Solutions

It is clear that at least part of the solution to protecting confidentialinformation lies with the adoption of technological measures to safeguardinformation. However, much as legal models standing alone seem inadequate, sotoo do these privacy-enhancing technologies seem inadequate when practised inisolation of legal structures.

The present model of civil liability in English law for breach of confidencedoes not require that an information owner take reasonable steps to protect hisor her information (though such efforts may be relevant in recognising theinformation in question as that having ‘the necessary quality ofconfidence’),¹⁷ a position that the LawCommission provisionally advocates be continued in a new criminal trade secretsoffence.¹⁸ In this way, the negligent plaintiff isnot barred from pursuing a remedy against an innocent third party in possessionnor would an offender escape liability based on the victim’s failure toprotect the information adequately.

Whilst it may be beneficial to treat confidential information asquasi-property in some respects, it may be time to rethink this orientation andperhaps adopt something which incorporates technological solutions more directlyinto legal models as is the case in American trade secrets law.¹⁹There are two points which favour such a development.

First, there is a public interest in encouraging the prudent use oftechnology in handling informational assets. Those who use informationtechnology to deal with their sensitive information ought to be encouraged toact reasonably, if only to ration our judicial resources more efficiently.

Secondly, and perhaps most importantly, by not making the law more clearlypredictable on this point, information owners are placed in a position wherethey must go beyond taking reasonable protective measures and must take maximumprotective measures consistent with their subjective perceptions of the value ofthe information in question. Rational business people will take protectivemeasures on a cost-benefit basis, but the efficiency of such measures ineconomic terms is not addressed by the state of the law and seemingly a policyof encouraging economic inefficiency is adopted in its place.

The criminal law consideration, that the accused not be allowed to escapesanction on the basis of the victim’s fault, may indeed require that such arequirement be abandoned for the purposes of the criminal law. However, arequirement to be reasonably diligent in protecting the information may in factprove a useful brake against sanctioning conduct that may be insufficientlyblameworthy given the principles underlying the proposed offence and the natureof the mischief to be remedied.

Having said that reasonable protective measures ought to be required as athreshold matter, it is necessary to consider to some small degree what sorts ofmeasures ought to be adopted.

The Need for Proactive Strategies and Co-ordinated Response

The process of protecting confidential information should be a dynamic one,involving the information owner, solicitor, and security consultant whereappropriate in periodic audits of an individual firm’s intellectual propertyprotection policies and practices. Any approach that is static will be bound toproduce inferior results in the long term.

I would suggest that the goals of such an auditing process are relativelystraight-forward:

• To identify the subject-matter that is at risk of misappropriation and which requires protection; not all such information will be capable of attracting legal protection as it may be, to a greater or lesser extent, in the public domain already (though it may go unrecognised as valuable by trade rivals).
• To assess internal access and disclosure policies to ensure that the information remains confidential by being disclosed economically. The prudent business person may wish to avoid ‘competitive intelligence’ – the gathering of all relevant information in the public domain by firms that combine these public sources to build surprisingly accurate profiles of an individual firm’s corporate practices and products.
• To assess contractual non-disclosure commitments in employment and other agreements to ensure that non-disclosure covenants are both included and are enforceable. This process has a certain trans-national character as, for example, restrictive employment covenants are notorious for being enforced differently in varying jurisdictions. Thus, at minimum, it should be ascertained whether the right covenants are included in the individual agreements scrutinised. Similarly, non-disclosure agreements meant to restrict potential co-venturers or partners should be enforceable directly in that party’s own jurisdiction which may require that foreign counsel be consulted.
• To assess physical and computer security arrangements. For example, and depending on the nature of the environment in question, it may be advisable to implement ‘clean-desk’, ‘clean-lab’ schemes to avoid the disclosure of information to contract cleaning or security staff who may be left alone on the premises. It may also be advisable to incorporate physical constraints like tiered-access to sensitive areas like research labs to ensure that temporary or junior staff do not gain access to sensitive information.
• To assess e-mail and Internet posting policies by both the company and its employees to ensure that confidential information does not find its way onto the Internet without authorisation. This is crucial. One fault consistently reported by security consultants is that protective technologies are simply not applied as they should be, as junior staff are often unsure how technologies work and when they should be used. A regular audit of internal policies and circumstances will reveal whether e-mail and faxes are being encrypted and whether new staff are made aware of such practices. Moreover, if anything is to be learnt from the Raytheon experience, it is that employees may inadvertently divulge sensitive information on the Internet without appreciating the seriousness of such disclosure – issues of information security should be canvassed with staff.
• To co-ordinate responses should information be disclosed without authorisation or be illicitly acquired. In times of crisis, a well-ordered and co-ordinated response is best.

I would suggest that such an audit ought to extend beyond the protection ofconfidential information to include other forms of intellectual property aswell, such as copyright and trademark protection.

Endnotes

1. The claim for $25,000 in damages for misappropriation oftrade secrets was withdrawn on 20 May 1999 (Middlesex Sup. Ct., Mass.). Theemployees gossiped online about the company, specific officers, company plans,and finances.

2. The matter was left open by the House of Lords in the Spycatcherlitigation; Attorney General v Guardian Newspapers Ltd. (No. 2) [1990] 1AC 109 at p 281 per Lord Goff.

3. English law knows no tort of unfair competition; seegenerally, A Kamperman Sanders, Unfair Competition Law (Oxford: ClarendonPress, 1997). It is interesting to note the recent Canadian case of CadburySchweppes Inc. v FBI Foods Inc (1999), 167 DKR (4th) 577 (SCC), a breach ofconfidence case where the loss was characterised as ‘unfair competition [inthe sense] of having their own know-how, imparted in confidence, used againstthem’.

4. [1969] RPC 41 at p 47.

5. Law Commission for England and Wales, Legislating theCriminal Code: Misuse of Trade Secrets (CP No. 150, 1997).

6. Report of the Commission on Privacy (1972, Cmnd.5012), para. 489.

7. Consultation Paper on Misuse of Trade Secrets, para1.24.

8. The proposition accepted in DPP v Bignall [1998]Crim LR 53 was doubted in dicta by Lord Hobhouse in R v Bow StreetMetropolitan Stipendiary Magistrate ex parte Government of the USA (No 2)[1999] 3 WLR 620 (HL). For an example of a recent case where the issue wasaddressed only through the law of confidence, see Cantor FitzgeraldInternational v Tradition (UK) Ltd (1999) The Times, 19 May, per Pumfrey J.

9. Francome v Mirror Group Newspapers Ltd., [1984] 1WLR 892; ITC Film Distributors v Video Exchange [1982] Ch 431; DistillersCo (Biochemicals) Ltd v Times Newspapers Ltd [1975] QB 613, 621.

10. Lord Ashburton v Pape [1913] 2 Ch 469; Argyllv Argyll [1965] 1 All ER 611, 627; Butler v Board of Trade [1971] Ch680; Commonwealth v John Fairfax & Sons (1980), 147 CLR 39, 50 (Aust.HC); Webster v James Chapman & Co [1989] 3 All ER 939.

11. G Jones, ‘Restitution of Benefits Obtained in Breachof Another’s Confidence’ (1970), 86 LQR 463.

12. Franklin v Giddens [1978] Qd R 72.

13. Restatement of Torts (1939), *S757; Restatementof Unfair Competition (3rd) (1995), *S43. See also Ansell Rubber Co. PtyLtd v Allied Rubber Industries Pty Ltd [1967] VR 37.

14. Creation Records Ltd v The News Group [1997] EMLR444; Shelley Films Limited v Rex Features Limited [1994] EMLR 134.

15. WR Cornish, ‘Protection of Confidential Information inEnglish Law’ (1975), 6 IIC 43.

16. See Moorgate Tobacco Co Ltd v Philip Morris (No2) (1984), 156 CLR 414 (Aust HC), where the claim was raised in relation tobreach of confidence as well as being advanced on the purported tort of unfaircompetition.

17. Faccenda Chicken v Fowler [1987] Ch 117 at p’137-138.

18. Consultation Paper on Misuse of Trade Secrets,para 4.22.

19. See Restatement of Torts (1939), *S757; Restatementof Unfair Competition (3rd) (1995), *S39.

20. PepsiCo, Inc v Redmond, 54 F.3d 1262 (7th Cir.1995); Lumex, Inc v Highsmith, 919 F. Supp. 624 (E.D.N.Y. 1996); Merck& Co, Inc. v Lyon, 941 F.Supp. 1443 (M.D.N.C. 1996).

21. See generally Faccenda Chicken v Fowler [1987] Ch117; Balston v Headline Filters Ltd [1987] FSR 330; Lancashire FiresLtd v SA Lyons Ltd [1996] FSR 629.

22. Consultation Paper on Misuse of Trade Secrets,para 3.28.

23. Agreement on Trade-Related Aspects of IntellectualProperty Rights (TRIPs), Art 39, incorporating the provisions of the ParisConvention for the Protection of Industrial Property, Article 10bis.

24. There is a useful discussion of some of the relevantissues in F Henning-Bodewig, ‘International Protection Against UnfairCompetition – Art. 10bis Paris Convention, TRIPS and WIPO Model Provisions’(1999), 30 IIC 166.

An Inevitable Development?

One principle that has yet to find a foot-hold in English law is thecontentious ‘inevitable disclosure’ doctrine which has emerged in recentyears in American trade secrets law.²⁰ The doctrineprovides that former employees may be enjoined from taking up employment with atrade rival based on a constructive threat of misappropriation of their formeremployer’s trade secrets. The argument accepted in such cases is that theformer employee will inevitably disclose trade secrets, eitherconsciously or unconsciously.

The practical rationale underlying the doctrine would seem to focus on thetiming of effective relief. Proponents of this ‘pre-emptive strike’ approachargue that the modern technological context has created a business environmentwhere information is critical in different stages of product development, isquickly out of date, and is susceptible to misuse or unauthorised disclosure bythose having had control over it or being able to acquire it illicitly.Moreover, the increased mobility of employees constitutes an aggravating factorfavouring the availability of strong relief at an early stage, especially withrespect to those specialised personnel who may be deeply involved in productinnovation and have access to a firm’s most sensitive information.

A pre-emptive strategy like the ‘inevitable disclosure’ doctrine may wellbe a desirable development in overcoming the remedial difficulties associatedwith post-disclosure injunctions, but it significantly tips the balance ofrights between employers and employees. Adoption of this doctrine wouldsignificantly broaden English practice on the enforcement of restrictivenon-competition covenants in, or implied obligations of confidentiality arisingfrom, employment contracts²¹ as well as thegranting of quia timet injunctions generally.

A Place for Criminal Sanctions?

In approaching the question of an appropriate criminal law presence in thisarea, I would suggest that it is of the utmost importance that fragmentary andcontext-specific strategies be abandoned in favour of the development ofgeneralised principles.

The Law Commission has taken the provisional position that criminal law inthis area should be narrowly applied and ought to follow civil liability.²²As civil liability is essentially receipt-based liability in this area, theimplicit position is that the criminal law ought to refrain from introducing newstandards of conduct-based liability. This is to say that the criminal lawshould restrict itself to breach of confidence situations where the threat ofcivil liability in the circumstances is insufficient to promote compliance withexpress or implicit obligations of confidentiality.

As I have indicated above, and in terms of supplementing receipt-based civilliability, the criminal law is able to act where the defendant isjudgement-proof or the plaintiff is without the resources or sophistication tobring an action (or even has been driven into bankruptcy as a result of the actsin question). In such circumstances, the proscribed act still attracts liabilityand consequences, and I would suggest that the Law Commission’s model isappropriate.

The lost opportunity, if the Law Commission’s provisional model is acceptedas presented and acquisition-based criminal liability is not made available, isthe opportunity to use the criminal law where appropriate to set and enforceminimum standards of acceptable commercial behaviour. The difficulty, of course,lies in applying criminal sanctions where civil liability is uncertain. Whilstit is beyond the scope of this article to suggest a suitable standard to beused, my own view is that it may not be beyond the pale to consider a standardbased on dishonesty in a sufficiently directed form; this would have theadvantage of building on the jurisprudence in both criminal law and equity thatincorporates such a standard and speaks to the international standards in theTRIPs agreement.²³

The Desirability of International Solutions

The last 25 years have seen the emergence of intellectual property as aninternational trade issue. There has been a recognition that intellectualproperty as information based assets are an important component of national andinternational trade, and their domestic treatment amongst trading partners oughtto be subject of the same kinds of rules that govern the trade and legalprotection of other critical resources. This has resulted in a policyorientation towards harmonisation of domestic intellectual property laws at botha regional level (the European Union) and at an international level (throughboth the World Intellectual Property Organisation, and, the World TradeOrganisation which administers the TRIPs agreement). The danger in notharmonising such laws amongst trading partners, in terms of trade norms, is thatthe free flow of technology around the globe will be impaired and that such lawsmay prove effective barriers to trade.

In general terms, threats to the security of confidential commercialinformation fit within the convergence of two technology-related trends: therise in value of intellectual property in post-industrial economies, and, therise in economic wrongs as a phenomenon in national and international commerciallife itself stemming partly from technological innovation. Given thetrans-national character of global communications systems like the Internet, thenature of the problem becomes international. However, and notwithstanding thesetrends, harmonising substantive law in this area has yet to be addressed.²⁴

I would suggest that given the nature and import of the issues, internationalsolutions are preferable to national ones, and that it is in the interests ofall interested persons to pressure international institutions to address theseissues sooner rather than later. Sadly, any attempt at harmonisation willundoubtedly be complicated by divergent national approaches as presentlyinstituted.

Conclusion

The Internet is a hostile environment for confidential information, and onewhich is not particularly receptive to judicial remedies in the form ofinjunctive relief. The desire to exploit the commercial opportunities that theInternet provides ought not to blind prudent business people, and law makers, tothe dangers that such global communications networks present to maintaining theconfidentiality of commercial information. Accordingly protective measuresshould be taken to safeguard information, but these measures should not belimited to technological tools alone. In the long term, it is hoped thatnational and international legal structures will work together to create a morecomprehensive model of liability incorporating both receipt-based andconduct-based principles as well as providing more effective remedial responsesin the modern technological context.

Endnotes

1. The claim for $25,000 in damages for misappropriation oftrade secrets was withdrawn on 20 May 1999 (Middlesex Sup. Ct., Mass.). Theemployees gossiped online about the company, specific officers, company plans,and finances.

2. The matter was left open by the House of Lords in the Spycatcherlitigation; Attorney General v Guardian Newspapers Ltd. (No. 2) [1990] 1AC 109 at p 281 per Lord Goff.

3. English law knows no tort of unfair competition; seegenerally, A Kamperman Sanders, Unfair Competition Law (Oxford: ClarendonPress, 1997). It is interesting to note the recent Canadian case of CadburySchweppes Inc. v FBI Foods Inc (1999), 167 DKR (4th) 577 (SCC), a breach ofconfidence case where the loss was characterised as ‘unfair competition [inthe sense] of having their own know-how, imparted in confidence, used againstthem’.

4. [1969] RPC 41 at p 47.

5. Law Commission for England and Wales, Legislating theCriminal Code: Misuse of Trade Secrets (CP No. 150, 1997).

6. Report of the Commission on Privacy (1972, Cmnd.5012), para. 489.

7. Consultation Paper on Misuse of Trade Secrets, para1.24.

8. The proposition accepted in DPP v Bignall [1998]Crim LR 53 was doubted in dicta by Lord Hobhouse in R v Bow StreetMetropolitan Stipendiary Magistrate ex parte Government of the USA (No 2)[1999] 3 WLR 620 (HL). For an example of a recent case where the issue wasaddressed only through the law of confidence, see Cantor FitzgeraldInternational v Tradition (UK) Ltd (1999) The Times, 19 May, per Pumfrey J.

9. Francome v Mirror Group Newspapers Ltd., [1984] 1WLR 892; ITC Film Distributors v Video Exchange [1982] Ch 431; DistillersCo (Biochemicals) Ltd v Times Newspapers Ltd [1975] QB 613, 621.

10. Lord Ashburton v Pape [1913] 2 Ch 469; Argyllv Argyll [1965] 1 All ER 611, 627; Butler v Board of Trade [1971] Ch680; Commonwealth v John Fairfax & Sons (1980), 147 CLR 39, 50 (Aust.HC); Webster v James Chapman & Co [1989] 3 All ER 939.

11. G Jones, ‘Restitution of Benefits Obtained in Breachof Another’s Confidence’ (1970), 86 LQR 463.

12. Franklin v Giddens [1978] Qd R 72.

13. Restatement of Torts (1939), *S757; Restatementof Unfair Competition (3rd) (1995), *S43. See also Ansell Rubber Co. PtyLtd v Allied Rubber Industries Pty Ltd [1967] VR 37.

14. Creation Records Ltd v The News Group [1997] EMLR444; Shelley Films Limited v Rex Features Limited [1994] EMLR 134.

15. WR Cornish, ‘Protection of Confidential Information inEnglish Law’ (1975), 6 IIC 43.

16. See Moorgate Tobacco Co Ltd v Philip Morris (No2) (1984), 156 CLR 414 (Aust HC), where the claim was raised in relation tobreach of confidence as well as being advanced on the purported tort of unfaircompetition.

17. Faccenda Chicken v Fowler [1987] Ch 117 at p’137-138.

18. Consultation Paper on Misuse of Trade Secrets,para 4.22.

19. See Restatement of Torts (1939), *S757; Restatementof Unfair Competition (3rd) (1995), *S39.

20. PepsiCo, Inc v Redmond, 54 F.3d 1262 (7th Cir.1995); Lumex, Inc v Highsmith, 919 F. Supp. 624 (E.D.N.Y. 1996); Merck& Co, Inc. v Lyon, 941 F.Supp. 1443 (M.D.N.C. 1996).

21. See generally Faccenda Chicken v Fowler [1987] Ch117; Balston v Headline Filters Ltd [1987] FSR 330; Lancashire FiresLtd v SA Lyons Ltd [1996] FSR 629.

22. Consultation Paper on Misuse of Trade Secrets,para 3.28.

23. Agreement on Trade-Related Aspects of IntellectualProperty Rights (TRIPs), Art 39, incorporating the provisions of the ParisConvention for the Protection of Industrial Property, Article 10bis.

24. There is a useful discussion of some of the relevantissues in F Henning-Bodewig, ‘International Protection Against UnfairCompetition – Art. 10bis Paris Convention, TRIPS and WIPO Model Provisions’(1999), 30 IIC 166.