update: computer fraud and abuse act · 5 legal requirements protected computer lack of...
TRANSCRIPT
UPDATE: Computer Fraud and Abuse Act
UPDATE: Computer Fraud and Abuse Act
Nick AkermanDorsey & Whitney [email protected]://www.computerfraud.us
Nick AkermanDorsey & Whitney [email protected]://www.computerfraud.us
Nick AkermanDorsey & Whitney LLP
For on-going updates on the CFAA go tohttp://computerfraud.us
2
Pervasiveness of computer data
• Manufacturing processes
• Product plans
• Acquisition strategies
• Employee HR records
• Customer information
• Financial information
• Marketing plans and strategies
3
Computer Fraud and Abuse Act Provides Proactive Tool to Protect Data
Title 18 U.S.C. § 1030 – Enacted in 1984Criminal statuteCivil remedy in 1994 amendmentComputers used in interstate commerceAmended in 2001 and 2008Computers in foreign countriesProvides for damages and injunction
4
Various Causes of Action
Stealing valuable computer dataSchemes to defraudTrafficking in a computerpassword or similar informationwith intent to defraudDamaging computer dataHackingExtortionSending computer viruses
5
Legal Requirements
Protected computerLack of authorization or exceeding authorization to access computer Theft of information or anything of valueDamage to data permanent$5,000 loss Limited to economic damagesCompensatory damagesTwo-year statute of limitations
66
The $5,000 Jurisdictional Limit
Loss during any 1 year period aggregating at least $5,000“Loss” is defined in the statute as “any reasonable cost to any victim, including the cost of responding to an offense, conducting a damage assessment, and restoring the data, program, system, or information to its condition prior to the offense, and any revenue lost, cost incurred, or other consequential damages incurred because of interruption of service.” 1030(e)(11).
7
Initial Burden
Costs associated with loss were reasonableCost directly causally linked to the CFAA violationTort principle of natural and foreseeable results of Defendant’s conductDoyle v. Taylor, 2010 WL 2163521 (E.D. Wash. May 24, 2010)
Investigation of stolen files on thumb drive moved to another computer do not qualify
8
Responding to an Offense
Conducting a damage assessmentRestoring computer system to its condition prior to the offenseU.S. Middleton, 231 F.3d 1207 (9th Cir. 2000)
Investigating and repairing damageLost Revenue to the business caused by employee responding to offenseUse of outside investigator to determine whether computer compromised
9
Lost Revenue, Costs or Damages Incurred Because of Loss of Service
Must be interruption of serviceNexans Wires S.A. v. Sark-USA Inc., 166 Fed. Appx, 559 (2d Cir. 2006)
Plaintiff claimed theft of confidential information caused it to lose at least $10 million in profitsDoes not apply to loss of profits from theft of data
1010
Key Issue: Unauthorized Access
Section 1030(a)(4) -Whoever knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value…
11
EF Cultural Travel v. Explorica
Ex-employees set up competing student travel companyInformation was accessed through public websiteRobot created with confidential informationUsed robot to download pricing dataFirst Circuit upheld injunction basedon confidentiality agreementAuthorization establishedby contractPricing data was valuable
12
Authorization Established by Company
First Circuit: the CFAA “is primarily a statute imposing limits on access and enhancing control by information providers.”Companies can set predicate for CFAA violationRules on authorized accessAgreements can set limitsSimilar to criminal trespass
13
International Airport Centers LLC v. Citrin
Employee destroyed data on company computerAuthorization based on law of agencyAuthorization terminates with disloyal actJudge Posner found thatauthorization terminatedwhen employee “resolvedto destroy files thatincriminated himself andother files that were alsothe property of his employer.”
14
LVRC Holdings LLC v. Brekka (9th Cir.)
Employee emailed to himself competitively sensitive dataRefused to adopt CitrinEmployee cannot access company computers without authorization because employer gave him permissionDoes not address rules or agreements limiting access
15
Two Conflicting California District Court DecisionsU.S. v. Nosal (N.D. Ca. 2010)
Authorization cannot be based on corporate policiesThrust of Brekka not to look at motive in accessing
Kal-Tencor Corp. v. Murphy (N.D. Ca. 2010)Employee used Evidence Eliminator to delete all emails, files and internet historyAuthorized access predicated on employee agreement requiring return of records at terminationNo reference to Brekka
16
Ways to Establish Lack of Authorization
Hacking by outsider who breaks into computerExceeds expected norms of intended useTerminates Agency relationship with employer by disloyal conductViolates company policies and rulesBreaches contractual obligation
17
Identifying the Hacker
GWA, LLC v. Cox Communications, Inc. and John Doe, 2010 WL 1957864 (D. Conn. May 17, 2010)Pre-action Discovery to identify ISP account associated with IP addressFed. R.Civ.P. 27 (a)(3): permits discovery before the filing of a federal action to perpetuate testimony “to prevent a failure or delay of justice.”
18
Tort of Conversion
Tangible v. Intangible propertyThyroff v. Nationwide Mutual Insurance Company, 8 N.Y.3d 283 (2007) Computer data included in conversion based on changing societal valuesSimilar remedies to the CFAAMay have advantages over the CFAA
19
Companies can mitigate their “risk” by re-evaluating 7 areas of their business
Hiring PracticesCompany RulesAppropriate AgreementsUse of TechnologyTermination PracticesProtocols for ResponseCompany Compliance Program
20
The Hiring Process
Honor Prior Employment AgreementsExplain Company Obligations
Company PolicyEmploymentAgreements
Criminal Exposurefor the Company
21
Company Rules
Employee HandbookCompliance Code of Conduct Terms of Use oncompany Web siteTrainingInternational rules
22
Terms of Use
Require users to provide accurate registration informationLimit use of account to registered user at one computer at a timeProhibit use of web crawlers, robots and similar devicesPost acceptable use guidelines that prohibit abuse, harassment and similar conductSpecify limitations on use of materials obtained (e.g., no commercial use)
23
Agreements
Officers/Employees/Third PartiesAmong related companiesConfidentiality/Non-Disclosure Post employment restrictive covenantsAnti-Raiding CovenantsAgreement to search personalcomputersPermissions re use of the computersCustomer agreementsData vendor agreements
24
Snap-On Business Solutions, Inc. v. O’Neil & Associates
Snap-On and Mitsubishi entered into a license agreement whereby both contributed to electronic auto databaseMitsubishi approached O’Neil two years into contract to replace Snap-OnO’Neil used robot to copy databaseIssue: was O’Neil authorized to access the database?
25
Use of Technology
Password protection is simplestAccess based on need to knowRisks re transportable mediaEncryptionAudit trailCoordinating with documentretention and e-discovery
26
The Termination Process
Employees must return all company property Standard Exit Interview FormExplain post employment obligationsRetain evidence
27
Compliance
New York Stock Exchange listed company compliance program must protect confidential information that “might be of use to competitors, or harmful to the company or its customers, if disclosed.”Effective as of October 31, 2004Part of Compliance standards and proceduresAnnual CEO certificationMassachusettsFTC’s Red Flags RuleCover competitively sensitive data and personal data
28
Protocols for Response
Speed is of the essenceDesignate a coordinatorBe investigative readyPrepare standard court papers with company policies and agreementsSelect an affiant
NLJ.COMDaily Updates at
sue for “compensatory damages and injunctive relief.” However, for there to be subject matter jurisdiction over most CFAA civil suits, the plaintiff must prove that the violation caused “loss to 1 or more persons during any 1-year period...aggregating at least $5,000 in value.” § 1030(c)(4)(A)(i)(I).
The $5,000 in loss is not general damages but specific categories of costs to the CFAA victim. Failure to allege and prove these specific categories is fatal to the court’s juris-diction, resulting in dismissal. This article will survey the current state of the law on what “loss” means and will highlight the pitfalls to avoid in drafting and prosecuting a CFAA action.
“Loss” is defined in the statute as “any reasonable cost to any victim, including the cost of responding to an offense, conduct-ing a damage assessment, and restoring the data, program, system, or information
to its condition prior to the offense, and any revenue lost, cost incurred, or other consequential damages incurred because of interruption of service.” 1030(e)(11). The $5,000 loss requirement reflects “Congress’ general intent to limit federal jurisdiction to cases of substantial computer crimes.” In re Doubleclick, Inc. Privacy Litigation, 154 F. Supp. 2d 497, 522 (S.D.N.Y. 2001).
As an initial matter, “to establish a viable CFAA claim,” the plaintiff must show the costs associated with the “loss” “were reasonable” and “directly causally linked to...the alleged CFAA violation.” A.V. v. iParadigms LLC, 562 F.3d 630, 646 (4th Cir. 2009). The causation requirement has been interpreted “to incor-porate traditional principles of tort causation.” Global Policy Partners LLC v. Yessin, 686 F. Supp. 2d 642, 647 (E.D. Va. 2010). Thus, in deter-mining whether a plaintiff has proven “loss,” a jury can “consider only those costs that were a ‘natural and foreseeable result’ of Defendants’ conduct.” U.S. v. Middleton, 231 F.3d 1207, 1213 (9th Cir. 2000).
The first category of “loss” set out in the statute is “responding to an offense” by “conducting a damage assessment” and “restoring” the computer system “to its
condition prior to the offense.” The classic example of this type of loss was upheld in Middleton, in which Nicholas Middleton, a disgruntled former computer administrator for an Internet service provider, entered the company’s computer network and “changed all the administrative passwords, altered the computer’s registry, deleted the entire bill-ing system (including programs that ran the billing software) and deleted two internal databases.” Id. at 1209.
At trial, the government offered proof of $10,092 in loss, required to support a five-year felony, based on the “hourly rates (calculated using their annual salaries)” of the victim company’s employees to respond to Middleton’s offense by investigating and repairing the damage caused to the com-pany computer network. That amount also included the cost of recreating the destroyed databases and the cost of a consultant and new software. Id. at 1214. In addition, lost revenue to the business caused by an
july 5, 2010
Dismissal of CFAA claims for lack of jurisdictionUnder Computer Fraud and Abuse Act, plaintiff must properly specify a $5,000 loss or case will be tossed.
BY NICK AKERMAN
T he Computer Fraud and Abuse Act (CFAA) is the omnibus fed-
eral computer crime statute outlawing theft and destruction of data,
hacking, use of viruses, theft of passwords and extortionate threats
to damage computers. 18 U.S.C. 1030. Any business or individual “who
suffers damage or loss by reason of a violation of the” CFAA is entitled to
The PracticeCommentary and advice on developments in the law
istockphoto/Zonecreative
nick akerman is a partner in the New York office of Dorsey & Whitney who specializes in the protection of trade secrets and computer data.
employee having to respond to an offense instead of conducting the operations of the business “may qualify as losses under the CFAA.” iParadigms, 562 F.3d at 651.
foRENsIC CoMputER ExAMINAtIoNs
The cost of an outside forensic examiner to determine whether a Web site had been “com-promised” as a result of a CFAA violation may also constitute “loss.” EF Cultural Travel B.V. v. Explorica Inc, 274 F.3d 577, 584, n.17 (1st Cir. 2001). The court in EF Cultural Travel rejected the defendants’ argument that “such diagnos-tic measures” do not constitute “loss” when there is no “physical damage” to the plaintiff’s Web site. Id. at 585. While EF Cultural Travel represents the prevailing law adopted by most federal courts, there are several district courts that have recently refused to find loss based on a forensic computer investigation when the plaintiff presented no evidence of “damage to its computers or that it suffered any service interruptions.” von Holdt v. A-1 Tool Corp., 2010 WL 1980101, at *12 (N.D. Ill. May 17, 2010). These cases ignore the plain language of the CFAA’s definition of “loss,” which clearly dif-ferentiates between costs of responding to an offense and costs related to interruption of service.
Nonetheless, simply paying for a foren-sic investigator to conduct an investigation without a focus on the CFAA’s require-ments of “loss” is insufficient. In Chas. S. Winner Inc, v. Polistina, 2007 WL 1652292, at *4 (D.N.J. June 4, 2007) the court dismissed the CFAA claim because the plaintiff alleged no facts showing that the amount paid to the investigator “was related to investigat-ing or remedying damage to the computer, or due to interruption of the computer’s service.” Absent such evidence, the court was left to assume that the investigation simply related to the “recovery” of evidence to prove the CFAA violation rather than responding to or remediating the offense.
Nor can “loss” be proved by “costs incurred investigating business losses, unrelated to actual computers or computer services.” Nexans Wires S.A. v. Sark-USA Inc.,166 Fed. Appx. 559, 563 (2d Cir. 2006). In Nexans Wires, the plaintiff argued that it satisfied the CFAA’s “$5,000 loss requirement because it spent approximately $8,000 to send its
executives from Germany to New York to investigate the misappropriations of its stored data.” The court found that the plaintiff failed to prove “loss” because there was no con-nection between the travel costs incurred by its executives in visiting New York City and “ ‘any type of computer investigation or repair,’ or any preventative security measures or inspections.” Id.
Also, the investigation must relate to the computer that was the subject of the CFAA violation. In Doyle v. Taylor, 2010 WL 2163521 (E.D. Wash. May 24, 2010), Aaron Doyle, claimed that the defendant stole his thumb drive and disseminated copies of the documents on the thumb drive via the Internet. To prove the requisite $5,000 in “loss,” Doyle submitted affidavits from a computer forensic examiner “detailing the work he anticipates would be required to determine what files were copied from the thumb drive and stored on other comput-ers.” Id. at *2. The court found that “exam-ining others’ computer systems and delet-ing misappropriated files” from those other computers is “outside the intended scope of the” CFAA. Id. at *3.
The second independent category of “loss” is lost revenue, costs “or other con-sequential damages incurred because of interruption of service.” In Nexans Wires, the plaintiff, in addition to its executives’ travel expenses, claimed that the “defen-dants’ misappropriation of its confidential data caused it to lose ‘profits of at least $10 million.’ ” 166 Fed. Appx. at 562. The court held that “the plain language of the statute treats lost revenue as a different concept from incurred costs, and permits recovery of the former only where connected to an ‘interruption of service.’” Because there was no interruption of service, the plaintiff’s “asserted loss of $10 million is not a cogni-zable loss under the CFAA.” Id. at 563.
A motion to dismiss based on a failure to plead proper “loss” is a challenge to the court’s jurisdiction, and therefore the plain-tiff must respond “with rebuttal evidence.” Polistina, 2007 WL 1652292, at *4. Given that procedural posture, it is critical that, before filing a CFAA action, a plaintiff care-fully formulate its theory of “loss” in con-formance with the holdings of the above-
described judicial opinions detailing the types of factual circumstances that properly constitute “loss.” In doing so, the complaint must allege:
• “[S]pecific details from which a fact-finder could calculate an amount of loss,” Taylor, 2010 WL 2163521, at *3, which can neither be speculative nor conclusory and are reasonable and not overreaching.
• Losses that are linked directly to the CFAA violation and the computer that was the object of the violation.
In Yessin, the court refused to consid-er plaintiffs’ proper categories of loss—“expenses incurred in...establishing, con-figuring, and designing a new web site and e-mail addresses” because the plaintiff failed “to provide evidence that may prop-erly be considered on summary judgment” and failed to prove “that certain of these expenditures were a reasonably necessary response to the alleged CFAA violations, as required to prove a causal link.” 686 F. Supp. 2d at 648. Yessin underscores the need for carefully developing the factual basis for loss before filing the CFAA action.
the national law journal july 5, 2010
Reprinted with permission from the July 5, 2010 edition of THE NATIONAL LAW JOURNAL © 2010 ALM Media Properties, LLC. All rights reserved. Further duplication without permission is prohibited. For information, contact 877-257-3382, [email protected] or visit www.almreprints.com. #005-07-10-12
Nick Akerman Partner Dorsey & Whitney LLP 250 Park Avenue New York, NY 10177-1500 (212) 415-9217 : phone (646) 417-7119 : fax [email protected]
Experience
Partner in the Trial group and co-Chair of the Computer Fraud and Abuse practice. Represents clients in trial and appellate courts and arbitrations throughout the United States. Specialties include: protection of trade secrets and computer data, other commercial litigation, internal investigations and white collar criminal representations.
Representative Litigation
Complex Commercial Litigation
Represented Lockheed Martin Corp. in a trade secrets and computer fraud case in Lockheed Martin v, L-3 Communications, Inc., 6:05 CV 1580 ORL 31KRS
Represented Lockheed Martin Corp. on RICO claims in Lockheed Martin v. The Boeing Company, 6:03CV 796 ORL 28 KRS
$1 million jury verdict in a RICO, libel and slander case affirmed by the Second Circuit Court of Appeals. Securitron Magnalock v. Schnabolk, 65 F.3d 256 (2d Cir. 1995)
Libel defense for media publications. Stover v. Journal Pub. Co., 105 N.M. 291, 731 P.2d 1335 (N.M. App. 1985)
Whistleblower cases. Rodgers v. Lenox Hill Hosp., 251 A.D.2d 244, 674 N.Y.S.2d 670 (N.Y.A.D. 1st Dep't 1998)
Contract disputes. Carte Blanche (Singapore PTE., Ltd.) v. Diners Club Intern., Inc., 758 F. Supp. 908 (S.D.N.Y. 1991)
Insurance coverage disputes. See e.g. Journal Pub. Co. v. American Home Assur. Co., 771 F. Supp. 632 (S.D.N.Y. 1991)
Defamation. See e.g. Criales v. American Airlines, Inc., 1999 WL 1487601 (E.D.N.Y. Dec. 28, 1999)
Protection of Trade Secrets and Computer Data
First preliminary injunction under the Computer Fraud and Abuse Act relating to the entry of a company database through a public Web site using the company's confidential and proprietary information. EF Cultural Travel BV v. Explorica, Inc., 274 F.3d 577(1st Cir. 2001)
Over 15 injunctions for clients under the Federal Computer Fraud and Abuse Act
Over 40 injunctions enforcing post-employment restrictive covenants for The Prudential Insurance Company of America. Prudential Ins. Co. of America v. Barone, 1998 WL 269065 (W.D.N.Y. May 9, 1998)
Injunctions enforcing covenants not to compete. Garber Bros., Inc. v. Evlek, 122 F.Supp.2d 375 (E.D.N.Y. 2000)
Assist companies in designing and reviewing corporate compliance programs. As part of this program, advise corporations on designing programs to protect intellectual property, trade secrets and computer data. Have conducted a trade secrets audit of a major national health insurance company to assist the company in establishing systems, agreements and procedures to protect its confidential and proprietary and trade secret protected information.
Internal Investigations
Conduct and direct internal investigations for corporate clients into allegations of internal fraud and theft including a well-publicized investigation in Chicago into allegations of abuse of corporate assets by the President of Florsheim. In many instances these investigations have resulted in RICO actions being filed against the wrongdoers. CNBC, Inc. v. Alvarado, 1994 WL 445717, RICO Bus. Disp. Guide 8629 (S.D.N.Y. Aug. 17, 1994)
White Collar Representations
Have represented numerous corporations and individuals under criminal investigation by the United State Department of Justice for complex commercial and tax crimes. Defended numerous criminal cases in federal court including the acquittal of all defendants by a jury in United States v. Stella, 1990 WL 128918 (S.D.N.Y. Aug. 27, 1990).
Federal Prosecution Experience
Assistant United States Attorney in the Southern District of New York (SDNY) from 1975 until 1983. Prosecuted a wide array of white collar criminal matters including bank frauds, bankruptcy frauds, stock frauds, complex financial frauds, environmental crimes and tax crimes. First prosecutor in the SDNY to use the RICO statute to prosecute traditional white collar criminal offenses. Tried over 25 cases before juries including successful prosecutions of Mafia bosses Russell Bufalino and Frank Tieri, and the RICO prosecution of ten individuals predicated on securities fraud and bankruptcy fraud violations for the formation and operations of The Westchester Premier Theater. United States v. Weisman, 624 F.2d 1118 (2d Cir. 1980)
Assistant Special Watergate Prosecutor with the Watergate Special Prosecution Force from 1973 to 1975. Conducted grand jury investigations into misuse of federal agencies and other allegations of criminal conduct related to the break-in at Democratic National Headquarters. Examined all of the principals in the Watergate scandal before the various Watergate grand juries.
Admissions
Massachusetts
New York
Honors
Named "New York Super Lawyer," 2009 & 2010
Special Commendations by the Department of Justice in 1979 and 1981 for Outstanding Achievements
Education
Harvard Law School J.D., 1972 cum laude
University of Massachusetts B.A., 1969 magna cum laude Phi Beta Kappa
Professional Activities
Testified Before the Senate Judiciary Committee on Organized Crime
Faculty Member of the Practicing Law Institute on Personal Liability for Environmental Violations (1991)
Presentations
February 2009 Dorsey Symposium for Corporate Leaders - Securing Electronic Business Information: Do You Know What You May Be Missing?
March 2008 Directors Round Table - Corporate Digital Assets: Protecting the Secrets of Success
February 2008 - Current Issues in White Collar Litigation
Association of Corporate Counsel
June 2007 - Annual Meeting and Ethics Marathon
October 2007 - Protecting Your Corporate Data: Using Self-Help and Taking Protective Measures
December 2005 - Ethics Marathon
November 2005 - Corporate Counsel Community Forum
Referenced in Popular Books
Master of the Game, Connie Bruck
The Right and the Power, Leon Jaworski
Secrets, A memoir of Vietnam and the Pentagon Papers, Daniel Ellsberg
Sinatra, Anthony Summers and Robbyn Swan
Vengeance Is Mine, Muchael Zuckerman
Recent Legal Commentary
"Hotel Feud Prompts Grand Jury Into Probe," Wall Street Journal, October 7, 2009
Media Presentations
"The Law Fits the Crime," appearance on Brian Leher Show, December 10, 2008
Attorney Articles
Dismissal of CFAA Claims for Lack of Jurisdiction, The National Law Journal, July 5, 2010
Corruption Digest, June 2010, June, 2010
Employee E-Mails To Personal Counsel Held To Be Protected By Attorney-Client Privilege, May 14, 2010
Dorsey’s Akerman and Perkovich Update Chapters in Leading ESI Discovery Treatise for Corporate Counsel, April 5, 2010
"Time to Review Corporate Computer Policies," The National Law Journal, February 1, 2010
"Will the Justices Rule on the Computer Fraud and Abuse Act," The National Law Journal, September 23, 2009
"You Have the Right to Remain Silent ... and Tweetless" Star Tribune, August 19, 2009
"When Workers Steal Data to Use at New Jobs," National Law Journal, July 15, 2009
"Unsecured Economies - Protecting Vital Information," McAfee, Inc., March 18, 2009
"State Compliance Laws," The National Law Journal, March 1, 2009
"Opinion: Criticism of woman's prosecution in cyberbullying case is off base," San Jose Mercury News, December 31, 2008
"The PRO-IP Act," Co-author, The National Law Journal, December 22, 2008
"Opposing view: The law fits the crime," USA Today, December 3, 2008
Web Site Terms of Use, October 3, 2008
"RICO and Data Thieves," National Law Journal, June 17, 2008
"The Law Fits the Crime," National Law Journal, May 26, 2008
Sarbanes Oxley: Protecting Company Data, May 12, 2008
Federal and State Regulation of Personal Data, May 12, 2008
"Protecting Personal Data in Franchise Systems: New Notification Laws," (co-author) LJN’s Franchising and Business Law Alert, March 2008
"Protecting Personal Data," National Law Journal, December 3, 2007
"Conversion of E-Data," National Law Journal, October 1, 2007
"Recent CFAA cases," National Law Journal, June 4, 2007
"E-Discovery Under CFAA," National Law Journal, March 5, 2007
"Unauthorized Access," National Law Journal, November 27, 2006
"Evidence Under the CFAA," National Law Journal, July 17, 2006
"CFAA and Data Destruction," National Law Journal, April 10, 2006
"Unauthorized Access," National Law Journal, December 12, 2005
"Computer Data: CFAA Resembles RICO," National Law Journal, August 29, 2005
"Confidential Data: Mandatory Protection," National Law Journal, May 23, 2005
"CFAA as a Civil Remedy," National Law Journal, February 14, 2005
"CFAA's $5,000 Threshold," National Law Journal, October 18, 2004
"New Guidelines' Impact," National Law Journal, July 05, 2004
"Civil RICO Actions," National Law Journal, April 14, 2004
"Protecting Yourself While Protecting Your Computer Data: Two Laws Make it More Important Than Ever," EDP Audit, Control, and Security Newsletter, December 2003
"Economic Espionage Act," National Law Journal, December 1, 2003
"New Identity Theft Law," National Law Journal, June 16, 2003
Total Rewards on Guard, Workspan, December 2002
"Computer Security," The National Law Journal, September 16, 2002
"Trade Secrets: How To Protect Them," National Law Journal, March 18, 2002
"Computer Law: Civil Relief Under CFAA," National Law Journal, December 24, 2001
"Trade Secrets Law: Use of Written Agreements," National Law Journal, December 11, 2000
"Trade Secrets: Preventing a Leak," National Law Journal, September 4, 2000