Reverse Engineering Software Obtained by Online Clickwrap Agreement is not Misappropriation of Trade Secrets: California District Court | Practical Law

Reverse Engineering Software Obtained by Online Clickwrap Agreement is not Misappropriation of Trade Secrets: California District Court | Practical Law

In Aqua Connect, Inc. v. Code Rebel LLC, the US District Court for the Central District of California dismissed a remote-access software company's claim that one of its customers violated the California Trade Secrets Act (CTSA) when it downloaded and reverse engineered a trial version of the company's software. The court emphasized that CTSA's definition of "improper means" trade secret misappropriation specifically states that reverse engineering alone is not an improper means of acquiring trade secret information. The court rejected the software company's argument that the prohibition on reverse engineering in its End User License Agreement (EULA) made the activity an improper means of obtaining the trade secret information. The court also rejected the software company's argument that its EULA created a duty for its customers to maintain the secrecy of company trade secrets.

Reverse Engineering Software Obtained by Online Clickwrap Agreement is not Misappropriation of Trade Secrets: California District Court

by PLC Labor & Employment and PLC Intellectual Property & Technology
Published on 21 Feb 2012USA (National/Federal)
In Aqua Connect, Inc. v. Code Rebel LLC, the US District Court for the Central District of California dismissed a remote-access software company's claim that one of its customers violated the California Trade Secrets Act (CTSA) when it downloaded and reverse engineered a trial version of the company's software. The court emphasized that CTSA's definition of "improper means" trade secret misappropriation specifically states that reverse engineering alone is not an improper means of acquiring trade secret information. The court rejected the software company's argument that the prohibition on reverse engineering in its End User License Agreement (EULA) made the activity an improper means of obtaining the trade secret information. The court also rejected the software company's argument that its EULA created a duty for its customers to maintain the secrecy of company trade secrets.

Key Litigated Issues

On February 13, 2012, the US District Court for the Central District of California issued an order in Aqua Connect, Inc. v. Code Rebel LLC, dismissing the plaintiff software company's claim that one of its customers violated the California Trade Secrets Act (CTSA). The key litigated issues were whether:
  • The customer misappropriated the software company's trade secrets when it legally downloaded a trial version of the plaintiff's software and reverse engineered the program.
  • The customer owed the software company a "duty to maintain secrecy" because it agreed to an End User License Agreement (EULA) when it downloaded the program.

Background

Defendant Code Rebel downloaded a trial version of remote-access software sold by plaintiff Aqua Connect. When downloading the software, Code Rebel agreed to an EULA, which prohibited reverse engineering. Code Rebel then allegedly reverse engineered Aqua Connect's software and began to offer its own remote-access program, which Aqua Connect claims was modelled on its own program.
Aqua Connect filed a complaint in the Central District of California, alleging, among other things:
  • Trade secret misappropriation through improper means under the CTSA.
  • Breach of the "duty to maintain secrecy" based on the EULA.
Code Rebel filed a motion to dismiss for failure to state a claim.

Outcome

Aqua Connect alleged trade secret misappropriation for which a plaintiff must plead that:
  • It owns a trade secret.
  • The defendant acquired, disclosed or used the trade secret through improper means.
  • These actions injured the plaintiff.
(Cal. Civ. Code § 3426.1 (2011).)
The court dismissed the claim because the CTSA expressly states that reverse engineering is not, in itself, improper means. In doing so, the court focused on Code Rebel's proper access of the trial version of the software. Because Aqua Connect's only improper means alleged was reverse engineering, the court found there was no trade secret misappropriation.
Aqua Connect argued that a breach of the EULA, because it prohibited reverse engineering, caused reverse engineering after otherwise lawful access to be an improper means of acquiring trade secret information. The court rejected this argument, citing a California Supreme Court concurring opinion, holding that a party cannot use a consumer contract "to, in effect, change the statutory definition of 'improper means' under trade secret law to include reverse engineering" (DVD Copy Control Ass'n, Inc. v. Bunner, 31 Cal. 4th 864, 901 n.5 (2003)).
In its alternative argument, Aqua Connect claimed that Code Rebel breached a "duty to maintain secrecy" created under California law (Cal. Civ. Code § 3426.1 (2011)). The court, however, noted that this duty generally arises as a fiduciary duty or in an employment agreement, but not in the context of a form license agreement between a customer and a company. For more information on trade secrets in the employment context, see Practice Note, Protection of Employers' Trade Secrets and Confidential Information. For more information about California trade secret law, see State Q&A, Trade Secret Laws: California.

Practical Implications

In light of this decision, California companies should be aware that form EULAs cannot modify the "improper means" requirement under the CTSA to include reverse engineering. While a claim cannot be made for trade secret misappropriation under this statute for reverse engineering alone, companies may have a breach of contract claim for reverse engineering and may have a claim for trade secret misappropriaton if improper access can otherwise be shown.

Court Documents