Chapter 17: Out of thin air: trade secrets, cybersecurity and the wrongful acquisition tort
Restricted access

The discourse surrounding cybersecurity typically involves stories of some form of computer hacking or other nefarious means by which one person or entity gains information from another. While the nature of the information that is obtained is often of value to the victims of the cyberintrusion (usually because it is confidential business or personal information), it may also be of little value in the long term. Thus, if we want to deter cyberintrusions, it makes little sense to focus on the nature of the information if the ‘wrong’ is the intrusion itself. Unfortunately, while this notion of wrongdoing is clearly reflected in legal principles that developed at common law for the terrestrial world (for instance, the torts of trespass to land and trespass to chattels), it has not developed in the realm of cyberspace. Seeds of the distinction are seen in US statutory law when one compares the elements of a claim under the Computer Fraud and Abuse Act (CFAA) and US trade secret law, with the CFAA focusing on the act of intrusion. Also, under US trade secret law as defined by both the Uniform Trade Secrets Act (UTSA) and the Defend Trade Secrets Act of 2016 (DTSA), a similar distinction is embedded that has not been fully explored in the literature; namely, the distinction between the trade secret wrongs of ‘disclosure or use in breach of a duty of confidence’ and ‘acquisition by improper means’. Interestingly, it appears that the latter wrong developed in the United States much later than the breach of confidence claim, which was imported from England beginning in the mid-nineteenth century. This chapter explores the development of what is henceforth labelled ‘the wrongful acquisition tort’ for purposes of determining both its origins and elements. A goal of the chapter is to determine if it makes sense to conceive of a wrongful acquisition tort as part of the law of trade secrecy (or breach of confidence), or whether it should stand alone so that the nature of the information acquired is less important than the act of wrongful acquisition. One ramification of the distinction may be in how we conceive of the harm that is caused by a wrongful acquisition of information, particularly in cases where the information is otherwise in the public domain or was taken but not subsequently disclosed or used. Another is that recognition of a separate tort of wrongful acquisition might allow us to better distinguish between employee and third party trade secret misappropriation claims, with their differing public policy implications and defences. Relatedly, understanding the origins and elements of the wrongful acquisition tort may help to define when and how employers should be allowed to contractually define what constitutes improper access (and therefore wrongful acquisition) of information by employees.

You are not authenticated to view the full text of this chapter or article.

Access options

Get access to the full article by using one of the access options below.

Other access options

Redeem Token

Institutional Login

Log in with Open Athens, Shibboleth, or your institutional credentials

Login via Institutional Access

Personal login

Log in with your Elgar Online account

Login with you Elgar account
Edited by Tanya Aplin