Earlier this month, the Second Circuit clarified the requirements for alleging a trade secret misappropriation claim under the Defend Trade Secrets Act (“DTSA”). The decision affirmed the Eastern District of New York’s dismissal of a trade secret misappropriation lawsuit against a formerly licensed software user. In short, the Second Circuit’s decision affirmed a more stringent view of DTSA requirements to find that a trade-secret plaintiff alleging misappropriation of software functionality must have direct allegations it had confidentiality and non-disclosure agreements with software’s vendors and end users.

The Second Circuit decision stemmed from a 2020 lawsuit by Turret Labs USA, Inc. (“Turret”) against a former user of its “Dock EnRoll” software (“Dock EnRoll”), CargoSprint, LLC (“CargoSprint”). Dock En Roll facilitates the hand-off of air cargo arriving in the United States to ground transporters and the payment of associated storage and handling fees. Its target audience are those in the freight forwarding business. Turret entered an exclusive licensing agreement with Lufthansa Cargo Americas (“Lufthansa”) to manage Dock EnRoll and grant access to other users. Turret alleged that CargoSprint licensed Dock EnRoll through Lufthansa under false pretenses to misappropriate Turret’s trade secrets and reverse engineer its own software. CargoSprint is not in the freight forwarding business, and according to Turret, evaded security precautions to gain unfettered access to Dock EnRoll. The District Court dismissed the second version of Turret’s complaint because it failed to adequately allege reasonable measure to protect the alleged trade secret in the Dock EnRoll software.

On appeal, Turret contended that it undertook extensive security measures, such as physically securing Dock EnRoll servicers and limiting access to those with usernames and passwords, and that Dock EnRoll qualified as a trade secret under the DTSA. The Second Circuit sought to clarify the pleading standards for the existence of a trade secret with its ruling.

The Second Circuit confirmed that what constitutes “reasonable measures” to keep information secret under the DTSA depends on the nature of the trade secret. It agreed with the District Court that “where an alleged trade secret consists ‘primarily, if not entirely,’ of a computer software’s functionality—’functionality that is made apparent to all users of the program’—the reasonableness analysis will often focus on who is given access, and on the importance of confidentiality and nondisclosure agreements to maintaining secrecy.” Here, the Second Circuit found that “notably absent” from Turret’s allegations was that Lufthansa or any other user of Dock EnRoll was required to keep Turret’s information confidential. This was predicated on the fact that Turret did “not plead that it had confidentiality or nondisclosure agreements in place with Lufthansa or other users of Dock EnRoll.”

The Second Circuit rejected Turret’s “extensive list of security measures for Dock EnRoll” because the measures were not reasonably calculated to safeguard Turret’s proprietary information that was available to any user of the Dock EnRoll software. Critically, Turret failed to allege that it had an agreement with Lufthansa wherein Lufthansa would limit users to those in the freight forwarding business. Lufthansa’s own security protocols containing such restrictions were insufficient to plausibly allege Turret’s ‘reasonable measures’ to protect Dock EnRoll as a trade secret under the DTSA.

The Second Circuit’s decision will be useful to trade-secret defendants in future cases who face allegations of misappropriating software functionality that is available to any licensed user. For software functionality to qualify as a trade secret under the DTSA, a trade-secret plaintiff must plead it had confidentiality and non-disclosure agreements with the software’s vendors and end users. The Second Circuit decision is consistent with those in the Eighth and Ninth Circuits, but whether this decision inspires other circuits to follow is something we will monitor closely.