Generally when one refers to “competitors” in the context of protecting trade secrets, it is in regard to business competitors, not competing sports teams. And usually when the talking heads on sports radio and television are discussing legal issues, they relate to domestic violence or other crimes, concussions, illicit and performance enhancing drugs, or labor disputes (sometimes even non-competes), not to corporate espionage. Recently, however, the worlds of sports and trade secret protection collided on the baseball diamond when the St. Louis Cardinals were accused of hacking into the Houston Astros’ internal computer network and stealing proprietary information. According to the New York Times, Cardinals employees gained access to the Astros’ “internal discussions about trades, proprietary statistics and scouting reports,” which the Astros no doubt would prefer to keep private. Specifically:
Law enforcement officials believe the hacking was executed by vengeful front-office employees for the Cardinals hoping to wreak havoc on the work of Jeff Luhnow, the Astros’ general manager, who had been a successful and polarizing executive with the Cardinals until 2011.
The Astros hired Mr. Lunhow away from the Cardinals in December 2011, and he quickly helped to turn the struggling team into a contender (they currently have the best record in the American League—and the second best record overall, trailing only the Cardinals who are perennial contenders). This allegedly caused Cardinals personnel to be concerned that Mr. Lunhow had taken their proprietary baseball information with him to the Astros (he has denied doing so). Indeed, highlighting the benefits of a trade secret audit, accessing the Astros’ computer system was apparently quite simple and unsophisticated, as Mr. Lunhow purportedly used the same password to access the Astros’ network that he had previously used to access the Cardinals’ network (he has denied this as well). According to the Times:
Investigators believe that Cardinals personnel . . . examined a master list of passwords used by Mr. Luhnow and the other officials when they worked for the Cardinals. The Cardinals employees are believed to have used those passwords to gain access to the Astros’ network, law enforcement officials said.
The FBI is investigating and “subpoenas have been served on the Cardinals and Major League Baseball for electronic correspondence.” The Cardinals and/or any employees involved in the hacking could face federal criminal charges, including charges under the Economic Espionage Act (EEA), which deals with theft of trade secrets, the Computer Fraud and Abuse Act (CFAA), which deals with the hacking itself, and perhaps even the Wire Fraud Statute.
Charges under the EEA would require prosecutors to prove that the Cardinals: (1) stole or misappropriated trade secret information (as defined by the Uniform Trade Secrets Act); (2) knew that such information was proprietary; (3) knew that such information was stolen or misappropriated; (4) acted with the intent of economically benefitting someone other than the Astros (i.e., the Cardinals); and (5) intended to injure the Astros. Moreover, the prosecution would also have to prove that the trade secrets were “related to or included in a product that is produced for or placed in interstate or foreign commerce,” which Major League Baseball (the “product” here) certainly is. A person found guilty of violating the EEA can be fined or imprisoned up to 10 years, or both, and an organization such as the Cardinals that is found guilty can be fined up to $5 million.
Charges under the CFAA would require prosecutors to prove that the Cardinals: (1) accessed a protected computer, (2) without authorization or by exceeding such authorization as was granted; (3) knowingly and with the intent to defraud; and (4) obtained something of value in furtherance of the intended fraud. Penalties under the CFAA also include fines and imprisonment.
Some states have analogous criminal statutes, including both Texas and Missouri, which could be implicated given that the victim of the alleged hacking, the Astros, are located in Houston, and the alleged perpetrators, the Cardinals, are located in St. Louis.
The Astros could also seek civil damages under federal law, including under the CFAA and possibly the Stored Communications Act (if communications were hacked), as well as under state law, including state unfair business practices statutes, trade secret misappropriation statutes, and common law claims of misappropriation, conversion, and the like. Indeed, the Missouri criminal statute discussed above contains a civil cause of action that allows for the recovery of compensatory damages and attorneys’ fees where there tampering with computer data, equipment, and users can be proven (including “any expenditures reasonably and necessarily incurred by the owner or lessee to verify that a computer system, computer network, computer program, computer service, or data was not altered, damaged, or deleted by the access”).
Although it appears, based on the limited facts that have been publicly disclosed to date, that the Astros could have strong civil claims against the Cardinals, it is far more likely that they will simply allow federal officials to pursue any criminal charges they may deem appropriate, and otherwise handle the issue within the confines of MLB’s disciplinary process. Indeed, MLB’s constitution requires that teams address “[a]ll disputes and controversies related in any way to professional baseball” internally, with the commissioner acting as arbitrator.