While recent discussions on copyright protections and anti-piracy crackdowns have focused on the Stop Online Piracy Act and the Protect Intellectual Property Act now pending in Congress, states have also entered the fray, particularly in the area of stolen or misappropriated information technology harming competition.  At least thirty-nine states have called on the Federal Trade Commission ("FTC") to define theft or misappropriation of information technology ("IT") as unfair competition under Section 5 of the FTC Act, while other states have  enacted new statutes or amended their consumer protection laws to explicitly define piracy as unfair competition.  For example, in 2010, Louisiana enacted a law making it illegal to sell products or offer services in Louisiana that were manufactured or developed using stolen IT (including pirated software).  See La. Rev. Stat. Ann. § 51:1427. 

In July 2011, Washington State joined the fray and enacted the Stolen or Misappropriated Information Technology Law, becoming the first state to revise existing unfair competition law to make it unlawful to offer for sale in Washington a product manufactured using stolen or misappropriated IT.  See generally Wash. Rev. Code § 19.330 et seq. (available at http://apps.leg.wa.gov/rcw/default.aspx?cite=19.330).  Although this law creates broad liability--for direct manufacturers as well as third party retailers or distributors--the availability of a safe harbor and affirmative defenses may permit companies to avoid liability by adopting curative practices to halt or prevent the use of stolen or misappropriated IT. 

Summary of the Washington Law's Provisions Liability.  The new law creates a cause of action for unfair competition when a product that is sold in the State of Washington is manufactured, produced, or assembled with stolen or misappropriated IT (defined as commercially available hardware or software used without permission of the owner or licensor).  The use of the misappropriated IT is not limited to the manufacturing process, and it may extend to other business operations (such as distribution, marketing, sales, accounting, billing, and advertising).  Although the law creates direct liability for any company that manufactures a product sold in Washington State, based upon foreign piracy rates, the most likely defendants are likely to be third parties in a contractual relationship with a foreign manufacturer that uses stolen or misappropriated IT.  If the direct user is liable and either does not have sufficient assets to satisfy the judgment or simply fails to appear in Washington courts, then either the Attorney General or a private plaintiff may bring an action against a third party retailer or distributor, in a direct contractual relationship with the offending manufacturer to satisfy the judgment (as long as the retailer or distributor sells or distributes the offending goods in Washington and has more than $50 million in annual revenues).  

Standing.  The law limits standing to sue to the Washington Attorney General, or private party competitors of the offending manufacturer if the value of the stolen IT exceeds $20,000 and the competitor:  (i) manufactures products that are in direct competition with the products manufactured by the party using the stolen IT; (ii) does not use stolen IT; and (iii) offers the competing products for sale in Washington. 

Notice.  The law imposes a pre-filing notice requirement on the IT owner before the Washington State Attorney General or a private plaintiff can bring suit.  Specifically, the IT owner must provide the user of the illegal IT with written notice that includes the details of the stolen IT, the products involved, the particular law violated, and evidence supporting the allegations.  The user then has an opportunity to take remedial action, such as obtaining proper licensing or by demonstrating that the IT is not stolen or misappropriated. Remedies and Enforcement Provisions.  Following notice and an opportunity to cure, the plaintiff may proceed with an action against the direct violators, an in rem action against the infringing products, or an action against third party distributors or retailers--in that sequence.  Direct violators may face either monetary damages or an injunction to halt the sale of products manufactured in violation of the law.  If a competitor-plaintiff seeks injunctive relief, then it must also demonstrate "material competitive injury," which the statute defines as a 3% retail price difference between the illegal product and a directly competing product manufactured without the use of stolen IT.  Monetary damages against direct violators may be awarded for the greater of actual direct damages or statutory damages equal to the retail price of the stolen or misappropriated IT, and treble damages are available for "willful" violations.  The law also authorizes awards of costs and attorney's fees. If the court is unable to obtain personal jurisdiction over the direct violators, the court may proceed in rem against the products after providing 90 days' notice to the person in possession of the offending goods.  To prevent supply disruptions from any attachment order, any person for whom the products were manufactured may post a bond equal to the retail price of the stolen IT or $25,000, whichever is less.  The bond must be posted within the 90-day notice period.  The attachment order will then proceed against the bond, and the goods will be released. 

Finally, if the competitor-plaintiff is unable to collect damages from the direct violator or in an in rem action, the law permits the collection of damages from a third party retailer or distributor with a contractual relationship with the defendant-manufacturer in an amount equal to the lesser of the retail price of the stolen IT or $250,000, minus any amounts recovered from the user of illegal IT.  Damages are only available if the user of illegal IT made the final product sold by the third party or produced a component equal to 30% or more of the value of the final product.

Exceptions, Safe Harbor, and Affirmative Defenses.  The law provides categorical exception from liability where the product at issue:  (i) is a medical product regulated by the Food and Drug Administration; (ii) is a food or beverage; (iii) is copyrightable; (iv) displays copyright work; or (v) involves alleged patent infringement or stolen trade secrets. 

The law also creates a "safe harbor" if the third party retailer or distributor establishes certain "commercially reasonable" practices to discourage manufacturers from using stolen or misappropriated IT--namely, a written code of conduct or other similar document prohibiting the use of stolen IT with an enforcement mechanism (such as audit rights).  But if the code of conduct does not contain an enforcement mechanism, then the third party must take additional steps within 180 days of receiving notice of a judgment against a manufacturer under the law to avail itself of the safe harbor.  For example, a third party may avoid liability if it exchanges correspondence with the manufacturer containing assurances that the manufacturer is not using stolen or misappropriated IT, which may be demonstrated by invoices, licenses, or other evidence of IT ownership.  That is, if the manufacturer obtains the proper licensing for the IT within 180 days of notice of an adverse judgment, then the third party distributor or retailer cannot be held liable.  Indeed, the third party may avoid liability even in the absence of any cooperation from the manufacturer if, within 180 days of notice of an adverse judgment, it demands that the manufacturer cease using stolen IT and furnish documentation of proper licensing.  The law clarifies that "the third party need take no additional action to fully avail itself of this affirmative defense."  The third party may also avoid liability if within 180 days of notice of an adverse judgment, it ceases to purchase goods from the offending manufacturer if doing so would not violate any agreement.

Furthermore, a third party retailer or distributor has a complete defense against liability if it proves by a preponderance of the evidence that it:  (i) is an end user or consumer of the product; (ii) has annual revenues of less than $50 million; or (iii) does not have a contractual relationship with the direct violator. 

Finally, it remains unclear what, if any, statute of limitations defenses an offending manufacturer or a third party retailer or distributor may raise.  The law does not modify or alter any existing Washington statute of limitations, yet the safe harbor and notice requirements seem to create liability only for conduct that is on-going.  That is, past acts of using illegal or misappropriated IT do not appear to be the proper bases for liability under the law. 

Conclusion By defining the use of stolen or misappropriated IT to manufacture products for sale in Washington as unfair competition, the law creates broad liability for manufacturers as well as third party retailers and distributors in direct contractual relationship with the offending manufacturer.  Failure to comply with the new law places manufacturers, retailers, and distributors at risk of an action for damages as well as supply chain disruptions.  While the law contains several safe harbors and affirmative defenses, the courts have not yet interpreted these provisions.  As a result, the onus remains on manufacturers, retailers, and distributors to examine their business operations (as well as the operations of those with whom they share a direct  contractual relationship) to determine whether they have the proper licensing for all IT used in the manufacture of goods sold in Washington, and to proactively develop procedures to discourage the use of stolen or misappropriated IT.