You are viewing a javascript disabled version of the site. Please enable Javascript for this site to function properly.
Go to headerGo to navigationGo to searchGo to contentsGo to footer
In content section. Select this link to jump to navigation

Hackers strike out: Recent cases of alleged sports analytics IP theft

Abstract

This article discusses recent cases of alleged misappropriation, infringement, and/or theft of sports analytics intellectual property. First, it discusses the federal court case National Football Scouting v. Rang and analyzes the copyright and trade secret disputes at issue in that case. Second, it discusses the recent hacking of and theft from the Houston Astros’ proprietary database and analyzes the potential legal ramifications of the same under trade secret law and the federal Computer Fraud and Abuse Act.

Over the past several years, the application of trade secret law to sports analytics has received increased attention. Scholarly articles2 and those in the popular press3 have noted that the various elements of the business of sports analytics –statistical compilations, computer programs, player evaluation methods, confidential business information, to name just a few –should be eligible for trade secret protection. As one article notes, with the implementation of new digital video technology for measuring baseball players’ fielding ability, and other sports’ increasing reliance on technology and analytics, new and interesting issues of trade secret and other intellectual property law will continue to proliferate in the sports analytics field.4

Under applicable law, trade secrets are generally defined as information that is competitively valuable and subject to reasonable efforts to maintain secrecy.5 The Uniform Trade Secrets Act (UTSA), which has been enacted (with some variation) in all but a few states, defines trade secrets as including formulas, patterns, compilations, programs, devices, methods, techniques, or processes –all of which are used, to varying degrees, in the development, collection, and application of sports analytics.6 Under the UTSA, in order to qualify as trade secrets, these types of information must derive economic value by virtue of the fact that they are kept secret from others who might gain value from them.7 Sports analytics information will typically meet this requirement. For example, among competitive sports franchises, if one team’s confidential player-evaluation programs were made available to other teams, those teams could use such knowledge to adjust their on-field approaches (e.g., using particular defensive alignments) or off-field approaches (e.g., demanding a greater return for the sale of a player that the selling team knows the buying team rates highly) to gain a competitive advantage. Likewise, among companies that sell sports analytics services, disclosure of their proprietary and confidential data-collection methods, data compilations, and data-analysis tools –all of which required time, effort, and money to develop –might allow competitors to undercut their position in the sports analytics market.

Significantly, the UTSA requires entities seeking to protect trade secrets to take reasonable measures to maintain their secrecy.8 This does not require “[h]eroic” efforts,9 but, depending on the facts, may involve the use of nondisclosure agreements (NDAs), limiting trade secret access on a need-to-know basis among employees or contractors, using computer passwords and firewalls, and/or marking documents and files with confidentiality legends.10

Under the UTSA, if a person misappropriates trade secrets, that person may be held civilly liable for damages or subject to injunctive relief prohibiting that party from using certain information, working for a specific employer or in a specific field, or developing or marketing specific products or services for a period of time.11 Although misappropriation can take many forms, it typically occurs via theft (e.g., by hacking or accessing a computer without authorization and copying trade secret information)12 or through the disclosure or use of trade secret information in a manner that violates a duty of confidentiality (e.g., using Company A’s trade secrets obtained pursuant to a NDA to help Company B develop a competing product).13 Federal laws, including the Computer Fraud and Abuse Act14 (CFAA) and the Economic Espionage Act,15 may provide further grounds for civil and/or criminal liability in cases involving trade secret misappropriation.

Recent developments in the case law and the news elucidate possible intersections of intellectual property law and sports analytics. This article briefly discuss two of those developments: (1) National Football Scouting, Inc. v. Rang,16 a federal district court case in Washington State involving disclosure of confidential football player ratings; and (2) news reports regarding the hacking of the Houston Astros’ proprietary database, “Ground Control,” the publication of “confidential information” from the database regarding trade talks and player evaluations, and the FBI’s investigation of the St. Louis Cardinal’s front office in connection with the hack.17 Both examples provide insight into how courts, law enforcement, sports teams, and other businesses might address intellectual property protection for competitively valuable information.

The Rang case involved a copyright and trade secret dispute between the plaintiff, National Football Scouting, Inc. (NFS), and the defendants, part-time sports writer Robert Rang and the website for which he wrote, Sports Xchange. NFS compiled yearly Scouting Reports in which NFS assigned each player an overall Player Grade, i.e., “a numerical expression representing [NFS’] opinion of the player’s likelihood of success in the NFL.” The Scouting Reports were copyrighted as unpublished works and shared only with twenty-one NFL clubs who paid for the reports for use in the draft. From 2010 to 2011, Rang –ignoring NFS’ cease and desist letters –published eight articles discussing Player Grades for eighteen college players.18

Ruling on the parties’ dueling motions, the federal court held that while NFS’ Player Grades were “compilations of data chosen and weighed with creativity and judgment” and therefore copyrightable, Rang had established the defense of “fair use” by including the Player Grades in his own original and creative commentary for a public audience.19 However, the court also held that NFS had a right to a jury trial on its claim that Rang misappropriated its trade secrets by publishing the Player Grades. The court found that both sides had presented conflicting evidence as to whether NFS “made reasonable attempts to preserve the secrecy” of the Player Grades and “whether the grades receive economic value from not being generally known,” such that a jury would need to decide these factual issues.20

As is typical is most civil litigation, a jury never got that chance –the parties entered into a confidential out-of-court settlement. Court documents indicate that the settlement required Rang and Sports Xchange to pay damages, attorneys’ fees, and costs to NFS, and also subjected Rang and Sports Xchange to a permanent injunction prohibiting them from disseminating “any grades or other information... generated by NFS or taken from its Scouting Reports.”21 Thus, the court’s rulings and the terms of the settlement in Rang buttress the conclusion that a business entity’s methods of generating and presenting player evaluations, if kept reasonably secret, should be entitled to trade secret protection.22

While certain disputes, like the Rang case, implicate both trade secret and federal copyright law, the Astros’ recent experience demonstrates that alleged trade secret theft will often implicate other federal laws, such as the CFAA. Reportedly, the Houston Astros’ database called “Ground Control” –a “built-from-scratch online database for the private use of the Astros front office... giving executives instant access to player statistics, video, and communications with other front offices around baseball” –was hacked in 2013.23 According to the Astros, an “outsider” gained “illegal” access to the Ground Control database, and posted on the internet “proprietary information” from the database consisting mainly of communications with other teams about potential trades.24 In June 2015, newspapers reported that the FBI had subpoenaed the St. Louis Cardinals organization in connection with a pending criminal probe based on “evidence that Cardinals employees broke into” the database. Investigators believe the hackers gained access by referencing a master list of passwords that Astros General Manager Jeff Luhnow used while he previously worked in the Cardinals’ front office.25 As of the start of December 2015, no charges had been filed.

If Cardinals’ employees were, in fact, responsible for the breach, the Astros may have grounds to assert a trade secret misappropriation claim against them personally and the Cardinals’ organization. For example, if the Cardinals obtained confidential information about the Astros organization’s evaluations of its own players or other MLB players, and used that information to outmaneuver or foil the Astros’ plans in the trade market, the Astros would appear to have a strong case of trade secret misappropriation (although proving damages might be challenging). In such a scenario, the Astros’ would have a strong argument that their player evaluations constitute trade secrets –much like the court in Rang held that NFS’ player ratings could be found by a jury to be trade secrets –because they are competitively valuable (inasmuch as the hack likely advantaged Cardinals or disadvantaged the Astros in the trade market) and they were subject to reasonable efforts to maintain secrecy (i.e., were contained in a limited-access, password-protected database).26

The CFAA, which is primarily a criminal statute but permits civil remedies, appears to be tailor-made for this case. In the civil law context, it applies (among other circumstances) where a person hacks into or accesses “without authorization”27 a “protected computer” –one used in interstate or foreign commerce –in order to obtain data or information from that computer.28 If the person or entity whose computer was hacked or accessed incurs costs of at least $5,000 in a one-year period “to investigate and respond to a computer intrusion” it can sue the perpetrator(s) under the CFAA for recovery of compensatory damages and for injunctive or other equitable relief.29 The hack of the Astros’ Ground Control database and resulting theft of information undoubtedly cost the Astros more than $5,000 to investigate and respond. Thus, if the Astros were to file a civil suit, such suit could likely include a claim for violation of the CFAA. Further, given the FBI’s pending criminal investigation and issuance of subpoenas, it would not be surprising to see criminal charges filed against the perpetrator(s) for trade secret theft under the Economic Espionage Act and/or the CFAA, among other possible charges.

As these examples show, the emergence of analytics as an integral element of success in professional sports, the vast amounts of money at stake, and evolving technologies will continue to present challenges for professional sports clubs, persons and entities whose business is sports analytics, and the lawyers who advise them. Trade secret law, copyright law, and the CFAA, among other sources of law, will continue to provide the owners of this valuable information with important tools to protect against hackers, misappropriators, or others attempting to engage in unfair competition.

Notes