The IT Law Wiki


Storage Technology Corp. v. Custom Hardware Eng'g & Consulting, Inc., 421 F.3d 1307 (Fed. Cir. 2005) (full-text).

Factual Background[]

Storage Technology Corporation (“StorageTek”) manufactured automated tape cartridge libraries that could store massive amounts of computer data, which consisted of Library Storage Modules, or “silos,” that contain numerous tape cartridges, tape drives for reading the cartridges, and a robot arm for moving the cartridges. Each silo was a Library Control Unit that controlled the robotic mechanisms in the silo and monitored their progress. The individual silos and Control Units were connected via a local area network to a Library Management Unit, which was a computer that could direct and control several silos. To access data from the library, a user would send a request for the data to the Management Unit, which would then transmit commands to the appropriate Control Unit to find and read the tape cartridge containing the requested data. Then the Control Unit would send the data over the network back to the Management Unit.

The lawsuit concerns what occurred when the entire tape library was first turned on. Upon start-up, the Management Unit loaded an executable code from its hard drive into its random access memory (“RAM”). And when the Control Unit was powered up, the Management Unit sent other code across the network to the Control Unit, where it was loaded into the Control Unit's memory. Both processes happened automatically, without any action by the library user.

When StorageTek would sell its tape libraries to customers, it did not sell the software that runs the library. Rather, it only licensed the programs to its customers, and that license covers only the functional code portions of the software, and it specifically excluded the maintenance code. However, StorageTek provided the entire code to the customer. And both the functional and maintenance code were automatically loaded into the RAM of the Control Unit and Management Unit upon start-up, and copying the entire code was necessary to activate and run the library.

Custom Hardware Engineering & Consulting, Inc., (“CHE”) was an independent business that repaired data libraries manufactured by StorageTek. In order to diagnose problems with the libraries, CHE intercepted and interpreted error messages produced by the maintenance code. To ensure that the Control Unit was configured to send the fault symptom codes, CHE needed to override a password protection scheme, called GetKey, which was written by StorageTek to disallow certain unauthorized reconfigurations of the maintenance code on the Control Unit.

CHE had used two devices to circumvent GetKey, the original device, called a Library Event Manager (“LEM”), was connected to the network between the Control Unit and the Management Unit, and the LEM worked by trying different passwords to “crack” GetKey. Based on the information in the error codes, CHE was able to diagnose and repair the data libraries.

Trial Court Proceedings[]

StorageTek sued CHE alleging that CHE committed copyright infringement when it rebooted and reconfigured its customers' Control Units and Management Units. Additionally, StorageTek alleged that CHE violated the anticircumvention provision of the Digital Millennium Copyright Act (DMCA)[1]. when CHE circumvented the GetKey protection system to force the customer's Control Unit to transmit error codes.

StorageTek also claimed that CHE misappropriated its trade secrets by intercepting the Event Messages, which StorageTek claimed was confidential information. In response, CHE counterclaimed, alleging that StorageTek had committed various antitrust violations.

The district court ruled that StorageTek had shown a substantial likelihood of success on the copyright infringement, DMCA, and trade secret claims. Additionally, the court found that the potential losses to StorageTek's business due to CHE's activities were sufficiently great that the balance of hardships favored issuing a preliminary injunction.

Also, the trial court held that CHE's antitrust counterclaims would likely fail and in any event could not shield CHE from an injunction. The court enjoined CHE from circumventing the GetKey system, intercepting and displaying Event Messages, or causing the copying of the maintenance code on its customers' systems. CHE appealed.

Appellate Court Proceedings[]

The Court of Appeals held that the service company came within the safe harbor provisions of the DMCA for software copying done solely for purposes of maintenance or repair. In addition, the company's circumvention of manufacturer's encryption system did not violate the DMCA. And finally, that error messages generated by manufacturer's maintenance software were not trade secrets.

The LEM and ELEM devices allowed CHE to bypass GetKey and gain access to the maintenance code. Furthermore, the manner in which they function required that the Control or Management Units be rebooted, causing the protected software to be copied into RAM. Nonetheless, simply because the ELEM or LEM allowed access to the copyrighted work concurrently with the copying did not mean that the ELEM or LEM facilitated copyright infringement. Therefore, the Court found that the district court erred by failing to consider whether or not such facilitation occurred.

In addition, the Court stated that even if StorageTek was able to prove that the automatic copying of the software into RAM constituted copyright infringement, it would still have had to show that the LEM or ELEM facilitated that nfringement.

Regarding the trade secret claim, the meanings of the codes and the malfunction itself were public information. In addition, there was no indication that the Event Messages provided a prescription of how to fix the machine rather than simply diagnose what was wrong.

Moreover, the owner of a trade secret bears the burden of taking reasonable steps to preserve the secrecy of the trade secret. Under Massachusetts law, StorageTek was required to show that CHE “used improper means, in breach of a confidential relationship, to acquire and use the trade secret.” But CHE used publicly available information about what the fault symptom codes meant, and it developed the LEM and ELEM devices independently to diagnose problems in the silos. There had been no showing that either of those activities breached a confidential relationship. Therefore, the diagnostic information obtained through determining what is physically wrong with the silo, could not be considered a misappropriation of a trade secret.


  1. 17 U.S.C. §1201(a)