Sharing trade secrets under the terms of a contract that dictates how one can use the information still retains trade secret protections.
Without a contract: intentional disclosure to the person who receives it generally destroys the trade secret status of the information, because the “owner” of the information didn’t do a good job trying to protect it.
With a contract: intentional disclosure to a person under the terms of the contract makes the contract’s own protections of the information relevant, and misuse of the information by the recipient can get them sued under the contract. Plus, the information itself probably retains trade secret protection so that even if that person gives the information to a third party who can’t be sued under a contract they never agreed to, there are still rights to protect that trade secret as property.
I’d be shocked if any paid API use isn’t under a robust, enforceable contract. The only question is whether the contract language itself effectively prohibits distillation.
I just pulled up the ChatGPT terms of use and there is no language covering use of trade secrets, so there is no contract covering trade secrets here. So what I originally said (and what you said in your “Without a contract” paragraph) is correct.
I just pulled up the Anthropic commercial API terms, since that’s the situation covered by the original article (big corporation using Anthropic’s paid API):
Ok, so it’s a contract that purports to prohibit pretty much this kind of model weight extraction, and I’m saying that Anthropic probably considers the model weights to be trade secrets.
Are you under the impression that trade secret protection only happens when the contract says the words “trade secret”?
Or, analogously, consider customer lists. Having a contract that says “don’t copy my customer lists even if I sometimes disclose a single customer at a time when we partner together on projects” is probably enough to adequately maintain trade secret protection over those customer lists, even if individual customers are sometimes disclosed under a contract.
I’m just stating what I believe the law is, not what it should be, or even claiming that what the law is today is good. I’m just saying everyone should be aware that the law is quite protective of big corporations and their proprietary secrets. I still think this qualifies as a trade secret that they’ve protected with their own contracts.
Can you name a country where signing up for a paid account to an online service, and using the service and paying the invoice that comes in, doesn’t form a legally binding contract between the customer and the vendor?
Most countries in the EU don’t allow for consumer rights to be overridden by an EULA.
Similarly, I can’t have a contract with you to murder me. It’s illegal and me being a willing participant in it does not make it legal, even if I sign a contract.
An EULA is legally binding, but only the parts that aren’t in conflict with consumer rights, meaning most of any EULA is going to be invalid.
Trade secrets necessarily have to be analyzed under the protections of contract law.
Something can only be a trade secret if the purported owner of that proprietary information protects the confidentiality of that information, including through contractual restrictions. That’s why I’m talking about contracts when asking whether trade secret protections apply.
If a company voluntarily discloses a trade secret to a member of the public, it ceases to be a trade secret, so I doubt that would apply here either.
Sharing trade secrets under the terms of a contract that dictates how one can use the information still retains trade secret protections.
Without a contract: intentional disclosure to the person who receives it generally destroys the trade secret status of the information, because the “owner” of the information didn’t do a good job trying to protect it.
With a contract: intentional disclosure to a person under the terms of the contract makes the contract’s own protections of the information relevant, and misuse of the information by the recipient can get them sued under the contract. Plus, the information itself probably retains trade secret protection so that even if that person gives the information to a third party who can’t be sued under a contract they never agreed to, there are still rights to protect that trade secret as property.
I’d be shocked if any paid API use isn’t under a robust, enforceable contract. The only question is whether the contract language itself effectively prohibits distillation.
I just pulled up the ChatGPT terms of use and there is no language covering use of trade secrets, so there is no contract covering trade secrets here. So what I originally said (and what you said in your “Without a contract” paragraph) is correct.
Who’s talking about ChatGPT or OpenAI?
I just pulled up the Anthropic commercial API terms, since that’s the situation covered by the original article (big corporation using Anthropic’s paid API):
Ok, so it’s a contract that purports to prohibit pretty much this kind of model weight extraction, and I’m saying that Anthropic probably considers the model weights to be trade secrets.
Are you under the impression that trade secret protection only happens when the contract says the words “trade secret”?
Or, analogously, consider customer lists. Having a contract that says “don’t copy my customer lists even if I sometimes disclose a single customer at a time when we partner together on projects” is probably enough to adequately maintain trade secret protection over those customer lists, even if individual customers are sometimes disclosed under a contract.
I’m just stating what I believe the law is, not what it should be, or even claiming that what the law is today is good. I’m just saying everyone should be aware that the law is quite protective of big corporations and their proprietary secrets. I still think this qualifies as a trade secret that they’ve protected with their own contracts.
Depends on the agreement. Contracts (like EULAs) can cover a fair bit
EULAs aren’t legally binding in sane countries.
Can you name a country where signing up for a paid account to an online service, and using the service and paying the invoice that comes in, doesn’t form a legally binding contract between the customer and the vendor?
Most countries in the EU don’t allow for consumer rights to be overridden by an EULA.
Similarly, I can’t have a contract with you to murder me. It’s illegal and me being a willing participant in it does not make it legal, even if I sign a contract.
An EULA is legally binding, but only the parts that aren’t in conflict with consumer rights, meaning most of any EULA is going to be invalid.
Ok, do these countries also make a contract not to distill LLMs void, as well?
Maybe not, but this entire sub thread is about trade secrets (which I think we all agree are not relevant here), and not contract law.
Trade secrets necessarily have to be analyzed under the protections of contract law.
Something can only be a trade secret if the purported owner of that proprietary information protects the confidentiality of that information, including through contractual restrictions. That’s why I’m talking about contracts when asking whether trade secret protections apply.