We all know that computing systems are vulnerable in a variety of different ways - however an emergent issue (of particular relevance to AI and machine learning operations) is the exploitation of power consumption patterns, a method historically used to exploit weaknesses in security algorithms found on smart chips in credit cards.

Broadly, this involves an analysis of the power consumed by a microchip over time in order to reveal the secret values underlying its operations (i.e. the fundamentals of an algorithm). In the machine learning context, this could for example, represent the way in which a device goes about differentiating words as part of a speech recognition operation - a potentially important source of intellectual property and competitive advantage.

Information security experts have recently looked at implementing counter-measures in order to "camouflage" these identifiable patterns in order to mitigate against reverse-engineering and extraction by hackers from a technical perspective. However, as well as the technical aspects of these vulnerabilities, it also raises a number of interesting (and yet to be resolved) intellectual property considerations, particularly in the field of trade secrets.

In the EU, the Trade Secrets Directive (EU) 2016/943 introduced a central requirement for protection that trade secrets have been subject to "…reasonable steps under the circumstances…to keep it secret", which aligns with the requirements outlined in the international TRIPS treaty and mirrors the wording of the Defend Trade Secrets Act in the US.

A great deal of uncertainty surrounds the concept of "reasonable steps" which is likely to be shaped by the courts over time as the relative "standard" for protection is fought over in different scenarios.

What is clear however, is that the analysis is contextual.

It seems to follow that technological developments in the relevant field, such as those set out above (and whether relevant vulnerabilities have been actively considered by the the trade secrets owner) will likely be taken into account when a court determines whether "reasonable steps" have been taken in order to qualify for protection.

Whilst under English law a failure to satisfy the strict definition of "trade secrets" may not remove all potential for legal protection (due to the wide doctrine of breach of confidence, which is still likely to apply - see Trailfinders Limited v Traveller Counsellors Limited & Ors [2020] EWHC 591 (IPEC)) - satisfying the requirement of having taken "reasonable steps" is likely to be of particular importance in connection with cross-border trade secret actions (depending on the country involved) or where the trade secret itself originates under the laws of a particular EU Member State.

Those who market AI and machine-learning implementations (e.g. smart devices) which carry important, embedded and valuable algorithms (which could potentially be reverse-engineered) should therefore consider whether they would likely satisfy the "reasonable steps" test in their field and assess whether what they have done is likely to be objectively perceived as "enough" in what is a dynamic and ever-changing environment in which new vulnerabilities, (like power consumption patterns) are coming to light over time.