BERNARD G. SKOMAL, District Judge.
This dispute concerns alleged violations of the parties' stipulated Protective Order by counsel for Finjan, Mr. Lee. (ECF 292.) In reviewing Eset's source code, Mr. Lee compiled directory information from the source code computer into a 40-page document that he then produced to a witness during a deposition without any confidentiality designation on the document. (Id.) As explained more fully below, the Court finds Mr. Lee did violate the Protective Order in copying and compiling the directory structure of Eset's source code from the source code computer. However, the level of sanctions Eset requests are not warranted.
This dispute arose when Finjan's counsel, Mr. Lee presented a deposition witness with a 40-page document listing the directory structure
By prior order, the Court addressed the more immediate dispute as to whether Mr. Lee should be precluded from accessing Eset's source code based on these possible violations and how to proceed going forward with review of Eset's source code. (ECF 306.) The Court found he could have access to the source code computer subject to certain limitations, including that he treat the directories, subdirectories, and file paths of the source code as he would treat source code with all the limitations imposed by a "HIGHLY CONFIDENTIAL — SOURCE CODE" designation and that he not take notes "onto any recordable media or recordable device" that could constitute "copy[ing], remov[ing], or otherwise transfer[ring] any portion of the source code" or the directories, subdirectories, or file paths as set forth in §9(c) of the Protective Order. (Id.) The Court also imposed these same limitations on anyone else accessing the source code because of the ongoing need for other individuals to also have access to the source code. (Id.)
Eset asserts numerous violations of the Protective Order under a number of different sections. The relevant sections are summarized here in the order they appear in the Protective Order. A summary of the parties' positions on their application and the Court's analysis follow.
Section 2 of the Protective Order is the Definitions section. Section 2.9 is titled "`HIGHLY CONFIDENTIAL — SOURCE CODE' Information or Items" and defines HIGHLY CONFIDENTIAL — SOURCE CODE as:
Section 5 addresses designation of protected material. Section 5.2(a), addresses information in a documentary form (paper or electronic). The first paragraph of the section requires a producing party to "affix the legend `CONFIDENTIAL OR HIGHLY CONFIDENTIAL — ATTORNEYS' EYES ONLY' or `HIGHLY CONFIDENTIAL — SOURCE CODE' to each page that contains protected material." The second paragraph of § 5.2(a) indicates that:
Section 5.2(c) requires "for information produced in some form other than documentary and for any tangible items, that the Producing Party affix in a prominent place on the exterior of the container or containers in which the information or item is stored the legend `CONFIDENTIAL' or `HIGHLY CONFIDENTIAL — ATTORNEYS' EYES ONLY' or `HIGHLY CONFIDENTIAL — SOURCE CODE.'"
Section 6 of the Protective Order provides a detailed process to challenge a confidentiality designation, including the timing of a challenge (§ 6.1), a meet and confer requirement (§ 6.2), and a process for raising an unresolved challenge with the Court (§ 6.3).
Section 9, SOURCE CODE, addresses designation, treatment, and procedures for access to and documentation of those that have accessed source code. Section 9(a) provides that "[t]o the extent production of source code becomes necessary in this case, a Producing Party may designate source code as `HIGHLY CONFIDENTIAL — SOURCE CODE' if it comprises or includes confidential, proprietary, or trade secret source code." Section 9(b) indicates that materials "designated as `HIGHLY CONFIDENTIAL — SOURCE CODE' shall be subject to all the protections afforded to `HIGHLY CONFIDENTIAL — ATTORNEYS' EYES ONLY' information" and limits disclosure to those "to whom `HIGHLY CONFIDENTIAL — ATTORNEYS' EYES ONLY' information may be disclosed, as set forth in Paragraphs 7.3 and 7.4."
Section 9(c) dictates how any source code will be produced in discovery. It provides:
Section 9(d) provides that a "Receiving Party may request paper copies of limited portions of source code that are reasonably necessary for the preparation of court filings, pleadings, expert reports, or other papers, or for deposition or trial, but shall not request paper copies for purposes of reviewing the source code other than electronically as set forth in paragraph (c) in the first instance." It requires the Producing party to provide the requested source code in paper form with bates numbers and the label HIGHLY CONFIDENTIAL — SOURCE CODE and allows the Producing Party to challenge the amount of source code requested in paper form under § 6. Section 9(e) requires the Receiving Party to keep a record of anyone that has inspected any portion, electronic or paper, of the source code and to keep printed portions in a secured locked area. It also prohibits creation of "any electronic or other images of the paper copies" and "convert[ing] any of the information contained in the paper copies into any electronic format." Section 9(e) requires the Receiving Party to "maintain a record of any individual who has inspected any portion of the source code in electronic or paper form."
Eset asserts that Mr. Lee's conduct violated § 5.2(a) of the Protective Order because, instead of requesting copies of the directory structure from the source code computer from Eset, it just copied the directories and subdirectories and proceeded to compile and disclose it without any designation. Similarly, ESET asserts Mr. Lee also violated §6 by ignoring the process set out in that section to challenge a designation. In essence, Eset argues that if Finjan believed the directory structure it was compiling from the source code computer should not have the HIGHLY CONFIDENTIAL — SOURCE CODE designation, it should have challenged it through this process rather than taking the information without asking and not designating it at all. Eset also argues Finjan violated § 9 of the Protective Order because the directory structure Mr. Lee copied onto his laptop constitutes source code. By copying it from the source code computer onto his laptop he violated § 9(c)'s prohibition on "copy[ing], remov[ing] or otherwise transfer[ring] any portion of the source code onto any recordable media or recordable device." Finally, Eset argues Finjan failed to abide by the procedures set out in § 9(d) for obtaining portions of source code.
Finjan does not dispute the directory structure was copied from the source code computer, compiled into a 40-page document, and presented to a witness without any confidentiality designation. Rather, Finjan argues that there was no violation of the Protective Order because the directory structure is not source code. Under Finjan's interpretation, there is no violation in copying the directory structure or failing to designate it as HIGHLY CONFIDENTIAL — SOURCE CODE because it is not source code and Eset has never designated it as HIGHLY CONFIDENTIAL — SOURCE CODE. Finjan also argues that the directory structure should not be treated as source code or subject to the HIGHLY CONFIDENTIAL — SOURCE CODE designation because of instances when Eset did not treat it as source code. Similarly, as to the electronic copying, Finjan argues that the Protective Order does not prohibit the note taking done by Mr. Lee in the source code room. Further, Finjan argues that by seeing Mr. Lee in the source code room taking notes on a laptop, Eset has waived any objection to his having done it.
Finjan also claims it could not have known Eset considered these "folders"
Initially, the Court finds that Eset did not waive its objection to Mr. Lee's electronic note taking. Eset proffered in its response that Mr. Penner presumed that Mr. Lee was using his laptop for a proper purpose. Had he known that Mr. Lee was taking notes, he would have immediately objected. Given both parties conduct as to abiding by this Court's chambers rules 30-day objection limit, and the numerous times both parties have requested tolling of this rule, the Court finds Mr. Penner's proffer credible. Eset has brought this dispute timely. They raised it immediately following presentation of Exhibit 3 at a deposition.
Section 5.2 addresses the manner and timing of designation. Finjan contends that Eset did not comply with § 5.2(c) by affixing to the exterior of the source code computer a label for HIGHLY CONFIDENTIAL — SOURCE CODE thereby reflecting all its contents were designated source code. Because Eset failed to notify Finjan with the label, Finjan did not have the opportunity to object as Finjan would have. (ECF 345 at 15).
Section 6 lays out the procedure for Finjan to challenge Eset's confidentiality designations. If Eset failed to properly designate the directories on the source code computer as being source code, then Finjan was not given the opportunity to challenge this designation pursuant to § 6. Of course, the reverse is also true. If Eset properly designated the contents of the source code computer as source code, which necessarily includes the directories, then Finjan would have been obligated to follow the procedures as set forth in § 6, which it readily admits it did not do.
Eset argues that § 5.2(a) is the appropriate section for designation of the contents of the source code computer. Subsection (a) applies to paper or electronic documents, whereas subsection (c) controls information produced in some form other than documentary. The information produced on the source code computer are electronic documents. Therefore subsection (a) controls the manner and timing of the contents of the source code computer, not (c).
Subsection (a)'s paragraph one requires Eset to designate each page that contains protected material, which Eset did not do. Subsection (a)'s second paragraph does not require Eset to designate the material until after inspection by Finjan. This second paragraph applies to original documents. Neither party directly addresses whether the documents on the source code computer are original documents. However, Eset does proffer that no single employee has access to the entirety of the source code, including the Chief Technology Officer. (ECF 345 at 6.) Eset goes on to explain that the source code is only made available on a need to know basis. (Id. at 7). Based on this proffer, the Court concludes for the purposes of 5.2(a)'s second paragraph, the documents on the source code computer are deemed original. As such, by operation of subsection (a), until Eset has been given the opportunity to designate which documents qualify for protection, all the documents on the computer are deemed "Highly Confidential-Attorneys Eye Only."
Pursuant to § 5.2(a), had Mr. Lee wanted copies of the directories, he was required to identify which documents he wanted copied, allow Eset to designate appropriately those documents, and then produce them to Mr. Lee. At that point in time, if Mr. Lee did not agree to Eset's designations, he could appropriately object by following the procedure set forth in § 6 of the Protective Order. Based on § 5.2(a), the Court finds that Finjan would have had the opportunity to object had Mr. Lee identified the documents he wanted copied, i.e., the directories, and then given Eset the chance to designate them accordingly. He simply did not follow the procedure for the manner and timing of designation as set forth in this section of the Protective Order.
Eset argues that Mr. Lee copying the directory structure onto its laptop and producing it in a printed document without Eset's permission facially violated § 5.2(a). Finjan contends Mr. Lee merely took notes for the purpose of identifying code appropriate for a printing request. In that the second paragraph of § 5.2(a) is applicable to Mr. Lee's conduct, the Court finds by copying the directories onto his computer, and not allowing Eset the opportunity to determine how to designate those copied directories, Mr. Lee violated this provision. By operation of subsection (a), paragraph 2, Mr. Lee was required to identify which documents he wanted copied, allow Eset to designate appropriately those documents, and then produce them to Mr. Lee. At that point, if Mr. Lee did not agree to Eset's designation, he could appropriately object by following the procedure set forth in § 6 of the Protective Order. The Court also stresses by operation of this subsection, until Eset had the opportunity to designate the documents Mr. Lee wanted copied, they are deemed Highly Confidential — Attorneys' Eyes Only. By copying the directories, and not following this procedure, Mr. Lee did an end run around subsection (a), paragraph 2, thereby violating this provision of the Protective Order.
Unlike § 5.2(a), § 9(c)-(d) refer only to "source code." These sections do not state that they apply to any materials designated as HIGHLY CONFIDENTIAL — SOURCE CODE, a designation broader than source code. Nor does either section incorporate in any way the definition of HIGHLY CONFIDENTIAL — SOURCE CODE.
The Court is persuaded that § 9(c)-(d) is intended to apply to the contents of the "source code computer." Section 9(c) provides, "Any source code produced in discovery shall be made available for inspection. . .". This opening sentence puts all parties on notice that the procedure for inspection deals only with source code. Section 9(c) sets out the parameters for source code review, including the use of a secured room, secured computer, and prohibitions on Internet or network access. The same sentence of the Protective Order within § 9(c) that creates the source code computer subject to all these limitations to keep its contents secure also prohibits copying from it onto any recordable media or recordable device. Although § 9 does not explicitly define source code to encompass the directories and subdirectories of the source code, the Court cannot ignore that they were on the source code computer with all its restrictions for inspection outlined in § 9(c) that only apply to source code discovery placed on the source code computer.
By Eset following to the letter the restrictions for source code inspection set forth in § 9(c), it has properly designated all the contents of the source code computer as source code. Mr. Lee was on notice that the electronic documents on the source code computer were being designated by Eset as source code. If Mr. Lee, after inspecting the contents of the source code computer, objected to the directories being included on the computer as source code, he was required to follow the procedures for objecting under § 6. He did not do this.
Finjan contends that the electronic note taking by Mr. Lee is not prohibited by § 9(c) in that it did not constitute "copying, removing or otherwise transferring" source code. The Court disagrees with Finjan's interpretation of note taking as being separate from the specific language of § 9(c), which prohibits the receiving party from copying or otherwise transferring any portion of the source code onto any recordable device. The Court finds that Mr. Lee's typing some 40 pages of the directory structure from the source code computer amounts to copying or otherwise transferring what Eset has designated as source code onto his laptop, which is a recordable device. This conduct was a violation of § 9(c). If he wanted copies of the directories, pursuant to § 9(d), he could have asked Eset for paper copies. He chose not to follow the agreed upon procedure, instead taking it upon himself to copy the directory structure of the source code and then use it at a deposition.
Finjan argues strenuously that the directory structure cannot be considered source code under § 9 because it is nothing more than folder names undeserving of any protection. It also argues that including the directories as source code is grossly overbroad in contradiction to § 5.1. The Court concludes that these objections should have been presented through the procedure in § 6 regarding challenging the designation as directed in § 9(d), not after the fact as part of this dispute.
Similarly, the Court is not persuaded that Finjan could not have known Eset considered the directory structure to be confidential. Both Eset and Finjan's filings with the Court have indicated that the directory structure is subject to the HIGHLY CONFIDENTIAL — SOURCE CODE designation and that Finjan knew Eset considered it, at a minimum, to reference source code. In filing a Motion to Compel on March 9, 2018, Finjan sought to file portions of these same directories and subdirectories under seal. In its Motion to File Under Seal, Finjan specifically asserted to the Court that "based on Eset's representations and designations, the portions of the Motion to Compel that Finjan seeks to file under seal
In sum, Mr. Lee's copying contents of the source code computer, particularly on such a large scale, to a recordable media device was a violation of § 9(c).
Eset seeks sanctions against Finjan for violations of the Protective Order pursuant to Federal Rule of Civil Procedure 37(b)(2). Eset requests: (1) an order requiring Finjan to provide an accounting of all documents, in any form, that include information from the source code computer; (2) as to each document, that Finjan be ordered to provide Eset and the Court a full accounting as to each document, including when and who created it, where it was stored, and to whom it was sent and when; (3) that the contents of all of those documents be submitted to the Court for in-camera review to determine if there were other Protective Order violations; (4) that the Court order each document the Court finds in violation of the Protective Order be destroyed; and (5) that the Court require Finjan to certify destruction of such materials. Pursuant to Rule 37(b)(2)(C), Eset also seeks reasonable expenses and attorney's fees related to this motion.
Finjan argues the sanctions sought regarding an accounting of all individuals having access and an in-camera review are onerous and irrational because there is no actual source code at issue. Finjan points to emails between counsel for the parties that have included portions of the directory structure as an indicator that such remedial measures are unwarranted. In addressing its efforts to resolve this dispute without Court intervention, Finjan explains that it has already offered to destroy all electronic and paper copies of the exhibit and forego any use of it in this action. Finjan also indicates that it has never shown Exhibit 3 to any individuals other than those who are permitted to access materials designated as HIGHLY CONFIDENTIAL — SOURCE CODE.
The Court may impose sanctions for violations of a protective orders under Federal Rule of Civil Procedure 37(b)(2). See Westinghouse Elec. Corp. v. Newman & Holtzinger, P.C., 992 F.2d 932, 934-35 (9th Cir. 1993) (quoting Advisory Committee Note, 1970 Amendment, subdivision (b)); see also United States v. Nat'l Med. Enters., Inc., 792 F.2d 906, 910-11 (9th Cir.1986) (upholding a Rule 37(b) sanction for a party's violation of the protective order). Rule 37(b)(2)(A) provides as follows:
As to expenses and attorney's fees, Rule 37(b)(2)(C) provides:
A violation need not be willful for sanctions to be imposed, however, "[w]illfullness continues to play a role, along with various other factors, in the choice of sanctions." David v. Hooker, 560 F.2d 412, 419-20 (9th Cir. 1977); see also Liew v. Breen, 640 F.2d 1046, 1050 (9th Cir. 1981) ("Although willfulness need not be present in order to impose sanctions under Rule 37(b), a good faith dispute concerning a discovery question might, in the proper case, constitute substantial justification.")(internal citations omitted). Similarly, "[w]hile a finding of bad faith is not a requirement for imposing sanctions, good or bad faith may be a consideration in determining whether imposition of sanctions would be unjust." Hyde & Drath v. Baker, 24 F.3d 1162, 1172 (9th Cir 1994).
The Court finds an award of attorney's fees and expenses is not warranted. The violations discussed above were not willful or in bad faith. On the contrary, they seem to be the result of an erroneous, but not unreasonable interpretation of the Protective Order. It appears to the Court that Mr. Lee believed that because the directory structure was not actual code it was not subject to the limitations applicable to source code. As discussed above, he was wrong. However, based on the parties' briefing, the distinction between the actual computer code and its directory structure is not exceptionally clear. And, unfortunately, the Protective Order is not exceptionally clear on this point either. There is no definition for source code in § 9 or anywhere else in the Protective Order. There is a definition for items designated as HIGHLY CONFIDENTIAL — SOURCE CODE, but that definition is not just for source code, but encompasses items well beyond source code. The Court finds these "circumstances make an award of expenses unjust." Fed. R. Civ. P. 37(b)(2)(C).
The Court also finds the extensive accounting and in-camera review sought by Eset are not warranted. As discussed above, Finjan has indicated that Exhibit 3 has not been shared beyond those authorized to have access to HIGHLY CONFIDENTIAL — SOURCE CODE and has agreed to destroy all electronic and paper copies of Exhibit 3 and make no use of it. Although the Court is aware of Eset's security concerns in having the scope of the directory structure compiled, the Court also recognizes that counsel has exchanged portions of it by email without the dire concerns raised here. In this respect, the Court finds the destruction of the compiled document appropriate, but the additional accounting requested unnecessary. The Court orders that Finjan destroy all electronic or paper copies of Exhibit 3 or any other paper or electronic document containing the directory structure from the source code computer.