Opinion
Case No. 13-cv-05831-EMC
10-14-2015
FORTINET, INC., Plaintiff, v. SOPHOS, INC., et al., Defendants.
ORDER GRANTING IN PART AND DENYING IN PART DEFENDANTS' MOTION FOR SUMMARY JUDGMENT
Docket No. 215
Plaintiff Fortinet, Inc. has filed suit against Defendants Sophos, Inc. and two of its officers, Michael Valentine and Jason Clark, both of whom left employment with Fortinet to work for Sophos. In the operative first amended complaint ("FAC"), see Docket No. 9 (FAC), Fortinet has asserted a variety of claims against Defendants, including patent infringement, trade secret misappropriation, breach of contract, and breach of fiduciary duty. The parties agreed that all claims involving the individual defendants would be arbitrated. Currently pending before the Court is Defendants' motion for summary judgment, which addresses (1) the trade secret misappropriation claim (against Sophos), (2) all claims against the individual defendants, and (3) part of the patent infringement claims (against Sophos).
Having considered the parties' briefs and accompanying submissions, as well as the oral argument of counsel, the Court hereby GRANTS in part and DENIES in part Sophos's motion.
I. DISCUSSION
A. Legal Standard
Under Federal Rule of Civil Procedure 56(a), a party may seek summary judgment on a claim or even part of a claim. "The court shall grant summary judgment if the movant shows that there is no genuine dispute as to any material fact and the movant is entitled to judgment as a matter of law." Fed. R. Civ. P. 56(a). As indicated by the language of the rule, "[t]he moving party has the burden of establishing the absence of a genuine dispute of material fact. The court must view the evidence in the light most favorable to the non-movant and draw all reasonable inferences in the non-movant's favor." City of Pomona v. SQM N. Am. Corp., 750 F.3d 1036, 1049-50 (9th Cir. 2014). "'Where the record taken as a whole could not lead a rational trier of fact to find for the nonmoving party, there is no genuine issue for trial.'" Id.
Where the plaintiff ultimately bears the burden of proof, the defendant may prevail on a motion for summary judgment by pointing to the plaintiff's failure "to make a showing sufficient to establish the existence of an element essential to [the plaintiff's] case." Celotex Corp. v. Catrett, 477 U.S. 317, 322 (1986). B. Trade Secret Misappropriation
As noted above, one of the claims asserted by Fortinet against Sophos is a claim for trade secret misappropriation. Under the California Uniform Trade Secrets Act ("CUTSA"), a plaintiff asserting trade secret misappropriation has the burden of establishing the following: "'(1) the plaintiff owned a trade secret, (2) the defendant acquired, disclosed, or used the plaintiff's trade secret through improper means, and (3) the defendant's actions damaged the plaintiff.'" Language Line Servs. v. Language Servs. Assocs., 944 F. Supp. 2d 775, 779 (N.D. Cal. 2013). "[A] 'trade secret' is defined to include information that '(1) [d]erives independent economic value, actual or potential, from not being generally known to the public or to other persons who can obtain economic value from its disclosure or use; and (2) [i]s the subject of efforts that are reasonable under the circumstances to maintain its secrecy.'" Id. at 779-80 (quoting Cal. Civ. Code § 3426.1(d)).
In its papers, Sophos contends that it is entitled to summary judgment on Fortinet's trade secret misappropriation claim for the following reasons: (1) "Fortinet has not identified any information that constitutes a legally protectable trade secret"; (2) "Fortinet has not proven that its purported trade secrets . . . were the subject of efforts that are reasonable under the circumstances to maintain their secrecy"; (3) "Fortinet [has] failed to show that its purported trade secrets are not generally known or readily ascertainable"; (4) "Fortinet has not proven that Sophos misappropriated any alleged Fortinet trade secret through 'improper means'"; and (5) "Fortinet has not proven it suffered any actual loss from any alleged misappropriation, or that Sophos was unjustly enriched as a result of any alleged misappropriation." Mot. at 4, 14.
The Court finds that there are genuine disputes of material fact on issues (2)-(5) such that summary judgment is not proper. For example, on issue (2), the report of Fortinet's expert, Joseph Calandrino, provides enough information such that a reasonable jury could find in Fortinet's favor. On issue (3), Sophos has not pointed to any document claimed by Fortinet as a trade secret in this case that is publicly accessible through a Google search. Also, Fortinet is not claiming "retail prices" or "discounted prices" as trade secrets; rather, Fortinet's trade secret disclosure refers to "[c]onfidential price lists on per-product and top-selling bases," including certain specific documents identified by Bates number. As for issue (4), the report of Fortinet's expert, Aaron Read, creates a genuine dispute of material fact as to whether there were more than just the three instances of access and use, as contended by Sophos. On issue (5), Fortinet's expert, Patrick Kennedy, has detailed at least some damages evidence (e.g., unjust enrichment of Sophos).
Where the summary judgment motion is more complicated is with respect to issue (1). As Sophos points out, California Code of Civil Procedure § 2019.210 provides that, "[i]n any action alleging the misappropriation of a trade secret . . . , before commencing discovery relating to the trade secret, the party alleging the misappropriation shall identify the trade secret with reasonable particularity." Cal. Code Civ. Proc. § 2019.210. Although Judge Grewal found that Fortinet failed to meet this reasonable particularity requirement in a different case (involving a substantially similar trade secret disclosure), the Court does not find Judge Grewal's decision dispositive, particularly because, there, the issue of the adequacy of the trade secret disclosure arose at a completely different stage in the proceedings. Discovery had not even commenced, and the transcript makes clear that Judge Grewal was particularly concerned that Fortinet might be engaging in a fishing expedition. Here, Sophos has already accepted Fortinet's trade secret disclosure for discovery purposes; thus, the primary question for the Court is whether the trade secret disclosure is sufficiently specific such that Sophos can adequately defend itself. See Advanced Modular Sputtering Inc. v. Sup. Ct., 132 Cal. App. 4th 826, 833-34 (2005) (discussing purposes underlying § 2019.210 disclosure, one of which is that the disclosure "'enables defendants to form complete and well-reasoned defenses, ensuring that they need not wait until the eve of trial to effectively defend against charges of trade secret misappropriation'").
See Fortinet Inc. v. FireEye Inc., No. C-13-2496 HSG (N.D. Cal.).
The three other purposes underlying the disclosure requirement in § 2019.210 have been described as follows:
"First, it promotes well-investigated claims and dissuades the filing of meritless trade secret complaints. Second, it prevents plaintiffs from using the discovery process as a means to obtain the defendant's trade secrets. Third, the rule assists the court in framing the appropriate scope of discovery and in determining whether plaintiff's discovery requests fall within that scope."
Although parts of Fortinet's trade secret disclosure appear sufficiently specific, other parts are phrased more broadly and open ended, e.g., where Sophos has used looser terminology such as "includes the following" or "including." Because of the need for Sophos to have a sufficient understanding of the trade secrets in order to defend at trial, the Court pressed Fortinet, at the hearing, as to how exactly it intended to try its trade secret misappropriation claim. Fortinet explained that it would identify specific documents as trade secrets for the jury's consideration. Fortinet then proposed, as a case management matter, that it could provide to Sophos, in advance of trial, an exhibit list identifying those documents. Fortinet noted that it could do so on an accelerated basis.
As Fortinet's proposal would serve the purpose of § 2019.210 identified above, the Court essentially adopted the proposal and ordered Fortinet to file and serve, by October 22, 2015, a list of the documents it intends to present as trade secrets to the jury. For each document, Fortinet shall also identify which category/subcategory from the trade secret disclosure is applicable. For any document where Fortinet is claiming less than the entire document as the trade secret, Fortinet shall provide a copy of the document to Sophos with the portions that constitute the trade secrets highlighted for Sophos's review. If Sophos has any objections to the adequacy of the identification, it shall raise those objections as part of the pretrial filings (e.g., as part of a motion in limine).
In light of the Court's rulings herein, Sophos's motion for summary judgment on the trade secret misappropriation claim is hereby denied. C. Arbitration
In or about March 2014, the parties stipulated to arbitration of the claims against Mr. Valentine and Mr. Clark, see Docket No. 45 (civil minutes), and the arbitration took place in November 2014, with a final award issuing on March 10, 2015. See Mot. at 2. The arbitrator found in favor of Mr. Clark as to all claims asserted against him but found in part against Mr. Valentine. See Cunningham Decl., Ex. 31 (Award at 19). In its motion, Sophos now asks the Court to grant Mr. Valentine and Mr. Clark summary judgment on all claims asserted against them "under the doctrine of res judicata because they either were or could have been fully adjudicated in the JAMS arbitration." Mot. at 21.
Although the arbitration award has been filed under seal, the Court finds no need to seal this specific information related to the arbitration award.
Because Fortinet has recently refiled its arbitration claims against the individual defendants, any motion for summary judgment based on res judicata is premature. Furthermore, it is not clear whether at some point, a motion to confirm the arbitration award or to dismiss might be more appropriate. In any event, the individual defendants' motion for summary judgment on all claims asserted against them is denied. D. Marking of Patented Products
35 U.S.C. § 287 provides as follows:
Patentees, and persons making, offering for sale, or selling within the United States any patented article for or under them, . . . may35 U.S.C. § 287(a).
give notice to the public that the same is patented, either by fixing thereon the word "patent" or the abbreviation "pat.", together with the number of the patent, or by fixing thereon the word "patent" or the abbreviation "pat." together with an address of a posting on the Internet, accessible to the public without charge for accessing the address, that associates the patented article with the number of the patent, or when, from the character of the article, this cannot be done, by fixing to it, or to the package wherein one or more of them is contained, a label containing a like notice. In the event of failure so to mark, no damages shall be recovered by the patentee in any action for infringement, except on proof that the infringer was notified of the infringement and continued to infringe thereafter, in which event damages may be recovered only for infringement occurring after such notice. Filing of an action for infringement shall constitute such notice.
Relying on § 287, Sophos argues that, in the case at bar, there are Fortinet products that practice inventions claimed in two of the six Fortinet patents at issue (i.e., the '430 patent and the '125 patent), but Fortinet failed to mark those products; therefore, Fortinet is not entitled to pre-suit damages thereon.
In evaluating this issue, the Court bears in mind that, "[a]s the patentee, [Fortinet has] the burden of pleading and proving at trial that [it] complied with the statutory requirements [of § 287]." Maxwell v. J. Baker, Inc., 86 F.3d 1098, 1111 (Fed. Cir. 1996). That is, Fortinet has "'[t]he duty of alleging, and the burden of proving, either [actual notice or constructive notice]." Id. In a case from 1894, the Supreme Court explained the rationale behind placing this burden on the patentee:
Whether his patented articles have been duly marked or not is a matter peculiarly within his own knowledge; and if they are not duly marked, the statute expressly puts upon him the burden of proving the notice to the infringers, because he can charge them in damages. By the elementary principles of pleading, therefore, the duty of alleging, and the burden of proving, either of these facts is upon the plaintiff.Dunlap v. Schofield, 152 U.S. 244, 248 (1894).
The above, however, addresses only the matter of notice. It does not specifically address who has the burden of proof in terms of whether the patentee's product practices the claimed invention in the first place. Not surprisingly, in its opposition, Fortinet contends that Sophos - as the accused infringer - has the obligation to show that Fortinet's products practice the claimed inventions. But contrary to what Fortinet suggests, no court has appeared to hold that the accused infringer has the burden of persuasion on this specific issue. At best, there are cases holding that the accused infringer has the burden of production.
For example, that is what Judge Grewal held in Sealant Systems International, Inc. v. TEK Global S.R.L., No. 5:11-cv-00774 PSG, 2014 U.S. Dist. LEXIS 31528 (N.D. Cal. Mar. 7, 2014). In Sealant Systems, Judge Grewal acknowledged that there was split of authority as to "who bears the burden of satisfying the marking requirement where it is disputed whether a patentee has ever made, offered for sale, sold or imported the patented product within the United States." Id. at *109. Some courts put the burden on the patentee, premised on the rationale "that the patentee's compliance with the marking statute is peculiarly within his own knowledge, a foundational principle that underlies United States Supreme Court case law interpreting Section 287(a) going all the way back to Dunlap v. Schofield." Id. at *110 n.221 (internal quotation marks omitted) (citing district court cases from Texas, Pennsylvania, Virginia, and California); see also Adrea, LLC v. Barnes & Noble, Inc., No. 13-cv-4137(JSR), 2015 U.S. Dist. LEXIS 100312, at *4-5 (S.D.N.Y. July 24, 2015) (acknowledging some case law to the contrary but finding that that "rule would improperly shift the burden to the accused infringer"). But "[o]ther courts take a narrower view, holding that the accused infringer must first come forward with proof that the patentee sold or offered for sale a patented product . . . and only upon that threshold showing does the burden shift to the patentee to show compliance with the marking statute." Sealant, 2014 U.S. Dist. LEXIS 31528, at *11 n.223 (internal quotation marks omitted) (citing district court cases from Louisiana and California).
After acknowledging the split in authority, Judge Grewal found that he agreed with the narrower view:
In this case, TEK [the accused infringer] has not produced sufficient evidence that AMI [the patent holder] or its predecessor-in-interest triggered the obligations housed within the marking statute. AMI thus did not have to comply with Section 287.Id. at 115-16; accord Golden Bridge Tech. Inc. v. Apple Inc., No. 5:12-cv-04882-PSG, 2014 U.S. Dist. LEXIS 67238 (N.D. Cal. May 14, 2014).
It would be an odd result to require AMI to bear the burden to show that its predecessor-in-interest either did not sell any product embodying the patent or, if it did, it complied with the marking statute. Absent guidance from the other side as to which specific
products are alleged to have been sold in contravention of the marking requirement, a patentee like AMI is left to guess exactly what it must prove up to establish compliance with the marking statute. Without some notice of what marketed products may practice the invention, AMI's universe of products for which it would have to establish compliance with, or inapplicability of, the marking statute would be unbounded. TEK therefore bore the initial burden to put AMI on notice that IDQ may have sold specific products practicing the '581 patent. Only then would the question of whether those products were properly marked be implicated.
The Court finds Judge Grewal's reasoning persuasive. Accordingly, it shall place the burden of production on Sophos to identify the Fortinet products it believes practice the inventions claimed. If Sophos meets that burden, then the burden of persuasion shall shift to Fortinet to show that its products do not practice the inventions claimed.
Notably, in its opening motion, Sophos argued that "Fortinet's 5000-series FortiGate appliances practice claims 14-15, 25-27, and '39 of the '430 patent, and . . . Fortinet's FortiGate appliances with software version 5.2 [which] practice claims 3 and 5 of the '125 patent." Mot. at 24. But after Fortinet pointed out that those versions of its products were not released until after this suit was initiated (thus making pre-suit damages a moot point), Sophos contended that there were product versions that did in fact pre-date this litigation. More specifically, Sophos relied on a report from one of its experts, Aaron Striegel, in which he stated: (1) "any multi-core or multiprocessor FortiGate running FortiOS 2.8 or later practices all limitations of claim 26 of the '430 Patent" and (2) "FortiOS-based products dating back to at least FortiOS 2.8 and including currently marketed FortiGate products running FortiOS 5.2 practice Claim 3 and Claim 5 of the '125 patent." Cunningham Decl., Ex. 34 (Striegel Report ¶¶ 123, 147).
Although the Striegel report has been filed under seal, the Court does not find it necessary to seal the specific excerpts of the report quoted above.
The Court does not condone the fact that Sophos did not bring up these earlier Fortinet products until its reply brief. That being said, Fortinet had the Striegel report on hand before the summary judgment papers were filed and therefore Sophos's assertion in its reply cannot be a surprise. Of course, the Court also takes into account that Dr. Striegel has opined only as to claim 26 of the '430 patent and claims 3 and 5 of the '125 patent. Therefore, if Sophos is entitled to summary judgment here, it would be on these three claims only, and nothing more.
Fortinet contends that even summary judgment on these three claims is unwarranted because Dr. Striegel has failed to sufficiently explain how Fortinet's products practice each of the elements of the claimed inventions. According to Fortinet, Sophos has failed to offer any nonconclusory evidence as to (1) "how any of Fortinet's products include the required limitation of 'based at least in part on a quantity of the worker modules' for the '430 claims" and (2) "how any of Fortinet's products use a 'result of the flow-based packet classification to retrieve an entry of a plurality of entries of the flow cache'" for the '125 patent. Opp'n at 25 (citing, inter alia, ¶¶ 63-65 of the Striegel report for the '430 patent and ¶¶ 172-76 of the Striegel report for the '125 patent).
See, e.g., '430 patent, claim 14 (claiming "[a] system for processing network traffic data, comprising: means for receiving network traffic data; and means for passing the network traffic data to one of a plurality of worker modules for processing the network traffic data; wherein the means for passing is configured to perform the step of passing based at least in part on a quantity of the worker modules . . . .") (emphasis added).
See, e.g., '125 patent, claim 3 (claiming "[an] article of manufacture comprising a computer-readable medium encoded with one or more computer programs, which when executed by one or more processors of a virtual router (VR)-based network device cause the one or more processors to perform a method comprising: establishing a flow cache having a plurality of entries each identifying one of a plurality of VR flows through the VR-based network device and corresponding forwarding state information; receiving a packet at an input port of a line interface module of the VR-based network device; the line interface module forwarding the packet to a virtual routing engine (VRE); the VRS determining one or more appropriate packet transformations for application to the packet by performing flow-based packet classification on the packet; using a result of the flow-based packet classification to retrieve an entry of a plurality of entries of the flow cache . . . .") (emphasis added). --------
With respect to the '430 patent, the language "based at least in part on a quantity of the worker modules" comes from claims 14 and 15. See note 5, supra. But as noted above, Dr. Striegel has pointed to a pre-litigation Fortinet product only for claim 26 of the '430 patent, and nothing more. See Cunningham Decl., Ex. 34 (Striegel Report ¶ 123) (claiming that "any multi-core or multi-processor FortiGate running FortiOS 2.8 or later practices all limitations of claim 26 of the '430 Patent"). Fortinet has not pointed to any deficiency with Dr. Striegel's analysis of claim 26.
As for the '125 patent, the Court finds that Dr. Striegel's analysis at ¶¶ 172-76 of his expert report is not too conclusory - especially as at this point Sophos has only a burden of production, not the burden of persuasion. Compare, e.g., '125 patent, claim 3 ("using a result of the flow-based packet classification to retrieve an entry of a plurality of entries of the flow cache"), with Cunningham Decl., Ex. 34 (Striegel Report ¶ 176)
Accordingly, the Court concludes that Sophos has met its burden of production that Fortinet's FortiOS 2.8 practices the inventions claimed in claim 26 of the '430 patent and claims 3 and 5 of the '125 patent. That being the case, then it becomes Fortinet's burden of persuasion to show either that the product does not practice the inventions claimed or that it has given actual or constructive notice that the products practice the invention claimed. Because Fortinet has not introduced any evidence on these points, the Court grants Sophos summary judgment on these limited three claims as to pre-suit damages.
II. CONCLUSION
For the foregoing reasons, the Court denies Sophos's motion for summary judgment on the trade secret misappropriation claim and on the claims against the individual defendants. The Court, however, grants summary judgment to Sophos as to no pre-suit damages for claim 26 of the '430 patent and claims 3 and 5 of the '125 patent.
This order disposes of Docket No. 215.
IT IS SO ORDERED. Dated: October 14, 2015
/s/_________
EDWARD M. CHEN
United States District Judge
Advanced Modular, 132 Cal. App. 4th at 833-34. Because the instant case is well past discovery, and is nearing trial, these purposes are no longer in play here.