addressing trade secret source code to be produced in discoverySummary of this case from Spec Simple, Inc. v. Designer Pages Online LLC
Pryor Cashman LLP, New York (Todd E. Soloway of counsel), for appellants. Friedman Kaplan Seiler & Adelman LLP, New York (Lance J. Gotko of counsel), for Philip Jacob, respondent.
Pryor Cashman LLP, New York (Todd E. Soloway of counsel), for appellants. Friedman Kaplan Seiler & Adelman LLP, New York (Lance J. Gotko of counsel), for Philip Jacob, respondent.
Bryan Cave LLP, New York (David P. Kasakove of counsel), for Axioma, Inc., respondent.
ACOSTA, J.P., ANDRIAS, MOSKOWITZ, RICHTER, MANZANET–DANIELS, JJ.
Order, Supreme Court, New York County (Shirley Werner Kornreich, J.), entered August 15, 2013, which, to the extent appealed from, denied plaintiffs' motion to compel defendant Axioma, Inc. to produce source code created after April 3, 2012, reversed, on the facts, without costs, and the motion granted.
Plaintiffs, MSCI Inc., Financial Engineering Associates, Inc., RiskMetrics Group, Inc., and RiskMetrics Solutions, Inc. (collectively, MSCI), serve as a provider of investment decision support tools, including indices, risk analytics, and corporate governance products. MSCI provides a multi-asset class (MAC) risk analytics software product called “RiskManager,” which contains several component technologies, including “RiskServer,” “Plug and Price,” and “StructureTool.” MSCI asserts that each one of these technologies constitutes a confidential and proprietary trade secret. MSCI further asserts that because RiskManager leads the market in the risk analytics software field, the source code underlying these technologies is a trade secret that provides MSCI with a competitive advantage in the marketplace.
MSCI commenced this action in 2011, alleging that in January and February 2011, defendants Philip Jacob and John Does I through X, former senior-level employees at MSCI who had been intimately involved in the development of RiskManager, left MSCI to work for defendant Axioma, Inc., a direct competitor. According to MSCI, the individual defendants went to work for Axioma specifically for the purpose of creating a MAC product that would compete with MSCI's RiskManager. Further, MSCI alleges, before the individual defendants resigned, they misappropriated the entire source code underlying RiskServer, Plug and Price, and StructureTool.
Because the trade secrets of both MSCI and Axioma, in the form of the source codes for their MAC software products, were the essential evidence in the case, the parties negotiated a confidentiality stipulation,and Supreme Court so-ordered the stipulation in September 2011. The confidentiality stipulation and order (CSO) provided that MSCI and Axioma would jointly retain a third-party neutral with whom they would deposit their respective source codes and that only the parties' experts and attorneys would receive or see the material. The CSO specified that the parties would not be allowed to view their adversaries' source codes.
The CSO required the parties to “deliver to [the third-party neutral] two (2) full copies of the source code for each programs/products/components at issue in this action ....” It further provided, “The copies of each source code shall include all versions of such source code created from inception in buildable, runnable, native text format and in a file organization that retains the original directory structure of the code and any source code repository; and source code documentation.”
“A source code repository is a place where large amounts of source code are kept, either publicly or privately. [It is] often used by multi-developer projects to handle various versions and handle conflicts arising from developers submitting conflicting modifications” ( see http:// en. wikipedia. org/ wiki/ Codebase). When the code is in repository format, one can review the code and see its revision history.
During the litigation, defendants contended that MSCI had not sufficiently identified its alleged trade secrets and that the failure to do so rendered useless any attempt to analyze and compare the parties' source codes for any evidence of misappropriation. Hence, defendants moved to compel MSCI to identify its trade secrets with sufficient particularity and for a protective order staying their obligation to deposit their source code until MSCI did so. In a compliance conference order entered March 30, 2012, the court ordered the parties to brief the issue whether MSCI had to affirmatively identify its trade secrets, and also ordered Axioma to deposit its source code with the third-party neutral. Accordingly, on April 4, 2012, Axioma deposited all versions of its source code created from February 24, 2011 through April 3, 2012—a 14–month period that included four months preceding the action's commencement and 10 months afterward. The deposited material contained 5,552 “unique source code revisions and even substantially more individual source code file versions.” After receiving briefing on the matter, by order entered April 23, 2012, the court ordered MSCI to identify the trade-secret components of its source code by June 8, 2012, and precluded it from seeking further discovery until it had done so.
By order entered on or about November 21, 2012, the court adopted the report of a court-appointed expert stating that MSCI had sufficiently identified the trade-secret components of its source code. As a result, MSCI was permitted to review Axioma's source code.
Upon reviewing the code with MSCI's expert, MSCI's counsel learned that Axioma had not deposited any versions of source code created or modified after April 3, 2012; as a result, counsel sought the versions of the source code created or modified after that date. Defendants state that they denied that request on the ground that nothing in the CSO or any other order mandated that Axioma continually update its source code information. Discovery then proceeded for the next several months, and on or about March 12, 2013, MSCI's counsel again requested that Axioma deposit updated versions of its source code. Axioma, however, declined to provide any updated code.
MSCI moved for an order compelling Axioma to produce to the third-party neutralall versions of its relevant source codes and the underlying source code files and for a protective order staying discovery until Axioma had complied. On the motion, MSCI submitted an affidavit by an expert who stated that it was not possible to evaluate MSCI's misappropriation claims without the updated code, since it was possible that Axioma's later versions of the code underlying its MAC product had been altered to hide or eliminate improper use. Thus, the expert concluded, the post-April 3, 2012 versions were necessary to determine, among other things, whether Axioma's MAC product was created using MSCI's trade secrets. Relying on its expert's opinion, MSCI asserted that it would not be able to prove a claim of misappropriation if it were not permitted to see the updated version of Axioma's code. Hence, it concluded, defendants had an ongoing obligation to disclose and update the source code as the software was developed.
Defendants cross-moved, among other things, to compel MSCI to produce all versions of its source code; MSCI does not appeal from the court's determination on the cross motion.
In opposition, defendants relied on the opinion of an expert who stated that he had seen no evidence to support the theory that Axioma could have used MSCI's source code as a starting point and then altered the code to disguise any misuse. The expert opined that it would not be practical for defendants to disguise any alteration so that it was not detectable. Further, the expert stated, his initial analysis of the source code that Axioma had deposited indicated that it was a complete and usable source code repository created in the normal course of the actual software development at Axioma.
At oral argument, the motion court noted that it had not ordered production of the ongoing version of Axioma's source code. On the contrary, the court stated, MSCI was entitled simply to learn whether defendants had misappropriated its code, and it was able to make that determination with the 14 months of code that defendants had already deposited with the third-party neutral. The motion court therefore held that defendants had satisfied their obligation by disclosing 5,552 versions of its source code for the 14–month period. We disagree.
New York strongly encourages open and full disclosure as a matter of policy ( see Andon v. 302–304 Mott St. Assoc., 94 N.Y.2d 740, 745, 709 N.Y.S.2d 873, 731 N.E.2d 589  ). To that end, CPLR 3101(a) provides that “[t]here shall be full disclosure of all matter material and necessary in the prosecution or defense of an action.”
A trial court is vested with broad discretion in its supervision of disclosure (148 Magnolia, LLC v. Merrimack Mut. Fire Ins. Co., 62 A.D.3d 486, 878 N.Y.S.2d 727 [1st Dept2009]; Matter of American Home Prods. Corp. v. Shainswit, 215 A.D.2d 317, 627 N.Y.S.2d 34 [1st Dept.1995] ). Indeed, “deference is afforded to the trial court's discretionary determinations regarding disclosure” (Don Buchwald & Assoc. v. Marber–Rich, 305 A.D.2d 338, 338, 761 N.Y.S.2d 617 [1st Dept.2003] [internal quotation marks omitted] ). However, “[t]his Court is vested with the power to substitute its own discretion for that of the motion court, even in the absence of abuse” (Estate of Yaron Ungar v. Palestinian Auth., 44 A.D.3d 176, 179, 841 N.Y.S.2d 61 [1st Dept.2007] ). We have observed that we “rarely and reluctantly invoke” our power to substitute our own discretion for that of the motion court ( id.). We find that this case presentsone of those rare instances in which we are compelled to substitute our discretion for that of the motion court.
To begin, the CSO does not provide for merely a single production of source code to the third-party neutral. Rather, it provides that the parties will deposit “all versions” of the relevant source code “created from inception in buildable, runnable” format. Nothing in this language suggests that defendants' obligation will be discharged by a single delivery of source code. Indeed, neither party disputes that counsel for both sides spent several months negotiating the CSO and that the document went through numerous drafts and revisions. Surely, had defendants wished to specify that they would make a single delivery of source code, they could have insisted upon a single delivery date. They did not do so; rather, they agreed to deliver “full copies” and “all versions” of the relevant source code.
In addition, MSCI's expert stated that without versions of the code made after April 3, 2012, he could not provide a meaningful comparison of the parties' respective source codes so as to determine misappropriation, because Axioma's code as of April 3, 2012 was in a nascent state. The expert asserted that as a result he was limited as to the information he could glean regarding the overall architecture and functionality of Axioma's code. Thus, he stated, later versions of the code were crucial to his analysis, because they reflected a more complete and closer-to-final version of Axioma's MAC product. Indeed, the dissent inaccurately characterizes the affidavits by MCSI's expert. Far from suggesting that he is on a “fishing expedition,” the expert makes clear that post-April 3, 2012 versions of defendants' source code are necessary for an accurate analysis of whether defendants misappropriated MSCI's trade secrets. Similarly, the expert's opinion is not based on mere speculation. Rather, he states that the versions of the source code already deposited “strongly suggest[ ] that the majority of development of Axioma's MAC [p]roduct actually occurred in the versions of source code created or modified after April 3, 2012.”
The record provides no basis for summarily rejecting the expert's assertions in that regard. Indeed, defendants' expert affidavit merely stated in a conclusory fashion that MSCI's expert could adequately analyze the misappropriation issue without the updated source code. Our conclusion that Axioma must produce post-April 3, 2012 code holds particularly true in light of the policies underlying discovery—namely, to give parties a reasonable opportunity to uncover any available evidence to support their claims ( see Member Servs., Inc. v. Security Mut. Life Ins., 2007 WL 2907520, *5, 2007 U.S. Dist LEXIS 74047, *13–14 [N.D.N.Y.2007] ).
Nonetheless, because we have the discretion to set reasonable parameters on discovery, there shall be disclosure of all versions of the source code created, modified, or maintained between April 3, 2012, and the date that Axioma's MAC product is released to the market. Further, disclosure of the post-April 3, 2012 code shall be subject to the protections set forth in the CSO stating that the deposited source code materials are for attorneys' and experts' eyes only. All concur except ACOSTA, J.P. and ANDRIAS, J. who dissent in a memorandum by ANDRIAS, J. as follows:
ANDRIAS, J. (dissenting).
I respectfully disagree with the majority's conclusion “that this case presents one of those rare instances in which we are compelled to substitute our discretion for that of the motion court.” Rather, the motion court providently exercised its discretion when it denied, as an unwarranted fishing expedition, plaintiffs' motion to compel the production of additional source code created by defendants more than a year after the alleged misappropriation of plaintiffs' source code took place, where there was only hope and speculation as to what the additional discovery would uncover. Accordingly, I dissent.
In May 2011, plaintiffs commenced this action in which they allege that the individual defendants, while in plaintiffs' employ, misappropriated trade secrets, to wit, the source code underlying several component technologies of their flagship multi-asset class (MAC) risk-analytics software product, and used those secrets to develop a competing MAC software product for defendant Axioma. Among other things, plaintiffs allege that from June to November 2010 the individual defendants developed a plan to take certain intellectual property that they developed while working for plaintiffs to launch a competing business, and that in January and February 2011 they took plaintiffs' source code and algorithms with them to Axioma. Plaintiffs also allege that the individual defendants contemplated a nine-month time frame for building a valuation platform and that such a short time frame “would be impossible absent the misuse and misappropriation of [plaintiffs'] confidential and propriety information, including algorithms and source code.”
In September 2011, the parties negotiated and executed a confidentiality stipulation, so-ordered by the court (the CSO), which provided:
“35. MSCI, Axioma and Jacob ... shall deliver to [a neutral] two (2) full copies of the source code for each programs/products/components at issue in this action ... [and] in development ... [which] shall include all versions of such source code created from inception in buildable, runnable, native text format and in a file organization that retains the original directory structure of the code and any source code repository; and source code documentation.”
The CSO also provided that only the parties' experts would receive or see the material deposited with the neutral.
Defendants subsequently moved to compel plaintiffs to affirmatively identify their trade secrets with sufficient particularity, as demanded in defendants' interrogatories, and for a protective order relieving defendants of their obligation to produce Axioma's source code until plaintiffs complied. A compliance conference order entered March 30, 2012, directed the parties to submit briefs on the trade secrets issue and directed Axioma to “deposit source code with [the neutral] as soon as reasonably possible.” On April 4, 2012, Axioma deposited with the neutral 5,552 unique historical versions of its source code that had been created or modified during the 14–month period between February 24, 2011 and April 3, 2012.
By orders entered April 23, 2012 and on or about July 9, 2012, the court directed plaintiffs to identify their trade secrets with reasonable particularity. By order entered on or about November 21, 2012, the court adopted the report of a court-appointed expert stating that plaintiffs' second supplemental interrogatory response, served on August 27, 2012, identified certain of their trade secrets with reasonable particularity, and was insufficient in other respects. Meanwhile, by so-ordered stipulation entered on or about September 27, 2012, the parties agreed that the neutral should release each side's source code to the other's expert, which was done on or about October 4, 2012.
In a compliance conference order entered March 21, 2013, the court directed plaintiffs, among other things, to deposit their source code in buildable and runnable form, as required by the CSO; identify those lines of the source code that they claimed Axioma had misappropriated; and respond to defendants' outstanding document demands. Rather than comply, plaintiffs moved for a protective order and to compel Axioma to produce “all versions” of its source code. Defendants cross-moved to compel plaintiffs to fulfill their outstanding discovery obligations.
At oral argument, the court rejected plaintiffs' contention that it was entitled to a continuous updating of Axioma's source code for the life of the case as contrary to paragraph 35 of the CSO and as nothing more than a “fishing expedition.” Thus, the court found that defendants complied with their discovery obligations when Axioma deposited over 5,000 versions of its source code for a 14–month period—including the four-month period preceding the commencement of this lawsuit and the 10–month period thereafter.
The court then issued the order on appeal, entered August 15, 2013, in which it denied plaintiffs' motion “in regard to directing Axioma to continue to turn over new code beyond the 14 months already turned over”; denied plaintiffs' request for a stay of its discovery obligations; and granted defendants' cross motion by requiring plaintiffs to deposit its source code in buildable, runnable format and to respond to defendants' Interrogatories and discovery requests, as required in the March 21, 2013 order. The court also issued a separate compliance conference order, requiring, among other things, that plaintiffs respond to the Interrogatories and discovery requests by September 13, 2013, and turn over the buildable, runnable source code by September 30, 2013; that all depositions be completed by January 31, 2014; and that the note of issue be filed by April 4, 2014.
CPLR 3101(a) provides that “[t]here shall be full disclosure of all matter material and necessary in the prosecution or defense of an action.” In determining when disclosure is appropriate, “[t]he test is one of usefulness and reason” (Allen v. Crowell–Collier Publ. Co., 21 N.Y.2d 403, 406, 288 N.Y.S.2d 449, 235 N.E.2d 430  ). “Although the scope of discovery under CPLR 3101 is to be construed liberally, where discovery of trade secrets is sought, the party seeking disclosure must show that the information demanded appears to be indispensable to the ascertainment of truth and cannot be acquired in any other way” (Carecore Natl., LLC v. New York State Assoc. of Med. Imaging Providers, Inc., 24 A.D.3d 488, 489, 808 N.Y.S.2d 238 [2d Dept.2005] [internal quotation marks omitted] ). When viewed in light of these principles, I find that the motion court properly denied plaintiffs' motion to compel the perpetual production of highly sensitive trade secret source code created by Axioma from April 4, 2012 through the life of this action, a time period beyond that alleged in the complaint, which identified the period of misappropriation as from June 2010 through March 2011.
Contrary to the majority's view, the motion court reasonably concluded that paragraph 35 of the CSO required a single production of source code to the neutral, which was to include all of the code's previous versions, and that it did not create a continuing obligation to produce every future iteration of the code. This interpretation is consistent with the court's March 30, 2012 compliance order, which required Axioma to deposit source code with the neutral “as soon as reasonably possible.” Defendants complied with this obligation, producing 5,552 versions of its source code, as well as 24,391 “offline” source code documents.
Nor do I agree with the majority's finding that defendants' expert affidavit established the need for production of all versions of defendants' source code made until the date that Axioma's MAC product is released to the market. In seeking additional discovery of source code, plaintiffs' expert only speculated that “in the event Defendants altered Axioma's source code in an effort to disguise its use of MSCI's trade secrets,” those changes would appear in later versions of the code. Indeed, with respect to common code in the parties' respective products, the expert acknowledged that his review to date revealed only that “some of these files were third-party created, ‘off the shelf,’ source code files.” The expert could only speculate that “there may also be source code files created and developed by Axioma's employees outside of Axioma's Subversion system, and then added into the system in final form,” and plaintiffs presented no evidence to suggest that this scenario had in fact occurred.
The majority finds that plaintiffs' expert's opinion is not speculative because “he states that the versions of the source code already deposited ‘strongly suggest that the majority of development of Axioma's MAC [p]roduct actually occurred in the versions of source created or modified after April 3, 2012.’ ” However, the expert's conclusion was based on the fact that “the first 140 ‘versions' Defendants deposited include less than 200 source code files out of the total 2,167 unique source code files Axioma deposited [and] [t]he first 1700 versions contain less than half of all the source code files deposited.” Defendants produced 5,552 versions, and the expert did not address what the latter 3,852 versions contained.
Further, although the majority cites plaintiff's expert's statement that the code produced by defendants was in its “nascent state,” defendants' expert stated that his “initial analysis of Axioma's Deposited Source Code indicates that it is a complete and usable source code repository that was created in the normal course of the actual software development at Axioma.” While defendants' expert acknowledged that there were occasions where larger than average amounts of new source code were added to the Axioma project in a relatively short period of time, which could indicate that the source code originated in other places, he explained that “[u]pon further inspection, each of these periods of interest related to the introduction and use of third-party, off-the-shelf source code libraries.”
In sum, the motion court, which was intimately familiar with the discovery issues in the case, providently balanced plaintiffs' need for production of additional source code against the need to protect defendants from a fishing expedition that would allow plaintiffs to monitor the development of Axioma's new product, after it became apparent that discovery to date did not support plaintiffs' misappropriation claims as alleged in the complaint. As the court stated at oral argument, plaintiffs' theory that updated source code may provide evidence that Axioma somehow successfully concealed its misappropriation in the 5,552 versions of source code already deposited is “a great leap,” based upon mere speculation, without a factual predicate for the requested additional discovery ( see Viacom Intl. Inc. v. YouTube Inc., 253 F.R.D. 256, 260 [S.D.N.Y.2008] [“YouTube and Google should not be made to place this vital asset in hazard merely to allay speculation. A plausible showing that YouTube and Google's denials are false ... should be required before disclosure of so valuable and vulnerable an asset is compelled”] ).
The fact that the CSO calls for production to a neutral and review by plaintiffs does not justify continuous production of Axioma's post-April 3, 2012 source code. Careful and extensive confidentiality provisions are “not as safe as nondisclosure, [and t]here is no occasion to rely on them, without a preliminary proper showing justifying production of the search code” (Viacom, 253 F.R.D. at 260).
Accordingly, I would affirm the denial of plaintiffs' motion to compel.