Kim A. Leffert Graham M. Buccigross February 2 2016 Discovery of source code – fashioning a protective order Mayer Brown | Litigation - USA Kim A. Leffert, Graham M. Buccigross Litigation Production of source codeProtective order issuesCommentImagine that a technology company is involved in patent litigation that will require the production of source code. The general counsel wants a protective order that will protect the source code to the maximum extent possible.Production of source codeIn patent, trade secret and copyright litigation where computer-related software is accused or otherwise relevant, the parties must engage in the discovery of source code. Source code is the set of instructions for how a computer program operates, written in human-readable language. Source code is typically complex, lengthy (sometimes reaching several million lines of programming) and requires expert review, analysis and explanation. Companies whose software is integral to their products and services protect their source code zealously, considering it to be among their most confidential information. As a result, they will not make it available for discovery without the entry of a suitable protective order.In December 2015 the Sedona Conference – a non-profit research and educational institute whose mission is to study and advance law and policy regarding electronic discovery, IP rights, antitrust law and complex litigation – published the Commentary on Patent Litigation Best Practices: Case Management Issues from the Judicial Perspective Chapter. Best Practice 19 in the commentary focuses on the discovery of source code and states that: "The court should require the parties to address in the Rule 26 joint discovery plan how and where they believe any computer source code production should be made available to the parties and experts." The commentary suggests that discovery in patent litigation cannot begin in earnest until there is a protective order regarding how, when and where source code will be produced. As a result, the Sedona Conference recommends that the court require that before the first case management and scheduling conference, the parties set out in their Rule 26 joint discovery plan exactly how and where they believe any source code should be produced. This way the court can resolve issues before any undue delay or expense is incurred.Because source code is guarded so closely, the producing party typically provides it for inspection rather than producing copies of the source code. Typically, only outside counsel for the inspecting party and pre-approved experts can inspect code. Further, inspection typically takes place on a standalone (ie, non-networked) computer.Protective order issuesWhen preparing a protective order governing the production of source code, areas of consideration include the following:Use of analytic tools – a source code expert will typically need to use analytic or forensic tools to search the source code (eg, Grep). To avoid disputes, the protective order should address whether this is permitted and, if so, which tools are permitted. The inspecting party may further wish to specify that such tools be loaded onto the review computer before inspection begins.Place – inspection typically occurs at the offices of the producing party's litigation counsel. However, some parties insist that inspection take place at a certified escrow facility (eg, Iron Mountain). If inspection is to take place at an escrow facility, the protective order should specify who will cover the escrow fees.Timing – source code inspection is typically conducted during the producing party's counsel's normal operating hours and after a specified minimum amount of notice.Copying – some producing parties insist that the access ports and other functionality on the inspection computer be disabled in order to prevent unauthorised copying. Inspecting personnel may also be prohibited from bringing memory devices into the inspection room. Further, some protective orders specify how notes may be recorded.Printing – there are invariably restrictions on the overall amount of source code that can be printed. These restrictions are typically based on the quantity of pages and the overall proportion of source code. A carefully written protective order also specifies that review of the source code in the first instance is to occur via the standalone computer, rather than by printing out the code en masse. The inspecting party may wish to specify that it will have access to the printed pages at the same time it is inspecting the electronic code.Experts – the producing party typically requires that the inspecting party's expert(s) be pre-approved by the producing party after the inspecting party has produced information sufficient to allow the producing party to determine whether the potential expert has a potential conflict. There are usually presumptive limitations on the number of experts allowed to inspect the source code.Production – once the source code is printed, the producing party is typically given a few days to produce the printed copies to the inspecting party. The printed pages are often endorsed with a special source code designation defined in the protective order.Review and access to printed production – the inspecting party is generally prohibited from keeping an electronic copy of the source code and may be required to log access to the printed copies. Provisions should be made so that a copy can be delivered to the inspecting party's expert for further review and for court filings. Further, the parties may wish to specify who may be shown the printed production at deposition and whether the source code may be disclosed to mock juries.Prosecution bar – protective orders in patent cases invariably contain a 'prosecution bar', which forbids the attorneys who review the code from prosecuting patent applications related to the technology at issue for a specified amount of time.(1)Unauthorised disclosure – the protective order should address what steps must be taken should there be an unauthorised disclosure.Some courts have developed model protective orders that govern discovery until a specifically tailored protective order can be entered.(2)CommentProtective orders relating to the production of source code frequently contain specific provisions not necessarily found in many protective orders. It can be most efficient for the parties to negotiate the protective order before the initial case management conference so that they can present any disputes to the court at that time. To avoid disputes over an entered protective order, consider a protective order that is as specific as reasonably possible.For further information on this topic please contact contact Kim Leffert at Mayer Brown LLP's Chicago office by telephone (+1 312 782 0600) or email ([email protected]). Alternatively contact Graham M Buccigross at Mayer Brown LLP's Palo Alto office by telephone (+1 650 331 2000) or email ([email protected]). The Mayer Brown International LLP website can be accessed at www.mayerbrown.com.Endnotes(1) For further guidance see the Sedona Conference Commentary on Patent Litigation Best Practices: Case Management Issues from the Judicial Perspective Chapter, Best Practice 20.(2) See ND Cal, Stipulated Protective Order for Litigation Involving Patents, Highly Sensitive Confidential Information and/or Trade Secrets (2014), www.cand.uscourts.gov/model-protective-orders.