Court Grants Plaintiff Access to Computers Acquired by Defendant Two Years After Alleged Misappropriation
This litigation involved claims against a former employee for violations of the Computer Fraud and Abuse Act. Plaintiff claimed that defendant had removed proprietary information from his company-provided laptop in connection with his November 2003 departure, and then used that information after he began working for a competitor (“Southeast”). Plaintiff sought an order compelling defendant to produce a laptop provided to defendant by Southeast in December 2005 or January 2006 and a personal computer hard drive which defendant kept at his residence. Plaintiff argued that the computers were likely to have evidence of defendant’s alleged violation of the CFAA as the computers were the most likely places where he would have downloaded, pasted, transmitted, or otherwise deposited the alleged pilfered computer data.
Defendant asserted that any information on the personal computer and laptop related only to work performed by him subsequent to the acquisition of those computers, which he claimed occurred two years after his alleged misappropriation of computer data. Defendant also claimed that the request was overly broad.
The court granted the motion to compel production of the computers. The court found that plaintiff was entitled to production of the requested computers because they were, if plaintiff’s allegations were true, among the most likely places defendant would have downloaded or stored the data allegedly missing from plaintiff’s laptop. As such, the court found the request reasonably calculated to lead to the discovery of admissible evidence.
The court further found that defendant’s affidavit was not sufficient to deny plaintiff access to the computers. “A party cannot, by his own self-serving statements, deny the other party access to potentially relevant information.” Moreover, the court noted that the fact that the computers were allegedly acquired two years after the misappropriation was said to have occurred in no way foreclosed the existence of the pilfered data, or information related to such data, on the computers. The court found that it would certainly have been possible for defendant to transfer computer data acquired from plaintiff in 2003 to a computer he did not obtain until two years later.
The court entered a protective order regarding confidential information in the form requested by plaintiff, rejecting the two-tiered protection scheme sought by defendant and Southeast, which would have included an “attorneys-eyes-only” designation. The court further adopted plaintiff’s proposed computer forensics protocol, which the court found adequately balanced plaintiff’s need for the information sought with defendant’s scope and confidentiality concerns. The protocol included:
- Plaintiff’s computer forensics expert would be allowed to make images of the hard drives of the computers at issue;
- Copies of the imaged hard drives would be provided to defendant and the court 10 days before plaintiff’s computer expert could begin any investigation into those imaged drives;
- After defendant had had time to identify and seek protection for any objectionable information (such as privileged or work-product information) on the imaged hard drives, plaintiff’s forensic expert would then be permitted to perform keyword searches of the hard drives and, subsequently, would provide to both plaintiff and defendant a list of the file names identified through such searches;
- Defendant would then have an additional 10 days to object to production of the requested files, and files not objected to would be produced to plaintiff at the end of this period;
- Depending on the number of “hits” produced through the particular key words used in the search, the above process may need to be repeated using different lists of key words based on actual issues in the case;
- The forensics expert was authorized to search for any indications that external devices were used with the subject computers and, if so, to attempt to identify such memory devices.