Johnson et al v. Ford Motor Company, No. 3:2013cv06529 - Document 543 (S.D.W. Va. 2015)
Court Description: MEMORANDUM AND OPINION AND ORDER The Court Orders that Ford must provide the ETC source code in read-only format and need not provide Plaintiffs with write access to the ETC source code; parties are Ordered to meet and confer regarding the remaining terms of the special protective order and shall tender an Agreed Order Governing Disclosure of Ford's Source Code to the undersigned no later than 06/22/2015 as outlined within this Order. Signed by Magistrate Judge Cheryl A. Eifert on 6/12/2015. (cc: attys; any unrepresented party) (skm)
Download PDF
<![CDATA[
Johnson et al v. Ford Motor Company Doc. 543 IN TH E U N ITED STATES D ISTRICT COU RT FOR TH E SOU TH ERN D ISTRICT OF W EST VIRGIN IA H U N TIN GTON D IVISION CH ARLES JOH N SON , e t al., Plain tiffs , v. Cas e N o .: 3 :13 -cv-0 6 52 9 FORD MOTOR COMPAN Y, D e fe n d an t. MEMORAN D U M OPIN ION an d ORD ER On April 3, 20 15, the Court denied Ford Motor Com pany’s (“Ford”) m otion for a protective order that would have prohibited Plaintiffs from discovering Ford’s Electronic Throttle Control (“ETC”) system source code for various m akes and m odels of Ford vehicles.1 (ECF No. 421 at 1). However, the Court granted “Ford’s Motion to the extent that it request[ed] a protective order, separate from the universal protective order already entered in this case, (ECF No. 169), which is tailored to fit Ford’s particular concerns related to sharing its highly proprietary com m ercial inform ation with Plaintiffs.” (Id. at 2). Accordingly, the Court ordered the parties to m eet and confer on the subject of a special protective order concerning the production of Ford’s ETC source code. (Id. at 1-2). The parties were required to subm it an Agreed Order Governing 1 “Com puter program s are m ade up of lines of text written in a computer language, called the ‘source code’ of that program .” SAS Institute Inc. v. W orld Program m ing Ltd., --- F.Supp.3d ----, 20 14 WL 697830 0 , at *2 (E.D.N.C. Sept. 29, 20 14). Although this opinion references a singular “ETC source code,” Ford has represented to the Court that different versions of the ETC source code exist for each specific m odel line and possibly each specific type of vehicle within a m odel line (e.g. different engine types). (ECF No. 531 at 10 ). Ford possesses these different versions, including past versions, of the ETC source code. (Id. at 12). 1 Dockets.Justia.com Disclosure of Ford’s Source Code to the Court by April 13, or in the event that no agreem ent could be reached, to subm it their respective versions to the Court by the sam e date. (Id.) Since the Court’s April 3, 20 15 order, the parties have been unable to agree on a protective order governing the production of Ford’s ETC source code, and instead, have subm itted differing proposed protective orders. During a telephonic discovery conference on April 29, 20 15, the parties inform ed the Court that they principally disagreed over the form at in which Ford was to produce the ETC source code. Plaintiffs requested the code in “write-access”2 form at, while Ford argued that a “read-only” form at was m ore appropriate. The undersigned perm itted the parties to subm it briefing on the issue, (ECF Nos. 50 2 & 50 4), and held a hearing related to ETC source code discovery on May 28, 20 15, (ECF No. 531). After the hearing, Plaintiffs supplied the undersigned with a list of com puter software programs (or as Plaintiffs refer to them , “tools”) that they assert are necessary to effectively and efficiently analyze the ETC source code, and Plaintiffs designated on that list which form at the source code would have to be produced in for the specific tool to work. Ford responded to Plaintiffs’ list by providing the undersigned with a docum ent either agreeing or disagreeing with the use of each tool and asserting its own opinion as to which form at the ETC source code m ust be in to utilize each tool.3 2 Throughout this opinion, “write access” m eans that the source code is in a form at that provides the recipient of the code with the ability to change or edit the source code, including adding lines of code to, the source code. 3 Subsequent to Ford’s subm ission, Plaintiffs filed a Motion for Leave to Reply to Ford Motor Com pany’s J une 3, 20 15 Source Code Letter, (ECF No. 533), to which Plaintiffs attached a copy of their proposed reply brief. The Court GRAN TS Plaintiffs’ Motion for Leave to Reply and will consider Plaintiffs’ reply brief. 2 The Court has thoroughly considered the argum ents of the parties and ORD ERS that Ford m ust produce the ETC source code in read-only form at and need n o t provide Plaintiffs with write access to the ETC source code. Consequently, and keeping in m ind the guidance in this opinion as to the security protocols necessary for source code review, the parties are ORD ERED to m eet and confer regarding the rem aining term s of the special protective order and shall tender an Agreed Order Governing Disclosure of Ford’s Source Code to the undersigned no later than Ju n e 2 2 , 2 0 15. If the parties are unable to agree on the term s not resolved by this opinion, they shall subm it their respective versions to the undersigned by electronic m ail no later than 12:0 0 noon on J une 22, 20 15, and the disputed issues shall be addressed at the regularly scheduled telephone conference on J une 24, 20 15. I. Re le van t Facts These cases involve alleged events of sudden unintended acceleration in certain Ford vehicles m anufactured between 20 0 2 and 20 10 . In particular, Plaintiffs claim that their vehicles were equipped with defective ETC system s which were not fault tolerant, resulting in open throttle events during which the drivers of the vehicles lacked the ability to control the throttles. Plaintiffs assert that the m echanism s causing the throttles to open unexpectedly were num erous, including electrom agnetic interference, resistive shorts, and other voltage and resistance fluctuations, and that these issues were known to Ford. Despite having knowledge of the potential for sudden unexpected acceleration, Ford nonetheless failed to properly design the ETC system to correct the events when they occurred, and further neglected to install fail-safes, such as a Brake Over Accelerator system , that would allow the drivers to physically prevent or m itigate sudden acceleration. 3 In the course of discovery, Plaintiffs requested that Ford produce for inspection and review the source code for the ETC system . Ford objected, and the parties were unable to resolve the issue in inform al discussions. Ford then filed a motion for protective order, asking the Court to prohibit disclosure of the source code in its entirety. The Court denied Ford’s m otion and ordered the parties to m eet and confer regarding the term s for production of the ETC source code under a special protective order. The parties were not able to agree on the term s of a special protective order, and instead subm itted proposed protective orders and briefs outlining their respective positions. After discussing the issue no less than twice during telephonic discovery conferences, the Court held a hearing on the issue where testim ony was provided by two expert witnesses—Nigel J ones for Plaintiffs and Dr. J ohn Kelly on behalf of Ford. Mr. J ones earned a Bachelor of Science degree in Electrical and Mechanical Engineering from Brunel University in London, and he is currently em ployed at the Barr Group as Chief Engineer and at R.M.B. Consulting, Inc., as its president. (ECF No. 496-1 at 1-3). In these positions, Mr. J ones has designed both hardware and firm ware for various devices.4 (Id. at 1-2). Mr. J ones has also perform ed “expert witness work,” including reverse engineering of hardware and software, as well as code review. (Id.) At the hearing, Mr. J ones perform ed a dem onstration of the typical steps taken in reviewing source code. He utilized integrated developm ent environm ent software,5 4 Firm ware is defined as “com puter program s contained perm anently in a hardware device (as a read-only m em ory).” Merriam -Webster Online Dictionary, http:/ / www.m erriam -webster.com / dictionary/ firm ware (last visited J une 10 , 20 15). 5 An integrated development environm ent is “a program m ing environm ent that has been packaged as an application program , typically consisting of a code editor, a com piler, a debugger, and a graphical user interface (GUI) builder.” Search Software Equality, http:/ / searchsoftwarequality.techtarget.com / definition/ integrated-developm ent-environm ent (last visited J une 10 , 20 15). 4 which perm itted him to easily search, com pile,6 and debug7 source code. (ECF No. 531 at 47-51). In relation to reading and searching the code, Mr. J ones stressed that som e type of integrated developm ent environm ent m ust be used; otherwise, attem pting to read the code would be extremely tim e consum ing given that (1) a skilled engineer can only read and understand 10 0 lines of code each day, and (2) Ford’s ETC source code presum ably contains around one m illion lines of code. (Id. at 53). With regard to the use of a com piler, Mr. J ones displayed how a com piler can detect errors in the code during the com piling process and provide warnings at the com pletion of com piling. (Id. at 56). Because many different types of com pilers exist, Mr. J ones testified that he would need to obtain and use the sam e com piler that Ford uses when analyzing source code. (Id. at 60 ). Mr. J ones also em phasized the im portance of using a debugger to test “tim ing relationships” within the code, “race conditions,” and “stack usage.”8 (Id. at 50 -51). After explaining the usefulness of a debugger, Mr. J ones dem onstrated how code m ay be analyzed using a software sim ulator and the process of fault injection.9 (Id. at 6 A com piler is “[s]oftware that translates a program written in a high-level program m ing language ... into m achine language.” PC Magazine, http:/ / www.pcm ag.com / encyclopedia/ term / 40 10 5/ com piler (last visited J une 10 , 20 15); see also Am erican Heritage Dictionary Online, https:/ / ahdictionary.com / word/ search.htm l?q=compiler (last visited J une 10 , 20 15) (defining com piler as “[a] program that translates another program written in a high-level language into m achine language so that it can be executed.”); (ECF No. 531 at 48). In other words, a com piler translates source code into binary code or object code that can be understood by a com puter. 7 “Debugging software m eans locating the errors in the source code.” http:/ / www.pcm ag.com / encyclopedia/ term / 410 22/ debug (last visited J une 10 , 20 15). PC Magazine, 8 A stack is “[a] set of hardware registers or a reserved am ount of m em ory used for arithm etic calculations, local variables or to keep track of internal operations (the sequence of routines called in a program ). For exam ple, one routine calls another, which calls another and so on. As each routine is com pleted, the com puter returns control to the calling routine all the way back to the first one that started the sequence.” PC Magazine, http:/ / www.pcm ag.com / encyclopedia/ term / 51954/ stack (last visited J une 10 , 20 15). 9 Mr. J ones described what he m eant when using the term sim ulator: “I’m just talking about a sim ulator that will execute software, recognizing that’s [sic] not interacting with any real hardware. Because it allows me to do things like m easure how long a task takes to execute, measure how m uch stack size they use, and so on.” (ECF No. 531 at 61). 5 59-60 ). By using a software sim ulator, Mr. J ones explained that he could “change[] [Ford’s] code to force it to accept two inputs that then get processed,” so that he could see the affect that those changes have on the output. (Id. at 60 ). Mr. J ones acknowledged that by forcing the code to accept certain values, the resulting code was not the sam e code that is contained in Ford’s vehicles; however, he asserted that he would perform such testing if he were developing code for Ford and that fault injection using sim ulation software was necessary as som e faults are “very difficult to create in physical hardware.” (Id. at 59-60 ). When questioned by the Court whether the inputs that Mr. J ones required the code to accept could ever occur in “real life,” Mr. J ones responded: “[T]ypically, if, for exam ple, you have a frayed wire, a loose connection, or you’ve got a lot of interference from a cell tower, signals can take on just about any value. And so if I was designing som ething like [ETC source code], I would design the software to accom m odate any value.” (Id. at 63). Mr. J ones then further explained his m ethod of testing code using a sim ulator: “I would exam ine the code. I would develop som e hypothesis about m aybe this code doesn’t work the way it should. And then I would potentially construct an experim ent to test that hypothesis. Now, som etim es I can run the test purely as a thought experim ent. Other tim es I do need to go into the sim ulation environm ent because it is so com plicated and say, I am going to put these num bers in and see what com es out the other end.” (Id. at 64). Mr. J ones insisted that any changes m ade to source code can “always” be identified and presented one program that tracks source code changes. (Id. at 57). With regard to source code form at lim itations, Mr. J ones testified that he could use search and “com parison” tools on readonly source code, but could not use a debugger on read-only code because “you have to be able to create [] files in order to run the debugger.” (Id. at 65). It is also apparent that 6 the fault injection in the way described by Mr. J ones could not occur with read-only code.10 Dr. Kelly testified that he is a software engineer and that he has experience working with nuclear reactor safety shutdown system s, flight control system s, m edical devices, radiation devices, train control system s, and diesel engine control system s. (Id. at 81, 92). He stated that he had been hired as an expert in a num ber of cases “to assess and analyze” source code. (Id. at 81). Dr. Kelly asserted that he had “signed onto m any protective orders” in som e of those cases and that Ford’s proposed protective order for producing its ETC source code was “entirely consistent” with those past protective orders. (Id. at 82). According to Dr. Kelly, Plaintiffs are “looking for conditions that would cause the software to fail,” which can be accom plished by exam ining the software, developing a hypothesis, and then “actually testing the real binary on the real PCM [Powertrain Control Module] to see if that can occur.” (Id. at 83). Dr. Kelly explained that such testing could be perform ed on the hardware m odule, which is connected to a com puter, by forcing inputs into various input pins through the application of voltages to specific places on the hardware m odule. (Id. at 84). He insisted that write access to the source code was unnecessary to perform the testing that Plaintiffs desired and that there is no need “to change the code in order to test the binary.” (Id. at 83-84). In response to Mr. J ones’s dem onstration where he changed certain portions of the code, 10 At the conclusion of Mr. J ones’s testim ony, the Court inquired of Plaintiffs’ counsel whether Plaintiffs’ experts had perform ed black-box testing on any of the purportedly defective vehicles. (ECF No. 531 at 71). Black-box testing is the “[t]esting [of] software based on output requirem ents and without any knowledge of the internal structure or coding in the program .” PC Magazine, http:/ / www.pcm ag.com / encyclopedia/ term / 38733/ black-box-testing (last visited J une 10 , 20 15). According to Dr. Kelly, black-box testing m ay be utilized to test usability problem s, concurrency errors, initialization errors, term ination errors, ordering errors, and tim ing errors. (ECF No. 531 at 87-88). Plaintiffs’ counsel responded that testing “akin” to black-box testing had been perform ed on two vehicle m odels and that Plaintiffs’ experts were able to recreate sudden unexpected acceleration events during that testing. (Id. at 72, 75). 7 Dr. Kelly testified that the “num bers set in the [binary] code cannot change” in the real world. (Id. at 84). In relation to whether a read-only form at would obstruct Plaintiffs’ experts’ ability to analyze the source code, Dr. Kelly asserted that the integrated developm ent environm ent utilized by Mr. J ones could still be used with read-only access to the source code, as could a com piler and a debugger. (Id. at 86, 98, 10 0 ). Dr. Kelly also testified that read-only source code could be “put out on a sim ulator, as an em ulator,” and be tested.11 (Id. at 87). However, Dr. Kelly acknowledged that read-only source code could not be rewritten to cause it to fail, and could not be changed to inject faults into the code. (Id. at 89). On cross-exam ination, Dr. Kelly opined that whether the source code was produced in read-only form at or write-access form at would “m ake no difference” to the type of code analysis that he thought should be perform ed in this case. (Id. at 94). Dr. Kelly explained that “if [the source code] is writable, then you run into the problem with changing the code and tracking those changes and determ ining what code exactly it is that you are testing. … The problem is, in a com plex system … tracking all of the changes to the source code and how they are propagated down to the binary is very difficult.” (Id. at 94-95). Dr. Kelly acknowledged that it was possible to track any changes m ade to the source code, but insisted that changing the code “adds an incredible com plexity and it becom es extrem ely difficult to find out what files are actually on a binary. There are potentially thousands of files that can be changed in m any different ways, and it becom es next to im possible to determ ine accurately which file m ade up a particular binary. … [I]t becom es extrem ely difficult to figure out what it 11 An emulator is “[h]ardware, software or a com bination of the two that enables a com puter to run program s for another platform . … For exam ple, Apple's iOS ‘sim ulator’ and Google's Android ‘emulator’ are both software utilities that run their respective mobile apps in the com puter for testing purposes.” PC Magazine, http:/ / www.pcm ag.com / encyclopedia/ term / 42579/ emulator (last visited J une 10 , 20 15). 8 is you did at all.” (Id. at 96-97). On the subject of efficiency in analyzing the source code, Dr. Kelly opined that having the source code in write-access form at would not decrease the am ount of tim e necessary to perform m ost of the tasks that Mr. J ones dem onstrated. (Id. at 99). Dr. Kelly rem arked that the only process m ade easier with write-access source code would be testing the code by “forc[ing] it to have certain inputs,” which could also be done with black-box testing or white-box testing.12 (Id. at 99). With regard to fault injection, Dr. Kelly testified that “injecting faults into the code is changing the code,” and that he was unaware whether Ford injects fault into its source code during its testing process. (Id. at 10 1-0 2). Dr. Kelly also stated that, in his experience, deliberately m odifying source code so that it fails in order to determ ine how the code operates is not done as part of the source code developm ent and testing process. (Id. at 10 2). In addition, Dr. Kelly explained that he did not believe that there was any benefit to be gained from introducing errors into the code. (Id. at 10 3). He added that faults could be injected “into the as-built system ” by “set[ting] various ends to certain values” or corrupting certain m em ory locations. (Id. at 10 6). Before the hearing concluded, the parties discussed how the source code would be viewed by Plaintiffs’ experts. Plaintiffs’ counsel suggested that a physically secure room containing Ford’s server be created by Ford wherever it likes and that a virtual private network (“VPN”) be established between Ford’s server and another location near Plaintiffs’ experts. (ECF No. 531 at 112). The location near Plaintiffs’ experts would contain com puters for Plaintiffs’ experts’ use that would access Ford’s source code and 12 White-box testing is “[t]esting software with the knowledge of the internal structure and coding inside the program .” PC Magazine, http:/ / www.pcm ag.com / encyclopedia/ term / 54432/ white-box-testing (last visited J une 10 , 20 15). 9 any tools used to analyze the source code over the VPN. (Id. at 113). To access the com puters at the Plaintiffs’ experts’ location, Plaintiffs’ counsel suggested that the com puters be equipped with biom etrics scanners (e.g. fingerprint or retina scanners). (Id.) Plaintiffs’ counsel averred that any increased risk that Ford’s source code m ight be intercepted by a hacker who accesses the VPN was “not severe enough” to justify the cost and additional tim e that would be necessary if all of the source code review were to take place at a facility designated by Ford. (Id. at 114). In response, Ford’s counsel objected to Plaintiffs’ counsel’s VPN proposal and asserted that Ford’s source code has never been placed anywhere outside of a secured location at a Ford facility and that the code did not “get carried around or put up on other networks.” (Id. at 115, 119); see also (ECF No. 50 2 at 2) (Ford’s brief on the issue stating that Ford has never produced its ETC source code in the m anner proposed by Plaintiffs). Yet, Ford’s counsel acknowledged that pieces of the source code during the design stage m ight be transported out of Ford’s facility. (ECF No. 531 at 119-20 ). After hearing the parties’ positions, the Court m ade the parties aware that it shared Ford’s concerns as to Plaintiffs’ counsel’s VPN proposal. II. Po s itio n s o f th e Partie s In its brief filed before the hearing, Ford contends that Plaintiffs should only be perm itted to inspect and search a read-only version of the ETC source code, and that during Plaintiffs’ review of the source code, they should not be allowed to use “additional tools or applications,” including com pilers and sim ulators.13 (ECF No. 50 2 at 1, 10 ). Ford argues that Plaintiffs desire the production of the ETC source code in write13 At the hearing, Ford’s counsel indicated that he would have to speak with his client as to whether it objects to Plaintiffs’ experts’ use of a com piler or debugger on the ETC source code in read-only form at. (ECF No. 531 at 10 9). 10 access form at so that they can manipulate it, which Ford believes contradicts the Court’s prior ruling that ordered the production of the ETC source code for review . (Id. at 7). According to Ford’s brief, source code m ay be m anipulated “without leaving physical evidence or a trail of changes.” (Id. at 8). Ford argues that source code altered by Plaintiffs’ experts “would not be representative of the ETC system in vehicles sold by Ford,” because the binary im age flashed into the PCM ROM (read only m em ory) cannot be changed without a special tool to erase the ROM and flash a different binary im age into the ROM. (Id.) In addition, Ford insists that providing write access to the source code increases a wrongdoer’s ability to create a counterfeit Ford ETC system binary im age. (Id. at 8-9). Furtherm ore, Ford asserts that the ETC source code has never been provided to any non-Ford personnel, including suppliers, for anything other than “eyes on” review on “an as needed basis at a Ford facility on a Ford supplied com puter with a Ford em ployee present and operating the com puter.” (Id. at 9). In their brief subm itted before the hearing, Plaintiffs contend that they m ust have write access to the source code in order to perform an adequate and efficient analysis of the code. Plaintiffs claim that they m ust be able to test the source code by injecting faults “into Ford’s system to see how it handles or addresses those faults.” (ECF No. 50 4 at 2). They assert that “[t]his is a com mon and critical testing m echanism .” (Id.) Plaintiffs also m aintain that they m ust be able to analyze the “interactions between code sections,” and that this cannot occur just by reading the code. (Id. at 4). In addition, Plaintiffs insist that any changes that they m ake to the source code during their testing of the code can be revealed by using a file com parison tool. (Id.) Finally, Plaintiffs argue that they m ust be perm itted to use a com piler and any related tools in order to “gain a full understanding of how the system actually com m unicates,” and that if they do not 11 have access to a com piler, then the source code review process will be protracted and m ore expensive. (Id. at 7-8). After the hearing, Plaintiffs subm itted to the Court a spreadsheet containing the nam es and descriptions of approxim ately fifty software tools that they hope to use in analyzing the ETC source code. Plaintiffs also indicated whether those tools were com patible with a read-only version of the source code. Plaintiffs’ tool list includes virtual m achines for operating system s; com pilers, linkers, assem blers, sim ulators, debuggers, integrated developm ent environm ents, static analysis tools, scripts, and batch files used by Ford; custom tool developm ent program s; script developm ent software; searching and m atching program s; word processing program s; Adobe Acrobat; file com pression program s; an encryption program ; Linux editors; Windows editors; version control software; static analysis tools other than those used by Ford; file com parison software; a m etrics tool; and source code “form atters and beautifiers.” According to Plaintiffs, a m ajority of these program s can be used with a read-only version of source code, including the sim ulators and debuggers used by Ford. In contrast, Plaintiffs assert that the com pilers used by Ford “probably” require source code in a write-access form at. Nearly all of the tools listed by Plaintiffs would require write access perm ission for the file s y s t e m . In other words, those tools would require the ability to create files or data on the com puter’s hard drive or on the com puter’s network drive, but would not require the ability to change or edit the source code itself. In response, Ford’s counsel sent a letter inform ing the Court that Ford objected to Plaintiffs’ experts’ use of any com piling tools on Ford’s ETC source code. In the event that the Court allows Plaintiffs’ experts to utilize a com piler, Ford has requested that Plaintiffs’ experts’ com piler be sim ilar to that which Ford uses (the Green Hills Software 12 Integrated Developm ent Environm ent). Ford also objects to a m ultitude of Plaintiffs’ proposed tools on the grounds that they pose “a significant safety or security threat to Ford,” they require the source code in write-access form at in order to run, they “im plicate[] the production by Ford of source code for system s far beyond the ETC system ,” or they are duplicative of other tools that Ford has agreed Plaintiffs m ay use. Ford disagrees with Plaintiffs that m any of their listed tools m ay be used with source code in a read-only form at. Im portantly, Ford asserts that its sim ulators require source code to be in write-access form at; however, Ford’s com pilers, assem blers, linkers, and debuggers do not require write-access form at. Ultim ately, Ford has agreed to the use of six tools or types of tools proposed by Plaintiffs, including the static analysis tools used by Ford, Windows PowerShell version 5 (a script developing tool), Veracrypt (an encryption tool), PC-Lint (a static analysis tool), RSM (a m etrics tool), and Beyond Com pare (a file com parison tool). III. Re le van t Law Federal Rule of Civil Procedure 26(b)(1) provides that: Parties m ay obtain discovery regarding any m atter, not privileged, that is relevant to the claim or defense of any party, including the existence, description, nature, custody, condition, and location of any books, docum ents, or other tangible things and the identity and location of persons having knowledge of any discoverable m atter ... Relevant inform ation need not be adm issible at the trial if the discovery appears reasonably calculated to lead to the discovery of adm issible evidence. While the claim s and defenses raised in the case should be the focus of discovery, broader discovery is perm itted when justified by the particular needs of the case. Fed. R. Civ. P. 26(b)(1), advisory com m ittee notes (20 0 0 ). In general, inform ation is relevant, and thus discoverable, if it ‘“bears on, or ... reasonably could lead to other m atter[s] that could bear on, any issue that is or m ay be in the case. Although ‘the pleadings are the 13 starting point from which relevancy and discovery are determ ined ... [r]elevancy is not lim ited by the exact issues identified in the pleadings, the m erits of the case, or the adm issibility of discovered inform ation.’” Kidw iler v. Progressive Paloverde Ins. Co., 192 F.R.D. 193, 199 (N.D.W.Va. 20 0 0 ) (internal citations om itted). In m any cases, “the general subject m atter of the litigation governs the scope of relevant inform ation for discovery purposes.” Id. The party resisting discovery, not the party seeking discovery, bears the burden of persuasion. See Kinetic Concepts, Inc. v. ConvaTec Inc., 268 F.R.D. 226, 243-44 (M.D.N.C. 20 10 )(citing W agner v. St. Paul Fire & Marine Ins. Co., 238 F.R.D. 418, 424-25 (N.D.W.Va. 20 0 6)). Sim ply because inform ation is discoverable under Rule 26, however, “does not m ean that discovery m ust be had.” Schaaf v. Sm ithKline Beecham Corp., 233 F.R.D. 451, 453 (E.D.N.C. 20 0 5) (citing N icholas v. W y ndham Int'l, Inc., 373 F.3d 537, 543 (4th Cir. 20 0 4)). For good cause shown under Rule 26(c), the court m ay restrict or prohibit discovery when necessary to protect a person or party from annoyance, em barrassm ent, oppression, or undue burden or expense. Fed. R. Civ. P. 26(c). In addition, Rule 26(b)(2)(C) requires the court, on m otion or on its own, to lim it the frequency and extent of discovery, when (1) “the discovery sought is unreasonably cum ulative or duplicative;” (2) the discovery “can be obtained from som e other source that is m ore convenient, less burdensom e, or less expensive;” (3) “the party seeking the discovery has already had am ple opportunity to collect the requested inform ation by discovery in the action;” or (4) “the burden or expense of the proposed discovery outweighs its likely benefit, considering the needs of the case, the am ount in controversy, the parties’ resources, the im portance of the issues at stake in the action, and the im portance of the discovery in resolving the issues.” Fed. R. Civ. P. 14 26(b)(2)(C)(i)-(iii). This rule “‘cautions that all perm issible discovery m ust be m easured against the yardstick of proportionality.’” Ly nn v. Monarch Recovery Mgm t., Inc., 285 F.R.D. 350 , 355 (D.Md. 20 12) (quoting Victor Stanley , Inc. v. Creative Pipe, Inc., 269 F.R.D. 497, 523 (D.Md. 20 10 )). To insure that discovery is sufficient, yet reasonable, district courts have “substantial latitude to fashion protective orders.” Seattle Tim es Co. v. Rhinehart, 467 U.S. 20 , 36, 10 4 S.Ct. 2199, 81 L.Ed.2d 17 (1984). Federal Rule of Civil Procedure 26(c)(1)(G) allows the court, for good cause, to issue an order “requiring that a trade secret or other confidential research, developm ent, or com m ercial inform ation not be revealed or be revealed only in a specified way.” In order for the court to apply the rule, two criteria m ust exist. First, the m aterial sought to be protected m ust be “a trade secret or other confidential research, developm ent, or com m ercial inform ation.” Second, there must be a “good cause” basis for granting the restriction. The party seeking protection bears the burden of establishing both the confidentiality of the m aterial and the harm associated with its disclosure. Deford v. Schm id Prods. Co., 120 F.R.D. 648, 653 (D.Md. 1987) (citing Cipollone v. Liggett Group, Inc., 785 F.2d 110 8, 1121 (3d Cir. 1986)). Once these elem ents are dem onstrated, the burden shifts to the party seeking disclosure to show that the m aterial is relevant and necessary to its case. Em pire of Carolina, Inc. v. Mackle, 10 8 F.R.D. 323, 326 (D.C. Fla. 1985). The court “m ust balance the requesting party’s need for inform ation against the injury that m ight result if uncontrolled disclosure is com pelled.” Pansy v. Borough of Stroudsburg, 23 F.3d 772, 787 (3d Cir. 1994) (quoting Arthur R. Miller, Confidentiality , Protective Orders, and Public Access to the Courts, 10 5 Harv. L. Rev. 427, 432-33 (1991)). 15 If the court determ ines that disclosure is required, the issue becom es whether the m aterials should be “revealed only in a specified way.” Fed. R. Civ. P. 26(c)(1)(G). “Whether this disclosure will be lim ited depends on a judicial balancing of the harm to the party seeking protection (or third persons) and the im portance of disclosure to the public.” Id. Factors to consider when deciding if and how to lim it disclosure include: (1) whether disclosure will violate any privacy interests; (2) whether the inform ation is being sought for a legitim ate purpose or for an im proper purpose; (3) whether disclosure of the inform ation will cause a party em barrassm ent; (4) whether confidentiality is being sought over inform ation im portant to public health and safety; (5) whether the sharing of inform ation am ong litigants will prom ote fairness and efficiency; (6) whether a party benefiting from the order of confidentiality is a public entity or official; and (7) whether the case involves issues im portant to the public. Pansy , 23 F.3d at 787-91. The court exercises broad discretion in deciding “‘when a protective order is appropriate and what degree of protection is required.’” Furlow v . United States, 55 F. Supp. 2d 360 , 366 (D.Md. 1999) (quoting Seattle Tim es Co., 467 U.S. at 36). IV. D is cu s s io n As discussed above, the parties disagree over the form at in which the ETC source code m ust be produced. Beyond that, the parties also differ on what software tools Plaintiffs should be perm itted to use in viewing and analyzing the ETC source code. Having considered the parties’ subm issions and the testim ony adduced at the hearing, the Court finds that Plaintiffs are entitled to a read-only version of the ETC source code because the benefits that Plaintiffs seek from gaining access to the source code can be realized through a read-only form at. As Dr. Kelly testified, m ost of what Mr. J ones dem onstrated at the hearing can be perform ed on source code in a read-only form at. (ECF No. 531 at 99). The only possible lim itations of a read-only form at are that the 16 source code cannot be changed and faults cannot be injected directly into the source code by editing the code. (Id. at 89). However, as Ford and Dr. Kelly have pointed out, changing the source code would m ake the resulting code unrepresentative of the code contained in Plaintiffs’ vehicles. (Id. at 32-33, 10 4). Moreover, Dr. Kelly asserted that fault injection can be perform ed in a way that does not im plicate editing or adding lines to the source code. (Id. at 10 6). Under a proportionality analysis, at this juncture, any additional benefit of providing Plaintiffs with the code in a write-access form at does not outweigh Ford’s concerns about the security of its highly proprietary ETC source code.14 Furtherm ore, it would be prem ature, and possibly inefficient, to grant Plaintiffs write access to the ETC source code when they have yet to even review or analyze the code in a read-only form at. Accordingly, the Court ORD ERS that Ford m ust produce the ETC source code in a read-only form at. As for the specific program s that Plaintiffs’ experts m ay use, Ford inform ed the Court that its com piler and debugger could be used on read-only code, but objected to allowing Plaintiffs to use a com piler. The Court finds that Plaintiffs should be perm itted to use a com piler in analyzing the source code as the com piler m ay alert Plaintiffs to certain errors in the code. Moreover, the debugger requires com piled code. (ECF No. 531 at 49, 55-56, 86, 10 0 ). The Court agrees with both parties that Plaintiffs should be 14 Under the protective order related to source code in the Toyota unintended acceleration litigation, the plaintiffs’ expert, Michael Barr, was able to use the Green Hills Com piler and Sim ulator as well as a number of static analysis tools. Plaintiff’s Opposition to Toyota’s Daubert Motion to Exclude the Expert Testim ony of Michael Barr at 25, In Re: Toy ota Motor Corp. Unintended Acceleration Marketing, Sales Practices, & Products Liability Litigation, No. 8:10 -cv-0 1460 -J VS-FMO (C.D. Cal. Sept. 9, 20 13), ECF No. 10 0 . It is unclear whether the plaintiffs were given write access to Toyota’s source code. Many of the provisions related to analysis of the source code have been redacted from the version of the protective order available to this Court. See Redacted Stipulated Protective Order Governing the Exchange and Handling of Source Code and Source Code Related Material at 13-16, In Re: Toy ota Motor Corp. Unintended Acceleration Marketing, Sales Practices, & Products Liability Litigation, No. 8:10 -ML0 2151-J VS-FMO (C.D. Cal. Mar. 31, 20 11), ECF No. 1344. 17 required to use a compiler that is sim ilar to the com piler that Ford used in developing the ETC source code, so that there is no discrepancy as to how the code was com piled when it was analyzed by Plaintiffs’ experts. Ford offers m ultiple argum ents against the rem ainder of Plaintiffs’ proposed tools. First, Ford argues that certain program s m ay allow m odification of the ETC source code in RAM (random access m em ory) without being able to trace any edits, or perm it Plaintiffs’ experts to create additional tools for source code review without Ford’s knowledge. However, Plaintiffs and their experts are instructed by this opinion that they are not to change or edit the ETC source code in any w ay when perform ing their analysis of the code. Furtherm ore, Plaintiffs shall be required to disclose all of the software tools that they plan to use in analyzing the source code te n bu s in e s s d ays be fo re th e y p lan to u s e e ach to o l. Plaintiffs’ obligation will be continuous so that any new tools m ay not be used to analyze the source code without first notifying Ford and providing Ford the opportunity to voice any concerns to Plaintiffs and lodge an objection to the use of the tool with this Court within fiv e d a y s o f Pla in t iffs ’ p r o p o s e d u s e o f t h e t o o l. If Ford objects to the use of the tool, then the tool will not be used until the parties reach a resolution on the issue or the Court resolves the issue. 15 With these param eters in m ind, the parties are advised that Plaintiffs will likely be perm itted to use standard read-only com patible tools on the ETC source code so long as repeated testing does not unnecessarily delay the discovery process. In addition, Ford contends that som e of Plaintiffs’ proposed tools will require the production of source code beyond the ETC source code. The Court need not address that 15 This is sim ilar to the tool provision in the Toyota unintended acceleration litigation. Redacted Stipulated Protective Order Governing the Exchange and Handling of Source Code and Source Code Related Material at 14, In Re: Toy ota Motor Corp. Unintended Acceleration Marketing, Sales Practices, & Products Liability Litigation, No. 8:10 -ML-0 2151-J VS-FMO (C.D. Cal. Mar. 31, 20 11), ECF No. 1344. 18 concern at this tim e given that Plaintiffs have form ally requested the ETC source code only; therefore, they have been granted access to the ETC source code only. If after reviewing the ETC source code, Plaintiffs believe that other portions of source code are indispensable to com pleting a proper and efficient analysis of the ETC source code as it is relevant to the claim s and defenses in this litigation, then Plaintiffs m ay return to the Court and dem onstrate good cause for the production of additional portions of source code. Ford also objects to the use of certain proposed tools on the grounds that they are duplicative of other proposed tools, or that Ford does not use those tools in developing its source code. For exam ple, Ford suggests that Plaintiffs’ experts should not be perm itted to use m ultiple static analysis tools. Yet, the NASA Engineering and Safety Center recognized the value of utilizing different static analysis tools in conducting its review of Toyota’s source code: The team ’s experience is that there is no single analysis technique today that can reliably intercept all vulnerabilities, but that it is strongly recom m ended to deploy a range of different leading tools. Each tool used can excel at a different aspect of static analysis, which results in rem arkably little overlap in the set of warnings that is produced. The com bination of different analyzers achieves the highest value in analysis results. NASA Engineering and Safety Center, National Highway Traffic Safety Adm inistration Toyota Unintended Acceleration Investigation – Appendix A, 9 (20 11), available at www.nhtsa.gov/ staticfiles/ nvs/ pdf/ NASA_ FR_ Appendix_ A_ Software.pdf.16 When the potentially differing strengths and weaknesses of the tools are taken into account, the tools about which Ford com plains m ay not be duplicative at all. Moreover, there is no 16 Plaintiffs’ proposed tool list includes som e of the tools used by NASA’s engineers in testing Toyota’s source code, such as Coverity (a static analysis tool) and Sim ulink (a program used to design, sim ulate, and test system s). National Highway Traffic Safety Adm inistration Toyota Unintended Acceleration Investigation – Appendix A at 10 , 12. 19 evidence that deploying sim ilar tools to analyze the ETC source code will unreasonably delay the analysis process. Furtherm ore, there is som e value in allowing Plaintiffs’ experts to use certain analytical tools that Ford does not typically use in the developm ent process. See id. at 26 (stating that NASA engineers “intentionally applied analysis tools” not used by Toyota). In sum , Ford’s objections to the read-only com patible tools proposed by Plaintiffs are unconvincing. The Court ORD ERS that Plaintiffs’ experts are entitled to use those program s listed in their spreadsheet that are com patible with a read-only form at so long as the use of m ultiple tools does not unnecessarily delay the discovery process. For any additional tools that Plaintiffs’ experts wish to use, Plaintiffs m ust follow the process described above. Having concluded that Plaintiffs are entitled to the ETC source code in a readonly form at and that Plaintiffs m ay use the listed tools that are com patible with such a form at, the Court finds that Plaintiffs should start their analysis of the ETC source code with the vehicle m odels that they have already tested. As noted above, Plaintiffs’ counsel has represented that testing was perform ed on two models and that Plaintiffs’ experts were able to recreate sudden acceleration events during that testing. (ECF No. 531 at 72, 75). Plaintiffs’ experts should begin their source code analysis on the source code used in those two m odels (the 20 0 5 Explorer and the 20 0 5 Mustang). (Id. at 76). After an initial review of the ETC source code for those m odels, Plaintiffs shall report back to the Court with an estim ate of the tim e that it will take to com plete the ETC source code analysis for those two m odels. Plaintiffs shall also provide the Court with an estim ate of tim e that it will take to analyze the ETC source code for the additional models at issue in this litigation, as well as a proposed schedule setting forth in order of priority the vehicle 20 m odels and years from which the ETC source code shall be analyzed. Finally, the parties are ORD ERED to m eet and confer regarding the rem aining term s of the special protective order and shall tender an Agreed Order Governing Disclosure of Ford’s Source Code to the undersigned no later than J une 22, 20 15. As previously stated, if the parties cannot agree on the term s not resolved by this opinion, they shall subm it their respective versions to the undersigned by electronic m ail no later than 12:0 0 noon on J une 22, 20 15 and the disputed issues shall be addressed at the regularly scheduled telephone conference on J une 24, 20 15. The Court urges both parties to review the redacted source code protective order filed in the Toyota sudden unintended acceleration litigation 17 to ascertain its applicability in the instant m atter. As the Court stated at the hearing on this issue, the Court is not inclined to adopt Plaintiffs’ VPN proposal. The source code review should occur in a secure room in a secure facility where access to the room m ay be strictly controlled.18 Additionally, the Court suggests that any person who reviews the source code be required to sign a confidentiality agreem ent that includes a penalty clause for failure to com ply with the term s of the agreem ent. Furtherm ore, no copies of the source code or any portion thereof (including electronic copies) shall be m ade, unless the parties otherwise agree, and no outside electronic devices shall be perm itted in the secure room . To the extent that the parties have not already reached agreem ent on the following issues, the parties should also consider: the num ber of com puters that will be placed in the secure room ; what specifications those com puters will have; how Plaintiffs’ experts’ tools (software) will be 17 ECF No. 1344 in Case No. 8:10 -ML-0 2151-J VS-FMO (C.D. Cal. Mar. 31, 20 11). 18 By electronic m ail sent on J une 11, 20 15, Ford suggests that the review occur at “a secure location at a Ford Building with Ford IT infrastructure” to offer the best protection, and access to IT support if necessary. Ford indicates that it is in the process of identifying a location that will accom m odate Plaintiffs’ desire to analyze the source code after regular business hours. 21 loaded onto the com puters; how access to the secure room will be m onitored (e.g. by a security guard, with cam eras, etc.); if the inside of the secure room will be m onitored; whether a neutral system adm inistrator will be required; the days and hours that Plaintiffs’ authorized experts or representatives m ay access the secure room ; how Plaintiffs will notify Ford of the identity of those who will be accessing the secure room; whether note taking will be allowed, and if so, how those notes will be stored; the process for returning the notes to Ford at the conclusion of the litigation; where expert reports will be written; and if there will be a lim itation on citing to the source code in any docum ents filed with the Court. The Clerk is directed to provide a copy of this Order to counsel of record and any unrepresented party. EN TERED : J une 12, 20 15 22
]]>
Some case metadata and case summaries were written with the help of AI, which can produce inaccuracies. You
should read the full case before relying on it for legal research purposes.
This site is protected by reCAPTCHA and the Google
Privacy Policy and
Terms of Service apply.
