Often critical issues in technology litigation hinge on review of source code. In many cases, most of the value in highly litigated products lies in their software. Determining whether a product infringes a patent, or if a trade secret has been misappropriated, is increasingly a question of examining software. A previous blog post described reviewing source code in litigation. This work nearly always requires a source code expert witness. In a recent technology case, 2:18-cv-00546-JRG Canon, Inc. v. TCL Electronics Holdings Ltd. (United States District Court for the Eastern District of Texas) a U.S. District Judge issued a standing order on pretrial procedures during the pandemic. The judge found that in-person source code review “is unduly hazardous, and in some cases impossible, during the COVID-19 crisis.” His order invites parties to “submit creative proposals” that will allow for review “while protecting the security of the source code—which is highly sensitive and valuable information—as best as possible under the circumstances.” Attorneys are now faced with a world in which travel is difficult and even Supreme Court cases are argued over Zoom. How will this vital part of the discovery process continue? What role can a remote source code expert witness play?
How was source code review done pre-pandemic?
Traditionally the procedure for source code review begins with the Court entering a protective order to establish conditions of access. Work is typically done at the office of the producing party’s outside counsel. Sign-in sheets record when the code was read. Standard software tools are provided, such as Eclipse. Some amount of code can be printed out to use in expert witness reports.
Networked devices with a camera such as a phone, tablet or computer are rarely allowed in the source review room. An Apple Watch can be helpful in this context, since it does not present a security threat (it has no camera) but can access email and messaging services.
Remote access possibilities
With social distancing and air travel restrictions, there are several possibilities to allow discovery to continue without posing an infection risk.
In the case mentioned above, the plaintiff moved to modify the protective order, proposing remote access to the code via a virtual private network (VPN) or other secure connection. To allay fears of software downloading or picture-taking, they also offered to install a camera in the review room. One possible tool for this is TeamViewer, pictured below. It replicates the screen of the reviewing computer anywhere with a network connection. Using it, the software installation used with in-person review can be retained.
However, a continuous video feed exceeds the level of oversight found in traditional arrangements. Opposing counsel tends to look in every hour, but in my experience, they do not find constant monitoring necessary.
As is clear from the case cited above, there are no standard practices, so the remote source code expert witness may need to propose a solution acceptable to both sides.
Alternatives to remote access technology
When interviewing experts, attorneys are now asking questions like:
Have you ever performed source code review remotely? If so, what protections were put in place and was there a particular tool you used?
No remote access tool can offer perfect security, and if concern about this is an impediment to progress, counsel could ship encrypted DVDs with the source tree to the expert. In the cases I have worked on, one or two DVDs would have held the complete data set. The protective order would specify that the expert takes sole custody of the storage media and retains no copies of the code once discovery is complete.
If that arrangement is also unacceptable to the producing party, a laptop with an encrypted disk can be shipped to the source code expert witness working remotely. The producing party’s IT staff can lock down peripherals and communication ports on the laptop so they cannot be used. For even higher security, a GPS tracker can be attached to the laptop.
Attorneys who engage an expert witness with experience in remote access tools and alternatives for remote source review will find that the “new normal” need not cause delays in discovery. In patent, trade secret or other matters, several techniques are available to securely review source code as part of discovery, without physical presence at the producing party’s office.
About the author
Dr. Chris Daft is an award winning, Oxford Educated scientist. He is an expert witness and consultant whose areas of expertise include source code review, signal processing and medical imaging. Dr. Daft has extensive Intellectual Property experience including patent development, licensing, and serving as an expert witness who has given opinion testimony at deposition and trial. He is a serial inventor who holds 24 U.S. Patents with more pending. Dr. Daft holds a BA and MA in Physics from Oxford, and a Doctorate from Oxford in Materials Science. The author may be contacted at: