Opinion
11-CV-726 (CBA)
08-27-2012
MEMORANDUM AND ORDER
ROANNE L. MANN, UNITED STATES MAGISTRATE JUDGE:
The Court is in receipt of the parties' joint status report dated August 8, 2012, as well as their supplemental submissions relating thereto; once again, they have failed to reach agreement over the scope of further discovery. See Joint Status Report ("8/8/12 Let."), Electronic Case Filing ("ECF") Docket Entry ("DE") #234. This latest round of discovery disputes arises out of plaintiffs' request for documents reflecting the number of times employees of defendant Tri-State Surgical Supply & Equipment, Ltd. ("Tri-State") logged into plaintiffs' Genesys software during the period from July 11, 2010 to March 7, 2011 (the "Login Request").
Indeed, the parties cannot even agree as to what should be contained in a "joint" status report. See Letter to Judge Mann (Aug. 9, 2012), DE #236 (objecting to Tri-State's August 8, 2012 joint status report); see also Plaintiffs' Letter Addressed to Judge Mann (Aug. 15, 2012) ("Pl. 8/15/12 Let."), DE #240 (responding to outstanding issues identified in August 8, 2012 joint status report); Tri-State's Response to Plaintiffs' August 15, 2012 Letter, DE #241 (responding to plaintiffs' response to joint status report).
Although, strictly speaking, plaintiffs made four separate but related requests for documents reflecting the number of Genesys log-ins, the parties generally use the singular in referring to plaintiffs' requests for "log-in information." See Tri-State's Responses & Objections to Plaintiffs' Third Request for Production of Documents, DE #191-7 (Requests No. 38-41). For ease of reference, this Memorandum and Order will similarly refer to the four requests, collectively, as the "Log-In Request."
For the reasons set forth below, the Court declines, in large part, to grant the discovery requested by plaintiffs.
BACKGROUND
A detailed history of this case is contained in this Court's June 13, 2012 report and recommendation on Tri-State's motion for partial summary judgment. See generally Report and Recommendation (June 13, 2012) ("6/13/12 R&R"), DE #196, adopted by Memorandum and Order (Aug. 13, 2012), DE #238. Only those facts relevant to the instant dispute are recounted herein.
Genesys is an accounting software program, distributed by plaintiff Point 4 Data Corporation, that operates on a computer development platform called UniBasic, which was created by plaintiff Dynamic Concepts, Inc. See 6/13/12 R&R at 2. In this action, plaintiffs allege that Tri-State unlawfully circumvented security protections embedded in their software, in violation of the Digital Millennium Copyright Act, 17 U.S.C. § 1201 et seq. ("DMCA"), which allows for statutory damages "per act of circumvention." See 17 U.S.C. § 1203(c)(3); see also 6/13/12 R&R at 22-30. Plaintiffs' legal theory in this matter is that each time a Tri-State employee logged into Genesys, a separate "act of circumvention" occurred for purposes of statutory damages. Thus, plaintiffs' Log-In Request seeks information relevant to their demand for damages.
UniBasic is a platform used in conjunction with a Unix operating system. See Declaration of Douglas Chadwick (Feb. 10, 2011) ¶ 2, DE #135. The parties and the Court sometimes refer to UniBasic and Unix files and log-ins interchangeably.
Although plaintiffs' Log-In Request relates only to documents evidencing the number of log-ins into Genesys, plaintiffs equate a log-in to UniBasic/Unix with a log-in to Genesys. See Transcript (June 18, 2012) at 17, DE #200. Tri-State disputes that the aforesaid log-ins are equivalent. See id. at 13-14. Without ruling on plaintiffs' theory, this Court allowed discovery as to the UniBasic log-ins. See id. at 21.
Despite the obvious importance of this information to their DMCA claim, plaintiffs waited until nearly the end of discovery to request this information.
I. Identifying the Files Responsive to the Log-in Request
On June 8, 2012, plaintiffs moved this Court to compel Tri-State to, inter alia, respond to their Log-In Request. See Letter to Judge Mann re Discovery Issues (June 8, 2012) at 2, DE #191. In response, Tri-State argued that plaintiffs' motion with respect to the Log-In Request should be denied as moot, as Tri-State was not aware of any documents reflecting this information and plaintiffs reportedly had acknowledged to Tri-State that they were not aware that any responsive documents existed. See Letter in Response to Plaintiffs' June 8, 2012 Letter (June 14, 2012) at 1, DE #197.
On June 18, 2012, this Court held a telephone conference to discuss the Log-In Request, as well as to address other disputed issues. See Transcript (June 18, 2012) ("6/18/12 Tr."), DE #200. During the conference, the Court, as an initial matter, questioned plaintiffs' need for the requested log-in information, as plaintiffs had previously included in their discovery responses a very specific damage calculation based on a precise number of log-ins. See 6/18/12 Tr. at 3-4; see also Dynamic Concepts Incorporated's Amended Responses to Interrogatories (Dec. 30, 2011) at 8, DE #132-18 (plaintiffs asserted that there were 17,393 separate acts of circumvention). In response to the Court's query, plaintiffs explained that they had obtained three days' worth of responsive log-in data from Tri-State's previously produced image drive, and that, by using a "simple command," they were able to call up the log-in data for those three days, from which they then extrapolated the log-ins for the entire time period. See 6/18/12 Tr. at 4. During the conference, plaintiffs conceded that this extrapolation technique was "a perfectly legitimate way to go," but that it was "always nice to have more days of data and that data should be there." 6/18/12 Tr. at 5.
Responding to plaintiffs' desire for additional data, Tri-State repeatedly objected on the ground that plaintiffs had refused to specifically identify the name of the file containing the data or where the file could be located. See 6/18/12 Tr. at 7-8, 13, 22. Plaintiffs then explained that the responsive "document" was actually a "command" that would call up a "simple text file" that contained the log-in data and that plaintiffs were "perfectly happy to just get the file" containing the log-in data. See id. at 6, 10.
After the Court compelled Tri-State, on the record, to "produce information regarding the number of [UniBasic] log-ins for the reference[d] period," Tri-State requested that plaintiffs provide them with a file name. See id. at 21. The Court directed plaintiffs' counsel to provide Tri-State's counsel with a file name. See id. at 23; see also Minute Entry (June 18, 2012), DE #199.
The next day, plaintiffs emailed Tri-State information identifying the two directory paths or "folders" from which plaintiffs had previously extracted relevant log-in data. See Email from Jason Koral (June 19, 2012) ("6/19/12 Koral Email"), DE #212-A. In addition, they stated that additional log-in information may be located "in the etc/password file." See id.
The two folders were "/var/opt/K/SCO/Unix/5.0.7Hw/etc/wtmp" and "/var/opt/K/SCO/Unix/5.0.7Hw/etc/wtmpx." See 6/19/12 Koral Email. Although plaintiffs claim that they provided specific file names, the 6/19/12 Koral Email does not appear to disclose anything other than locations for files.
II. Technical Issues with Computer Storage Devices to Be Searched
While attempting to clarify what computer files would reflect the requested log-ins, the parties also conferred on what computer storage devices (e.g., hard drives, servers) might contain the files. Three storage devices relevant to the current dispute are (1) the hard drive of a 2007 server used by Tri-State during the relevant time period (the "Hard Drive"); (2) a forensic copy of the Hard Drive, made by Tri-State's third-party consultant Driven (the "Driven Copy"); and (3) a "mirror-image" of the Hard Drive (the "Second Disk Drive"). See generally Letter to Judge Mann re Motion to Compel (July 9, 2012), DE #212.
In attempting to comply with this Court's June 18, 2012 Order concerning the Log-In Request, Tri-State discovered that its Hard Drive had failed, and that the data contained on the Driven Copy could not be read. See id. at 1. The parties eventually agreed that Tri-State would, at its expense, send the Hard Drive and the Driven Copy to a third-party computer specialist, Drive Savers, Inc. ("Drive Savers"), to determine if either could be restored. See Minute Entry (July 24, 2012), DE #229. Drive Savers thereafter reported that it was "very pleased to have accomplished a successful recovery from both of [the drives]," given their "damaged state." See Email from Dave Falzone (Aug. 2, 2012), DE #234-1.
Drive Savers then sent the restored Hard Drive and Driven Copy (as well as imaged copies of both) to Driven, so that Driven could search for log-in data in the file locations identified by plaintiffs. See 8/8/12 Let. at 1. During its review, Driven confirmed that the Hard Drive had been restored. Driven also confirmed that the files "[p]laintiffs are seeking (i.e. Unix wtmp and wrmpx files from February 17, 2011 - March 7, 2011) [were] not present on the Hard Drive - [and that] the only Unix wtmp and wtmpx files present on the restored Hard Drive are all from after March 7, 2011." Declaration of Robert Hook ("Hook Decl.") ¶ 5, DE #234-2 (emphasis added). In contrast to its review of the Hard Drive, Driven was not able to read the Driven Copy, and so it could not be searched for responsive data. See id. ¶ 6.
Although it seems counterintuitive that a "restored" drive would be unreadable, Tri-State explains that Drive Savers was responsible for the logical recovery of the drives and that Driven then was responsible for "mounting" the drives, which in turn reveals whether a drive is readable. See 8/8/12 Let. at 2 n.2. Plaintiff does not dispute Tri-State's explanation for the apparent contradiction in terms. See generally Pl. 8/15/12 Let.
DISCUSSION
Not satisfied with the outcome of the Drive Savers restoration and Driven search, plaintiffs now request (1) that they and their expert, Steve Moritsugu ("Moritsugu"), be allowed to access and examine the Hard Drive and Driven Copy, as well as the Second Disk Drive; and (2) that Tri-State be required to provide an affidavit listing (a) the servers and media it used during the time period of the Log-In Request, and (b) "the specific steps taken by Tri-State to locate log-in information." See Pl. 8/15/12 Let. at 4.
I. Access to Tri-State's Computer Equipment
A. Inspection of the Hard Drive and Driven Copy
Characterizing as "sketchy" the information provided by Tri-State and the two third-party consultants, plaintiffs request that the Hard Drive and Driven Copy be "sent to [p]laintiffs for analysis." See 8/8/12 Let. at 6. Pointing to an earlier order by the Honorable Carol B. Amon denying a prior request by plaintiffs for access to other Tri-State servers, see Order (Nov. 14, 2011) ("11/14/11 Order"), DE #102, Tri-State counters that, if plaintiffs wish to conduct further testing and searching of the Hard Drive and the Driven Copy, then plaintiffs should be required to hire, at their expense, a neutral third-party expert for that purpose. See id. Plaintiffs oppose that proposal. See Pl. 8/15/12 Let. at 1-2. Neither party cites any case law in support of their respective positions.
Plaintiffs clarify, in a later submission, that they would have their expert, Moritsugu, "identify the files to extract and the commands for extraction." Pl. 8/15/12 Let. at 2. An employee of plaintiff Dynamic Concepts, Inc., Tom Marrs, would then "carry out the actual extraction work." Id.
In particular, plaintiffs state that they seek access to these drives in order to "(a) analyze the file list and file structure to check for the existence of additional log-in information and to determine which files were restorable (and which not); (b) verify that the recovered drives are fully bootable and contain a functional [operating system] as per Tri-State's representation that the restoration was complete and forensically sound; and (c) analyze system files to help verify the identity of the server or servers with which that drive was associated." Pl. 8/15/12 Let. at 2.
As is evident from the litany of data analyses plaintiffs plan to undertake if granted access to the Hard Drive and Driven Copy, plaintiffs' request far exceeds the "simple text file" reflecting log-ins that they claimed they needed during the June 18, 2012 telephone conference with the Court. For example, plaintiffs do not attempt to justify in any way how understanding which servers are associated with which hard drives is germane to documents responsive to their Log-In Request. This Court declines to indulge plaintiffs' attempts to belatedly shoehorn unrelated discovery into its Log-In Request.
As for their desire to search for additional log-in data, although plaintiffs claimed to be able to provide a command that would access a simple text file, they instead disclosed to Tri-State three folders where the relevant data files might be located. Driven has submitted a declaration that the only Unix twmp and twmpx files on the Hard Drive are all from after March 7, 2011, regardless of their folder location. Driven's declaration does not, however, state whether this addresses plaintiffs' reference to "etc/password file" as a possible location for the log-in data. See Pl. 8/15/12 Let. at 2. Therefore, Tri-State is directed to submit a supplemental Driven declaration by September 5, 2012, confirming whether it was able to locate "etc/password files" on the Hard Drive and, if so, whether those files contained any data responsive to the Log-In Request.
Plaintiffs claim that having access to the Hard Drive might allow them to uncover additional log-in data because the location and/or name of the data depend on how Tri-State structured its files on the Hard Drive. The Court, however, will not allow plaintiffs to embark on a fishing expedition for information, particularly where plaintiffs are unable to provide an actual file name or command for retrieving the additional log-in data. See Trilegiant Corp. v. Sitel Corp., 275 F.R.D. 428, 435-36 (S.D.N.Y. 2011) (denying motion to compel, where party seeking discovery did not specifically identify any withheld documents responsive to its request and the existence of additional documents was "[m]ere speculation"); Croom v. Western Conn. State Univ., No. Civ. 3:00CV1805(PCD), 2002 WL 32503667, at *2 (D. Conn. Mar. 20, 2002) (denying motion to compel production of entire personnel file, where plaintiff failed to identify the specific information contained in her personnel file that she was seeking). Such unfettered access to Tri-State's drives is especially inappropriate, where, as here, there is less need for the data inasmuch as plaintiffs have already conceded that proceeding with an extrapolation of the three days' worth of log-in data is "a perfectly legitimate way to go." See 6/18/12 Tr. at 5. Furthermore, in similar circumstances, the District Court refused to grant plaintiffs' request to explore at will Tri-State's electronic files. See 11/14/11 Order.
Indeed, as part of negotiations concerning other discovery, Tri-State was willing to stipulate to the extrapolation of the three-days' worth of data, thereby suggesting that the methodology was not unreasonable. See Joint Status Report (Aug. 1, 2012) at 2, DE #232.
Finally, there is nothing in the record, apart from sheer speculation, to suggest that the quality of work undertaken by Drive Savers and Driven was incompetent or less than thorough. For the reasons identified above, if plaintiffs wish to duplicate the restoration and search efforts of the Drive Savers and Driven, plaintiffs may retain, at their expense, a neutral third-party expert to do so. Any searching of the Hard Drive and Driven Copy shall be limited to the three folders/files previously identified by plaintiffs. Plaintiffs' request to personally access and examine Tri-State's Hard Drive and Driven Copy is denied.
B. Inspection of the Second Disk Drive
Plaintiffs became aware of the Second Disk Drive as early as February 2011, when their retained investigators discovered it at Tri-State's headquarters. See 8/8/12 Let. at 3. Their investigators ultimately reported that the Second Disk Drive had "failed" and that the there was "[n]o suspicion of tampering or destruction" associated with the failure. See id.; Threat Management and Protection, Inc. Report (Feb. 24, 2011) at 15, DE #235. Following this report, the parties drafted and the Court approved an electronically stored information ("ESI") protocol, in which it was agreed "that information . . . recoverable only by forensic means [is] not reasonably accessible." See Stipulation and Order re ESI Protocol (June 14, 2011) at 1, DE #47. Pursuant to Rule 26(b)(2) of the Federal Rules of Civil Procedure, there is no obligation to provide "discovery of electronically stored information from sources that the parties identifies as not reasonably accessible . . . ." Fed. R. Civ. P. 26(b)(2)(B).
Plaintiffs now seek to recover data from the currently inoperable Second Disk Drive — almost a year and a half after learning of its existence. Specifically, in the event the Second Disk Drive can be restored, plaintiffs want to personally search that drive for the requested log-in data. See 8/8/12 Let. at 3. Tri-State objects because (1) the Second Disk Drive is outside the scope of the ESI protocol and (2) the request is untimely. See id. at 4.
According to the August 8, 2012 joint status letter, plaintiffs purportedly wanted to send the Second Disk Drive to Drive Savers for restoration, at Tri-State's expense. See 8/8/12 Let. at 3. The fact that plaintiffs considered sending the Second Disk Drive to Drive Savers undermines their dubious claim that the work done by Drive Savers was unreliable.
--------
Plaintiffs plainly were aware of the Second Disk Drive and its inoperative state as early as February 2011. When the parties drafted an ESI protocol four months later, plaintiffs could have carved out an exception for the Second Disk Drive, but chose not to do so. In addition, as explained above, plaintiffs' need for the data is lessened by their reliance on the three-day extrapolation of log-in data currently available to them. The strength of that reliance is confirmed by the fact that they did not see fit to make the Log-In Request until near the close of discovery, and did not request to search the Second Disk Drive until after discovery ended. Given plaintiffs' reliance on the extrapolated log-in data and their failure to create an exception for the Second Disk Drive in the parties' ESI protocol, the Court would be amply justified in denying their request to compel discovery of the Second Disk Drive. Nevertheless, as an exercise of its discretion, the Court adopts Tri-State's fallback position, see 8/8/12 Let. at 4, and will allow plaintiffs to pay for a neutral third-party consultant to restore the Second Disk Drive and perform a limited review for the previously identified log-in files.
III. Tri-State Affidavits
A. Tri-State Equipment in Use During the Unlawful Circumventions
Plaintiffs request that Tri-State provide a detailed affidavit "that lists the servers and media in use at any time during the period from and including July 2010, to and including March 2011." See 8/8/12 Let. at 6. Tri-State objects to their request. See id. at 4.
Essentially, plaintiffs seek information that they should have elicited in an interrogatory response or at a deposition. But discovery ended June 8, 2012, and plaintiffs have not established good cause for reopening discovery to allow plaintiffs to fill the gaps in the information they obtained during the period for discovery. See generally Fed. R. Civ. P. 16(b)(4). Moreover, the requested affidavit appears to be overbroad, as it would apparently require identification of servers and media that were not capable of running plaintiffs' software. See 8/8/12 Let. at 4. Therefore, the Court denies plaintiffs' requested relief.
B. Tri-State's Search Efforts
Finally, plaintiffs seek an additional affidavit from Tri-State that would set forth "the specific steps taken by Tri-State to locate log-in information, and to preserve such data." Pl. 8/15/12 Let. at 4. As an initial matter, disclosure of the steps taken to preserve the log-in data is outside the scope of the Log-In Request. As for steps taken to locate the log-in information, Tri-State initially claimed it knew of no documents responsive to the Log-In Request. See 8/8/12 Let. at 5. Plaintiffs then identified relevant file locations. Tri-State had its vendor, Driven, search for the data based on plaintiffs' criteria, but Driven was unable to locate responsive documents. See id. The Declaration of Robert Hook confirms Tri-State's assertion. See Hook Decl. Still not satisfied, plaintiffs now seek a play-by-play of Tri-State's efforts. Plaintiffs' speculation that the data must exist elsewhere does not warrant the creation of the affidavit requested.
In Rusk v. New York State Thruway Authority, the plaintiff, who was not satisfied when the defendant claimed that it had only 22 pages of responsive emails, requested an affidavit addressing, among other things, who conducted the search, what search terms were employed, and the databases searched. See Rusk, No. 10-CV-544A (Sr), 2011 WL 6936344, at *1 (W.D.N.Y. Dec. 29, 2011). The court denied the plaintiff's motion, finding that the plaintiff's speculation that additional emails existed was insufficient to overcome a declaration that the defendant searched for responsive documents and that all responsive documents had been produced. See id. at *2.
So too here, plaintiffs, like the plaintiff in Rusk, base their request for an affidavit on speculation that additional log-in data may exist. That meager showing is not sufficient to overcome the Hook Declaration and Tri-State's counsel's representations that they were unable to locate any documents responsive to the Log-In Request. However, because there was some initial confusion over whether plaintiffs were seeking log-in information related to Genesys, versus log-in information related to UniBasic/Unix, see n. 5 supra p. 2, Tri-State is directed to submit a declaration by September 5, 2012, confirming that Tri-State is not aware of any documents in its possession, custody or control reflecting either Genesys or UniBasic/Unix log-ins. The Court denies plaintiffs' request in all other respects.
CONCLUSION
For the reasons stated above, the Court denies plaintiffs' request to personally access and examine the Tri-State Hard Drive, Driven Copy and Second Image Drive. Plaintiffs may, at their expense, retain a neutral third-party expert to conduct a limited review of the Hard Drive and Driven Copy for the three folders/files previously identified by plaintiffs, and to restore and conduct a similarly limited review of the Second Disk Drive. In addition, the Court denies plaintiffs' request that Tri-State provide an affidavit listing all servers and media in use while the alleged unlawful circumvention was taking place. The Court does grant, in very limited part, plaintiffs' request for an affidavit concerning Tri-State's search efforts: Tri-State shall provide a declaration by September 5, 2012, clarifying whether it is aware of any documents in its possession, custody or control reflecting the number of Genesys or UniBasic/Unix log-ins. Finally, Tri-State is directed to file a supplemental Hook Declaration by September 5, 2012, addressing what, if any, efforts Driven made to search for responsive files located in the "etc/password files" referenced in the 6/19/12 Koral Email.
Any objections to the rulings contained in this Memorandum and Order must be filed with the Honorable Carol B. Amon on or before September 13, 2012. Failure to file objections in a timely manner may waive a right to appeal the District Court order.
SO ORDERED. Dated: Brooklyn, New York
August 27, 2012
______________________
ROANNE L. MANN
UNITED STATES MAGISTRATE JUDGE