Few tasks excite a defendant less... Engineers and management howl at the notion of providing strangers, and especially a fierce competitor, access to the crown jewels. Counsel struggle to understand even exactly what code exists and exactly how it can be made available for reasonable inspection. All sorts of questions are immediately posed... Put simply, source code production is disruptive, expensive, and fraught with monumental opportunities to screw up."
Apple Inc. v. Samsung Elecs. Co., No. 11-1846, 2012 U.S. Dist. LEXIS 62971, *10-11 (N.D. Cal. May 4, 2012) (ECF No. 898).
The last five years have seen an enormous change in the U.S. judicial climate as it relates to intellectual property and patent litigation in particular. A direct consequence of the America Invents Act was an increased burden of proof for plaintiffs before or shortly after filing a lawsuit. The trend somewhat continued with Alice and other similar decisions – the going has gone tougher for patent holders, especially software patent holders. Today, an overwhelming portion of cases terminate at the PTAB, and even if they survive the IPR, plaintiffs are on notice to really drill down their contentions of infringement deep into physical implementation. In such situations, while the number of software cases has decreased, the importance of a detailed source code review has increased in the software, telecom and other software-relevant cases that do survive the IPR.
Hosting and conducting a source code review can be expensive on more than one dimensions: time, cost and security. For a number of modern corporations such as Google, Uber and Facebook their real business value lies in their source code. Any theft that lands the crucial algorithms in the hands of competition can become an existential threat. Similarly, with an increasing amount of our identity (and finances) now online, a theft of source code also represents a general security risk that can in turn lead to theft of personal information of consumers. Outside counsel must therefore assure an even greater sensitivity and responsibility when source code needs to be produced or reviewed in a case. Additionally, clients reasonably want to cut litigation costs, presenting a yet another constraint that attorneys need to balance during the process.
Beyond the security risk, source code presents unique intricacies that necessitate extra diligence:
A single software can undergo dozen of iterations (versions) before and after it is released as a product.
Specialized tools are required for reading and reviewing the code
It requires special security procedures for review and transport
Code is often a combination of open source, proprietary and third party modules
It is highly interconnected and one file (or even functions within a file) cannot be analyzed independently of others.
These differences necessitate a number of additional considerations that attorneys must take when hosting or reviewing code. Both parties must, at a minimum, converge on the following provisions, either in the protective order or through a separate meet and confer, ahead of the code production.
1. REPRESENTATIVE VERSIONS
As code journeys in time from inception to a full product (and versions thereof), it grows in size, complexity, components and number of authors. For most software, and especially enterprise software, these changes can result in terabytes of code – which is labor-intensive to review as well as to collect and host. It is not uncommon for software to contain dozens if not hundreds of versions – especially if any portions of the software are open source.
It is usually advantageous for both the plaintiff and the defendant to concur on specific products and versions of the code that will be produced for review. If the specific functionality has undergone extensive modifications over the product lifetime, the first version, the most recent released version and/or the version corresponding to the most popular accused product can be designated as representative versions for production.
For the plaintiff, narrowing down the size and scope of production translates directly to reduction in necessary effort and cost of review by experts and attorneys. It can even help simplify damages valuation.
For the defendant, having to produce fewer versions means a reduction in code collection costs – but more importantly a reduction in exposure of critical code assets to strangers.
2. CODE REVIEW TOOLS
Several tools exist that can help experts and attorneys review source code easily and quickly. Using industry standard tools can not only reduce the cost of review but also help experts generate flowcharts and diagrams that can be used as exhibits. The following is a list of most popular tools used by source code experts in the industry:
Scitools Understood
An easy-to-use review platform for C/C+, Objective C, Objective C++, C#, FORTRAN, Java, JOVIAL, Delphi/Pascal, PL/M, VHDL, Cobol, PHP, JavaScript and Python. Also, provides advanced diagramming and graphing capabilities.
Eclipse SDK
Used most often as a development platform for Java applications, but also useful for reviewing production in other languages like Ada, ABAP, C, C++, COBOL, Fortran, Haskell, JavaScript, Julia, Lasso, Lua, NATURAL, Perl, PHP, Prolog, Python, R, Ruby, Rust, Scala, Clojure, Groovy, Scheme and Erlang.
Microsoft Visual Studio
Used as a development platforms for .NET applications and Windows software applications. Supports C, C++, VB.NET, C# and F#.
Xcode
Used as a development platform for iOS and MacOS software. Supports C, C++, Objective-C, Objective-C++, Java, AppleScript, Python and Ruby.
Netbeans
While used primarily for Java code development, useful for reviewing code written in web-scripting languages such as PHP and HTML5 as well.
BeyondCompare
Useful for showing side-by-side comparisons of file content. Is language-independent and used most often for copyright and tradesecret cases.
CodeSuite
Useful for tradesecret and copyright cases where portions of source code may have been copied/modified by the alleged infringer. Offers advanced code abstraction and comparison analyses.
WinGrep / PowerGREP
Useful for quickly searching file content for specific keywords.
Notepad++
Useful for reading text files, unknown file types and formatted code files. Also useful for printing code files with line numbers for easy reference.
In addition to the specialized source code tools above, counsel should also deliberate if generic software such as a word processing software (such as MS Office or OpenOffice), PDF reader/creator (Adobe Acrobat Reader, Print2PDF, etc.) or an archiving utility (WinRAR, 7-zip) should be requested – depending on production specifics. Code review experts can ascertain if any such tools are necessary based on a quick reconnaissance of the production at the beginning of the review.