Byker et al v. Smith
Filing
116
MEMORANDUM OPINION and ORDER re: 109 plaintiffs' Motion to compel; the parties are ordered to submit a joint proposed protective order by June 14, 2019. If the parties cannot agree on terms, they may each file a proposed order for the courts consideration. Signed by Magistrate Judge John E Ott on 6/7/2019. (KAM)
FILED
2019 Jun-07 PM 12:20
U.S. DISTRICT COURT
N.D. OF ALABAMA
IN THE UNITED STATES DISTRICT COURT
FOR THE NORTHERN DISTRICT OF ALABAMA
SOUTHERN DIVISION
DAVID G. BYKER and
GLOBAL ASSET MANAGEMENT
HOLDINGS, LLC,
Plaintiffs,
v.
NANNETTE SMITH,
Defendant.
)
)
)
)
)
)
)
)
)
)
)
Case No.: 2:16-cv-02034-JEO
MEMORANDUM OPINION AND ORDER
In this diversity action, Plaintiffs David Byker (“Byker”) and Global Asset
Management Holdings, LLC (“GAM”) (collectively “Plaintiffs”) bring claims
against Defendant Nannette Smith (“Smith”) based on allegations that she
breached an agreement that settled an underlying lawsuit in the Circuit Court of
Jefferson County, Alabama (the “State-Court Action”). (Doc.1 1). The cause now
comes to be heard on Plaintiffs’ motion to compel and allow the service of
subpoenas on two non-parties. (Doc. 109). Smith opposes the motion in part.
1
Citations to “Doc. ___” are to the document number of the pleadings, motions, and other
materials in the court file, as compiled and designated on the docket sheet by the clerk of the
court. Unless otherwise noted, pinpoint citations are to the page of the electronically-filed
document in the court’s CM/ECF filing system, which may not correspond to pagination on the
original “hard copy” of the document presented for filing.
(Doc. 111). Upon consideration, the court2 concludes that Plaintiffs’ motion is due
to be granted.
I.
This case arises out of a dispute regarding computer source code and
software developed by Smith called “B2K,” which is designed to run payment
systems in gas stations and convenience stores (the “B2K Software”). In the StateCourt Action, Smith represented that her independent software auditor, Yusuf
Musaji, had examined the B2K software and had opined that it met the certification
requirements of version 3.2 of the Data Security Standard promulgated by the
Payment Card Industry Security Standards Council (“PCI”). 3 (See Doc. 50-2). On
November 15, 2016, the parties reached a settlement in the State-Court Action, and
their agreement so doing was read into the court record. (Doc. 1-1). Under the
terms of the settlement, Byker and GAM agreed to pay Smith $500,000, in
installments over time. (Id. at 4-5). In turn, Smith would provide Byker and GAM
with a “functional and operational” version of the “same” B2K Software that
Musaji ostensibly reviewed previously. (Id. at 5-6). In furtherance of that
2
The parties have consented to an exercise of plenary jurisdiction by a magistrate judge pursuant
to 28 U.S.C. § 636(c) and Fed. R. Civ. P. 73. (Doc. 27).
3
According to its website, the “Payment Card Industry Security Standards Council leads a
global, cross-industry effort to increase payment security by providing industry-driven, flexible
and effective data security standards and programs to help businesses detect, mitigate and
prevent cyberattacks and breaches.” https://www.pcisecuritystandards.org/pdfs/PCI SSC
Partnering for_Global_Payment_Security.pdf.
2
condition, Smith agreed to send a disc with the B2K Software to Musaji, who was
to “certify” that it was the “same” software he had previously examined and that it
was “functional and operational.” (Id.) Musaji also was to advise “of whatever
programs or other information is needed to open and access the disc in a way that
doesn’t damage or corrupt it.” (Id. at 6). Musaji was to complete that work within
30 days after the settlement, i.e., by December 15, 2016. (Id.) By that same date,
Byker and GAM were due to make their first installment payment under the
settlement to Smith, in the amount of $100,000. (Id. at 5).
On December 14, 2016, Musaji spoke with the respective attorneys
representing Smith, Byker, and GAM. (See Doc. 1-2 at 2, Doc. 1-3 at 2). That
same evening, Musaji sent an email in which he summarily confirmed that a zipfile
he had received from Smith contained “the exact same software and source code”
he had previously reviewed and found to comply with the PCI 3.2 standard and
that it was “functional and operational.” (Doc. 1-2 at 2). Musaji also there
recognized that he had been asked to identify “what programs (including
applicable version) and other information is required to open and access the
software and source code without damaging or corrupting the same.” (Id.) In
response, Musaji stated, “There is no corruption of the source code if only viewing
(read-only access). Any text editor software will be suitable for this purpose.”
(Id.)
3
At that point, however, the settlement agreement broke down. On December
15, 2016, counsel for Plaintiffs Byker and GAM sent a check for $100,000 to
Smith’s counsel comprising the first installment payment owed to Smith under the
agreement. (See Docs. 1-3 and 1-4). However, Plaintiffs’ counsel requested that
disbursement of those funds to Smith be withheld due to asserted deficiencies in
Musaji’s review and certification of the software. (Doc. 1-3). In particular,
Plaintiffs’ counsel complained that they had recently learned that Smith had not
provided the software to Musaji until December 12, 2016, only three days before
the parties’ agreed-upon deadline for him to complete his review and certification.
(Id. at 2). Plaintiffs’ counsel further asserted that, during Musaji’s conversation
with them the day before, Musaji had reported that he had not actually begun
reviewing the software and that he would not be able to do so until Friday,
December 16th, or thereafter. (Id.) As such, it did not appear to Plaintiffs’ counsel
that Musaji had actually “performed the in-depth comparison required and
contemplated under [the] settlement agreement,” notwithstanding his email of
December 14th stating that the software was the “same” as he had previously
reviewed and was “functional and operational.” (Id.) Indeed, on that front,
Plaintiffs’ counsel read Musaji’s email responses as indicating that he had been
provided with a “read-only” version of the software. (Id.) That, Plaintiffs’ counsel
suggested, was inconsistent with Musaji’s answers affirming he had received the
4
“same” software as previously and that it was “functional and operational.” (Id.)
In reply, Smith’s counsel insisted that Smith had complied with her obligations
under the settlement agreement and that Musaji had certified, both timely and to
the extent required, that he had received the same software and that it was
functional and operational. (Doc. 1-4). Smith’s counsel also refused to keep the
installment funds from Smith based on the objections raised by Plaintiffs’ counsel.
(Id.)
On December 19, 2016, Plaintiffs 4 filed this action against Smith. (Doc. 1).
Seeking both injunctive relief and damages, Plaintiffs raise claims under four
Alabama state-law theories: (1) breach of contract, (2) promissory estoppel, (3)
fraudulent misrepresentation, and (4) fraudulent suppression. (Id.) The crux of all
of those claims is that Smith has allegedly breached the settlement agreement with
regard to her promised production of the B2K software. (See id.)
The parties’ instant dispute concerns the scope of discovery. Specifically,
Plaintiffs have moved to compel and allow the service of subpoenas upon two nonparties: Coalfire Systems, Inc. (“Coalfire”) and Bearden Oil Company (“Bearden
Oil”). (Doc. 109). Coalfire is a company that, like Musaji, audits and validates
payment processing system software and has performed such services for Smith
4
Technically, this action was filed by Byker, GAM, and a third party, Robert A. Przybysz.
(Doc. 1). However, the court has granted a motion by Przybysz, unopposed by Smith, to be
dismissed from the action. (Docs. 72, 80).
5
and/or certain business entities she owns. Bearden Oil, by contrast, owns or
operates a fuel sales site that allegedly uses the B2K Software. The subpoena to
Coalfire seeks, among other things, software validation reports and implementation
guides related to Defendant Nannette Smith, her son Josh Smith (“Josh”), and
certain other entities controlled by or otherwise related to Nannette Smith,
identified as: (a) B2K Systems, Inc.; (b) B2K Systems, LLC; (c) Smith and
Company; (d) Fueling Clover, LLC (“Fueling Clover”); and (e) Gas POS, LLC
(“Gas POS”). (Doc. 109-1 at 3-7). The subpoena to Bearden Oil similarly seeks
copies of contracts and other documentation related to those same individuals and
entities. (Id. at 8-12). Plaintiffs contend that the sought documents are relevant, at
least for purposes of discovery. That is so, Plaintiffs say, primarily because, as
further explained below, Smith’s correspondence with Musaji in October 2016
indicated that Smith was going to have Musaji’s firm review and audit the same
software that had previously passed audits by Coalfire under the name of Fueling
Clover, which had recently changed its name to Gas POS.
At this point, Smith has no objection to the subpoenas to the extent they seek
documents related to B2K Systems, Inc.; B2K Systems, LLC; or Smith and
Company. (Doc. 111 ¶ 3). She also does not object to the subpoenas with regard
to documentation related to her personally, “so long as the discovery is limited to
the B2K software.” (Id.) However, Smith continues to object to the subpoenas
6
insofar as they ask for documents beyond that scope, including as they relate to
Fueling Clover, Gas POS, or Josh. (Id.) In short, Smith insists that the B2K
Software is materially different and distinct from any software developed by and
audited for Fueling Clover/Gas POS. As such, Smith argues that the documents
sought by the subpoenas are entirely irrelevant, even for purposes of discovery.
II.
Parties litigating in federal court may obtain documents from a non-party
through a subpoena issued pursuant to Rule 45, Fed. R. Civ. P. It is well-settled
that the scope of discovery under a subpoena is the same as the scope of discovery
under Rule 26(b), Fed. R. Civ. P., and Rule 34, Fed. R. Civ. P. See Hatcher v.
Precoat Metals, 271 F.R.D. 674, 675 (N.D. Ala. 2010). As such, a court must
examine whether a request contained in a subpoena is overly broad or seeks
irrelevant information under the same standards set forth in Rule 26(b) and as
applied to Rule 34 requests for production. Kwalwasser v. New York Life Ins. Co.,
2007 WL 9723881, at *1 (M.D. Fla. June 14, 2007);
Rule 26(b)(1) sets out the general scope of discoverable information as
follows:
Unless otherwise limited by court order, the scope of discovery is as
follows: Parties may obtain discovery regarding any nonprivileged
matter that is relevant to any party’s claim or defense and proportional
to the needs of the case, considering the importance of the issues at
stake in the action, the amount in controversy, the parties’ relative
access to relevant information, the parties’ resources, the importance
7
of the discovery in resolving the issues, and whether the burden or
expense of the proposed discovery outweighs its likely benefit.
Information within this scope of discovery need not be admissible in
evidence to be discoverable.
Rule 26(b)(1), Fed. R. Civ. P.
Plaintiffs’ interest in obtaining documents from Coalfire appears to have
been piqued by the communications between Smith and Musaji in October 2016,
shortly before the State-Court Action went to trial and then settled in midNovember 2016. First, in an email dated October 10, 2016, Smith indicated to
Musaji that she was looking to hire him to audit the B2K software to assess its
compliance with PCI’s Payment Application Data Security Standard (“PA-DSS”).
(Doc. 109-2). In so doing, Smith stated, “We have already passed two previous
times.” (Id.) The next day, Smith sent another email to Musaji further explaining:
“We are pay at the pump for gas stations. We have Fuel for Clover, LLC and the
software is already audited for that company. The one we need is for Smith and
Co., LLC and it is Beyond 2000 (B2K) software. There are about 14 clients still
using the B2K software.” (Doc. 109-3). In response, Musaji emailed an
engagement letter to Smith on October 25, 2016, acknowledging that the audit
work would be done for “Fueling Clover, LLC.” (Doc. 109-4; Doc. 109-5 at 3).
The following day, Smith replied with an email to Musaji, indicating that the
engagement letter appeared to be in order except that her company’s “legal name”
had changed to “Gas POS, Inc.” (Doc. 109-5 at 3).
8
In order to facilitate Musaji’s audit and review of the software, Smith had an
employee or associate send two documents to Musaji. One a 28-page document
entitled, “PA-DSS 3.2 Implementation Guide for B2K Systems.” (Doc. 109-6
(“Implementation Guide”). That Implementation Guide is copyrighted by Smith
and Company, LLC, and contains numerous references to that firm, with a
copyright date of 2015/20165. (Id.) The second document provided to Musaji for
purposes of his audit is a 32-page “Smith Software, LLC” Software Development
Life Cycle (“SDLC”). (Doc. 109-7). The SDLC identifies Josh Smith as both the
Product Manager and Integration Manager for the software. (Id. at 8).
Smith emphasizes that the focus of this litigation is simply whether the
software she delivered to Musaji in December 2016 pursuant to the settlement
agreement was (1) “the same” as what she gave him to audit in October/November
2016 before the settlement and (2) “functional and operational.” Smith claims that
what she gave Musaji on both occasions was the B2K Software. She admits,
however, that her company Fueling Clover also developed software that processes
payments at gas stations and the like and that, as of her discussions with Musaji
prior to the settlement, Fueling Clover had changed its name to Gas POS.
However, she insists that the software developed by Fueling Clover/Gas POS (the
“Gas POS Software”) is entirely distinct from the B2K Software. In support,
5
Strangely, the copyright date of the Implementation Guide alternates on each page between
2015 and 2016.
9
Smith states that the last version of the B2K Software was released in 2011 or 2012
and was last audited and certified by Coalfire in late 2011. By contrast, Smith
maintains that the Gas POS Software did not even exist in 2012 and that it differs
from the B2K Software in a host of respects, including that only the Gas POS
Software is cloud based and that they use different “target banks” and
communication systems.
The court is willing to assume for the time being that the B2K Software may
be entirely distinct from the Gas POS software, as Smith maintains. It may also be
that Smith gave Musaji the B2K Software, and not the Gas POS Software, both in
October/November 2016 and in December 2016, again, as both Smith and Musaji
appear to claim. However, for purposes of discovery, Plaintiffs are not required to
take Smith’s or Musaji’s word on those matters. Moreover, the problem for Smith
is largely that, in Smith’s communications with Musaji in October 2016, she
clearly appears to have conflated the programs. In particular, Smith told Musaji
that what she was going to submit to him for audit was the same software that had
already passed audits for her company Fueling Clover (Doc. 109-3), which had
since changed its name to Gas POS. (Doc. 109-5 at 3). It also appears that Josh
had some involvement in the development of that submitted software. As such, the
court agrees with Plaintiffs that Smith’s having done so raises an inference that the
disc and the supporting documentation that Smith provided to Musaji in
10
October/November 2016 might have been for the Gas POS software or at least
software materially related to it, developmentally or otherwise, any assertions to
the contrary by Smith and Musaji notwithstanding. That makes information on
Fueling Clover, Gas POS, Josh and that associated software relevant, at least for
purposes of discovery. Accordingly, the court will be granting Plaintiffs’ motion
seeking to allow issuance of the subpoenas to Coalfire and Bearden Oil.
III.
The court recognizes that the documents sought by Plaintiffs’ subpoenas
may contain highly confidential, proprietary information related to software and
source code. Indeed, according to Smith, information sought relates to a product a
generation beyond the B2K Software owned by B2K Systems, LLC, involved in
the Alabama state-court litigation. Plaintiffs have offered to abide by a protective
order to safeguard Smith’s interests in confidentiality, and the court agrees that
entry of such an order is certainly necessary and proper here. Smith responds that
she cannot trust the efficacy of any protective order that the court might enter.
While not discounting Smith’s concerns, it suffices to say that this court has the
will and the means to punish and otherwise remedy any violation of a duly entered
protective order. As such, the parties are ordered to submit a joint proposed
protective order by June 14, 2019. If the parties cannot agree on terms, they
may each file a proposed order for the court’s consideration.
11
SO ORDERED, this 7th day of June, 2019.
_________________________________
JOHN E. OTT
Chief United States Magistrate Judge
12
Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.
Why Is My Information Online?