Oracle Corporation et al v. SAP AG et al
Filing
860
Declaration of Chad Russell in Support of 859 Memorandum in Opposition, to Defendants' Motion to Partially Exclude Testimony of Kevin Mandia and Daniel Levy filed byOracle International Corporation, Oracle USA Inc., Siebel Systems, Inc.. (Attachments: # 1 Exhibit A, # 2 Exhibit B, # 3 Exhibit C, # 4 Exhibit D, # 5 Exhibit E, # 6 Exhibit F, # 7 Exhibit G, # 8 Exhibit H, # 9 Exhibit I, # 10 Exhibit J, # 11 Exhibit K, # 12 Exhibit L, # 13 Exhibit M, # 14 Exhibit N, # 15 Exhibit O, # 16 Exhibit P, # 17 Exhibit Q, # 18 Exhibit R, # 19 Exhibit S, # 20 Exhibit T, # 21 Exhibit U, # 22 Exhibit V)(Related document(s) 859 ) (Russell, Chad) (Filed on 9/9/2010)
<![CDATA[
Oracle Corporation et al v. SAP AG et al
Doc. 860 Att. 2
EXHIBIT B
Dockets.Justia.com
Page 1
UNITED STATES DISTRICT COURT NORTHERN DISTRICT OF CALIFORNIA SAN FRANCISCO DIVISION ORACLE CORPORATION, a Delaware corporation, ORACLE USA, INC., a Colorado corporation, and ORACLE INTERNATIONAL CORPORATION, a California corporation, ) ) ) ) ) ) ) ) Plaintiffs, ) ) vs. ) No. 07-CV-1658 (PJH) ) SAP AG, a German ) corporation, SAP AMERICA, ) INC., a Delaware ) corporation, TOMORROWNOW, ) INC., a Texas corporation, ) and DOES 1-50, inclusive, ) ) Defendants. ) ________________________________)
VIDEOTAPED DEPOSITION OF KEVIN MANDIA _________________________________ VOLUME 1; PAGES 1 - 290 THURSDAY, MAY 20, 2010
HIGHLY
CONFIDENTIAL - ATTORNEYS' EYES ONLY
REPORTED BY:
HOLLY THUMAN, CSR No. 6834, RMR, CRR (1-427382)
KEVIN MANDIA May 20, 2010 HIGHLY CONFIDENTIAL - ATTORNEYS' EYES ONLY
Page 8
09:12:04 09:12:07 09:12:13 09:12:13 09:12:16 09:12:17 09:12:17 09:12:17 09:12:17 09:12:17 09:12:17 09:12:17 09:12:27 09:12:28 16:29:58 09:12:28 09:12:29 09:12:30 09:12:32 09:12:34 09:12:35 09:12:39 09:12:41 09:12:43 09:12:45
09:14:30 09:14:33 09:14:39 09:14:41 09:14:42 09:14:50 09:14:55 09:15:02 09:15:08 09:15:16 09:15:18 09:15:21 09:15:22 09:15:24 09:15:28 09:15:35 09:15:48 09:15:52 09:15:55 09:15:57 09:16:00 09:16:03 09:16:05 09:16:09 09:16:15
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
Q. How many times? A. I've testified four different times at trial. Q. And can you identify now that you're looking on your CV which of those cases those are? A. In Appendix B, under Criminal Case Experience, I testified twice for United States versus Bret McDanel. I testified on two occasions in United States verse Chad Grant. Q. So two separate cases in which you testified two times each? A. That is correct. Q. Okay. And what was the McDanel case about? What was the nature of your testimony in that case? A. The case was a US 1030 type violation or allegation. Q. Can you, for the court and jury, explain that in lay terms, where they can understand that, please? The court certainly would understand it; the jury may not. A. Sure. I'm trying to remember the exact test I did. But in general, what the case was about is, the allegation was Bret McDanel caused harm to a computer by sending a lot of different
Page 7
09:12:48 09:12:51 09:12:53 09:12:56 09:12:59 09:12:59 09:13:02 09:13:08 09:13:14 09:13:19 09:13:20 09:13:23 09:13:26 09:13:28 09:13:30 09:13:33 09:13:36 09:14:00 09:14:04 09:14:10 09:14:15 09:14:21 09:14:24 09:14:28 09:14:29 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
Page 9
09:16:18 09:16:22 09:16:26 09:16:28 09:16:35 09:16:40 09:16:42 09:16:46 09:16:50 09:16:53 09:16:54 09:16:56 09:17:03 09:17:05 09:17:06 09:17:09 09:17:13 09:17:18 09:17:23 09:17:28 09:17:31 09:17:35 09:17:39 09:17:48 09:17:50 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
A The first time, in regards to the case type? Q Just -- yeah, just give me a little detail about the nature of when you were deposed the first time A I was deposed the first time in approximately I believe the year was 2006 The nature of the case was to determine whether someone had intentionally wiped files or not Q Okay And do you remember where that proceeding was filed? A I believe the proceeding was filed in Dayton, Ohio Q Okay And is that case one of the cases that's listed on your CV? A I believe so Q Okay Can you look and check, please? A In Appendix B, I'm looking at the civil case experience, and the case number identified in the Dayton Power and Light Incorporated verse Peter H Forster, Muhlenkamp and Stephen Koziar That is the case where I was deposed Q Okay Have you ever testified at trial before? A I have
emails through a certain type of email server using that server as a remailer. So to the best of my recollection, my involvement with United States verse Bret McDanel was to identify how he interacted with a machine and how he accessed it, looked at the log files to determine did he cause damage or not. Q. Okay. And the other criminal case, what's the last name of the defendant in that case? A. Grant. Q. Grant. And in the Grant case, what was that case about? And let me be more specific. What was the nature of your testimony in that case? A. To the best of my recollection, in United States verse Grant, I testified concerning how he accessed computers from the standpoint of how did he get to the information that he took. So it was -- in loose terms, as we describe it in my field, it was a hacking case. Q. Okay. Would you describe the McDanel case as a hacking case as well? A. Yes, I would. Q. And could the deposition testimony you provided in the Dayton case, could that also be
3 (Pages 6 to 9) Merrill Legal Solutions (800) 869-9132
KEVIN MANDIA May 20, 2010 HIGHLY CONFIDENTIAL - ATTORNEYS' EYES ONLY
Page 10
09:17:53 09:17:55 09:17:57 09:18:02 09:18:07 09:18:12 09:18:13 09:18:17 09:18:20 09:18:23 09:18:25 09:18:27 09:18:31 09:18:32 09:18:37 09:18:39 09:18:43 09:18:44 09:18:48 09:18:54 09:18:55 09:18:56 09:19:00 09:19:04 09:19:07 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
Page 12
09:20:33 09:20:42 09:20:45 09:20:47 09:20:49 09:20:52 09:20:53 09:20:55 09:20:58 09:21:00 09:21:01 09:21:05 09:21:07 09:21:10 09:21:17 09:21:18 09:21:20 09:21:22 09:21:23 09:21:36 09:21:40 09:21:43 09:21:45 09:21:48 09:21:53
described as a hacking case as well? A. It was not. Q. Okay. How would you describe that case, in simple terms, like you've described the McDanel and Grant cases as hacking cases? A. I would describe the Dayton cases, the task was to perform computer forensics. I only recall doing it on one system. It may have been on others. And the purpose was to determine if somebody had intentionally deleted materials or not. So it was more in-depth inspection of a couple of machines. Q. Okay. Other than these five instances of testimony that you've just testified to, have you ever testified in any other proceeding for any other purpose? A. I've testified -- I don't know the technical term, but I was in front of a tribunal in November of last year. Q. For what purpose? A. It was a case being tried at -- in a tribunal form, I believe at the -- it was at the World Bank organization. Q. Okay. And were you an expert in that
Page 11
09:19:10 09:19:12 09:19:15 09:19:16 09:19:17 09:19:20 09:19:25 09:19:25 09:19:30 09:19:34 09:19:39 09:19:43 09:19:47 09:19:50 09:19:56 09:19:59 09:20:05 09:20:06 09:20:08 09:20:09 09:20:15 09:20:17 09:20:18 09:20:23 09:20:27 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
Page 13
09:21:55 09:21:57 09:21:59 09:22:03 09:22:04 09:22:06 09:22:08 09:22:10 09:22:11 09:22:13 09:22:15 09:22:17 09:22:20 09:22:23 09:22:28 09:22:35 09:22:38 09:22:45 09:22:47 09:22:50 09:22:52 09:22:55 09:22:57 09:23:00 09:23:01
case? A. I believe I was designated as an expert in that case. Q. But what entity? A. I think that I was considered one, but I don't know what entity would have deemed me that expert. Q. What was the nature of your testimony? A. In that case, we reviewed media to determine if documents were spurious or not to the extent we looked at time/date stamps to see if there was time/date stamp manipulation of files. Q. And what type of media did you review? A. In that case, it was floppy disks. Q. And when you say spurious, to see if they were authentic or not? A. That is correct. Q. Is that experience listed on your CV? A. It is. Q. Okay. And can you point me where it is? A. In Appendix B. Q. Okay. A. Under Civil Case Experience, there's the second case listed, says, Libananco Holdings Company, Limited versus Republic of Turkey.
4 (Pages 10 to 13) Merrill Legal Solutions (800) 869-9132
KEVIN MANDIA May 20, 2010 HIGHLY CONFIDENTIAL - ATTORNEYS' EYES ONLY
Page 130
12:58:15 12:58:17 12:58:20 12:58:21 12:58:23 12:58:24 12:58:24 12:58:27 12:58:28 12:58:29 12:58:43 12:58:47 13:42:45
Page 132
13:46:52 13:46:55 13:46:58 13:47:00 13:47:05 13:47:07 13:47:09 13:47:13 13:47:17 13:47:24 13:47:29 13:47:32 13:47:39 13:47:42 13:47:44 13:47:55 13:47:56 13:47:58 13:48:05 13:48:10 13:48:15 13:48:18 13:48:19 13:48:19 13:48:22 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
13:44:42 13:44:45 13:44:47 13:44:49 13:44:51 13:44:55 13:45:06 13:45:08 13:45:13 13:45:18 13:45:22
deposition here today? A. One of the things I did is, I spoke with my employees. Q. Okay. And who were they? A. I spoke with -- one of the employees I spoke with was Chris Price. Q. Okay. Who else? A. Ernie Liu. Q. Who else? A. Dave Damato, spelled, last name, D-A-M-A-T-O. Q. Okay. Anyone else? A. Ryan Kazanciyan. Q. You've already spelled his last name. So who else? A. Matt Pepe. Q. How do you spell that? A. Spelled P-E-P-E, first name M-A-T-T. Q. Okay. Anyone else? A. In response to your question, it's -- it's hard to tell -- you said in my preparation for today. Q. Correct. A. So I replace "today" with "deposition," and it's hard to tell who I met with solely for
Page 131
13:45:25 13:45:30 13:45:32 13:45:35 13:45:36 13:45:37 13:45:39 13:45:42 13:45:44 13:45:53 13:45:55 13:45:58 13:45:59 13:46:00 13:46:02 13:46:04 13:46:06 13:46:08 13:46:09 13:46:10 13:46:13 13:46:18 13:46:19 13:46:21 13:46:50 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
Page 133
13:48:24 13:48:27 13:48:27 13:48:28 13:48:31 13:48:33 13:48:35 13:48:39 13:48:40 13:48:41 13:48:43 13:48:47 13:48:49 13:48:49 13:48:50 13:48:51 13:48:54 13:48:56 13:48:58 13:49:00 13:49:06 13:49:18 13:49:23 13:49:25 13:49:27 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
First Addressed in Supplemental Report" is an item called 'Merrill Legal Solutions index of the contents of the CD binders " Do you see that? A Yes, I do Q And you see beside that, in your report, you have a date of production listed as November 24, 2009? A Yes I see that Q Were you aware that TomorrowNow offered to make those binders available for inspection very early on in the case? A I am not aware of that Q Were you aware that Oracle's counsel actually inspected some of those binders in November 2008? A As I sit here today, I don't recall being aware of that Q Okay Were you aware that Oracle had additional access through a more thorough inspection on May 28th and 29th of 2009 of those same binders? A As I sit here today, I'm not aware of that Q What did you do to prepare for your
deposition, so I'm being overly inclusive in my answer. Q. Fair enough. A. Okay. There are some other folks, if we include an overly inclusive answer. Q. But you feel comfortable that you met with -- and we'll just use first names for ease. Is that fine with you? A. Yes. Q. You feel comfortable that you met with Chris, Ernie, Dave, Ryan, and Matt, for the purposes of preparing for your deposition. Correct? A. That is correct. Q. Okay. And so what are these other extended list of people that you don't know whether it was expressly for the deposition or it could have been for some of the other things you've been doing the past few weeks? A. Right. Mat Oldham, spelled M-A-T, last name O-L-D-H-A-M. Q. Anyone else? A. I've spoken to other Mandiant employees, but I think those would be the ones that I could tie the conversations to in some manner or regard
34 (Pages 130 to 133) Merrill Legal Solutions (800) 869-9132
KEVIN MANDIA May 20, 2010 HIGHLY CONFIDENTIAL - ATTORNEYS' EYES ONLY
Page 134
13:49:31 13:49:33 13:49:35 13:49:41 13:49:48 13:49:50 13:49:51 13:49:52 13:49:54 13:49:57 13:49:59 13:50:00 13:50:02 13:50:05 13:50:10 13:50:11 13:50:13 13:50:13 13:50:23 13:50:26 13:50:28 13:50:28 13:50:32 13:50:33 13:50:40 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
Page 136
13:52:11 13:52:14 13:52:17 13:52:21 13:52:25 13:52:29 13:52:31 13:52:38 13:52:40 13:52:44 13:52:49 13:52:52 13:52:54 13:52:56 13:52:59 13:53:03 13:53:06 13:53:07 13:53:14 13:53:15 13:53:18 13:53:23 13:53:23 13:53:29 13:53:34
to depo prep Q Okay Do each of these individuals have a particular area of expertise that you rely on, separate and apart from the others? MR LEWIS: Objection Vague MR COWAN: Q Do you understand my question? A I think I do Could you -MR COWAN: Q Yeah I'm asking about the subject matter knowledge of each of these individuals Do you turn to each of these individuals for different things with respect to the subject matter with which you consult them, or on which you consult them? A I use different Mandiant employees for different things Q Okay What do you use Mr Price for? A Mr Price was the -- my right-hand man, basically, in this case Q Okay A Project manager, and other tasks as needed Q What do you use Mr Liu for? A Mr Liu did some of the tasks that I
Page 135
13:50:44 13:50:46 13:50:51 13:50:53 13:50:54 13:50:59 13:51:04 13:51:10 13:51:18 13:51:20 13:51:23 13:51:25 13:51:31 13:51:33 13:51:36 13:51:40 13:51:42 13:51:44 13:51:48 13:51:52 13:51:55 13:51:58 13:52:06 13:52:09 13:52:10
13:53:39 13:53:42 13:53:47 13:53:52 13:53:55 13:53:58 13:54:01 13:54:02 13:54:04 13:54:08 13:54:11 13:54:14 13:54:19 13:54:26 13:54:30 13:54:36 13:54:40 13:54:45 13:54:46 13:54:50 13:55:02 13:55:03 13:55:06 13:55:08 13:55:09
Page 137
35 (Pages 134 to 137) Merrill Legal Solutions (800) 869-9132
KEVIN MANDIA May 20, 2010 HIGHLY CONFIDENTIAL - ATTORNEYS' EYES ONLY
Page 142
14:01:26 14:01:29 14:01:36 14:01:37 14:01:38 14:01:40 14:01:43 14:01:45 14:01:46 14:01:48 14:01:52 14:01:56 14:01:57 14:01:59 14:01:59 14:02:08 14:02:12 14:02:16 14:02:18 14:02:20 14:02:22 14:02:23 14:02:24 14:02:25 14:02:27 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
Page 144
14:04:21 14:04:27 14:04:32 14:04:36 14:04:39 14:04:47 14:05:00 14:05:04 14:05:08 14:05:09 14:05:10 14:05:12 14:05:16 14:05:20 14:05:24 14:05:29 14:05:55 14:05:58 14:06:05 14:06:12 14:06:16 14:06:19 14:06:24 14:06:27 14:06:35 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
of the work in regards to running queries against restored databases. And I'm still keeping my answers in general -Q. Yeah, that's all -A. -- without going back to a table of contents or doing anything on a lower level. If we want more detail answers, I'd be happy to go through and provide those. Q. No, I'm just asking, in general, what do you recall the general types of tasks these individuals did. And I understand you to be answering me to the best of your recollection as you sit here today. Right? A. Yes, sir. Q. Okay. Aside from these six individuals that we just talked about at Mandiant, who else worked directly with you in forming -- in doing work that forms the basis for your conclusions and opinions contained in your report? MR. LEWIS: Objection. Compound, and vague. THE WITNESS: Would you mind rephrasing that question, Counselor? MR. COWAN: Q. Yes. Aside from the six individuals that we've just talked about who are
Marshall Heilman To the best of my knowledge, his last named is H-E-I-L-M-A-N There may be two Ls, there may be two Ns Q Okay A Jason Luttgens First name J-A-S-O-N, last name L-U-T-T-G-E-N-S And I believe this is a list that reflects the folks that contributed that I can recall right now Q Okay A There may be more Q What did Mr Gross do relative to the opinions and conclusions contained in your report? A The work that Mr Gross did was -permeates a couple portions of our report Q Which are? A Mr Gross was involved in doing some of the analysis of, as we refer to it, JDE downloads in regards to our Appendix M, as well as in Section 2 of our report Mr Gross was also involved in some capacity to HRMS fix analysis, and potentially providing some figures He may not have But I believe he was involved in that regard Q Anything else?
Page 143
14:02:29 14:02:33 14:02:36 14:02:39 14:02:44 14:02:47 14:02:50 14:02:58 14:03:06 14:03:21 14:03:22 14:03:25 14:03:28 14:03:31 14:03:34 14:03:37 14:03:39 14:03:41 14:03:43 14:03:47 14:03:50 14:03:53 14:03:54 14:03:59 14:04:05 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
Page 145
14:06:41 14:06:45 14:06:50 14:06:59 14:07:02 14:07:07 14:07:10 14:07:13 14:07:16 14:07:19 14:07:22 14:07:22 14:07:25 14:07:28 14:07:31 14:07:34 14:07:39 14:07:42 14:07:46 14:07:48 14:07:52 14:07:59 14:08:01 14:08:04 14:08:06
Mandiant employees, who else at Mandiant worked directly with you on any tasks that formed the with basis for your conclusions and opinions contained in your report? A. The people that I relied on to assist me in this case, in addition to those six people mentioned already, would include Jon Gross, spelled J-O-N, G-R-O-S-S. Q. Okay. Anyone else? And I'm not talking about secretaries or administrative staff or -- you know, the lower-level technical folks that may have had some secondary support function. I'm talking about people that were involved in doing any review -substantive review and analysis of any materials or assisting you in preparing any portion of your report. A. And I'm doing my best to recall, over the course of 3 years of time, the different people at Mandiant that assisted in some capacity on this case. And I'm speaking in very generalities. Q. Yep. A. And I'm not diving into their entire CV. Another name would be, in some capacity, Bret Padres, B-R-E-T, space, P-A-D R-E-S.
37 (Pages 142 to 145) Merrill Legal Solutions (800) 869-9132
KEVIN MANDIA May 20, 2010 HIGHLY CONFIDENTIAL - ATTORNEYS' EYES ONLY
Page 162
14:30:04 14:30:06 14:30:08 14:30:09 14:30:10 14:30:11 14:30:12 14:30:13 14:30:16 14:30:19 14:30:22 14:30:23 14:30:24 14:30:25 14:30:26 14:30:28 14:30:29 14:30:31 14:30:34 14:30:37 14:30:39 14:30:40 14:30:41 14:30:42 14:30:46
Page 164
14:32:00 14:32:04 14:32:05 14:32:09 14:32:11 14:32:13 14:32:14 14:32:15 14:32:17 14:32:17 14:32:19 14:32:21 14:32:23 14:32:26 14:32:28 14:32:30 14:32:31 14:32:34 14:32:39 14:32:41 14:32:44 14:32:47 14:32:51 14:32:53 14:32:55 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
A. It is from Lafayette College, Pennsylvania. Q. Oh, Pennsylvania, I'm sorry. What do you consider your areas -A. I didn't answer that question, sorry. Q. Okay, I just -A. I just was correcting. Q. I'll rephrase it correctly, then. A. Okay. Q. You also have a Bachelor of Science in computer science from Lafayette College in Pennsylvania. Correct? A. Yes, I do. You said Bachelor of Science? Q. I did. A. Yes, I do have a Bachelor of Science in computer science. Q. What do you consider your areas of expertise to be, sir? A. Broadly, my area of expertise are in computer forensics, and responding to computer security breaches is kind of a niche expertise that we've developed over the years. When I say "we," I probably should have said "me," since you asked about me. Q. Yeah, right now all I want to know is
Page 163
14:30:48 14:30:49 14:30:53 14:30:55 14:30:57 14:30:58 14:31:01 14:31:04 14:31:09 14:31:13 14:31:14 14:31:16 14:31:16 14:31:17 14:31:18 14:31:20 14:31:38 14:31:40 14:31:46 14:31:48 14:31:52 14:31:54 14:31:55 14:31:57 14:31:59 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
Page 165
14:32:57 14:32:57 14:32:58 14:33:01 14:33:03 14:33:04 14:33:06 14:33:07 14:33:08 14:33:10 14:33:15 14:33:17 14:33:22 14:33:23 14:33:27 14:33:30 14:33:32 14:33:36 14:33:38 14:33:41 14:33:43 14:33:47 14:33:51 14:33:52 14:33:54 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
MR. COWAN: Q. My question is, are you going to rely in any way on it in forming any opinions or conclusions for Mr. Gray's report? MR. LEWIS: Same objections. THE WITNESS: Everything on here is nothing more than my interpretations as I read through Gray's report making notes. I'm relying on the contents of Gray's reports, and my opinions on them at that time. MR. COWAN: Q. So is that a no, you're not going to rely on it? MR. LEWIS: Objection. Vague and ambiguous and compound. THE WITNESS: To the extent that I'm relying on them to organize my thoughts for this deposition, that's primarily their use. MR. COWAN: Q. All right. We might come back to that later. My understanding is that you've got a Master of Science in -- forensic science from George Washington University. Is that correct? A. Yes, it is. Q. You also have a Bachelor of Science in computer science from Lafayette College in Louisiana. Correct?
about you. A. Okay. Q. And you responded broadly, your area of expertise is in computer forensics -A. Correct. Q. -- and responding to computer security breaches. Correct? A. That is correct. Q. Do you consider -- do you hold yourself out as an expert in any other area? A. There might be niches under those two categories that may arise that I might hold myself out as an expert to be. Q. What would those niches be? A. Very focused things, such as if somebody asked was I an expert to determine if files had been deleted from a hard drive, yes, I do think I'm an expert in those regards, and I would hold myself out as an expert in those regards. If somebody asks, are you an expert in reviewing log files, for the most part, absolutely, I am an expert in reviewing log files for many different types of applications. If somebody asked can you review a database -- and a lot of these aren't listed -- but
42 (Pages 162 to 165) Merrill Legal Solutions (800) 869-9132
KEVIN MANDIA May 20, 2010 HIGHLY CONFIDENTIAL - ATTORNEYS' EYES ONLY
Page 166
14:33:57 14:34:01 14:34:04 14:34:09 14:34:10 14:34:13 14:34:24 14:34:27 14:34:30 14:34:32 14:34:33 14:34:35 14:34:39 14:34:43 14:34:47 14:34:49 14:34:51 14:34:55 14:34:57 14:35:01 14:35:05 14:35:09 14:35:14 14:35:17 14:35:21 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
Page 168
14:36:43 14:36:44 14:36:46 14:36:47 14:36:50 14:36:51 14:36:54 14:36:55 14:36:57 14:36:59 14:37:01 14:37:03 14:37:05 14:37:08 14:37:17 14:37:20 14:37:22 14:37:25 14:37:25 14:37:27 14:37:28 14:37:28 14:37:30 14:37:33 14:37:35 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
if I was to review a database for tampering, I might, depending on the circumstances, hold myself out as an expert to assist in those regards. Q. Anything else? A. Yes. Q. And you're referring to what right now? A. I'm referring to Appendix -- I guess it's Attachment B, just some of the things that I've been hired on in the past. Q. That's your -A. Where I held myself out to be an expert on, in small categories that I would consider grouped into, for the most part, computer forensics. Q. And it's Attachment B to your report? A. That is correct. Q. All right. A. I would hold myself out as an expert to review a single computer to determine if files were ever printed from it, if a hard drive was wiped, if the computer ever accessed certain websites or email accounts, if there was intentional deletion, and other things such as the review of external media, whether it's been attached or not, whether a system had been compromised or not.
I've expressed already Q Okay You're not a lawyer Right? A I am not a lawyer Q You do not have any specialized legal training in copyright law, do you? A I do not have specialized training in copyright law Q You do not hold yourself out to be a copyright expert, do you? A I do not hold myself out to be a copyright expert Q Before this matter, have you ever undertaken any source code comparison to determine if an alleged copyright violation took place? A Pausing, because I felt like there was two questions there Q Well, it's intended to be combined A Okay Q You've already testified you've done source code comparison A Right Q My question is, have you ever done source code comparison to determine if an alleged copyright violation took place? A Not to the best of my knowledge
Page 167
14:35:25 14:35:27 14:35:30 14:35:32 14:35:35 14:35:41 14:35:43 14:35:47 14:35:49 14:35:52 14:35:56 14:36:00 14:36:03 14:36:06 14:36:09 14:36:12 14:36:15 14:36:19 14:36:23 14:36:25 14:36:31 14:36:33 14:36:35 14:36:37 14:36:40 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
Page 169
14:37:40 14:37:41 14:37:44 14:37:47 14:37:50 14:37:53 14:37:55 14:37:57 14:38:01 14:38:03 14:38:07 14:38:10 14:38:14 14:38:16 14:38:19 14:38:21 14:38:24 14:38:30 14:38:33 14:38:36 14:38:40 14:38:41 14:38:44 14:38:46 14:38:47 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
I consider all of these largely grouped under a broader category of computer forensics. Q. Okay. Anything else other than what you've testified to that you consider yourself to be an expert in? A. I think in general, it's computer forensics, and in responding to computers' security breaches. And I think that the term "expert" has a legal connotation to it, so I'm using that term not legally in your question. I'm interpreting it as, I consider myself good at these, and I would hold myself out as being hired at these and being good at them, meaning better than the average layperson. I would add to that, I -- in general, high-technology investigations that involve the review of log files, computer systems, various types of systems, I may hold myself out as an expert as well to investigate different types of high-tech crimes in and above a computer intrusion. Q. Anything else besides what you've already testified to that you consider yourself to be an expert in and that you would hold yourself out to the public as an expert in? A. I think we'll leave it at the generalities
Q. Have you ever analyzed source code to determine if it includes protected expression for the purpose of a copyright analysis? A. I have not analyzed source code to determine if it contains protected expression in regards to copyright analysis. Q. Have you ever analyzed source code to determine whether any alleged copied portion of that source code was only de minimus for the purpose of copyright analysis? A. I have not -- you said the word "de minimus" to me. That's another legal term. I have not done what you just asked. Q. Okay. Have you ever performed any analysis to determine if computer source code is a derivative work for the purposes of copyright analysis? A. I have not -- again, I hear the phrase "derivative work," and that's a legal term, and I have an assumption in my report based on derivative works. I think on that one, it -- do you have a definition of "derivative work" that you could provide me? Q. Do you understand what "derivative work"
43 (Pages 166 to 169) Merrill Legal Solutions (800) 869-9132
KEVIN MANDIA May 20, 2010 HIGHLY CONFIDENTIAL - ATTORNEYS' EYES ONLY
Page 170
14:38:49 14:38:53 14:38:56 14:39:00 14:39:03 14:39:06 14:39:13 14:39:16 14:39:21 14:39:26 14:39:27 14:39:32 14:39:40 14:39:43 14:39:45 14:39:48 14:39:52 14:39:55 14:39:59 14:39:59 14:40:01 14:40:05 14:40:19 14:40:21 14:40:24 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
Page 172
14:41:29 14:41:30 14:41:32 14:41:35 14:41:39 14:41:41 14:41:44 14:41:46 14:41:48 14:41:51 14:41:52 14:41:54 14:41:56 14:42:01 14:42:03 14:42:06 14:42:08 14:42:11 14:42:14 14:42:31 14:42:33 14:42:39 14:42:47 14:42:49 14:42:50
means in the context of a copyright analysis, sir? A I do not have expert -- I do not know the legal definition of "derivative work" in regards to a copyright infringement case I think I have a layperson understanding of it, but I don't know the legal definition Q Are you familiar with an analysis or test known as the abstract filtration comparison test? A I am not familiar with that test Q To your knowledge, are -- any of the individuals at Mandiant who assisted you in preparation of your report have any expertise in doing the source code comparison to determine if an alleged copyright violation took place? A I am unaware -- first, we weren't tasked to do what you're insinuating here, that we were tasked to do a protected expression analysis in this case We're in fact not tasked at Mandiant to do so But in answer to your question, since we weren't tasked, I'm unaware if any of my employees have done something like this in their past or not Q Are you aware of whether any Mandiant employee has ever analyzed source code to determine if it includes protected expression for the
Page 171
14:40:27 14:40:31 14:40:32 14:40:35 14:40:38 14:40:40 14:40:43 14:40:45 14:40:49 14:40:52 14:40:54 14:40:55 14:40:57 14:40:57 14:40:59 14:41:00 14:41:01 14:41:02 14:41:05 14:41:06 14:41:09 14:41:13 14:41:15 14:41:20 14:41:23 14:42:52 14:42:53 14:42:55 14:43:00 14:43:05 14:43:18 14:43:20 14:43:22 14:43:24 14:43:28 14:43:33 14:43:36 14:43:40 14:43:42 14:43:46 14:43:48 14:43:51 14:43:52 14:43:54 14:43:57 14:43:59 14:44:01 14:44:11 14:44:15 14:44:17
Page 173
44 (Pages 170 to 173) Merrill Legal Solutions (800) 869-9132
KEVIN MANDIA May 20, 2010 HIGHLY CONFIDENTIAL - ATTORNEYS' EYES ONLY
Page 174
14:44:19 14:44:25 14:44:31 14:44:35 14:44:38 14:44:40 14:44:48 14:44:49 14:44:52 14:44:55 14:44:58 14:45:02 14:45:04 14:45:07 14:45:09 14:45:16 14:45:29 14:45:31 14:45:34 14:45:43 14:45:46 14:45:49 14:45:53 14:45:54 14:45:57
14:47:01 14:47:05 14:47:07 14:47:10 14:47:14 14:47:16 14:47:18 14:47:20 14:47:22 14:47:25 14:47:26 14:47:28 14:47:29 14:47:31 14:47:31 14:47:33 14:47:36 14:47:38 14:47:40 14:47:42 14:47:47 14:47:49 14:47:51 14:47:54 14:47:56
Page 176
Page 175
14:46:02 14:46:04 14:46:06 14:46:08 14:46:11 14:46:13 14:46:15 14:46:17 14:46:20 14:46:23 14:46:25 14:46:28 14:46:32 14:46:35 14:46:38 14:46:41 14:46:43 14:46:45 14:46:48 14:46:48 14:46:51 14:46:55 14:46:56 14:46:58 14:47:00
Page 177
14:47:59 14:48:02 14:48:14 14:48:15 14:48:24 14:48:27 14:48:28 14:48:32 14:48:32 14:48:34 14:48:36 14:48:38 14:48:41 14:48:45 14:48:48 14:48:50 14:48:52 14:48:55 14:48:57 14:49:00 14:49:05 14:49:07 14:49:10 14:49:13 14:49:14 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
Q. Okay. You didn't do it personally? A. I did not do it personally. Q. Have you ever designed or developed any enterprise software? A. The question was bifurcated with designed or developed? Q. I'll ask is unbifurcated. A. Thank you. Q. Have you ever designed enterprise software? A. From the standpoint of writing requirements, features, I believe I have, to the standpoint Mandiant's making a product where we described what we're trying to do is automate the things we've been doing for 10, 15 years as consultants into a product, that sort of thing. And it is an enterprise product in regards to it being deployed across hundreds of thousands of machines to be able to give you breadth and scope. I have designed that product to some level of technical detail. Q. What type of product -- what family of enterprise software would that fall into, the product you just described? A. I think it falls --
45 (Pages 174 to 177) Merrill Legal Solutions (800) 869-9132
KEVIN MANDIA May 20, 2010 HIGHLY CONFIDENTIAL - ATTORNEYS' EYES ONLY
Page 178
14:49:15 14:49:17 14:49:19 14:49:20 14:49:21 14:49:26 14:49:31 14:49:34 14:49:39 14:49:44 14:49:48 14:49:50 14:49:53 14:49:56 14:49:59 14:50:00 14:50:03 14:50:05 14:50:07 14:50:09 14:50:13 14:50:20 14:50:23 14:50:26 14:50:28 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
Page 180
14:51:56 14:52:00 14:52:02 14:52:06 14:52:10 14:52:13 14:52:15 14:52:18 14:52:22 14:52:28 14:52:32 14:52:42 14:52:54 14:53:00 14:53:01 14:53:03 14:53:04 14:53:06 14:53:12 14:53:13 14:53:15 14:53:17 14:53:30 14:53:32 14:53:34 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
MR. LEWIS: Objection. Vague. Go ahead. THE WITNESS: I would have to tell you how I define "family." MR. COWAN: Q. Sure. A. I think it's best to state it, it's -Mandiant Intelligent Response, our product, is referred to as enterprise software by us, because it touches all nodes on your enterprise. In that regards, it's enterprise-wide software. Q. And what does the software do? A. It's software to help you collect, analyze, and respond to different types of events where you need to collect electronic evidence, interpret the electronic evidence, and report on that electronic evidence. Q. So it's forensic software, basically? A. Largely to an extent, yes, that's where we're going. Q. Besides that software that you just described that Mandiant is developing, have you ever designed any other enterprise software? A. I have not designed something that I define as enterprise software. Q. And besides the Mandiant product that you just described, have you ever developed any
Q. Have you ever written any SQC code? A. To the best of my recollection, I have never written or have not written any SQC code. Q. Have you ever written any Dot C code? A. I have written Dot C code. Q. Which is the C programming language? A. C programming language. Q. In what application? A. My authorship of C programs were primarily for specialized investigations, meaning one-off tools not for applications. Q. How long ago was that? A. I would estimate -- I can only estimate, first off. Q. Please estimate. A. 8 years ago. Q. Okay. A. Was the last time that I recall writing a Dot C program. Q. Okay. Have you ever written any code for the Siebel programs? A. I have not written any code for Siebel. Q. You have never written any PeopleSoft code either, have you? A. I have not written any code for
Page 179
14:50:30 14:50:32 14:50:37 14:50:40 14:50:44 14:50:48 14:50:49 14:50:49 14:50:51 14:50:53 14:50:57 14:51:00 14:51:09 14:51:12 14:51:16 14:51:19 14:51:22 14:51:26 14:51:31 14:51:34 14:51:39 14:51:42 14:51:44 14:51:50 14:51:52 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
Page 181
14:53:36 14:53:37 14:53:40 14:53:40 14:53:42 14:53:43 14:53:44 14:53:45 14:53:49 15:16:16 15:18:04 15:18:12 15:18:35 15:18:37 15:18:39 15:18:45 15:18:46 15:18:51 15:18:54 15:18:57 15:18:58 15:19:01 15:19:01 15:19:05 15:19:10 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
enterprise software? A. I have not worked as a developer for any -- and as I describe enterprise software in your terms, in regards to this case, it's software that impacts an enterprise-wide of employees. Q. Correct. The kind -A. Yeah. Q. -- of enterprise software that your client, Oracle, sells. A. Right. I have not worked as a developer in regards to developing enterprise application software. Q. Have you ever written COBOL code? COBOL A. I have written some COBOL code. Q. For what application? A. I cannot recall the application. Q. How long ago was it it? A. It was in the fall of 1991. Q. Since fall of 1991, can you recall ever writing any COBOL code? A. I do not recall writing any COBOL code since the fall of 1991. Q. Have you ever written any SQR code? A. To the best of my recollection, I have not written any SQR code.
PeopleSoft Q Have you ever written any code for JD Edwards? A I have not written any code for JD Edwards MR COWAN: Let's take a break THE VIDEO OPERATOR: Going off the record, the time now is 2:53 This also will be the conclusion of Tape 3 of Mandia (Recess from 2:54 p m to 3:18 p m ) (Deposition Exhibit 2075 was marked for identification ) THE VIDEO OPERATOR: The time now is 3:18 We are back on the videotape record This also marks the beginning of Tape 4 Please proceed MR COWAN: Q Mr Mandia, while we were on break, I marked as Exhibit 2075 the notes that you took during the last round of questioning I had Is that what's depicted there by Exhibit 2075? A That is correct Q Okay Thank you Has any other party ever moved to strike or limit your testimony in any case that you're
46 (Pages 178 to 181) Merrill Legal Solutions (800) 869-9132
KEVIN MANDIA May 20, 2010 HIGHLY CONFIDENTIAL - ATTORNEYS' EYES ONLY
Page 194
15:37:25 15:37:28 15:37:32 15:37:34 15:37:35 15:37:35 15:37:37 15:38:22 15:38:25 15:38:37 15:38:39 15:38:42 15:38:43 15:38:45 15:38:48 15:38:50 15:38:52 15:38:55 15:38:59 15:39:04 15:39:06 15:39:09 15:39:17 15:39:19 15:39:26
Page 196
15:40:59 15:41:00 15:41:18 15:41:20 15:41:25 15:41:29 15:41:31 15:41:32 15:41:32 15:41:37 15:41:40 15:41:45 15:41:47 15:41:53 15:41:55 15:41:58 15:41:59 15:42:01 15:42:02 15:42:15 15:42:17 15:42:21 15:42:24 15:42:28 15:42:34 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
in my report. Q. Okay. Did you review any software license for any purpose in formulating the opinions and conclusions that are contained in your report? A. I did not. I think when you state license, you mean the actual software license document? Q. Correct. A. Okay. I did not review any specific documents that I would call software license documents. I want to be clear. I did receive information that was called licensing information. Q. Right. But you didn't review, to your knowledge, any of the actual software licenses themselves. Correct? A. It was not part of my task to look at licensing information. Q. Okay. A. I want to clarify that answer. Except for -- I said it kind of generically. It was not my task to look at licenses. However, I did look at what people gave me as license information; in other words, for Merck, OC Technologies, Yazaki, SPX, and a few other, I
Page 195
15:39:32 15:39:36 15:39:40 15:39:41 15:39:46 15:39:51 15:39:54 15:39:58 15:40:00 15:40:01 15:40:04 15:40:06 15:40:10 15:40:12 15:40:13 15:40:15 15:40:18 15:40:22 15:40:24 15:40:28 15:40:39 15:40:42 15:40:45 15:40:53 15:40:55
Page 197
15:42:37 15:42:41 15:42:44 15:42:46 15:42:49 15:42:51 15:42:53 15:42:55 15:43:04 15:43:07 15:43:12 15:43:15 15:43:17 15:43:19 15:43:26 15:43:29 15:43:30 15:43:33 15:43:37 15:43:40 15:43:43 15:43:47 15:43:51 15:43:52 15:43:58 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
believe five total clients, I was provided license informing. I think on the record it read ambiguous. I wanted to clarify. Q. Right. But my question was, you did not review to your knowledge any of the actual software licenses themselves. Correct? A. I did not review the actual software licenses. Q. Did you review any of the actual terms of use language on any Oracle websites for the purposes of formulating any opinions and conclusions that are contained in your report? A. I was asked to make an assumption on terms of use, and I did not personally assess and interpret, from a legal perspective, the terms of use on the Oracle side. Q. Did you actually at any point ever review the actual language of the actual terms of use that's on any of the Oracle websites for the purpose of formulating any opinions or conclusions that are contained in your report? A. Would you repeat that, please? Q. Yeah. Did you actually at any point ever review the actual language of the terms of use that are contained on any of the Oracle websites for the
50 (Pages 194 to 197) Merrill Legal Solutions (800) 869-9132
KEVIN MANDIA May 20, 2010 HIGHLY CONFIDENTIAL - ATTORNEYS' EYES ONLY
Page 198
15:44:01 15:44:04 15:44:09 15:44:20 15:44:23 15:44:28 15:44:31 15:44:32 15:44:34 15:44:37 15:44:41 15:44:45 15:44:47 15:44:49 15:44:50 15:44:51 15:44:51 15:44:53 15:44:55 15:44:57 15:45:00 15:45:04 15:45:07 15:45:09 15:45:14 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
Page 200
15:46:31 15:46:43 15:46:56 15:46:59 15:47:03 15:47:04 15:47:04 15:47:07 15:47:11 15:47:16 15:47:17 15:47:19 15:47:22 15:47:28 15:47:29 15:47:31 15:47:33 15:47:37 15:47:42 15:47:43 15:47:44 15:47:47 15:47:48 15:47:51 15:47:55
purposes of formulating any opinions or conclusions that are contained in your report? MR LEWIS: Objection Compound THE WITNESS: I did not review the actual terms of use I made an assumption that I call a "terms of use" assumption in my report and applied that assumption I think the reason I hesitated in answering that question is, I did read it in order to -- I didn't -- I understood my assumption as worded in my record, but I did read them from a layperson's perspective to understand them, to understand that my assumptions seemed reasonable to me MR COWAN: Q You read the assumptions Correct? A I read the assumptions Q But you didn't read the actual terms of use of Oracle's websites Right? A No That's what I was stating, to be clear I did also read the terms of use, in regards to just reading them to understand them Q But you have no conclusions or opinions regarding the applicability of the terms of use of any Oracle website, as far as your conclusions and
Page 199
15:45:19 15:45:20 15:45:27 15:45:29 15:45:33 15:45:35 15:45:36 15:45:38 15:45:41 15:45:42 15:45:49 15:45:52 15:45:54 15:45:57 15:45:58 15:46:00 15:46:06 15:46:08 15:46:10 15:46:14 15:46:15 15:46:21 15:46:25 15:46:28 15:46:30
Page 201
15:48:00 15:48:11 15:48:15 15:48:16 15:48:18 15:48:20 15:48:21 15:48:22 15:48:23 15:48:26 15:48:29 15:48:32 15:48:33 15:48:38 15:48:41 15:48:45 15:48:48 15:48:50 15:48:51 15:48:54 15:48:58 15:49:00 15:50:18 15:50:20 15:50:24
51 (Pages 198 to 201) Merrill Legal Solutions (800) 869-9132
KEVIN MANDIA May 20, 2010 HIGHLY CONFIDENTIAL - ATTORNEYS' EYES ONLY
Page 218
16:15:02 16:15:04 16:15:07 16:15:10 16:15:13 16:15:15 16:15:18 16:15:22 16:15:24 16:15:28 16:15:32 16:15:33 16:15:34 16:15:39 16:15:42 16:15:46 16:15:46 16:15:47 16:15:48 16:15:48 16:15:49 16:15:51 16:15:52 16:15:52 16:15:54
16:17:02 16:17:04 16:17:06 16:17:08 16:17:11 16:17:14 16:17:16 16:17:20 16:17:22 16:17:24 16:17:27 16:17:29 16:17:32 16:17:34 16:17:35 16:17:36 16:17:37 16:17:38 16:17:39 16:17:42 16:17:44 16:17:48 16:17:50 16:17:53 16:17:55 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
Page 220
So with that definition, does your objection still stand? MR LEWIS: I think still it's vague It's not clear to what extent participation -you're talking about in front of the computer, or amalgamated information from other sources I'm sorry, Mr Cowan I didn't mean to interrupt you MR COWAN: No problem Fair enough I'll give you that running objection Q But I want you to take my definition: Did you compose by yourself the words that are on the page in your record listed by each definition? So when I say, did you author it, that's what I'm asking Okay? A Okay Q And I'm giving your counsel the running objection on that definition A Okay Q Did you author the definition in paragraph 54? A I think that -- here's where it gets complex Almost every one of these definitions were terms we used for years I learned from multiple different people these terms through depositions, conversations with Mandiant employees,
Page 219
16:15:57 16:15:58 16:16:02 16:16:03 16:16:10 16:16:14 16:16:17 16:16:17 16:16:21 16:16:24 16:16:25 16:16:27 16:16:29 16:16:29 16:16:30 16:16:32 16:16:33 16:16:36 16:16:38 16:16:40 16:16:42 16:16:49 16:16:55 16:16:56 16:16:58
16:17:58 16:17:59 16:18:01 16:18:04 16:18:08 16:18:09 16:18:13 16:18:15 16:18:18 16:18:21 16:18:24 16:18:27 16:18:28 16:18:30 16:18:31 16:18:33 16:18:36 16:18:39 16:18:41 16:18:53 16:18:59 16:19:00 16:19:01 16:19:04 16:19:06 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
Page 221
conversations with counsel. So when it comes down to what I put on paper, it's an aggregation of many different things that came from multiple sources. Q. I understand that the basis of your knowledge for providing any input into these definitions occurred over a period of time in this case and your own experience. I'm trying to understand who, whether it's you or others, actually wrote these definitions that are contained in your report. It's that simple. A. Meaning sat down at the computer and typed them in? Q. Well, a little more than the ministerial task. Who used their brain power to come up with the words that are depicted on the page in the order that they appear on this page for purposes of establishing the definition? Okay? And that's my ongoing question to you. A. And which paragraph would you like me to be on? Q. 54. Did you use your brain power to come up with the words that are depicted on the page in the order they appear on this page for the purposes
56 (Pages 218 to 221) Merrill Legal Solutions (800) 869-9132
KEVIN MANDIA May 20, 2010 HIGHLY CONFIDENTIAL - ATTORNEYS' EYES ONLY
Page 222
16:19:09 16:19:11 16:19:13 16:19:14 16:19:19 16:19:20 16:19:21 16:19:24 16:19:27 16:19:37 16:19:44 16:19:46 16:19:50 16:19:52 16:19:56 16:19:59 16:20:01 16:20:04 16:20:06 16:20:07 16:20:22 16:20:26 16:20:30 16:20:33 16:20:35 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
Page 224
16:22:26 16:22:28 16:22:32 16:22:34 16:22:37 16:22:43 16:22:45 16:22:56 16:22:57 16:23:00 16:23:04 16:23:10 16:23:18 16:24:22 16:24:23 16:24:25 16:24:28 16:24:31 16:24:31 16:24:34 16:24:36 16:24:39 16:24:42 16:24:45 16:24:48 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
of establishing this definition by yourself? MR. LEWIS: To be clear, my objection -MR. COWAN: It still stands. MR. LEWIS: Thank you. MR. COWAN: I don't actually agree with it, but it stands. THE WITNESS: 54 is a definition that I wrote in collaboration with other individuals. MR. COWAN: Q. Okay. What about 55? A. 55 is a definition I devised with the collaboration of other individuals, meaning I didn't make it in a vacuum. That I may have typed every word. This might be every exact word I chose, but over the course of a year or more, we all decided cross-use means this. Q. Okay. And when you say we all and other individuals, you're referring to folks at Mandiant, yourself, and Oracle's counsel. Correct? A. That is correct. Q. Okay. What about 56? A. This may be authored by me with knowledge I learned from others, and it may be a definition that I collaborated with somebody else on. Q. Including counsel? A. Including Mandiant employees and counsel.
think there's documents that refer to this as a phrase, Mandiant We had our own definition of "data warehouse " This is a definition that may have been written solely by me, may have been written in collaboration with Mandiant employees, may have been written in collaboration with Mandiant and counsel Continue? Q Well, we're going to go on for 40 more Why don't you just quickly look through the defined term, not the definition, beginning with 61 through 101, and then I just have a couple general questions, and then we'll move on A (Examining document ) Q Okay Have you had a chance to look at least at the defined terms, the terms that are in quotes beside each paragraph -A Yes Q -- from 61 to 101? A Yes, I have glanced at the defined terms Q Would it be safe to say at least half or more of these terms were formulated with input from others at Mandiant and counsel rather than you formulating them all by yourself? A I was working the big team I did not
Page 223
16:20:39 16:20:42 16:20:44 16:20:47 16:20:48 16:20:50 16:20:56 16:21:07 16:21:11 16:21:14 16:21:19 16:21:22 16:21:26 16:21:34 16:21:39 16:21:41 16:21:45 16:21:53 16:21:57 16:21:59 16:22:04 16:22:09 16:22:13 16:22:15 16:22:23 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
Page 225
16:24:51 16:24:54 16:24:56 16:24:59 16:25:00 16:25:01 16:25:03 16:25:06 16:25:07 16:25:12 16:25:15 16:25:17 16:25:19 16:25:21 16:25:23 16:25:26 16:25:28 16:25:31 16:25:33 16:25:37 16:25:39 16:25:40 16:25:41 16:25:43 16:25:47 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
Q. Okay. And if you will, it'll make it easier, instead of saying somebody else, identify them at least by their employer. Okay? A. Okay. Q. Not by name. You can just say other Mandiant employees and Oracle's counsel, is fine. Paragraph 58? A. I may have authored this by myself with information that I learned while working on this case, and I may have shared this definition with others to get their opinions, and they may or may not have offered changes. But the genesis of this is, as I recollect vaguely, this is something that I typed, that I wrote, and others opined on it or talked about it or discussed it to see if that definition represented their thoughts on it. Q. Okay. And 59? A. I think that contamination I believe is a phrase that Mandiant came up with, but I don't recall. I don't recall the genesis of this one particular definition. It appears to be my words. But I may have collaborated with other Mandiant employees or counsel on this definition. Q. Okay. 60? A. Numerous sources for "data warehouse." I
want to come up with a definition in a vacuum and not share that with the team and get a bunch of input on it. We had to all make sure we were speaking the same language. Q. I know, and -A. So I think it's -- obviously, the synthesis of these definitions were a collaboration amongst many different individuals that were working together on reviewing over ten terabytes of data over the course of 3 years. Q. And that would include all the definitions from 48 to 101. Is that right? A. I can't speak in that generality. If you want to go specifically through each one, I will -Q. I want to talk in general terms. Most all. And there may be -- based on going through the first dozen or so with you, it appears that the majority of them were based on collaboration with your own knowledge, others at Mandiant, and counsel. Is that a fair statement? MR. LEWIS: Objection. Vague and ambiguous. THE WITNESS: The collaboration part, it may not be -- that may misstate what happened here, to the extent that a lot of times I anchored the
57 (Pages 222 to 225) Merrill Legal Solutions (800) 869-9132
KEVIN MANDIA May 20, 2010 HIGHLY CONFIDENTIAL - ATTORNEYS' EYES ONLY
Page 274
17:59:57 18:00:00 18:00:12 18:00:14 18:00:16 18:00:17 18:00:27 18:00:31 18:00:39 18:00:56 18:00:59 18:01:00 18:01:04 18:01:12 18:01:15 18:01:20 18:01:20 18:01:22 18:01:26 18:01:30 18:01:32 18:01:34 18:01:37 18:01:40 18:01:42 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
Page 276
18:02:52 18:02:57 18:03:24 18:03:27 18:03:30 18:03:41 18:03:44 18:03:46 18:03:49 18:03:51 18:03:52 18:03:54 18:03:57 18:04:01 18:04:02 18:04:06 18:04:09 18:04:11 18:04:12 18:04:16 18:04:20 18:04:23 18:04:28 18:04:30 18:04:31 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
with him on the phone. Q. Okay. (Deposition Exhibit 2079 was marked for identification.) MR. COWAN: Q. Let me show you what's been marked as Exhibit 2079. And the only portion of this exhibit I'm going to ask you about right now is the second page from the back of the exhibit. And it's the bottom two paragraphs. These are your notes. Correct? A. These are my notes. Q. Okay. And the second -- the second-to-the-last paragraph of Exhibit 2079 on the second-to-the-last page says: I am going to rely on Norm and his expertise with COBOL. Do you see that? A. Yes. Q. And so you considered the information Mr. Ackermann was providing to you as expert opinion? A. I'm relying on him for the facts he gave me about COBOL. Let me ask you, expert is a legal term to me. Is that what you meant in that sentence? Q. I mean, were you considering Mr. -- my
A. A fact is something that's -- that is. An opinion is applying -- I got to think about this. It's late in the day. I didn't expect an opinion -- or excuse me, see -- a question like this. I guess an opinion -- I'm not coming up with the right word to describe it right now. Q. Okay. Would you agree with me that an opinion is someone's belief as to what a fact might be? MR. LEWIS: Still in a lay sense? MR. COWAN: Q. And still in a lay sense. A. An opinion -- that sounds reasonable to me to say yes, an opinion is a belief that someone thinks. Q. As opposed to a fact that everyone agrees, for example, that the lights are on in this room. MR. LEWIS: Objection. No foundation. MR. COWAN: Q. That's a fact. Right? A. Yeah. A fact is something that is. Q. And the opinion may be that some people may believe the light is blue colored, some people may believe the light is pink colored. Is that an example of how you would interpret the definition of an opinion? MR. LEWIS: Objection. Vague and
Page 275
18:01:48 18:01:52 18:01:54 18:01:56 18:01:57 18:02:01 18:02:04 18:02:06 18:02:10 18:02:13 18:02:17 18:02:19 18:02:21 18:02:22 18:02:26 18:02:28 18:02:30 18:02:32 18:02:36 18:02:41 18:02:41 18:02:46 18:02:46 18:02:50 18:02:51 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
Page 277
18:04:32 18:04:37 18:04:38 18:04:40 18:04:42 18:04:43 18:04:46 18:04:52 18:04:55 18:04:57 18:05:00 18:05:06 18:05:10 18:05:15 18:05:18 18:05:21 18:05:26 18:05:27 18:05:29 18:05:31 18:05:35 18:05:37 18:05:42 18:05:43 18:05:45 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
question is, do you consider Mr. Ackermann to be an expert in COBOL? MR. LEWIS: Objection. Vague. THE WITNESS: I -MR. LEWIS: Calls for a legal conclusion. THE WITNESS: I -- yeah, the term "expert" is a legal term. When I spoke to Mr. Ackermann, it was -one reason why I spoke to him was, I was asked to make an assumption about file-based objects being protected expression, and I wanted to know if that was a reasonable assumption. So speaking to Mr. Ackermann, who was a PeopleSoft developer, I asked him some questions about choice and creativity, things of that nature. And there's another paragraph in my report where I clearly cite where I'm trying to understand the choices that the developers make and the creativity applied to the PeopleSoft developers. MR. COWAN: Q. Do you understand the difference between a fact and an opinion? MR. LEWIS: Objection. Calls for legal conclusions. MR. COWAN: Q. I'm asking for your lay definition of it.
ambiguous THE WITNESS: An opinion is someone's beliefs That seems reasonable as a lay definition MR COWAN: Q So did Mr Ackermann provide you with facts or opinions based on the lay definition we've just discussed? A I'm going -- I'm trying to recall the conversations I had with him But I was primarily talking on a technical level with him from a developer's perspective and asking him about the PeopleSoft product line, about COBOLs, SQRs, and SQCs or file-based objects, and how much creativity he applied when he was creating them and how much choices he made when he was writing them, just so I could better understand SQRs, SQCs, and COBOLs Q And was it your understanding the information Mr Ackermann was providing you were facts In other words, they are what they are? A I think at the time, and as I think about it now, I was just relying on his knowledge of PeopleSoft as a developer in PeopleSoft Q But that didn't answer my question Was the information he was providing you more in the nature of a fact or more in the nature
70 (Pages 274 to 277) Merrill Legal Solutions (800) 869-9132
KEVIN MANDIA May 20, 2010 HIGHLY CONFIDENTIAL - ATTORNEYS' EYES ONLY
Page 278
18:05:48 18:05:52 18:05:54 18:05:56 18:06:00 18:06:01 18:06:04 18:06:08 18:06:09 18:06:12 18:06:14 18:06:16 18:06:23 18:06:27 18:06:29 18:06:32 18:06:35 18:06:38 18:06:41 18:06:42 18:06:44 18:06:57 18:06:59 18:07:00 18:07:02 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
Page 280
18:08:41 18:08:45 18:08:47 18:08:50 18:08:56 18:08:58 18:09:00 18:09:03 18:09:05 18:09:08 18:09:10 18:09:12 18:09:16 18:09:19 18:09:21 18:09:25 18:09:27 18:09:29 18:09:30 18:09:32 18:09:35 18:09:37 18:09:39 18:09:42 18:09:47
of the -- an opinion, given the lay definition of those two terms as we've just discussed them? MR. LEWIS: Objection. Argumentative and vague and ambiguous. THE WITNESS: As I recollect the conversation, I feel it was more in the line of, he was just telling me his -- how he develops. MR. COWAN: Q. Are you unable to categorize whether it was a fact or an opinion as to the information he was providing you based on the lay definition of those two terms? A. No. I think he was providing me facts. Q. And one of those facts is at the bottom of the page on the second-to-the-last page of Exhibit 2079, isn't it, where he says, Oracle relies on cut and paste and the ability to copy from one database to another. Do you see that? A. Oracle relies on -MR. LEWIS: I think you misread that, Mr. Cowan. I'm sorry, I misread it, my apologies. MR. COWAN: Q. Do you need me to reread it? A. I see the sentence. Q. Okay. And that's one of the facts that --
Page 279
18:07:03 18:07:07 18:07:10 18:07:13 18:07:16 18:07:18 18:07:21 18:07:26 18:07:29 18:07:31 18:07:33 18:07:34 18:07:57 18:07:59 18:08:06 18:08:09 18:08:13 18:08:16 18:08:20 18:08:23 18:08:26 18:08:28 18:08:31 18:08:34 18:08:36
18:09:51 18:09:53 18:10:00 18:10:05 18:10:07 18:10:11 18:10:13 18:10:16 18:10:16 18:10:17 18:10:19 18:10:22 18:10:23 18:10:25 18:10:28 18:10:30 18:10:33 18:10:36 18:10:41 18:10:47 18:10:49 18:10:53 18:10:57 18:11:01 18:11:04
Page 281
71 (Pages 278 to 281) Merrill Legal Solutions (800) 869-9132
Page 291
UNITED STATES DISTRICT COURT NORTHERN DISTRICT OF CALIFORNIA SAN FRANCISCO DIVISION ORACLE CORPORATION, a Delaware corporation, ORACLE USA, INC., a Colorado corporation, and ORACLE INTERNATIONAL CORPORATION, a California corporation, ) ) ) ) ) ) ) ) Plaintiffs, ) ) vs. ) No. 07-CV-1658 (PJH) ) SAP AG, a German ) corporation, SAP AMERICA, ) INC., a Delaware ) corporation, TOMORROWNOW, ) INC., a Texas corporation, ) and DOES 1-50, inclusive, ) ) Defendants. ) ________________________________)
VIDEOTAPED DEPOSITION OF KEVIN MANDIA _________________________________ VOLUME 2; PAGES 291 - 570 FRIDAY, MAY 21, 2010
HIGHLY
CONFIDENTIAL - ATTORNEYS' EYES ONLY
REPORTED BY:
HOLLY THUMAN, CSR No. 6834, RMR, CRR (1-427384)
KEVIN MANDIA May 21, 2010 HIGHLY CONFIDENTIAL - ATTORNEYS' EYES ONLY
Page 348
10:48:36 10:48:44 10:48:46 10:48:58 10:49:01 10:49:08 10:49:11 10:49:17 10:49:19 10:49:51 10:49:53 10:49:55 10:49:59 10:50:02 10:50:05 10:50:09 10:50:13 10:50:16 10:50:19 10:50:23 10:50:26 10:50:26 10:50:30 10:50:33 10:50:38 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
Page 350
10:51:50 10:51:54 10:51:58 10:52:00 10:52:04 10:52:09 10:52:11 10:52:15 10:52:19 10:52:23 10:52:27 10:52:29 10:52:34 10:52:37 10:52:37 10:52:40 10:52:43 10:52:46 10:52:48 10:52:51 10:52:53 10:52:54 10:52:57 10:52:59 10:53:03
deposition of Kevin Mandia The time is 10:48 MR COWAN: Q Mr Mandia, if you'll turn to paragraph 4, page 1 of your report, please And we've already talked about that paragraph, but the only one I'm -- the only sentence that I'm -- two sentences that I'm focused on are the last two sentences If you could just read those again, silently A (Examining document ) Okay Q Okay And you're making a note there to yourself What did you just note? A I wrote the word "misaligned " Q And why did you write that? A When I think about improper access, one of the things in that sentence, there's a phrase, without regard for customer licenses The "misaligned" refers to our JDE license analysis that Mandiant did Q And what do you mean, that misaligned refers to our JDE license analysis that Mandiant did? A We did a couple of analyses where in one case we took licensing information provided to us from Carlos Barradas for Merck, OC Technologies, Yazaki and two other companies, SPX, I believe, and
Page 349
10:50:43 10:50:45 10:50:48 10:50:51 10:50:55 10:50:57 10:50:58 10:51:02 10:51:05 10:51:07 10:51:09 10:51:12 10:51:12 10:51:14 10:51:17 10:51:20 10:51:22 10:51:24 10:51:26 10:51:29 10:51:34 10:51:37 10:51:40 10:51:44 10:51:45 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
Page 351
10:53:06 10:53:08 10:53:09 10:53:10 10:53:11 10:53:18 10:53:19 10:53:21 10:53:25 10:53:28 10:53:31 10:53:34 10:53:36 10:53:40 10:53:42 10:53:45 10:53:47 10:53:49 10:53:51 10:53:53 10:53:56 10:53:58 10:54:01 10:54:06 10:54:08
one other company, and we look that licensing information for both OneWorld and World, and we looked at the customer-labeled folders to see where the things in the customer-labeled folders aligned with the licensing that we had. So that's how I used the term "misaligned." The customer-labeled folder contained files that weren't aligned with the licensing information we were provided. Q. But they also contained files that were aligned with the licensing information you were provided. Correct? A. They may have. We didn't do that analysis. We looked for and noted in our spreadsheets, actually, both, but I reported on the ones that were misaligned. Q. Did you report on the ones that were properly aligned in your opinion? A. I did not report on the ones that may have been aligned. I reported on what my analysis was. Q. Okay. And the last sentence, you say: TomorrowNow used this tool for data collection without regard for customer credentials or customer licenses. Do you intend that statement to mean that
16 (Pages 348 to 351) Merrill Legal Solutions (800) 869-9132
KEVIN MANDIA May 21, 2010 HIGHLY CONFIDENTIAL - ATTORNEYS' EYES ONLY
Page 360
11:05:06 11:05:09 11:05:11 11:05:15 11:05:17 11:05:20 11:05:23 11:05:27 11:05:28 11:05:28 11:05:31 11:05:32 11:05:33 11:05:35 11:05:40 11:05:43 11:05:47 11:05:50 11:05:50 11:05:54 11:05:59 11:06:04 11:06:08 11:06:10 11:06:13
11:07:23 11:07:27 11:07:30 11:07:33 11:07:38 11:07:41 11:07:44 11:07:49 11:07:52 11:07:54 11:07:54 11:07:57 11:08:06 11:08:07 11:08:16 11:08:20 11:08:22 11:08:23 11:08:29 11:08:34 11:08:36 11:08:36 11:08:39 11:08:40 11:08:41
Page 362
Page 361
11:06:18 11:06:21 11:06:23 11:06:24 11:06:28 11:06:30 11:06:31 11:06:34 11:06:41 11:06:45 11:06:48 11:06:50 11:06:50 11:06:52 11:06:57 11:06:58 11:07:00 11:07:01 11:07:03 11:07:07 11:07:10 11:07:14 11:07:17 11:07:19 11:07:22
11:08:43 11:08:45 11:08:49 11:09:02 11:09:06 11:09:10 11:09:13 11:11:00 11:11:02 11:11:07 11:11:10 11:11:14 11:11:15 11:11:18 11:11:19 11:11:21 11:11:23 11:11:25 11:11:27 11:11:27 11:11:29 11:11:31 11:11:36 11:11:39 11:11:45 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
Page 363
occurrence, it would use the credentials that are inputted into Titan by the user, and not the default credentials. MR. COWAN: Q. If you'll turn to page 40 of your report, please. Paragraph 174, and read that to yourself silently, please. A. (Examining document.) Okay. Q. The second -- the third sentence here says: TomorrowNow programmed Titan to allow automated mass downloading from Oracle without regard to any license restriction a customer may have. Do you see that? A. Yes, I do. Q. And you rely on the testimony of Mr. Ritchie for that? A. That is one of the things I rely on, yes. Q. Okay. What else did you rely on for that statement? A. Well, I think that one of the things Mr. Ritchie clearly stated was that he tested Titan. There is an admission that a million files, at a minimum, were downloaded with Titan deleted. So I think Mr. Ritchie's testimony's strong regard contributes to that sentence.
19 (Pages 360 to 363) Merrill Legal Solutions (800) 869-9132
KEVIN MANDIA May 21, 2010 HIGHLY CONFIDENTIAL - ATTORNEYS' EYES ONLY
Page 452
14:21:54 14:21:55 14:21:59 14:22:03 14:22:09 14:22:16 14:22:18 14:22:23 14:22:25 14:22:35 14:22:42 14:22:45 14:22:50 14:22:50 14:22:51 14:23:17 14:23:38 14:23:39 14:23:43 14:23:46 14:23:50 14:23:55 14:23:57 14:24:01 14:24:06
Page 454
14:25:43 14:25:52 14:26:10 14:26:17 14:26:20 14:26:22 14:26:27 14:26:30 14:26:37 14:26:42 14:26:54 14:26:56 14:26:59 14:26:59 14:27:01 14:27:06 14:27:11 14:27:16 14:27:20 14:27:27 14:27:32 14:27:34 14:27:35 14:27:41 14:27:42 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
were covered by the copyright registrations in the Fourth Amended Complaint Q All right Let's go back to Exhibit 2086 A Okay Q Other than the assumptions you just described that you made, have you made any attempt at all to determine whether the copyright registrations that are listed on pages 52, 53, 54, 55, and 56 of Plaintiffs' Amended -- Fourth Amended Complaint are addressed by the opinions and conclusions in your report? MR LEWIS: Objection Vague THE WITNESS: Could you repeat that question, please? MR COWAN: Q Yeah Did you attempt at any point to review each of the copyright registrations that are listed on pages 52, 53, 54, 55, and 56 of Plaintiffs' Fourth Amended Complaint that is Exhibit 2086 to determine whether your opinions and conclusions apply to each one of those copyrights that are listed on those pages? MR LEWIS: Objection Vague and compound THE WITNESS: Yeah, could you restate it, please?
Page 453
14:24:09 14:24:14 14:24:18 14:24:23 14:24:26 14:24:28 14:24:31 14:24:36 14:24:38 14:24:40 14:24:41 14:24:43 14:24:43 14:24:58 14:25:04 14:25:08 14:25:11 14:25:14 14:25:18 14:25:23 14:25:26 14:25:29 14:25:32 14:25:36 14:25:40 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
Page 455
14:27:44 14:27:45 14:27:54 14:27:56 14:28:08 14:28:14 14:28:16 14:28:25 14:28:27 14:28:30 14:28:33 14:28:37 14:28:40 14:28:41 14:28:43 14:28:44 14:28:47 14:28:49 14:28:52 14:28:54 14:28:59 14:29:04 14:29:06 14:29:09 14:29:13 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
And in that table, I recall the assumption that the automated database -- part of my assumption is that things in Table 36 are protected or covered by the copyrights Oracle asserts in the Fourth Amended Complaint. So from that perspective, that's how I viewed the automated databases. They were in my Table 36 and part of my assumption. MR. COWAN: Q. When you say Table 36, which page are you referring to in your appendix? A. I'm in my report. Q. Okay. A. Page 101. Q. And you say -- you just assumed that the things listed in Table 36 are protected or covered by the copyrights Oracle asserts in the Fourth Amended Complaint. Correct? A. Yes. The -- if you turn to paragraph 45 on page 10 -- or I can just explain it to you. My assumption for protected expression covered my materials described in Tables 35 or 36 in Section 10. And it's an assumption that I was to provide -- I was provided with that assumption, and that allowed me to, when I saw these things, know that these were the things Oracle was asserting
MR. COWAN: Q. Well, let's just start with the first one on page 5
]]>
Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.
Why Is My Information Online?
