Fortinet, Inc. v. Sophos, Inc. et al

Filing 289

ORDER by Judge Edward M. Chen Granting in Part and Denying in Part 215 Defendants' Motion for Summary Judgment (PUBLIC/REDACTED VERSION OF ORDER). (emcsec, COURT STAFF) (Filed on 10/14/2015)

Download PDF
1 2 3 4 UNITED STATES DISTRICT COURT 5 NORTHERN DISTRICT OF CALIFORNIA 6 7 FORTINET, INC., Plaintiff, 8 v. 9 10 SOPHOS, INC., et al., Defendants. 11 ORDER GRANTING IN PART AND DENYING IN PART DEFENDANTS’ MOTION FOR SUMMARY JUDGMENT Docket No. 215 12 For the Northern District of California United States District Court Case No. 13-cv-05831-EMC Plaintiff Fortinet, Inc. has filed suit against Defendants Sophos, Inc. and two of its officers, 13 14 Michael Valentine and Jason Clark, both of whom left employment with Fortinet to work for 15 Sophos. In the operative first amended complaint (“FAC”), see Docket No. 9 (FAC), Fortinet has 16 asserted a variety of claims against Defendants, including patent infringement, trade secret 17 misappropriation, breach of contract, and breach of fiduciary duty. The parties agreed that all 18 claims involving the individual defendants would be arbitrated. Currently pending before the 19 Court is Defendants’ motion for summary judgment, which addresses (1) the trade secret 20 misappropriation claim (against Sophos), (2) all claims against the individual defendants, and (3) 21 part of the patent infringement claims (against Sophos). 22 Having considered the parties’ briefs and accompanying submissions, as well as the oral 23 argument of counsel, the Court hereby GRANTS in part and DENIES in part Sophos’s motion. I. DISCUSSION 24 25 26 A. Legal Standard Under Federal Rule of Civil Procedure 56(a), a party may seek summary judgment on a 27 claim or even part of a claim. “The court shall grant summary judgment if the movant shows that 28 there is no genuine dispute as to any material fact and the movant is entitled to judgment as a 1 matter of law.” Fed. R. Civ. P. 56(a). As indicated by the language of the rule, “[t]he moving 2 party has the burden of establishing the absence of a genuine dispute of material fact. The court 3 must view the evidence in the light most favorable to the non-movant and draw all reasonable 4 inferences in the non-movant’s favor.” City of Pomona v. SQM N. Am. Corp., 750 F.3d 1036, 5 1049-50 (9th Cir. 2014). “‘Where the record taken as a whole could not lead a rational trier of fact 6 to find for the nonmoving party, there is no genuine issue for trial.’” Id. Where the plaintiff ultimately bears the burden of proof, the defendant may prevail on a 7 8 motion for summary judgment by pointing to the plaintiff’s failure “to make a showing sufficient 9 to establish the existence of an element essential to [the plaintiff’s] case.” Celotex Corp. v. Catrett, 477 U.S. 317, 322 (1986). 11 B. Trade Secret Misappropriation As noted above, one of the claims asserted by Fortinet against Sophos is a claim for trade 12 For the Northern District of California United States District Court 10 13 secret misappropriation. Under the California Uniform Trade Secrets Act (“CUTSA”), a plaintiff 14 asserting trade secret misappropriation has the burden of establishing the following: “‘(1) the 15 plaintiff owned a trade secret, (2) the defendant acquired, disclosed, or used the plaintiff’s trade 16 secret through improper means, and (3) the defendant’s actions damaged the plaintiff.’” Language 17 Line Servs. v. Language Servs. Assocs., 944 F. Supp. 2d 775, 779 (N.D. Cal. 2013). “[A] ‘trade 18 secret’ is defined to include information that ‘(1) [d]erives independent economic value, actual or 19 potential, from not being generally known to the public or to other persons who can obtain 20 economic value from its disclosure or use; and (2) [i]s the subject of efforts that are reasonable 21 under the circumstances to maintain its secrecy.’” Id. at 779-80 (quoting Cal. Civ. Code § 22 3426.1(d)). In its papers, Sophos contends that it is entitled to summary judgment on Fortinet’s trade 23 24 secret misappropriation claim for the following reasons: 25 (1) secret”; 26 27 28 “Fortinet has not identified any information that constitutes a legally protectable trade (2) “Fortinet has not proven that its purported trade secrets . . . were the subject of efforts that are reasonable under the circumstances to maintain their secrecy”; 2 1 (3) readily ascertainable”; 2 3 (4) (5) “Fortinet has not proven it suffered any actual loss from any alleged misappropriation, or that Sophos was unjustly enriched as a result of any alleged misappropriation.” 6 7 “Fortinet has not proven that Sophos misappropriated any alleged Fortinet trade secret through ‘improper means’”; and 4 5 “Fortinet [has] failed to show that its purported trade secrets are not generally known or Mot. at 4, 14. The Court finds that there are genuine disputes of material fact on issues (2)-(5) such that 8 Calandrino, provides enough information such that a reasonable jury could find in Fortinet’s favor. 11 On issue (3), Sophos has not pointed to any document claimed by Fortinet as a trade secret in this 12 For the Northern District of California summary judgment is not proper. For example, on issue (2), the report of Fortinet’s expert, Joseph 10 United States District Court 9 case that is publicly accessible through a Google search. Also, Fortinet is not claiming “retail 13 prices” or “discounted prices” as trade secrets; rather, Fortinet’s trade secret disclosure refers to 14 “[c]onfidential price lists on per-product and top-selling bases,” including certain specific 15 documents identified by Bates number. As for issue (4), the report of Fortinet’s expert, Aaron 16 Read, creates a genuine dispute of material fact as to whether there were more than just the three 17 instances of access and use, as contended by Sophos. On issue (5), Fortinet’s expert, Patrick 18 Kennedy, has detailed at least some damages evidence (e.g., unjust enrichment of Sophos). Where the summary judgment motion is more complicated is with respect to issue (1). As 19 20 Sophos points out, California Code of Civil Procedure § 2019.210 provides that, “[i]n any action 21 alleging the misappropriation of a trade secret . . . , before commencing discovery relating to the 22 trade secret, the party alleging the misappropriation shall identify the trade secret with reasonable 23 particularity.” Cal. Code Civ. Proc. § 2019.210. Although Judge Grewal found that Fortinet 24 failed to meet this reasonable particularity requirement in a different case 1 (involving a 25 substantially similar trade secret disclosure), the Court does not find Judge Grewal’s decision 26 dispositive, particularly because, there, the issue of the adequacy of the trade secret disclosure 27 28 1 See Fortinet Inc. v. FireEye Inc., No. C-13-2496 HSG (N.D. Cal.). 3 1 arose at a completely different stage in the proceedings. Discovery had not even commenced, and 2 the transcript makes clear that Judge Grewal was particularly concerned that Fortinet might be 3 engaging in a fishing expedition. Here, Sophos has already accepted Fortinet’s trade secret 4 disclosure for discovery purposes; thus, the primary question for the Court is whether the trade 5 secret disclosure is sufficiently specific such that Sophos can adequately defend itself. See 6 Advanced Modular Sputtering Inc. v. Sup. Ct., 132 Cal. App. 4th 826, 833-34 (2005) (discussing 7 purposes underlying § 2019.210 disclosure, one of which is that the disclosure “‘enables 8 defendants to form complete and well-reasoned defenses, ensuring that they need not wait until the 9 eve of trial to effectively defend against charges of trade secret misappropriation’”). 2 Although parts of Fortinet’s trade secret disclosure appear sufficiently specific, other parts 10 are phrased more broadly and open ended, e.g., where Sophos has used looser terminology such as 12 For the Northern District of California United States District Court 11 “includes the following” or “including.” Because of the need for Sophos to have a sufficient 13 understanding of the trade secrets in order to defend at trial, the Court pressed Fortinet, at the 14 hearing, as to how exactly it intended to try its trade secret misappropriation claim. Fortinet 15 explained that it would identify specific documents as trade secrets for the jury’s consideration. 16 Fortinet then proposed, as a case management matter, that it could provide to Sophos, in advance 17 of trial, an exhibit list identifying those documents. Fortinet noted that it could do so on an 18 accelerated basis. 19 As Fortinet’s proposal would serve the purpose of § 2019.210 identified above, the Court 20 essentially adopted the proposal and ordered Fortinet to file and serve, by October 22, 2015, a list 21 of the documents it intends to present as trade secrets to the jury. For each document, Fortinet 22 2 23 24 25 26 27 28 The three other purposes underlying the disclosure requirement in § 2019.210 have been described as follows: “First, it promotes well-investigated claims and dissuades the filing of meritless trade secret complaints. Second, it prevents plaintiffs from using the discovery process as a means to obtain the defendant’s trade secrets. Third, the rule assists the court in framing the appropriate scope of discovery and in determining whether plaintiff’s discovery requests fall within that scope.” Advanced Modular, 132 Cal. App. 4th at 833-34. Because the instant case is well past discovery, and is nearing trial, these purposes are no longer in play here. 4 1 shall also identify which category/subcategory from the trade secret disclosure is applicable. For 2 any document where Fortinet is claiming less than the entire document as the trade secret, Fortinet 3 shall provide a copy of the document to Sophos with the portions that constitute the trade secrets 4 highlighted for Sophos’s review. If Sophos has any objections to the adequacy of the 5 identification, it shall raise those objections as part of the pretrial filings (e.g., as part of a motion 6 in limine). In light of the Court’s rulings herein, Sophos’s motion for summary judgment on the trade 7 8 secret misappropriation claim is hereby denied. 9 C. Arbitration Valentine and Mr. Clark, see Docket No. 45 (civil minutes), and the arbitration took place in 12 For the Northern District of California In or about March 2014, the parties stipulated to arbitration of the claims against Mr. 11 United States District Court 10 November 2014, with a final award issuing on March 10, 2015. See Mot. at 2. The arbitrator 13 found in favor of Mr. Clark as to all claims asserted against him but found in part against Mr. 14 Valentine. See Cunningham Decl., Ex. 31 (Award at 19). 3 In its motion, Sophos now asks the 15 Court to grant Mr. Valentine and Mr. Clark summary judgment on all claims asserted against them 16 “under the doctrine of res judicata because they either were or could have been fully adjudicated 17 in the JAMS arbitration.” Mot. at 21. Because Fortinet has recently refiled its arbitration claims against the individual 18 19 defendants, any motion for summary judgment based on res judicata is premature. Furthermore, it 20 is not clear whether at some point, a motion to confirm the arbitration award or to dismiss might 21 be more appropriate. In any event, the individual defendants’ motion for summary judgment on 22 all claims asserted against them is denied. 23 D. Marking of Patented Products 35 U.S.C. § 287 provides as follows: 24 25 Patentees, and persons making, offering for sale, or selling within the United States any patented article for or under them, . . . may 26 27 3 28 Although the arbitration award has been filed under seal, the Court finds no need to seal this specific information related to the arbitration award. 5 give notice to the public that the same is patented, either by fixing thereon the word “patent” or the abbreviation “pat.”, together with the number of the patent, or by fixing thereon the word “patent” or the abbreviation “pat.” together with an address of a posting on the Internet, accessible to the public without charge for accessing the address, that associates the patented article with the number of the patent, or when, from the character of the article, this cannot be done, by fixing to it, or to the package wherein one or more of them is contained, a label containing a like notice. In the event of failure so to mark, no damages shall be recovered by the patentee in any action for infringement, except on proof that the infringer was notified of the infringement and continued to infringe thereafter, in which event damages may be recovered only for infringement occurring after such notice. Filing of an action for infringement shall constitute such notice. 1 2 3 4 5 6 7 8 9 10 35 U.S.C. § 287(a). Relying on § 287, Sophos argues that, in the case at bar, there are Fortinet products that practice inventions claimed in two of the six Fortinet patents at issue (i.e., the ‘430 patent and the 12 For the Northern District of California United States District Court 11 ‘125 patent), but Fortinet failed to mark those products; therefore, Fortinet is not entitled to pre- 13 suit damages thereon. 14 In evaluating this issue, the Court bears in mind that, “[a]s the patentee, [Fortinet has] the 15 burden of pleading and proving at trial that [it] complied with the statutory requirements [of § 16 287].” Maxwell v. J. Baker, Inc., 86 F.3d 1098, 1111 (Fed. Cir. 1996). That is, Fortinet has 17 “‘[t]he duty of alleging, and the burden of proving, either [actual notice or constructive notice].” 18 Id. In a case from 1894, the Supreme Court explained the rationale behind placing this burden on 19 the patentee: 20 21 22 23 24 25 Whether his patented articles have been duly marked or not is a matter peculiarly within his own knowledge; and if they are not duly marked, the statute expressly puts upon him the burden of proving the notice to the infringers, because he can charge them in damages. By the elementary principles of pleading, therefore, the duty of alleging, and the burden of proving, either of these facts is upon the plaintiff. Dunlap v. Schofield, 152 U.S. 244, 248 (1894). The above, however, addresses only the matter of notice. It does not specifically address 26 who has the burden of proof in terms of whether the patentee’s product practices the claimed 27 invention in the first place. Not surprisingly, in its opposition, Fortinet contends that Sophos – as 28 the accused infringer – has the obligation to show that Fortinet’s products practice the claimed 6 1 inventions. But contrary to what Fortinet suggests, no court has appeared to hold that the accused 2 infringer has the burden of persuasion on this specific issue. At best, there are cases holding that 3 the accused infringer has the burden of production. 4 For example, that is what Judge Grewal held in Sealant Systems International, Inc. v. TEK 5 Global S.R.L., No. 5:11-cv-00774 PSG, 2014 U.S. Dist. LEXIS 31528 (N.D. Cal. Mar. 7, 2014). 6 In Sealant Systems, Judge Grewal acknowledged that there was split of authority as to “who bears 7 the burden of satisfying the marking requirement where it is disputed whether a patentee has ever 8 made, offered for sale, sold or imported the patented product within the United States.” Id. at 9 *109. Some courts put the burden on the patentee, premised on the rationale “that the patentee’s principle that underlies United States Supreme Court case law interpreting Section 287(a) going 12 For the Northern District of California compliance with the marking statute is peculiarly within his own knowledge, a foundational 11 United States District Court 10 all the way back to Dunlap v. Schofield.” Id. at *110 n.221 (internal quotation marks omitted) 13 (citing district court cases from Texas, Pennsylvania, Virginia, and California); see also Adrea, 14 LLC v. Barnes & Noble, Inc., No. 13-cv-4137(JSR), 2015 U.S. Dist. LEXIS 100312, at *4-5 15 (S.D.N.Y. July 24, 2015) (acknowledging some case law to the contrary but finding that that “rule 16 would improperly shift the burden to the accused infringer”). But “[o]ther courts take a narrower 17 view, holding that the accused infringer must first come forward with proof that the patentee sold 18 or offered for sale a patented product . . . and only upon that threshold showing does the burden 19 shift to the patentee to show compliance with the marking statute.” Sealant, 2014 U.S. Dist. 20 LEXIS 31528, at *11 n.223 (internal quotation marks omitted) (citing district court cases from 21 Louisiana and California). 22 23 24 25 26 27 28 After acknowledging the split in authority, Judge Grewal found that he agreed with the narrower view: In this case, TEK [the accused infringer] has not produced sufficient evidence that AMI [the patent holder] or its predecessor-in-interest triggered the obligations housed within the marking statute. AMI thus did not have to comply with Section 287. It would be an odd result to require AMI to bear the burden to show that its predecessor-in-interest either did not sell any product embodying the patent or, if it did, it complied with the marking statute. Absent guidance from the other side as to which specific 7 products are alleged to have been sold in contravention of the marking requirement, a patentee like AMI is left to guess exactly what it must prove up to establish compliance with the marking statute. Without some notice of what marketed products may practice the invention, AMI’s universe of products for which it would have to establish compliance with, or inapplicability of, the marking statute would be unbounded. TEK therefore bore the initial burden to put AMI on notice that IDQ may have sold specific products practicing the ‘581 patent. Only then would the question of whether those products were properly marked be implicated. 1 2 3 4 5 6 7 Id. at 115-16; accord Golden Bridge Tech. Inc. v. Apple Inc., No. 5:12-cv-04882-PSG, 2014 U.S. 8 Dist. LEXIS 67238 (N.D. Cal. May 14, 2014). The Court finds Judge Grewal’s reasoning persuasive. Accordingly, it shall place the 9 claimed. If Sophos meets that burden, then the burden of persuasion shall shift to Fortinet to show 12 For the Northern District of California burden of production on Sophos to identify the Fortinet products it believes practice the inventions 11 United States District Court 10 that its products do not practice the inventions claimed. Notably, in its opening motion, Sophos argued that “Fortinet’s 5000-series FortiGate 13 14 appliances practice claims 14-15, 25-27, and ‘39 of the ‘430 patent, and . . . Fortinet’s FortiGate 15 appliances with software version 5.2 [which] practice claims 3 and 5 of the ‘125 patent.” Mot. at 16 24. But after Fortinet pointed out that those versions of its products were not released until after 17 this suit was initiated (thus making pre-suit damages a moot point), Sophos contended that there 18 were product versions that did in fact pre-date this litigation. More specifically, Sophos relied on 19 a report from one of its experts, Aaron Striegel, in which he stated: (1) “any multi-core or multi- 20 processor FortiGate running FortiOS 2.8 or later practices all limitations of claim 26 of the ‘430 21 Patent” and (2) “FortiOS-based products dating back to at least FortiOS 2.8 and including 22 currently marketed FortiGate products running FortiOS 5.2 practice Claim 3 and Claim 5 of the 23 ‘125 patent.” Cunningham Decl., Ex. 34 (Striegel Report ¶¶ 123, 147). 4 The Court does not condone the fact that Sophos did not bring up these earlier Fortinet 24 25 products until its reply brief. That being said, Fortinet had the Striegel report on hand before the 26 summary judgment papers were filed and therefore Sophos’s assertion in its reply cannot be a 27 4 28 Although the Striegel report has been filed under seal, the Court does not find it necessary to seal the specific excerpts of the report quoted above. 8 1 surprise. Of course, the Court also takes into account that Dr. Striegel has opined only as to claim 2 26 of the ‘430 patent and claims 3 and 5 of the ‘125 patent. Therefore, if Sophos is entitled to 3 summary judgment here, it would be on these three claims only, and nothing more. Fortinet contends that even summary judgment on these three claims is unwarranted 4 elements of the claimed inventions. According to Fortinet, Sophos has failed to offer any 7 nonconclusory evidence as to (1) “how any of Fortinet’s products include the required limitation 8 of ‘based at least in part on a quantity of the worker modules’ for the ‘430 claims” 5 and (2) “how 9 any of Fortinet’s products use a ‘result of the flow-based packet classification to retrieve an entry 10 of a plurality of entries of the flow cache’” for the ‘125 patent. 6 Opp’n at 25 (citing, inter alia, ¶¶ 11 63-65 of the Striegel report for the ‘430 patent and ¶¶ 172-76 of the Striegel report for the ‘125 12 For the Northern District of California because Dr. Striegel has failed to sufficiently explain how Fortinet’s products practice each of the 6 United States District Court 5 patent). With respect to the ‘430 patent, the language “based at least in part on a quantity of the 13 14 worker modules” comes from claims 14 and 15. See note 5, supra. But as noted above, Dr. 15 Striegel has pointed to a pre-litigation Fortinet product only for claim 26 of the ‘430 patent, and 16 nothing more. See Cunningham Decl., Ex. 34 (Striegel Report ¶ 123) (claiming that “any multi- 17 core or multi-processor FortiGate running FortiOS 2.8 or later practices all limitations of claim 26 18 of the ‘430 Patent”). Fortinet has not pointed to any deficiency with Dr. Striegel’s analysis of 19 20 21 22 23 24 25 26 27 28 5 See, e.g., ‘430 patent, claim 14 (claiming “[a] system for processing network traffic data, comprising: means for receiving network traffic data; and means for passing the network traffic data to one of a plurality of worker modules for processing the network traffic data; wherein the means for passing is configured to perform the step of passing based at least in part on a quantity of the worker modules . . . .”) (emphasis added). 6 See, e.g., ‘125 patent, claim 3 (claiming “[an] article of manufacture comprising a computerreadable medium encoded with one or more computer programs, which when executed by one or more processors of a virtual router (VR)-based network device cause the one or more processors to perform a method comprising: establishing a flow cache having a plurality of entries each identifying one of a plurality of VR flows through the VR-based network device and corresponding forwarding state information; receiving a packet at an input port of a line interface module of the VR-based network device; the line interface module forwarding the packet to a virtual routing engine (VRE); the VRS determining one or more appropriate packet transformations for application to the packet by performing flow-based packet classification on the packet; using a result of the flow-based packet classification to retrieve an entry of a plurality of entries of the flow cache . . . .”) (emphasis added). 9 1 2 claim 26. As for the ‘125 patent, the Court finds that Dr. Striegel’s analysis at ¶¶ 172-76 of his expert 3 report is not too conclusory – especially as at this point Sophos has only a burden of production, 4 not the burden of persuasion. Compare, e.g., ‘125 patent, claim 3 (“using a result of the flow- 5 based packet classification to retrieve an entry of a plurality of entries of the flow cache”), with 6 Cunningham Decl., Ex. 34 (Striegel Report ¶ 176) 7 8 Fortinet’s FortiOS 2.8 practices the inventions claimed in claim 26 of the ‘430 patent and claims 3 11 and 5 of the ‘125 patent. That being the case, then it becomes Fortinet’s burden of persuasion to 12 For the Northern District of California Accordingly, the Court concludes that Sophos has met its burden of production that 10 United States District Court 9 show either that the product does not practice the inventions claimed or that it has given actual or 13 constructive notice that the products practice the invention claimed. Because Fortinet has not 14 introduced any evidence on these points, the Court grants Sophos summary judgment on these 15 limited three claims as to pre-suit damages. II. 16 17 CONCLUSION For the foregoing reasons, the Court denies Sophos’s motion for summary judgment on the 18 trade secret misappropriation claim and on the claims against the individual defendants. The 19 Court, however, grants summary judgment to Sophos as to no pre-suit damages for claim 26 of the 20 ‘430 patent and claims 3 and 5 of the ‘125 patent. 21 This order disposes of Docket No. 215. 22 23 IT IS SO ORDERED. 24 25 26 27 Dated: October 14, 2015 ______________________________________ EDWARD M. CHEN United States District Judge 28 10

Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.

Why Is My Information Online?