Fortinet, Inc. v. Sophos, Inc. et al
Filing
289
ORDER by Judge Edward M. Chen Granting in Part and Denying in Part 215 Defendants' Motion for Summary Judgment (PUBLIC/REDACTED VERSION OF ORDER). (emcsec, COURT STAFF) (Filed on 10/14/2015)
1
2
3
4
UNITED STATES DISTRICT COURT
5
NORTHERN DISTRICT OF CALIFORNIA
6
7
FORTINET, INC.,
Plaintiff,
8
v.
9
10
SOPHOS, INC., et al.,
Defendants.
11
ORDER GRANTING IN PART AND
DENYING IN PART DEFENDANTS’
MOTION FOR SUMMARY JUDGMENT
Docket No. 215
12
For the Northern District of California
United States District Court
Case No. 13-cv-05831-EMC
Plaintiff Fortinet, Inc. has filed suit against Defendants Sophos, Inc. and two of its officers,
13
14
Michael Valentine and Jason Clark, both of whom left employment with Fortinet to work for
15
Sophos. In the operative first amended complaint (“FAC”), see Docket No. 9 (FAC), Fortinet has
16
asserted a variety of claims against Defendants, including patent infringement, trade secret
17
misappropriation, breach of contract, and breach of fiduciary duty. The parties agreed that all
18
claims involving the individual defendants would be arbitrated. Currently pending before the
19
Court is Defendants’ motion for summary judgment, which addresses (1) the trade secret
20
misappropriation claim (against Sophos), (2) all claims against the individual defendants, and (3)
21
part of the patent infringement claims (against Sophos).
22
Having considered the parties’ briefs and accompanying submissions, as well as the oral
23
argument of counsel, the Court hereby GRANTS in part and DENIES in part Sophos’s motion.
I. DISCUSSION
24
25
26
A.
Legal Standard
Under Federal Rule of Civil Procedure 56(a), a party may seek summary judgment on a
27
claim or even part of a claim. “The court shall grant summary judgment if the movant shows that
28
there is no genuine dispute as to any material fact and the movant is entitled to judgment as a
1
matter of law.” Fed. R. Civ. P. 56(a). As indicated by the language of the rule, “[t]he moving
2
party has the burden of establishing the absence of a genuine dispute of material fact. The court
3
must view the evidence in the light most favorable to the non-movant and draw all reasonable
4
inferences in the non-movant’s favor.” City of Pomona v. SQM N. Am. Corp., 750 F.3d 1036,
5
1049-50 (9th Cir. 2014). “‘Where the record taken as a whole could not lead a rational trier of fact
6
to find for the nonmoving party, there is no genuine issue for trial.’” Id.
Where the plaintiff ultimately bears the burden of proof, the defendant may prevail on a
7
8
motion for summary judgment by pointing to the plaintiff’s failure “to make a showing sufficient
9
to establish the existence of an element essential to [the plaintiff’s] case.” Celotex Corp. v.
Catrett, 477 U.S. 317, 322 (1986).
11
B.
Trade Secret Misappropriation
As noted above, one of the claims asserted by Fortinet against Sophos is a claim for trade
12
For the Northern District of California
United States District Court
10
13
secret misappropriation. Under the California Uniform Trade Secrets Act (“CUTSA”), a plaintiff
14
asserting trade secret misappropriation has the burden of establishing the following: “‘(1) the
15
plaintiff owned a trade secret, (2) the defendant acquired, disclosed, or used the plaintiff’s trade
16
secret through improper means, and (3) the defendant’s actions damaged the plaintiff.’” Language
17
Line Servs. v. Language Servs. Assocs., 944 F. Supp. 2d 775, 779 (N.D. Cal. 2013). “[A] ‘trade
18
secret’ is defined to include information that ‘(1) [d]erives independent economic value, actual or
19
potential, from not being generally known to the public or to other persons who can obtain
20
economic value from its disclosure or use; and (2) [i]s the subject of efforts that are reasonable
21
under the circumstances to maintain its secrecy.’” Id. at 779-80 (quoting Cal. Civ. Code §
22
3426.1(d)).
In its papers, Sophos contends that it is entitled to summary judgment on Fortinet’s trade
23
24
secret misappropriation claim for the following reasons:
25
(1)
secret”;
26
27
28
“Fortinet has not identified any information that constitutes a legally protectable trade
(2)
“Fortinet has not proven that its purported trade secrets . . . were the subject of efforts that
are reasonable under the circumstances to maintain their secrecy”;
2
1
(3)
readily ascertainable”;
2
3
(4)
(5)
“Fortinet has not proven it suffered any actual loss from any alleged misappropriation, or
that Sophos was unjustly enriched as a result of any alleged misappropriation.”
6
7
“Fortinet has not proven that Sophos misappropriated any alleged Fortinet trade secret
through ‘improper means’”; and
4
5
“Fortinet [has] failed to show that its purported trade secrets are not generally known or
Mot. at 4, 14.
The Court finds that there are genuine disputes of material fact on issues (2)-(5) such that
8
Calandrino, provides enough information such that a reasonable jury could find in Fortinet’s favor.
11
On issue (3), Sophos has not pointed to any document claimed by Fortinet as a trade secret in this
12
For the Northern District of California
summary judgment is not proper. For example, on issue (2), the report of Fortinet’s expert, Joseph
10
United States District Court
9
case that is publicly accessible through a Google search. Also, Fortinet is not claiming “retail
13
prices” or “discounted prices” as trade secrets; rather, Fortinet’s trade secret disclosure refers to
14
“[c]onfidential price lists on per-product and top-selling bases,” including certain specific
15
documents identified by Bates number. As for issue (4), the report of Fortinet’s expert, Aaron
16
Read, creates a genuine dispute of material fact as to whether there were more than just the three
17
instances of access and use, as contended by Sophos. On issue (5), Fortinet’s expert, Patrick
18
Kennedy, has detailed at least some damages evidence (e.g., unjust enrichment of Sophos).
Where the summary judgment motion is more complicated is with respect to issue (1). As
19
20
Sophos points out, California Code of Civil Procedure § 2019.210 provides that, “[i]n any action
21
alleging the misappropriation of a trade secret . . . , before commencing discovery relating to the
22
trade secret, the party alleging the misappropriation shall identify the trade secret with reasonable
23
particularity.” Cal. Code Civ. Proc. § 2019.210. Although Judge Grewal found that Fortinet
24
failed to meet this reasonable particularity requirement in a different case 1 (involving a
25
substantially similar trade secret disclosure), the Court does not find Judge Grewal’s decision
26
dispositive, particularly because, there, the issue of the adequacy of the trade secret disclosure
27
28
1
See Fortinet Inc. v. FireEye Inc., No. C-13-2496 HSG (N.D. Cal.).
3
1
arose at a completely different stage in the proceedings. Discovery had not even commenced, and
2
the transcript makes clear that Judge Grewal was particularly concerned that Fortinet might be
3
engaging in a fishing expedition. Here, Sophos has already accepted Fortinet’s trade secret
4
disclosure for discovery purposes; thus, the primary question for the Court is whether the trade
5
secret disclosure is sufficiently specific such that Sophos can adequately defend itself. See
6
Advanced Modular Sputtering Inc. v. Sup. Ct., 132 Cal. App. 4th 826, 833-34 (2005) (discussing
7
purposes underlying § 2019.210 disclosure, one of which is that the disclosure “‘enables
8
defendants to form complete and well-reasoned defenses, ensuring that they need not wait until the
9
eve of trial to effectively defend against charges of trade secret misappropriation’”). 2
Although parts of Fortinet’s trade secret disclosure appear sufficiently specific, other parts
10
are phrased more broadly and open ended, e.g., where Sophos has used looser terminology such as
12
For the Northern District of California
United States District Court
11
“includes the following” or “including.” Because of the need for Sophos to have a sufficient
13
understanding of the trade secrets in order to defend at trial, the Court pressed Fortinet, at the
14
hearing, as to how exactly it intended to try its trade secret misappropriation claim. Fortinet
15
explained that it would identify specific documents as trade secrets for the jury’s consideration.
16
Fortinet then proposed, as a case management matter, that it could provide to Sophos, in advance
17
of trial, an exhibit list identifying those documents. Fortinet noted that it could do so on an
18
accelerated basis.
19
As Fortinet’s proposal would serve the purpose of § 2019.210 identified above, the Court
20
essentially adopted the proposal and ordered Fortinet to file and serve, by October 22, 2015, a list
21
of the documents it intends to present as trade secrets to the jury. For each document, Fortinet
22
2
23
24
25
26
27
28
The three other purposes underlying the disclosure requirement in § 2019.210 have been
described as follows:
“First, it promotes well-investigated claims and dissuades the filing
of meritless trade secret complaints. Second, it prevents plaintiffs
from using the discovery process as a means to obtain the
defendant’s trade secrets. Third, the rule assists the court in framing
the appropriate scope of discovery and in determining whether
plaintiff’s discovery requests fall within that scope.”
Advanced Modular, 132 Cal. App. 4th at 833-34. Because the instant case is well past discovery,
and is nearing trial, these purposes are no longer in play here.
4
1
shall also identify which category/subcategory from the trade secret disclosure is applicable. For
2
any document where Fortinet is claiming less than the entire document as the trade secret, Fortinet
3
shall provide a copy of the document to Sophos with the portions that constitute the trade secrets
4
highlighted for Sophos’s review. If Sophos has any objections to the adequacy of the
5
identification, it shall raise those objections as part of the pretrial filings (e.g., as part of a motion
6
in limine).
In light of the Court’s rulings herein, Sophos’s motion for summary judgment on the trade
7
8
secret misappropriation claim is hereby denied.
9
C.
Arbitration
Valentine and Mr. Clark, see Docket No. 45 (civil minutes), and the arbitration took place in
12
For the Northern District of California
In or about March 2014, the parties stipulated to arbitration of the claims against Mr.
11
United States District Court
10
November 2014, with a final award issuing on March 10, 2015. See Mot. at 2. The arbitrator
13
found in favor of Mr. Clark as to all claims asserted against him but found in part against Mr.
14
Valentine. See Cunningham Decl., Ex. 31 (Award at 19). 3 In its motion, Sophos now asks the
15
Court to grant Mr. Valentine and Mr. Clark summary judgment on all claims asserted against them
16
“under the doctrine of res judicata because they either were or could have been fully adjudicated
17
in the JAMS arbitration.” Mot. at 21.
Because Fortinet has recently refiled its arbitration claims against the individual
18
19
defendants, any motion for summary judgment based on res judicata is premature. Furthermore, it
20
is not clear whether at some point, a motion to confirm the arbitration award or to dismiss might
21
be more appropriate. In any event, the individual defendants’ motion for summary judgment on
22
all claims asserted against them is denied.
23
D.
Marking of Patented Products
35 U.S.C. § 287 provides as follows:
24
25
Patentees, and persons making, offering for sale, or selling within
the United States any patented article for or under them, . . . may
26
27
3
28
Although the arbitration award has been filed under seal, the Court finds no need to seal this
specific information related to the arbitration award.
5
give notice to the public that the same is patented, either by fixing
thereon the word “patent” or the abbreviation “pat.”, together with
the number of the patent, or by fixing thereon the word “patent” or
the abbreviation “pat.” together with an address of a posting on the
Internet, accessible to the public without charge for accessing the
address, that associates the patented article with the number of the
patent, or when, from the character of the article, this cannot be
done, by fixing to it, or to the package wherein one or more of them
is contained, a label containing a like notice. In the event of failure
so to mark, no damages shall be recovered by the patentee in any
action for infringement, except on proof that the infringer was
notified of the infringement and continued to infringe thereafter, in
which event damages may be recovered only for infringement
occurring after such notice. Filing of an action for infringement
shall constitute such notice.
1
2
3
4
5
6
7
8
9
10
35 U.S.C. § 287(a).
Relying on § 287, Sophos argues that, in the case at bar, there are Fortinet products that
practice inventions claimed in two of the six Fortinet patents at issue (i.e., the ‘430 patent and the
12
For the Northern District of California
United States District Court
11
‘125 patent), but Fortinet failed to mark those products; therefore, Fortinet is not entitled to pre-
13
suit damages thereon.
14
In evaluating this issue, the Court bears in mind that, “[a]s the patentee, [Fortinet has] the
15
burden of pleading and proving at trial that [it] complied with the statutory requirements [of §
16
287].” Maxwell v. J. Baker, Inc., 86 F.3d 1098, 1111 (Fed. Cir. 1996). That is, Fortinet has
17
“‘[t]he duty of alleging, and the burden of proving, either [actual notice or constructive notice].”
18
Id. In a case from 1894, the Supreme Court explained the rationale behind placing this burden on
19
the patentee:
20
21
22
23
24
25
Whether his patented articles have been duly marked or not is a
matter peculiarly within his own knowledge; and if they are not duly
marked, the statute expressly puts upon him the burden of proving
the notice to the infringers, because he can charge them in damages.
By the elementary principles of pleading, therefore, the duty of
alleging, and the burden of proving, either of these facts is upon the
plaintiff.
Dunlap v. Schofield, 152 U.S. 244, 248 (1894).
The above, however, addresses only the matter of notice. It does not specifically address
26
who has the burden of proof in terms of whether the patentee’s product practices the claimed
27
invention in the first place. Not surprisingly, in its opposition, Fortinet contends that Sophos – as
28
the accused infringer – has the obligation to show that Fortinet’s products practice the claimed
6
1
inventions. But contrary to what Fortinet suggests, no court has appeared to hold that the accused
2
infringer has the burden of persuasion on this specific issue. At best, there are cases holding that
3
the accused infringer has the burden of production.
4
For example, that is what Judge Grewal held in Sealant Systems International, Inc. v. TEK
5
Global S.R.L., No. 5:11-cv-00774 PSG, 2014 U.S. Dist. LEXIS 31528 (N.D. Cal. Mar. 7, 2014).
6
In Sealant Systems, Judge Grewal acknowledged that there was split of authority as to “who bears
7
the burden of satisfying the marking requirement where it is disputed whether a patentee has ever
8
made, offered for sale, sold or imported the patented product within the United States.” Id. at
9
*109. Some courts put the burden on the patentee, premised on the rationale “that the patentee’s
principle that underlies United States Supreme Court case law interpreting Section 287(a) going
12
For the Northern District of California
compliance with the marking statute is peculiarly within his own knowledge, a foundational
11
United States District Court
10
all the way back to Dunlap v. Schofield.” Id. at *110 n.221 (internal quotation marks omitted)
13
(citing district court cases from Texas, Pennsylvania, Virginia, and California); see also Adrea,
14
LLC v. Barnes & Noble, Inc., No. 13-cv-4137(JSR), 2015 U.S. Dist. LEXIS 100312, at *4-5
15
(S.D.N.Y. July 24, 2015) (acknowledging some case law to the contrary but finding that that “rule
16
would improperly shift the burden to the accused infringer”). But “[o]ther courts take a narrower
17
view, holding that the accused infringer must first come forward with proof that the patentee sold
18
or offered for sale a patented product . . . and only upon that threshold showing does the burden
19
shift to the patentee to show compliance with the marking statute.” Sealant, 2014 U.S. Dist.
20
LEXIS 31528, at *11 n.223 (internal quotation marks omitted) (citing district court cases from
21
Louisiana and California).
22
23
24
25
26
27
28
After acknowledging the split in authority, Judge Grewal found that he agreed with the
narrower view:
In this case, TEK [the accused infringer] has not produced sufficient
evidence that AMI [the patent holder] or its predecessor-in-interest
triggered the obligations housed within the marking statute. AMI
thus did not have to comply with Section 287.
It would be an odd result to require AMI to bear the burden to show
that its predecessor-in-interest either did not sell any product
embodying the patent or, if it did, it complied with the marking
statute. Absent guidance from the other side as to which specific
7
products are alleged to have been sold in contravention of the
marking requirement, a patentee like AMI is left to guess exactly
what it must prove up to establish compliance with the marking
statute. Without some notice of what marketed products may
practice the invention, AMI’s universe of products for which it
would have to establish compliance with, or inapplicability of, the
marking statute would be unbounded. TEK therefore bore the initial
burden to put AMI on notice that IDQ may have sold specific
products practicing the ‘581 patent. Only then would the question
of whether those products were properly marked be implicated.
1
2
3
4
5
6
7
Id. at 115-16; accord Golden Bridge Tech. Inc. v. Apple Inc., No. 5:12-cv-04882-PSG, 2014 U.S.
8
Dist. LEXIS 67238 (N.D. Cal. May 14, 2014).
The Court finds Judge Grewal’s reasoning persuasive. Accordingly, it shall place the
9
claimed. If Sophos meets that burden, then the burden of persuasion shall shift to Fortinet to show
12
For the Northern District of California
burden of production on Sophos to identify the Fortinet products it believes practice the inventions
11
United States District Court
10
that its products do not practice the inventions claimed.
Notably, in its opening motion, Sophos argued that “Fortinet’s 5000-series FortiGate
13
14
appliances practice claims 14-15, 25-27, and ‘39 of the ‘430 patent, and . . . Fortinet’s FortiGate
15
appliances with software version 5.2 [which] practice claims 3 and 5 of the ‘125 patent.” Mot. at
16
24. But after Fortinet pointed out that those versions of its products were not released until after
17
this suit was initiated (thus making pre-suit damages a moot point), Sophos contended that there
18
were product versions that did in fact pre-date this litigation. More specifically, Sophos relied on
19
a report from one of its experts, Aaron Striegel, in which he stated: (1) “any multi-core or multi-
20
processor FortiGate running FortiOS 2.8 or later practices all limitations of claim 26 of the ‘430
21
Patent” and (2) “FortiOS-based products dating back to at least FortiOS 2.8 and including
22
currently marketed FortiGate products running FortiOS 5.2 practice Claim 3 and Claim 5 of the
23
‘125 patent.” Cunningham Decl., Ex. 34 (Striegel Report ¶¶ 123, 147). 4
The Court does not condone the fact that Sophos did not bring up these earlier Fortinet
24
25
products until its reply brief. That being said, Fortinet had the Striegel report on hand before the
26
summary judgment papers were filed and therefore Sophos’s assertion in its reply cannot be a
27
4
28
Although the Striegel report has been filed under seal, the Court does not find it necessary to seal
the specific excerpts of the report quoted above.
8
1
surprise. Of course, the Court also takes into account that Dr. Striegel has opined only as to claim
2
26 of the ‘430 patent and claims 3 and 5 of the ‘125 patent. Therefore, if Sophos is entitled to
3
summary judgment here, it would be on these three claims only, and nothing more.
Fortinet contends that even summary judgment on these three claims is unwarranted
4
elements of the claimed inventions. According to Fortinet, Sophos has failed to offer any
7
nonconclusory evidence as to (1) “how any of Fortinet’s products include the required limitation
8
of ‘based at least in part on a quantity of the worker modules’ for the ‘430 claims” 5 and (2) “how
9
any of Fortinet’s products use a ‘result of the flow-based packet classification to retrieve an entry
10
of a plurality of entries of the flow cache’” for the ‘125 patent. 6 Opp’n at 25 (citing, inter alia, ¶¶
11
63-65 of the Striegel report for the ‘430 patent and ¶¶ 172-76 of the Striegel report for the ‘125
12
For the Northern District of California
because Dr. Striegel has failed to sufficiently explain how Fortinet’s products practice each of the
6
United States District Court
5
patent).
With respect to the ‘430 patent, the language “based at least in part on a quantity of the
13
14
worker modules” comes from claims 14 and 15. See note 5, supra. But as noted above, Dr.
15
Striegel has pointed to a pre-litigation Fortinet product only for claim 26 of the ‘430 patent, and
16
nothing more. See Cunningham Decl., Ex. 34 (Striegel Report ¶ 123) (claiming that “any multi-
17
core or multi-processor FortiGate running FortiOS 2.8 or later practices all limitations of claim 26
18
of the ‘430 Patent”). Fortinet has not pointed to any deficiency with Dr. Striegel’s analysis of
19
20
21
22
23
24
25
26
27
28
5
See, e.g., ‘430 patent, claim 14 (claiming “[a] system for processing network traffic data,
comprising: means for receiving network traffic data; and means for passing the network traffic
data to one of a plurality of worker modules for processing the network traffic data; wherein the
means for passing is configured to perform the step of passing based at least in part on a quantity
of the worker modules . . . .”) (emphasis added).
6
See, e.g., ‘125 patent, claim 3 (claiming “[an] article of manufacture comprising a computerreadable medium encoded with one or more computer programs, which when executed by one or
more processors of a virtual router (VR)-based network device cause the one or more processors
to perform a method comprising: establishing a flow cache having a plurality of entries each
identifying one of a plurality of VR flows through the VR-based network device and
corresponding forwarding state information; receiving a packet at an input port of a line interface
module of the VR-based network device; the line interface module forwarding the packet to a
virtual routing engine (VRE); the VRS determining one or more appropriate packet
transformations for application to the packet by performing flow-based packet classification on the
packet; using a result of the flow-based packet classification to retrieve an entry of a plurality of
entries of the flow cache . . . .”) (emphasis added).
9
1
2
claim 26.
As for the ‘125 patent, the Court finds that Dr. Striegel’s analysis at ¶¶ 172-76 of his expert
3
report is not too conclusory – especially as at this point Sophos has only a burden of production,
4
not the burden of persuasion. Compare, e.g., ‘125 patent, claim 3 (“using a result of the flow-
5
based packet classification to retrieve an entry of a plurality of entries of the flow cache”), with
6
Cunningham Decl., Ex. 34 (Striegel Report ¶ 176)
7
8
Fortinet’s FortiOS 2.8 practices the inventions claimed in claim 26 of the ‘430 patent and claims 3
11
and 5 of the ‘125 patent. That being the case, then it becomes Fortinet’s burden of persuasion to
12
For the Northern District of California
Accordingly, the Court concludes that Sophos has met its burden of production that
10
United States District Court
9
show either that the product does not practice the inventions claimed or that it has given actual or
13
constructive notice that the products practice the invention claimed. Because Fortinet has not
14
introduced any evidence on these points, the Court grants Sophos summary judgment on these
15
limited three claims as to pre-suit damages.
II.
16
17
CONCLUSION
For the foregoing reasons, the Court denies Sophos’s motion for summary judgment on the
18
trade secret misappropriation claim and on the claims against the individual defendants. The
19
Court, however, grants summary judgment to Sophos as to no pre-suit damages for claim 26 of the
20
‘430 patent and claims 3 and 5 of the ‘125 patent.
21
This order disposes of Docket No. 215.
22
23
IT IS SO ORDERED.
24
25
26
27
Dated: October 14, 2015
______________________________________
EDWARD M. CHEN
United States District Judge
28
10
Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.
Why Is My Information Online?