Flynn et al v. FCA US LLC et al
Filing
486
ORDER re 481 Discovery Dispute Conference. The Scheduling Order is AMENDED as follows: Discovery due by 8/9/2019., Dispositive Motions due by 8/23/2019. See order for additional dates and deadlines. Signed by Magistrate Judge Reona J. Daly on 4/18/2019. (nmf)
IN THE UNITED STATES DISTRICT COURT
FOR THE SOUTHERN DISTRICT OF ILLINOIS
BRIAN FLYNN, GEORGE BROWN,
KELLY BROWN, and MICHAEL KEITH,
on behalf of themselves and all others
similarly situated,
)
)
)
)
)
Plaintiffs,
)
)
v.
)
)
FCA US LLC, f/k/a Chrysler Group LLC and )
HARMAN INTERNATIONAL
)
)
INDUSTRIES, INC.,
)
Defendants.
)
Case No. 3:15-cv-855-SMY-RJD
ORDER
DALY, Magistrate Judge:
This is a class action in which Plaintiffs, owners and lessees of Chrysler vehicles, claim
there is a design flaw in the Uconnect system in certain Chrysler vehicles manufactured in 20132015. The Uconnect system, manufactured by Harman International Industries, Inc. (“Harman”),
is an infotainment system that allows integrated control over phone, navigation, and entertainment
functions in certain vehicles. Plaintiffs allege that the design and installation of the Uconnect
system makes it vulnerable to hackers seeking to take remote control of the affected vehicles, as
reported in a 2015 WIRED magazine article.
District Judge Reagan issued an order on Plaintiffs’ motion for class certification on July
5, 2018 (Doc. 399), certifying three classes of Plaintiffs on various consumer fraud and warranty
claims. On November 29, 2018, Judge Reagan entered an order allowing the parties to engage
in additional merits-based discovery. On March 5, 2019, this matter was reassigned to the
undersigned to address pre-trial and discovery matters and the Court was promptly made aware of
a pending discovery dispute.
Generally, Plaintiffs seek additional documents related to
Defendant FCA US LLC’s (“FCA”) penetration tests, cybersecurity risk assessments, and
consumer survey information. Plaintiff also contends that FCA’s responses to various contention
interrogatories are improper and ask that the Court order FCA to supplement the same. A
discovery dispute hearing was held on March 26, 2019. The Court sets forth its rulings as
follows.
DISCUSSION
I.
Document Production Issues
A. Penetration Tests and Related Communications
Plaintiffs seek documents related to penetration testing conducted by or for FCA, as well
as any communications related to the same. Plaintiffs contend they have only received some final
reports of certain penetration tests, but have not received others, including a test conducted by
Reply S.p.A. on the European version of the Uconnect, as well as a “whole vehicle” penetration
test conducted by Southwest Research (“SwRI”) in late 2015 or early 2016. Plaintiffs also assert
that FCA has produced few communications with the companies it hired to conduct its penetration
tests. Plaintiffs note that Harman produced some communications in which FCA was a party,
but FCA did not produce the same communications. Plaintiffs ask that FCA be ordered to
produce all penetration testing reports and communications regarding the same.
FCA asserts that the testing conducted on the European version of the Uconnect is in the
control of another, separate entity (EMEA) and it is not in possession of the same. FCA further
asserts that it produced a validation test conducted by Reply S.p.A. that included the findings from
the European report. More generally, FCA argues that it conduced a search with the applicable
ESI search terms, as well as a targeted search to obtain its penetration tests, but acknowledges that
Page 2 of 12
said search failed to identify the SwRI whole vehicle penetration test. FCA explains that this one
test was not produced because it was not prepared by a custodian identified in this case. In any
event, FCA asserts that Plaintiffs now have that test. With regard to communications related to
penetration testing, FCA explains that it would not anticipate significant back-and-forth between
itself and a pen tester. FCA also asserts that it conducted a search for the communications at
issue using the Court-ordered search terms and then it conducted both a privilege review and a
responsiveness review.
As a preliminary matter, the Court addresses the proper scope of discovery. The scope of
discovery is set forth in Rule 26(b)(1) of the Federal Rules of Civil Procedure. The current
language of the Rule provides:
Unless otherwise limited by court order, the scope of discovery is as follows:
Parties may obtain discovery regarding any nonprivileged matter that is relevant
to any party’s claim or defense and proportional to the needs of the case,
considering the importance of the issues at stake in the action, the amount in
controversy, the parties’ relative access to relevant information, the parties’
resources, the importance of the discovery in resolving the issues, and whether
the burden or expense of the proposed discovery outweighs its likely benefit.
Information within this scope of discovery need not be admissible in evidence
to be discoverable.
The Supreme Court has cautioned that the requirement under Rule 26(b)(1) that the
material sought in discovery be “relevant” should be firmly applied, and the district courts should
not neglect their power to restrict discovery where necessary. Herbert v. Lando, 441 U.S. 153,
177 (1979); see also Balderston v. Fairbanks Morse Engine Div. of Coltec Indus., 328 F.3d 309,
320 (7th Cir. 2003). However, “relevancy” for discovery purposes is construed broadly to
encompass matters that bear on, or reasonably could lead to other matters that could bear on, any
issue in the case. Oppenheimer Fund, Inc. v. Sanders, 437 U.S. 340, 351 (1978) (citing Hickman
v. Taylor, 329 U.S. 495, 501 (1947)). “Relevance is not inherent in any item of evidence, but
Page 3 of 12
exists only as a relation between an item of evidence and the matter properly provable in the case.”
Miller UK Ltd. v. Caterpillar, Inc., 17 F.Supp.3d 711, 722 (N.D. Ill. Jan. 6, 2014) (citation
omitted).
The penetration testing contemplated by Plaintiffs is relevant to the issues in this lawsuit
only insofar as they relate to, or address, the Uconnect system. Penetration testing beyond the
Uconnect system, including the “whole vehicle” penetration test conducted by SwRI, is not within
the relevant scope of this lawsuit. Although Plaintiffs posit that the relevancy of the “whole
vehicle” penetration test is “obvious” because it would likely examine vulnerabilities throughout
the Affected Vehicles “above and beyond those previously identified in the penetration tests that
were limited to only the Uconnect,” Plaintiffs fail to substantiate their contention. A review of
the Second Amended Class Action Complaint (Doc. 246), as well as District Judge Reagan’s Class
Certification Order (Doc. 399), focuses on alleged defects in the Uconnect system. Indeed, the
classes that Judge Reagan certified are defined as certain vehicles equipped with the Uconnect
8.4A or Uconnect 8.4AN systems, and the point of vulnerability identified by Plaintiffs is the
Uconnect system. Because Plaintiffs’ claims are premised on defects in the Uconnect system,
the Court is unable to discern how penetration testing beyond said system is relevant to the pending
claims and Plaintiffs have not met their obligation to convince the Court otherwise. See, e.g.,
Maui Jim, Inc. v. SmartBuy Guru Enterprises, No. 16-C-9788, 2018 WL 4356594, at *3 (N.D. Ill.
Sep. 12, 2018). Insofar as FCA represents that it has produced all penetration testing reports
within its control related to the Uconnect system, it is not required to supplement its production.
The Court next considers communications related to penetration testing. It appears there
are some documents that were produced by Harman that included FCA as a party, but were not
produced by FCA.
FCA acknowledges that once it conducted a search of custodians’
Page 4 of 12
communications using the court-approved search terms, it completed a privilege review and a
responsiveness review. Because it appears this review may have resulted in the omission of
certain documents that Plaintiff is entitled to under Rule 26, the Court ORDERS Defendant FCA
to provide any communications related to penetration testing identified through the use of the
designated search terms, limiting its withholding of communications to those in which it is
asserting privilege. The Court notes that any documents withheld on the basis of privilege should
be documented in a privilege log. Said supplementation shall be completed by May 3, 2019.
The Court notes that it will not revisit the search terms that the parties have used since the inception
of this lawsuit, or require FCA to conduct a search beyond the previously agreed-upon search
terms in regards to this issue, as Plaintiffs failed to notify the Court about any issue concerning the
same in a timely manner and, moreover, Plaintiffs have failed to articulate a particular inadequacy
with the agreed-upon terms in this instance. Notably, a review of the search terms demonstrates
that documents related to penetration testing were clearly within the scope of the same.
B. Cybersecurity Risk Assessments
Plaintiffs ask that FCA be ordered to provide its vehicle threat and risk assessments that it
maintains on a dedicated repository. At the hearing, FCA represented that counsel recently
discovered that such a repository exists, but was not sure if it contains any documents that have
not yet been produced. FCA represented that it would produce documents that had not yet been
produced, but indicated there is a dispute concerning the scope of relevant documents. Plaintiffs
posit that they are entitled to information concerning the Affected Vehicles and their components,
as well as any information concerning potential threats to any vehicles because there may be
something in common with the Affected Vehicles.
The Court is not convinced that the
appropriate scope should be threats to any vehicles. Said scope is not appropriately limited to
Page 5 of 12
the claims at issue in this lawsuit and the Court finds that production of such a wide breadth of
documents is not proportional to the needs of this case. However, FCA shall produce documents
discussing its risk and threat assessments related to the Affected Vehicles by May 3, 2019.
C. Meg Novacek Emails
Plaintiffs seek all communications of Meg Novacek leading up to the formation of FCA’s
Global Vehicle Cybersecurity Group (“GCVS”) in late 2014 until her departure from the company
in 2016. Plaintiffs explain that when they asked for a search of Ms. Novacek’s emails they agreed
to apply the same search terms that have been used in the course of this litigation because they did
not recognize what they now see to be deficiencies with the utilization of the terms. In support
of their request, Plaintiffs assert they have only received a total of 53 emails strings with Ms.
Novacek as the author. Plaintiffs contend the amount of emails received is clearly inadequate
and not representative of the amount of emails they would anticipate given Ms. Novacek’s role at
FCA.
Plaintiffs explain that she was the original supervisor of FCA’s GCVS, which was
responsible for cybersecurity; thus, Plaintiffs posit that Ms. Novacek was uniquely positioned
between the GCVS and management. Plaintiffs also note that she drafted presentations and
documents setting cybersecurity strategy.
FCA explained at the hearing that it produced 1,300 documents that were either to, from,
or included Ms. Novacek and reiterated that it applied the same ESI search terms to her emails as
were applied throughout this case.
The Court finds that Plaintiffs have based their request for another, broader search of Ms.
Novacek’s communications on mere speculation. Plaintiffs have not pointed to any particular
document or type of documents they are missing, nor have they cited any evidence demonstrating
the existence of relevant documents that were not obtained in FCA’s initial search. “Courts need
Page 6 of 12
not authorize additional discovery based on nothing more than ‘mere speculation’ that would
‘amount to a fishing expedition’.” Illinois Extension Pipeline Co., LLC v. Thomas, No. 15-3052,
2016 WL 1259379, at *5 (C.D. Ill. Mar. 1, 2016) (citing Davis v. G.N. Mortgage Co., 396 F.3d
869, 885 (7th Cir. 2005)). Because Plaintiffs can only speculate as to the existence of additional
communications in which Ms. Novacek was a party, the Court denies Plaintiffs’ request for an
additional search and production of Ms. Novacek’s communications.
D. Consumer Survey Information
Plaintiffs seek documents related to consumer survey information sought in Plaintiff’s
requests for production numbers 6 and 22. In these requests, Plaintiffs seek documents relating
to consumers’ or potential purchasers’ consideration of safety or cybersecurity. FCA objected to
the requests as being overbroad and not properly limited to cybersecurity. Because FCA objected
to Plaintiffs’ survey requests, no search of the same was conducted. The Court finds that safety
is the relevant scope for production of consumer survey information insofar as Plaintiffs are
contending that a hacker can cause various safety issues, including issues with braking, steering,
or acceleration, which may affect demand for vehicles. Accordingly, FCA is ordered to produce
documents addressing the importance of safety to consumers or potential purchasers by May 3,
2019.
E. Documents Related to Other Manufacturers’ Cybersecurity
Plaintiffs ask that FCA produce documents to support their response to certain
interrogatories that the Affected Vehicles’ Uconnect systems were “state of the art.” Plaintiffs
contend that in order to make such a contention FCA must have information evidencing other
manufacturers’ cybersecurity, yet, FCA has produced little in the way of such information.
Plaintiffs posit that because the search terms designated in this case were not designed to
Page 7 of 12
necessarily target this information, new, targeted search terms should be used to capture the same.
FCA asserts that it has produced the documents it has in its possession that were captured
using the agreed-upon ESI search terms. FCA argues that both Neil Borkowicz and Laith Shina
testified at their depositions that FCA does not collect competitors’ information, but rather, gathers
it “here and there” and it may receive “tidbits.” Thus, this information does not exist in one place,
and the custodians have testified to what they know or do not know. FCA asserts that there is
simply nothing more.
The Court agrees with Plaintiffs. The search terms utilized by the parties in this case do
not adequately address, or provide a search for, documents related to other manufacturers’
cybersecurity. This information appears to be relevant under Rule 26 and, therefore, Plaintiffs
are entitled to the same.
Moreover, based on documents already produced by Defendants,
including FCA’s Vehicle Cybersecurity & EE Architecture Strategy PowerPoint, Plaintiffs have
sufficiently supported their request for an additional, targeted search of documents, as it appears
FCA may have further information concerning competitors’ cybersecurity methods and systems.
The parties are ORDERED to meet and confer for the purpose of agreeing on additional,
limited search terms to implement for the purpose of discovering additional documentation
regarding other manufacturers’ cybersecurity. The search must be properly limited in time and
scope. The parties must notify the Court by May 3, 2019 if they are unable to agree on proposed
search terms and time limitations. If there is no dispute concerning the terms, any additional
documents culled from the search must be produced by May 17, 2019.
F. Responses to Plaintiff’s Sixth Set of Requests for Production of Documents
Nos. 44, 45, 47, and 48
In these requests, Plaintiffs seek documents concerning FCA’s rules, policies, procedures,
Page 8 of 12
and processes for authorized dealers. Plaintiffs argue that the critical link for their implied
warranty claims is the relationship between FCA and its authorized dealers. Plaintiffs assert that
they have only received three documents in response to these requests, including two extensive
manuals directing how to handle warranty claims and detailing the relationship between dealers
and FCA, as well as contracts between FCA and some dealers. Plaintiffs contend that the few
documents that have been produced are not sufficient to evidence the full extent of the control and
influence that FCA exercises over its authorized dealers.
In response, FCA asserts that it produced its contracts with every dealership in Illinois, as
well as the documents that govern those relationships and tell the authorized dealers what FCA
can and cannot control. FCA contends that certain incentive programs it utilizes with its dealers
for advertising or the like were not necessarily produced because such programs are not relevant
to the issue of control, are not contained within FCA’s contracts with dealers and, in some
instances, are informal emails memorializing an incentive agreement.
The Court finds that FCA’s production of documents responsive to Plaintiffs’ requests 44,
45, 47, and 48 is sufficient. FCA has produced the documents that govern the relationship
between itself and its dealers. The information Plaintiffs now seek is beyond what was requested
by Plaintiffs.
II.
Contention Interrogatory Responses
A. Interrogatory #32
Interrogatory #32 reads as follows:
If you contend that dealerships that sold the Affected Vehicles are not in
privity with FCA, or that Harman is not in privity with FCA, then state the
facts on which you base that contention.
FCA objected on various bases, including relevancy. FCA asserts that the interrogatory
Page 9 of 12
is not relevant to any claim or defense in this case, explaining that to the extent privity is relevant,
it is privity between Plaintiffs and FCA, not privity between dealerships or Harman and FCA.
The Court agrees and SUSTAINS FCA’s relevancy objection.
Here, it is clear that privity is relevant; however, FCA is correct in that the pertinent
question is privity between the consumer and FCA. In District Judge Reagan’s Order, he explains
that privity inquiries into the relationship between a purchaser, a seller, and a manufacturer are
fact-intensive and, based on the evidence presented, there is a genuine question of material fact as
to whether privity exists. Judge Reagan’s Order makes clear, however, that the fact-intensive
inquiry is central to determining whether a manufacturer is in privity with a consumer, as this is
the essential question.
Thus, while it may be appropriate for Plaintiffs to seek discovery
concerning FCA’s relationship with its dealers (which documents have been produced, as
discussed above), a contention interrogatory concerning privity between FCA and its dealers is not
relevant.
B. Interrogatories #27, #28, #29, #31, #34, and #35 (pg. 90)
Plaintiffs assert that FCA’s responses to contention interrogatories 27, 28, 29, 31, 34, and
35 are insufficient insofar as FCA has failed to articulate their position on crucial issues in this
case.
“Contention interrogatories require the answering party to commit to a position and give
factual specifics supporting its claims.” Ziemack v. Centel Corp., No. 92-C-3551, 1995 WL
729295, at *2 (N.D. Ill. Dec. 7, 1995). Contention interrogatories “serve a proper purpose of
narrowing the issues for litigation.” Commerce Bank, N.A. v. Widger, No. 06-CV-1103, 2008
WL 630611, at *1 (C.D. Ill. Mar. 5, 2008). However, courts have determined that a party need
not respond to contention interrogatories that would be an unduly burdensome task requiring a
Page 10 of 12
party to “produce veritable narratives of their entire case.” Gregg v. Local 305 Ibew, 2009 WL
1325103, at *6 (N.D. Ind. May 13, 2009) (citing IBP, Inc. v. Mercantile Bank, 179 F.R.D. 316,
321 (D.Kan. 1998) (“To the extent [the requests] ask for every fact and every application of law
to fact which supports the identified allegations, the court finds them overly broad and unduly
burdensome. An interrogatory may reasonably ask for the material or principal facts which support
a contention.”).
The interrogatories at issue here are clearly broad in scope as said requests seek, in effect,
all of the facts FCA is relying on to support its defense in this case. Thus, the Court finds that
although FCA points to a number of documents and depositions, its responses are sufficient. It
is reasonable that FCA identified voluminous materials that it will be using to support its position
to defend the crux of the claims in this lawsuit, particularly given the state of expert discovery
(FCA’s expert disclosure is not yet due). It would be unreasonable to require FCA to further
respond to the requests or provide any analysis or narrative concerning how it plans to apply the
law to the facts. For these reasons, the Court denies Plaintiffs’ request to compel FCA to
supplement its responses to interrogatories 27, 28, 29, 31, 34, and 35
SCHEDULING ORDER
Based on the foregoing, the Scheduling Order is AMENDED as follows:
1. Plaintiffs’ expert(s) shall be disclosed by June 14, 2019.
2. Plaintiffs’ expert(s) shall be produced for deposition by June 28, 2019.
3. Defendants’ expert(s) shall be disclosed by July 12, 2019.
4. Defendants’ expert(s) shall be produced for deposition by July 26, 2019.
5. Merits discovery must be completed by August 9, 2019.
6. Dispositive motions must be filed by August 23, 2019.
Page 11 of 12
IT IS SO ORDERED.
DATED: April 18, 2019
s/ Reona J. Daly
Hon. Reona J. Daly
United States Magistrate Judge
Page 12 of 12
Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.
Why Is My Information Online?