Protective Orders for Computer Source Code

Proprietary software source code produced as evidence during discovery is typically afforded stronger protection than other types of evidence. The restrictions on how the source code may be stored, transmitted, and viewed are specified by a protective order (PO). Perhaps in an effort to control costs, many attorneys wait until after the PO has been finalized to retain software analysts and expert witnesses. However, by engaging the experts before the protective order is finalized, counsel can receive important advice on how to negotiate terms that are most advantageous for each particular review, and end up saving time and money in the long run.

Each code review has its own unique set of variables that can vary widely from project to project, including the people involved, time and resource constraints, and software systems and devices. An expert’s job is to take into account the various technical and logistical considerations and suggest terms for a protective order that are advantageous and allow the team to meet the specific goals of the project. The expert can help attorneys pick their battles appropriately — for example, by pointing out that it would be worth accepting more stringent page limits on printed code in exchange for receiving printed code electronically in the form of searchable PDFs.

While there are many variables that will be unknown until the reviewer has a chance to see the code, the analyst should ideally have a strong technical background and experience with both the software systems involved and the source code review process in general such that they can make educated guesses.

 

Project Variables to Consider when Negotiating a Protective Order

In preparing to recommend terms for a protective order, an analyst should consider at least the following variables:

1. Software systems on which the code runs (including operating systems, applications, networks, etc.)
2. The size and complexity of the set of code at large
3. The size and complexity of the areas of focus for the review
4. For each of these areas, the level of understanding/detail/proof desired
5. For each of these areas, the need for hard (printed) evidence
6. The persons reviewing the code both onsite and offsite
7. Time constraints, scheduling, and other logistical matters

 

Major Terms of a Source Code Protective Order

After consider the factors above, the analyst/expert should be able to construct a rough plan and schedule for the review, indicating what can be accomplished in a given amount of time. From there, terms of the protective order governing a number of important factors can be negotiated, including:

1. Limits on the total number of printed pages
2. Limits on the number of consecutive printed pages from a given file
3. The number of computers available
4. Time allowed for review/approval of an expert
5. Source code review tools (compilers, search tools) that are allowed on the review machines
6. Time period for prior notice to conduct a review
7. Time / # of trips allowed for the review and hours that the review room is available
8. Turnaround time for the opposing party to produce printed code
9. Limitations on access/distribution of the produced (printed) code

In a future article, we will discuss how an analyst might consider the variables in the first list to make recommendations for the terms of the order in the second list.

Brad Ulrich - Software Expert Witness
Brad Ulrich

Brad Ulrich has a diverse career as a computer scientist, software engineer, technology manager, and entrepreneur. His experience spans software design, programming, patent management, healthcare, mobile devices, startups, technology licensing, regulatory compliance, and risk management.