Law360 is providing free access to its coronavirus coverage to make sure all members of the legal community have accurate information in this time of uncertainty and change. Use the form below to sign up for any of our weekly newsletters. Signing up for any of our section newsletters will opt you in to the weekly Coronavirus briefing.
Sign up for our Technology newsletter
You must correct or enter the following before you can sign up:
Thank You!
Law360 (April 20, 2020, 4:45 PM EDT) --
 |
| Kalyan Banerjee |
Thus, the typical ways of conducting in-person depositions, source code reviews, court hearings and jury trials have been halted. This is causing delays and has adversely affected case schedules in several patent,[1] trade secret[2] and other matters [3]. In view of this uncertainty and corresponding delays, legal teams are searching for ways to continue to conduct discovery, especially source code discovery.
This article focuses on proposing solutions to conduct source code reviews remotely, and in a way that addresses considerations by both the producing and receiving parties in such matters. Technology companies over the years have developed infrastructure and practices so that their staff can work from home. Now with shelter-in-place orders in place in several counties and U.S. cities, most of the technology staff is working remotely.
American technology companies such as Facebook Inc., Google Inc. and Microsoft Corp. lead these work-from-home practices. Even companies such as Ford Motor Co. and Apple Inc., which are known for secrecy in their products and designs under development, are now allowing their developers to work from home.[4]
Clearly, this new normal is now embraced by large tech companies as they can't stop developing their technology, including code, even when their developers are working from home. Likewise, I propose that source code reviews in legal disputes shouldn't stop either. We cannot let this invisible threat defeat the legal system, especially because tools exist to overcome this.
The usual (prepandemic) way of conducting source code discovery involves the court's entering a protective order for a matter that outlines the terms and conditions of source code production, review, access restrictions, printouts of relevant portions, software tools to be used and other details. This typically includes one or more reviewers of the receiving party visiting the source-code-producing party's office.
The reviewers are cleared under the protective order and are typically allowed access during business hours. In addition, the reviewers are not allowed to bring in any networked devices (and sometimes, any devices) into the room where source code review is conducted.
With social distancing being the new norm, and severe restrictions on travel for potentially several weeks or even months, we now need to think of ways of allowing remote review of source code while keeping in place the usual protective order provisions concerning confidentiality, restricted and timed access and access logs.
Let's now explore each of these areas.
Where Source Code Is Hosted
Information technology personnel, paralegals or attorneys at the producing party's law firm can host the source code on computer(s) from their own homes, instead of at the office.
Since law firm personnel are handling other highly confidential and sensitive material from their home offices anyway, hosting source code on a restricted computer with appropriate encryption and password protection is feasible. When such a source code computer is not in use, employees can keep it inside of a locked cabinet for additional protection.
How Access Can Be Provided to Appropriate Source Code Reviewer(s)
Remote desktop tools such as Google Chrome remote desktop or Microsoft remote desktop are popular and are also enterprise-grade. With some configurations, such tools allow secure access to the computer in which source code is hosted.
When Source Code Can Be Accessed
The producing party's legal or IT staff can make sure that access is limited only to the review hours as agreed to in the protective order (for example, 9 a.m. to 5 p.m. local time). For additional security, every 30 minutes (or some agreed-to time period), the remote desktop software can ask whether the sharing can continue.
Other Considerations for the Source Code Production Computer
Other than the usual code review software tools that the parties have agreed on, additional remote code review tools, such as remote desktop software, encryption software, tools to block spyware, malware, websites, and screen recordings, and tools to prevent remote transfer of entire files, could be useful.
Who Can Access Source Code
People who are cleared under a protective order can access source code, as is standard. For additional security, at the beginning and end of the code review, and potentially also at random times, identity verification can be enforced, ensuring that only the authorized persons are accessing source code.
Virtual Sign-in Sheets
Virtual sign-in sheets can be implemented in several ways, such as having employees sign in via a video call at the start of each review session, where the authorized person from the producing party's law firm confirms that the approved reviewer has started the code review.
Monitoring Code Reviewers
In the event that the producing party requires a continuous video feed of the person who accesses the source code in each session, an additional camera can be set up in the reviewer's room. This circumstance is overly intrusive, and it should be noted that such a camera shouldn't be directed at the screen of the reviewer, bur rather at the surroundings of the reviewer to make sure no one other than the authorized person(s) is looking at the monitor on which source code review is being conducted.
Printing Protocol
This will require no change as far as day to day source code review is concerned. When the reviewing party makes the request for printing certain files or snippets of code, the authorized personnel for the producing party can print such source code and ship it to the law firm of the other party, who can then decide at their end how their experts will get access to the printed code. It could be shipped, or hand carried to the reviewer's and/or expert's locations.
Amendments to the Protective Order
To enable restrictive but remote access to the static source code production, the producing party would need to enable network access to the source code production computer, which several protective orders do not allow under regular circumstances. And as such, the parties would likely have to come to some sort of understanding, and thus potentially file amendments to the existing protective order, assuming courts would allow such access.
Conclusion
If the large technology companies, with hundreds of thousands of employees across multiple countries can continue to work on their highly confidential projects, including highly confidential software projects under development, it is reasonable to argue that source code review can be conducted remotely.
It is what these times demand, and there are reliable tools already being used by hundreds and thousands of engineers across the world that can be used to conduct such remote reviews. In order to balance the progress of source code discovery while responsibly maintaining public health restrictions, the legal community must rise to the occasion and embrace new solutions and strategies.
Kalyan Banerjee is a co-founder of Lumenci Inc.
The opinions expressed are those of the author(s) and do not necessarily reflect the views of the firm, its clients or Portfolio Media Inc., or any of its or their respective affiliates. This article is for general information purposes and is not intended to be and should not be taken as legal advice.
[1] http://www.txed.uscourts.gov/sites/default/files/goFiles/GO%2020-03%20%20COVID-19_signed.pdf.
[2] https://www.mdd.uscourts.gov/sites/mdd/files/COVID-19-Order13-Discovery_0.pdf.
[3] https://www.njd.uscourts.gov/sites/njd/files/20-04.pdf.
[4] https://www.theverge.com/2020/3/30/21200098/apple-secrecy-future-products-employees-work-from-home; https://www.bloomberg.com/news/articles/2020-03-30/apple-tests-its-secrecy-somewhere-new-employee-homes; https://www.detroitnews.com/story/business/autos/ford/2020/03/30/ford-mustang-mach-e-development-doesnt-stop-coronavirus/2925506001/.
For a reprint of this article, please contact reprints@law360.com.
