`
`June 14, 2019
`
`VIA ELECTRONIC FILING
`
`Honorable Thomas S. Hixson
`U.S. District Court, Northern District of California
`San Francisco Courthouse
`Courtroom A – 15th Floor
`450 Golden Gate Avenue
`San Francisco, CA 94102
`
`Re:
`
`
`
`Joint Discovery Statement
`Finjan, Inc. v. Juniper Networks Inc., Case No. 3:17-cv-05659-WHA-TSH
`
`
`Dear Magistrate Judge Hixson:
`
`
`Pursuant to Judge Alsup’s Order referring any discovery disputes to this Court (Dkt. No.
`437), the parties submit the following joint statement regarding Plaintiff Finjan, Inc.’s (“Finjan”)
`motion to compel Defendant Juniper Networks, Inc. (“Juniper”) to download CLOC and Cygwin
`onto the source code review computers. The parties attest that they met and conferred by
`telephone on this issue on June 6 and 7, 2019.1
`
`Respectfully submitted,
`
`/s/ Kristopher Kastens_____
`Kristopher Kastens
`KRAMER LEVIN NAFTALIS & FRANKEL LLP
`Attorneys for Plaintiff
`Finjan, Inc.
`
`
`/s/ Joshua Glucoft____
`Joshua Glucoft
`IRELL & MANELLA LLP
`Attorneys for Defendant
`Juniper Networks, Inc.
`
`
`1 Counsel for Juniper is located outside of the Bay Area.
`
`
`
`Case 3:17-cv-05659-WHA Document 532 Filed 06/14/19 Page 2 of 6
`
`Finjan’s Position
`
`The Court should compel Juniper to install certain standard tools used for searching and
`analyzing source code on its source code review computer that Finjan requested on May 29,
`2019. These tools will greatly streamline Finjan’s source code review in time for expert reports
`and allow it to perform a detailed analysis of the code that is otherwise impossible. Specifically,
`Finjan requested Juniper to install CLOC (https://github.com/AlDanial/cloc) and certain
`functionality provided in the Cygwin package (https://www.cygwin.com/) onto the source code
`computer. CLOC allows for the lines of code to be counted (as indicated by its name, “Count
`Lines Of Code”), and Cygwin is a collection of open source tools that simply provide a means to
`run Linux commands on a Windows operating system. Importantly, Cygwin has a variety of
`advanced searching functionalities, a subset of which Finjan requests to be installed so that its
`experts can conduct source code review (Find, Sort, Uniq, Join, Xargs, Cat, WC, SED, and
`SHA1SUM).2 Together, these tools will allow for Finjan to provide a precise counting of source
`code lines that relate to the infringing technology, including locating the relevant source code,
`identifying instances where the same source code is used in multiple products, and eliminating
`blank lines and developer comments. Both Cygwin and CLOC are free to download, easy to
`install, and have been used by Finjan for source code reviews in other litigations without any
`issues.
`
`Finjan requests these tools so that its expert will be able to quantify the lines of unique
`source code relating to the infringing technology. Given the voluminous amount of source code
`and directories, the use of these programs will allow Finjan to efficiently analyze the source code
`by searching through the code quickly, and identifying developer comments and code that is not
`relevant to the accused functionality. The analysis that is proposed by Finjan is relevant to
`damages because the lines of code may be used to determine the cost of developing the
`technology at issue, which is a factor relevant to damages in this case. Additionally, this analysis
`is relevant to rebut Juniper’s recently articulated position that certain modifications can be made
`to their products to design-around the patents. See Ex. A, Juniper’s first supplemental response
`to Interrogatory No. 9 (identifying how the accused products could be theoretically redesigned
`with various alternative architectures that would circumvent the claim language).
`
`The analysis by these tools are also important to Finjan’s ability to address Juniper’s
`interrogatory recently served on May 28, 2019, asking Finjan why each of Juniper’s non-
`infringing alternatives would not be viable, because it would allow Finjan to more easily
`quantify the extent that the source code would need to be rewritten for Juniper’s proposed non-
`infringing alternatives. See Ex. B, Juniper’s Interrogatory No. 14. Finjan should be allowed to
`use the proper tools to test these allegations and conduct its own analysis of the source code, so
`that its experts can opine on the feasibility and viability of any alleged design-arounds and/or
`non-infringing alternatives, to the extent appropriate. Due to the sheer volume of Juniper’s
`source code and the rapidly approaching deadline for opening expert report, Finjan’s analysis
`will be hindered, and will be grossly inefficient and expensive because Finjan would be forced to
`perform the manual analysis of counting and searching through millions of lines of code, which
`will be significantly more time consuming without these tools.
`
`
`2 These are all search tools and are unrelated to compiling source code.
`
`
`
`- 1 -
`
`
`
`Case 3:17-cv-05659-WHA Document 532 Filed 06/14/19 Page 3 of 6
`
`Juniper tries to justify its refusal to install these standard analysis tools on the grounds
`that Cygwin and CLOC are not specifically mentioned in the Protective Order. However, while
`the Protective Order identifies that certain tools must be installed, it does not prohibit the
`installation of additional tools, nor does it say that these were the only tools that can be installed.
`See Dkt. 149 at 13 (“The Producing Party will provide UltraEdit, NotePad++, Vim, Emacs, and
`Grep for the review and searching of the source code on the secured computer.”). In other
`words, the Protective Order sets the floor, not the ceiling. It requires Juniper to provide at least
`the tools enumerated, but remains silent on whether other additional tools can be provided.
`Finjan did not raise these additional tools when negotiating the protective order because it
`understood that they could be requested later if a need arose, as it has. The Protective Order
`intentionally captures this flexibility in that it does not explicitly limit the tools that can be
`installed by Juniper. If Juniper wanted a more rigid Protective Order that only permitted certain
`specifically enumerated tools or expressly excluded anything, then Juniper could have insisted
`on the inclusion of such a provision during negotiations.
`
`Juniper’s argument with respect to CLOC is dubious, as all the program does is count
`code in an automated manner. Juniper does not address this head on, but instead states that it
`would need to do a thorough security review of the program before it could be installed on the
`source code review computer. Juniper provides no explanation for why this would be required
`before Finjan could use the program to review a copy of Juniper’s source code on a standalone
`computer that is not even connected to the Internet, and therefore has no security risks.
`Furthermore, Finjan requested CLOC weeks ago, providing Juniper time to complete any review
`that it believed was required.
`
`The rationale behind Juniper’s objection to Cygwin, that certain functionalities could
`possibly be used to compile the source code, is also disingenuous. First, Finjan is not asking for
`any compiler functionality to be installed. Rather, Finjan has only requested that a few of its
`specific search tools be installed—namely Find, Sort, Uniq, Join, Xargs, Cat, WC, SED, and
`SHA1SUM – all of which are functions used for searching source code in an automated manner,
`which is particularly important given the millions of pages of source code that Juniper has
`provided. Second, the Protective Order does not prohibit the producing party from installing
`review tools that also have the ability to compile source code, but states that the receiving party
`cannot use any compiler functionality. Dkt. 149 at 13 (“The Receiving Party may not download
`anything onto the secured computer, and may not use any compilers, interpreters, or simulators
`in connections with the Producing Party’s source code.”)(emphasis added). Finjan will fully
`comply with the express terms of the Protective Order and will not compile the source code even
`if Juniper installed tools that could compile. Finjan merely requests that certain searching and
`counting tools be provided.
`
`The Protective Order also provides other means for protecting Juniper’s source code.
`First the code is provided on a standalone computer that has no network connection and is only a
`copy of Juniper’s source code. Finjan is also prohibited from bringing electronics into the
`secured room. Id. (“The Receiving Party may not bring any electronics into the secured room.”).
`Also, Finjan is prohibited from copying, removing, or otherwise transferring the source code
`onto another device and Juniper is permitted, to a limited extent, to visually monitor Finjan’s
`activities for the purpose of ensuring that no such unauthorized activity is occurring. Id. (“The
`
`
`
`
`- 2 -
`
`
`
`Case 3:17-cv-05659-WHA Document 532 Filed 06/14/19 Page 4 of 6
`
`Producing Party may visually monitor the activities of the Receiving Party’s representatives
`during any source code review, but only to ensure that there is no unauthorized recording,
`copying, or transmission of the source code.”). Juniper’s source code is sufficiently protected by
`the express terms of the Protective Order and Juniper’s attempt to read in an additional
`restrictions is unwarranted. There is no harm to Juniper in providing tools that would permit
`Finjan to search and count source code in an automated manner. Juniper’s objections instead
`seem to be geared towards hampering Finjan’s ability to fully review Juniper’s source code in a
`timely manner and run out the trial clock.
`
`For these reasons, Finjan respectfully requests the Court to compel Juniper to promptly
`download and install both CLOC and the identified subset of Cygwin tools on the source code
`computer. If it helps the Court’s analysis, Finjan can submit an expert declaration explaining: (1)
`why having CLOC and these Cygwin tools on the source code review computers is important for
`the analysis, (2) that these are standard analysis tools; and (3) that they will not be used to
`compile or otherwise modify the source code.
`
`
`Juniper’s Position
`
`Finjan is asking this Court to unilaterally impose changes to a highly negotiated
`
`compromise agreement between the parties that was entered by the Court just under one year ago.
`See Dkt. No. 149 (Protective Order). Finjan’s request should be denied.
`
`
`Because the lifeblood of Juniper’s business is its highly confidential source code, Juniper
`must be extremely selective about who can view the source code and what tools can be used to
`analyze it. Juniper’s customers, including the U.S. military, depend on the security of Juniper’s
`systems and may require Juniper to make representations about the type of access Juniper has
`allowed to its code. Juniper also recognizes, however, that in litigation it must provide access to
`its source code. To walk the tightrope between security and litigation access, Juniper is especially
`careful about the type of access it allows to its code, so Juniper carefully negotiates provisions
`regarding that access in its stipulated protective orders. As Juniper has been the subject of a
`number of lawsuits over the years, it is now fairly familiar with the types of tools plaintiffs need
`to analyze its source code for purposes of litigation, so it has been able to successfully negotiate
`protective orders in virtually every litigation it has been a party to—including this one—that allow
`plaintiffs access to the information they need without providing tools that are overly invasive.
`
`
`During the spring and summer of 2018, Finjan and Juniper extensively negotiated which
`tools Finjan could use to access Juniper’s source code in this case. The parties were able to
`successfully agree on a set of tools for Finjan to use, and these tools were memorialized in the
`Stipulated Protective Order in this case, which Judge Alsup entered on July 6, 2018. See Dkt. No.
`149 at 13. The purpose of expressly setting forth a list of source code tools in the Protective Order
`was to avoid any potential future disputes about whether Finjan had sufficient access to the source
`code or whether Juniper had sufficient security protections. Notably, the parties did not agree to,
`and the Protective Order does not provide, any means to add source code review tools because,
`contrary to Finjan’s argument, the parties’ agreement was intended to be final (i.e., the ceiling, not
`the floor). With this motion, Finjan is just seeking to impose new requirements on Juniper—
`including ones that Juniper expressly rejected during the parties’ negotiations.
`
`
`
`
`- 3 -
`
`
`
`Case 3:17-cv-05659-WHA Document 532 Filed 06/14/19 Page 5 of 6
`
`When Juniper was preparing to produce its source code in March 2018, Finjan requested a
`number of review tools, including Cygwin. Ex. 1 at 1-2. Juniper agreed to provide the vast
`majority of tools Finjan requested, excluding only those tools that Juniper believed could pose a
`security risk. As Juniper explained to Finjan on March 15, 2018:
`
`
`As for review tools, we will provide NotePad++, Vim, Emacs, and Grep, as
`you have requested. We will also provide UltraEdit, which includes
`substantial searching capabilities. These tools will allow you to reasonably
`review and search the entire codebase. We are not, however, going to provide
`tools that could compromise the integrity of the code by facilitating writing
`to the code, changing file permissions, or connecting the secured computer to
`a network. For that reason, we are not going to provide Cygwin….
`
`
`Ex. 1 at 1. In view of Juniper’s concern, Finjan and Juniper agreed to a specific set of tools—
`specifically excluding Cygwin—and the parties memorialized their agreement in the Protective
`Order approved by the Court in this matter. Dkt. No. 149 at 13 (“The Producing Party will provide
`UltraEdit, NotePad++, Vim, Emacs, and Grep for the review and searching of the source code on
`the secured computer.”). Finjan did not even suggest that CLOC was necessary for its source code
`review at that time—and had Finjan done so, Juniper would have rejected installation of that
`program as well.
`
`Juniper produced the source code in March of 2018, and Finjan has reviewed it dozens of
`
`times over the last year without any complaint that it needed Cygwin or CLOC to adequately
`perform its review. Finjan was able to file and oppose multiple rounds of summary judgments,
`prepare multiple technical expert reports (and have its experts deposed), and even go to trial based
`on the code it successfully reviewed with the tools the parties had agreed upon.
`
`Despite Finjan’s ability to fully analyze Juniper’s source code, on May 29, 2019, Finjan
`
`suddenly demanded the installation of Cygwin and CLOC, the latter of which had never even been
`mentioned before Finjan’s demand that day. With respect to Cygwin, the same security concerns
`that Juniper raised more than a year ago remain today, and Finjan has not adequately addressed
`those security concerns; rather, Finjan merely argues without evidence that the specific Cygwin
`tools it desires are safe. Juniper cannot verify the safety of the requested tools because Finjan has
`not even identified the specific Cygwin packages it desires; among the large suite of packages
`available from Cygwin, there are no packages matching the names of almost any of the tools
`identified by Finjan—i.e., Find, Sort, Uniq, Join, Xargs, Cat, WC, and SHA1SUM). See
`https://cygwin.com/packages/package_list.html. It therefore appears that the tools requested by
`Finjan are actually subsumed into larger Cygwin packages with additional features. Before
`allowing any such packages to be downloaded onto the source code computer, Juniper would have
`to conduct a new security analysis—which includes both an analysis of all features in the relevant
`packages (i.e., both the features expressly identified by Finjan and any other features with which
`they are packaged), and also potential security vulnerabilities in that software—in order to ensure
`that the representations it makes to its customers about access to the code are accurate.
`
`
`In any event, Juniper already agreed to a host of tools with the advanced searching
`functionalities that Finjan suggests can only be provided by Cygwin. For example, as Juniper
`
`
`
`
`- 4 -
`
`
`
`Case 3:17-cv-05659-WHA Document 532 Filed 06/14/19 Page 6 of 6
`
`explained to Finjan over a year ago, “UltraEdit has substantial searching capabilities, including
`but not limited to: ‘Search huge log files, generate a list of all lines containing your search string,
`do pattern-based find and replace with regular expression support, search in columns and selected
`text.’ See: https://www.ultraedit.com/products/ultraedit/ultraedit-feature-map/.” Ex. 2 at 1.
`Juniper also provided Finjan with the Windows CLI, which includes functions that are very similar
`if not identical to those that Finjan relies upon in support of its demand for Cygwin. See, e.g.,
`https://superuser.com/questions/401495/equivalent-of-unix-find-command-on-windows
`(Windows “findstr” is equivalent to Unix “Find” command, requested by Finjan). There is no
`reason that Juniper should be forced to deviate from the agreed-upon set of review tools, especially
`in view of the fact that the parties agreed over a year ago to a specific list of tools that excluded
`Cygwin due to security concerns but that provide substantially similar if not identical capabilities
`to the requested Cygwin packages.
`
`With respect to CLOC, that fact that it has been used “for source code reviews in other
`
`litigations without any issues” is immaterial. To Juniper’s counsel’s knowledge, Juniper has never
`agreed to permit CLOC on a review computer containing Juniper’s highly confidential source
`code, so Finjan’s prior experience with the tool is irrelevant. Moreover, as Finjan has never even
`mentioned CLOC before and Juniper has (to the best of counsels’ knowledge) never even been
`asked to use this product in litigation, Juniper would need to conduct a thorough security analysis
`of CLOC to ensure that there are no security vulnerabilities that could be exploited to compromise
`the integrity of the review computer (intentionally or otherwise). This involves analyzing not just
`the stated functionality of the code itself, but also trying to determine if there are security
`vulnerabilities inherent in the code. In any event, the other tools that Juniper has made available
`allow Finjan to view code on a line-by-line basis, so Finjan can already figure out how many lines
`of code it takes to perform any given task even if that number were relevant—which it is not.
`
`Finjan’s arguments regarding the relevance of the number of lines of code are highly
`
`dubious. In particular, Finjan claims that the number of lines is relevant to determining the cost
`of developing the technology as well as the viability of non-infringing alternatives. But this makes
`no sense. The number of lines of source code used for a feature has little (if any) correlation to
`the cost to develop that product, as Juniper does not pay its engineers based on the number of lines
`of code they write. Indeed, even if Juniper’s engineers were paid per line of code (which they are
`not), good code—like good writing—is concise and often exhibits an inverse relationship between
`the number of lines and total cost (as the highly skilled engineers that write compact code are more
`expensive). Similarly, the number of lines of source code used in an allegedly infringing feature
`does not provide any insight into the number of lines required to implement a non-infringing
`alternative, which is necessarily not present in the code. Finjan’s arguments regarding the
`relevance of the information it seeks to obtain using CLOC are highly strained at best, and the
`attenuated relevance of that information is certainly not worth imposing a new potential security
`risk on Juniper beyond that covered by the parties’ agreement reflected in the Protective Order.
`
`In sum, the parties reached agreement more than a year ago regarding the appropriate set
`
`of review tools, which did not include Cygwin or CLOC, and those agreed-upon tools were
`sufficient for Finjan to go through a first trial. Finjan now seeks to impose new security risks on
`Juniper in an effort to obtain information of highly questionable relevance. The Court should
`enforce the parties’ existing agreement and deny Finjan’s motion.
`
`
`
`
`- 5 -
`
`