Case 2:24-cv-00757-JRG Document 44 Filed 12/06/24 Page 1 of 8 PageID #: 1184
`
`IN THE UNITED STATES DISTRICT COURT
`FOR THE EASTERN DISTRICT OF TEXAS
`MARSHALL DIVISION
`
`
`AVANT LOCATION TECHNOLOGIES
`LLC,
`
`
`Plaintiff,
`
`
`
`
`APPLE, INC.,
`
`
`v.
`
`Defendant.
`
`§
`§
`§
`§
`§
`§
`§
`§
`§
`§
`§
`§
`§
`§
`§
`§
`§
`§
`§
`§
`§
`§
`§
`§
`§
`
`JOINT MOTION FOR ENTRY OF
`PARTIALLY DISPUTED PROTECTIVE ORDER
`
`
`Case No. 2:24-cv-00757-JRG
`(LEAD CASE)
`
`JURY TRIAL DEMANDED
`
`
`
`Case No. 2:24-cv-00354-JRG
`(MEMBER CASE)
`
`JURY TRIAL DEMANDED
`
`
`
`AVANT LOCATION TECHNOLOGIES
`LLC,
`
`
`Plaintiff,
`
`
`
`v.
`
`
`ECOBEE TECHNOLOGIES ULC d/b/a
`ECOBEE,
`
`
`Defendant.
`
`Plaintiff Avant Location Technologies LLC (“ALT” or “Plaintiff”) and Defendants Apple
`
`Inc. (“Apple”) and Ecobee Technologies ULC d/b/a ecobee (“ecobee”) (collectively
`
`“Defendants”) (Plaintiff and Defendant collectively referred to as the “Parties”) hereby submit the
`
`Proposed Partially Disputed Protective Order, attached as Exhibit A.
`
`The Parties were unable to reach an agreement on certain provisions of the Protective
`
`Order. The Parties submit the Proposed Partially Disputed Protective Order, attached as Exhibit
`
`A, which indicate the Parties’ proposals in brackets. The Parties’ arguments in favor of their
`
`

`

`Case 2:24-cv-00757-JRG Document 44 Filed 12/06/24 Page 2 of 8 PageID #: 1185
`
`respective proposals are presented below:
`
`I.
`
`Plaintiff’s Position
`
`Defendants’ proposed language regarding data security requirements and the proposed
`
`process for a response to data breaches is unduly burdensome and prejudicial. Ex. A, ¶ 14.
`
`Specifically, Defendants’ proposal includes an exhaustive list of unnecessary and restrictive
`
`requirements for the Receiving Party to maintain documents produced in this Action, including
`
`network security and encryption in accordance with what Defendants consider to be permissible
`
`and necessary to safeguard its documents and information. In proposing this language, Defendants
`
`take the position that protections and safeguards set forth in this Court’s default protective order
`
`are insufficient, and that Defendants’ materials should be afforded greater protection than those of
`
`other parties. Not only is the addition of this language unnecessary based on the adequate
`
`protections afforded by this Court’s default protective order and the other safeguards agreed to
`
`elsewhere in the Proposed Protective Order, but it is untenable. Defendants’ proposal includes
`
`heightened requirements that mandate that Plaintiff adhere to specific security standards and
`
`follow Defendants’ prescribed procedures for remedying any theoretical data breaches—including
`
`a stay or extension of discovery and submitting to “reasonable discovery concerning the Data
`
`Breach.” Defendants’ burdensome requirements would delay and impact the case schedule in
`
`addition to authorizing Defendants to conduct invasive discovery regarding a data breach beyond
`
`that which is permitted under the Court’s prescribed procedures and Orders.
`
`Defendant’s proposed data security requirements are binding not only on Plaintiff and its
`
`counsel, but also its retained experts and consultants. This would require Plaintiff to exercise a
`
`degree of control over retained experts and outside consultants that is untenable. The requirements
`
`under Defendant’s proposal would effectively bar Plaintiff from retaining the vast majority of
`
`2
`
`

`

`Case 2:24-cv-00757-JRG Document 44 Filed 12/06/24 Page 3 of 8 PageID #: 1186
`
`experts and outside consultants who would not or cannot agree to such an extreme and invasive
`
`provision, preventing Plaintiff from freely choosing an expert or consultant it wishes to retain,
`
`absent any other objections.
`
`A court in this District recently denied a request that requires protected material only be
`
`stored on a “firm-managed computing device.” Compare Truesight Commc’ns LLC v. Samsung
`
`Elecs. Co., Ltd., No. 2:23-cv-00643, Dkt. 37 (E.D. Tex. July 5, 2024) with Dkt. 38 (E.D. Tex. July
`
`11, 2024). Further, this Court rejected an identical proposal in Advanced Coding Techs., LLC v.
`
`Apple Inc., No. 2:24-cv-00572-JRG, Dkt. 47 (E.D. Tex. Nov. 8, 2024). Here, the Parties submit
`
`the Protective Order as entered in Advanced Coding Techs., LLC v. Apple Inc., except for the data
`
`protection provisions in paragraph 14, which was previously rejected by the Court. Accordingly,
`
`the entirety of Apple’s proposed language regarding data security should be rejected.
`
`II.
`
`Defendants’ Position
`
`Defendants propose in paragraphs 14(a)-(g) that the protective order include (1) specific
`
`data security requirements for materials produced in this case (paragraph 14(a)); (2) a process for
`
`handling any data breach (paragraphs 14(b)-(f)); and (3) export control requirements (paragraph
`
`14(g)). These provisions are reasonable, consistent with industry practice, and necessary to protect
`
`the confidential information that the parties will produce in this litigation. Indeed, in another case
`
`recently filed in this District, the Court rejected the same objections to these provisions raised by
`
`the plaintiff and included data security, data breach, and export control provisions in the protective
`
`order that mirror what Defendants are seeking here. See Slyde Analytics LLC v. Apple Inc., No.
`
`2:24-cv-00331-RWS-RSP, ECF 60 (Dec. 6, 2024) (paragraphs 14(a)-(g)).
`
`First, paragraph 14(a) sets forth specific data security requirements for materials produced
`
`in this case. These safeguards are designed to prevent unauthorized access using a choice of
`
`3
`
`

`

`Case 2:24-cv-00757-JRG Document 44 Filed 12/06/24 Page 4 of 8 PageID #: 1187
`
`several standard security protocols0F
`
`1 and multi-factor authentication.1F
`
`2 These same security
`
`measures are widely used to mitigate the risk of a data breach. To the extent that Avant’s outside
`
`counsel is not already using such measures, that further demonstrates the necessity of these
`
`requirements. Concerns about data security are not theoretical. Many large, sophisticated law
`
`firms and e-discovery vendors have been victims of hacks, leaks, or breaches.2F
`
`3 Indeed, Apple’s
`
`own data held by adversary law firms has been victim to data breaches in the recent past.
`
`Second, Defendants propose in paragraphs 14(b)-(f) reasonable requirements in the event
`
`of a data breach: notice of the breach within 48 hours of learning of it, cooperation in investigation
`
`of the breach as necessary, and cooperation in remediation efforts and changes to the discovery
`
`
`1 https://www.iso.org/standard/27001 (“ISO/IEC 27001 is the world's best-known standard for
`information
`security
`management
`systems
`(ISMS).”);
`https://csrc.nist.gov/pubs/sp/800/53/r5/upd1/final (“This publication provides a catalog of security
`and privacy controls for information systems and organizations to protect organizational
`operations and assets, individuals, other organizations, and the Nation from a diverse set of threats
`and risks, including hostile attacks, human errors, natural disasters, structural failures, foreign
`intelligence entities, and privacy risks.”); https://www.cisecurity.org/controls (“The CIS Critical
`Security Controls (CIS Controls) are a prescriptive, prioritized, and simplified set of best practices
`that you can use to strengthen your cybersecurity posture. Today, thousands of cybersecurity
`practitioners from around the world use the CIS Controls and/or contribute to their development
`via a community consensus process.”).
`2 https://www.cisa.gov/MFA (“Users who enable MFA are significantly less likely to get hacked.
`Why? Because even if a malicious cyber actor compromises one factor (like your password), they
`will be unable to meet the second authentication requirement, which ultimately stops them from
`gaining access to your accounts.”).
`3https://www.logikcull.com/blog/ediscovery-next-frontier-hackers-major-law-firms-now-know
`(“eDiscovery
`is
`the next frontier for hackers, as major
`law firms now know”);
`https://www.slaw.ca/2018/09/26/the-2017-dla-piper-breach-revisited/;
`https://www.justice.gov/usao-sdny/pr/manhattan-us-attorney-announces-arrest-macau-resident-
`and-unsealing-charges-against;
`https://www.abajournal.com/news/article/more-than-100-law-
`firms-have-reported-data-breaches-2-biglaw-firms-affected;
`https://techcrunch.com/2023/04/06/proskauer-confidential-client-data/;
`https://techcrunch.com/2024/01/04/orrick-law-firm-data-breach/;
`https://techcrunch.com/2020/03/02/epiq-global-ransomware/;
`https://ediscoverytoday.com/2022/05/20/cuba-ransomware-group-hacked-fronteo/;
`https://www.virsec.com/resources/blog/new-details-emerge-on-the-ransomware-attack-against-
`epiq-global.
`
`4
`
`

`

`Case 2:24-cv-00757-JRG Document 44 Filed 12/06/24 Page 5 of 8 PageID #: 1188
`
`process or schedule. Establishing a process for addressing a data breach in advance will allow the
`
`parties to respond to and attempt to mitigate the harms of a data breach in an orderly and expedient
`
`manner. The Court recently adopted identical data breach provisions in the protective order
`
`entered in Slyde Analytics LLC v. Apple Inc., No. 2:24-cv-00331-RWS-RSP, ECF 60 (Dec. 6,
`
`2024) (paragraphs 14(b)-(f)).
`
`Third, Defendants propose in paragraph 14(g) restrictions consistent with export control
`
`regulations. Certain non-public information produced in this litigation, including proprietary
`
`source code, is likely to be subject to export control designations. For these reasons, it is entirely
`
`appropriate and reasonable to ensure that designated material remains inside the United States and
`
`not shared with foreign nationals, unless otherwise agreed by the parties. Courts in this District
`
`have approved similar provisions. See, e.g., Slyde Analytics LLC v. Apple Inc., No. 2:24-cv-00331-
`
`RWS-RSP, ECF 60 (Dec. 6, 2024) (paragraph 14(g)); Uniloc USA, et al. v. Samsung Electronics
`
`America, Inc., et al., No. 2:18-cv-00040-JRG-RSP, ECF 38 (May 30, 2018) (entering a provision
`
`under which protected material “shall not be taken or reviewed outside the United States unless
`
`expressly agreed to in writing by the Producing Paragraph 33(c) Party”); ContentGuard Holdings,
`
`Inc. v. Amazon.com, Inc. et al., Case No. 2:13-cv-01112-JRG, ECF 151 (June 6, 2014) (entering a
`
`strict prohibition on transporting Protected Material to foreign jurisdictions).
`
`Dated: December 6, 2024
`
`
`
`
`
`Respectfully submitted,
`
`/s/ Peter Lambrianakos
`Alfred R. Fabricant
`NY Bar No. 2219392
`Email: ffabricant@fabricantllp.com
`Peter Lambrianakos
`NY Bar No. 2894392
`Email: plambrianakos@fabricantllp.com
`Vincent J. Rubino, III
`NY Bar No. 4557435
`Email: vrubino@fabricantllp.com
`
`5
`
`

`

`Case 2:24-cv-00757-JRG Document 44 Filed 12/06/24 Page 6 of 8 PageID #: 1189
`
`
`
`
`
`FABRICANT LLP
`411 Theodore Fremd Avenue, Suite 206 South
`Rye, New York 10580
`Telephone: (212) 257-5797
`Facsimile: (212) 257-5796
`
`William E. Davis, III
`Texas Bar No. 24047416
`Email: bdavis@davisfirm.com
`Ty Wilson Texas
`State Bar No. 24106583
`Email: twilson@davisfirm.com
`DAVIS FIRM PC
`213 N. Fredonia Street, Suite 230
`Longview, Texas 75601
`Telephone: (903) 230-9090
`Facsimile: (903) 230-9661
`
`ATTORNEYS FOR PLAINTIFF
`AVANT LOCATION TECHNOLOGIES, LLC
`
`/s/ Andrew J. Danford (with permission)
`Melissa R. Smith
`TX Bar No. 24001351
`melissa@gillamsmithlaw.com
`GILLAM & SMITH, LLP
`303 South Washington Avenue
`Marshall, Texas 75670
`Telephone: (903) 934-8450
`Facsimile: (903) 934-9257
`
`Andrew J. Danford
`(Admitted Pro Hac Vice)
`Email: andrew.dandford@wilmerhale.com
`Joseph J. Mueller
`(Admitted Pro Hac Vice)
`Email: joseph.mueller@wilmerhale.com
`WILMER HALE
`60 State Street
`Boston, MA 02109
`Telephone: (617) 526-6806\
`Facsimile: (617) 526-5000
`
`Mark D. Selwyn
`
`6
`
`

`

`Case 2:24-cv-00757-JRG Document 44 Filed 12/06/24 Page 7 of 8 PageID #: 1190
`
`(Admitted Pro Hac Vice)
`Email: mark.selwyn@wilmerhale.com
`Joseph F. Haag
`(Admitted Pro Hac Vice)\
`Email: joseph.haag@wilmerhale.com
`WILMER HALE
`2600 El Camino Real, Suite 400
`Palo Alto, CA 94306
`Telephone: (650) 858-6031
`Facsimile: (650) 858-6100
`
`ATTORNEYS FOR DEFENDANT
`APPLE, INC.
`
`
`
`
`/s/ Eric R. Chad (with permission)
`Jennifer Parker Ainsworth
`TX State Bar No. 00784720
`Email: jainsworth@wilsonlawfirm.com
`WILSON ROBERTSON &
` VANDEVENTER, P.C.
`909 ESE Loop 323, Suite 400
`Tyler, Texas 72701
`Telephone: (903) 509-5000
`Facsimile: (903) 509-5091
`
`Of Counsel:
`Thomas J. Leach
`Eric R. Chad
`Michael A. Erbele
`Joseph Dubis
`MERCHANT & GOULD P.C.
`150 South Fifth Street, Suite 2200
`Minneapolis, MN 55402
`Telephone: (612) 332-5300
`E-mail: tleach@merchantgould.com
`E-mail: merbele@merchantgould.com
`E-mail: echad@merchantgould.com
`E-mail: jdubis@merchantgould.com
`
`ATTORNEYS FOR DEFENDANT
`ECOBEE TECHNOLOGIES ULC
`
`
`7
`
`

`

`Case 2:24-cv-00757-JRG Document 44 Filed 12/06/24 Page 8 of 8 PageID #: 1191
`
`CERTIFICATE OF SERVICE
`
`The undersigned hereby certifies that, on December 6, 2024, all counsel of record who are
`
`deemed to have consented to electronic service are being served with a copy of this document via
`
`the Court’s CM/ECF system per Local Rule CV-5(a)(3).
`
`/s/ Peter Lambrianakos
` Peter Lambrianakos
`
`
`CERTIFICATE OF CONFERENCE
`
`The undersigned hereby certifies that all counsel of record have met and conferred in
`
`accordance with Local Rule CV-7(h) and this joint motion is unopposed.
`
`/s/ Peter lambrianakos
` Peter Lambrianakos
`
`
`
`