Court finds forensic inspection relevant and proportional

Hand pressing a keyboard button that says block ads

Satmodo, LLC v. Whenever Commc’ns, LLC, No. 3:17-cv-192-AJB-NLS, 2018 WL 3495832 (S.D. Cal. July 20, 2018).

In this case alleging a “click fraud” scheme, the court granted the plaintiff’s motion to compel in part. It ordered the defendant to provide a list of its devices and produce its relevant browser history records. It also ordered an on-site inspection of the defendant’s devices, dictating a protocol for inspection or imaging.

This case began when the plaintiff, Satmodo, LLC, alleged that Whenever Communications, LLC (“Whenever”) “engaged in a click-fraud scheme” against it. The scheme, according to Satmodo, was intended “to eliminate [its] paid advertising from appearing” in internet search results. Satmodo claimed that Whenever fraudulently clicked on its internet ads to drive its conversion rate down.

Satmodo sought to compel further discovery, including inspection and forensic imaging of Whenever’s devices.

First, via special interrogatory, Satmodo asked Whenever to identify all of the devices that it used to click on Satmodo’s ads. Whenever eventually produced a list with an inventory of IP addresses. Satmodo objected that this information was neither verified nor adequate. It further raised the specter of spoliation, pointing to deposition testimony indicating that Whenever had replaced or altered some devices.

Whenever acknowledged that its response fell short of Satmodo’s request. It claimed, though, that the request was disproportionate with the “narrow” scope of permissible discovery.

The court began by reviewing the scope of discovery under Federal Rule of Civil Procedure 26. This encompasses “any nonprivileged matter that is relevant to any party’s claim or defense and proportional to the needs of the case.” The court further noted that it “has broad discretion in determining [the] relevancy” of information for discovery.

Here, the court concluded that Satmodo’s request was “designed to identify the universe of devices” involved in the case. This, it opined, would allow it to assemble “a list of devices to inspect” for evidence of fraud. Assessing Rule 26’s proportionality factors, the court noted that Whenever has “sole and exclusive access” to its devices. Additionally, the burden of producing the information was “minimal.” As such, Satmodo’s interrogatories were “properly calculated to obtain relevant information proportional to” the case. The court therefore ordered Whenever to answer.

Next, the court considered Satmodo’s request to inspect Whenever’s devices. Satmodo argued that it needed to inspect the devices to “determine what other IP addresses or proxy servers” Whenever used. Additionally, it sought to assess whether Whenever had “wiped or altered” any of the devices.

Objecting that inspection of the devices would be overbroad and intrusive, Whenever proposed a “live test” as an alternative. Whenever claimed that according its own investigation, just 20 of the fraudulent clicks Satmodo identified arose from its IP addresses.

The court again found that Satmodo’s request was proportional. Specifically, Whenever has “sole and exclusive access” to its own devices. Inspection could also “resolve the issues of the case” at a cost that was not disproportionate.

However, the court only granted the motion to compel in part, imposing limits on Satmodo’s request. It established a specific protocol for examining and, if necessary, imaging Whenever’s devices. This protocol reflected Whenever’s “valid concerns” and the need to protect its “privacy and business interests.”

The court’s protocol allowed for on-site inspection to identify a limited range of information. Only if the on-site inspection was insufficient to gain that information could Satmodo image the devices for off-site analysis. The court explicitly warned both parties that noncompliance with the protocol or bad faith conduct could result in sanctions.

Finally, the court turned to Satmodo’s request for production of documents relating to Whenever’s interactions with Satmodo’s ads. Whenever denied engaging in any fraudulent conduct. Besides, it argued, Satmodo “provide[d] no suggestion” of what documents it sought.

The court noted that Rule 34 expanded “the traditional concept of a ‘document’” to include all forms of electronically stored information. Browser history, for instance, could reveal Whenever’s “attempts to access” Satmodo’s ads. But the court agreed that the overall browser history would indeed be too broad. Therefore, it ordered Whenever to search for relevant information and produce it to Satmodo.

In sum, the court granted the motion in part and denied it in part. It ordered Whenever to provide additional information and allow Satmodo to inspect its devices.

Takeaways on Educating Courts About Technology

Note the end result here: the court weighed both parties’ arguments and concluded that a limited on-site forensic inspection was proportional and appropriate. It then defined those limits for itself, established a protocol, and warned the parties that noncompliance was sanctionable. This underscores the importance of educating courts, where necessary, about both the legal and technical issues in a case. Make sure you understand your technology and your request well enough to explain it adequately to the court.

Wondering exactly how your ediscovery technology works? We’re here to help.

Contact Us