In Realpage Inc. v. Enter. Risk Control, LLC, 2017 BL 102339 (E.D. Tex. 2017), the court ordered Enterprise Risk Control, LLC (“Enterprise”) to produce forensic images of devices used by a former Realpage employee to a forensic neutral in order to determine whether any source code was recoverable pertaining to Realpage’s allegations of misappropriation.

Background

After leaving employment with Realpage in 2012, Tom Bean (“Bean”) started his own software development company named IDC. Bean and IDC were hired by former Realpage employee, and active Enterprise employee, Lonnie Derden (“Derden”) to design a vendor compliance application that was “completely different” than the one in place at Realpage. In July 2013, Enterprise hired Bean as a full-time employee and it was at that time that Bean transferred all of his source code for the vendor compliance application from IDC’s computers to Enterprise’s computers. According to Bean’s affidavit, he deleted all versions of his source code from IDC’s computers after the transfer.

Pursuant to this lawsuit, Enterprise made the vendor compliance application source code from July 2013 to the present available to Realpage for their analysis. During their review, Realpage found comments in the source code referencing dates from 2012 and early 2013, which Realpage argued indicated that versions of the source code from that point in time must exist. While the court rejected this argument, they recognized that Realpage’s complaints surround code that existed on or before the date that Bean transferred the source code to Enterprise. The court concluded that “a tailored [forensic] examination is appropriate at this time to determine whether the missing code is recoverable or to enable effective cross-examination as to its destruction.” Id. at *2.

Practical Considerations

The court stated that the forensic inspection would be limited in scope, but there are a number of obstacles and considerations with the court’s Order. Within only seven days of the Order (March 30, 2017), Enterprise must identify all Enterprise or IDC computers and storage devices that were used by Bean in July 2013, have those devices imaged and validated, and have those images provided to a presumably not-yet-hired forensic neutral. The Order also required that the forensic neutral complete his report by April 12, 2017, which would initially consist of determining whether any of the allegedly deleted source code is recoverable, and if not, “the forensic examiner may search more to determine the details of deletions of the particular files so that Plaintiffs may adequately cross-examine.” Id.

Finally, although Realpage’s Reply in support of its motion appears to contemplate that the forensic neutral would image the devices in question, the Order requires that Enterprise should create and produce the forensic images to the neutral. This process could result in further complications or arguments regarding the methods used to create the forensic images.