publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/192213
CRACKING SOURCE CODE PRODUCTION: XXXX BASICS AND BEST PRACTICES For less tech-savvy officers of the court, third-party forensic experts are hired to explain exactly how source code is used within a program or device. The purpose and method behind this review is dependent largely on the nature of the case and the allegations. CASE IN POINT To help further the understanding of source code, a few notable cases follow: In the 2008 case of Metavante Corp. v. Emigrant Savings Bank, Metavante sued the bank for nonpayment of fees associated with launching an online, direct banking system. Emigrant argued that the system put in place by Metavante was "poorly integrated, poorly tested, poorly planned, not scalable and experienced degraded service." Emigrant succeeded in arguing that it needed to review source code related to the online banking system to defend itself accurately against the breach of contract claims. Metavante then argued it would be unduly burdened by having to produce source code, and it would cost more than $300,000, take over 5,000 hours and would not provide Emigrant with sufficient relevant information. The court balanced the value of the source code against the burden of producing it and determined the value outweighed the burden. The judge ruled in favor of the plaintiff and ordered Emigrant pay Metavante damages and prejudgement interest in the amount of more than $2 million. In 2009, a patent infringement case arose in the Illinois Northern District Court between two manufacturers of climate control products. In Bergstrom, Inc. v. Glacier Bay, Inc., the plaintiff asked the court to compel Glacier Bay to disclose and produce a copy of each relevant revision of its ClimaCab source code to determine if they had infringed on Bergstrom's patents. Glacier Bay opposed Bergstrom's motion and requested a heightened level of protection beyond what was in place in order to protect the highly confidential and sensitive information. Bergstrom called Glacier Bay's "eleventh-hour motion" a "thinly veiled attempt to justify its failure to disclose information to which it now concedes that Bergstrom is entitled." In early 2010, the court ordered Glacier Bay to produce the source code to Bergstrom and with appropriate confidentiality designations as set forth in the court's 2009 protective order. Last year, a Minnesota Supreme Court criminal case disputed the accuracy of the Intoxilyzer 5000EN, a device which calculates the blood alcohol content in a person's breath. The source code for this device operates every function of the device, from ensuring "fail-safes" are performed to determining alcohol concentration in the sample. A group of private criminal attorneys argued that inaccuracies in the machine's source code made its output unreliable and inadmissible in court. The court required source code be produced and reviewed to determine whether this claim was true. After producing and having forensic experts analyze the source code, the judge ruled that although the device was "severely challenged" and the source code contained several errors, overall it was sufficiently accurate.