SmartLinx Solutions LLC, Plaintiff, v. Vitzeslav Zeif, Defendant Civil Action No. 2:21-cv-711-BHH United States District Court, D. South Carolina, Charleston Division Filed October 11, 2023 Baker, Mary G., United States Magistrate Judge ORDER *1 This matter is before the undersigned United States Magistrate Judge on supplemental issues related to Plaintiff SmartLinx Solutions LLC's (“SmartLinx” of “Plaintiff”) Motion to Compel (Dkt. No. 130). By the Order of the Honorable Bruce Howe Hendricks, this motion was referred to the undersigned. (Dkt. No. 134.) The Court granted Plaintiff's Motion during a video hearing held on August 29, 2023, and issued a written order thereafter. (Dkt. Nos. 145; 146.) Relevant here, the Court ordered Defendant to supplement its production to Plaintiff's Requests for Production Nos. 40 and 42, in order to facilitate the inspection of cloud storage accounts within Defendant Vitzeslav Zeif's (“Zeif” or “Defendant”) possession or control. (Dkt. No. 146 at 2.) To facilitate this inspection, the Court stated it would appoint a neutral, third-party expert witness pursuant to Rule 706(c). (Id.) The Court further ordered: The parties must also confer and agree upon a protocol for the inspection and copying of the forensic image of Defendant's cloud storage accounts, taking particular care to prevent the disclosure of any privileged or personal, unresponsive information within the forensic image of the laptop. Given the allegations and evidence in the record, the inspection is limited to the time period of January 1, 2020 through March 1, 2021. The parties shall file a joint letter by September 11, 2023 that either: (1) identifies the agreed upon expert and protocol; or (2) explains the reason as to why the parties could not come to an agreement and includes each party's proposal for an expert and for the protocol. If the parties cannot agree upon the expert and/or the protocol, the court will consider the information in the parties’ joint letter and appoint an expert and/or establish a protocol. Once the court appoints an expert witness and a protocol is established, Defendant must make the forensic image of his cloud storage accounts available to the expert for inspection and copying in accordance with the established protocol. (Id. at 2–3.) The parties failed to timely file a joint letter in response to this Order. Instead, after receiving extensions from the Court, they filed separate letters along with their separate proposed protocols for the forensic inspection. (Dkt. Nos. 151; 153; 154.) They also submitted further briefing in support of their respective proposed protocols. (Dkt. Nos. 157; 158.) As evidenced by the parties’ prior discovery briefings, this is typical behavior from counsel in this case. Counsel's inability to effectively communicate and resolve basic issues without the Court's involvement has resulted in an unnecessarily prolonged pretrial period and has taken a significant amount of the Court's time and resources. Given this background, and with careful consideration of the parties’ proposed protocols, the undersigned issues the attached Court-ordered protocol for forensic inspection. This protocol incorporates language from both parties’ proposed versions. As an initial matter, it appears the parties agree upon the appointment of John W. Akerman as the independent examiner.0F[1] The parties further agree upon the use of 262 search terms that the independent examiner will use to review any files on Zeif's cloud storage accounts that were created, modified, accessed, or otherwise deleted during the timeframe of January 1, 2020 through March 1, 2021. Aside from these parameters, the parties largely diverge on how the independent examiner should proceed. *2 Plaintiff proposes an extensive and likely Court-involved process where the examiner would first provide the parties with a list identifying all files contained in Zeif's cloud storage accounts, apparently without any limitation to the time-period deemed relevant by the Court. According to Plaintiff, the following scenario would then occur: (1) Plaintiff would review this list and identify those files it deems responsive; (2) Zeif would be able to withhold any objectionable files and provide a privilege log to Plaintiff; (3) Plaintiff would be able to challenge any non-production and the parties would meet and confer over any asserted objections; and (4) if the parties cannot resolve the objections, Plaintiff would move the Court for an order compelling disclosure of the withheld files on an in camera basis and the Court would determine whether the file should be produced. (Dkt. No. 158 at 5.) Given the breadth of Plaintiff's proposed protocol, it is unclear what the point of the independent examiner would be. Further, given the parties’ prior protracted dealings in this case, Plaintiff's proposed protocol would require significant Court involvement. Defendant's proposal focuses on the proprietary information that is alleged to be misappropriated by Zeif; specifically, “SmartLinx scheduling software source code.” (Dkt. No. 24 at 11.) Focusing on the proprietary information at issue, Defendant proposes that the independent examiner use the SmartLinx search terms to locate files or look at every file to determine whether any file that was copied, uploaded, accessed, transferred, or deleted during the search period contained any source code of any nature. If any document contained any source code or any information describing source code, that document would be immediately produced to SmartLinx without any back and forth with Zeif and without Court involvement. (Dkt. No. 154 at 3.) Defendant asserts that this protocol lets the examiner do what he or she was hired to do, which is to review the files accessed, copied, uploaded, transferred or deleted during the relevant timeframe and let everyone know whether any computer source code was found. If they are found, the files are immediately produced to SmartLinx. If not, the examiner files a report with the Court advising that the protocol was followed and that no source code was found. (Id. at 3–4.) Relevant here, the Court granted Plaintiff's Motion to Compel the forensic inspection of Zeif's cloud storage accounts “to investigate Defendant's alleged misappropriation.” (Dkt. No. 146 at 2.) Given that Plaintiff alleges the information misappropriated was SmartLinx source code, the undersigned finds that, in connection to the Court-ordered protocol that follows, the production of copies of files within Zeif's cloud storage accounts should be limited to those files that: (1) were copied, uploaded, accessed, transferred, or deleted between January 1, 2020 through March 1, 2021; and (2) contain any SmartLinx source code or otherwise mention/describe any SmartLinx source code.1F[2] This protocol appropriately balances “the degree to which the proposed inspection will aid in the search for truth ... against the burdens and dangers created by the inspection.” Belcher v. Bassett Furniture Indus., Inc., 588 F.2d 904, 908 (4th Cir. 1978). AND IT IS SO ORDERED. PROTOCOL FOR FORENSIC INSPECTION Pursuant to the Court's August 31, 2023, Order (Dkt. No. 146) (the “Order”), Plaintiff SmartLinx Solutions, LLC (“SmartLinx”) and Defendant Vitzeslav Zeif (“Zeif”) will be bound to the following protocol for the forensic imaging and inspection of Zeif's Google Drive and Dropbox accounts identified by Zeif in his Supplemental Answer to Plaintiff's Interrogatory No. 9. SmartLinx and Zeif shall be collectively referred to as “the Parties” and each shall be referred to as “a Party.” *3 1. Purpose of Forensic Inspection: This protocol is for the copying and inspection of the forensic image of Defendant's two cloud storage accounts, a Google Drive account and a Dropbox account (“Cloud Storage Accounts”). The inspection is to determine whether the Cloud Storage Accounts contain or have contained confidential or proprietary SmartLinx source code. As ordered by the Court, this inspection shall take “particular care to prevent the disclosure of any privileged or personal, unresponsive information within the forensic image” and that “Given the allegations and evidence in the record, the inspection is limited to the time period of January 1, 2020 through March 1, 2021” (“Relevant Date Range”). 2. Retention of Agreed Forensic Examiner and Payment of Cost of Forensic Inspection: The forensic inspection shall be conducted by John W. Akerman (“Agreed Forensic Examiner”). The Agreed Forensics Examiner will report his or her findings in accordance with the protocols herein and will serve as a resource for all Parties equally. Pursuant to the Court's Order, the fees and costs for such forensic inspection shall be paid by SmartLinx. The Agreed Forensic Examiner shall submit any and all invoices directly to the Parties. 3. Access: Zeif shall make the Cloud Storage Accounts and their associated audit logs available for forensic preservation and inspection. Zeif shall provide the Agreed Forensic Examiner with any login/password or other authentication details needed to access such Cloud Storage Accounts and audit logs. 4. Background and Documents to Be Provided to Agreed Forensic Examiner: The Agreed Forensic Examiner will be provided with copies of the affidavits and declarations, and any corresponding exhibits of Tino Kyprianou, Anil Chillarige, Marina Aslanyan, Vitzeslav Zeif and Clark Walton. 5. Collection and Preservation: The Agreed Forensic Examiner will access each cloud storage account and use appropriate forensic tools to identify all content that was created, accessed, modified, or deleted during the Relevant Date Range. The Agreed Forensic Examiner shall use his best available tools and technology to restore any files that were deleted or archived during the Relevant Date Range. contained in the Cloud Storage Accounts. Google Drive may include recent files, Spam, Trash, Synchronizations, and all available file activities. The content that is identified will be to the satisfaction of the Agreed Forensic Examiner. The Agreed Forensic Examiner shall preserve and collect these files and audit logs and may use specialized software designed for this purpose. The Agreed Forensic Examiner shall preserve the integrity of the data and ensure that it is not altered in any way. The Agreed Forensic Examiner will hash the data collected. Specific to the Relevant Date Range, the Agreed Forensic Examiner will use best efforts in preserving, collecting, or documenting each time a user of the Cloud Storage Accounts logged in, shared, modified, downloaded, uploaded or otherwise transferred any files to other devices such as computer, iPad, mobile device, hard drive, thumb drives, or other electronic storage device or cloud storage account. 6. Keyword Search/Inspection of the Cloud Storage Accounts: The Agreed Forensic Examiner shall conduct the search(s) and identify all documents in the Cloud Storage Accounts within the Relevant Date Range that contain any of the keywords and search terms included in Attachment 1. The Agreed Forensic Examiner shall then inspect each document containing any of such keywords and search terms to determine whether any such documents contain any SmartLinx source code or otherwise mention/describe any SmartLinx source code (“Search Materials”). The Agreed Forensic Examiner shall further use his or her best available tools and technology to restore any files that were deleted or archived during the Relevant Date Range and shall include within the search Spam, Trash, Synchronizations, and all available file activities during the Relevant Date Range. *4 7. Parameters of Search/Inspection of the Cloud Storage Accounts: All search terms and keywords used by the Agreed Forensic Examiner are case insensitive and may be used in conjunction with multiple keywords and expressions, or combination of keywords and expressions, whether or not contained in quotes, for purposes of narrowing the potentially relevant files. In applying date parameters, and because copying a file to other media may alter date information, the Parties agree that the date filter for any search that is conducted shall include any files created, modified, accessed, or otherwise deleted during the Relevant Date Range. 8. Search Materials: In the event that any content of the Files contains any Search Materials, the Agreed Forensic Examiner shall identify, to the extent possible, any time during the Relevant Date Range that a user of the Cloud Storage Accounts accessed, modified, copied, shared, downloaded, uploaded files, or transferred any Search Materials to any other devices such as computer, iPad, mobile device, hard drive, thumb drive, or other electronic storage device or cloud storage account. 9. Findings: a. In the event that any Files contain any Search Materials, the Agreed Forensic Examiner shall provide the Parties with a copy of any file containing Search Materials and all available information about the file, such as file name, file type, usage history (including all dates the document was created, accessed, modified, deleted, printed, emailed, saved to the Cloud Storage Accounts, and/or disseminated from the Cloud Storage Accounts), and any other available information or metadata related to the usage of the file. In such event, the Agreed Forensic Examiner may be deposed by either party concerning his or her findings. To the extent the Agreed Forensic Examiner is unsure whether a specific file contains any Search Materials, he may notify the parties with the following information about the file: file name, file type, usage history (including all dates the document was created, accessed, modified, deleted, printed, emailed, saved to the Cloud Storage Accounts, and/or disseminated from the Cloud Storage Accounts), and any other available information or metadata related to the usage of the file. If the parties disagree on the production of a copy of any such file, Plaintiff can move for an order compelling the disclosure of the withheld information, and Defendant will be required to file the contested document with the Court on an in camera basis. b. If no Search Materials are found to have been stored on the Cloud Storage Accounts during the Relevant Date Range, the Agreed Forensic Examiner will prepare a report to the Court confirming that the examination of the Cloud Storage Accounts was conducted in accordance with this protocol and confirming that such examination found no Search Materials in such accounts during the Relevant Date Range. Upon submitting such a report, the Agreed Forensic Examiner shall be discharged of further involvement in this case, but shall preserve the materials related to the case until such time as directed to purge such materials by counsel to the Parties. 10. Waiver: The agreement to this protocol and the examination of the Files shall not constitute a waiver of any privileges that may apply. The Files reviewed shall be maintained in strict confidence by the Agreed Forensic Examiner and shall not be the subject of any inquiry or examination by the parties beyond what is contained herein. 11. Confidentiality: The Parties and the Agreed Forensic Examiner agree that all information and documents collected from the Cloud Storage Accounts in connection with this Stipulated Protocol shall be treated as “Confidential” pursuant to the September 20, 2022, Confidentiality Order (Dkt. No. 54) issued in this case. Such information and documents may not be shared with anyone other than the Parties and their counsel, the Parties’ privately retained forensic examiners, and/or the Agreed Forensic Examiner. *5 12. Other Provisions: a. The Parties shall have the right to depose the Agreed Forensic Examiner, request that he make a report of his findings, and/or call him to testify at trial. b. The Parties shall have the right to provide further joint instructions to the Agreed Forensic Examiner by agreement or court order. c. The Agreed Forensic Examiner shall reach out to the Parties jointly with any questions about how to implement this Court-ordered Protocol. d. To the extent the Parties disagree with any portion of the Protocol described herein, they must appeal the instant Order to the District Judge. e. The Protocol described herein must be completed by December 4, 2023. f. Following the conclusion of this matter, the Parties will jointly instruct the Agreed Forensic Examiner to purge the preserved files of the Cloud Storage Accounts and all documents collected in relation thereto as well as any related reports. IT IS SO ORDERED. ATTACHMENT 1 File Listing Searches Android Clock - GTM Task List Payroll ARR by Client - Internal Paycom WhitepapterWhat-Employees-Want-Healthcare Paycom Health Care Industry's Plan Infographic Paycom Whitepapter How Self-Service Tech Can Boost Employee Experience in Health Care WorkforceCaseStudy_DominosIsrael Competetive Informtion - Paycom WFS_Treands_For_Hourly_Employees Competetive Informtion - Workforce Solutions Competetive Informtion - OnShift WFS_BR_Healthcare_US WFS_DS_Employee_Self_Service_and_Assistants WP024_Meeting_Expectations_of_Today's_Workforce Development Backlog Message Center P&L Model Payroll ARR by Client - Internal Payroll ARR by Client - External Message Center - GTM Task List NPS TA Detractor Follow Up User Interview - 2-26-2021 Heather Hallihan NPS Detractor Follow Up User Interview - 2-25-2021 Ardeshia Hutchinson PaycorSOBusinessFlow Paylocity_SLX Analysis 2-25-2021 - Covenant Care - Lori Sudduth 2021-02-24 Programs Review JobAid_Message Center Overview JobAid_Opting Into Messaging Gale_SLX proposed workflow Payroll Metrics 20210224 Create a Schedule Rotation SLX6 Team OKR Split Copy of SmartLinx- Paycor RFP PayrollRFP.Summary inbox user relationship SLATE User Manual 12-31-2020 - Benedictine Health System - Dodee Horgan 2-18-2021 - ELC - Message Center - Leslie M Stone Avg Worked Hours by Pay Cycle 2-17-2021 NPS User Interview - Charlene Abel CareOne Moorestown QA Interop Project Update 2021-02-18 Programs Review Datasets BI Payroll Metrics 20210218 IOT Project Overview SM_QA_ValueAdd_Interop 2021 OKRs - WFM_Slava OKRs for WFM_Slava SmartLinx Review Session - Erin McNellis Payroll Product Qualifiers.Paycor Payroll Product Qualifiers - Netchex Payroll Metrics 20210210 2021-02-10 Programs Review QA Interop Project Update SM_QA_ValueAdd_Interop 2021-02-03 Programs Review modifying-the-schedule-slx6 PaycorSOBusinessFlowVersion Projected Hours [MOBILE].studio Projected Hours [IPAD].studio bProjected Hours.studio Daily Unit Assignment.studio aMaster schedule.studio Individual schedule.studio Individual schedule [DESKTOP] IPwhitelist.studio Configuration - Master File [IPAD].studio *6 ESS user templates [MOBILE].studio ESS user templates [IPAD].studio ESS user templates.studio Dependents Enrollment into Benefits from Benefit Plan Details .studio Enrolling dependents.studio Benefit Class Configuration.studio Benefits [IPAD].studio Benefits [MOBILE].studio Benefits.studio Benefits - Detail record.studio Dashboard - Configuration [IPAD].studio Dashboard - Configuration.studio Dashboard - Configuration [MOBILE].studio Dashboard - Menu.studio Notifications.studio Export Management Enhancements.studio Export Management Enhancements [MOBILE].studio Export Management Enhancements [IPAD].studio Payroll Export [MOBILE].studio Payroll Export.studio timecards-v2 (3).studio timecards-v2 [IPAD].studio timecards-v2 [MOBILE].studio Workers’ comp- Roster.studio Workers’ comp- Roster [IPAD].studio HRMS - master file.studio Workers’ comp- Roster [MOBILE].studio HRMS - menu entrance.studio HRMS - master file - Ipad.studio HRMS - master file - mobile.studio Add employee.studio Add employee [MOBILE].studio Add employee [IPAD].studio Employee communication.studio Employee communication [MOBILE].studio Employee communication [IPAD].studio Search.studio Search [MOBILE].studio Search [IPAD].studio Employee Profile - Warnings.studio ACA - Employee Profile.studio ACA - Employee Profile - ACA Section .studio ACA - Manage Employers.studio ACA Director [Desktop].studio ACA - Measurement Details - v2.studio ACA Director [IPAD].studio WorkLinx 1095C Support Guide ACA Director [MOBILE].studio ACA - Measurement Details.studio ACA - Measurement Details.i [MOBILE].studio ACA - Measurement Details.ii [IPAD].studio ACA - Manage Employers [sofi old].studio ACA - Measurement Details.studio image (24) will's mail ACA - Audit Trail.studio ACA Audit Trail SMS - Interactions.studio Compliance tab [DESKTOP] Message Center - INTERACTIONS [Desktop].studio Call Log - NEW.studio Message Center [MOBILE].studio message center will changes.studio Message Center Call Log.studio Message Center - SMS [DESKTOP] Message Center [IPAD].studio ARCHIVE [mobile] - message center.studio ARCHIVE [ipad] - message center.studio Messaging v6 - Desktop [inbox, posts].studio ARCHIVE [desktop] - message center.studio INBOX [desktop] - message center.studio INBOX [ipad] - message center.studio INBOX [mobile] - message center.studio Projected Employee Hours SLX6 Modifying the Schedule SLX6 Managing the Daily Census SLX6 Master Schedule Overview SLX6 MicrosoftTeams-image (35) MicrosoftTeams-image (34) Get Hire WOTC Process-WPEdit1 Managing Open Shift Requests SLX6 Mass Update Specification - Accrual Plans Netchex_SLX Analysis QA Interop Project Update Paycor_SLX AnalysisProduct Payroll Metrics 20210203 PaycorSOBusinessFlow Paycor-Smartlinx Partner Playbook SmartLinx Accrual Balance Import Specifications PaycorSOBusinessFlow MicrosoftTeams-image PaycorSOBusinessFlow Key Terms Searches (regardless of case) SZEIF SLX IT SLX Master File DBO VSTS Fetch-Head Worklinx scrum roadmap or road map logcat SLAVA User Manual Payroll Metrics UI-UX HRMS BusinessFlow Request_Failed timecards GTM Custom_Fields ACA Director FETCH_HEAD-SLXNJ internal Paycor Interop paycom *7 Accrual WEB_HR_ Android Clock Specifications Master Schedule Schedule PBJ Time clock SLATE TA SO HRMS GO clock Ideal Schedule ACA Accruals Agency 3rd party integration Payroll Diligence Rules Battle Card Client Wish list Go to Market RICE Market Research Price Book bootcamp Strategy Demo 2021 2020 2019 2018 1095 Release WEB_V6 Spotlight Smartlinx Direct care BHS Kings Harbor AGS Trilogy Cassena Careone Parker Azure GTM Message Center Logcat QTM Workflow Timecard Staffing File Extensions Searches .jpeg .png .sql .cs .bak .studio .git .MP4 .drawio .rar .zip .7z Footnotes [1] Defendant consents to Mr. Akerman “so long as he has not had a previous business relationship with the law firms that have appeared in this case.” (Dkt. No. 157 at 1.) On this issue, the Court's only concern is that the independent examiner has not had any prior involvement in this case or otherwise with SmartLinx, Zeif, or third-party IntelyCare, Inc. Given that this is not an issue with Mr. Akerman, the undersigned appoints John W. Akerman as the independent examiner here. [2] Plaintiff expresses concern that the independent examiner will not “know whether a particular document contains source code upon reviewing it.” (Dkt. No. 158 at 7 n.6.) Expanding the production to “any SmartLinx source code” should alleviate Plaintiff's concerns that the examiner may not be able to identify the specific software allegedly misappropriated. Again, it is unclear what the point of an independent forensic examiner would be if they were unable to review the files at issue and identify which files contain or mention source code. Further, the Court-ordered Protocol provides a process to resolve any such potential confusion, should it occur.