The court begins by setting forth the rather tedious amount of background information that is necessary for understanding Fortinet's motion for sanctions.

This case arises from Sophos's employment of several former Fortinet employees. Fortinet and Sophos are competitors in the field of network security solutions. Fortinet claims that in early 2013 Sophos systematically recruited Fortinet's high-level employees, wielded their information to solicit other Fortinet employees, and used the ex-Fortinet employees to acquire Fortinet's proprietary information. Fortinet filed this lawsuit on December 16, 2013, and a month later filed an amended complaint against Sophos and two former Fortinet employees, Michael Valentine and Jason Clark. Sophos eventually employed at least nine additional former Fortinet employees; only Valentine and Clark were named as Defendants. The court refers to those nine employees, plus Valentine and Clark, as “the former Fortinet employees.”

The claims against Valentine and Clark were resolved through private arbitration in which the arbitrator issued a final award in March 2015. The claims remaining in this case are: (1) six claims of patent infringement; (2) intentional interference with contracts; (3) misappropriation of trade secrets; (4) civil conspiracy; (5) aiding and abetting breach of fiduciary duty; and (6) violation of the California Unfair Competition Law, Cal. Bus. & Prof. Code § 17200 et seq.

California Civil Code § 2019.210 requires a plaintiff bringing a claim for trade secret misappropriation to identify the trade secrets with “reasonable particularity” before related discovery begins.[2]

On August 5, 2014, Fortinet provided a Section 2019.210 disclosure which Sophos rejected as insufficient. In September 2014, Fortinet served a supplemental disclosure, which Sophos again deemed insufficient. At that point, with the Clark and Valentine arbitration approaching, the parties set aside the trade secret issues, and focused on discovery related to the claims at issue in the arbitration. Broader discovery resumed after the conclusion of the arbitration. On May 1, 2015, Fortinet updated its Section 2019.210 disclosure, and on May 11, Sophos acknowledged its sufficiency.

*2 According to Fortinet, Sophos did not allow any discovery on trade secrets issues until Fortinet updated its Section 2019.210 disclosure on May 1, 2015. Fortinet's motion is based solely on Sophos's conduct after May 1, 2015.

Fortinet served its first set of Requests for Inspection (“RFIs”) on March 9, 2015, seeking to inspect and perform forensic imaging[3] on computing devices used by the former Fortinet employees. These five RFIs sought inspection of both Sophos-issued devices and any personal devices used by the former Fortinet employees for the purposes of employment. Fortinet believes that inspection of these devices may show whether any of the former Fortinet employees accessed, downloaded, or sent any Fortinet trade secrets for Sophos's benefit.

On April 8, 2015, Sophos served objections and responses to each RFI, and refused to make the devices available, in part because Fortinet's Section 2019.210 disclosure was still inadequate. Sophos's objections and responses to these RFIs are discussed in detail below.

As noted above, Fortinet served an amended Section 2019.210 disclosure on May 1, 2015. On May 11, Sophos responded by email. In the May 11 email, Sophos conceded that the amended Section 2019.210 disclosure was sufficient “for discovery purposes,” and stated that it would begin producing documents related to Fortinet's trade secrets claim. Fortinet Ex. J. Sophos also stated that it would “revisit[ ] Sophos's response to Fortinet's [RFIs].” The parties then continued to dispute the scope and procedures for Sophos's responses for at least another six weeks.

In its May 11, 2015 email, Sophos objected to the inspection of the devices of Valentine and Clark on the basis of res judicata. On May 13, the parties met and conferred, and eventually filed a joint discovery letter on May 21. Docket No. 130. In the letter, Sophos argued that res judicata applies to prohibit the inspection of Valentine and Clark's personal and Sophos-issued devices because Fortinet could have obtained such discovery during the arbitration but elected not to.

Meanwhile, on May 29, Sophos produced documents relevant to Fortinet's trade secrets claim that it had previously withheld due to the insufficiency of Fortinet's Section 2019.210 disclosure. This production included “documents potentially responsive ... [to the trade secret misappropriation claim] collected from [Valentine and Clark's] Sophos-issued laptops.” Fortinet Ex. N.

On June 1, Sophos informed Fortinet that it had “reconsidered” the position that it had taken in the May 21 discovery letter regarding the discovery of further materials from the Valentine and Clark devices. With respect to their Sophos-issued devices, Sophos's maintained its position that it would not permit inspection, but changed its reasoning. Sophos explained that it was not resting on its res judicata objection, but instead on the fact that it had inspected those devices and had produced all relevant documents on May 29. With respect to their personal computers, Sophos agreed to drop its res judicata objection and to permit “Fortinet's outside expert” to inspect them. Id. This resolved the May 21 joint discovery letter.

*3 Fortinet requested that Sophos circulate a draft submission informing the court that the hearing on the discovery letter should be taken off calendar, but this did not occur. The court did not learn that the matter had been resolved until the June 25 hearing.

Sophos took a different position regarding inspection of the devices belonging to former Fortinet employees other than Valentine and Clark. It did not argue that res judicata precluded those inspections. Instead, Sophos recognized “that the other ex-Fortinet employees were not party to the arbitration, and thus has agreed to allow a limited inspection of those other employees' computers.” Docket No. 130 at 7. Sophos noted, however, that “[a]ppropriate inspection procedures [needed to be] worked out between the parties.” Id.

At a meet and confer on May 26, 2015, Sophos further clarified that it would only allow inspection of personal devices (i.e., not Sophos-issued devices) used by former Fortinet employees “that contained any sort of Fortinet document that might possibly be relevant.” Fortinet Ex. M; Neukom Decl. at ¶ 18. Sophos further stated that it would not allow inspection of any former Fortinet employees' Sophos-issued laptops, “because Fortinet will be receiving this week all previously-withheld documents from these computers,” in the May 29 document production. Fortinet Ex. M at 4. Sophos also informed Fortinet that “it was still gathering data on which ex-Fortinet employees have personal computers that may contain Fortinet documents,” and confirmed that “it currently has devices from Kendra Krause and Jason Acosta that it will allow to be inspected, by an outside expert who has signed the protective order.” Id. at 5.

Fortinet informed Sophos on May 28 that Fortinet's “outside counsel” wanted to inspect the Krause and Acosta devices, and attempted to schedule a time for the inspection. Fortinet Ex. GG at 1. Sophos responded on May 29 stating that “Sophos will allow a monitored inspection of these devices, by an outside expert who has signed the protective order,” but pointed out that “Sophos never agreed to allow outside counsel to conduct the initial inspections.” Id. (emphasis in original).

Because the parties were not able to resolve these issues, they filed a second joint discovery letter on June 2, 2015. See Docket No. 138. In the second letter, Sophos raised two concerns. First, it repeated its position that it was willing to permit inspection of the personal devices of the former Fortinet employees, but not their Sophos-issued devices, because Sophos had already inspected these devices and produced relevant documents to Fortinet. Second, Sophos noted its continuing concern about the inspection procedures: Sophos believed the initial review of the computer images should be conducted by an outside expert, whereas Fortinet believed that its outside counsel should be permitted to inspect the images.

After the parties filed the second discovery letter, they continued to meet and confer. Fortinet apparently initiated the meet and confer on June 9, 2015 a week after the parties filed their second joint letter. Fortinet maintained its position that its outside counsel could inspect the devices, but for the purposes of accessing the information as soon as possible, it agreed to have the devices inspected by an outside e-discovery vendor/expert. Fortinet Ex. P at 4.

*4 On June 11, Sophos responded that Fortinet “still has not proposed a protocol, other than informing us it wants an outside vendor to inspect. We have provided our position numerous times ... that a qualified third party would conduct the initial inspection, and identify which documents he/she believes needs to be produced. Sophos would then review those documents for privilege and responsiveness and then would produce them to Fortinet.” Id. at 2.

On June 12, Fortinet took issue with Sophos's use of the term “qualified third party,” but otherwise did not respond to the relevant portion of Sophos's June 11 letter.

Later that same day, Sophos clarified that it used the term “ ‘qualified third party’ instead of ‘expert’ to include Fortinet's outside vendor, as you proposed.” Id. at 1. In the same email, Sophos offered to permit Fortinet's outside vendor to inspect six personal computers for ten hours on June 16, the deadline for completion of fact discovery. Id.

Despite its belief that Sophos's offer was too little, too late, Fortinet agreed to inspect the six devices on the terms offered by Sophos. Fortinet's outside vendor inspected these devices on June 16.

On February 13, 2015, Fortinet served a request for a deposition pursuant to Federal Rule of Civil Procedure 30(b)(6) on the topic of Fortinet's allegations of trade secret misappropriation. Sophos objected on the basis that Fortinet's Section 2019.210 disclosure was insufficient. On May 29, after Fortinet had cured the insufficiency in its Section 2019.210 disclosure, Sophos offered Clark as the designee and made him available for a deposition in Dallas on June 16.

Fortinet requested a later date for the deposition, beyond the discovery deadline, in order to conduct the deposition after its outside vendor had inspected the devices that Sophos would make available on June 16. Sophos responded that Sophos's knowledge of Fortinet's trade secrets misappropriation allegations was not dependent on Fortinet's inspection of the devices, so the timing of the Rule 30(b)(6) deposition vis-à -vis the inspection of devices was irrelevant. Furthermore, Sophos noted, “[t]o the extent that Fortinet believes further depositions ... are necessary following any inspection, that is a separate issue that can be addressed at a later time.” Fortinet Ex. U at 4.

Despite Fortinet's continuing objection to the date of the deposition, Fortinet accepted the offer because it felt it might have no opportunity to take the deposition if it refused. Therefore, on June 16, Fortinet took the deposition of Clark as Sophos's Rule 30(b)(6) designee on the topic of trade secret misappropriation.

During his deposition, Clark testified, and Fortinet learned for the first time, that Sophos's counsel and e-discovery vendor had taken forensic images of all of the relevant devices used by the former Fortinet employees in February-May 2014, when Sophos informed its employees of a litigation hold on relevant devices. Fortinet Ex. V at 13:5-13, 15:5-7; Mot. at 15 n. 9 (listing devices).

After Fortinet's outside vendor inspected the devices and Fortinet's counsel deposed Clark, Fortinet reached out to Sophos on June 23, 2015 with a “proposal”: that Sophos would immediately produce “every image file ... from every device to which any former Fortinet employee has had access since joining Sophos”; produce every device itself (not just the image files) for inspection within three days; and supplement Sophos's discovery responses to provide an accounting of all devices the former Fortinet employees have had access to during the relevant times. Fortinet Ex. W at 2. Sophos refused this proposal on June 24.

*5 On June 25, the parties the parties met and conferred about the two discovery letters prior to the hearing. They were largely able to resolve their issues without court intervention. Docket No. 161.

The parties later filed a stipulation memorializing their agreement, which the court entered. See Docket No. 170 (June 30 Stipulation and Order). Therein, the parties finally agreed upon the inspection procedures: the inspections would be performed initially by Fortinet's outside vendor, who would run keyword searches and other analyses of the devices, and then provide Fortinet's counsel with the results of those analyses; Fortinet would then request specific files; and Sophos would have an opportunity to assert privileges or privacy objections over the requested materials. Id. at ¶ 6.

Sophos agreed to (1) provide all forensic images in its possession from the former Fortinet employees, including Sophos-issued and personal computers, phones, and USB devices; (2) attempt to locate and provide images of all USB devices identified by Fortinet as having been connected to the former Fortinet employees' personal laptops; (3) provide all devices responsive to the RFIs that had not been imaged by Sophos within the last six months; and (4) provide an accounting of all devices in its possession responsive to the RFIs. Id. at ¶¶ 1-3, 5.

On June 29, 2015, Sophos produced all of its then-extant image files for inspection and provided an accounting of the former Fortinet employees' devices. Sophos also produced for inspection several computers for new scans during the week of June 29 to July 3.

Fortinet contends that Sophos failed to comply with the June 30 Stipulation and Order because its accounting of the devices did not include certain USB drives and external drives, specifically (1) the USB drives that R.A. testified that he used for storing Fortinet work data; (2) D.S.'s external drive that he used for backing up Fortinet data; and (3) 27 other USB drives that were connected to the personal and Sophos-issued laptops of the former Fortinet employees, as evidenced by the forensic images of those laptops. Fortinet also contends that Sophos failed to comply with the Stipulation and Order because it failed to produce for inspection certain computers and phones that Fortinet believes Sophos should have produced, including: (1) D.D.'s personal computer, which Sophos averred was in the possession of J.C.'s daughter for use at college; (2) J.C.'s second personal computer; (3) R.A.'s personal computer; and (4) A.V.'s iPhone. At the hearing, Fortinet's counsel noted several other devices that Fortinet believed Sophos should have produced for inspection.

Fortinet has run keyword searches on the devices and images provided by Sophos to date. According to Fortinet, these searches show numerous hits for the search terms: (1) “Fortinet,” 1.6 million files/hits; and (2) “Fortinet” + “Confidential,” nearly 400,000 files/hits, including 260,000 files/hits on Sophos-issued laptops, and 171,000 files/hits that have been accessed by the former Fortinet employees after they started work at Sophos.

*6 On August 3, 2015 after Fortinet filed its motion for sanctions, Sophos produced 800,000 documents. Neither party has explained the source of these documents (e.g., whether they came from Sophos-issued devices, personal devices, or other sources), or to which discovery requests and subject matters (e.g., trade secrets misappropriation) they are responsive.

Fortinet requests sanctions pursuant to 28 U.S.C. § 1927, Federal Rule of Civil Procedure 37, and the court's inherent authority.

Section 1927 of Title 28 of the United States Code provides: “Any attorney or other person admitted to conduct cases in any court of the United States or any Territory thereof who so multiplies the proceedings in any case unreasonably and vexatiously may be required by the court to satisfy personally the excess costs, expenses, and attorneys' fees reasonably incurred because of such conduct.”

“Sanctions pursuant to section 1927 must be supported by a finding of subjective bad faith.” Blixseth v. Yellowstone Mountain Club, LLC, No. 12-35986, ––– F.3d ––––, 2015 WL 4620096, at *2 (9th Cir. Aug. 4, 2015) (citation omitted). The Ninth Circuit has held that “[b]ad faith is present when an attorney knowingly or recklessly raises a frivolous argument or argues a meritorious claim for the purpose of harassing an opponent.” Id. (imposing sanctions under Section 1927 where attorney proffered email evidence “without even alluding to the fact that in another action ... affidavits and supporting documents [ ] conclusively demonstrate that the ‘evidence’ is forged”).

“[T]he district court has the inherent authority to impose sanctions for bad faith, which includes a broad range of willful improper conduct.” Fink v. Gomez, 239 F.3d 989, 992 (9th Cir. 2001). “To impose sanctions under its inherent authority, the district court must make an explicit finding ... that counsel's conduct constituted or was tantamount to bad faith.” Christian v. Mattel, Inc., 286 F.3d 1118, 1131 (9th Cir. 2002). See also B.K.B. v. Maui Police Dep't, 276 F.3d 1091, 1107-08 (9th Cir. 2002) (attorney's knowing and reckless introduction of inadmissible evidence was tantamount to bad faith and warranted sanctions under Section 1927 and the court's inherent power); Fink v. Gomez, 239 F.3d 989, 993-94 (9th Cir. 2001) (attorney's reckless misstatements of law and fact, combined with an improper purpose, are sanctionable under the court's inherent power).

Federal Rule of Civil Procedure 37 authorizes the imposition of various sanctions for discovery violations, including a party's failure to obey a court order to provide or permit discovery and failure to timely supplement initial disclosures and/or discovery responses pursuant to Rule 26(e). Fed. R. Civ. P. 37(b)(2)(A), (c)(1). Such sanctions may include ordering a party to pay the reasonable expenses, including attorneys' fees, caused by its failure to comply with the order or rule. Fed. R. Civ. P. 37(b)(2)(C), (c)(1)(A).

Fortinet identifies at least seven courses of action committed by Sophos which justify sanctions under the court's inherent authority or Section 1927: (1) Sophos's representations about its May 29 production of documents; (2) Sophos's representations about whether it had possession, custody, or control of the relevant devices; (3) Sophos's changing positions on the devices of the former Fortinet employees other than Clark and Valentine; (4) Sophos's representations about its possession of the image files for the devices belonging to Krause and Acosta; (5) Sophos's argument regarding res judicata; (6) Sophos's refusal to concede the two joint discovery letters; and (7) Sophos's general “chicanery.” Mot. at 21-22; Reply [Docket No. 195] at 1-9.

*7 Fortinet also seeks sanctions under Rule 37 for Sophos's alleged violation of the June 30 Stipulation and Order, i.e., Sophos's alleged (1) failure to account for all USB devices and external devices and (2) failure to identify and provide other devices sought by Fortinet.

The court reviews each of the challenged actions.

As noted above, after Fortinet served its second supplemental Section 2019.210 disclosure on May 1, 2015 and Sophos accepted it as sufficient on May 11, Sophos indicated that it would produce documents relevant to Fortinet's trade secrets claim. Sophos did so on May 29.

In the June 2 discovery letter, Sophos characterized its May 29 production of approximately 350 documents as containing “all documents from the Sophos [-issued] computers that are potentially responsive to Fortinet's document requests related to its claim against Sophos for trade secret misappropriation” and “all previously-withheld potentially relevant documents.” Docket No. 138 at 5, 6, and n. 3.

According to Fortinet, Sophos's subsequent voluminous document productions prove that Sophos's characterization of its May 29 document production is false. Specifically, Fortinet says that its inspection of the former Fortinet employees' devices have revealed hundreds of thousands of hits for the keyword searches [“Fortinet”] and [“Fortinet” and “Confidential”], some of which show that the documents have been accessed after the former Fortinet employee began working at Sophos. Fortinet also notes that its preliminary review of the 800,000 documents that Sophos produced on August 3 reveals 30,000 documents with the terms [“Fortinet” and “Confidential” but not “Sophos”], including Fortinet's internal reports and competitive reports, as well as Sophos emails indicating that a former Fortinet employee would rely on contacts developed at Fortinet for Sophos's benefit. Margeson Decl. at ¶¶ 4-5; Fortinet Ex. HH and II.

There are two problems with Fortinet's argument. First, Sophos made clear that its May 29 production came from Sophos-issued devices, not personal devices. Fortinet's argument rests on data from all devices, including personal ones. For that reason, most of Fortinet's data cannot be used to discredit Sophos's assertions about production of documents found in the Sophos-issued devices. The only data specific to Sophos-issued devices is the fact that a search for the terms [“Fortinet” and “Confidential”] returned 160,000 files/hits on Sophos-issued devices. This data is also lacking, because Fortinet does not explain whether any of these 160,000 hits appear in files that were not in the May 29 production, and Sophos has explained how Fortinet's hit count is likely inflated by duplicate or unreadable files.

Second, and more fundamentally, Sophos did not unequivocally assert that its May 29 production was a complete production of relevant documents from the Sophos-issued computers. Sophos stated that it “has produced all potentially relevant documents from [Sophos-issued computers],” Docket No. 138 at 6, and further clarified this statement in a footnote that says Sophos had produced “all previously-withheld potentially relevant documents.” This can reasonably be interpreted to mean that on May 29, Sophos produced all relevant documents from the Sophos-issued computers that its attorneys had reviewed up to that date, not that Sophos was representing that its review and production of documents was complete. Indeed, as of June 2, the date of Sophos's statements now challenged by Fortinet, fact discovery was still open.

*8 Accordingly, the court finds that Sophos did not behave recklessly, unreasonably, vexatiously, or in bad faith when it represented to Fortinet on June 2 that on May 29, it had produced all previously-withheld relevant documents from Sophos-issued computers.

According to Fortinet, Sophos's April 8, 2015 responses to Fortinet's RFIs stated unequivocally that Sophos did not have possession, custody, or control of the personal devices belonging to the former Fortinet employees. Fortinet argues that this amounted to a misrepresentation, because Sophos not only possessed the devices, but had imaged them a year prior, in 2014.

Upon review, the court finds that Sophos did not make the unequivocal statements attributed by Fortinet. Sophos's objections to the RFIs were conditional: Sophos objected generally to the requests “to the extent[they] seek inspection of items not within the possession, custody, or control of Sophos,” Fortinet Ex. H at 1 (emphasis added). Sophos objected specifically to each request on the basis that it “seeks items that may be outside of Sophos's possession, custody, and control.” Id. at 2-5 (emphasis added). In its responses Sophos said, “To the extent Fortinet is seeking to inspect the Former Fortinet Employee's personal computers and devices, those computers and devices are outside of Sophos's possession, custody, and control. To the extent any such computer or device is within Sophos's possession, custody or control, Sophos will not permit the requested inspection unless and until Fortinet fully complies with [Section 2019.210].” Id. at 2. These two sentences, when read together, do not state that Sophos unequivocally disclaims possession, custody, or control of the personal devices; instead, they communicate that Sophos does not have some of the responsive devices but may have others, and that Sophos will not produce devices that it has unless Fortinet provides the required disclosures.[4] While these two sentences are not a model of clarity, they do not constitute reckless or bad faith conduct.

Accordingly, the court finds that Sophos's April 8 objections and responses to Fortinet's RFIs did not misrepresent Sophos's possession, custody, or control over the personal devices of the former Fortinet employees, and therefore cannot form the basis for sanctions.

Fortinet contends that “almost immediately” after agreeing on May 21 to produce devices for other former Fortinet employees, Sophos rescinded that agreement. Mot. at 22.

In the May 21 joint discovery letter, Sophos “agreed to allow a limited inspection of other ex-Fortinet employees' computers,” but also noted that “[a]ppropriate inspection procedures have not yet been worked out between the parties.” Docket No. 130 at 7 and n. 4. In a subsequent meet and confer communication on May 26, Sophos further clarified that it would only allow inspection of personal devices (not Sophos-issued devices) to the extent the personal devices had relevant information. Sophos indicated that at that point, it had determined that the personal devices of Acosta and Krause contained relevant information. Fortinet Ex. M.

*9 Fortinet contends that Sophos's May 26 statement amounts to a bad faith “change in position,” apparently because Fortinet understood Sophos's May 21 statement to mean that Sophos would be allowing inspection of the personal and Sophos-issued devices of all former Fortinet employees besides Valentine and Clark. The court cannot read Sophos's May 21 statement as expansively as Fortinet does. Sophos's May 21 statement is not an unequivocal or unconditional agreement to permit Fortinet to inspect all devices of all other former Fortinet employees. When read in the context of the letter rather than as an isolated snippet, Sophos simply acknowledges that the res judicata argument it raised against the inspection of Valentine and Clark's devices does not apply to the other former Fortinet employees, and thereby opens the door to the possibility of inspection of their devices. Sophos's subsequent clarifying statements on May 26 do not amount to sanctionable bad faith or reckless behavior.

Next, Fortinet seeks sanctions relating to Sophos's alleged May 27 misrepresentation that it only had the personal devices for Krause and Acosta and no other former Fortinet employees, when in fact Sophos had long possessed all of the former Fortinet employees' personal devices and had imaged them a year before.

Again, a careful reading reveals that Sophos's representations are foggy, but not untrue. In the May 27 letter, Sophos notes that it will “allow inspection of the personal devices of the former Fortinet employees' personal computers that contained any sort of Fortinet document that might possibly be relevant.” Fortinet Ex. M at 4. Sophos continued that it had “informed Fortinet that it was still gathering data on which ex-Fortinet employees have personal computers that may contain Fortinet documents. Sophos confirmed that it currently has devices from Kendra Krause and Jason Acosta that it will allow to be inspected, by an outside expert who has signed the protective order.” Id. at 5. In this passage, Sophos communicates that the Krause and Acosta devices were the only personal devices for which Sophos had determined (as of that date) to contain possibly relevant information. Contrary to Fortinet's interpretation, Sophos did not represent that the only personal devices it had in its possession were those belonging to Krause and Acosta. Again, Sophos's statements are not crystal clear, but they are not sanctionable.

Fortinet contends that Sophos's res judicata argument in the May 21 discovery letter was “blatantly wrong” and “Sophos's counsel knew or should have known that it was wrong.” Reply at 11-12. Sophos responds that its res judicata argument has merit, and that it “fully intends to pursue that argument at the appropriate time,” Opp. at 17, but that it dropped the argument in an attempt to resolve the discovery dispute without judicial intervention.

Sophos's res judiciata argument is weak. As a procedural matter, it may not have been timely raised. As to substance, it is a stretch to argue that res judicata can be applied so that discovery conduct in an arbitration between two parties precludes discovery relevant to a claim whose merits have never been resolved against a different third party. Sophos failed to cite any cases supporting its position in the May 21 joint discovery letter and in its opposition to the motion for sanctions. Nonetheless, the court finds that even if Sophos's res judicata objection is anemic, it does not rise to the level of recklessness, frivolousness, or bad faith required for sanctions. Compare Lahiri v. Universal Music & Video Distribution Corp., 606 F.3d 1216, 1219-21 (9th Cir. 2010) (finding bad faith where attorney “knowingly and recklessly pursu[ed] a frivolous copyright infringement claim and litigat[ed] claim in bad faith” for five years, because under Indian copyright law, composer had no copyright interest in music he composed for hire which attorney would have known had he conducted “even a cursory investigation into the circumstances” of the composition).

*10 Fortinet seeks sanctions for Sophos's “refusal to concede” on the joint discovery letters. Mot. at 22.

With respect to the first discovery letter, the record indicates that Sophos informed Fortinet that it would not be pursuing its res judicata objection on June 1, more than three weeks prior to the hearing on that matter. This mooted the discovery dispute. Unfortunately, neither party informed the court that the issue had been resolved, causing the court to devote resources to analyze a non-existent problem. The court admonishes both parties for failing to inform the court that their joint letter had been resolved. The court finds that Sophos did not commit bad faith or reckless conduct by raising and then withdrawing its res judicata objection. With respect to the second discovery letter, Fortinet contends that Sophos should be sanctioned for its refusal to accept Fortinet's June 23 “compromise,” which it claims Sophos in fact accepted two days later at the June 25 hearing. This is not accurate. On June 23, Fortinet demanded that Sophos produce all images and devices for inspection. Fortinet offered some inspection procedures (i.e., that Fortinet's outside vendor would inspect the devices in the first instance) but did not present a complete proposal. Sophos objected to Fortinet's demand for all devices, on the basis that the images should be sufficient. Two days later, when the parties reached agreement in the courthouse, they stipulated to a full set of procedures for inspection. Sophos agreed to permit inspection/reimaging of only certain devices, not all of the devices that Fortinet had insisted on inspecting. Thus, counter to Fortinet's contention, Sophos did not refuse to concede positions that it ended up conceding on the courthouse steps. Sophos's conduct during the negotiation of a full set of inspection procedures is not sanctionable.

Fortinet seeks sanctions for Sophos's argument that producing devices for inspection would be burdensome, because any burden argument is belied by the fact that Sophos already had imaged the devices. Fortinet also challenges Sophos's insistence that the Rule 30(b)(6) deposition be scheduled for the same day that Fortinet's outside vendor began inspecting the devices.

While not a model of civil behavior in discovery, neither of Sophos's positions were reckless or taken in bad faith. The collection and imaging of the devices has in fact proven to be somewhat burdensome, as evidenced by the parties' careful procedures for Fortinet's outside vendor's initial inspection of the device images at the offices of Sophos's counsel. And Sophos's insistence that Fortinet take the Rule 30(b)(6) deposition of Clark on June 16, while very aggressive, did not cross the line, especially because Sophos indicated its openness to further depositions after the devices had been inspected if Fortinet believed them to be necessary. Accordingly, sanctions grounded in bad faith are not appropriate for this conduct.

Finally, Fortinet seeks sanctions under Rule 37 for Sophos's alleged violations of the June 30 Stipulation and Order, i.e., Sophos's alleged (1) failure to account for all USB devices and external devices and (2) failure to identify and provide other devices sought by Fortinet.

*11 The June 30 Stipulation and Order required “Fortinet to attempt to identify by manufacturer or name all USB devices it asserts were connected to the former Fortinet employees' personal laptops. Sophos will locate any such USB device that is still in the former Fortinet employees' possession and will provide images of those devices if located.” Docket No. 170 at ¶ 2. Sophos contends that it has attempted to locate the USB devices but could not. This is not surprising, given the size and nature of such devices, such as thumb drives. Accord Sophos Ex. 12 (Archer Dep.) at 60:10-61:12 (Archer testifying that he was “prone to losing” USB devices and “there may be one in my basement at my desk in a drawer”). Sophos also notes that it is continuing to search for such devices, and will identify and produce them, if any exist and can be located. Sophos's actions regarding the USB devices do not amount to a violation of the June 30 Stipulation and Order.

The Stipulation and Order also requires Sophos to “provide an accounting of all devices in its possession responsive to the [RFI] ... [and] any devices that are responsive to the [RFIs] but that no longer exist and/or are now unavailable (including the circumstances why they are unavailable).” Id. at ¶ 5. Fortinet contends that Sophos's June 29 accounting of devices is deficient because it does not include the above-referenced USB devices. At the hearing, Sophos agreed that it would produce an updated accounting of devices by August 28 and September 1.[5] The court therefore declines to sanction Sophos for its conduct relating to the accounting of the devices.

Finally, Fortinet contends that Sophos failed to comply with the June 30 Stipulation and Order because Sophos failed to produce for inspection certain computers and phones that Fortinet believes it should have produced. It is clear that the parties have failed to adequately meet and confer on these issues, and the parties have learned more about the devices through additional depositions following the date that Fortinet filed its sanctions motion. Fortinet's motion for sanctions pursuant to Rule 37 is therefore denied, and the parties are directed to immediately meet and confer about the specific devices at issue.

In sum, the court does not condone Sophos's overly aggressive discovery tactics, or its failure to communicate more clearly and forthrightly with its opponent. But it cannot agree that Sophos's actions, viewed separately or as a whole, rise to the level of reckless, vexatious or bad faith conduct. Nor does the challenged behavior amount to a violation of the June 30 Stipulation and Order.

In Docket No. 177, Fortinet and Sophos raise a hodgepodge of discovery issues, and each seeks to compel the other to produce discovery in response to various requests. Many of the issues were resolved without court intervention; only disputes involving Fortinet's Interrogatory Nos. 24 and 16-17 remained at the time of the hearing.

The parties agreed that the court's rulings at the hearing resolved their dispute about Fortinet's Interrogatory No. 24 (which seeks a complete list of each computing or storage device that each former Fortinet employee possessed on his or her first day at Sophos). See supra n. 6.

The court's ruling at the hearing also resolved the parties' dispute about Fortinet's Interrogatory Nos. 16-17. Accordingly, Sophos shall produce the following information: (1) sales income on a per account basis for up to 200 accounts identified by Fortinet; and (2) sales income or commissions earned on a per employee basis, or, if that information is not available, on a per region basis.

*12 For the reasons stated above, Fortinet's motion for sanctions is denied and the disputes in the joint discovery letter are resolved in accordance with the court's rulings set forth on the record in the August 27, 2015 hearing.

IT IS SO ORDERED.

Citations to “Fortinet Exhibits” refer to the exhibits attached to the Declarations of John Neukom and Grant Margeson, see Docket Nos. 179, 196. Citations to “Sophos Exhibits” refer to exhibits attached to the Declaration of Sean Cunningham, see Docket No. 193-1.

The Ninth Circuit has not decided whether Section 2019.210 applies in federal court actions. SeeSoc. Apps, Inc. v. Zynga, No. 4:11-CV-04910 YGR, 2012 WL 2203063, at *1-2 (N.D. Cal. Jun. 14, 2012).

A forensic image of a hard drive is “an exact duplicate of the entire hard drive,” including active and deleted files. Ameriwood Indus., Inc. v. Liberman, No. 4:06CV524-DJS, 2006 WL 3825291, at *1, n. 3 (E.D. Mo. Dec. 27, 2006) (citing U.S. v. Triumph Cap. Grp., 211 F.R.D. 31, 48 (D. Conn. 2002)).

The first sentence is especially meaningful in light of Fortinet's continuing demands for personal devices that Sophos has already informed Fortinet it does not possess, such as devices that have been lost or destroyed.

Specifically, Sophos agreed to provide a supplemental accounting of the devices used by the three witnesses being deposed on August 28; this supplemental accounting shall be provided prior to the start of those depositions. By September 1, 2015, Sophos shall provide a supplemental accounting of the devices used by all other former Fortinet employees.