The Federal Circuit recently denied Micron’s request to reverse a lower court’s order requiring it to produce highly confidential source code to adversary Yangtze Memory Technologies Co. based on Micron’s mere “suspicion” that disclosure to the attorneys for the Chinese state-owned company would lead to the source code ending up in the wrong hands.
The Micron decision and other recent decisions highlight the importance of early and thorough attention to the handling of source code, the importance of drafting tailored protective orders to ensure source code is handled properly and securely, and other important considerations to avoid potential missteps with source code discovery.
In re Micron Technology Inc., No. 2025-117 (Fed. Cir. Feb. 26, 2025)
On February 26, 2025, in a non-precedential opinion, the Federal Circuit denied Micron’s petition for a writ of mandamus from the Northern District of California, asking the court to reverse the district court’s order requiring Micron to produce 73 pages of printed confidential source code to Yangtze Memory Technologies (YMTC). Micron objected on the basis that it considered the material its “most secure and sensitive Source Code” and that the threat of theft was “very real,” as evidenced by a prior theft of its technology by a Taiwanese company, arguing that district court had failed to properly weigh national security and foreign policy concerns given that YMTC is a Chinese state-owned company the government had placed on a restricted export list.
Disagreeing with Micron, the Federal Circuit held that the district court had reasonably determined that YMTC’s “discovery request was not excessive or unreasonable and that the protective order is sufficient to prevent against duplication or unauthorized access.” The court noted that the agreed-upon protective order governing discovery in this case gave only a limited group of people—outside counsel, experts, and court personnel—access and permission to review source code materials. Employees and officers of the parties were prohibited from doing so. In addition, the protective order dictated that inspection of source code take place on a secure computer, further restricting the volume of any source code printouts to be “reasonably necessary to facilitate the Receiving Party’s preparation of court filings, pleadings, expert reports, or other papers for deposition or trial.” The Federal Circuit further highlighted other provisions in the protective order that helped to protect Micron’s source code, such as a limitation against printing more than “1500 pages—including no more than 30 consecutive pages,” requiring the receiving party to “maintain a record of any individual who has inspected any portion of the source code,” requiring any person receiving a copy to “maintain and store any paper copies of the material at their offices in a manner that prevents duplication of or unauthorized access,” and requiring paper copies to be destroyed if no longer in use.
In light of the various restrictions and strict protections in place in the agreed-upon protective order, the Federal Circuit agreed with the district court that the threat of disclosure was minimal, noting that “the protective order prohibits YMTC from viewing the material” and that “Micron’s suspicion that counsel will fail to comply with the order and will instead allow the printouts to fall into the hands of its clients is unsupported by anything other than speculation.” In effect, the Federal Circuit found that without credible evidence that YMTC’s counsel would violate the protective order and subject themselves to appropriate sanctions, the limitations in place in the protective order were sufficient to prevent duplication or unauthorized access.
Additional recent source code discovery decisions
In re Anonymous Media Rsch. Holdings, LLC, No. 2024-139 (Fed. Cir. Sept. 11, 2024)
The Federal Circuit denied a petition for a writ mandamus seeking to overturn a district court’s order transferring a patent infringement action to the accused infringer’s home forum, basing its decision primarily on the fact that the location of the source code and the team responsible for maintaining the source code resided in the accused infringer’s home forum.
In re TikTok, Inc., 85 F.4th 352 (5th Cir. 2023)
The Fifth Circuit overruled the district court’s decision denying the accused infringer’s venue transfer request to its home forum, focusing heavily on the location and relative ease of access to key evidence, such as source code. The Fifth Circuit concluded that because the majority of the accused infringer’s engineering team with access to the source code resided in the transferee district and no one with access to the source code resided in the transferor district, the district court had failed to properly weigh a key factor in the venue transfer analysis.[1]
Mod. Font Applications LLC (MFA) v. Alaska Airlines, Inc., 56 F.4th 981 (Fed. Cir. 2022)
The Federal Circuit dismissed an interlocutory appeal of an order by the District of Utah maintaining the confidentiality of Alaska Airlines’ source code and denying MFA’s in-house counsel access to the code. Pursuant to the protective order, Alaska designated certain source code files as “CONFIDENTIAL INFORMATION – ATTORNEYS’ EYES ONLY,” which precluded MFA’s in-house counsel from accessing those materials. MFA challenged Alaska’s designations, seeking an order to permit its in-house counsel to access “all disclosed information.” The district court denied MFA’s motion to amend the protective order, finding that Alaska had established its source code contained trade secrets that merited “heightened protection” for the assigned designation and denying MFA's in-house counsel access to such information because “the risk of inadvertent disclosure [of Alaska’s confidential information] outweighs the risk of prejudice to [MFA].” In doing so, the district court reasoned that MFA’s in-house counsel was a “competitive decisionmaker.”
Takeaways for intellectual property litigants
Source code discovery has become routine in many patent and high-tech intellectual property cases. While avoiding it entirely may prove difficult, properly managing source code discovery can significantly lessen the risk of improper disclosure. Effectively managing and protecting your company’s most important information requires a strategic and disciplined approach. While every situation is unique, here are some key considerations that attorneys should discuss with their clients if source code discovery is anticipated in their case:
Identify and Isolate Relevant Code
Collaborate with opposing counsel, technical experts, and your client to narrow the scope of requested source code to only versions and modules relevant to the asserted claims.
Negotiate a Strong Protective Order
Many courts now have template protective orders, including provisions for source code production. Negotiate a strong protective order that limits access to the source code (e.g., outside counsel, experts, court personnel, jurors), defines inspection procedures, and specifies restrictions on copying, printing, and transporting the code. Typical provisions include the following:
- Use a secure review environment.
- Host the code in a controlled review room with secure access, use dedicated and non-networked computers to prevent unauthorized copying or transfers, and implement logging mechanisms to track access and any actions taken. Even having an attorney oversee and supervise an opponent’s source code review sessions is commonplace.
- Implement read-only and redaction measures.
- If appropriate, produce read-only access to prevent modification or copying and redact or exclude irrelevant, proprietary, or privileged sections while still meeting discovery obligations. Consider providing printouts of only the relevant portions of the code instead of full access and including such restrictions in the protective order.
- Monitor and audit access.
- Keep detailed records of who accesses the source code, when, and for what purpose, and if necessary, conduct audits to ensure compliance with terms of the protective order.
- Plan for return or destruction post-litigation.
- Include provisions in the protective order requiring the return or certified destruction of all source code materials at the conclusion of the case and verify compliance to prevent unauthorized retention or misuse.
Consider Alternative Production Methods
Explore whether functional equivalence (e.g., object code, APIs, or logs) can meet the discovery request without exposing the full source code and/or offer depositions or technical reports in place of full-source production when possible.
Address Open-Source and Third-Party Code Issues
Identify and disclose any open-source components to clarify what is proprietary versus publicly available and ensure compliance with third-party licenses and agreements governing certain code sections.
- The Fifth Circuit’s precedential decision in In re TikTok, Inc. has been cited by multiple lower courts as well as the Federal Circuit, when analyzing the importance of the location of source code in venue challenges based on convenience.
[Back to reference]