Opinion
Civil Action 19-1337-GBW-CJB
08-14-2023
FINANCIALAPPS, LLC, Plaintiff, v. ENVESTNET, INC. and YODLEE, INC., Defendants.
MEMORANDUM ORDER
CHRISTOPHER JR BURKE, UNITED STATES MAGISTRATE JUDGE
Pending before the Court in this action is Plaintiff FinancialApps, LLC's (“Plaintiff”) motion (“Motion”) to exclude certain opinions offered by Nick Ferrara (“Ferrara”), an expert witness proffered by Envestnet, Inc. (“Envestnet”) and Yodlee, Inc. (“Yodlee,” and collectively with Envestnet, “Defendants”). (D.I. 466) For the reasons set out below, the Court GRANTS-IN-PART and DENIES-IN-PART the Motion.
I. BACKGROUND
The Court will write here for the parties, and so it will forego a lengthy recitation of the facts. To the extent certain facts are relevant to resolution of the Motion, they will be set out in Section III.
The Motion was filed on January 12, 2023. (Id.) Briefing on the Motion was completed on April 27, 2023. (D.I. 568) The Court's referral in the case from United States District Judge Gregory B. Williams includes authority to resolve the instant Motion. (D.I. 437)
II. STANDARD OF REVIEW
The Court has frequently set out the relevant standard of review for assessing a motion, like this one, filed pursuant to Federal Rule of Evidence 702 and Daubert v. Merrell Dow Pharms, Inc., 509 U.S. 579 (1993). One such instance came in Integra LifeSciences Corp. v. HyperBranch Med. Tech., Inc., Civil Action No. 15-819-LPS-CJB, 2018 WL 1785033, at *1-2 (D. Del. Apr. 4, 2018). The Court incorporates by reference those legal standards set out in Integra, and will follow them herein. To the extent that additional related legal principles regarding Rule 702 and Daubert are relevant, the Court will set those out in Section III.
III. DISCUSSION
In Count One of Defendants' Counterclaims, Yodlee alleges that Plaintiff engaged in breach of contract, when it breached certain provisions of the parties' Software License and Master Services Agreement (“MSA”) and related Statements of Work (“SOW”). (D.I. 160 at ¶¶ 80-89) Defendants have submitted expert reports from Ferrara, in which Ferrara provides expert opinions having to do with this claim.
With its Motion, Plaintiff seeks to exclude three different sets of Ferrara's opinions: (1) that Risk Insight (the key product at issue in the case, which Plaintiff developed and Yodlee marketed and sold) failed to comply with industry standards, based on five areas of purported technical deficiency, (2) that Yodlee's development of competing products and “workarounds” was consistent with industry standard risk management practices, and (3) that Plaintiff's suspension of services due to Yodlee's alleged misconduct violated industry standards. (D.I. 467 at 1-2) Plaintiff also asserts that Ferrara does not have the qualifications to offer these opinions. The Court will address each of these arguments in turn.
A. Opinions Regarding the Technical Deficiencies of Risk Insight
Plaintiff's initial argument relates to five purported categories of technical deficiencies in Risk Insight's functionality identified by Ferrara. Ferrara concludes that, in light of these deficiencies, Risk Insight failed to adhere to applicable industry software standards. (Id. at 4) Plaintiff raises arguments as to all five of these technical deficiencies, and so the Court will take its arguments one by one.
1. Multi-Factor Authentication
First, Plaintiff argues for exclusion of the portions of Ferrara's opinion that have to do with Risk Insight's implementation of “Multi-Factor Authentication” (“MFA”). Ferrara opines on this score, inter alia, that: (1) Plaintiff's implementation of MFA was “faulty”; (2) Risk Insight's MFA caused “significant errors”; and (3) with regard to MFA functionality, Plaintiff did not perform “in accordance with generally accepted professional standards, practice, methods and techniques for similar services” as was required by Section 9(d)(2) of the MSA. (D.I. 469, ex. 3 (“Ferrara Opening Rep.”) at ¶¶ 40, 49; see generally id. at ¶¶ 40-49; see also D.I. 160, ex. A at § 9(d)(2))
MFA is a security protocol that requires a user to provide at least two sets of credentials before accessing a system or account. (D.I. 469, ex. 3 at ¶ 40)
Plaintiff raises numerous arguments in support of its request. The Court need not address all of them here, as it finds that at least two of those arguments are well taken and warrant exclusion of the MFA-related opinions.
a. Lack of Explanation as to Methodology Used
Plaintiff's first meritorious challenge relates to the fact that Ferrara's opinions about the “significant errors” caused by Plaintiff's implementation of MFA and Plaintiff's related failure to meet generally accepted professional standards are reliant on “Freshdesk tickets[.]” (D.I. 467 at 6-7) “Freshdesk” is an “incident reporting system commonly used in the software development industry for measuring, managing, and tracking software defects and service requests”; it was “the system of record for Risk Insight issues and service requests[,]” in which “[e]ach Freshdesk record, or ‘ticket,' contains data describing and categorizing its corresponding issue or request[.]” (Ferrara Opening Rep. at ¶ 78) Ferrara relies on the content of nine such Freshdesk tickets to conclude that Plaintiff's implementation of MFA was “faulty” and that there were “significant errors[.]” (Id. at ¶¶ 40-49 & nn.45-62)
The issue, however, is that it is undisputed that there are over 1,700 such Freshdesk tickets, (D.I. 467 at 7; D.I. 469, ex. 3 at Attachment 3), and yet Ferrara provided little explanation as to how the limited subset of tickets he cites might support the broad conclusion he reaches-particularly with respect to his conclusion that there were “significant errors” with MFA implementation. (Ferrara Opening Rep. at ¶ 49 (emphasis added)) In other words, Ferrara never fully explained his methodology-he never articulated why it is that even this numerically small number of tickets (and the types of issues raised therein) amounted to a “significant” error rate that was out of line with generally accepted professional standards, practices, methods or techniques for implementing MFA. (D.I. 467 at 7 (Plaintiff faulting Ferrara for “provid[ing] no explanation as to how this limited subset of records - and the limited information they contain - support the broad conclusion he reaches, for which he also provides no statistical analysis, rendering his opinions unreliable”)) Would the presence of one Freshdesk ticket indicating a user complaint about MFA amount to the presence of “significant errors”? Would 10 tickets suggest this? Would it depend on the content of those tickets or how quickly the issues were or were not fixed? Ferrara never says.
In response to Plaintiff's argument, Defendants asserted that Ferrara's reliance on these nine tickets is sound because he “cites to all of the Freshdesk tickets in the record that involve defects arising from [Plaintiff's] faulty implementation of MFA.” (D.I. 511 at 7 (emphasis in original)) But this misses the (good) point that Plaintiff was making. The issue is not whether Ferrara cited to all of the Freshdesk tickets related to MFA implementation. The issue is whether Ferrara sufficiently explained why those nine tickets amount to a statistically significant number of tickets-i.e., why their number (especially in light of the large universe of overall tickets) and/or their content indicate that they demonstrate a “significant” error rate amounting to a violation of “generally accepted professional standards” or the like relating to MFA implementation. Cf. T.N. Inc., Ltd. v. Fidelity Nat. Info. Servs., Inc., CIVIL ACTION NO. 185552, 2021 WL 5980048, at *5 (E.D. Pa. Dec. 17, 2021) (excluding an expert's analysis due to the absence of a reliable methodology, where the expert's conclusions about the interactions between certain key software components were provided “without analysis or explanation”); Apple v. Atlantic Yards Dev. Co., LLC, 11-CV-5550 (CBA) (SMG), 2015 WL 11182422, at *9-10 (E.D.N.Y. Mar. 31, 2015) (“Lanier's failure to confirm that the results of his calculations are statistically significant-combined with the tiny size of the sample he relies upon-provides an independent basis for exclusion.”); Tyree v. Boston Sci. Corp., 54 F.Supp.3d 501, 536-37 (S.D. W.Va. 2014) (noting that the “[t]he small sample size and Drs. Mays and Gido's failure to determine the statistical significance of their results call into question the reliability of their methods” and faulting the experts for failing to “determin[e] the significance” of nitrogen blips on certain samples, where the statistical significance of those blips mattered to the overall conclusions provided); see also Chen-Oster v. Goldman, Sachs & Co., 114 F.Supp.3d 110, 124 (S.D.N.Y. 2015). And this methodological error pervades Ferrara's entire analysis, since it is clear that Ferrara's opinion with respect to the adequacy of the MFA is based on little more than these nine tickets. (Ferrara Opening Rep. at ¶¶ 42-48)
b. Failure to Sufficiently Articulate the Relevant Industry Standard or Practice
Plaintiff's second meritorious challenge is really related to the first: that in addition to failing to sufficiently explain why the nine tickets at issue amounted to a deviation from “generally accepted professional standards, practice, methods and techniques for similar services” regarding MFA utilization, Ferrara's methodology is unsound because he never clearly sets out what those relevant standards, practices, methods or techniques actually are. (D.I. 467 at 6 (Plaintiff arguing that Ferrara's analysis as to MFA implementation should be excluded on lack-of-sufficient-methodology grounds because Ferrara failed to “cite any industry standard or professional practice applicable to MFA functionality”)); see also Murray v. Marina Dist. Dev. Co., 311 Fed.Appx. 521, 524 (3d Cir. 2008) (affirming the exclusion of an expert's testimony as unreliable, where the expert's opinion was that a security system constituted a deviation from industry standards, but the expert “fails to identify the source of any industry standards, obligations or duties allegedly applicable . . . or provide the methodology he used to arrive at his opinions”).
To this charge, Defendants first retort that Ferrara is not opining “that an industry safety standard existed” but instead is discussing “a deviation from typical industry practice[.]” (D.I. 511 at 6 (emphasis added)) The Court does not see any real daylight between a deviation from an “industry . . . standard” and a deviation from “typical industry practice.” See Mendler v. Aztec Motel Corp., Civil No. 09-2136 (JBS/JS), 2011 WL 6132188, at *4 (D.N.J. Dec. 7, 2011) (excluding an expert's opinion for failing to rest upon a reliable methodology, and noting that “[w]here plaintiff seeks to prove deviation from an industry standard . . . that standard must be shown through suitable industry-wide practice”) (emphasis added). But whatever terminology is used (i.e., “generally accepted industry standard” or “generally accepted industry practice”), the point is that the relevant comparison is between (1) on the one hand, an industry-related benchmark and (2) on the other hand, how Plaintiff's efforts did or did not meet that benchmark. No matter the nomenclature used, one still needs to know what the benchmark is in the first place.
Defendants also responded by asserting that Ferrara did name the “typical practice” that he was relying on in the software industry: that “the software [must] actually work” or that “software should work.” (D.I. 511 at 5-6 (citing D.I. 512, ex. 2 (“Ferrara Surrebuttal Rep.”) at ¶ 195 n.234); see also D.I. 512, ex. 4 at 162-68) Yet if the sum and substance of Ferrara's testimony about this issue is that the relevant generally accepted professional standard or practice is simply “software should work”-and that Plaintiff's MFA-related software did not live up to this standard/practice because it “did not work”-then this would seem to be an area wherein expert testimony is not required at all. See McMunn v. Babcock & Wilcox Power Generation Grp., Inc., 869 F.3d 246, 267 (3d Cir. 2017) (“Expert evidence is generally required when an issue is beyond the ken of a lay jury.”); see also Segner v. Gladsjo, 944 F.2d 909 n.2 (9th Cir. 1991) (noting that it was not error for a district court to exclude expert testimony when it “was within the common knowledge and experience of jurors”).
c. Conclusion
For at least the reasons set out above, the Court will exclude Ferrara's opinions with respect to Plaintiff's implementation of MFA in Risk Insight.
Plaintiff also challenged the MFA opinions (and other of Ferrara's opinions) on the ground that they amount to legal conclusions. “[E]xpert testimony regarding legal conclusions is not permissible.” W.L. Gore & Assocs., Inc. v. C.R. Bard, Inc., Civil Action No. 11-515-LPS-CJB, 2015 WL 12815314, at *2 (D. Del. Nov. 20, 2015); see also Berckeley Inv. Grp., Ltd. v. Colkitt, 455 F.3d 195, 217 (3d Cir. 2006). With regard to the MFA testimony, Plaintiff argues for exclusion on the ground that it amounts to “contractual interpretation, offering [] legal conclusions in lieu of expert opinion[.]” (D.I. 467 at 8) The Court agrees that a statement like that in paragraph 49 of Ferrara's opening report (“Thus, with respect to the implementation of MFA functionality, [Plaintiff] did not perform ‘in accordance with generally accepted professional standards, practice, methods and techniques for similar services'”) is an example of Ferrara improperly offering a legal conclusion, since there Ferrara is quoting the relevant contractual language from the MSA and essentially stating that Plaintiff breached that portion of the contract. But the Court would not strike Ferrara's opinion on this ground. It recognizes that the line between testifying to facts relevant to a breach of contract dispute (i.e., regarding the relevant standards/practices/methods/techniques were, and why Plaintiff's actions met or failed to meet them) and stating a legal conclusion (i.e., Plaintiff breached the particular portion of the contract relating to those standards/practices/methods/techniques) can sometimes seem a fine one. Cf. Patrick v. Moorman, 536 Fed.Appx. 255, 258 (3d Cir. 2013) (noting that the line between experts providing a legal conclusion and otherwise giving opinion testimony that relates to an ultimate issue in the case is “often hazy”); Berckeley Inv. Grp., 455 F.3d at 217-18. In the Court's view, this could be addressed at trial by Defendants' counsel instructing Ferrara that in his testimony, he should not quote directly from contractual provisions and then offer his view that such provisions were violated or breached. See Bazarian Int'l Fin. Assocs., LLC v. Desarrollos Aerohotelco, C.A., 315 F.Supp.3d 101, 127 n.8 (D.D.C. 2018). This same issue comes up again repeatedly in the parties' briefing as to other portions of Ferrara's opinions. Sometimes, Plaintiff raises the issue as to instances where (like with the MFA issue discussed above), Ferrara does seem to be providing a legal conclusion by suggesting that a particular portion of the MSA or an SOW was breached, or that Yodlee's actions were in compliance with the MSA's terms. (See D.I. 467 at 10, 12, 18; Ferrara Opening Rep. at ¶¶ 60, 65, 100) And sometimes Plaintiff raises the issue as to instances where it is not clear that Ferrara is actually commenting on a contractual provision at all. (D.I. 467 at 19; Ferrara Opening Rep. at ¶¶ 109-10) As to the former instances, the Court will simply address them here and will deal with them in the same way it dealt with the statement in paragraph 49-that is, it will not exclude Ferrara's testimony about the subject matter at issue, on the understanding that Ferrara simply will not put forward such conclusions at trial. The latter instances are not problematic.
2. Data Synchronization
Next, Plaintiff argues that Ferrara's opinion that Risk Insight “‘failed to implement a reliable and scalable data integration process'” should be excluded. (D.I. 467 at 9 (quoting
Ferrara Opening Rep. at ¶ 53)) In his opening report, Ferrara explained that “[i]n the software industry[,] ‘data integration,' or ‘data synchronization,' is the practice of ensuring the consistency of data across multiple software applications or data sources, on a near-instantaneous basis.” (Ferrara Opening Rep. at ¶ 52) After considering the content of just four Freshdesk tickets related to data synchronization, Ferrara opined that: (1) they demonstrated a “pattern of data integrity errors” or a “cluster[] of defects” regarding data synchronization; (2) they demonstrated that Plaintiff's software could not “consistently” recognize when relevant data had been updated; and (3) this drove his conclusion that (quoting from SOW # 1 and SOW # 3) Plaintiff “had not delivered a system capable of supporting ‘a model in which a consumer's aggregation is updated on a daily basis.'” (Id. at ¶¶ 52, 57, 60 (citation omitted); Ferrara Surrebuttal Rep. at ¶ 233; see also D.I. 468, ex. 1 at Requirement 9.0 at 6 & ex. 2 at Requirement 9.0 at 6) The Court will exclude Ferrara's opinion regarding data synchronization for similar reasons to those that prompted exclusion of Ferrara's MFA-related opinions.
More specifically, Plaintiff argued that Ferrara relied on only four (out of roughly 1,700) Freshdesk tickets purportedly demonstrating data synchronization-related problems (all occurring in either October or December 2018)-in order to support the conclusion that Plaintiff had failed to deliver a system capable of supporting “a model in which a consumer's aggregation is updated on a daily basis.” (D.I. 467 at 10) In the Court's view, as with the MFA opinion, Ferrara's opinion here lacks a sufficient explanation as to why the small amount of tickets at issue (and Plaintiff's response to them, or its failure to respond) were significant enough that they show how Plaintiff's system was not “capable of” adequately performing the requisite data synchronization. Relatedly, and even if Ferrara's data synchronization opinion does not specifically reference a relevant industry “standard” or “practice” (as his MFA opinion did), one would still need to understand what is the baseline that the system at issue is being compared to on this front-i.e., what is a system that does capably support a model in which a consumer's aggregation is sufficiently updated? And in that regard, one would need to understand whether the presence of any Freshdesk ticket (or, in this case, four of them) reporting any problem with missing or inaccurate data would be sufficient to render a system “incapable” on this front. And if so, why? Ferrara's report is silent on these key contextual questions. His failure to address those issues amounts to methodological problems with his analysis that warrant exclusion here. See supra at pp. 4-5.
The Court notes that seven Freshdesk tickets are cited in the relevant section of Ferrara's Opening Report, (Ferrara Opening Rep. at ¶¶ 50-60 & nn.71-75, 77-79); the other three tickets related not to “data synchronization errors” but instead to an asserted failure of Risk Insight to provide accurate credit risk reports when certain consumer financial data was absent, (id. at ¶ 59 & nn.78-79).
For the reasons set out above, the Court will exclude Ferrara's opinions with respect to data synchronization.
3. Unique User Identifier (or “ID”)
Ferrara also opined that although the MSA requires that each user of Risk Insight would have a “unique User ID” for access to the software, Plaintiff's implementation “did not ensure that end users would be provided with unique user identifiers” because the program “used customer e[-]mail addresses to identify . . . users[.]” (Ferrara Opening Rep. at ¶ 61) Ferrara therefore concludes that Plaintiff failed to comply “with generally accepted professional standards, practice, methods and techniques for similar services[,]” due to its failure to implement a unique user identification system in Risk Insight. (Id. at ¶ 65) Plaintiff seeks exclusion of these opinions. In doing so it raises several arguments, which the Court will address in turn.
As an initial matter, Plaintiff argues that Ferrara failed to lay a sufficient foundation as to what is the relevant “industry standard” or “industry practice” regarding what can constitute a unique identifier. (D.I. 467 at 11) But in the Court's view, Ferrara did do so here, in that he explained why the use of an e-mail address as a unique identifier would not be deemed appropriate within the software development industry. To that end, Ferrara cites to a number of articles, written by persons with significant experience in the field, that discuss the problems that arise when an allegedly non-unique identifier (like an e-mail address) is used to identify users. (See, e.g., Ferrara Opening Rep. at ¶ 62 & nn.83-84; Ferrara Surrebuttal Rep. at ¶¶ 268-69 (citing to an article written by an IT professional with over 30 years of experience, which explains how an e-mail address may not be unique to one user, as well as to an article written by a Google Cloud Product Solutions Architect, which explains how e-mail addresses are sub-optimal as user identifiers in that a user can change their e-mail address over time); id. at ¶ 271 & n.361 (citing to a technical standard used in the payment card industry, which notes that users should be assigned a unique ID and that “[g]roup, shared, or generic accounts, or other shared authentication credentials” should only be permitted in an “exceptional circumstance”) (internal quotation marks and citation omitted); see also id. at ¶¶ 270, 272-73) This is sufficient. See Pajak v. Under Armour, Inc., CIVIL ACTION NO. 1:19-CV-160, 2022 WL 14095616, at *7 (N.D. W.Va. Oct. 24, 2022) (denying a Daubert challenge as to an expert's opinion on industry standards and best practices related to e-discovery, where the expert relied on his education and experience in rendering his opinions, as well as, among other things, a blog post and conference materials); Christoforetti v. Bally's Park Place, Inc., CIVIL ACTION NO. 12-4687, 2021 WL 3879074, at *6 (D.N.J. Aug. 31, 2021) (finding an expert's testimony regarding certain hotel inspection and monitoring standards to be sufficiently reliable to withstand a Daubert challenge, where the expert relied upon materials from an article in the field, as well as his own experience and other industry sources).
Plaintiff also argued that Ferrara's analytical methodology was unreliable in light of Ferrara's citation to a series of e-mails from early 2017 through 2018. Here, Plaintiff asserts that while Ferrara alleges that these e-mails demonstrate how Risk Insight clients experienced problems due to Risk Insight's use of e-mail addresses as user IDs, in actuality those e-mails relate to errors that arose arising during testing (and not as part of commercial use in a production version of the software). (D.I. 467 at 11-12 (citing Ferrara Opening Rep. at ¶ 63)) But Plaintiff did not provide the Court with the e-mails in question, so the Court has no way to assess their content. Beyond that, Plaintiff's argument here was so brief that the Court cannot reasonably rely on it to exclude portions of Ferrara's testimony.
For the reasons set out above, the Court will not exclude Ferrara's opinions with respect to unique user identification.
4. Data Aggregation
Plaintiff's next argument relates to Ferrara's opinion that Risk Insight violated “typical industry practice” or “industry standards” when it failed to implement “asynchronous programming to ensure that [the software] had a reasonably responsive interface” and could avoid latency while data aggregation was ongoing. (Ferrara Opening Rep. at ¶¶ 66-68) Plaintiff again raises numerous grounds in support of exclusion.
As an initial matter, Plaintiff faults Ferrara for failing to cite to “any authoritative source setting forth an industry standard defining the parameters of ‘usability' and ‘reasonable responsivity' with respect to [] Risk Insight's user interface[.]” (D.I. 467 at 13) Yet as Defendants retort, Ferrara in fact opined that “industry research suggests that software response times of more than 15 seconds are detrimental to productivity and user motivation” and that Risk Insight's account aggregation process (which took over three minutes to complete and blocked users from interacting with the software's user interface in the interim) was well outside this norm. (Ferrara Opening Rep. at ¶ 69) And in support of this 15-second standard, Ferrara cited to research published by the International Federation for Information Processing. (Id. at ¶ 69 n.102) So Ferrara did articulate a relevant industry standard, and he did provide citations to relevant source material. To the extent Plaintiff takes issue with the adequacy of this cited source, it did not make this clear in its briefing (nor did it explain what was wanting about the source material's content or analysis).
The authors of the International Federation for Information Processing article in turn cite to a 2004 article by Shneiderman and Plaisant for further support for this proposition (as well as for other related data). Gerd Waloszek & Ulrich Kreichgauer, International Federation for Information Processing, User-Centered Evaluation of the Responsiveness of Applications (2009), https://link.springer.com/content/10.1007/978-3-642-03655-229.pdf (last visited Aug. 9, 2023).
Next, Plaintiff faults Ferrara for failing to conduct an independent analysis of the latency issues that he claims were caused by Risk Insight-in that, for example, Ferrara did not attempt to recreate the circumstances giving rise to the supposed latency issues. (D.I. 467 at 13-14) Yet, as Defendants note, Ferrara could not conduct such an analysis because Risk Insight had been decommissioned by the time of his reports; therefore, recreating the exact circumstances that allegedly gave rise to the latency issues in question was an impossibility. (D.I. 511 at 14; Ferrara Surrebuttal Rep. at ¶ 300 (noting that taking the steps Plaintiff suggests would require “testing a running version of Risk Insight and [having] access to the kind of accounts possessed by Yodlee's customers that created issues with long response times,” but “since the system has been decommissioned[ and] is not in use by Yodlee's customers, [among other reasons,] such testing is impossible”)) In light of this, Ferrara's reliance on contemporaneous documentation describing Risk Insight's latency issues (i.e., contemporaneous e-mails between the parties and/or their clients, or Freshdesk tickets) was not improper. (Ferrara Opening Rep. at ¶¶ 69-71 & nn. 101-09); see Tormenia v. First Investors Realty Co., Inc., 251 F.3d 128, 135 (3d Cir. 2000) (rejecting the argument that the expert needed to conduct “a direct inspection” of the subject matter of his report, where the expert relied on information setting out a party's account of the relevant factual events, interrogatory responses, and on his own experience with mechanical devices like those at issue in the case); see also Integra Lifesciences Corp., 2018 WL 1785033, at *3. Plaintiff may explore any concerns regarding what Ferrara did or did not observe, or what he did or did not consider, during cross-examination. See Integra Lifesciences Corp., 2018 WL 1785033, at *3.
Lastly, Plaintiff complains that Ferrara's conclusions on this subject are unreliable because he “ignores” contrary evidence-particularly evidence indicating that Yodlee had “passed” or signed off on the Risk Insight software (including its data aggregation protocols). (D.I. 467 at 13-14; D.I. 568 at 4-5) These are simply merits arguments. And there are “ample available means” for Defendants to use the evidence they cite here in order to challenge the ultimate worth of Ferrara's opinions at trial. Tormenia, 251 F.3d at 135. In light of the “liberal standards of Rule 702[,]” exclusion is not required on this ground. Id.
For these reasons, the Court will not exclude Ferrara's opinions with respect to data aggregation.
5. Americans with Disabilities Act (“ADA”) Requirements
The final category of Ferrara's opinions regarding Risk Insight's alleged technical difficulties relates to his conclusion that “[Plaintiff] did not configure Risk Insight to comply with applicable ADA requirements[.]” (Ferrara Opening Rep. at ¶ 36) Plaintiff argues, inter alia, that these opinions should be excluded because: (1) with them, Ferrara offers an improper legal conclusion as to whether Plaintiff's conduct complies with a statute (the ADA); (2) Ferrara failed to identify any meaningful standard for “assessment of ADA compliance”; and (3) Ferrara “fails to cite to any authoritative source in support of” his opinion. (D.I. 467 at 14-15)
The Court will ultimately reject these arguments, and can deal with them together.
Despite some of the language in Ferrara's reports that might reasonably suggest otherwise, the Court now understands from Defendants that Ferrara does not intend to opine as to whether Plaintiff's conduct in configuring Risk Insight met ADA requirements. Instead, according to Defendants, Ferrara means to explain how the software failed to meet the technical requirements of the World Wide Web Consortium's “Web Content Accessibility Guidelines 2.0” (“WCAG 2.0 standards”)-requirements that Ferrara notes happen to be generally “consistent” with ADA standards, (Ferrara Opening Rep. at ¶ 34), or that are used in the software industry by companies “trying to adhere” to the ADA, (D.I. 512, ex. 4 at 221-223). (D.I. 511 at 3 n.3, 15-16) And in his reports, Ferrara does identify the WCAG 2.0 standards as the “meaningful standard[s]” that he is assessing, noting that they are aligned with best practices for website accessibility. (Ferrara Surrebuttal Rep. at ¶ 170) So long as Ferrara does not attempt to opine that the lack of WCAG 2.0 standard compliance means that Plaintiff violated the ADA (a link he is not permitted to make, because it would amount to proffering a legal conclusion), the Court does not see an issue here.
Plaintiff also argued that Ferrara's opinions in this regard should be excluded because he “fail[ed] to provide a single demonstration of how Risk Insight failed to meet ADA requirements or standards[.]” (D.I. 467 at 15) Again, though, the Court now understands that what Ferrara was trying to articulate was how Risk Insight failed to meet WCAG 2.0 standards. And he does provide a number of examples of how this was so. (See Ferrara Surrebuttal Report at ¶ 173 & nn.200-03)
In light of the above, the Court will also deny this portion of the Motion.
B. Opinions Regarding the Development of Competing Products and “Workarounds” Within Industry Standard Risk Management Practices
Next, Plaintiff targets Ferrara's opinions that Yodlee's development of certain competing products (e.g., the Equifax MVP product) and “workarounds” related to other software (e.g., FastLink, RIAdapter, and YProxy) were consistent with industry standard “risk management practices.” (D.I. 467 at 16 (quoting Ferrara Opening Rep. at ¶¶ 83, 88)) Plaintiff makes this challenge in a few ways.
For example, Plaintiff argues that Ferrara failed to identify appropriate industry standards regarding “risk management.” In making this argument, Plaintiff acknowledges that Ferrara did in fact cite to two sources (CMMI for Services, Version 1.3 and A Guide to the Project Management Body of Knowledge (Sixth Edition)) in support of his position. (Id.; see also Ferrara Opening Rep. at ¶ 88 & nn.142-44) But Plaintiff claims that the cited portions of these sources “set forth no specific industry standard concerning the development of competing software or ‘workaround' projects” and “do not in any way relate to the factual circumstances present here, in which Yodlee developed competing software products in breach of a contract based on a partner's proprietary information.” (D.I. 467 at 16) The Court finds these arguments wanting. For one thing, Plaintiff does not even attach as an exhibit all of the relevant cited pages from the sources at issue, (see D.I. 511 at 16); without them, the Court cannot fully assess Plaintiff's arguments here. Beyond that, it seems apparent that Ferrara is citing to these sources only to set out some broad parameters as to what the concept of risk management means in the software development industry (i.e., that risk management “includes processes for identifying and analyzing risks and planning appropriate responses” or that it “is appropriate to conduct risk identification in an iterative fashion”). (Ferrara Opening Report at ¶ 88) The cited sources (at least those portions of them that Plaintiff provided to the Court) do seem to support those types of (albeit general) propositions, (D.I. 470, exs. 18-19), and those propositions in turn do seem to have some relevance to this matter, (Ferrara Opening Rep. at ¶ 88). To the extent that Plaintiff is suggesting that Ferrara was required to cite to more specific-sounding risk management principles in order to provide his opinion at issue, (D.I. 568 at 9), the Court is not convinced that this is required here.
Plaintiff additionally asserts that Ferrara conducted “no independent analysis to verify whether Yodlee's conduct was ‘appropriate' or consistent with the ‘risk management practices' he invokes.” (D.I. 467 at 17) Instead, Plaintiff argues that Ferrara “relie[d] only on interviews with his client, and [on] Defendants' self-serving testimony and documents” (rather than, for instance, reviewing source code), in order to conclude that Defendants' conduct was in line with industry risk management practices. (Id. at 17-18) The Court agrees with Plaintiff that when providing an opinion like “the Equifax MVP project relied upon pre-existing Yodlee technology and data attributes and credit rules available in the public domain[,]” (Ferrara Opening Rep. at ¶ 94), Ferrara would have been well advised to have bolstered that opinion by citing to review of relevant source code or other technical specifications (instead of simply relying in support on conversations with Yodlee employees, or his review of Yodlee documents and documents in the public domain), (id. at ¶¶ 94-99). Put differently, it does seem strange, as Plaintiff asserts, that a “technical expert opining in a software misappropriation case [did not cite to] relevant source code” in proffering these opinions. (D.I. 568 at 8) But with all of that said, the Court cannot say that Ferrara's opinion in these areas is so unreliable as to warrant exclusion. After all, it is entirely appropriate for experts to rely on information they obtain from their clients, either via interviews or documentary evidence, as Ferrara did here. See Tormenia, 251 F.3d at 135; Brill v. Marandola, 540 F.Supp.2d 563, 568 (E.D. Pa. 2008). And while there may well be holes to punch in the completeness of Ferrara's work in this regard, it seems more appropriate that Plaintiff be required to do that work during cross-examination.
Therefore, this portion of the Motion is also denied.
C. Opinions Regarding the Suspension of Yodlee's Access to its Software Platform and the Parties' Related Payment Disputes
Plaintiff next attacks Ferrara's opinions regarding Plaintiff's conduct in suspending Yodlee's access to Risk Insight and to related payment disputes. Again, it does so in various ways.
To start, Plaintiff notes Ferrara's testimony that “[Plaintiff's] decision to suspend Yodlee's access to its software platform, without giving Yodlee the opportunity to specify the transition services needed for it to migrate off Risk Insight, constituted a material departure from sound and generally accepted practices of reputable software vendors.” (Ferrara Opening Rep. at ¶ 117; see also D.I. 467 at 18) Plaintiff then again argues that Ferrara “cites no industry standard or ‘generally accepted practice'” to support this conclusion. (D.I. 467 at 18) In doing so, Plaintiff acknowledges that Ferrara did cite to one source to bolster the notion that “software industry best practices” dictate that a provider should provide services for a stakeholder to smoothly transition off of a software platform before it is discontinued: CMMI for Services, Version 1.3 (“CMMI”). (Id.; Ferrara Opening Rep. at ¶ 119 n.214) But Plaintiff takes issue with this citation, because Ferrara purportedly did “not[ ] cite a single specific provision, standard, or requirement set forth in the CMMI, much less one applicable to suspension or termination of services, or termination of services for non-payment of invoices or other misconduct.” (D.I. 467 at 18) The Court disagrees with Plaintiff here. Although the CMMI does not appear to include a provision directed specifically to the narrow topic of “termination of services for non-payment of invoices or other misconduct,” in the pages cited by Ferrara, the resource does provide ample detail regarding professional practices used by software vendors as to a service system transition. This includes, among other things: (1) notifying relevant stakeholders, (see, e.g., D.I. 569, ex. 2 at 404-05 (noting that software vendors should “[p]repare relevant stakeholders for changes in services and service systems” by, inter alia, “keep[ing] relevant stakeholders informed about scheduled changes in services and service availability”)); (2) developing a training program for a replacement system, (see, e.g., id. at 402-04 (noting that software vendors should “[e]stablish and maintain plans for specific transitions of the service system”)); and (3) controlling customer impacts, (see, e.g., id. at 406-08 (dedicating an entire service system transition category to “[a]ssess[ing] and [c]ontrol[ling] the [i]mpacts of the [t]ransition”)). Ferrara noted as much in his Opening Report. (Ferrara Opening Rep. at ¶ 119 (citing CMMI at 399-408)) So Ferrara did cite to specific provisions, standards and requirements set forth in the CMMI that are relevant to his opinions and this case.
Plaintiff also faults Ferrara for citing “no industry standard to support his assertion that ‘[Plaintiff's] invoices lacked the level of detail typically included in invoices for software development services.'” (D.I. 467 at 18 (citing Ferrara Opening Rep. at ¶ 110)) In so arguing, Plaintiff again admits that Ferrara does, in fact, cite in his surrebuttal report to three online resources: (1) a link for Microsoft vendors to download an optional invoicing template, (2) an instructional “FAQ” on how to view and download invoices received from Google Cloud, and (3) an internal Oracle company policy about invoicing. (Id.; see also Ferrara Surrebuttal Rep. at ¶ 332 (identifying the three referenced documents)) But, Plaintiff nevertheless asserts that Ferrara “does not explain how these documents constitute or set forth an industry standard.” (D.I. 467 at 18) The Court agrees with Plaintiff that Ferrara did not (and should have) better articulated how and where these three cited sources set out a standard for invoicing that Plaintiff has failed to meet. Indeed, Ferrara did nothing more than cite generally to the sources, without explaining what it is in those sources that supports his opinion. (Ferrara Surrebuttal Rep. at ¶ 332) However, the Court ultimately does not believe that such an error warrants exclusion of Ferrara's opinion. This is because in addition to citing to these three sources, Ferrara also stated that he was basing these opinions on his own personal experience of issuing invoices for software development services. (Ferrara Opening Rep. at ¶¶ 109, 112; Ferrara Surrebuttal Rep. at ¶ 332) That personal experience, in and of itself, would be sufficient to allow Ferrara to reliably testify about what is expected in the industry regarding these invoicing issues. See Wopshall v. Travelers Home & Marine Ins. Co., CASE NO.: 21-14390-CV-MIDDLEBROOKS, 2022 WL 2805344, at *3 (S.D. Fla. June 22, 2022) (finding an expert's opinion to be sufficiently reliable to withstand exclusion, even though the expert did not cite to specific third-party sources in order to set out the relevant industry standards, because she “explained that she is familiar with the industry standards from her extensive experience” in the relevant area); see also EMC Corp. v. Pure Storage, Inc., 154 F.Supp.3d 81, 94 (D. Del. 2016); E.E.O.C. v. GLC Rests., Inc., No. CV05-618 PCT-DGC, 2007 WL 30269, at *6 (D. Ariz. Jan. 4, 2007).
To explain how Ferrara's lack of discussion of these points is relevant here, the Court notes that Ferrara opined, among other things, that Plaintiff's invoices were faulty because they failed to include the nature of the work performed, which personnel performed the work, and the amount of time each person worked on each task. (Ferrara Opening Rep. at ¶ 112; Ferrara Surrebuttal Rep. at ¶ 332) Yet although the Court has reviewed the three sources cited by Ferrara, without Ferrara having explicitly pointed to the content in those sources that is relevant, it is somewhat difficult to figure out what it is about those sources that is said to support the points that Ferrara is making. For example, one of the sources (the Microsoft link) does have some sample invoices pictured, and some (but not all) of those invoices do include a row describing hours worked on a particular matter or project. Invoice Design Templates, MICROSOFT, http://templates.office.com/en-gb/standard-invoice-with-microsoft-invoicing-tm56474006 (last accessed Aug. 10, 2023). Is Ferrara asserting that these examples show that this particular source demonstrates it is standard in the industry to require a listing of the amount of time each person worked on a task? It is unclear.
Lastly, Plaintiff raises an additional argument: that Ferrara's opinions concerning the level of detail typically included in invoices for software development services are “pure ipse dixit”-in that Ferrara failed to identify how the invoices in question violated any industry standard. (D.I. 467 at 19 (citing Ferrara Opening Rep. at ¶ 110)) The Court disagrees. Ferrara did set out what were the purported deficiencies with the invoices in question (and as to subsequent invoice summaries that Plaintiff submitted to Defendants); he did so based on his personal experience in this industry and ultimately concluded, after reviewing relevant evidence, that the invoices were lacking. (Ferrara Opening Rep. at ¶ 112; Ferrara Surrebuttal Rep. at ¶ 332) This is sufficient.
Therefore, this portion of the Motion is denied.
D. Ferrara's Qualifications
Finally, Plaintiff attacks Ferrara's qualifications and expertise, arguing that Ferrara is not qualified to offer expert opinions in this case. (D.I. 467 at 19) Specifically, Plaintiff asserts that Ferrara has no specific expertise or experience relating to the subject matter discussed in his reports, including: (1) MFA, data integration or synchronization, unique user identifiers, latency issues related to asynchronous data aggregation, or ADA compliance; (2) risk management practices; and (3) software development invoices and billing challenges. (Id.)
The Court declines to exclude Ferrara's testimony on this ground. As noted by Defendants, (D.I. 511 at 2-3), Ferrara seems well-poised to offer computer software development-related opinions based on his education and background. His qualifications in this regard include: (1) an undergraduate degree in computer science from Oberlin College; (2) approximately 15 years of experience in the information technology profession, including work as a consultant specializing in software dispute consulting, e-discovery and computer forensics; (3) particular experience as a consultant with “in-depth technical analysis of software projects, source code, and IT systems for clients across numerous industries[,]” as well as work “on dozens of cases involving allegations of software failure, incomplete delivery, and breach of contract”; (4) his continuing role with the consulting company as Director of Software Development, in which he manages and develops complex software projects, including work in software design, testing and quality control, and implementation. (Ferrara Opening Rep. at ¶¶ 14) Of course there are probably tens or hundreds of topic area sub-categories that might fall under the rubric of “software development.” But to suggest that an expert with deep experience in the software development field cannot provide an opinion on MFA (for example) simply because his entire career has not been focused on MFA, or because he has not personally written code for an MFA-related program, seems an unduly rigid approach to the Daubert “qualifications” prong. (D.I. 511 at 3) Even if Ferrara does not cite to vast expertise in the narrow categories of software development identified by Plaintiff, his broader experience in the industry, along with his education and training, would surely allow him to opine on the matters at issue in this case. See Loeffel Steel Prods., Inc. v. Delta Brands, Inc., 372 F.Supp.2d 1104, 1113 (N.D. Ill. 2005) (“An expert need not necessarily have specific experience with a particular facet of his or her expertise in order to be competent to testify as to that facet.... A lack of specialization generally does not affect the admissibility of the opinion, only its weight.”) (internal quotation marks and citations omitted); see also In re Paoli R.R. Yard PCB Litig., 35 F.3d 717, 741 (3d Cir. 1994) (“We have eschewed imposing overly rigorous requirements of expertise and have been satisfied with more generalized qualifications.”); Washington Metro. Area Transit Auth. v. Aon Risk Servs., Inc. of Md., Civil Action No. 11-95 (JEB), 2013 WL 12341666, at *5 (D.D.C. Feb. 22, 2013).
Defendants note that in certain of these sub-categories, however, Ferrara did cite to relevant personal experience. (D.I. 511 at 4 (noting, as set out above, that Ferrara explained how he had personal experience with billing and invoicing in the software industry) (citing Ferrara Surrebuttal Rep. at ¶ 332))
The Court will therefore deny this portion of Plaintiff's Motion.
IV. CONCLUSION
For the reasons set out above, the Court hereby ORDERS that Plaintiff's Motion is GRANTED-IN-PART and DENIED-IN-PART.
Because this Memorandum Order may contain confidential information, it has been released under seal, pending review by the parties to allow them to submit a single, jointly proposed, redacted version (if necessary) of the Memorandum Order. Any such redacted version shall be submitted no later than August 17, 2023 for review by the Court. It should be accompanied by a motion for redaction that shows that the presumption of public access to judicial records has been rebutted with respect to the proposed redacted material, by including a factually-detailed explanation as to how that material is the “kind of information that courts will protect and that disclosure will work a clearly defined and serious injury to the party seeking closure.” In re Avandia Mktg., Sales Pracs. & Prods. Liab. Litig., 924 F.3d 662, 672 (3d Cir. 2019) (internal quotation marks and citation omitted). The Court will subsequently issue a publicly-available version of its Memorandum Order.