Opinion
21-1402
02-21-2023
VIR2US, INC., Plaintiff - Appellee, v. SOPHOS INC.; INVINCEA, INC., Defendants - Appellants.
Kevin Paul Martin, GOODWIN PROCTER LLP, Boston, Massachusetts, for Appellants. Adam Howard Charnes, KILPATRICK TOWNSEND &STOCKTON LLP, Winston-Salem, North Carolina, for Appellee. Benjamin Hayes, GOODWIN PROCTER LLP, Washington, D.C.; Robert M. Tata, Norfolk, Virginia, Elbert Lin, HUNTON ANDREWS KURTH LLP, Richmond, Virginia, for Appellants. Brian A.E. Smith, BARTKO, ZANKEL, BUNZEL &MILLER APC, San Francisco, California; Stephen E. Noona, KAUFMAN &CANOLES, P.C., Norfolk, Virginia, for Appellee.
UNPUBLISHED
Argued: January 24, 2023
Appeal from the United States District Court for the Eastern District of Virginia, at Norfolk. Henry Coke Morgan, Jr., Senior District Judge. (2:19-cv-00018-HCM-RJK)
ARGUED:
Kevin Paul Martin, GOODWIN PROCTER LLP, Boston, Massachusetts, for Appellants.
Adam Howard Charnes, KILPATRICK TOWNSEND &STOCKTON LLP, Winston-Salem, North Carolina, for Appellee.
ON BRIEF:
Benjamin Hayes, GOODWIN PROCTER LLP, Washington, D.C.; Robert M. Tata, Norfolk, Virginia, Elbert Lin, HUNTON ANDREWS KURTH LLP, Richmond, Virginia, for Appellants.
Brian A.E. Smith, BARTKO, ZANKEL, BUNZEL &MILLER APC, San Francisco, California; Stephen E. Noona, KAUFMAN &CANOLES, P.C., Norfolk, Virginia, for Appellee.
Before KING, AGEE, and HEYTENS, Circuit Judges.
Vacated and remanded by unpublished per curiam opinion.
Unpublished opinions are not binding precedent in this circuit.
PER CURIAM
Vir2us, Inc., and Invincea, Inc., entered into a patent license agreement (the "Agreement") that granted Invincea a license to sell Vir2us' patented computer-security software in exchange for royalty payments. Invincea was later acquired by Sophos Inc., which began performing Invincea's obligations under the Agreement. Believing that Sophos and Invincea (collectively, "Sophos") were skirting their royalty obligations, Vir2us sued for breach of contract. The district court awarded summary judgment to Vir2us, agreeing that Sophos breached the Agreement. But in doing so, the district court adopted a reading of the Agreement that cannot be squared with its plain text. We therefore vacate the judgment below and remand for further proceedings.
I.
A.
Vir2us-a California corporation that designs and sells computer-security software-developed and patented antivirus software that uses a process called "containerization." This software enables a computer to "contain" a potentially malicious file by testing it in a virtual safe room-that is, in isolation-so as to prevent that file from infecting the rest of the computer.
In 2015, Vir2us sued Invincea-a Delaware corporation that also sells antivirus software-in federal district court, alleging that several of Invincea's antivirus-software products infringed Vir2us' patented container technology. The parties ultimately settled the case and, as part of the settlement, entered into the Agreement.
Under the Agreement, Vir2us granted Invincea a license to use "all patents and patent applications owned by Vir2us." J.A. 243. In exchange, Invincea agreed to (1) deliver quarterly reports to Vir2us detailing the quantity and description of "Licensed Products and Services Sold by Invincea and/or its Affiliates during the calendar quarter," J.A. 246, and (2) pay "Vir2us a royalty . . . for each Container Products and Services Sold," J.A. 245. The term "Container Products and Services" (which we will refer to simply as "Container Products") is defined in the Agreement as "the accused container products currently called Invincea X Endpoint - Spearphish Protection and formerly known as Invincea FreeSpace, Invincea Enterprise, and Invincea Advanced Endpoint Protection, as well as natural evolutions and derivations of these products." J.A. 243.
B.
The parties' dispute in this case turns on what the term "Container Products" means and whether certain antivirus-software products that Sophos sold fall within that meaning such that Sophos is required to pay royalties on the sale of those products. To better understand this dispute, as well as the district court's resolution of it, additional context is required.
About two months before Vir2us and Invincea executed the Agreement, Invincea launched a line of antivirus-software products called "X by Invincea." Some of those products employed containerization, like Invincea X Endpoint - Spearphish Protection ("Spearphish"), which the Agreement explicitly identifies as an "accused container product" in the Container Product definition. J.A. 243. Other X by Invincea products, like "Detect" and "Prevent," employed a different kind of antivirus technology called "machine learning," which analyzes files without "containing" them. Although the Detect and Prevent products existed at the time of the Agreement, neither product was expressly included within the definition of Container Products.
Critically, all X by Invincea products used the same underlying "source code," a collection of thousands of different data files that enable various functionalities. According to Sophos, by using "license files," Invincea could activate or deactivate certain portions of the source code (i.e., activate or deactivate certain files) to create different configurations of the software. Each such unique configuration constituted a separate X by Invincea product. To illustrate the point, Sophos contends that the Spearphish product is a software configuration with the containerization-enabling files activated and the machine-learning-enabling files deactivated. Likewise, it maintains that the Detect and Prevent products are software configurations with the machine-learning-enabling files activated and the containerization-enabling files deactivated.
The parties dispute whether the record contains sufficient evidence on the existence of these license files. We need not resolve that dispute here, however, as it is irrelevant to our analysis.
Following its acquisition of Invincea, Sophos continued to sell X by Invincea products, including Spearphish, Detect, and Prevent, but it also incorporated some of Invincea's source-code files into its own products. Specifically, Sophos integrated the Invincea source-code files that enable machine-learning functionality into Sophos products "Sandstorm" and "Intercept X."
Although Sophos paid royalties on sales of the Invincea Spearphish product, which is expressly identified as a royalty bearing Container Product in the Agreement, Sophos did not pay royalties on sales of Invincea products Detect and Prevent or Sophos products Sandstorm and Intercept X. Vir2us then sued Sophos for breach of contract, contending that those four products also constituted royalty bearing Container Products under the Agreement.
C.
In the district court, Vir2us advanced two arguments as to why the disputed Invincea and Sophos products fell within the definition of Container Products. Beginning with the disputed Sophos products Sandstorm and Intercept X, Vir2us argued that those products were royalty bearing "derivations" of Spearphish, one of the expressly named "accused container products" in the Container Products definition. Specifically, Vir2us asserted that because the disputed Sophos products incorporated Invincea's machine-learning files, which are also embedded in Spearphish's source code, the disputed products "derived" from Spearphish. As to the disputed Invincea products Detect and Prevent, Vir2us argued that those products, which contained source code identical to that of Spearphish, were not just derivations of Spearphish but were each the same product as Spearphish.
Sophos countered that what made a particular product a Container Product was not whether the product shared the same source code as one of the identified accused container products, but whether the product employed containerization. And because the disputed Invincea and Sophos products purportedly employed machine learning only, Sophos argued that those products did not constitute royalty bearing Container Products under the Agreement. To support its position, Sophos noted that even though all X by Invincea products had identical source code, only Spearphish and its prior versions-the products with the containerization files activated-were explicitly identified by name in the Container Products definition as the "accused container products." Invincea's machine-learning products Detect and Prevent, which existed at the time the parties signed the Agreement and thus could have been identified by name, were not included in the definition.
On the parties' cross-motions for summary judgment, the district court found that the Agreement's definition of Container Products was not functionality-based, as Sophos proposed, but was unambiguously "product-based." J.A. 126-27. According to the court, the definition made no "differentiation" between products "based on [the] type of technology or enablement of that technology." J.A. 127. Thus, the court held that the functionality of a particular product was irrelevant to the question whether that product was appropriately characterized as a Container Product.
The district court then concluded that Sophos breached the Agreement by failing to report sales and pay royalties on the disputed Invincea and Sophos products. In the court's view, because those products contained some or all of the source code found in Spearphish-one of the named "accused container products"-each of the disputed products was itself "classified as one of the named Container Products." J.A. 124 n.10. The district court therefore ordered Sophos to file corrected quarterly reports and to pay Vir2us $24.6 million in damages for unpaid royalties.
In light of its holding that the disputed products fell within the class of identified accused container products in the Container Products definition, the district court expressly declined to address Vir2us' claim as presented, which was that the disputed products-the Sophos products in particular-fell within the definition's "natural evolutions and derivations" clause. J.A. 124 n.10 ("Since the Court has determined that the Defendants' products are classified as one of the named 'Container Products', the Court need not interpret the definition of ['natural evolutions and derivations'] in the Agreement.").
On appeal, Sophos argues, among other things, that the district court erred in its interpretation of the Agreement. As discussed below, we agree with Sophos.
II.
This Court reviews summary judgments de novo, applying the same legal standards as the district court and viewing all facts in the light most favorable to the nonmoving party. W.C. Eng., Inc. v. Rummel, Klepper &Kahl, LLP, 934 F.3d 398, 402-03 (4th Cir. 2019). Summary judgment is proper "if the movant shows that there is no genuine dispute as to any material fact and the movant is entitled to judgment as a matter of law." Fed.R.Civ.P. 56(a). In breach-of-contract cases, summary judgment is appropriate if the contract is unambiguous or if extrinsic evidence "definitively resolve[s]" any ambiguity. Wash. Metro. Area Transit Auth. v. Potomac Inv. Props., Inc., 476 F.3d 231, 235 (4th Cir. 2007).
III.
In Virginia, the interpretation of a contract is a question of law. PMA Cap. Ins. Co. v. U.S. Airways, Inc., 626 S.E.2d 369, 372 (Va. 2006). If the contract terms are "clear and unambiguous," a court will construe the contract "according to its plain meaning." Id. If, however, the terms are ambiguous, meaning that they are reasonably susceptible to more than one interpretation, then the proper construction of the contract is generally a question for the factfinder, who may consider extrinsic evidence to ascertain the parties' intent. Video Zone, Inc. v. KF &FProps., L.C., 594 S.E.2d 921, 923-24 (Va. 2004). It is for the court to decide whether any ambiguity exists. Id. at 923.
Under the Agreement's choice-of-law provision, Virginia law governs.
The district court considered the term Container Products unambiguous. Purporting to apply the Agreement's "plain meaning," J.A. 124, the court reasoned that the disputed Invincea and Sophos products "are properly classified as [accused container products] because they utilize source code from one of the listed products, particularly, Invincea X Endpoint - Spearphish Protection," J.A. 127.
The district court misinterpreted the plain language of the Agreement. The Container Products definition unambiguously identifies only four "accused container products"-"the products currently called Invincea X Endpoint - Spearphish Protection and formerly known as Invincea FreeSpace, Invincea Enterprise, and Invincea Advanced Endpoint Protection." J.A. 243. The Agreement therefore provides an exhaustive list of the "accused container products." See Bentley Funding Grp., L.L.C. v. SK &R Grp., L.L.C., 609 S.E.2d 49, 56 (Va. 2005) ("[U]nder the principle of expressio unius est exclusio alterius, the omission of a particular covenant or term from a contract reduced to writing shows an intent to exclude it."). The disputed Invincea and Sophos products are not included in that list and thus cannot be classified as such. See PMA Cap. Ins. Co., 626 S.E.2d at 372 ("The contract is construed as written, without adding terms that were not included by the parties."). In fact, the disputed Invincea products Detect and Prevent already existed when the Agreement was signed, so the parties could have included those products in the defined list of accused container products. But they didn't, and that omission carries force. See Bentley Funding Grp., 609 S.E.2d at 56.
The Agreement does not explicitly define the modifier "accused," a term that appears only in the Container Products definition. We note, however, that "accused" is a term of art commonly used in patent-infringement litigation (e.g., the "accused product"). We further note that the Agreement contains at least two, albeit obscure, references to the earlier underlying patent-infringement litigation between Vir2us and Invincea. See J.A. 243 (defining the term "Legal Proceedings" in reference to the underlying patent infringement litigation but never employing that term in the Agreement), 251 (stating that the Agreement "and the Settlement Agreement together contain the entire agreement between the Parties" but providing no details about the Settlement Agreement). But any ambiguity about the modifier "accused" as used in the Agreement is irrelevant for purposes of our narrow ruling. As illustrated above, the phrase "accused container products" in the Container Products definition is self-defining: the Container Products definition expressly states which products are the accused container products-and (by omission) which are not.
In concluding otherwise, the district court redefined the term "accused container products," hinging it on a delineated product's source code. But the Agreement makes no mention of a product's source code. And it certainly doesn't indicate that an unlisted product amounts to an accused container product if it shares any source code with the named accused container products. Thus, by stating that the determinative question is whether the disputed Invincea and Sophos products incorporate source code taken from the listed accused container products, the court inserted a term into the Container Products definition that the parties didn't include. Doing so ignored the plain language and effectively rewrote the Agreement. That was error. See id. ("The trial court ignored the plain language of the [c]ontract by adding provisions not included by the parties. This it cannot do."); see also Berry v. Klinger, 300 S.E.2d 792, 796 (Va. 1983) ("[T]he court cannot make a new contract for the parties, but must construe its language as written."). As a result, we must vacate the district court's judgment.
We note that the definition of Container Products contains two separate components, and the district court's reasoning was confined to the first-the enumerated accused container products. It did not reach the second component-"natural evolutions and derivations" of the delineated products. It may well be that the disputed Invincea and Sophos products constitute royalty bearing Container Products under this second component. Indeed, the parties argue as much on appeal, urging us to resolve this question too. But that is not for us to decide today. Rather, that issue is best left to the district court for resolution in the first instance. Accordingly, we vacate the judgment below and remand for further proceedings.
Sophos also argues that the district court miscalculated the royalty damages and erroneously granted summary judgment to Vir2us on its breach-of-contract counterclaim. Because those rulings were predicated on the district court's erroneous interpretation of the Agreement, however, they no longer stand, and we need not address them here. The parties, of course, may raise these arguments again, if relevant, after the district court decides the threshold issue of whether Sophos breached the Agreement by selling Container Products and failing to pay royalties on those sales.
VACATED AND REMANDED