Linked In Admissibility — Hearsay — Defendant’s Self-Description of Title on Own LinkedIn Page when Offered by Plaintiff Admitted Insofar As It Reflects Defendant’s Description of Role But Not for Truth That Defendant Actually Held Position

Music Grp. Macao Commercial Offshore Ltd. v. Foote, 2015 U.S. Dist. LEXIS 81415 (N.D. Cal. June 22, 2015):

This case arises out of a cyber attack on the global computer network and communication systems of Plaintiff Music Group Macao Commercial Offshore Limited ("Music Group" or "Plaintiff"). Plaintiff asserts that the cyber attack occurred due to the failures of Defendant David Foote ("Defendant"), a technology consultant for the company. Now pending before the Court are Defendant's motion for summary judgment and for leave to file recently produced documents in support thereof and Plaintiff's motions for a continuance of the summary judgment hearing pursuant to Federal Rule of Civil Procedure 56(d) and for leave to file a second amended complaint. ***


A. Factual Summary

Plaintiff Music Group is an international company headquartered in the Philippines with over 3,500 employees, offices in seven countries, and $260 million in annual revenues. (Dkt. No. 51-1 at 4, 6, 10.) The company was founded 26 years ago by its current CEO, Uli Behringer ("Behringer"). (Id. at 7.) Defendant David Foote was an employee of Music Group from 2007 to 2008 as its Chief Technology Officer, responsible for development and deployment of software applications. (Dkt. No. 52 ¶ 3.) At that time, Music Group also employed a separate individual as Chief Information Officer, and that person was responsible for the company's network infrastructure. (Id.) In 2010, Plaintiff contacted Defendant seeking assistance with technology issues. (Id. ¶ 4.) In discussions about [*3]  the possibility of Defendant coming on board, Defendant held himself out as an experienced professional in the Information Technology ("IT") and Information Security ("IS") fields. (Dkt. No. 59 ¶ 4.)


1. The August 27, 2010 Agreement

On August 27, 2010, Plaintiff entered into a written agreement (the "Agreement") to provide services to Plaintiff. (Id.) The Agreement that the parties ultimately entered was based on a standard form that Plaintiff's Human Resources Department used to retain consultants. (Dkt. No. 53 ¶ 3.) The Agreement was titled "Consultancy Agreement" and provided that Defendant was "deemed to be an independent contractor and not an employee of [Plaintiff]." (Dkt. No. 5-1 ¶ 1.)3 Plaintiff agrees that Defendant was hired as a consultant. (Dkt. No. 49-9 at 11 (Plaintiff's 30(b)(6) witness states that Defendant was a consultant).)

3   The agreement was between Defendant and "Behringer Macao Commercial Offshore Limited," which was how Plaintiff was then known. (See Dkt. No. 49-5 at 11 n.1.)

The Agreement provided that Plaintiff would pay Defendant a minimum of $5,000 per month for Defendant [*4]  to work remotely with an expected schedule of one 40-hour work week per month. (Dkt. No. 5-1 ¶ 4.) The Agreement further provided that Plaintiff would pay Defendant $125 per hour for additional time worked beyond that amount. (Id.)

The Agreement also set forth the nature of Defendant's responsibilities. Section 2 provides:


   The Consultant shall perform his obligations hereunder faithfully and to the best of his ability under the direction of the [company's] CEO and COO. The Consultant shall devote such of his business time, energy and skill as may be reasonably necessary for the performance of his duties. Nothing contained herein shall require the Consultant to follow any directive or to perform any act which would violate any laws, ordinances, regulations or rules of any governmental, regulatory or administrative body, agent or authority, any court or judicial authority, or any public, private or industry regulatory authority.

The Duties will be as follows:

   This is to be a big picture evaluation of all IS systems and personnel. Investigate and analyse [sic] the current systems that are in place as well as those that are not being utilized completely or properly. Create a status report, and [*5]  gap analysis on the short falls that need to be looked at as well as a conclusive report of your recommendations moving forward.

   Meet with the COO and work on a strategic plan for the IS departments.

Scope of engagement

   *High level strategic vision and guidance for IT/IS projects

   *Management and negotiation of external project relationships with focus on SCM and ERP implementation and projects

   *Management/Guidance of IT and IS organizations

   *IT/IS Budget, Resource, and project rationalization

(Dkt. No. 5-1 § 2 (emphasis in original).) Section 14 of the Agreement pertains to indemnification. It provides that

   Consultant shall indemnify and hold harmless [Plaintiff] and its officers, agents, employees, successors and authorized assigns from and against any and all liabilities, damages, costs, losses, claims, demands, actions, and expenses (including reasonable attorneys' fees) arising in consequence of the gross negligence or willful misconduct of the Consultant or a breach by the Consultant of any term herein or gross negligence on the part of the Consultant in connection with the performance of his duties.

(Id. § 14.) Other provisions specifically provided that they would apply "[d]uring and after the Term [*6]  of th[e] Agreement." (See, e.g., id. §§ 7 ("This provision shall survive the termination of this Agreement."), 9 ("[t]he Consultant covenants and agrees that for a period of twelve (12) months from termination . . . "); 10 ("During the term of this Agreement and for a period of six (6) months thereafter . . . "; 11 ("During and after the Term of this Agreement . . . ").)

By its terms, the Agreement was set to last from August 27, 2010 until either party terminated the agreement pursuant to Section 6. (Id. § 3.) Section 6, in turn, explained the circumstances under which either party could terminate the Agreement. First, either party could terminate the Agreement by giving prior written notice to the other party. (Id. § 6.3.) Plaintiff could also terminate the Agreement if, among other grounds for termination, Defendant "is guilty of gross misconduct or any serious or persistent breach of obligations in the provision of the services; . . . brings or is likely to bring [Music Group's] name into disrepute . . . or [ ] has been unable, refused or failed to provide any of the services for fourteen (14) days after being instructed by [Music Group] to do so. (Id. § 6.1.)

2. Defendant's Work at Music Group

Defendant began his work with [*7]  Plaintiff on August 27, 2010. Plaintiff issued a press release that Defendant helped write announcing that it had appointed Defendant as Chief Technology Officer. (Dkt. No. 67-1; Dkt. No. 59 ¶ 4.) Defendant listed himself as Chief Technology Officer of Music Group on his LinkedIn page, as well. (Dkt. No. 68-1; Dkt. No. 68-2 at 14.) Defendant used the email address "" for correspondence. (See, e.g., Dkt. No. 63 ¶ 7.) Defendant worked more than the single 40-hour week contemplated schedule set forth in the Agreement as evidenced by his income, which exceeds the $5,000 monthly flat rate: Plaintiff paid Defendant $61,540 for 5 months of work in 2010, $189,958.86 in 2011, $240,240 in 2012, and $167,670 for eight months of 2013. (Dkt. No. 60 ¶¶ 4, 6 & Ex. A.)

In the course of his work pursuant to the Agreement, in September 2010 Defendant drafted the status report referred to in Section 2 of the Agreement, labeled "IS and IT Strategy Document," and provided it to Plaintiff. (Dkt. No. 52 ¶ 5; Dkt. No. 49-1 at 32, 38.) In the report, Defendant identified certain problems with Music Group's systems and set forth a strategy for moving forward. (Dkt. No. 70-5 at 55-57.) Some [*8]  of the problems Defendant identified in this report--namely, (1) IT/IS projects were "incompletely implemented, or misimplemented"; (2) a "high degree of fragmentation in the currently implemented systems"; (3) the "current systems are not updated or upgraded"; and (4) the "[i]nfrastructure is not centrally managed"--were also identified by Presidio, Inc. ("Presidio"), the company Plaintiff hired to assist in its recovery following the cyber attack, as barriers to recovery. (Dkt. No. 59 ¶ 12; Dkt. No. 70-5 at 63.)

During the course of his work, Defendant also signed contracts with third party companies as Music Group's Chief Technology Officer and without first consulting with Behringer. (Dkt. No. 59 ¶ 8; Dkt. No. 70-4 at 8.)

Within the company, Defendant reported to Behringer regularly about his work with the IT and IS departments. (Dkt. No. 59 ¶ 9.) According to Behringer, during those conversations Defendant regularly assured him that the IT and IS systems and infrastructure were secure. (Id.) Defendant made similar representations to the employees of the IT and IS departments. In July 2013 when Plaintiff suffered a network outage, Defendant emailed all Music Group employees, noting that the stability [*9]  of the company's infrastructure was his responsibility. (Id. ¶ 10; Dkt. No. 67-2 at 2.) Defendant's email footer listed him as the company's Chief Technology Officer. (Dkt. No. 67-2 at 3.)

According to Behringer, all company employees who worked on cyber security reported up the chain of command to Defendant. (Dkt. No. 59 ¶ 7.)

3. The Music Group IT/IS Department

Defendant also advised Plaintiff to hire a team of technology professionals. (Dkt. No. 52 ¶ 6.) Plaintiff heeded that recommendation, hiring Jim Ratchford as Senior Vice President of Technology and Tim Driggers as Global Vice President of Technology Operations. (Dkt. No. 49-11 at 4-5.) Driggers had over 20 direct reports in the company's network technology department. (Id. at 9.) Among them were two individuals Driggers hired, Employee 1 and Employee 2, who both worked out of Music Group's United Kingdom offices. (Id. at 11-12.) Employee 1 was "the manager directly in charge of the network security[.]" (Id. at 12.) Employee 1 reported to Employee 2, who in turn reported up the chain to Driggers. (Id.)

At some point prior to the cyber attack, Defendant recalls recommending to Behringer that Employee 1 and Employee 2 be fired. (Dkt. No. 49-13 at 4; Dkt. No. [*10]  49-9 at 30.) Music Group did not heed the suggestion at that time.4 (Dkt. No. 49-9 at 30.)

4   Behringer recalls Defendant recommending that Employee 1 be fired after Employee 1 filed a complaint against Defendant with Human Resources. (Dkt. No. 49 ¶ 15.) Employee 1 was eventually terminated after he failed to appear for a meeting with Human Resources regarding that inquiry in August 2013, before the cyber attack occurred. (See Dkt. No. 68-3 at 17-18.) Defendant also recommended that Employee 2 be fired. (Dkt. No. 51 Ex. 4.) Employee 2 was transferred to out of the IT/IS department into a different division at Music Group and stripped of his network administrator rights before the cyber attack occurred. (Id. at 22-23.) Like Employee 1, Employee 2 was eventually terminated after the cyber attack when he failed to appear at a meeting with Human Resources regarding an administrative investigation.

3. The Cyber Attack & its Aftermath

On August 17, 2013, Plaintiff's computer network was subject to an intentional cyber attack. (Dkt. No. 49-13 at 4-5.) The cyber attack rendered Plaintiff's IT and IS systems inaccessible both internally and externally for about one month and destroyed much of its data.5 (Dkt. [*11]  No. 59 ¶ 11; Dkt. No. 63 ¶ 8; Dkt. No. 49-15.) The IT and IS systems themselves were inaccessible for even longer. (See Dkt. No. 63 ¶ 8.)

5   Specifically, by August 18, 2013, all switches and routers in Music Group's data center and offices worldwide were "wiped clean of their configuration, rendering them unusable." (Dkt. No. 49-15 at 2.) A number of servers were also wiped clean and rendered unusable. (Id.) In addition, the company's "Active Directory" was completely wiped out of all user accounts, save four. (Id.)

At Defendant's suggestion, Behringer retained Presidio to assist with data recovery efforts. (Dkt. No. 59 ¶ 12.) Presidio manager Phil Crook urged Behringer to fire Defendant (as well as Ratchford) because they were hindering and jeopardizing Presidio's recovery efforts. (Id.) Behringer apparently heeded that recommendation: Plaintiff sent Defendant a termination letter dated August 28, 2013, which stated in relevant part that Defendant's "services to the Music Group . . . are no longer required" effective August 23, 2013. (Dkt. No. 51-5 at 2.) The termination letter directed Defendant to "immediately discontinue using all work products and other property that belongs to the [*12]  Company" and reminded Defendant of his "legal obligations to the Company, which survive beyond [his] service contract." (Id.)

Shortly after the cyber attack Plaintiff conducted an internal investigation and concluded that two IT employees had likely carried out the attack. (Dkt. No. 49-15 at 4 (identifying the two individuals as the only employees who fit the profile of individuals who might carry out such an attack; id. at 7 ("Our internal investigations are clearly pointing to our employees [Employee 2] and [Employee 1] as suspects.").) The report notes that the conclusions were reached "in the absence of a formal and thorough forensic investigation" and was instead based only on "inputs and comments . . . from [Music Group] staff who was most closely involved in the recovery effort." (Id. at 2.) Behringer reported the cyber attack to the police in the United Kingdom and identified two employees as the company's main suspects; Behringer later learned that one of them had been arrested, and then released after he denied involvement in the attack. (Dkt. No. 59 ¶ 12 & Ex. E.) Behringer avers that the company still does not know who perpetrated the cyber attack. (Id. ¶ 14.)




B. What Evidence the Court will Consider


1. Evidentiary Objections

a. Defendant's Objections


Finally, Defendant objects to Exhibits 1, 4 and to the declaration of Allison Dibley as inadmissible hearsay. Exhibit 1 is Defendant's LinkedIn page. Plaintiff cites this evidence to note that Defendant described himself as Chief Technology Officer of Music Group. The Court will consider the LinkedIn page only insofar as it is Defendant's description of himself as Chief Technology Officer, but not for the truth that Defendant was, in fact, Chief Technology Officer. See Fed. R. Evid. 801(d)(2). Exhibit 4 is a report labeled "Security Response" from [*24]  Presidio, the group hired to assist Music Group with its disaster recovery following the cyber attack. The Court will not consider the report.

Share this article:


Recent Posts