Exhibit A - The Am Law Daily · 2010. 12. 9. · January 12, 2009 until March 25, 2009 (recorded...
Transcript of Exhibit A - The Am Law Daily · 2010. 12. 9. · January 12, 2009 until March 25, 2009 (recorded...
-
Exhibit A
Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 1 of 99
-
Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 2 of 99
-
Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 3 of 99
-
Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 4 of 99
-
Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 5 of 99
-
Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 6 of 99
-
Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 7 of 99
-
Exhibit B (Filed Under Seal)
Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 8 of 99
-
Exhibit C
Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 9 of 99
-
,
IN THE MATTER OF UNIVERSITY SPORTS PUBLICATIONS, CO., INC., PLAINTIFF, VS. PLAYMAKERS MEDIA CO.; TERRY COLUMBUS; SHANE PITTA; AND DARNELL GENTLES, DEFENDANTS.
REPORT OF FINDINGS Prepared at the Direction of:
Dewey & LeBoeuf LLP Submitted by: Jeffrey G. Bolas Date: December 3, 2010
Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 10 of 99
-
REPORT OF FINDINGS
TABLE OF CONTENTS
I. INTRODUCTION ........................................................................................................................ 1
II. BACKGROUND AND CREDENTIALS ...................................................................................... 1
III. ANALYSIS OF PROVIDED LAPTOP ......................................................................................... 2
A. Data Analyzed and Overview of Findings ............................................................................ 2 B. Date of First Use of Laptop .................................................................................................. 3 C. Period of Laptop Inactivity ................................................................................................... 5 D. Evidence of Activity After Supposed Secure Storage of Laptop ........................................... 5 E. System Configuration and Usage Pattern ............................................................................ 6
IV. ANALYSIS REGARDING REMOVABLE USB JUMP DRIVE .................................................... 9
V. COMPARISON OF HISTORICAL SALES RECORDS ............................................................. 11
A. The Playmakers Spreadsheet ........................................................................................... 12 B. The Area Retailers Spreadsheet ....................................................................................... 13 C. The USP Sales Management System ............................................................................... 14 D. Review of Sales Records .................................................................................................. 15 E. Findings Regarding Sales Records Analysis ..................................................................... 17
VI. FORENSIC ARTIFACTS RELATED TO NETWORK ACCESS ............................................... 18
VII. CONCLUSION ......................................................................................................................... 20
EXHIBIT A ..................................................................................................................................... 23�
Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 11 of 99
-
REPORT OF FINDINGS
1
I. INTRODUCTION
1. Stroz Friedberg, LLC (“Stroz Friedberg”) was retained by Dewey & LeBoeuf LLP (“Dewey &
LeBoeuf”) on behalf of its client, University Sports Publications Co., Inc., (“USP”), to provide forensic data
preservation, technical consulting, and analysis in the matter of University Sports Publications, Co., Inc., vs.
Playmakers Media Co., et al., case number 09-CV-8206.
2. Specifically, Stroz Friedberg was asked to perform three tasks: (1) to preserve and analyze a
laptop computer provided by the defendant Shane Pitta; (2) to compare sales records in two spreadsheets
produced by Playmakers Media Co. (“Playmakers”) to electronically stored information in a USP sales
management system, and then to determine the extent to which the sales records in the Playmakers
spreadsheets matched data in the USP database; and (3) to describe generally some of the methods for finding
evidence on a computer’s hard drive that can establish whether that computer was used to access a computer
network remotely.
3. As set forth below, Stroz Friedberg found that: (1) forensic evidence on the laptop computer
directly contradicts sworn testimony by two of the defendants regarding the laptop and how it was used; (2)
forensic analysis of a provided USB jump drive finds evidence that apparent USP sales information was deleted
from the device months after Mr. Pitta received a preservation notice, contradicting his sworn testimony; and (3)
sales records produced by Playmakers are sufficiently similar to data from USP’s sales database to conclude that
the Playmakers data originated from the USP database, which further contradicts sworn testimony by Shane
Pitta. In addition, based on past experience, Stroz Friedberg is aware of numerous methods to identify forensic
artifacts on a hard drive that help establish whether a computer was used to access a network remotely.
II. BACKGROUND AND CREDENTIALS
4. Stroz Friedberg is a technical services and consulting firm that assists its clients, including major
law firms and companies, in, among other things, the areas of digital forensics, cyber-crime response, and
electronic discovery. Stroz Friedberg is managed by former federal prosecutors and former federal special
agents with both government and private sector experience in traditional and cyber-based investigations, digital
forensics, data preservation and analysis, and infrastructure protection. Our staff of digital forensic examiners,
Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 12 of 99
-
REPORT OF FINDINGS
2
electronic security professionals, and private investigators joined Stroz Friedberg following careers in law
enforcement, the intelligence community, consulting, and academia.
5. Stroz Friedberg is remunerated on a time and materials basis, and remuneration is not dependent
upon the outcome of this litigation. The forensic examiner who performed or oversaw all analysis discussed in
this report is Jeffrey G. Bolas.
6. Jeffrey Bolas is an Assistant Director of Digital Forensics in Stroz Friedberg’s New York office.
His responsibilities include conducting data acquisitions and digital forensic analyses of personal computers,
servers, and mobile devices. He also supervises and coordinates the work performed by other digital forensic
examiners in the New York laboratory. He has provided testimony, expert reports, and declaratory evidence in
state and federal civil proceedings. Prior to joining Stroz Friedberg, Mr. Bolas worked as a Records Examiner in
the United States Attorney’s Office for the Eastern District of New York. He holds a Bachelor of Arts degree in
computer science from Williams College and a Master of Fine Arts degree from Columbia University. He is an
EnCase Certified Examiner (EnCE) in the area of digital forensics. His curriculum vitae is attached to this Report
as Exhibit A.
7. The issues and findings in this report are based in part upon the same facts discussed in two
affidavits previously submitted in this matter, namely: the Affidavit of Jeffrey G. Bolas, dated May 10, 2010; and
the Second Affidavit of Jeffrey G. Bolas, dated June 18, 2010.
III. ANALYSIS OF PROVIDED LAPTOP
A. DATA ANALYZED AND OVERVIEW OF FINDINGS
8. On March 19, 2010, Stroz Friedberg received one laptop computer, sent by courier from counsel
for Playmakers at Boies Schiller & Flexner LLP. The laptop was a Hewlett-Packard Pavilion, model dv5-1235dx,
bearing serial number CNF8471LZ2 (“the Laptop”). It contained a 320 GB Fujitsu brand hard drive, bearing
model number MHZ2320BH and serial number K618T8A2TNEH. A forensic examiner for Stroz Friedberg
photographed the Laptop and its hard drive and created a complete and verified image of the Laptop hard drive.
The original Laptop was returned to counsel for Playmakers on June 2, 2010.
Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 13 of 99
-
REPORT OF FINDINGS
3
9. Additionally, Stroz Friedberg received transcripts of sworn testimony regarding the Laptop given
in depositions by two employees of Playmakers, Terry Columbus and Shane Pitta.
10.
Specifically, the forensic evidence shows:
a. the Laptop was not used before January 2009;
b. there is no evidence that the Laptop was used at all between March 25, 2009 and
July 31, 2009 at 11:03 p.m.;
c. a user with knowledge of Shane Pitta’s email passwords used the Laptop in early
August 2009, during the period immediately following its supposed surrender and secure storage
on July 31, 2009; and
d. the Laptop’s configuration, its documents, and its pattern of usage are inconsistent
with that of a work-issued computer used with any regularity for Playmakers business
B. DATE OF FIRST USE OF LAPTOP
11. The Laptop was found to have a system clock that was incorrectly set ahead by exactly one day,
plus or minus one minute, at the time Stroz Friedberg received the Laptop in March of 2010. The BIOS, or Basic
Input Output System, of the Laptop maintains the system clock, which is the clock used to record all timestamps
written to the file system. If a clock is incorrect, then the recorded dates and times on the computer are off by an
equivalent amount. Evidence exists in the Laptop’s System event log, in the form of multiple clock
REDACTED
REDACTED
REDACTED
Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 14 of 99
-
REPORT OF FINDINGS
4
synchronization errors, to confirm that the clock had been set ahead by one day since at least January 29, 2009.
For purposes of this report, the dates and times noted are accurate; that is, we have adjusted the erroneous times
recorded by the computer’s clock to account for the 24-hour difference between the system clock and the correct
time.
12. The Laptop that Stroz Friedberg received was configured to run the Home Premium edition of the
Windows Vista operating system (“OS”), which was pre-installed on this Laptop by the manufacturer. The
Windows Vista OS bears an installation date of November 27, 2008. No evidence was found indicating that an
earlier OS had been installed on the Laptop prior to that date, or that the computer was used before that date.
Additionally, the Laptop’s hard drive bears a manufacture date of October 31, 2008, further supporting the finding
that this Laptop and hard drive were not used by any user before that date.
13. The Laptop had only one user account active on it. That user account’s name is “Alison,” and it
was created and first used on January 12, 2009. For another reference point, Stroz Friedberg looked up the
publicly-available Hewlett-Packard warranty data for the Laptop using its serial number and found that its warranty
period lasted from January 12, 2009 through January 11, 2010.
14.
15. However, based on the installation date of the factory-installed OS, the hard drive manufacture
date of October 31, 2008, the commencement of the warranty period on January 12, 2009, and the creation of the
sole user profile “Alison” on that same date, it is Stroz Friedberg’s opinion that the Laptop computer was not
turned on, set up, and registered until January 2009.
REDACTED
REDACTED
Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 15 of 99
-
REPORT OF FINDINGS
5
C. PERIOD OF LAPTOP INACTIVITY
16. Stroz Friedberg reviewed the Laptop’s event logs and the timestamps associated with files on the
Laptop in order to establish a general timeline of its use. The earliest recorded user activity is on January 12,
2009, which is when the account “Alison” was created. The user Alison used the Laptop intermittently from
January 12, 2009 until March 25, 2009 (recorded erroneously as March 26). Event logs record no activity for this
computer between the time it was turned off on March 25, 2009 and the next time it was turned back on again, on
July 31, 2009. On that date, at 11:03 p.m., a user turned on the Laptop and logged in as “Alison.”
17. The Laptop was then used intermittently between July 31, 2009 at 11:03 p.m. and August 4,
2009. The last recorded user activity is on August 4, 2009, which is recorded erroneously as August 5. The
Laptop appears to have been placed into hibernation mode on that date, after which, over the course of the next
several days, it automatically activated itself periodically to attempt automated Windows system updates. No
evidence was found of files created or modified as a result of user action or any other user-related activity after
August 4, 2009 at 9:05 a.m. The last recorded automated change to any file on the Laptop is on August 15, 2009.
There is no evidence that the laptop was ever turned on again after that date.
18. The overall pattern of activity suggests that this Laptop was used only during the first three
months of 2009, after which it was not powered on again until July 31, 2009 at 11:03 p.m., which is late on the
day on which Playmakers received the preservation hold notice from USP’s attorneys.
19.
However, Stroz Friedberg did not find any evidence of user activity on July 31, 2009 until
11:03 p.m.,
D. EVIDENCE OF ACTIVITY AFTER SUPPOSED SECURE STORAGE OF LAPTOP
20.
REDACTED
REDACTED
REDACTED
Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 16 of 99
-
REPORT OF FINDINGS
6
21.
22. Stroz Friedberg examined the Laptop’s hard drive for evidence to corroborate the timeline
established by the above statements. The Laptop contains evidence, found in the history of the Internet Explorer
web browser, that Mr. Pitta, or someone using his login credentials, accessed the mailbox of user SPitta on
Playmakers’ secure webmail site on August 2, 2009 and August 4, 2009. Specifically, on August 4, 2009 at
approximately 8:43 a.m., a user of the Laptop browsed to http://mail.playmakersmedia.com, logged into the
secure webmail site, and viewed the Inbox for user SPitta. At approximately 8:45 a.m. on the same morning, the
user of the Laptop logged into the Gmail account [email protected]. The user then downloaded a single Excel
workbook, entitled updated_anadirectory.xlsx. Multiple copies of this spreadsheet were created in the web
browser cache and in the Downloads and Desktop directories for the user Alison. This is the sole Microsoft Office
document on the Laptop, as described more fully below.
23.
E. SYSTEM CONFIGURATION AND USAGE PATTERN
24. Computers running Windows operating systems must have a computer name assigned to them
for the purposes of identification. Computer names are typically assigned by the IT administrator of a business or,
REDACTED
REDACTED
REDACTED
Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 17 of 99
-
REPORT OF FINDINGS
7
in the case of a personal computer, the first user of that computer. The computer name assigned to this Laptop is
“ALISON-PC.” Moreover, the Registered Owner for the Laptop is listed as “Alison” and, as noted above, the sole
user account on the Laptop also is named “Alison.” The “Alison” account has a property called “FullName” that
can be set by a user; the FullName field for the Alison account currently is set to “Shane.” No other evidence was
found to indicate that an account containing the name “Shane” or “Pitta” ever existed on this machine.
Whoever
configured the Laptop in January 2009 did so in a way that clearly attributed ownership and control to Ms. Lozito,
not Mr. Pitta.
25. Stroz Friedberg reviewed the files and Internet browsing history on the Laptop in order to gain
more specific knowledge about how it had been used. The user of the Laptop used Microsoft’s Internet Explorer
for web browsing, and records remain on the Laptop that provide information about the history of websites visited
between January and March 25, 2009, and then again from July 31, 2009 through August 4, 2009. As noted
previously, there is no evidence of any user activity between March 25, 2009 and when the computer was turned
on again at 11:03 p.m. on July 31, 2009.
26. The primary use of the computer appears to have been for web browsing, and the greatest
number of observed artifacts from browsing relate to the website Facebook. The name of the Facebook account
that the user logged into is a combination of two proper names: “Alison Lozito Shane Pitta.”
27. As discussed above, there are references in the Internet Explorer history evidencing access to
Mr. Pitta’s Playmakers email account on August 2 and August 4, 2009. There are also references in the Internet
Explorer history indicating that a user logged into Playmakers’ secure webmail site on February 8, 2009. Other
than these mail logins, there are notably few references to Playmakers or to Mr. Pitta anywhere on the Laptop
hard drive, apart from the occurrence of his name in Ms. Lozito’s Facebook account.
28.
REDACTED
REDACTED
REDACTED
Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 18 of 99
-
REPORT OF FINDINGS
8
29.
The version
of the Office suite installed on this Laptop is an edition named “Microsoft Office Home and Student 2007,” which
came pre-installed as a trial version on this Laptop by the manufacturer. The Home and Student edition of
Microsoft Office is licensed only for personal, non-commercial use by households. However, it appears that the
trial version of "Microsoft Office Home and Student 2007" on the provided Laptop was activated in August of
2009, after the computer was supposedly secured by Ms. Columbus. A Laptop user visited the website
trymicrosoftoffice.com on August 2, 2009 at 7:52pm, and a hexadecimal key was written to the computer in a file
named “Office2007TrialActivationKey.txt” seconds later. It is unknown if the software had ever been activated
before this time, but Stroz Friedberg found no evidence that any user-created Microsoft Word document had ever
been opened or saved on the Laptop.
30. Furthermore, the Laptop contained almost no user-created files of the most common types
created in work environments, such as email, documents, or spreadsheets. Not counting document templates
and default documents included with program installations, the Laptop contained zero Microsoft Word documents,
PowerPoint presentations, and Outlook email archives. It contained four identical copies of the single Excel
workbook referenced above, created on this Laptop four days after the preservation notice. No email or user-
created documents from any of the other major productivity software suites, such as Lotus or WordPerfect, was
REDACTED
REDACTED
REDACTED
Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 19 of 99
-
REPORT OF FINDINGS
9
found. Additionally, a review of the deleted, recoverable files on the Laptop found no recoverable remnants of
user-created document types or email.
31.
32.
The pattern of usage, along with the system configuration in the name “Alison,” is
more consistent with a laptop originally intended for personal use by Alison Lozito.
IV. ANALYSIS REGARDING REMOVABLE USB JUMP DRIVE
33.
34. Several months after the preservation and analysis of the Laptop, on October 18, 2010, Stroz
Friedberg received one removable USB flash drive, or “jump drive,” from counsel for Playmakers at Boies Schiller
& Flexner LLP. The jump drive was an 8 GB SanDisk Cruzer drive, internal serial number 35146102EE93459D
REDACTED
REDACTED
REDACTED
Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 20 of 99
-
REPORT OF FINDINGS
10
(the “Jump Drive”). It is our understanding that the provided Jump Drive is the device discussed in Mr. Pitta’s
deposition testimony. Stroz Friedberg created a complete and verified forensic image of the Jump Drive.
35. Unlike the provided Laptop, which showed almost no evidence of ever having been used for
work, the Jump Drive contained hundreds of user-created files, including Excel spreadsheets and documents in
Word and PDF format. The creation and modification timestamps associated with these files indicate that they
were stored and accessed on the Jump Drive between July 31, 2009, the first observed date of Jump Drive
usage, and March 23, 2010, the last observed date of usage. The Jump Drive contains active files and deleted,
recoverable files, as well as many dozens of references to files that have been deleted and overwritten during that
time period.
36. However, forensic analysis of the provided Jump Drive
demonstrates that it was never used during the time period of interest, and further that evidence apparently
relating to USP sales records was deleted months after the preservation notice was issued.
37. First, the Jump Drive shows no evidence of ever having been used before 10:55pm on the
evening of July 31, 2009, shortly after Mr. Pitta received the preservation notice. Based upon a review of creation
dates associated with the files and folders on the Jump Drive, Stroz Friedberg found that the first files and folders
on the Jump Drive were created at that time, when the Jump Drive was inserted into a computer and accessed.
38. Second, the first user-created files (e.g., spreadsheets and documents) were copied to the Jump
Drive on Saturday, August 1, 2009 at approximately 5:09pm. At that time, dozens of files were copied from an
unknown computer to the Jump Drive. No copies of or references to the files copied to the Jump Drive on the
evening of August 1, 2009 were found on the Laptop; therefore, the files were most likely copied to the Jump
Drive from another computer.
39.
When removable USB devices are first connected to a
REDACTED
REDACTED
REDACTED
Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 21 of 99
-
REPORT OF FINDINGS
11
Windows Vista machine via a USB port, records are created on disk and in the computer’s registry that record the
date of first connection, and in some instances, the serial number of the connected removable device. However,
in the review of the provided Laptop, Stroz Friedberg found no such records to confirm that any “jump drive” or
similar external USB storage device was ever directly connected to the Laptop.
40. Fourth, the Jump Drive contains references to dozens of deleted files, most of which are
unrecoverable. However, one file of particular note, an Excel workbook named “area retailers 2009.xls,” (the
“Area Retailers Spreadsheet”) is deleted but recoverable. This file was copied to the Jump Drive on the evening
of August 1, 2009, at approximately 5:09pm, from some other source, the day after Mr. Pitta received the
preservation notice. The file was last accessed on February 17, 2010. In order for a file to be accessed, it must
still exist on the Jump Drive. Therefore, the Area Retailers Spreadsheet still existed on the Jump Drive as an
active file on February 17, 2010 and was deleted at some point subsequently, at least six months after the data
preservation notice.
41. Finally, the deleted Area Retailers Spreadsheet contains advertising sales records that appear to
relate to historical sales by Mr. Pitta’s prior employer, USP. The analysis of these records is discussed below.
42. Stroz Friedberg also found a fragment of an Excel workbook in the unallocated space (or “free
space”) of the Jump Drive that appeared to contain additional records pertaining to USP sales. Stroz Friedberg’s
assessment that the deleted fragment relates to USP sales is based on the observation that it contained the
names of multiple New York professional sports teams and phrases that occur in USP’s database, as discussed
more fully below. However, the deleted fragment could not be reconstituted into a legible document, and it was
consequently excluded from the following analysis.
V. COMPARISON OF HISTORICAL SALES RECORDS
43. Stroz Friedberg was additionally asked to compare advertisement sales records in two
spreadsheets – one produced by Playmakers and the Area Retailers Spreadsheet found on the Jump Drive – with
REDACTED
Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 22 of 99
-
REPORT OF FINDINGS
12
electronically stored information in a USP sales management system, and then to determine the extent to which
any information in the spreadsheets’ records of sale matched the data in USP’s system.
44. As set forth below, Stroz Friedberg found that the information in the two Playmakers
spreadsheets is identical to the historical information in USP’s sales management system with respect to the
specific advertisement price charged to each particular customer for each particular publication, and it is nearly
identical with respect to customer contact information. Moreover, the USP and Playmakers sales records share
certain specific traits and irregularities in their punctuation, typographical errors, and data values that indicate that
they share a common origin.
45. Stroz Friedberg confirmed that the historical sales records at issue have existed in the USP sales
management system since at least February 2006 and further confirmed that the two Playmakers spreadsheets
were created on June 13, 2008 and February 13, 2009, respectively. The fact that USP’s copy of the sales
records pre-dates the same data produced by Playmakers strongly suggests that the Playmakers data was
copied from the USP database.
A. THE PLAYMAKERS SPREADSHEET
46. On April 29, 2010, counsel from Dewey & LeBoeuf provided Stroz Friedberg with a copy of two
documents produced by Playmakers,
The latter document is the Excel spreadsheet attached to the email,
originally named “Book1.xlsx” (“the Playmakers Spreadsheet”).
47. The Playmakers Spreadsheet,
contains 43 rows of information that appear on their face to be advertisement sales records. Each record
consists of fourteen data fields, including an individual’s first and last names, several fields containing that
person’s business address and phone number, and fields regarding the details of a particular advertisement sale,
including the price charged, the size of the advertisement, the name of the publication in which it was to appear,
REDACTED
REDACTED
Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 23 of 99
-
REPORT OF FINDINGS
13
and the year of publication. Based upon the years listed in the advertisement sales records, each record appears
to relate to an advertisement purchased for 2005, except for one purchased for 2003.
48. Excel spreadsheets can contain embedded metadata that provide a document’s creation date
and author. The Playmakers Spreadsheet lists “Shane Pitta” as its author, and it records an original creation date
of February 13, 2009 at 9:04 a.m. (EST).
49.
B. THE AREA RETAILERS SPREADSHEET
50. Stroz Friedberg also reviewed sales records in the Area Retailers Spreadsheet, a deleted Excel
workbook that was recovered on the Jump Drive as discussed above. The first spreadsheet in this workbook,
named “Sheet1,” contains 675 rows of information that appear on their face to be advertisement sales records.
The Area Retailers Spreadsheet contains exactly the same data fields as the Playmakers Spreadsheet and in the
same order, including an individual’s first and last names, several fields containing that person’s business address
and phone number, and fields regarding the details of a particular advertisement sale, including the price charged,
the size of the advertisement, the name of the publication in which it was to appear, and the year of publication.
The Area Retailers Spreadsheet also contains a fifteenth data field for each sales record that contains the type of
publication. Based upon the years listed in the advertisement sales records, each record appears to relate to an
REDACTED
REDACTED
Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 24 of 99
-
REPORT OF FINDINGS
14
advertisement purchased for 2005. The Area Retailers Spreadsheet lists Shane Pitta as the author and it records
an original creation date of June 13, 2008, at approximately 12:32 p.m (EST).
51. It is Stroz Friedberg’s understanding that the records in the Playmakers Spreadsheet and the
Area Retailers Spreadsheet (collectively, the “Playmakers Data”), which pertain to historical advertisement sales
for multiple New York professional sports teams, are sales that pre-date the formation of Playmakers in 2007,
Columbus Tr. at 80.
52. A third spreadsheet was found to contain advertisement sales records in the same format as
those records in the Playmakers Data. That file, was also found on the Jump Drive. The
sales records that it contains are a subset of the records found in the Playmakers Spreadsheet. Accordingly, no
separate analysis of the file was conducted.
C. THE USP SALES MANAGEMENT SYSTEM
53. On April 30, 2010, May 3, 2010, and November 16, 2010, a Stroz Friedberg forensic examiner
travelled to USP’s offices in Manhattan and met with Howard Goldfeder, the president of Databasaurus, a
technical consulting company that provides computer infrastructure and technical support to USP. The purpose
of the meetings was to learn how USP’s sales-related data is stored and then to obtain relevant sales records
from USP’s sales management system to compare to the data in the two spreadsheets in question. During those
meetings, Stroz Friedberg made copies of certain screenshots and query results from USP’s sales management
system on CD-ROMs, in order to compare their contents to the Playmakers Spreadsheet.
54. USP maintains a custom-built sales management system which is used for, among other things,
tracking calls by sales representatives to potential customers and documenting advertisement sales. The system
stores many kinds of data, including contact information for individuals at client businesses who authorize the
purchase of advertisements in USP’s various sports publications. The system is built upon a Microsoft SQL
Server database, which serves as the main data storage mechanism. The name of the database that stores USP
sales-related data is “uspdb.” It is Stroz Friedberg’s understanding that the sales management application at
USP, and its associated database named uspdb, have been in place at USP since at least 2003.
REDACTED
REDACTED
Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 25 of 99
-
REPORT OF FINDINGS
15
55. With Mr. Goldfeder’s assistance, Stroz Friedberg examined the tables within the uspdb database
that contain information regarding historical advertisement sales in USP’s sports publications. The tables were
identified that appeared to contain data fields corresponding to those data fields present in the Playmakers
spreadsheet, such as the names of contacts at client businesses, business addresses, and advertisement
descriptions. Working with Mr. Goldfeder, Stroz Friedberg constructed queries, or database search commands,
to identify any records in the USP database that might correspond to the records in the Playmakers spreadsheet.
56. In order to verify that the relevant records in the USP database system had not recently been
modified, Stroz Friedberg requested and obtained access to a restored copy of the uspdb database from an old
backup, dated February 8, 2006. According to the timestamps associated with the database backup file, the
database backup was created and last modified on February 8, 2006.
57. Running the queries against the 2006 backup of USP’s database returned records that matched
all the records in the Playmakers Data. For all advertisement sales records in both spreadsheets, the USP
system contained a matching record of an advertisement sale containing the same specific client contact, ad
price, ad size, and publication information.
58. Sales records in the USP database have additional properties beyond those listed in the
Playmakers Data. Among the additional properties that USP sales records have is the creation date of the record
in the database. Each of the matching records found within the USP database includes a creation date field
documenting the date that the sale was first entered into the USP database. All of the matching records bore
creation timestamps between 2003 and February 1, 2006.
59. It is Stroz Friedberg’s opinion that all sales records identified in USP’s database found to
correspond to the records in the Playmakers Data have existed in USP’s system since sometime before February
8, 2006.
D. REVIEW OF SALES RECORDS
60. Based on a line-by-line comparison of the 43 records in the Playmakers Spreadsheet and the 675
records in the Area Retailers Spreadsheet against the corresponding USP sales records, Stroz Friedberg found
Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 26 of 99
-
REPORT OF FINDINGS
16
that all records have identical entries with respect to the details of the advertisement sales; that is, the two
spreadsheets contain exactly the same information as the USP database records regarding the price paid by a
particular business contact for a particular advertisement in a particular publication in a particular year.
Discrepancies exist between the two data sets in 241 of the 675 records in the Area Retailers Spreadsheet as
well as in 14 of the 43 sales records in the Playmakers Spreadsheet. These discrepancies were limited to the
data fields containing company names, address fields, and telephone numbers, which are the fields most likely to
change over time, as well as the honorific used to address the contact. Notably, even when the name or address
of a company differed between the USP and Playmakers records, the name for the original contact individual
involved in the particular advertisement sale remained identical.
61. Several similarities exist between the structure and formatting of the data in the USP database
and the Playmakers Data. First, the convention used to describe a purchased advertisement is identical,
including capitalization, punctuation, and the fact that numbers are spelled out. For example, “Full Page, Four
Color” is one example of how an advertisement is described in both the USP and Playmakers data for the same
sale. Similarly, telephone numbers are formatted without dashes, parentheses, or periods in both the USP and
Playmakers data sets.
62. There are also several typos and formatting irregularities that recur precisely in the same manner
in corresponding records in the Playmakers and USP data. Specifically:
a. The Playmakers Spreadsheet lists a business address at
The business address data in the corresponding USP sales record
matches exactly, including its capitalization This identical spelling
in both data sets is particularly significant because it is a misspelling;
b. Similarly, the relevant USP database sales records include several incorrectly
spelled city names, such as
Identical misspellings occur in the corresponding sales records in the Area Retailers
spreadsheet.
REDACTED
REDACTED REDACTED
REDACTED
REDACTED
Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 27 of 99
-
REPORT OF FINDINGS
17
c. The Playmakers spreadsheet and Area Retailers spreadsheet list numerous
advertisement sales in 2005 at the rate of $0. These records presumably represent either an
error or free advertisement sales. The corresponding USP records also reflect ad rates of “0.”
d. The Playmakers Data includes a small number of business addresses,
that spell out the street number instead of representing it with numerals.
Identical addresses exist in the corresponding sales records in the USP database records.
e. A total of fourteen sales records in the USP data contain irregularities in the two-
letter state abbreviations, including the presence of extraneous punctuation
or the use of an irregular abbreviation
The corresponding records in the
Playmakers data exhibit the exact same irregularities.
f. One advertisement sale records the company purchasing an ad but uses the
placeholder string “xxxxx” in the address, city, and contact name fields. The placeholder occurs
in both the USP and Playmakers record for this sale.
g. Both data sets include records where the city is listed as or
including the comma. These are the only recorded city name entries followed by a
comma, and the anomaly occurs in both data sets within corresponding records.
h. Numerous other small commonalities occur, including the occasional use of the
honorific “Mr” without a period, as well as records with sales prices down to the cent.
E. FINDINGS REGARDING SALES RECORDS ANALYSIS
63. The information in the Playmakers Data is nearly identical to certain of the historical sales records
in the USP sales management database. In particular, the data fields relating to specific historical sales pricing
data and individual contact names are identical. The discrepancies that do exist are limited to individuals’
addressing and contact information. Given that both data sets contain nearly identical information, it is Stroz
Friedberg’s opinion that the USP and Playmakers data share a common origin.
64. The sales records in the USP database corresponding to the records in the Playmakers Data
were created on various dates between 2003 and 2005. Given that the same sales data in the USP database
REDACTED
REDACTED
REDACTED
REDACTED REDACTED
Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 28 of 99
-
REPORT OF FINDINGS
18
pre-dates the creation of the two Playmakers spreadsheets, and that identical formatting conventions and
typographical irregularities are common between specific records in both spreadsheets and the USP database,
Stroz Friedberg concludes that the sales information in the Playmakers Data was, at some point in time, copied
directly from USP’s sales database application.
65.
VI. FORENSIC ARTIFACTS RELATED TO NETWORK ACCESS
66. Stroz Friedberg was further tasked by Dewey & LeBoeuf to describe generally some of the
methods for finding evidence on a computer’s hard drive that can establish whether that computer was used to
access a computer network remotely. Remote access refers to a temporary connection to a private network, such
as one operated by a company, by a computer at some physical distance from the network and using the Internet
to mediate the connection. The following discussion assumes that the remote computer has been configured to
run one of the Microsoft Windows operating systems.
67. Numerous technologies and software applications exist that permit a remote user to access data
resources on a network. Generally, any such access requires that the network include a connection point
configured to accept remote connections. A remote computer then must be provided with specific configuration
details necessary to establish a connection to the network, which may include the IP address of the connection
point on the network, the name of the computer or service on the network to which it wishes to connect, and a
specific port number on that computer that is used to mediate traffic to remote computers. The remote user must
also provide authentication credentials, generally including a username and password at a minimum, in order to
be permitted access to protected network resources.
68. One common method for connecting to a network remotely is through the use of a Virtual Private
Network, or VPN. A VPN creates an encrypted “tunnel,” or protected connection, between the remote computer
REDACTED
Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 29 of 99
-
REPORT OF FINDINGS
19
and the corporate network, which in turn permits users to check email, access files, or perform other tasks
possible when physically connected to the network in the office. There are many software packages available
that can be used to create VPNs.
69. A second common method for connecting to a private network’s resources is through the use of
remote desktop software, which permits a remote user to view and interact with the desktop of a target computer
on the network. Once remote desktop access has been established, the remote user can access files or
information resources on the network as if he or she were physically present at the target computer’s console.
There are many software packages that permit remote desktop connections.
70. While VPNs and remote desktop sessions are among the most common methods for establishing
remote connections to a network, many other methods exist to access protected resources on a network,
including web-based access to email and internal web pages (using tools such as Outlook Web Access or
WebAuth and an Internet browser), file transfer programs, and other programs that accept connections from
computers outside the network.
71. Accordingly, if provided a computer hard drive and asked to review it for evidence of such remote
access, Stroz Friedberg would search for evidence of, including but not limited to, the following:
a. virtual private network, remote desktop, and similar applications currently or previously
installed on the remote computer;
b. configuration details, application logs, and digital certificates for such applications;
c. Windows registry entries relating to such applications;
d. references to the network, including IP addresses, computer names, and domain names;
e. specific user credentials necessary to gain access to the network;
f. evidence that an Internet browser was used to access resources on the network; and
g. forensic artifacts recovered in whole or in part from unallocated space on the hard drive
that pertain to any of the above types of evidence.
Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 30 of 99
-
REPORT OF FINDINGS
20
72. The computer’s hard drive also may contain remnants of specific files or other data accessed on
the network. If a computer were used to access a network remotely and copy data from it, the copied data may
still exist, in whole or in part, on the hard drive of the remote computer. The data may be available in the form of
whole and complete active files, or it may recovered by searching the free (or “unallocated”) space on the hard
drive. It is also possible that references to file names or file paths that are specific to the network exist on the
remote computer. For example, Windows computers frequently record references to recently accessed files in
the form of “link files” and registry entries. Accordingly, in addition to searching for forensic artifacts related to the
means of network access, Stroz Friedberg also would perform analyses including, but not limited to: searching for
data or remnants of data alleged to have been accessed remotely on the network; identifying any references to
file names and file paths specific to the network; and reviewing all available versions of the Windows registry for
references to such data.
73. The extent to which digital evidence exists and is recoverable from a hard drive is highly
dependent not only on the specific software applications of interest but also on the amount of time elapsed and
activity conducted between when the computer was used to access a remote network and the forensic
examination. Intervening activity on the computer may change the state of the hard drive in ways that render
some or all of the evidence of remote network connections unrecoverable.
VII. CONCLUSION
74. Regarding the provided Laptop, based on the foregoing facts and analysis, Stroz Friedberg
concludes that:
a. The usage pattern observed on the Laptop is consistent with a computer
configured for the first time on or about January 12, 2009 with an account for Alison Lozito,
REDACTED
Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 31 of 99
-
REPORT OF FINDINGS
21
b. The Laptop was used between January 12, 2009 and March 25, 2009. After
March 25, 2009, it was not used again until July 31, 2009 at 11:03 p.m., late in the day on which
Playmakers received a preservation notice from USP’s attorneys.
c. During the periods of usage from January 12, 2009 to March 25, 2009, the
computer appears to have been used for personal home use and, in particular, for web browsing.
d. The Laptop was turned on again on July 31, 2009 at 11:03 p.m. and used
intermittently over the next four days. The actions taken between July 31, 2009 at 11:03 p.m. and
August 4, 2009 include logins into Mr. Pitta's Playmakers email account and his personal Gmail
account, establishing that Mr. Pitta, or someone with knowledge of his email passwords, used the
computer during the period when the Laptop was supposedly being securely stored in Ms.
Columbus’s locked desk drawer.
e. The Laptop contains no user-created Microsoft Office documents other than the
one unique Excel spreadsheet downloaded to it via web-based email on August 4, 2009.
f. Stroz Friedberg found no evidence of a removable USB device having ever been
connected to the Laptop.
75. Regarding the provided Jump Drive, Stroz Friedberg concludes as follows:
a. the Jump Drive shows no evidence of having been
used before July 31, 2009, at 10:55pm;
b. the Laptop shows no evidence of having ever had the Jump Drive connected to it;
c. the files on the Jump Drive were copied to the device from some other source starting on
Saturday, August 1, 2009;
REDACTED
REDACTED
Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 32 of 99
-
REDACTED
Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 33 of 99
-
REPORT OF FINDINGS
23
EXHIBIT A
Curriculum Vitae for Jeffrey G. Bolas
Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 34 of 99
-
A S S I S T A N T D I R E C T O R , D I G I T A L F O R E N S I C S
JEFFREY G. BOLAS
Tel: 212.981.6542 � Fax: 212.981.6545 � [email protected] � www.strozfriedberg.com
32 Avenue of the Americas, 4th Floor, New York, NY 1001
PROFESSIONAL EXPERIENCE STROZ FRIEDBERG Assistant Director, Digital Forensics, January 2009 to Present Digital Forensic Examiner, January 2006 to January 2009 New York, NY Conduct digital forensic acquisitions and analyses of laptops, desktops, servers, and cellular phones in civil litigations, criminal matters, internal investigations, and computer incident response efforts. Consult with clients in matters involving spoliation claims, network intrusions, destruction of data, theft of trade secrets, source code review, electronic discovery remediation, and cybercrime response. Develop customized programming utilities for use in the processing and analysis of electronic data. Conduct large-scale electronic discovery involving the preservation, processing, and production of electronic data. Supervise forensic examiners in New York laboratory. Significant casework includes:
• Authored two expert reports and testified in federal court in the matter Gutman et al v. Klein et al. Established that a pattern of system alterations and obfuscations had occurred on laptop computer. Report and testimony formed underpinnings of judge’s default judgment for spoliation of electronic evidence, the first judgment of its kind in the Federal Second Circuit.
• Led team of source code reviewers in analysis and expert reporting of C++ source code relating to geolocation of Wi-Fi access points.
• Assisted with rapid implementation of supplemental transaction monitoring system to detect indicia of money laundering at a global bank.
• Conducted audit, data analysis, and remediation effort onsite at the
offices of an electronic discovery vendor in the United Kingdom following botched data restoration efforts. Identified process steps lacking control measures and specified new process to improve data quality.
• Led team of forensic examiners in multi-terabyte electronic discovery
matter of more than 120 custodians’ data in high-stakes litigation. Coordinated processing and load file production under urgent deadlines.
• Analyzed proprietary high frequency trading source code and performed timeline analytics on source code version control system in support of theft of intellectual property case.
• Authored additional multiple expert reports, declarations, and affidavits
regarding forensic inspections of computer hard drives, webmail access, and fax machine memory.
• Designed and programmed customized scripts to significantly improve
speed of email deduplication for productions in high-profile SEC investigation, resulting in significant time and cost savings for the client.
Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 35 of 99
-
A S S I S T A N T D I R E C T O R , D I G I T A L F O R E N S I C S
JEFFREY G. BOLAS
Tel: 212.981.6542 � Fax: 212.981.6545 � [email protected] � www.strozfriedberg.com
32 Avenue of the Americas, 4th Floor, New York, NY 1001
• Preserved and harvested terabytes of electronic data in Mexico from a
server and scores of laptops, desktops, and removable storage devices in a high-stakes civil litigation. Conducted on-site processing to facilitate attorney review and to protect confidential and sensitive client data.
UNITED STATES ATTORNEY’S OFFICE, E.D.N.Y. Records Examiner Brooklyn, NY 2004 to 2006
• Contracted by Computer Sciences Corporation (CSC) to the US Attorney’s Office, Eastern District of New York. Provided document management and technical support for Computer Associates prosecution, then the largest securities fraud case in the history of the District.
• Created and maintained mission-critical searchable document databases for prosecutors on the Computer Associates case. Led the conversion of all case documents to digital format.
• Supervised and managed the pre-trial discovery process for the
Computer Associates prosecution, producing millions of documents in electronic format.
KALLER’S AMERICA GALLERY Historical Writer/Project Manager New York, NY 2001 to 2004
• Researched, wrote, and edited several hundred historical backgrounds for donated manuscripts of the Gilder Lehrman Collection at the New York Historical Society.
• Acted as systems administrator. Created the office's first network and
backup systems. Developed corporate website and database. KENAN SYSTEMS CORPORATION Software Engineer Cambridge, MA 1997 to 1999
• Developed a customer demographics analysis module and designed user interface using Visual Basic with API calls.
• Led QA testing efforts on customer usage analysis and marketing tool.
Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 36 of 99
-
A S S I S T A N T D I R E C T O R , D I G I T A L F O R E N S I C S
JEFFREY G. BOLAS
Tel: 212.981.6542 � Fax: 212.981.6545 � [email protected] � www.strozfriedberg.com
32 Avenue of the Americas, 4th Floor, New York, NY 1001
EXPERT TESTIMONY June 2010: Testified regarding data wiping utility in United States District Court for the Southern District of New York. Gucci America v. Frontline Processing, Inc., et al. (case number 09-cv-6925). January 2010: Testified in state civil couty in Harris County, Texas, in employment dispute involving source code found on the personal media of former employee. July 2008: Testified as court-appointed independent expert on matters of spoliation in United States District Court for the Eastern District of New York. Gutman et al. v. Klein et al. (case number 03-cv-1570). EDUCATION
COLUMBIA UNIVERSITY M.F.A. Film, 2004. WILLIAMS COLLEGE B.A. magna cum laude, Computer Science, 1997.
CERTIFICATIONS
Encase Certified Forensic Examiner (EnCE), 2008 Guidance Software
PUBLICATIONS
“The IM Dilemma.” Inside Supply Management, June 2007.
TRAINING � STROZ FRIEDBERG Internal Training Program
Attend weekly in-house training presentations on digital forensics, cybercrime response, computer security, desktop and network forensics tools, and relevant legal topics. Lead training on numerous topics including dtSearch techniques, scripting in Python, forensic event timelining, and Mac forensics.
� Network Forensics, SANS Institute, June 2010. � What Works In Forensics and Incident Response Summit, SANS Institute, July
2009. � Advanced Malware Analysis, SANS Institute, December 2008. � Advanced Computer Forensics, Guidance, December 2007. � EnCase Intermediate Analysis and Reporting, February 2006.
12/10
Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 37 of 99
-
Exhibit D
Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 38 of 99
-
Wallace, Kevin C.
From: Wallace, Kevin C.Sent: Friday, July 31, 2009 1:33 PMTo: '[email protected]'Cc: Clark, Christopher J.Subject: Document Preservation NoticeAttachments: Scan001.PDF
12/2/2010
Mr. Columbus:
Please see the enclosed letter from Chris Clark.
KCW
------------------------------------------------------------Kevin WallaceDewey & LeBoeuf LLP1301 Avenue of the AmericasNew York, NY 10019Tel: 212 259 8537Fax: 212 259 [email protected]
Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 39 of 99
-
Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 40 of 99
-
Exhibit E
Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 41 of 99
-
Christopher Duffy
From: Christopher DuffySent: Friday, August 07, 2009 7:00 PMTo: [email protected]: University Sports Publications
Page 1 of 1
5/7/2010
Christopher,
I represent the New York Yankees. I have your 7/31/09 letter to Lonn Trost regarding your client’s allegations against Shane Pitta, who your letter asserts is an employee of Playmakers Media Corporation. Your client’s purported understanding that the Yankees own or control Playmakers Media Corporation is incorrect, and your letter is therefore misdirected. The Yankees do not possess any proprietary information belonging to your client. As to your threat to file litigation against the Yankees, any such litigation would be frivolous, and would expose your client to liability for fees incurred by the Yankees in responding to it.
Christopher E. DuffyBoies, Schiller & Flexner LLP575 Lexington AvenueNew York, New York 10022212-446-2366 (phone)212-446-2350 (fax)[email protected]
Case 1:09-cv-08206-RJH-DCF Document 48-6 Filed 05/07/2010 Page 1 of 1Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 42 of 99
-
Exhibit F (Filed Under Seal)
Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 43 of 99
-
Exhibit G (Filed Under Seal)
Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 44 of 99
-
Exhibit H (Filed Under Seal)
Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 45 of 99
-
Exhibit I (Filed Under Seal)
Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 46 of 99
-
Exhibit J
Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 47 of 99
-
Case 1:09-cv-08206-RJH-DCF Document 59 Filed 06/08/2010 Page 1 of 22Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 48 of 99
-
Case 1:09-cv-08206-RJH-DCF Document 59 Filed 06/08/2010 Page 2 of 22Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 49 of 99
-
Case 1:09-cv-08206-RJH-DCF Document 59 Filed 06/08/2010 Page 3 of 22Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 50 of 99
-
Case 1:09-cv-08206-RJH-DCF Document 59 Filed 06/08/2010 Page 4 of 22Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 51 of 99
-
REDACTED PURSUANT TO PROTECTIVE ORDER
Case 1:09-cv-08206-RJH-DCF Document 59 Filed 06/08/2010 Page 5 of 22Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 52 of 99
-
Case 1:09-cv-08206-RJH-DCF Document 59 Filed 06/08/2010 Page 6 of 22Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 53 of 99
-
Case 1:09-cv-08206-RJH-DCF Document 59 Filed 06/08/2010 Page 7 of 22Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 54 of 99
-
REDACTED PURSUANT TO PROTECTIVE ORDER
Case 1:09-cv-08206-RJH-DCF Document 59 Filed 06/08/2010 Page 8 of 22Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 55 of 99
-
Case 1:09-cv-08206-RJH-DCF Document 59 Filed 06/08/2010 Page 9 of 22Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 56 of 99
-
Case 1:09-cv-08206-RJH-DCF Document 59 Filed 06/08/2010 Page 10 of 22Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 57 of 99
-
Case 1:09-cv-08206-RJH-DCF Document 59 Filed 06/08/2010 Page 11 of 22Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 58 of 99
-
Case 1:09-cv-08206-RJH-DCF Document 59 Filed 06/08/2010 Page 12 of 22Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 59 of 99
-
Case 1:09-cv-08206-RJH-DCF Document 59 Filed 06/08/2010 Page 13 of 22Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 60 of 99
-
REDACTED PURSUANT TO PROTECTIVE ORDER
Case 1:09-cv-08206-RJH-DCF Document 59 Filed 06/08/2010 Page 14 of 22Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 61 of 99
-
REDACTED PURSUANT TO PROTECTIVE ORDER
REDACTED PURSUANT TO PROTECTIVE ORDER
Case 1:09-cv-08206-RJH-DCF Document 59 Filed 06/08/2010 Page 15 of 22Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 62 of 99
-
Case 1:09-cv-08206-RJH-DCF Document 59 Filed 06/08/2010 Page 16 of 22Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 63 of 99
-
REDACTED PURSUANT TO PROTECTIVE ORDER
Case 1:09-cv-08206-RJH-DCF Document 59 Filed 06/08/2010 Page 17 of 22Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 64 of 99
-
Case 1:09-cv-08206-RJH-DCF Document 59 Filed 06/08/2010 Page 18 of 22Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 65 of 99
-
REDACTED PURSUANT TO PROTECTIVE ORDER
REDACTED PURSUANT TO PROTECTIVE ORDER
Case 1:09-cv-08206-RJH-DCF Document 59 Filed 06/08/2010 Page 19 of 22Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 66 of 99
-
REDACTED PURSUANT TO PROTECTIVE ORDER
Case 1:09-cv-08206-RJH-DCF Document 59 Filed 06/08/2010 Page 20 of 22Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 67 of 99
-
Case 1:09-cv-08206-RJH-DCF Document 59 Filed 06/08/2010 Page 21 of 22Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 68 of 99
-
Case 1:09-cv-08206-RJH-DCF Document 59 Filed 06/08/2010 Page 22 of 22Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 69 of 99
-
Exhibit K
Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 70 of 99
-
UNITED STATES DISTRICT COURT SOUTHERN DISTRICT OF NEW YORK ----------------------------------------------------------------------X
UNIVERSITY SPORTS PUBLICATIONS CO., INC.,
Plaintiff,
-against-
PLAYMAKERS MEDIA CO., TERRY COLUMBUS, SHANE PITTA and DARNELL GENTLES,
Defendants.
::::::::::::
09-CV-8206 (RJH)
ORAL ARGUMENT REQUESTED
----------------------------------------------------------------------X
DEFENDANTS’ MEMORANDUM OF LAW IN SUPPORT OF MOTION TO DISMISS AMENDED COMPLAINT
January 11, 2010
BOIES, SCHILLER & FLEXNER LLP 575 Lexington AvenueNew York , New York 10022Telephone: (212) 446-2300
Attorneys for Defendants Playmakers Media Corp., Terry Columbus, Darnell Gentles and Shane Pitta
Case 1:09-cv-08206-RJH Document 20 Filed 01/11/2010 Page 1 of 23Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 71 of 99
-
TABLE OF CONTENTS
STATEMENT OF FACTS ..............................................................................................................1
LEGAL STANDARD......................................................................................................................3
ARGUMENT...................................................................................................................................4
I. THE CFAA CLAIMS, WHICH ARE THE SOLE PURPORTED PREDICATE FOR FEDERAL JURISDICTION, FAIL TO STATE A REMEDIABLE CLAIM. ..........4
A. The Amended Complaint Fails to Allege that Gentles or Pitta Accessed a Protected Computer Without Authorization.................................4
B. The Amended Complaint Fails to Allege that USP Suffered a Loss of Data or an Interruption in Service to a Computer. ...................................7
C. The Court Should Decline to Exercise Supplemental Jurisdiction over USP’s State Law Claims. ......................................9
II. THE DOCTRINE OF COLLATERAL ESTOPPEL BARS THE STATE LAW CLAIMS. ...........................................................10
III. EVEN ABSENT COLLATERAL ESTOPPEL, THE STATE LAW CAUSES OF ACTION EACH FAIL TO STATE A REMEDIABLE CLAIM................13
A. USP Has Failed to Properly Plead a Claim for Trade Secret Misappropriation. .............................................................14
B. USP Fails to Properly Plead a Claim for Unfair Competition. ..............................16
C. USP Fails to Properly Plead a Claim for Breach of Fiduciary Duty. ....................17
D. USP Fails to Properly Plead a Claim for Tortious Interference with Contract. ................................................................18
CONCLUSION..............................................................................................................................19
Case 1:09-cv-08206-RJH Document 20 Filed 01/11/2010 Page 2 of 23Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 72 of 99
-
Defendants Playmakers Media Corp. (“Playmakers”), Terry Columbus, Darnell Gentles,
and Shane Pitta (collectively, “Defendants”) respectfully submit this memorandum in support of
their joint motion to dismiss the Amended Complaint (abbreviated herein as “AC”) of plaintiff
University Sports Publications Co., Inc. (“USP”). Defendants move this Court to dismiss the
Complaint for lack of subject matter jurisdiction pursuant to Fed. R. Civ. P. 12(b)(1) and 18
U.S.C. §§ 1030(c)(4)(A)(i)(I) and 1030(g), and for failure to state a claim upon which relief may
be granted pursuant to Fed. R. Civ. P. 12(b)(6).
STATEMENT OF FACTS1
USP sells advertising space in sports souvenir magazines and yearbooks, as well as
publications relating to professional sports events. AC ¶ 13. USP purports to have an “extensive
computer database of customer leads and historical sales data.” AC ¶ 15. The “database” is a
list of names and addresses with information on past advertising purchases by customers and
potential customers. AC ¶¶ 15. USP makes the database available to its employees. AC ¶ 19.
The database is alleged to be maintained by a company called Databasaurus L.L.C.
(“Databasaurus”). AC ¶ 17.
USP alleges that defendants Columbus and Pitta were “aware” of the database, and that
Pitta “used the database” while he was employed by USP as a salesperson through 2006. AC
¶¶ 25-27. USP alleges that Gentles was “authorized to use and access” the database during the
relevant period because he was an employee “in USP’s information technology department.”
AC ¶ 30. USP alleges that while employed by USP, Gentles “helped to grant Pitta access to
USP’s computerized database, thereby providing him with information concerning USP’s
1 In accordance with the standards governing motions under Rule 12(b)(6), Defendants presume the truth of the Complaint’s well-pleaded factual allegations for purposes of making this motion (but only for purposes of making this motion).
Case 1:09-cv-08206-RJH Document 20 Filed 01/11/2010 Page 3 of 23Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 73 of 99
-
2
historical sales data from 1999 through 2007.” AC ¶ 31. Columbus, who is Pitta’s supervisor at
Playmakers, was allegedly aware that Pitta had access to information in USP’s database, and that
he purportedly provided some of that information to other Playmakers employees to utilize in
their own advertising sales. AC ¶ 36.
USP claims that it discovered that “the safety and security of its electronic data and
computer system was breached,” but does not allege when or how it made this purported
discovery. AC ¶ 38. It claims to have undertaken a “full technical audit by an outside vendor of
its information technology security systems to determine whether any damage had occurred,”
which purportedly cost “in excess of $1,500.” AC ¶ 39. USP does not identify the purported
“outside vendor.” AC ¶ 39.
Persons who are alleged to be “Databasaurus employees,” working on “behalf of USP,”
conducted an investigation of the computer systems utilized by USP in order to “determine
whether they had been damaged, ensure that they were in the same operating condition as they
were prior to the breach, determine how the unauthorized access could have occurred, and
evaluate potential remedial security measures to prevent further unauthorized access.” AC ¶ 40.
The alleged work of Databasaurus in this regard allegedly has resulted in a “cost to date” of
$4,500. AC ¶ 40. USP alleges vaguely that this cost “will be borne entirely by USP,” but does
not allege that USP has made any payments for the work. AC ¶ 40.
USP also purports to be “in the process of implementing remedial security measures in
response to the security audit and computer systems investigation.” AC ¶ 41. USP does not
allege that it has made any payments in connection with this purported work, offering nothing
more than “approximate” projections of the “total cost of these remedial measures.” AC ¶ 41-46.
Case 1:09-cv-08206-RJH Document 20 Filed 01/11/2010 Page 4 of 23Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 74 of 99
-
3
LEGAL STANDARD
Where a complaint contains no more than “naked assertions devoid of further factual
enhancement,” or the allegations demonstrate only an “unadorned, the-defendant-unlawfully-
harmed-me accusation,” then it fails to state a claim under Fed. R. Civ. P. 8. Ashcroft v. Iqbal,
129 S. Ct. 1937, 1949 (2009) (internal alterations omitted). “Threadbare recitals of the elements
of a cause of action, supported by mere conclusory statements, do not suffice.” Id. at 1949 (citing
Bell Atl. Corp. v. Twombly, 550 U.S. 544, 555 (2007)). Likewise, “where the well-pleaded facts
do not permit the court to infer more than the mere possibility of misconduct, the complaint has
alleged – but it has not ‘show[n]’ – ‘that the pleader is entitled to relief.’” Id. at 1950 (citing Fed.
R. Civ. P. 8(a)(2)). “To survive a motion to dismiss, a complaint must contain sufficient factual
matter, accepted as true, to ‘state a claim to relief that is plausible on its face.’” Id. at 1949
(citing Twombly, 550 U.S. at 570). In other words, in its complaint, “a plaintiff must provide the
grounds upon which his claim rests through factual allegations sufficient ‘to raise a right to relief
above the speculative level.’” ATSI Commc’ns, Inc. v. Shaar Fund, Ltd., 493 F.3d 87, 98 (2d Cir.
2007) (citing Twombly, 550 U.S. at 544).
In evaluating a motion to dismiss, courts draw on their “judicial experience and common
sense” to determine whether a complaint’s factual allegations nudge the claims “across the line
from conceivable to plausible.” Iqbal, 129 S. Ct. at 1950, 1951. Allegations that are “merely
consistent with” a defendant’s liability, or that raise a “sheer possibility” that a defendant has
acted unlawfully, are not sufficient to state a claim. Id. at 1949.
Case 1:09-cv-08206-RJH Document 20 Filed 01/11/2010 Page 5 of 23Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 75 of 99
-
4
ARGUMENT
I. THE CFAA CLAIMS, WHICH ARE THE SOLE PURPORTED PREDICATE FOR FEDERAL JURISDICTION, FAIL TO STATE A REMEDIABLE CLAIM.
A. The Amended Complaint Fails to Allege that Gentles or Pitta Accessed a Protected Computer Without Authorization.
The CFAA gives rise to liability only in situations where a defendant has accessed a
“computer” in a manner that is “without authorization or exceeds authorized access.” 18 U.S.C.
§ 1030(a)(2). The Act defines “computer” as “an electronic, magnetic, optical, electrochemical,
or other high speed data processing device performing logical, arithmetic, or storage functions,
and includes any data storage facility or communications facility directly related to or operating
in conjunction with such device.” 18 U.S.C. § 1030(e)(1) (emphasis added).
USP’s Amended Complaint fails to make any unambiguous statement that Gentles or
Pitta actually accessed a computer as defined by the CFAA – that is, a “data processing device” –
without authorization. Instead, USP offers roundabout allegations that Pitta accessed a
“database,” a “computerized database,” and “information” concerning USP’s historical sales.
AC ¶¶ 29-32. None of these descriptors, however, meets the definition of a “computer” under
the CFAA. E.g., Cenveo, Inc. v. Rao, No. 08-CV-1831, 2009 U.S. Dist. LEXIS 90798 (D. Conn.
Sep. 30, 2009); GWR Med., Inc. v. Baez, No. 07-1103, 2008 U.S. Dist. LEXIS 19629, at *12
(E.D. Pa. Mar. 13, 2008) (granting motion to dismiss CFAA claim because CD-ROM does not
meet statutory definition of “computer”). This interpretation is particularly apt here, in light of
the fact that the CFAA “is primarily a criminal statute” and thus must be “construed narrowly.”
Jet One Group, Inc. v. Halcyon Jet Holdings, Inc., 2009 U.S. Dist. LEXIS 72579, at *20-21
(E.D.N.Y. Aug. 14, 2009); see also, e.g., Lockheed Martin Corp. v. Speed, 2006 U.S. Dist.
LEXIS 53108, at *23 (M.D. Fla. Aug. 1, 2006) (explaining that, to the extent the CFAA contains
Case 1:09-cv-08206-RJH Document 20 Filed 01/11/2010 Page 6 of 23Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 76 of 99
-
5
ambiguous terms, “the rule of lenity, a rule of statutory construction for criminal statutes,
requires a restrained, narrow interpretation”).
The Amended Complaint is deliberately vague and circumspect about precisely what
Pitta did, and through what particular mechanism, that purportedly violated the CFAA. The only
reference to Pitta accessing a “computer” is an allegation that “Pitta accessed the information
through an icon located on the desktop screen of his laptop computer.” AC ¶ 31. See also id. at
¶ 32 (“The laptop computer Pitta used to access USP’s computerized database was his personal
laptop.”) (emphasis added). Use of one’s own computer, of course, cannot qualify as
unauthorized access.
By contrast, USP never alleges that Pitta logged onto or otherwise accessed a USP-owned
computer, or the USP computer network – because he did not. Notably, the Amended Complaint
does make reference to the “several centralized computer servers” that contain copies of the
database “in electronic form,” AC ¶ 17, but never once does it allege that Pitta accessed any of
these computer servers, or any other computer maintained by, or for, USP.2 Had Pitta done so,
then USP would offer a clear allegation of the circumstances of that access (i.e., the date and
time of the particular occasions). Absent such allegations of access to a USP computer, as
defined by the CFAA, no cause of action exists against Pitta.
Likewise, the Amended Complaint fails to allege that Gentles accessed a computer as
defined under the Act. It alleges that Gentles “provided information to Pitta,” and “helped to
grant Pitta access to USP’s computerized database, thereby providing him with information
concerning USP’s historical sales,” see AC ¶¶ 30, 31, but does not allege that he accessed a
2 USP’s assertion that its so-called “computerized database” is a “‘protected computer’ under the CFAA” is a bare legal conclusion entitled to no deference on a motion to dismiss. AC ¶ 56.
Case 1:09-cv-08206-RJH Document 20 Filed 01/11/2010 Page 7 of 23Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 77 of 99
-
6
computer as defined under the Act.3 Even if allegations regarding Gentles accessing a
“computerized database” could be deemed to constitute a proper allegation of “access[ing] a
computer” under the Act, the Amended Complaint would still fail to state a claim because it
expressly concedes that “Gentles was authorized to use and access USP’s computerized database
in the course of his employment.” AC ¶ 30. As many courts have held, the CFAA does not
apply to situations where an employee accessed his employer’s computer with authorization,
even if the employee misused or misappropriated information obtained from the computer. E.g.,
Jet One Group, Inc. v. Halcyon Jet Holdings, Inc., No. 08-CV-3980 (JS) (ETB), 2009 U.S. Dist.
LEXIS 72579, at *19 (E.D.N.Y. Aug. 14, 2009) (dismissing employer’s CFAA claim against
former employee, and noting that “limited Congressional intent in passing the CFAA” was to
“prohibit[] people from ‘hacking’ into someone else’s computer system.”). Situations where an
authorized user is “misusing and misappropriating information that he was freely given access
to” do not constitute “access without authorization” or “exceed[ing] authorized access” as
required to state a CFAA claim. Id. at *16-17 (emphasis in original); see also, e.g., Shamrock
Foods Co. v. Gast, 535 F. Supp. 2d 962 (D. Ariz. 2008) (granting motion to dismiss and rejecting
argument that CFAA provides civil action for employee’s authorized access of computer with
improper purpose, because such interpretation “would greatly expand federal jurisdiction by
conferring a federal cause of action whenever an employee accesses ‘the company computer
with “adverse interests” and such access causes a statutorily recognized injury.’”) (quoting
Lockheed Martin Corp. v. Speed, No. 05-cv-1580-Orl-31KRS, 81 U.S.P.Q.2D (BNA) 1669,
3 The Amended Complaint’s bare allegation that “Gentles intentionally accessed USP’s computer database without authority or in excess of his authority” is nothing more than an effort to parrot the elements of a civil CFAA claim. It is unsupported by any well-pled factual allegation, and for the reasons discussed above, does not constitute an allegation that Gentles accessed a “computer” as that term is used in the Act, i.e., a “data processing device.”
Case 1:09-cv-08206-RJH Document 20 Filed 01/11/2010 Page 8 of 23Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 78 of 99
-
7
2006 U.S. Dist. LEXIS 53108, at *22 (M.D. Fla. Aug. 1, 2006). For this reason as well, the
Amended Complaint cannot be deemed to state a claim against Gentles under the CFAA.
B. The Amended Complaint Fails to Allege that USP Suffered a Loss of Data or an Interruption in Service to a Computer.
The CFAA is primarily a criminal statute, and provides a civil right of action only to a
“person who suffers damage or loss by reason of a violation of” the Act. 18 U.S.C. § 1030(g).
The Act defines “damage” as “any impairment to the integrity or availability of data, a program,
a system, or information.” 18 U.S.C. § 1030(e)(8). Here, the Amended Complaint does not
allege that USP ever lost the ability to access any data. Thus, USP cannot premise a private right
of action on the proposition that it suffered “damage” as defined in the Act.4
The CFAA defines “loss” as “any reasonable cost to any victim, including the cost of
responding to an offense, conducting a damage assessment, and restoring the data, program,
system, or information to its condition prior to the offense, and any revenue lost, cost incurred, or
other consequential damages incurred because of interruption of service.” 18 U.S.C.
§ 1030(e)(11).5 “Courts have consistently interpreted ‘loss’ to mean a cost of investigating or
4 The absence of an allegation of “damage” means that USP’s assertion of liability pursuant to 18 U.S.C. § 1030(a)(5)(C) – which applies solely to conduct that “causes damage and loss” (emphasis added) – fails on its face. AC ¶ 54 (asserting liability under 18 U.S.C. § 1030(a)(5)(C)). USP’s assertions of liability under 18 U.S.C. §§ 1030(a)(2)(C) (at AC ¶¶ 50, 52) and 1030(a)(4) (at AC ¶ 51) fail because, among other reasons discussed herein, they are unmoored from an allegation of “loss” to USP that is related to an impairment in USP’s ability to access its computers or data contained thereon. 5 USP alleges that its purported “loss” consists of “a full technical audit by an outside vendor of its information technology security systems” with a cost “in excess of $1,500.” AC ¶ 39. It further alleges that employees of a purported third party, Databasaurus, conducted an “investigation of the computer systems utilized by USP” with a “cost to date”of $4,500.” AC ¶ 40. There is no allegation, however, that USP, as distinct from some other party not present in this litigation, has actually incurred these costs. Absent an allegation that these purported costs, as well as the “approximate” costs set forth at paragraphs 41-47, had actually been paid by USP as of the date that this action was filed, they are irrelevant to any effort by USP to satisfy the jurisdictional threshold of $5,000.
Case 1:09-cv-08206-RJH Document 20 Filed 01/11/2010 Page 9 of 23Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 79 of 99
-
8
remedying damage to a computer, or a cost incurred because the computer’s service was
interrupted.” Lasco Foods, Inc. v. Hall & Shaw Sales, Mktg., & Consulting, LLC, 600 F. Supp.
2d 1045, 1052 (E.D. Mo. Jan. 22, 2009) (internal alteration omitted). Thus, the focus of the Act
is on the continuity of access to data that is stored on a protected computer, and the continuity of
use of the protected computer itself. As one court has stated, “an interruption of service is
necessary if the victim is claiming a loss from revenue lost, costs incurred, or other consequential
damages.” Klein & Heuchan, Inc. v. Costar Realty Info., Inc., No. 08-cv-1227-T-30EAJ, 2009
U.S. Dist. LEXIS 35025, at *9 (M.D. Fla. Apr. 8, 2009) (granting motion to dismiss CFAA
claim); see also id. at *10 (“Since CoStar never alleges an interruption of service, CoStar cannot
maintain a claim that it suffered a loss from lost revenue, costs incurred, or other consequential
damages.”); but see id. at *8-9 (citing and declining to follow decisions that have interpreted
“loss” under CFAA to encompass matters other than interruption in service).
The Amended Complaint does not allege facts that trigger issues related to impairment of
data or interruption of service, and thus fails to allege that USP suffered a loss. E.g., Jet One
Group, Inc. v. Halcyon Jet Holdings, Inc., No. 08-CV-3980 (JS) (ETB), 2009 U.S. Dist. LEXIS
72579, at *22 (E.D.N.Y. Aug. 14, 2009) (granting motion to dismiss because complaint did not
connect allegations of alleged data theft “to any ‘impairment’ to its computer system, ‘damage
assessment,’ data restoration expense, or ‘interruption of service.’”); see also id. at *19-20
(explaining that Act’s “narrow definitions [of “damage” and “loss”] are wholly consistent with a
limited Congressional intent in passing the CFAA – prohibiting people from ‘hacking’ into
someone else’s computer system, an act which can corrupt ‘the integrity or availability of data, a
program, a system, or information’ or lead to ‘interruption of service.’”); Garelli Wong &
Assocs. v. Nichols, 551 F. Supp. 2d 704, 710 (N.D. Ill. 2008) (holding that “civil violation of the
Case 1:09-cv-08206-RJH Document 20 Filed 01/11/2010 Page 10 of 23Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 80 of 99
-
9
CFAA requires ‘impairment to the integrity or availability of data, a program, a system, or
information’ and ‘interruption in service.’”).
C. The Court Should Decline to Exercise Supplemental Jurisdiction over USP’s State Law Claims.
In light of USP’s failure to plead a cause of action under the CFAA, its claim for
conspiracy to violate the Act also fails as a matter of law. E.g., In re Orthopedic Bone Screw
Prods. Liab. Litig., 193 F.3d 781, 789 (3d Cir. 1999) (“The established rule is that a cause of
action for civil conspiracy requires a separate underlying tort as a predicate for liability.”). The
CFAA was the Amended Complaint’s sole purported basis for federal jurisdiction. AC ¶ 10
(stating under “Jurisdiction and Venue” heading that “suit is predicated on a violation of the
Computer Fraud and Abuse Act.”). If the Court deems the CFAA claims deficient, Second
Circuit precedent dictates that it should decline to exercise supplemental jurisdiction over the
remaining state law claims. As one court recently explained in dismissing state law claims along
with a CFAA claim, “the Second Circuit has held, as a general proposition, that if all federal
claims are dismissed before trial, the state claims should be dismissed as well.” Cenveo, Inc. v.
Rao, No. 08cv1831(JBA), 2009 U.S. Dist. LEXIS 90798, at *12 (D. Conn. Sep. 30, 2009)
(alterations and internal quotation marks omitted). This approach is all the more appropriate
here, where the New York County Supreme Court has already presided over a similar case
involving USP and Pitta, as discussed at P