Trusted Cloud Pty Limited v Core Desktop Pty Limited

Federal Court of Australia|2015-02-03|Before: Katzmann J

Order 2 of the orders made on 22 August 2014 be vacated upon the respondents giving the following undertakings to the Court, subject to the applicants giving the usual undertaking as to damages, the respondents' undertakings to apply until further order: (1) Should any respondent become aware of the existence of a Confidential Document in their possession or control, they will promptly cause that document, and any copies in their possession or control, to be given to the solicitor for the respondents on instructions to be kept confidential pending further order of the Court. (2) Each of the respondents, whether by themselves, their servants, their agents or otherwise, will not reproduce, publish, communicate to the public, or make an adaptation of any Copied Document (other than for the purposes of this proceeding). In these undertakings the following terms have the following meanings: "Copied Documents" means a document: (a) copied or taken from one or more of the applicants by or for any of the respondents the copyright in which is or appears to be owned or exclusively licensed to any of the applicants; and (b) a document comprising a reproduction of a substantial part of any document in paragraph (a); but (c) does not include any document that only contains personal information of any of the second to fourth respondents and does not relate to any of the second to fourth respondents' employment with any of the applicants. "document" includes: (a) any record of information mentioned in the definition of document in Part 1 of the Dictionary to the Evidence Act 1995 (Cth); and (b) any other material, data or information stored or recorded by mechanical or electronic means. "Confidential Document" means a document: (a) created on or before 20 August 2014 that contains information that is, or appears to be, confidential to any of the applicants; or (b) derived from confidential information in a document referred to in paragraph (a).
The interlocutory application filed by the respondents on 17 October 2014 otherwise be dismissed with costs.
The respondents file their defences by 6 March 2015.

IN THE FEDERAL COURT OF AUSTRALIA NEW SOUTH WALES DISTRICT REGISTRY GENERAL DIVISION NSD 856 of 2014

BETWEEN: TRUSTED CLOUD PTY LIMITED (ACN 083 688 340)

AND: CORE DESKTOP PTY LIMITED (ACN 161 054 691)

JUDGE: KATZMANN J DATE: 3 FEBRUARY 2015 PLACE: SYDNEY

REASONS FOR JUDGMENT 1 The five applicants are all members of the TPG Telecom group of companies ("TPG group"). The fourth applicant, TPG Telecom Limited ("TPG Telecom"), provides cloud computing services to business and government through the first three applicants - all wholly owned subsidiaries of TPG Telecom. A cloud computing service is a service for storing, accessing and retrieving computer data over the internet. Such services are generally operated from machines located in premises remote from the places where the data was created. 2 The first respondent, Core Desktop Pty Limited ("Core Desktop"), is a direct competitor of TPG in the cloud storage services market. The second to sixth respondents are either former directors or former employees of one or other of the applicant companies. Michael Amira (the second respondent), who was a director and shareholder of Trusted Cloud Pty Limited ("Trusted Cloud", the first applicant), Yong Chen (the third respondent and a former employee of the third applicant, Intrapower Terrestrial Pty Ltd to which I shall refer as "Intrapower Terrestrial") and Michael Papaconstantinou (the fourth respondent and another former employee of Intrapower Terrestrial) are shareholders of Core Desktop. 3 In this proceeding, launched by an originating application filed on 20 August 2014, the applicants claim that the second to sixth respondents stole their confidential information and intellectual property and that Core Desktop received or knowingly benefited from the use of that information. On the same day, the applicants also filed an interlocutory application seeking orders on an ex parte basis. Both applications were supported by an affidavit affirmed by Amanda de Ville on 19 August 2014. Ms de Ville is the Chief Information Officer of the TPG group and an employee of TPG Holdings Pty Limited, the fifth respondent. Exhibited to that affidavit was a large number of documents. 4 On 4 November 2014 the applicants filed a statement of claim pleading several causes of action against each of the respondents. They include breaches of contract, breaches of the equitable duty of confidence, contraventions of s 183 of the Corporations Act 2001 (Cth) and copyright infringement. 5 On 20 August 2014, on the basis of the evidence given by Ms de Ville, and upon the applicants giving the usual undertaking as to damages, I made a number of orders. They included: 5. Up to and including 5 pm on the Return Date or further order, each of the Respondents, whether by themselves, their servants, their agents or otherwise, be restrained from using, transmitting, disclosing or reproducing any of the Copied Documents (other than for the purposes of this proceeding). 6. Up to and including 5 pm on the Return Date or further order, each of the Respondents, whether by themselves or through their partners, employees, agents or others acting on their behalves or on their instructions or with their encouragement or in any other way, be restrained from: (a) altering or deleting any Copied Document or any Related Document on any Storage Medium in their respective custody, possession or control; (b) destroying or otherwise taking any step likely to interfere with the ability to retrieve data from any Storage Medium in their respective custody, possession or control; (c) removing from Australia any Storage Medium in their respective custody, possession or control. (Original emphasis.) 6 These orders were entered the following day. 7 On 22 August 2014 the respondents appeared by their lawyers and, by consent, I made the following orders: 1. Until further order, each of the Respondents, whether by themselves, their servants, their agents or otherwise, be restrained from using, transmitting, disclosing or reproducing any of the Copied Documents (other than for the purposes of this proceeding). 2. Until further order, each of the Respondents, whether by themselves or through their partners, employees, agents or others acting on their behalves or on their instructions or with their encouragement or in any other way, be restrained from: (a) altering, destroying or deleting any Copied Document or any Related Document on any Storage Material in their respective custody, possession or control; (b) destroying or otherwise taking any step likely to interfere with the ability to retrieve data from any Storage Material on which: (i) Copied Documents (ii) Related Documents; or (iii) materials copied or taken from any of the Applicants, were or are stored (including back-ups) in their respective custody, possession or control; (c) removing from Australia any Storage Material referred to in order 2(b). 3. By 5.00 pm on 2 September 2014, each of the Respondents serve on the Applicants a list, verified by affidavit, of the type and location of each Storage Material on which any: (a) Copied Documents; (b) Related Documents; or (c) materials copied or taken from any of the Applicants, were or are stored (including back-ups), and all information necessary (including user IDs and passwords) to access the documents. (Original emphasis.) 8 I also made other procedural orders and granted the parties liberty to apply on two days' notice. 9 The respondents contend that the orders extracted above (together, "the August orders") should not have been made. By an interlocutory application filed on 17 October 2014, they asked the Court to summarily dismiss the entire proceeding pursuant to s 31A(2) of the Federal Court of Australia Act 1976 (Cth) ("FCA Act"). To this end they sought an advance ruling under s 192A of the Evidence Act 1995 (Cth) that certain evidence should not be admitted at trial because it was obtained improperly or in contravention of an Australian law or in consequence of one or other of these circumstances. The interlocutory application purported to rely on ss 135, 136 and 138 of the Evidence Act but, as the case was argued, the respondents relied only on s 138. In the alternative, the respondents asked that the Court vacate the August orders for "material non-disclosure". 10 For the reasons that follow I am not satisfied that any of these orders should be made.

The legal basis for the respondents' application 11 The respondents' principal application was based on s 308H of the Crimes Act 1900 (NSW), which states: Unauthorised access to or modification of restricted data held in computer (summary offence) (1) A person: (a) who causes any unauthorised access to or modification of restricted data held in a computer, and (b) who knows that the access or modification is unauthorised, and (c) who intends to cause that access or modification, is guilty of an offence. Maximum penalty: Imprisonment for 2 years. (2) An offence against this section is a summary offence. (3) In this section: restricted data means data held in a computer, being data to which access is restricted by an access control system associated with a function of the computer. (Original emphasis.) 12 "Access" to data held on a computer is defined in s 308A of the Crimes Act to mean: (a) the display of the data by the computer or any other output of the data from the computer, or (b) the copying or moving of the data to any other place in the computer or to a data storage device, or (c) in the case of a program - the execution of the program. 13 It is common ground in the present case that the applicants had access to the data within the meaning of Part 6 of the Crimes Act. The questions here are: (a) whether the data was in fact "restricted data" within the meaning of s 308H(3); and (b) whether access to the data by the applicants was unauthorised. For this purpose s 308B of the Crimes Act states that access by a person is unauthorised if the person is not entitled to cause that access and not merely because the person has an ulterior purpose for doing so. A person causes any such unauthorised access if the person's conduct substantially contributes to it: s 308B(3). 14 Section 138 of the Evidence Act relevantly provides: 138 Discretion to exclude improperly or illegally obtained evidence (1) Evidence that was obtained: (a) improperly or in contravention of an Australian law; or (b) in consequence of an impropriety or of a contravention of an Australian law; is not to be admitted unless the desirability of admitting the evidence outweighs the undesirability of admitting evidence that has been obtained in the way in which the evidence was obtained. … (3) Without limiting the matters that the court may take into account under subsection (1), it is to take into account: (a) the probative value of the evidence; and (b) the importance of the evidence in the proceeding; and (c) the nature of the relevant offence, cause of action or defence and the nature of the subject-matter of the proceeding; and (d) the gravity of the impropriety or contravention; and (e) whether the impropriety or contravention was deliberate or reckless; and (f) whether the impropriety or contravention was contrary to or inconsistent with a right of a person recognised by the International Covenant on Civil and Political Rights; and (g) whether any other proceeding (whether or not in a court) has been or is likely to be taken in relation to the impropriety or contravention; and (h) the difficulty (if any) of obtaining the evidence without impropriety or contravention of an Australian law. Note: The International Covenant on Civil and Political Rights is set out in Schedule 2 to the Australian Human Rights Commission Act 1986. 15 Section 192A of the Evidence Act relevantly states that "[w]here a question arises in any proceedings … about (a) the admissibility or use of evidence proposed to be adduced; or (b) the operation of a provision of this Act or another law in relation to [that] evidence", then the court may, "if it considers it to be appropriate to do so, give a ruling or make a finding in relation to the question before the evidence is adduced in the proceedings". 16 Section 31A(2) of the FCA Act enables the Court to give judgment for a respondent to a proceeding in relation to the whole or any part of the proceeding if the Court is satisfied that the applicant has no reasonable prospect of successfully prosecuting the proceeding or that part of the proceeding. For this purpose, s 31A(3) provides that it is unnecessary that the proceeding or the part of the proceeding be hopeless or bound to fail.

The respondents' case for interlocutory relief 17 The respondents' case was that: (1) the primary evidence to support the applicants' claims (a file list and associated metadata from the respondents' computer system) was obtained illegally (in contravention of s 308H of the Crimes Act); (2) for this reason the Court should not admit the file list and associated data into evidence at the trial; (3) because the primary evidence was obtained illegally, the evidence given by affidavit on behalf of the various respondents pursuant to consent orders made on 22 August 2014 was obtained in consequence of a contravention of an Australian law and ought also be excluded; (4) if these matters are established to the Court's satisfaction, the proceeding enjoys no reasonable prospects of success and should therefore be dismissed under s 31A of the FCA Act. 18 In the alternative, the respondents submitted that the August orders should be vacated because of the applicants' failure to disclose certain matters to the Court when applying for the ex parte orders.

The factual and evidentiary background 19 Before considering any of these questions it is necessary to provide the factual context for the dispute. Unless otherwise indicated, the following account is uncontroversial, at least for present purposes. 20 The TPG group provides a variety of services to business and government. Those services include allocating to a customer a portion of a server controlled by Trusted Cloud known as a "virtual server". Ms de Ville explained the nature of those services in her affidavit of 19 August 2014 ("first affidavit"): The customer's data and software applications (for example, Microsoft Office for documents, Outlook Express for emails, Internet Explorer for searching the Internet) are installed on and run off that virtual server. A customer is able to connect remotely to the virtual server (for example from a desktop or laptop computer) using a software program such as Citrix which requires the customer to provide a unique identifier and password. Once the customer has connected to the virtual server, the screen of the remote desktop or laptop computer will display the customer's software applications (which are running on the virtual server) and allow the customer to access their data (which is stored on a portion of a shared storage device owned by Trusted Cloud that has been allocated to the customer). 21 The services include responsibility for maintaining the security and operation of the virtual desktop and its connection to the customer's remote computers. The applicants also offer "cloud storage", which enables customers to store data remotely and to access and manage that data. I shall refer to the cloud services provided by the first three applicants collectively as the "Trusted Cloud business". 22 In the course of providing those services the applicants create and use a significant quantity of documents which contain commercially valuable and sensitive information, such as pricing information and customer preferences. They also keep confidential documents relating to their employees including details of their remuneration. The applicants take a number of steps to protect the information in these documents by, for example, including confidentiality provisions in employment agreements and restricting access to computer networks and information. 23 Trusted Cloud was first registered in 1998. At the time it was called "Wavenet Pty Ltd" ("Wavenet") and Mr Amira was its sole shareholder and director. It was he who established the business. The name of the company was changed to "Trusted Cloud Pty Limited" in 2010. In about February 2008 Intrapower purchased 51% of the issued share capital in Wavenet and in 2011 Intrapower was acquired by the TPG group. By 1 January 2013, Trusted Cloud became a wholly owned subsidiary of Intrapower. 24 After Mr Amira sold the Wavenet business to Intrapower in 2008, he became an employee of Trusted Cloud, serving first as managing director and later in two other senior management capacities. In the course of his employment with Trusted Cloud he was afforded access to a significant amount of information relating to the Trusted Cloud business (including commercially sensitive and confidential information). He had a contractual duty to protect the confidentiality of the information and not to misuse it. His contract of employment also contained a restraint of trade covenant and one of the causes of action alleged against him is that he breached that covenant by reason of his activities in connection with Core Desktop. 25 Mr Chen worked for the Trusted Cloud business from about April 2005 until February 2013, and Mr Papaconstantinou from about April 2010 until December 2012 with a hiatus of four or five months in the first half of 2012. As I have already indicated, both Mr Chen and Mr Papaconstantinou were employed by Intrapower Terrestrial. Both held managerial positions. Both were contractually bound to deliver up their employer's "confidential information, documentation of any description (whether in physical or electronic form) relating to the business of the Company and all other property of any description belonging to the Company … in [their] possession, power or control …". Both were prohibited from participating in any business activity outside their employment with Intrapower Terrestrial which could affect their duties or obligation to the company, from enticing or attempting to entice away from the company customers, employees or consultants, and from undertaking any activity which might conflict with the interests or business of the company. 26 Core Desktop was registered on 1 November 2012. The same day Mr Papaconstantinou was appointed secretary and sole director. The shares in Core Desktop are owned by three companies controlled by Mr Amira, Mr Chen and Mr Papaconstantinou. On 21 December 2012 - some seven weeks after he acquired the shares in Core Desktop - Mr Papaconstantinou tendered his resignation to Intrapower Terrestrial. Mr Chen followed suit on 7 January 2013, and Mr Amira, on about 14 January 2013. 27 Kyle Fraser worked for the Trusted Cloud business (employed by Intrapower Terrestrial) from about September 2010 to April 2013. He was employed first as a support engineer, and then as infrastructure engineer. In this latter role he was a member of the team managed by Mr Chen and was responsible for designing and developing computing and storage capabilities of Trusted Cloud. He tendered his resignation on 20 March 2013, giving four weeks' notice. Since he left Intrapower Terrestrial he has been employed by Core Desktop. The applicants allege, amongst other things, that Mr Papaconstantinou enticed both Mr Chen and Mr Fraser to leave Intrapower Terrestrial. 28 Each of Messrs Amira, Chen and Fraser had administrator access which enabled them to see and copy any information stored in the Trusted Cloud system. Mr Fraser's contract contained the same obligations in relation to confidential information and the same restrictions on the undertaking of business activities outside the Trusted Cloud business as those contained in the contracts of Messrs Chen and Papaconstantinou. 29 Andrew Quach's contract also contained those obligations. Mr Quach worked as a field network engineer for the Trusted Cloud business from about 19 September 2007 until 2 May 2014. His employer was TPG Holdings. Three days after he left the employ of TPG Holdings, he began working for Core Desktop as an onsite technical engineer. 30 One of Wavenet's and later Trusted Cloud's customers was the Melbourne Institute of Plastic Surgery ("MIPS"). Trusted Cloud provided virtual servers for MIPS to operate its software applications and on which to store its data. In hosting virtual servers for MIPS, Trusted Cloud maintained the security of the stored data, including restricting access to those virtual servers by requiring the use of usernames and passwords. 31 On about 24 July 2014 MIPS advised Trusted Cloud that it no longer wished to use Trusted Cloud's services. It appears from Ms de Ville's evidence that the position was confirmed on or about 12 August 2014. After that advice was given, Jonathon Mann, a project manager in the Trusted Cloud business, began to prepare to carry out disengagement services for MIPS. In accordance with Trusted Cloud's standard practice, he conducted an initial review of the MIPS virtual server hosted by Trusted Cloud in order to consider the scope of the disengagement process. Following that review he approached Ms de Ville about concerns he had about software installed on MIPS' virtual servers operated under the Trusted Cloud service. 32 The applicants did not file an affidavit from Mr Mann. The evidence concerning his conduct is hearsay, though admissible under s 75 of the Evidence Act as an exception to the hearsay rule. It was given by Ms de Ville on the basis of information and belief. 33 Mr Mann told Ms de Ville that he saw that a synchronisation software program, called "Super Flexible File Synchronizer" ("SFFS"), was installed on MIPS' virtual servers. It had been installed on 6 August 2014 - about a fortnight after MIPS had informed Trusted Cloud that it no longer wished to use its services. Synchronisation software is used to synchronise or copy files from one server to another. Trusted Cloud had not installed the software on MIPS' server. The synchroniser software appeared to be syncing data to a server with a remote IP address ("the remote server"). It turns out that was a Core Desktop server. 34 Mr Mann took screenshots which revealed a list of files awaiting transfer (synchronisation) from the Trusted Cloud administered server to the remote server. He also accessed the synchroniser software and programmed it to set up a reverse synchronisation of the files on the remote server. This generated a "job report" listing all the files on the remote server. At least 19 folders included Mr Amira's name in their title, 29 included Mr Chen's and 13 included "Kyle". Many of the files in these folders carried dates that preceded the resignations of Mr Amira and Mr Chen from the Trusted Cloud business. Ms de Ville expressed concern that they were documents upon which the two men worked during their employment in that business. 35 Amongst the titles to the files in folders bearing Mr Amira's name were "Cost Pricing", "Microsoft License Keys", "Employee plan" and "Copy of Wavenet revenue". Each of these titles corresponds to the titles of files belonging to the applicants and over which the applicants assert copyright. Ms de Ville's evidence was that these documents were also confidential. In the hands of a competitor, they posed a real threat to the applicants' business. One of Ms de Ville's concerns was that a competitor could use the information to target Trusted Cloud customers and undercut Trusted Cloud and she supplied a list of nine former Trusted Cloud customers whom she now understood to be Core Desktop customers. 36 Although she had not then had the opportunity to consider all the file names, Ms de Ville expressed concerns that material of the same kind might be found in other folders such as the "Yong Chen" folders. 37 There were also "pst" files, that is to say, Microsoft Outlook files which could include emails, contacts and calendar entries. Ms de Ville said she was concerned that Trusted Cloud emails including attachments could contain its confidential information. 38 Ms de Ville also provided some additional context for Mr Mann's conduct. She said that about four months before Mr Mann carried out his review, United Petroleum Pty Ltd ("United Petroleum"), another customer of Trusted Cloud, indeed, one of its largest, had asked Trusted Cloud to help it establish a connection between the United Petroleum virtual servers maintained by Trusted Cloud and a remote server used by United Petroleum, apparently maintained by a then unknown third party. The purpose of the connection was to enable United Petroleum to share information between the Trusted Cloud servers and the third party server. To establish the connection, TPG supplied an Ethernet connection and, with United Petroleum's agreement, assigned a number of IP addresses for the third party server. An IP address, Ms de Ville explained, is a unique numerical label assigned to a server that is connected to a computer network which uses the Internet Protocol for communication. One of the IP addresses assigned by TPG for the third party server was 10.50.254.251. This was the same IP address as that for the remote server to which MIPS files were being synchronised from the Trusted Cloud managed server. Mr Mann told Ms de Ville that he thought it was strange that the SFFS software installed on MIPS' server administered by Trusted Cloud was apparently syncing data to this remote IP address. No explanation was given for why he regarded it as strange, despite two separate requests from the respondents that the applicants provide it. The inference the applicants pressed upon the Court was that it was strange because it was the same remote IP address established for the use of United Petroleum, although there is no evidence that this information was known to Mr Mann. It is tolerably clear, however, as a result of Mr Mann's review, that the remote IP address was for a server being used by Core Desktop to store documents including documents, the copyright of which is allegedly owned by Trusted Cloud and which allegedly contain its confidential information. 39 Following the orders made on 22 August 2014, the respondents filed a number of affidavits. In his affidavit sworn on 2 September 2014 Mr Chen admitted to taking Trusted Cloud documents. He said at [5]-[6]: 5 In my former role as Infrastructure Manager at Trusted Cloud I was responsible for IT system integrity and had to be available at any time to manage system outage events. In order to achieve this I was required to keep a copy of IT system documents offsite and, if needed, use such files to help the Trusted Cloud system recover in the event of a catastrophic IT issue preventing access to on-site documents. I stored all such documents on a personal USB thumb drive which I generally carried with me. The USB thumb drive also included personal files of mine… 6 After I commenced work at Core Desktop, I needed to re-use the USB thumb drive for personal purposes and I offloaded all files from the USB thumb drive onto a NAS device in the Core Desktop office and I then reformatted the USB thumb drive. The NAS device was used for internal file sharing. Mostly it was used for off-loading files that were not needed to be stored on PCs. The NAS device was subsequently relocated to the Next DC data centre at Port Melbourne inside a rack used by Core Desktop in or around June 2013. 40 "NAS" is an acronym for Network Attached Storage device, which is a device used for internal file sharing. 41 Similarly, Mr Amira deposed in his affidavit of 12 September 2014 that all the data on his iMac computer, some of which dated back to his employment with Trusted Cloud, was moved across to the Core Desktop NAS device. 42 Mr Fraser, in an affidavit sworn on 2 September 2014, said that before he left Trusted Cloud he copied his personal folder from a directory on the Trusted Cloud NAS to a personal USB thumb drive and conceded that he might "inadvertently" have included files that he had created or worked on in the course of his employment with Trusted Cloud. He said that shortly after he started working for Core Desktop he uploaded the entire contents of this folder to the Core Desktop NAS. 43 Mr Quach, in an affidavit sworn on 17 October 2014, admitted to installing the SFFS software on 6 August 2014 in order to synchronise MIPS' data from the Trusted Cloud server to the Core Desktop NAS drive. He said that he did so with "vendor access" details supplied by Medical Wizard (a software supplier of MIPS) and documents annexed to his affidavit show that he obtained the "vendor access" details with the express authority of MIPS. 44 On 11 August 2014, Mr Quach tried to access the SFFS program installed on MIPS' server hosted by Trusted Cloud. Access was denied because the vendor access username and password had expired. It was the next day that Mr Mann conducted his initial review of the MIPS virtual server hosted by Trusted Cloud and saw that the SFFS software was apparently syncing data to a server with a remote IP address. 45 On 31 October 2014 Ms de Ville affirmed a second affidavit. Much of the evidence, if not all of it, was given in response to assertions, invitations or requests made on behalf of the respondents. 46 In that affidavit Ms de Ville gave the following additional evidence. Some of that evidence, it will be apparent, qualified or expanded upon the evidence given in her first affidavit. 47 The applicants allocated vendor (or administrator) access details to Medical Wizard to enable it to access the Trusted Cloud virtual server allocated to MIPS for the purpose of installing and maintaining the MediWiz software. The vendor access allocated to Medical Wizard was programed to expire automatically on 11 August 2014. 48 The applicants had used SFFS software to transfer data from customers' servers to the Trusted Cloud system but not to transfer data from one cloud service provider to another. 49 In conducting his review of the Trusted Cloud-hosted MIPS virtual server and in programming the SFFS to perform a reverse synchronisation, Mr Mann did not look at, copy or enter any passwords or login details for the SFFS software and any passwords in the SFFS software were hidden from his view. Ms de Ville explained with greater precision than appeared in the earlier affidavit what Mr Mann did to set up the reverse synchronisation process. She also said that Mr Mann cancelled the process before completion and deleted all files and partial files that had been transferred to the destination (that is, a Trusted Cloud storage device) without anyone viewing, opening or modifying them. 50 Annexed to the affidavit was a redacted copy of the managed services contract between MIPS and Wavenet dated 30 June 2009 under which Trusted Cloud provided its services to MIPS ("the MIPS contract"). 51 Amongst other documents also annexed to the affidavit were: emails disclosing that MIPS had informed Trusted Cloud on 24 July 2014 that it wished to disengage its services and confirming the following day that it wished to do so "after the next billing cycle (ie end 31 August 2014)"; correspondence passing between the solicitors for the parties; and redacted letters sent by Trusted Cloud to three of the nine customers in the list exhibited to Ms de Ville's first affidavit who were said to have left Trusted Cloud for Core Desktop. In each of those letters Trusted Cloud noted that the current services agreement had expired and, in accordance with that agreement, Trusted Cloud was giving written notice of its intention to terminate the agreement. Trusted Cloud did offer a new agreement but at a higher cost than the amount fixed by the expired agreement. In one case, the cost was more than three times greater. Ms de Ville stated that none of the remaining customers whom she had identified as having left Trusted Cloud for Core Desktop received such letters. She said she did not include this information in her first affidavit because she did not believe it to be relevant to the concerns she expressed there. She indicated that she adhered to this belief.

Additional procedural history 52 After the orders were made on 20 and 22 August 2014, additional orders were made by consent on 8 and 15 September 2014. Those orders were made in chambers. By those orders an independent computer expert was appointed and given permission to access the storage devices identified in the respondents' affidavits, create a forensic image of the contents of those devices (including any metadata and log files) and securely store those images. He was also authorised to take steps to permanently and irretrievably destroy documents or information in some of the electronic folders. Orders were also made to facilitate this process.

Some preliminary observations 53 Section 31A of the FCA Act gives the Court a discretion to give judgment for the respondents if the Court is satisfied that the applicants have "no reasonable prospect of successfully prosecuting the proceeding". To attain the degree of satisfaction sufficient to enliven the discretion, the proceeding need not be hopeless or bound to fail. Nevertheless, the power is one which must be exercised cautiously: Spencer v Commonwealth of Australia (2010) 241 CLR 118 at [24] (French CJ and Gummow J); at [60] (Hayne, Crennan, Kiefel and Bell JJ). French CJ and Gummow J said at [24]: The exercise of powers to summarily terminate proceedings must always be attended with caution. That is so whether such disposition is sought on the basis that the pleadings fail to disclose a reasonable cause of action or on the basis that the action is frivolous or vexatious or an abuse of process. The same applies where such a disposition is sought in a summary judgment application supported by evidence. As to the latter, this Court in Fancourt v Mercantile Credits Ltd [(1983) 154 CLR 87] said: "The power to order summary or final judgment is one that should be exercised with great care and should never be exercised unless it is clear that there is no real question to be tried". More recently, in Batistatos v Roads and Traffic Authority (NSW) [(2006) 226 CLR 256] Gleeson CJ, Gummow, Hayne and Crennan JJ repeated a statement by Gaudron, McHugh, Gummow and Hayne JJ in Agar v Hyde [(2000) 201 CLR 552] which included the following: "Ordinarily, a party is not to be denied the opportunity to place his or her case before the court in the ordinary way, and after taking advantage of the usual interlocutory processes. The test to be applied has been expressed in various ways, but all of the verbal formulae which have been used are intended to describe a high degree of certainty about the ultimate outcome of the proceeding if it were allowed to go to trial in the ordinary way." There would seem to be little distinction between those approaches and the requirement of a "real" as distinct from "fanciful" prospect of success contemplated by s 31A. That proposition, however, is not inconsistent with the proposition that the criterion in s 31A may be satisfied upon grounds wider than those contained in pre-existing Rules of Court authorising summary dispositions. 54 Their Honours went on to say at [25] that where, as here, "there are factual issues capable of being disputed and in dispute", summary dismissal should not be ordered at the behest of a respondent merely because the court concludes that the applicant is unlikely to succeed on those issues. 55 Before I consider this question, it is necessary to consider whether the evidentiary question should be decided now and, if so, whether it should be decided in the respondents' favour.

Should the Court rule now on whether to admit the applicants' evidence at the hearing? 56 Section 192A of the Evidence Act gives the Court the power to make an advance ruling on the admissibility or use of evidence proposed to be adduced. But there is a fundamental difficulty with the respondents' application. The proceeding is in its infancy. A defence has not yet been filed. At this stage we do not know what evidence the applicants propose to adduce. The evidence may include the evidence obtained as a result of the orders in question. It may not. As the applicants submitted, the evidence to be adduced at the hearing will depend on the issues. The issues cannot be known until, at the earliest, the pleadings have closed. The issues are also very likely to be influenced by documents obtained on discovery, subpoenas and/or notices to produce. There may also be other sources of evidence. It is unlikely that at the trial the applicants will be able to rely on the hearsay evidence adduced through Ms de Ville. If the applicants wish to rely on the contentious material at the trial, Mr Mann may have to give direct evidence. That evidence may or may not reveal evidence of impropriety or criminality. 57 In any event, whether or not the Court considers it appropriate to make such a ruling will be affected by the case management provisions in Pt VB of the FCA Act. More particularly, it will depend on whether it would best promote the overarching purpose of facilitating the just resolution of disputes according to law and as quickly, inexpensively and efficiently as possible. In my view, absent identification of the issues for determination at the trial and any indication or agreement as to the evidence that the applicants intend to call on that occasion, there is no useful purpose in making the ruling sought. There can be no savings in time or cost if the evidence sought to be excluded is never relied upon. 58 Furthermore, s 138(3) of the Evidence Act requires a court to take into account certain matters in deciding whether the desirability of admitting improperly or illegally obtained evidence is outweighed by the undesirability of doing so. Those matters include the probative value of the evidence and the importance of the evidence in the proceeding. As the applicants submitted, these questions cannot be decided in the abstract. Without knowing the issues to be determined at trial, let alone the evidence which the applicants intend to adduce, it is not possible to exercise the power conferred by the section. 59 The respondents' interlocutory application invoked ss 135 and 136 of the Evidence Act as well, but nothing was said about the operation of those provisions. In these circumstances, it is may be assumed that they did not seek to rely upon them. In any case, once again, without knowing the issues or the evidence that will be adduced at trial, there is no basis for considering the application of these sections either. 60 In short, the respondents' application is premature. 61 For these reasons, I do not consider it to be appropriate to give a ruling or make a finding in relation to the question raised. That does not mean that a ruling on the admissibility of evidence in advance of the hearing might not be appropriate at some stage. It merely means that it cannot or, at least, ought not be made now.

The application for summary dismissal 62 The respondents submitted that this conclusion did not foreclose the option of dismissing the proceeding because I could still be satisfied that there are no reasonable prospects that the applicants could succeed. In substance, the argument was that I would be persuaded that there was no reasonable prospect that the evidence would be admitted over the respondents' objection and that there was no reasonable prospect that the applicants would be able to fill the gap where the applicants have not indicated that there is any other evidence they could call. 63 For the reasons I mentioned above, however, I am not in a position to be satisfied one way or the other about whether the evidence obtained as a result of Mr Mann's activities should be excluded. The respondents submitted that the applicants have not identified any means by which they would seek to prove their case that is not causally linked to Mr Mann's actions. But there is no good reason why at this stage of the proceeding the applicants should give any indication of what their evidence will ultimately be. After all, as I have already observed, the evidence will be defined by the issues and the issues will not be apparent until the pleadings have closed and there are interlocutory processes that they might reasonably be expected to deploy to prove their case without recourse to any of the material Mr Mann obtained. Moreover, witnesses may come forward. 64 It follows that the application for summary dismissal should also be dismissed. 65 In these circumstances, the only question calling for resolution at this point is the respondents' alternative application to set aside the orders.

Should the August orders be set aside? 66 The basis for this application is that the applicants (and Ms de Ville in particular) failed to disclose certain information to the Court before the 20 August orders were made. No oral submissions were made on this point. The parties relied exclusively on their written submissions.

General principles 67 It was not in dispute that the Court has the power to set aside the orders. The Court may set aside an order after it has been entered if, amongst other reasons, it was made in the absence of a party or if it was interlocutory: Federal Court Rules 2011 (Cth), r 39.05. 68 The obligations of a party seeking ex parte relief are well established. Emmett JA summarised the position in Papas v Grave [2013] NSWCA 308 at [71]: A party asking, ex parte, for an injunction is under a duty to bring to the notice of the court all facts material to the determination of the entitlement of that party to the injunction, including facts adverse to that party. It is no excuse for that party to say that it was not aware of the importance of the facts. Utmost good faith is required of a party seeking to induce the court to act in the absence of another party. Thus, a party seeking ex parte relief will fail in its obligation to the court unless it bring forward all the material facts that the absent party would presumably have brought forward in opposing the application. The moving party must state its case fully and fairly and disclose the entirety of the facts relevant to the case. The party moving the court must give the court a faithful statement of its case (Thomas A Edison Ltd v Bullock [1912] HCA 72; (1912) 15 CLR 679 at 681-682). 69 More recently, in Geneva Laboratories Limited v Nguyen [2014] FCA 1270 at [38]-[41] Gleeson J referred to a number of other authorities in which the same point is made. 70 For a fact to be material in the relevant sense "it would have to be a matter of substance in the decision making process": Savcor Pty Ltd v Cathodic Protection International APS (2005) 12 VR 639 ("Savcor") at [35]. 71 It is common ground, however, that if material non-disclosure is established the Court is not bound to set aside the orders. The respondents drew attention to a passage in Savcor at [33] where Gillard AJA (Ormiston and Buchanan JJA agreeing) said: In my opinion a court does have a discretion to not set aside an order despite a material non-disclosure or misrepresentation of law or fact. Setting aside does not follow as a matter of course. Relevant to the discretion is whether the material non-disclosure was serious or otherwise the importance or weight that should be attached to the omitted fact in the decision making process and also any hardship if the order was set aside. The approach is different if the plaintiff has acted culpably in the sense that the omission to disclose relevant matters was done deliberately to mislead the court. The most likely result in those circumstances would be that the order would be vacated. 72 The respondents neglected, however, to refer to the paragraph that followed ([34]): Other relevant matters are delay in moving to have the order set aside resulting in prejudice which cannot be overcome, acquiescence under an order and, depending upon the particular order in question, the irregularity may be waived. 73 It is well-accepted that the discretion to set aside an order, even an interlocutory order, should be exercised with some caution having regard to the principle of finality of litigation. Exceptional circumstances must be shown and care must be taken in making that determination: Professional Administration Service Centres Pty Ltd v Commissioner of Taxation (2012) 295 ALR 52; [2012] FCAFC 180 at [53].

Issues 74 There are two issues here. The first is whether there was material non-disclosure. The respondents do not submit that the orders should be set aside for any other reason. The second is, in the event that there has been, what should be done about it. 75 I do not accept that there was material non-disclosure in this case. Nor do I accept that, even if there were, I should exercise the Court's discretion to set the orders aside on that account. In particular, I am not satisfied that the applicants deliberately sought to mislead the Court.

Was there material non-disclosure? 76 Six matters were said not to have been disclosed before the orders were made on 20 August when they should have been. 77 First, the respondents submitted that the applicants invited the Court to infer that some or all of nine customers had left Trusted Cloud for Core Desktop because of a misuse of confidential information by the respondents. The respondents contended that the applicants should have informed the Court that Trusted Cloud had written to three of those customers indicating that their services would be terminated unless they paid a higher rate for those services. This was said to be a material omission. 78 The submission was based on what Ms de Ville said in her first affidavit at [74] and [76]. At [74] she said: At the moment, I do not know the extent to which the Respondents have misused the Applicants' confidential information. The Trusted Cloud business conducted by the Applicants has recently lost customers to Core Desktop. I set out in 'Tab 11' of Confidential Exhibit MV-2 details of former customers of Trusted Cloud who have gone to Core Desktop together with the revenue lost to the Applicants. I am concerned that the Respondents will use confidential information of the Applicants to canvas, solicit, procure, or attempt to canvas, solicit or procure customers or prospective customers of the Applicants. (Original emphasis.) 79 At [76] Ms de Ville said: Once a customer is lost, it will be very difficult for the Applicants to re-acquire that business in the future. The cloud services market is increasingly competitive and any loss of customers and potential customers represents a serious threat to the ongoing success of the Applicants' business. This loss is not only in relation to the existing customers lost, but would enable the Respondents to build up a critical mass of customers to enable it to establish a reputation and on which it could further grow market share at the expense of the Applicants. It is not possible to directly measure the value of that reputation in monetary terms. 80 The applicants submitted that the respondents misread the evidence given at [74]. They pointed to the first sentence and argued that "it was clear beyond any doubt that the Applicants did not and could not make any submission as to how the Respondents had used confidential information beyond the fact that it had been copied to a Core Desktop computer". They also argued that neither in their evidence nor their submissions did the applicants state, either expressly or impliedly, that they had lost customers because the respondents had misused their confidential information. 81 I reject these submissions. While it is true that Ms de Ville did not state in terms that the respondents had used the confidential information in order to steal the applicants' customers, this was the inference that leapt from the page. After all, the starting point was that there was a risk that the respondents had misused, or would misuse, the information. In context, the relevant misuse was to benefit the business of Core Desktop to the detriment of Trusted Cloud. 82 Nevertheless, for two reasons, I do not regard the non-disclosure of the information in the letter from Trusted Cloud to have been material. 83 First, as the applicants pointed out, the fact that a customer had left Trusted Cloud because of its proposed rate increase does not explain why the customer went to Core Desktop rather than to any other cloud services provider. In her second affidavit Ms de Ville nominated six other providers to whom the customers could have turned. 84 Second, I did not rely on the evidence given by Ms de Ville concerning the loss of customers as proof that the respondents had misused the applicants' confidential information. Indeed, I made it clear to the applicants at the hearing of the ex parte application that I did not consider that Ms de Ville was able to say anything more than that each of the individuals and businesses listed in the exhibit to which the respondents referred was a decommissioned customer. This prompted the tender of further evidence to show that two of the applicants' customers - United Petroleum and MIPS - had gone to Core Desktop. That evidence consisted of emails dated respectively 16 June 2014 and 10 July 2014 in the case of United Petroleum and 16 July 2014 in the case of MIPS. Neither of those companies received a letter from Trusted Cloud notifying it of increases in the price of its services. 85 Secondly, the respondents submitted that the applicants invited the Court to infer that the only way the SFFS program could have been installed was by the respondents improperly accessing Trusted Cloud's server using administration access passwords which they had retained from their employment with the applicants. The respondents submitted that Ms de Ville should have disclosed that Trusted Cloud had made "vendor access" details available to the installers of the MediWiz software onto MIPS' allocated virtual servers and that she should have explained that it was the MediWiz data that was being synchronised to an external server using the SFFS software. The respondents also submitted that Ms de Ville should have disclosed that no password to which the respondents had access had been used to install the SFFS software because, in accordance with its usual practice with ex-employees, Trusted Cloud had disabled the user names and passwords of the second to sixth respondents. 86 This submission should also be rejected. As the applicants pointed out, its premise is that Core Desktop was entitled to install the SFFS software on MIPS' behalf. The evidence indicates otherwise. 87 Clause 3.4(c) of the MIPS contract prohibited MIPS from altering, interfering with, disabling or adding or removing any part of the "Wavenet IT Environment" or allowing any third party to do so or giving any third party access to the Wavenet IT Environment. The Wavenet IT Environment was defined in cl 1.1 to mean "that part of the information technology environment utilised by Wavenet to provide the Services and for which Wavenet is responsible but not including the Client IT Environment". The Client IT Environment was defined to mean "all aspects of Client's information technology environment for which Wavenet is not expressly stated in this Agreement to be responsible …". While the MediWiz software was part of the "Client IT Environment" as defined, it is not in dispute that the servers upon which the MediWiz software sat and the operating software enabling those servers to be used were part of the Wavenet IT Environment. 88 Consequently, it does not appear that MIPS and therefore Core Desktop on its behalf had any right to install the SFFS software onto the Trusted Cloud server. It follows that Ms de Ville's failure to disclose that Trusted Cloud had made "vendor access" details available to the installers of the MediWiz software onto MIPS' virtual servers was not a material non-disclosure. 89 Thirdly, the respondents submitted that Ms de Ville should have disclosed that synchronisation software is a known means of transferring data between two servers, that is to say, the software had a legitimate purpose consistent with use by a customer who was preparing to migrate to a new service provider. The respondents submitted that only in her second affidavit (served after the August orders were made) did Ms de Ville disclose that synchronisation software was in fact used by Trusted Cloud to transfer data from customers' servers to its own servers. 90 This submission must be rejected, too. Ms de Ville did not suggest in her first affidavit that synchronisation software was not legitimately used to transfer data between servers. Her concern was with the fact that Trusted Cloud had not installed the software and that installation could only be effected with administrator access. 91 Fourthly, the respondents submitted that, despite repeated requests to do so, the applicants have not sought to elaborate upon or explain what Mr Mann's concerns were or what he considered to be strange about the SFFS software located on MIPS' allocated virtual servers and no cogent explanation has been given as to why Mr Mann considered that he had any need to access any information on the third party server. 92 It is quite true that the applicants have never elaborated on Mr Mann's concerns or explained what he considered to be strange about the presence of the SFFS software on the Trusted Cloud administered MIPS servers. Indeed, not only have the applicants not done as the respondents requested but they did not respond to this submission other than by offering a possible rationale. Be that as it may, in the absence of any elaboration or explanation from Mr Mann, the statements of opinion attributed to him by Ms de Ville were entitled to little or no weight. While Mr Mann's state of mind might explain why he proceeded as he did, the statements about it in Ms de Ville's affidavit had little or no bearing on my decision to grant the relief sought on 20 August 2014. They were certainly not matters of substance in the decision-making process. 93 Fifthly, the respondents submitted that the applicants should have informed the Court that Mr Mann's conduct was in contravention of the law. 94 It remains to be established whether Mr Mann did contravene the law as alleged. The proposition is not self-evident. If it were, it beggars belief that the respondents would not have raised the matter at the first opportunity after receiving Ms de Ville's affidavit, let alone have consented to the orders that were made on 22 August or filed affidavits in early September, affidavits that raised no suggestion of illegality on Mr Mann's part. The proposition is also hotly contested. The applicants maintained that Mr Mann was acting in conformity with his employer's contractual rights and obligations and that there has been no illegal conduct. 95 It is unnecessary for the question to be resolved at this point for there is no evidence to indicate that Ms de Ville was aware that Mr Mann had acted unlawfully and during cross-examination it was never suggested to her that she was. Neither was it suggested that the applicants' lawyers were culpable in this or any respect. 96 The sixth and final matter the respondents complained about relates to a particular aspect of Mr Mann's conduct. They submitted: Ms de Ville referred in her first affidavit to a file list being obtained 'as part of' the reverse synchronisation process, but only discloses in her second affidavit that Mr Mann also downloaded a number of files from the third-party server, although she emphasises that he 'deleted all files (and partial files) that had been transferred to the "destination" without any person viewing, opening or modifying them'. (Citations omitted.) 97 In the course of describing in more detail the reverse synchronisation process Ms de Ville discussed in her first affidavit, in her second affidavit she stated that the process which generated the file list also started the synchronisation process which caused the transfer of files from the source to the destination. In other words, as the applicants put it, the process of obtaining the file list started the file download process. While this was not explicit in the first affidavit, it was perhaps implicit. It is by no means apparent, however, that Ms de Ville (or any of the applicants' legal representatives) was aware of this until after the ex parte hearing. Given the evidence that the files that were transferred during this process were deleted without anyone "viewing, opening or modifying them", I fail to see how the omission to make this clear in the first affidavit or at the ex parte hearing could constitute a material non-disclosure.

If so, how should the discretion be exercised? 98 In any event, I would decline to set aside the orders for discretionary reasons. 99 First, even if any or all of these matters should have been disclosed, I am not persuaded that the applicants' omission to do so was actuated by a deliberate attempt to mislead the Court. 100 Secondly, there was not merely acquiescence to the 20 August orders, but the respondents consented to orders of a similar kind on 22 August. 101 The respondents submitted that "this [was] not a complete answer" to their application to set aside the orders made on 22 August because "[t]he consent of the respondents to those orders was obtained in circumstances where the respondents had be[en] given less than a day to review the material put forward in support of the orders … and in circumstances where that same material had supported the Court in making the orders of 20 August 2014". 102 The difficulty with this submission is that the respondents had no obligation to consent. They had a choice. There was no suggestion that the applicants had procured their consent improperly or that any pressure had been applied. Had they needed more time to consider their position, they only needed to ask for it. The only rational inference available is that their consent was freely given. That they gave their consent strongly indicates that they did not believe Mr Mann's conduct was unlawful, a matter which detracts from the respondents' submission that the applicants should have known that it was. 103 Thirdly, for the most part there is no apparent utility in setting aside the orders. 104 The orders made on 20 August are, as the applicants put it, spent. They expired on 22 August. It would therefore be futile to discharge those orders. If an application of that kind were to be made it should have been made on or before the first return date. The third order made on 22 August is also spent. The applicants consent to order 2 being vacated and substituted by an undertaking (without admissions) in the following terms: (1) Should any respondent become aware of the existence of a Confidential Document in their possession or control, they will promptly cause that document, and any copies in their possession or control, to be given to the solicitor for the respondents on instructions to be kept confidential pending further order of the Court. (2) Each of the respondents, whether by themselves, their servants, their agents or otherwise, will not reproduce, publish, communicate to the public, or make an adaptation of any Copied Document (other than for the purposes of this proceeding). In these undertakings the following terms have the following meanings: "Copied Documents" means a document: (a) copied or taken from one or more of the applicants by or for any of the respondents the copyright in which is or appears to be owned or exclusively licensed to any of the applicants; and (b) a document comprising a reproduction of a substantial part of any document in paragraph (a); but (c) does not include any document that only contains personal information of any of the second to fourth respondents and does not relate to any of the second to fourth respondents' employment with any of the applicants. "document" includes: (a) any record of information mentioned in the definition of document in Part 1 of the Dictionary to the Evidence Act 1995 (Cth); and (b) any other material, data or information stored or recorded by mechanical or electronic means. "Confidential Document" means a document: (a) created on or before 20 August 2014 that contains information that is, or appears to be, confidential to any of the applicants; or (b) that is derived from confidential information in a document referred to in paragraph (a). 105 The respondents are agreeable to this course, provided that the undertaking is made until trial or further order and that the applicants giving the usual undertaking as to damages. These conditions are reasonable. I will therefore vacate order 2 and substitute the order proposed by the applicants subject to those two conditions. 106 In J C Techforce Pty Ltd v Pearce (1996) 138 ALR 522 at 529-30 Branson J declined to accede to an application to set aside an order obtained ex parte. Her Honour said: The jurisdiction of the court to set aside the order is a discretionary one. A significant factor telling against the exercise of the discretion in this case is the failure of the respondents to identify any utility which would result from the setting aside of the order. Another factor telling against the exercise of the discretion is the delay which has attended the making of the application. Complaints of the type which have been advanced in support of the orders sought by the notice of motion ought to be advanced promptly upon the grounds of complaint being seen to arise. In this case such complaints were not raised for three months after the execution of the order. During that three-month period the parties attended before this court by their respective legal representatives on four separate occasions. 107 Those remarks apply with equal force in the present case. Save for an argument that setting aside the orders would likely be an important consideration in the ultimate adjudication of costs, the respondents did not identify any utility which would result from the setting aside of the orders. There was a delay of nearly two months which attended the making of their interlocutory application. While there were two court appearances in the meantime, on three other occasions the Court made orders by consent in chambers. The respondents apparently complied with the 22 August 2014 orders without any suggestion, let alone complaint, that there was any irregularity in the procuring of evidence to support the ex parte orders.

Conclusion 108 The application for a ruling under s 192A is precipitate. There is no sufficient basis to order summary dismissal of the proceeding or part thereof. Upon the respondents giving the agreed undertaking, order 2 of the orders made on 22 August 2014 will be vacated. Otherwise the respondents' interlocutory application should be dismissed with costs. In these circumstances, it is appropriate to require the respondents to file their defences. I will make an order to this effect. I certify that the preceding one hundred and eight (108) numbered paragraphs are a true copy of the Reasons for Judgment herein of the Honourable Justice Katzmann.

Crimes Act 1900(NSW)ss 308A, 308H

At a glance

Court

Decision date

Before

Source

Judgment (19 paragraphs)

Parties

Legislation Cited (5)

Cases Cited (12)

Cited By (4)