United States ex rel. McGrath v. Microsemi Corp.

• Decision Date: 30 September 2015
• Docket Number: No. CV–13–00864–PHX–DJH,CV–13–00864–PHX–DJH
• Citation: 140 F.Supp.3d 885
• Parties: United States of America ex rel. Mark McGrath, Relator, v. Microsemi Corporation, et al., Defendants.
• Court: U.S. District Court — District of Arizona

140 F.Supp.3d 885

United States of America ex rel. Mark McGrath, Relator,

v.Microsemi Corporation, et al., Defendants.

No. CV–13–00864–PHX–DJH

United States District Court, D. Arizona.

Signed September 30, 2015

Andrew S. Friedman, Bonnett Fairbourn Friedman & Balint PC, Phoenix, AZ, Catherine C. Jobe, Samuel L Boyd, Boyd & Associates PC, Dallas, TX, for Relator.

Anne Michelle Chapman, David B. Rosenbaum, Osborn Maledon PA, Phoenix, AZ, Jeffrey H. Reeves, Sean S Twomey, Gibson Dunn & Crutcher LLP, Irvine, CA, James L. Zelenay, Jr., Gibson Dunn & Crutcher LLP, Los Angeles, CA, for Defendants.

ORDER

DIANE J. HUMETEWA

, District Judge

Pending before the Court is a Motion to Dismiss Relator's First Amended Complaint ("AC") with prejudice by defendants Microsemi Corporation and White Electronic Designs Corporation ("WEDC") (Doc. 34) pursuant to Fed. R. Civ. P. 12(b)(6)

and Fed. R. Civ.P. 9(b).¹

I. Background

A. Procedural

On April 29, 2013, Relator Mark McGrath commenced this action against Defendants in the name of the United States Government pursuant to the False Claims Act ("FCA"), 31 U.S.C. § 3729 et seq.

After twice extending the seal at the behest of the government, the Honorable Neil V. Wake, to whom this case was previously assigned, ordered that Relator to "be prepared to actively prosecute this case beginning March 1, 2014, if the Government does not intervene by then." Ord. (Doc. 17) at 1:22–24. As that order also required, on February 28, 2014, the government notified the Court that it would not be intervening. Not. (Doc. 18). A few days later, on March 3, 2014, Relator filed his First Amended Complaint ("AC") (Doc. 19), and on March 11, 2014, Judge Wake ordered that the case be unsealed. Ord. (Doc. 22). However, on May 23, 2014, Judge Wake subsequently ordered the resealing of the complaint, the AC and their respective attachments all be resealed. Ord. (Doc. 37). Therefore, all cites to the complaint herein are to the redacted version (Doc. 38).

B. Factual²

Stripped of its rhetoric and hyperbole, the AC alleges as follows. Relator was employed with WEDC from June 2009 to May 2011. AC (Doc. 38) at 4, ¶ 1. Defendant WEDC "develops and manufactures microelectronic and display components and systems for high technology products used in military and commercial markets." (Id. at 9, ¶ 5). Some of those technologies are "protected from disclosure or export to foreign persons ... by the federal International Traffic in Arms Regulation ("ITAR"),³ 22 C.F.R. §§ 120–130, promulgated pursuant to the Arms Export Control Act ("AECA"), ... and Export Administration Regulations ("EAR"), 15 C.F.R. §§ 730–774 [.]" (Id. ) (footnote added). "A small percentage of Microsemi's products are specifically designed for defense applications and are therefore ITAR–controlled." Decl'n (Doc. 34–1) at 8. Similarly, Defendant Microsemi, with employees world-wide, manufactures a wide range of high technology products for use in a variety of markets, such as aerospace, defense and communications. AC (Doc. 38) at 5, ¶ 4. In May 2010, Microsemi completed its acquisition of WEDC, with the latter becoming a wholly owned subsidiary of the former. (Id. at 4–5, ¶ 3). After this acquisition, Relator was "in charge of the information technology [ ("IT") ] team." (Id. at 4, ¶ 1).

During the acquisition process, some discussion ensued between Microsemi and WEDC given what Relator describes as "the extensive use of ITA documents throughout WEDC's computer network." AC (Doc. 38) at 22, ¶ 27. Microsemi informed Relator that it was "fully-versed in ITAR" due to having a "lot of facilities that perform ITAR–related work[.]" (Id. ) Nonetheless, Relator and his IT team became concerned about possible ITAR violations. (Id. at 22, ¶ 28). Both WEDC and Microsemi had their own separate "SharePoint" platforms. (Id. at 23, ¶ 29). "SharePoint is a widely used browser-based collaboration and document management platform from Microsoft." (Id. ). On May 24, 2010, Relator was informed that Microsemi was going to start migrating "WEDC servers and personal computers to Microsemi's network domain." (Id. at 23, ¶ 30). Also, WEDC was going to start routing all of its e-mails through Microsemi servers." (Id. ). On May 26, 2010, during a conference call with Microsemi, Relator expressed concern that if WEDC's "servers were migrated to Microsemi's network domain[,]" there was a risk of "unauthorized exposure" to WEDC's "ITAR–protected information[.]" (Id. at 24, ¶ 31). In July 2010, Relator continued to express concern to Microsemi "about data falling into unauthorized hands." (Id. at 24, ¶ 33).

Relator "learned[,]" in the fall of 2010, "that Microsemi domain administrators had access to all devices on the Microsemi domain and if unauthorized domain administrators in other countries or divisions had access to confidential data, it could easily be stolen without anyone knowing." AC (Doc. 38) at 26, 37. On October 5, 2010, Dan Tarantine, WEDC's President and General Manager, called Relator asking "about the status of WEDC ITAR documents and whether they were exposed to individuals in other facilities." (Id. at 27, ¶ 38). Relator answered in the affirmative, explaining that "WEDC was in the process of migrating its servers and computers to the Microsemi domain [,]" meaning "that all domain administrators would have access to all data on WEDC computers." (Id. ).

The next day, Relator had a face-to-face meeting with Mr. Tarantine and WEDC's Network Administrator "to discuss network vulnerability vis-a-vis ITAR documents as a result of migrating WEDC's system to the Microsemi domain." AC (Doc. 38) at 28, ¶ 39. During this meeting, Microsemi's General Manager was contacted to discuss this "potential exposure" issue and how Microsemi "might be mitigating [it]." (Id. at 28, ¶ 39). The WEDC employees advised Microsemi that they had been able to access the server of a Microsemi facility in California and were "easily" able to download some of its files. (Id. ). Additionally, servers in Ireland and Israel were accessible. (Id. ). Among other things, Microsemi's GM advised that he would be contacting that California facility's security officer, who had previously held an IT-related position. (Id. )

Shortly thereafter, several government agencies became involved. On October 7, 2010, Relator, WEDC's GM, Mr. Tarantine, and its Network Administrator, Mr. Luna, as well as Microsemi's Human Resources and Facility Security Officer, met with a Special Agent with the Federal Bureau of Investigation. This group informed the Special Agent of the allegedly "pervasive security breaches." AC (Doc. 38) at 28, ¶ 40. The next day, Relator and Messrs. Tarantine and Luna had another meeting. This time a Special Agent from the Defense Security Service ("DDS") was present, as well as representatives from the Department of Homeland Security and from Immigration and Customs Enforcement. (Id. at 29, ¶ 41). "The outcome was a decision that WEDC should continue operating as normal to allow time for" the Special Agent "to contact the State Department." (Id. )

Later in October 2010, a WEDC business analyst informed Relator that a firewall had been installed between WEDC and Microsemi. AC (Doc. 38) at 32, ¶ 47. Relator responded by sending an e-mail entitled " ‘Immediate Domain Separation Notification[.]’ " (Id. ) Relator cited ITAR violations as the reason for the " 'physical domain separation[.]" (Id. ) Microsemi was displeased, believing that Relator should have contacted it prior to commencing the domain separation. (Id. at 33, ¶ 50). And, in any event, Microsemi did not want to maintain more than one domain. (Id. at 34, ¶ 50).

As part of the ongoing governmental investigation, the decision was made to shut down WEDC's server "because the firewall was not sufficient to protect the data." AC (Doc. 38) at 34, ¶ 50. On October 25, 2010, Microsemi's Chief Executive Officer received an e-mail from DDS stating "that WEDC was to immediately start the physical domain separation process." (Id. at 35, ¶ 51). On that same date, the three foreign nationals who could potentially access ITAR–controlled information stored on Microsemi's United States systems, "were removed as domain administrators and given a lower access level [.]" Decl'n, exh. 2 (Doc. 34–1) at 9.

By letter dated November 11, 2010, pursuant to 22 C.F.R. § 127.12(c)

, Microsemi submitted an "Initial Notification of Voluntary Disclosure of Microsemi[ ]: Relating to possible Access to Technical Data by foreign nationals[.]" Decl'n, exh. 1 (Doc. 34–1) at 4; see also AC (Doc. 38) at 17, ¶ 21. Microsemi provided this notification to the Office of Defense Trade Controls Compliance ("DTCC"). Microsemi informed DTCC of a "possible gap in IT systems that may have enabled there foreign national employees from Ireland, Israel and the United Kingdom to gain access to servers that contain ITAR–controlled information without authorization from [DDTC]." (Id. ) (emphasis added). Microsemi further informed DTCC that it had "no reason to believe that violations involved proscribed countries or nationals from proscribed countries occurred, or that any foreign national actually accessed ITAR–controlled data, or that any ‘deemed export’ occurred with respect to such data." (Id. ). After "conducting a full review of ITARrelated activities and [Microsemi's] IT systems[,]" Microsemi indicated that it would be submitting a complete report "consistent with the requirements of Section 127.12." (Id. ).

In a February 15, 2011 letter, Microsemi supplemented its initial notification to DTCC. In submitting this "voluntary disclosure of possible inadvertent [ITAR] violations[,]" Microsemi confirmed that due to an "IT gap[,] ... three foreign national IT employees located outside the United States ..., had access to serves in the United States that contain ITAR–controlled information." Decl'n, exh. 2 (Doc. 34–1) at 7. Microsemi informed the DTCC that "[b]ecause of their status as domain administrators on [i...