On June 8, 2020, Lynwood Investments CY Limited brought a lawsuit in the Northern District of California against various NGINX entities, various individuals, Runa Capital, E.venture Capital Partners II, LLC and F5 Networks, Inc., alleging the improper release and subsequent use of the popular open source software NGINX (pronounced “EngineX”), as part of a conspiracy to misappropriate corporate assets. All of the following is according to the complaint:
The NGINX software was developed primarily by Igor Sysoev, who is named as a defendant in the complaint, while he was employed at Rambler Internet Holdings LLC (“Rambler”), a Russian entity. (The plaintiff in the lawsuit, Lynwood, is an assignee of Rambler.) Sysoev also developed a commercial extension called NGINX Plus. This development was done in the course of employment and using Rambler resources. Rambler alleges that it owned the software by virtue of the work-made-for-hire doctrine (albeit its Russian equivalent).
Sysoev was employed by Rambler from 2000 until 2011. NGINX software was first developed in 2001, and released in 2004 under the BSD license. For the next seven years, Sysoev continued to be the primary author of NGINX code, making commits during what the complaint describes as “business hours.”
Sysoev’s supervisor was Rambler’s CTO, Maxim Konavolov. The complaint states, “Konovalov’s key senior management position at Rambler enabled him to provide Sysoev beginning in 2008 with an ecosystem within Rambler that was free from oversight or accountability.”
The complaint goes on to say, “Even though Konovalov and the rest of the Disloyal Employees were fixated on misappropriating the NGINX Enterprise, which they viewed as a highly valuable business, Konovalov uniformly gave the NGINX Software a rating of “1” on a scale of “1-5” with “1” being deemed “worthless” or “no value.” Konovalov’s designations were designed to … lull Rambler into complacency with respect to the value of the NGINX Software” and to avoid “any serious oversight by Rambler’s senior management or board of directors.”
While still employed at Rambler, Sysoev, with Konavolov and several other colleagues, formed a new company called NGINX, Inc., and obtained financing from defendants Runa Capital and E.Venture Capital (then, BV Capital). The complaint alleges that Runa Capital and E.Venture “knew … that Rambler maintained the ownership rights to the NGINX Software” but nevertheless “assisted and encouraged Sysoev and Konovalov while they were still employees at Rambler, to breach their duties to Rambler … for the benefit of the fledgling business that Sysoev and Konovalov were forming.” The complaint makes much of a trademark application filed by NGINX, Inc. on its first day of incorporation claiming first use of NGINX in commerce in commerce on March 1, 2011, a date on which the team were still employed at Rambler.
The funding of the new entity was not without its challenges. “Greycroft pulled out of the closing because its concerns over Rambler’s ownership of the NGINX Software…. In contrast, Runa Capital and BV Capital went forward and closed on the Series A financing on or about October 23, 2011 after conducting their own due diligence, with full knowledge that Rambler was the legal owner of the entire NGINX Enterprise ….”
NGINX, Inc. was sold in 2019 for $670 million to F5 Networks, Inc., also named as a defendant. The complaint alleges that as a result of due diligence, “F5 was aware prior to the consummation of the merger that the conspirators had stolen the NGINX Enterprise from Rambler…”
Rambler and Lynwood learned of the defendants’ alleged conspiracy when a whistleblower provided evidence to them.
This complaint, which alleges many claims including civil conspiracy, is long, complex, and makes for dramatic reading. It promises to be just the beginning of activity in this case. It was previously reported that Rambler was pursuing a criminal case in Russia based on the facts of this lawsuit, until Russian state lender Sberbank, which owns 46.5% of Rambler, exhorted Rambler’s board of directors to stop the pursuit. Rambler apparently dropped the criminal case in late 2019, instead pursuing “negotiations” with F5.
This complaint describes a situation that is, unfortunately, becoming more common – developers have been known to write code on company time, release it under an open source license without proper authorization, and proceed to form a competing business leveraging the code, claiming the right to use the code under the open source license. In such cases, the question of authorization of the release is often key, and points up the need for companies to have a formal open source release policy. But the level of misdoing alleged in this complaint is unusual, reaching up to the CTO level. The complaint is also interesting in that it names the venture investors and buyers of NGINX, Inc. – an unusual move that seeks to circumvent the corporate veil. That is a troubling development for companies contemplating due diligence on potential investments and acquisitions.
