Computer Forensics and E-Discovery Blog : Computer Forensics & E-Discovery Specialist : Electronic Evidence Retrieval L.L.C. : Data Recovery, Hard Drive Retrieval, Deleted Files : New Orleans, Louisiana

In the last 12 months, I have had three cases that I've labeled as "I didn't get the email" (IDGTE) cases.  It is often my role to help a judge or jury understand how email sent from one party  to another might not get delivered.  There are obvious reasons such as being removed by a SPAM filter.  However in most systems, you can see what file(s) the SPAM filter removed.  Thus, the recipient can figure out what happened.

But there are so-called silent lost email messages in which neither party is notified of the delivery failure and, in general, we never know what caused the failure.

 "Addressing Email Loss with SureMail: Measurement, Design, and Evaluation" measures such silent loss as approximately  0.71% to 1.02%.

This article caught my attention because most of the material that I have found on lost emails is aimed at bulk mailers, a far different situation than email between friends or business parties. I believe that the number IDGTE cases will continue to rise.  I'd like to hear from anyone who knows about  IDGTE cases.  I'm collecting a library of them.

Questions and comments are welcome.

• Email This
• Print
• Comments & Questions
• Trackbacks

Jason R. Baron wrote a guest blog,  DESI, Sedona and Barcelona, in Ralph Losey's blog e-Discovery Team.  In the blog, Jason Reports from the DESI III Global E-Discovery/E-Disclosure Workshop at ICAIL 2009 and The Sedona Conference® International Programme on Cross Border E-Discovery and Privacy.   He reports on many of the individual presentations and has some great links.

Jason reports  a familiar refrain, being prepared for the Rule 26 "meet and confer" and his interesting study on "asymmetric preparation" for the meeting.  He also discusses the use of testing e-discovery plans before launching full fledged e-discovery, a procedure similar to Judge Shira Scheindlin’s "Rolling Discovery" that I reported on previously.

Another trend among the presentations was the use of clustering techniques reduce the size of the ESI that has to be reviewed.

What encouraged me most about these conferences is the genuine sharing of researchers with practitioners-attorneys.  From my experience of 40 years in academe, I know that such collaborations between theoretical research and practitioner are not a given.

I'm interested in hearing from attorneys who have been through an e-discovery case.  What worked?  What didn't work?  What will you do differently next time?

• Email This
• Print
• Comments & Questions
• Trackbacks

My last post  highlighted an observation by Judge Shira Scheindlin’s, judge in the seminal Zubulake v UBS Warburg, in a podcast with Ralph Losey, attorney and frequent e-discovery blogger.

Both have wise and thoughtful comments on both e-discovery and legal education. However, Judge Scheindlin introduced one idea that is, I believe, so important as to merit an entire discussion by itself.

In expressing concerns about the cost of e‑discovery being used as a bludgeon to force defendants to settlements in order to avoid the costs of e-discovery, she advocates “rolling discovery.”

And I know there’s been a fear, I hear it all the time in The Bar, that the cost of e-discovery is shifting the ground in terms of the ability to extort settlements. But I do think … that there is no need to try and find every piece of relevant email, but you should instead scale your search. We should be thinking in terms of rolling productions in a series. Let’s start off – let’s see what we can get in an economical manner and produce that first, and then come back with secondary, more focused discovery. Because, you know, I don’t think you should have to spend a million dollars to find electronic evidence if the case is two million. I think that’s where you go immediately for protection and do not allow yourself to be extorted.

I used to do human factors research.   We often had questionnaires for subjects to complete or had materials subjects had to manipulate. Before we started the study, we tried the materials out on ourselves, graduate students, and teaching assistants. We used the testing to identify typos, confusing instructions, or a missing step. If we were trying to get funding for the study, we would do a small study, called a pilot study, which we used to show agencies as proof of concept.

Rolling discovery has the same concept. A smaller initial discovery request would test the search terms and criteria. It could be used to develop a realistic estimate of the eventual costs and could let attorneys begin their review earlier in the production process. It could verify an argument of some materials not being “reasonably accessible” as provided in the e-discovery amendments to the FRCP.

A question to my readers: What would have to change in order to implement a rolling discovery process? What are the obstacles to a rolling discovery procedure?

• Email This
• Print
• Comments & Questions
• Trackbacks

Shira A. Scheindlin is a United States District Court judge for the Southern District of New York and she presided over the pivotal e-discovery case Zubulake vs. UBS Warburg. Her rulings, known as Zubulake 1 through 5 set presidents for the practice of e-discovery.    Ralph Losey is an attorney and frequent blogger on e-discovery.  

Judge Scheindlin and Ralph recently participated in a podcast focusing on e-discovery education. Judge Scheindlin included several observations about the state of e-discovery; however, her comments on the state of, and future of, e-discovery are insightful. Speaking of the future of e-discovery, she said:

We used to say there’s e-discovery as if it was a subset of all discovery.  But now there’s no other discovery. [Emphasis added.]

As an e-discovery expert, I’ve had countless attorneys and even some judges argue that e-discovery is one of the worst ideas any litigator every heard of—that e-discovery is not needed. I’ve heard attorneys tell me that they have agreed with opposing counsel that a particular case does not “need” e-discovery. [More about that in another posting!]

Since 90 % of new communication is said to be done electronically, I’m certain that she is correct in judging the pervasiveness of e-discovery in future litigation. I’m sending copies of her remarks to a bunch of the attorneys I know who share the attitude that they can ignore e-discovery if they wish. 

I welcome questions and comments. 

• Email This
• Print
• Comments & Questions
• Trackbacks

I came across a prognostication from Mary Mack, Corporate Technology Counsel at Fios. She offers 20 predictions re e-discovery for 2009. Some are funny and some are scary. I will be discussing several of them in future posts, but for now, they are well worth reading.

1. White collar defendants will be sunk by criminal e-discovery evidence rules created by case law involving drug dealers and child pornographers.
2. The financial crisis will increase the volume of e-discovery in bankruptcy courts and cause such a backlog with the magistrate judges that the use of special masters and mediators will double or triple.
3. In the wake of the financial crisis, law firms, IT departments and corporate legal departments will create a surfeit of top e-discovery talent as layoff by machete takes hold.
4. Credit-constrained vendors and service providers will not be able to scale on demand and will cut corners on redundancy and backup that will severely impact a client's case.
5. Software as a Service will start gaining inroads due to lack of credit and a reluctance to make capital purchases.
6. Laid-off financial services professionals will join review teams to troll through instant messaging.
7. A major government official, board member, officer or partner will be held personally responsible for e-discovery spoliation or obstruction.
8. Key cases will be used liberally: Lorraine will be used to challenge authenticity and admissibility; the Qualcomm CREDO will be issued; and Mancia, American Home Products and Qualcomm will be used to determine whether sanctions apply.
9. Family law will bring e-discovery to the state level, keeping solo forensics practitioners fully engaged.
10. A magistrate judge will get so frustrated he or she will write a sanctions opinion with the words "COOPERATION PROCLAMATION" in all caps.
11. There will be many more law schools offering e-discovery courses for credit.
12. e-Discovery providers will discover diversity and alternative billing.
13. There will be a dramatic increase in international e-discovery (e-disclosure) requirements due to the financial crisis, arbitration, class actions and competition law.
14. The number of practitioners sporting "Technology Counsel" titles will triple.
15. The federal government will create an e-discovery response team in reaction to the recent White House archiving and SEC email issues.
16. Web 2.0 will start to emerge as the next technical/legal challenge (dynamic, multi-company content).
17. e-Discovery attorneys and providers will do more case-level pro bono work, supplementing educational and rule-making activities.
18. SOX guidelines will be applied to the legal hold process.
19. Insurance providers will get involved earlier and more visibly in the e-discovery process.
20. Law firms will be sanctioned for not having their own e-discovery houses in order.

  I'd certainly be interested in any predictions my readers have.

• Email This
• Print
• Comments & Questions
• Trackbacks

I’m always on the lookout for good templates for e-discovery documents and orders. In Star, Inc. v. QFA Royalties LLC, No. 07-cv-02223-WYD-CBS (D. Colo. Filed Oct. 10, 2007), Magistrate Judge Craig B. Shaffer issues an excellent e-discovery order. In it, he calls for an E-discovery Liaison.

To promote communication and cooperation between the parties, each party shall designate a single individual through whom all e-discovery requests and responses are made (“the e-discovery liaison”).

Judge Shaffer specifies that each E-discovery Liaison must be:

a. familiar with the party’s electronic systems and capabilities in order to explain these systems and answer relevant questions;

b. knowledgeable about the technical aspects of e-discovery, including electronic document storage, organization, and format issues;

c. prepared to participate in e-discovery dispute resolutions; and,

d. responsible for organizing the party’s e-discovery efforts to insure consistency and thoroughness and, generally, to facilitate the e-discovery process.

In the remainder of the order, he addresses many of the topics I have been discussing: searching strategy, timing, the format of the production (including metadata), document retention and preservation (AKA Litigation Hold), privilege, and costs. 

Questions and comments are welcome. In particular, I’d like to know of any other model orders, letters, and other forms for e-discovery.

• Email This
• Print
• Comments & Questions
• Trackbacks

Koosharem Corp. v. Spec Personnel, LLC, 2008 WL 4458864 (D.S.C. Sept. 29, 2008) has a well known “story line” but is very interesting in two respects. 

Kenneth Fuston was a former employee of Koosharem who left to join SpecPersonnel. The plaintiff alleged that Fuston took confidential information, used it to hire some 20 of the plaintiff’s employees, and started a business in direct competition with the plaintiff.

The court ordered that the Fuston produce to produce emails between himself and any current or past employee of either company from both his home and work computer. He produced 1,936 pages of email, however

Plaintiffs noted several problems with defendants’ original production.  Notably, all of the emails produced reflected the date compiled rather than the date received or sent, several emails allegedly retrieved from Trevor Doyle did not have Doyle listed as a sender or recipient, and many emails were missing their attachments.  These irregularities, plaintiffs argued, called the authenticity of the documents into question.  Plaintiffs also argued that documents were modified even after notice of litigation and that defendants made no document retention efforts after the lawsuit was filed.  Specifically in support of production of home computers, plaintiffs argued that defendants’ new hires were not immediately provided with a company email account and thus conducted work from home computers and personal email accounts.  Also, according to the plaintiffs, former employees emailed confidential information to their homes before going to work for defendants.

The court granted the second motion to compel and required forensic inspection of, not only the defendant’s home and work computers, but also those of the employees who left Koosharem and went to SpecPersonnal.

I’m frequently asked for samples of various documents needed in e-discovery, for example, a litigation hold letter. In issuing his order in this case, Judge William M. Catoe included a detailed, 20-step protocol for conducting the forensic analysis. He includes a time line as well. It is excellent and I recommend it to anyone looking for a template for an expert examination of ESI devices.

Secondly, note that the home computers of the plaintiff’s ex-employees’ were subjected to forensic analysis. More and more I find myself recommending that you keep your personal and business communication and data strictly separated. I understand the convenience of sending a personal email from a work machine in the middle of a busy day (or sending a business email from a personal account at night), but as I see more cases in which inspection of personal, home computers is compelled, I’m beginning to think the risks are too high.  

• Email This
• Print
• Comments & Questions
• Trackbacks

I came across several interesting items this week so this post is going to be about a variety of things. 

The Round Table Group, an expert services firm, approached me about writing an article for their newsletter. They wanted something different. I ended up writing about some actual scenarios from my practice. Although it was written for the Round Table Group’s clients, “Threading the E-Discovery Maze” is available publically.

IMS Services is another expert placement firm. Their latest newsletter, written by frequent blogger Robert Ambrogi, has an excellent compendium of e-discovery resources. He includes reading materials, blogs, and vendors. 

Recently President Bush signed into law Rule 502, an addition to the rules of evidence. I found an excellent discussion of it at Law.com: “How Rule 502 Affects Lawyers and E-Discovery.”

My expert reports often contain drawings, diagrams, and screen shots. That means they get too large to email. There are a number of web sites that enable you to send large files securely through their website. Robin Good has a list of four such sites along with definitions and range of services. Typically, they work by uploading your material to their website and sending an email to the recipient with a link to download. Some allow you to store materials for a substantial period of time, making them great for collaboration or working away from the office.  Obviously, if you have an ftp site (a technique for transferring files over the Internet), you do not need such services, but many small firms don't.

On July 1, a number of amendments to the rules of civil procedure went into effect in Ohio. According to the Ohio Supreme Court’s press release, key amendments include:

clarifying that issues related to electronically stored information are appropriate topics for resolution during pretrial conferences; clarifying that discovery of electronically stored information is permitted; amending to provide factors a judge should consider in determining sanctions when a party has destroyed potentially relevant electronically stored information; and specifying that a subpoena may be used to obtain electronically stored information from nonparties.

That reminded me that many states are making changes to their state version of the rules of civil procedure. Here is an updated list of the status of e-discovery rule changes in each state.

Ken Withers is Director of Judicial Education and Content for The Sedona Conference®, an Arizona-based non-profit law and policy think-tank which has been on the forefront of issues involving complex litigation, intellectual property and antitrust law.    His thoughtful upcoming article for the San Diego Lawyer Magazine is titled “E-Discovery and the Combative Legal Culture: Finding A Way Out of Purgatory” and proposes a more collaborative relationship between opposing counsel. He gives examples of the explosion of e-discovery and discusses moving beyond the adversarial legal culture. He argues “cooperative discovery” is a means of controlling e-discovery costs.  I’ve had some cases in which the opposing counsel cooperated with each other and some in which the definitely did not. And I can tell you from my perspective, cooperation is better. 

I'd be interested to hear from attorneys what their experience is with cooperative discovery and whether they think it has a chance.

• Email This
• Print
• Comments & Questions
• Trackbacks

  I had a client that was a small company. They were embroiled in some bitter litigation with an ex-partner who was demanding some Electronically Stored Information (ESI) as of the date of the dissolution of the company. Helping them respond to the discovery request taught them a lot about their handling of their ESI.

While discussing their situation, the owner marveled at how much he had learned in this process. He volunteered that he would now start counseling his own clients about their ESI quite differently! So I’m taking today’s blog as an opportunity to pass on to you some of my client’s new-found wisdom concerning ESI.

What should an organization do about ESI when an employee leaves? It’s natural to want to reuse the desktop and laptop computers. However, just passing them on to another employee is fraught with danger. There may be personal information, “remembered” passwords, and confidential information the new owner should not have access to. Worse still, there may be evidence of questionable web surfing activity. 

One might think the easiest solution to this is to erase the hard drive and build a new one. However, I have seen a number of suits filed after an employee has left and employers no longer had valuable evidence that could have helped their defense. Here is my advice: Preserve the ESI on the ex-employee’s drives. Create an inventory of what is on the drives.  A simple “print directory” program will work; there is no need for a full forensic image. Remove the drives and replace them with new ones. Store them in antistatic packaging and in a secure location for at least 3 years. This way, if you are ever faced with litigation, you have preserved the ESI and you know its location and content, as required by the e-discovery amendments.

Does this cost? Yes, the new drive and the work of installing and building the new system cost. But I think my client would assure that those costs are negligible “insurance” compared to the level of costs in having to try to reconstruct it years later!

Does the ex-employee have files stored on an office server? Email on a mail server? Are there backup tapes of the employee’s data, on their PC and/or on the servers? My advice concerning ESI on servers mirrors that for desktop and laptop computers. Inventory and archive a copy of all their server files. Delete any personal files to free up space on the server. 

Organizations face other changes that impact ESI, such as migrating to a new server. Prior to taking such actions, the organization should make a complete backup of the current server and place in safe storage. This backup should not go into a regular backup rotation procedure (since such tapes may soon be reused), but kept separate.

Computer storage has become, relatively speaking, cheap. Given the e-discovery amendments’ emphasis on preservation of evidence and the increasing number of cases involving ESI, preserving ex-employees’ hard drives intact makes good economic and litigation sense.

• Email This
• Print
• Comments & Questions
• Trackbacks

Dennis Kennedy writing for the ABA Journal Magazine was clearly thinking about hurricanes Gustav and Ike, as I was in my last post.  His excellent article, "Master Your Disasters," discusses backup and disaster recovery in general. He also makes a case for using one of the many online backup services. I especially recommend his article because he discusses specific services, including some free ones, and techniques. And, like any good attorney, he poses questions and urges his colleagues to do their own due diligence.

• Email This
• Print
• Comments & Questions
• Trackbacks

Starting today, I am a judge in the Equivio Case Studies Contest. Equivio provides “near-duplicate” and “email thread” analysis on collections of electronic documents. Equivio users are invited to submit case studies of their use of Equivio. There are some lavish prizes; it is too bad the judges cannot win any of them. Submitting a case study is easy and short.   The contest runs through September 30.

In the wake of hurricanes Gustav (in the picture) and Ike, my thoughts turned to backups, disaster recovery plans, and such. I evacuated for Gustav and still haven’t unpacked all the boxes of paper files-and yes, I do still have paper files. I love my web-based automated backup service for the electronic files; it even sent me email when it hadn’t heard from my desktop computer for 5 days during the evacuation!

I get frequent calls from folks whose computer has just crashed and they need help in getting their data back. I try to be gentle when I ask about backups.  At least once a year the answer I get is “We have a backup. But it won’t load; the loader says it is corrupted.” A oversaw computer operations for more than 20 years and never tested my backup or disaster recovery system. Now I do!

• Email This
• Print
• Comments & Questions
• Trackbacks

White v. Graceland Coll. Ctr. for Prof’l Dev. & Lifelong Learning, Inc., 2008 WL 3271924 (D. Kan. Aug. 7, 2008) is a case I’ve been waiting for.

From a practitioners view point, I think the form in which ESI is produced is key in managing an e-discovery case. The form of ESI means the format and application that can process that format. Common forms are Microsoft Office documents such as Word (.doc) documents, Excel (.xls) spreadsheets, and PowerPoint (.ppt) presentations. Adobe’s Portable Document Format (.pdf)  is also popular, in part because Adobe makes reader for the format free to the public. (It is interesting to note that the .pdf format contains substantially less internal metadata than Microsoft Word files do.) The Tagged Image File Format, .tiff, was created in an attempt to bring standardization to scanners, but is now widely seen in scanning, optical character recognition, and faxing applications.

In discussing the form of ESI production, we also speak of native format. By that we mean the form in which documents were originally created, edited, and stored. Thus the native format for Word documents are the .doc files, as opposed to the Acrobat .pdf format to which a Word document can be converted. 

There are numerous tools and techniques available for investigating discovery production when it is in electronic, searchable forms. I know attorneys who say they prefer the traditional paper production, but when we start talking about terabytes of data, that is a warehouse full of paper documents! 

The e-discovery amendments to the Federal Rules of Civil Procedure allow the requesting party to specify the form in which the ESI is to be produced. If the requester fails to do so, the producer is directed to disclose the forms it will use. If the parties cannot agree on the form, they may have to confer with the court. The rules allow the producer to transform the ESI into a “reasonably usable” alternate form, however, the amendments are clear that if the ESI is searchable by the producer, it must be searchable by the requester. The Committee Notes that accompany the amendments warn “[the] option to produce in a reasonably usable form does not mean that a responding party is free to convert [ESI] from the form in which it is ordinarily maintained to a different form that makes it more difficult or burdensome for the requesting party to use the information efficiently in the litigation," and that "[i]f the responding party ordinarily maintains the information it is producing in a way that makes it searchable by electronic means, the information should not be produced in a form that removes or significantly degrades this feature." [Emphasis added.]

In the White case, the plaintiff called for certain documents including emails and attachments. In producing emails and attachments, the defendant forwarded the emails to an administrative assistant who then converted them into Adobe .pdf format. Those documents were then printed and provided to the plaintiff in paper form.

The court ruled that the emails and attachments were not produced in a “reasonably usable” form and that the plaintiff was entitled to them in native form with their metadata intact. U.S. Magistrate Judge David Waxse went on to say

The Court notes that this discovery dispute is an example of one which the re-production of discovery could have been altogether avoided had the parties adequately conferred at their Fed. R. Civ. P. 26(f) conference regarding production of electronically stored information ("ESI").  While not all disputes regarding discovery of ESI can be prevented by early efforts by counsel to investigate and consider the possible forms discovery may be produced, many disputes could be managed and avoided altogether by discussing the issue before requests for production are served.  Guideline 4(f) of the Guidelines of Discovery of Electronically Stored Information, available on the District of Kansas' website, specifically mentions that during the Fed. R. Civ. P. 26(f) conference, counsel should attempt to agree on the format and media to be used in the production of the ESI. [Emphasis added.]

While the point of this blog post is the importance of addressing the form of ESI production, I couldn’t help including the plug for adequate preparation for, and participation in, the Rules 26 conference.

• Email This
• Print
• Comments & Questions
• Trackbacks

The Fortiva Blog has an excellent discussion of 2006 Phoenix Four v Strategic Resources. In this case, which is also adding to the ongoing discussions on ethics, the court faulted defendant's counsel for not being proactive in searching for relevant ESI and called them “grossly negligent.”

The 2006 Phoenix Four Inc v. Strategic Resources Corp., decision indicates that counsel has a duty to be proactive regarding their client’s e-discovery.  In this case, SRC Corp. had ceased operations and was evicted from its offices after the legal dispute had commenced.  As a result, during discovery they claimed that there were no computers or electronic records to search.

Although counsel had discussed with the defendants the need to locate and gather paper and electronic documents, it was still found that counsel had “failed in its obligation to locate and timely produce the evidence stored in the server that the Defendants had taken with them.” The court held the attorney responsible for not asking about hidden partitions in his client’s servers, where it turns out, is where most of the evidence was later found.

According to the judge in this case, counsel's obligation is not confined to a request for documents; the duty is to be proactive and search for sources of information.  The expectation was that counsel would undertake a more methodical survey of the Defendants’ sources of information, and not simply accept the defendants’ representation that, because it was no longer in operation, there were no computers or electronic collections to search. 

The judges [sic] expectations did not end there, however.  Counsel was also expected to have asked what had happened to the computers and whether information was stored on the server that the defendants had kept.  And, in the absence of a satisfactory answer to that question, counsel would have been expected to direct that a technician examine the server.  According to the court, this forensic effort is no different than questioning the information technology personnel of a live enterprise about how information is stored on the organization’s computer system, and is therefore considered part of counsel’s duty. 

The court found counsel's "deficiencies here to constitute gross negligence" and awarded monetary sanctions against counsel and client. [Emphasis added.]

I’ve written before about the expanded role of trial attorneys under the e-discovery amendments, but this one surprised me. I don’t know any attorney who would think to ask whether there whether there were hidden partitions on a server. 

I often recommended taking valid forensic images of computers and servers at the beginning of litigation, but not for that reason!  However, a forensic investigation of the server would have disclosed the hidden partition in this case.

I use a standardized questionnaire/interview to map out client’s ESI and I’m tempted to add a question about hidden partitions to it.  But anyone who would create a hidden partition to hide information probably wouldn’t tell me about it!  But as e-discovery case law unfolds, it remains clear that trial counsel’s role is expanding and includes a responsibility to be proactive in dealing with their client’s ESI—both understanding it and finding it.

• Email This
• Print
• Comments & Questions
• Trackbacks

The e-discovery amendments to the Federal Rules of Civil Procedure call for trial attorneys to be prepared to discuss any of their client’s Electronically Stored Information, ESI, that they expect to be a part of the case.  Rules 26.a.1 requires that detailed information about the owners, often called custodians, of ESI be prepared forthe Rule 26 "Meet and Confer".

In addition to the list of custodians, the rules require a description, by “category and location” of all ESI in the possession, custody, or control of the custodians.  This description is to be discussed at the Rule 26 conference.

Before these amendments, attorneys hoped to avoid e-discovery (and many still do!) and waited as long as they could to call me. I would get calls that something like this, “Discovery closes in two weeks and we think there are some electronic documents we need to get from the other side.” With the advent of the amendments, savvy attorneys know that they have to get started with e-discovery early. Judges are learning as well and don’t take it too well when counsel “blow off” the requirements of the Rule 26 “meet and confer.”

Mikron v Hurd, Mikron Industries Inc. v. Hurd Windows & Doors, Inc., 2008 WL 1805727 (W.D. Wash. Apr. 21, 2008), was a breach of contract case in which the defendants sought to shift the costs of e-discovery to the plaintiffs. Seattle District Court Judge Robert S. Lasnik ruled against the defendants on both procedural and substantive grounds. In stating the procedural grounds, Judge Lasnik wrote “the Court finds that defendants failed to discharge their meet and confer obligation in good faith, as required by Fed.R.Civ.P. 26(c). Accordingly, defendants' motion for protective order regarding ESI is DENIED for failure to comply with Rule 26(c).” [Emphasis added.]

What does this mean in real life? The e-discovery amendments are changing life for litigators, in more ways than one. The need to plan for e-discovery and prepare to have meaningful discussions of ESI with opposing counsel at the Rule 26 conference is real and here to stay.

My next few blogs will continue to discuss preparation for the Rule 26 conference. Questions about any of my topics are welcome as are reader comments.

• Email This
• Print
• Comments & Questions
• Trackbacks

Mark Fass has an excellent article on the divorce woes of Frank Moore. Ms. Moore filed for divorce citing cruel and inhuman treatment, including an extramarital affair. According to her attorney, she found "hundreds and hundreds of pages" of “really salacious instant message conversations” on a laptop computer Mr. Moore left in the trunk of a car. The parties disputed the ownership of the laptop: Ms. Moore saying it was used by the family and Mr. Moore saying it was issued by his employer for his use. Ms. Moore wanted to use these messages to support her claim. Mr. Moore argued that she had improperly seized his computer.

New York Supreme Court Justice Saralee Evans ruled that Ms. Moore had done nothing wrong and she cited the “filing cabinet” analogy put forth in Byrne v. Byrne, 168 Misc.2d 321. She went on to say “Ms. Moore's actions also did not constitute computer trespass or using a computer without authorization, as the files were on a readily accessible computer.”  The judged ruled that the laptop was subject to discovery.

Note that the messages were in plain sight and discovered by a casual user not extracted by a forensic specialist. Users of text messaging and email often seem to feel invisible, as if no one will know what they have written. I have seen some truly extraordinary sentiments put in email and text messages. I suggest you don’t email or text anything you wouldn’t want your mother or boss to read or to see written in lights in Time Square!

• Email This
• Print
• Comments & Questions
• Trackbacks

The ease at which data in the Information Age can be stored and deleted is both a blessing and a curse.   We create new letters, new invoices, and new emails. We clean out old emails, buy new and bigger hard drives, and archive old reports.  Our IT staff (if we have one) rotates backup tapes. We update databases, usually over-writing what was there before. We delete old files (or at least we should!) to make room for more. We defragment our drives to speed up our computer’s responsiveness. We use spam filters to delete, or at least hide, unwanted email and advertising. 

But what if, in these day-to-day processes, we delete evidence relevant to litigation that is pending or that we should have known about?

The e-discovery amendments to the Federal Rules for Civil Procedure recognize the concept of reusing computer resources and include the concept of a Litigation Hold. As soon as a party knows of, or should have known of, pending litigation, it must stop all activities that could delete relevant information and preserve all potentially relevant electronically stored information (ESI).

As the trial attorney, how do you get the word out to your client to stop deleting potential evidence? The answer is a Litigation Hold Notification. The plaintiff attorney should issue such a notification to his/her client and to opposing counsel. Such notices should also spell out whether there are any requirements to preserve new ESI as well.   In my next blog, I will discuss the need for clients to have a Litigation Hold Plan, but attorneys need to be prepared to ensure that ESI is preserved. In real life, that often means creating a preservation plan for the first time.

But the attorney’s responsibility doesn’t stop with just issuing the letter. As Judge Scheindlin told the UBS Warburg attorneys in the Laura Zubulake case, counsel has an affirmative responsibility to ensure that ESI is being preserved. This affirmative responsibility means repeatedly contacting the major players to remind them of the responsibilities and auditing their compliance. A single letter just won’t do it in the light of Judge Scheindlin’s ruling.

One solution is for the trial attorney to have an e-Discovery Liaison or e-Discovery Coordinator. This can be someone in the firm or an outside technical expert. Another approach is to have a team (I often call it a SWAT team) within the client’s organization. This team has the responsibility for creating, documenting, and monitoring the company’s ESI preservation policy.

One thing is clear, the role of the trial attorney is changing.  I believe the attorney who knows the most about e-discovery, and about this changing role, will have an upper hand in litigation.

• Email This
• Print
• Comments & Questions
• Trackbacks (2)

I spoke at the American Association for Justice, AAJ, 2008 Convention last weekend. It was the first legal convention that I’ve been to, and it was eye opening. I had no idea that medical demonstratives were such a big thing. I learned more about more kinds of surgery and procedures than I thought possible—all just by wandering the aisles of the extensive exhibitor area.  Plus I have never seen a set of proceedings so large!  Both copies of the papers, including mine, and recordings are available from AAJ.

I spoke to the Admiralty Section and explained how the new e-discovery amendments to the Federal Rules of Civil Procedure affect how plaintiff attorneys can get data from the opposing side. I heard lots of stories about how difficult it is to get Electronically Stored Information, ESI, out of cruise lines and shipping companies. Things like:

We ask for email and they say there isn’t any. Then we get into a 30.b.6 hearing and ask about how they communicate. They say by email and we ask for it again. They finally produce a few printed emails and that’s all we get.

The e-discovery amendments put a lot of power into the hands of litigators, if they will just seize it. And this power is not restricted to plaintiff or maritime attorneys either. The rules call for opposing counsel to discuss e-discovery at the initial scheduling conference. If you are prepared and the other side isn’t, you have the upper hand.

The default form of production provided by the e-discovery amendments is in the form they are customarily kept and used. For email, that usually means electronically readable and searchable forms. Some attorneys tell me they prefer paper documents, perhaps because they are easy to handle, can be reviewed on the train on the way to work, and are easy to redact and bates number. But having discovery in electronic forms that are searchable and that can be automatically categorized can drastically reduce the cost of document review and management.

I’ll be describing some typical scenarios for my e-discovery cases in the next few posts. In the mean time, I’d like to hear from attorneys about what they most fear when it comes to e-discovery. 

• Email This
• Print
• Comments & Questions
• Trackbacks

I've been concerned about the "safe harbor" rule in the FRCP e-discovery amendments.   The amendments acknowledge that it is normal to destroy ESI.  Examples include updating an address in a database, recycling backup media, and overwriting deleted files.  The rules say that if you are in litigation, if you have deleted relevant ESI, and if you can demonstrate it was done in the routine course of business and in good faith, then the safe harbor rule protects you from sanctions.

The way to do this is with a Document Retention and Destruction, "DRD" policy plus a monitoring plan that shows that you follow the policy.

Large organizations who are regularly in involved multiple litigations quickly understood the need for positioning themselves to take full advantage of the safe harbor rule.  But smaller companies don't always understand the importance of bringing their business practices into compliance.

I urge attorneys to do their clients a favor and tell them about this risk.  Small "Mom and Pop" businesses can get by with a Word document and a spreadsheet.  Larger organizations will require larger systems, but there are many options available.

Have your clients look at it this way: keeping old materials out of their files and hard drives is good business. They save money, have less risk of exposing confidential information, need new computer storage less often, and have the peace of mind that if the unthinkable-the dreaded litigation-comes along, they are prepared and protected. I tell my clients that systematically destroying old documents is like brushing your teeth twice a day, good business hygiene.

Savvy judges are on the DRD bandwagon: "I'm telling you, as long as you have a defensible, documented plan for ESI in place, you shouldn't have to worry…." Judge Lee H. Rosenthal of the U. S. District Court for the Southern District of Texas.

• Email This
• Print
• Comments & Questions
• Trackbacks

I have been concerned for some time that corporate clients are not getting the message about preparing for e-discovery.  Organizations that are in frequent litigation seem to understand the issues, but they are not necessarily prepared.  In a survey of in-house counsel, Kroll Ontrack found that only 25% of these counsel felt they were prepared for e-discovery.  Half of the counsel said they did not have an ESI policy.

Baseline has provided an excellent article-from the IT staff's point of view-on the need to prepare for e-discovery.  I recommend it to IT departments of both corporate clients and law firms themselves.

I'd like to hear what the various IT departments have to say about it.

• Email This
• Print
• Comments & Questions
• Trackbacks

In 2006, the Federal Rules of Civil Procedure were amended to address the issues that arise when potential evidence is stored in electronic form.  Some estimates say that as much as 90% of all new information is created in electronic form, increasing the likelihood that any case will involve  Electronically Stored Information, ESI, even when it doesn't involve computers directly.

e-Discovery then, is the process of requesting, collecting, reviewing, and producing ESI.  The amendments have several consequences relevant to the trial attorney.  It is not just filing electronically.

What is discoverable has been broadened to include any electronically stored information.  Think cell phones, Blackberries, USB keys, voice and email servers-all are discoverable.

Trial attorneys now have to be prepared to discuss their client's ESI at the "meet and greet" and participate in developing a discovery plan.

Finally, clients need a Document Retention and Destruction, DRD, plan so that they are protected by the amendments' "safe harbor" protection clause.

I'll be discussing all these Issues in my blogs from a practitioner's point of view, but feel free to pose questions about any of these issues without waiting for a blog to come out.

• Email This
• Print
• Comments & Questions(1)
• Trackbacks

In Perfect Barrier LLC v. Woodsmart Solutions Inc., 2008 WL 2230192 (N.D. Ind. May 27, 2008), Perfect Barrier provided search terms and requested that Woodsmart provide all emails containing those terms.  The production was voluminous, 75,000 emails, and provided in native form.  After losing a motion on the categorization of the emails, Perfect Barrier then sought to force Woodsmart to reproduce the emails in hardcopy!  A motion that they also lost.

What strikes me about this is the oddity of asking for hardcopy when Perfect Barrier had the emails in an electronically searchable form with their metadata intact.   There are many tools to work with the emails electronically--providing searching and sorting at a minimum.  They were much better off with the emails as produced.

As I've advised before, there are two lessons to be learned from this case.  First, your initial discovery request for ESI should include the form in which you want it produced.  And secondly, to avoid excess production, test your search terms before turning them lose on the documents.  As Magistrate Judge Paul Grimm said, "All keyword searches are not created equal."

• Email This
• Print
• Comments & Questions
• Trackbacks

The first step in a forensic investigation, and in some e-discovery responses, is to get a copy of the hard drive(s) and other storage devices that may have the data you are looking for or that is responsive to discovery requests.  But using Windows' traditional "Copy and Paste" isn't forensically valid.

First of all,  starting the computer alters what's stored on it.  The copy process itself will alter the evidence (changing the metadata and dates)…and there goes your chain of custody.  Furthermore, Windows keeps all sorts of little "pockets" of information that the typical user can't see but that may contain valuable evidence.  The copy procedure doesn't gather all these little "goodies."

A valid forensic image or just image is an exact, bit-by-bit copy of the storage device including all the little goodies.  The forensic software that creates such images bypasses the operating system, accesses all the locations where the operating system hides data, and uses a mathematical procedure to start and assure the chain of custody.  From that point on, the analysis is done on the image, again with software that assures chain of custody.

An image is sometimes called a "mirror,"  but I urge clients to avoid that term because it has two different connotations  The confusion has caused at least 2 clients unnecessary time and expense with prior consultants.

Who should make a valid forensic image?  You need a trained forensic specialist with the proper hardware and software tools to make an image.  Special hardware is needed to keep the operating system from making any changes to the original data, thereby preserving the original evidence. Forensic software is needed to bypass the operating system (to get the goodies) and assure chain of custody.  It is human nature to ask the IT department to come in and take a look.  No one wants to make false accusations.  But that "looking around" can destroy the very evidence that you are seeking.  One attorney who has retained me several times says to his clients, "Shut down and get Johnette in there!"

How long does it take?  The time required to make an image is dependent on the size of the device.  But generally speaking, it requires hours not days or weeks.  Fortunately, there is new technology that allows us to make images of servers while they are in use, thereby disrupting business as little as possible.

In another post I'll talk about the objections opposing counsel are likely to make and how you can address them.  If you have had experiences with making or using images, please post a comment on your experiences.  There is always more to learn.

• Email This
• Print
• Comments & Questions
• Trackbacks (1)