Close
Enter your
text here

Collection

eDiscovery Trends: Sharon Nelson
 

This is the sixth and final installment of our Holiday Thought Leader Interview series. I interviewed several thought leaders to get their perspectives on various eDiscovery topics.

Today’s thought leader is Sharon Nelson.  Sharon is the President of Sensei Enterprises, where she has worked on the front lines of computer forensics and eDiscovery topics that are also discusses on her blog Ride the Lightning. She is a graduate of the Georgetown University Law Center and is the president elect of the Virginia Bar Association.

Last week, I interviewed Sharon’s husband, John Simek, who is vice president of Sensei. John is a technical computer forensics expert, while Sharon provides the legal perspective on eDiscovery issues. Together, they are frequent speakers and authors on computer forensic issues.

As a lawyer, how did you get into the world of computer forensics? What is the role of an attorney within a computer forensics firm?

I stumbled into computer forensics along with my partner John Simek. Peter Greenspun, one of the leading criminal attorneys in Virginia, had a case in 1999 involving electronic evidence and he asked if we could help as experts. That case is still taught by the FBI. It got me thinking that Sensei should expand from information technology to computer forensics – and I knew it was a field that only a true scientist could excel in, so the wannabes of the world would not be able to truly compete. The role of an attorney is to stay up with the law and the cases and render expert advice to both clients and employees – and act as corporate counsel of course.

How has your blogging at Ride the Lightning influenced your legal career?

Within the context of Sensei, I operate as an expert, not as a lawyer, although I retain a separate law office. Certainly Ride the Lightning has helped Sensei’s marketing enormously, which ultimately helps to attract clients. I was honored when RTL was named to the American Bar Association’s Blawg 100 for the second year in a row and also when the Library of Congress asked my permission to archive it and to make it available to scholars and researchers. And it is just plain fun writing it!

Have lawyers begun to grapple with social media issues or are many still in denial?

There are still some lawyers in denial but their numbers are declining. In fact, I organize a lot of CLEs and many of the social media sessions are standing room only. Many lawyers want to learn how to use social media and how to avoid the ethical pitfalls. Things simply go viral in this new e-world. It is amazing how far social media (which includes blogs) extends your reach. Blogs, in particular, tend to attract reporters, which can be really helpful to marketing a law practice.

I believe you are involved in a lot of family law cases and disputes involving individuals. How has social media changed these cases?

It’s a veritable gold mine. People are unbelievably foolish in what they put online. We had a case where the husband was discussing his latest hookup with his lover on his Facebook page. He knew his wife was not his “friend”, but he had forgotten that a mutual acquaintance was his friend and she simply printed out all his postings. It’s not just family law though – social media is particularly helpful in personal injury cases where the Plaintiff who is “wholly disabled” is using a chain saw and dancing a jig (and yes, that’s from a real case). I almost can’t think of an area of law where social media isn’t a treasure trove – law enforcement has wholly embraced it as evidence against criminals who post astonishing admissions online.

As people increasingly live their lives online, do digital records ever really go away? Are we going to be followed around by our digital selves forever?

Some digital records will certainly go away – the problem is that you’ll never know which ones. People forward your communications or preserve them for their own reasons. Your business competitor may be archiving your website and anything that is open on your social media sites. Social media sites let you deactivate your account or delete posts, but that doesn’t help if someone else already has the information. And, indeed, it does not appear that social media sites truly delete your information since law enforcement has been known to get data that was supposedly no longer online. Trusting social media sites to respect your privacy is foolhardy. The only privacy we have is in the sheer volume of data out there – but once someone lasers in on you, your privacy is gone.

On Ride the Lightning, you discuss sanctions and electronic evidence blunders. Is there a common reason why lawyers make mistakes with digital evidence? What are the keys to making the profession smarter about handling computer records?

Education is the key, and we’re slowly getting there, but it is very slow. Most lawyers are technophobic and find it difficult to understand electronic evidence. They really need to call in well-qualified experts early on – that saves the most money because good experts won’t let you spend your money foolishly. As an example, an order to “preserve everything” is nonsensical, but we hear it all the time. If the attorneys on both sides are reasonable and they have good experts, it’s amazing how fast they can come to a strategy that saves everyone time and money. And for heaven’s sake, why not go after the low-hanging fruit first? That might cause the case to settle early before vast sums of money have been expended. You can always go back and do more digging if necessary.

How have you and husband John Simek managed to make a career out of computer forensics and eDiscovery? You seem to be busy with speaking and professional engagements- how do you make it work?

That’s the new world – our offices are in our laptops, so we carry our offices with us as we travel. There is very little that we cannot do remotely. We have fine-tuned the art of entering a hotel room and bringing up the laptops while unpacking our suitcases. People ask us all the time how a husband and wife can run a business and not make each other crazy. We really have a bright line – John makes the technical decisions and I make the legal, business and marketing decisions. We talk across that line, but we respect the line. It works for us – that and being in love of course. We always say that we get paid to play – we don’t know anyone who enjoys coming to work as much as we do. The word retirement is anathema to both of us!

Thanks, Sharon, for participating in the interview!

And to the readers, as always, please share any comments you might have or if you’d like to know more about a particular topic!

eDiscovery Case Law: Lilly Fails to Meet its eDiscovery Burden, Sanctions Ordered

In Nacco Materials Handling Group, Inc. v. Lilly Co., No. 11-2415 AV, (W.D. Tenn. Nov. 16, 2011), the court required the defendant to bear the costs of discovery where its preservation and collection efforts were “woefully inadequate.” Parties must cooperate and voluntarily preserve, search for, and collect ESI to avoid the imposition of sanctions.

In this case, Nacco, a manufacturer and seller of lift trucks and aftermarket parts, accused Lilly, a former Nacco dealer, of illegally accessing its proprietary, password-secured website on over 40,000 occasions. Nacco asserted a host of claims, including violations of the Computer Fraud and Abuse Act, computer trespass, misappropriation of trade secrets, tortious interference with contract and business relations, and tortious interference with prospective economic advantage.

Nacco filed a motion seeking expedited discovery so that its forensic expert could search Lilly’s computers and determine which computers accessed Nacco’s proprietary information. The expert turned up evidence of inappropriate access on 17 of the 35 computers he examined.

As discovery continued, Nacco also requested the deposition of a 30(b)(6) witness. However, the witness Lilly offered was unprepared to answer questions on the topics outlined in the deposition notice. Based on the witness’s statements in the deposition and evidence found during the forensic examination, Nacco filed a motion to prevent the further spoliation of evidence and sought sanctions.

The court decided that Lilly’s attempts to preserve evidence were “woefully inadequate.” The company “failed to take reasonable steps to preserve, search for, and collect potentially relevant information, particularly electronic data, after its duty to preserve evidence was triggered by being served with the complaint.” Specifically, U.S. Magistrate Judge Diane Vescovo found that the company “failed to timely issue an effective written litigation hold, to take appropriate steps to preserve any existing electronic records, to suspend or alter automatic delete features and routine overwriting features, and to timely and effectively collect ESI.”

The court explained that Lilly sent the litigation hold to seven of its 160 employees without adequate instructions—and the seven did not include the “key players” to the litigation. The company made no further efforts to prevent the deletion of e-mail, data, or backup tapes. Finally, the company apparently “left collection efforts to its employees to search their own computers with no supervision or oversight from management. Lilly did not follow up with its employees to determine what efforts were taken to preserve and collect relevant evidence, and Lilly failed to document any of its search and collection efforts.” Therefore, the court found that Lilly breached its duty to preserve relevant evidence.

After finding the company negligent, the court imposed sanctions against Lilly that included the expense of additional discovery, including the cost of a second 30(b)(6) deposition, the forensic examinations and imaging already complete, the costs of additional analysis of computers of the nine employees who accessed Nacco’s website, and the costs of imaging the computers in its service department. In addition, the court ordered Lilly to pay monetary sanctions equal to plaintiff’s reasonable costs, including attorney’s fees, in bringing the motion.

Finally, the court ordered Lilly to provide an affidavit describing its preservation and collection efforts and certifying that it had suspended its automatic delete functions and preserved backup tapes.

So, what do you think?  Were the sanctions justified? If so, did the court go far enough?  Please share any comments you might have or if you’d like to know more about a particular topic.

Case Summary Source: Applied Discovery (free subscription required).

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine Discovery. eDiscoveryDaily is made available by CloudNine Discovery solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscoveryDaily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

eDiscovery Trends: Joshua Poje
 

This is the fourth of our Holiday Thought Leader Interview series. I interviewed several thought leaders to get their perspectives on various eDiscovery topics.

Today’s thought leader is Joshua Poje.  Joshua is a Research Specialist with the American Bar Association’s Legal Technology Resource Center, which publishes the Annual Legal Technology Survey. He is a graduate of DePaul University College of Law and Augustana College. 

Why does the American Bar Association produce an annual legal technology survey? Why does legal technology demand special attention?

Technology is inescapable for lawyers today. It's integrated into most aspects of the profession, whether that's communicating with clients, interacting with the courts, or marketing a practice. At this point, if you want to understand how lawyers are practicing, you really have to understand how they're using technology.

That's what we're trying to measure with our survey and that's also the reason we direct our survey questionnaires to practicing attorneys rather than to IT staff or vendors. We aren't just interested in learning what tools are on the market or what technology firms are purchasing; we want to know what they're actually using.

How long have you been involved with the ABA Legal Technology Survey, and how has it changed in that time?

The 2011 ABA Legal Technology Survey Report is the fifth edition I've worked on personally, but the survey has been running in various forms for more than 15 years. Aside from moving to electronic publishing via PDF in 2008, the biggest change we've made in the time I've been here was adding a sixth volume–Technology Basics. That volume allowed us to take a deeper dive into basic questions about budgeting, training, and security.

Aside from that, most of the changes in the survey are evolutionary. We sit down every Fall and evaluate the questionnaire, sometimes adding a few questions about new technology and sometimes dropping questions about technology that's fallen out of use. We try to maintain a high level of consistency from year-to-year so that we can take a meaningful look at trends.

Lawyers have a reputation for being late adopters of technology and even technophobic in many respects. Is this an accurate assessment? Has that changed, or is there still an element of truth to the stereotype?

Lawyers are in a difficult position when it comes to new technology. Normal businesses and organizations have to deal with issues like cost, training, and implementation obstacles when they adopt new technology, and the biggest risk is usually just losing money. Lawyers share those challenges and risks, but also have to consider their obligations under their states' rules of professional conduct. A misstep under the rules can have serious and long-lasting professional consequences. So I think it's understandable that some lawyers take a cautious approach to new technology.

That said, lawyers have certainly become more comfortable with new technology over the last few years. Take Twitter, for example. A recent Pew study found that 13 percent of online adults use Twitter. That's right in line with our 2011 survey, where 14 percent of our lawyer respondents reported using Twitter for personal, non-professional purposes. Around 6 percent even use it for professional activities.

In some cases, lawyers actually seem to be leading on technology. A Nielsen study from May 2011 found that just 5 percent of US consumers own a tablet device like the iPad. In our survey, 20 percent of our respondents reported having tablets available at their firms with 12 percent reporting that they personally use the devices.

There seems to be a new trend or buzzword ever few years that dominates the legal technology conversation. At one point it was all about knowledge management and now it seems to be cloud computing, and then whatever comes next. Do you get the sense legal technologists are prone to getting taken in by hype? Or are they generally practical consumers of technology?

The endless hype cycle is just a reality of the technology sector, legal or otherwise. I think our challenge as legal technology professionals is to navigate the hype to identify the useful, practical tools and strategies that lawyers and other legal professionals can put to good use. We also have to be on alert for the technology that might be problematic for lawyers, given the rules of professional conduct.

There are certainly times when the technology we love doesn't catch on with practicing attorneys. Technology experts have been pushing RSS for years, and yet in 2011 we still had 64 percent of our respondents report that they never use it. But on the other hand, "paperless" was the hot buzzword five or six years ago, and now it's a standard strategy at many law firms of all sizes.

Have the demands of eDiscovery forced the profession to come to grips with their own technology use? Are lawyers more savvy about managing their data?

EDiscovery has certainly been influential for some attorneys, but it's worth noting that 42 percent of our respondents in 2011 reported that they never receive eDiscovery requests on behalf of their clients, and 49 percent reported that they never make eDiscovery requests. Those numbers have barely moved over the last few years.

As you might expect, electronically stored information (ESI) has generally been a bigger concern at the large law firms. In 2011, 77 percent of respondents at firms with 500+ attorneys reported that their firm had been involved in a case requiring processing/review of ESI, compared to just 19 percent of solo practitioners. Those large firms, however, outsource a significant amount of their eDiscovery processing. In 2011, 62 percent reported outsourcing eDiscovery processing to eDiscovery consultants, 50 percent outsourced to computer forensics specialists, and 35 percent outsourced to other lawyers in the U.S.

What trends and technologies are you most interested in following in the next survey?

Cloud computing is definitely a topic to keep an eye on. In 2011, 76 percent of our respondents reported that they had never used a cloud-based tool for legal tasks. Of those, 63 percent cited unfamiliarity with the technology as a reason. A lot of attention has been focused on the cloud this year, though, particularly after Apple's iCloud announcement. It'll be interesting to see how those numbers move in 2012.

Mobile technology should be another interesting area. BlackBerry held onto the overall lead for smartphones in 2011, but iOS and Android made substantial gains. Among our solo and small firm respondents, the iPhone actually led the BlackBerry. Will that carry over to the larger firms in 2012? And on the tablet front, it should be interesting to see how the market shifts. In 2011, 96 percent of the respondents who reported having a tablet available specified the iPad. Apple now has competition from Motorola, Samsung, RIM, HP and others, so it's possible we could see movement in the numbers.

Thanks, Joshua, for participating in the interview!

And to the readers, as always, please share any comments you might have or if you’d like to know more about a particular topic!

eDiscovery Trends: John Simek
 

This is the third of our Holiday Thought Leader Interview series.  I interviewed several thought leaders to get their perspectives on various eDiscovery topics.

Today’s thought leader is John Simek. John is the Vice President of Sensei Enterprises, a computer forensics firm in Fairfax, Va, where he has worked since 1997. He is an EnCase Certified Examiner and is a nationally known testifying expert in computer forensic issues. Together with his wife, Sharon Nelson, John has become a frequent speaker on eDiscovery topics and digital forensic issues. We have also interviewed Sharon, who serves as Sensei’s President, for this series, and her interview will appear this coming Wednesday.

You have been a forensic examiner for a long time. How has the business changed over that time? How much does the rate of change in computer technology make your job difficult? Has social media and mobile technology changed the nature of your work and the evidence in play?

Certainly the technology changes present a challenge for any forensic examiner. We are constantly investing in training and tools to deal with the changing landscape. Social media investigations and mobile devices are explosive forms of evidence for many of our cases. The constant changes in smartphones means we must have dozens of tools to extract data from iPads, Androids, BlackBerrys, iPhones, tablets and other mobile devices. Access to social media data varies as well. Some is readily available in the public areas, some may reside on the actual computer used to access the social media sites and some data may be held by the providers themselves, where the user has no clue it is being collected.

There have been several cases of law firms and EDD providers suing each other of late. Why is there this seeming rise in conflict and how does it affect relationships in the industry?

I’ve only seen two such cases and they get ugly really quick. I think the primary reason is lack of transparency and adequate communication. The client should always know what the anticipated costs and effort will be. Should scope change then a new estimate needs to be communicated. I think all too often the EDD providers launch out of the gate and the costs spiral out of control. Obviously, if you are one of those providers that ended up in court over fees or even inadequate or improper processing of ESI, your reputation will be forever spoiled.

There are a lot of certifications a forensic examiner can obtain. What is the value of certification? How should buyers of EDD services evaluate their forensic examiners?

Certifications are a good starting point, although I think they have lost their value over the last several years. Perhaps the tests are getting easier, but I’m seeing folks with forensic certifications that shouldn’t be trusted with a mouse in their hand. Don’t just look to forensic certifications either. Other technology (network, operating system, database, etc.) certifications are also valuable. Check CVs. Do they speak, write and have previous experiences testifying? One of the best methods of evaluation is referrals. Did they do a quality job? Were they on time? Did the costs fall within budget?

You’ve done a lot of work in family law cases. In cases where emotions are running high, how do you counsel clients? Is there a way to talk to people about proportionality when they are angry?

You’ve hit the nail on the head. There is very little logic in family law cases, especially when emotions are running high. I’ve lost count of the number of times we’ve told clients NOT to spend their money on continuing or even starting a forensic analysis. Some listen and some don’t. The exception is where there are issues pertaining to the welfare of any children. We had one case where dad was into BDSM and exhibiting similar behavior towards the children. Mom had no job and was extremely brutalized from the abuse over the years. We completed that case pro bono as it was the right thing to do. Dad lost custody and ordered supervised visitation only.

There has been a lot of hype about EDD services for small firms. In your experience, is this becoming a reality? Can small and solo firms compete with large firms for more EDD cases?

Electronic evidence plays a part in more and more cases. There is a crying need for better tools and methods to review ESI in the smaller cases. Thankfully, some vendors are listening. Products like Digital Warroom and Nextpoint’s products are very affordable for the smaller cases and don’t require a large investment by the solo or small firm attorney. These are hosted solutions, which means you are using the cloud. Large firms are also using hosted solutions, but may use other vendor products depending on the type of data (e.g. foreign language) and/or volume.

You testify in a lot of cases as an expert witness. What are the reasons your services might be needed in this area? What are common reasons that forensic evidence is being challenged, and how can legal teams avoid being challenged?

The good news is that less than 10% of our cases end up going to trial. As we say in the forensic world, “The truth is the truth.” Once we have had a chance to analyze the evidence and report the findings, there are rarely any challenges. That’s what a forensic exam is all about- being repeatable. The opposing party’s examiner better find the same results. The challenge may come from the interpretation of the results. This is where experience and knowledge of the expert comes into play. Many of the forensic examiners today have never used a computer without a graphical interface. Remember the Casey Anthony case? I cringed when I heard the prosecution testimony about the activity surrounding the Internet searches. It failed the smell test in my mind, which ended up being true since the expert later admitted there was a problem with the software that was used.

Would you recommend a similar career path to young technologists? What do you like about being a forensic examiner?

Some universities are now offering degrees in Digital Forensics or some similar name. I’m not sure I would go the route of computer forensics as a baseline. I’m seeing more activity in what I would call digital investigations. This includes network forensics and dealing with cases such as data breaches. We are doing more and more of these types of exams. It’s sort of like following the data trail. Probably the single best thing about being a forensic examiner is getting to the truth. Since we also do criminal defense work, there are many times that we’ve had to call the attorney and tell them that their client needs a new story.

Thanks, John, for participating in the interview!

And to the readers, as always, please share any comments you might have or if you’d like to know more about a particular topic!

eDiscovery Best Practices: Production is the “Ringo” of the eDiscovery Phases
 

Since eDiscovery Daily debuted over 14 months ago, we’ve covered a lot of case law decisions related to eDiscovery.  65 posts related to case law to date, in fact.  We’ve covered cases associated with sanctions related to failure to preserve data, issues associated with incomplete collections, inadequate searching methodologies, and inadvertent disclosures of privileged documents, among other things.  We’ve noted that 80% of the costs associated with eDiscovery are in the Review phase and that volume of data and sources from which to retrieve it (including social media and “cloud” repositories) are growing exponentially.  Most of the “press” associated with eDiscovery ranges from the “left side of the EDRM model” (i.e., Information Management, Identification, Preservation, Collection) through the stages to prepare materials for production (i.e., Processing, Review and Analysis).

All of those phases lead to one inevitable stage in eDiscovery: Production.  Yet, few people talk about the actual production step.  If Preservation, Collection and Review are the “John”, “Paul” and “George” of the eDiscovery process, Production is “Ringo”.

It’s the final crucial step in the process, and if it’s not handled correctly, all of the due diligence spent in the earlier phases could mean nothing.  So, it’s important to plan for production up front and to apply a number of quality control (QC) checks to the actual production set to ensure that the production process goes as smooth as possible.

Planning for Production Up Front

When discussing the production requirements with opposing counsel, it’s important to ensure that those requirements make sense, not only from a legal standpoint, but a technical standpoint as well.  Involve support and IT personnel in the process of deciding those parameters as they will be the people who have to meet them.  Issues to be addressed include, but not limited to:

  • Format of production (e.g., paper, images or native files);
  • Organization of files (e.g., organized by custodian, legal issue, etc.);
  • Numbering scheme (e.g., Bates labels for images, sequential file names for native files);
  • Handling of confidential and privileged documents, including log requirements and stamps to be applied;
  • Handling of redactions;
  • Format and content of production log;
  • Production media (e.g., CD, DVD, portable hard drive, FTP, etc.).

I was involved in a case recently where opposing counsel was requesting an unusual production format where the names of the files would be the subject line of the emails being produced (for example, “Re: Completed Contract, dated 12/01/2011”).  Two issues with that approach: 1) The proposed format only addressed emails, and 2) Windows file names don’t support certain characters, such as colons (:) or slashes (/).  I provided that feedback to the attorneys so that they could address with opposing counsel and hopefully agree on a revised format that made more sense.  So, let the tech folks confirm the feasibility of the production parameters.

The workflow throughout the eDiscovery process should also keep in mind the end goal of meeting the agreed upon production requirements.  For example, if you’re producing native files with metadata, you may need to take appropriate steps to keep the metadata intact during the collection and review process so that the metadata is not inadvertently changed. For some file types, metadata is changed merely by opening the file, so it may be necessary to collect the files in a forensically sound manner and conduct review using copies of the files to keep the originals intact.

Tomorrow, we will talk about preparing the production set and performing QC checks to ensure that the ESI being produced to the requesting party is complete and accurate.

So, what do you think?  Have you had issues with production planning in your cases?  Please share any comments you might have or if you’d like to know more about a particular topic.

eDiscovery Trends: Potential ESI Sources Abound in Penn State Case
 

Whether you’re a college football fan or not, chances are you’ve heard about the scandal associated with the allegations of serial child abuse by former Penn State football coach Jerry Sandusky.  There seems to be new developments almost daily and the scandal has already cost the jobs of the university president, vice president, athletic director and the head football coach, Joe Paterno, who had been head coach since 1965 and on the coaching staff since 1950 (most of us weren’t even born yet!).  Numerous lawsuits seem highly likely to arise as a result of the alleged abuse against a variety of defendants, including the university, individuals alleged to be involved in the abuse and cover-up and also the Second Mile Foundation founded by Sandusky.

Seth Row, an attorney with Parsons Farnell & Grein LLP in Portland (OR), has written an article published in the Association of Certified eDiscovery Specialists (ACEDS) web site providing a detailing of potential sources of ESI that may be relevant in the case.  The article illustrates the wide variety of sources that might be responsive to the litigation.  Here are some of the sources cited by Row:

  • Videotape of entry and exit from the athletic facilities at Penn State, to which Paterno gave Sandusky access after the latter resigned in 1999;
  • Entry/exit logs, which are likely housed in a database if keycards were used, for the Lasch Football Building, where abuse was allegedly witnessed
  • Phone records of incoming and outgoing calls;
  • Electronic rosters of football players, coaches, staff, student interns, and volunteers affiliated with the Penn State football program over time;
  • The personal records of these individuals, including telephone logs, internet search histories, email accounts, medical and financial records, and related information created over time;
  • University listservs;
  • Internet forums – a New York Times article reported last week that a critical break in the investigation came via a posting on the Internet, mentioning that a Penn State football coach might have seen something ugly, but kept silent;
  • Maintenance logs maintained by the two custodial employees who allegedly witnessed abuse;
  • Identities of all media beat reporters who covered the Penn State football team;
  • Passenger and crew manifests for all chartered flights of the Penn State football team in which Sandusky was a passenger;
  • Sandusky's credit card records to document meals and outings where he may have been accompanied by victims, and records of gifts he purchased for them;
  • All records of the Second Mile Foundation identifying boys who participated in its programs, as well as the names of donors and officers, directors and staff;
  • Paper record equivalents of this ESI that were produced in the 1990s before electronic recordkeeping became prevalent;
  • All electronic storage and computing devices owned or maintained by Sandusky, Paterno and other central figures in the scandal, including cell phones, personal computers, tablet computers, flash drives, and related hardware.

With such a wide variation of potential custodians and time frames, it will be difficult to quickly narrow down the potential ESI sources.  As the author points out, it seems likely that Penn State has already locked down its records retention policies throughout the university.  They certainly would seem to have a reasonable expectation of litigation.  Investigators and attorneys will likely be racing against time to identify as many other parties as possible with potentially responsive ESI.

So, what do you think?  Have you been involved in litigation with such a wide distribution of potentially responsive ESI?  Please share any comments you might have or if you’d like to know more about a particular topic.

eDiscovery Case Law: Court Grants Adoption of Model Order for Patent Case

Model orders to limit discovery for patent cases have gained popularity in various jurisdictions, including this recent order proposed in Texas.  Here’s one patent case where the defendant sought to adopt such a model order.

In DCG Sys., Inc. v. Checkpoint Techs., LLC, No. C-11-03792 PSG, (N.D. Cal. Nov. 2, 2011), defendant Checkpoint asked the court to enter a version of the model order. (The proposed version differed from the model order in the number of keywords and custodians and on an issue of metadata.) The court granted defendant’s motion.

Plaintiff DCG objected to the entry of the order. It argued that since this was a case between competitors, and not a case brought by a nonpracticing entity (an “NPE,” or sometimes called a “patent troll”), the discovery would be improperly impeded by the model order’s limitations on email discovery.

NPE or patent troll cases often involve asymmetrical discovery – the plaintiff has few documents but the defendant has many. And some commentators have proposed that the model eDiscovery order seeks to reduce the ill-effects of this asymmetry. In this case plaintiff argued that it would need discovery on legitimate issues that may have arisen with an actual competitor, e.g., whether defendant copied plaintiff’s technology and whether plaintiff was entitled to an injunction. Plaintiff’s argument presupposed that the model order’s limitations would cut into the scope of that purported legitimate discovery.

The court rejected plaintiff’s arguments. It found that: (1) nothing in the model order or the Chief Judge of the Federal Circuit’s speech unveiling the order suggested that it was intended only for NPE cases, and (2) there was no reason to believe that non-NPE (competitor) cases presented less compelling circumstances in which to impose reasonable restrictions on the timing and scope of email discovery.

The court also addressed the notion that the model order would help only in NPE cases or cases involving asymmetrical eDiscovery. It observed that the model order could have double the benefit in competitor cases. If using the model order to relieve the burden on the producing party in an NPE case was a good thing, then using it in a suit between competitors benefit both sides and be twice as good.

So, what do you think?  Are model orders to limit discovery a good idea?  If so, should they apply to other types of cases? Please share any comments you might have or if you’d like to know more about a particular topic.

Case Summary Source: Practical eDiscovery Blog, by Hinshaw & Culbertson, LLP.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine Discovery. eDiscoveryDaily is made available by CloudNine Discovery solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscoveryDaily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

eDiscovery 101: Simply Deleting a File Doesn’t Mean It’s Gone
 

This subject came up recently in discussion with one of my clients and since he was confused as to what happens when a file is deleted, I thought it would be worthwhile to discuss the topic on the blog.

Disk drives use an index or table to keep track of where each file begins and ends on the disk.  You may have heard terms such as “FAT” (file allocation table) or NTFS ({Windows} NT File System) – these filing systems enable the file to be retrieved quickly on the drive.  They’re like a “directory” of all of the active files on the disk.  When a file is “deleted” (i.e., actually deleted, not just moved to the Recycle Bin), the data for that file isn’t actually removed from the disk (in most cases).  Instead, the entry pertaining to it is removed from the filing system.  As a result, the area on the disk where the actual data is located becomes unallocated space.

Unallocated space, also known as inactive data or drive free space, is the area of the drive not allocated to active data. On a Windows machine, deleted data is not actually destroyed, but the space on the drive that can be reused to store new information. Until the unallocated space is overwritten with new data, the old data remains.  This data can be retrieved (in most cases) using forensic techniques. On MAC O/S 10.5 and higher, there is an application that overwrites sectors when a file is deleted. This process more securely destroys data, but even then it may be possible to recover data out of unallocated space.

Because the unallocated space on a hard drive or server is that portion of the storage space to which data may be saved, it is also where many applications “temporarily” store files when they are in use. For instance, temporary Internet files are created when a user visits a web page, and these pages may be “cached” or temporarily stored in the unallocated space.  Rebooting a workstation or server can also clear some data from the unallocated space on its drive.

Since computers are dynamic and any computer operation may write data to the drive, it is nearly impossible to preserve data in the unallocated space on the hard drive and that data is not accessible without special software tools. To preserve data from the unallocated space of a hard drive, the data must be forensically collected, which basically copies the entire drive’s contents, including every sector (whether those sectors contain active data or not). Even then, data in the unallocated space may not be complete. Because the unallocated space is used to store new data, writing a new file may overwrite part of a deleted file, leaving only part of that file in the unallocated space.

Nonetheless, “deleted” files have been recovered, collected and produced in numerous lawsuits, despite efforts of some producing parties to destroy that evidence.

So, what do you think?  Have you ever recovered deleted data that was relevant to litigation?  Please share any comments you might have or if you’d like to know more about a particular topic.

eDiscovery Rewind: Eleven for 11-11-11
 

Since today is one of only 12 days this century where the month, day and year are the same two-digit numbers (not to mention the biggest day for “craps” players to hit Las Vegas since July 7, 2007!), it seems an appropriate time to look back at some of our recent topics.  So, in case you missed them, here are eleven of our recent posts that cover topics that hopefully make eDiscovery less of a “gamble” for you!

eDiscovery Best Practices: Testing Your Search Using Sampling: On April 1, we talked about how to determine an appropriate sample size to test your search results as well as the items NOT retrieved by the search, using a site that provides a sample size calculator. On April 4, we talked about how to make sure the sample set is randomly selected. In this post, we’ll walk through an example of how you can test and refine a search using sampling.

eDiscovery Best Practices: Your ESI Collection May Be Larger Than You Think: Here’s a sample scenario: You identify custodians relevant to the case and collect files from each. Roughly 100 gigabytes (GB) of Microsoft Outlook email PST files and loose “efiles” is collected in total from the custodians. You identify a vendor to process the files to load into a review tool, so that you can perform first pass review and, eventually, linear review and produce the files to opposing counsel. After processing, the vendor sends you a bill – and they’ve charged you to process over 200 GB!! What happened?!?

eDiscovery Trends: Why Predictive Coding is a Hot Topic: Last month, we considered a recent article about the use of predictive coding in litigation by Judge Andrew Peck, United States magistrate judge for the Southern District of New York. The piece has prompted a lot of discussion in the profession. While most of the analysis centered on how much lawyers can rely on predictive coding technology in litigation, there were some deeper musings as well.

eDiscovery Best Practices: Does Anybody Really Know What Time It Is?: Does anybody really know what time it is? Does anybody really care? OK, it’s an old song by Chicago (back then, they were known as the Chicago Transit Authority). But, the question of what time it really is has a significant effect on how eDiscovery is handled.

eDiscovery Best Practices: Message Thread Review Saves Costs and Improves Consistency: Insanity is doing the same thing over and over again and expecting a different result. But, in ESI review, it can be even worse when you get a different result. Most email messages are part of a larger discussion, which could be just between two parties, or include a number of parties in the discussion. To review each email in the discussion thread would result in much of the same information being reviewed over and over again. Instead, message thread analysis pulls those messages together and enables them to be reviewed as an entire discussion.

eDiscovery Best Practices: When Collecting, Image is Not Always Everything: There was a commercial in the early 1990s for Canon cameras in which tennis player Andre Agassi uttered the quote that would haunt him for most of his early career – “Image is everything.” When it comes to eDiscovery preservation and collection, there are times when “Image is everything”, as in a forensic “image” of the media is necessary to preserve all potentially responsive ESI. However, forensic imaging of media is usually not necessary for Discovery purposes.

eDiscovery Trends: If You Use Auto-Delete, Know When to Turn It Off: Federal Rule of Civil Procedure 37(f), adopted in 2006, is known as the “safe harbor” rule. While it’s not always clear to what extent “safe harbor” protection extends, one case from a few years ago, Disability Rights Council of Greater Washington v. Washington Metrop. Trans. Auth., D.D.C. June 2007, seemed to indicate where it does NOT extend – auto-deletion of emails.

eDiscovery Best Practices: Checking for Malware is the First Step to eDiscovery Processing: A little over a month ago, I noted that we hadn’t missed a (business) day yet in publishing a post for the blog. That streak almost came to an end back in May. As I often do in the early mornings before getting ready for work, I spent some time searching for articles to read and identifying potential blog topics and found a link on a site related to “New Federal Rules”. Curious, I clicked on it and…up popped a pop-up window from our virus checking software (AVG Anti-Virus, or so I thought) that the site had found a file containing a “trojan horse” program. The odd thing about the pop-up window is that there was no “Fix” button to fix the trojan horse. So, I chose the best available option to move it to the vault. Then, all hell broke loose.

eDiscovery Trends: An Insufficient Password Will Thwart Even The Most Secure Site: Several months ago, we talked about how most litigators have come to accept that Software-as-a-Service (SaaS) systems are secure. However, according to a recent study by the Ponemon Institute, the chance of any business being hacked in the next 12 months is a “statistical certainty”. No matter how secure a system is, whether it’s local to your office or stored in the “cloud”, an insufficient password that can be easily guessed can allow hackers to get in and steal your data.

eDiscovery Trends: Social Media Lessons Learned Through Football: The NFL Football season began back in September with the kick-off game pitting the last two Super Bowl winners – the New Orleans Saints and the Green Bay Packers – against each other to start the season. An incident associated with my team – the Houston Texans – recently illustrated the issues associated with employees’ use of social media sites, which are being faced by every organization these days and can have eDiscovery impact as social media content has been ruled discoverable in many cases across the country.

eDiscovery Strategy: "Command" Model of eDiscovery Must Make Way for Collaboration: In her article "E-Discovery 'Command' Culture Must Collapse" (via Law Technology News), Monica Bay discusses the old “command” style of eDiscovery, with a senior partner leading his “troops” like General George Patton – a model that summit speakers agree is "doomed to failure" – and reports on the findings put forward by judges and litigators that the time has come for true collaboration.

So, what do you think?  Did you learn something from one of these topics?  If so, which one?  Please share any comments you might have or if you’d like to know more about a particular topic.

eDiscoveryDaily would like to thank all veterans and the men and women serving in our armed forces for the sacrifices you make for our country.  Thanks to all of you and your families and have a happy and safe Veterans Day!

eDiscovery Case Law: Defendant Ordered to Re-Post Infringing Photograph to Facebook Profile

A New Jersey court ordered the defendant to re-post a photograph displaying infringing trade dress to his Facebook profile for a brief period of time to allow the plaintiff to print copies, in a case involving trademark infringement.

In Katiroll Co., Inc. v. Kati Roll & Platters, Inc., No. 10-3620 (GEB), 2011 WL 3583408 (D.N.J. Aug. 3, 2011), the plaintiff argued for sanctions after the defendant pulled down infringing materials from his Facebook page and altered his Facebook profile photo, removing a profile picture that included the distinctive trade dress at issue in this case. The court ultimately decided against sanctions, but did order the defendant to re-post the photo in question, as follows.

  • The court first set out to establish whether or not the defendant’s actions could be considered as spoliation, citing the standard of review for the four criteria in spoliation. The four criteria include the party’s control over the evidence, apparent suppression or withholding of evidence, relevance of the destroyed evidence, and that it be “reasonably foreseeable” that the evidence would be required for discovery at a current or later date.
  • The altered profile photograph was deemed by the court to be relevant, and under the control of the defendant. However, whether that evidence was suppressed or withheld, and whether it was foreseeable that it would be required as part of discovery, remained at issue.
  • The plaintiff argued that the defendant should be sanctioned for failing “to preserve his Facebook pages in their original state” and “wanted PDFs of these pages prior to their being taken down”, but the court maintained that because these infringing pages had been removed at the plaintiff’s earlier request, it “would be unjust” to sanction the defendant for those actions.
  • The court also noted that Facebook profile photos are changed as often as weekly by those who use the site regularly, and that the defendant could not have known that changing his photo would have been an issue. “It would not have been immediately clear that changing his profile picture would undermine discoverable evidence,” the court maintained.
  • As result, the court declined to order sanctions against the defendant. Instead, the defendant was ordered to re-post the Facebook profile photo in question “for a brief time,” including the trade dress at issue (as they “ha[d] not been destroyed” and were “attached in several PDFs” to the court), so that the plaintiff might print whatever photos and Facebook pages it wishes. Afterward, the defendant was told to replace the photo again with a non-infringing image.

So, what do you think? Was the court’s decision fair, or should the defendant have been sanctioned for spoliation? Please share any comments you might have or if you’d like to know more about a particular topic.