Email

Court Denies Criminal Defendant’s Motion to Suppress Evidence Obtained via Warrantless Search: eDiscovery Case Law

In United States v. Caputo, No. 3:18-cr-00428-IM (D. Or Nov. 6, 2019), Oregon District Judge Karin J. Immergut denied the defendant’s motion to suppress emails and evidence derived from a warrantless search of Defendant’s workplace email account, finding “any expectation of privacy in Defendant’s work email was objectively unreasonable under the military’s computer-use policies in effect at his workplace.”

Case Background

In this case where the defendant was indicted on four counts of wire fraud, the defendant filed a motion to suppress emails and evidence derived from a warrantless search of the defendant’s workplace email account.  The Government’s response to the motion provided additional facts about the email account and the context in which it received copies of the defendant’s emails, including an image of the banner message displayed when the defendant logged on to his work computer system and two policies which governed the defendant’s computer use at work.

During the period at issue in this case, the warning banner advised (among other things) that at any time, the US Government may inspect and seize data stored on the information system.  The defendant was also subject to the Oregon National Guard’s acceptable use policy and Employees of the Oregon National Guard, including the defendant, were required to sign the policy before they received computer access. They also had to acknowledge and recertify their understanding of the policy annually.

Judge’s Ruling

Judge Immergut noted that “Defendant has not offered any evidence that he had a subjective expectation of privacy in his work email” and stated that “any expectation of privacy in Defendant’s work email was objectively unreasonable under the military’s computer-use policies in effect at his workplace.”

Judge immergut also rejected two cases that the defendant cited to support his claim of a reasonable expectation of privacy, stating that “neither case requires suppression here” and that “[u]nder these circumstances, it was objectively unreasonable for Defendant to expect privacy in his work email.”  As a result, Judge Immergut denied the defendant’s motion to suppress.

So, what do you think?  Should employees expect privacy within their work email accounts?  Please let us know if any comments you might have or if you’d like to know more about a particular topic.

Case opinion link courtesy of eDiscovery Assistant.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Court Agrees that Emails Including Counsel Aren’t Privileged Because They Don’t Offer Legal Advice: eDiscovery Case Law

In Guardiola v. Adams Cty. School District No. 14 et al., No. 1:18-cv-03230-RM-NRN (D.Colo. Oct. 25, 2019), Colorado District Court Judge Raymond P. Moore overruled the defendants’ objection to the magistrate judge’s order compelling them to disclose three e-mails that they contended were subject to the attorney-client privilege, ruling that “[t]he disputed e-mails do not directly request or offer legal advice.”

Case Background

In this case where the plaintiff claimed wrongful termination because of his association with an organization that the defendants believed was encouraging students to protest against the school board, the parties had a discovery dispute over e-mail concerning the implementation of new security measures at school board meetings in which members of Defendant Adams County School District No. 14 Board of Education and their counsel participated. The magistrate judge reviewed in camera five e-mails from the discussion and then invited briefing on the issue of attorney-client privilege. Both sides filed briefs.  The magistrate judge then determined two of the e-mails – one sent by counsel and another responding to it six minutes later – were privileged but the first, second, and portions of the fifth were not.

The magistrate judge found that the sender of the first e-mail was forwarding a security plan proposed by a third-party security provider and seeking input and direction from all the decision-makers, as well as counsel, about implementing it. The magistrate judge determined that the sender’s request was not privileged simply because the attorney was included in the discussion.  The magistrate judge found that the sender of the second e-mail was expressing concerns about strategy, perception, and public opinion and that the e-mail was not sent for the purpose of giving or receiving legal advice.  And the magistrate judge found that the sender of the fifth e-mail reflected the sender’s decision with respect to the proposed security plan and her reasons for that decision; thus, it was merely a business communication and not privileged.  The defendants objected.

Judge’s Ruling

Noting that “The privilege ‘protects only those disclosures necessary to obtain informed legal advice which might not have been made absent the privilege’”, Judge Moore stated: “The disputed e-mails do not directly request or offer legal advice. Nor are they necessary to obtain such advice. Instead, the disputed e-mails are part of a broader discussion about increasing security at school board meetings. Although legal considerations are one component of that discussion, the disputed e-mails, on their face, predominantly relate to other issues. The primary purpose of the first e-mail is to address logistical issues raised by a private security provider. The primary purpose of the second e-mail is to share concerns about managing public opinion. And the primary purpose of the fifth e-mail is to announce and explain the decision that was reached. To the extent legal issues are tangentially related to the broader topic of security, that is not enough to bring the content of these e-mails within the attorney-client privilege.”

Noting that “Defendants cite no authority, nor is the Court aware of any, for the proposition that the Court is precluded from assessing the e-mails at face value and based on the context in which they were sent”, Judge Moore stated, in overruling the defendants’ objection: “Defendants have failed to show that the attorney-client privilege applies to the disputed e-mails and that the magistrate judge’s ruling was clearly erroneous or contrary to law.”

So, what do you think?  Should emails including counsel always be considered privileged or do they need to include legal advice?  Please let us know if any comments you might have or if you’d like to know more about a particular topic.

Case opinion link courtesy of eDiscovery Assistant.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Searching for Email Addresses Can Have Lots of Permutations Too: eDiscovery Throwback Thursdays

Here’s our latest blog post in our Throwback Thursdays series where we are revisiting some of the eDiscovery best practice posts we have covered over the years and discuss whether any of those recommended best practices have changed since we originally covered them.

This post was originally published on November 15, 2012 – when eDiscovery Daily was early into its third year of existence and continues the two-part series we started last week.  Email addresses still provide the same opportunities and challenges for identifying documents associated with individuals that they did nearly seven years ago.  Enjoy!

Last week, we discussed the various permutations of names of individuals to include in your searching for a more complete result set, as well as the benefits of proximity searching (broader than a phrase search, more precise than an AND search) to search for names of individuals.  Another way to identify documents associated with individuals is through their email addresses.

Variations of Email Addresses within a Domain

You may be planning to search for an individual based on their name and the email domain of their company (e.g., daustin@cloudnine.com), but that’s not always inclusive of all possible email addresses for that individual.  Email addresses for an individual’s domain might appear to be straightforward, but there might be aliases or other variations to search for to retrieve emails to and from that individual at that domain.  For example, here are three of the email addresses to which I can receive email as a member of CloudNine:

To retrieve all of the emails to and from me, you would have to include all of the above addresses (and others too).  There are other variations you may need to account for, as well.  Here are a couple:

  • Jim Smith[/O=FIRST ORGANIZATION/OU=EXCHANGE ADMINISTRATIVE GROUP (GZEJCPIG34TQEMU)/CN=RECIPIENTS/CN=JimSmith] (legacy Exchange distinguished name from old versions of Microsoft Exchange);
  • IMCEANOTES-Andy+20Zipper_Corp_Enron+40ECT@ENRON.com (an internal Lotus Notes representation of an email address from the Enron Data Set).

As you can see, email addresses from the business domain can be represented several different ways, so it’s important to account for that in your searching for emails for your key individuals.

Personal Email Addresses

Raise your hand if you’ve ever sent any emails from your personal email account(s) through the business domain, even if it’s to remind you of something.  I suspect most of your hands are raised – I know mine is.  Identifying personal email accounts for key individuals can be important for two reasons: 1) those emails within your collection may also be relevant and, 2) you may have to request additional emails from the personal email addresses in discovery if it can be demonstrated that those accounts contain relevant emails.

Searching for Email Addresses

To find all of the relevant email addresses (including the personal ones), you may need to perform searches of the email fields for variations of the person’s name.  So, for example, to find emails for “Jim Smith”, you may need to find occurrences of “Jim”, “James”, “Jimmy”, “JT” and “Smith” within the “To”, “From”, “Cc” and “Bcc” fields.  Then, you have to go through the list and identify the email addresses that appear to be those for Jim Smith.  Any email addresses for which you’re not sure whether they belong to the individual or not (e.g., does jsmith1963@gmail.com belong to Jim Smith or Joe Smith?), you may need to retrieve and examine some of the emails to make that determination.  If he uses nicknames for his personal email addresses (e.g., huggybear2012@msn.com), you should hopefully be able to identify those through emails that he sends to his business account.

To summarize, searching by email address is another way to identify documents pertaining to a key individual.  The key is making sure your search includes all the email addresses possible for that individual.

So, what do you think?  How do you handle searching for key individuals within your document collections?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Quality Control, Making Sure the Numbers Add Up: eDiscovery Throwback Thursdays

Here’s our latest blog post in our Throwback Thursdays series where we are revisiting some of the eDiscovery best practice posts we have covered over the years and discuss whether any of those recommended best practices have changed since we originally covered them.

This post was originally published on September 18, 2012 – when eDiscovery Daily was not quite two years old.  While it doesn’t exactly link to our just concluded two part series, it does tie in nicely and has been referenced in numerous webcasts since.  Our seven-custodian example might be a bit light for the amount of email we get today, but it’s still a relevant exercise.  Enjoy!

Let’s walk through a scenario to show how the files collected are accounted for during the discovery process.

Tracking the Counts after Processing

We know there are typical categories of excluded files after processing: filtered files, NIST (National Institute of Standards and Technology list of files that are known to have no evidentiary value) and system files, exception files and duplicate files.  These can be a significant portion of the collection.  Obviously, what’s not excluded is available for searching and review.  Even if your approach includes a technology assisted review (TAR) methodology such as predictive coding, it’s still likely that you will want to do some culling out of files that are clearly non-responsive.

Documents during review may be classified in a number of ways, but the most common ways to classify documents as to whether they are responsive, non-responsive, or privileged.  Privileged documents are also typically classified as responsive or non-responsive, so that only the responsive documents that are privileged need be identified on a privilege log.  Responsive documents that are not privileged are then produced to opposing counsel.

Example of File Count Tracking

So, now that we’ve discussed the various categories for tracking files from collection to production, let’s walk through a fairly simple eMail-based example.  We conduct a fairly targeted collection of a PST file from each of seven custodians in a given case.  The relevant time period for the case is January 1, 2010 through December 31, 2011.  Other than date range, we plan to do no other filtering of files during processing.  Duplicates will not be reviewed or produced.  We’re going to provide an exception log to opposing counsel for any file that cannot be processed and a privilege log for any responsive files that are privileged.  Here’s what this collection might look like:

  • Collected Files: 101,852 – After expansion, 7 PST files expand to 101,852 eMails and attachments.
  • Filtered Files: 23,564 – Filtering eMails outside of the relevant date range eliminates 23,564 files.
  • Remaining Files after Filtering: 78,288 – After filtering, there are 78,288 files to be processed.
  • NIST/System Files: 0 – eMail collections typically don’t have NIST or system files, so we’ll assume zero files here. Collections with loose electronic documents from hard drives typically contain some NIST and system files.
  • Exception Files: 912 – Let’s assume that a little over 1% of the collection (912) is exception files like password protected, corrupted or empty files.
  • Duplicate Files: 24,215 – It’s fairly common for at least 30% of the collection to include duplicates, so we’ll assume 24,215 files here.
  • Remaining Files after Processing: 53,161 – We have 53,161 files left after subtracting NIST/System, Exception and Duplicate files from the total files after filtering.
  • Files Culled During Searching: 35,618 – If we assume that we are able to cull out 67% (approximately 2/3 of the collection) as clearly non-responsive, we are able to cull out 35,618 files.
  • Remaining Files for Review: 17,543 – After culling, we have 17,543 files that will actually require review (whether manual or via a TAR approach).
  • Files Tagged as Non-Responsive: 7,017 – If approximately 40% of the document collection is tagged as non-responsive, that would be 7,017 files tagged as such. Results can vary widely on the document collection, culling accuracy and review process, of course.
  • Remaining Files Tagged as Responsive: 10,526 – After QC to ensure that all documents are either tagged as responsive or non-responsive, this leaves 10,526 documents as responsive.
  • Responsive Files Tagged as Privileged: 842 – If roughly 8% of the responsive documents wind up being privileged, that would be 842 privileged documents. Again, the number of responsive files can vary widely, depending on the file collection and privilege considerations.
  • Produced Files: 9,684 – After subtracting the privileged files, we’re left with 9,684 responsive, non-privileged files to be produced to opposing counsel.

The percentages I used for estimating the counts at each stage are just examples, so don’t get too hung up on them.  The key is to note the numbers in red above.  Excluding the interim counts in black, the counts in red represent the different categories for the file collection – each file should wind up in one of these totals.  What happens if you add the counts in blue* together?  You should get 101,852 – the number of collected files after expanding the PST files.  As a result, every one of the collected files is accounted for and none “slips through the cracks” during discovery.  That’s the way it should be.  If not, investigation is required to determine where files were missed.

So, what do you think?  Do you have a plan for accounting for all collected files during discovery?  Please share any comments you might have or if you’d like to know more about a particular topic.

*Why blue?  Because we did red last time!  :o)

P.S. — Happy Anniversary, honey!  I’m the luckiest man around!  If you don’t believe me, check out this post!

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine Discovery. eDiscoveryDaily is made available by CloudNine Discovery solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscoveryDaily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Plaintiff Requests His Entire PST File, Court Says No: eDiscovery Case Law

In Russell v. Kiewit Corp., No. 18-2144-KHV (D. Kan. June 4, 2019), Kansas Magistrate Judge James P. O’Hara denied the plaintiff’s motion seeking to compel supplemental discovery responses by the seven defendants, including the request to receive his entire e-mail personal storage (PST) file, agreeing with the defendants’ contention that the request was overly broad and not proportional.

Case Background

In this case where the plaintiff alleged he was fired in retaliation for opposing age discrimination, disability discrimination, and FMLA violations in the workplace through his role in the defendant’s human resources department, the parties had several unresolved issues that they could not agree on with regard to discovery.  The defendants proposed that the scope of electronic discovery would run from May 27, 2015 through April 22, 2016 and focus on specifically identified custodians using agreed and limited search terms, but the plaintiff did not agree with those propose limitations.

Among the areas where there were disputes were: 1) plaintiff’s email, where the plaintiff moved to compel defendants to produce the e-mail file from his entire employment with defendants as a PST file; 2) the scope of discovery searches; 3) discovery requests to additional entities beyond the plaintiff’s employer; and 4) the plaintiff’s request for policies related to the HR and IT operations of the defendants for whom plaintiff was not an employee.  The parties did resolve their dispute over production of the data from plaintiff’s company-issued iPhone.

Judge’s Ruling

With regard to production of the plaintiff’s PST file, the plaintiff argued that the defendants had an unfair advantage by having access to e-mails that the plaintiff could not access, also arguing that it was proportional to allow him to “see all emails in context maintained in his own email folders” because it “equalizes access.”  The defendants argued the plaintiff’s request was overly broad and not proportional, asserting they had searched for all terms requested by plaintiff, as well as many additional search terms not requested by plaintiff, and produced all responsive e-mails.

With regard to this dispute, Judge O’Hara stated: “The court agrees with defendants. Rule 26(b)(3)(c) relates to a party’s ‘own previous statement about the action or its subject matter.’ To the extent plaintiff seeks his own e-mails related to this action, those were captured in the e-mails defendants produced in response to plaintiff’s search terms, plus the additional terms defendants searched…Conspicuously, plaintiff has not cited any authority for the proposition that Rule 26(b)(3)(C) requires the production of all statements plaintiff has ever made in an e-mail about any subject, such that his entire e-mail file during his tenure with Kiewit Energy must be produced.

Although plaintiff is entitled to request the production of files in .pst format, which are ‘generally associated with the Microsoft Outlook email program,’ Document Request No. 29 seeks the entire file for the ‘email account assigned to plaintiff during his employment with defendants.’  Plaintiff purports to address the ‘proportionality standpoint’ by arguing the .pst file would allow him to more efficiently review the file. But producing the entire PST is ‘simply requesting discovery regardless of relevancy,’ which most definitely is not the standard under the 2015 amendments to Rule 26(b). The language in Document Request No. 29 is not tied to plaintiff’s protected activity or his employment with the company; rather, plaintiff requests the entire e-mail account during the entire length of his employment. That request is facially overly broad and not proportional. Plaintiff has not shown how every e-mail he has sent and received is relevant to this action, particularly in light of defendants’ production of 775 documents from e-mail searches.  The court sustains defendants’ objection to Document Request No. 29.”

Judge O’Hara also found that “defendants have adequately responded to plaintiff’s discovery requests” and rejected his requests for ESI from other entities, sustaining the defendants’ objection that the requests were overly broad and not proportional.

So, what do you think?  Should a former employee have the right to look at his or her entire email repository in litigation?  Please let us know if any comments you might have or if you’d like to know more about a particular topic.

Case opinion link courtesy of eDiscovery Assistant.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Court Rejects Carpenter Argument for Third Party Subpoena of Google Subscriber Info: eDiscovery Case Law

In U.S. v. Therrien, No. 2:18-cr-00085 (D. Vt. Mar. 13, 2019), Vermont District Judge Christina Reiss denied the defendant’s motion to suppress evidence obtained via a subpoena of Google for subscriber information, rejecting the defendant’s argument that the United States Supreme Court decision in Carpenter v. US forecloses the government’s ability to obtain this type of data without a warrant.

Case Background

In this case related to a one count Indictment against the defendant that he knowingly transported child pornography, an order for eighty-five photograph prints was placed with an online company in February 2018.  An employee of the online company’s outsource print provider informed the Federal Bureau of Investigations that it was concerned that some of the photographs may contain child pornography. Law enforcement subsequently discovered an e-mail address that was associated with the order.

A grand jury subpoena was issued in March 2018 to obtain subscriber information from Google pertaining to the account associated with the email address. In response, Google produced subscriber information, services utilized by the account, the date the account was created, the date and time of the last login, and the IP addresses associated with the account from December 6, 2017 through March 15, 2018. Asserting that law enforcement violated the Fourth Amendment in obtaining records from Google without a warrant, the defendant sought suppression of all evidence obtained pursuant to the grand jury subpoena, citing Carpenter v. US.

Judge’s Ruling

While noting that, in Carpenter, the Supreme Court held that cell-site location information (“CSLI”) was not subject to the third-party doctrine, Judge Reiss also noted that SCOTUS reasoned that “the notion that an individual has a reduced expectation of privacy in information knowingly shared with another” and that “reasoned that because there was no way for individuals possessing cell phones to avoid generating CSLI and because cell phones are now effectively a necessity of daily life, it was unreasonable to conclude that an individual voluntarily exposed CSLI information to a third party.”

Judge Reiss also observed that “Since Carpenter, courts have held that IP address information and similar information still fell ‘comfortably within the scope of the third-party doctrine’ because ‘[t]hey had no bearing on any person’s day-to-day movement’ and ‘[the defendant] lacked a reasonable expectation of privacy in that information.’”  Judge Reis cited several cases, including United States v. Rosenow, 2018 WL 6064949, at * 11 (S.D. Cal. Nov. 20, 2018), which said “The Court concludes that Defendant had no reasonable expectation of privacy in the subscriber information and the IP log-in information Defendant voluntarily provided to the online service providers in order to establish and maintain his account.”

As a result, Judge Reiss ruled as follows in denying the defendant’s motion to suppress the evidence obtained:

“In this case, law enforcement obtained information that an account holder voluntarily turned over to Google. This information is squarely within the third-party doctrine and requires a different result than in Carpenter. As a result, Defendant did not possess a reasonable expectation of privacy in the information obtained by law enforcement.”

So, what do you think?  Should people have a reasonable expectation of privacy for their email accounts in third party subpoenas?  Please let us know if any comments you might have or if you’d like to know more about a particular topic.

Case opinion link courtesy of eDiscovery Assistant.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

The Enron Data Set is No Longer a Representative Test Data Set: eDiscovery Best Practices

If you attend any legal technology conference where eDiscovery software vendors are showing their latest software developments, you may have noticed the data that is used to illustrate features and capabilities by many of the vendors – it’s data from the old Enron investigation.  The Enron Data Set has remained the go-to data set for years as the best source of high-volume data to be used for demos and software testing.  And, it’s still good for software demos.  But, it’s no longer a representative test data set for testing processing – at least not as it’s constituted – and it hasn’t been for a good while.  Let’s see why.

But first, here’s a reminder of what the Enron Data Set is.

The data set is public domain data from Enron Corporation that originated from the Federal Energy Regulatory Commission (FERC) Enron Investigation (you can still access that information here).  The original data set consists of:

  • Email: Data consisting of 92% of Enron’s staff emails;
  • Scanned documents: 150,000 scanned pages in TIFF format of documents provided to FERC during the investigation, accompanied by OCR generated text of the images;
  • Transcripts: 40 transcripts related to the case.

Over eight years ago, EDRM created a Data Set project that took the email and generated PST files for each of the custodians (about 170 PST files for 151 custodians).  Roughly 34.5 GB in 153 zip files, probably two to three times that size unzipped (I haven’t recently unzipped it all to check the exact size).  The Enron emails were originally in Lotus Notes databases, so the PSTs created aren’t a perfect rendition of what they might look like if they originated in Outlook (for example, there are a lot of internal Exchange addresses vs. SMTP email addresses), but it still has been a really useful good sized collection for demo and test data.  EDRM has also since created some micro test data sets, which are good for specific test cases, but not high volume.

As people began to use the data, it became apparent that there was a lot of Personally Identifiable Information (PII) contained in the set, including social security numbers and credit card numbers (back in the late 90s and early 2000s, there was nowhere near the concern about data privacy as there is today).  So, a couple of years later, EDRM partnered with NUIX to “clean” the data of PII and they removed thousands of emails with PII (though a number of people identified additional PII after that process was complete, so be careful).

If there are comparable high-volume public domain collections that are representative of a typical email collection for discovery, I haven’t seen them (and, believe me, I have looked).  Sure, you can get a high-volume dump of data from Wikipedia or other sites out there, but that’s not indicative of a typical eDiscovery data set.  If any of you out there know of any that are, I’m all ears.

Until then, the EDRM Enron Data Set remains the gold-standard as the best high-volume example of a public domain email collection.  So, why isn’t it a good test data set anymore for processing?

Do you remember the days when Microsoft Outlook limited the size of a PST file to 2 GB?  Outlook 2002 and earlier versions limited the size of PST files to 2 GB.  Years ago, that was about the largest PST file we typically had to process in eDiscovery.  Since Outlook 2003, a new PST file format has been used, which supports Unicode and doesn’t have the 2 GB size limit any more.  Now, in discovery, we routinely see PST files that are 20, 30, 40 or even more GB in a single file.

What difference does it make?  The challenge today with large mailstore files like these (as well as large container files, including ZIP and forensic containers) is that single-threaded processes bog down on these large files and they can take a long time to process.  These days, to get through large files like these more quickly, you need multi-threaded processing capabilities and the ability to throw multiple agents at these files to get them processed in a fraction of the time.  As an example, we’ve seen processing throughput increased 400-600% with multi-threaded ingestion using CloudNine’s LAW product compared to single-threaded processes (a reduction of processing time from over 24 hours to a little over 4 hours in a recent example).  Large container files are very typical in eDiscovery collections today and many PST files we see today are anywhere from 10 GB to more than 50 GB in size.  They’re becoming the standard in most eDiscovery email collections.

As I mentioned, the Enron Data Set is 170 PST files over 151 custodians, with some of the larger custodians’ collections broken into multiple PST files (one custodian has 11 PST files in the collection).  But, none of them are over 2 GB in size (presumably Lotus Notes had a similar size limit back in the day) and most of them are less than 200 MB.  That’s not indicative of a typical eDiscovery email collection today and wouldn’t provide a representative speed test for processing purposes.

Can the Enron Data Set still be used to benchmark single-threaded vs. multi-threaded processes?  Yes, but not as it’s constituted – to do so, you have to combine them into larger PST files more representative of today’s collections.  We did that at CloudNine and came up with a 42 GB PST file that contains several hundred thousand de-duped emails and attachments.  You could certainly break that up into 2-4 smaller PST files to conduct a test of multiple PST files as well.  That provides a more typical eDiscovery collection in today’s terms – at least on a small scale.

So, when an eDiscovery vendor quotes processing throughput numbers for you, it’s important to know the types of files that they were processing to obtain those metrics.  If they were using the Enron Data Set as is, those numbers may not be as meaningful as you think.  And, if somebody out there is aware of a good, new, large-volume, public domain, “typical” eDiscovery collection with large mailstore and container files (not to mention content from mobile devices and other sources), please let me know!

So, what do you think?  Do you still rely on the Enron Data Set for demo and test data?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

To Preserve Sanction Potential, Plaintiff Fights To NOT Have Claim Against Them Dismissed: eDiscovery Case Law

Yes, you read that right.  In DR Distrib., LLC v. 21 Century Smoking, Inc., No. 12 CV 50324 (N.D. Ill. Feb. 12, 2019), Illinois District Judge Iain D. Johnston denied the defendants’ Motion for Leave to Amend their counterclaim to remove their own defamation counterclaim (Count VIII) against the plaintiffs – a move to which the plaintiffs objected, because it could eliminate their chance to pursue sanctions against the defendants for ESI spoliation.

Case Background

In this trademark infringement case, where, according to Judge Johnston, “the parties have engaged in a plethora of discovery disputes and pleadings practice”, the defendants moved for leave to amend their counterclaim under Fed. R. Civ. P. 15 to remove Count VIII, “defamation per se”, against the plaintiff – three years and eight months after the expiration of the amended pleading deadline.  This was the third time that one of the parties moved to amend a pleading after the deadline (second time requested by the defendant), the court had denied the previous two attempts.

Judge’s Ruling

Judge Johnston began his ruling by stating:

“A party rarely objects to the dismissal of a claim against it. But it happens. See, e.g., Chavez v. Illinois State Police, 251 F.3d 612, 655-56 (7th Cir. 2001). This is one of those rare occasions. Context explains these unusual circumstances. Not surprisingly, like most bizarre legal circumstances, this situation is caused because each side is attempting to obtain a procedural litigation advantage. This Court is confident that its analysis and decision is correct. But this Court also recognizes that this opinion proves two old adages: (1) bad facts make bad law; and (2) judges who like all their decisions are likely bad judges.”

Judge Johnston proceeded to note that “raging in this case is an ESI food fight of Hollywood proportions”, stemming from “the loss of ESI relating to the defendants’ seemingly relevant emails and instant messages”, which was initially limited to the defendants’ defamation counterclaim.  As Judge Johnston noted: “During the ESI melee, by this Motion, defendants sought to eliminate Count VIII. Although unstated, to even the most casual observer, the reason for this move was obvious: If Count VIII were eliminated, then the ESI fracas would be moot. No harm; no foul.”  He also stated that “plaintiffs promise to file a brief longer than a CVS receipt to address the ESI issues”, raising “nearly every conceivable basis for sanctions”.  Summing up the situation, Judge Johnston stated that “plaintiffs cannot obtain these sanctions if Count VIII is eliminated (at least if the ESI were only relevant to Count VIII). Therefore, plaintiffs object, despite the seeming benefit of having a claim against them eliminated. So here we are.”

Make sense now?

In considering the defendants’ motion, Judge Johnston indicated that “defendants dedicate a large portion of their briefs to argue that Rule 15 governs this Motion, and that ‘[t]he court should freely give leave [to amend] when justice so requires’”, but responded that “when a motion to amend a pleading comes after a case management order is entered, Rule 16(b)(4)’s ‘good cause’ standard must be satisfied before a court considers whether Rule 15(a)(2)’s standards are satisfied.”  Judge Johnston also observed that the defendants had failed to show diligence, stating:

“This Motion, brought almost four years after the expiration of the amended pleading deadline, represents the first time that defendants have sought to dismiss Count VIII. These facts would lead a reasonable person to conclude that the real, but unstated, reason to eliminate Count VIII is to avoid the ESI maelstrom on the horizon.”

As a result, stating that defendants “have failed to show good cause pursuant to Rule 16 to amend the case management order”, Judge Johnston denied their motion and indicated that the “issues related to possible sanctions raised in plaintiffs’ response will be addressed in the separate round of briefing.”

So, what do you think?  Is the plaintiff making a big gamble in leaving a claim against them in the case to try to push for sanctions?  Please let us know if any comments you might have or if you’d like to know more about a particular topic.

Case opinion link courtesy of eDiscovery Assistant.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Judge Recommends Jury Decision on Impact of Spoliation of Emails: eDiscovery Case Law

In BankDirect Capital Fin., LLC v. Capital Premium Fin., Inc., No. 15 C 10340 (N.D. Ill. April 4, 2018), Illinois Magistrate Judge Jeffrey Cole recommended that the court follow the decision in Cahill v. Dart and “allow the appropriate evidence to be presented to the jury” to enable it to determine the “impact, if any, the non-production of the challenged emails has on the merits of the parties’ claims”.  If the court was not inclined to let the matter go to the jury, Judge Cole recommended that the court give a permissive spoliation instruction to the jury informing them of the destruction of the requested emails and that they could consider the deletion of the emails to be evidence in considering claims and counter-claims of the parties.

Case Background

In this case regarding breach of a marketing collaboration agreement between the parties and a counter-claim against the owner of the plaintiff, alleging the marketing agreement was negotiated in bad faith, the defendant raised concerns that the plaintiff had produced no emails from Fall 2010 through November 2011 (the period in which the parties were negotiating their Agreement).  The plaintiff indicated that it changed servers in November 2011 and no longer had possession of any emails prior to then.  In response to the suggestion that the loss of the pre-November 2011 emails might have been deliberate, the plaintiff claimed that the server change was “years before any party could have foreseen litigation”.  Though the parties agreed to a declaration by an employee of the plaintiff regarding this, the plaintiff never provided one.

In May 2017, the defendant served a notice for the deposition of a corporate representative of the plaintiff to cover a number of topics related to the missing emails, but the parties continued to dispute the production of a plaintiff witness before finally agreeing to depose an employee of the bank owner company of the plaintiff.  He testified that the new email archive system was not fully installed at the plaintiff’s organization until July 2012, that five years of emails were kept at the time and that emails were kept until automatically deleted once they aged five years.  This meant that emails going back to November 2010 were in existence and obtainable as of November 2015 when the Complaint was filed, not purged when the plaintiff changed servers.

In addition, the President and CEO of the plaintiff admitted he maintained a separate electronic or computerized “folder” for emails regarding the agreement, this folder would have contained all the communications related to it as of July 2012 when the migration to the new archive was complete and he knew of no reason why he would have deleted them.  Acknowledging that he was “personally responsible for putting in place a litigation hold”, he also admitted that neither he nor anyone else at the plaintiff or its owner company ordered the suspension of the automatic deletion of archived emails until at least October of 2016, nearly a year after the defendant filed suit, noting that he didn’t think there were any bad emails, so their deletion wasn’t problematic.  The chain of events led to the defendant filing a Motion for Spoliation Sanctions seeking the entry of a default judgment or, alternatively, an adverse inference sanction against the plaintiff.

Judge’s Ruling

In providing his recommendation, Judge Cole stated that the plaintiff CEO testimony “is simply not credible”.  Continuing, he said, “No reasonable, successful businessman would be so naive as to think that prior, positive exchanges of emails with one’s present accuser had no capacity to help prove that Capital’s charges were baseless and pretextual.”

Summing up his observations, Judge Cole stated that “there can be no serious doubt that the now unavailable emails ought to have been preserved, and that BankDirect, despite its admitted knowledge that documents were not to be destroyed, intentionally chose not to take reasonable (and quite easy) steps to preserve them.”  As a result, Judge Cole offered the following recommendation:

“Accordingly, it is recommended that the court follow Cahill and, as a matter of its inherent discretion, allow the appropriate evidence to be presented to the jury, which, under proper instructions, will determine the reasons for the non-production and the impact, if any, the non-production of the challenged emails has on the merits of the parties’ claims. Alternatively, if the court is not inclined to let the matter go to the jury, it is recommended that the court give a permissive spoliation instruction to the jury informing them of the destruction of the requested emails and that they could consider the deletion “of the emails to be evidence (not conclusive of course)” in considering BankDirect’s claim and Capital’s counterclaim.”

So, what do you think?  Should the judge have recommended a default judgment sanction in this case?  Please share any comments you might have or if you’d like to know more about a particular topic.

Case opinion link courtesy of eDiscovery Assistant.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

No Sanctions for Spoliation of ESI Against Plaintiff Leads to Summary Judgment Against Defendant: eDiscovery Case Law

We just completed our four part review of case law for 2017 and Tom O’Connor and I discussed important cases for 2017 in our webcast yesterday (click here to check it out).  Now, on to cases to cover for this year…

In IBM v. Naganayagam, No. 15 Civ. 7991 (NSR) (S.D.N.Y. Nov. 21, 2017), New York District Judge Nelson S. Romàn, finding that no intent to deprive by the plaintiff and no prejudice against the defendant for spoliation of ESI, denied the defendant’s motion for spoliation sanctions, which facilitated granting the plaintiff’s motion for summary judgment against the defendant by Judge Romàn.

Case Background

In this action against the defendant (a former employee of the plaintiff who had received several Equity Award Agreements (EAAs) during his employment which the plaintiff sought to rescind once the defendant left his employment to join a competitor), the plaintiff filed a motion for summary judgment in the case and the defendant filed a cross-motion pursuant to Rule 37 of the Federal Rules of Civil Procedure for spoliation sanctions.

On October 31, 2016, the defendant filed a motion to compel production of the plaintiff’s strategic plans for Australia and New Zealand, e-mails related to the defendant’s departure from the plaintiff that were referenced the deposition of the defendant’s former supervisor, a list of the defendant’s accounts, and the defendant’s own e-mails from the course of his employment with the plaintiff.  The court issued an Opinion and Order on December 9, 2016, denying the defendant’s request to compel the production of both his own emails and client account information as well as his supervisor’s emails, finding that the defendant had failed to establish the relevance of these materials. However, the court did rule that the plaintiff was required to produce the strategic plans generated by the plaintiff delineating their competitors.  After the plaintiff indicated it was unable to locate the strategy plans, the plaintiff filed a motion for summary judgment in January 2017 and the defendant filed a cross-motion for adverse inference spoliation sanctions ten days later.

Judge’s Ruling

When considering the defendant’s request for sanctions, Judge Romàn noted that “Although the more lenient sanctions standard under Rule 37(e) did not go into effect until after Plaintiff filed the Complaint in the present action, the amended Rule 37(e) can apply retroactively”, observing that the Order included by Chief Justice Roberts (when transmitting the new Rule to Congress) indicated that it would govern insofar as just and practicable, all proceedings then pending.”

Noting that “amended Rule 37(e) only allows for adverse inference sanctions where the non-movant acted intentionally to deprive another party use of the ESI during litigation”, Judge Romàn, observing that “Defendant merely alleges that Plaintiff acted negligently rather than intentionally, denied the request for adverse inference sanctions against the plaintiff.  Also, determining that a lack of prejudice against the defendant for any potential spoliation, Judge Romàn ruled that “less severe spoliation sanctions are similarly unwarranted” and denied the defendant’s motion for spoliation sanctions.  With that considered, Judge Romàn found that “there is no genuine dispute of material fact regarding Defendant’s breach of the Plan and EAAs”, and granted the plaintiff’s motion for summary judgment.

So, what do you think?  Should the court have ruled it differently?  Please share any comments you might have or if you’d like to know more about a particular topic.

Case opinion link courtesy of eDiscovery Assistant.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.