eDiscovery Daily Blog

Ignoring Internet of Things Devices Could Be IdIoTic: eDiscovery Trends

See what I did there?  ;o)  While I’m speaking at the University of Florida E-Discovery Conference today, let’s take a look at a couple of articles related to Internet of Things (IoT) devices that you need to know from an eDiscovery standpoint.

In an article in Legaltech News (E-Discovery’s New Challenge: Not Ignoring Internet of Things Data, written by Victoria Hudgins), the author notes that, in addition to smartphones, items such as Fitbits, Amazon’s Alexa, self-vacuuming Roombas and internet-connected cars also fall under the IoT umbrella of items that are connected to the internet and collect and share data.

Dana Conneally, managing partner at QDiscovery and Evidox Corp., noted IoT devices may have multiple data repositories, which creates more data for attorneys to review.

“You want to know what’s on the hard drive of the device, but they are typically connected to the internet and cloud. … Now you have three different rabbit holes you are trying to chase down at the same time,” Conneally said.

Such devices represent a new source of evidence for a lawyer’s clients, but how to find value in such data can be difficult.

“Attorneys, a lot of the time, haven’t been trained how to do that,” said Cozen O’Connor eDiscovery and practice advisory services group chairman Dave Walton. “What are the types of evidence out there? We need to know to win in this environment.”

Walton said attorneys are “overwhelmed” by IoT devices in e-discovery, and they usually reason that it’s not practical to assess such devices. However, Walton suggested lawyers should always evaluate if their client’s legal matter warrants obtaining information from an IoT device and make proportional requests for the data, an approach that also governs other types of discoverable content.

“You have to be proportional about how you go about the evidence. The more you know about the evidence, the better you know about alternatives” and efficient ways to obtain the evidence, Walton said.

Smartphones aside, while I have seen several criminal cases involving IoT devices (including this one, this one and this one), I haven’t too many civil cases involving IoT devices (yet).  But, I expect to see more over time.

But, that’s not all!  Earlier this month, the Cloud Security Alliance (CSA) announced the release of the CSA IoT Controls Framework, its first such framework for IoT which introduces the base-level security controls required to mitigate many of the risks associated with an IoT system operating in a range of threat environments. Created by the CSA IoT Working Group, the new Framework together with its companion piece, the Guide to the CSA Internet of Things (IoT) Controls Framework, provide organizations with the context in which to evaluate and implement an enterprise IoT system that incorporates multiple types of connected devices, cloud services, and networking technologies.

Utilizing the Framework, user owners will assign system classification based on the value of the data being stored and processed and the potential impact of various types of physical security threats. Regardless of the value assigned, the Framework has utility across numerous IoT domains from systems processing only “low-value” data with limited impact potential, to highly sensitive systems that support critical services.

The CSA IoT Working Group develops frameworks, processes and best-known methods for securing these connected systems. Further, it addresses topics including data privacy, fog computing, smart cities and more. Individuals interested in becoming involved in future IoT research and initiatives are invited to visit the Internet of Things Working Group join page.

Hat tip to Rob Robinson’s Complex Discovery blog for the info on the CSA IoT Controls Framework.  Here’s the press release with more information.  Dealing with IoT devices is inevitable, so don’t be idIoTic and get informed!  ;o)

So, what do you think?  Have you had to deal with IoT devices in your eDiscovery projects?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.