Collection

Here’s a Terrific Scorecard for Mobile Evidence Discovery: eDiscovery Best Practices

As we’ve noted before, eDiscovery isn’t just about discovery of emails and office documents anymore.  There are so many sources of data these days that legal professionals have to account for and millions more being transmitted over the internet every minute, much of which is being transmitted and managed via mobile devices.  Now, here’s a terrific new Mobile Evidence Burden and Relevance Scorecard, courtesy of Craig Ball!

Craig has had a lot to say in the past about mobile device preservation and collection, even going as far as to say that failure to advise clients to preserve relevant and unique mobile data when under a preservation duty is committing malpractice.  To help lawyers avoid that fate, Craig has described a simple, scalable approach for custodian-directed preservation of iPhone data.

Craig’s latest post (Mobile to the Mainstream, PDF article here) “looks at simple, low-cost approaches to getting relevant and responsive mobile data into a standard e-discovery review workflow” as only Craig can.  But, Craig also “offers a Mobile Evidence Scorecard designed to start a dialogue leading to a consensus about what forms of mobile content should be routinely collected and reviewed in e-discovery, without the need for digital forensic examination.”

It’s that scorecard – and Craig’s discussion of it – that is really cool.  Craig breaks down various types of mobile data (e.g., Files, Photos, Messages, Phone Call History, Browser History, etc.) in terms of Ease of Collection and Ease of Review (Easy, Moderate or Difficult), Potential Relevance (Frequent, Case Specific or Rare) and whether or not you would Routinely Collect (Yes, No or Maybe).  Believe it or not, Craig states that you would routinely collect almost half (7 out of 16 marked as “Yes”, 2 more marked as “Maybe”) of the file types.  While the examples are specific to the iPhone (which I think is used most by legal professionals), the concepts apply to Android and other mobile devices as well.

I won’t steal Craig’s thunder here; instead, I’ll direct you to his post here so that you can check it out yourself.  This scorecard can serve as a handy guide for what lawyers should expect for mobile device collection in their cases.  Obviously, it depends on the lawyer and the type of case in which they’re involved, but it’s still a good general reference guide.

So, what do you think?  Do you routinely collect data from mobile devices for your cases?  And, as always, please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Facial Recognition Software Coming to an Airport Near You: eDiscovery Trends

Air travelers have already become accustomed to standing in the brightly painted footprints at security checkpoints and raising their arms in order to be scanned, but this month in Orlando, a new type of scan is taking place. Last month, Geneva-based tech company SITA installed cameras with facial recognition software at the Orlando International Airport in conjunction with British Airways and U.S. Customs and Border Protection (CBP).

When people step up to be scanned, a photo is taken of their face, it’s sent to CBP, who then matches the photo to the person booked on the manifest, and if it matches, the gates open and the passenger can board, all in a matter of seconds. If there isn’t a match, the passport is scanned manually by the gate agent.

The hope is to bring efficiency to the process of making sure people are who they say they are. The TSA is also testing similar technology for security check-ins, with Steve Karoly, acting assistant administrator at TSA, says it’s a “game changer.”

But according to a report released by the Center on Privacy and Technology at Georgetown Law School, the system is full of technical and legal issues, with a rejection rate of 4 percent. One issue the report cites is bias, with higher rates of false rejections occurring because of race and gender. Another report, conducted by the CAPA-Centre for Aviation, said the face-recognition software isn’t good at “identifying ethnic minorities when most of the subjects used in training the technology are from the majority group.”

Privacy is another concern as the Department of Homeland Security doesn’t have any rules for protecting Americans’ privacy and use of this data, but CBP says it deletes the photos within 14 days. It’s still unclear how GDPR compliance comes into play, especially with travelers who are EU citizens. But so far, most people who have used the technology aren’t concerned with privacy as long as it speeds up the boarding process.

This is still very much in the testing phase, although President Trump signed an executive order last year to increase the use of biometric tracking for airport security. As this type of technology becomes more and more widespread with uses outside of airport security, it’s also inevitable that litigation surrounding this technology with also rise.

In China, police are using AI-powered CCTV cameras to enforce jaywalking laws. If the cameras catch you outside of the crosswalk, the facial recognition software links with cellphone systems, and a text message is sent to your phone letting you know you’ve been fined.

But even if the technology isn’t the primary reason for the lawsuit, the electronically stored information created by scanners could potentially become relevant to discovery. This has certainly happened with other relatively new data sources with a rise of text messages, social media, and data from the Internet of Things being preserved as evidence more and more in both the civil and criminal courts.

It will be interesting to see how the use of this technology grows, but it’s also a reminder to organizations, who may be contemplating facial recognition software for various applications, of the need to consider the potential implications of how biometric data could be preserved and collected should litigation arise.

So, what do you think?  How do you see the rise of facial recognition technology affecting your eDiscovery practices and policies in the future?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

As Blockchain Joins the Healthcare Profession, Are Legal Departments Prepared to Keep Up?: eDiscovery Trends

When we hear the word blockchain, most of us still think of Bitcoin, that mysterious new currency that seems to equally enthrall forward thinking investors and less-than-savory entrepreneurs who lurk around the darkest parts of the Dark Web. But blockchain technology is finding more and more practical uses, most recently in the healthcare industry.

In a recent Wall Street Journal Article, blockchain is presented as a low-cost, highly secure way to unify healthcare records, which to date has been a huge obstacle. As the article puts it, “In the current tangle of incompatible records systems that typifies U.S. health care, incorrect information can creep in when patient data gets re-entered multiple times by doctors’ offices, insurers and hospital staff. Big errors can seriously affect the quality of care that patients receive, small discrepancies can result in wrongful denials of insurance coverage, and errors of all types add to the system’s cost.”

In very simplified terms, Blockchain works like a giant Google Sheet: a single ledger that can be added to simultaneously by all users in the system, with each “transaction” creating an audit trail so that its data is nearly infallible. For healthcare records systems, this can put patients, insurers, and providers literally on the same page, providing secure and accurate information for all stakeholders across the board.

In January, Nashville-based Change Healthcare (a network of 800,000 physicians, 117,000 dentists and 60,000 pharmacies) introduced a blockchain system for processing insurance claims. The shared ledger of encrypted data gives providers a “single source of truth,” according to Emily Vaughn, blockchain product development director at Change Healthcare.

All parties can see the same information about a claim in real time, so that a patient or provider won’t have to call multiple parties to verify information. Each time data is changed, a record is shown on the digital ledger, identifying the responsible party. Any changes also require verification by each party involved, ensuring record’s accuracy.

Change Healthcare won’t reveal actual numbers about how much the new system (which processes roughly 50 million events daily) cuts costs, but the efficiencies, accuracy, and security will no doubt bring huge savings.

The question regarding the eDiscovery implications with this type of move are clear: How will this data be preserved, collected, and prepared for review? It’s not so much a question of a technical nature (though that will have to be answered by someone, but I’ll leave it to the software engineers to properly answer it). What I mean to say, is that anytime a new data source is introduced into the organization’s landscape, the question of preservation, collection, and production should already be on the minds of the legal department. Often, changes in a company’s technology infrastructure are driven by departments outside of legal: usually a combination of IT and business units looking for efficiency, security, and cost savings. Many times, large decisions will be made, leaving the legal team in the position of playing catch up when it comes to discovery should litigation arise.

So, even if your company isn’t moving to blockchain anytime in the near future, this story of what is happening in the healthcare space is important to consider, because, to quote the poet William Blake, “What is now real, was once only imagined.” And the potential uses for blockchain technology lately seems to be on everyone’s mind.

So, what do you think?  How do you see the increased use of blockchain technology affecting eDiscovery?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Collecting Responsive ESI from Difficult Places: eDiscovery Webcasts

Happy June!  I don’t normally promote webcasts twice in one week, but this month’s webcast is a little earlier than normal.  What can I say, it’s family vacation season and my family has plans the last week of this month… :o)

Believe it or not, there was a time when collecting potentially responsive ESI from email systems for discovery was once considered overly burdensome. Now, it’s commonplace and much of it can be automated. But, that’s not where all of the responsive ESI resides today – much of it is on your mobile device, in social media platforms and even in Internet of Things (IoT) devices. Are you ignoring this potentially important data? Do you have to hire a forensics professional to collect this data or can you do much of it on your own?  We will discuss these and other questions in a webcast in a few weeks.

Wednesday, June 20th at noon CST (1:00pm EST, 10:00am PST), CloudNine will conduct the webcast Collecting Responsive ESI from Difficult Places. In this one-hour webcast that’s CLE-approved in selected states, we will discuss what lawyers need to know about the various sources of ESI today, examples of how those sources of data can be responsive to litigations and investigations, and how lawyers may be able to collect much of this data today using intuitive applications and simple approaches. Topics include:

  • Challenges from Various Sources of ESI Data
  • Ethical Duties and Rules for Understanding Technology
  • Key Case Law Related to Mobile Devices, Social Media and IoT
  • Options and Examples for Collecting from Mobile Devices
  • Options and Examples for Collecting from Social Media
  • Examples of IoT Devices and Collection Strategies
  • Recommendations for Addressing Collection Requirements
  • Resources for More Information

As always, I’ll be presenting the webcast, along with Tom O’Connor.  To register for it, click here.  Even if you can’t make it, go ahead and register to get a link to the slides and to the recording of the webcast (if you want to check it out later).  If you want to know how to collect electronically stored information from difficult places, this is the webcast for you!

So, what do you think?  Do you feel like you know when and how to collect ESI from mobile devices, social media and IoT devices?  If not, register for our webcast!  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Pizza Hut Pie Tops – The Internet of Things Keeps Getting Stranger: eDiscovery Trends

Editor’s Note: Jim Gill’s writing about eDiscovery and Data Management has been twice recognized with JD Supra Reader’s Choice Awards and he holds an MFA in Creative Writing from Southern Illinois University, Carbondale.  Before working in eDiscovery, Jim taught college writing at a number of institutions and his creative work has been published in numerous national literary journals, as well as being nominated for a Pushcart Prize.

Jim’s post below highlights the proliferation of “internet of things” (IoT) devices in our world (with a unique example) and how that can impact eDiscovery activities.  Great timing, as I will be talking about collecting data from IoT devices at the University of Florida E-Discovery Conference, which will be held a week from today – Thursday, March 29.  As always, the conference will be conducted in Gainesville, FL on the University of Florida Levin College of Law campus (as well as being livestreamed), with CLE-accredited sessions all day from 8am to 5:30pm ET.  I (Doug) am on a panel discussion at 9am ET in a session titled Getting Critical Information From The Tough Locations – Cloud, IOT, Social Media, And Smartphones! with Craig Ball, Kelly Twigger, with Judge Amanda Arnold Sansone.  Click here to register for the conference – it’s only $199 for the entire day in person and only $99 for livestream attendance.  Don’t miss it!

A couple of weeks ago, Pizza Hut announced the release of a pair of sneakers dubbed Pie Tops II – yes, real wearable shoes – which will link with your phone via Bluetooth to connect with the Pizza Hut app, allowing you to order a pizza with the single push of a button on the shoe’s tongue. An additional feature connects with TV receivers like Xfinity, Spectrum, and DirecTV, pausing whatever you’re watching when the pizza arrives at the door.

Yes, this is obviously a marketing gimmick, though it could be yet another sign we’re on the fast track to the world portrayed in the film Idiocracy. But when I saw this, I immediately imagined the possible eDiscovery implications. The IoT has continues to play more of a role in the law, particularly in criminal cases, such as the one where a man in Connecticut was arrested for the murder of his wife because of evidence attained from her Fitbit (covered by the eDiscovery Daily blog here). Now more than ever, criminal and civil courts are dealing with digital evidence that not so long ago didn’t even exist.

Many people in eDiscovery still think of ESI as email or documents. And for the most part, they’re right. But anyone working in the legal tech / data management industries should know by now that what isn’t a concern today, will be in a short matter of time. For individuals, short-sightedness regarding technology may not pose a huge concern on a day-to-day basis. For most of us, the biggest data risk we face is dropping our phones in the toilet. But for corporations, government entities, and other large organizations, getting caught off guard when it comes to the ability to preserve and collect data could bring significant costs, both financial and legal.

This is a where a robust information governance program can protect you from potential snags down the road. Not every new technology will apply to your organization but knowing what your current data landscape looks like gives you a head start on being prepared should something new arise. Housecleaning is also an important part of this process. Once you have a handle on everything, you can begin making decisions on what needs to be kept and what can be defensibly deleted. With data storage becoming more readily available, along with in-place preservation platforms, it’s very easy to keep everything and worry about it later. But more data is coming down the pipe in droves, and sooner or later it’s going to get unwieldy.

It’s also important to think about policies and contingencies regarding new technologies as they come into your organization. More and more people are using their own devices, particularly on the mobile front, which means a huge number of applications are creating ESI related to professional activity. If you don’t have a plan in place for dealing with these as far as preservation and collection, things could get stressful in a hurry should litigation arise. The flipside of that scenario is that too strict a lockdown on the types of devices and platforms that can be used could cut into productivity and dampen creativity.

The main thing to focus on is open and forward-thinking communication should happen continually between all stakeholders: legal, IT, business units, and 3rd party vendors. This way, if something unexpected does come up, everyone is on board and knows how to handle it.

It’s pretty unlikely that data from the Pie Tops II will come into play in your next big case (though I can imagine a modern-day Perry Mason-type drama where someone’s alibi hinges on the time and place they ordered a pizza from their shoes). But, their very existence should get you thinking about the data types that your organization is using, or may soon start using, and their role in litigation.

So, what do you think?  Have you seen a rise in new data affecting your organization?  Please share any comments you might have or if you’d like to know more about a particular topic.

Image Copyright © Pizza Hut, LLC

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Befuddled by BYOD? The Sedona Conference Has a New Set of Principles to Guide You: eDiscovery Best Practices

Many organizations are permitting (or even encouraging) their employees to use their own personal devices to access, create, and manage company related information – a practice commonly referred to as Bring Your Own Device (BYOD).  But, how can those organizations effectively manage those BYOD devices to meet their discovery obligations?  To help with that issue, The Sedona Conference® (TSC) has published an initial Public Comment Version of a Commentary to help.

In late January, TSC and its Working Group 1 on Electronic Document Retention and Production (WG1) rolled out the Public Comment version of its Commentary on BYOD: Principles and Guidance for Developing Policies and Meeting Discovery Obligations.  The Commentary is designed to help organizations develop and implement workable – and legally defensible – BYOD policies and practices. This Commentary also addresses how creating and storing an organization’s information on devices owned by employees impacts the organization’s discovery obligations.  It focuses specifically to mobile devices that employees “bring” to the workplace (not on other “BYO” type programs) and does not specifically address programs where the employer provides the mobile device.

The Commentary begins with five principles related to the use of BYOD programs and continues with commentary for each.  Here are the five principles:

  • Principle 1: Organizations should consider their business needs and objectives, their legal rights and obligations, and the rights and expectations of their employees when deciding whether to allow, or even require, BYOD.
  • Principle 2: An organization’s BYOD program should help achieve its business objectives while also protecting both business and personal information from unauthorized access, disclosure, and use.
  • Principle 3: Employee-owned devices that contain unique, relevant ESI should be considered sources for discovery.
  • Principle 4: An organization’s BYOD policy and practices should minimize the storage of––and facilitate the preservation and collection of––unique, relevant ESI from BYOD devices.
  • Principle 5: Employee-owned devices that do not contain unique, relevant ESI need not be considered sources for discovery.

The Commentary weighs in at a tidy 40 page PDF file, which includes a couple of appendices.  So, it’s a fairly light read, at least by TSC standards.  :o)

TSC is encouraging public comment on the Commentary on BYOD, which can be downloaded free from their website here (whether you’re a TSC member or not). They encourage Working Group Series members and others to spread the word and share the link (you’re welcome!) so they can get comments in before the public comment period closes on March 26. Questions and comments may be sent to comments@sedonaconference.org.  So, you have a chance to be heard!

Speaking of mobile devices, I’m excited to be speaking this year for the first time at the University of Florida Law E-Discovery Conference on March 29.  I’m on a panel discussion in a session titled Getting Critical Information From The Tough Locations – Cloud, IOT, Social Media, And Smartphones! with Craig Ball, Kelly Twigger, and with The Honorable Amanda Arnold Sansone, Magistrate Judge in Florida, moderating.  As always, the conference will be conducted in Gainesville, FL (as well as being livestreamed), with CLE-accredited sessions all day from 8am to 5:30pm ET, with an all-star collection of speakers.  I’ll have more to say about the conference as we get closer to it.  Click here to register!

So, what do you think?  Does your organization have a BYOD policy?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Here’s a Chance to Learn What You Need to Do When a Case is First Filed: eDiscovery Best Practices

The first days after a complaint is filed are critical to managing the eDiscovery requirements of the case efficiently and cost-effectively. With a scheduling order required within 120 days of the complaint and a Rule 26(f) “meet and confer” conference required at least 21 days before that, there’s a lot to do and a short time to do it. Where do you begin?

On Wednesday, September 27 at noon CST (1:00pm EST, 10:00am PST), CloudNine will conduct the webcast Holy ****, The Case is Filed! What Do I Do Now? (yes, that’s the actual title). In this one-hour webcast, we’ll take a look at the various issues to consider and decisions to be made to help you “get your ducks in a row” and successfully prepare for the Rule 26(f) “meet and confer” conference within the first 100 days after the case is filed. Topics include:

  • What You Should Consider Doing before a Case is Even Filed
  • Scoping the Discovery Effort
  • Identifying Employees Likely to Have Potentially Responsive ESI
  • Mapping Data within the Organization
  • Timing and Execution of the Litigation Hold
  • Handling of Inaccessible Data
  • Guidelines for Interviewing Custodians
  • Managing ESI Collection and Chain of Custody
  • Search Considerations and Preparation
  • Handling and Clawback of Privileged and Confidential Materials
  • Determining Required Format(s) for Production
  • Timing of Discovery Deliverables and Phased Discovery
  • Identifying eDiscovery Liaison and 30(b)(6) Witnesses
  • Available Resources and Checklists

I’ll be presenting the webcast, along with Tom O’Connor, who is now a Special Consultant to CloudNine!  If you follow our blog, you’re undoubtedly familiar with Tom as a leading eDiscovery thought leader (who we’ve interviewed several times over the years) and I’m excited to have Tom as a participant in this webcast!  To register for it, click here.

So, what do you think?  When a case is filed, do you have your eDiscovery “ducks in a row”?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Lawyer’s Pants Literally Catch on Fire and Alexa to “Testify”: eDiscovery Trends

OK, this first story isn’t exactly an eDiscovery story, but it’s too good to pass up…

Here’s a question for you: Would you believe what a lawyer was telling you during closing arguments if his pants were, literally, on fire?

According to this story from the Miami Herald, this actually happened on Wednesday as Miami defense lawyer Stephen Gutierrez began his closing arguments in front of a jury — in an arson case.

Gutierrez, who was arguing that his client’s car spontaneously combusted and was not intentionally set on fire (hmmm…), had been fiddling in his pocket as he was about to address jurors when smoke began billowing out his right pocket, witnesses told the Miami Herald.

Gutierrez rushed out of the Miami courtroom, leaving spectators stunned. After jurors were ushered out, Gutierrez returned unharmed, with a singed pocket, and insisted it wasn’t a staged defense demonstration gone wrong, instead blaming a faulty battery in an e-cigarette, observers said.

Miami-Dade police and prosecutors are now investigating the episode. Officers seized several frayed e-cigarette batteries as evidence.  Miami-Dade Circuit Judge Michael Hanzman, in the coming days, could decide to hold Gutierrez in contempt of court.

Despite his own demonstration of spontaneous combustion, Gutierrez’s client, Claudy Charles, was convicted of second-degree arson.

Now, on to the eDiscovery story…

Those who remember last year’s battle between Apple and the Justice Department over the Judge’s order for Apple to give investigators access to encrypted data on the iPhone used by one of the San Bernardino shooters may also remember that the Justice Department asked the court to vacate its order requiring Apple to assist when an unnamed third party was able to access the iPhone.  Here’s another battle that was shaping up over access to data on a device that has ended shortly after it began.

According to Legaltech News (Amazon, Avoiding First Amendment Clash, Drops Objections to Echo Warrant, written by Ben Hancock), Amazon Inc. has agreed to hand over recordings from an “Echo” device that was in the home of a murder suspect in Arkansas, after initially resisting doing so on First Amendment grounds.

In a stipulation filed Monday in the Circuit Court of Benton County, Arkansas, Amazon’s attorneys at Davis Wright Tremaine wrote that defendant James Bates had consented to the production of the recordings from his Echo, and that its motion to quash a warrant seeking the data was now moot.

A hearing on the motion had been set for Wednesday. Bates’s attorney, Kathleen Zellner (most notable for her work in wrongful conviction advocacy and current representation of Steven Avery), said in a tweet Tuesday morning: “We agreed to release recordings-my client James Bates is innocent.”

Amazon’s fight against the warrant seeking data from Bates’ Echo had been closely watched by legal experts as a test of the limits of privacy protections for data gathered by connected devices in consumers’ homes. I guess we’ll have to save that first battle over privacy rights by Echo owners for another case.

Having an Echo in our home and hearing Alexa often say “I didn’t get that” when we’re in normal conversation and not making an Echo request, I can only imagine how much data there is, or how long it’s retained.  Cases like these will continue to illustrate the amount of ESI that IoT devices may hold.

So, what do you think?  Should individuals have privacy rights to the data on their IoT devices, like the Amazon Echo?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Court Denies Defendant’s Motion to Overrule Plaintiff’s Objections to Discovery Requests

Court Orders Forensic Examination of Key Custodian Computers: eDiscovery Case Law

In Davis v. Crescent Electric Company et. al., No. 12-5008 (D. S.D., Oct. 12, 2016), South Dakota District Judge Lawrence L. Piersol ruled that a non-disclosure agreement would sufficiently protect any and all confidential and/or privileged information of the defendant that may be uncovered during the forensic examination for key custodians and that the information being requested by the plaintiff was relevant and not overly broad.

Case Background

In this employment discrimination case, the plaintiff filed a Motion to Compel the defendant (her former employer) in August 2015 to produce Outlook PST files from the defendant’s server, from the plaintiff’s work computer and from the defendant’s Outlook archives to learn “how Julie Skinner/Stienstra had access to Lisa A. Davis’ email in order to print them.”  The court granted the motion in April 2016, and in August 2016, the plaintiff requested that the defendant provide access to the key custodians’ computers for a forensic examination.  The defendant refused, citing concerns that “unfettered investigation” on the computers “may provide access to confidential information and privileged communications, and it is beyond the scope of the Court’s Order and the relief requested.”  That same day, counsel for the plaintiff suggested having the forensic examiner execute a non-disclosure agreement and further requested that the defendant’s internet technician contact the forensic examiner as soon as possible “so this matter can be resolved without further court intervention.”

The defendant’s technician provided only of the email data requested, indicating that was the only data he was told to provide and that any other email data would have to be requested from counsel. The plaintiff’s counsel did just that, but the defendant’s counsel refused, reiterating the position that the information was beyond the scope of the order and the data may contain confidential and privileged information. As a result, the plaintiff filed a supplemental Motion to Compel.

Judge’s Ruling

Referencing Rule 37(a)(3)(B)(iv), Judge Piersol noted that, ultimately “[c]ourts consider the prior efforts of the parties to resolve the dispute, the relevance of the information sought, and the limits imposed by Rule 26(b)(2)(C) when deciding whether to grant a motion to compel.”  With regard to the plaintiff’s counsel effort to resolve the issue by offering to have the forensic examiner sign a non-disclosure agreement and the defense counsel’s refusal of that offer, Judge Piersol stated:

“First, CESCO does not explain how or why a non-disclosure agreement would not quell its fears of disclosure of confidential and/or privileged information. CESCO simply makes general claims concerning the disclosure of such information. Second, the computer that Davis seeks to examine is a business computer that is unlikely to contain any personal information. Therefore, without more of an explanation by CESCO as to what it seeks to protect and why it seeks to protect it, the Court finds that a non-disclosure agreement executed by Mr. Sevel will sufficiently protect any and all confidential and/or privileged information that may be uncovered during the forensic examination of Julie Stienstra/Julie Skinner’s computer and associated export logs.”

With regard to the relevance of the information sought, Judge Piersol noted that the plaintiff sought a forensic examination to determine the authenticity of a claimed fake email and that the plaintiff’s forensic examiner stated that “printed versions of emails, or email threads, cannot be considered to be forensically sound unless the original digital version can be examined for authenticity. In this situation, a review of the PST file containing the original emails and emails threads, with their associated metadata, is needed”.  Finding also that the defendant’s claim that the plaintiff’s request was overly broad to be “without merit”, Judge Piersol granted the plaintiff’s Supplemental Motion for an Order to Compel with the plaintiff’s forensic examiner to execute a non-disclosure agreement prior to his examination.

So, what do you think?  Should the forensic examination have been ordered?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Court Denies Defendant’s Motion to Overrule Plaintiff’s Objections to Discovery Requests

Court Rules Government’s Use of Stingray to Locate Suspect Was Unwarranted: eDiscovery Case Law

 In United States v. Lambis, No. 15cr734 (S.D.N.Y. July 12, 2016), New York District Judge William H. Pauley, III granted the defendant’s motion to suppress evidence obtained by law enforcement agents in connection with a search of his apartment because the apartment was located via the use of a “Stingray” cell-site simulator to identify the location of the defendant’s phone without a warrant.

Case Background

In 2015, the US Drug Enforcement Administration (“DEA”) was conducting an investigation into an international drug-trafficking organization and sought a warrant for pen register information (record from the service provider of the telephone numbers dialed from a specific phone) and cell site location information (“CSLI”) for a target cell phone as part of that investigation. CSLI allows the target phone’s location to be approximated by providing a record of “pings” sent to cell sites by a target cell phone to approximate where the phone has been used.  Using CSLI, DEA agents were able to determine that the target cell phone was located in the general vicinity of “the Washington Heights area by 177th and Broadway.”

However, this CSLI was not precise enough to identify the specific apartment building, much less the specific unit in the building.  To isolate the location more precisely, the DEA deployed a technician with a cell site simulator (a device known as a “Stingray” that locates cell phones by mimicking the service provider’s cell tower and forcing cell phones to transmit “pings” to the simulator) to the intersection of 177th Street and Broadway.  Using the “Stingray”, the DEA technician was able to locate the building and then the unit where the defendant was located.  That same evening, DEA agents knocked on the defendant’s door and obtained consent from his father to enter the apartment, then obtained consent from the defendant to enter his bedroom where they recovered narcotics, three digital scales, empty zip lock bags, and other drug paraphernalia.  The defendant filed a motion to suppress the evidence.

Judge’s Ruling

Noting that a “Fourth Amendment search occurs when the government violates a subjective expectation of privacy that society recognizes as reasonable”, Judge Pauley referenced Kyllo v. United States, where Government agents used a thermal-imaging device to detect infrared radiation emanating from a home.  In that case, the Court held that “[w]here . . . the Government uses a device that is not in general public use, to explore details of the home that would previously have been unknowable without physical intrusion, the surveillance is a ‘search’ and is presumptively unreasonable without a warrant.”

Judge Pauley then stated “Here, as in Kyllo, the DEA’s use of the cell-site simulator to locate Lambis’s apartment was an unreasonable search because the ‘pings’ from Lambis’s cell phone to the nearest cell site were not readily available ‘to anyone who wanted to look’ without the use of a cell-site simulator.”  He also stated this:

“Absent a search warrant, the Government may not turn a citizen’s cell phone into a tracking device. Perhaps recognizing this, the Department of Justice changed its internal policies, and now requires government agents to obtain a warrant before utilizing a cellsite simulator.”

As a result, Judge Pauley granted the defendant’s motion to suppress the evidence that was obtained by the search, even though the defendant’s father and the defendant had given consent to the search and access.

So, what do you think?  Should a warrant be required for “Stingray” devices?  Please share any comments you might have or if you’d like to know more about a particular topic.

Thanks to Sharon Nelson at Ride the Lightning for the tip!

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.