Close
Enter your
text here

Electronic Discovery

The Battle to Recognize Bloggers at ILTACON: eDiscovery Trends

If you attended ILTACON last month, you probably enjoyed another great conference.  But, behind the scenes, the show hit a few bumps, especially for the blogger community.  Oh, and the CEO left before the show too.

Before the show on August 9, Bob Ambrogi detailed the departure of ILTA’s CEO Dan Liutikas in his LawSites blog post titled Déjà Vu All Over Again that revisited recent management reshuffling of key ILTA personnel the past three years right around conference time.  Bob’s post included verbiage from a letter sent to ILTA partners by Angela Dowd, president of the ILTA board to announce the departure of Liutikas.

That’s just the CEO.  But, then, there was the whole blogger “fiasco” this year.  Now, that’s serious!  :o)

My colleague, Tom O’Connor detailed the leadership issues and also the blogger issue in his blog post (WHAT IN THE WIDE WIDE WORLD OF SPORTS IS GOING ON AT ILTA?) on his Techno Gumbo site back on 8/13.  As Tom noted, “a number of prominent bloggers who had been long time supporters of the group and its conference were surprised to find that their application for a press pass to attend and report on the show were denied.”

Those bloggers included longtime ILTA participants like Craig Ball, Chris Dale, Kevin O’Keefe of LexBlog and even Tom himself.  For the first time in several years, I did not apply for a press pass as I had a full schedule of meetings and didn’t feel like I would attend enough sessions to make it worthwhile (I still covered the show on this blog, BTW).

Apparently, to qualify for a press pass this year, you had to “work for a publication, news service, broadcast outlet or news site that is regularly issued and published primarily for the dissemination of news, and operates independently from any commercial, political, government or special interest. Only media whose primary responsibility is the coverage of the legal, legal technology, technology industry, workforce tech issues, and related news will be considered for credentials.”

Which eliminated a lot of people.  Would probably have eliminated me if I had applied.  Kevin also covered the topic on his Real Lawyers blog (Legal bloggers are part of the press – for conferences too).  As he noted, “Apparently the goal in declining press passes to the organization’s members is to force those members who blog to pay registration fees and to blog favorably of the conference and the association.”

No, what it does instead is cause them to stay home and not attend – at least in many cases.

Well, Tom’s post was picked up – a lot.  People took notice of ILTA’s issues – at both the leadership level and with regard to its blogger policy.

And, here’s the good news: ILTA seems to have learned from its mistakes on that front.  As Kevin noted in his blog: “During the conference, ILTA reached out to bloggers and other members of the press to formulate a more progressive policy when it came to bloggers… My understanding is that ILTA attempted to work with bloggers who attended so they were included as press and is now looking to bloggers to help formulate a new policy going forward.”

Live and learn!  ILTACON is a great conference every year – hopefully, next year, the behind the scenes issues will take a back seat to the quality of the conference overall.

So, what do you think?  Did you enjoy ILTACON this year?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Time for Another Relativity Fest? Giddyup!: eDiscovery Trends

We’re about three weeks out from the 2018 Relativity Fest conference, conducted every year by Relativity, which is three weeks earlier than last year!  I guess they couldn’t wait!  Anyway, Relativity Fest is an annual conference designed to educate and connect the eDiscovery community and features panel discussions, hands-on labs, breakout sessions, and insights from Relativity staff, Relativity users, and industry leaders.  It’s a big show with over 1,800 attendees and a lot going on.

This year, Relativity Fest is September 30 through October 3 in Chicago at The Hilton Chicago (which was the largest hotel in the world when it opened in 1927 and cost ten times more to build than the original Yankee Stadium).  As a development partner in the Relativity ecosystem, CloudNine will once again be the conference and will be there to provide demonstrations of our Outpost for Relativity capability that automatically ingests and loads data into Relativity based on your specified criteria.

Also, I will be covering the show for eDiscovery Daily, and I’m delighted to say that I will also once again be speaking at a session at the conference.  My session is Social Media Law and Practice, on Tuesday, October 2 at 3:40 pm, with Phil Favro, Consultant with Driven, Amy Sellars, Associate General Counsel with Wal-Mart and Gareth Evans, Partner with Redgrave LLP.

In addition to that session, there are several other interesting looking sessions at the conference.  No “yada, yada, yada” here.  Here are a few of them:

  • Beer and Basics: e-Discovery 101 and Relativity Fundamentals, Sunday (9/30) at 5:30pm with Constantine Pappas of Relativity, Peggy Gianuca of The Walt Disney Company, Michael Quartararo of eDPM Advisory Services, Tessa Jacob of Husch Blackwell and my colleague Tom O’Connor of Gulf Coast Legal Tech Company. Starting an eDiscovery than beer and wine?  That’s mighty fine!
  • The Internet of Things from a Legal and Regulatory Perspective, Monday (10/1) at 11:00am, a panel led by the ubiquitous David Horrigan (who once again seems to be leading almost every educational panel) that includes Gail Gottehrer of Akerman, Ed McAndrew of Ballard Spahr LLP and noted eDiscovery thought leader Craig Ball. Get Out!
  • The Judicial Panel, Monday (10/1) at 1:00pm, with David moderating discussions with Judge Nora Barry Fischer, Judge Xavier Rodriguez, New York Supreme Court Justice Tanya Kennedy and retired Judge Andrew Peck (now Senior Counsel at DLA Piper) – none of whom is a close talker or a low talker – to discuss the latest legal developments in eDiscovery.
  • International e-Discovery and Data Protection, Tuesday (10/2) at 8:30am. Chris Dale of the eDisclosure Information Project leads the discussion on a hot topic this year with GDPR.  Serenity now!
  • ILTA and Relativity Fest Present Finding the Fun in Writing Fundamentals, Tuesday (10/2) at 11:10am, with David moderating a panel that includes Judge Peck and Gary Kinder of WordRake. Hey, after 2,000 or so blog posts, maybe I can finally learn how to do it right!
  • e-Discovery Law and Practice: Case Studies in Cooperation, Wednesday (10/3) at 9:00am, David leads a panel with Chad Roberts and Suzanne Clark of PLLC, Kelly Twigger of ESI Attorneys and Kathleen Porter Kristiansen of Advanced Discovery.

To register to attend Relativity Fest, click here.  It’s not too late!  And, the Cubbies appear headed for the baseball playoffs again – though the Astros are going to win it all again this year.  Hey, I was right when I predicted it last year!

BTW, the Seinfeld references are at the request of David Horrigan, who appreciated my Festivus reference last year.  Cosmo Kramer would be proud.  Though Relativity will be skipping the “airing of grievances” this year (I think)… :o)

So, what do you think?  Are you attending Relativity Fest this year?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Court Rules that Defendant’s Boilerplate Objections Results in Waiver of Those Objections: eDiscovery Case Law

In Halleen v. Belk, Inc., No. 4:16-CV-55 (E.D. Tex. Aug. 6, 2018), Texas District Judge Amos L. Mazzant, III granted the plaintiffs’ motions in part, ruling that the defendant had waived its objections to the plaintiffs’ RFPs and Interrogatories by including “subject to” or boilerplate language in its responses and also granted the plaintiffs’ request for ESI for identified corporate custodians and 30(b)(6) witnesses.

Case Background

In this Fair Labor Standards Act (“FLSA”) conditionally classified collective action against the defendant over failure to pay overtime compensation, the plaintiffs filed a Motion to Compel Production of Documents and Electronically Stored Information, and Proper, Complete Answers to Interrogatories in March 2018.  In their motion to compel, the plaintiffs requested that the Court compel the defendant to (1) produce all documents responsive to plaintiffs’ Requests for Production (“RFP”), (2) provide complete answers to all Interrogatories, and (3) search and collect, via specified search terms and parameters, all electronically stored information (“ESI”) germane to identified corporate custodians and 30(b)(6) corporate representatives.

The plaintiffs argued that the defendant’s objections to their RFPs and Interrogatories were “deficient, inapplicable, and/or without merit”, but the defendant, whose responses and objections consisted of assertions of privilege or contain “subject to” or boilerplate language, responded that its objections were not only appropriate but necessary to protect itself from Plaintiffs’ abusive discovery requests.  The plaintiffs claimed that the defendant failed to provide a privilege log accompanying its objections, but the defendant contended that it was not withholding any information on the basis of privilege. The plaintiffs also sought an order compelling the defendant to produce ESI for identified corporate custodians and 30(b)(6) witnesses, referencing an exhibit which list search terms, sample percentages, and specific custodians.  In response, the defendant stated that the plaintiffs’ suggested search terms and requests were overly broad and contended that the parties were still working on agreed search terms and have yet to reach an impasse warranting a motion to compel.

Judge’s Ruling

With regard to the defendant’s objections, Judge Mazzant ruled: “The Court finds that Defendant’s inclusion of ‘subject to and without waiving these objections’ is not supported by the federal rules and goes against the purposes of a just, speedy, and inexpensive resolution…Further, by answering questions in such a manner Defendant fails to specify the scope of its answer in relation to the request. This makes it impossible for Plaintiffs or the Court to assess the sufficiency of the response. Therefore, Defendant has waived each objection by including ‘subject to’ or boilerplate language in its responses…As such, Defendant’s failure to specify specific grounds in the objections results in waiver of those objections…As a result, Defendant is ordered to provide amended responses as discussed below.”

With regard to the plaintiffs motion to compel production of specified ESI, Judge Mazzant ruled: “The Court finds that Plaintiffs’ request for ESI as specified in Exhibit 1 to its Reply is appropriate and should be granted. Although Defendant asserts that the parties are not at an impasse, the Court finds that given the ongoing discovery disputes and inability to cooperate the requested relief is necessary. Plaintiffs further request an order requiring Defendant to produce a randomized five percent of content on a share drive from 2013 to the present regarding various divisions of employees, including STMs. Because this request is raised for the first time in Plaintiffs’ reply, the Court declines to grant such relief at this time. Rather, the Court encourages Plaintiffs to confer with Defendant to reach a common ground on the amount of share drive that needs to be produced and for which specific divisions.”

As a result, the defendant was ordered to: 1) provide a privilege log for each assertion of privilege made within seven days, 2) serve upon plaintiffs’ counsel amended, corrected and complete sets of answers to plaintiffs’ Interrogatories and Requests for Production and 3) produce, in TIFF format, the ESI requested by the plaintiffs within two weeks.

So, what do you think?  Should parties be allowed to correct their “boilerplate” objections before they are waived?  Please let us know if any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

California’s AG is Not Happy with the State’s New Consumer Privacy Act: Data Privacy Trends

As I noted a couple of months ago, 2018 is certainly on its way to becoming the year of data privacy rights for the individual.  And, back in June, the California Consumer Privacy Act of 2018 was approved unanimously by the state Senate and Assembly and was signed by Gov. Jerry Brown.  But, California’s AG has just ripped lawmakers for ‘unworkable’ provisions in the new law.

As discussed in Legaltech® News (California AG Rips Lawmakers for ‘Unworkable’ Provisions in New Data Privacy Law, written by Mike Scarcella), California Attorney General Xavier Becerra lashed out at lawmakers for imposing “unworkable obligations and serious operational challenges” on his office by effectively making him the chief enforcer of the new law.

In an August 22 letter to legislators who helped get the law passed in June, Becerra complained that his office is not equipped to handle all the related duties, including quickly drafting regulations and advising businesses about compliance with the California Consumer Privacy Act, or CCPA.

“Failure to cure these identified flaws will undermine California’s authority to launch and sustain vigorous oversight and effective enforcement of the CCPA’s critical privacy protections,” Becerra wrote in the letter.  Becerra also questioned the legality of the civil penalties included in the new law, which he said improperly modified the state’s Unfair Competition Law, or UCL.

“The UCL’s civil penalty laws were enacted by the voters through Proposition 64 in 2004 and cannot be amended through legislation,” Becerra wrote. The data-privacy law’s “constitutional infirmity” can be cured “by simply replacing the CCPA’s current penalty provision with a conventional stand-alone enforcement provision” that does not purport to change the Unfair Competition Law.

Lawmakers tried to address some of the attorney general’s concerns in clean-up legislation that was pending Wednesday in the Assembly. One bill, SB 1121, drops a requirement in the Consumer Privacy Act that consumers must first notify the attorney general’s office before suing over a data breach. The pending legislation recasts the civil penalty provisions and delays enforcement of the new law until six months after the attorney general publishes new regulations or July 1, 2020—whichever is sooner.

A separately pending budget bill would also appropriate $700,000 to Becerra’s office for help drafting and enforcing the new regulations.  But, the changes do not include a broader private right of action—sought by the attorney general—that would shift the litigation burden to consumers. Such a provision would have attracted fierce opposition from business groups that oppose any expansion of plaintiffs’ ability bring class actions and individual suits.

Becerra’s beefs with the Consumer Privacy Act foreshadow the fights that are looming over the state’s sweeping digital information law as interests, including those in government, push to alter its reach and enforcement before it goes into effect in 2020.  And, the business lobby is already pushing to narrow what they have to disclose to consumers about information that is collected about them. Companies are also lobbying the federal government for industry friendly rules that would preempt California’s new law.  It looks like California’s new privacy law may look a bit different when it goes into effect in January 2020 – if that timeline still holds.

So, what do you think?  Will California’s privacy law still hold as is?  Or will it be changed significantly?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

There’s a Trip of a Lifetime Available at One Firm for Employees Who Can Get Partners to Embrace Tech: eDiscovery Trends

One of the biggest hurdles from a legal technology standpoint is getting people, especially highly experienced (i.e., “old”) partners to embrace the technology.  One firm has not only tried to commit to changing that, they have “put their money where their mouth is”.

As discussed in Above the Law (Biglaw Firm Offering $100K+ For Employees Who Can Convince Old Partners To Use Tech, written by Joe Patrice), Wilson Sonsini has set aside $100K in travel awards (plus the appropriate tax gross ups) to employees who can successfully get the firm to adopt their new technologies. The firm recently sent out a memo seeking bids from “Special Ops” groups with a plan to bolster adoption with a hefty prize at the end when and if those groups meet their targets.

As Wilson’s Corporate Strategic Innovation Counsel, David Wang put it:

“Our core business is representing the most innovative companies in the world. This initiative is one example of a comprehensive effort to deliver value to clients by using the most efficient and innovative business processes and technologies.”

This is not only smart from a standpoint to establish tech adoption within the firm, it’s also a great way to communicate commitment to technology to clients and prospective clients of the firm.  If they can get a couple of publications to pick up on the story to provide free publicity, even better.  Oh wait, they just did… :o)

So, what do you think?  What does your firm do to promote adoption and use of technology inside the firm?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Today is the Day to Learn What You Need to Know to Decide Whether to Litigate or Settle Your Case!: eDiscovery Webcasts

People say that fewer and fewer cases go to trial these days. Is that true? Regardless of whether it is or not, what information do you need to know to make an informed decision whether or not to litigate or settle the case and how do you gather that information? Find out in our webcast today!

Today at noon CST (1:00pm EST, 10:00am PST), CloudNine will conduct the webcast Litigate or Settle? Info You Need to Make Case Decisions. In this one-hour webcast that’s CLE-approved in selected states, we how litigation has evolved over the years, how that impacts discovery and what you need to know to decide on the best course of action for each case. Topics include:

  • How Litigation Has Evolved
  • The Importance of Deciding Correctly
  • eDiscovery Considerations
  • Covering Your Bases While You Decide
  • Benefits of Early Data Analysis
  • How Much Each GB Can Cost You
  • Why Number of GBs Isn’t All You Need to Know
  • Why You Should Test Searches Before Meet and Confer
  • Other Tips and Tricks to Know for a Successful Outcome

As always, I’ll be presenting the webcast, along with Tom O’Connor, who wrote a four part blog post series that we have published on the blog in the past couple of weeks.  To register for it, click here.  Even if you can’t make it, go ahead and register to get a link to the slides and to the recording of the webcast (if you want to check it out later).  If you want to know what you need to know to decide whether to litigate or settle a case, this is the webcast for you!

So, what do you think?  Do you struggle with gathering the information you need to make case decisions?  If so, join us today!  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Court Sides with Plaintiff’s Proposal, Orders Random Sample of the Null Set: eDiscovery Case Law

In City of Rockford v. Mallinckrodt ARD Inc., No. 17 CV 50107, No. 18 CV 379 (N.D. Ill. Aug. 7, 2018), Illinois Magistrate Judge Iain D. Johnston adopted the parties’ proposed order establishing the production protocol for ESI with the inclusion of the plaintiffs’ proposal that a random sample of the null set will occur after the production and that any responsive documents found as a result of that process will be produced.

Case Background

In this case involving alleged breach of contract, racketeering and antitrust violations related to the defendant’s prescription medication, the parties agreed on several aspects of discovery, including a plan to use keyword searching and a protocol for agreeing on search terms, date restrictions, and custodian restrictions.  The protocol also addressed the steps to be taken if a party were to dispute a specific term as being overly broad, with the producing party to review a statistically valid sample of documents to determine if the term is returning mostly responsive documents, followed by negotiation as to any modifications to the term, with a plan to submit to the Court if they could not agree.

However, the parties could not agree on what to do after the production.  The defendants’ proposed that if “the requesting party reasonably believes that certain categories of requested documents exist that were not included in the production, the parties will meet and confer to discuss whether additional terms are necessary.”  On the other hand, the plaintiffs proposed a random sample of the null set (the documents not returned via search), with the following specific provision:

“The producing party agrees to quality check the data that does not hit on any terms (the Null Set) by selecting a statistically random sample of documents from the Null Set. The size of the statistically random sample shall be calculated using a confidence level of 95% and a margin of error of 2%. If responsive documents are found during the Null Set review, the producing party agrees to produce the responsive documents separate and apart from the regular production. The parties will then meet and confer to determine if any additional terms, or modifications to existing terms, are needed to ensure substantive, responsive documents are not missed.”

Judge’s Ruling

While noting that “the parties have agreed to use key word searching”, Judge Johnston evaluated the “pros and cons” of keyword searching as compared to technology assisted review (TAR), but ultimately decided that he “will not micromanage the litigation and force TAR onto the parties.”

As for the proposal in dispute, Judge Johnston ruled that sampling the null set is reasonable under Rule 26(g), stating that “Defendants provide no reason establishing that a random sampling of the null set cannot be done when using key word searching. Indeed, sampling the null set when using key word searching provides for validation to defend the search and production process, and was commonly used before the movement towards TAR.”

Judge Johnston also ruled that sampling the null set is proportionate under Rule 26(b)(1), stating: “The Court’s experience and understanding is that a random sample of the null set will not be unreasonably expensive or burdensome. Moreover and critically, Defendants have failed to provide any evidence to support their contention…Indeed, the Court’s experience and understanding is that the random sample will not be voluminous in the context of a case of this magnitude.”  Judge Johnston also cited the issues at stake, the potential amount in controversy, asymmetrical discovery (with the defendants having access to the vast majority of the relevant information), the “substantial resources” of the defendant and that “the burden and expense of a random sampling of the null set does not outweigh its likely benefit of ensuring proper and reasonable – not perfect – document disclosure” all as reasons as to why sampling was proportionate in this case.

As a result, Judge Johnston ordered a random sample of the null set, determining that “Plaintiffs’ proposed 95% confidence level with +/-margin of 2% is acceptable.”

Editor’s Note: It’s worth noting that if you plug the proposed confidence level and margin of error into the Raosoft sample size calculator, you get no more than 2,401 documents that need to be sampled — even if the size of the null set is as large as 10 million documents.  Conducting a random sample is one of the most proportionate activities associated with eDiscovery review.

So, what do you think?  Should random sampling of the null set always be required in cases like this to help confirm a comprehensive search result?  Please let us know if any comments you might have or if you’d like to know more about a particular topic.

Case opinion link courtesy of eDiscovery Assistant.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

New Phishing Scam Goes After Office 365 Users: Cybersecurity Trends

According to a recent blog post, there’s a new phishing campaign where the scammers are taking advantage of a small, but serious oversight in Microsoft’s Office 365 suite of online services to serve phishing emails that are visually indistinguishable from work-related emails and appear completely safe.  This new attack has impacted an estimated 10% of Office 365 users worldwide.

As reported in Bitdefender (The Underrated Importance of Training Your Staff to Spot Devious Phishing Attacks, written by Filip Truta, and covered by Sharon Nelson’s excellent Ride the Lighning blog), PhishPoint, as the campaign is dubbed, has a variant that most other phishing scams don’t: it goes beyond email and uses SharePoint to harvest end-users’ credentials.

Here is how the PhishPoint scam works:

  • Victim receives email containing a link to a SharePoint document
  • Email body is identical to a standard SharePoint invitation to collaborate
  • Victim clicks the hyperlink in the email thinking it is a legitimate work document
  • Victim’s browser automatically opens a SharePoint file
  • SharePoint file impersonates a standard access request to a OneDrive file
  • Victim clicks on “Access Document” hyperlink that leads to a spoofed Office 365 login screen
  • Victim attempts to login, at which point their credentials are harvested by the PhishPoint authors

Exploited properly, the scam can easily lead to a catastrophic data breach. While Microsoft’s link-scanning security layer does sniff out malicious links in the body of an email, it does not scan the links inside a linked SharePoint document. Even if it did, it still couldn’t blacklist a malicious URL inside the document without blacklisting links to all SharePoint files. Researchers feel this is a dangerous oversight.

Stolen corporate domain usernames and credentials are in high demand on the dark web and underground specialized forums. As more and more organizations are moving to cloud-based solutions, phishers themselves are adjusting their techniques to steal credentials via existing attack tools, such as phishing kits.

These phishing kits are usually stored on legitimate-but-compromised websites and are linked to in generic communication. Fake invitations to files hosted on SharePoint Online, outstanding payments for Office 365 subscriptions, or notices of upcoming account termination are the most common lures used to persuade victims into giving away their credentials. And since the messages aren’t branded with visual identities of specific companies, these campaigns likely target a wide pool of organizations, not just a few select companies.  Some of the phishing kits even have their own defense mechanisms that enable them to fly under the radar and avoid blacklisting.

The post also provides several recommendations to avoid getting caught by phishing scammers, including hovering with your mouse cursor over the hyperlink to make sure the link is actually the site it claims to be, being wary of any unsolicited or uncharacteristic requests to input your credentials and using two-factor authentication on every site that offers it, among others.

These phishing scammers can be very clever and can even mimic people from within your own organization to make you think you’re clicking on a link provided by a co-worker.  One thing we have done at CloudNine to help identify those is to mark any emails coming from an external source with an “*** External Email ***” marker inserted into the received email to help recipients identify those phishing instances.  The battle against malware scammers continues.

So, what do you think?  Do you have any mechanisms your organization uses to spot phishing attempts that you would like to share?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Court Denies Plaintiff’s Request for Native Re-Production by Defendant: eDiscovery Case Law

In Baker v. Santa Clara Univ., No. 17-cv-02213-EJD (VKD) (N.D. Cal. Jul. 31, 2018), California Magistrate Judge Virginia K. Demarchi denied, without prejudice, the plaintiff’s request for an order compelling production of electronically stored documents in native format, finding that the plaintiff “does not have a compelling reason for demanding that SCU (Santa Clara University) re-produce its entire responsive document production in native format simply because she might find something missing.”

Case Background

In this case involving claims of ongoing harassment, discrimination and retaliation by the plaintiff against her employer, the plaintiff served 54 requests for the production of documents in May 2018, with the 54th request to cover the format of production for all documents responsive to the other 53 requests, stating:

“With respect to each request, produce all documents in native format, including electronically stored information, metadata, and all metadata fields. Do not do anything that strips, removes, changes, limits, or otherwise alters the actual electronically stored information and metadata fields of any document that exists in an electronic format. Ensure that all such evidence remains intact, undisturbed, and is produced with each and every electronic document.”

The defendant produced over 2,500 pages of documents in response to the plaintiff’s document requests, but objected to Request No. 54 and produced all documents in .pdf format without metadata. The defendant did not specifically contend that the documents it produced are maintained in .pdf format in the usual course of its business.  As a result, the plaintiff asked for an order requiring the defendant to produce all responsive, electronically stored information in native format.  In requesting the re-production in native format, the plaintiff stated that native format “is very useful in identifying missing `parent emails'[,] `child emails'[,] hidden attachments[,] altered electronic records[,] and other electronic activity having the usefulness of establishing the existence of electronic records that have not been produced.”  In response, the defendant stated, without contradiction, that it attempted to engage the plaintiff’s counsel in a discussion of the search and production of electronically stored information more than a year ago in connection with the parties’ obligations under Rule 26(f), and that the plaintiff’s counsel did not meaningfully engage in the required discussion.

Judge’s Ruling

Judge Demarchi observed that “Neither party has complied with the rules and guidelines that govern the production of electronically stored information”.  Noting that “Rule 34(b)(2) requires a party responding to document requests to object to a requested form of production for electronically stored information, and to state the form or forms of production it intends to use,” Judge Demarchi determined that “while SCU objected to the form of production demanded by Ms. Baker in response to Request No. 54, it did not specify the form of production it intended to use, and it apparently did not organize and label its production to correspond to the categories in Ms. Baker’s requests.”

As for the plaintiff, Judge Demarchi determined that the plaintiff “appears to have utterly failed to comply with the requirements of Rule 26(f) and this Court’s Guidelines for the Discovery of Electronically Stored Information by refusing to meaningfully engage in any discussions early in the case about the search and production of documents stored in electronic format.”

Stating that “The parties now find themselves in a dispute two weeks before the close of fact discovery that might have been avoided had they both complied with their respective and mutual discovery obligations”, Judge Demarchi, while acknowledging that the defendant “has not made any showing that re-producing some or all of its production in native format would be unduly burdensome” stated:

“Ms. Baker’s primary argument for demanding production of documents in native format is that such production might reveal that SCU has not produced all of the documents it should have. SCU’s document production is not particularly voluminous, and Ms. Baker has had nearly a month to review it. Absent a specific, articulable basis for believing SCU has not complied with its discovery obligations, Ms. Baker does not have a compelling reason for demanding that SCU re-produce its entire responsive document production in native format simply because she might find something missing.”

As a result, Judge Demarchi denied the plaintiff’s request without prejudice, stating “If Ms. Baker identifies particular documents or specific categories of documents for which she requires metadata or production in native format, she should make a request for re-production of those documents to SCU, together with an explanation of why re-production is necessary, as SCU has invited her to do already. If the parties cannot agree on whether or to what extent re-production may be necessary or justified, they may bring their dispute before the Court pursuant to the Court’s Standing Order for Civil Cases.”

So, what do you think?  Should the plaintiff’s failure to comply with Rule 26(f) have let the defendant off the hook for failing to comply with Rule 34(b)(2)?  Please let us know if any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.