Close
Enter your
text here

Evidence

Free Trojans with Your Document Production: eDiscovery Trends

By “trojans”, I mean “malware”, not the other type of “trojans”… 🙂

An Arkansas lawyer representing three Fort Smith police officers in a whistleblower case is seeking sanctions after his computer expert found malware on an external hard drive supplied in response to a discovery request, according to a story by the Northwest Arkansas Democrat Gazette.

According to the story, Attorney Matthew Campbell in North Little Rock has been representing three current and former Fort Smith police officers in the lawsuit since January 2014. He requested emails from the Fort Smith Police Department, and Sebastian County Circuit Judge James O. Cox ordered on May 9, 2014, that they be provided to Campbell as part of discovery in the case. The documents were produced in June 2014. It’s how they were produced that aroused Campbell’s suspicion.

Douglas Carson, the attorney representing Fort Smith and its Police Department, sent Campbell a computer hard drive with the production by Federal Express. According to the story, Campbell said the defendants normally had provided him with requested documents via email, the U.S. Postal Service or through a cloud-based Internet storage service.

So, Campbell decided to have his information technology expert, Geoff Mueller of Austin, Texas, check out the drive first. Guess what he found? Four “Trojans,” one of which was a duplicate.

A “trojan” or “trojan horse” appears to be a legitimate program which unleashes the malware when you are tricked into running it. They can be quite tricky as I reported a few years ago when it happened to me.

“One would have kept my Internet active even if I tried to turn it off, one would have stolen any passwords that I entered in, and the other would have allowed the installation of other malicious software,” Campbell said. “It’s not like these are my only clients, either. I’ve got all my client files in my computer. I don’t know what they were looking for, but just the fact that they would do it is pretty scary.”

In an affidavit filed with the motion Friday, Mueller stated: “Upon informing Mr. Campbell of the presence of these Trojans, he provided me with information that the Fort Smith Police Department claimed to be running a secure system with real-time virus and malware protection. In my experience, if the FSPD system is actually as described, these Trojans would not exist on the system.”

Mueller said the placement of the Trojans in a subfolder named “D:Bales Court Order,” and not in the root directory, “means the Trojans were not already on the external hard drive that was sent to Mr. Campbell and were more likely placed in that folder intentionally with the goal of taking command of Mr. Campbell’s computer while also stealing passwords to his account.”

In addition to the malware found on the drive, Campbell’s motion for sanctions alleges that entire email accounts were deleted, that emails which could have been recovered were purged from the system, and that emails which were previously provided in response to Freedom of Information Act (FOIA) requests had improper deletions. Campbell also states in the motion that the police department’s IT specialist attended a convention ten days after the court granted Campbell’s motion to compel evidence last May. According to Campbell, the expert took classes on secure data deletion, whistleblower investigation and monitoring employee activity, but did not take classes offered on eDiscovery and preservation of evidence.

Campbell is asking for a default judgment for his clients and that the defendants be held in criminal contempt of court, among other sanctions.

So, what do you think? Do you check data produced to you for the presence of malware? Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Simply Deleting an Email Doesn’t Mean It’s Gone, Even When It’s Hillary Clinton’s Emails: eDiscovery Trends

Early in the life of this blog, we published a blog post called eDiscovery 101: Simply Deleting a File Doesn’t Mean It’s Gone to try to help our readers understand how disk drives keep track of files and how “deleted” files often can still be recovered. Something tells me that basic forensic concept will become a big issue in the coming weeks and months regarding Hillary Clinton’s deleted emails.

As reported by Politico in Hillary’s emails: Deleted but not gone (by Joseph Marks and Rachael Bade), Clinton’s attorney David Kendall on Friday wrote Benghazi Committee Chairman Rep. Trey Gowdy (R-S.C.), declining the committee’s request for the personal server that she used for emails while she was Secretary of State (which we discussed previously here) to be turned over to an independent third party. The committee said it wants a third party to verify that all Benghazi-related emails were in fact turned over to the panel – especially after Clinton acknowledged deleting anything determined to be “personal” messages. Kendall called the request pointless, saying Clinton’s IT staff had confirmed to him the messages are gone for good (Gowdy, in a statement, said that Clinton “unilaterally decided to wipe her server clean and permanently delete all emails from her personal server”).

But, are the emails really gone? According to my colleague, Michael Heslop, Vice President of Computer Forensics at CloudNine, that depends on what they mean by “wiped”. “If they forensically wiped the server, then it’s likely not recoverable from there”, said Heslop. “But, the data might still be available via other sources, such as backups or an offline storage table (OST) file on the computer that was used for email.”

As an example, the Politico article references the case of former Internal Revenue Service official Lois Lerner, who came under scrutiny over charges that the IRS targeted tea party groups for heightened scrutiny, after the IRS said that a 2011 hard-drive crash rendered her emails irretrievable. The agency trashed the hard drive and said it had over-written back-up tapes, yet other recovered back-up tapes appears to have yielded the missing emails.

Not surprisingly, the conservative group Freedom Watch has filed a racketeering lawsuit against Clinton that accuses her of failing to produce documents under the Freedom of Information Act (FOIA). So, expect efforts to scrutinize the deletion of Clinton’s emails to intensify. And, that’s no April Fools joke.

So, what do you think? Have you ever had to recover deleted emails? Were you successful in doing so? Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscoveryDaily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Plaintiff’s Motion to Quash Subpoena of Text Messages Granted by Court: eDiscovery Case Law

In Burdette v. Panola County, No. 3:13CV286-MPM-SAA (N.D. Miss. February 4, 2015), Mississippi Magistrate Judge S. Allan Alexander granted the plaintiff’s Motion to Quash Subpoena where the defendant subpoenaed the plaintiff’s text messages and call log records from his mobile provider.

Case Background

In this employment case, the defendant issued a subpoena to AT&T Subpoena Compliance Center for production of “[a]ny and all calls and text messages made from and received from [the plaintiff’s phone number] in the custody and control of AT&T for the dates of April 23, 2012, beginning 1:00 p.m. through May 27, 2012.” The defendants stated that the subpoena was necessary because plaintiff had avoided producing ESI that is relevant to the claims at issue and failed to maintain either the phone upon which he recorded a conversation the day of his discharge or the computer to which he later transferred the phone recording.

The plaintiff contended that the subpoena was overly broad, harassing, irrelevant, and potentially sought information protected by the attorney client privilege, as the requested text messages would undoubtedly include texts to and from his family members and possibly to and from his attorney. The plaintiff also noted that the period of time for which the text messages and calls were sought extended twenty days after the plaintiff was terminated.

Judge’s Opinion

Judge Alexander noted that the defendants “have offered no explanation for why these text messages and phone calls are relevant and has not agreed to limit the production of them in any way”. Despite the fact that the plaintiff failed to maintain the phone and computer, Judge Alexander determined that “neither of those two facts support the request for all of plaintiff’s text messages and phone calls before and for three weeks after his termination. If defendants desire to seek a spoliation instruction, they are permitted to do so, but defendants have failed to convince the undersigned that production of text messages and phone call logs will resolve any issue relating to the recorded conversation. The court will not permit irrelevant discovery that appears to be more harassing than productive.”

“Weighing the factors set out by the Fifth Circuit for quashing a subpoena, the relevance factor clearly weighs against production of the phone records”, stated Judge Alexander, finding that “the breadth of the request is entirely too wide even if a valid reason for the request had been established.” As a result, he granted the plaintiff’s request to quash the defendant’s subpoena.

So, what do you think? Was the defendants’ request overbroad? Or did they have a valid reason for the subpoena, given that the plaintiff failed to produce relevant ESI? Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscoveryDaily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscoveryDaily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

When Claiming Workplace Injury, Facebook Posts Aren’t Handy, Man: eDiscovery Case Law

In Newill v. Campbell Transp. Co., 2:12-cv-1344 (W.D. Pa. Jan. 14, 2015), Pennsylvania Senior District Judge Terrence F. McVerry ruled on the plaintiff’s motion in limine on miscellaneous matters by allowing the defendant to introduce Facebook posts into evidence that related to the plaintiff’s physical capabilities, but not those that related to his employability.

Case Summary

In this workplace injury case related to the plaintiff’s employment with a shipping company, the plaintiff sought, via his motion, to preclude the defendant from introducing several of his Facebook posts into evidence, on the basis that they are irrelevant or would be unfairly prejudicial. The defendant responded that the posts were relevant to show that following the accident the plaintiff retained the ability to engage in physical activities despite his claim of injury.

The defendant sought to introduce Facebook posts where the plaintiff discussed “physically taxing activities” such as painting, landscaping, flooring, going to the gym, undercoating a truck, and “going physical”. The plaintiff also apparently advertised his services as a handyman and suggested that “no job [was] 2 big or 2 small.” The Defendant also argued that the posts were relevant to the question of the plaintiff’s employability, which the defendant’s expert testified would have been improved if he adopted a “sensible social medial presence” and eliminated posts containing “casual or rough language” on Facebook.

Judge’s Decision

Judge McVerry found that “posts from Plaintiff’s Facebook account ‘that reflect physical capabilities inconsistent with a plaintiff’s claimed injury are relevant.’”  He also stated, however:

“While the Court understands that Plaintiff may be embarrassed by the content of some of his posts, that alone is not a sufficient basis for excluding the posts under Rule 403. If, at trial, Defendant attempts to introduce a particular Facebook post that Plaintiff feels is unduly embarrassing, the issue of the admissibility can be re-raised at that time and the Court reserves the discretion to exclude it pursuant to Fed. R. Evid. 611 (granting the court discretion to bar harassment and undue embarrassment of a witness).

As to Defendant’s second argument, the Court is not convinced that Costantini should be permitted testify about Plaintiff’s inane postings on Facebook when discussing the issue of his employability. To be sure, potential employers do often consider an applicant’s Facebook account when making a hiring decision. But Costantini’s testimony that Plaintiff’s Facebook account “probably is not giving the employers a good impression” is nothing more than speculation. There is nothing in the record actually linking his Facebook posts to his inability to obtain new employment until recently or suggesting that the types of jobs for which Plaintiff was qualified would be harder to obtain because of his Facebook posts. Without such a link having been established, Costantini has no basis to offer an opinion on these matters.”

As a result, Judge McVerry denied the portion of the plaintiff’s motion “insofar as it seeks to prevent Defendant from introducing Facebook posts that tend to contradict his claimed damages”, but granted the portion with regard to the defendant’s expert being permitted to rely on Plaintiff’s Facebook posts in assessing his employability.

So, what do you think? Should the defendant be prohibited from introducing posts that demonstrate the plaintiff’s employability? Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscoveryDaily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscoveryDaily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Image Isn’t Everything, Court Says, Denying Plaintiff’s Request for Imaging on Defendant’s Hard Drives – eDiscovery Case Law

In Design Basics, LLC. v. Carhart Lumber Co., 8:13CV125 (D. Neb. Nov. 24, 2014), Nebraska Magistrate Judge Cheryl R. Zwart, after an extensive hearing on the plaintiff’s motion to compel “full disk imaging of Defendant’s hard drives, including Defendant’s POS server, secretaries’ computers, UBS devices. . .”, denied the motion after invoking the mandatory balancing test provided in FRCP Rule 26(b)(2)(C).

In this design misappropriation case, the plaintiff filed the motion to compel, arguing “that it is entitled to a full forensic image of the defendant’s server, and every computer or computer data storage device or location used by the company and any of its employees”.  The plaintiff’s counsel stated that he litigates design misappropriation cases nationwide, and he always (except perhaps in a rare case) is granted the right to image a defendant company’s entire computer system. Judge Zwart noted that, after being afforded an opportunity to brief the issue and submit further evidence, the plaintiff’s counsel cited no cases supporting this argument.

The defendant filed a motion for protective order seeking relief from that request and arguing that it had determined that the secretaries’ computers did not contain relevant information.

In issuing her ruling denying the plaintiff’s motion to compel and granting the defendant’s motion for protective order, Judge Zwart stated:

“Plaintiff’s demand for all of the defendant’s computer data is consistent with the position of its expert, but it is not consistent with the balancing required under Rule 26(b)(2)(C) of the Federal Rules of Civil Procedure.  Based on the arguments of counsel held today and the evidence of record, Defendant’s counsel has provided both electronic and paper copies of all blue prints, has performed Plaintiff’s requested search on the emails copied from the 11 computers, and has already invested many hours reviewing thousands of documents for privilege. Defense counsel offered to produce the nonprivileged emails to Plaintiff’s counsel for his review, and has provided dates for taking the deposition of Defendant’s president. Plaintiff’s counsel has neither reviewed the emails nor deposed anyone. This case is more than 18 months old.

In the end, the plaintiff failed to show good cause why additional computer data must be collected from the defendant. Taking into consideration the factors listed in Fed. R. Civ. P. 26(b)(2)(C), the court is convinced that allowing imaging of every computer or data storage device or location owned or used by the defendant, including all secretaries’ computers, is not reasonable and proportional to the issues raised in this litigation.”

So, what do you think?  Was the plaintiff overreaching in its request?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine Discovery. eDiscoveryDaily is made available by CloudNine Discovery solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscoveryDaily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Twitter Might “Bug” You if You Want to Retrieve Archive Data – eDiscovery Best Practices
 

Thanks to the Google Alerts that I set up to send me new stories related to eDiscovery, I found an interesting blog post from an attorney that appears to shed light on an archival bug within Twitter that could affect people who may want to retrieve Twitter archival data for eDiscovery purposes.

In Erik J. Heels’ blog, his latest post (Twitter Bug Makes Tweet Archives Unreliable For eDiscovery), he starts by noting that his very first tweet of October 30, 2008 is no longer active on his site – his earliest tweet was dated September 5, 2010.  All attempts to try to locate the tweets were unsuccessful and customer service was no help.

After some digging, Erik found out that, on October 13, 2010, Twitter announced the “new Twitter” which included a new user interface.  As part of that revamping, Twitter changed the format for its status URLs (Tweets) so that the sequential number at the end of each Tweet (the Tweet ID) changed length, eventually doubling from nine digits in 2008 to 18 digits today (which supports up to one quintillion tweets).

Then, on December 12, 2012, Twitter announced that users could export archives of their Tweets (via your account’s Settings page).  The result is a nine field comma-separated values (CSV) file with information, including the tweet ID.  So, now you could retrieve your old tweets that were no longer actively stored, right?  Not necessarily.

As Erik found out, when he exported the file and went to retrieve old tweets, some of his tweet IDs actually pointed to other people’s tweets!  You can see the details of his tests in his blog post or via his 60 second YouTube video here.

Obviously, if you need to retrieve archived tweets for eDiscovery purposes, that’s not a good thing.

As it happens, CloudNine Discovery has our own Twitter account (@Cloud9Discovery) and has since August of 2009 (we were known as Trial Solutions back then), so I decided to run my own test and exported our archive.  Here’s what I found:

  • Our very first tweet was August 17, 2009 (Trial Solutions Ranks 2,830 on the Exclusive 2009 Inc. 5000).  It retrieved correctly.  The bit.ly link within the tweet isn’t hyperlinked, but if you copy and paste it into the browser address, it correctly retrieves (obviously, this will only be the case if the referenced web page still exists).
  • In fact, all of the early tweets that I tested retrieved with no problem.
  • Then, on December 1, 2010, I encountered the first tweet that didn’t retrieve correctly (one of our blog posts titled eDiscovery Project Management:  Effectively Manage Your Staff) with a tweet ID of 9924696560635900 (Full URL: https://twitter.com/Cloud9Discovery/status/9924696560635900).  It didn’t point to a different person’s tweet, it simply said “Sorry, that page doesn’t exist!”
  • From that point on, none of the tweets that I tried to retrieve would retrieve – all gave me the “page doesn’t exist” message.
  • I even tried to retrieve our tweet of yesterday’s blog post (Defendant Ordered to Produce Archived Emails Even Though Plaintiff Failed to Produce Theirs – eDiscovery Case Law) via the tweet ID provided in the archive file (535098008715538000).  Even it wouldn’t retrieve.  Wait a minute, what’s going on here!

I then retrieved our tweet of yesterday’s blog post by clicking on it directly within Twitter.  Here is the URL to the tweet with the ID at the end: https://twitter.com/Cloud9Discovery/status/535098008715538434.

See the problem?  The tweet IDs don’t match.

I ultimately determined that all of the tweet IDs provided in the archive file starting on December 1, 2010 end with two or more zeroes.  Starting on November 5, 2010, they all end with at least one zero.  When I started testing those, I re-created Erik’s problem:

Our tweet on November 29, 2010 titled eDiscovery Trends: Sanctions at an All-Time High, (tweet ID: 9199940811100160) actually retrieves a tweet by @aalyce titled @StylesFever snog liam marry louis and niall can take me out 😉 hehe.  Whoops!

It appears as though the archive file provided by Twitter is dropping all digits of the tweet ID after the fifteenth digit and replacing them with zeroes, effectively pointing to either an invalid or incorrect page and rendering the export effectively useless.  Hopefully, Twitter can fix it – we’ll see.  In the meantime, don’t rely on it and be prepared to address the issue if your case needs to retrieve archived data from Twitter.  Thanks, Erik, for the heads up!

So, what do you think?  Have you ever had to preserve or produce data from Twitter in litigation?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine Discovery. eDiscoveryDaily is made available by CloudNine Discovery solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscoveryDaily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Simply Deleting a File Doesn’t Mean It’s Gone – eDiscovery Best Practices
 

I seem to have picked up a bit of a bug and I’m on cold medicine, so my writing brain is a bit fuzzy.  As a result, so I’m revisiting a topic that has come up a few times over the years that we covered early on in the blog’s history.  I should be back in the saddle with new posts next week!

Disk drives use an index or table to keep track of where each file begins and ends on the disk.  You may have heard terms such as “FAT” (file allocation table) or NTFS ({Windows} NT File System) – these filing systems enable the file to be retrieved quickly on the drive.  They’re like a “directory” of all of the active files on the disk.  When a file is “deleted” (i.e., actually deleted, not just moved to the Recycle Bin), the data for that file isn’t actually removed from the disk (in most cases).  Instead, the entry pertaining to it is removed from the filing system.  As a result, the area on the disk where the actual data is located becomes unallocated space.

Unallocated space, also known as inactive data or drive free space, is the area of the drive not allocated to active data. On a Windows machine, deleted data is not actually destroyed, but the space on the drive that can be reused to store new information. Until the unallocated space is overwritten with new data, the old data remains.  This data can be retrieved (in most cases) using forensic techniques. On MAC O/S 10.5 and higher, there is an application that overwrites sectors when a file is deleted. This process more securely destroys data, but even then it may be possible to recover data out of unallocated space.

Because the unallocated space on a hard drive or server is that portion of the storage space to which data may be saved, it is also where many applications “temporarily” store files when they are in use. For instance, temporary Internet files are created when a user visits a web page, and these pages may be “cached” or temporarily stored in the unallocated space.  Rebooting a workstation or server can also clear some data from the unallocated space on its drive.

Since computers are dynamic and any computer operation may write data to the drive, it is nearly impossible to preserve data in the unallocated space on the hard drive and that data is not accessible without special software tools. To preserve data from the unallocated space of a hard drive, the data must be forensically collected, which basically copies the entire drive’s contents, including every sector (whether those sectors contain active data or not). Even then, data in the unallocated space may not be complete. Because the unallocated space is used to store new data, writing a new file may overwrite part of a deleted file, leaving only part of that file in the unallocated space.

Nonetheless, “deleted” files have been recovered, collected and produced in numerous lawsuits, despite efforts of some producing parties to destroy that evidence.

So, what do you think?  Have you ever recovered deleted data that was relevant to litigation?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine Discovery. eDiscoveryDaily is made available by CloudNine Discovery solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscoveryDaily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

eDiscovery in Arbitration Has Become Less…Arbitrary – eDiscovery Trends
 

When you think of eDiscovery, you typically think of it as it relates to litigation – two sides of a case requesting and producing electronically stored information (ESI) as one means of identifying evidence designed to lead to resolution of a lawsuit.  But litigation is just one method for dispute resolution.  Another method is arbitration.  But, do arbitrators really “get” eDiscovery?

According to a new article in Corporate Counsel (Arbitrators Finally 'Get' E-discovery, written by Josh M. Leavitt), they finally do – thanks to the issuance of new rules (though some of those rules have actually been around for a while).  Leavitt observes that proponents of arbitration have considered the cost and delays of discovery “inconsistent with core principles of arbitration such as efficiency and cost-effectiveness” and that it was “not uncommon to go through substantial arbitrations without participating in anything remotely resembling either a federal e-discovery conference with opposing counsel or a prearbitration conference where the arbitration panel engaged the parties in meaningful and technically sound discussions about e-discovery.”

The end result was often either an ineffective, costly and/or manipulated discovery process.  However, as Leavitt notes, arbitral bodies JAMS and the American Arbitration Association (AAA) “now have protocols for e-discovery, as do several of the international arbitration providers”.

JAMS

The former Judicial Arbitration and Mediation Services, now known as JAMS, Inc., published in January 2010 its Recommended Arbitration Discovery Protocols to “provide JAMS arbitrators with an effective tool that will help them exercise their sound judgment in furtherance of achieving an efficient, cost-effective process which affords the parties a fair opportunity to be heard.”  Also, Rule 16 of JAMS Comprehensive Arbitration Rules (also added in 2010) covers topics such as preliminary conferences, formats of production, metadata, custodians and cost shifting.

American Arbitration Association (AAA)

Last October, the AAA added new rules R-22 and R-23 to its Commercial Arbitration Rules and Mediation Procedures, which establishes parameters for arbitrators to manage exchange of ESI, impose ESI search parameters and make cost allocations and sanction noncompliance.  Also, the International Centre for Dispute Resolution® (ICDR), the international arm of the AAA, has published a 3 page Guidelines for Arbitrators Concerning Exchanges of Information to establish the authority for arbitrators to manage ESI and impose sanctions for noncompliance with their ESI orders.

With these resources available, arbitrators can make the process of eDiscovery less…arbitrary.

So, what do you think? Have you managed discovery in arbitration? Was it efficient?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine Discovery. eDiscoveryDaily is made available by CloudNine Discovery solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscoveryDaily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Court Rules that Joint Stipulation Supports Plaintiff’s Production of Images Instead of Native Files – eDiscovery Case Law

In Melian Labs, Inc. v. Triology LLC, No. 13-cv-04791-SBA (N.D. Cal. Sept. 4, 2014), California Magistrate Judge Kandis A. Westmore denied the plaintiff’s motion to compel discovery in native form because the production format had been agreed upon under the parties’ ESI protocol under the Joint Rule 26(f) Report filed by the parties that supported production in “paper, PDF, or TIFF format”.

In this trademark dispute, the plaintiff sought a declaratory judgment that its website did not infringe upon the defendant’s trademark, but rather, that the defendant’s use of the trademark infringed on the plaintiff’s senior trademark rights.

On March 26, 2014, the parties filed a case management conference statement (referred to as the “Joint Rule 26(f) Report”), and informed the district court that:

“With respect to the production of electronic data and information, the parties agree that the production of metadata beyond the following fields are not necessary in this lawsuit absent a showing of a compelling need: Date Sent, Time Sent, Date Received, Time Received, To, From, CC, BCC, and Email Subject. The parties agree to produce documents electronic form in paper, PDF, or TIFF format, and spreadsheets and certain other electronic files in native format when it is more practicable to do so.”

The plaintiff began its document production on June 23 and had produced 1218 pages of documents to date.  On August 1, the defendant complained about the format of the plaintiff’s document production of its electronically stored information (“ESI”), claiming that the produced PDFs were stripped of all metadata in violation of the agreement of the parties and that the spreadsheets were not produced in native format.  The defendant contended that the plaintiff’s production of “7 large PDF image documents, which each appear to be a compilation of ESI improperly collected and produced,” were violative of Federal Rule of Civil Procedure 34(b)(2)(E), because they were not produced in their native format and are not reasonably usable.  The defendant also contended that the plaintiff failed to comply with the Joint Rule 26(f) Report by refusing to produce all spreadsheets in native format – the plaintiff acknowledged that some of its spreadsheet printouts were difficult to read, and, in those cases, it produced the spreadsheets in native format (Excel) upon request, but contended that the parties never agreed to produce all spreadsheets in native format.

Judge Westmore stated that “Triology’s complaint is purely one of form and, at this juncture, it is not claiming that Melian’s production is incomplete. Rule 34(b) only requires that the parties produce documents as they are kept in the usual course of business or in the form ordinarily maintained unless otherwise stipulated. Fed. R. Civ. P. 34(b)(2)(E). The parties’ Joint Rule 26(f) Report is a stipulation, and, therefore, Rule 34(b) does not govern. Further, the Joint Rule 26(f) Report does not require that all ESI be produced electronically. Instead, it states that ESI may be produced in paper, PDF or TIFF.”

Judge Westmore also noted that “Triology fails to articulate why metadata is important to emails, when every email should contain the information sought on the face of the document.”  As a result, he ruled that the defendant’s “request to compel the production of all emails in a searchable or native format is denied”.

So, what do you think?  Did the Joint Rule 26(f) Report allow the plaintiff to produce PDFs with no metadata or was the defendant still entitled to native files with at least the email metadata?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine Discovery. eDiscoveryDaily is made available by CloudNine Discovery solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscoveryDaily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Twitter Sues for the Right to be More Transparent – Social Tech eDiscovery

Back in July, we took a look at Twitter’s Transparency Report to show government requests for data over the last six months of 2013 (we had previously looked at their very first report here).  However, because Twitter is barred by law from disclosing certain details on government surveillance requests, the Transparency Report is not as transparent as Twitter would like.  So, on Tuesday, Twitter filed suit against the FBI and the Justice Department, seeking the ability to release more detailed information on government surveillance of Twitter users.

As reported by The Huffington Post, Twitter is asking a judge for permission to publish its full transparency report, including the number of so-called “national security letters” and Foreign Intelligence Surveillance Act orders that it receives. Twitter claims that restrictions on its ability to speak about government surveillance requests are unconstitutional under the First Amendment.

“We’ve tried to achieve the level of transparency our users deserve without litigation, but to no avail,” Twitter said in a blog post announcing the lawsuit, which was filed in federal court.  “It’s our belief that we are entitled under the First Amendment to respond to our users’ concerns and to the statements of U.S. government officials by providing information about the scope of U.S. government surveillance – including what types of legal process have not been received. We should be free to do this in a meaningful way, rather than in broad, inexact ranges.

So, today, we have filed a lawsuit in federal court seeking to publish our full Transparency Report, and asking the court to declare these restrictions on our ability to speak about government surveillance as unconstitutional under the First Amendment. The Ninth Circuit Court of Appeals is already considering the constitutionality of the non-disclosure provisions of the NSL law later this week.”

Transparency reports are typically issued by companies to disclose numerous statistics related to requests for user data, records, and website content. These reports indicate the frequency and authority that governments request data or records over the given period. Due to the creation of these reports, the public may be informed of the private information governments gain access to via search warrants, court subpoenas and other methods.  Many other major communication platforms provide Transparency Reports as well, such as Facebook, LinkedIn, Google and Microsoft.

In Twitter’s most recent Transparency Report, they received 2,058 requests for information on its users over the previous six months from governments around the world – a 46 percent increase from 1,410 requests received the previous six months.  Over 61 percent of those requests (1,257 total) came from the US Government (Japan was next on the list with a mere 192 requests).

Twitter said it supports the USA Freedom Act of 2014, which was introduced earlier this year by Sen. Patrick Leahy (D-Vt.). The bill would allow for greater public reporting about government surveillance requests.

A copy of Twitter’s filed complaint can be found here.

So, what do you think?  Do you agree with Twitter that they deserve the right to greater transparency?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine Discovery. eDiscoveryDaily is made available by CloudNine Discovery solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscoveryDaily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.