This is the tenth in a series revisiting Ball in Your Court columns and posts from the primordial past of e-discovery–updating and critiquing in places, and hopefully restarting a few conversations.  As always, your comments are gratefully solicited.

Locard’s Principle

[Originally published in Law Technology News, February 2006]

Devoted viewers of the TV show “CSI” know about Locard’s Exchange Principle: the theory that anyone entering a crime scene leaves something behind or takes something away.  It’s called cross-transference, and though it brings to mind fingerprints, fibers and DNA, it applies to electronic evidence, too.  The personal computer is Grand Central Station for smart phones, thumb drives, MP3 players, CDs, floppies, printers, scanners and a bevy of other gadgets.  Few systems exist in isolation from networks and the Internet.  When these connections are used for monkey business like stealing proprietary data, the electronic evidence left behind or carried away can tell a compelling story. Continue reading →

This is the ninth in a series revisiting Ball in Your Court columns and posts from the primordial past of e-discovery–updating and critiquing in places, and hopefully restarting a few conversations.  As always, your comments are gratefully solicited.

The Path to Production: Are We There Yet?

(Part IV of IV)

[Originally published in Law Technology News, January 2006]

The e-mail’s assembled and accessible.  You could begin review immediately, but unless your client has money to burn, there’s more to do before diving in: de-duplication. When Marge e-mails Homer, Bart and Lisa, Homer’s “Reply to All” goes in both Homer’s Sent Items and Inbox folders, and in Marge’s, Bart’s and Lisa’s Inboxes.  Reviewing Homer’s response five times is wasteful and sets the stage for conflicting relevance and privilege decisions.

Duplication problems compound when e-mail is restored from backup tape.  Each tape is a snapshot of e-mail at a moment in time.  Because few users purge mailboxes month-to-month, one month’s snapshot holds nearly the same e-mail as the next.  Restore a year of e-mail from monthly backups, and identical messages multiply like rabbits. Continue reading →

This is the eighth in a series revisiting Ball in Your Court columns and posts from the primordial past of e-discovery–updating and critiquing in places, and hopefully restarting a few conversations.  As always, your comments are gratefully solicited.

The Path to Production: Harvest and Population

(Part III of IV)

[Originally published in Law Technology News, December 2005]

On the path to production, we’ve explored e-mail’s back alleys and trod the mean streets of the data preservation warehouse district.  Now, let’s head to the heartland for harvest time.  It’s data harvest time.

After attorney review, data harvest is byte-for-byte the costliest phase of electronic data discovery.  Scouring servers, local hard drives and portable media to gather files and metadata is an undertaking no company wants to repeat because of poor planning.

The Harvest
Harvesting data demands a threshold decision: Do you collect all potentially relevant files, then sift for responsive material, or do you separate the wheat from the chaff in the field, collecting only what reviewers deem responsive?  When a corporate defendant asks employees to segregate responsive e-mail, (or a paralegal goes from machine-to-machine or account-to-account selecting messages), the results are “field filtered.” Today, we’d call this “targeted collection.”

Field filtering holds down cost by reducing the volume for attorney review, but it increases the risk of repeating the collection effort, loss or corruption of evidence and inconsistent selections.  If keyword or concept searches alone are used to field filter data, the risk of under-inclusive production skyrockets.

Initially more expensive, comprehensive harvesting (unfiltered but defined by business unit, locale, custodian, system or medium), saves money when new requests and issues arise.  A comprehensive collection can be searched repeatedly at little incremental expense, and broad preservation serves as a hedge against spoliation sanctions.  Companies embroiled in serial litigation or compliance production benefit most from comprehensive collection strategies.

A trained reviewer “picks up the lingo” as review proceeds, but a requesting party can’t frame effective keyword searches without knowing the argot of the opposition.  Strategically, a producing party requires an opponent to furnish a list of search terms for field filtering and seeks to impose a “one list, one search” restriction.  The party seeking discovery must either accept inadequate production or force the producing party back to the well, possibly at the requesting party’s cost. Continue reading →

This is the sixth in a series revisiting Ball in Your Court columns and posts from the primordial past of e-discovery–updating and critiquing in places, and hopefully restarting a few conversations.  As always, your comments are gratefully solicited.

The Path to E-Mail Production

(Part I of IV)

[Originally published in Law Technology News, October 2005]

Asked, “Is sex dirty,” Woody Allen quipped, “Only if it’s done right.”  That’s electronic discovery: if it’s ridiculously expensive, enormously complicated and everyone’s lost sight of the merits of the case, you’re probably doing it right.

But it doesn’t have to be that way.  Over the next four days, we’ll walk a path to production of e-mail — perhaps the trickiest undertaking in EDD.  The course we take may not be the shortest or easiest, but that’s not the point.  We’re trying to avoid stepping off a cliff.  Not every point is suited to every production effort, but all deserve consideration.

Think Ahead
EDD missteps are painfully expensive, or even unredeemable, if data is lost. Establish expectations at the outset.

Will the data produced:

• Integrate paper and electronic evidence?
• Be electronically searchable?
• Preserve all relevant metadata from the host environment?
• Be viewable and searchable using a single application, such as a web browser?
• Lend itself to Bates numbering?
• Be easily authenticable for admission into evidence?

Meeting these expectations hinges on what you collect along the way through identification, preservation, harvest and population. Continue reading →

This is the fourth in a series revisiting Ball in Your Court columns and posts from the primordial past of e-discovery–updating and critiquing in places, and hopefully restarting a few conversations.  As always, your comments are gratefully solicited.

Give Away Your Computer 

[Originally published in Law Technology News, July 2005]

With the price of powerful computer systems at historic lows, who isn’t tempted to upgrade?  But, what do you do with a system you’ve been using if it’s less than four or five-years old and still has some life left in it?  Pass it on to a friend or family member or donate it to a school or civic organization and you’re ethically obliged to safeguard client data on the hard drive. Plus, you’ll want to protect your personal data from identity thieves and snoopers.  Hopefully you already know that deleting confidential files and even formatting the drive does little to erase your private information—it’s like tearing out the table of contents but leaving the rest of the book.  How do you be a Good Samaritan without jeopardizing client confidences and personal privacy?

Options
One answer: replace the hard drive with a new one before you donate the old machine.  Hard drives have never been cheaper, and adding the old hard drive as extra storage in your new machine ensures easy access to your legacy data.  But, it also means going out-of-pocket and some surgery inside both machines—not everyone’s cup of tea.

Alternatively, you could remove or destroy the old hard drive, but those accepting older computers rarely have the budget to buy hard drives, let alone the technician time to get donated machines running.  Donated systems need to be largely complete and ready to roll.

Probably the best compromise is to wipe the hard drive completely and donate the system recovery disk along with the system.  Notwithstanding some largely theoretical notions, once you overwrite every sector of your hard drive with zeros or random characters, your data is gone forever.  The Department of Defense recommends several passes of different characters, but just a single pass of zeros is enough to frustrate all computer forensic data recovery techniques in common use. Continue reading →

I’m peripatetic.  My stuff lives in Austin; but, I’m in a different city every few days.  Lately looking for a new place for my stuff to await my return, I’m reminded of the first three rules of real estate investing: 1. Location; 2. Location and 3. Location.

Location has long been crucial in trial, too: “So, you claim you were at home alone on the night of November 25, 2014 when this heinous crime was committed!  Is that what you expect this jury to believe?”  If you can pinpoint people’s locations at particular times, you can solve crimes.  If you have precise geolocation data, you can calculate speed, turn up trysts, prove impairment, demonstrate collusion and even show who had the green light. Location and time are powerful tools to implicate and exonerate.

A judge called today to inquire about ways in which cell phones track and store geolocation data.  He wanted to know what information is recoverable from a seized phone.  I answered that, depending upon the model and its usage, a great deal of geolocation data may emerge, most of it not tied to making phone calls.  Tons of geolocation data persist both within and without phones.

Cell phones have always been trackable by virtue of their essential communication with cell tower sites.  Moreover, and by law, any phone sold in the U.S. must be capable of precise GPS-style geolocation in order to support 9-1-1 emergency response services. Your phone broadcasts its location all the time with a precision better than ten meters. Phones are also pinging for Internet service by polling nearby routers for open IP connections and identifying themselves and the routers.  You can forget about turning off all this profligate pinging and polling.  Anytime your phone is capable of communicating by voice, text or data, you are generating and collecting geolocation data.  Anytime. Every time.  And when you interrupt that capability, that also leaves a telling record.

Continue reading →

On Wednesday, February 5, 2014 at 9:00am, I’m moderating a plenary session at LegalTech New York where the panelists are a veritable Mount Olympus of e-discovery leaders from the federal bench: John Facciola, James Francis, Andrew Peck, Lee Rosenthal and Shira Scheindlin.  I can hardly imagine a more quintessential quintet of rare knowledge and eloquence!  Kudos to ALM educational coordinator, Judy Kelly, for deftly getting them all to commit.

The judges will be discussing some of what you might expect, e.g., proposed Rules amendments, predictive coding, Rule 502 and expectations of lawyer technical competence.  We will also be exploring a few fresh issues, like the impact all those little screens are having on everyone in and out of court.

There’s still time to add topics and questions of interest to you to the program; so, if you have questions you’d pose or topics you’d explore, please share them here as a comment (or e-mail them to me: craig at ball dot net), and I’ll try to work them in.  Hope to see you in New York!