The Path to E-Mail Production II, Revisited

20 Tuesday Jan 2015

Posted by in E-Discovery

Comments Off on The Path to E-Mail Production II, Revisited

path of email-2This is the seventh in a series revisiting Ball in Your Court columns and posts from the primordial past of e-discovery–updating and critiquing in places, and hopefully restarting a few conversations.  As always, your comments are gratefully solicited.

The Path to Production: Retention Policies That Work

(Part II of IV)

[Originally published in Law Technology News, November 2005]

We continue down the path to production of electronic mail.  Yesterday, I reminded you to look beyond the e-mail server to the many other places e-mail hides.  Now, having identified the evidence, we’re obliged to protect it from deletion, alteration and corruption.

Preservation
Anticipation of a claim is all that’s required to trigger a duty to preserve potentially relevant evidence, including fragile, ever-changing electronic data.  Preservation allows backtracking on the path to production, but fail to preserve evidence and you’ve burned your bridges.

Complicating our preservation effort is the autonomy afforded e-mail users.  They create quirky folder structures, commingle personal and business communications and — most dangerous of all — control deletion and retention of messages.

Best practices dictate that we instruct e-mail custodians to retain potentially relevant messages and that we regularly convey to them sufficient information to assess relevance in a consistent manner.  In real life, hold directives alone are insufficient. Users find it irresistibly easy to delete data, so anticipate human frailty and act to protect evidence from spoliation at the hands of those inclined to destroy it.  Don’t leave the fox guarding the henhouse.

Consider the following as parts of an effective e-mail preservation effort:

  • Litigation hold notices to custodians, including clear, practical and specific retention directives. Notices should remind custodians of relevant places where e-mail resides, but not serve as a blueprint for destruction. Be sure to provide for notification to new hires and collection from departing employees.
  • Suspension of retention policies that call for purging e-mail.
  • Suspension of re-use (rotation) of back up media containing e-mail.
  • Suspension of hardware and software changes which make e-mail inaccessible.
  • Replacing backup systems without retaining the means to read older media.
  • Re-tasking or re-imaging systems for new users.
  • Selling, giving away or otherwise disposing of systems and media.
  • Preventing custodians from deleting/ altering/corrupting e-mail.
  • Immediate and periodic “snapshots” of relevant e-mail accounts.
  • Modifying user privileges settings on local systems and networks.
  • Archival by auto-forwarding selected e-mail traffic to protected storage (i.e., journaling).
  • Restricting activity like moving or copying files tending to irreparably alter file metadata.
  • Packet capture of Instant Messaging (traffic or effective enforcement of IM prohibition.
  • Preserve potential for forensic recovery.
  • Imaging of key hard drives or sequestering systems.
  • Suspension of defragmentation.
  • Barring wiping software and encryption, with audit and enforcement.

Continue reading

The Path to E-Mail Production I, Revisited

19 Monday Jan 2015

Posted by in Computer Forensics, E-Discovery, General Technology Posts

Comments Off on The Path to E-Mail Production I, Revisited

path of emailThis is the sixth in a series revisiting Ball in Your Court columns and posts from the primordial past of e-discovery–updating and critiquing in places, and hopefully restarting a few conversations.  As always, your comments are gratefully solicited.

The Path to E-Mail Production

(Part I of IV)

[Originally published in Law Technology News, October 2005]

Asked, “Is sex dirty,” Woody Allen quipped, “Only if it’s done right.”  That’s electronic discovery: if it’s ridiculously expensive, enormously complicated and everyone’s lost sight of the merits of the case, you’re probably doing it right.

But it doesn’t have to be that way.  Over the next four days, we’ll walk a path to production of e-mail — perhaps the trickiest undertaking in EDD.  The course we take may not be the shortest or easiest, but that’s not the point.  We’re trying to avoid stepping off a cliff.  Not every point is suited to every production effort, but all deserve consideration.

Think Ahead
EDD missteps are painfully expensive, or even unredeemable, if data is lost. Establish expectations at the outset.

Will the data produced:

  • Integrate paper and electronic evidence?
  • Be electronically searchable?
  • Preserve all relevant metadata from the host environment?
  • Be viewable and searchable using a single application, such as a web browser?
  • Lend itself to Bates numbering?
  • Be easily authenticable for admission into evidence?

Meeting these expectations hinges on what you collect along the way through identification, preservation, harvest and population. Continue reading

Don’t Try This at Home, Revisited

16 Friday Jan 2015

Posted by in Computer Forensics, E-Discovery

4 Comments

mcluhanThis is the fifth in a series revisiting Ball in Your Court columns and posts from the primordial past of e-discovery–updating and critiquing in places, and hopefully restarting a few conversations.  As always, your comments are gratefully solicited.

Don’t Try This at Home

[Originally published in Law Technology News, August 2005]

The legal assistant on the phone asked, “Can you send us copies of their hard drives?”

As court-appointed Special Master, I’d imaged the contents of the defendant’s computers and served as custodian of the data for several months.  The plaintiff’s lawyer had been wise to lock down the data before it disappeared, but like the dog that caught the car, he didn’t know what to do next.  Now, with trial a month away, it was time to start looking at the evidence.

“Not unless the judge orders me to give them to you,” I replied. Continue reading

Give Away your Computer, Revisited

14 Wednesday Jan 2015

Posted by in Computer Forensics, E-Discovery, General Technology Posts

3 Comments

give awayThis is the fourth in a series revisiting Ball in Your Court columns and posts from the primordial past of e-discovery–updating and critiquing in places, and hopefully restarting a few conversations.  As always, your comments are gratefully solicited.

Give Away Your Computer 

[Originally published in Law Technology News, July 2005]

With the price of powerful computer systems at historic lows, who isn’t tempted to upgrade?  But, what do you do with a system you’ve been using if it’s less than four or five-years old and still has some life left in it?  Pass it on to a friend or family member or donate it to a school or civic organization and you’re ethically obliged to safeguard client data on the hard drive. Plus, you’ll want to protect your personal data from identity thieves and snoopers.  Hopefully you already know that deleting confidential files and even formatting the drive does little to erase your private information—it’s like tearing out the table of contents but leaving the rest of the book.  How do you be a Good Samaritan without jeopardizing client confidences and personal privacy?

Options
One answer: replace the hard drive with a new one before you donate the old machine.  Hard drives have never been cheaper, and adding the old hard drive as extra storage in your new machine ensures easy access to your legacy data.  But, it also means going out-of-pocket and some surgery inside both machines—not everyone’s cup of tea.

Alternatively, you could remove or destroy the old hard drive, but those accepting older computers rarely have the budget to buy hard drives, let alone the technician time to get donated machines running.  Donated systems need to be largely complete and ready to roll.

Probably the best compromise is to wipe the hard drive completely and donate the system recovery disk along with the system.  Notwithstanding some largely theoretical notions, once you overwrite every sector of your hard drive with zeros or random characters, your data is gone forever.  The Department of Defense recommends several passes of different characters, but just a single pass of zeros is enough to frustrate all computer forensic data recovery techniques in common use. Continue reading

Destined to Fail: Armstrong Pump, Inc. v. Hartman

13 Tuesday Jan 2015

Posted by in Computer Forensics, E-Discovery

3 Comments

Thomas-Alva-EdisonBeing a judge looks easy, and most trial lawyers secretly believe they could do the judge’s job as well as His Honor.  But, being a good judge is harder than it looks. Trial judges must be gifted generalists.  They handle disputes in contract law, tort, patent, trademark and copyright law, eminent domain, employment law, criminal law, domestic relations, administrative law, environmental law—you name it.   Judges have to understand procedure and the process of protecting (or muddying) a record better than the average practitioner.  Judges manage bigger dockets than most lawyers with less help.  Trust me: that bozo on the bench is a lot smarter than he looks, and few imagine how much he has to endure from the advocates that come before him.  Sometimes, district court is just traffic court with better shoes.

I offer all that as preface for judging a judge who was just trying to make justice work with precious little help from the lawyers.  I speak of the judge in Armstrong Pump, Inc. v. Hartman, 2014 WL 6908867, No. 10-cv-446S (W.D.N.Y. Dec. 9, 2014).  I’ve never met U.S. Magistrate Judge Hugh B. Scott, but I know that he has twenty years of distinguished service on the federal bench in Buffalo; so, you can be confident he has a well-honed judicial demeanor and has seen it all before.  But, he may suffer from the same debilitating condition that afflicts me:  He was born at an early age and grew up before computers ruled our lives.  He likely learned discovery when everything was paper, and while he may have evolved into judex electronicus (the wired judge), few of his generation of judges have.  It’s asking a lot of judges to keep up with all they must do and become well-schooled in electronic search and retrieval.  That may explain why his order for relief in Armstrong Pump seems destined to fail.  Unhappily so, because when he cries, “Enough” in the opinion, I am with him wholeheartedly. Continue reading

Cowboys and Cannibals, Revisited

12 Monday Jan 2015

Posted by in E-Discovery

Comments Off on Cowboys and Cannibals, Revisited

cowboys and cannibalsThis is the third in a series revisiting Ball in Your Court columns and posts from the primordial past of e-discovery–updating and critiquing in places, and hopefully restarting a few conversations.  As always, your comments are gratefully solicited.

Cowboys and Cannibals

[Originally published in Law Technology News, June 2005]

With its quick-draw replies, flame wars, porn and spam, e-mail is the Wild West boom town on the frontier of electronic discovery–all barroom brawls, shoot-outs, bawdy houses and snake oil salesman.  It’s a lawless, anyone-can-strike-it-rich sort of place, but it’s taking more-and-more digging and panning to get to the gold.

Folks, we need a new sheriff in town.

A Modest Proposal
E-mail distills most of the ills of e-discovery, among them massive unstructured volume, mixing of personal and business usage, wide-ranging attachment formats and commingled privileged and proprietary content.  E-mail epitomizes “everywhere” evidence.  It’s on the desktop hard drive, the server, backup tapes, home computer, laptop on the road, Internet service provider, cell phone and personal digital assistant.  Stampede!

There’s more to electronic data discovery than e-mail, but were we to figure out how to simply and cost-effectively round up, review and produce all that maverick e-mail, wouldn’t we lick EDD’s biggest problem?  Continue reading

Unclear on the Concept, Revisited

09 Friday Jan 2015

Posted by in E-Discovery

3 Comments

unclear on the conceptThis is the second in a series revisiting Ball in Your Court columns and posts from the primordial past of e-discovery–updating and critiquing in places, and hopefully restarting a few conversations.  As always, your comments are gratefully solicited.

Unclear on the Concept

 [Originally published in Law Technology News, May 2005]

A colleague buttonholed me at the American Bar Association’s recent TechShow and asked if I’d visit with a company selling concept search software to electronic discovery vendors.  Concept searching allows electronic documents to be found based on the ideas they contain instead of particular words. A concept search for “exploding gas tank” should also flag documents that address fuel-fed fires, defective filler tubes and the Ford Pinto. An effective concept search engine “learns” from the data it analyzes and applies its own language intelligence, allowing it to, e.g., recognize misspelled words and explore synonymous keywords.

I said, “Sure,” and was delivered into the hands of an earnest salesperson who explained that she was having trouble persuading courts and litigators that the company’s concept search engine worked. How could they reach them and establish credibility?  She extolled the virtues of their better mousetrap, including its ability to catch common errors, like typing “manger” when you mean “manager.”

But when we tested the product against its own 100,000 document demo dataset, it didn’t catch misspelled terms or search for synonyms. It couldn’t tell “manger” from “manager.” Phrases were hopeless. Worse, it didn’t reveal its befuddlement. The program neither solicited clarification of the query nor offered any feedback revealing that it was clueless on the concept. Continue reading

Starting Over

08 Thursday Jan 2015

Posted by in E-Discovery

3 Comments

DNA of DataOne of the conceits of writing is the perception that when you’ve written on something, it’s behind you.  Not that nothing else need be said on the topic, but only that it need not be said by you.  That’s silly for a host of reasons.  I started writing the print version of Ball in Your Court ten years ago–before the 2006 Federal Rules amendments and before the EDRM.  Half my readers weren’t in the field then, and veteran readers surely missed a few missives. Plus, if the point was worth making, perhaps it bears repeating. So, I now revisit columns and posts from the primordial past of e-discovery–starting over as it were, updating and critiquing in places, and hopefully restarting a few conversations. As always, your comments are gratefully solicited.

The DNA of Data

[2005: the very first Ball in Your Court]

Discovery of electronic data compilations has been part of American litigation for two generations, during which time we’ve seen nearly all forms of information migrate to the digital realm.  Statisticians posit that only five to seven percent of all information is “born” outside of a computer, and very little of the digitized information ever finds its way to paper.  Yet, despite the central role of electronic information in our lives, electronic data discovery (EDD) efforts are either overlooked altogether or pursued in such epic proportions that discovery dethrones the merits as the focal point of the case.  At each extreme, lawyers must bear some responsibility for the failure.  Few of us have devoted sufficient effort to learning the technology, instead deluding ourselves that we can serve our clients by continuing to focus on the smallest, stalest fraction of the evidence: paper documents.  When we do garner a little knowledge, we abuse it like the Sorcerer’s Apprentice, by demanding production of “any and all” electronic data and insisting on preservation efforts sustainable only through operational paralysis.  We didn’t know how good we had it when discovery meant only paper. Continue reading

A Simple Breach

23 Tuesday Dec 2014

Posted by in Computer Forensics, General Technology Posts

6 Comments

dbpix-hack-blog480[1]My son’s second floor apartment in Chicago was ransacked while he was in Austin for the holidays.  Thieves climbed up and kicked in the patio door.  It’s a grim reminder of the disconnect between our sense of security and its fragile reality.  A locked door is nothing to a determined intruder, and who among us is protected by more than a thin pane of glass?  Our optimistic efforts at security merely serve to stave off opportunistic threats of the sort that move on to easier pickings when a door is locked or the lights on.  The rest is mostly luck.

In the context of data breach, I laugh when companies attribute data breaches to “ultra-sophisticated attacks.”  In truth, most intrusions stem from simple vulnerabilities like compromised passwords and unpatched exploits.  The victims left the doors unlocked and packages on the porch.  Corporations–particularly banks and brokerage houses–aren’t going to admit their systems are so vulnerable that any determined burglar can jimmy the locks.  Loathe to confess they fell prey to the bungling burglars from “Home Alone,” companies blame Lex Luthor.

But here’s a refreshing exception to the Lex Luthor Lie:  Last night, the New York Times reported that, “The computer breach at JPMorgan Chase this summer—the largest intrusion of an American bank to date—might have been thwarted if the bank had installed a simple security fix to an overlooked server.”

Left shorthanded by a spate of employee departures, JPMorgan Chase’s security team reportedly failed to upgrade a segment of the network to dual-factor authentication–meaning any web surfer with a password could get in and roam around.  And roam they did, gaining high-level access to more than 90 of the giant bank’s servers.

Fast forward to the headline-making Sony Pictures hack—what some appallingly call “Hollywood’s 9/11.”  Sure, it’s attributed to North Korean hackers; but, it wasn’t necessarily the work of sophisticated North Korean hackers.  One recent report makes the case that the Sony hack was anything but the “unique”, “unprecedented” and “undetectable” event Sony’s CEO suggests.  If there’s truth to the claim that the intruders spirited off some 100 terabytes of data, that staggering haul suggests weeks or months of unbridled access.  The Sony burglars didn’t just kick in the door; they set up housekeeping and hung curtains!

Next time you hear a data breach was the work of “sophisticated hackers availing themselves of zero-day exploits,” take it with a grain of salt.  The likelihood is that they entered using a default password or an insecure authenticator like “sonyml3,” the password revealed as that of Sony CEO, Michael Lynton (ml).

Hmmm.  Maybe the North Koreans could have spared us “The Green Hornet,” if they’d  had “sonyml1” or “sonyml2.”  Kimchi for thought.

Houston: Free Screening of the Decade of Discovery; 12/2/2014

27 Thursday Nov 2014

Posted by in E-Discovery

4 Comments

no judgesOn Monday, I screened Joe Looby’s film, The Decade of Discovery, for my University of Texas Law School e-discovery class.  It was a last-minute change prompted by our scheduled speaker falling ill; but, it proved a most effective way to coalesce the information covered in class.  It was also fun to know all of the “actors” and to have lately been with most of them in New Orleans for The Sedona Conference All Voices meeting and in D.C. for the Georgetown Advanced E-Discovery Institute and John Facciola Appreciation Dinner.  It was all I could do to not shout, “Hey, I know her, and him, and that guy, too!”

Afterward, we debated whether it would be better for e-discovery students to see the film at the start of a semester or at the close.  The consensus was that it might have scared students away if they’d seen it too soon.  I think it would be worthwhile to screen it at both the start and end of the semester, if only to make students appreciate how conversant they’ve become in the esoteric subject matter in three months.  Either way, it’s an entertaining hour for bored, stressed  law students.

Likewise, it’s will be a entertaining and FREE evening for anyone who can be in Houston on Tuesday, December 2, 2014 and wishes to attend the complimentary screening of The Decade of Discovery at the Majestic Metro Theatre (911 Preston Street in downtown Houston).  Sponsored by Bloomberg BNA, the evening starts with a networking reception from 6:30-7:30 pm followed by opening remarks from the director at 7:30pm. The screening runs from 7:45-8:45 pm and concludes with a spirited panel discussion.  I am one of the panelists, along with Jason Baron (a/k/a The Sultan of Search), who stars in the film.

To recap, it’s fun, it’s free and the festivities start at 6:30 pm on Tuesday, December 2, 2014 at the Majestic Metro Theatre.  Click here to register to attend.

Because most of you will already be dressed like the actors, feel free to treat this like a midnight screening of Rocky Horror Picture Show and say (or sing) along.  And if you fear it might not be exciting to hear people talk about the tribulations of keyword search for an hour, I assure you that (spoiler alert) there are at least two dramatic car crashes depicted in the film, and there are no purely gratuitous sex scenes.