Cowboys and Cannibals, Revisited

12 Monday Jan 2015

Posted by in E-Discovery

Comments Off on Cowboys and Cannibals, Revisited

cowboys and cannibalsThis is the third in a series revisiting Ball in Your Court columns and posts from the primordial past of e-discovery–updating and critiquing in places, and hopefully restarting a few conversations.  As always, your comments are gratefully solicited.

Cowboys and Cannibals

[Originally published in Law Technology News, June 2005]

With its quick-draw replies, flame wars, porn and spam, e-mail is the Wild West boom town on the frontier of electronic discovery–all barroom brawls, shoot-outs, bawdy houses and snake oil salesman.  It’s a lawless, anyone-can-strike-it-rich sort of place, but it’s taking more-and-more digging and panning to get to the gold.

Folks, we need a new sheriff in town.

A Modest Proposal
E-mail distills most of the ills of e-discovery, among them massive unstructured volume, mixing of personal and business usage, wide-ranging attachment formats and commingled privileged and proprietary content.  E-mail epitomizes “everywhere” evidence.  It’s on the desktop hard drive, the server, backup tapes, home computer, laptop on the road, Internet service provider, cell phone and personal digital assistant.  Stampede!

There’s more to electronic data discovery than e-mail, but were we to figure out how to simply and cost-effectively round up, review and produce all that maverick e-mail, wouldn’t we lick EDD’s biggest problem?  Continue reading

Unclear on the Concept, Revisited

09 Friday Jan 2015

Posted by in E-Discovery

3 Comments

unclear on the conceptThis is the second in a series revisiting Ball in Your Court columns and posts from the primordial past of e-discovery–updating and critiquing in places, and hopefully restarting a few conversations.  As always, your comments are gratefully solicited.

Unclear on the Concept

 [Originally published in Law Technology News, May 2005]

A colleague buttonholed me at the American Bar Association’s recent TechShow and asked if I’d visit with a company selling concept search software to electronic discovery vendors.  Concept searching allows electronic documents to be found based on the ideas they contain instead of particular words. A concept search for “exploding gas tank” should also flag documents that address fuel-fed fires, defective filler tubes and the Ford Pinto. An effective concept search engine “learns” from the data it analyzes and applies its own language intelligence, allowing it to, e.g., recognize misspelled words and explore synonymous keywords.

I said, “Sure,” and was delivered into the hands of an earnest salesperson who explained that she was having trouble persuading courts and litigators that the company’s concept search engine worked. How could they reach them and establish credibility?  She extolled the virtues of their better mousetrap, including its ability to catch common errors, like typing “manger” when you mean “manager.”

But when we tested the product against its own 100,000 document demo dataset, it didn’t catch misspelled terms or search for synonyms. It couldn’t tell “manger” from “manager.” Phrases were hopeless. Worse, it didn’t reveal its befuddlement. The program neither solicited clarification of the query nor offered any feedback revealing that it was clueless on the concept. Continue reading

Starting Over

08 Thursday Jan 2015

Posted by in E-Discovery

3 Comments

DNA of DataOne of the conceits of writing is the perception that when you’ve written on something, it’s behind you.  Not that nothing else need be said on the topic, but only that it need not be said by you.  That’s silly for a host of reasons.  I started writing the print version of Ball in Your Court ten years ago–before the 2006 Federal Rules amendments and before the EDRM.  Half my readers weren’t in the field then, and veteran readers surely missed a few missives. Plus, if the point was worth making, perhaps it bears repeating. So, I now revisit columns and posts from the primordial past of e-discovery–starting over as it were, updating and critiquing in places, and hopefully restarting a few conversations. As always, your comments are gratefully solicited.

The DNA of Data

[2005: the very first Ball in Your Court]

Discovery of electronic data compilations has been part of American litigation for two generations, during which time we’ve seen nearly all forms of information migrate to the digital realm.  Statisticians posit that only five to seven percent of all information is “born” outside of a computer, and very little of the digitized information ever finds its way to paper.  Yet, despite the central role of electronic information in our lives, electronic data discovery (EDD) efforts are either overlooked altogether or pursued in such epic proportions that discovery dethrones the merits as the focal point of the case.  At each extreme, lawyers must bear some responsibility for the failure.  Few of us have devoted sufficient effort to learning the technology, instead deluding ourselves that we can serve our clients by continuing to focus on the smallest, stalest fraction of the evidence: paper documents.  When we do garner a little knowledge, we abuse it like the Sorcerer’s Apprentice, by demanding production of “any and all” electronic data and insisting on preservation efforts sustainable only through operational paralysis.  We didn’t know how good we had it when discovery meant only paper. Continue reading

A Simple Breach

23 Tuesday Dec 2014

Posted by in Computer Forensics, General Technology Posts

6 Comments

dbpix-hack-blog480[1]My son’s second floor apartment in Chicago was ransacked while he was in Austin for the holidays.  Thieves climbed up and kicked in the patio door.  It’s a grim reminder of the disconnect between our sense of security and its fragile reality.  A locked door is nothing to a determined intruder, and who among us is protected by more than a thin pane of glass?  Our optimistic efforts at security merely serve to stave off opportunistic threats of the sort that move on to easier pickings when a door is locked or the lights on.  The rest is mostly luck.

In the context of data breach, I laugh when companies attribute data breaches to “ultra-sophisticated attacks.”  In truth, most intrusions stem from simple vulnerabilities like compromised passwords and unpatched exploits.  The victims left the doors unlocked and packages on the porch.  Corporations–particularly banks and brokerage houses–aren’t going to admit their systems are so vulnerable that any determined burglar can jimmy the locks.  Loathe to confess they fell prey to the bungling burglars from “Home Alone,” companies blame Lex Luthor.

But here’s a refreshing exception to the Lex Luthor Lie:  Last night, the New York Times reported that, “The computer breach at JPMorgan Chase this summer—the largest intrusion of an American bank to date—might have been thwarted if the bank had installed a simple security fix to an overlooked server.”

Left shorthanded by a spate of employee departures, JPMorgan Chase’s security team reportedly failed to upgrade a segment of the network to dual-factor authentication–meaning any web surfer with a password could get in and roam around.  And roam they did, gaining high-level access to more than 90 of the giant bank’s servers.

Fast forward to the headline-making Sony Pictures hack—what some appallingly call “Hollywood’s 9/11.”  Sure, it’s attributed to North Korean hackers; but, it wasn’t necessarily the work of sophisticated North Korean hackers.  One recent report makes the case that the Sony hack was anything but the “unique”, “unprecedented” and “undetectable” event Sony’s CEO suggests.  If there’s truth to the claim that the intruders spirited off some 100 terabytes of data, that staggering haul suggests weeks or months of unbridled access.  The Sony burglars didn’t just kick in the door; they set up housekeeping and hung curtains!

Next time you hear a data breach was the work of “sophisticated hackers availing themselves of zero-day exploits,” take it with a grain of salt.  The likelihood is that they entered using a default password or an insecure authenticator like “sonyml3,” the password revealed as that of Sony CEO, Michael Lynton (ml).

Hmmm.  Maybe the North Koreans could have spared us “The Green Hornet,” if they’d  had “sonyml1” or “sonyml2.”  Kimchi for thought.

Houston: Free Screening of the Decade of Discovery; 12/2/2014

27 Thursday Nov 2014

Posted by in E-Discovery

4 Comments

no judgesOn Monday, I screened Joe Looby’s film, The Decade of Discovery, for my University of Texas Law School e-discovery class.  It was a last-minute change prompted by our scheduled speaker falling ill; but, it proved a most effective way to coalesce the information covered in class.  It was also fun to know all of the “actors” and to have lately been with most of them in New Orleans for The Sedona Conference All Voices meeting and in D.C. for the Georgetown Advanced E-Discovery Institute and John Facciola Appreciation Dinner.  It was all I could do to not shout, “Hey, I know her, and him, and that guy, too!”

Afterward, we debated whether it would be better for e-discovery students to see the film at the start of a semester or at the close.  The consensus was that it might have scared students away if they’d seen it too soon.  I think it would be worthwhile to screen it at both the start and end of the semester, if only to make students appreciate how conversant they’ve become in the esoteric subject matter in three months.  Either way, it’s an entertaining hour for bored, stressed  law students.

Likewise, it’s will be a entertaining and FREE evening for anyone who can be in Houston on Tuesday, December 2, 2014 and wishes to attend the complimentary screening of The Decade of Discovery at the Majestic Metro Theatre (911 Preston Street in downtown Houston).  Sponsored by Bloomberg BNA, the evening starts with a networking reception from 6:30-7:30 pm followed by opening remarks from the director at 7:30pm. The screening runs from 7:45-8:45 pm and concludes with a spirited panel discussion.  I am one of the panelists, along with Jason Baron (a/k/a The Sultan of Search), who stars in the film.

To recap, it’s fun, it’s free and the festivities start at 6:30 pm on Tuesday, December 2, 2014 at the Majestic Metro Theatre.  Click here to register to attend.

Because most of you will already be dressed like the actors, feel free to treat this like a midnight screening of Rocky Horror Picture Show and say (or sing) along.  And if you fear it might not be exciting to hear people talk about the tribulations of keyword search for an hour, I assure you that (spoiler alert) there are at least two dramatic car crashes depicted in the film, and there are no purely gratuitous sex scenes.

Location. Location. Location.

26 Wednesday Nov 2014

Posted by in Computer Forensics, E-Discovery, General Technology Posts

3 Comments

Gladys_KravitzI’m peripatetic.  My stuff lives in Austin; but, I’m in a different city every few days.  Lately looking for a new place for my stuff to await my return, I’m reminded of the first three rules of real estate investing: 1. Location; 2. Location and 3. Location.

Location has long been crucial in trial, too: “So, you claim you were at home alone on the night of November 25, 2014 when this heinous crime was committed!  Is that what you expect this jury to believe?”  If you can pinpoint people’s locations at particular times, you can solve crimes.  If you have precise geolocation data, you can calculate speed, turn up trysts, prove impairment, demonstrate collusion and even show who had the green light. Location and time are powerful tools to implicate and exonerate.

A judge called today to inquire about ways in which cell phones track and store geolocation data.  He wanted to know what information is recoverable from a seized phone.  I answered that, depending upon the model and its usage, a great deal of geolocation data may emerge, most of it not tied to making phone calls.  Tons of geolocation data persist both within and without phones.

Cell phones have always been trackable by virtue of their essential communication with cell tower sites.  Moreover, and by law, any phone sold in the U.S. must be capable of precise GPS-style geolocation in order to support 9-1-1 emergency response services. Your phone broadcasts its location all the time with a precision better than ten meters. Phones are also pinging for Internet service by polling nearby routers for open IP connections and identifying themselves and the routers.  You can forget about turning off all this profligate pinging and polling.  Anytime your phone is capable of communicating by voice, text or data, you are generating and collecting geolocation data.  Anytime. Every time.  And when you interrupt that capability, that also leaves a telling record.

Continue reading

Bennat C. Mullen: A Simple Treasure Goes Home

09 Sunday Nov 2014

Posted by in Personal

9 Comments

Bennat C. MullenMy father-in-law, Bennat Mullen, died unexpectedly on Saturday.  He was the sweetest, gentlest and most considerate man I’ve ever known.  He could devour a challenging book or just listen to the wind in the trees with the same simple joy, wonder and engagement he brought to everything.  Bennat was that rare sort who would ask what you thought about something and then attend carefully to your answer.  He didn’t look for his next chance to speak.  He sought his next chance to listen and learn.  Bennat met all with the conviction that he could learn something from them, and like Chaucer’s Clerk from Oxford, “gladly would he learn and gladly teach.”

Education was Bennat’s lifelong passion and key to his achievements.  He came from nothing.  “Dirt poor” aptly describes his early family life.  No one before him had finished school.  Even the odd spelling of “Bennat” is legacy to his parents’ near-illiteracy.  But, thanks to the Air Force and the miracle of the G.I. Bill, Bennat Mullen rose from the hardscrabble, attended college, became a school principal, earned a Ph.D. and emerged an esteemed Professor of Education.  He made the world a better place by teaching teachers.  Who among us is not indebted for that? Continue reading

Rule 34: Grewal Ventures an Opinion

21 Tuesday Oct 2014

Posted by in E-Discovery

1 Comment

Judge-GrewalU.S. Magistrate Judge Paul S. Grewal (pronounced “grey-wahl”) cuts an impressive figure in the e-discovery community.  In less than four years on the bench, Judge Grewal has written several opinions addressing instances of discovery incompetence and misconduct in epic battles between the tech titans tramping through his court in San Jose, California.  His latest is an order on a Motion to Compel and for Sanctions in a patent dispute, Venture Corp., LTD v. James P. Barrett.  It’s a fight between a multi-billion dollar Singapore tech concern and an inventor.  In praising Judge Grewal, I feel obliged to point out that he enjoyed an unfair advantage over the litigants in that His Honor read the Federal Rules of Civil Procedure, particularly Rule 34, which Judge Grewal termed “about as basic to any civil case as it gets.”  No fair reading the rules, Judge! Continue reading

Does Evidence Derive from Discovery?

16 Thursday Oct 2014

Posted by in E-Discovery, Uncategorized

14 Comments

edrm-IDIs anyone else troubled that the most oft-cited research into e-discovery–the Blair & Marron study of keyword search–dates from 1985? Recent “studies” are often seat-of-the-pants opinion polls of the sort that ask in house counsel to guess how well prepared their companies are to deal with e-discovery or what they think discovery costs. These are interesting; but, they’re no more reliable than polls asking people to rate themselves as “fair minded” or “intelligent.” Polls measure people’s expectations about what facts might be, not facts. The long-held consensus that the sun circled a flat Earth didn’t make it so.

We need objective metrics in e-discovery, and one thing I’d like to see measured is the origin of the information obtained in discovery that’s actually used to prosecute or defend cases. My experience is that cases are won or lost using a handful of items versus the number exchanged in discovery. Do the exhibits used in motions, depositions and trials derive from e-discovery or do they emerge by other means? Continue reading

Preserving Gmail for Dummies

15 Wednesday Oct 2014

Posted by in Computer Forensics, E-Discovery

12 Comments

gmail_GoogleI posted here a year ago laying out a detailed methodology for collection and preservation of the contents of a Gmail account in the static form of a standard Outlook PST.  Try as I might to make it foolproof, downloading Gmail using IMAP and Outlook is tricky.  Happily since my post, the geniuses at Google introduced a truly simple, no-cost way to collect Gmail and other Google content for preservation and portability.  It sets a top flight example for online service providers, and presages how we may use the speed, power and flexibility of Google search as a culling mechanism before exporting for e-discovery. Continue reading