Tag Archives: litigation

SharePoint Search: Beyond eDiscovery

by Barry Murphy

I had the pleasure of conducting a SharePoint eDiscovery webinar with Patrick Burke of Reed Smith for the OLP last week.  The subject is fascinating because finding, preserving, and reviewing SharePoint content in the litigation/investigation context can be so challenging.  The metadata users add to content (e.g. workflow tasks), the web page interface that creates more native ESI than just a document, and the decentralization of SharePoint deployments make eDiscovery for SharePoint a topic unto itself.  Often lost in this topic is the issue of end-user search of SharePoint.

When I talk about end-user search in SharePoint, most people just assume that the search functionality baked in to the product (Microsoft acquired FAST Search & Transfer several years back) is enough.  In some cases, that will be correct, but in others it does not work to give business users efficient access to information.  Some companies have standardized on SharePoint as an enterprise content management (ECM) platform while others have some departments that use SharePoint for sharing files and managing specific business processes.  In either situation, the reality is that business workers store information in multiple places – SharePoint, email, network file shares, etc.  To find that information is often a frustrating task of switching from application to application only to have a subpar search experience.

Consider the screenshot below of a search experience in SharePoint:

SharePoint blog 1

Click to enlarge

The experience leaves something to be desired in that I have to execute several more clicks on the left to do any kind of filtering and, in the result set itself, it is very difficult to know if any of these are the document I am looking for because I can’t see the document itself.  I would need to open it first.  In addition, as a business worker, I probably don’t know if I should be looking in email, file shares, or SharePoint for the document I need.  I know I saw it somewhere, but can’t remember where.  In this search experience, if I don’t find what I am looking for in SharePoint, I now have to go search my email and then my file system.  It adds up to a waste of time.

Now, consider a unified, single-pane-of-glass approach:

SharePoint blog 2

Click to enlarge

In this user interface, I can search across email, files, and SharePoint.  I can see a full-fidelity preview of the attachment.  I can refine on any kind of metadata.  It is a positive search experience that is helpful and allows me to be efficient.  More and more people realize now that this unified access to information is critically important. That may be why SharePoint guru Joel Oleson said, after a X1 Search 8 product demo, “the great news is seeing unified search across the variety of platforms [email, file shares, SharePoint] in a single powerful desktop product priced very reasonably.”  It’s because business workers really do need that unified interface across all information.  To be forced to move from email to SharePoint just to run a search can be frustrating and time consuming.  For SharePoint administrators, not having to worry about a user’s search experience in SharePoint is liberating.  When business workers and IT administrators are both happy, the world is a better place.

Read Joel Oleson’s complete review of X1 Search 8 here >

 

Leave a comment

Filed under Cloud Data, Enterprise eDiscovery, Enterprise Search, SharePoint, Uncategorized

Discovery Templates for Social Media Evidence

Book coverAs a follow-up to the highly popular Q&A last week featuring DLA attorneys Joshua Briones and Ana Tagvoryan, they both have graciously allowed us to distribute a few of their social media discovery templates found in the appendix of their book:  Social Media as Evidence: Cases, Practice Pointers and Techniques, published by the American Bar Association, available for purchase online from the ABA here.

The first template is deposition questions relating to social media evidence. The second is a sample of special interrogatories. They can be accessed at this link. Thanks again to Joshua and Ana for their insightful interview, and for providing these resources.  Their book contains many more such templates and practice tips, including sample document requests, proposed jury instructions, client litigation hold memorandums with a detailed preservation checklist, preservation demand letters, and much more.

In other social discovery news, the ABA Journal this month published an insightful piece on social media discovery, featuring attorney Ralph Losey, with a nice mention of X1 Social Discovery. In a key excerpt, the ABA Journal acknowledges that “there is a pressing need for a tool that can monitor and archive everything a law firm’s client says and does on social media.”  The article also noted that more than 41% of firms surveyed in Fulbright’s 2013 annual Litigation Trends report, acknowledged they preserved and collected such data to satisfy litigation and investigation needs, which was an increase from 32% the prior year.

Another important publication, Compliance Week, also highlighted social media discovery, where Grant Thornton emphasizes their use of X1 Social Discovery as part of the firms anti-fraud and data leakage toolset. Incidentally,  when determining whether a given eDiscovery tool is in fact a leading solution in its class, in our view it is important to look at how many consulting firms are actually utilizing the technology, as consulting firms tend to be sophisticated buyers, who actually use the tools in “the front lines.” By our count we have over 400 paid install sites of X1 Social Discovery and over half of those – 223 to be exact – are eDiscovery and other digital investigation consulting firms. We believe this is a key testament to the strength of our solution, given the use by these early adopters.

Leave a comment

Filed under Best Practices, eDiscovery & Compliance, Social Media Investigations

Mid-Year Report: Legal Cases Involving Social Media Rapidly Increasing

As part of our ongoing effort to monitor legal developments concerning social media evidence, we again searched online legal databases of state and federal court decisions across the United States — this time to identify the number of cases in the first half of 2012 where evidence from social networking sites played a significant role. The results are available here in a detailed spreadsheet listing each case, allowing for anyone to review the cases and conduct their own analysis. The cases are accessible for free on Google Scholar.  The overall tally come in at 319 cases for this 6 month period, which is about an 85 percent increase in the number of published social media cases over the same period in 2011, as reported by our prior survey earlier this year.

As with the last survey, we reviewed all the search results and added annotations for the more notable cases, and were sure to eliminate duplicates and to not count de minimis entries — defined as cases with merely cursory or passing mentions of social media sites.  As only a very small number of cases–approximately one percent of all filed cases– involve a published decision that we can access online, it is safe to assume that several thousand, if not tens of thousands more cases involved social media evidence during this time period. Additionally, many of these published decisions involve fact patterns from as far back as 2008, as they are now just working their way through the appeals process. Finally, these cases do not reflect the presumably many thousands of more instances where social media evidence was relevant to an internal investigation or compliance audit, yet did not evolve into actual litigation. Even so, this limited survey is an important data point establishing the ubiquitous nature of social media evidence, its escalating importance and the necessity of best practices technology to search and collect this data for litigation and compliance requirements.

The search, limited to the top four social networking sites, tallied as follows: Facebook is now far in the lead with 197 cases, MySpace tallied in at 89, mostly with fact patterns circa 2009, Twitter with 25 and LinkedIn with 8. Criminal matters marked the most common category of cases involving social media evidence, followed by employment related litigation, insurance claims/personal injury, family law and general business litigation (trademark infringement/libel/unfair competition). One interesting and increasingly common theme involved social media usage being considered as a factor in establishing minimum contacts for jurisdictional purposes. (See Juniper Networks, Inc. v. JUNIPER MEDIA, LLC, and Lyons v. RIENZI & SONS, INC, as examples)

We plan on providing a complete summary for all of the 2012 cases in early January and it safe to assume that the second half of 2012 will continue to see a sharp increase in the presence of social media evidence.

> View all 2012 cases and more now

3 Comments

Filed under Case Law

Authenticating Internet Web Pages as Evidence: a New Approach

By John Patzakis and Brent Botta

In recent posts, we have addressed the issue of evidentiary authentication of social media data. (See previous entries here and here). General Internet site data available through standard web browsing, instead of social media data provided by APIs or user credentials, presents slightly different but just as compelling challenges.

The Internet provides torrential amounts of evidence potentially relevant to litigation matters, with courts routinely facing proffers of data preserved from various websites. This evidence must be authenticated in all cases, and the authentication standard is no different for website data or chat room evidence than for any other. Under Federal Rule of Evidence 901(a), “The requirement of authentication … is satisfied by evidence sufficient to support a finding that the matter in question is what its proponent claims.” United States v. Simpson, 152 F.3d 1241, 1249 (10th Cir. 1998).

Ideally, a proponent of the evidence can rely on uncontroverted direct testimony from the creator of the web page in question. In many cases, however, that option is not available. In such situations, the testimony of the viewer/collector of the Internet evidence “in combination with circumstantial indicia of authenticity (such as the dates and web addresses), would support a finding” that the website documents are what the proponent asserts. Perfect 10, Inc. v. Cybernet Ventures, Inc. (C.D.Cal.2002) 213 F.Supp.2d 1146, 1154. (emphasis added) (See also, Lorraine v. Markel American Insurance Company, 241 F.R.D. 534, 546 (D.Md. May 4, 2007) (citing Perfect 10, and referencing MD5 hash values as an additional element of potential “circumstantial indicia” for authentication of electronic evidence).

One of the many benefits of X1 Social Discovery is its ability to preserve and display all the available “circumstantial indicia” – to borrow the Perfect 10 court’s term — to the user in order to present the best case possible for the authenticity of Internet-based evidence collected with the software. This includes collecting all available metadata and generating a MD5 checksum or “hash value” of the preserved data.

But html web pages pose unique authentication challenges and merely generating an MD5 checksum of the entire web page, or just the web page source file, provides limited value because web pages are constantly changing due to their very fluid and dynamic nature. In fact, a web page collected from the Internet in immediate succession would very likely calculate two different MD5 checksums. This is because web pages typically feature links to many external items that are dynamically loaded upon each page view. These external links take the form of cascading style sheets (CSS), graphical images, JavaScripts and other supporting files. This linked content can be stored on another server in the same domain, but is often located somewhere else on the Internet.

When the Web browser loads a web page, it consolidates all these items into one viewable page for the user. Since the Web page source file contains only the links to the files to be loaded, the MD5 checksum of the source file can remain unchanged even if the content of the linked files become completely different.  Therefore, the content of the linked items must be considered in the authenticity of the Web page. X1 Social Discovery addresses these challenges by first generating an MD5 checksum log representing each item that constitutes the Web page, including the main Web page’s source. Then an MD5 representing the content of all the items contained within the web page is generated and preserved.

To further complicate Web collections, entire sections of a Web page are often not visible to the viewer. These hidden areas serve various purposes, including metatagging for Internet search engine optimization. The servers that host Websites can either store static Web pages or dynamically created pages that usually change each time a user visits the Website, even though the actual content may appear unchanged.

In order to address this additional challenge, X1 Social Discovery utilizes two different MD5 fields for each item that makes a Web page.  The first is the acquisition hash that is from the actual collected information.  The second is the content hash.  The content hash is based on the actual “BODY” of a Web page and ignores the hidden metadata.  By taking this approach, the content hash will show if the user viewable content has actually changed, not just a hidden metadata tag provided by the server. To illustrate, below is a screenshot from the metadata view of X1 Social Discovery for website capture evidence, reflecting the generation of MD5 checksums for individual objects on a single webpage:

The time stamp of the capture and url of the web page is also documented in the case. By generating hash values of all individual objects within the web page, the examiner is better able to pinpoint any changes that may have occurred in subsequent captures. Additionally, if there is specific item appearing on the web page, such as an incriminating image, then is it is important to have an individual MD5 checksum of that key piece of evidence. Finally, any document file found on a captured web page, such as a pdf, Powerpoint, or Word document, will also be individually collected by X1 Social Discovery with corresponding acquisition and content hash values generated.

We believe this approach to authentication of website evidence is unique in its detail and presents a new standard. This authentication process supports the equally innovative automated and integrated web collection capabilities of X1 Social Discovery, which is the only solution of its kind to collect website evidence both through a one-off capture or full crawling, including on a scheduled basis, and have that information instantly reviewable in native file format through a federated search that includes multiple pieces of social media and website evidence in a single case. In all, X1 Social Discovery is a powerful solution to effectively collect from social media and general websites across the web for both relevant content and all available “circumstantial indicia.”

Leave a comment

Filed under Authentication, Best Practices, Preservation & Collection