The New York Appellate Division allowed discovery into the non-public information of the social media accounts of a former professional basketball player relevant to his personal injury claims arising out of an automobile accident. In Vasquez-Santos v. Mathew 2019 NY Slip Op 00541 (January 24, 2019), the court held that the defendant may utilize the services of a “data mining” company for a widespread search of the plaintiff’s devices, email accounts, and social media.
Vasquez-Santos is an extension of a large body of court decisions that allow discovery of a user’s “private” social media messages, posts and photos where that information is reasonably calculated to contain evidence material and necessary to the litigation. Private social media information can be discoverable to the extent it “contradicts or conflicts with [a] plaintiff’s alleged restrictions, disabilities, and losses, and other claims” according the Vasquez-Santos Court.
The Court found that the defendant “is entitled to discovery to….defend against plaintiff’s claims of injury,” and noted that the requested access to plaintiff’s accounts and devices “was appropriately limited in time, i.e., only those items posted or sent after the accident, and in subject matter, i.e., those items discussing or showing defendant engaging in basketball or other similar physical activities.”
Also noteworthy was the Court’s finding that while plaintiff did not take the pictures himself, that was of no import to the decision. He was “tagged,” thus allowing him access to the pictures, and thus populated his social media account.
This decision is consistent with the general rule that while social media is clearly discoverable, there must be a requisite showing of relevance before the court moves to compel full production of a litigant’s “private” social media.
This case illustrates that any solution purporting to support eDiscovery for social media must have robust public search and collection capabilities. This means more than merely one-off screen scrapes but instead an ability to search, identify and capture up to thousands of social media posts on an automated and scalable basis.
X1 Social Discovery has the ability to find an individual’s publicly available content and to collect it in an automated fashion in native format with all available metadata intact to enable systematic and scalable search, review, tagging and analysis. We heard from one major law firm that screen captures of a single public Facebook account took several hours, with the resulting images not searchable or organized into a case-centric workflow. Now with X1 Social Discovery, they are able to accomplish this full capture in seconds. This is critically important to conduct proper due diligence on a case and to better assist legal and investigative professionals to make the requisite showings for the full discovery of social media evidence in civil discovery, as in Vasquez-Santos.
eDiscovery efforts are often costly, time consuming and burdensome. The volume of Electronically Stored Information is growing exponentially and will only continue to do so. Even with the advent of technology assisted review (TAR), the costs associated with collecting, processing, reviewing, and producing documents in litigation are the source of considerable pain for litigants. The only way to reduce that pain to its minimum is to use all tools available in all appropriate circumstances within the bounds of reasonableness and proportionality to control the volumes of data that enter the discovery pipeline.
Litigators and commentators often pine for the advent of a systemized, uniform and defensible process for custodian self-collection. Conceptually, such an ideal process would be where custodians are automatically presented with a set of their documents and emails that are identified as potentially relevant to a given matter through a set of keywords and other search parameters that are uniformly applied across all custodians. This set of ESI would be presented to the custodian in a controlled interface with no ability to delete documents or emails, and only the ability to review and apply tags and annotations. The custodian would have to comply with the order and all documents responsive to the initial unified search would be collected as a default control mechanism.
With X1 Data Audit and Compliance (XDAC), the option for a defensible custodian assisted review (CAR) is now a reality. At a high level, with XDAC, organizations can perform targeted search and collection of the ESI of thousands of endpoints over the internal network without disrupting operations. The search results are returned in minutes, not weeks, and thus can be highly granular and iterative, based upon multiple keywords, date ranges, file types, or other parameters. This approach typically reduces the eDiscovery collection and processing costs by at least one order of magnitude (90%), thereby bringing much needed feasibility to enterprise-wide eDiscovery collection that can save organizations millions while improving compliance. XDAC includes X1 Insight and Collection for pure eDiscovery use cases.
As a key optional feature, XDAC provides custodian assisted review, where custodians are presented with a listing of their potentially relevant ESI in a controlled, systemized and uniform identification process for their review and tagging. Instead of essentially asking the custodians to “please rummage through your entire email account and all your documents to look for what you might think is relevant to this matter,” the custodians are presented with a narrow and organized subset of potentially relevant ESI for their review.
While the custodians are able to assist with the review, they cannot impact or control what ESI is identified and preserved; this is controlled and managed centrally by the eDiscovery practitioner. This way, custodians can apply their own insight to the information and even flag personal private data, all while effectuating very cost-effective and systematic ESI collection.
Powerful Analytics Engine
TAR features powerful algorithms that cluster documents and otherwise work their magic. CAR also relies on a powerful analytics engine — the human brain. Custodians know a lot about their own documents and emails. This is particularly true in technical or other complex matter where the custodians are engineers or other professionals who simply better understand the dynamics and the nuances of their information. With the X1 process, the custodians provide a key data point, where their input is used to inform the secondary review.
The process is very defensible as the exercise is logged and documented, with all metadata kept intact and a concise chain of custody established. Best of all, the custodian-applied tags and annotations are preserved and retained through the review process with X1 integration with Relativity. I could describe this very important feature a lot further, but candidly the best way to get a full picture is to see it for yourself. I recommend that you view this recorded 9 minute demonstration of X1’s custodian self-review feature here.
We believe X1’s functionality provides the optimal means for enterprise eDiscovery preservation, collection and early data assessment, especially with the key additional (and optional) feature of custodian assisted review. But please see for yourself and let us know what you think!
In his recent blog post, X1 CEO Craig Carpenter discussed the inability of any software provider to solve a critical need by delivering a truly scalable eDiscovery preservation and collection solution. As Craig pointed out, in the absence of such a “holy grail” solution, eDiscovery collection remains dominated by either unsupervised custodian self-collection or manual services, driving up costs while increasing risk and disruption to business operations.
Craig outlined how endpoint forensic imaging are still employed on a limited basis. Many companies have also tried network crawling methods with repurposed forensic tools. (A “collection 2.1” method, if you will). While this can be feasible for a small number of custodians, network bandwidth constraints coupled with the requirement to migrate all endpoint data back to the forensic crawling tool renders the approach ineffective. For example, to search a custodian’s laptop with 10 gigabytes of email and documents, all 10 gigabytes must be copied and transmitted over the network, where it is then searched, all of which takes at least several hours per computer. So, most organizations choose to force collect all 10 gigabytes. The case of U.S. ex rel. McBride v. Halliburton Co. 272 F.R.D. 235 (2011), illustrates this specific pain point well. In McBride, Magistrate Judge John Facciola’s instructive opinion outlines Halliburton’s eDiscovery struggles to collect and process data from remote locations:
“Since the defendants employ persons overseas, this data collection may have to be shipped to the United States, or sent by network connections with finite capacity, which may require several days just to copy and transmit the data from a single custodian . . . (Halliburton) estimates that each custodian averages 15–20 gigabytes of data, and collection can take two to ten days per custodian. The data must then be processed to be rendered searchable by the review tool being used, a process that can overwhelm the computer’s capacity and require that the data be processed by batch, as opposed to all at once.”
Halliburton represented to the court that they spent hundreds of thousands of dollars on eDiscovery for only a few dozen remotely located custodians. The need to force-collect the remote custodians’ entire set of data and then sort it out through the expensive eDiscovery processing phase, instead of culling, filtering and searching the data at the point of collection drove up the costs. As such, this network crawling based architecture is fundamentally flawed and cannot scale.
What is needed is the ability to gain immediate visibility into unstructured distributed data across the enterprise, through the ability to search and collect across several hundred endpoints and other unstructured data sources such as file shares, and return results within minutes instead of days or weeks. The approaches outlined above and by Craig Carpenter do not come close to meeting this requirement and in fact actually perpetuate eDiscovery pain.
Solving this collection challenge once and for all is basis for X1 Insight and Collection, which is our eDiscovery collection 3.0 solution. X1 Insight and Collection (XIC) enables enterprises to quickly and easily search across up to thousands of distributed endpoints and data servers from a central location. Legal and compliance teams can easily perform unified complex searches across both unstructured content and metadata, obtaining statistical insight into the data in minutes, and full results with completed collection in hours, instead of days or weeks. Built on our award-winning and patented X1 Search technology, XIC is the first product to offer true and massively scalable distributed data discovery across an organization. XIC replaces expensive, cumbersome and highly disruptive approaches to meet enterprise discovery, preservation, and collection needs.
Targeted and iterative end point search is a quantum leap in early data assessment, which is critical to legal counsel at the outset of any legal matter. However, under today’s industry standard, the legal team is typically kept in the dark for weeks, if not months, as the manual identification and collection process of distributed, unstructured data runs its expensive and inefficient course. To illustrate the power and capabilities of XIC, imagine being able to perform multiple, detailed, Boolean keyword phrase searches with metadata filters across the targeted end points of your global enterprise. The results start returning in minutes, with granular statistical data about the responsive documents and emails associated with specific custodians or groups of custodians.
Once the legal team is satisfied with a specific search string, after sufficient iteration, the data can then be collected by XIC by simply hitting the “collect” button. The responsive data is “containerized” at each end point and automatically transmitted to either a central location, or uploaded directly to Relativity, using Relativity’s import API where all data is seamlessly ready for review. Importantly, all results are tied back to a specific custodian, with full chain of custody and preservation of all file metadata. Here is a recording of a live public demo with Relativity, showing the very fast direct upload from XIC straight into RelativityOne.
This effort described above — from iterative, distributed search through collection and transmittal straight into Relativity from hundreds of endpoints — can be accomplished in a single day. Using manual consulting services, the same project would require several weeks and hundreds of thousands of dollars in collection costs alone, not to mention significant disruption to business operations. Substantial costs associated with over-collection of data would mount as well, and could even dwarf collection costs through unnecessary attorney review time.
XIC operates on-demand where your data currently resides — on desktops, laptops, servers, or even the cloud — without disruption to business operations and without requiring extensive or complex hardware configurations. Beyond enterprise eDiscovery and investigation functionality, organizations can offer employees the award-winning X1 Search, improving productivity while maintaining compliance.
As Relativity Product Manager Barry O’Melia said in the live X1/R1 integration demo, it is something you have to see for yourself to believe. So please check out the demo here, or contact us to arrange for a private demo.
[Editor’s Note: Our blog has moved over to x1.com/blog. We’ll keep posting here for a few more posts to make sure you don’t miss anything, but please take a moment to visit our new site, scroll to the bottom and enter your email to subscribe (or resubscribe) to our blog and get informed of new posts. Thanks!]
Way back in the nascent years of eDiscovery – let’s say the early 2000s – the industry was a hodge-podge of processes, many of which were still paper-based. I distinctly remember working as the head of the legal department at a “network security” company (they’re now “cybersecurity” companies) in 2003 and asking custodians to print out anything relevant they could find on their computers and bring to me for review and safekeeping. As embarrassing as it is to relive 15 years later, this was our preservation and collection 1.0 process at the time, and suffice it to say it was neither efficient nor scalable.
Flash forward several years to 2008 and the preservation and collection process had evolved significantly. It was by then largely digital and comprised of 3 distinct stages that preceded being able to truly review and analyze ESI: preservation (including the issuance of legal holds), collection and processing. Preservation and collection were handled one of two ways, namely via custodial self-preservation/collection (where custodians themselves collected potentially relevant ESI) or via the imaging of entire drives, laptops and/or servers. The former method was supported by workflow vendors like PSS Systems (acquired by IBM), Zapproved and Exterro, while the latter was the province of Guidance Software, AccessData, and RoboCopy among others. Lastly, the separate step of processing ESI so the enormous volumes of information collected could be staged for review and analysis in a separate platform (e.g. Concordance, Summation, iConect, Relativity, Recommind, etc.) utilized technology like Law, DiscoveryCracker, Nuix, and Clearwell (brilliantly marketed as “ECA”). This whole workflow took between a month or so for a few custodians to many months or even a year for larger matters with more custodians, and cost from tens of thousands of dollars to many millions – all before an attorney could look at the first document to begin forming an evidentiary strategy of any sort.
That was 2008. So how are the pre-review/analysis stages handled today, a full decade removed from the time “collection 2.0” became common practice? Marginally better in areas, but otherwise pretty much the same way it was handled in 2008. While custodial self-preservation and collection may be less commonplace than it was back then, companies and their service providers generally still image entire drives, laptops or servers with minimal filtering (e.g. simple date ranges and static inclusive/exclusive file-type filtering) which weeds out very little data, then bring these large overcollections to a processing “lab” of sorts where the large data sets are run through Nuix, Law or Relativity processing to enable them to finally be reviewed and analyzed by an attorney for the first time in a review or analysis platform.
While the performance of these collection and processing applications have improved over the last 8 years and pricing-per-GB of data processed has come down significantly, data volume growth has effectively kept the process at parity from 2008 such that it still typically takes months to go from legal hold to first ability to analyze potential evidence in a matter.
Here are the challenges with Collection 2.0 as it is currently conducted:
Massive overcollection. When entire drives, computers and/or servers are imaged with very little substantive precision, far more ESI is preserved and made subject to the discovery process than is necessary. In addition to the far greater cost resulting from this (see below), there is enormous, unnecessary risk created as well, e.g. in the production of privileged information or the ability of ancillary or unrelated matters to obtain evidence legally which they wouldn’t otherwise be able to.
Time. From the time a custodian is first sent a legal hold notice until the time an attorney is first able to look at the ESI that has been collected is typically measured in months, but at minimum several weeks. During this time, whatever strategy inside and outside counsel are able to formulate is bereft of any evidentiary support, which can have major ramifications on not just how the discovery process is handled, but the speed and cost of every matter.
Complexity. Ask yourself a simple question: what value to any party does the processing stage deliver? Why does it even exist? The (oversimplified) point of discovery is to find and analyze (for oneself) and then share all relevant, reasonably accessible and non-privileged information with the other side. Processing is a step that only exists because too much information is collected in the first place. Collect precisely and comprehensively at the beginning and processing becomes unnecessary.
Cost. Not surprisingly, a process that casts a net far more widely than is necessary before spending many weeks if not months whittling things back down again before anything becomes usable costs a lot more than it should, especially when attorney “first pass review” is factored in. Simply put, everyone involved in the process except the client makes more money the larger the collection is, the greater volume which must be processed and reviewed and the longer everything takes (in collection, processing and hosting fees). The loser in all of this? The client.
Collection 2.0 is a process which remains essentially the same as it was in 2008. As surprising as this may sound, it becomes more understandable when one considers that only the client is incentivized to improve it while all other players in the process have a major disincentive to do so. But there is a better way, one which is far faster, less risky and much cheaper for clients: we’re calling it “Collection 3.0”, which will be the subject of a blog post from my colleague John Patzakis next week.
Editor’s Note: The following is a blog post published by eDiscovery expert Chad Jones, Director at D4 Discovery, regarding D4’s extensive testing and validation of the integration of R1 and X1 Insight and Collection. It is republished here with permission.
Discovery is a complicated business. For a typical litigation, there are at least five separate stages, collection, processing, review, analysis, and production, and while the average discovery period lasts eight to ten months, the matters themselves can run for years. During the lifecycle of a common eDiscovery project, these five stages are usually performed by several different parties, which further complicates the process by introducing a variety of hand-offs and delays between organizations and individuals.
The proof of concept that follows was designed to validate Insight and Collection, a product created by X1 Discovery, Inc, and that now features a direct upload to Relativity and RelativityOne. With this product, X1 proposes to streamline the five-stage process by allowing enterprises to search locally, collect those search hits, process the results and push them directly to RelativityOne in a matter of minutes.
To evaluate the viability of the X1 Insight and Collection, D4, LLC. designed and executed the following Proof of Concept (POC). A leader in forensic collection services and a seven-time Relativity Best in Service, Orange Levelhosting partner, D4 staff leveraged its expertise in end to end eDiscovery to implement the workflow and document the results.
eDiscovery is a multi-stage process with a series of hand-offs between disconnected parties. This process can be extremely expensive and error prone. In addition to the costs, the time to review can often span weeks or even months to complete.
Those who stand to benefit from X1 Insight and Collection are business and organization leaders looking to manage and control the cost and risks of discovery.
Solution Features and Benefits
There are several features of the X1 Insight and Collection: search-in-place, early case assessment visualizations, remote collection, processing on demand, publish to review in RelativityOne. Searching in place on the local machine has several benefits. It prevents needless over collection and saves the end user from the hassle of turning over her machine and losing productivity. It also gives case teams the opportunity to iterative refine search terms and review search hits on the fly.
Finally, searching in place replaces the need to collect data and load to a master repository for indexing and searching. This includes email containers – the ability to index, search and collect all email in place on the custodian’s computer or the corporate Exchange server without the need to migrate the entire container or full account is a strong and unique capability. With X1’s remote collection, once users target the specific files and emails they need, they can immediately collect and process that information. Once collected and processed, enterprise users have the option of creating standard load files or sending text, metadata and native files directly to RelativityOne.
Practical Details of POC
To test and vet the software, D4 built a mini-cloud environment, consisting of five custodian machines; one enterprise server; and one client server meeting the specs listed below:
OS: Microsoft Server 2012 R2
CPU: 2.6 GHz minimum 8 processors
Memory: 16 GB RAM
Disk: 180 GB free hard disk space (software)
Disk 2: 1TB for collected data (or available network drive)
OS: Microsoft Server 2012 R2
CPU: 2.6 GHz minimum 8 processors
Memory: 32 GB RAM
Disk: 180 GB free hard disk space (software)
Testing Desktop: (QTY 5)
OS: Microsoft Windows 7, 8 or 10
CPU: 1.8 GHz minimum 2 processors
Memory: 8 GB RAM
On each custodian machine we placed a mix of email and non-email data. From these data sets we ran a series of tests from which we collected data.
Although X1 Insight and Collection provides a variety of workflows allowing for a complex collection strategy, for the purposes of this proof-of concept, the collection was limited to a simple Boolean query of common football related terms across Enron data. We made two separate collections of email data: a collection to disc with load files and a collection direct pushed to RelativityOne. The terms used in the POC were: “football OR game OR trade OR QB OR league OR cowboys OR longhorns OR thanksgiving OR player.” Following the collections, the results of the load file export were test loaded to Relativity and the results of the dataset published direct to RelativityOne were evaluated in that workspace.
The testing process considered four main areas: documenting search results; documenting upload/download times; metadata validation; and reports and exception handling. To test the search results the loaded data was indexed, and searches run to confirm the results. In both load formats, the search results remained the same as shown below.
It is important to note that in Relativity only the text was searched while in X1 all metadata was also included in the search. This is a common difference between review platforms and collection tools, as collection tools are able to search all components of the file, while review is limited to extracted metadata fields only.
Additional tests were performed to document search and exports speeds. One of the components of X1 Insight and Collection is its collection module which sits on the client server and manages the collection from a central location. In the initial test, we chose to export the files to disc and create a load file, while in the second test we leveraged X1s integration with RelativityOne and upload data to Relativity’s cloud instance via the Relativity API.
In both cases, the results proved that X1 is incredibly powerful. Each time the system executed saved searches on five separate machines, pulled the data to the client server, extracted text and metadata and then either generated a load file or sent the deliverable straight to the cloud and into Relativity – all within minutes. The results, shown below, are amazing. In both cases the system completed all steps in under 13.5 minutes. Additional tests were performed to document search and exports speeds.
One of the components of X1 Insight and Collection is its collection module which sits on the client server and manages the collection from a central location. In the initial test, we chose to export the files to disc and create a load file, while in the second test we leveraged X1s integration with RelativityOne and upload data to Relativity’s cloud instance via the Relativity API. In both cases, the results proved that X1 is incredibly powerful. Each time the system executed saved searches on five separate machines, pulled the data to the client server, extracted text and metadata and then either generated a load file or sent the deliverable straight to the cloud and into Relativity – all within minutes. The results, shown below, are amazing. In both cases the system completed all steps in under 13.5 minutes.
Further testing showed that while X1 gets the essential metadata components extracted from the data, there are some features we are used to seeing in established eDiscovery processing tools that are lacking in this product. We also found the exception reporting to be lacking. In our RelativityOne tests, we found 40 files were excluded from upload, yet when reviewing the available exception reporting we had trouble seeing what caused those file failures. These issues notwithstanding, the POC proved successful. X1 Insight and Collection proved to be a powerful search engine and collection tool, capable of collecting over 6,000 documents from five separate machines and uploading those files to RelativityOne in less than fifteen minutes!
X1 Insight and Collection offers multiple benefits to the enterprise user looking to take control of the eDiscovery life cycle. By simplifying the course of an eDiscovery project, X1 limits the number of touch points in the traditional vendor-driven process. Internal users can search and vet terms in real-time before collection. This not only mitigates the opportunity for error, but it greatly reduces the time to review, which is what this solution really seems to be all about. X1 seems to have been designed with the internal investigation in mind. Offering a light tagging feature, X1 gives users a light ECA option that with a couple mouse clicks becomes a collection and processing tool that connects directly to all the features of RelativityOne. When combined with Relativity ECA, Analytics and Active Learning, this might be all the solution the typical enterprise would need.