Defensible Custodian Self-Collection Now a Reality

eDiscovery collection and preservation efforts are often costly, time consuming and burdensome. Even worse, courts continue to routinely dish out punitive sanctions for ESI preservation failures. The volume of Electronically Stored Information is growing exponentially and will only continue to do so. Even with the advent of predictive coding, the costs associated with collecting, processing, reviewing, and producing documents in litigation are the source of considerable pain for litigants. The only way to reduce that pain to its minimum is to use all tools available in all appropriate circumstances within the bounds of reasonableness and proportionality to control the volumes of data that enter the discovery pipeline.

Counsel for large enterprises embroiled in litigation often gravitate to custodian self-collection, as it is a method to limit ESI preservation to only a limited set of documents and email deemed responsive by the individual custodians to the parameters of the litigation hold. However, traditional custodian self-collection is fraught with risk as it is usually not performed in a systemized or defensible manner.  Various custodians are not employing uniform search criteria and methodology across the same case.  Corporate counsel who rely on self-collection lack confidence in the accuracy and thoroughness of the process. Further, an average employee has neither the legal nor the technical expertise needed to identify and/or acquire potentially relevant ESI for purposes of litigation.

In a recent case that dramatically illustrates the perils of custodian self-collection, a company found themselves on the wrong end of a $3 million sanctions penalty for spoliation of evidence. The case illustrates that establishing a litigation hold and notifying the custodians is just the first step. Effective monitoring and compliance with the litigation hold is essential to avoid punitive sanctions. GN Netcom, Inc. v. Plantronics, Inc., No. 12-1318-LPS, 2016 U.S. Dist. LEXIS 93299 (D. Del. July 12, 2016).

In GN Netcom, Plantronics promptly issued a litigation hold, conducted training sessions, and sent quarterly reminders to custodians requiring affirmative acknowledgment of compliance with the hold. Despite these efforts, a senior Plantronics executive deleted relevant emails and asked his subordinates to follow suit. The court ultimately found that Plantronics acted in bad faith, “intend[ing] to impair the ability of the other side to effectively litigate its case.” In addition to the $3 million monetary penalty, Plantronics also faces severe evidentiary sanctions at trial.

At the other end of the spectrum, full disk image collection is another preservation option that, while being defensible, is very costly, burdensome and disruptive to operations. Recently in this blog, I discussed at length the numerous challenges associated with full disk imaging.

Litigators and commentators often pine for the advent of a systemized, uniform and defensible process for custodian self-collection. Conceptually, such an ideal process would be where custodians are automatically presented with a set of their documents and emails that are identified as potentially relevant to a given matter though a set of keywords and other search parameters that are uniformly applied across all custodians. This set of ESI would be presented to the custodian in a controlled interface with no ability to delete documents or emails, and only the ability to review and apply tags. The custodian would have to comply with the order and all documents responsive to the initial unified search would be collected as a default control mechanism.

With X1 Distributed Discovery (X1DD), the option for a defensible custodian assisted review is now a reality. At a high level, with X1DD, organizations can perform targeted search and collection of the ESI of thousands of endpoints over the internal network without disrupting operations. The search results are returned in minutes, not weeks, and thus can be highly granular and iterative, based upon multiple keywords, date ranges, file types, or other parameters. This approach typically reduces the eDiscovery collection and processing costs by at least one order of magnitude (90%), thereby bringing much needed feasibility to enterprise-wide eDiscovery collection that can save organizations millions while improving compliance.

As a key optional feature, X1DD provides custodian assisted review, where custodians are presented with a listing of their potentially relevant ESI though a controlled, systemized and uniform identification process for their review and tagging. Instead of essentially asking the custodians to “please rummage through your entire email account and all your documents to look for what you might think is relevant to this matter,” the custodians are presented with a narrow and organized subset of potentially relevant ESI for their review. While the custodians are able to assist with the review, they cannot impact or control what ESI is identified and preserved; this is controlled and managed centrally by the eDiscovery practitioner. This way, custodians can apply their own insight to the information, flag personal private data, all while effectuating very cost-effective and systematic ESI collection.

The process is very defensible as the exercise is logged and documented, with all metadata kept intact and a concise chain of custody established. I could describe this very important feature a lot further, but candidly the best way to get a full picture is to see it for yourself. I recommend that you view this recorded 9 minute demonstration of X1 Distributed Discovery’s custodian self-review feature here.

user-assisted-review-video

We believe X1DD’s functionality provides the optimal means for enterprise eDiscovery preservation, collection and early data assessment, especially with the key additional (and optional) feature of custodian assisted review. But please see for yourself and let us know what you think!

Leave a comment

Filed under Uncategorized

Hundreds of Thousands of Legal Cases Estimated to Address Social Media in 2016

As part of our ongoing effort to monitor legal developments concerning social media evidence, we again searched online legal databases of state and federal court decisions across the United States — this time to identify the number of cases in the last 12 month period ending August 26, 2016 — where evidence from social networking sites played a sigsocial-media-courtsnificant role. The initial search returned over 14,000 results. That is far too many to review manually, but through random sampling to eliminate duplicates and de minimis entries — defined as cases with merely cursory or passing mentions of social media sites — we counted over 9,500 cases accessible through Westlaw. This represents over a 50 percent increase from 2015.

And as only a very small number of cases — approximately one percent of all filed cases — involve a published decision or brief that we can access online, it is safe to assume that hundreds of thousands more cases involved social media evidence during this time period. Additionally, these cases do not reflect the presumably many hundreds of thousands of more instances where social media evidence was relevant to a corporate or law enforcement investigation yet did not evolve into actual litigation. Even so, this limited survey is an important metric establishing the ubiquitous nature of social media evidence, its unequivocal and compelling importance, and the necessity of best practices technology to search and collect this data for litigation and compliance requirements.

The cases were generally split evenly between criminal and civil matters. The civil matters often involved personal injury/insurance claims, employment cases, family law disputes, and copyright/intellectual property. The following are a brief synopsis of some notable cases from the survey:

US v. Brown (D.C. No. 3-13-cr-00037-001) (3rd Circuit August 25, 2016). The opening line in the Federal Appellate Court’s opinion reads: “The advent of social media has presented the courts with new challenges in the prosecution of criminal offenses, including in the way data is authenticated under the Federal Rules of Evidence—a prerequisite to admissibility at trial.” The court goes on to rule that social media is not self-authenticating but must be authenticated through extrinsic or circumstantial evidence under Federal Rule of Evidence 901. I have previously addressed this issue concerning utilizing circumstantial evidence to authenticate social media evidence under Rule 901 and how social media investigation software is instrumental for that purpose.

Stewart v. State of Iowa (No. 14-0583) (C.A. Iowa, August 17 2016). Defendant brought a motion for mistrial after it was discovered (post-trial) through key Facebook evidence that several jurors appeared to be associated with the key witness, despite those jurors’ denials during voir dire. However, the court disallowed the screenshots of the Facebook pages as lacking proper authentication and denied the motion for mistrial. This case underscores the necessity of a timely and proper social media investigation (not mere screen shots), as well as the general importance of conducting social media due diligence on prospective and empaneled jurors.

State of Louisiana v. Demontre Smith, (La. Court of Appeals, April 20, 2016) In yet another court decision illustrating why software that supports best practices is needed to properly collect and preserve social media evidence, the Louisiana appellate court, 4th Circuit, issued a written opinion in a felony criminal case disallowing key social media evidence due to a lack of authenticity. Under cross-examination, the police officer, who offered the evidence in the form of screen shots, conceded that she lacked any corroborating circumstantial evidence to support the authentication of the social media posts. The appellate court ultimately ruled: “We find the social media posts the state seeks to introduce at trial were not properly authenticated, as the state presented no evidence in order to carry its burden at the hearing.”

Xiong vs. Knight Transportation, (D.C. No. 1:12-CV-01546-RBJ) (D. Colo. July 27, 2016). This case arose out of a personal injury from a major rollover traffic accident and illustrates the importance of performing a diligent and timely social media evidence investigation. The jury awarded the Plaintiff $832,000, finding that she incurred severe pain from her injuries, which impacted her social life and daily activities. Post-trial, a paralegal for the defense counsel found a litany of Facebook evidence apparently showing the Plaintiff taking a trip to Las Vegas, visiting nightclubs, attending a wedding and smiling happily with friends at restaurants. Despite this newly discovered Facebook and Facebook-derived evidence, the district court denied Knight Transportation’s motion, finding that “the new (Facebook) evidence could have been discovered before trial and Knight offered no justification for its failure to develop it earlier.”

In addition to case law, another metric reflecting the industry’s standardization of social media evidence collection is the sheer volume of sophisticated customers that have now adopted X1 Social Discovery. Over 400 eDiscovery and computer forensics services firms have at least one paid copy of X1 Social Discovery. I cannot think of a single service provider in the eDiscovery space that performs at least some ESI collection services that does not have at least one paid X1 Social license. Social media evidence collection is now a standard practice in many law enforcement matters as well.

So, if you are one of the minority of digital investigative or eDiscovery professionals who have not adopted X1 Social Discovery, please contact us for a demo today.

 

 

Leave a comment

Filed under Case Law, Social Media Investigations

Key Social Media Evidence Missed, Court Finds “No Justification” for Defense Counsel’s Failure to Perform Adequate Pre-Trial Social Media Investigation

Law Journal for webLast week the US District Court of Appeals, 10th Circuit, affirmed a trial court’s ruling denying a motion for new trial based in part on newly discovered (post trial) social media evidence. Xiong vs. Knight Transportation, (D.C. No. 1:12-CV-01546-RBJ) (D. Colo. July 27, 2016). This decision illustrates the importance of performing a diligent and timely social media evidence investigation, most certainly before trial.

The case involved a major traffic collision, where a Knight Transportation truck collided with Plaintiff’s car, forcing it into the median where it overturned multiple times. Xiong suffered a spinal compression fracture from the accident. The Plaintiff, her family and friends all testified at trial that she incurred severe pain from her injuries, which impacted her social life and daily activities. The jury awarded Xiong $832,000.

After the trial, a paralegal employed by Knight Transportation’s counsel found a litany of Facebook evidence apparently showing Xiong taking a trip to Las Vegas, visiting nightclubs, attending a wedding and smiling happily with friends at restaurants. Based upon the results of this Facebook investigation, Knight Transportation’s counsel hired a private investigator to follow Xiong and record her daily activities, which led to even further evidence supporting the defense’s case.

Citing this newly discovered Facebook and Facebook-derived evidence, Defendant Knight Transportation filed a motion for new trial. However, the district court denied Knight Transportation’s motion, finding that “the new (Facebook) evidence could have been discovered before trial and Knight offered no justification for its failure to develop it earlier.” The appellate court upheld the trial court’s decision.

A key apparent flaw in Knight Transport’s social media investigation, as suggested by the court’s written opinion, was that the investigation team seemingly only realized after it was too late that a Facebook page maintained by Plaintiff’s cousin contained social media evidence relevant to the case. This illustrates the importance of not only performing a timely social media investigation, but one that utilizes proper technology to enable a scalable and cost-efficient effort that is not limited to a small number of screen captures.

When rudimentary tools such as web browsers and print screen are used, social media investigations are indeed burdensome, costly and inefficient. A single publically available Facebook account may take hours to review manually, and may often require over 100 screen captures to collect with manual processes. This limits the ability to branch out to other sources of publically available information, such as key friends, spouses and, as in this case, a close cousin.

However, with the right software, such investigations can be the foundation of a very scalable, efficient and highly accurate process. Instead of requiring hours to manually review and collect a public Facebook account, the right specially designed software, like X1 Social Discovery, can collect all the data in minutes into an instantly searchable and reviewable format.

So as with any form of digital investigation, feasibility (as well as professional competence) often depends on utilizing the right technology for the job.  As law firms, law enforcement, eDiscovery service providers and private investigators all work social discovery investigations into standard operating procedures, it is critical that best practices technology is incorporated to get the job done.

Leave a comment

Filed under Case Law, eDiscovery, Social Media Investigations

Recent Court Decisions, Key Industry Report Reveal Broken eDiscovery Collection Processes

 

While the eDiscovery industry has seen notable advancements and gained efficiencies in widespread adoption of hosted document review and supporting technologies, the same is not yet true for the collection and preservation of Electronically Stored Information (ESI). Leading industry research firm Gartner notes in a recent Market Guide report that eDiscovery collection and preservation process “especially when involving device collection, can be intrusive, time consuming and costly..”  And some recent court decisions imposing sanctions on corporate litigants who failed to meet their ESI preservation obligations are symptomatic of these pain points.

Earlier this year, a Magistrate judge imposed spoliation sanctions for destruction of ESI in a commercial dispute, where the Plaintiff made no effort to preserve such emails — even after it sent a letter to the defendant threatening litigation. (Matthew Enter., Inc. v. Chrysler Grp. LLC, 2016 WL 2957133 (N.D. Cal. May 23, 2016). The court, finding that the defendant suffered substantial prejudice by the loss of potentially relevant ESI, imposed severe evidentiary sanctions under Rule 37(e)(1), including allowing the defense to use the fact of spoliation to rebut testimony from the plaintiff’s witnesses. The court also awarded reasonable attorney’s fees incurred by the defendant in bringing the motion.  And in another case this year,  Internmatch v. Nxtbigthing, LLC, 2016 WL 491483 (N.D. Cal. Feb. 8, 2016), a U.S. District Court imposed similar sanctions based upon the corporate defendant’s suspect preservation efforts.

In her June 30, 2016 “Market Guide for E-Discovery Solutions,” Gartner eDiscovery analyst Jie Zhang notes that “searching across multiple and hybrid data repositories becomes more onerous and leads to overinvestment.” Given that most enterprises’ retention policy efforts are often unenforced or immature, there is often a glut of content to search through. Accordingly, almost every e-discovery request is different and often time pressured, as IT typically handles e-discovery requests in an ad hoc manner.” As such, Jie observes that “In order to guarantee data identification and collection quality, IT tends to err on the side of being overly inclusive in data preservation approach. This could result in too much legal hold or preservation. For example, it is not rare for an organization to put all mailboxes on legal hold or put them on legal hold over time (due to multiple holds and never-released holds). Being put on hold not only adds to IT management overhead and prime storage cost, but also makes any archive or records management difficult.”

The common theme between the cited cases and Zhang’s analysis is a perceived infeasibility of systemized and efficient enterprise eDiscovery collection process, causing legal and IT executives to wring their hands over the resulting disruption and expense of ESI collection. In some situations, the corporate litigant opts to roll the dice with non-compliance — a clearly misguided and faulty cost benefit analysis.

What is needed is an effective, scalable and systemized ESI collection process that makes enterprise eDiscovery collection much more feasible. More advanced enterprise class technology, such as X1 Distributed Discovery, can accomplish system-wide searches that are narrowly tailored to collect only potentially relevant information in a legally defensible manner. This process is better, faster and dramatically less expensive than other methods currently employed.

With X1 Distributed Discovery (X1DD), parties can perform targeted search and collection of the ESI of thousands of endpoints over the internal network without disrupting operations. The search results are returned in minutes, not weeks, and thus can be highly granular and iterative, based upon multiple keywords, date ranges, file types, or other parameters. This approach typically reduces the eDiscovery collection and processing costs by at least one order of magnitude (90%), thereby bringing much needed feasibility to enterprise-wide eDiscovery collection that can save organizations millions while improving compliance.

1 Comment

Filed under eDiscovery

Full Disk Imaging is Expensive Overkill for eDiscovery Collection

Early in my tenure as co-founder at Guidance Software (EnCase), we commercialized full-disk imaging circa 2001 with EnCase Forensic edition, which was the first Windows-based computer forensics tool. EnCase Forensic enabled broader market adaption of computer forensic drive imaging, but the tool was originally designed for law enforcement to perform criminal computer evidence seizures. We were thinking more CSI than ESI.

However, soon a funny thing happened. For a two to three year period in the mid-2000s, a majority of standalone forensic software purchases came from eDiscovery service providers. Law enforcement represented a sizable minority during this “surge period” of commercial sector purchases, but we eventually realized that the eDiscovery services community was in the process of standardizing on full disk imaging as their default collection practice.

I have a few theories on why this trend occurred, but suffice to say that one of the many reasons that full-disk imaging is burdensome is because the process often involves service providers traveling out to the individual custodians, which is very disruptive to employees, not to mention time consuming. Additionally, as eDiscovery processing and hosting fees are usually calculated on a per-gigabyte basis, costs are increased exponentially. In a word, this is overkill, with much more effective and efficient options now available.

However, many eDiscovery practitioners continue to collect or direct the collection of Electronically Stored Information (ESI) through full disk forensic “images” of targeted media as a routine practice. Full disk images capture every bit and byte on a hard drive, including system and application files, unallocated space and a host of irrelevant user-created data. While full disk images may be warranted in some limited situations, the expense and burden associated with the practice can be quite extensive, particularly in matters that involve multiple custodians.

The Duty to Preserve Only Extends to Relevant Information

It is established law that the duty to preserve evidence, including ESI, extends only to relevant information. Hynix Semiconductor Inc. v. Rambus Inc., 2006 WL 565893 (N.D.Cal. Jan. 5, 2006) at *27. (“The duty to preserve evidence, once it attaches, does not extend beyond evidence that is relevant and material to the claims at issue in the litigation.”)  As noted by the Zubulake court, “Clearly [there is no duty to] preserve every shred of paper, every e-mail or electronic document, and every backup tape…Such a rule would cripple large corporations.”  Zubulake v. UBS Warburg LLC, 220 F.R.D. 212, 217 (S.D.N.Y. 2004) (“Zubulake IV”).

The vast majority of ESI on a full disk image will typically constitute irrelevant information. As stated by one court, “imaging a hard drive results in the production of massive amounts of irrelevant, and perhaps privileged, information.” Deipenhorst v. City of Battle Creek, 2006 WL 1851243 (W.D.Mich. June 30, 2006) at *3.  In noting that the “imaging of computer hard drives is an expensive process, and adds to the burden of litigation for both parties,” the Deipenhorst court declined to require the production of  full disk images absent a strong showing of good cause. See also, Fasteners for Retail, Inc. v. DeJohn et al., No 1000333 (Ct. App.Ohio April 24, 2014).

Similarly, in Zubulake v. UBS Warburg LLC, 2004 WL 1620866 at *8 (S.D.N.Y. July 20, 2004) (“Zubulake V”), Judge Scheindlin suggested that eDiscovery could be more manageable for producing parties but still defensible by taking advantage of the development of technology like X1 Distributed Discovery, which would be capable of conducting distributed keyword searches.  She anticipated that, due to the expansion of eDiscovery in coming years, counsel “must be more creative” because:

[It may not always] be feasible for counsel to speak with every key player, given the size of a company or the scope of the lawsuit, counsel must be more creative. It may be possible to run a system-wide keyword search; counsel could then preserve a copy of each “hit.” [FN75] Although this sounds burdensome, it need not be. Counsel does not have to review these documents, only see that they are retained. For example, counsel could create a broad list of search terms, run a search for a limited time frame, and then segregate responsive documents. . .

FN75. It might be advisable to solicit a list of search terms from the opposing party for this purpose, so that it could not later complain about which terms were used.

The recommended collection and preservation approach described by Judge Scheindlin is a far cry from obtaining full-disk images of the hard drives of each potential custodian, and in fact maps directly to the capabilities of X1 Distributed Discovery.

Courts do require that ESI be collected in a forensically sound manner, which does not mean a full forensic disk image is required, but generally does entail that metadata is not altered and a documented chain of custody is maintained. Historically, eDiscovery collection efforts not involving full disk imaging would often result in the loss or alternation of metadata. More advanced enterprise class technology, such as X1 Distributed Discovery, can accomplish system-wide searches that are narrowly tailored to collect only potentially relevant information while preserving metadata at the same time. This process is better, faster and dramatically less expensive than manual disk imaging. As with the Zubulake V decision, which advocates employing technology to perform “system-wide keyword searches”, courts recognize that advanced computer software can be deployed to limit the scope of computer searches and thus support reasonable discovery efforts.

With X1 Distributed Discovery (X1DD), parties can perform targeted search collection of the ESI of thousands of endpoints over the internal network without disrupting operations. The search results are returned in minutes, not weeks, and thus can be highly granular and iterative, based upon multiple keywords, date ranges, file types, or other parameters. This approach typically reduces the eDiscovery collection and processing costs by at least one order of magnitude (90%). This method is sound from an evidentiary standpoint as the collected data is preserved in its native file format with its metadata intact. X1DD features a solid chain of custody and robust logging, tracking and reporting.

The authorities cited above establish that effective technology can enable corporate counsel to establish a highly defensible process that at the same time minimizes cost. Routine full-disk imaging, over collection, and high eDiscovery costs are symptoms of an absence of a systemized process.  By establishing a scalable and system-wide eDiscovery process based upon the latest technology, large organizations can save millions while improving compliance.

Leave a comment

Filed under eDiscovery