Author Archives: X1

October 26, 2012 · 8:36 AM

The Challenge of Defensible Deletion of Distributed Legacy Data

According to industry studies, it is common for companies to preserve over 250,000 pages and manually review over 1,000 pages for every page produced in discovery. However, when companies cull down their information through systematic execution of a defensible retention schedule, they dramatically reduce the costs and risks of discovery and greatly improve operational effectiveness. The challenge is to operationalize existing information retention and management policies in an automated, scalable and accurate manner, especially for legacy data that exists in many different information silos across larger organizations that face frequent litigation.

This is much easier said than done. Most all archiving and information systems are built on the centralization model, where all the data to be searched, categorized and managed needs to be migrated to a central location. This is fine for some email archives and traditional business records, but does not address the huge challenge of legacy data and other information “in the wild.” As leading information management consulting firm Jordan Lawrence pointed out on our recent webinar, organizations cannot be expected to radically change how they conduct business by centralizing their data in order to meet information governance requirements. Knowledge workers typically create, collaborate on and access information in their group and department silos, which are decentralized across large enterprises. Forcing centralization on these many pockets of productivity is highly disruptive and rarely effective due to scalability, network bandwidth and other logistical challenges.

So what this leaves is the reality that for any information remediation process to be effective, it must be executed within these departmentalized information silos. This past week, X1 Discovery, in conjunction with our partner Jordan Lawrence presented a live webinar where we presented a compelling solution to this challenge. Jordan Lawrence has over 25 years experience in the records management field, providing best practices, metrics and deep insights into the location, movement, access and retention of sensitive and personal information within the enterprise to over 1,000 clients.

In the webinar, we presented a comprehensive approach that companies can implement in a non-disruptive fashion to reduce the storage costs and legal risks associated with the retention of electronically stored information (ESI). Guest speaker attorney and former Halliburton senior counsel Ron Perkowski noted that organizations can avoid court sanctions while at the same time eliminating ESI that has little or no business value through a systematic and defensible process, citing Federal Rule of Civil Procedure 37(e) (The so-called “Safe Harbor Rule” and the case of FTC v. Lights of America, (C.D. Cal. Jan. 2012)

Both Ron Perkowski and Jordan Lawrence EVP Marty Provin commented that X1 Rapid Discovery represents game-changing technology to effectuate the remediation of distributed legacy data due to its ability to install on demand virtually anywhere in the enterprise, including remote data silos, its light footprint web browser access, and intuitive interface. X1 Rapid Discovery enables for effective assessment, reporting, categorization and migration and remediation of distributed information assets by accessing, searching and managing the subject data in place without the need for migration to the appliance or a central repository.

> The recording of the free webinar is now available here.

Leave a comment

Filed under Best Practices, Information Management

Tagged as , , , , , , , , ,

September 25, 2012 · 8:19 PM

National White Collar Crime Center Launches Certified Training for X1 Social Discovery

This past month, the National White Collar Crime Center (NW3C), an internationally recognized leader in education and support in the prevention and prosecution of high-tech crime, announced a strategic partnership with X1 Discovery to provide training and support to local, state and federal law enforcement agencies worldwide, as well as to legal, corporate discovery and risk professionals. The partnership will focus on promoting best practices and advanced techniques for website and social media evidence collection and analysis, based upon the X1 Social Discovery software.

Training and certification on a computer investigation process is very important to help bolster the qualifications of a testifying witness. A great example of this is the “on point” case of State v. Rossi, where an Ohio appellate addressed the issue of authentication of social media evidence and involved the expert testimony of a police detective, where the defense unsuccessfully challenged his qualifications as a computer forensics expert. Here is the key quote from the court:

“Det. Roderick testified that he received forensic computer training from the FBI and National White Collar Crime Center. Accordingly, the trial court did not err by
allowing Det. Roderick to testify as an expert in forensic computer investigations.” (Emphasis added)

As State v. Rossi tackles social media evidence, best practices for its collection (which were not followed by the defense), the issues of training, expert testimony, and the credibility of NW3C, the case serves as “Exhibit A” for the importance of the NW3C and X1 Discovery relationship.

NW3C has now posted their first schedule of classes online, available here. The classes are open to both law enforcement and private sector professionals. The training curriculum will provide best practices and new methods to collect, search, preserve and manage social media evidence from social media networking sites and other websites in a scalable, instantaneous and forensically sound manner. Participants will learn about specific cases involving critical social media data; find out how to collect and index thousands of social media items in minutes; understand and identify key metadata unique to social media; learn how to better authenticate social media evidence in a safe and defensible manner; and more. Attendees who complete the course will received a certificate of authorized training on the X1 Social Discovery software, which is designed to effectively address social media content from the leading social media networking sites such as Facebook, Twitter and LinkedIn. In addition, it can crawl, capture and instantly search content from any website.

The cost of the 1-day training is $595, which is a great investment in your credentials and career as an expert witness and computer investigation professional.


 > Learn more about this “hands-on” training in our live webinar

Leave a comment

Filed under Best Practices, Social Media Investigations

Tagged as , , , , , , , , , , , , ,

September 12, 2012 · 7:27 AM

Social Media Case Law Update

This past July, as part of our ongoing effort to monitor legal developments concerning social media evidence, we searched online legal databases of state and federal court decisions across the United States to identify the number of cases, in the first half of 2012, where evidence from social networking sites played a significant role. The overall tally came in at 319 cases for this 6 month period, which is about an 85 % increase in the number of published social media cases over the same period in 2011, as reported by our prior survey earlier this year.

As we continue to monitor Westlaw and other sources on a daily basis, the indications are that this increase in the prominence of social media evidence continues unabated. We will have a full end of the year report, but for now the following are brief synopses of three of the more notable reported social media cases from the past 75 days:

Rene v. State, 2012 WL 3223667 (Tex. Ct. of Appeals, Aug. 9, 2012)

This case involved an evidentiary authentication challenge to social media evidence introduced through mere printouts of screen captures. The Defendant’s appealed his conviction of sexual assault of a minor child on the grounds that the MySpace pages offered into evidence by the prosecution did not have a proper foundation, and that the prosecution presented no evidence showing that the photographs were unaltered. The Texas appellate court noted in its decision that the prosecution offered minimal circumstantial evidence to establish the authenticity of the MySpace pages and no evidence to demonstrate that the photos were not altered.  However, in upholding the conviction, the court ultimately determined that even if the prosecution failed to establish a proper foundation for the social media evidence, such error was harmless.

This case illustrates the perils of relying on mere printouts of key social media evidence. A determination of harmless error by an appellate court is very subjective and fact specific. The much better approach is for the proponent of social media evidence to collect and preserve such evidence with best practices technology to establish a proper foundation by 1) automatically generating MD5 hash values of the evidence and collection logs including date stamps at the time of collection; 2) collecting all available metadata associated with social media items; and 3) collect the full account as opposed to limited and incomplete segments. Only with this approach can the proponent of the evidence represent that best practices were employed in the collection and preservation of the social media evidence in question.

United States v. Meregildo, F. Supp. 2d, 2012 WL 3264501 (S.D.N.Y. Aug. 10, 2012)

In this case, the defendant sought to suppress evidence from his Facebook account obtained by the government through a cooperator who “friended” him on the social media site. The defendant posted messages to his account boasting prior acts of violence and threatening rival gang members.  One of the Defendant’s “friends” — who became a cooperating witness — had access to all of this content by virtue of being the Defendant’s Facebook friend and turned that evidence over to law enforcement.

The court determined that there is no Fourth Amendment protection in publicly posted information. Nor is there necessarily such protection for data posted that is viewable by a network of “friends”, even though subject to more restrictive privacy settings.  The court noted that the defendant’s profile allowed his friends to view a list of all his other friends, “as well as messages and photographs that Colon and others posted to Colon’s profile.” Because the privacy settings allowed Colon’s friends to view materials posted to his Facebook account, the court determined that there was no Fourth Amendment violation:

Where Facebook privacy settings allow viewership of postings by “friends” the Government may access them through a cooperating witness who is a “friend” without violating the Fourth Amendment…While Colon undoubtedly believed that his Facebook profile would not be shared with law enforcement, he had no justifiable expectation that his “friends” would keep his profile private.

As such, the court determined that the defendant’s expectation of privacy ended when he posted, because his wide circle of “friends” were free to share those posts, just as a friend would be free to share a written letter or email. These posts, according to the court, were at Colon’s “peril.”

Thompson v. Autoliv ASP, Inc., 2012 WL 2342928 (D. Nev. June 20, 2012)

This is yet another personal injury claim where the claimant’s public Facebook postings contradicted their assertions of serious injury. In this products liability case, the defendant sought a court order compelling the plaintiff “to produce complete and un-redacted copies of [her] Facebook and other social networking site accounts.” The defendant based its motion on the plaintiff’s publically available Facebook wall posts and photographs that contradicted her claims of serious injury, and that the plaintiff changed her privacy settings shortly thereafter. The court found the plaintiff’s Facebook account discoverable and compelled its production.

Earlier this year we covered the case of Tompkins vs. Detroit Metropolitan Airport, which also highlighted the importance of systematic search of public Facebook as standard procedure for nearly every type of criminal and civil litigation investigation. These cases illustrate that any solution purporting to support eDiscovery for social media must have robust public search and collection capabilities. This means more than merely one-off screen scrapes but instead an ability to search, identify and capture up to millions of social media posts on a highly automated and scalable basis, and the ability to find all information that is publicly available but may not be readily apparent.

We will continue to monitor the case law on social media and report on significant developments. So stay tuned!

Leave a comment

Filed under Uncategorized

August 30, 2012 · 12:47 PM

Police Embrace Social Media as Crime-Fighting Tool (CNN Article)

Recently, CNN published an article illustrating how law enforcement agencies are using social media to help solve their cases.  CNN reporter Heather Kelly, states, socialpolice“leveraging Facebook is just one of many ways law enforcement officials are gleaning evidence from social media to help them solve crimes.”  According to a recent survey performed by LexisNexis on federal, state and local law enforcement officials who use social media, 4 of 5 used social media to gather evidence during investigations. Kelly states, “Half said they checked social media at least once a week, and the majority said social media helps them solve crimes faster.”

Read complete CNN article

Visit X1 DISCOVERY

Leave a comment

Filed under Best Practices, Case Law, Social Media Investigations

Tagged as , , , , , ,

August 22, 2012 · 5:48 PM

No Legal Duty or Business Reason to Boil the Ocean for eDiscovery Preservation

As an addendum to my previous blog post on the unique eDiscovery and search burdens associated with the de-centralized enterprise, one tactic I have seen attempted by some CIOs to address this daunting challenge is to try to constantly migrate disparate data from around the globe into a central location. Just this past week, I spoke to a CIO that was about to embark on a Quixotic endeavor to centralize hundreds of terabytes of data so that it could be available for search and eDiscovery collection when needed. The CIO strongly believed he had no other choice as traditional information management and electronic discovery tools are not architected and not suited to address large and disparate volumes of data located in hundreds of offices and work sites across the globe that all store information locally. But boiling the ocean through data migration and centralization is extremely expensive, disruptive and frankly unworkable.

Industry analyst Barry Murphy succinctly makes this point:

Centralization runs counter to the realities of the working world where information must be distributed globally across a variety of devices and applications.  The amount of information we create is overwhelming and the velocity with which that information moves increases daily.  To think that an organization can find one system in which to manage all its information is preposterous. At the same time, the FRCPs essentially put the burden on organizations to be accountable for all information, able to conduct eDiscovery on a moment’s notice.  As we’ve seen, the challenge is daunting.

As I wrote earlier this month, properly targeted preservation initiatives are permitted by the courts and can be enabled by effective software that is able to quickly and effectively access and search these data sources throughout the enterprise.  The value of targeted preservation was recognized in the Committee Notes to the FRCP amendments, which urge the parties to reach agreement on the preservation of data and the keywords used to identify responsive materials. (Citing the Manual for Complex Litigation (MCL) (4th) §40.25 (2)).  And In re Genetically Modified Rice Litigation, 2007 WL 1655757 (June 5, 2007 E.D.Mo.), the court noted that “[p]reservation efforts can become unduly burdensome and unreasonably costly unless those efforts are targeted to those documents reasonably likely to be relevant or lead to the discovery of relevant evidence.”

What is needed to address both eDiscovery and enterprise search challenges for the de-centralized enterprise is a field-deployable search and eDiscovery solution that operates in distributed and virtualized environments on-demand within these distributed global locations where the data resides. This ground breaking capability is what X1 Rapid Discovery provides. Its ability to uniquely deploy and operate in the IaaS cloud also means that the solution can install anywhere within the wide-area network, remotely and on-demand. This enables globally de-centralized enterprises to finally address their overseas data in an efficient, expedient, defensible and highly cost-effective manner.

But I am interested in hearing if anyone has had success with the centralization model. In my 12 years in this business and the 8 years before that as a corporate attorney, I have yet to see an effective or even workable situation where a global enterprise has successfully centralized all of their electronically stored information into a single system consisting of hundreds of terabytes. If you can prove me wrong and point to such a verifiable scenario, I’ll buy you a $100 Starbucks gift certificate or a round of drinks for you and your friends at ILTA next week.  If you want to take the challenge of just meet up at ILTA next week in Washington, feel free to email me.

Leave a comment

Filed under Cloud Data, eDiscovery & Compliance, Enterprise eDiscovery, IaaS, Preservation & Collection

Tagged as , , , , , , , , , , , , , , , , ,