Category Archives: Case Law

Three Key eDiscovery Preservation Lessons from Small v. University Medical Center

Small v. University Medical Center is a recent 123-page decision focused exclusively on issues and challenges related to preservation of electronically stored information in a large enterprise. Its an important ESI preservation case with some very instructive takeaways for organizations and their counsel.  In Small, Plaintiffs brought an employment wage & hour class action against University Medical Center of Southern Nevada (UMC). Such wage & hour employment matters invariably involve intensive eDiscovery, and this case was no exception. When it became evident that UMC was struggling mightily with their ESI preservation and collection obligations, the Nevada District Court appointed a special master, who proved to be tech-savvy with a solid understanding of eDiscovery issues.Case Law

In August 2014, the special master issued a report, finding that UMC’s destruction of relevant information “shock[ed] the conscious.” Among other things, the special master recommended that the court impose a terminating sanction in favor of the class action plaintiffs. The findings of the special master included the following:

  • UMC had no policy for issuing litigation holds, and no such hold was issued for at least the first eight months of this litigation.
  • UMC executives were unaware of their preservation duties, ignoring them altogether, or at best addressing them “in a hallway in passing.”
  • Relevant ESI from laptops, desktops and local drives were not preserved until some 18 months into this litigation.
  • ESI on file servers containing policies and procedures regarding meal breaks and compensation were not preserved.
  • These issues could have been avoided using best practices and if chain-of-custody paperwork had been completed.
  • All of UMC’s multiple ESI vendors repeatedly failed to follow best practices

After several years of considering and reviewing the special master’s detailed report and recommendations, the court finally issued its final discovery order last month. The court concurred with the special master’s findings, holding that UMC and its counsel failed to take reasonable efforts to identify, preserve, collect, and produce relevant information. The court imposed monetary sanctions against UMC, including the attorney fees and costs incurred by opposing counsel. Additionally, the court ordered that should the matter proceed to trial, the jury would be instructed that “the court has found UMC failed to comply with its legal duty to preserve discoverable information… and failed to comply with a number of the court’s orders,” and that “these failures resulted in the loss or destruction of some ESI relevant to the parties’ claims and defenses and responsive to plaintiffs’ discovery requests, and that the jury may consider these findings with all other evidence in the case for whatever value it deems appropriate.” Such adverse inference instructions are invariably highly impactful if not effectively dispositive in a jury trial.

There are three key takeaways from Small:

  1. UMC’s Main Failing was Lacking an Established Process

UMC’s challenges all centered on its complete lack of an existing process to address eDiscovery preservation. UMC and their counsel could not identify the locations of potentially relevant ESI because there was no data map. ESI was not timely preserved because no litigation hold process existed. And when the collection did finally occur under the special master’s order, it was highly reactive and very haphazard because UMC had no enterprise-capable collection capability.

When an organization does not have a systematic and repeatable process in place, the risks and costs associated with eDiscovery increase exponentially. Such a failure also puts outside counsel in a very difficult situation, as reflected by this statement from the Small Court: “One of the most astonishing assertions UMC made in its objection to the special master’s R & R is that UMC did not know what to preserve. UMC and its counsel had a legal duty to figure this out. Collection and preservation of ESI is often an iterative process between the attorney and the client.”

Some commentators have focused on the need to conduct custodian questionnaires, but a good process will obviate or at least reduce your reliance on often unreliable custodians to locate potentially relevant ESI.

  1. UMC Claims of Burden Did Not Help Their Cause

UMC tried arguing that it was too burdensome and costly for them to collect ESI from hundreds of custodians, claiming that it took IT six hours to merely search the email account of a single custodian. Here at X1, I wear a couple of hats, including compliance and eDiscovery counsel. In response to a recent GDPR audit, we searched dozens of our email accounts in seconds. This capability not only dramatically reduces our costs, but also our risk by allowing us to demonstrate diligent compliance.

In the eDiscovery context, the ability to quickly pinpoint potentially responsive data enables corporate counsel to better represent their client. For instance, they are then able to intelligently negotiate keywords and overall preservation scope with opposing counsel, instead of flying blind. Also, with their eDiscovery house in order, they can focus on more strategic priorities in the case, including pressing the adversary on their discovery compliance, with the confidence that your client does not live in a glass house.

Conversely, the Small opinion documents several meet and confer meetings and discovery hearings where UMC’s counsel was clearly at a significant disadvantage, and progressively lost credibility with the court because they didn’t know what they didn’t know.

  1. Retaining Computer Forensics Consultants Late in the Game Did Not Save the Day

Eventually UMC retained forensic collection consultants several months after the duty to preserve kicked in. This reflects an old school reactive, “drag the feet” approach some organizations still take, where they try to deflect preservation obligations and then, once opposing counsel or the court force the issue, scramble and retain forensic consultants to parachute in.  In this situation it was already too late, as much the data had already been spoliated. And because of the lack of a process, including a data map, the collection efforts were disjointed and a haphazard. The opinion also reflects that this reactive fire drill resulted in significant data over-collection at significant cost to UMC.

In sum, Small v. University Medical Center is a 123 page illustration of what often happens when an organization does not have a systematic eDiscovery process in place. An effective process is established through the right people, processes and technology, such as the capabilities of the X1 Distributed Discovery platform. A complete copy of the court opinion can be accessed here: Small v. University Medical Center

1 Comment

Filed under Best Practices, Case Law, compliance, Corporations, eDiscovery, eDiscovery & Compliance, Enterprise eDiscovery, GDPR, Information Governance, Information Management, Preservation & Collection

Dark Web Evidence Critical to all Cyber Investigations and Many eDiscovery matters

The dark web is a component of the World Wide Web that is only accessible through special software or configurations, allowing users and website operators to remain anonymous or untraceable. The dark web forms a small part of the deep web, which is the part of the Web not indexed by web search engines. The dark web has gained more notoriety over the past few years and several large criminal investigations have resulted in seizures of both cryptocurrencies and dark web pages and sites. Criminal enterprises involving counterfeiting, hacking, ID and IP theft, narcotics, child pornography, human trafficking, and even murder for hire seek a haven in the mist of encrypted communications and payment, such as Bitcoin, to facilitate their nefarious schemes. dark web

While mining the dark web is critical for many law enforcement investigations, we are also seeing increased focus on this important evidence in civil litigation. Fero v. Excellus Health Plan, Inc., (Jan. 19, 2018, US Dist Ct, NY), is one recent example. Fero arises out of a data breach involving healthcare provider Excellus Health Plan, Inc. According to the complaint, hackers breached Excellus’s network systems, gaining access to personal information millions of individuals, including their names, dates of birth, social security numbers, credit card numbers, and medical insurance claims information. The Plaintiffs brought a class action asserting claims under various federal and state laws.

Initially, the court dismissed the plaintiffs’ case, citing a failure to establish damages and actual misuse by the hackers who allegedly stole their information. However, after conducting a more diligent investigation, the plaintiffs submitted with their motion for reconsideration evidence that the plaintiffs’ PII was placed on the dark web.  This evidence was summarized in an expert report providing the following conclusion:  “it is my opinion to a reasonable degree of scientific certainty that PII and PHI maintained on the Excellus network was targeted, collected, exfiltrated, and put up for sale o[n] DarkNet by the attacker for the purpose of, among other things, allowing criminals to purchase the PII and PHI to commit identity theft.”  Fero, at 17.  Based on this information, the court granted the motion for reconsideration and denied the defendant’s motion to dismiss. In other words, the dark web evidence was game-changing in this high-profile class action suit.

Cases like Fero v. Excellus Health Plan illustrate that dark web evidence is essential for criminal and civil litigation matters alike. Dark Web investigations do require specialized knowledge and tools to execute. For instance, X1 Social Discovery can be easily configured to conduct such dark web investigation and collections.

Recently, Joe Church of Digital Shield led a very informative and instructive webinar on this topic. Joe is one of the most knowledgeable people that I’m aware of out there on dark web investigations, and his detailed presentation did not to disappoint. Joe’s presentation featured a concise overview of the dark web, how its used, and how to navigate it. He included a detailed lesson on tools and techniques needed to search for and investigate key sources of evidence on the dark web. This webinar is a must see for anyone who conducts or manages dark web investigations. Joe also featured a section on how to specifically utilize X1 Social Discovery to collect, search and authenticate dark web evidence. You can review this very informative 30 minute training session (no sign in required) by visiting here.

Leave a comment

Filed under Best Practices, Case Law, Case Study, Cloud Data, dark web, eDiscovery, Preservation & Collection, Social Media Investigations, Uncategorized

Federal Rules Advisory Committee Provides Key Guidance on Authenticating Social Media Evidence

Recently, the Advisory Committee on the Federal Rules of Evidence published an important treatise, “Best Practices for Authenticating Digital Evidence.” The Advisory Committee is an arm of the Judicial Conference of the United States, which drafts all proposed Federal Rules of Civil Procedure and Evidence, which the US Supreme Court and Congress ultimately ratify. Their advisory committee publications are given great weight by the courts in applying the Federal Rules of Evidence.  In fact, in the official minutes from its April 29, 2016 meeting, the Committee noted it considered whether to draft new specific Federal Rules of Evidence to govern authentication of electronic evidence, opting instead to draft the official best practices guide to serve as an accompaniment to the Federal Rules:

“The Committee concluded that amendments regulating authenticity of electronic evidence would end up being too detailed for the text of a rule; they could not account for how a court can and should balance all the factors relevant to authenticating electronic evidence in every case; and there was a risk that any factors listed would become outmoded by technological advances.

The Committee unanimously concluded, however, that publication of a best practices manual on authenticating electronic evidence would be of great use to the bench and bar. A best practices manual can be amended as necessary, avoiding the problem of having to amend rules to keep up with technological changes. It can include copious citations, which a rule or Committee Note could not.”

Federal District Court Judge Paul Grimm is the lead author on the best practices guide. Judge Grimm is widely seen as the one of the most influential judges concerning electronic discovery issues. He is known for several ground breaking decisions in the field including Lorraine v. Markel (2007), and Victor Stanley, Inc. v. Creative Pipe Inc. (2008), and The American Lawyer profiled him as one of the top 5 judges at the forefront of eDiscovery.

The best practices guide includes a very notable section dedicated to Internet website and social media evidentiary authentication, noting that “Parties have increasingly sought to use social media evidence to their advantage at trial.  A common example would be a picture or entry posted on a person’s Facebook page, that could be relevant to contradict that person’s testimony at trial.” However, “authenticity standards are not automatically satisfied by the fact that the post or the page is in that person’s name, or that the person is pictured on the post.” The guide notes that where affirmative direct testimony of the actual author is not available (which is often in the case of “smoking gun” type evidence), then circumstantial evidence is required for authentication.

As noted in the guide, absent uncontroverted and cooperative witness testimony, lawyers must turn to circumstantial evidence to help establish an evidentiary foundation for social media evidence. The guide provides many examples of circumstantial evidence that can be used to authenticate social media evidence. For instance metadata is particularly important as a “distinctive characteristic” under Rule 901(b)(4), as social media items contain a wealth of key metadata that represent or can establish “internal patterns or other distinctive characteristics” of the social media items in question.

In such situations, the testimony of the examiner who preserved the social media or other Internet evidence “in combination with circumstantial indicia of authenticity (such as the dates and web addresses), would support a finding” that the evidence presented is what the proponent asserts. See, Perfect 10, Inc. v. Cybernet Ventures, Inc. (C.D.Cal.2002) 213 F.Supp.2d 1146, 1154. (See also, Lorraine v. Markel American Insurance Company, 241 F.R.D. 534, 546 (D.Md. May 4, 2007) (citing Perfect 10, and also referencing MD5 hash values as an additional element of potential “circumstantial indicia” for authentication of electronic evidence).

One of the many benefits of X1 Social Discovery is its ability to preserve and display all the available “circumstantial indicia” or “additional confirming circumstances,” in order to present the best case possible for authenticating social media evidence collected with the software. This includes collecting all available metadata and generating a MD5 checksum or “hash value” of the preserved data for verification of the integrity of the evidence. It is important to collect and preserve social media posts and general web pages in a thorough manner with best-practices technology specifically designed for litigation purposes.  There are over twenty unique metadata fields associated with individual Facebook posts and messages. Any one of those entries, or any combination of them could provide unique circumstantial evidence that would establish foundational proof of authorship.

The bottom line is that, as reinforced by the Federal Rules Advisory Committee, collection and preservation of all the metadata and other critically important circumstantial evidence, which can be effectively obtained with tools like X1 Social Discovery, is absolutely essential to an effective social media discovery practice.

 

 

1 Comment

Filed under Case Law, Uncategorized

Hundreds of Thousands of Legal Cases Estimated to Address Social Media in 2016

As part of our ongoing effort to monitor legal developments concerning social media evidence, we again searched online legal databases of state and federal court decisions across the United States — this time to identify the number of cases in the last 12 month period ending August 26, 2016 — where evidence from social networking sites played a sigsocial-media-courtsnificant role. The initial search returned over 14,000 results. That is far too many to review manually, but through random sampling to eliminate duplicates and de minimis entries — defined as cases with merely cursory or passing mentions of social media sites — we counted over 9,500 cases accessible through Westlaw. This represents over a 50 percent increase from 2015.

And as only a very small number of cases — approximately one percent of all filed cases — involve a published decision or brief that we can access online, it is safe to assume that hundreds of thousands more cases involved social media evidence during this time period. Additionally, these cases do not reflect the presumably many hundreds of thousands of more instances where social media evidence was relevant to a corporate or law enforcement investigation yet did not evolve into actual litigation. Even so, this limited survey is an important metric establishing the ubiquitous nature of social media evidence, its unequivocal and compelling importance, and the necessity of best practices technology to search and collect this data for litigation and compliance requirements.

The cases were generally split evenly between criminal and civil matters. The civil matters often involved personal injury/insurance claims, employment cases, family law disputes, and copyright/intellectual property. The following are a brief synopsis of some notable cases from the survey:

US v. Brown (D.C. No. 3-13-cr-00037-001) (3rd Circuit August 25, 2016). The opening line in the Federal Appellate Court’s opinion reads: “The advent of social media has presented the courts with new challenges in the prosecution of criminal offenses, including in the way data is authenticated under the Federal Rules of Evidence—a prerequisite to admissibility at trial.” The court goes on to rule that social media is not self-authenticating but must be authenticated through extrinsic or circumstantial evidence under Federal Rule of Evidence 901. I have previously addressed this issue concerning utilizing circumstantial evidence to authenticate social media evidence under Rule 901 and how social media investigation software is instrumental for that purpose.

Stewart v. State of Iowa (No. 14-0583) (C.A. Iowa, August 17 2016). Defendant brought a motion for mistrial after it was discovered (post-trial) through key Facebook evidence that several jurors appeared to be associated with the key witness, despite those jurors’ denials during voir dire. However, the court disallowed the screenshots of the Facebook pages as lacking proper authentication and denied the motion for mistrial. This case underscores the necessity of a timely and proper social media investigation (not mere screen shots), as well as the general importance of conducting social media due diligence on prospective and empaneled jurors.

State of Louisiana v. Demontre Smith, (La. Court of Appeals, April 20, 2016) In yet another court decision illustrating why software that supports best practices is needed to properly collect and preserve social media evidence, the Louisiana appellate court, 4th Circuit, issued a written opinion in a felony criminal case disallowing key social media evidence due to a lack of authenticity. Under cross-examination, the police officer, who offered the evidence in the form of screen shots, conceded that she lacked any corroborating circumstantial evidence to support the authentication of the social media posts. The appellate court ultimately ruled: “We find the social media posts the state seeks to introduce at trial were not properly authenticated, as the state presented no evidence in order to carry its burden at the hearing.”

Xiong vs. Knight Transportation, (D.C. No. 1:12-CV-01546-RBJ) (D. Colo. July 27, 2016). This case arose out of a personal injury from a major rollover traffic accident and illustrates the importance of performing a diligent and timely social media evidence investigation. The jury awarded the Plaintiff $832,000, finding that she incurred severe pain from her injuries, which impacted her social life and daily activities. Post-trial, a paralegal for the defense counsel found a litany of Facebook evidence apparently showing the Plaintiff taking a trip to Las Vegas, visiting nightclubs, attending a wedding and smiling happily with friends at restaurants. Despite this newly discovered Facebook and Facebook-derived evidence, the district court denied Knight Transportation’s motion, finding that “the new (Facebook) evidence could have been discovered before trial and Knight offered no justification for its failure to develop it earlier.”

In addition to case law, another metric reflecting the industry’s standardization of social media evidence collection is the sheer volume of sophisticated customers that have now adopted X1 Social Discovery. Over 400 eDiscovery and computer forensics services firms have at least one paid copy of X1 Social Discovery. I cannot think of a single service provider in the eDiscovery space that performs at least some ESI collection services that does not have at least one paid X1 Social license. Social media evidence collection is now a standard practice in many law enforcement matters as well.

So, if you are one of the minority of digital investigative or eDiscovery professionals who have not adopted X1 Social Discovery, please contact us for a demo today.

 

 

4 Comments

Filed under Case Law, Social Media Investigations

Key Social Media Evidence Missed, Court Finds “No Justification” for Defense Counsel’s Failure to Perform Adequate Pre-Trial Social Media Investigation

Law Journal for webLast week the US District Court of Appeals, 10th Circuit, affirmed a trial court’s ruling denying a motion for new trial based in part on newly discovered (post trial) social media evidence. Xiong vs. Knight Transportation, (D.C. No. 1:12-CV-01546-RBJ) (D. Colo. July 27, 2016). This decision illustrates the importance of performing a diligent and timely social media evidence investigation, most certainly before trial.

The case involved a major traffic collision, where a Knight Transportation truck collided with Plaintiff’s car, forcing it into the median where it overturned multiple times. Xiong suffered a spinal compression fracture from the accident. The Plaintiff, her family and friends all testified at trial that she incurred severe pain from her injuries, which impacted her social life and daily activities. The jury awarded Xiong $832,000.

After the trial, a paralegal employed by Knight Transportation’s counsel found a litany of Facebook evidence apparently showing Xiong taking a trip to Las Vegas, visiting nightclubs, attending a wedding and smiling happily with friends at restaurants. Based upon the results of this Facebook investigation, Knight Transportation’s counsel hired a private investigator to follow Xiong and record her daily activities, which led to even further evidence supporting the defense’s case.

Citing this newly discovered Facebook and Facebook-derived evidence, Defendant Knight Transportation filed a motion for new trial. However, the district court denied Knight Transportation’s motion, finding that “the new (Facebook) evidence could have been discovered before trial and Knight offered no justification for its failure to develop it earlier.” The appellate court upheld the trial court’s decision.

A key apparent flaw in Knight Transport’s social media investigation, as suggested by the court’s written opinion, was that the investigation team seemingly only realized after it was too late that a Facebook page maintained by Plaintiff’s cousin contained social media evidence relevant to the case. This illustrates the importance of not only performing a timely social media investigation, but one that utilizes proper technology to enable a scalable and cost-efficient effort that is not limited to a small number of screen captures.

When rudimentary tools such as web browsers and print screen are used, social media investigations are indeed burdensome, costly and inefficient. A single publically available Facebook account may take hours to review manually, and may often require over 100 screen captures to collect with manual processes. This limits the ability to branch out to other sources of publically available information, such as key friends, spouses and, as in this case, a close cousin.

However, with the right software, such investigations can be the foundation of a very scalable, efficient and highly accurate process. Instead of requiring hours to manually review and collect a public Facebook account, the right specially designed software, like X1 Social Discovery, can collect all the data in minutes into an instantly searchable and reviewable format.

So as with any form of digital investigation, feasibility (as well as professional competence) often depends on utilizing the right technology for the job.  As law firms, law enforcement, eDiscovery service providers and private investigators all work social discovery investigations into standard operating procedures, it is critical that best practices technology is incorporated to get the job done.

Leave a comment

Filed under Case Law, eDiscovery, Social Media Investigations