Category Archives: Case Law

Key Social Media Evidence Missed, Court Finds “No Justification” for Defense Counsel’s Failure to Perform Adequate Pre-Trial Social Media Investigation

Law Journal for webLast week the US District Court of Appeals, 10th Circuit, affirmed a trial court’s ruling denying a motion for new trial based in part on newly discovered (post trial) social media evidence. Xiong vs. Knight Transportation, (D.C. No. 1:12-CV-01546-RBJ) (D. Colo. July 27, 2016). This decision illustrates the importance of performing a diligent and timely social media evidence investigation, most certainly before trial.

The case involved a major traffic collision, where a Knight Transportation truck collided with Plaintiff’s car, forcing it into the median where it overturned multiple times. Xiong suffered a spinal compression fracture from the accident. The Plaintiff, her family and friends all testified at trial that she incurred severe pain from her injuries, which impacted her social life and daily activities. The jury awarded Xiong $832,000.

After the trial, a paralegal employed by Knight Transportation’s counsel found a litany of Facebook evidence apparently showing Xiong taking a trip to Las Vegas, visiting nightclubs, attending a wedding and smiling happily with friends at restaurants. Based upon the results of this Facebook investigation, Knight Transportation’s counsel hired a private investigator to follow Xiong and record her daily activities, which led to even further evidence supporting the defense’s case.

Citing this newly discovered Facebook and Facebook-derived evidence, Defendant Knight Transportation filed a motion for new trial. However, the district court denied Knight Transportation’s motion, finding that “the new (Facebook) evidence could have been discovered before trial and Knight offered no justification for its failure to develop it earlier.” The appellate court upheld the trial court’s decision.

A key apparent flaw in Knight Transport’s social media investigation, as suggested by the court’s written opinion, was that the investigation team seemingly only realized after it was too late that a Facebook page maintained by Plaintiff’s cousin contained social media evidence relevant to the case. This illustrates the importance of not only performing a timely social media investigation, but one that utilizes proper technology to enable a scalable and cost-efficient effort that is not limited to a small number of screen captures.

When rudimentary tools such as web browsers and print screen are used, social media investigations are indeed burdensome, costly and inefficient. A single publically available Facebook account may take hours to review manually, and may often require over 100 screen captures to collect with manual processes. This limits the ability to branch out to other sources of publically available information, such as key friends, spouses and, as in this case, a close cousin.

However, with the right software, such investigations can be the foundation of a very scalable, efficient and highly accurate process. Instead of requiring hours to manually review and collect a public Facebook account, the right specially designed software, like X1 Social Discovery, can collect all the data in minutes into an instantly searchable and reviewable format.

So as with any form of digital investigation, feasibility (as well as professional competence) often depends on utilizing the right technology for the job.  As law firms, law enforcement, eDiscovery service providers and private investigators all work social discovery investigations into standard operating procedures, it is critical that best practices technology is incorporated to get the job done.

Leave a comment

Filed under Case Law, eDiscovery, Social Media Investigations

Enterprise eDiscovery Collection Remains Costly and Inefficient

2016 marks my sixteenth year as a senior executive in the eDiscovery business. I began my career as a co-founder at Guidance Software (EnCase), serving as General Counsel, CEO and then Vice Chairman and Chief Strategy Officer from 1999 through 2009. After becoming the dominant solution for computer forensics in the early part of the last decade, Guidance set out to define a new field — enterprise discovery collection. Despite a good foundational concept, a truly scalable solution that could search across hundreds, or even thousands, of enterprise endpoints in a short period of time never came to fruition. To date, no other eDiscovery vendor has delivered on the promise of such a “holy grail” solution either. As a result, eDiscovery collection remains dominated by either unsupervised custodian self-collection, or manual services.

tron1

 

Organizations employ limited technical approaches in an effort to get by, and thus enterprise eDiscovery collection remains a significant pain point, subjecting organizations to both significant cost and risks. This post is the first of a two part series on the status of the broken enterprise eDiscovery collection process. Part two will outline a proposed solution.

Currently, enterprises employ four general approaches to eDiscovery collection, with two involving mostly manual methodologies, and the other two predominantly technology-based. Each of the four methods are fraught with inefficiencies and challenges.

The first and likely most common approach, is custodian self-collection, where custodians are sent manual instructions to search, review and upload data that they subjectively determine to be responsive to a matter. This method is plagued with severe defensibility concerns, with several courts disapproving of the practice due to poor compliance, modifying metadata, and inconsistency of results. See Geen v. Blitz, 2011 WL 806011, (E.D. Tex. Mar. 1, 2011), Nat’l Day Laborer Org. v. U.S. Immigration and Customs Enforcement Agency, 2012 WL 2878130 (S.D.N.Y. July 13, 2012).

The second approach is manual services, usually performed by eDiscovery consultants. This method is expensive, disruptive and time-consuming as many times an “overkill” method of forensic image collection process is employed. It also often results in over collection, as the collector typically only gets one bite at the apple, thus driving up eDiscovery costs. While attorney review and processing represent the bulk of eDiscovery costs, much of these expenses stem from over-collection, and thus can be mitigated with a smarter and more efficient process.

When it comes to technical approaches, endpoint forensic crawling methods are employed on a limited basis. While this can be feasible for a small number of custodians, network bandwidth constraints coupled with the requirement to migrate all endpoint data back to the forensic crawling tool renders the approach ineffective. For example, to search a custodian’s laptop with 10 gigabytes of email and documents, all 10 gigabytes must be copied and transmitted over the network, where it is then searched, all of which takes at least several hours per computer. So, most organizations choose to force collect all 10 gigabytes. The case of U.S. ex rel. McBride v. Halliburton Co.  272 F.R.D. 235 (2011), Illustrates this specific pain point well. In McBride, Magistrate Judge John Facciola’s instructive opinion outlines Halliburton’s eDiscovery struggles to collect and process data from remote locations:

“Since the defendants employ persons overseas, this data collection may have to be shipped to the United States, or sent by network connections with finite capacity, which may require several days just to copy and transmit the data from a single custodian . . . (Halliburton) estimates that each custodian averages 15–20 gigabytes of data, and collection can take two to ten days per custodian. The data must then be processed to be rendered searchable by the review tool being used, a process that can overwhelm the computer’s capacity and require that the data be processed by batch, as opposed to all at once.”

Halliburton represented to the court that they spent hundreds of thousands of dollars on eDiscovery for only a few dozen remotely located custodians. The need to force-collect the remote custodians’ entire set of data and then sort it out through the expensive eDiscovery processing phase, instead of culling, filtering and searching the data at the point of collection drove up the costs.

And finally, another tactic attempted by some CIOs to attempt to address this daunting challenge is to periodically migrate disparate data from around the global enterprise into a central location. This Quixotic endeavor is perceived necessary as traditional information management and electronic discovery tools are not architected and not suited to address large and disparate volumes of data located in hundreds of offices and work sites across the globe.  But, boiling the ocean through data migration and centralization is extremely expensive, disruptive and frankly unworkable.

What has always been needed is gaining immediate visibility into unstructured distributed data across the enterprise, through the ability to search and collect across several hundred endpoints and other unstructured data sources such as file shares and SharePoint, and return results within minutes instead of days or weeks. None of the four approaches outlined above come close to meeting this requirement and in fact actually perpetuate eDiscovery pain.

Is there a fifth option? Stay tuned for my next post coming soon.

Leave a comment

Filed under Best Practices, Case Law, eDiscovery, eDiscovery & Compliance, Enterprise eDiscovery, Information Governance, Information Management, Preservation & Collection

Search Reveals Hundreds of Improper Juror Social Media Posts Per Day

The Federal Judicial Center (“FJC”) recently published a report surveying 952 federal district court judges to identify the scope of jurors’ improper use of social media during trial and how the courts are addressing the problem. The FJC’s report, Jurors’ Use of Media During Trials and Deliberations, reflects that despite various prevention efforts, jurors continue to use Facebook, Twitter, Google and other sites in several, and that the courts continue to struggle to detect such usage. According to the survey results, 30 judges identified incidents of improper juror social media usage,

Such misconduct can easily result in a mistrial or even reversal of judgement. In State v. Smith, Sept. 10, 2013, the Tennessee Supreme court vacated a first degree murder conviction on the sole grounds that one of the jurors communicated with a prosecution witness during trial via Facebook. The court lamented that Internet and social media “has exponentially increased the risk….of extra-judicial communications between jurors and third parties.” This decision is but one example of this common occurrence of juror misconduct through social media use, requiring attorneys and jury consultants to engage in on-going passive monitoring of publicly available social media information.

In fact we recently did our own search of the Twittersphere with X1 Social Discovery, and uncovered several hundred improper Juror tweets in a single day (1/13/2016). Here is a small sampling:

juror tweets

 

 

 

 

 

 

 

 

 

 

 

 

 

(click to enlarge)

It is thus no surprise lawyers are increasingly using Twitter to investigate and monitor potential and impaneled jurors. However, this type of monitoring activity can lead to serious attorney ethics violations if direct or even indirect communications are sent to the juror as a result of such monitoring activities. (See e.g. New York County Law Association Formal Opinion No. 743, May 18, 2011). Proxies hired by attorneys, including eDiscovery service providers, investigators and jury consultants are subject to these restrictions, which can also apply to social media communications with witnesses or opposing parties who are represented by counsel.

For this reason, X1 Social Discovery features a specialized “public follow” feature that enables access to all the past Tweets of a specified user (up to 3200 past tweets) and any new Tweets in real-time without generating a formal “follow” request with the resulting problematic communication.. These legal ethics rules concerning indirect social media communications underscores the importance of employing best practices technology to search and collect social media evidence for investigative and eDiscovery purposes.

Collecting evidence in a manner that prevents, or at minimum, does not require that attorneys and their proxies directly or indirectly communicate with the subjects from whom they are collecting social media evidence is a core requirement for solutions that truly address investigative and eDiscovery requirements for social media. In addition to preserving and authenticating social media evidence in a proper manner, X1 Social Discovery provides fast and comprehensive searching of the data in a manner unmatched by any other technology.

It can even potentially prevent a possible mistrial through early detection of a juror’s improper Tweets or Facebook postings.

UPDATED:  Attorney Ignatius Grande, co-chair of the New York State Bar Committee on Social Media, contacted me in response to this post, to point to the Committee’s recently published Social Media Jury Instruction Report. The report describes the scope and challenges from juror social media use during voir dire and trial, as well as proposed amendments to standard jury instructions address such juror misconduct.

 

Leave a comment

January 27, 2016 · 6:12 PM

New FRCP Rule 37(e) Calls Out Importance of Social Media Evidence

By John Patzakis

A new version of Federal Rule of Civil Procedure 37(e) FRCP bookgoes into effect December 1, 2015, barring an unexpected act of Congress to amend or rescind the changes. Proposed rule 37(e), features a new title: “Failure to Preserve Electronically Stored Information,” and replaces the current subpart in its entirety, providing a uniform standard to resolve a split in case law among different Judicial circuits concerning serious ESI spoliation sanctions. Rule 37(e) will be the only Federal civil rule section addressing the duty to preserve ESI and thus serves as key guidance governing eDiscovery collection and preservation efforts.

Proposed Rule 37(e) is accompanied by official Committee Advisory notes. Judges and counsel refer to these Advisory notes to provide guidance and insight concerning the intent of the laws and how they should be applied. The Advisory notes are published alongside the statute and are in fact widely seen as an extension of the FRCP. The Advisory notes for new proposed Rule 37(e) include the following key section:

Another factor in evaluating the reasonableness of preservation efforts is proportionality. The court should be sensitive to party resources; aggressive preservation efforts can be extremely costly, and parties (including governmental parties) may have limited staff and resources to devote to those efforts. A party may act reasonably by choosing a less costly form of information preservation, if it is substantially as effective as more costly forms. It is important that counsel become familiar with their clients’ information systems and digital data — including social media — to address these issues (emphasis added).

This reference to social media is particularly notable as it is included in very important guidance concerning overall ESI preservation requirements.  The implication of the new law is clear:  social evidence is given at least equal weight and import as other forms of ESI such as email and documents. As an aside, the Advisory notes to the 2006 Federal Rules Amendments, specifically for Rule 37(f)  state: “When a party is under a duty to preserve information because of pending or reasonably anticipated litigation, intervention in the routine operation of an information system is one aspect of what is often called a ‘litigation hold.’”

Due in large part as a result of this mention, legal holds quickly became a core eDiscovery requirement, with an entire sub-industry spawned.  So there is no question that the Advisory notes are highly influential.

It is notable that social media evidence is already a core component of eDiscovery evidence collection efforts by most lawyers and practitioners.  Recently, the global law firm Gibson Dunn released their influential 2015 Mid-Year eDiscovery and Information Law Update. In a section dedicated to social media, the Gibson Dunn update reports that “the use of social media continues to proliferate in business and social contexts, and that its importance is increasing in litigation, the number of cases focusing on the discovery of social media continued to skyrocket in the first half of 2015.”

And as succinctly noted by The Florida Bar Association in its publication, Florida Law Journal, “Social Media Evidence: What You Can’t use Won’t Help You” (2014) Volume 88, No. 1:

“Social media is everywhere. Nearly everyone uses it. Litigants who understand social media–and its benefits and limitations– can immeasurably help their clients resolve disputes. If not properly researched, preserved, and authenticated, the best social media evidence is worthless.”

And:

“Social networking sites have grown from a few thousand users to more than a billion. These sites have become a preferred form of electronic communication, surpassing email in 2009. As of March 31, 2011, 9,370,620 Floridians had registered for a Facebook account, which is approximately half of the state’s population. Based on these statistics, it is inevitable that the social media accounts of at least one person involved in a dispute will have potentially relevant and discoverable information.

And we are of course seeing this explosive trend in the adoption of X1 Social Discovery ahead of new FRCP Rule 37(e). X1 Social Discovery is the undisputed leader in its field for the preservation and analysis of social media and other internet evidence. If you are not one of the several thousand eDiscovery, legal, and digital investigation professionals who have enthusiastically incorporated X1 Social Discovery into your standard preservation protocols, new FRCP 37(e) should be your final call to action.

1 Comment

Filed under Case Law, eDiscovery, Social Media Investigations

Gibson Dunn Report: Number of Cases Involving Social Media Evidence “Skyrocket”

By John Patzakis

Global law firm Gibson Dunn has released their esteemed 2015 Mid-Year eDiscovery and Information Law Update.skyrocket In a section dedicated to social media, the Gibson Dunn update reports that “the use of social media continues to proliferate in business and social contexts, and that its importance is increasing in litigation, the number of cases focusing on the discovery of social media continued to skyrocket in the first half of 2015.”

The eDiscovery update addresses key themes and several cases involving key legal issues related to social media evidence, which were previously addressed on this blog. Two key highlights cite cases affirming that mere screenshot printouts of social media evidence are not defensible and clarify overall authentication requirements in order to admit social media evidence in court.

As noted by the report “in the first half of 2015, courts continued to find that the testimony of the individual who printed a copy of a social media webpage, or prepared a memorandum summarizing information obtained from the social media account, is insufficient to authenticate social media evidence.” The report cites Linscheid v. Natus Medical Inc., 2015 WL 1470122, at *5-6 (N.D. Ga. Mar. 30, 2015) (finding LinkedIn profile page not authenticated by declaration from individual who printed the page from the Internet); Monet v. Bank of America, N.A., 2015 WL 1775219, at *8 (Cal Ct. App. Apr. 16, 2015) (finding that a “memorandum by an unnamed person about representations others made on Facebook is at least double hearsay” and not authenticated).

The Report also cited “a major shift” in case law concerning the authentication of social media evidence. The Court of Appeals of Maryland determined that “in order to authenticate evidence derived from a social networking website, the trial judge must determine that there is proof from which a reasonable juror could find that the evidence is what the proponent claims it to be.”  Sublet v. State, 113 A.3d 695, 698, 718, 722 (Md. 2015) (citing U.S. v. Vayner, 769 F.3d 125 (2d Cir. 2014)). Previously in Maryland, social media evidence was admissible only if the judge was “convince[d] . . . that the social media post was not falsified or created by another user.”  Griffin v. State, 19 A.3d 415 (Md. 2011).

Under Sublet, the preliminary determination of authentication is made by the trial judge and is a “context–specific determination” based on proof that “may be direct or circumstantial.” Id. at 715 (citing Vayner). The court noted that “[t]he standard articulated in Vayner … is utilized by other federal and State courts addressing authenticity of social media communications and postings.”

These cases cited by Gibson Dunn illustrate why best practices software is needed to properly collect and preserve social media evidence. Ideally, a proponent of the evidence can rely on uncontroverted direct testimony from the creator of the web page in question. In many cases, such as in the Vayner case where incriminating social media evidence is at issue, that option is not available. In such situations, the testimony of the examiner who preserved the social media or other Internet evidence “in combination with circumstantial indicia of authenticity (such as the dates and web addresses), would support a finding” that the website documents are what the proponent asserts. Perfect 10, Inc. v. Cybernet Ventures, Inc. (C.D.Cal.2002) 213 F.Supp.2d 1146, 1154. (emphasis added) (See also, Lorraine v. Markel American Insurance Company, 241 F.R.D. 534, 546 (D.Md. May 4, 2007) (citing Perfect 10, and referencing MD5 hash values as an additional element of potential “circumstantial indicia” for authentication of electronic evidence).

One of the many benefits of X1 Social Discovery is its ability to preserve and display all the available “circumstantial indicia” or “additional confirming circumstances,” in order to present the best case possible for the authenticity of social media evidence collected with the software. This includes collecting all available metadata and generating a MD5 checksum or “hash value” of the preserved data for verification of the integrity of the evidence. It is important to collect and preserve social media posts and general web pages in a thorough manner with best-practices technology specifically designed for litigation purposes.  For instance, there are over twenty unique metadata fields associated with individual Facebook posts and messages. Any one of those entries, or a combination of them contrasted with other entries, can provide unique circumstantial evidence that can establish foundational proof of authorship.

Leave a comment

Filed under Case Law, eDiscovery, Social Media Investigations