Category Archives: eDiscovery

Want Legal to Add A LOT More Value? Stop Over-Collecting Data

blog-cassting-net

The 2019 CLOC (Corporate Legal Operations Consortium) Conference ended last week, and by all accounts it was another great event for an organization that continues to gain relevance and momentum.  A story in Thursday’s Legaltech News entitled “Why E-discovery Savings Is About Department Value for Corporate Legal” summarized a CLOC session focused on “streamlining e-discovery and information governance inside corporate legal departments.”  At the risk of sounding biased, that seems like a perfect topic to me.

The article’s conclusions from the panel session, namely adding value by wresting control of eDiscovery from outside counsel, consolidating hosting vendors and creating a “living data map”, were all spot on and certainly useful.  One way for legal to add enormous value, however, was NOT discussed: collecting far less data as part of the eDiscovery, investigatory and compliance processes.

As we highlighted on an insightful webinar with our partner Compliance Discovery Solutions last Tuesday (which can be viewed here), the way most eDiscovery practitioners conduct ESI collection is remarkably unchanged from a decade ago, an example of which is shown in the infographic below: consult a data map, image entire drives from each and every custodian (e.g. with EnCase), load these many images into a processing application (e.g. Nuix), process these huge amounts of data (most of which is entirely irrelevant), then move this now-processed data into a review application (e.g. Relativity).

blog-legacy-collection-infographic

This legacy collection process for GRC (Governance, Risk & Compliance) and eDiscovery is wildly inefficient, disruptive to the business and costly, yet many if not most practitioners still use it, most likely because it’s the status quo and change is always hard in the legal technology world.  But change here is a must, as this “image everything à then process it all à and only then begin reviewing” workflow causes myriad issues not just for legal but for the company as well:

  • Increases eDiscovery costs exponentially. The still-seminal Rand study on eDiscovery pegged an overall cost-per-GB for identification through production of $1,800/GB.  While some elements of this price have come down in the intervening 6-7 years, especially processing and hosting rates, data volumes and variety have grown by at least as much thereby negating these reductions.  Imaging entire drives by definition collects far more data than could ever be relevant in any given matter – and the costs of this overcollection multiply every step thereafter, forcing clients to pay hundreds of thousands if not millions of dollars more than they should.
  • Is extremely disruptive to employees. Forensically imaging a drive usually requires gaining physical access to the laptop or desktop for some period of time, often for a day or two.  Put yourself in each of those employee’s shoes: even if you are given a “loaner” machine, you still don’t have all of your local information, settings, bookmarks, etc. – which is a major disruption to your work day and therefore a significant drag on productivity.
  • Takes far too long. With forensic imaging of drives requiring physical access to a device, each custodian’s machine must be dealt with.  In many collections, custodians are spread across multiple offices, or on vacation, or remote employees, which often extends the process to many weeks if not months.  All of this time lawyers are unable to access this critical data (e.g. to begin formulating case strategy, negotiating with opposing counsel or a regulator, etc).
  • Creates unnecessary copies of data that could otherwise be remediated. An often-overlooked byproduct of over-collection is that it creates another copy of data that is outside of most (if not all) data remediation programs.  For companies that are regulated and/or encounter litigation regularly, this becomes a major headache and undermines data governance and remediation programs.
  • Forces counsel to “fly blind” for months. Every day the IT and legal teams are spending forensically imaging each custodian’s drives, then processing it, and only then loading it into a review or analysis application is a day in-house and outside counsel are flying blind, unable to look at key data to begin constructing case strategy, conduct informed interviews, negotiate with opposing counsel (e.g. on the scope of a matter, including discovery) or interact with regulators.  This is incredibly valuable time lost for no value received in return.
  • Using forensic tools for non-forensic processes is unnecessary overkill. The irony of this “image everything” approach is that it is extreme overkill: it would be like a doctor whose only procedure to get rid of a mole was to cut off the arm.  Forensic images can always be utilized on a one-off basis in narrow circumstances where there are concerns about possible spoliation of evidence, but for the vast majority of circumstances, a forensic image is completely unnecessary.

As was a focus at the recent CLOC conference in Las Vegas, corporate legal operations are quite correctly focused on showing the value legal is bringing to the business.  However, there is still a fundamental change they need to make to how they handle the collection of ESI for eDiscovery, GRC and privacy purposes that would be an enormous value-add to all parts of the company, including legal: ending the systematic over-collection of data.  How this can be done quickly and cost-effectively has been the subject of previous blog posts, but will be addressed in detail in the next few weeks as well.

Leave a comment

Filed under Best Practices, collection, compliance, Data Audit, eDiscovery, Enterprise eDiscovery, Uncategorized

90 Percent of Law Firms Managed Social Media Evidence Collections in 2018

By John Patzakis

The International Legal Technology Association recently published a very informative and comprehensive law firm eDiscovery practice survey “2018 Litigation and Practice Support Survey.” ILTA received responses from 181 different law firms — small, medium and large — on a variety of subjects, including eDiscovery practice trends and software tool usage.  The survey reveals three key takeaways regarding social media and website discovery.

The first clear takeaway is that social media discovery is clearly increasing among law firms and in the field in general. 90 percent of responding law firms reported conducting social media discovery in 2018. Additionally, the responding firms reported a higher average volume of cases involving social media evidence, with a 46 percent increase in firms handling at least 20 matters per year involving social media evidence.

ILTA Survey v2

Source: ILTA 2018 Litigation and Practice Support Survey

In terms of identified software solution usage, the survey establishes that X1 Social Discovery is the clear leader in the web and social media capture category among purpose-built tools used by law firms. 63 percent of all surveyed law firms rely on X1 Social Discovery on either an in-sourced or outsourced basis. This is consistent with our own internal data, reflecting the industry’s standardization of social media evidence collection by the sheer volume of customers that have adopted X1 Social Discovery. Nearly 200 law firms and 400 eDiscovery services firms have at least one paid license of X1 Social Discovery.

And in addition to social media evidence collections, X1 Social Discovery registered as the most popular eDiscovery software used for webmail collection (i.e. Gmail, Yahoo, Aol, Office 365) with 32 percent of law firms relying on X1 for this purposes. X1 Social Discovery provides an extremely effective means to collect, search, tag, and export via loadfile or pst web-based email evidence.

The final takeaway is that the practice of using screen captures with general IT tools like Adobe and Snagit is still commonly employed by practitioners at law firms, but is virtually non-existent amongst service providers, who typically are on the forefront of adapting best practices. Screen capturing is neither effective nor defensible.  They are ineffective because the results are very narrow and incomplete, and the process is very labor intensive resulting in much higher costs to the client than using best practices. (See Stallings v. City of Johnston, 2014 WL 2061669 (S.D. Ill. May 19, 2014): the law firm spent a full week screen capturing contents of a Facebook account — which amounted to over 500 printed pages — manually rearranging them, and then redacting at a cost of tens of thousands of dollars).

In addition, simple screen captures are not defensible, with several courts disallowing or otherwise calling into question social media evidence presented in the form of a screen shot image. This scrutiny will only increase with Federal Rule of Evidence 902(14) now in effect. I have previously addressed Rule 902(14) at length on this blog, but in a nutshell, screen captures are not Rule 902(14) compliant, while best practices technology like X1 Social Discovery have the critical ability to collect all available metadata and generate an MD5 checksum, or “hash value,” of the preserved data for verification of the integrity of the evidence. The generation of hash values is a key component for meeting the requirements of FRE 902(14).

The ILTA Litigation Practice survey results can be accessed here. For more information about how to conduct effective social medial investigations, please contact us, or request a free demo version of X1 Social Discovery.

 

1 Comment

Filed under Best Practices, Case Law, eDiscovery, Social Media Investigations, Uncategorized

New York Appellate Court Allows “Data Mining” of Social Media accounts for Relevant Information

By John Patzakis

The New York Appellate Division allowed discovery into the non-public information of the social media accounts of a former professional basketball player relevant to his personal injury claims arising out of an automobile accident. In Vasquez-Santos v. Mathew 2019 NY Slip Op 00541 (January 24, 2019), the court held that the defendant may utilize the services of a “data mining” company for a widespread search of the plaintiff’s devices, email accounts, and social media.social-media-cases3

Vasquez-Santos is an extension of a large body of court decisions that allow discovery of a user’s “private” social media messages, posts and photos where that information is reasonably calculated to contain evidence material and necessary to the litigation. Private social media information can be discoverable to the extent it “contradicts or conflicts with [a] plaintiff’s alleged restrictions, disabilities, and losses, and other claims” according the Vasquez-Santos Court.

The Court found that the defendant “is entitled to discovery to….defend against plaintiff’s claims of injury,” and noted that the requested access to plaintiff’s accounts and devices “was appropriately limited in time, i.e., only those items posted or sent after the accident, and in subject matter, i.e., those items discussing or showing defendant engaging in basketball or other similar physical activities.”

Also noteworthy was the Court’s finding that while plaintiff did not take the pictures himself, that was of no import to the decision. He was “tagged,” thus allowing him access to the pictures, and thus populated his social media account.

This decision is consistent with the general rule that while social media is clearly discoverable, there must be a requisite showing of relevance before the court moves to compel full production of a litigant’s “private” social media.

This case illustrates that any solution purporting to support eDiscovery for social media must have robust public search and collection capabilities. This means more than merely one-off screen scrapes but instead an ability to search, identify and capture up to thousands of social media posts on an automated and scalable basis.

X1 Social Discovery has the ability to find an individual’s publicly available content and to collect it in an automated fashion in native format with all available metadata intact to enable systematic and scalable search, review, tagging and analysis. We heard from one major law firm that screen captures of a single public Facebook account took several hours, with the resulting images not searchable or organized into a case-centric workflow. Now with X1 Social Discovery, they are able to accomplish this full capture in seconds. This is critically important to conduct proper due diligence on a case and to better assist legal and investigative professionals to make the requisite showings for the full discovery of social media evidence in civil discovery, as in Vasquez-Santos.

Leave a comment

Filed under Best Practices, Case Law, Case Study, eDiscovery, law firm, Social Media Investigations

eDiscovery Collection 3.0: Much Better, Much Faster, Much Cheaper

In his recent blog post, X1 CEO Craig Carpenter discussed the inability of any software provider to solve a critical need by delivering a truly scalable eDiscovery preservation and collection solution. As Craig pointed out, in the absence of such a “holy grail” solution, eDiscovery collection remains dominated by either unsupervised custodian self-collection or manual services, driving up costs while increasing risk and disruption to business operations.

Desktop_virtualization

Craig outlined how endpoint forensic imaging are still employed on a limited basis. Many companies have also tried network crawling methods with repurposed forensic tools. (A “collection 2.1” method, if you will).  While this can be feasible for a small number of custodians, network bandwidth constraints coupled with the requirement to migrate all endpoint data back to the forensic crawling tool renders the approach ineffective. For example, to search a custodian’s laptop with 10 gigabytes of email and documents, all 10 gigabytes must be copied and transmitted over the network, where it is then searched, all of which takes at least several hours per computer. So, most organizations choose to force collect all 10 gigabytes. The case of U.S. ex rel. McBride v. Halliburton Co.  272 F.R.D. 235 (2011), illustrates this specific pain point well. In McBride, Magistrate Judge John Facciola’s instructive opinion outlines Halliburton’s eDiscovery struggles to collect and process data from remote locations:

“Since the defendants employ persons overseas, this data collection may have to be shipped to the United States, or sent by network connections with finite capacity, which may require several days just to copy and transmit the data from a single custodian . . . (Halliburton) estimates that each custodian averages 15–20 gigabytes of data, and collection can take two to ten days per custodian. The data must then be processed to be rendered searchable by the review tool being used, a process that can overwhelm the computer’s capacity and require that the data be processed by batch, as opposed to all at once.”

Halliburton represented to the court that they spent hundreds of thousands of dollars on eDiscovery for only a few dozen remotely located custodians. The need to force-collect the remote custodians’ entire set of data and then sort it out through the expensive eDiscovery processing phase, instead of culling, filtering and searching the data at the point of collection drove up the costs. As such, this network crawling based architecture is fundamentally flawed and cannot scale.

What is needed is the ability to gain immediate visibility into unstructured distributed data across the enterprise, through the ability to search and collect across several hundred endpoints and other unstructured data sources such as file shares, and return results within minutes instead of days or weeks. The approaches outlined above and by Craig Carpenter do not come close to meeting this requirement and in fact actually perpetuate eDiscovery pain.

Solving this collection challenge once and for all is basis for X1 Insight and Collection, which is our eDiscovery collection 3.0 solution.  X1 Insight and Collection (XIC) enables enterprises to quickly and easily search across up to thousands of distributed endpoints and data servers from a central location.  Legal and compliance teams can easily perform unified complex searches across both unstructured content and metadata, obtaining statistical insight into the data in minutes, and full results with completed collection in hours, instead of days or weeks. Built on our award-winning and patented X1 Search technology, XIC is the first product to offer true and massively scalable distributed data discovery across an organization. XIC replaces expensive, cumbersome and highly disruptive approaches to meet enterprise discovery, preservation, and collection needs.

Targeted and iterative end point search is a quantum leap in early data assessment, which is critical to legal counsel at the outset of any legal matter. However, under today’s industry standard, the legal team is typically kept in the dark for weeks, if not months, as the manual identification and collection process of distributed, unstructured data runs its expensive and inefficient course.  To illustrate the power and capabilities of XIC, imagine being able to perform multiple, detailed, Boolean keyword phrase searches with metadata filters across the targeted end points of your global enterprise. The results start returning in minutes, with granular statistical data about the responsive documents and emails associated with specific custodians or groups of custodians.

Once the legal team is satisfied with a specific search string, after sufficient iteration, the data can then be collected by XIC by simply hitting the “collect” button. The responsive data is “containerized” at each end point and automatically transmitted to either a central location, or uploaded directly to Relativity, using Relativity’s import API where all data is seamlessly ready for review. Importantly, all results are tied back to a specific custodian, with full chain of custody and preservation of all file metadata. Here is a recording of a live public demo with Relativity, showing the very fast direct upload from XIC straight into RelativityOne.

This effort described above — from iterative, distributed search through collection and transmittal straight into Relativity from hundreds of endpoints — can be accomplished in a single day. Using manual consulting services, the same project would require several weeks and hundreds of thousands of dollars in collection costs alone, not to mention significant disruption to business operations. Substantial costs associated with over-collection of data would mount as well, and could even dwarf collection costs through unnecessary attorney review time.

XIC operates on-demand where your data currently resides — on desktops, laptops, servers, or even the cloud — without disruption to business operations and without requiring extensive or complex hardware configurations. Beyond enterprise eDiscovery and investigation functionality, organizations can offer employees the award-winning X1 Search, improving productivity while maintaining compliance.

As Relativity Product Manager Barry O’Melia said in the live X1/R1 integration demo, it is something you have to see for yourself to believe. So please check out the demo here, or contact us to arrange for a private demo.

Leave a comment

Filed under Best Practices, Case Law, Case Study, eDiscovery, Enterprise eDiscovery, Uncategorized