Category Archives: eDiscovery

March 28, 2017 · 8:25 AM

Key to Improving Predictive Coding Results: Effective ECA

Predictive Coding, when correctly employed, can significantly reduce legal review costs with generally more accurate results than other traditional legal review processes. However, the benefits associated with predictive coding are often undercut by the over-collection and over-inclusion of Electronically Stored Information (ESI) into the predictive coding process. This is problematic for two reasons.

The first reason is obvious, the more data introduced into the process, the higher the cost and burden. Some practitioners believe it is necessary to over-collect and subsequently over-include ESI to allow the predictive coding process to sort everything out. Many service providers charge by volume, so there can be economic incentives that conflict with what is best for the end-client. In some cases, the significant cost savings realized through predictive coding are erased by eDiscovery costs associated with overly aggressive ESI inclusion on the front end.

The second reason why ESI over-inclusion is detrimental is less obvious, and in fact counter intuitive to many. Some discovery practitioners believe as much data as possible needs to be put through the predictive coding process in order to “better train” the machine learning algorithms. However this is contrary to what is actually true. The predictive coding process is much more effective when the initial set of data has a higher richness (also referred to as “prevalence”) ratio. In other words, the higher the rate of responsive data in the initial data set, the better. It has always been understood that document culling is very important to successful, economical document review, and that includes predictive coding.

Robert Keeling, a senior partner at Sidley Austin and the co-chair of the firm’s eDiscovery Task Force, is a widely recognized legal expert in the areas of predictive coding and technology assisted review.  At Legal Tech New York earlier this year, he presented at an Emerging Technology Session: “Predictive Coding: Deconstructing the Secret Sauce,” where he and his colleagues reported on a comprehensive study of various technical parameters that affect the outcome of a predictive coding effort.  According to Robert, the study revealed many important findings, one of them being that a data set with a relatively high richness ratio prior to being ingested into the predictive coding process was an important success factor.

To be sure, the volume of ESI is growing exponentially and will only continue to do so. The costs associated with collecting, processing, reviewing, and producing documents in litigation are the source of considerable pain for litigants. The only way to reduce that pain to its minimum is to use all tools available in all appropriate circumstances within the bounds of reasonableness and proportionality to control the volumes of data that enter the discovery pipeline, including predictive coding.

Ideally, an effective early case assessment (ECA) capability can enable counsel to set reasonable discovery limits and ultimately process, host, review and produce less ESI.  Counsel can further use ECA to gather key information, develop a litigation budget, and better manage litigation deadlines. ECA also can foster cooperation and proportionality in discovery by informing the parties early in the process about where relevant ESI is located and what ESI is significant to the case. And with such benefits also comes a much more improved predictive coding process.

X1 Distributed Discovery (X1DD) uniquely fulfills this requirement with its ability to perform pre-collection early case assessment, instead of ECA after the costly, time consuming and disruptive collection phase, thereby providing a game-changing new approach to the traditional eDiscovery model.  X1DD enables enterprises to quickly and easily search across thousands of distributed endpoints from a central location.  This allows organizations to easily perform unified complex searches across content, metadata, or both and obtain full results in minutes, enabling true pre-collection ECA with live keyword analysis and distributed processing and collection in parallel at the custodian level. To be sure, this dramatically shortens the identification/collection process by weeks if not months, curtails processing and review costs from not over-collecting data, and provides confidence to the legal team with a highly transparent, consistent and systemized process. And now we know of another key benefit of an effective ECA process: much more accurate predictive coding.

Leave a comment

Filed under ECA, eDiscovery

Tagged as , , , , , , , , , ,

March 7, 2017 · 8:16 AM

ILTA eDiscovery Survey Reflects Increased Social Media Discovery

The International Legal Technology Association recently published a very informative and comprehensive law firm eDiscovery practice survey “2016 Litigation and Practice Support Technology Survey.” ILTA received responses from 204 different law firms — small, medium and large — on a variety of subjects, including eDiscovery practice trends and software tool usage.  The survey reveals three key takeaways regarding social media and website discovery.

The first clear takeaway is that social media discovery is clearly increasing among law firms and in the field in general. 77 percent of responding law firms reported conducting social media discovery in 2016, a 12 percent increase over 2015. Additionally, the responding firms reported a higher average volume of cases involving social media evidence, with a 23 percent increase in firms handling at least 4 matters per year involving social media evidence. (See Survey at pg. 23)

In terms of identified software solution usage, the survey establishes that X1 Social Discovery is the clear leader in the web and social media capture category among purpose-built tools used by law firms. 24 percent of all law firms rely on X1 Social Discovery on either an in-sourced or outsourced basis. The survey also reflects that X1 Social is the number one process used by eDiscovery service providers, by far surpassing the next common process of screen capturing. This is consistent with our own internal data, reflecting the industry’s standardization of social media evidence collection by the sheer volume of customers that have adopted X1 Social Discovery. Nearly 200 law firms and 500 eDiscovery services firms have at least one paid license of X1 Social Discovery. So while X1 Social Discovery is very popular with law firms, it is even more widely used by eDiscovery service providers.

ILTA survey2

Utilization of X1 Social also registered in the separate category of webmail collections.

The final takeaway is that the practice of using screen captures with general IT tools like Adobe and Snagit is still commonly employed by practitioners at law firms, but is virtually non-existent amongst service providers, who typically are on the forefront of adapting best practices. Screen capturing is neither effective nor defensible. It is ineffective because the results are very narrow and incomplete, and the process is very labor intensive resulting in much higher costs to the client than using best practices. (See Stallings v. City of Johnston, 2014 WL 2061669 (S.D. Ill. May 19, 2014), law firm spent full week screen capturing contents of Facebook account — which amounted to over 500 printed pages — manually rearranging them, and then redacting at a cost of tens of thousands of dollars).

In addition, simple screen captures are not defensible, with several courts disallowing or otherwise calling into question social media evidence presented in the form of a screen shot image. This scrutiny will only increase with Federal Rule of Evidence 902(14) coming into effect later this year. I have previously addressed Rule 902(14) at length on this blog, but in a nutshell, screen captures are not Rule 902(14) compliant, while best practices technology like X1 Social Discovery have the critical ability to collect all available metadata and generate a MD5 checksum, or “hash value,” of the preserved data for verification of the integrity of the evidence. The generation of hash values is a key component for meeting the requirements of FRE 902(14).

The ILTA Litigation Practice survey results can be accessed here. For more information about how to conduct effective social medial investigations, please contact us, or request a free demo version of X1 Social Discovery.

1 Comment

Filed under eDiscovery, Social Media Investigations

January 24, 2017 · 10:40 AM

Judge Facciola Addresses Impact of New Federal Rule of Evidence 902(14)

john_m-_facciola

As part of our continuing coverage and analysis of Federal Rule of Evidence 902(14), we are highlighting a  very notable Law Review article now available online, penned by Hon. Judge John Facciola as lead author, in the Georgetown Law Technology Review: Law of the Foal: Careful Steps Towards Digital Competence in Proposed Rules 902(13) and 902(14). U.S Magistrate Judge Facciola (Ret), who is now a Georgetown law professor, is well known for his many important and insightful court opinions involving eDiscovery issues when he was on the bench. So his analysis on Rules 902(13) (14), which exclusively address electronic evidence, will be influential.

To review, FRE 902(14) is a very important new rule, which provides that electronic data recovered “by a process of digital identification” is to be self-authenticating, thereby not routinely necessitating the trial testimony of a forensic or technical expert where best practices are employed, as certified through a written affidavit by a “qualified person.” This rule will have a significant impact on computer forensics and eDiscovery collection practices when it goes into effect later this year. A detailed discussion of Rule 902(14) can be found here.

A key takeaway from the Georgetown Law Technology article is that Facciola believes 902(14) will have a very positive impact by mainstreaming and standardizing electronic evidence collection practices and the supporting technology among the courts and attorneys. Facciola notes: “The proposed Rules will likely reduce litigation costs spent authenticating information, and help foster judicial efficiency and familiarity with technology. Authentication using hash values will allow courts and lawyers to focus on more pressing issues, and will provide courts with the assurance that presented digital evidence is, in fact, what it purports to be.”

Further to this point, Facciola notes that the written certifications provided by eDiscovery and computer forensics practitioners under Rule 902(14) “could illuminate for the court the underlying forensic science that will explain why the evidence being offered can be trusted and relied upon. This is, of course, a welcome alternative to lawyers and courts looking everywhere except the technological basis to determine the authenticity of an email or a Facebook entry.”

The article contains a detailed discussion of hashing as a process of digital identification, which Judge Facciola identifies as a very important process to fulfill the requirements of the Rule: “Hashing provides exactly the proof that Rule 902 requires: that the document is what the attorney states that it is.”

In one regard, Judge Facciola believes the goal of the new Rule is modest, but the Judge is addressing the overall admission of the electronic evidence at hand, including other potential evidentiary objections related to its content, such as hearsay, relevance, and other matters that are generally beyond the scope of a forensic collection and examination. From the perspective of eDiscovery and computer forensics collection practices however, the article confirms that the impact will be very significant and widespread across the practice.

Most of all, Judge Facciola  predicts a meaningful intangible impact from the rule as judges and lawyers will surely become much more familiar with computer forensic technology, which will lead to more widespread adaption and more rapid development in the law in this area:

“[T]he technology properly understood can lead to further advances in creating new rules that will deal with the other issues of authenticity that are based on a forensic evaluation of how computers operate, and create vitally useful information. Forensic technology may answer quickly whether a particular computer produced this electronically stored information because data created by the system itself can answer that question indubitably in particular case.”

We definitely agree, and in terms of supporting technology to enable compliance with Rule 902(14) and any future related legal developments, X1 Distributed Discovery for enterprise collections and X1 Social Discovery for social media and website collections are geared toward providing such quick and unequivocal answers to questions of ESI authenticity.

Leave a comment

Filed under eDiscovery

December 6, 2016 · 7:47 AM

New Federal Rule of Evidence to Directly Impact Computer Forensics and eDiscovery Preservation Best Practices

At X1, an essential component of our mission is to develop and support exceptional technology for collecting electronic evidence to meet eDiscovery, investigative and compliance requirements. It is also our goal to keep you abreast of important developments in the industry that could ultimately impact collection strategies in the future and, consequently, your business.  To that end, we believe key new Federal Rules of Evidence will have a very significant impact on the practices of our customers and partners.

In a nutshell, the new development is a significant planned amendment to Federal Rule of Evidence 902 that will go into effect one year from now. This amendment, in the form of new subsection (14), is anticipated by the legal community to significantly impact eDiscovery and computer forensics software and its use by establishing that electronic data recovered “by a process of digfederalrulesofevidence-188x300_flat2ital identification” is to be self-authenticating, thereby not routinely necessitating the trial testimony of a forensic or technical expert where best practices are employed, as certified through a written affidavit by a “qualified person.” Notably, the accompanying official Advisory Committee notes specifically reference the importance of both generating “hash values” and verifying them post-collection as a means to meet this standard for self-authentication. This digital identification and verification process can only be achieved with purpose-built computer forensics or eDiscovery collection and preservation tools.

Rule 902, in its current form, enumerates a variety of documents that are presumed to be self-authenticating without other evidence of authenticity. These include public records and other government documents, notarized documents, newspapers and periodicals, and records kept in the ordinary course of business. New subpart (14) will now include electronic data collected via a process of digital identification as a key addition to this important rule.

Amended Rule 902, in pertinent part, reads as follows:

Rule 902. Evidence That Is Self-Authenticating
The following items of evidence are self-authenticating; they require no extrinsic evidence of authenticity in order to be admitted:
* * *
(14) Certified Data Copied from an Electronic Device, Storage Medium, or File.
Data copied from an electronic device, storage medium, or file, if authenticated by a process of digital identification, as shown by a certification of a qualified person that complies with the certification requirements of Rule 902(11) or (12).

The reference to the “certification requirements of Rule 902(11) or (12)” is a process by which a proponent seeking to introduce electronic data into evidence must present a certification in the form of a written affidavit that would be sufficient to establish authenticity were that information provided by a witness at trial. This affidavit must be provided by a “qualified person,” which generally would be a computer forensics, eDiscovery or information technology practitioner, who collected the evidence and can attest to the requisite process of digital identification utilized.

In applying Rule 902(14), the courts will heavily rely on the accompanying Judicial Conference Advisory Committee notes, which provide guidance and insight concerning the intent of the laws and how they should be applied. The Advisory Committee notes are published alongside the statute and are essentially considered an extension of the rule. The second paragraph of committee note to Rule 902(14) states, in its entirety, as follows:

“Today, data copied from electronic devices, storage media, and electronic files are ordinarily authenticated by ‘hash value.’ A hash value is a number that is often represented as a sequence of characters and is produced by an algorithm based upon the digital contents of a drive, medium, or file. If the hash values for the original and copy are different, then the copy is not identical to the original. If the hash values for the original and copy are the same, it is highly improbable that the original and copy are not identical. Thus, identical hash values for the original and copy reliably attest to the fact that they are exact duplicates. This amendment allows self-authentication by a certification of a qualified person that she checked the hash value of the proffered item and that it was identical to the original. The rule is flexible enough to allow certifications through processes other than comparison of hash value, including by other reliable means of identification provided by future technology.”

The Advisory Committee notes further state that Rule 902(14) is designed to streamline the admission of electronic evidence where its foundation is not at issue, while providing a notice procedure where “the parties can determine in advance of trial whether a real challenge to authenticity will be made, and can then plan accordingly.” While this rule provides that properly certified electronic data is now afforded a strong presumption of authenticity, the opponent may still lodge an objection, but the opponent now has the burden to overcome that presumption.  Additionally, the opponent remains free to object to admissibility on other grounds, such as relevance or hearsay.

Significant Impact Expected

While Rule 902(14) applies to the Federal Courts, the Rules of Evidence for most states either mirror or closely resemble the Federal Rules of Evidence, and it is thus expected that most if not all 50 states will soon adapt this amendment.

Rule 902(14) will most certainly and significantly impact computer forensics and eDiscovery practitioners by reinforcing best practices. The written certification required by Rule 902(14) must be provided by a “qualified person” who utilized best practices for the collection, preservation and verification of the digital evidence sought to be admitted. At the same time, this rule will in effect call into question electronic evidence collection methods that do not enable a defensible “digital identification” and verification process. In fact, the Advisory Committee notes specifically reference the importance of computer forensics experts, noting that a “challenge to the authenticity of electronic evidence may require technical information about the system or process at issue, including possibly retaining a forensic technical expert.”

In the eDiscovery context, I have previously highlighted the perils of both custodian self-collection for enterprise ESI collection and “print screen” methods for social media and website preservation. Rule 902(14) should provide the final nail in the coffin for those practices. For instance, if key social media evidence is collected through manual print screen, which is not a “process of digital identification” under Rule 902(14), then not only will the proponent of that evidence fail to take advantage of the efficiencies and cost-savings provided by the rule, they will also invite heightened scrutiny for not preserving the evidence utilizing best practices. The same is true for custodian self-collection in the enterprise. Many emails and other electronic documents preserved and disclosed by the producing party are often favorable to their case.  Without best practices utilized for enterprise data collection, such as with X1 Distributed Discovery, that information may not be deemed self-authenticating under this new rule.

In the law enforcement field, untrained patrol officers or field investigators are too often collecting electronic evidence in a manual and haphazard fashion, without utilizing the right tools that qualify as a “process of digital identification.” So for an example, if an untrained investigator collects a web page via the computer’s print screen process, that printout will not be deemed to be self-authenticating under Rule 902(14), and will face significant evidentiary hurdles compared to a properly collected web page via a solution such as X1 Social Discovery.

Also being added to Federal Rule of Evidence 902 is subpart (13), which provides that “a record generated by an electronic process or system that produces an accurate result” is similarly self-authenticating. This subpart will also have a beneficial impact on the computer forensics and eDiscovery field, but to a lesser degree than subpart (14). I will be addressing Rule 902(13) in a future post. The public comment period on amendments (13) and (14) is now closed and the Judicial Conference of the United States has issued its final approval. The amendments are currently under review by the US Supreme Court. If the Supreme Court approves these amendments as expected, they will become effective on December 1, 2017 absent Congressional intervention.

To learn more about this Rule 902(14) and other related topics, we’d like to invite you to watch this 45 minute webinar discussion led by David Cohen, Partner and Chair of Records & eDiscovery Group at Reed Smith LLP. The 45 minute webinar includes a Q&A following the discussion. We look forward to your participation.

Watch now > 

1 Comment

Filed under Authentication, Best Practices, eDiscovery, eDiscovery & Compliance, Enterprise eDiscovery, Information Governance, Social Media Investigations

August 5, 2016 · 8:13 AM

Key Social Media Evidence Missed, Court Finds “No Justification” for Defense Counsel’s Failure to Perform Adequate Pre-Trial Social Media Investigation

Law Journal for webLast week the US District Court of Appeals, 10th Circuit, affirmed a trial court’s ruling denying a motion for new trial based in part on newly discovered (post trial) social media evidence. Xiong vs. Knight Transportation, (D.C. No. 1:12-CV-01546-RBJ) (D. Colo. July 27, 2016). This decision illustrates the importance of performing a diligent and timely social media evidence investigation, most certainly before trial.

The case involved a major traffic collision, where a Knight Transportation truck collided with Plaintiff’s car, forcing it into the median where it overturned multiple times. Xiong suffered a spinal compression fracture from the accident. The Plaintiff, her family and friends all testified at trial that she incurred severe pain from her injuries, which impacted her social life and daily activities. The jury awarded Xiong $832,000.

After the trial, a paralegal employed by Knight Transportation’s counsel found a litany of Facebook evidence apparently showing Xiong taking a trip to Las Vegas, visiting nightclubs, attending a wedding and smiling happily with friends at restaurants. Based upon the results of this Facebook investigation, Knight Transportation’s counsel hired a private investigator to follow Xiong and record her daily activities, which led to even further evidence supporting the defense’s case.

Citing this newly discovered Facebook and Facebook-derived evidence, Defendant Knight Transportation filed a motion for new trial. However, the district court denied Knight Transportation’s motion, finding that “the new (Facebook) evidence could have been discovered before trial and Knight offered no justification for its failure to develop it earlier.” The appellate court upheld the trial court’s decision.

A key apparent flaw in Knight Transport’s social media investigation, as suggested by the court’s written opinion, was that the investigation team seemingly only realized after it was too late that a Facebook page maintained by Plaintiff’s cousin contained social media evidence relevant to the case. This illustrates the importance of not only performing a timely social media investigation, but one that utilizes proper technology to enable a scalable and cost-efficient effort that is not limited to a small number of screen captures.

When rudimentary tools such as web browsers and print screen are used, social media investigations are indeed burdensome, costly and inefficient. A single publically available Facebook account may take hours to review manually, and may often require over 100 screen captures to collect with manual processes. This limits the ability to branch out to other sources of publically available information, such as key friends, spouses and, as in this case, a close cousin.

However, with the right software, such investigations can be the foundation of a very scalable, efficient and highly accurate process. Instead of requiring hours to manually review and collect a public Facebook account, the right specially designed software, like X1 Social Discovery, can collect all the data in minutes into an instantly searchable and reviewable format.

So as with any form of digital investigation, feasibility (as well as professional competence) often depends on utilizing the right technology for the job.  As law firms, law enforcement, eDiscovery service providers and private investigators all work social discovery investigations into standard operating procedures, it is critical that best practices technology is incorporated to get the job done.

Leave a comment

Filed under Case Law, eDiscovery, Social Media Investigations