Category Archives: Uncategorized

New Sedona Commentary Provides Guidelines for Defensible eDiscovery Collection and Early Data Assessment

The Sedona Working Group on Electronic Document Retention & Production (WG1), recently published for public comment a Commentary on Defense of Process: Principles and Guidelines for Developing and Implementing a Sound E-Discovery Process (“The Commentary”). According to the authors, “the Commentary seeks to address what should be done to prepare for—or better yet, avoid—challenges to process, and how courts should address those disputes that arise.” Public comments are invited through November 15, 2016.

The Commentary provides excellent insight and guidance on many aspects of eDiscovery, with an extensive discussion on defensible ESI collection and culling that is particularly instructive for larger enterprises. This is important, as ESI is growing exponentially and even with the advent of predictive coding, the costs associated with ESI over-collection are often astronomical. The only way to reduce that pain to its minimum is to employ a smart but defensible process to control the volumes of data that enter the discovery pipeline. So the holy grail for large enterprises is a truly scalable capability that targets only potentially relevant ESI for collection. The Commentary provides general guidance on the reasonableness and defensibility of such a capability.

For instance, Principal 7 of the Commentary provides that “A reasonable e-discovery process may use search terms and other culling methods to remove ESI that is duplicative, cumulative, or not reasonably likely to contain information within the scope of discovery.” Comment 7.c notes in part that “search terms are a defensible technique for limiting the number of documents for review and production, provided that care is taken in their development and use.” Additionally, an iterative search process is recommended: “In an iterative process, information in documents returned by the first list of search terms can help attorneys to further refine existing terms or to identify new terms that should be added in subsequent rounds. This process can continue until a reasonable result is achieved.” It is also recommended that the search process be subject to validation and be properly documented.

Also instructive in The Commentary is a hypothetical “illustration” that reflects a smart and effective approach to an enterprise level ESI collection and preservation process:

“Illustration: The responding party has determined that the most efficient way of preserving discoverable emails is to collect the emails that “hit” on a broad set of search terms, rather than to modify the company’s default 30-day retention policy or rely on individual custodians to manually preserve potentially discoverable documents. Since a later determination that the responding party’s search terms were too narrow could come too late to prevent the loss of discoverable information, or cause a significant delay or expense from efforts to restore lost emails from back-up media, it may be prudent for the responding party to notify or seek agreement from the requesting party about the planned preservation approach and the specific search criteria to be applied.”

While the above-cited guidelines are very instructive for a well-designed, cost-effective and defensible process, such a goal is only attainable with the right enterprise technology. With X1 Distributed Discovery (X1DD), parties can perform targeted search and collection of the ESI of hundreds of endpoints over the internal network without disrupting operations. The search results are returned in minutes, not weeks, and thus can be highly granular and iterative, based upon multiple keywords, date ranges, file types, or other parameters. This approach typically reduces the eDiscovery collection and processing costs by at least one order of magnitude (90%), thereby bringing much needed feasibility to enterprise-wide eDiscovery collection that can save organizations millions while improving compliance.

And in line with concepts outlined in The Commentary, X1DD provides a repeatable, verifiable and documented process for the requisite defensibility. For a demonstration or briefing on X1 Distributed Discovery, please contact us.

Leave a comment

Filed under Uncategorized

Defensible Custodian Self-Collection Now a Reality

eDiscovery collection and preservation efforts are often costly, time consuming and burdensome. Even worse, courts continue to routinely dish out punitive sanctions for ESI preservation failures. The volume of Electronically Stored Information is growing exponentially and will only continue to do so. Even with the advent of predictive coding, the costs associated with collecting, processing, reviewing, and producing documents in litigation are the source of considerable pain for litigants. The only way to reduce that pain to its minimum is to use all tools available in all appropriate circumstances within the bounds of reasonableness and proportionality to control the volumes of data that enter the discovery pipeline.

Counsel for large enterprises embroiled in litigation often gravitate to custodian self-collection, as it is a method to limit ESI preservation to only a limited set of documents and email deemed responsive by the individual custodians to the parameters of the litigation hold. However, traditional custodian self-collection is fraught with risk as it is usually not performed in a systemized or defensible manner.  Various custodians are not employing uniform search criteria and methodology across the same case.  Corporate counsel who rely on self-collection lack confidence in the accuracy and thoroughness of the process. Further, an average employee has neither the legal nor the technical expertise needed to identify and/or acquire potentially relevant ESI for purposes of litigation.

In a recent case that dramatically illustrates the perils of custodian self-collection, a company found themselves on the wrong end of a $3 million sanctions penalty for spoliation of evidence. The case illustrates that establishing a litigation hold and notifying the custodians is just the first step. Effective monitoring and compliance with the litigation hold is essential to avoid punitive sanctions. GN Netcom, Inc. v. Plantronics, Inc., No. 12-1318-LPS, 2016 U.S. Dist. LEXIS 93299 (D. Del. July 12, 2016).

In GN Netcom, Plantronics promptly issued a litigation hold, conducted training sessions, and sent quarterly reminders to custodians requiring affirmative acknowledgment of compliance with the hold. Despite these efforts, a senior Plantronics executive deleted relevant emails and asked his subordinates to follow suit. The court ultimately found that Plantronics acted in bad faith, “intend[ing] to impair the ability of the other side to effectively litigate its case.” In addition to the $3 million monetary penalty, Plantronics also faces severe evidentiary sanctions at trial.

At the other end of the spectrum, full disk image collection is another preservation option that, while being defensible, is very costly, burdensome and disruptive to operations. Recently in this blog, I discussed at length the numerous challenges associated with full disk imaging.

Litigators and commentators often pine for the advent of a systemized, uniform and defensible process for custodian self-collection. Conceptually, such an ideal process would be where custodians are automatically presented with a set of their documents and emails that are identified as potentially relevant to a given matter though a set of keywords and other search parameters that are uniformly applied across all custodians. This set of ESI would be presented to the custodian in a controlled interface with no ability to delete documents or emails, and only the ability to review and apply tags. The custodian would have to comply with the order and all documents responsive to the initial unified search would be collected as a default control mechanism.

With X1 Distributed Discovery (X1DD), the option for a defensible custodian assisted review is now a reality. At a high level, with X1DD, organizations can perform targeted search and collection of the ESI of thousands of endpoints over the internal network without disrupting operations. The search results are returned in minutes, not weeks, and thus can be highly granular and iterative, based upon multiple keywords, date ranges, file types, or other parameters. This approach typically reduces the eDiscovery collection and processing costs by at least one order of magnitude (90%), thereby bringing much needed feasibility to enterprise-wide eDiscovery collection that can save organizations millions while improving compliance.

As a key optional feature, X1DD provides custodian assisted review, where custodians are presented with a listing of their potentially relevant ESI though a controlled, systemized and uniform identification process for their review and tagging. Instead of essentially asking the custodians to “please rummage through your entire email account and all your documents to look for what you might think is relevant to this matter,” the custodians are presented with a narrow and organized subset of potentially relevant ESI for their review. While the custodians are able to assist with the review, they cannot impact or control what ESI is identified and preserved; this is controlled and managed centrally by the eDiscovery practitioner. This way, custodians can apply their own insight to the information, flag personal private data, all while effectuating very cost-effective and systematic ESI collection.

The process is very defensible as the exercise is logged and documented, with all metadata kept intact and a concise chain of custody established. I could describe this very important feature a lot further, but candidly the best way to get a full picture is to see it for yourself. I recommend that you view this recorded 9 minute demonstration of X1 Distributed Discovery’s custodian self-review feature here.


We believe X1DD’s functionality provides the optimal means for enterprise eDiscovery preservation, collection and early data assessment, especially with the key additional (and optional) feature of custodian assisted review. But please see for yourself and let us know what you think!

Leave a comment

Filed under Uncategorized


In response to our post two weeks ago identifying widespread social media abuse by jurors that could quite possibly lead to mistrials, a frightened prosecutor and others have inquired about how exactly juror’s social media data should be collected and what the various techniques are. So this follow-up post discusses the mechanics of proactively monitoring jurors that are both empaneled and potential members of your pool.

First and foremost, it is important to understand what not to do. Do not fire up and start following jurors. They will receive a notice that they’re being followed, which is improper under various legal ethics rules. Also, it is not effective technically, as you cannot access or search past tweets very effectively (which are often just as important as ones in real time), and it is very difficult to monitor up to several dozen jurors in your pool.

The right software will allow you to employ several techniques and methods, which are most effective when used in conjunction to comprehensively and ethically search for all publicly available juror social media.

The first method is to set a geo-fence around the courthouse and immediate area. This will collect tweets and Instagram posts in real time, as well as going back several days if needed, to collect any tweet that is geo-located in that area. Here is an example of such an effort:geo fence

Another advantage of this method is that it will capture any geo-located social media posts by not only jurors at the courthouse but also by opposing counsel or witnesses, which happens more often than you would think. Expert witnesses in particular can be prolific on social media as they promote their services and their personal brand. They also often Tweet and share approvingly links to industry articles and blog articles, which can then be considered to be part of their opinion record.

The second method is to set keywords such as #juryduty or “jury duty” across the public feed of social media sites. This will cast a wider net, returning posts from all over the country if not the world. But with the right tools you can quickly be able to filter out the ones that are within your geographical location. This will also capture posts that are not Geotagged by the user.  If your case has any media attention, even just locally or within industry media verticals, it is a very good idea to set up keywords that can identify any mention of your case in public feeds.

And just for fun, here are the top 5 controversial juror posts from just the past few days:

bad tweets

And finally, once you have identified an impaneled juror or a member of the potential pool, and have their social media profile names,  you can quickly and anonymously collect all their past and ongoing public social media content through special software such as X1 Social Discovery. This also has the advantage of instantaneous and unified search across all available social media streams from multiple jurors. You also can set up email alerts so that if a juror or other person of interest posts anything, you will immediately be alerted to that post. This is also an effective technique when following opposing counsel or key witnesses. And it’s often a good idea to your monitor your own clients as well.

For more information about how to conduct effective social medial investigations, please contact us, or request a free demo version of X1 Social Discovery.

1 Comment

Filed under Best Practices, Case Study, Legal Ethics & Social Media, Social Media Investigations, Uncategorized

Print Screen for Social Media Evidence: Not Defensible and Also Very Expensive

As we often note on this blog, courts continue to routinely find that the testimony of an individual who merely printed a copy of a social media webpage is insufficient to authenticate social media evidence. Notable recent cases with such rulings include Linscheid v. Natus Medical Inc., 2015 WL 1470122, at *5-6 (N.D. Ga. Mar. 30, 2015) (finding LinkedIn profile page not authenticated by declaration from individual who printed the page from the Internet); Monet v. Bank of America, N.A., 2015 WL 1775219, at *8 (Cal Ct. App. Apr. 16, 2015) (memorandum by an unnamed person about representations others made on Facebook is at least double hearsay” and not authenticated), and Moroccanoil vs. Marc Anthony Cosmetics, 57 F.Supp.3d 1203 (2014) (Facebook screenshots inadmissible in a trademark infringement without supporting circumstantial information).

These rulings underscore why best practice technology is essential for gathering social media and other Internet evidence. But while many practitioners understand this in terms of defensibility, many operate under the mistaken assumption that manual print screen efforts are a cost-saving shortcut. Nothing could be further from the truth. Stallings v. City of Johnston, 2014 WL 2061669 (S.D. Ill. May 19, 2014), is very instructive as it clearly illustrates that printing Facebook pages for production in eDiscovery is a really bad (and expensive) idea.  In this case, plaintiff Jayne Stallings brought suit for wrongful employment termination against the City of Johnston, her former employer. And it seems that Stallings, like millions of others, was an avid and highly opinionated Facebook poster.

So to respond to discovery requests, Plaintiff’s counsel and a paralegal spent a full week printing out the contents of Plaintiff’s Facebook account — which amounted to over 500 printed screen captures — manually rearranging them, and then redacting the pages. Plaintiff counsel also claimed that she could not provide the relevant Facebook information on a disk, and thus resorted to inefficient paper production – an obviously costly exercise. A week of paralegal and lawyer time could easily run $25,000 and no client should pay anywhere near that amount for a task that, with the right technology, requires minutes instead of days to perform.

Print screen as a social media evidence collection method only leads to higher costs for many reasons, namely because the resulting output is a truncated, unsearchable, flat image that fails to retain the all-important metadata. As a result, a substantial amount of secondary processing must be done to upload the social media images into a standard attorney review platform. The images must be run through OCR, the various requisite metadata fields must be manually entered, and the truncated screen shots reassembled into context so they appear and read as they did in their original state. All this will typically cost thousands of dollars in additional processing fees.

Additionally, when an examiner merely relies on print screen, the scope and thoroughness of the collected social media and Internet evidence is severely limited. This often results in key evidence being overlooked as well as impacting its evidentiary integrity. Employing more automated means, such as X1 Social Discovery, enables the examiner to quickly collect entire web pages and publically available social media accounts, which can be hundreds of pages long. This comprehensive and thorough collection allows the examiner to collect far more potential evidence, preserving all relevant metadata, and having that evidence be immediately searchable and reviewable in a highly effective integrated review platform.

Further, the examiner can build a much stronger case for authentication by constructing timelines, drawing connections between witnesses and their various posts, collecting more corroborating metadata, and a litany of other information to build a compelling circumstantial case to authenticate the social media or web page evidence in question.

And of course another key benefit of X1 Social Discovery is its ability to preserve and display all the available “circumstantial indicia” or “additional confirming circumstances,” in order to present the best case possible for the authenticity of collected social media evidence. This includes collecting all available metadata and generating a MD5 checksum or “hash value” of the preserved data, for verification of the integrity of the evidence.

It is important to collect and preserve social media posts and general web pages in a thorough manner with best-practices technology specifically designed for litigation purposes.  For instance, there are over twenty unique metadata fields associated with individual Facebook posts and messages. Any one of those entries, or a combination of them contrasted with other entries, can provide unique circumstantial evidence that can establish foundational proof of authorship.

So while it can seem counterintuitive as sometimes there is a tradeoff when it comes to legal technology between best practices and costs, manual print screen efforts for social media are not only very costly, they subject clients to evidentiary challenges that could place an entire case in peril. But you can have the best of all worlds with the scalability, cost-saving and defensibility brought by X1 Social Discovery.

Leave a comment

Filed under Uncategorized

VMworld Recap: Major Disruption in Store for Enterprise Search & eDiscovery

by John Patzakis


Last week we attended and exhibited at VMworld 2014 in San Francisco, VMware’s annual conference that brings together over 25,000 thought leaders, subject matter experts, technology providers and IT professionals to immerse themselves in the latest in virtualization and cloud technology. VMworld is now essentially the modern-day COMDEX, spread out among the sprawling Moscone Center. The difference is that VMworld’s exclusive focus is the enterprise, and more specifically the modern and trending IT enterprise. VMworld is where the forward thinking enterprise CIOs are now, and where everyone else will be in the next 2-4 years.

In the opening keynote, VMware CEO Pat Gelsinger — who recently explained to the Wall Street Journal that “we are in the period of the greatest tectonic shift in the IT industry in the last 30 years” — emphasized the trend of “frictionless IT” running the enterprise where “everything is virtualized” utilizing a hybrid mix of on-premise virtualization, public and private cloud.  Frictionless IT involves a model where pools of virtual machines — comprising virtual desktops and servers running in either the public cloud or a private cloud — are managed by IT administrators enterprise-wide from a single console, without physically touching any hardware. This allows for virtual desktops, servers and supporting applications and software upgrades to be rolled out and managed on a highly automated basis, including having resources moved from private to public clouds and back again, all with a few mouse clicks.

So given the importance of this conference to the present and future of enterprise IT, it was highly notable that X1 was the only enterprise search provider present among more than 400 exhibitors. It is actually surprising that no other search vendors were here given how quickly attendees ‘got it.’  They understood that search is the elephant in the room for VDI and other enterprise-stored data and quickly responded positively to X1’s message. The reason for our competitors’ absence, in my opinion, is that nearly all the current enterprise search software vendors, as well as eDiscovery tools, represent legacy technology that does not support deployment into highly virtualized environments. Traditional enterprise search solutions are limited to either appliances or arduous manual on-site installations, neither of which can operate in true virtual environments. In other words, they represent a very high degree of friction, with entrenched architectures that must be completely re-written in order to support virtualization and the new frictionless IT paradigm.

And the thing about truly supporting cloud and on-premise virtualization is that enterprise software vendors cannot fake it with enterprise CIOs and their staff. For instance, there is a high degree of “cloud-washing” in eDiscovery, where vendors host their own attorney review systems on a SaaS basis, and thereby claim they are cloud innovators. And while there is a legitimate but limited use case there, a complete process baked into the enterprise and its information management DNA needs to encompass integrated preservation, collection and early data assessment — including first pass review. Such an eDiscovery system must be on premise and will not survive unless it truly operates in a virtualized environment, whether in the public or private cloud.

Solutions that truly support virtualization are VMware-ready certified, and can also be quickly and remotely installed into the public cloud through a readily available machine image, such as an Amazon Machine Image (AMI) for the Amazon Web Services cloud. In essence, major enterprise software now has to effectively install almost as easily as a mobile phone app.

As an aside, another notable observation that I believe is highly indicative of this “tectonic shift” was the near complete absence of the major systems integrators, with the exception of Capgemini. Most of the other top 10 SIs were completely absent and the few others there had a very minimal presence. This is, again in my opinion, because most of these systems integrators thrive on a “friction” model (think nine-month enterprise software installation), and are struggling to adapt to the new world order.

In our recent discussions with folks at Amazon Web Services, they recounted amusing stories of companies asking to send hardware appliances or teams of expensive consultants to AWS data centers to index and manage their data for enterprise search and eDiscovery purposes. Both scenarios are non-starters for public cloud architectures. This is where X1 is leading the charge for both enterprise search and eDiscovery.

We are very excited about our partnership with VMware, and the hundreds of contacts and new and existing customers we connected with at the show. And more exciting things are to come. Stay tuned for exciting announcements in the coming months. In the meantime, I recommend you start making plans for VMworld next year.

Leave a comment

Filed under Uncategorized