Category Archives: Uncategorized

Practice Tool: Sample FRE 902(14) Certification to Authenticate Social Media Evidence

As part of our continuing coverage of Federal Rule of Evidence 902(14), which goes into effect on Friday December 1, 2017, we will be making available further resources and analysis over the next few weeks in support of this new and important development. To review, FRE 902(14) provides that electronic data recovered “by a process of digital identification” is to be self-authenticating, thereby not routinely necessitating the trial testimony of a forensic or technical expert where best practices are employed. Instead, such properly collected electronic evidence can be certified through a written declaration by a “qualified person.” This rule will have a significant impact on computer forensics and eDiscovery collection practices. A detailed discussion of Rule 902(14) can be found here.

Today we are providing an example of a Rule 902(14) certification for the authentication of social media evidence collected by X1 Social Discovery. This sample document is for general information purposes only. Your use of this example 902(14) certification is at your own risk, and you should not use this sample documents without first seeking professional legal advice. The provision of this sample document (and the document itself) does not constitute legal advice or opinions of any kind. So with those legal disclaimers, here is the sample 902(14) certification:

Certification under Federal Rule of Evidence 902(14)

(Example Only for demonstration purposes)

 

I, __________________, hereby declare and certify:

 

  1. I am currently a (paralegal) (computer forensic specialist) (electronic discovery specialist) employed by “My Organization” (“My Organization”). My Organization specializes in the discovery, collection, investigation, and production of electronic information for investigating and handling computer-related crimes and misuse as well as for in support of discovery for civil litigation matters. I am responsible for conducting computer forensic investigations and providing electronic discovery and litigation support.

 

  1. I have participated in more than 100 investigations and preservation efforts from social media sites and other Internet websites, and was the lead on approximately 20 of those investigations. These investigations involved finding relevant electronic information in support of internal investigations, civil litigation and criminal matters. In the course of these investigations, I was responsible for performing in-depth analyses and providing documentation and related materials in support of criminal and civil matters for law firms/litigation support consulting firms, (or for law enforcement agencies at the federal and local level)

 

  1. I have accumulated extensive experience in the identification, preservation, retrieval, analysis, and documentation of computer-related information, including both data at rest and social media evidence and other internet based electronic evidence in support of computer investigations and ongoing litigation matters.

 

  1. I am a licensed user of X1 Social Discovery (“X1”), the leading software used by law firms, law enforcement, government regulatory agencies and litigation support consultants world-wide. X1 Social Discovery is available for purchase by the general public and is generally accepted in the eDiscovery and computer investigation industry. X1 Social Discovery aggregates comprehensive social media content and web-based data into a single user interface, while preserving critical metadata not possible through image capture “screenshot”, or simple computer screen printouts.

 

  1. X1 Social Discovery includes an automated function to generate an MD5 “hash value” immediately upon the collection of an item of social media evidence or a webpage. The Committee notes to Federal Rule of Evidence 902(14) define a hash value as follows: “Today, data copied from electronic devices, storage media, and electronic files are ordinarily authenticated by ‘hash value.’ A hash value is a number that is often represented as a sequence of characters and is produced by an algorithm based upon the digital contents of a drive, medium, or file. If the hash values for the original and copy are different, then the copy is not identical to the original. If the hash values for the original and copy are the same, it is highly improbable that the original and copy are not identical. Thus, identical hash values for the original and copy reliably attest to the fact that they are exact duplicates.”

 

  1. X1 Discovery, Inc., the software company that develops X1 Social Discovery, makes freely available a separate hash value verification software utility that will recalculate the hash value of an item of electronic evidence that was previously collected by X1 Social Discovery to verify that the evidence has not changed since it was collected by X1. If the “verification” hash value generated by the verification utility is the same as the hash value originally calculated by X1 Social Discovery at the time of the acquisition of the item of electronic evidence, then the identical hash values reliably attest to the fact that the evidence, and any exact duplicates thereof, have not changed.

 

  1. I was retained by attorneys for Defendants to provide examination, preservation and analysis of social media evidence in the present case. Pursuant to this request I collected numerous social media evidence from Twitter, Instagram, and Facebook using the X1 Social Discovery software. Attached as Exhibit “A” are the following items of social media evidence:

 

  1. A Facebook post that was publicly available on Plaintiff’s Facebook dated July 10, 2017, which was acquired by me on September 3, 2017 at 3:45pm.
  2. A Twitter post (Tweet) that was publicly available on Acme company’s Twitter feed dated July 13, 2017, which was acquired by me on September 3, 2017 at 3:48pm.
  3. An Instagram post that was publicly available on Plaintiff’s spouses’ Instagram feed dated July 18, 2017, which was acquired by me on September 3, 2017 at 3:55pm.

 

  1. When the items described above were acquired by X1 Social Discovery, the software automatically generated and assigned a hash value based upon the contents of the evidence. This is termed the “acquisition hash.” Using the hash value verification software utility, I recalculated the hash value of the 3 items listed above, on 12/4/17, shortly before I prepared this declaration. The verification hash in all instances were the same as the acquisition hash value, as set forth in the following table:

902 Certification Table

  1. The identical hash values reliably attest to the fact that the evidence has not changed.

 

I declare under penalty of perjury under the laws of the United States of America that the foregoing is true and correct. Executed this _th day of December 2017 in Los Angeles, California.

 

 

______________________

Signature of Declarant

 

Download a copy of this example Certification here >

Leave a comment

Filed under Authentication, Best Practices, Social Media Investigations, Uncategorized

GDPR Compliance Requires Effective Enterprise eDiscovery Search and Analysis Capabilities

The European General Data Protection Regulation (GDPR), which will be in full force in May 2018, promises to profoundly impact global organizations, requiring the overhaul of their data audit and information governance processes. The GDPR requires that an organization have absolute knowledge of where all EU personal data is stored across the enterprise, and be able to remove it when required.

GDPR-stampGDPR’s potentially significant penalties, which can be up to 4% of total global revenues or 20 million euro (whichever is greater), clearly have teeth and are intended to attain meaningful compliance.  However, The CXP Group, a leading IT research firm notes in an industry report that, “compliance with GDPR will only be legally (effectuated) if an organization is able to identify exactly where data is.”

Under the GDPR, a European resident can request — effectively on a whim — that all data an enterprise holds on them be identified and also be removed. Organizations will be required to establish a capability to respond to such requests. Actual demonstrated compliance will require the ability to search across all data sources in the enterprise for data, including distributed unstructured data located on desktops and file servers.

The GDPR specifies processes and capabilities organizations must have in place to ensure the personal data of EU residents is secure, accessible, and can be identified upon request. Its articles and principles set out several obligations organizations will need to address, including the points enumerated below. These requirements can only be complied with through an effective enterprise eDiscovery search capability:

  • Data minimization: Enterprises should only collect and retain as little personal data on EU subjects as possible. Corporate privacy attorneys advising clients on GDPR and EU privacy shield compliance, note that unauthorized “data stashes” maintained by employees on their distributed unstructured data sources is a key problem, requiring companies to search all endpoints to identify information including European phone numbers, European email address domains and other personal identifiable information.
  • Enforcement of Right to be forgotten: An individual’s personal data must be identified and deleted on request.
  • Effective incident response: If there is a compromise of personal data, an organization must have the ability to perform enterprise-wide data searches to determine and report on the extent of such breaches and resulting data compromise within seventy-two (72) hours.
  • Accountability: Log and provide audit trails for all personal data identification requests and remedial actions.
  • Enterprise-wide data audit: Identify the presence of personal data in all data locations and delete unneeded copies of personal data.

A mandatory aspect of GDPR compliance is the ability to demonstrate and prove that personal data is being protected, requiring information governance capabilities that allow companies to efficiently produce the documentation and other information necessary to respond to auditors’ requests. Many consultants and other advisors are helping companies establish GDPR compliance programs, and are documenting policies and procedures that are being put in place.

However, while policies, procedures and documentation are important, such GDPR compliance programs are ultimately hollow without consistent, operational execution and enforcement. CIOs and legal and compliance executives often aspire to implement information governance programs like defensible deletion and data audits to detect risks and remediate non-compliance. However, without an actual and scalable technology platform to effectuate these goals, those aspirations remain just that. For instance, recent IDG research suggests that approximately 70% of information stored by companies is “dark data” that is in the form of unstructured, distributed data that can pose significant legal and operational risks.

To achieve GDPR compliance and also EU data shield certification, organizations must ensure that explicit policies and procedures are in place for handling personal information, and just as importantly, the ability to prove that those policies and procedures are being followed and operationally enforced. What has always been needed is gaining immediate visibility into unstructured distributed data across the enterprise, through the ability to search and report across several thousand endpoints and other unstructured data sources, and return results within minutes instead of days or weeks. The need for such an operational capability is further heighted by the urgency of GDPR compliance.

X1 Distributed Discovery (X1DD) represents a unique approach, by enabling enterprises to quickly and easily search across multiple distributed endpoints and data servers from a central location.  Legal and compliance teams can easily perform unified complex searches across both unstructured content and metadata, obtaining statistical insight into the data in minutes, instead of days or weeks. With X1DD, organizations can also automatically migrate, collect, delete, or take other action on the data as a result of the search parameters.  Built on our award-winning and patented X1 Search technology, X1DD is the first product to offer true and massively scalable distributed searching that is executed in its entirety on the end-node computers for data audits across an organization. This game-changing capability vastly reduces costs while greatly mitigating risk and disruption to operations.

X1DD operates on-demand where your data currently resides — on desktops, laptops, servers, or even the Cloud — without disruption to business operations and without requiring extensive or complex hardware configurations. Beyond enterprise eDiscovery, GDPR and other information governance compliance functionality, X1DD includes the award-winning X1 Search, improving employee productivity while effectuating that all too illusive actual compliance with information governance programs, including GDPR.

Leave a comment

Filed under Comliance, Data Audit, eDiscovery, Uncategorized

Microsoft Outlines its O365 eDiscovery Strategy

Earlier this month, Microsoft eDiscovery expert Rachi Messing, who manages Microsoft’s Office 365 eDiscovery platform, headlined a webinar hosted by D4, LLC, where he provided extensive insights into Microsoft’s compliance and eDiscovery strategy and the company’s strong dedication to the effort. X1 also presented and discussed the integrated workflow of Microsoft Office 365 (“O365”) with X1 Distributed Discovery.

The adoption of cloud-based Microsoft Office 365 (“O365”) within enterprises is growing exponentially. The majority of enterprises have adopted O365 or plan to do so in the next two years. Microsoft provides an integrated eDiscovery capability as a module in O365, and is dedicating a lot of effort and resources to it in order to provide a go-to solution for the eDiscovery of all information located within O365. Messing noted that “the world of work is changing and Office 365 is a major force for this transformation.”

Messing also recognized in his presentation that effectively addressing eDiscovery within O365 is essential to facilitating cloud adaption. This is I think a very important point. The significant cost-benefits associated with cloud migration can be negated if an efficient and effective eDiscovery search and retrieval of that data is not available or is overly cumbersome. By providing such an eDiscovery capability within the O365 Security and Compliance Center, Messing correctly believes that this will encourage wider and faster adoption of Office 365.

Microsoft is making a lot of advancements with O365 and will continue to do so. However, Messing acknowledged a key gap, as while most organizations that have adopted O365 have done so while keeping a lot of data on premise, such as on desktops, fileshares, and on-premise SharePoint. Messing pointed to X1 Distributed Discovery as a solution to systematically address the on-premise data and non-Microsoft cloud sources that contain electronically stored information which need to be preserved and collected from.

X1 Distributed Discovery (X1DD) is uniquely suited to complement and support O365 with an effective and defensible process and has distinct advantages over other eDiscovery tools that solely rely on permanently migrating ESI out of O365. X1DD enables organizations to perform targeted search and collection of the ESI of up to thousands of endpoints and other sources, all in a unified fashion. The search results are returned in minutes, not weeks, and thus can be highly granular and iterative, based upon multiple keywords, date ranges, file types, or other parameters. Using X1DD, non-O365 data sources are searched in place in a very targeted and efficient manner, and all results can be consolidated into Microsoft’s O365 review platform or another review platform such as Relativity. This approach typically reduces the eDiscovery collection and processing costs by at least one order of magnitude (90%), and provides a very effective and complete eDiscovery capability for hybrid O365 and on-premise environments. X1DD is also a very effective migration and information governance platform to facilitate enterprise-wide transitions to O365.

You can review a recording of this webinar here.  And for a demonstration or briefing on X1 Distributed Discovery, please contact us.

Leave a comment

Filed under Uncategorized

Microsoft Office 365 is Disrupting the eDiscovery Industry in a Major and Permanent Fashion

The adoption of cloud-based Microsoft Office 365 (“O365”) within enterprises is growing exponentially. According to a 2016 Gartner survey, 78 percent of enterprises use or plan to use Office 365, up from 64 percent in mid-2014. O365 includes built-in eDiscovery tools in the Security and Compliance Center at an additional cost. Many, but not all, O365 customers are utilizing the internal eDiscovery module, to which Microsoft is dedicating a lot of effort and resources in order to provide a go-to solution for the eDiscovery of all information located within O365. o365-logoBased upon my assessment through product demos and discussions with industry colleagues, I believe Microsoft will achieve this goal relatively soon for data housed within its O365 platform. The Equivio eDiscovery team that transitioned over to Microsoft in a 2015 acquisition is very dedicated to this effort and they know what they are doing.

But as I see it, the O365 revolution presents two major takeaways for the rest of the eDiscovery software and services industry. The first major point comes down to simple architecture. Most eDiscovery tools operate by making bulk copies of data associated with individual custodians, and then permanently migrate that data to their processing and/or review platform. This workflow applies to all non-Microsoft email archiving platforms, appliance-based processing platforms, and hosted review platforms. As far as email archiving, a third-party email archive solution requires the complete and redundant duplication, migration and storage of copies of all emails already located in O365. This is counter-productive to the very purpose of a cloud-based O365 investment. We have already seen non-Microsoft email archiving solutions on the decline in terms of market share, and with MS Exchange archiving becoming much more robust, we will only see that trend accelerate.

eDiscovery processing tools and review platforms are also fighting directly against the O365 tide.  This is especially true for processing appliances (whether physical or virtual), which address O365 collections through bulk copy and export of all of the target custodians’ data from O365 and into their appliance, where the data is then re-indexed. Such an effort is costly, time consuming, and inefficient. But the main problem is that clients who are investing in O365 do not want to see all their data routinely exported out of its native environment every time there is an eDiscovery or compliance investigation. Organizations are fine with a very narrow data set of relevant ESI leaving O365 after it has been reviewed and is ready to be produced in a litigation or regulatory matter. What they do not want is a mass export of terabytes of data because eDiscovery and processing tools need to broadly ingest that data in their platform in order to begin the indexing, culling and searching process. For these reasons, most eDiscovery software and compliance archiving tools do not play well with O365, and that will prove to be a significant problem for those developers and the service providers who utilize those tools for their processes.

The second major O365 consideration is that organizations, especially larger enterprises, rarely house all or even most of their data within O365, with hybrid cloud and on-premise environments being the norm. The O365 eDiscovery tools can only address what is contained within O365. Any on-premise data, including on-premise Microsoft sources (SharePoint, Exchange and Office docs on File Shares) cannot be readily consolidated by O365, and neither can data from other cloud sources such as Google Drive, Box, Dropbox and AWS. And of course, desktops, whether physical or virtual, are critical to eDiscovery collections and are also not supported by the O365 eDiscovery tools, with Microsoft indicating that they do not have any plans to soon address all these non-O365 data sources in a unified fashion.

So eDiscovery software providers need to have a good process to perform unified search and collection of non-O365 sources and to consolidate those results with responsive O365 data. This process should be efficient and not simply involve mass export of data out of O365 to achieve such data consolidation.

X1 Distributed Discovery (X1DD) is uniquely suited to complement and support O365 with an effective and defensible process and has distinct advantages over other eDiscovery tools that solely rely on permanently migrating ESI out of O365. X1DD enables organizations to perform targeted search and collection of the ESI of up to thousands of endpoints, as well as O365 and other sources, all in a unified fashion. The search results are returned in minutes, not weeks, and thus can be highly granular and iterative, based upon multiple keywords, date ranges, file types, or other parameters. Using X1DD, O365 data sources are searched in place in a very targeted and efficient manner, and all results can be consolidated into Microsoft’s Equivio review platform or another review platform such as Relativity. This approach typically reduces the eDiscovery collection and processing costs by at least one order of magnitude (90%). For a demonstration or briefing on X1 Distributed Discovery, please contact us.

1 Comment

Filed under Cloud Data, compliance, eDiscovery, Uncategorized

Declining Law Firm Productivity Tied to Information Governance Challenges

A new legal industry study finds a substantial decline in attorney productivity in recent years, significantly reducing law firm profitability. In its 2017 Report on the State of the Legal Market, Thomson Reuters notes that “over the past 10 years, the average billable hours worked by all lawyers across the market declined from 134 billable hours per month in 2007 to 122 through the late part of 2016.” This equals a reduction of 144 billable hours per year per lawyer. The report, by multiplying that total by the average worked rate ($463) for all lawyers in 2016, determined the productivity decline is costing law firms about $66,672 per lawyer per year.

One of the main causes for diminished lawyer productivity is the exponential proliferation of their stored emails and documents and the associated inability to recall important work product and previous e-mail communications. Another industry study assessing the productivity of lawyers and other high-end information knowledge workers found that such professionals on average spend 11.2 hours a week dealing with challenges related to document creation and management. As the table below from the IDC report demonstrates, lawyers and paralegals lose as much as 2.3 hours a week searching, but not finding, the right documents and emails and another 2 hours recreating documents they failed to locate.

Time Spent on Document Management Challenges

productivity-for-law-firms-table2Source: IDC’s Information Worker Survey, June 2012

Applying the same lawyer cost calculations used by Thomson Reuters in their 2017 report (4.3 hours per week X $463 average hourly rate X 49 annual worked weeks) reveals that an effective search capability can dramatically improve law firm productivity by as much as $97,500 annually per lawyer. Even normalizing this analysis for recovered billable time (assuming every hour of gained productivity results in less than a full hour of actual billable time) a law firm of a 1000 attorneys would realize tens of millions per year in recovered billable hours, in addition to important intangible benefits including enhanced work product, improved client satisfaction and attorney morale.

Many law firm attorneys tell us that without the right search solution, they can spend hours looking for a past proposal, a key client communication from several months prior, or many other forms of work product and client communications that are stored in emails, local drives or cloud file shares. If lawyers and paralegals cannot quickly find such information assets, then that represents a serious information governance failure. Time wasted rummaging around for past emails and documents is not billable time and directly cuts into a firms’ profit margin. To be sure, a law firm’s two most important assets are its professionals and their body of work product and other key information. As such, a top priority for law firm management should be to ensure their attorneys have the right productivity search solution to quickly find and retrieve the firms’ information assets.

However, the recurring theme we hear is that outside of the data managed by X1, enterprise search is a source of major frustration for law firms and other organizations. This is confirmed by survey after survey where the vast majority of respondents report dissatisfaction with their current enterprise search platform. Simply put, the traditional approach to enterprise search has not worked. This is largely because most search solutions deployed in recent years focused on IT requirements — which see search as either a technical project or a commodity — rather than an intimate end-user driven requirement that is core to their professional productivity.

And for lawyers especially, “good enough” is not good enough when it comes to their search. It does not make sense to invest in an enterprise search solution for business productivity search, unless there is a significant improvement in the end-users search experience for emails, files and SharePoint data.

At X1, however, many of our customers report dramatic improvements with their productivity search, with firm-wide X1 rollouts being major wins at their organization. We believe that X1’s unique focus on the end-user is the key. You won’t find many other business productivity search solutions where the end users drive demand, instead of the tool being imposed on the end-users by IT or systems integrators. We continually hear countless testimonials from business professionals, at law firms and companies large and small, who swear by their X1 and cannot imagine working without it. In speaking with industry analysts and other experts in the enterprise search field, this is an almost unheard of phenomenon, where end-user satisfaction with the companies’ enterprise search platform is usually around 10-15 percent, verses the 80-85 percent satisfaction ratio we see with X1.

Importantly, X1 is a platform. Users need a single-pane-of-glass view to all of their information – email, files, SharePoint, archives like Veritas Enterprise Vault, OneDrive, Box and other network and cloud sources.  X1 Search provides a user-friendly interface to all information that lets attorneys find what they are looking for in an instant.  But the thousands of X1 end users know all this. The key takeaway for CIOs and other IT executives is that search is an inherently personal user experience, and the number one requirement, by far, for a successful search initiative is enthusiastic end-user adoption. If the lawyers and other business professionals in your organization are not passionately embracing the search solution, then nothing else matters.

Leave a comment

Filed under law firm, productivity, Uncategorized