Category Archives: Uncategorized

eDiscovery Collection 3.0: Much Better, Much Faster, Much Cheaper

In his recent blog post, X1 CEO Craig Carpenter discussed the inability of any software provider to solve a critical need by delivering a truly scalable eDiscovery preservation and collection solution. As Craig pointed out, in the absence of such a “holy grail” solution, eDiscovery collection remains dominated by either unsupervised custodian self-collection or manual services, driving up costs while increasing risk and disruption to business operations.

Desktop_virtualization

Craig outlined how endpoint forensic imaging are still employed on a limited basis. Many companies have also tried network crawling methods with repurposed forensic tools. (A “collection 2.1” method, if you will).  While this can be feasible for a small number of custodians, network bandwidth constraints coupled with the requirement to migrate all endpoint data back to the forensic crawling tool renders the approach ineffective. For example, to search a custodian’s laptop with 10 gigabytes of email and documents, all 10 gigabytes must be copied and transmitted over the network, where it is then searched, all of which takes at least several hours per computer. So, most organizations choose to force collect all 10 gigabytes. The case of U.S. ex rel. McBride v. Halliburton Co.  272 F.R.D. 235 (2011), illustrates this specific pain point well. In McBride, Magistrate Judge John Facciola’s instructive opinion outlines Halliburton’s eDiscovery struggles to collect and process data from remote locations:

“Since the defendants employ persons overseas, this data collection may have to be shipped to the United States, or sent by network connections with finite capacity, which may require several days just to copy and transmit the data from a single custodian . . . (Halliburton) estimates that each custodian averages 15–20 gigabytes of data, and collection can take two to ten days per custodian. The data must then be processed to be rendered searchable by the review tool being used, a process that can overwhelm the computer’s capacity and require that the data be processed by batch, as opposed to all at once.”

Halliburton represented to the court that they spent hundreds of thousands of dollars on eDiscovery for only a few dozen remotely located custodians. The need to force-collect the remote custodians’ entire set of data and then sort it out through the expensive eDiscovery processing phase, instead of culling, filtering and searching the data at the point of collection drove up the costs. As such, this network crawling based architecture is fundamentally flawed and cannot scale.

What is needed is the ability to gain immediate visibility into unstructured distributed data across the enterprise, through the ability to search and collect across several hundred endpoints and other unstructured data sources such as file shares, and return results within minutes instead of days or weeks. The approaches outlined above and by Craig Carpenter do not come close to meeting this requirement and in fact actually perpetuate eDiscovery pain.

Solving this collection challenge once and for all is basis for X1 Insight and Collection, which is our eDiscovery collection 3.0 solution.  X1 Insight and Collection (XIC) enables enterprises to quickly and easily search across up to thousands of distributed endpoints and data servers from a central location.  Legal and compliance teams can easily perform unified complex searches across both unstructured content and metadata, obtaining statistical insight into the data in minutes, and full results with completed collection in hours, instead of days or weeks. Built on our award-winning and patented X1 Search technology, XIC is the first product to offer true and massively scalable distributed data discovery across an organization. XIC replaces expensive, cumbersome and highly disruptive approaches to meet enterprise discovery, preservation, and collection needs.

Targeted and iterative end point search is a quantum leap in early data assessment, which is critical to legal counsel at the outset of any legal matter. However, under today’s industry standard, the legal team is typically kept in the dark for weeks, if not months, as the manual identification and collection process of distributed, unstructured data runs its expensive and inefficient course.  To illustrate the power and capabilities of XIC, imagine being able to perform multiple, detailed, Boolean keyword phrase searches with metadata filters across the targeted end points of your global enterprise. The results start returning in minutes, with granular statistical data about the responsive documents and emails associated with specific custodians or groups of custodians.

Once the legal team is satisfied with a specific search string, after sufficient iteration, the data can then be collected by XIC by simply hitting the “collect” button. The responsive data is “containerized” at each end point and automatically transmitted to either a central location, or uploaded directly to Relativity, using Relativity’s import API where all data is seamlessly ready for review. Importantly, all results are tied back to a specific custodian, with full chain of custody and preservation of all file metadata. Here is a recording of a live public demo with Relativity, showing the very fast direct upload from XIC straight into RelativityOne.

This effort described above — from iterative, distributed search through collection and transmittal straight into Relativity from hundreds of endpoints — can be accomplished in a single day. Using manual consulting services, the same project would require several weeks and hundreds of thousands of dollars in collection costs alone, not to mention significant disruption to business operations. Substantial costs associated with over-collection of data would mount as well, and could even dwarf collection costs through unnecessary attorney review time.

XIC operates on-demand where your data currently resides — on desktops, laptops, servers, or even the cloud — without disruption to business operations and without requiring extensive or complex hardware configurations. Beyond enterprise eDiscovery and investigation functionality, organizations can offer employees the award-winning X1 Search, improving productivity while maintaining compliance.

As Relativity Product Manager Barry O’Melia said in the live X1/R1 integration demo, it is something you have to see for yourself to believe. So please check out the demo here, or contact us to arrange for a private demo.

Leave a comment

Filed under Best Practices, Case Law, Case Study, eDiscovery, Enterprise eDiscovery, Uncategorized

Collection 2.0: Has Anything Improved Since 2008?

[Editor’s Note:  Our blog has moved over to x1.com/blog.  We’ll keep posting here for a few more posts to make sure you don’t miss anything, but please take a moment to visit our new site, scroll to the bottom and enter your email to subscribe (or resubscribe) to our blog and get informed of new posts.  Thanks!]

Way back in the nascent years of eDiscovery – let’s say the early 2000s – the industry was a hodge-podge of processes, many of which were still paper-based.   I distinctly remember working as the head of the legal department at a “network security” company (they’re now “cybersecurity” companies) in 2003 and asking custodians to print out anything relevant they could find on their computers and bring to me for review and safekeeping.  As embarrassing as it is to relive 15 years later, this was our preservation and collection 1.0 process at the time, and suffice it to say it was neither efficient nor scalable.

Flash forward several years to 2008 and the preservation and collection process had evolved significantly.  It was by then largely digital and comprised of 3 distinct stages that preceded being able to truly review and analyze ESI: preservation (including the issuance of legal holds), collection and processing.  Preservation and collection were handled one of two ways, namely via custodial self-preservation/collection (where custodians themselves collected potentially relevant ESI) or via the imaging of entire drives, laptops and/or servers.  The former method was supported by workflow vendors like PSS Systems (acquired by IBM), Zapproved and Exterro, while the latter was the province of Guidance Software, AccessData, and RoboCopy among others.  Lastly, the separate step of processing ESI so the enormous volumes of information collected could be staged for review and analysis in a separate platform (e.g. Concordance, Summation, iConect, Relativity, Recommind, etc.) utilized technology like Law, DiscoveryCracker, Nuix, and Clearwell (brilliantly marketed as “ECA”).  This whole workflow took between a month or so for a few custodians to many months or even a year for larger matters with more custodians, and cost from tens of thousands of dollars to many millions – all before an attorney could look at the first document to begin forming an evidentiary strategy of any sort.

That was 2008.  So how are the pre-review/analysis stages handled today, a full decade removed from the time “collection 2.0” became common practice?  Marginally better in areas, but otherwise pretty much the same way it was handled in 2008.  While custodial self-preservation and collection may be less commonplace than it was back then, companies and their service providers generally still image entire drives, laptops or servers with minimal filtering (e.g. simple date ranges and static inclusive/exclusive file-type filtering) which weeds out very little data, then bring these large overcollections to a processing “lab” of sorts where the large data sets are run through Nuix, Law or Relativity processing to enable them to finally be reviewed and analyzed by an attorney for the first time in a review or analysis platform.

While the performance of these collection and processing applications have improved over the last 8 years and pricing-per-GB of data processed has come down significantly, data volume growth has effectively kept the process at parity from 2008 such that it still typically takes months to go from legal hold to first ability to analyze potential evidence in a matter.

Here are the challenges with Collection 2.0 as it is currently conducted:

Massive overcollection.  When entire drives, computers and/or servers are imaged with very little substantive precision, far more ESI is preserved and made subject to the discovery process than is necessary.  In addition to the far greater cost resulting from this (see below), there is enormous, unnecessary risk created as well, e.g. in the production of privileged information or the ability of ancillary or unrelated matters to obtain evidence legally which they wouldn’t otherwise be able to.

Time.  From the time a custodian is first sent a legal hold notice until the time an attorney is first able to look at the ESI that has been collected is typically measured in months, but at minimum several weeks.  During this time, whatever strategy inside and outside counsel are able to formulate is bereft of any evidentiary support, which can have major ramifications on not just how the discovery process is handled, but the speed and cost of every matter.

Complexity.  Ask yourself a simple question: what value to any party does the processing stage deliver?  Why does it even exist?  The (oversimplified) point of discovery is to find and analyze (for oneself) and then share all relevant, reasonably accessible and non-privileged information with the other side.  Processing is a step that only exists because too much information is collected in the first place.  Collect precisely and comprehensively at the beginning and processing becomes unnecessary.

Cost.  Not surprisingly, a process that casts a net far more widely than is necessary before spending many weeks if not months whittling things back down again before anything becomes usable costs a lot more than it should, especially when attorney “first pass review” is factored in.  Simply put, everyone involved in the process except the client makes more money the larger the collection is, the greater volume which must be processed and reviewed and the longer everything takes (in collection, processing and hosting fees).  The loser in all of this?  The client.

Collection 2.0 is a process which remains essentially the same as it was in 2008.  As surprising as this may sound, it becomes more understandable when one considers that only the client is incentivized to improve it while all other players in the process have a major disincentive to do so.  But there is a better way, one which is far faster, less risky and much cheaper for clients: we’re calling it “Collection 3.0”, which will be the subject of a blog post from my colleague John Patzakis next week.

Leave a comment

Filed under Uncategorized

Why I Joined X1

X1 Logo 559w 288t

Two weeks ago I joined X1 as CEO, a company I am convinced is in the process of disrupting not just the eDiscovery industry, but the regulatory compliance and corporate governance markets as well.  As I discussed at length with the X1 team and board of directors during the interview process, I see in X1 a ton of similarities to Recommind circa 2007 (shortly after I joined), alongside several additional advantages we didn’t have at Recommind back then.  Does this guarantee greatness for years to come for X1?  Absolutely not.  But it gives us the opportunity to control our own destiny which is all a software startup can ask.  Here’s why.

  • X1’s team and culture are strong. I have learned the hard way how important culture is, how it can be instrumental in raising a collective effort to new heights or hold an otherwise successful company back from reaching its potential.  X1 is filled with people who have been here for 5, 7, 10 and even 14 years (here’s looking at you Alan!).  People here just want to win, to help make clients successful.  Our balance sheet and cap table are clean.  Revenue is growing nicely and we are cashflow positive.  Our investors, shareholders and board of directors have reasonable expectations about our plans and timelines (so far, anyway J).  X1ers are actually nice, which is a refreshing throwback coming from what has become a frequently cutthroat, arrogant culture amongst many of Silicon Valley’s largest tech companies and VC community.  We are building something special at X1, and if we execute well with a customer-centric focus at all times, everything else – accolades, continued revenue growth and profitability, financial gain – will take care of itself.

 

  • Making information actionable is really hard. When I worked at AccessData, a few VC friends of mine gave me grief for being at a company named after a problem that had already been solved.  “Accessing” information is indeed easy in most cases; however, making the right information “actionable” is an entirely different endeavor that is extremely difficult without X1 software.  What has changed over the last 10-15 years is the sheer volume and variety of information being created and therefore subject to litigation, regulatory scrutiny and corporate governance mandates.  Our industry-leading X1 Social Discovery product is proof of this, but the variety of today’s information doesn’t stop at social media: think of collaboration tools like Slack, Skype or Teams.  Simply put, people communicate in a far more varied way today than they used to, and making these varied data types available and actionable is hard.  I want to be at a company that is already addressing these challenges for our corporate, government, law enforcement and law firm clients, with ample runway to extend these capabilities, and X1 is exactly that.

 

  • The pressure on companies to find and act upon data is enormous. In the last 2 weeks we have done webinars on finding information on the Dark Web and California’s Consumer Privacy Act (CaCPA).  These topics weren’t on corporate radars – and in the latter case didn’t even exist – as recently as last year.  Add in GDPR, the growing impact of cybersecurity/breaches, migration of information to SaaS platforms and the cloud and the ever-present scrutiny of regulatory authorities globally and companies are struggling to make their information actionable as never before.  And this situation is unlikely to get any simpler or easier in the coming years, as the way we all communicate continues to evolve more quickly every year.

 

I have learned over my career (and life for that matter) that timing is a key part of life.  It’s rarely something we can control, but it has a huge impact on all of us.  X1 has a terrific opportunity to fill key customer needs at the exact time they need it, and has a team committed to customer success that genuinely cares.  I am extremely fortunate to be here at this time and can’t wait to see where we can take the company over the next 5 years and beyond.

– Craig Carpenter

Craig Carpenter 250 sq

 

Leave a comment

Filed under compliance, Data Audit, eDiscovery, Information Governance, Uncategorized

eDiscovery Veteran Craig Carpenter Joins X1 as CEO

Today we have some very exciting news: Craig Carpenter has joined X1 as our new CEO. Craig is a seasoned and experienced executive in the eDiscovery and information governance arena, holding several senior executive positions throughout his impressive career, including CEO, EVP of Sales, CMO, COO, and General Counsel.  Craig was an early executive team member of one of the pioneers of eDiscovery software, Recommind, and a key part of that story from startup to creation of an industry-leading brand.  Craig Carpenter 250 sq

Most recently Craig was CEO of Fronteo, which he joined after running sales at Kroll Ontrack. He now brings his proven, customer-centric approach to X1. What I especially like about Craig is his track record as a thought leader and innovator in the legal technology arena. Here is what another thought leader, UK lawyer and renowned eDiscovery expert Chris Dale said last year on his blog, The eDisclosure Project, about Craig:

“Craig Carpenter was personally responsible for much of Recommind’s success in promoting its expertise at predictive coding. This was a tough sell in those days when it was new, and Craig Carpenter tackled the promotional task with vigour. He was also the first person I heard (at a conference in Hong Kong) predict that analytics had a big future role to play in information governance, something which reached fruition when, a long time later, OpenText added Recommind to its stable with precisely that intention in mind.”

I couldn’t agree more. In fact, Craig will be weighing in on very soon with a blog post of his own on why he came to X1, which will include further insight into what Chris Dale says above, so stay tuned. Craig is a central part of X1’s recent growth and expansion. Our X1 eDiscovery and information governance platform has caught fire, fueled in part by our game-changing alliance with Relativity announced earlier this summer. And LegalTech News weighed in today about Craig, noting that “there are few people more equipped to predict the future of e-discovery.” In his interview with Legaltech News, Carpenter said X1’s position aligns well of with his vision of the e-discovery marketplace, where the goal is to “move the strategy formation phase up to the beginning, as opposed to later in the process.”

Besides being a well-known thought leader in eDiscovery, Craig also has forensic technology experience as he served as Chief Marketing Officer and COO of AccessData. Craig began his career as a practicing attorney. He earned both his Juris Doctor and MBA from Santa Clara University (my law school alma mater) and completed his undergraduate studies at UCLA, where he played quarterback on the Bruins’ Pac-10 championship football team. A team, which I might add, could really use his help this season, but I digress.

And speaking of interesting blog posts, look for even more quality content on this site as Craig will be a featured co-blogger going forward. For now, I am very excited to welcome Craig onboard to take the X1 helm!

Leave a comment

Filed under compliance, eDiscovery, eDiscovery & Compliance, Enterprise eDiscovery, Uncategorized

Dark Web Evidence Critical to all Cyber Investigations and Many eDiscovery matters

The dark web is a component of the World Wide Web that is only accessible through special software or configurations, allowing users and website operators to remain anonymous or untraceable. The dark web forms a small part of the deep web, which is the part of the Web not indexed by web search engines. The dark web has gained more notoriety over the past few years and several large criminal investigations have resulted in seizures of both cryptocurrencies and dark web pages and sites. Criminal enterprises involving counterfeiting, hacking, ID and IP theft, narcotics, child pornography, human trafficking, and even murder for hire seek a haven in the mist of encrypted communications and payment, such as Bitcoin, to facilitate their nefarious schemes. dark web

While mining the dark web is critical for many law enforcement investigations, we are also seeing increased focus on this important evidence in civil litigation. Fero v. Excellus Health Plan, Inc., (Jan. 19, 2018, US Dist Ct, NY), is one recent example. Fero arises out of a data breach involving healthcare provider Excellus Health Plan, Inc. According to the complaint, hackers breached Excellus’s network systems, gaining access to personal information millions of individuals, including their names, dates of birth, social security numbers, credit card numbers, and medical insurance claims information. The Plaintiffs brought a class action asserting claims under various federal and state laws.

Initially, the court dismissed the plaintiffs’ case, citing a failure to establish damages and actual misuse by the hackers who allegedly stole their information. However, after conducting a more diligent investigation, the plaintiffs submitted with their motion for reconsideration evidence that the plaintiffs’ PII was placed on the dark web.  This evidence was summarized in an expert report providing the following conclusion:  “it is my opinion to a reasonable degree of scientific certainty that PII and PHI maintained on the Excellus network was targeted, collected, exfiltrated, and put up for sale o[n] DarkNet by the attacker for the purpose of, among other things, allowing criminals to purchase the PII and PHI to commit identity theft.”  Fero, at 17.  Based on this information, the court granted the motion for reconsideration and denied the defendant’s motion to dismiss. In other words, the dark web evidence was game-changing in this high-profile class action suit.

Cases like Fero v. Excellus Health Plan illustrate that dark web evidence is essential for criminal and civil litigation matters alike. Dark Web investigations do require specialized knowledge and tools to execute. For instance, X1 Social Discovery can be easily configured to conduct such dark web investigation and collections.

Recently, Joe Church of Digital Shield led a very informative and instructive webinar on this topic. Joe is one of the most knowledgeable people that I’m aware of out there on dark web investigations, and his detailed presentation did not to disappoint. Joe’s presentation featured a concise overview of the dark web, how its used, and how to navigate it. He included a detailed lesson on tools and techniques needed to search for and investigate key sources of evidence on the dark web. This webinar is a must see for anyone who conducts or manages dark web investigations. Joe also featured a section on how to specifically utilize X1 Social Discovery to collect, search and authenticate dark web evidence. You can review this very informative 30 minute training session (no sign in required) by visiting here.

Leave a comment

Filed under Best Practices, Case Law, Case Study, Cloud Data, dark web, eDiscovery, Preservation & Collection, Social Media Investigations, Uncategorized