New York Appellate Court Allows “Data Mining” of Social Media accounts for Relevant Information

By John Patzakis

The New York Appellate Division allowed discovery into the non-public information of the social media accounts of a former professional basketball player relevant to his personal injury claims arising out of an automobile accident. In Vasquez-Santos v. Mathew 2019 NY Slip Op 00541 (January 24, 2019), the court held that the defendant may utilize the services of a “data mining” company for a widespread search of the plaintiff’s devices, email accounts, and social media.social-media-cases3

Vasquez-Santos is an extension of a large body of court decisions that allow discovery of a user’s “private” social media messages, posts and photos where that information is reasonably calculated to contain evidence material and necessary to the litigation. Private social media information can be discoverable to the extent it “contradicts or conflicts with [a] plaintiff’s alleged restrictions, disabilities, and losses, and other claims” according the Vasquez-Santos Court.

The Court found that the defendant “is entitled to discovery to….defend against plaintiff’s claims of injury,” and noted that the requested access to plaintiff’s accounts and devices “was appropriately limited in time, i.e., only those items posted or sent after the accident, and in subject matter, i.e., those items discussing or showing defendant engaging in basketball or other similar physical activities.”

Also noteworthy was the Court’s finding that while plaintiff did not take the pictures himself, that was of no import to the decision. He was “tagged,” thus allowing him access to the pictures, and thus populated his social media account.

This decision is consistent with the general rule that while social media is clearly discoverable, there must be a requisite showing of relevance before the court moves to compel full production of a litigant’s “private” social media.

This case illustrates that any solution purporting to support eDiscovery for social media must have robust public search and collection capabilities. This means more than merely one-off screen scrapes but instead an ability to search, identify and capture up to thousands of social media posts on an automated and scalable basis.

X1 Social Discovery has the ability to find an individual’s publicly available content and to collect it in an automated fashion in native format with all available metadata intact to enable systematic and scalable search, review, tagging and analysis. We heard from one major law firm that screen captures of a single public Facebook account took several hours, with the resulting images not searchable or organized into a case-centric workflow. Now with X1 Social Discovery, they are able to accomplish this full capture in seconds. This is critically important to conduct proper due diligence on a case and to better assist legal and investigative professionals to make the requisite showings for the full discovery of social media evidence in civil discovery, as in Vasquez-Santos.

Leave a comment

Filed under Best Practices, Case Law, Case Study, eDiscovery, law firm, Social Media Investigations

In addition to TAR, CAR Can Dramatically Reduce Attorney Review Costs

eDiscovery efforts are often costly, time consuming and burdensome. The volume of Electronically Stored Information is growing exponentially and will only continue to do so. Even with the advent of technology assisted review (TAR), the costs associated with collecting, processing, reviewing, and producing documents in litigation are the source of considerable pain for litigants. The only way to reduce that pain to its minimum is to use all tools available in all appropriate circumstances within the bounds of reasonableness and proportionality to control the volumes of data that enter the discovery pipeline.

Litigators and commentators often pine for the advent of a systemized, uniform and defensible process for custodian self-collection. Conceptually, such an ideal process would be where custodians are automatically presented with a set of their documents and emails that are identified as potentially relevant to a given matter through a set of keywords and other search parameters that are uniformly applied across all custodians. This set of ESI would be presented to the custodian in a controlled interface with no ability to delete documents or emails, and only the ability to review and apply tags and annotations. The custodian would have to comply with the order and all documents responsive to the initial unified search would be collected as a default control mechanism.

With X1 Data Audit and Compliance (XDAC), the option for a defensible custodian assisted review (CAR) is now a reality. At a high level, with XDAC, organizations can perform targeted search and collection of the ESI of thousands of endpoints over the internal network without disrupting operations. The search results are returned in minutes, not weeks, and thus can be highly granular and iterative, based upon multiple keywords, date ranges, file types, or other parameters. This approach typically reduces the eDiscovery collection and processing costs by at least one order of magnitude (90%), thereby bringing much needed feasibility to enterprise-wide eDiscovery collection that can save organizations millions while improving compliance. XDAC includes X1 Insight and Collection for pure eDiscovery use cases.

As a key optional feature, XDAC provides custodian assisted review, where custodians are presented with a listing of their potentially relevant ESI in a controlled, systemized and uniform identification process for their review and tagging. Instead of essentially asking the custodians to “please rummage through your entire email account and all your documents to look for what you might think is relevant to this matter,” the custodians are presented with a narrow and organized subset of potentially relevant ESI for their review.

screenshot

While the custodians are able to assist with the review, they cannot impact or control what ESI is identified and preserved; this is controlled and managed centrally by the eDiscovery practitioner. This way, custodians can apply their own insight to the information and even flag personal private data, all while effectuating very cost-effective and systematic ESI collection.

Powerful Analytics Engine

TAR features powerful algorithms that cluster documents and otherwise work their magic. CAR also relies on a powerful analytics engine — the human brain. Custodians know a lot about their own documents and emails. This is particularly true in technical or other complex matter where the custodians are engineers or other professionals who simply better understand the dynamics and the nuances of their information. With the X1 process, the custodians provide a key data point, where their input is used to inform the secondary review.

The process is very defensible as the exercise is logged and documented, with all metadata kept intact and a concise chain of custody established. Best of all, the custodian-applied tags and annotations are preserved and retained through the review process with X1 integration with Relativity. I could describe this very important feature a lot further, but candidly the best way to get a full picture is to see it for yourself. I recommend that you view this recorded 9 minute demonstration of X1’s custodian self-review feature here.

We believe X1’s functionality provides the optimal means for enterprise eDiscovery preservation, collection and early data assessment, especially with the key additional (and optional) feature of custodian assisted review. But please see for yourself and let us know what you think!

 

Leave a comment

Filed under Best Practices, compliance, Desktop Search, eDiscovery & Compliance, Enterprise eDiscovery

eDiscovery Collection 3.0: Much Better, Much Faster, Much Cheaper

In his recent blog post, X1 CEO Craig Carpenter discussed the inability of any software provider to solve a critical need by delivering a truly scalable eDiscovery preservation and collection solution. As Craig pointed out, in the absence of such a “holy grail” solution, eDiscovery collection remains dominated by either unsupervised custodian self-collection or manual services, driving up costs while increasing risk and disruption to business operations.

Desktop_virtualization

Craig outlined how endpoint forensic imaging are still employed on a limited basis. Many companies have also tried network crawling methods with repurposed forensic tools. (A “collection 2.1” method, if you will).  While this can be feasible for a small number of custodians, network bandwidth constraints coupled with the requirement to migrate all endpoint data back to the forensic crawling tool renders the approach ineffective. For example, to search a custodian’s laptop with 10 gigabytes of email and documents, all 10 gigabytes must be copied and transmitted over the network, where it is then searched, all of which takes at least several hours per computer. So, most organizations choose to force collect all 10 gigabytes. The case of U.S. ex rel. McBride v. Halliburton Co.  272 F.R.D. 235 (2011), illustrates this specific pain point well. In McBride, Magistrate Judge John Facciola’s instructive opinion outlines Halliburton’s eDiscovery struggles to collect and process data from remote locations:

“Since the defendants employ persons overseas, this data collection may have to be shipped to the United States, or sent by network connections with finite capacity, which may require several days just to copy and transmit the data from a single custodian . . . (Halliburton) estimates that each custodian averages 15–20 gigabytes of data, and collection can take two to ten days per custodian. The data must then be processed to be rendered searchable by the review tool being used, a process that can overwhelm the computer’s capacity and require that the data be processed by batch, as opposed to all at once.”

Halliburton represented to the court that they spent hundreds of thousands of dollars on eDiscovery for only a few dozen remotely located custodians. The need to force-collect the remote custodians’ entire set of data and then sort it out through the expensive eDiscovery processing phase, instead of culling, filtering and searching the data at the point of collection drove up the costs. As such, this network crawling based architecture is fundamentally flawed and cannot scale.

What is needed is the ability to gain immediate visibility into unstructured distributed data across the enterprise, through the ability to search and collect across several hundred endpoints and other unstructured data sources such as file shares, and return results within minutes instead of days or weeks. The approaches outlined above and by Craig Carpenter do not come close to meeting this requirement and in fact actually perpetuate eDiscovery pain.

Solving this collection challenge once and for all is basis for X1 Insight and Collection, which is our eDiscovery collection 3.0 solution.  X1 Insight and Collection (XIC) enables enterprises to quickly and easily search across up to thousands of distributed endpoints and data servers from a central location.  Legal and compliance teams can easily perform unified complex searches across both unstructured content and metadata, obtaining statistical insight into the data in minutes, and full results with completed collection in hours, instead of days or weeks. Built on our award-winning and patented X1 Search technology, XIC is the first product to offer true and massively scalable distributed data discovery across an organization. XIC replaces expensive, cumbersome and highly disruptive approaches to meet enterprise discovery, preservation, and collection needs.

Targeted and iterative end point search is a quantum leap in early data assessment, which is critical to legal counsel at the outset of any legal matter. However, under today’s industry standard, the legal team is typically kept in the dark for weeks, if not months, as the manual identification and collection process of distributed, unstructured data runs its expensive and inefficient course.  To illustrate the power and capabilities of XIC, imagine being able to perform multiple, detailed, Boolean keyword phrase searches with metadata filters across the targeted end points of your global enterprise. The results start returning in minutes, with granular statistical data about the responsive documents and emails associated with specific custodians or groups of custodians.

Once the legal team is satisfied with a specific search string, after sufficient iteration, the data can then be collected by XIC by simply hitting the “collect” button. The responsive data is “containerized” at each end point and automatically transmitted to either a central location, or uploaded directly to Relativity, using Relativity’s import API where all data is seamlessly ready for review. Importantly, all results are tied back to a specific custodian, with full chain of custody and preservation of all file metadata. Here is a recording of a live public demo with Relativity, showing the very fast direct upload from XIC straight into RelativityOne.

This effort described above — from iterative, distributed search through collection and transmittal straight into Relativity from hundreds of endpoints — can be accomplished in a single day. Using manual consulting services, the same project would require several weeks and hundreds of thousands of dollars in collection costs alone, not to mention significant disruption to business operations. Substantial costs associated with over-collection of data would mount as well, and could even dwarf collection costs through unnecessary attorney review time.

XIC operates on-demand where your data currently resides — on desktops, laptops, servers, or even the cloud — without disruption to business operations and without requiring extensive or complex hardware configurations. Beyond enterprise eDiscovery and investigation functionality, organizations can offer employees the award-winning X1 Search, improving productivity while maintaining compliance.

As Relativity Product Manager Barry O’Melia said in the live X1/R1 integration demo, it is something you have to see for yourself to believe. So please check out the demo here, or contact us to arrange for a private demo.

Leave a comment

Filed under Best Practices, Case Law, Case Study, eDiscovery, Enterprise eDiscovery, Uncategorized

Collection 2.0: Has Anything Improved Since 2008?

[Editor’s Note:  Our blog has moved over to x1.com/blog.  We’ll keep posting here for a few more posts to make sure you don’t miss anything, but please take a moment to visit our new site, scroll to the bottom and enter your email to subscribe (or resubscribe) to our blog and get informed of new posts.  Thanks!]

Way back in the nascent years of eDiscovery – let’s say the early 2000s – the industry was a hodge-podge of processes, many of which were still paper-based.   I distinctly remember working as the head of the legal department at a “network security” company (they’re now “cybersecurity” companies) in 2003 and asking custodians to print out anything relevant they could find on their computers and bring to me for review and safekeeping.  As embarrassing as it is to relive 15 years later, this was our preservation and collection 1.0 process at the time, and suffice it to say it was neither efficient nor scalable.

Flash forward several years to 2008 and the preservation and collection process had evolved significantly.  It was by then largely digital and comprised of 3 distinct stages that preceded being able to truly review and analyze ESI: preservation (including the issuance of legal holds), collection and processing.  Preservation and collection were handled one of two ways, namely via custodial self-preservation/collection (where custodians themselves collected potentially relevant ESI) or via the imaging of entire drives, laptops and/or servers.  The former method was supported by workflow vendors like PSS Systems (acquired by IBM), Zapproved and Exterro, while the latter was the province of Guidance Software, AccessData, and RoboCopy among others.  Lastly, the separate step of processing ESI so the enormous volumes of information collected could be staged for review and analysis in a separate platform (e.g. Concordance, Summation, iConect, Relativity, Recommind, etc.) utilized technology like Law, DiscoveryCracker, Nuix, and Clearwell (brilliantly marketed as “ECA”).  This whole workflow took between a month or so for a few custodians to many months or even a year for larger matters with more custodians, and cost from tens of thousands of dollars to many millions – all before an attorney could look at the first document to begin forming an evidentiary strategy of any sort.

That was 2008.  So how are the pre-review/analysis stages handled today, a full decade removed from the time “collection 2.0” became common practice?  Marginally better in areas, but otherwise pretty much the same way it was handled in 2008.  While custodial self-preservation and collection may be less commonplace than it was back then, companies and their service providers generally still image entire drives, laptops or servers with minimal filtering (e.g. simple date ranges and static inclusive/exclusive file-type filtering) which weeds out very little data, then bring these large overcollections to a processing “lab” of sorts where the large data sets are run through Nuix, Law or Relativity processing to enable them to finally be reviewed and analyzed by an attorney for the first time in a review or analysis platform.

While the performance of these collection and processing applications have improved over the last 8 years and pricing-per-GB of data processed has come down significantly, data volume growth has effectively kept the process at parity from 2008 such that it still typically takes months to go from legal hold to first ability to analyze potential evidence in a matter.

Here are the challenges with Collection 2.0 as it is currently conducted:

Massive overcollection.  When entire drives, computers and/or servers are imaged with very little substantive precision, far more ESI is preserved and made subject to the discovery process than is necessary.  In addition to the far greater cost resulting from this (see below), there is enormous, unnecessary risk created as well, e.g. in the production of privileged information or the ability of ancillary or unrelated matters to obtain evidence legally which they wouldn’t otherwise be able to.

Time.  From the time a custodian is first sent a legal hold notice until the time an attorney is first able to look at the ESI that has been collected is typically measured in months, but at minimum several weeks.  During this time, whatever strategy inside and outside counsel are able to formulate is bereft of any evidentiary support, which can have major ramifications on not just how the discovery process is handled, but the speed and cost of every matter.

Complexity.  Ask yourself a simple question: what value to any party does the processing stage deliver?  Why does it even exist?  The (oversimplified) point of discovery is to find and analyze (for oneself) and then share all relevant, reasonably accessible and non-privileged information with the other side.  Processing is a step that only exists because too much information is collected in the first place.  Collect precisely and comprehensively at the beginning and processing becomes unnecessary.

Cost.  Not surprisingly, a process that casts a net far more widely than is necessary before spending many weeks if not months whittling things back down again before anything becomes usable costs a lot more than it should, especially when attorney “first pass review” is factored in.  Simply put, everyone involved in the process except the client makes more money the larger the collection is, the greater volume which must be processed and reviewed and the longer everything takes (in collection, processing and hosting fees).  The loser in all of this?  The client.

Collection 2.0 is a process which remains essentially the same as it was in 2008.  As surprising as this may sound, it becomes more understandable when one considers that only the client is incentivized to improve it while all other players in the process have a major disincentive to do so.  But there is a better way, one which is far faster, less risky and much cheaper for clients: we’re calling it “Collection 3.0”, which will be the subject of a blog post from my colleague John Patzakis next week.

Leave a comment

Filed under Uncategorized