Enterprise eDiscovery Collection Remains Costly and Inefficient

2016 marks my sixteenth year as a senior executive in the eDiscovery business. I began my career as a co-founder at Guidance Software (EnCase), serving as General Counsel, CEO and then Vice Chairman and Chief Strategy Officer from 1999 through 2009. After becoming the dominant solution for computer forensics in the early part of the last decade, Guidance set out to define a new field — enterprise discovery collection. Despite a good foundational concept, a truly scalable solution that could search across hundreds, or even thousands, of enterprise endpoints in a short period of time never came to fruition. To date, no other eDiscovery vendor has delivered on the promise of such a “holy grail” solution either. As a result, eDiscovery collection remains dominated by either unsupervised custodian self-collection, or manual services.

tron1

 

Organizations employ limited technical approaches in an effort to get by, and thus enterprise eDiscovery collection remains a significant pain point, subjecting organizations to both significant cost and risks. This post is the first of a two part series on the status of the broken enterprise eDiscovery collection process. Part two will outline a proposed solution.

Currently, enterprises employ four general approaches to eDiscovery collection, with two involving mostly manual methodologies, and the other two predominantly technology-based. Each of the four methods are fraught with inefficiencies and challenges.

The first and likely most common approach, is custodian self-collection, where custodians are sent manual instructions to search, review and upload data that they subjectively determine to be responsive to a matter. This method is plagued with severe defensibility concerns, with several courts disapproving of the practice due to poor compliance, modifying metadata, and inconsistency of results. See Geen v. Blitz, 2011 WL 806011, (E.D. Tex. Mar. 1, 2011), Nat’l Day Laborer Org. v. U.S. Immigration and Customs Enforcement Agency, 2012 WL 2878130 (S.D.N.Y. July 13, 2012).

The second approach is manual services, usually performed by eDiscovery consultants. This method is expensive, disruptive and time-consuming as many times an “overkill” method of forensic image collection process is employed. It also often results in over collection, as the collector typically only gets one bite at the apple, thus driving up eDiscovery costs. While attorney review and processing represent the bulk of eDiscovery costs, much of these expenses stem from over-collection, and thus can be mitigated with a smarter and more efficient process.

When it comes to technical approaches, endpoint forensic crawling methods are employed on a limited basis. While this can be feasible for a small number of custodians, network bandwidth constraints coupled with the requirement to migrate all endpoint data back to the forensic crawling tool renders the approach ineffective. For example, to search a custodian’s laptop with 10 gigabytes of email and documents, all 10 gigabytes must be copied and transmitted over the network, where it is then searched, all of which takes at least several hours per computer. So, most organizations choose to force collect all 10 gigabytes. The case of U.S. ex rel. McBride v. Halliburton Co.  272 F.R.D. 235 (2011), Illustrates this specific pain point well. In McBride, Magistrate Judge John Facciola’s instructive opinion outlines Halliburton’s eDiscovery struggles to collect and process data from remote locations:

“Since the defendants employ persons overseas, this data collection may have to be shipped to the United States, or sent by network connections with finite capacity, which may require several days just to copy and transmit the data from a single custodian . . . (Halliburton) estimates that each custodian averages 15–20 gigabytes of data, and collection can take two to ten days per custodian. The data must then be processed to be rendered searchable by the review tool being used, a process that can overwhelm the computer’s capacity and require that the data be processed by batch, as opposed to all at once.”

Halliburton represented to the court that they spent hundreds of thousands of dollars on eDiscovery for only a few dozen remotely located custodians. The need to force-collect the remote custodians’ entire set of data and then sort it out through the expensive eDiscovery processing phase, instead of culling, filtering and searching the data at the point of collection drove up the costs.

And finally, another tactic attempted by some CIOs to attempt to address this daunting challenge is to periodically migrate disparate data from around the global enterprise into a central location. This Quixotic endeavor is perceived necessary as traditional information management and electronic discovery tools are not architected and not suited to address large and disparate volumes of data located in hundreds of offices and work sites across the globe.  But, boiling the ocean through data migration and centralization is extremely expensive, disruptive and frankly unworkable.

What has always been needed is gaining immediate visibility into unstructured distributed data across the enterprise, through the ability to search and collect across several hundred endpoints and other unstructured data sources such as file shares and SharePoint, and return results within minutes instead of days or weeks. None of the four approaches outlined above come close to meeting this requirement and in fact actually perpetuate eDiscovery pain.

Is there a fifth option? Stay tuned for my next post coming soon.

Leave a comment

Filed under Best Practices, Case Law, eDiscovery, eDiscovery & Compliance, Enterprise eDiscovery, Information Governance, Information Management, Preservation & Collection

SEARCH REVEALS HUNDREDS OF IMPROPER JUROR SOCIAL MEDIA POSTS PER DAY (PART 2)

In response to our post two weeks ago identifying widespread social media abuse by jurors that could quite possibly lead to mistrials, a frightened prosecutor and others have inquired about how exactly juror’s social media data should be collected and what the various techniques are. So this follow-up post discusses the mechanics of proactively monitoring jurors that are both empaneled and potential members of your pool.

First and foremost, it is important to understand what not to do. Do not fire up Twitter.com and start following jurors. They will receive a notice that they’re being followed, which is improper under various legal ethics rules. Also, it is not effective technically, as you cannot access or search past tweets very effectively (which are often just as important as ones in real time), and it is very difficult to monitor up to several dozen jurors in your pool.

The right software will allow you to employ several techniques and methods, which are most effective when used in conjunction to comprehensively and ethically search for all publicly available juror social media.

The first method is to set a geo-fence around the courthouse and immediate area. This will collect tweets and Instagram posts in real time, as well as going back several days if needed, to collect any tweet that is geo-located in that area. Here is an example of such an effort:geo fence

Another advantage of this method is that it will capture any geo-located social media posts by not only jurors at the courthouse but also by opposing counsel or witnesses, which happens more often than you would think. Expert witnesses in particular can be prolific on social media as they promote their services and their personal brand. They also often Tweet and share approvingly links to industry articles and blog articles, which can then be considered to be part of their opinion record.

The second method is to set keywords such as #juryduty or “jury duty” across the public feed of social media sites. This will cast a wider net, returning posts from all over the country if not the world. But with the right tools you can quickly be able to filter out the ones that are within your geographical location. This will also capture posts that are not Geotagged by the user.  If your case has any media attention, even just locally or within industry media verticals, it is a very good idea to set up keywords that can identify any mention of your case in public feeds.

And just for fun, here are the top 5 controversial juror posts from just the past few days:

bad tweets

And finally, once you have identified an impaneled juror or a member of the potential pool, and have their social media profile names,  you can quickly and anonymously collect all their past and ongoing public social media content through special software such as X1 Social Discovery. This also has the advantage of instantaneous and unified search across all available social media streams from multiple jurors. You also can set up email alerts so that if a juror or other person of interest posts anything, you will immediately be alerted to that post. This is also an effective technique when following opposing counsel or key witnesses. And it’s often a good idea to your monitor your own clients as well.

For more information about how to conduct effective social medial investigations, please contact us, or request a free demo version of X1 Social Discovery.

1 Comment

Filed under Best Practices, Case Study, Legal Ethics & Social Media, Social Media Investigations, Uncategorized

Search Reveals Hundreds of Improper Juror Social Media Posts Per Day

The Federal Judicial Center (“FJC”) recently published a report surveying 952 federal district court judges to identify the scope of jurors’ improper use of social media during trial and how the courts are addressing the problem. The FJC’s report, Jurors’ Use of Media During Trials and Deliberations, reflects that despite various prevention efforts, jurors continue to use Facebook, Twitter, Google and other sites in several, and that the courts continue to struggle to detect such usage. According to the survey results, 30 judges identified incidents of improper juror social media usage,

Such misconduct can easily result in a mistrial or even reversal of judgement. In State v. Smith, Sept. 10, 2013, the Tennessee Supreme court vacated a first degree murder conviction on the sole grounds that one of the jurors communicated with a prosecution witness during trial via Facebook. The court lamented that Internet and social media “has exponentially increased the risk….of extra-judicial communications between jurors and third parties.” This decision is but one example of this common occurrence of juror misconduct through social media use, requiring attorneys and jury consultants to engage in on-going passive monitoring of publicly available social media information.

In fact we recently did our own search of the Twittersphere with X1 Social Discovery, and uncovered several hundred improper Juror tweets in a single day (1/13/2016). Here is a small sampling:

juror tweets

 

 

 

 

 

 

 

 

 

 

 

 

 

(click to enlarge)

It is thus no surprise lawyers are increasingly using Twitter to investigate and monitor potential and impaneled jurors. However, this type of monitoring activity can lead to serious attorney ethics violations if direct or even indirect communications are sent to the juror as a result of such monitoring activities. (See e.g. New York County Law Association Formal Opinion No. 743, May 18, 2011). Proxies hired by attorneys, including eDiscovery service providers, investigators and jury consultants are subject to these restrictions, which can also apply to social media communications with witnesses or opposing parties who are represented by counsel.

For this reason, X1 Social Discovery features a specialized “public follow” feature that enables access to all the past Tweets of a specified user (up to 3200 past tweets) and any new Tweets in real-time without generating a formal “follow” request with the resulting problematic communication.. These legal ethics rules concerning indirect social media communications underscores the importance of employing best practices technology to search and collect social media evidence for investigative and eDiscovery purposes.

Collecting evidence in a manner that prevents, or at minimum, does not require that attorneys and their proxies directly or indirectly communicate with the subjects from whom they are collecting social media evidence is a core requirement for solutions that truly address investigative and eDiscovery requirements for social media. In addition to preserving and authenticating social media evidence in a proper manner, X1 Social Discovery provides fast and comprehensive searching of the data in a manner unmatched by any other technology.

It can even potentially prevent a possible mistrial through early detection of a juror’s improper Tweets or Facebook postings.

UPDATED:  Attorney Ignatius Grande, co-chair of the New York State Bar Committee on Social Media, contacted me in response to this post, to point to the Committee’s recently published Social Media Jury Instruction Report. The report describes the scope and challenges from juror social media use during voir dire and trial, as well as proposed amendments to standard jury instructions address such juror misconduct.

 

Leave a comment

January 27, 2016 · 6:12 PM

Terrorist’s Social Media Postings Overlooked: Greater Diligence is Necessary in the Future

by John Patzakis

One of the shooters in the San Bernardino massacre, Tashfeen Malik, made several posts to her Facebook account in 2012 and 2014 that strongly suggested that she held radical Islamic views, according to a New York Times report. Malik, 29, made the postings before she entered the United States on a K-1 fiancée visa in July 2014, the Times said, citing top federal law enforcement officials.

According law enforcement sources, one of the officials said Malik “expressed her desire” in one of the posts to become an Islamic militant in her own right. U.S. officials have said their investigation has yet to turn up evidence that foreign militants directed Farook or Malik when they stormed a holiday gathering of Farook’s co-workers and opened fire with assault-style rifles. The couple fatally shot 14 people and wounded more than 20 in a rampage the Federal Bureau of Investigation said it was treating as an act of terrorism inspired by Islamist militants.

Malik’s Facebook messages indicate that U.S. law enforcement and intelligence officials missed warnings on social media that she was a potential threat before she applied for her U.S. visa.  While there currently is no explicit order banning visa investigators from trawling applicants’ social media accounts, some agencies have been wary about doing so, the official said.

And the perils of overlooking social media evidence apply to all forms of investigations, whether law enforcement or civil legal matters. As noted by attorney Jennifer Ellis in her presentation at the recent May 2015 national American Bar Association conference, “failure to understand how social media can impact clients’ cases could lead to serious damage to a case which might result in a malpractice complaint.” And as noted by a Maryland Appellate court: “It should now be a matter of professional competence for attorneys to take the time to investigate social networking sites.” Griffin v. Maryland, Case No. 1132, Court of Special Appeals Maryland, May 27, 2010, slip op. at 14

However, the NY Times report cites mistaken law enforcement officials who claim it “is impossible to . . . scour the social media accounts” of all potential immigrants and visa applicants. Nothing could be further from the truth.

When rudimentary tools such as web browsers and print screen are used, social media investigations are indeed burdensome and costly. A single publically available Facebook account may take hours to review manually, and may require over 100 screen captures to collect with manual processes. However, with the right software, such investigations can be foundation of a very scalable, efficient and highly accurate process. Instead of requiring hours to manually review and collect that public Facebook account, the right specially designed software, like X1 Social Discovery, can collect all the data in minutes in an instantly searchable and reviewable format.

So like any form of digital investigation, feasibility (as well as professional competence) often depends on utilizing the right technology for the job.  As agencies and companies work social discovery and investigations into standard operating procedures for common processes (visa applications, insurance claims investigations, etc), it is possible that fewer warning signs will be missed.

Leave a comment

Filed under Uncategorized