Tag Archives: defensible

August 4, 2015 · 9:06 AM

Gibson Dunn Report: Number of Cases Involving Social Media Evidence “Skyrocket”

By John Patzakis

Global law firm Gibson Dunn has released their esteemed 2015 Mid-Year eDiscovery and Information Law Update.skyrocket In a section dedicated to social media, the Gibson Dunn update reports that “the use of social media continues to proliferate in business and social contexts, and that its importance is increasing in litigation, the number of cases focusing on the discovery of social media continued to skyrocket in the first half of 2015.”

The eDiscovery update addresses key themes and several cases involving key legal issues related to social media evidence, which were previously addressed on this blog. Two key highlights cite cases affirming that mere screenshot printouts of social media evidence are not defensible and clarify overall authentication requirements in order to admit social media evidence in court.

As noted by the report “in the first half of 2015, courts continued to find that the testimony of the individual who printed a copy of a social media webpage, or prepared a memorandum summarizing information obtained from the social media account, is insufficient to authenticate social media evidence.” The report cites Linscheid v. Natus Medical Inc., 2015 WL 1470122, at *5-6 (N.D. Ga. Mar. 30, 2015) (finding LinkedIn profile page not authenticated by declaration from individual who printed the page from the Internet); Monet v. Bank of America, N.A., 2015 WL 1775219, at *8 (Cal Ct. App. Apr. 16, 2015) (finding that a “memorandum by an unnamed person about representations others made on Facebook is at least double hearsay” and not authenticated).

The Report also cited “a major shift” in case law concerning the authentication of social media evidence. The Court of Appeals of Maryland determined that “in order to authenticate evidence derived from a social networking website, the trial judge must determine that there is proof from which a reasonable juror could find that the evidence is what the proponent claims it to be.”  Sublet v. State, 113 A.3d 695, 698, 718, 722 (Md. 2015) (citing U.S. v. Vayner, 769 F.3d 125 (2d Cir. 2014)). Previously in Maryland, social media evidence was admissible only if the judge was “convince[d] . . . that the social media post was not falsified or created by another user.”  Griffin v. State, 19 A.3d 415 (Md. 2011).

Under Sublet, the preliminary determination of authentication is made by the trial judge and is a “context–specific determination” based on proof that “may be direct or circumstantial.” Id. at 715 (citing Vayner). The court noted that “[t]he standard articulated in Vayner … is utilized by other federal and State courts addressing authenticity of social media communications and postings.”

These cases cited by Gibson Dunn illustrate why best practices software is needed to properly collect and preserve social media evidence. Ideally, a proponent of the evidence can rely on uncontroverted direct testimony from the creator of the web page in question. In many cases, such as in the Vayner case where incriminating social media evidence is at issue, that option is not available. In such situations, the testimony of the examiner who preserved the social media or other Internet evidence “in combination with circumstantial indicia of authenticity (such as the dates and web addresses), would support a finding” that the website documents are what the proponent asserts. Perfect 10, Inc. v. Cybernet Ventures, Inc. (C.D.Cal.2002) 213 F.Supp.2d 1146, 1154. (emphasis added) (See also, Lorraine v. Markel American Insurance Company, 241 F.R.D. 534, 546 (D.Md. May 4, 2007) (citing Perfect 10, and referencing MD5 hash values as an additional element of potential “circumstantial indicia” for authentication of electronic evidence).

One of the many benefits of X1 Social Discovery is its ability to preserve and display all the available “circumstantial indicia” or “additional confirming circumstances,” in order to present the best case possible for the authenticity of social media evidence collected with the software. This includes collecting all available metadata and generating a MD5 checksum or “hash value” of the preserved data for verification of the integrity of the evidence. It is important to collect and preserve social media posts and general web pages in a thorough manner with best-practices technology specifically designed for litigation purposes.  For instance, there are over twenty unique metadata fields associated with individual Facebook posts and messages. Any one of those entries, or a combination of them contrasted with other entries, can provide unique circumstantial evidence that can establish foundational proof of authorship.

Leave a comment

Filed under Case Law, eDiscovery, Social Media Investigations

Tagged as , , , , , , , , , , , , , , , ,

July 21, 2015 · 8:47 AM

X1 Social Discovery Available as a Hosted Solution

icons_social_media2X1 Social Discovery is the leading social media and website collection, preservation, and ECA tool on the market.  Customers love it for many reasons:

  • Defensibility: MD5 hash values of individual items are calculated upon capture and maintained through export. Automated logging and reports are generated. Key metadata unique to social media & web streams are captured through deep integration with APIs provided by the publishers. This metadata is important to establishing chain of custody and also provides key evidence relevant to the substantive case as well as authentication.
  • Ease of use: Investigators can take advantage of the patented X1 Search interface that allows fast-as-you-type search, filtering on metadata, and full-fidelity preview of content to quickly find the information of interest.
  • Speed and Scalability: Collect up to hundreds of thousands of items in a single case on an automated basis and search across all the items with lightning fast speed.. Screen shots not only lack defensibility but are far more cumbersome and time consuming.
  • Ease of production: Lawyers love X1 Social Discovery because it fits the litigation workflow perfectly and exports data directly into downstream review tools.  Other customers like the flexible output options such as PDF, native files, or CSV.

To date, X1 Social Discovery has been available only as a local desktop installation.  This works great for customers like law enforcement agencies that need to maintain local possession of evidence by law.  Many law firms and insurance companies we speak with, however, yearn for a hosted solution either because they do not want to manage the huge volume of social media that will be collected or because they are not allowed to possess the content locally.  The latter comes up with many law firms that have made the decision to outsource all evidence handling to service providers, for example, for policy, ethical and cost reasons.

Now, X1 is partnering with D4 and Duff & Phelps to make Social Discovery available on a hosted basis.  This has numerous benefits:

  • Economies of scale on data hosting from cloud providers
  • Do-it-yourself capabilities along with the X1 expertise available from these premier X1 partners
  • Per-matter pricing that allows customers to account for costs by matters (which can be very important to customers like law firms that need to pass through per-matter costs)

In practice, the process is very simple – X1 Social Discovery (which is very deployable in physical, virtual or cloud environments) is stood up in a hosted environment by a service provider. An instance of X1 Social is dedicated to a single case.  The service provider hosts and manages the data, allowing the customer a more economical method of manaing the storage of what can be a high-volume data type.

The highly-respected law firm Lewis Brisbois is taking advantage of this capability early and will be briefly discussing these advantages in tomorrow’s webinar about the importance of social media in litigation.  Already, there are over 800 registrants for this hot topic event.  Attending is a chance to learn how to be ready to handle social media in eDiscovery, as well as why a hosted option can be the right fit.  To join the webinar, click here.

If you would like to talk through the hosted capability further and learn more about the workflow, you can email me directly.

Leave a comment

Filed under SaaS, Social Media Investigations, Social Media Metadata

Tagged as , , , , , , , , , , , , , ,

September 23, 2014 · 10:01 AM

Why Printing Social Media Pages is a Bad Idea and May Violate an Attorney’s Duty of Competence

by John Patzakis

scales-justice-no-printCases involving social media are published on a daily basis, and if social media evidence doesn’t routinely factor into your litigation (if you are a lawyer) or electronic investigation practice (if you are a consultant or in law enforcement) then you are likely missing massive amounts of relevant evidence.

With that in mind, when reviewing the recent case law involving social media evidence over the past several weeks, one case that particularly stands out is Stallings v. City of Johnston, 2014 WL 2061669 (S.D. Ill. May 19, 2014), which clearly illustrates that printing out Facebook pages for production in eDiscovery is a really bad (and expensive) idea.  In this case, plaintiff Jayne Stallings brought suit for wrongful employment termination against the City of Johnston, her former employer. And it seems that Stallings, like millions of others, was an avid and highly opinionated Facebook poster.

So to respond to discovery requests, Plaintiff’s counsel and a paralegal spent a full week printing out the contents of Plaintiff’s Facebook account — which amounted to over 500 printed pages — manually rearranging them, and then redacting them. Plaintiff counsel also claimed that she could not provide the relevant Facebook information on a disk, and thus had to resort to paper production.

This exercise was obviously costly. A week of paralegal and lawyer time could easily run $25,000 and no client should pay anywhere near that amount for a task that, with best practices technology, would require minutes instead of days to perform. But the high cost is only the tip of the iceberg.

The stakes regarding social media evidence are now even higher, as recent revisions to the American Bar Association rule on competence requires lawyers to both understand the basic features of technology and to be informed of the risks and benefits associated with the use (or non-use) of relevant technology. (Model Rules of Prof’l Conduct R. 1.1 cmt 6). Many legal commentators note that the duty of competence arguably requires lawyers to conduct online investigations of opposing parties, key witnesses, jurors, including looking at social media. To do that, lawyers must understand how to utilize social media in the most effective manner.

For instance, there is a wealth of publically available social media evidence relating to opponents and key witnesses alone. Our clients are routinely collecting thousands, and often hundreds of thousands of social media items in a single case. The ability to cast a wider net and quickly sift through the data through powerful searches and metadata filters (and provide a very efficient means for electronic production that Stallings’ lawyer claimed was impossible) enables much more relevant evidence to be found and utilized to advance the case. When lawyers and their representatives resort to print screen, they are dramatically limiting the scope of their collection and are failing to collect key metadata. What should take a few minutes with automated best practice tools would require several days, if not weeks, if the manual print screen command is used. In addition, simple screen captures are not defensible, with several courts disallowing or otherwise calling into question social media evidence presented in the form of a screen shot image.

Modern evidenceThe good news is, unlike other areas of digital evidence, there is no trade-off with speed, cost and defensibility by utilizing best practices technology. Quite the opposite. X1 Social Discovery, is much faster, much more defensible and — as the Stallings case illustrates— much less expensive than print screen. So you can either have your cake and eat it too with X1, or incur much higher costs, overlook mountains of potentially case-winning evidence, arguably violate your ethical duty of competence, and face evidentiary challenges in court with print screen. Your call.

2 Comments

Filed under Best Practices, Social Media Investigations, Social Media Metadata

Tagged as , , , , , , , ,

February 26, 2014 · 1:13 PM

Avoid SharePoint eDiscovery Headaches Before They Begin

by Barry Murphy

Sharepoint no colorLast week, this blog featured highlights from the very successful SharePoint eDiscovery webinar with Reed Smith.  It is a topic that came up time and again in my tenure as an analyst; companies and government Agencies are becoming tightly bound to SharePoint and want to be sure that eDiscovery ordeals can be avoided.

Microsoft SharePoint continues to gain widespread traction in organizations large and small.  A recent Forrester Research survey found that 66% of respondents will deploy SharePoint server in the next 12 months (source: Forrester Research August 2013 Global SharePoint Usage online survey).  The attraction to SharePoint is obvious – the system creates business benefits: enabling collaboration in efficient ways; providing ways to track versions of documents edited by multiple parties; allowing non-technical business people to apply basic workflow to content-driven processes, and providing faster access to information (via search and integration with the MS Office suite of apps).

For the value it creates, SharePoint can cause eDiscovery and information governance headaches if proper planning does not take place.  It is all too easy to assume that if information is searchable, eDiscovery will be no problem when the time comes.  But, as is often the case in life, the devil is in the details.  Because SharePoint allows users to add value to content (e.g. adding workflow tasks), there is the factor of metadata to consider.

In eDiscovery, metadata is a critical component of ESI that can wreak havoc on collection efforts.  When we talk about metadata for native ESI, we are usually concerned about the Operating System (OS) fields that are kept in the File Allocation Table (FAT). Different OS formats support a wide variety of fields such as different dates, attributes, permissions and file name formats (long vs. short). These fields are not usually stored within the actual file and so are very vulnerable to alteration or complete loss when items are read or copied. Forensic collection is focused on preserving this ‘envelope’ information so that evidence can be authenticated and the context reconstructed in court. That is only half of the metadata story. Microsoft Office and other programs retain non-displayed information within the header and body of all common file types, especially with the adoption of the XML based Office 2007 file formats.

This metadata issue is only extended with SharePoint because most collection efforts are focused only on grabbing SharePoint document libraries (as they are stored on file systems).  But SharePoint is so much more than document libraries (if it weren’t, it would simply be another file share sitting out there).

A defensible SharePoint collection solution will be able to capture document libraries, metadata, and truly enable contextual preservation.  When considering a SharePoint collection tool be sure that it:

  • Allows for incremental preservation, monitoring changes, identifying and preserving different document versions, and incrementally preserve to multiple matters over time
  • Maps to custodian access and prevent over-preservation, collecting and preserving only what is relevant to a particular custodian, not the entire SharePoint site
  • Is deployable in the same fashion as SharePoint, which tends to be highly decentralized and siloed; thus the collection solution should be deployable on-demand, directly to SharePoint sites through a highly automated, remote installation, with intuitive administration and operation performed through a standard web browser

At the end of the day, informed customers will make sure that the collection tool can get more than just SharePoint document libraries, but all metadata, as well.  Also, look for solutions that will not impact the production environment too heavily; you don’t want to bring SharePoint to its knees when it is a valuable business application.  And finally, get legal and IT together on the same page about how to reasonably prove that your SharePoint preservation and collection methodologies and tools are defensible.

Leave a comment

Filed under Information Governance

Tagged as , , , , , , , , , , , , , , ,

January 17, 2013 · 9:43 AM

“Act Reasonably” — Two Court-Issued Checklists Outlining Defensible, Targeted ESI Collection

Recently two separate and prominent courts — the federal court for the Northern District of California and the Delaware Court of Chancery (which is the primary court of equity for Delaware registered corporations) issued eDiscovery preservation guidelines. This is not unprecedented as other courts have issued similar written guidance in the form of general guidance or even more enforceable local rules of court specifically addressing eDiscovery protocols. What I found particularly interesting, however, is both courts provided fairly specific guidance on the scope of collection and preservation. In the case of the California court, which notes that its “guidelines are designed to establish best practices for evidence preservation in the digital age,” the Court offers a checklist for Rule 26(f) “meet and confer” conferences with good detail on suggested ESI preservation protocols. The Delaware Court of Chancery also issued a detailed checklist or “sample collection outline.” ESI preservation checklists are useful practice guides, and these are sanctioned by two separate influential courts.

This is important as the largest expense directly associated with eDiscovery is the cost of overly inclusive preservation and collection, which leads to increased volume charges and attorney review costs. To the surprise of many, properly targeted preservation initiatives are permitted by the courts and can be enabled by adroit software that is able to quickly and effectively access and search these data sources throughout the enterprise.

The value of targeted preservation is recognized in the Committee Notes to the FRCP amendments, which urge the parties to reach agreement on the preservation of data and the keywords used to identify responsive materials. (Citing the Manual for Complex Litigation (MCL) (4th) §40.25 (2)).  And In re Genetically Modified Rice Litigation, 2007 WL 1655757 (June 5, 2007 E.D.Mo.), the court noted that “[p]reservation efforts can become unduly burdensome and unreasonably costly unless those efforts are targeted to those documents reasonably likely to be relevant or lead to the discovery of relevant evidence.”

The checklist from the California Northern District and the guidelines issued by the Delaware court are consistent with these principles as they call for the specification of date ranges, custodian names and search terms for any ESI to be preserved. The Northern District checklist, for instance, provides for the identification of specific custodians and job titles of custodians whose ESI is to  be preserved, and also specific search phrases search terms “that will be used to identify discoverable ESI and filter out ESI that is not subject to discovery.”

However, many lawyers shy away from a targeted collection strategy over misplaced defensibility concerns, optioning instead for full disk imaging and other broad collection efforts that exponentially escalate litigation costs. The fear by some is that there always may be that one document that could be missed. However, in my experience of following eDiscovery case law over the past decade, the situations where litigants face exposure on the preservation front typically involve an absence of a defensible process. When courts sanction parties, it is usually because there is not a reasonable legal hold procedure in place, where the process is ad hoc and made up on the fly and/or not effectively executed. I am personally unaware of a published decision involving a fact pattern where a company featured a reasonable collection and preservation process involving targeted collection executed pursuant to standard operating procedures, yet was sanctioned because one or two relevant documents slipped through the cracks.

This is because the duty to preserve requires reasonable efforts, not infallible means, to collect potentially relevant information. As succinctly stated by the Delaware court: “Parties are not required to preserve every shred of information. Act reasonably.”

Another barrier standing in the way of defensible and targeted collection is that searching and performing early case assessment at the point of collection is not feasible in the decentralized global enterprise with traditional eDiscovery and information management tools. What is needed to address these challenges for the de-centralized enterprise is a field-deployable search and eDiscovery solution that operates in distributed and virtualized environments on-demand within these distributed global locations where the data resides. In order to meet such a challenge, the eDiscovery and search solution must immediately and rapidly install, execute and efficiently operate locally, including in a virtual environment, where the site data is located, without rigid hardware requirements or on-site physical access.

This ground breaking capability is what X1 Rapid Discovery provides. Its ability to uniquely deploy and operate in the IaaS cloud also means that the solution can install anywhere within the wide-area network, remotely and on-demand. Importantly, the search index is created virtually in the location proximity of the data subject to collection. This enables even globally decentralized enterprises to perform targeted search and collection efforts in an efficient, defensible and highly cost effective manner. Or, in the words of the Delaware court — the ability to act reasonably.

Leave a comment

Filed under Case Law, Cloud Data, Enterprise eDiscovery, IaaS

Tagged as , , , , , , , , , , ,