LITIGATION SUPPORT TIP OF THE NIGHT

The widely used secure file transfer service, Accellion File Transfer Appliance, was compromised by hackers this past December. Accellion posted a notice about the attack, and issued an update for the FTA service which addresses the flaws which allowed the hackers to gain access to data.

Two large law firms, Jones Day LLP and Goodwin LLP, have had data compromised by the Accellion breach. Data transferred by Jones Day to outside parties via Accellion was stolen by the Cl0p ransomware site, but the law firm's network was not actually compromised. In a report by Vice News, Cl0p claims to have take up to 5 GB of data from Jones Day.

Accellion FTA was vulnerable because it is currently near its 'End of Life' - support for Accellion will be discontinued on April 30, 2021. See the notice posted by Accellion here. Accellion has a different file transfer service, kiteworks, which has an entirely different code base - the source code is not the same as that used for Accellion FTA. See this notice.

So, if you receive a file transfer 'FTP' link that indicates it was 'Secured by Accellion', you may want to confirm that the sender has upgraded to Accellion kiteworks, or at least installed patches for FTA since January.

Societe Nationale Industrielle Aerospatiale v. U.S. District Court for the Southern District of Iowa,482 US 522 (1987) was a decision by the United States Supreme Court in which it ruled on the extent to which federal courts must apply the Hague Convention when parties file interrogatories, requests for admissions, production requests on foreign parties over which the courts have jurisdiction. The court rejected the idea that the Convention should be the exclusive vehicle for cross border discovery, and denied the petitioners' argument that the Convention's procedures have to be the first resort whenever discovery is requested from a foreign party. Furthermore the Court ruled that the Convention did not preclude the jurisdiction that the Court would otherwise have to obtain the production of evidence located in another country.

The Supreme Court's decision noted production can be obtained in violation of foreign blocking statutes designed to prevent the transfer of commercially valuable information. The court endorsed a test listed in the Restatement of Foreign Relations Law to analyze whether or not international discovery can be conducted in violation of a foreign blocking statute:

"(1) the importance to the . . . litigation of the documents or other information requested; "(2) the degree of specificity of the request; "(3) whether the information originated in the United States; "(4) the availability of alternative means of securing the information; and "(5) the extent to which noncompliance with the request would undermine important interests of the United States, or compliance with the request would undermine important interests of the state where the information is located."

In 2001, the EU implemented a regulation, Council Regulation (EC) No. 1206/2001, which allows evidence to be taken by litigators in one state from another state in civil matters without using the procedures of the Hague Convention or letters rogatory. So discovery can be accomplished without going through diplomatic channels. Denmark is the only member of the EU which has opted out of the regulation. Courts of different countries in the EU can contact each other directly about exchanging discovery without involving Foreign Affairs ministries.

As with the Hague Convention, central authorities are involved. Under 1206/2001 the central authorities supply information to the courts; address difficulties regarding transmission; and in certain cases, forwarding a request to a court. The requests are subject to the laws of the state from which data is requested, and must be responded to within 90 days. The requests may be denied if the costs of consulting an expert are not disclosed.

To make a request, party must complete Form A or Form I to the regulation. The forms are available on this site.

If you click on the links for the Forms on this site you will be taken to a map of Europe where you can select the state from which you want to collect evidence.

The form can be generated after filling information for the fields on the web site. '

One of the fields, requires, "Nature and subject matter of the case and a brief statement of the facts" and another a "description of the taking of evidence to be performed".