LITIGATION SUPPORT TIP OF THE NIGHT

Here's another installment of my outline of Electronic Discovery and Digital Evidence in a Nutshell, the second edition of the West Academic guide to electronic discovery law in the United States authored by Judge Shira Scheindlin (the judge in the Zubulake v. UBS Warburg) and members of the Sedona Conference. Tonight's outline covers Chapter IV on the Collection of ESI. An outline of the previous chapter was posted on December 6, 2016.

IV. Collection of ESI

A. Searching All Appropriate Sources

- Relevant ESI may be preserved in place, but not necessarily physically collected.

- Peskoff v. Faber (D.D.C 2006) - adequate search not performed by collecting emails from hard drive. Must also collect emails from:

1. email account

2. email inboxes, sent items of other employees

3. should search for keyword on all files on a hard drive.

4. emails may be recoverable from slack space.

- Obligation to search all emails, does not mean that they all have to be reviewed. i-Med Pharma v. Biomatrix (D.N.J. 2011) broad search terms find 95M pages of data in unallocated file space. Court relieves of burden to review because:

1. burden outweighs value of the data.

2. no evidence that data was relevant.

3. sheer vast number of results.

B. Custodian Based Collection

- Custodian may not be aware of shared drives, cloud based applications, or informal back-up media. IT staff may be more adept at searching and extracting ESI, but have no knowledge of its content.

- BreathableBaby v. Crown Crafts (D. Minn. 2013) - court order to reopen discovery after party refused to search by agreed upon keywords and instead instructed custodians to search 'everything'.

- Nat'l Day Laborer Org. v. U.S. ICE (S.D.N.Y. 2012) re-do of search ordered where government agencies responding to FOIA request didn't record search terms, how it combined them, and whether it searched full text of documents.

- Procaps v. Patheon (S.D. Fla. 2014), Court granted Patheon’s motion for a forensic analysis of Procaps’ electronic media because it permitted its personnel to self-search for ESI without ever seeing Patheon’s discovery requests or without receiving a list of search terms from its counsel.

C. Role of Outside Counsel

- case law does not reject custodian based collection, but instead emphasizes the importance of supervision of the process by counsel.

- Phoenix Four v. Strategic Res. Corp., (S.D.N.Y. 2006) - counsel sanction when unproduced relevant ESI was discovered on partitioned section of server.

- Qualcomm v. Broadcom (S.D. Cal. 2008) - witness testimony at trial that highly relevant emails were not produced. Lawyers sanctioned when 46K emails and documents not produced and no substantial justification for failure to do so. Qualcomm did not est. that it searched computers and databases; after the trial Qualcomm did not conduct an internal investigation; organization has obligation to confirm that person who is testifying as the most knowledgeable person on a subject has that knowledge. Court found it likely that lawyers chose not to look in the correct locations, and did not press Qualcomm employees for the truth. Sanctions against attorneys later vacated, but not against Qualcomm.

D. Forensic Collection

- Unsupported suspicion that responsive ESI may be missing or had been tampered with is not sufficient justification to require forensic collection.

- “mere skepticism that an opposing party has not produced all relevant information is not sufficient to warrant” John B. v. Goetz (6th Cir. 2008).

- Forensic collection warranted when:

1. File has been deleted but recovered is possible.

2. ESI may have been tampered with.

3. important to show ESI usage activity and patterns.

4. Necessary to authenticate a file to show that represented time of creation is accurate.

- Ameriwood v. Liberman (E.D. Mo. 2006) mirror image ordered with computer alleged to have been used to commit the wrong.

E. Collecting Data from Nonparty Hosts

1. Websites and Social Media

- individuals may erroneously believe that the privacy settings on their social media accounts mean that the information is immune from discovery.

- EEOC v. Simply Storage (S.D. Ind. 2010) - scope of production of SNS (social networking sites):

a. SNS content is not immune because it is locked or private.

b. SNS content must be produced when relevant to a claim or defense but not everything must be disclosed

c. “allegations of depression, stress disorders, and like injuries do not automatically render all SNS communications relevant.”

- Romano v. Steelcase (Sup. Ct. Suffolk Co. 2010) - no reasonable expectation of privacy in SNS.

- Facebook Procedures for Parties to Produce FB Accounts:

a. Stored Communications Act prevents private parties from obtaining account contents with subpoenas. Can satisfy discovery requests by using 'Download Your Information' tool. FB may attempt to restore access to deactivated accounts but it can't recover deleted content.

b. FB may provide basic subscriber information when it is indispensable to a case and not within a party's possession, upon service of a valid federal or California subpoena.

2. Mobile Devices

- Technicians must temporarily take possession of devices and image the data. Problems stemming from this can be avoided by Company Owned Personally Enabled 'COPE' policies that allow for data to be access remotely by the employer for preservation and collection.

3. Cloud Computing

- online remote data storage - reducing the need for massive servers

- online remote backup - reducing need for large collections of backup media.

- cloud based applications - reducing the need for technical support staff.

F. Data Collection Checklist

1. Initial Steps

- identify types of records likely to be relevant to claims & defenses.

- identify custodians likely to possess or have knowledge of these records.

- identify information services personnel who can locate custodial and non-custodial sources.

- identify email admins; hardware support personnel, system maintenance, back-up tapes; application & data admins

- identify 3rd party service providers with data in custody & control.

2. Investigating Custodians

- Ask about hardware, mobile devices, email, productivity software, office management software, instant messaging, text messaging, collaborative software, voicemail, databases, server/mainframe applications, internet browsers, publicly available third party platforms (e.g. Facebook, Linkedin), organization-supported platforms (e.g. Yammer or internally created with SharePoint), blogs, email.

- retention of final and draft documents on drives or servers.

- retention of downloaded files

- retention of files on mobile device

- use of removable media

- use of third party storage sites (e.g. Dropbox).

3. Investigating the Hardware Environment

- determine on the enterprise level where records are: use of desktops, laptops, tablets; networks with servers; use of mainframes; use of mobile devices; use of removable media; and use of voicemail systems.

4. Investigating Backup Systems and Archives

- existence of backup media

- frequency of data backups

- schedules for overwriting backup media

- locations of backup media

- process to restore backup media

- backup media solely for disaster recovery.

- existence of archived historical data.

- retention periods for archived historical data.

5. Investigating Applications and Databases

- CAD applications replacing blueprints

- quality assurance applications; financial records; supplier bidding and purchasing applications; product distribution and sales databases; litigation related databases; government relations databases; etc..

6. Investigating Electronic Communication Systems

- overview of systems structure and capabilities

- volume of traffic

- maintenance and retention of message logs.

- retention period for unread messages.

- autodelete settings.

- frequency of overwriting deleted items.

- shared systems with service providers, suppliers or corporate family.

- policies regarding storage of email

Federal Rule of Evidence 902 covers certain types of evidence that are self-authenticating. About a year from now, on December 1, 2017, two new sections will be added to this Rule, assuming they are approved by the Supreme Court and not rejected or modified by Congress. The proposed revisions are given in this report by the Rules Committee of the Judicial Conference of the United States. The first new section, section 13, concerns:

(13) Certified Records Generated by an Electronic Process or System

A record generated by an electronic process or system that produces an accurate result, as shown by a certification of a qualified person that complies with the certification requirements of Rule 902(11) or (12).

The proponent must also meet the notice requirements of Rule 902(11).

So documentation generated by a computer may be considered authentic without additional extrinsic evidence. In noting that certification under this section only covers the admissibility requirements for authenticity, and allows open the possibility for it be objected to on other grounds, the notes to the proposed new section give two examples of types of evidence that may be certified: a printout of a web page, or output from a computer such as a spreadsheet.

The second new section, section 14, concerns:

14) Certified Data Copied from an Electronic Device, Storage Medium, or File.

Data copied from an electronic device, storage medium, or file, if authenticated by a process of digital identification, as shown by a certification of a qualified person that complies with the certification requirements of Rule 902(11) or (12). The proponent also must meet the notice requirements of Rule 902(11).

The notes discuss how the use of hash values (which they define - somewhat inaccurately - as, " unique alpha-numeric sequence of approximately 30 characters that an algorithm determines based upon the digital contents of a drive" - MD5 hash values have 32 characters, and SHA1 hash values have 40 characters) can be used to authenticate data copied from an electronic device without testimony by a foundation witness. A certification can be submitted by a qualified person attesting to the fact that the hash value of an electronic file offered into evidence matches that of the original. The notes also leave open the possibility that technical processes other than hash values can be used to verify copied data.

Here's another installment of my outline Electronic Discovery and Digital Evidence in a Nutshell, the second edition of the West Academic guide to electronic discovery law in the United States authored by Judge Shira Scheindlin (the judge in the Zubulake v. UBS Warburg) and members of the Sedona Conference. Tonight's outline covers Chapter III on The Meet and Confer Rule (Rule 26(f)) and Initial Scheduling Conference (Rule 16). An outline of the previous chapter was posted on November 19, 2016.

III. The Meet and Confer Rule (Rule 26(f)) and Initial Scheduling Conference (Rule 16)

A. The Rule 26(f) Conference

- Must meet before Rule 16 scheduling order is due.

- Focus on preservation; cost; accessibility; issues at stake,

- 2015 Amendments:

- views and proposals re: preservation of ESI.

- 16f3D - ask court to include agreement on privilege issues in a FRE 502 order - no waiver.

-2006 Amendments:

- 26f must discuss preservation; discovery of ESI; form of production; procedure for retrieving inadvertently produced privileged material.

- Consider sampling to determine the scope of sampling - find cost of review & production, yield rate.

- Discuss when metadata must be preserved - case specific consideration.

- Consider bringing technical consultant to meet & confer.

1. PRESERVATION OF EVIDENCE

- Advisory Committee Note - preservation orders should be narrowly tailored, and only if evidence may disappear and a party will be harmed by this.

- Most case law says document retention protocol and hold notices do not have to be produced. But U.S. ex rel. Barko v. Halliburton said holds could be produced b/c widely distributed.

- Documents in Possession, Custody, and Control

i. current and archived records.

ii. current and former employees.

iii. acquired companies and spin-offs.

iv. records of bankrupt entities that migrated.

v. records stored off-site.

- Small v. Univ. Med. Ctr. of So. Nev. (D. Nev.) - possibility of info on personally devices slipping thru cracks requires greater diligence than for company controlled devices. Does a request for ESI on personal device need to be narrowly tailored?

- Goodman v. Praxair (D. Md.) - party has control when it has the legal authority or practical ability to demand access to records, not necessarily physical possession or legal ownership.

2. DISCOVERY OR DISCLOSURE OF ESI

- 2006 Committee Note - early discovery from person w. special knowledge of computer systems useful.

- Da Silva Moore v. Publicis Groupe (S.D.N.Y.) Judge Peck okays use of TAR; recommends that the process be transparent.

- Kleen Prods. v. Packaging Corp. (N.D. Ill.) cooperation mandated by the court in dispute of whether TAR or keyword searching was best.

3. FORM OF PRODUCTION

PDF/TIFF; searchable?; include metadata?

4. RETRIEVING PRIVILEGED INFORMATION

- Clawback or quick peek agreement.

- Agreement should be incorporated in a court order.

- FRE 502 must be discussed at Rule 26f meet and confer.

5. DUTY TO COOPERATE

- 2008 Sedona Cooperation Proclamation -

- Western Convenience v. Suncor Energy (D. Colo.) 357 pages of briefing on motion to quash subpoena could have been avoided if parties put same effort into cooperation.

B. THE RULE 16 CONFERENCE

- 16a court can order pretrial conference

- 16a2 early and continuing control so case will not be protracted because of lack of management.

- 16a3 courts should discourage wasteful pretrial activities.

- Rule 16b order - provisions for ESI discovery; agreement for asserting privilege.

C. INTERPLAY BETWEEN RULE 26(f) AND RULE 16

- After Rule 26f meet and confer parties must submit a written report to the court outlining a proposed discovery plan.

- Rule 26f meet and confer show good faith effort to comply with Rules at the Rule 16 pretrial conference.

- 2015 Amendments additions to Rule 16 order

- preservation of ESI

- FRE 502 agreements.

- Pre-motion conference required before motion re: discovery dispute.

- Rule 16f can sanction attorney if not prepared prepare to participate in Rule 16 conference.

D. RESULTS OF FAILING TO COOPERATE AT THE 26(f) CONFERENCE

- In re Seroquel Prods. (M.D. Fla.) problems with plainly inadequate discovery could have been resolved through cooperation by technical consultants responsible for production on each side. Failure to include knowledgeable electronic discovery consultants in the meet and confer is “antithetical to the Sedona Principles and is not an indicium of good faith.”; “identifying relevant records and working out technical methods for their production is a cooperative undertaking, not part of the adversarial give and take.”

- Atlas Resources v. Liberty Mut. Ins. (D.N.M.) - failure to exercise control over discovery process warrants sanctions when it leads to gross negligence in the discovery process. Examples: including producing a five hundred page document thirty-five times, the purposeful conversion of documents from native format into the useless, disorganized TIFF format, and the failure to conduct adequate searches for information.

E. LOCAL RULES OR COURT GUIDELINES

- N.D. Cal.; D.N.J.; D. Kan.; and D. Md. adopted rules regarding electronic discovery.

- 7th Circuit and S.D.N.Y. 26f conference checklists.