Logo
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Forensic Discoveries Newsletter

April 2009
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Welcome to Forensic Discoveries' eDiscovery and Digital Forensics Newsletter. Keeping you and your practice informed of the ever-changing realm and value of Electronic Discovery and Digital Forensics is the purpose of this newsletter. If you have a colleague that may be interested in subscribing, follow the instructions at the bottom of this newsletter to be added to the distribution. If you choose not to continue receiving this newsletter, follow the directions at the bottom of this newsletter and accept our apologies for intruding.
in this issue
Upcoming TBA eDiscovery Seminar
eDiscovery Everywhere!
Keeping an eye on Net use and e-mails can prevent litigation
Google cheat view...Sometimes technology isn't so great
E-Discovery Update: Revisiting ESI Agreements
USB Drives - The Portal to Employee Theft
EDiscovery Case Law
Previous Newsletters
 
We hope you enjoyed last month's article, TN Rule 37.06 - The "Safe Harbor Rule". Due to a steady increase in new subscribers, Forensics Discoveries will continue to list previous newsletters. As others have done, please let us know of a specific topic you would like to see covered.

We have added a new newsletter archive section to our website. The improved archive interface provides the same interaction with the newsletter as the distributed newsletter. View the new newsletter archive here.
 
Below is a review of our previous newsletters:
 

August 2007 - "What is Computer Forensics?"

September 2007 - "Preparing Your Clients for EDiscovery - Part 1"
October 2007 - "Preparing Your Clients for EDiscovery - Part 2"
November 2007 - "Preparing for Your Clients' EDiscovery"
December 2007 - "Why Does My Case Need Electronic Discovery?"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Upcoming TBA eDiscovery Seminar

TBA - E-Discovery Workshop: A Short Course on Managing Electronic Discovery Effectively, Efficiently, and Ethically

"This CLE is designed for those of us who are not fluent in the language of electronically stored information ("ESI") and e-discovery -- but know we need to be. Over the course of three hours, we will explore the basics of e-discovery, one step at a time. Topics covered will include how ESI is stored; how to draft document requests to get the ESI you need; what tools are available to manage document production; how to design an effective document review procedure. In short, this workshop offers a start-to-finish primer on how to manage electronic discovery from collection through production without bankrupting your client, committing malpractice, or going crazy. The workshop will be offered once in each of the Grand Divisions. The faculty for each workshop will include an experienced practitioner, a United States Magistrate Judge, and an expert in computer forensics and electronic discovery.".


Bill Dean from Forensic Discoveries will be "the expert in computer forensics and electronic discovery". More information on the CLE session can be found here

***In working with both Judge Clifford Shirley and Chuck Young for this seminar, we have decided not to conduct the standard "death by Powerpoint". This half day seminar will consist of six different case studies and how they should be handled from a legal and technical perspective, and then Judge Cliffiord Shirley will be providing the expectations of the Courts for each situation. ***
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

eDiscovery Everywhere!

Below is a reprint of an article that Bill Dean from Forensics Discoveries developed for the Knoxville BAR Association's May issue of the DICTA. This and previous issues can be found at http://www.knoxbar.org/DICTA.htm


On December 1, 2006, the world of civil litigation was forever changed with the adoption of amendments to the Federal Rules of Civil Procedure that addressed electronically stored information (ESI).  As of that date, ESI officially attained the same importance as paper documents in litigation.
 
         Speaking from the trenches, I saw companies fearful of their responsibilities and concerned about the impact on their operations. We technologists knew the type of information that was buried deep in computer systems and the difficulties in locating it. We then learned two things that somewhat aided our sleepless nights: the "Safe Harbor" and updated rules were only for cases in federal courts.
 
         But now the Tennessee Supreme Court has adopted essentially the same amendments effective July 1, 2009. The General Assembly may not approve the resolutions until later this year, but it is destiny and companies can no longer hide from eDiscovery. When combining Federal and State rules providing the expectancy of electronic discovery, with the fact that more than 70% of digital information will never be printed, eDiscovery is everywhere.
 
         For anyone still wondering what eDiscovery is, the simplest definition is the extension of the traditional discovery process to information that is stored on computer systems.  Examples of ESI encountered will includee-mail, word processing files, spreadsheets, and information from company databases. This information will reside in a variety of places such as corporate computers, corporate servers, smartphones, Internet servers, and even home computers.
 
         The good news is that information in an electronic form can be much easier to cull, analyze, and review.  Put differently, technology may have created this problem, but technology can also help solve it.
 
         There is much efficiency with information in an electronic form, but there are aspects that warrant caution. ESI is particularly sensitive to alteration or destruction. Simple acts such as turning a computer on or off could affect the integrity and availability of information.  Then of course there is the infamous "metadata," which is the aspect of ESI that contains non-obvious and usually invisible information describing the context of the ESI or other useful details. For these reasons, ESI must be collected and handled carefully to maintain the information's integrity.
 
         One obstacle for proper preparation has been insufficient technical explanations of the rules. This article will cover some of the technical aspects of the updated rules.
 
Rule 26(b)(2) - TN Rule 26.02
 
         This is known as the "two-tiered discovery" rule that divides ESI into two categories by whether it is "reasonably accessible."  The federal Rules Advisory Committee had the foresight to recognize that while some ESI is easy to retrieve, some ESI is difficult, expensive, or impossible to retrieve.  Easily accessible ESI includes documents from a file server and e-mail that has not been deleted.  ESI considered not reasonably accessible may include backup tapes from previous years or deleted information requiring forensic analysis to recover and reconstruct.  "Reasonable accessibility" is typically determined by the expense or burden required to gather the ESI. However, difficulty of accessing ESI alone will not necessarily shield parties from their obligation to produce this data.
 
 
Rule 26(f) - TN Rule 26.06
 
         The "meet and confer" requirement in this rule is where the ESI discovery process typically begins. There are many issues that should be addressed here to avoid disputes later. What ESI is available? Where is the ESI located? What will be preserved, and how? What are the parties' plans for discovery? In what format will data be provided?
 
         One of the most important preparation steps is determining who, for each party, is most knowledgeable about the ESI systems involved. The values this resource can provide are:
 
·   Developing or providing a data map of the ESI systems
·   Providing data retention policies
·   Backup and system recovery plans
·   Locations of email    
·   Locations of other relevant data
·   Plans for preservation
·   Justifications for data that is not "reasonably accessible"
 
Rule 34(b) - TN Rule 34.02
 
         This rule permits the requesting party to specify the form or forms of production in which it wants ESI produced. The responding party must also state the form that it intends to use for producing ESI. If the requesting party does not specify a form, or if the responding party objects to the requested form, the Court will resolve the dispute. The purpose of this rule is to prevent efforts to convert and produce ESI in a format that is difficult to use.  For example, producing thousands of e-mails in non-searchable PDFs is a potential practice that this rule addresses.
 
Rule 37(f) - TN Rule 37.06
 
         This "Safe Harbor" rule provides that "absent exceptional circumstances" a court may not impose sanctions on a party "for failing to provide ESI lost as a result of routine, good faith operation of an electronic information system."  The rule recognizes the reality that some computer systems routinely alter and delete information without specific direction from an operator, and that companies may have reasonable and appropriate policies in place that automate this process.
 
         However, a party cannot exploit the routine operation of an information system to thwart discovery by allowing a system to continue to destroy information that it is required to preserve. A "good faith" effort would require a party that is in, or reasonably anticipates, litigation to take steps to prevent further loss of information.  This has given rise to what is called the "litigation hold."
 
         While parties were pleased that the safe harbor prevents them from retaining information perpetually, there are a couple of caveats.  If ESI or other information is routinely purged based on age, then that should occur pursuant to a documented and approved ESI management policy.  And that policy should include a specific "litigation hold" procedure that provides for appropriately tailored suspension of the policy when litigation is reasonably foreseeable.
 
For companies that are not prepared for eDiscovery, the time has arrived. A provocative analogy is that it is typical for a company to budget, plan, and test their disaster recovery plans in preparation for the chance of a disaster. After both the Federal and Tennessee Rules are in place requiring eDiscovery, one can almost guarantee your client that an eDiscovery request will come before a disaster.  To complicate matters, courts like the one in the famous Zubulake v. UBS Warburg dispute now routinely give attorneys the duty to take affirmative steps to monitor compliance and ensure that all sources of discoverable information are identified and searched.  Attorneys who fail to do so have been sanctioned, sometimes severely.
 
My most practical suggestion is that you begin working with your clients now to obtain the information outlined in the "Meet and Confer" section above.  Studies have shown that properly planning for eDiscovery before it occurs can save companies up to 40% of the costs.  In this economic climate, that kind of savings will be most welcome.
 
Bill Dean is founder of Forensic Discoveries (a division of Sword & Shield Enterprise Security), specializing in Electronic Discovery and Digital Forensics


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keeping an eye on Net use and e-mails can prevent litigation


So here's the scene: A woman employee walks past a male colleague's office and sees a suggestive screen saver on his computer terminal. She sues the company for not doing anything about such sexual harassment in the workplace. The company seeks your legal advice.
 
Read the entire article here


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Google cheat view

Sometimes technology isn't so great.

A FURIOUS wife has called in divorce lawyers after spotting her husband's car parked outside another woman's house - on Google.  Read more here


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

E-Discovery Update: Revisiting ESI Agreements and Court Orders

 Under the Federal Rules of Civil Procedure (and in an increasing number of state courts), litigants must meet early in a dispute - generally within the first 60-90 days of a case-to discuss the scope of discovery and to hopefully reach agreement on how best to proceed with the discovery of potentially relevant electronically stored information ("ESI"). Results of this meet and confer session are formalized in a court order following a Scheduling Conference. What happens, though, when fundamental assumptions used to reach agreement at that early stage in the case turn out to be incorrect?


Read the entire article here
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  USB Drives - The Portal to Employee Theft


Each year, employees are responsible for billions of dollars in intellectual property theft. These thefts do not typically involve complex physical breaks-ins or electronic hack jobs. Rather, they are usually fairly simple and unsophisticated. The most common method for employee theft involves the use of a USB drive to remove proprietary information, such as customer lists and formulas. The USB drive can be inconspicuously removed from the premises and later used to start a competing business or make a profit through sale of the data to a competing company.   

Read the entire article here
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
EDiscovery Case Law



Court Declines to Excuse Default Settings That Eliminate E-mail Headers
 
Brookdale Univ. Hosp. & Med. Ctr., Inc. v. Health Ins. Plan of Greater New York, 2009 WL 393644 (E.D.N.Y. Feb. 13, 2009).
 In this RICO suit, the defendants sought reconsideration of the court's previous order that directed the defendants to return or destroy the plaintiff's inadvertently produced privileged documents. Stating that it was "closing and locking the door" on future claims of privilege protection, the court determined the time for raising inadvertent disclosure arguments had passed. The defendant also asked the court to order the plaintiff to re-produce e-mails that were previously produced without string headers. Siding with the defendants, the court was not satisfied with the plaintiff's explanation that header information was by default never created and thus not maintained. However, the court stayed the defendant's motion and ordered the parties to attempt to resolve the issue and provide a report to the court.       



Courts Issues Adverse Inference Jury Instruction and Warns Future Sanctions will be Harsher


Smith v. Slifer Smith & Frampton/Vail Assocs. Real Estate, LLC, 2009 WL 482603 (D.Colo. Feb. 25, 2009).
In this real estate litigation, the defendants objected to the magistrate judge's recommendation regarding the plaintiffs' motion for sanctions for the destruction of evidence. The plaintiffs' expert concluded the defendants engaged in a systemic effort to erase pertinent data based on evidence of wiping software and reformatting. The magistrate judge found the defendants' actions to be willful and in bad faith after the duty to preserve arose. The magistrate judge therefore recommended an adverse inference jury instruction, a monetary award associated with attorneys' fees and costs as well as the costs associated with the forensic examination of the computer files. Finding the recommendation based on substantial evidence, the court adopted the magistrate's recommendation and warned the defendants that any further sanctions would be more severe and may include a default judgment. 



Court Sides with Third Party When Denying Motion for Imaging in a "Battle of the Experts"


 Mintel Int'l Group, Ltd. v. Neergheen, 2009 WL 249227 (N.D.Ill. Feb. 3, 2009).
In this litigation, the plaintiffs filed suit alleging fabricated e-mails wrongly led to an improper ban of its advertisements. In the instant motion, the defendants sought sanctions alleging the plaintiffs intentionally destroyed relevant evidence when discarding a laptop after receiving a preservation letter. Finding the plaintiffs acted in bad faith by discarding the laptop with relevant e-mails and severely prejudiced the defendants' ability to defend against the plaintiffs' claims, the court granted the defendants' spoliation motion and dismissed the plaintiffs' claims with prejudice.   




Court Dismisses Case Following Intentional Destruction of Essential Data

Kvitka v. Puffin Co., LLC, 2009 WL 385582 (M.D.Pa. Feb. 13, 2009).
In this patent infringement litigation, the plaintiff sought sanctions claiming the defendant spoliated relevant documents. In 1998, the defendant implemented a document retention policy whereby relevant documents were destroyed. Finding the defendant wa.s an "aggressive competitor," the court determined that litigation was inevitable and reasonably foreseeable since December 1998. Therefore, the court determined that any document destruction following December 1998 was intentional and in bad faith. As the plaintiff established that the documents that were destroyed were discoverable and relevant to the instant litigation, the court concluded that the plaintiff was prejudiced by the defendant's conduct. The court therefore sanctioned the defendant by declaring the patents in suit unenforceable against the plaintiff.


Court Orders Reproduction in Native Format but Shifts Costs to Requesting Party

In re Classicstar Mare Lease Litig., 2009 WL 260954 (E.D.Ky. Feb. 2, 2009).
  In this litigation, the defendant moved for a protective order after the plaintiffs sought reproduction of financial documents in native format. Previously, the defendant produced 273,000 pages in TIFF format and claimed that reproduction in native format would be extremely difficult and burdensome as some information would need to be redacted and older data could be corrupted. The defendant also argued the first production was in a "reasonably usable format" in compliance with Fed.R.Civ.P 34(b). However, the plaintiffs argued native format would save them "hundreds of hours" and make the data much more usable as it was complex information and extremely reliant on the reporting features within the software. Citing an exchange between the parties in which the defendant agreed to produce material in native format if the plaintiff purchased the software needed to review the documents, the court ordered t
 he defendant to reproduce the data in native format. The court shifted the reasonable cost of copying and delivering the second production to the plaintiff as the defendant had complied with its obligations during the first production.  




Court Establishes Protocol for Imaging of Portable Electronic Devices
Cont'l Group, Inc. v. KW Prop. Mgmt., LLC, 2009 WL 425945 (S.D.Fla. Feb. 20, 2009).
In this litigation, the plaintiff filed a motion to compel production and discovery compliance. Noting the parties were unable to cooperate regarding the imaging of the portable devices, the court provided further direction. The court set out the following procedure: the plaintiff would image the defendants' portable electronic devices and the defendants would conduct a privilege search and create a privilege log. The court advised that the plaintiff's possession of any privileged information did not constitute a waiver.







~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Forensic Discoveries is available to provide onsite presentations or Q&A sessions on topics such as Electronic Discovery, Technical Implications of the updated Federal Rules of Civil Procedure, or Computer Forensics. Forensic Discoveries is also available to you, obligation free, to answer any specific questions pertaining to these topics. Simply give us a call and we will be glad to answer any questions pertaining to Electronic Discovery and Digital Forensics.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

a division of Sword & Shield

   Knoxville Office

   Phone:    (865)-244-3500

   Address:  1431 Centerpoint Blvd, Suite 150

                  Knoxville, TN 37932


   Washington D.C. Office

   Phone:    (410)-414-5580

   Address:  1425 K Street NW, Suite 350

                 Washington, DC 20005-3514


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

If you have a topic that you would like addressed in the newsletter, please let us know. Either visit http://www.forensicdiscoveries.com/newsletter.html and submit your suggestion there or reply to this e-mail with your suggestion. 

For previous versions of Forensic Discoveries EDiscovery newsletters, visit http://www.forensicdiscoveries.com/pastnewsletters.html  

 

This document does not provide legal or other professional advice and should not be relied upon as anything other than a starting point for research and information on the subject of electronic evidence and digital forensics.