Tuesday, June 19, 2007

2007-06-19 Digital Evidence Destruction --- by Attorneys and Client, but no bears.

Date of Order: June 18, 2007

An opinion in the World Trade Towers insurance cases issued by United States District Judge Alvin Hellerstein and imposing sanctions of more than 1 million dollars againt Wiley Rein, LLP, Coughlin Duffy, LLP and client Zurich American Insurance Company the importance of generating, and managing provably persistent digital data integrity, something not adequately addressed by the plaintiff's counsel. Not rising to the level of spoliation (the evidence, which consisted of a printout of digital data that had apparently been intentionally deleted from a Zurich American computer, resulted in an untimely production, rather than an outright destruction of evidence. Of course, this raises some interesting issues. First, we really don't know what that digital evidence might have been, and so the print out of something, which can only very loosely (and only be corroborating witness testimony) associated with the origination evidence is itself highly suspect. Remember that a printout is at best merely a view of a view of a view of native, or source data.

I imagine that some better arguments might have been made challenging the authenticity of the printout itself based on the ephemerality of the digital data processed to create same, but the presence of one copy of what may well have represented the "true" digital evidence, supported by testimony (including some very pointed memos) seemed to have won the day in favor of a finding by the Court of Fed. R. Civ. P. Rule 11 and 37 sanctions, rather than finding of spoliation with its attendant sanctions-set.

Oh, and btwe, how much litigation, time, resources, etc. have been spent to "discover" that source data had been deleted, altered and substituted? Did anyone ask for document retention policy, logs of activity of the subject network (such as deletions, etc.) locations of "pristine" non-managed backups, etc.

Here's an excerpt from the decision by Magistrate Judge

"However, on January 11, 2002, four days later, Zurich underwriter Lynn Maier sent an email to underwriting assistants Dorothy Kelly and Gloria Fonseca-Matos, and to her supervisor, Dennis Zervos, instructing an important exception concerning the version of the policy printed out on September 11, 2001 for Mary Merkel. Maier’s email stated in relevant part:

'As per our conversation, please confirm ASAP, that the old version of the policy has been deleted from the Document Library and replaced with the final corrected policy. This information needs to be relayed to MaryMerkel in home office.Hametz Decl., Ex. 21. On January 22, 2002, claims representative William Salvatore sent anemail to two other representatives, inquiring:Do you have a copy of the Silverstein / WTC GL policy from the document library, not the copy we provided but a copy you may have printed way back when?'
Hametz Decl., Ex. 22."

"...The document, at 62 pages in length and clearly important, is not the type of document that inadvertently becomes lost without a trace. Indeed, Mary Merkel noted the importance by making a handwritten note on the cover page of the policy: “pulled from [Zurich computer system] 9-11-2001.” By the time of its First Amended Complaint, Zurich had reviewed Merkel’s files, see Platt Decl. ¶ 3, and knew, or should have known, of the “Broad Form Named Insured” endorsement."

Not the first instance of digital evidence tampering, and it won't be the last.

No comments: