2008-04-30 Spoliation Motion: Denied, but Attorneys Fees and Costs Awarded for Negligence

First, a disclosure. I am plaintiff's counsel in the case discussed below. Now, for the decision:

The Court in Whitney v JetBlue 07-cv-1397 (EDNY 2008) today denied a motion for spoliation, but nonetheless awarded attorneys fees and costs in connection with that motion. In this case, an original, paper-and-ink contemporaneous report drafted by an airline attendant was admittedly destroyed, and the information from that report was alleged to have been entered into defendant's database.

The Court found that although defendant had a "clear obligation" to put a litigation hold on the paper record, it permitted that record to be destroyed as a result of a "bulk destruction" of documents. The Court found no evidence of bad faith, but did find that the evidence was obviously relevant, under the complete control of the defendant, and that it could be argued that "under all the circumstances of the case, JetBlue was grossly negligent in its responsibility to supervise and ensure retention of the document."

Interestingly enough, the Court notes that the digital versions of the destroyed report did vary, but deemed the variation insufficient to show that the destroyed report might have contained other information tending to corroborate plaintiff's allegations.

All that said, the Court did impose sanctions of attorneys fees and costs for negligence (arguably, "gross negligence") in connection with the motion for spoliation. The Court did point out that "defendant failed, on several instances-in its initial disclosures and in connection with depositions-to provide accurate information to plaintiff." The Court nonetheless did impose sanctions of attorneys fees and costs for negligence in connection with the motion for spoliation. The Court also pointed out that "defendant failed, on several instances-in its initial disclosures and in connection with depositions-to provide accurate information to plaintiff."

What is interesting here is that the Court tacitly acknowledges that the three proffered versions of the computer-generated report, which differed in time, title and content, did not save defendant from a finding of negligence for destruction of the paper based original. It might have, if defendant had taken even the simple step of scanning the original into an image for retention.

The decision is instructive, but it does highlight the need going forward to focus on technology-centric digital evidence issues and the need for (at this point) expert testimony to explain the heightened difficulty of proving a negative in the digital evidence universe on the one hand, and the ease with which undetectable manipulation may occur, and perhaps lead to a finding that the spoliated evidence (with now unknown content) could be presumed to corroborate the non-spoliating party's allegations

First steps in the right direction.

Steven

2008-04-24 eDiscovery Abuse (including all the usual suspects) Leads to Dismissal of Complaint

In a March 31, 2008 decision the Court in Fharmacy Records v. Nassar --- F.R.D. ----, 2008 WL 900974 (E.D.Mich. 2008) dismissed plaintiff's complaint because of some rather flagrant discovery abuse involving ESI. Notably, the defense's forensic expert found that the computer in question did not exist at the time the alleged files were created, found evidence of backdating, found hard drives manufactured years after the alleged creation of the files in question (with some bearing 1970 Unix "Year One" or January 1, 1904 Mac default creation dates. No mention of other metadata analysis that might have been helpful. Oh, wait, there was more. Assignment documents referenced entities not yet created, and the computer used to create the original documents was "thrown away." Some amusing background: It appears that plaintiff's "forensic" expert had to look up the term "forensic" during his deposition.

Excerpt follows:

"Potrafka's analysis of the Fharmacy computer, once it was finally made available, is equally troubling. As noted above, Allen testified that Rivers downloaded “ESS Beats” from his MPC 2000 to Fharmacy's studio computer (a Macintosh G4) sometime in late 2000 or early 2001. Defs.' Mot. for Sanctions, Ex. 7, Allen Dep. at 36. Allen stated that Fharmacy still had that computer, but he was not certain whether “ESS Beats” was still on it. Id. at 37-39. Based on Potrafka's rather extensive review, this testimony cannot be accurate because the Fharmacy Macintosh did not even exist until 2003. Potrafka acquired the Macintosh from Reed's office and analyzed its two internal hard drives. See Potrakfa Report at 1. Before turning to the hard drives, he attempted to determine the manufacture date of the computer by speaking with Apple technical support. The computer bore serial number XB304ZXHN1W, and tech support informed Potrafka that the third character of the serial number represents the year of manufacture and the fourth and fifth characters represent the week of manufacture. Id. at 3. Hence, the Fharmacy computer was made in the fourth week of 2003. With respect to the first hard drive, made by Western Digital, Potrafka observed a “[m]anufacture date of '18 Feb 2005' stamped on the label.” Ibid. Potrafka found no manufacture date on the second hard drive and was unable to obtain any records from Seagate, its manufacturer. Analyzing the files on the hard drives that were supposedly related to “ESS Beats,” Potrafka found that although those files bore creation dates consistent with the plaintiffs' theory, they had been intentionally backdated, evidently by the plaintiffs' computer “expert,” Bernard Terry. Accordingly, Potrafka concluded:
1. It is the opinion of this computer expert that the Fharmacy computer could not have been in operation any earlier than 2003. This conclusion is based on the following facts:
*13 • The computer was manufactured 4th week of January 2003
• The hard drive (Item # 1a) containing the “new cuts” and “shelton_ rotweiler” files was manufactured on “18 Feb 2005”
• “bernard terry” user file was created May 31, 2005
• A review of all .AIF music files for all three volumes shows the majority of creation dates after March 21, 2003. Of the files with creation dates before March 21, 2003, 10 have creation dates in 2001 (“new cuts”). In addition, 1771 files have either 1970 dates or the Macintosh default date of January 1, 1904 as creation dates.
2. It is the opinion of this computer forensic examiner that the “new cuts” and “shelton_rotweiler” files were written to the Fharmacy computer, Item # 1 a, volume OSX START UP 2, between September 19, 2006 and September 28, 2006 based on the following facts:
• The folder containing the “shetlon_rotweiler” file was created on September 28, 2006
• The folder containing the “.aif” sound files was created on September 19, 2006."

Fharmacy Records v. Nassar --- F.R.D. ----, 2008 WL 900974 at *12 (E.D. Mich. 2008).

2008-04-24 SDNY - Ordinary Negligence Satisfies Culpability Prong in Spoliation Analysis

In an April 2, 2008 decision the Court reaffirms what some continue to doubt is clear from the 2nd Circuit's opinion in Residential Funding Corp. v. DeGeorge Financial Corp., 306 F.3d 99, 106-07 (2d Cir .2002). At least in the Second Circuit, the culpability prong of a spoliation analysis (the others are are control, duty to preserve and relevance) is satisfied by a finding of "mere" or ordinary negligence.

"In this circuit, a 'culpable state of mind' for purposes of a spoliation inference includes ordinary negligence. Residential Funding, 306 F.3d at 108.Thus, because Biovail was at least negligent, Mr. Treppel has satisfied his burden with respect to the second prong of the spoliation test." Treppel v. Biovail Corp. --- F.Supp.2d ----, 2008 WL 866594 (S.D.N.Y. 2008).

2008-04-03 White House eMail Decision - No eDiscovery Misconduct

In today's decision in Alexander, et al. v Federal Bureau of Investigation, et al., Civil Action Nos.96-2123/97-1288 (RCL) Judge Royce C. Lamberth ruled that plaintiff's had produced simply no evidence, either clear and convincing to support a finding of contempt, and "simply no evidence of any deliberate attempt to conceal the truth." [Emphasis added].

What is especially notable is the not-too-subtle undercurrent that there may indeed be a divide that separate attorneys who know what they don't know about electronic discovery, and know how to conduct inquiries and make discovery requests in aid of obtaining that information, and those who will remain in the dark:


"The Court has concluded that the essential errors made by the White House Counsel’s Office were caused by a lack of familiarity with computer terminology and language and workings by the lawyers involved. Mr. Barry, the computer expert, simply talked a different language, and the lawyers he dealt with did not fully appreciate the significance of some of theinformation that he gave them, and the information he didn’t give them. All of this occurred long before development of current sophisticated ways that lawyers have had to learn to deal with computer experts. "

"You have to learn to ask the question in a number of ways, and probe and examine and get into the nitty-gritty to understand what the truth is. None of the White House lawyers involved in this matter did that. But plaintiffs produced no evidence whatsoever that any of those lawyers deliberately obstructed justice, or deliberately provided what turned out to be false information to the Court."

Perhaps most succinctly put by Judge Lamberth:

"It calls to the Court’s mind its own experience in dealing with intelligence officials, i.e., if you don’t use the right words in your question, you won’t get the right answer."

Link to the decision: https://ecf.dcd.uscourts.gov/cgi-bin/show_public_doc?1997cv1288-359

2008-03-07 Discovery Search Protocol is Subject to Challenge

Bonus: FRE Rule 702 Invoked; Attorney Opinion about Technology Held *not* Gospel (Gasp)

Depending on one's point of view, today's decision in Equity Analytics v Lundin, 2007-cv-2003 (D.D.C. 2008) signals the beginning of the end, or the end of the beginning. It certainly is a watershed decision, and a harbinger of things to come. No longer should it be presumed that a Court will take the representation of counsel as to the efficacy of technology (including technology used in eDiscovery) as gospel. In this opinion, focusing in large part on eDiscovery issues, Judge Facciola repeats his "comment" first made two weeks ago in U.S. v. O'Keefe that

"'...lawyers express as facts what are actually highly debatable propositions as to efficacy of various methods used to search electronically stored information. United States v. O’Keefe, No. 06-CR-249, 2008 WL 44972, at *8 (D.D.C. Feb. 18, 2008). '"

The Court then states that the proper manner for challenge is by use of expert evidence produced in accordance with Federal Rules of Evidence 702. For those without a copy of the F.R.E. handy, Rule 702 provides that:

"If scientific, technical, or other specialized knowledge will assist the trier of fact to understand the evidence or to determine a fact in issue, a witness qualified as an expert by knowledge, skill, experience, training or education, may testify thereto in the form of an opinion or otherwise, if (1) the testimony is based upon sufficient facts or data, (2) the testimony is the product of reliable principles and methods, and (2) the witness has applied the principles and methods reliably to the facts of the case."

In other words, the Court once again opens to the door to well-articulated and FRE 702 testimony-supported challenges to search results by way of challenge to search protocol.

2008-02-20 Civil eDiscovery Rules Expressly Applied to Criminal Proceedings

In a decision by Magistrate Judge Facciola of the United States District Court for the District of Columbia, the Court adopts and incorporates many of the 2006 eDiscovery amendments to the Federal Rules of Civil Procedure into criminal discovery proceedings. And granted a motion to compel by the defendant.

Point by point, with excerpts:

1. Application of Fed. R. Civ. P. Rule 34 to Criminal Proceedings and taking the common sense "don't fix if not broken" position:

"In criminal cases, there is unfortunately no rule to which the courts can look for guidance in determining whether the production of documents by the government has been in a form or format that is appropriate...

Be that as it may, Rule 34 of the Federal Rules of Civil Procedure speak specifically to the form of production..

It is foolish to disregard them merely because this is a criminal case, particularly where, as is the case here, it is far better to use these rules than to reinvent the wheel when the production of documents in criminal and civil cases raises the same problems. "

2. Rule 34(b) and the Form of Production of Production: Judge Facciola speaks first to the 1980 amendments and accompanying commentary, which were intended to prevent what he terms the "juvenile" practice of burying relevant documents by "rearranging" them so as to prevent a party's efficient review and use.

"Under Rule 34(b) of the Federal Rules of Civil Procedure, a party, on whom a demand for production of documents has been made, must produce them in the form in which they are ordinarily maintained or must organize and label them to correspond with the categories of the request for production. Fed. R. Civ. P. 34(b)(2)(E)(i). "

"In eliminating that practice and requiring the producing party to produce the documents in the same way they were kept, the Advisory Committee intended that there would be equality between the parties in their ability to search the documents. "

3. Producing Party Must Produce Documents in a manner which replicates the manner in which they were originally kept.

"Therefore, to reproduce them in the manner in which they were kept would require the producing party to reproduce those file folders and place the appropriate documents in them so that the production replicates the manner in which they were originally kept. If that is not done, federal courts have required the producing party to index the documents to render them usable by the requesting party. See, e.g., Okla. ex rel Edmonson v. Tysons Food, Inc., No. 05CV329(GKF/SAJ), 2007 U.S. Dist. LEXIS 36308, at *16 (N.D. Okla. May 17, 2007) (requiring producing party to create a "complete and fully accurate index . . . showing the box number which responds to each specific Motion to Produce"); Sparton, 77 Fed. Cl. at 16 (criterion is whether the documents are so disorganized that it would be unreasonable for the requesting party to review the documents; producing party may not provide documents in "mass of undifferentiated, unlabeled documents" but must provide them in some "organized, indexed fashion")" [emphasis added]

3. A document-dump with no organization is not acceptable. This has some very important implications in the eDiscovery arena. A document dump, whether paper or electronic, must comport with the requirement of FRCP Rule 34. This decision provides fuel for claims of non-responsive and evasive answers, motions to compel, and consequent orders granting sanctions.

"...In re: Sulfuric Acid Antitrust Litig., 231 F.R.D. 351, 363 (N.D. Ill. 2005) (producing party may not dump massive amounts of documents in no logical order on their opponents; undifferentiated production of everything in boxes will not do)."

4. Federal Rules of Evidence - Rule 901 Issues

The court then notes that defendants claimed that the government's production was so haphazard and disorganized as to force them to "guess about the evidentiary value of the documents—i.e., who created a document or on whose computer or in whose file a document was kept." Judge Facciola stated that he would recommend to the District Judge that the latter deem all goverment records produced as authentic.

5. Electronic Production: Defendants here argue that the government failed to: comply with its obligations to both search for requested items; to disclose the means (meaning the software used) to conduct such searches, to disclose how it arrived at the search terms to be used in connection with those searches; to disclose its preservation methodology at both the time of the indictment as well at the time of a prior discovery order.

6. Preservation: The Court likens the government's duty to preserve in a criminal case to the Fed. R. Civ. P. Rule 37 "safe harbor" doctrine, which of course brings with all the attendant Zubulake doctrine cautions:

"The government’s destruction of evidence pursuant to a neutral policy and without any evidence of bad faith does not violate the due process clause if the evidence was destroyed before the defendants raised the possibility that it was exculpatory and the government had no objective reason to believe that it was exculpatory. Arizona v. Youngblood, 488 U.S. 51, 57 (1988); In re: Sealed Case, 99 F.3d 1175, 1178 (D.C. Cir. 1996). Accord United States v. Beckstead, 500 F.3d 1154, 1158-62 (10th Cir. 2007); Bower v. Quarterman, 497 F.3d 459, 476-77 (5th Cir. 2007) (exculpatory value of destroyed evidence must be apparent before its destruction)."

"This principle finds its analogue in the Federal Rules of Civil Procedure, which indicate that, absent exceptional circumstances, sanctions will not be awarded for a party’s failure "to provide electronically stored information lost as a result of the routine, good-faith operation of an electronic information system." Fed. R. Civ. P. 37(e)."

7. The Importance of Knowing What to Ask For, Asking for It, and Metadata: Judge Facciola wraps with a great analysis, and repeats his admonitions to the parties to be knowledgeable (and presumably competent) in eDiscovery and digital evidence authentication matters. This seems to resonate with Magistrate Judge Grimm's caution (apparently, to the entire legal arena) in the Lorraine v. Market American case to "get it write the first time."

"As established above, a party is obliged to either produce documents as they are kept in the usual course of business or it "must organize and label them to correspond to the categories in the request." Fed. R. Civ. P. 34(b)(E)(i). But if, as occurred here, electronically-stored information is demanded but the request does not specify a form of production, the responding party must produce the electronically-stored information in the form in which it is ordinarily maintained or in a reasonably usable form or forms. Fed. R. Civ. P. 34(b)(E)(ii). Additionally, a party "need not produce the same electronically stored information in more than one form." Fed. R. Civ. P. 34 (b)(E)(iii) "

The Court then goes on to state that where the form of production is not articulated by the requesting party, the producing part retains discretion on form of production of information "as ordinarily maintained" subject to the challenge that what is produced may not be in reasonably usable or form or forms. Here, the government produced documents in .tiff and .pdf format. That the Court allows for a challenge based on the sufficiency of .pdf or .tiff files as compliant with an electronic document discovery request is, imo, a significant step in the right direction.

"If one were to apply these rules to this case, it appears that the government’s production of the electronically stored information in PDF or TIFF format would suffice, unless defendants can show that those formats are not "reasonably usable" and that the native format, with accompanying metadata, meet the criteria of "reasonably usable" whereas the PDF or TIFF formats do not. "

The government in this case appeared willing to produce documents in native, source format, but the Court did caution the defendants to "get it in writing" by way of stipulation. Once that stipulation is to be obtained by defendants, the Court indicated the government would have a duty to preserve, and that, in the event of its failure to produce, the Court would enforce a subsequent motion to compel the production by the government of electronic information in native format --- with accompanying metadata.

8. Search Terms: In one of the first cases to examine the issue, the Court also provided (and permitted) the filing of motions challenging the sufficiency of search terms, with the big proviso that "they will have to specifically so contend in a motion to compel and their contention must be based on evidence that meets the requirements of Rule 702 of the Federal Rules of Evidence."

Especially entertaining comment vis a vis challenging the government discovery responses:

"If you strike at a king, kill him."



The case is U.S v. O'Keefe, et al. Cr. No. 06-249 (PLF/JMF), and the link to the decision is here: https://ecf.dcd.uscourts.gov/cgi-bin/show_public_doc?2006cr0249-90

2008-02-18 Source Code Dispute Heats Up (Again) - Florida Attorney Files Motion in Limine

Venice, Florida attorney Robert Harrison is leading the charge against the breath alcohol measuring devices known as "Intoxilyzers." There are two models, the Intoxilzyer 5000 and the Intoxilyzer 8000. Harrison is seeking production of the source code for both appliances; the manufacturer has thus far refused to disclose the code.

Harrison filed a motion in limine requesting relief which includes a subpoena duces tecum for the source code (as well as other unspecified relief) on the basis that "without the Defendant having an opportunity to review and inspect the software source code, would violate the Defendant’s right to due process and right to confrontation..."

Harrison (imo correctly) characterizes the challenged devices as "mystical machines" if not opportunity to examine source code is provided. An important point here is that the printout of the results is the only evidence that is used to accuse, try and convict a driver subject to the test.

Here now, the litany of reliability issues:

Volumetrics Software Flaw

The"Intoxilyzer 8000, as distributed for use in the State of Florida, contained a software flaw that on numerous occasions reported a volume of less than 1.1 liters when there was not a warning flag of “volume not met”, thus rending the reliability of the reported volume unknown." Harrison notes, quite properly (imo) that "[I]f the reliability of the reported volume of a breath sample cannot be ensured, then the reliability of any corresponding breath alcohol level cannot be ensured. "

Multiple, Uncalibrated Software Versions

Harrison argues that there are various versions of the firmware code used to run the Intoxilyzer 8000, that these versions have not been recalibrate or certified to the state, and that it therefore is unknown whether these code modifications or alterations affect the analytical portion of the code, and therefore the reliability of the output.

"According to the manufacturer of the Intoxilyzer 8000, following a software update that modifies the analytical portion of the software, the machine must be recalibrated. The software contained in the Intoxilyzer 8000 used in this case was modified without having the machine recalibrated. Without the Source Code, the Defendant cannot determine whether or not the software update modified the analytical portion of the software, thus requiring the machine to be recalibrated.

Which Code, Which Version, Which Intoxilyzer?

Harrison raises another good point by implication. Even if the source code is provided, how can it be established that the now-modified source code (or any other code, for that matter) is *the* code that was intended to be used by the device? Without some integrity mechanism applied, we are left at best with corroborative (and inherently unreliable) witness testimony or, at worst, a guess.

"The Source Code is material to the Defendant’s case, for with this information the Defendant can determine whether the Intoxilyzer actually used in this case was using a software program approved by 11D-8.003 or a modified version of this program, if a modified version was used, what extent the modification would have on the reliability and operation of the Intoxilyzer, and how the software effects the reliability and operation of the Intoxilyzer.31. Without the production of the Source Code, the reliability of the Intoxilyzer 8000 is unknown."

Link to the pleading here: http://www.harrisonlawoffice.com/sourcecode/pleadings/fabian/Motion%20in%20Limine.pdf

2008-02-10 Ex-Societe Generale Trade Alleged to Have Forged Emails

Not just any emails.

Mssr. Kerviel, the trader who seems to have overstepped his trading position limit authority by some orders of magnitude, is alleged to have forged email confirmations of some significantly sized trades to appear to have come from Deutsche Bank.

I'm shocked, shocked. Well, I am somewhat surprised that for a bank with (heretofore) much vaunted security, something as simple as forged emails involving significant asset impairment risk (such as, say, US 75 billion in impairment) was not subject to some immediate or contemporaneous due diligence.

For a country that is well known for its persnickety attitude in connection with the provenance of its wines and champagne (not sparkling wine, pardner) this may want the bank examiners to reach out for a glass --- of a California Cabernet.

Excerpts from the Business Section of the NY Times 2008-02-10

"Later that afternoon, Mr. Kerviel presented compliance officers with the Deutsche Bank e-mail message. But when Société Générale double-checked, Deutsche Bank would not acknowledge the trade...'[W]e think this is the forged document from Deutsche Bank,' the person said of the confirmation referred to in Mr. Bakir’s message to Mr. Kerviel."

2008-01-24 Be Careful What, and How, You Ask For eDiscovery - And Make Sure That You Do Ask

In an opinion issued by U.S. Magistrate Judge John Facciola in Audrey (Shebby) D’Onofrio,v. SFX Sports Group, Inc. et. al., (CA 06-687 DCDC) the Court makes perfectly clear that a party requesting electronic discovery must not only know how to make such a request, it must translate that knowledge into a request containing words and phrases that indicate a request for electronic discovery of original information in native, searchable format. In this case, the requesting Plaintiff did not ask for original information in native (and searchable) format, nor did she ask for metadata.

To paraphrase the excerpt that follows, you get what you ask for, and won't what you don't. (Euphony intended) :

"Ultimately, then, it does not matter whether the Instruction referred to paper or electronic files – a plain reading leads to the conclusion that plaintiff did not make a request that the Business Plan be produced solely in its original format with accompanying metadata. See Vanston Bondholders Prot. Comm. v. Green, 329 U.S. 156, 170 (1946) (“Putting the wrong question is not likely to beget right answers even in law.”). A motion to compel is appropriate only where an appropriate request is made of the responding party. See Fed. R. Civ. P. 37(a)(1)(B); Raghavan v. Bayer USA, Inc., No. 3:05-cv-682, 2007 WL 2099637, at *4 (D. Conn. July 17, 2007) (“The court will not compel discovery that has not been sought.”). Because no such request has been made concerning the Business Plan, the Court will not compel the defendant to produce it in its original form with accompanying metadata.9 See, e.g., Ponca Tribe of Indians v. Continental Carbon Co., No. CIV-05-445-C, 2006 WL 2927878, at *6 (W.D. Okla. Oct. 11, 2006) (“The original document requests issued by Plaintiffs failed to specify the manner in which electronic or computer information should be produced. [Defendant] elected to use a commonly accepted means of complying with the request. Nothing in the materials provided by Plaintiffs supports requiring [Defendant] to reproduce the information in a different format. Accordingly, Plaintiffs' request for reproduction of documents in their native electronic format will be denied.”); Wyeth v. Impax Labs., Inc., No. Civ. A. 06-222-JJF, 2006 WL 3091331, at *1-2 (D. Del. Oct. 26, 2006) (“Since the parties have never agreed that electronic documents would be produced in any particular format, [Plaintiff] complied with its discovery obligation by producing image files”)."

Spoliation: Claims of spoliation were asserted by the plaintiff (apparently alleging the destruction of the computer on which plaintiff worked while in defendant's employ). Despite defendants' assertion (also by allegation, not testimony) that "plaintiff was not prejudiced by the scrapping of her computer because all e-mails sent and received by her were captured from “defendants’ server and have been produced," Judge Facciola found that the record was "too thin to assess the merits of these serious allegations" and ordered an evidentiary hearing.

2008-01-16 Backdating - The Old Fashioned Way

The recent (June 2007) Federal Court decision in Armament Systems and Procedures, Inc., v. IQ Hong Kong, Limited, et. al., Case No. 1:00-cv--1257 (E.D. Wis 2007) invalidating a patent for inequitable behavior has some interesting backdating language.

First, it appears that a detailed forensic examination of the inventor's drawings (indentations, positioning, pad backing) revealed creation dates years later than claimed.

Second, a metadata and computer forensic analysis of the computers used by the inventor to generate data indicated a creation date years later than the claimed creation date.

The judge was not amused:

"Defendants have expended considerable effort in an attempt to show that this document is a fraud. Computer searches and meta-data analyses have shown that the only discernible creation date on the document is March 21, 2000. There is, in other words, no digital record of the document having been created in 1997."

This 42 page decision focuses in the main on the efforts of defendant's physical evidence forensics examinations and on corroborative witness testimony, but notably allocates little discourse to the issues uniquely inherent to establishing the authenticity of computer generated information. While metadata and other computer forensics played a role in the determination of evidence "creation" date, it was relegated to a reinforcing, rather than a substantiative, role.That said, it is also noteworthy that date and time bearing metadata and "other" computer information indicated a huge discrepancy between first data instantiation and asserted data instantiation.

The last few pages are also entertaining, with this quote, which might bear the title "Reflections on Randomness":

"But when apparent randomness follows a pattern, it ceases to be random. Thus, the scales were tipped not by the ostensible strangeness of Parsons’ theory per se, but because Parsons’ theory requires belief in the perpetuation of multiple inexplicably random relationships between otherwise unrelated documents. It is possible that such coincidental relationships could have been explained away, but Parsons’ testimony did not succeed in that effort. And when the alternative explanation is as simple as believing documents were in a pad of paper, the chain of unlikely events Armament proposed is unsatisfactory."

And this quote, invoking Occam's Razor:

"Ultimately, the principle of Occam’s Razor supports the simpler explanation over the one requiring belief in multiple coincidences and unusual twists and turns, United States v. Navarro-Camacho, 186 F.3d 701, 708 (6th Cir. 1999), and Armament’s explanation is based on changing stories and layer upon layer of coincidences. But it is not only simplicity that favors the defendants’ theory: the simpler explanation is also the one supported by the weight of the other evidence—the testimony and other events pointing toward a later creation date, as well as the absence of credible documentary evidence corroborating the June 1997 date. Based on all of the above, it is not difficult to conclude by clear and convincing evidence that the document known as Q1 was drafted not in June 1997 but at some much later date. The only reasonable conclusion to be drawn, therefore, is that Parsons committed inequitable conduct by knowingly creating and submitting a false material document to the PTO in 2002. The patent in suit is therefore unenforceable. eSpeed, Inc. v. BrokerTec USA, L.L.C., 480 F.3d 1129, 1135 (Fed. Cir. 2007)."

Link to the article by way of the well written and informative "Patently-O" blog:

http://www.patentlyo.com/patent/ASPvIQHK.pdf

2008-01-07 Qualcomm v Broadcom Sanctions Order - 6 Attorneys Referred to California State Bar

In a harshly worded 48 page opinion issued today by United States Magistrate Judge Barbara Major in the Qualcomm v Broadcom patent matter Case 3:05-cv-01958-B-BLM ( (SD CA), 6 Qualcomm attorneys/outside counsel were sanctioned for discovery abuses and referred to to the California State Bar for possible disciplinary action.

The Court summarized the issue as follows:

"In a nutshell, the issue of whether Qualcomm participated in the JVT in 2002 and early 2003 became crucial to the instant litigation."

As I read the opinion (and blog) here are the salient facts:

1. Qualcomm 30(b)6 deponent Viji Raveendran testified that Q had not been involved in the development of the MPEG-4 video standard, even though Broadcom had obtained "reflector email" showing participation in the standards workgroup by one viji@qualcomm.com." That deponent's computer was not searched for discoverable material prior to her deposition.

2. Qualcomm's attorneys filed a motion for summary adjudication on the issue of it's participation in the MPEG-4 standards group, dismissing the presence of the 30(b)6 deponent's Qualcomm email in the reflector list of the ad-hoc working group for the MPEG-4 standard, and stating again that Qualcomm did not participate in the standards development process. The Motion and memorandum in support of that motion was signed by both in-house Qualcomm attorneys and it's outside counsel.

3. [Excerpt from Opinion] " While preparing Qualcomm witness Viji Raveendran to testify at trial, attorney Adam Bier discovered an August 6, 2002 email to viji@qualcomm.com welcoming her to the avc_ce mailing list. Decl. of Adam Bier at 4, Ex. A. Several days later, on January 14, 2007, Bier and Raveendran searched her laptop computer using the search term “avc_ce” and discovered 21 separate emails, none of which Qualcomm had produced in discovery. Id. at 7. The email chains bore several dates in November 2002 and the authors discussed various issues relating to the H.264 standard. (Blognote --- not good).

4. [Order Excerpt] "The Qualcomm trial team decided not to produce these newly discovered emails to Broadcom, claiming they were not responsive to Broadcom’s discovery requests."
(Blognote --- looking worse...)

5. [Order Excerpt] "Four days later, during a sidebar discussion, Stanley Young argued against the admission of the December 2002 avc_ce email reflector list, declaring: “Actually, there are no emails -- there are no emails ... there’s no evidence that any email was actually sent to this list. This is just a list of email ... addresses. There’s no evidence of anything being sent.” Trial Tr. vol. VII at 91-92; Young Decl. at 25-29. None of the Qualcomm attorneys who were present during the sidebar mentioned the 21 avc_ce emails found on Raveendran’s computer a few days earlier."

So, what was the denouement? Well, the Magistrate Judge Major recounts what trial Judge Brewster had to say:

"Judge Brewster further found that Qualcomm’s “counsel participated in an organized program of litigation misconduct and concealment throughout discovery, trial, and post-trial before new counsel took over lead role in the case on April 27, 2007.” Id. at 32. Based on “the totality of the evidence produced both before and after the jury verdict,” and in light of these findings, Judge Brewster concluded that “Qualcomm has waived its rights to enforce the ‘104 and ‘767 patents and their continuations, continuations-in-part, divisions, reissues, or any other derivatives of either patent.” Id. at 53." (Blognote --- this is very bad patent juju --- for Qualcomm). Judge Brewster eventually awarded $9,259,985.09 in attorneys fees and related costs as sanctions.

But, we're not done, not by a long shot. Here's a recounting of post-trial misconduct by Qualcomm.


1. [Order Excerpt] By letter dated February 16, 2007, (Qualcomm counsel) Bier told Broadcom “[w]e continue to believe that Qualcomm performed a reasonable search of Qualcomm’s documents in response to Broadcom’s Requests for Production and that the twenty-one unsolicited emails received by Ms. Raveendran from individuals on the avc_ce reflector are not responsive to any valid discovery obligation or commitment...” Despite repeated requests, the Order continues "[T]hroughout the remainder of March 2007, Bier repeatedly declined to update Broadcom on Qualcomm’s document search." (Blognote: Umm. Sounds like a story line stolen from the "Wizard of Oz")

2. The Money Shot: [Order Excerpt] "But, on April 9, 2007, James Batchelder and Louis Lupin, Qualcomm’s General Counsel, submitted correspondence to Judge Brewster in which they admitted Qualcomm had thousands of relevant unproduced documents and that their review of these documents “revealed facts that appear to be inconsistent with certain arguments that [counsel] made on Qualcomm’s behalf at trial and in the equitable hearing following trial.” Saxton Decl., Exs. H & I. Batchelder further apologized “for not having discovered these documents sooner and for asserting positions that [they] would not have taken had [they] known of the existence of these documents.” Id., Ex. H. As of June 29, 2007, Qualcomm had searched the email archives of twenty-one employees and located more than forty-six thousand documents (totaling more than three hundred thousand pages), which had been requested but not produced in discovery. Broadcom’s Reply Supp. Mot. for Sanctions at 1 n.2. Qualcomm continued to produce additional responsive documents throughout the summer. Doc. No. 597 (Qualcomm’s August 7, 2007 submission of three additional avc_ce emails it had not produced to Broadcom).

What Judge Major found:

1. "[C]lear and convincing evidence that Qualcomm intentionally engaged in conduct designed to prevent Broadcom from learning that Qualcomm had participated in the JVT during the time period when the H.264 standard was being developed.

2. "To this end, Qualcomm withheld tens of thousands of emails showing that it actively participated in the JVT in 2002 and 2003 and then utilized Broadcom’s lack of access to the suppressed evidence to repeatedly and falsely aver that there was “no evidence” that it had participated in the JVT prior to September 2003.

3. Qualcomm’s misconduct in hiding the emails and electronic documents prevented Broadcom from correcting the false statements and countering the misleading arguments.

Here's where the first interesting argument comes in. Broadcom never filed a motion to compel against Qualcomm, apparently lulled into non-action by Qualcomm's false interrogatory responses and by what documents it did receive. The Court notes that Broadcom's remedies were restricted because it had not filed a motion to compel:

"If Broadcom had filed a motion to compel, it could have obtained sanctions against Qualcomm and its attorneys. Fed. R. Civ. P. 37(a) & (b). Because Broadcom did not file a motion to compel, it may only seek Rule 37 sanctions against Qualcomm. Fed. R. Civ. P. 37(c). Thus, Qualcomm’s
suppression of documents placed its retained attorneys in a better legal position than they would have been in if Qualcomm had refused to produce the documents and Broadcom had filed a motion to compel."

(Blognote) --- This exposes the nasty underside of eDiscovery. It is extremely easy to "bury" digital evidence. Even if Broadcom *had* filed a motion to compel, the denial by Qualcomm that it had any additional evidence would in all likelihood have been taken as a truthful representation by the Court. The game? Destroy/alter evidence, then aver that either nothing exists, that you haven't altered it, or that you've produced whatever does exist. Most courts will then deny a motion to compel on the basis that one "cannot produce what does not exist."

In a brilliantly insightful piece of wordsmithing, the Court picks up on the idea of "gaming" the system ---

[Court Excerpt] "This dilemma highlights another problem with Qualcomm’s conduct in this case. The Federal Rules of Civil Procedure require parties to respond to discovery in good faith; the rules do not require or anticipate judicial involvement unless or until an actual dispute is discovered. As the Advisory Committee explained, “[i]f primary responsibility for conducting discovery is to continue to rest with the litigants, they must be obliged to act responsibly and avoid abuse.” Fed. R. Civ. P. 26(g) Advisory Committee Notes (1983 Amendment).

The Committee’s concerns are heightened in this age of electronic discovery when attorneys may not physically touch and read every document within the client’s custody and control. For the current “good faith” discovery system to function in the electronic age, attorneys and" clients must work together to ensure that both understand how and where electronic documents, records and emails are maintained and to determine how best to locate, review, and produce responsive documents. Attorneys must take responsibility for ensuring that their clients conduct a comprehensive and appropriate document search. Producing 1.2 million pages of marginally relevant documents while hiding 46,000 critically important ones does not constitute good faith and does not satisfy either the client’s or attorney’s discovery obligations. Similarly, agreeing to produce certain categories of documents and then not producing all of the documents that fit within such a category is unacceptable. Qualcomm’s conduct warrants sanctions. [Emphasis Added] (We had a name for this game when I was growing up. Not bloggable)

Judge Major then reveals the potentials (and imposes consequences for) imposing sanctions in what I may become "the famous" Footnote 4:

"Qualcomm attempts to capitalize on this failure, arguing “Broadcom never raised any concern regarding the scope of documents Qualcomm agreed to produce in response to Request No. 50, and never filed a motion to compel concerning this request. Accordingly, there is no order compelling Qualcomm to respond more fully to it.” Mammen Decl. at 9. Qualcomm made the same argument with regard to its other discovery responses. Id. at 9-11; see also Bier Decl., Ex. C. This argument is indicative of the gamesmanship Qualcomm engaged in throughout this litigation. Why should Broadcom file a motion to compel when Qualcomm agreed to produce the documents? What would the court have compelled: Qualcomm to do what it already said it would do? Should all parties file motions to compel to preserve their rights in case the other side hides documents?" [Emphasis added].

The Ruling:

[Court Excerpt] "The Court’s review of Qualcomm’s declarations, the attorneys’ declarations, and Judge Brewster’s orders leads this Court to the inevitable conclusion that Qualcomm intentionally withheld tens of thousands of decisive documents from its opponent in an effort to win this case and gain a strategic business advantage over Broadcom. Qualcomm could not have achieved this goal without some type of assistance or deliberate ignorance from its retained attorneys. Accordingly, the Court concludes it must sanction both Qualcomm and some of its retained attorneys."

In Footnote 5 (also noteworthy) the Court depiction of this litigation is nothing short of, well, an unmitigated disaster: "The Court is limited in its review and analysis of the debacle that occurred in this litigation because Judge Brewster only referred the discovery violation to this court." (Blognote --- the failure to produce more than 46,000 emails, and repeatedly averring that none exist, *is* gaming the system)

So. What *didn't Qualcomm do? Here's what the Court says:

"Qualcomm has not established “substantial justification” for its failure to produce the documents. In fact, Qualcomm has not presented any evidence attempting to explain or justify its failure to produce the documents. Despite the fact that it maintains detailed records showing whose computers were searched and which search terms were used (Glathe Decl. at 3 (identifying the individuals whose computers were not searched for specific types of documents)), Qualcomm has not presented any evidence establishing that it searched for pre-September 2003 JVT, avc_ce, or H.264 records or emails on its computer system or email databases. Qualcomm also has not established that it searched the computers or email databases of the individuals who testified on Qualcomm’s behalf at trial or in depositions as Qualcomm’s most knowledgeable corporate witnesses; in fact, it indicates that it did not conduct any such search. Id.; Irvine Decl. at 2; Ludwin Decl. at 3; Decl. of Viji Raveendran at 1, 4. The fact that Qualcomm did notperform these basic searches at any time before the completion of trial indicates that Qualcomm intentionally withheld the documents. " (Emphasis in original -- Blognote: Note the Court's use of bolding *and* italics to make a point).

Thinking about designating a person with less-than-adequate knowledge as a Fed.R.Civ.P. 30(b)6 witness? Think again. Qualcomm tried this and, in retrospect, will no doubt regret it's decision, a point this Court makes abundantly clear:

[Order Excerpt] "If a witness is testifying as an organization’s most knowledgeable person on a specific subject, the organization has an obligation to conduct a reasonable investigation and review to ensure that the witness does possess the organization’s knowledge. 6 Fed. R. Civ. P. 30(b)(6); In re JDS Uniphase Corp. Sec. Litig., 2007 WL 219857, *1 (N.D. Cal. 2007)."

Okay, another notable footnote, for those mindful of ethics obligations on the part of both in-house as well as outside counsel:

[Order Excerpt] " Qualcomm’s self-serving statements that “outside counsel selects ... the custodians whose documents should be searched” and the paralegal does not decide “what witnesses to designate to testify on behalf of the company” (Glathe Decl. at 1) does not relieve Qualcomm of its obligations. Qualcomm has not presented any evidence establishing what actions, if any, it took to ensure it designated the correct employee, performed the correct computer searches, and presented the designated employee with sufficient information to testify as the corporation’s most knowledgeable person. Qualcomm also has not presented any evidence that outside counsel knew enough about Qualcomm’s organization and operation to identify all of the individuals whose computers should be searched and determine the most knowledgeable witness. And, more importantly, Qualcomm is a large corporation with an extensive legal staff; it clearly had the ability to identify the correct witnesses and determine the correct computers to search and search terms to use. Qualcomm just lacked the desire to do so."

The Role of Qualcomm's Outside Counsel -- The Options Game

Judge Major sets out four possible "options" scenarios involving potential attorney misconduct by Qualcomm's retained counsel:

[Order Excerpt] "
The next question is what, if any, role did Qualcomm’s retained lawyers play in withholding the documents? The Court envisions four scenarios.

First, Qualcomm intentionally hid the documents from its retained lawyers and did so so effectively that the lawyers did not know or suspect that the suppressed documents existed.

Second, the retained lawyers failed to discover the intentionally hidden documents or suspect
their existence due to their complete ineptitude and disorganization.

Third, Qualcomm shared the damaging documents with its retained lawyers (or at least some of them) and the knowledgeable lawyers worked with Qualcomm to hide the documents and all evidence of Qualcomm’s early involvement in the JVT."

...[F]ourth, while Qualcomm did not tell the retained lawyers about the damaging documents and evidence, the lawyers suspected there was additional evidence or information but chose to
ignore the evidence and warning signs and accept Qualcomm’s incredible assertions regarding the adequacy of the document search and witness investigation."

On with the analysis:

Was is option Number One or Two? No:

[Court Excerpt] "Given the impressive education and extensive experience of Qualcomm’s retained lawyers (see exhibit A7), the Court rejects the first and second possibilities. It is inconceivable that these talented, well-educated, and experienced lawyers failed to discover
through their interactions with Qualcomm any facts or issues that caused (or should have caused) them to question the sufficiency of Qualcomm’s document search and production. Qualcomm did not fail to produce a document or two; it withheld over 46,000 critical documents that extinguished Qualcomm’s primary argument of non-participation in theJVT. In addition, the suppressed documents did not belong to one employee, or a couple of employees who had since left the company; they belonged to (or were shared with) numerous, current Qualcomm employees, several of whom testified (falsely) at trial and in depositions. Given the volume and importance of the withheld documents, the number of involved Qualcomm employees, and the numerous warning flags, the Court finds it unbelievable that the retained attorneys did not know or suspect that Qualcomm had not conducted an adequate search for documents." (Blognote --- unbelievable is an even better term than the more commonly used "strains credulity")

Was it Option Three? No.

[Court Excerpt] "The Court finds no direct evidence establishing option three. Neither party nor the attorneys have presented evidence that Qualcomm told one or more of its retained attorneys about the damaging emails or that an attorney learned about the emails and that the knowledgeable attorney(s) then helped Qualcomm hide the emails. While knowledge may be inferred from the attorneys’ conduct, evidence on this issue is limited due to Qualcomm’s assertion of the attorney-client privilege."

Option Four --- "Chose Not to Look" --- Intent Rules.

[Court Excerpt] "Thus, the Court finds it likely that some variation of option four occurred; that is, one or more of the retained lawyers chose not to look in the correct locations for the correct documents, to accept the unsubstantiated assurances of an important client that its search was
sufficient, to ignore the warning signs that the document search and production were inadequate, not to press Qualcomm employees for the truth, and/or to encourage employees to provide the information (or lack of information) that Qualcomm needed to assert its non-participation argument and to succeed in this lawsuit. These choices enabled Qualcomm to withhold hundreds of thousands of pages of relevant discovery and to assert numerous false and misleading arguments to the court and jury.

The Court's six word conclusion:

"This conduct warrants the imposition of sanctions."

The Court's reasoning for its ability to sanction 19 attorneys: Inherent Power. And another memorable footnote (5)

[Order Excerpt] "The applicable discovery rules do not adequately address the attorneys’
misconduct in this case. Rule 26(g) only imposes liability upon the attorney who signed the discovery request or response. Fed. R. Civ. P. 26(g). Similarly, Rule 37(a) authorizes sanctions against a party or attorney only if a motion to compel is filed; Rule 37(b) authorizes sanctions against a party or an attorney if the party fails to comply with a discovery order; and, Rule 37(c) only imposes liability upon a party for the party’s failure to comply with various discovery obligations. Fed. R. Civ. P. 37. Under a strict interpretation of these rules, the only attorney who would be responsible for the discovery failure is Kevin Leung because he signed the false discovery responses. Doc. No. 543-3, Exs. W, X & Y; Robertson Decl., Ex. 2. However, the Court believes the federal rules impose a duty of good faith and reasonable inquiry on all attorneys involved in litigation who rely on discovery responses executed by another attorney. See Fed. R. Civ. P. 26 Advisory Committee Notes (1983 Amendment) (Rule 26(g) imposes an affirmative duty to engage in pretrial discovery in a responsible manner that is consistent with the spirit and purposes of Rules 26 through 37); Fed. R. Civ. P. 11 (by signing, filing, submitting or advocating a pleading, an attorney is certifying that the allegations have factual, evidentiary support). Attorneys may not utilize inadequate or misleading discovery responses to present false and unsupported legal arguments and sanctions are warranted for those who do so. Id. The facts of this case also justify the imposition of sanctions against these attorneys pursuant to the Court’s inherent power. See, Fink, 239 F.3d at 993-94 (“an attorney’s reckless misstatements of law and fact, when coupled with an
improper purpose ... are sanctionable under a court’s inherent power”). "

One last notable footnote (13): the failure to have documents reviewed by a senior attorney does not excuse discovery misconduct; it amplifies it.

[Order Excerpt] " Several declarations state or imply that senior lawyers failed to review or comment on pleadings prepared by junior lawyers and sent to them prior to filing. If this is true, it constitutes additional evidence that the senior lawyers turned a blind eye to Qualcomm’s discovery failures."

The Court's conclusion:

"For the reasons set forth above, the Court GRANTS IN PART and DENIES IN PART Broadcom’s sanction motion and ORDERS Qualcomm to pay Broadcom $8,568,633.24. Qualcomm will receive credit toward this sanction for any amount it pays to Broadcom to satisfy the Exceptional Case sanction. The Court also REFERS to The State Bar of California for an investigation of possible ethical violations attorneys James R. Batchelder, Adam A. Bier, Kevin K. Leung, Christian E. Mammen, Lee Patch and Stanley Young. The Court ORDERS these six attorneys and Qualcomm in-house attorneys Alex Rogers, Roger Martin, William Sailer, Byron Yafuso, and Michael Hartogs to appear 9:00 a.m. on Tuesday, January 29, 2008, in the chambers of the Honorable Barbara L. Major, United States Magistrate Judge, 940 Front Street, Suite 5140, San Diego, California, 92101 to develop the comprehensive Case Review and Enforcement of DIscovery Obligations protocol in accordance with this Order."

What this case underscores is the electronic discovery/digital evidence gamesmanship (nay, brinksmanship) currently ongoing. The script: hide/alter/delete/ and then claim that evidence does not exist. A Court will in all likelihood look askance at a motion to compel, and hold that it cannot compel what a party says it does not have. The trouble is, what a party does not have can be easily created after the fact, and creates a veil most courts are loathe to pierce. This one did, but only with the help of a single "email reflector" that gave rise to the misconduct.

2008-01-05 Massachusetts Law Does Not Recognize Tort of Conversion of Computer Data

In a December 2007 decision, In re TJX Companies Retail Sec. Breach Litigation --- F.Supp.2d ----, 2007 WL 4404166 (D.Mass. 2007) the Court ruled that a claim for conversion based on intangible computerized credit cardholder and account data was not cognizable in Massachusetts.

The TJX Court did note the contrast with the New York Court of Appeals decision in Thyroff v. Nationwide Mutual Insurance Co., 8 N.Y.3d 283, 832 N.Y.S.2d 873, 864 N.E.2d 1272 (N.Y.2007) (Blogged here on October 6, 2007):

The question certified to the New York Court of Appeals: "Is a claim for the conversion of electronic data cognizable under New York law?" Thyroff, 460 F.3d at 408.

The answer: On March 22, 2007, the New York Court of Appeals answered the certified question in the affirmative. See Thyroff, 8 N.Y.3d at 293, 832 N.Y.S.2d 873, 864 N.E.2d 1272.

Straining credulity (imo) the TJX Court declined to follow Thyroff, holding that Massachussetts law does not recognize the tort of conversion of computer data. TJX, 2007 WL 4404166 at *2. Further amplifying the strain is the Court's stretch in finding that the New York Court of Appeals landmark decision does not apply to "any" digital data, but only where the digital data was "indistinguishable" from printed documents. Id. That was not the precise ruling in Thyroff; it appears that the TJX court incorporated what appears to be at best dicta from Thyroff into the New York Court of Appelas holding.

The Court's use of the word "indistinguishable" is also both intriguing and troubling. First, a contextually complete reading of the Thyroff does not necessarily lead one read in such a limitation to the tort of digital data conversion. Second, does the TJX Court provide a carve-out or not?

One might imagine the evidentiary issues arising in Massachusetts from parties offering arguments either supporting or challenging computer generated evidence as "indistinguishable" from printed documents.

Er, um, well, we may have some problems down the line in Massachussetts. For example, how does the "indistinguishable from printed documents" test apply to metadata associated with the data formatted for printing?

2008-01-04 Paucity Plus Hunch Insufficient Basis to Grant Additional eDiscovery

U.S. Magistrate Judge John Facciola's eDiscovery decisions are typically cutting edge. Today's decision in Hubbard v Potter, Civil Action No. 03-1062 (D.C.D.C. 2007) is true to form, and exposes challenges faced by a party to whom (apparently) the importance of properly staged electronic discovery came too late.

In denying a round of what Judge Facciola describes (imo, aptly) as "meta-discovery" or discovery about discovery, and invoking Zubulake, he reminds the parties that "[I]nstead of chasing the theoretical possibility that additional documents exist, courts have insisted that the documents that have been produced permit a reasonable deduction that other documents may exist or did exist and have been destroyed." Moreover, the existence of a mere "paucity" of discovery documents does not warrant the granting of additional discovery, where such "paucity" is accompanied only by a "hunch" that there has been a failure to produce.

The Court paid greater attention to plaintiffs’ argument that additional discovery was warranted "because on several occasions defendant produced responsive documents yet maintained that they were non-responsive," and found that argument "far more compelling."
The defendant in this case first failed to produce documents, then labeled these documents "Non-responsive" with which characterization the Court roundly and emphatically disagreed.

Nevertheless, Judge Facciola denied plaintiffs' request for additional electronic discovery, again basing that denial on the inadequacy of a hunch-based-on-paucity argument.

The Court first notes that a great number of electronic documents had been printed out and disclosed by the defendant in hard copy:

"For example, although plaintiffs complain that many facilities provided very little by way of electronic documentation, plaintiffs concede that '[s]ome of the 25 covered facilities produced a significant volume of hard copies of electronic correspondence.'''


The Court then states that "[P]laintiffs have no evidence that there exist additional responsive electronic documents. Rather, as with plaintiffs’ general argument regarding the paucity of documents, plaintiffs can point to nothing more than their own speculation that other electronic documents exist."

It would have been interesting to sit in on that Fed. R. Civ. P. 16(b)5 meeting. One might wonder just how badly worded was Plaintiffs' document production request(s), whether the plaintiffs reserved the right to conduct adequate electronic discovery, and whether documents were sought after in their origination format, i.e., in native electronic format.

I suspect not, and am reminded of Judge Grimm's Lorraine v Markel American dicta in whcih he urges attorneys involved in eLitigation to "get it right the first time."

2007-12-23 Digital Darwinism

The New York Times article linked below discusses the problems and costs of maintaining digital works of art (cinema) over a long period of time. What this article helps expose is the fundamental problem facing all digital information generating entities: long term preservation and accessibility. What is subsumed within this question is how to ensure long term data provenance, or provably persistent data integrity.

This article actually sounds a clarion call for those who choose to archive anything digital. It also exposes issues not typically addressed by those selling recordable media or long-term storage or archive solutions.

First, "life-long storage" does not mean "long-life storage" --- the difference is crucial, and I believe generally ignored. Life-long storage of degrading media is really storage of media only, and not of the information contained therein. The "lifetime" of most media is described in terms providing no meaningful guidance (such as "mean time between failure" for hard drives). CD, DVD's do not typically advertise or disclose their stated "shelf-life." I remember purchasing some "gold" CD's that were hawked as "long life" only to see the glitter of gold dust exfoliated by these CD's with 5 years of their purchase. Others appeared intact, but became latter-day coasters. Newer storage media: I understand that "flash drives" just wear out over time. What that portends for the SD, Memory Sticks, thumb drives, and pc-memory storage components containing important information (oops, you store your key recovery data on that USB drive...") is not good. Nano-technology? No word yet as to longevity.

Ok, so that means that the 2007 Quadrennial 5-DVD Digitally Re-mastered Dolby 11.1 Enhanced Autographed, Numbered and Limited Edition Blue Ray/HDNA Directors' (and all other) Cut of "Blade Runner" for which I shell out 100 bucks may, or may not be playable five years after I take the DVD's out of the climate controlled, UV free dark room. I'll take my chances, but if they "decompose" I'll be sad. My sadness will be limited, however, only to the extent of my loss of a favorite flick (plus 100 bucks). Not so with enterprise or government information intended to last anywhere between a long time and in perpetuity.

What this means is that entities facing lengthy retention periods had better start considering developing and deploying methods for periodic and orderly migration to "fresher" media, or risk losing data. Including those redundant backups. This brings up the question of whether such entities are required to acknowledge and take steps now, or if these entities will be given a "pass" because they merely did what at the time appeared to provide compliance.

So, it appears that we may be leaving the survival of our most important information (digitally sourced) to "Digital Darwinism," in which information contained in only the "strongest" or most robustly maintained (and migrated) media, survive.

The other issue, in which I profess a biased interest, is how to ascertain and prove, through time, the integrity of such digital data that survives.

Maybe we should worry about that issue in 10 years. It looks as if we'll have a hard enough time proving provenance even for relatively short-lived data.

The link to the New York Time article entitled "The Afterlife Is Expensive for Digital Movies":
http://www.nytimes.com/2007/12/23/business/media/23steal.html?ref=business

2007-12-18 Ohio Electronic Voting Machine Test Results - Not Good

The Register.com (why do we hear this type of information first from the UK?) reports that the Ohio Secretary of State has just released a federally funded report on electronic voting machines used in Ohio, and has found that they contain critical failures that could affect the integrity of state elections.

Excerpted from the Ohio Secretary of State's report (link below):

The voting systems uniformly “failed to adequately address important threats against election data and processes,” including a“failure to adequately defend an election from insiders, to prevent virally infected software . . . and to ensure cast votes are appropriately protected and accurately counted. (Id.)"

"• Security Technology: The voting systems allow the “pervasive mis-application of security technology,” including failure to follow “standard and well-known practices for the use of cryptography, key and password management, and security hardware.” (Id.)
• Auditing: The voting systems exhibit “a visible lack of trustworthy auditing capability,” resulting in difficulty discovering when a security attack occurs or how to isolate or recover from an attack when detected. (Id.)
• Software Maintenance: The voting systems’ software maintenance practices are 'deeply flawed,' leading to 'fragile software in which exploitable crashes,lockups, and failures are common in normal use. (Id.)'"

Register.com also reports an executive for eVoting solution vendor Premier Election Solutions as cautioning people not to read too much into the report. That executive was quoted in the article as stating:

"'It is important to note that there has not been a single documented case of a successful attack against an electronic voting system, in Ohio or anywhere in the United States," an executive for Premier said in response to the report. "Even as we continue to strengthen the security features of our voting systems, that reality should not be lost in the discussion." He went on to say the report failed to take into account security improvements made since the study began.'"


Here's the man behind the curtain (sections of the report) we're asked to ignore:

"Specific Results: Source Code Analysis and Red Team (Penetration) Testing
ES&S
Failure to Protect Election Data and Software Failure to Effectively Control Access to Election Operations
Failure to Correctly Implement Security Mechanisms
Failure to Follow Standard Software and Security Engineering Practices

Premier
Failure To Effectively Protect Vote Integrity and Privacy
Failure to Protect Elections From Malicious Insiders
Failure to Validate and Protect Software
Failure to Follow Standard Software and Security Engineering Practices
Failure to Provide Trustworthy Auditing

Hart
Failure To Effectively Protect Election Data Integrity
Failure To Eliminate Or Document Unsafe Functionality
Failure To Protect Election From “Malicious Insiders”
Failure To Provide Trustworthy Auditing

Lessee: Failure to protect against insiders. Failure to follow "standard and well known practices" for crypto, key management and security hardware. Failure to provide a trustworthy auditing capability, making it "difficult" to discover when an attack occurs. Deeply flawed software maintenance practices resulting in "fragile software."

Hmm. Let's build a house with twelve doors and eleven locks. Certify it as safe because there has been no 'documented" case of a successful attack?

Article link:

http://www.theregister.co.uk/2007/12/17/ohio_voting_machines_study/

Report Link:

http://www.sos.state.oh.us/sos/info/EVEREST/00-SecretarysEVERESTExecutiveReport.pdf

2007-12-08 Metadata Revisited - What's In That JPG? --- Relevant Evidence.

For those in the "most metadata is irrelevant" camp, I offer this argument in support of my position that metadata is critical to electronic evidence authentication: The metadata contained in most digital photographs can reveal camera ID, camera type, shutter speed, or aperture setting together with the more visible time and date notations. If someone accuses someone as having taken a certain photograph, it might be helpful to ascertain this information *(through discovery, of course) and then argue that the accused:

1. Owned or did not own the type of camera used to take the photo
2. The camera had or lacked the capability to take photos at the listed aperture, shutter or ISO setting
3. The camera had or lacked the capability to take photos at the claimed resolution.

The underlying metadata reliability argument quite readily exposes the gaping holes in the "most metadata is irrelevant" argument, as one might argue that the metadata showing these attributes (including the time and date source, and time and date notation) was unprotected, and subject to the same type of manipulation as is all other unprotected digital data, and is therefore unreliable. One might also present (and this is really the more difficult argument) that the metadata was generated and maintained in such a fashion as to be authentic and reliable. In other words, the metadata, like the photo itself, is what it purports to be at the time relevance attached to it.

2007-12-08 eDiscovery Question - Do You Know the Way to ADS (Alternate Data Streams)?

Engineered into Windows since NT 3.1 (circa 1993) Alternate Data Streams was developed by Microsoft to allow for better compatibility with HFS (Mac) file systems. When creating any NTFS file or folder, a separate data stream (sometimes known as a "fork") can be also created for that file or folder. Data stored in an NTFS stream becomes invisible to Windows Explorer, text searches, and most other Windows' routine file apps. One may then store a 5Gb .zip file inside the streamed 20k text file. Windows Explorer and most other apps will then only detect the 20k text file, and not the 5GB streamed .zip file. So, one can use ADS to hide data within other data or folders.

Interestingly enough, ADS will be stripped from a file if the file is emailed as an attachment, or if it is copied to a FAT 32 drive (such as a thumb or flash drive), a CD/RW or other non-NTFS file, the ADS will be stripped from the copy.

There are numerous detection, and some removal tools available. ADS Spy is an exampled of a freeware detection and removal tool: http://www.bleepingcomputer.com/files/adsspy.php Good forensics tools such as enCase, SleuthKit, SMART, and others provide capability to detect ADS where a the forensically extracted copy is also an NTFS based filed.

Keep in mind:

1. Search for ADS.
2. ADS may contain discoverable information.
3. ADS may bear obscure non-relevant seeming names.
4. ADS may be encrypted.
5. ADS will be stripped when file is converted/copied to non-NTFS.
6. Ask for presence of and/or have examiner search for common ADS removal tools
7. Vista has a native ADS detection tool. From command prompt, type "dir /r"

2007-12-07 Printout of Metadata Held Sufficient for Discovery Purposes

The Sedona Principles' blanket approach to most metadata as "irrelevant" was adopted in Williams v. Sprint/United Management Co., 230 F.R.D. 640, 646 (D.Kan.2005). The Sprint court embraced the Sedona argument that "[I]n most cases and for most documents, metadata does not provide relevant information." Williams v. Sprint, 230 F.R.D. at 651. The Sprint court also noted that "[e]merging standards of electronic discovery appear to articulate a general presumption against the production of metadata[.]"

The recent decision in Michigan First Credit Union v. Cumis Ins. Society, Inc., Slip Copy, 2007 WL 4098213 (E.D.Mich. 2007) follows the Sprint approach and represents yet another example of how the Sedona Conference's blanket pronouncement is susceptible to misinterpretation. Here, the Court found that a printout of email metadata was sufficient and denied a motion to compel production of native, or source data. Curiously, even though the data and time information contained in the metadata was considered relevant, the "unique identifier" data was not, and since all was "printed out" in a pdf, the Court ruled that no further relevant information could be gleaned from the native, or source data:

"This includes the date and time of the creation of the message file, as well as a long string of characters that serves as a unique identifier for each message." She further states that she has reviewed the screen-shots of the email message produced for Plaintiff, and that "[a]ll metadata pertaining to the individual messages, except for the unique identifier referred to in the above paragraph is visible on these printouts." Hence, except for an "identifier" that would have no evidentiary value, the relevant metadata (such as date and time of creation) appears in the PDF copy. Were this not the case, there would be value in producing the metadata. However, since the PDF copies contain all the relevant information that Plaintiff would otherwise glean from the metadata, I agree with Defendant that producing the metadata for the emails would be unduly burdensome." Ibid, at *2.

Of course, no challenge to the metadata itself was apparently made. Imo, this is a clarion call not only to have the Sedona Principles properly reflect digital litigation reality, but also for counsel to bring themselves up to speed, and understand what it is they must challenge, or defend. Knowing what to ask for, and why, is a good start. The flip side is that being uninformed or misinformed as to the importance of metadata will at this time be more likely to result in this type of "gotcha."

2007-12-07 Options Backdating Update - Former United Health CEO Returns 418 Million

The New York Time and the Wall Street Journal report today that William W. McGuire has settled with the SEC and agreed to return an estimated 400 million dollars in connection with the options backdating civil action pending against him. According to one account, the total returned by McGuire will exceed 600 million dollars. Options backdating involves altering the date of an option grant, typically to increase it's value at the date of granting. The option grant's strike price is typically (and some argue should only) be the date on which the grant is made. This grant date also typically coincides with the commencement of a new position, or a bonus.

The grant date maneuverability necessarily involves some time based computer data manipulation, as I highly doubt that any of these time-shifted options grants were accomplished by the efforts Aunt Tillie typing on her Selectric, bottle of White-Out by her side, in the typing pool.

The malleability of computer data (and the difficulties involved in challenging and detecting same) are well set forth in In re Texlon Corporation Securities Litigation 2004 WL 3192729 (WD Ohio 2004). The Texlon court roundly excoriated the defendant's auditor PriceWaterhouseCoopers for violating its duty of preservation. The court noted that auditing documents were altered "well after the close of the [relevant auditing period] and that [PWC should have been on notice to preserve these documents..." The Texlon court further noted that expert testimony discovered that the metadata of certain documents had been altered or deleted, specifically that data had been time-and-date shifted.

What is perhaps most important is that the Texlon court also implicitly recognizes the issue of time based data manipulation, as it also took notice of expert testimony that "it is possible to alter any document in the database, and if the date on the computer used to alter the document is reset, the incorrect date will be incorporated in the metadata fields as the date of modification." Texlon, 2004 WL 319729 at *19. It should be noted that the matter ended prior to the judge's action on the reports and recommendations of the magistrate.

Perhaps in the future the time and date malleability of computer generated information will become the focus of more intense scrutiny by counsel as well as the Courts.

2007-11-22 ES&S Voting Machine Fracas: Exactly the Same (but with minor differences)

Calif. claims that "certification" sticker were repeatedly placed on appliances that had not been certified in violation of California law.

In keeping with the nature of this dispute, someone might also be comfortable in stating the two positions stated below are identical, and with only minor differences.

ES&S: The updated machines contain the "exact same hardware configuration and firmware version
Calif: The A200 uses version 1.1.2258 of the system firmware, while the earlier machine uses version 1.0.

I find the "exactly the same, but with minor differences" argument intriguing.

The link to the Register.com article:

http://www.theregister.co.uk/2007/11/21/e_voting_vendor_sued/print.html

2007-11-21 New Discovery Venue: Apple Reported to Track iPhone Online Usage

Two things to keep in mind, depending upon circumstances. First, this capability, if true, could provide a rich discovery source, but although one might "request" the information generated by an iPhone, one might be well advised to incorporate specific language directed toward this captured information. Second, be aware of the type of information divulged-by-agreement when you, or your client sign up for the pretty bauble.

The link:

http://www.pocket-lint.co.uk/news/news.phtml/11368/12392/apple-tracking-iphone-usage-reports.phtml

2007-11-14 Data in Transit --- Just Not in the Enterprise Document Policy; Defecting Employees Steal Reported 1.8 Billion Worth of Data from Company.

Darkreading.com (link below) reports that two top officials (including an incumbent president and an executive director) of a "major Korean electric power business" stole, er, liberated, more than 1.8 billion in trade secrets when they teamed up with a rival earlier in the year.

The escaped data made its way out of the enterprise, apparently through a USB port and into some storage device connected thereto.


http://www.darkreading.com/document.asp?doc_id=139010&print=true

2007-11-08 eDiscovery: Hand me the Keys: The Downside to Hosted Encryption Services

Wired.com reports today that Hushmail, which, ahem, "dominate[s] a unique market niche fo highly secure webmail with its innovative, client side encryption engine" bows to court order to provide client's email encryption keys. Link below.

How, you might inquire, do they obtain access to a *client* private key? In an effort to make the email process seamless, Hushmail offers a thin client, and runs the encryption engine on their side. As succinctly put in the Wired Article: "...this means that an attacker with access to Hushmail's servers can get at the passphrase and thus all of the messages."

Let's do this in a step-by-step analysis.

1. Hushmail has control over its environmental variables.

2. Hushmail has control over its servers providing encryption services.

3. Hushmail encryption processes occur at Hushmail servers, not at the client.

4. Information (including key information) is transmitted between Hushmail server and client by SSL connection.

5. Key information is provided to Hushmail encryption engine in cleartext at Hushmail server.

6. Hushmail has access to the private key for some period of time.

7. Hushmail's keys can be compelled to be disclosed in court.

Client email not so Hush.

Third party custody of your encryption key, while a nifty idea for redundancy and data loss (meaning risk of non-decryption) might place that third party in a rather difficult position. Perhaps creating and enforcing a policy where private keys used for certain information are never sent in cleartext to a third party might be a good idea. Ya think?

In any event, creation of and adherence of a document retention policy to apply to 3rd party key custodian activities (and the keys held by them) in an auditable fashion, may be worth a thought.

The link from Wired:


http://blog.wired.com/27bstroke6/2007/11/encrypted-e-mai.html

2007-10-26 Another Discovery Category - Greynets

The Register.com posted an article today on the existence of illicit "conduits for malware" or
greynets" that proliferate through most enterprises today. These are technically (and typically) described as peer-to-peer applications, downloaded apps that connect direct to other users to exchange messages and/or data, (aka Instant Messaging, VoIP and filesharing applications) but greynet appears to be the emerging term de jure, and provides another wide-ranging category request type to be used in discovery.

2007-10-13 CFAA and Employment Agreements

In light of recent divergent decisional authority interpreting jurisdictional thresholds for Computer Fraud and Abuse Act ("CFAA" actions), it may be a good idea to add language to new and existing contracts of employment (and employee handbooks, where employment is "at will") to expressly articulate that any appropriation, access or use of employer information *during employment* is unauthorized and further that any such appropriation, access or use shall be deemed to cause damage in excess of $5000 (the CFAA jurisdictional amount). Upon-termination authority revocation and damages provisions should always be part and parcel of any such agreement. For existing employees, it's also a good idea to have executed a similar agreement supplement or handbook update.