ABA TechShow Update

• New Rules of Evidence will require many changes to the practice of law.


• Attorneys now have more obligations to ensure the preservation of documents. Changes and new obligations will include:
  
  • Responsibility for preservation of data has increased.
  
  
  • Inadvertent production of privileged material is covered by "clawback" policies.

• STORAGE is cheaper (with electronic)

AMOUNT of electronic information has increased exponentially in last 15 years;1,000 to 10,000 times what was before.


• Electronic information is DYNAMIC - (paper was static) "flowering" find what was edited or deleted



• Electronic information is DISTRIBUTED - In the 1870s, record keeping really began; everything was kept in one place. NOW: not all is in one place; we don't even know where all the information is.


These differences create a need for updated "best practices".¹

• Discovery used to be for a document or a "thing"; now it includes a new category: Electronically Stored Information (ESI).
  
• Rule 34(b) [as amended]: Attorneys can request the form in which electronic evidence is produced (native file, TIF, PDF). Attorneys can also object to the form evidence is presented in (paper, non-searchable TIF /images, etc.)


• Default format: that which is "ordinarily maintained" and "reasonably useable". This wording is intentionally vague, and can refer to both native files and /images with the searchable metadata and full text.²
  
• Rule 26(b)(5): Inadvertently produced privileged documents: attorneys can "reclaim" privilege on documents which have already been produced. The procedure for accomplishing this can be anticipated by developing a "clawback" or "snapback" agreement.


• The senior lawyer on a case is now responsible for monitoring on-going compliance. All sources of information must be identified, notified of compliance requirements and searched. This includes sources that previously did not necessarily come in contact with counsel, such as IT personnel.

Rule 16(f) Pre-Trial Conference - The changes to the Rules of Evidence provide an opportunity to change the goals of a pre-trial conference. It is recommended that the following recommendations be reviewed:

• Data should be "reasonably accessible." Define "accessibility" for each particular situation.


• The legal team should know specifically what client data (electronic) is "available" and what is "accessible".


• Prepare a check list of what is desired. Know especially what searches are wanted to be able to perform.³
  
• The legal team should meet face-to-face at the outset with relevant players, to include:
  
  • Lead attorneys (outside counsel)
  
  
  • Electronic discovery manager (coordinator, usually from the law firm)
  
  
  • Lead in-house counsel
  
  
  • Client's senior managers (GM of business unit, president of division, vice presidents, etc.)
  
  
  • Client's senior IT manager
  
  
  • Client's IT executor - "get the right IT guy"⁴
  
  
  • Client's key employees
  
  
  • Client's key players: they know where everything is: can tell you where key evidence is located
  
  
  • Outside electronic evidence expert: to harvest and maintain a chain of custody
  
  
  • Electronic discovery vendor
  
  
• Electronic documents need to be produced electronically, not on paper. Suggested formats include:
  
  • Native file format (there are issues with this form; see page 3 later in this report)
  
  
  • TIF /images - with or without searchable text; with or without metadata
  
  
  • PDF /images - with or without searchable text; which metadata is included

Determining IT Conditions

• Physically tour the client's facility(ies).


• "Map" the servers, noting the network drives and "home shares".


• Document all IT protocols:
  
  • Is the email system set up to automatically delete messages?
  
  
  • What is the document retention plan?
  
  
  • What are the back-up protocols?
    
    • What is being backed up? What is not?
    
    
    • What is the back-up cycle?
    
    
    • Complete back-ups vs. incremental back-ups?
    
    
    • What is being over-written?

Warning #1

An MIT study of the contents of 158 used computers tagged for disposal found over 5,000 examples of credit card numbers, social security numbers, medical records and pornography. Old computers should not simply be disposed of or given away without either pulling the hard drives or wiping them clean using special utility programs.


Metadata - Metadata was originally developed to enable searching and retrieving documents. It is this information - concealed behind the content of the data - that tracks key information such as

• Original author


• Date and time created


• Date and time revised


• Last date printed


• Hidden text

• Metadata can be utilized to review documents quickly and efficiently.


• Metadata can contain information that opposing counsel can access. This can include data that may be covered by ethical confidentiality regulations such as HIPAA.⁶


• It is important to examine both the content and the metadata prior to production. Outside counsel may want to suggest policies for cleansing metadata prior to sending emails or attachments.

Preserving Data - The best method of preserving data is to create a "forensic copy" of data. Since forensic technicians do not work with the original data, a "no-boot mirror image" is recommended.

Each time a computer is started up, metadata changes. Making a forensic copy of hard drives prevents these changes and preserves the last set of metadata. A forensic copy is a bit-by-bit, sector-by-sector copy.

Forensic technicians use special software, hardware and procedures to capture this data in a legally defensible, clean manner.


Problems With Native File Formats⁷

There is various opinions about whether documents should be produced in native file format (the original document is not converted to an image file). Native files are exactly as they were on the original computer. For this reason, some people believe that this is the preferred method of exchanging documents. However, there are some limitations to the native format:

• No Bates numbers


• No confidentiality statements


• Formats change according to which printer the computer viewing the native file has set up


• Can't redact native files


• Users can change the text


• Reviewers must have the applications utilized in native file; if more than standard Office (Word, Excel, and Powerpoint), you can blow your litigation budget buying additional software for all the reviewers (Adobe Illustrator, Microsoft Project, etc.). Note: some companies will provide a free viewer so people without the application can view (but not change) the documents produced with a specific application. Investigate that possibility.

NOTE: There is a distinction between "production" and "review".


The Future

The new Microsoft operating system, currently known as "Vista", has a built-in encryption utility that is pretty good. Great for users; not so great for courts. Explore the pros and cons of Vista and help your clients decide whether they (the client and their IT department) should allow users to enable this encryption.⁸


Warning #2

If an attorney and client start marking communication as "confidential" and/or "attorney work product", it may be seen as the point in time in which litigation was anticipated and trigger a duty to preserve all data from that point forward. This effort to be careful may be premature, and should be carefully considered.


Tips From The TechShow

• If your practice is large enough, assign an electronic discovery paralegal to manage the document collection criteria and documentation.


• Utilize keyword/date range/key individual searching to reduce the size of an electronic discovery collection and lower the costs.


• If you use Google Desktop, be sure to turn off the "share" feature. It allows other people to see your computer!⁹


• In corporate environments, you must get the IT people involved in changing default application settings. The IT staff (either in the law firm or at a client) may not be fully aware of what features and settings are available, or what has been set. A decision needs to be made about what an individual user and change and not change. Involve the client's IT people in this.


• If you use "hidden text" or white fonts to make comments on a Word document, make sure that this metadata is stripped out prior to production if you don't want it discovered by opposing counsel.


• If a PDF document has been redacted, it is possible to find words behind the redaction by doing a "copy" of the redaction area. Cut-and-paste that copy into a Word document - and there the hidden words appear!


• Some PDFs can be edited and changed. If you send a PDF for signature, make sure that it is the same when it comes back as it was when you sent it.


• When creating PDFs to send to clients, be sure to use the security settings. Put a password on the document to open; another password to edit; restrict copying of text and /images; and enable users to print. This controls what happens to your PDF when you pass it on.


• Learn about the security settings in Word.


• Learn about "track changes" in Word.

Forensics Steps¹⁰

• Define when forensics is required. Forensics tools are used for validation; hashing (fingerprinting); and recovering deleted, unallocated and slack files.

Recover - image the media: create a "no-boot", bit-by-bit, sector-by-sector copy of media as it currently exists with no changes to its metadata

• Index the data (machine created cross-reference of pointers to all words within all documents)


• Develop search terms: to cull collection down to more manageable amount


• Analysis: look at the evidence and summarize what is substantial.


• Provide evidence and reports


• Provide a Chain of Custody

• Back-up Tapes: Always Ask vs. Seldom Ask for back-up tapes. Back-up tapes aren't "easily accessible", are difficult to restore accurately (more costly) and aren't as good as a "no-boot mirror image" or forensic copy of a hard drive. Some experts think they should always be obtained.


• Native File Format: Only Request Native File Format vs. Native Files Can't Be Controlled (see discussion of "Problems with Native Files").