“The Neutral Corner: Using Forensic Neutrals in Trade Secret Disputes”

On May 2, 2017, Executive Managing Partner Daniel Garrie published the fourth article in his column “The Neutral Corner” on Thomson Reuters’ Legal Executive Institute blog. The article is titled “The Neutral Corner: Using Forensic Neutrals in Trade Secret Disputes”.

The dirty secret of trade secret disputes is that even if you win, it can be difficult to get back to where you started. It’s like closing the stable door after the horses have run off with trade secret disputes. A court or arbitration panel may not have trouble reaching findings of fact and conclusions of law, but the secrets are still out there. And ensuring that the trade secret information is entirely removed from the offending company’s systems is a lot harder than rounding up wild horses.

Enter the forensic neutral. Forensic neutrals can help sort out the technical messes that often accompany trade secret disputes.

The graphic When to Use a Forensic Neutral further illustrates the questions to ask to determine whether you may need to retain a Forensic Neutral.

The BYOD Dilemma: Impact of Failing to Educate Employees or Protect Mobile Phones – Part 2

This second blog posting examines the impact when law firms and companies have a BYOD policy, but fail to educate employees on how to protect mobile devices. It also examines the consequences of when mobile malware infects a personal mobile device and then jumps to the employers internal systems.

On average, most employees, whatever their field, are not particularly malware savvy, which means they are not up on the details of evaluating security on apps that they download. Typically these individuals do not have malware scanning technology on their mobile devices. Many companies today invest substantial resources in providing employees with robust anti-virus and malware scanning tools for their computers and information systems, but leave the employees’ mobile devices exposed and vulnerable to thousands of potential adversaries.

How, then, to protect against these potentially disastrous smartphones as avenues of information loss or internally directed malware? Most companies purchase anti-virus, anti-malware software for their computers. It seems logical, then, to extend that policy to mobile devices as well. Why not invest in protecting your employees’ devices? By extension, protecting employee devices provides insurance for the security of a company.

People bring their devices to work whether or not there is a stated policy in place, and whether or not they are able to actually do work on those devices. One solution is to mandate that every mobile device used by employees must have malware detection software installed.  Of course, the solution is likely to require that a lawyer skilled in these issues review the policies, the underlying software agreements, and the privacy agreements involved with implementing this solution. It is critical that the lawyer advising any company has a firm grasp of the complex legal issues and the technologies to ensure a successful rollout.

Purchase mobile malware detection software and require employees to have this software installed and operational on their mobile devices. Educate them about the purposes and necessities of protecting themselves. If the first risk does occur – a company fails to sufficiently educate its employees or to enforce its BYOD-antivirus policies – a second threat can take place. In this example, an employee-owned Android device ends up getting infected with malicious malware over the weekend and the unknowing employee brings the device to work on Monday.

Maybe the employee turned off their antivirus program to save battery life, maybe they didn’t have one at all. Unfortunately, the end result is fairly worrying, because one infected phone in an unsecured BYOD workplace can serve as a vector of malware to the entire corporate network, as well as other BYOD devices. Malware can spread onto the network and infect multiple computers within the system, potentially stealing data, compromising systems, and crippling businesses until they are able to eradicate the issue. One possible solution is for a company to mandate malware protection software on every device.

It’s also important for the greater network to have malware and antiviral software, so that warnings will be raised if malware attempts to breach the system through an in-network device. Again, it is critical that the lawyer advising any company has a firm grasp of the complex legal issues and the technologies to ensure a successful roll-out. First, purchase mobile malware detection software and make sure it is deployed throughout the workplace; second, ensure that the internal company network is protected and that it is capable of raising an alert when a virus or malicious software attack occurs.


* By Daniel B. Garrie, the Senior Managing Partner at Law & Forensics LLC. He focuses on e-discovery, digital forensics, cyber security and warfare, data privacy, and predictive coding, and works with law firms, governments, companies, and non-profits around the globe.

Interpreting a Digital Forensic Report for Lawyers: Discussion of the mechanism used to collect the digital evidence. (Part 4 of 4)

To begin, the reviewer should focus on the manner in which the evidence was acquired. The report should establish if the original evidence was acquired by a duplicate bit-by-bit image of a hard drive or by live acquisition. While the manner of acquisition is dictated by the circumstances, a bit-by-bit acquisition is generally more reliable than a live acquisition because opportunities for error or failure are reduced.

In addition to the means of acquiring a digital image, reviewers should be aware of the format of the imaged data. The two primary formats for images are E01 and DD. E01 format is created using Encase software by Guidance Systems, and is considered to be the most popular software used for imaging, although other programs can create images in this format. The DD (Raw) format will create multiple files of a set maximum size (e.g., on a 40GB hard-drive, the output might be 20 2GB files), which must then be reassembled into a whole before the files can be viewed.

Forensic Report Should Provide Sufficient Details to Replicate Findings

A digital forensic report should document with sufficient detail the steps undertaken by the examiner such that an independent third-party could replicate the conclusions. This also means that the forensic images should be available for copying by a third-party. Generally, when the forensic images are not available to replicate the findings of a digital forensic report, it is a red flag. Reports with conclusions that are not reproducible using copies of the forensic images and similar analysis software should be granted little credence, absent exceptional circumstances.

In Nucor Corp v. Bell, an expert offered testimony on evidence that the opposing party had used a non-traceable wiping program to clear evidence from a laptop.  The court denied a motion to exclude the expert’s testimony. The spoliation case was based on the examination of a hard drive with large blocks of zeros surrounded by data. The court found that the method used by the expert sufficiently filled the analytical gap between the data and the opinion.  With a nod to the Daubert factors, the court noted that the expert had tested a hypothesis as to how the blocks of zeroes had appeared on the drive, and had replicated the pattern of zeros. The court also admitted evidence resulting from a load-progression test that was found capable of repetition, as the expert had thoroughly documented each step in the test to establish that data had been written to the hard drive in the predicted manner. This case demonstrates the critical value of making sure the forensic report contains sufficient detail that the findings can be duplicated independently.

Structure of A Digital Forensic Report

Generally, the forensic report is outlined as follows:

1)    Brief summary of information
2)    Tools used in the investigation process, including their purpose and any underlying assumptions associated with the tool
3)    Evidence Item #1: Employee A’s work computer

a)  Summary of evidence found on Employee A’s work computer
b)  Analysis of relevant portions of Employee A’s work computer

i)      Email history
ii)    Internet search history
iii)   USB registry analysis

c)     Repeat steps above for other evidence items, including work computers and mobile devices etc.

4)    Recommendations and Next Steps for counsel to continue or cease investigation based on the findings in the report

The report should not volunteer superfluous information which may be vulnerable to scrutiny under cross-examination. Further, all findings should be accurately qualified as to the limitations of the particular tool(s) used, the applicability of the current technology and industry-standard best practices, the methodology or techniques (such as search criteria or formula), and the scope of the investigation.

The scope of the investigation is limited by relevancy and also by budget (i.e., time), which almost always places legitimate and significant constraints on what data is found or not found and the inferences to be drawn therefrom. Moreover, the digital forensic report only investigates those areas where responsive evidence can be found (e.g., in a case investigating the theft of proprietary software code, it would be irrelevant to discuss a search for pornography on said hard drive, and law enforcement officials may require a separate warrant to conduct such a search.).

Further, when evaluating a digital forensic report, a reviewer should evaluate the substance of the report to ascertain if there is information overload. The digital forensic report should provide a cohesive and logical framework on its face and not delve into the underlying technical minutiae that could distract from its conclusions.

Examiners must resist overtures by attorneys, however well-intended or abstract, to submit any testimony or work product that is disrespectful of the truth, including overstating, understating, or omitting findings. The findings should be concise and carefully circumscribed. The report cannot be tailored to support a particular outcome, as a material omission may constitute fraud.

Many examiners use a variety of tools and it is important that the reviewer understands their genesis and purpose. The tools a forensic examiner uses should be explicitly stated in the report to assist the reviewer in understanding potential issues surrounding the conclusions the forensic tool is being used to support.


As the use of technology becomes increasingly ubiquitous, it is likely that digital forensic experts and their reports will become commensurately important to litigation.

Commentators have expressed the view that rather than asking whether the expertise presented is “science” or “non-science,” courts should inquire into the methods that the experts are using. Along with reliance on experience, there must be room provided for innovation. “[T]he existence of data showing that engineers, or physicians, or psychologists, or forensic scientists, can measure or diagnose or predict or correct certain conditions does little if anything to support an inference that they possess the requisite expertise for another task or condition for which there are no data” (David L. Faigman et al., Modern Scientific Evidence: The Law and Science of Expert Testimony § 1:25, at 70). This means that reviewers should engage in an analysis that identifies the nature of the problem and assesses whether data supports a conclusion that “necessary expertise exists to offer a dependable opinion on that problem.”

In summary, the Daubert factors aid in the gate keeping analysis for digital forensic expert testimony in certain situations. To the extent that forensic science methods have been tested in similar factual circumstances, and that those methods have been subjected to peer-review, and/or have a known error rate, it seems appropriate that the court take these factors into account when such methods are presented as expert evidence. As digital forensic science advances, information about methodology should become available as common techniques mature. General acceptance of a technique may be relevant in the types of cases that arise again and again, such as spoliation of evidence cases requiring file recovery or forensic comparison. Nonetheless, cases involving the expert testimony of computer scientists are rife with unique factual situations that may require an innovative approach by the expert. Consequently, it is critical that the bench and the bar determine whether the facts of a case are such that a traditional technique can be applied before determining whether a Daubert analysis is necessary.

* by Daniel B. Garrie, the Senior Managing Partner at Law & Forensics LLC. He focuses on e-discovery, digital forensics, cyber security and warfare, data privacy, and predictive coding, and works with law firms, governments, companies, and non-profits around the globe.


Guidance for the Bench and the Bar to Better be Able to Review and Understand Digital Forensic Report. (Part 3 of 4)

A digital forensics expert can be used in a variety of ways: as an expert witness, for litigation support, to conduct Non-Invasive Data Acquisition (NIDA), to proactively investigate potential disputes prior to litigation, or to recover data negligently or intentionally destroyed.

Over the last several years commercial hardware and software vendors who specialize in digital forensic analysis tools and applications have made significant improvements in the methodologies necessary to analyze digital evidence. As a result, what was once an almost entirely ad hoc manual-analysis process is now structured to a point where years of experience and training are no longer necessary for the production of a digital forensic report. This increased the number of forensic examiners and lowered costs, but also reduced the depth of knowledge held by the average forensic examiner.

As a result, the reviewer of a forensic report should scrutinize the qualifications of a forensic examiner to avoid an unfortunate scenario in which the forensic examiner is not sufficiently qualified and, consequently, the underlying findings are not reliable. While no uniform set of standards exists to gauge the competency of a digital forensic examiner, reviewers should seek the most appropriate combination of certification, education, and real-world experience, given the case at hand. The examiner’s training will likely include a number of hours in the classroom as well as practical experience in the real world and in the lab. This training should be evaluated in terms of levels of experience and the quality of the instructors and institutions administering such training.

While individual vendor certifications certainly have value, the education marketplace is seeing the emergence of vendor-neutral certification programs to validate technology skills at various levels. This new industry may use establishing credentials as a means to further monetize a product. True expertise requires field experience in real-world situations and/or years of study. Thus, the bench and bar should interpret forensic certifications only as an indication of additional expertise that the forensic examiner possesses in a particular area, or in a specific type of software in the forensic field, rather than as a blanket qualification.

In addition to technical expertise, an ideal expert witness will have experience on the witness stand. Counsel will set the baseline requirement of a competent expert, but the ability to calmly and confidently relay findings while undergoing rigorous cross-examination is critical. Finally, a digital forensics expert can testify in federal and most state courts, but a written report is still mandatory unless otherwise stipulated or ordered by the court. This written report, if properly done, may in some cases negate the need to provide expert testimony.

In next week’s installment, I will go into the details of evaluating such a written report.

* by Daniel B. Garrie, the Senior Managing Partner at Law & Forensics LLC. He focuses on e-discovery, digital forensics, cyber security and warfare, data privacy, and predictive coding, and works with law firms, governments, companies, and non-profits around the globe.

Framework for the Bench and Bar to Apply When Evaluating at Digital Forensic Report. (Part 2 of 4)

The Daubert decision resulted in a set of standards used by judges to determine whether scientific evidence is admissible in federal court. It applies to any scientific procedure used to prepare or uncover evidence and comprises the following factors:

  1. Testing: Can and has the scientific procedure been independently tested?
  2. Peer Review: Has the scientific procedure been published and subject to peer review?
  3. Error rate: Is there a known error rate, or potential to know the error rate, associated            with the use of this scientific procedure?
  4. Standards: Are there standards and protocols for the execution of the methodology?
  5. Acceptance: Is the scientific procedure generally accepted by the relevant scientific community?

The Daubert test provides judges with an objective set of guidelines for accepting scientific evidence. Following Daubert, the Kumho Tire v. Carmichael, decision extended the Daubert guidelines with its interpretation of Federal Rule of Evidence (“FRE”) 702, which provides guidelines for qualifying expert witnesses. It states that the expert can have “scientific, technical, or other specialized knowledge”, thereby extending the Daubert standard beyond scientific knowledge.

There are a number of practical points that both attorneys and judges will benefit from knowing, in order to meet the guidelines set forth in the standard. This article’s goal is to elucidate those practical high-level points, thereby allowing counsel or the bench to review technical expert reports and spot potential weaknesses.

In the next installment of this article, I’ll go into how best to review the qualifications of a digital forensics expert.

[1] By Daniel B. Garrie, the Senior Managing Partner at Law & Forensics LLC. He focuses on e-discovery, digital forensics, cyber security and warfare, data privacy, and predictive coding, and works with law firms, governments, companies, and non-profits around the globe.

Brief History of Digital Forensics for the Bench and the Bar. (Part 1 of 4)

With the widespread permeation of advanced technology into our daily lives, it is inevitable that the products of those technologies, i.e., digital information, will make their way into the courtroom. This has largely occurred in the form of electronic discovery, or e-discovery, where each party involved in the case provides the relevant information they possess.

However, in cases where information may have been hidden, erased, or otherwise altered, digital forensic analysis is necessary to draw further conclusions. As in criminal cases, there are times when a gun in evidence is incontrovertibly the gun used in the crime, and times when it is necessary to trace the gun’s origin, run a fingerprint analysis, and compare bullet casings to ensure the weapon used and the weapon in evidence are the same.

Briefly, then, digital forensics is the preservation/retrieval and analysis of electronic data. This data includes the primary substantive data (the “smoking gun”) and the secondary data (the “fingerprints” on the data) such as data trails and time/date stamps. These and other metadata markers are often the key to establishing a timeline and correlating important events in a case.

In order for a forensic report to be scientifically valid, whether for digital or physical evidence, it must have conclusions that are reproducible by independent third parties. Facts discovered and opinions formed need to be documented and referenced to their sources. Such reports, containing opinions based upon well-documented digital sources of data, are much more likely to withstand judicial inquiry than are opinions based on less reliable or well-documented sources.  See for example Clark v. Takata Corp. where some expert opinions were excluded due to being based only on experience or training with no supporting scientific data or other rigorous methodology.

The reigning case in scientific evidence admission is Daubert v. Merrell Dow Pharmaceuticals Inc. This decision set forth a five-pronged standard for judges to determine whether scientific evidence is admissible in federal court.

In the next installment of this article, I’ll discuss the Daubert standard in detail.

* By Daniel B. Garrie, the Senior Managing Partner at Law & Forensics LLC. He focuses on e-discovery, digital forensics, cyber security and warfare, data privacy, and predictive coding, and works with law firms, governments, companies, and non-profits around the globe

Redefining the Discovery Terrain: The Need For Mediation in E-Discovery (3 of 3)

Redefining the discovery terrain: The need for Mediation in E-Discovery 

by Daniel B. Garrie, the Senior Managing Partner at Law & Forensics LLC. He focuses on e-discovery, digital forensics, cyber security and warfare, data privacy, and predictive coding, and works with law firms, governments, companies, and non-profits around the globe

See Part 1 for an introduction on the place of mediation in e-discovery disputes, and Part 2 for a discussion of the practicalities of conducting an e-mediation.

Practitioner Points

Discovery mediation is an emerging field of the law and will certainly change and evolve in the months and years to come.  However, the following practitioner points should be a valuable resource to counsel when weighing the benefits of discovery mediation.

Discovery mediation should focus on the issues of discovery and not the substantive issues underlying the dispute.

Discovery mediation is unique in that the mediator is not concerned with the outcome of the underlying dispute but rather on resolving the discovery issues.  Counsel must be mindful to refrain from litigating the facts of the case and stay focused on resolving the discovery disputes. Often discovery is best resolved via cooperation rather than litigation, and in discovery mediation, the best path to success is certainly by attempting to facilitate cooperation and open dialog between the parties. The discovery mediator is there to aid parties in removing discovery obstacles, as discovery should not be the focus of the court’s time or the client’s money.

Make sure your mediator is adept at the law and technology, with real-world experience around keyword search and the use of predictive coding tools.

As mediation is focused strictly on the discovery issues and the technical systems of both parties, it is critical that the mediator know the right questions to ask and is able to understand whether the answers given make sense. The private sector has effectively created a breed of lawyer/technologist who possesses expertise in information management systems as well as the tools to act as a discovery mediator. The benefit of this lawyer-technologist hybrid is his/her ability to effectively determine e-discovery scope and keyword searches within the context of the legal issues in dispute.

Accordingly, your mediator must have expertise in both the law and technology. For example, a mediator who understands the fiscal repercussions of technical discovery demands can translate technical jargon into hard numbers so that attorneys are able to see the real-world time and cost ramifications of their requests. This may result in counsel reconsidering a document request or a dispute at issue. The question we want attorneys asking is: Does the cost of discovery outweigh the value? When this is taken into consideration, a previously rejected discovery method may look more palatable to both parties. Another time- and cost-benefit of a technologically adept mediator is that neither party has to hire experts, nor must either attorney become an expert on the client’s or opposing party’s specific computer systems. Taking the adversarial element of litigation out of discovery serves all parties and the court by streamlining the discovery process.

Push for a cooperative mediation experience and leave adversarial strategy at the door.

It is equally critical that the mediator listens to the parties’ concerns and questions with an open mind and that those parties are willing to cooperate with and listen to each other. The mediator can translate the technical underpinnings of each party’s systems into actionable discovery efforts that both parties can comprehend. The 7th Circuit has begun a program where discovery mediation is routinely encouraged, leading the way for other programs around the country, but there is no need to wait for a program to start in your jurisdiction. Mediation, programmatic or not, must be mutually agreed upon by the parties. After that, it is just a few short settlement hours away from moving on to the real issues of the case.

Courts do not want the substantive issues of the case tainted with discovery disputes and may act sua sponte to limit or compel discovery to best protect the merits of the case.  See Walker v. White, 1:06CV350, 2007 WL 812113 (W.D.N.C. Mar. 14, 2007), and see Long v. Fairbank Farms Reconstruction Corp., 1:09-CV-592-GZS, 2011 WL 5386599 (D. Me. Oct. 25, 2011).  It should be much preferred that parties resolve their discovery issues on their own terms and without interference by the court, which may or may not understand the technical significance of the issues.  Trying to get a strategic advantage through discovery will undoubtedly prolong the process, certainly will not advance your case, and will potentially subject you to the court’s unpredictable orders on discovery.

  • Conclusion

While some may view traditional mediation as a soft form of adjudication best left for family disputes and small matters, the format of discovery mediation is suited for even the largest of commercial disputes. By combining confidentiality with an opportunity to separate the technical aspects of discovery from the real issues of the case, both parties benefit, saving significant time and money. As court dockets and budgets continue to tighten, counsel would be wise to consider the benefits of discovery mediation for their cases.


Attacking the Weakest Link Law Firm Data (In) Security

Attacking the Weakest Link Law Firm Data (In) Security

by Daniel B. Garrie the  Senior Managing Partner  at Law & Forensics LLC. He focuses on e-discovery, digital forensics, cyber security and warfare, data privacy, and predictive coding working with law firms, governments, companies, and non-profits globally.

Law firm culture has long focused on the ability of its attorneys to bring a high level of thought and analysis to every legal case on its roster. However, similar care has not been spent by firms when it comes to data security.   For many firms hiring world class security engineers to work full time is seen as impractical or acquiring the right hardware and software solutions is too costly. What firms do not realize is that client service must include these steps to ensure that all of the files are not found on a file sever located somewhere in Asia, Brazil, or Russian for example.

Consider the following hypothetical: A global law firm with over 500 attorneys had a policy allowing employees to use their personal devices, including cell phones, tablets, and laptops, for work purposes. One senior partner used his smartphone for work email, viewing files, and connecting to the law firm network to access client materials outside of the office and to get documents stored in the cloud. This senior cost-conscious partner chose to use his smartphone for both work and personal use, as the need to segregate data and users was not brought to his attention. One day while driving his son to school, the senior partner lets his son use the smartphone to surf the internet and download a new game. However, this game came with malware code attached to it, which accessed to the senior partner’s data on his smartphone. More importantly when the senior partner logged onto the firm’s intranet, the malware program infiltrated the firm’s servers. This silent intrusion allowed the malware to transmit data back to the developer, this data included bank account information, credit card information, confidential information for high-profile clients, all available to the highest bidder. Within days of the breach, the law firm was floundering to determine how their networks were hacked, how to stop the leak, how to manage their client relationships, and how to remedy the reputation fall out.

While the above hypothetical may seem like a doomsday scenario, a simplified copycat version of Stuxnet could easily do just that.  Our experience advising law firms and in-house legal departments on these issues has shown that there are cost efficient alternatives that can dramatically improve a firm’s data security. While investing millions is not practical, if the law firm has a security aware culture and has purchases and implements one of the current solutions available in the marketplace, it can implement a secure, easy to use and manage file transfer solution; highly advanced email encryption —  any size, any client, any device; integrated malicious-code-detection for both internet connection and physical devices; solution that manages and protects data in transit between mission critical system and security platforms; and technology that provided network protection from all outside threats.

The list of software discussed above seems long and complex, however, several vendors offer a single solution and can be purchased and managed by in-house or third-party vendors.  While we will probably never live in a world where parents never lend their smart phone to their children, we do live in a world where the entire hypothetical could have been averted by some thoughtful pre-planning.

Law firms have long been the vault for personal and corporate confidences, but the increasing number of hacks should leave clients questioning the strength and security of their law firm protects their data.  The simple principle of attacking the weakest link often may lead back to law firms, as they often do not invest in the technology, people, and cultural awareness necessary to provide strong security.

A recent Wall Street Journal article lauded law firms as the first stop in cyber security response, lauding the benefits of attorney-client privilege and knowledge of corporate disclosure laws.  While knowing the law is great and half the battle, the physical hardware and software piece is equally critical. A more tangible public example one can turn to the article published on January 31, 2012, on Bloomberg where it discusses how Chinese based hackers looking to derail the $40 billion acquisition of the world’s largest potash producer by an Australian mining giant zeroed in on offices on Toronto’s Bay Street, home of the Canadian law firms handling the deal. The details while not fully available recognize that the hack hit seven different law firms as well as Canada’s Finance Ministry and the Treasury Board. While the deal fell apart for unrelated reasons, the incident illustrates the vulnerability of law firm. According to Mandiant, it estimates that 80 major U.S. law firms were hacked last year which is in-line with our experience.

The knowing the law is a great arrow in ensuring a law firm protects their client’s data, but rest assured neither individual nor state-sponsored hackers are deterred by the tenets of attorney-client privilege. Just as you wouldn’t put your money in a bank without a vault, you should not trust critical, sensitive, or material corporate data to a law firm, if the said firm has a weak “data protection vault.”

Unlike a physical structure of a bank, the level of information security readiness and effectiveness is not readily apparent, especially to those that are not technically skilled. Thus, any company large or small, should in retaining counsel demonstrate they know how to securely hold and manage your organizations data. This is particularly true in cases involving technology, trade secrets, or sensitive corporate data. In turn, firm’s who know how to manage and secure technological assets should use that competitive advantage in marketing themselves to existing and potential clients.

So, what can law firms do to simultaneously enter this new area of practice and ensure that their new client’s data remains safe? Create network data maps, monitor digital access logs, hire in-house and outside experts, acquire appropriate computer hardware, buy software such as (Safe-T), and create a culture that is security-centric. Often the weakest link is not the technology but the people, so it is essential firms make sure ingrained in every employees mind is the need to be security aware.  These are a few of the preventive and prophylactic measures that are at the disposal of law firms. There is not silver bullet and the right solution will vary based on the size, geography, people, and systems a firm has deployed.  That said, every firm should seek out and employ the right solution for it and their clients.



E-Discovery on Smart Phones and Tablets – (Part 4 of 4)

E-Discovery on Smart Phones and Tablets – (Part 4 of 4)

This if the final post in the four part series, E-Discovery on Smart Phones and Tablets, that examines the application of electronic discovery laws to smart phones and tablets and how the relationship between the two raises a litany of unique issues regarding privacy, data retention, and production.

In the third installment of this blog, I reviewed the 2006 revisions to the Federal Rules of Civil Procedure and the implications of collecting data on individual privacy rights and corporate entities. In this final post I will look at what comes next in the world of mobile messaging.

Oral and data communications now are propelled like rockets over the same wires simultaneously, encapsulated in digital data packets. With the convergence of oral and data into a single transmission medium, the courts, like computers, cannot adequately distinguish between oral and data communications. The digital age and the use of the mobile and analogous technologies cause the legal distinctions, that ordinarily guided courts, to become muddled and confusing to administer. Not only do voice and data communications blend, but mobile devices are frequently used for both personal and business reasons. This convergence of electronic documents, oral communications and written messages together with varied cost structures and differing policy concerns applicable to each, cause the current production for litigation framework to break down.

In their efforts to understand the starburst of technologies, courts will need to recognize that because of the distributed and expansive nature of most mobile communications, the costs of identifying, preserving and producing mobile communications such as short message systems are significant. Production and preservation often involves third-party telecommunication service providers, such as Verizon, Sprint, T-mobile and AT&T. These generally higher costs of preservation and production, together with the greater protections traditionally provided to private, non-business communications, support the supposition that courts should continue to apply scrutiny when evaluating the necessity and scope of mobile discovery requests and apply the safe harbor provision of Rule 37(e), or various state equivalents, more widely when evaluating mobile communication discovery disputes. This would enable the courts to address the unique privacy concerns applicable to the mobile medium, and provide an efficient and cost-effective legal protocol for litigants and the court.

An alternative to a more liberal application of the safe harbor provision set forth in the amended Federal Rules of Civil Procedure is for the advisory committee to the rules or the federal and state courts to carve out a new, specific mobile discovery rule that balances cost versus reasonableness. Courts should consider and balance the need for the requested discovery and grant a litigant’s mobile discovery requests with caution (particularly where oral communications are sought) where the litigants are unable to avail themselves of the information through an alternative source. This approach is likely necessary to appropriately balance the substantial costs, burdens and policy concerns attendant to mobile electronic discovery.

E-Discovery on Smart Phones and Tablets — (Part 3 of 4)

E-Discovery on Smart Phones and Tablets — (Part 3 of 4)

This is the third post in a four part series examines the application of electronic discovery laws to smart phones and tablets and how smart phones and tablets raise a litany of unique issues regarding privacy, data retention, and production.

The Federal Rules Are Amended Again

In the previous installment of this blog I gave a quick summary of how mobile messages are transmitted between smart phones, devices and the case law that foreshadowed the revision of the Federal Rules of Civil Procedure. Following on that post, today I want to take a closer look at the 2006 revisions to the Federal Rules of Civil Procedure and the implications of collecting data on individual privacy rights and corporate entities.

In December 2006, the federal rules were broadly amended in an attempt to offer clearer guidance on the production of electronically stored information (ESI) in litigation. The new rules added a defined term for ESI and set out a series of requirements and obligations for parties to identify such information at the start of litigation.

Electronically stored information is defined in Federal Rule 34(a) as “other data or data compilations stored in any medium from which information can be obtained directly or, if necessary, after translation by the responding party into a reasonably usable form,” and plainly includes data stores, received or transmitted by mobile devices. Courts have responded to these new rules by actively requiring all parties to a case, whether corporate or individual, to preserve, identify, disclose and produce any relevant information on an electronic device. Failure to comply in good faith could result in sanctions from the court.

Among the amendments was the creation of a limited “safe harbor” from sanctions arising from the loss of ESI as a result of the “routine, good faith operation of an electronic information system.” The application of this rule requires that the producing litigant demonstrate it tried to preserve evidence it knew or should have known to be relevant to the litigation in good faith. Mobile communications discovery usually requires the participation of third-parties, and this safe harbor provision can provide a shield to litigants who have difficulty producing documents from third parties in response to discovery requests.

However, third-party production of data brings about another problem of privacy.

In 1928, Justice Louis Brandeis, in Olmstead v. United States, anticipated that technological advancement would enable the government to employ surveillance tools extending far beyond wiretapping. In his prescient dissenting opinion, Brandeis asserted that Fourth Amendment protections must be interpreted broadly to safeguard against new abuses that were not previously envisioned. Thus, he sought to protect the individual’s “right to be let alone” without regard to the different technologies that might be employed by the government to compromise that right. Brandeis’ forward-looking focus on individuals’ underlying privacy interests presents a compelling perspective that often differs from the courts’ treatment of data collected and retained by businesses.

Since Katz v. United States (1967), federal courts have routinely forbidden third parties from tapping or monitoring oral communications. But they just as routinely permit businesses to track, store, and sell data packets, either with the explicit or simply implied consent of either party engaged in the transmission. Just as an individual expects personal text messages and emails to remain private, a corporation expects sensitive and proprietary data to remain confidential.

How the courts will treat these forthcoming cases is unclear. Businesses and corporate counsel should arm themselves with the knowledge of how their IT systems operate, who their 3rd party service providers are, and the nature of their agreements with them in order to best protect sensitive data from being unnecessarily produced during discovery.