Post Process

Everything to do with E-discovery & ESI

Archive for September 17th, 2007

Hacker says courts need to be educated on e-crime and related matters

Posted by rjbiii on September 17, 2007

Australia IT has posted an article of a hacker who claims that judges and attorneys lack the literacy, even at a basic level, to understand the technical issues involved with such matters as computer crime:

COMPUTER forensics investigator Bryan Sartin says court systems are ill-equipped to understand e-crime, even at a basic level.

The article describes a case where a former employee got away with identity theft because counsel and the judge weren’t equipped with the knowledge that would have allowed them to see through the defendant’s lame excuse. This is relevant to us at Post Process because we run into the same lack of technical knowledge with regards to electronic discovery. The article concludes with Mr. Sartin stating:

We try to explain them in a very non-technical fashion so that prosecutors and defence attorneys can understand, but it can be very difficult.

“I think we’ll start to see more specialised cyber-forensics or cyber-type attorneys popping up who have the experience and skills to be able to do that.”

I agree, and am surprised the process has been as slow as it has been.

Posted in Articles, Bryan Sartin, Computer Forensics, Trends | Leave a Comment »

To delete, or not to delete…

Posted by rjbiii on September 17, 2007

Techlinks has posted a summary of a brief by Ronald Stay and Thad Barnes of Stites & Harbison with the title “Should I keep every e-mail and document, just in case?“:

Since the highly-publicized demise of Arthur Anderson, reports of businesses facing severe legal sanctions for destroying documentation and deleting data that could be relevant to future litigation have instilled caution, even fear, in corporate boardrooms. The computer age and transition to a paperless society have seen an exponential growth and rapid accumulation of electronically-stored information, including email, data files and digital documents, raising issues for businesses concerned with regulatory compliance and record keeping. Without a crystal ball to predict litigation, are businesses obligated to retain and store every single document and email?

They answer with the only practical answer available: no. They state:

It is neither reasonable nor necessary for a party to preserve every byte of data or backup tape (unless a tape is the only source of relevant data).

They continue with a brief rundown of some practical steps that might minimize the chance of deleting yourself into litigation oblivion, although the general nature of the recomendations may leave the needy reader’s hunger for more substantive fare unsated.

Posted in Articles, Data Management, Duty to Preserve, Ronald Stay | 1 Comment »

Keeping it all (your data, that is) together

Posted by rjbiii on September 17, 2007

DM Review has posted an article discussing the challenges of navigating the rules of compliance on one side, and discovery rules on the other.:

Corporations were thus presented with a dubious choice, one that really wasn’t a choice at all: attempt to get the unstructured data genie back in the bottle in favor of the old paper-based world or lean heavily on technological tools to implement an infrastructure better equipped to handle both structured and unstructured data.

The author discusses the familiar issues with trying to find structure and patterns within unstructured data. Then, voila, something big happens:

the search and categorization industry grew up. After a few false starts and some premature hype, search and categorization tools became easier to use and, more importantly, started delivering better results. Search and categorization tools eventually became the unifying force of information management within many enterprises and professional service firms as they could make sense of huge volumes of data in a relatively effective fashion. Furthermore, search and categorization technology began solving particularly thorny issues such as records management, compliance and e-discovery, which went a long way toward cementing the critical role that search is playing in today’s enterprises. The following three brief case studies highlight the increasingly effective roles being played by search and categorization to resolve specific business issues.

In focusing on litigation, the article waxes a bit optimistic on the technology used for document review:

For the legal industry, time is money – literally. With associates’ billing rates exceeding $250/hour and partners’ upward of $500/hour, efficiency is critical. The challenge for law firms is that their incredibly valuable intellectual property (their work product and expertise) resides in multiple, separate repositories and applications, making information accessibility extremely difficult and time-consuming. Worse, particularly for large diversified firms bidding on new business, lawyers don’t know the full breadth of expertise living within the firm and will either spend a significant amount of time figuring this out or will simply avoid bringing in new clients for fear that the firm won’t be able to meet their extensive needs.

The solution: a search application that unifies access to all data within the firm in a single, easy-to-use interface, thereby giving access to all of the work product and expertise within that firm. This solution not only pulls information from the usual sources (file servers, databases and intranets) but incorporates highly sensitive sources (e.g., from time/billing systems and personnel records) and even external information feeds. And in order to meet the firm’s stringent ethical and conflict of interest-avoidance requirements, the system applies multiple levels of security to both the users of the system and the content residing in it. Thus, the legal industry has increasingly turned to this “Google for law firms” solution to make its practice far more efficient, thereby allowing them to raise their rates while actually improving their cost-effectiveness for clients.

Google for law firms, eh? I haven’t seen the killer app in lit support yet. In fact, many of the leading lights of law are just now beginning to acknowledge that “eyes only” review is not the most effective and accurate means of processing information out there. The Sedona Conference has released a new paper on using seach technology in the e-discovery process (download the report in pdf format by clicking here). An excellent view of the recommendations contained in the white paper may be found at e-Discovery Team.
What is certain is that technology associated with e-discovery still has a ways to come (although it has certainly progressed in the last few years). What is perhaps even more important, is that learned counsel become, well, learned. Greater knowledge of the technological capabilities and techniques, as well as familiarity with the laws of discovery procedure with regards to e-discovery, will result in much greater efficiencies and less nasty surprises for clients.

Posted in Articles, Data Management, Search Protocols, The Sedona Conference, Trends | Leave a Comment »

Case Blurb: Lorraine; Authentication of ESI by comparison under FRE 901(b)(3)

Posted by rjbiii on September 17, 2007

[Rule 901(b)(3)] allows authentication or identification by “[c]omparison by the trier of fact or by expert witnesses with specimens which have been authenticated.”

  • Interestingly, the rule allows either expert opinion testimony to authenticate a questioned document by comparing it to one known to be authentic, or by permitting the factfinder to do so.
  • Obviously, the specimen used for the comparison with the document to be authenticated must be shown itself to be authentic.
  • This may be accomplished by any means allowable by Rule 901 or 902, as well as by using other exhibits already admitted into evidence at trial, or admitted into evidence by judicial notice under Rule 201.
  • Although the common law origin of Rule 901(b)(3) involved its use for authenticating handwriting or signatures, Fed. R. Evid . 901(b)(3) advisory committee’s note, it now is commonly used to authenticate documents, Weinstein at § 901.03[7][b], and at least one court has noted its appropriate use for authenticating e-mail. Safavian, 435 F.Supp.2d at 40 (E-mail messages “that are not clearly identifiable on their own can be authenticated … by comparison by the trier of fact (the jury) with ‘specimens which have been [otherwise] authenticated’– in this case, those e-mails that already have been independently authenticated under Rule 901(b)(4).”).

Lorraine v. Markel Amer. Ins. Co., 241 F.R.D. 534 (D. Md. 2007).

Posted in 3d Circuit, Admissibility of ESI, Authentication, Case Blurbs, D. Md., Magistrate Judge Paul W. Grimm | Leave a Comment »

Case Blurb: Lorraine; ESI may be authenticated by witness with personal knowledge of the data

Posted by rjbiii on September 17, 2007

Courts considering the admissibility of electronic evidence frequently have acknowledged that it may be authenticated by a witness with personal knowledge. Lorraine v. Markel Amer. Ins. Co., 241 F.R.D. 534 (D. Md. 2007).

  • (referencing United States v. Kassimu, 2006 WL 1880335 (5th Cir. May 12, 2006) (ruling that copies of a post office’s computer records could be authenticated by a custodian or other qualified witness with personal knowledge of the procedure that generated the records));
  • (referencing St. Luke’s, 2006 WL 1320242 at *3-4 (“To authenticate printouts from a website, the party proffering the evidence must produce ‘some statement or affidavit from someone with knowledge [of the website] … for example [a] web master or someone else with personal knowledge would be sufficient.’ ” (citation omitted)))
  • (referencing Safavian, 435 F.Supp.2d at 40 n. 2 (D.D.C.2006) (noting that e-mail may be authenticated by a witness with knowledge that the exhibit is what it is claimed to be));
  • (referencing Wady, 216 F. Supp 2d 1060 (sustaining objection to affidavit of plaintiff’s witness attempting to authenticate documents taken from the defendant’s website because the affiant lacked personal knowledge of who maintained the website or authored the documents)).

Posted in 3d Circuit, 4th Circuit, Admissibility of ESI, Authentication, Case Blurbs, D. Md., Data Custodians, FRE 901, Magistrate Judge Paul W. Grimm | Leave a Comment »

Case Blurb: Lorraine; Data Custodian’s personal knowledge of a specific file not necessary for authentication under FRE 901(b)(1)

Posted by rjbiii on September 17, 2007

Although Rule 901(b)(1) certainly is met by the testimony of a witness that actually drafted the exhibit, it is not required that the authenticating witness have personal knowledge of the making of a particular exhibit if he or she has personal knowledge of how that type of exhibit is routinely made.

It is necessary, however, that the authenticating witness provide factual specificity about the process by which the electronically stored information is created, acquired, maintained, and preserved without alteration or change, or the process by which it is produced if the result of a system or process that does so, as opposed to boilerplate, conclusory statements that simply parrot the elements of the business record exception to the hearsay rule, Rule 803(6), or public record exception, Rule 803(8). Lorraine v. Markel Amer. Ins. Co., 241 F.R.D. 534 (D. Md. 2007).

Posted in 3d Circuit, Admissibility of ESI, Authentication, Case Summary, D. Md., Data Custodians, FRE 901(b)(1), Magistrate Judge Paul W. Grimm | Leave a Comment »

Case Blurb: Lorraine; Use of Hash Values to Authenticate ESI under 901(b)(4)

Posted by rjbiii on September 17, 2007

One method of authenticating electronic evidence under Rule 901(b)(4) is the use of “hash values” or “hash marks” when making documents.

  • DEFINITION: A unique numerical identifier that can be assigned to a file, a group of files, or a portion of a file, based on a standard mathematical algorithm applied to the characteristics of the data set. The most commonly used algorithms, known as MD5 and SHA, will generate numerical values so distinctive that the chance that any two data sets will have the same hash value, no matter how similar they appear, is less than one in one billion. ‘Hashing’ is used to guarantee the authenticity of an original data set and can be used as a digital equivalent of the Bates stamp used in paper document production.
  • Hash values can be inserted into original electronic documents when they are created to provide them with distinctive characteristics that will permit their authentication under Rule 901(b)(4). Also, they can be used during discovery of electronic records to create a form of electronic “Bates stamp” that will help establish the document as electronic.
  • A party that seeks to introduce its own electronic records may have just as much difficulty authenticating them as one that attempts to introduce the electronic records of an adversary.
    • Because it is so common for multiple versions of electronic documents to exist, it sometimes is difficult to establish that the version that is offered into evidence is the “final” or legally operative version.
    • This can plague a party seeking to introduce a favorable version of its own electronic records, when the adverse party objects that it is not the legally operative version, given the production in discovery of multiple versions.
    • Use of hash values when creating the “final” or “legally operative” version of an electronic record can insert distinctive characteristics into it that allow its authentication under Rule 901(b)(4).

Lorraine v. Markel Amer. Ins. Co., 241 F.R.D. 534 (D. Md. 2007) (citations omitted).

Posted in 3d Circuit, Admissibility of ESI, Authentication, Blogroll, Case Blurbs, D. Md., FRE 901(b)(4), Hash Values, Magistrate Judge Paul W. Grimm | Leave a Comment »

Case Blurb: Lorraine; Preliminary Rulings on Admissibility for ESI under FRE 104

Posted by rjbiii on September 17, 2007

Preliminarily, the process by which the admissibility of ESI is determined is governed by Rule 104, which addresses the relationship between the judge and the jury with regard to preliminary fact finding associated with the admissibility of evidence. Because Rule 104 governs the very process of determining admissibility of ESI, it must be considered first. Lorraine v. Markel Amer. Ins. Co., 241 F.R.D. 534 (D. Md. 2007).

When the judge makes a preliminary determination regarding the admissibility of evidence under Rule 104(a), the Federal Rules of Evidence, except for privilege, do not apply. Id. (citing Fed. R. Evid. R. 104(a); 1101(d)(1)).

Therefore, the court may consider hearsay or other evidence that would not be admissible if offered to the jury, and “hearings on preliminary matters need not be conducted with all the formalities and requirements of a trial.” Id. (citations omitted).

  • Rule 104(a) provides that inadmissible evidence may be considered in determining preliminary questions of admissibility under Rule 104(a).
  • However, that provision does not extend to determinations under Rule 104(b), so the court may not consider inadmissible evidence in determinations governed by Rule 104(b).
  • In determining the preliminary question of authenticity under Rule 104(b), therefore, a judge may only consider evidence that is itself admissible.

The following types of preliminary matters typically are determined by the judge under Rule 104(a): whether an expert is qualified, and if so, whether his or her opinions are admissible; existence of a privilege; and whether evidence is hearsay, and if so, if any recognized exception applies. Id. (citations omitted).

Posted in 3d Circuit, Admissibility of ESI, Case Blurbs, D. Md., FRE 104, FRE 104(a), FRE 104(b), Magistrate Judge Paul W. Grimm | Leave a Comment »

Case Blurb: Lorraine; ESI Admissibility in General

Posted by rjbiii on September 17, 2007

It has been noted that “[t]he Federal Rules of Evidence … do not separately address the admissibility of electronic data.” Lorraine v. Markel Amer. Ins. Co., 241 F.R.D. 534 (D. Md. 2007) (quoting Adam Cohen & David Lender, ELECTRONIC DISCOVERY: LAW AND PRACTICE, § 6.01 (Aspen Publishers 2007).

However, “the Federal Rules of Evidence apply to computerized data as they do to other types of evidence.” Id. (quoting Manual for Complex Litigation § 11.447 (4th ed. 2004).

Indeed, Fed.R.Evid. 102 contemplates that the rules of evidence are flexible enough to accommodate future “growth and development” to address technical changes not in existence as of the codification of the rules themselves. Id.

Further, courts have had little difficulty using the existing rules of evidence to determine the admissibility of ESI, despite the technical challenges that sometimes must be overcome to do so. Id. (quoting In Re F.P., A Minor, 878 A.2d 91, 95 (Pa.Super.Ct.2005)).

Whether ESI is admissible into evidence is determined by a collection of evidence rules that present themselves like a series of hurdles to be cleared by the proponent of the evidence. Id. Failure to clear any of these evidentiary hurdles means that the evidence will not be admissible. Id. Whenever ESI is offered as evidence, either at trial or in summary judgment, the following evidence rules must be considered [Id.]:

  • Is the ESI relevant as determined by Rule 401 (does it have any tendency to make some fact that is of consequence to the litigation more or less probable than it otherwise would be);
  • If relevant under 401, is it authentic as required by Rule 901(a) (can the proponent show that the ESI is what it purports to be);
  • If the ESI is offered for its substantive truth, is it hearsay as defined by Rule 801, and if so, is it covered by an applicable exception (Rules 803, 804 and 807);
  • Is the form of the ESI that is being offered as evidence an original or duplicate under the original writing rule, of if not, is there admissible secondary evidence to prove the content of the ESI (Rules 1001-1008); and
  • Is the probative value of the ESI substantially outweighed by the danger of unfair prejudice or one of the other factors identified by Rule 403, such that it should be excluded despite its relevance.

Posted in 3d Circuit, Admissibility of ESI, Case Blurbs, D. Md., FRE 1001, FRE 1002, FRE 1003, FRE 1004, FRE 1005, FRE 1006, FRE 1007, FRE 1008, FRE 102, FRE 401, FRE 803, FRE 804, FRE 807, FRE 901(a), Magistrate Judge Paul W. Grimm | 1 Comment »