Post Process

Everything to do with E-discovery & ESI

Archive for July, 2008

Husband’s Hate-filled e-mail costs Wife her Job

Posted by rjbiii on July 16, 2008

We at Post Process have said it over and over again. Employees cannot treat their e-mail accounts at work as their own personal e-mail accounts. In the latest example of obviousness (a word typically associated with patent law), a husband’s death-threat to a Professor of Evolutionary Biology, sent from his wife’s e-mail account at work, has cost his wife her job.

Professor P.Z. Myers, a self-described rabid atheist, wrote several posts expressing disgust over the reaction of Catholics concerning the attempt by a Central Florida student to leave a Communion service with a wafer used for the Eucharist. Mr Myers’s posted, in an article entitled “It’s a Frackin’ Cracker!“:

Here’s a story that will destroy your hopes for a reasonable humanity.

Webster Cook says he smuggled a Eucharist, a small bread wafer that to Catholics symbolic of the Body of Christ after a priest blesses it, out of mass, didn’t eat it as he was supposed to do, but instead walked with it.

This isn’t the stupid part yet. He walked off with a cracker that was put in his mouth, and people in the church fought with him to get it back. It is just a cracker!

Catholics worldwide became furious.

Would you believe this isn’t hyperbole? People around the world are actually extremely angry about this — Webster Cook has been sent death threats over his cracker.

Myers continued:

Wait, what? Holding a cracker hostage is now a hate crime? The murder of Matthew Shephard was a hate crime. The murder of James Byrd Jr. was a hate crime. This is a goddamned cracker. Can you possibly diminish the abuse of real human beings any further?

The post drew angry reactions from Catholics, and presumably followers of other religions. Many of these called for Myer’s employer, the University of Minnesota, Morris, to remove Myers from his post. Bill Donohue, President of the Catholic League, released a statement:
Catholic League president Bill Donohue responded as follows:

“The Myers blog can be accessed from the university’s website. The university has a policy statement on this issue which says that the ‘Contents of all electronic pages must be consistent with University of Minnesota policies, local, state and federal laws.’ One of the school’s policies, ‘Code of Conduct,’ says that ‘When dealing with others,’ faculty et al. must be ‘respectful, fair and civil.’ Accordingly, we are contacting the President and the Board of Regents to see what they are going to do about this matter. Because the university is a state institution, we are also contacting the Minnesota legislature.”

Some emails threatened Myer’s safety. In response, Professor Myers began to post the entire content (including e-mail header information) of the most egregious of the lot, including this one:

From: mkroll@1800FLOWERS.com
Subject: your short life
Date: July 13, 2008 8:07:31 AM CDT
To: myersp@morris.umn.edu
Delivered-To: pzmyers@gmail.com
Received: by 10.100.126.5 with SMTP id y5cs262374anc; Sun, 13 Jul 2008 06:08:03 -0700 (PDT)
Received: by 10.65.237.15 with SMTP id o15mr14501258qbr.56.1215954482483; Sun, 13 Jul 2008 06:08:02 -0700 (PDT)
Received: from mtain-a.tc.umn.edu (mtain-a.tc.umn.edu [134.84.119.205]) by mx.google.com with ESMTP id u2si9779510pyb.16.2008.07.13.06.08.01; Sun, 13 Jul 2008 06:08:02 -0700 (PDT)
Received: from 1800flowers.int (mail2.800-flowers.net [205.153.87.31]) by mtain-a.tc.umn.edu (UMN smtpd) with ESMTP for ; Sun, 13 Jul 2008 08:08:01 -0500 (CDT)
Received: from ([10.180.1.74]) by CPNYMAIL02.1800flowers.int with ESMTP id 5202711.34123806; Sun, 13 Jul 2008 09:07:31 -0400
Return-Path:
Return-Path:
Received-Spf: neutral (google.com: 134.84.119.205 is neither permitted nor denied by best guess record for domain of mkroll@1800flowers.com) client-ip=134.84.119.205;
Authentication-Results: mx.google.com; spf=neutral (google.com: 134.84.119.205 is neither permitted nor denied by best guess record for domain of mkroll@1800flowers.com) smtp.mail=mkroll@1800flowers.com
X-Umn-Remote-Mta: [N] mail2.800-flowers.net [205.153.87.31] #+HN+NR+OF (I,-)
X-Umn-Report-As-Spam:
X-Mimeole: Produced By Microsoft Exchange V6.5
Content-Class: urn:content-classes:message
Mime-Version: 1.0
Message-Id:
X-Ms-Has-Attach:
X-Ms-Tnef-Correlator:
Thread-Topic: your short life
Thread-Index: AcjkaTBIDzgwGOqkTNCCBD35Hlh9EA==
Content-Type: multipart/alternative; boundary=”—-_=_NextPart_001_01C8E4E9.68CD4469″

Paul,

what I would like to know is how did you even
get a job at a collage.

when you are obviously a moron.
How would you feel if nice folks starting ranting against
Fags, and atheist like yourself.

well sir, you don’t get to blaspheme and walk away from this.
You have two choices my fucked up friend, first you can quit your job for the good of the
children. Or you can get your brains beat in.

I give you till the first of the month, get that resignation in cunt

This e-mail, including attachments, may include confidential and/or
proprietary information, and may be used only by the person or
entity to which it is addressed. If the reader of this e-mail is
not the intended recipient or his or her authorized agent, the
reader is hereby notified that any dissemination, distribution or
copying of this e-mail is prohibited. If you have received this
e-mail in error, please notify the sender by replying to this
message and delete this e-mail immediately.

Hmmm. Not too smart, eh? The header with the company name, and the footer with the disclaimer add a kind of surrealistic edge to the situation. Of course, if I’m the company from whence the message originated, I’m probably not too happy about this. Indeed, 1-800-Flowers, was not amused:

An employee of 1-800-Flowers.com has been fired after an e-mailed death threat was linked to her account.
The crudely worded e-mail was sent Sunday to Paul “PZ” Myers, an associate professor of biology at the University of Minnesota Morris, who is known for his criticism of religion and creationism. It was one of several hostile messages he had received following a controversial July 8 blog posting. The address on the e-mail showed that it came from Melanie Kroll at 1-800-Flowers.com, an online floral delivery service.

The final twist here, is that Mrs. Kroll evidently didn’t send the message at all. Her husband confessed to doing it:

The fact is, that this email to the so called professor, was sent by an angry male catholic, who was very upset after reading that some crazed person in a position of responsibility, charged with teaching children biology, had been encouraging people to steal and desecrate the body of CHRIST, which for Catholics is represented by the Eucharist.

I know this to be true, since I wrote the original email to this so called teacher.

Was the tone of the letter terse, and did I say I would beat his brains in, yes I did.

I wrote this in the same way one does when saying “I’ll beat your ass”, “or kick I’ll kick your butt”
or other such niceties used by members of the unpolished masses, such as myself.

Of course, death threats are no laughing matter, and this one seems to have been an empty one. For some reason, people seem to forget that much of their online activities can be tracked. In this case of course, Mr. Kroll may not so much have “forgotten,” it, but was more likely completely unaware of it. Mrs. Kroll said in one of these articles that her browser launched directly to her job’s e-mail account, meaning the couple may have used the account for all of their personal on-line correspondence. Not a good idea, ever, but especially when one intends to threaten the safety of another.

Posted in Articles, email, Employee Practices | Leave a Comment »

Software Eavesdrops, then Guides Conversation

Posted by rjbiii on July 14, 2008

I found this article, on Chordiant’s telephony product, interesting:

Chordiant Software has introduced software that can monitor conversations between call-center agents and customers and make recommendations based on customer responses.
Chordiant Recommendation Advisor 6.1 is built on the vendor’s decision management tools that let companies analyze data from many customer touch points, so they can understand outcomes and apply rules to improve each interaction. The latest technology “listens” to call-center conversations and offers agents recommendations on what actions to take.

It would be interesting to research the way in which recommendation policies are stored, and if logs are kept of each transaction.

Posted in Articles, Trends | Leave a Comment »

What we have here, is a failure to communicate…

Posted by rjbiii on July 10, 2008

In three different interviews, and one post-mortem editorial, networkperformancedaily gets caught in the crossfire of differing interpretations of Texas’ new PI licensing statute. The amended statute, first noted by Post Process in July 2007, expands the definition of an “investigations company” so that it may include those tasks engaged in, not only by computer forensics technicians and intrusion detection experts, but computer repair shops as well. We have also posted on the law here and here.

The first interview is with the drafter of the bill, who acknowledges the law might need to be “tweaked,” and who has a fairly narrow view of the scope of the law’s reach:

NPD: I am not a… um… pretty good reader of bills. So, what I wanted to know… The claim is that people who repair personal computers would need to get a private investigator’s license in order to continue repairing computers.

Driver: Yeah, and that’s what they’re claiming. It’s interesting that they’re claiming all that, and they filed a lawsuit on the same day that they decided to open their Texas chapter. To me, I just felt it was a way they’re getting a lot of free publicity, and a lot of free press, and free TV time and free radio time, because the bill to me, it says what it says. There’s three words that describe somebody that repairs computers, and that’s if people retrieve or provide information, and there’s three words that somebody “reviews, analyzes, or investigates” that material, then, they do need to have some sort of security clearance because they’re delving into people’s private lives or private property on the computer.

NPD: The one thing that I noticed was that it seems very clearly that this is for personal computer investigators, like someone who does analysis to determine whether a crime has been committed or something has been stolen, or intellectual property has been violated. It doesn’t seem to me that this would apply to people trying to just recover information for the person’s wishes.

Driver: Right, and you’re correct. You used one of the key words in my opinion, which is “analyze.” “Review, analyze, and investigate” are the three key words, in my opinion, that drive the need for people to have some kind of license. Because if they’re doing some of that, then they don’t need to be – it doesn’t need to be just anybody able to do that – they need to have somebody that has a security license. But if someone’s just retrieving information and providing information for someone who is going to analyze, to use one of the words, then that’s just a regular computer repair person. And those guys are great, they’re good at what they do, and we never intended for them to get any kind of license other than have the ability to repair.

So, Mr. Driver subscribes to the theory that the lawsuit is merely for publicity, and that regular computer repair isn’t affected. The Captain of the Texas Private Security Board gives his interpretation:

NPD: So, maybe I could give you a couple scenarios and you could help – maybe you could explain whether or not it would be covered. For example, let’s say there was a network engineer who is trying to find the root cause of a slowdown on the network, and in the course of investigating that, they discover that the root cause is some sort of criminal activity, such as a virus infection, or someone engaging in massive intellectual property violation, in other words “piracy,” something like that. Would they then require a private investigation license? Would they have to stop their investigation at that point?

Bowie: Based on the scenario you gave it sounds like they’re performing a repair or support service, and they’re not – the intent was not to go in and do an investigation, they are just collecting information that they found, and that doesn’t, based on that scenario, doesn’t rise to that level of an investigation.

NPD: What about a PC repairman who is being asked to check for viruses on a person’s computer?

Bowie: That does not rise to that level either.

NPD: What if a parent brought in a computer that they owned, but which is primarily used by a son or daughter, and they wanted to find out, say, the browsing history?

Bowie: That’s just considered normal computer repair or support service.

NPD: What wouldn’t be considered normal computer repair – can you give me a very specific example where that line is crossed?

Bowie: No, it’s – when you read into 1702.104, there is some interpretation there that you have to consider. I can’t give you a specific example, I could probably use some type of scenario in the sense of, for example, if an individual is contracted to come in and say, for example, investigate your computer at your company – you have employees there, and you believe identity theft has occurred, that there’s been some issues and you want this individual to come in, inspect the computers, you want them to come in, perform an investigation relating to the identity, the habits, the efficiency, movement, affiliations or locations or transactions and acts, or the character of a person, or the location and disposition of lost or stolen property, or some type of damage to the system, then I think you’re moving more towards the spirit of the law, and falling into an investigations company.

NPD: Okay, so once you get to that point – this is something that’s considered now to be routine is, if a person is suspected of – well, you could say a number of different things. Not just illegal activity but also perhaps, unauthorized use of the network – recreational network use – would that speak to the character of a person if they’re browsing YouTube at work, and an investigation is made to determine if someone is browsing YouTube at work?

Bowie: I think what you have to do is take those on a case-by-case basis, and do a thorough investigation into the matter to determine whether a violation of the code has occurred. You just have to keep in mind that every scenario and case is different, and you have to take it on a case-by-case basis, and use the utmost discretion.

The problem, here, is that case-by-case means it isn’t easy to see what’s regulated and what isn’t. Also, what kind of investigation is required? Is mere statistical analysis over aggregate data exempt? If not, why not? Next comes, Matt Miller, the attorney from the Institute of Justice, who is leading the suit to have the law struck down:

NPD: Is the problem with the law or the interpretation of the law that the Texas Private Security Board has taken?

Miller: Well, it’s with both. Laws can be interpreted in a lot of different ways, and the private security board has chosen to interpret this law very aggressively. Since the law can be interpreted in that way, there are problems with the law itself. The interpretations that the board has issues, is the reason that this case has come to our attention, because they say specifically that computer repair shops should be aware that if they offer to provide these services they’ve committed a crime. And that kind of caught our attention, so we started looking into it, and the law itself is problematic because it is subject to such a broad and aggressive interpretation.

NPD: Would it also affect network engineers performing network analysis on their own companies’ computers?

Miller: Sure, and let’s talk about that because, it is complicated and there is quite a bit of nuance. It kind of leads to how this applies to these guys. We’ve gotten calls from people who say, “Well, if somebody’s switching out a hard drive, then that doesn’t apply to them, right?” And the answer to that is, yes. It doesn’t apply to them. But anyone who is analyzing data in a situation where that data points back to the actions of a third party – so, somebody who is not the computer’s owner, or someone who is not the owner of the company – anytime a third party is implicated by data analysis, this law is potentially triggered.

What the board came back and did was, they said that any analysis of non-public computer data to determine the causes of events or the conduct of persons is what they’re calling a regulated service. Of course, that is extremely broad. You know, for instance, if an employer went to a company and wanted to know how their employees were using the computer – that constitutes an investigation. The Board has said that when the service provider is charged with reviewing the client’s computer-based data, for evidence of employee malfeasance and a report is produced that describes the computer related activities of an employee, it has conducted an investigation and has therefore provided a regulated service.

NPD: So, other than the lawsuit, is your organization taking any other actions?

Miller: We’ve obviously tried to bring this issue to light in the media. Because it is somewhat technical, we’ve had to educate the media on how this works. And they’ve been very responsive. But the primary vehicle we’re taking here is this lawsuit and our goal is just to change the law. We’re not seeking monetary damages, this is not a personal lawsuit – we’re going to a judge and saying: “Judge, this is a bad law, and it stops our guys from practicing their profession – it stops a lot of people from potentially doing the things they do on a daily basis, and the law needs to be changed.” So we’re asking the judge to strike the law down.

Finally, there is an editorial based on the three interviews from interviewer Brian Boyko:

So, where did things go wrong? I think the man problem was a key misunderstood concept by Texas State Rep. Driver when he wrote the law. It is clear from the interview with him that he believes that there is a clear and well defined line between “retrieval of data” and “investigation.”

“’Review, analyze, and investigate’ are the three key words, in my opinion, that drive the need for people to have some kind of license. Because if they’re doing some of that, then they don’t need to be – it doesn’t need to be just anybody able to do that – they need to have somebody that has a security license. But if someone’s just retrieving information and providing information for someone who is going to analyze, to use one of the words, then that’s just a regular computer repair person.” – Rep. Driver.

But what Rep. Driver simply did not realize is that in the practical realities of IT, no such line exists. Any and every interaction that any IT person has with a computer requires some sort of “review, investigation and analysis,” whether it’s simple troubleshooting or complex network latency optimization.

Another issue here is that none of these people are judges. Once the law is drafted and passed, the legislator is disconnected, for the most part, and the bench takes over. It would seem that a little study of the industry might have been prudent. Even the best, most conscientiously drafted laws can’t foresee everything. The text of this law cries out for want of clarity and precision. Or, at the very least, “tweaking.”

Posted in Articles, Laws, State Licensing Laws, Trends, Vendor Liability | Tagged: , , , , , , | 1 Comment »

Michigan’s PI Licensing Law Puts the Bite on MediaSentry

Posted by rjbiii on July 9, 2008

MediaSentry, now known as SafeNet, has been working for the RIAA to catch those the Music Industry thinks have been pirating music. Apparently the defendant in one of those cases, UMG v. Lindor, filed an administrative complaint against SafeNet, alleging that the organization has violated Michigan’s statute requiring a license for “engaging in investigations.”

Although a little out of our normal terrain, we at Post Process take note of the action, due to the concern over the possible effects of such laws on the E-Discovery and Litigation Support industry. The state agency’s letter to SafeNet is here (pdf). Some discussion of the matter can be found here.

Posted in Laws, State Licensing Laws, Trends | Tagged: , , | Leave a Comment »

ABA Journal Looks at Judges who are E-Discovery ‘Rock Stars’

Posted by rjbiii on July 6, 2008

The most recent edition of the ABA Journal looks at a group of Judges who have provided guidance to the nation’s courts with respect to the ever-evolving law of E-Discovery:

“The law of e-discovery has largely been driven by a handful of federal judges who realized early on [that] electronic evidence was going to be a big issue in their courtrooms,” [E-Discovery consultant Mary Mark of Fios] says. “Fortunately, some of them have tackled it aggressively and have given guidance to a lot of other courts and judges.”

When new amendments to the Fed­eral Rules of Civil Procedure for handling electronically stored information went into effect on Dec. 1, 2007, dis­covery was supposed to become easier to manage. Before the new rules were put in place, it was left up to judges to rule on how to handle digital evidence in court—a problem so thorny it often took hundreds of pages in opinions to sort it out.

But even with the new rules, many massive opinions continue to be written on the e-discovery issue. And jurists like [David] Waxse, whom Mack describes as one of the more colorful judges around, are gathering an intense following.

The article spotlights Judges Waxse, Shira Scheindlin, John Facciola, Paul Grimm and Rudi Brewster.

Posted in Articles, Discovery, Judge Rudi M. Brewster, Judge Shira A. Scheindlin, Magistrate Judge David J. Waxse, Magistrate Judge John M. Facciola, Magistrate Judge Paul W. Grimm, Trends | Tagged: , | Leave a Comment »

Case Blurb: Younessi; Court Fashions Protective Order to Allow for Discovery but Protect Trade Secrets

Posted by rjbiii on July 3, 2008

The Court is convinced that this need is strong enough to warrant discovery from [Producing Party] and the Motion to Quash is DENIED. However, some form of protective order is appropriate and the Court now turns to what form that production should take.
[…]
In situations involving information which is appropriately kept private, the Court may fashion restrictions on the form and method of disclosure. See Playboy Enterprises, Inc. v. Welles, 60 F.Supp.2d 1050 (S.D.Cal.1999). In the interest of protecting private information such as trade secrets or privileged documents, the Court can order the responding party’s attorneys to search for all documents consistent with the subpoena and to produce only those which are relevant, responsive, and do not disclose trade secrets. See, e.g., id. The Court finds in Playboy an appropriate model for this case. There, the plaintiff sought to copy the defendant’s hard drives after it learned she may have deleted emails which could potentially prove the knowledge element of plaintiff’s infringement claims. Id. at 1051. Defendant responded with concerns that privileged communications would also be recoverable under such a procedure. Id. at 1054. The court ordered the copying, but directed defense counsel to search the copy for responsive materials instead of turning over the copied drives themselves. Id. at 1055

Here, [Requesting Party] also requests to copy [Producing Party’s] hard drives, a process which might reveal not just privileged, but also trade secret information. Having [Producing Party] search its own computers is an appropriate compromise here because of the unique status of [Requesting Party] as a direct competitor and of [Producing Party] as a nonparty [third party] to the underlying suit. The elaborate copying which took place in Playboy is not necessary because there are no allegations of documents being destroyed and [Producing Party] has shown that it is responsive and willing to cooperate with [Requesting Party’s] reasonable requests.

Daimler Truck N. Am. LLC v. Younessi, 2008 WL 2519845 (W.D. Wash. June 20, 2008 )

Posted in 9th Circuit, Case Blurbs, Data Collection, Data Sources, Duty to Produce, Form of Production, Hard Drive Inspections, Judge Ronald B. Leighton, Objections to Discovery Requests, Overly Broad Request, W.D. Wash. | Tagged: , | Leave a Comment »

Case Blurb: Younessi; Court Weighs Trade Secrets’ need for Secrecy vs. Discovery’s Need for Disclosure

Posted by rjbiii on July 3, 2008

[Producing Party] claims that production of its hard drives would necessarily reveal its trade secrets. Trade secrets have long been recognized as property. Because of their fleeting nature, once trade secrets are disclosed to outside parties they lose their value and the property right is extinguished. The Court recognizes [Producing Party’s] interest in keeping its trade secrets out of the public eye, and particularly away from its competitors.

[Requesting Party’s] request for [such records] are highly relevant. Even if [Producing Party] cannot reasonably produce the actual content of communications, [Requesting Party] could use records produced which indicate dates and times of communications for purposes of deposition and cross examination. Given the nature of [Requesting Party’s] allegations, it is reasonable to assume that none of the witnesses to such communications will be forthcoming in testifying without some of the information sought through discovery to direct their questioning. This meets the “good cause” standard.

Daimler Truck N. Am. LLC v. Younessi, 2008 WL 2519845 at *2 (W.D. Wash. June 20, 2008 )

Posted in 9th Circuit, Case Blurbs, Duty to Disclose, Duty to Produce, Good Cause, Judge Ronald B. Leighton, Objections to Discovery Requests, Trade Secrets, W.D. Wash. | Tagged: , | Leave a Comment »

Case Blurb: Younessi; Scope of Discovery, Bias Towards Disclosure

Posted by rjbiii on July 3, 2008

Discovery is generally available regarding any nonprivileged information relevant to any party’s claims or defenses. Fed.R.Civ.P. 26(b)(1). Discovery being broad in scope and biased toward disclosure, requests need only be “reasonably calculated to lead to the discovery of admissible evidence.” Id.

Daimler Truck N. Am. LLC v. Younessi, 2008 WL 2519845 at *2 (W.D. Wash. June 20, 2008 )

Posted in 9th Circuit, FRCP 26(b), Judge Ronald B. Leighton, Scope of Discovery, W.D. Wash. | Tagged: , | Leave a Comment »

ISPs Beginning to Win Battles over Subpoenas for Emails

Posted by rjbiii on July 3, 2008

The next time you want to subpoena an ISP for your or your opponents emails, you might want to stop and think about it, because, according to an article from the National Law Journal, you might not get what you want:

Civil litigants are increasingly trying to get their hands on e-mails to prove their cases, but Internet service providers are starting to challenge their subpoenas — and courts are starting to rule in their favor.
[…]
For years, courts just assumed that e-mail was discoverable and viewable, and it looks to me like courts are changing direction and questioning that position,” said Ted Claypoole of the Charlotte, N.C., office of Womble Carlyle Sandridge & Rice, who represents ISPs.
[…]
While not exactly a clear-cut rule, ISPs received a boost recently from the U.S. District Court for the Eastern District of Virginia, which denied a State Farm Mutual Automobile Insurance Co. subpoena asking AOL to disclose various e-mails tied to an insurance claim.

A positive development, I think. The article sites the Stored Communications Act and recent case law as helpful elements in the legal arsenals of ISPs.

Posted in Articles, Duty to Produce, email, Stored Communications Act, Trends | Tagged: | Leave a Comment »

New Law Strengthening Attorney Client Privilege Gains Traction in Congress

Posted by rjbiii on July 3, 2008

The American Lawyer online has posted an article explaining that attorney client privilege is the focus of new federal legislation:

The bill would make it illegal for federal prosecutors to order companies to turn over privileged documents as a condition of a cooperating agreement. That has been a popular tactic to get access to the juicy stuff, but it’s already happening less because of the disastrous KPMG tax shelter case, says William Sullivan, a Winston & Strawn partner and former federal prosecutor who spoke at a panel discussion during ALM’s Corporate Counsel Conference earlier this month [ALM is the parent company of The Am Law Daily and The American Lawyer].

In the KPMG case, a federal judge tossed out indictments against several individual defendants after learning that prosecutors banned KPMG from paying their legal fees — a condition the judge considered onerous.

The article mentions that some are surprised by the bill’s momentum in the post-Enron and Worldcom environment, but notes that a broad and unlikely coalition of organizations came together to express support. Supporters include the ACLU, the Association of Corporate Counsel, and 32 former federal prosecutors.

Posted in Articles, Attorney Client Privilege, Legislation, Trends | Tagged: | Leave a Comment »