Post Process

Everything to do with E-discovery & ESI

Archive for the ‘Computer Fraud and Abuse Act’ Category

Case Summary: Genworth Fin. Wealth Mgmt.; Court Mandates Forensic Imaging and Imposes Sanctions

Posted by rjbiii on December 12, 2010

The case: Defendants were former employees of Plaintiff company, and were alleged to have misused plaintiff’s proprietary client information, including a database, after leaving. Defendants, according to Plaintiff, used this information to solicit clients of their ex-employer in violation of the Computer Fraud and Abuse Act, the Connecticut Uniform Trade Secrets Act, the Stored Communications Act, and Connecticut common law’s prohibition of tortious interference with business relationships. Defendants asserted that they identified client information for solicitation through permissible means including internet searches and memory.
At Issue Here: Plaintiff filed a motion to compel defendants to submit their computers and media for production and inspection. Plaintiff further requested reasonable attorney’s fees and costs associated with its motion.
Discussion: Defendants productions in response to Plaintiff’s discovery requests, failed to include any e-mail, TJT’s Junxure client management database, or the Portfolio Center client invoicing database (allegedly stolen by Defendants). The Plaintiff sought the Defendants’ assurance that forensic imaging had been undertaken, noting concerns that relevant data was at risk of being erased through automatic deletion of temporary and inactive files. Defendants’ counsel conceded that the Defendants had no intention of imaging any of their computer devices, causing Plaintiff to file the motion to compel. After the Plaintiff filed its motion, Onsite IT Consulting performed imaging of TJT Financial’s computer devices and business laptops used by Defendants McMullan, Cook, and McFadden.
Pursuant to a subpoena, the Charles Shwabb Corp., a custodian of assets for TJT Financial, produced email correspondence from Defendant McMullan and Cook’s personal email account and computer that was not produced as part of the Defendants’ response to Genworth’s discovery requests. The correspondence reflects the Defendants’ submission of Genworth client data and information to Schwab, while still employed by Genworth, as part of efforts to establish TJT Capital and secure Genworth clients for the new entity.
During the proceeding, Defendant McMullan testified that, prior to the start of the instant litigation, he discarded the personal computer onto which he downloaded ACT client information and from which he conducted correspondence with Schwab in anticipation of his departure from Genworth and the formation of TJT Financial. Testimony further reflected however, that the disposal of the personal computer may have occurred after Genworth submitted letters to the Defendants to preserve all relevant documents in anticipation of litigation.

Court’s Analysis: The court began by noting that Rule 34 and Rule 26(b)(2)(B) “strongly suggested” that on such requests is discretionary and should take into account substantive considerations of the burden and expense of the request. . . . and that such relief is entirely within the discretion of the Court to grant or deny.
Defendants contended that the Plaintiffs have “not proffered a sufficient basis with which to justify its demands.” The court referred to FRCP 26(b)(1), however, to quote the rule that a party is entitled to discover any unprivileged matter relevant to a party’s claim or defense, where the discovery “appears reasonably calculated to lead to the discovery of admissible evidence.”

Referring to Rule 34(a) the court noted that a party is required to “produce and permit the party making the request . . . to inspect, copy, test, or sample any . . . electronically stored information.” This right is counter-balanced, however, by a responding party’s confidentiality or privacy interests. A party is therefore not entitled to “a routine right of direct access to a party’s electronic information system, although such access might be justified in some circumstances.”
In defining the extent of discovery to afford to a party, a court should: consider the relationship between the plaintiff’s claims and the defendants’ computers and, in some cases, whether the defendant has fully complied with discovery requests, in determining how the requested electronic discovery should proceed. Even in cases where courts have nonetheless adopted procedures to protect privilege and privacy concerns (quoting Calyon v. Mizuho Securities USA Inc., No. 07 CIV0224IRODF, 2007 U.S. Dist. LEXIS 36961, 2007 WL 1468889, at *3 (S.D.N.Y., May 18, 2007).
The court found persuasive the opinion from Ameriwood Industries, Inc. v. Liberman, No. 4:06 CV 524-DJS, 2006 U.S. Dist. LEXIS 93380, 2006 WL 3825291, at *3, *6 (E.D. Mo. Dec. 27, 2006), amended by 2007 U.S. Dist. LEXIS 98267, 2006 WL 685623 (E.D. Mo. Feb. 23, 2007).

Courts have been cautious in requiring the mirror imaging of computers where the request is extremely broad in nature and the connection between the computers and the claims in the lawsuit are unduly vague or unsubstantiated in nature. For example, a party may not inspect the physical hard drives of a computer merely because the party wants to search for additional documents responsive to the party’s document requests. [A court has previously] declined to allow the examination of any ESI other than the information that had been deleted because the requesting party had not demonstrated that the producing party was unwilling to produce relevant evidence. [Evidence] raises the question of whether defendants have in fact produced all documents responsive to plaintiff’s discovery requests. Furthermore, in cases where a defendant allegedly used the computer itself to commit the wrong that is the subject of the lawsuit, certain items on the hard drive may be discoverable. Particularly, allegations that a defendant downloaded trade secrets onto a computer provide a sufficient nexus between the plaintiff’s claims and the need to obtain a mirror image of the computer’s hard drive.

The Ameriwood court therefore concluded that because the defendants were accused of using “the computers, which [were] the subject of the discovery request, to secrete and distribute plaintiff’s confidential information. How and whether defendants handled those documents and what defendants did with the documents [were] certainly at issue.” The court then adopted the Ameriwood three step protocol for imaging, discovery, and disclosure for hard drives.

Ameriwood Imaging and Production Protocol:

  • Imaging:The parties select a computer forensic expert who, operating pursuant to a confidentiality agreement, inspects, copies and images the targeted computer systems at a “non-disruptive” time. The expert provides a detailed report of the “equipment produced and expected.”
  • Recovery:The expert recovers, from the mirrored images, all available targeted file types. In Ameriwood, these consisted of word-processing documents, incoming and outgoing email messages, presentations, and files, including “deleted” files. The expert provides the recovered documents in a reasonably convenient and searchable form to the producing party’s counsel, with notice to the requesting party.
  • Disclosure:Producing party’s counsel reviews the recovered files for privilege and relevance, supplements earlier responses, creates or appends to a privilege log, and produces relevant non-privileged documents to opposing counsel.

Post Process Note: The court is merely describing a micro version of any e-discovery review project, in which data must first be collected, filtered, reviewed, and finally produced. While the court describes the process as three steps, we prefer to break it down a little differently, as visually depicted in the figure below. Even with the slight increase in granularity below, we note that the process can continue be visually depicted in far more detail than we choose to do.

Neutral Forensics Expert Needed:

The court reasoned that the instant case was sufficiently analogous to Ameriwood to warrant using the imaging protocol. Factors present mandating the use of a neutral forensics expert included:

  • One of the defendants used his personal computer and personal e-mail address to download, access, and transmit the Plaintiff’s proprietary information without a scintilla of a reasonable expectation to his entitlement thereto.
  • One of the defendants admitted that he spoliated evidence when he discarded a personal computer after having been advised by counsel that he had no right to the data that he had downloaded whille employed by Plaintiff;
  • Defendants’ testimony on handling electronic media and on how they had obtained the information at issue in the case had been impeached, indicating inaccuracy or deception on the part of defendant.

Cost-Shifting Analysis:

Producing party contended that they should not be forced to pay for the forensics expert, because they had already hired an expert (although they did not image the drives of the systems at issue here). They also claimed that they were unable to pay. The court was unconvinced by their arguments. The court noted that producing party had initially refused to image any of their systems, and only relented once the motion to compel had already been filed with the court. The motion to compel was only filed once producing party admitted they did not intend to image any of their systems. Their initial refusal was “wholly unjustified” as they “tacitly admitted” by their belated engagement of an expert. The court assigned the producing party 80% of the costs, and the requesting party 20%.

The court ordered the following:

  1. Granted the Plaintiff’s motion to compel forensic imaging to be performed by a neutral court-appointed expert.
  2. Producing party was required to submit the targeted systems for inspection by a specific date.
  3. The expert is to format the targeted data types in an appropriate structure and provide producing party’s counsel access for privilege and responsiveness review.
  4. Cost is distributed, as described above, 80% for producing party, 20% for requesting party.
  5. Reasonable attorney fees awarded to requesting party, pending a detailed accounting of those costs.
  6. Further sanctions will be imposed should producing party again fail in their obligations.

Genworth Fin. Wealth Mgmt. v. McMullan, 267 F.R.D. 443 (D. Conn. 2010)

Posted in 2nd Circuit, Case Summary, Computer Fraud and Abuse Act, Connecticut Uniform Trades Secrets Act, D. Conn., FRCP 26(b), FRCP 34, FRCP 37(a), Judge Vanessa L. Bryant, Motion to Compel, Neutral Third Party, Stored Communications Act | 3 Comments »

Case Summary: Harding, Earley; The “do’s” and “don’ts” of Website Captures

Posted by rjbiii on June 22, 2008

Healthcare Advocates, Inc. v. Harding, Earley, Follmer & Frailey, 497 F. Supp. 2d 627, 650 (E.D. Pa. 2007)

Healthcare Advocates (“HA”), a patient advocacy group that helps its members deal with health care providers, brought an action against a competitor alleging trademark infringement and misappropriation of trade secrets. The competitor was represented by Harding, Earley, Follmer & Frailey (“Harding”), a “boutique” law firm specializing in intellectual property matters. Harding began investigating HA, and part of that investigation consisted of using the internet to do searches and view the the group’s website. Harding also used a tool known as the “wayback” machine to look at materials that had been posted to the web in the past.

The wayback machine, maintained by the Internet Archive, stores screenshots from websites that can be looked up by any interested internet surfer. This allowed Harding to HA’s website pages as they would have appeared before the litigation began. Harding printed some of these pages, and some of these prints were during the course of the litigation. Harding did not save any of the images to hard drives.

HA had placed a file, named Robots.txt, on its website server to direct indexing engines and the wayback machine from pages that HA did not want accessed or displayed by the public. On this occasion, however, this protective measure failed, and the wayback machine displayed “forbidden” content to Harding. The failure was due to an issue with the wayback machine’s servers, and not with any action taken by Harding.

Nevertheless, HA brought this action against Harding, alleging, inter alia, that Harding had: violated provisions of the Digital Millenium Copyright Act (“DMCA”); infringed upon their copyrights by printing and unknowingly saving copies of the archived web pages in temporary memory, and distributing copies of the pages to co-counsel; committed spoliation by failing to preserve the copies in temporary memory, violated provisions of the Computer Fraud and Abuse Act (“CFAA”) “by intentionally exceeding their access and obtaining information from protected computers used in interstate commerce;” and violated Pennsylvania laws with respect to conversion and trespass.

Harding requested summary judgment in its favor on all counts.

Copyright Infringement: The court found that HA had established both elements for infringement. HA had a valid copyright on the materials found on its website, and had demonstrated that Harding had “reproduced” and “publicly displayed” these materials. The court then conducted an analysis to determine whether Harding’s actions were permissible under the Fair Use Doctrine.

The court began by listing the factors considered for Fair Use:

  1. “the nature and character of the use” by the alleged infringer;
  2. “the nature of the copyrighted work;”
  3. “the amount and substantiality of the portion used in relation to the copyrighted work as a whole; and”
  4. “the effect of the use upon the potential market for or value of the copyrighted work.”

The court then continued its examination. For the first factor, although it noted that the display and copying of the website content was in pursuit of a profitable activity, that it nevertheless cut in favor of the law firm. The court noted that “[Harding] copied these materials as supporting documentation for the defense they planned to raise for their clients against the allegations,” and stated that “[i]t would be an absurd result if an attorney defending a client against charges of trademark and copyright infringement was not allowed to view and copy publicly available material, especially material that his client was alleged to have infringed.”

The court held that the second factor also cut in favor of Harding, because the the data copied was of an informational nature.

The third factor cut in favor of HA, as Harding copied and displayed the entire website, however, because the information was relevant in a pending litigation, and the firm had a duty to preserve such material, “the substantiality of the portion used does not militate against a finding of fair use.”

The fourth factor “militate[d] in favor of a finding of fair use.” Harding’s actions in copying and displaying the material were for the use in a lawsuit, and not for the purpose of “gaining a competitive advantage.” The court’s analysis concluded with a determination that Harding’s “infringing use is excusable under the doctrine of fair use.” The court granted Harding’s motion for a summary judgment with respect to HA’s copyright infringement claim.

Spoliation of Evidence: With respect to the specific case of the data copied to temporary files, the court noted that HA had not presented any evidence of what had been copied. HA argued that it deserved a “spoliation inference” because the Harding’s duty to preserve existed with respect to this data. The court began by discussing the three factor test used in the third circuit for spoliation determinations. “The considerations are: (1) the degree of fault of the party who altered or destroyed the evidence, (2) the degree of prejudice suffered by the opposing party, and (3) whether there is a lesser sanction that will avoid substantial unfairness to the opposing party and where the offending party is seriously at fault, will serve to deter such conduct by others in the future.”

In examining the facts in the context of the first factor, the court found that because the files were deleted automatically, and not by an affirmative action on the part of Harding, the factor weighed in favor of Harding. The court was not convinced by HA’s argument that Harding’s failure to immediately “remove the computers from further use” did not “shock the conscience.” Nor did the court find persuading HA’s argument that Harding should have taken measures once it received a subsequent letter demanding all evidence be preserved, as the firm felt that nothing relevant had been saved onto the hard drives of its computers.

The second factor, likewise, weighed in favor of a finding against spoliation, because the court concluded that HA suffered no real prejudice from the loss of this data.

The court determined that the final factor cut the same way as the other two, when it stated: “[t]he Harding firm did not purposefully destroy evidence. To impose a sanction on the Harding firm for not preserving temporary files that were not requested, and might have been lost the second another website was visited, does not seem to be a proper situation for an adverse spoilation inference.”

The Claim under the DMCA: The court then turned to examine HA’s claim that Harding had violated the provision in the DMCA under 17 U.S.C. § 1201(a)(1)(A), prohibiting the circumvention of a technical mechanism designed to protect copyrighted material. Here, HA argued that Harding bypassed the protection of the “robots.txt” file, and thus was in violation of the measure. The court found that, “in this situation,” the placement of the file on the website constituted an anti-circumvention technological measure as defined under the DMCA. The court emphasized, however, that “this finding should not be interpreted as a finding that a robots.txt file universally qualifies as a technological measure that controls access to copyrighted works under the DMCA.”

The court continued by noting that the defect was with Internet Archive’s server, and that when used by Harding, it was as though the protective measure was not present. Harding accessed the data, but not by circumventing the protection, and was therefore not in violation of the DMCA. Harding’s motion for summary judgment on HA’s DMCA claim was granted.

HA’s claim under the CFFA: HA argued that Harding’s viewing of the content prohibited by the Robots.txt file constituted a violation of the CFAA. The court concluded that Internet Archive’s computers were used in interstate commerce, and were protected under the act, and that the costs accrued by HA in investigating the unauthorized access, estimated in excess of $9,600, met the statutory threshold. However, merely using a public website does not create liability under the act, and HA was unable to present evidence of prohibited activity, and Harding’s motion for summary judgment on the CFFA claim was granted.

HA’s claims for trespass to chattels and conversion: The final two claims arose under state law, and the court concluded that these claims were preempted by the federal copyright claims under 17 U.S.C. § 301(a), that the court had already examined. Harding’s motion summary judgement with respect to the state law claims was also granted.

Posted in 3d Circuit, Case Summary, Computer Fraud and Abuse Act, Conversion, Copyright Infringement, Data Sources, Digital Millenium Copyright Act, Duty to Preserve, Duty to Produce, E.D. Pa., Judge Robert F. Kelly Sr., Spoliation, Trespass to Chattels, Website Capture | Tagged: , | Leave a Comment »