Post Process

Everything to do with E-discovery & ESI

Archive for the ‘International Issues’ Category

Around the Block (March 10, 2011): EU Privacy laws rankle web-site owners, and Howrey’s possible dissolution caused by E-Discovery Vendors?

Posted by rjbiii on March 10, 2011

Web Operators inside the UK are complaining that E.U. Privacy directives are putting them at a competitive disadvantage. The Government’s Information Commissioner has stated that “explicit consent” must be given by users before sites can place cookies that “track” their activities on their computers. From the Article:

The reaction [to privacy laws] from start ups has been strong and angry. Nick Halstead, CEO of U.K. start up Mediasift, behind the very popular Tweetmeme service, has been vociferous in his condemnation.

“If users are presented with a pop up every time a cookie is going to be set, they are simply going to go to sites outside of Europe that are not hampered in the same way. It will put us at a major disadvantage compared to American sites.

“On our site, if you re-tweet we set a cookie. That cookie remembers other stories you have re-tweeted. Now that should be a useful thing for users. But you could say that is tracking them.”

Mr. Halstead called on governments to tread very lightly…

See a brilliant interactive demo of what the user experience might look like here.

In the chaos now hovering at Howrey, apparently one party being blamed for the firm’s collapse is E-Discovery Vendors. The quote that got my attention:

Another challenge was the rise of third-party document-discovery specialists that could provide litigation support services at substantially lower rates, he said. Howrey, a law firm with many offices in big cities, and thus, higher costs and couldn’t compete, he added.

Perhaps the problem wasn’t competition, but scope creep on the part of the firm. Lawyers should practice law, and manage the process of e-discovery. Competing with technology firms in a technology field when it isn’t a “core business” is a bad idea. The complaint is that vendors were more efficient than was Howrey at processing data. The firm was, therefore, unable to charge above-market prices for its EDD services, and apparently, this was a vital revenue stream for them. My opinion is that the “law firm as technology vendor” model doesn’t work. Howrey is exhibit A.

Leita Walker and Joel Schroeder pen an article on how to locate and use evidence from social media sites. In, Making Your Case with Social Media, they write:

[I]t’s never too early to start poking around. As soon as counsel contemplates suing or believes their client may be sued, they should investigate their opponent’s online presence. Once litigation commences, litigants may restrict their privacy settings — or remove the sites altogether — making it much more difficult to readily access potentially game-changing evidence.

Of course, once discovery commences, lawyers can employ more formal methods of fact-gathering and move to compel that evidence if met with opposition. Interrogatories should seek to identify an opponent’s screen names and relevant social media usage. Requests for production should seek blog entries and social media posts, and requests for admission should be designed to authenticate such information. In addition, counsel should be prepared to talk about social media and its production format at a Rule 26(f) or other discovery conferences.

Finally, before offering such evidence in court, counsel should be prepared to respond to objections related to relevance, hearsay, and authentication. With regard to the latter, the threshold for admissibility is low, and can be satisfied by the testimony of a witness who has personal knowledge that the evidence is what it purports to be. In fact, courts have held that website printouts need not be authenticated by the site’s owner but can be authenticated, for example, by an attorney who testifies that she visited a particular site, recognized it as the opposing party’s, and printed what she saw on the screen. Jarritos, Inc. v. Los Jarritos (2007).

Advertisements

Posted in Articles, Authentication, International Issues, Privacy, Social Media Sites | Tagged: | Leave a Comment »

Around the block-March 8, 2011: Notes on Facebook and Predictive Coding

Posted by rjbiii on March 8, 2011

A few articles of note that affect electronic discovery, forensics, or cyber-security:

Predictive coding has been a hot topic, and at Prism Legal, Ron Friedman posts his thoughts on how it should be handled by courts:

[Courts] should presume that predictive coding is reliable. The burden of proof should shift to predictive coding opponents to show that it is not reliable.” Let the proponents of human review explain to the court why diverging expert views is better than consistent computers.

Agreed. “Relevance” is ultimately determined by the court. In “human review,” a lead attorney formulates a set of guidelines for document reviewers to follow. This formulation is based on his understanding of the case subject matter, the scope of discovery requests or other communications by the opposing party, and any direction he might receive from the court. The attorney’s understanding of relevance is, in theory, based on an honest attempt to obtain an understanding of the court’s definition of “relevance” for the instant matter. The guidelines then sent down to those attorneys reviewing documents is an attempt to accurately propagate this understanding. Obtaining consistency (and of course, accuracy, to the extent that term can be used here) between reviewers is a difficult (and often, costly) process requiring diligence and proper project management.

The larger the review team, the greater the challenge. Predictive coding offers the promise of greater consistency. To test its validity, however, the components that might be scrutinized are: the efficacy of the technology used, any “rules” created that affect the tool’s method of classification, and the methodologies behind any creating “sample” datasets used to “train” the tool on what is relevant and what is not.

EDiscovery map offers a primer in how to collect from EU-based data sources.

There is a serious conflict for US firms with affiliates in EEA countries, when they get involved in civil litigation within the US: On the one hand, Federal and State rules mandate retention and production of all relevant data, even data located outside of the US, with the risk of severe penalties by the Courts in case of “spoliation”, and on the other hand, EU data protection laws (applicable to the EEA) mandate very strict data protection rules for “personal data” of their residents, that seriously restricts processing of personal data and transfer of those data to “non-adequate” countries outside of the EEA, with risks of steep fines in case of transgression.

Continuing on, we’ve argued about this before, but the ABA posts an article explaining why e-discovery is killing legal jobs. Not that I agree with the assessment.

The ACEDS staff takes on the subject of EDD and social media:

One of the important issues involved in social networking evidence is admissibility. The Federal Rules of Evidence require evidence to be authenticated before it can be admitted in court. With nearly everyone having the power to create accounts and claim to be someone else, how can one prove the true identity of a username in court?

To help establish authenticity of information gathered from social media sites and intended for use as evidence, testimony from the person who obtains printed screenshots from the social networking web page should be documented, along with details of how and when the pages were accessed and printed.

I agree with this…but I’m not sure how authentication of social media content differs from that associated with the collection of any other website. On the same topic, we now read of Facebook’s “self-collection” tool, which the company has provided its users:

Now, 500 million users of the most popular social network on the planet (which includes not just individuals, but organizations as well) have a mechanism to “self-collect” their data for their own use and safekeeping. Or, they can “self-collect” for use in litigation. In his article, Craig [Ball] likens Facebook’s download function to Staples’ famous easy button. How can an attorney argue an overly burdensome collection when you simply have to click a button?

Discovery requests for Facebook-related data may become ever more prevalent, if you believe Andre Yee when he says that Facebook is the new internet.

Posted in Articles, International Issues, Social Media Sites, Trends | Tagged: , , | Leave a Comment »

Around the Block-November 24, 2010

Posted by rjbiii on November 24, 2010

Around the block is a regular feature of Post Process, providing a brief survey of articles and issues of note affecting law and technology.

EU Flag
The EU “Cookie Rule” will soon go into affect. A Computer World article penned by Stewart Room notes that this entails big changes for ISPs. From the article:

These new rules focus in particular on the dropping of cookies onto our equipment. This will only be lawful if the service provider has the subscriber or user’s consent. In order for consent to be valid, it must be freely given, specific and informed, the benchmarks established by the Data Protection Directive.

The EU’s Article 29 Working Party, which is made up of the national data protection regulators and other officials, issued an opinion on cookies and the consent issue earlier in 2010, observing that the new rules will not be satisfied by default browser settings, bulk consents, web user inactivity or the use of opt-outs.

Criticisms of the rule, which appears to require user consent every time a cookie is to be dropped on a computer, include charges that it isn’t practical, that it (along with other regulations) will stifle e-commerce growth, and that such a “pro-privacy” approach will actually work to diminish the user’s enjoyment of the internet.

Facebook

Facebook May Become a More Frequent Target of Discovery. Facebook’s recent announcement that it will introduce a communication system that could replace email may complicate the lives of us working in electronic discovery. Shannon Green, in her article “Facebook Creates a Mess for EDD: Messages,” notes that the service’s large user-base having these additional tools creates additional burdens and risks for future litigants and employers:

The system has three key components: seamless messaging, a social inbox, and conversation history. Facebook engineer Joel Seligstein blogged, “You decide how you want to talk to your friends: via SMS, chat, e-mail or Messages.” Facemail messages will be clustered by sender instead of by the “antiquated” concept of using a subject line.

So far, so good. But what might be most problematic for employers is that Facebook will preserve these messages — text, chat, or smoke signals — forever.

“It’s definitely a problem in that it means these e-mails will be outside the boundaries of their retention policy,” said Rudy Rouhana, an attorney and director of product marketing at Daegis, a provider of e-discovery services. “So, if they typically delete e-mail every 90 days, 2 years, etc., they will be unable to enforce that on e-mails created in this system,” he said.

Protect your data when traveling internationally. Wired has posted an article in their “How-to” Wiki on protecting your data during border crossings. From the article:

But recently, we’ve seen incidents of computer security experts with ties to WikiLeaks and white hat hackers being stopped by government agents and having their laptops and phones thoroughly inspected.

Unless you work in computer research, or if you have ties to whistleblowers or cybersecurity journalists, the chance is very, very slim that your electronics will be searched. But even if you don’t think you’re up to anything that would arouse the suspicion of the Feds, you should still take precautions. Also, the threat of theft or snooping is something you should pay attention to, no matter how far from home you wander.

Note that these rights extend only to U.S. citizens. Any foreign visitor can be refused entry to the country by border officials on almost any grounds, even if you have a visa.

Posted in Around the Block, Articles, email, International Issues, Privacy | Tagged: | Leave a Comment »

Around the Block-March 23, 2010

Posted by rjbiii on March 23, 2010

A bit of industry-related news to examine. Let’s start, shall we?

E-Discovery and LPO firm Integreon has been cited in an Indian writ for the unauthorized practice of law. From the company’s press release:

Integreon was the only LPO company and non-law firm named in the petition. “It is unfortunate that our size and clear leadership position in the LPO market has made us the LPO target for the petitioner,” stated Liam Brown, CEO of Integreon. “We were surprised to hear that our range of LPO services, such as document review, e-discovery, contract management and other legal support services could be confused with the practice of law.”

“Integreon collaborates closely on all engagements with its law firm and legal clients to segregate complex legal tasks from those tasks that can be lawfully outsourced and performed by Integreon’s associates,” said Brown. “The premise of the services that we offer to law firms and corporate legal departments is to allow their lawyers to do what they do best: practice law.”

The ABA has posted an article discussing futurist Jordan Furlong‘s advice to bar associations and lawyers on “stay[ing] relevant in changing times.” From the article:

In the 21st century, lawyers need six essential skills, Furlong said: collaboration, project management, emotional intelligence, financial literacy, technological affinity and time management. Bar associations can help lawyers develop these skills by offering the leadership and services their members are seeking.

According to Furlong, lawyers should make themselves more visible while also showing worth to clients and potential clients. He said that lawyers should become holistic providers of “legal health” to clients.

I agree with much in the article…though the terms “lawyers” and “holistic” are rarely seen together…aren’t they?

The AmLaw Daily asks the question Is Mega Law a Dead Man Walking?

That was the subject of several sessions Monday at the Georgetown law school conference on law firm evolution. It speaks to the urgency of the matter, that an institution that thrives on the continuing health of big law firms to hire their deeply in debt graduating students would countenance the question.

The answers from the day: dead, dying, and changing.

A conference attendee’s session notes may be found here.

Posted in Articles, Industry News, International Issues, LPO, Vendor Liability | Tagged: , | Leave a Comment »

Case Summary: AccessData; Effects of German Blocking Statute on Discovery Obligations

Posted by rjbiii on January 27, 2010

AccessData Corp. v. ALSTE Techs. GMBH, 2010 U.S. Dist. LEXIS 4566 (D. Utah Jan. 21, 2010).

Background: In May, 2005, AccessData and ALSTE Technologies GmbH (“ALSTE”) entered into a contract allowing ALSTE to resell to their customers. Since executing the agreement, ALSTE has sold “hundreds, if not thousands” of AccessData’s products. AccessData sued ALSTE for breach of contract, alleging that over $79,000 in invoices had not been paid for its FTK toolkit 2.0 software. While ALSTE admits that it hasn’t paid the invoices in question, it asserts that it shouldn’t be made to, as the software is defective. ALSTE also filed a counterclaim for the breach of a technical support agreement requiring AccessData to pay ALSTE $2,000 to $4,000 per month to cover technical support for users of AccessData’s products in Germany who were not also customers of ALSTE.

Procedural History: AccessData made requests to ALSTE for the production of documents containing information on customer complaints and any resulting injury suffered by ALSTE. AccessData also propounded interrogatories asking ALSTE to provide information and document regarding any technical support it provided non-customers under the Technical Support Agreement. ALSTE objected to the interrogatories and production requests, contending they were: 1) overly broad, unduly burdensome, and sought irrelevant information, and 2) the disclosure of information relating to third parties identities would violate German law. Access then filed the motion to compel on which the court rules in this opinion.

Discussion: The court stated that ALSTE assertion that providing personal information about its customers and their employees “would be a huge breach of fundamental privacy laws in Germany,” was not backed up by reference to any specific rule or law. ALSTE failed to cite any provision of the German Data Protection Act (GDPA) or German Constitution to back-up its claim. The court then noted that I, Section 4c of the GDPA, entitled “Derogations,” allows for the transfer of personal information to countries without the same level of data protection if the data subject gives his or her consent, or the transfer is necessary or legally required for the establishment, exercise, or defense of legal claims. The court wrote that ALSTE had not described any difficulties in obtaining consent, or explained why the provisions would not apply to this case.

Even in the event that ALSTE had overcome those challenges, the court stated that it disagreed with ALSTE’s assertion that the court must comply with the Hague Convention’s rules governing disclosure of evidence to courts in foreign countries. Citing Societe Nationale Industrielle Aerospatiale v. United States District Court, 482 U.S. 522, 544, 107 S. Ct. 2542, 96 L. Ed. 2d 461 (1987), the court noted that the law in the U.S. was: “It is well settled that such [blocking] statutes do not deprive an American court of the power to order a party subject to its jurisdiction to produce evidence even though the act of production may violate that statute.”

The Supreme Court referenced the American Law Institute summary of the interplay between blocking statutes and discovery orders generally:

“[W]hen a state has jurisdiction to prescribe and its courts have jurisdiction to adjudicate, adjudication should (subject to generally applicable rules of evidence) take place on the basis of the best information available . . . . [Blocking] statutes that frustrate this goal need not be given the same deference by courts of the United States as substantive rules of law at variance with the law of the United States.”

Ultimately, the court decided on this issue to overrule the objections to the discovery request and required ALSTE to search through their data repositories and produce the requested data.

Posted in 10th Circuit, Blocking Statutes, Case Summary, D. Utah, Discovery Requests, Duty to Disclose, Duty to Preserve, Duty to Produce, Hague Convention, International Issues, Magistrate Judge Paul M. Warner | Leave a Comment »

Comparing Discovery in Canada and the US

Posted by rjbiii on April 26, 2009

Byte and Switch has a nice post discussing the differences between Canadian and US discovery processes. From the blog:

I expected litigation and e-discovery to be closer than it really is. Here is our overview of the situation: The Canadian provinces exert tremendous control over e-discovery practices and procedures in common and civil law. There is no corresponding natural statute such as the U.S. Federal Rules of Civil Procedure, making e-discovery in Canada difficult to affect on a unified national principle.

There are national Canadian guidelines with the publication of Sedona Canada’s e-discovery principles and the Judicial Council’s practice direction for e-discovery in civil courts. (“The Sedona Canada Principles Addressing Electronic Discovery” and “National Model Practice Direction for the Use of Technology in Civil Litigation,” respectively.) These principles and guidelines for court practice are excellent steps forward and provide guidance for provinces that are developing their own sets of e-discovery rules. (British Columbia, Nova Scotia, Alberta, and Ontario have well-developed principles or drafts, and other provinces are no doubt busy as well.) Neither is statutory, and they exist as guidelines to implementation.

The post states that U.S. attorneys can learn from the Canadians’ attempts at reigning in costs, while Canadians could benefit by using proper tools.

Posted in Articles, International Issues, Trends | Tagged: | Leave a Comment »

The Sedona Conference: Suggested Balancing Test for Cross Border Discovery Requests

Posted by rjbiii on March 5, 2009

Ideally, determining the scope of cross-border discovery obligations should be based on a balancing of the needs,
costs and burdens of the discovery with the interests of each jurisdiction in protecting the privacy rights and welfare
of its citizens. The following factors should be considered in this balancing:
1. The nature of the data privacy obligations in the jurisdiction where the information is located;
2. The obligations of the responding party to preserve and produce relevant information in the
jurisdiction where the dispute is filed and the jurisdiction where the data is located;
3. The purpose and degree of custody and control of the responding party over maintaining the
requested information;
4. The nature and complexity of the proceedings;
5. The amount in controversy;
6. The importance of the discovery to resolving critical issues; and
7. The ease and expense of collecting, processing, reviewing and producing relevant information,
taking into account:
a. the accessibility of the relevant information;
b. the volume of the relevant information;
c. the location of the relevant information;
d. the likelihood that the integrity and authenticity of the information will be impaired by
the discovery process; and
e. the ability to identify information that is subject to foreign privilege and work product
protection from disclosure.

The Sedona Conference, Framework for Analysis of Cross Border Conflicts 34 (Aug. 2008). (Registration Req’d).

Posted in International Issues, The Sedona Conference, White Papers | Tagged: , | Leave a Comment »

EU Working Group Releases Proposal for Reconciling EU Data Privacy Laws with US Discovery Rules

Posted by rjbiii on February 22, 2009

An EU “working group” has released a proposed set of guidelines (warning: PDF document) for companies who are subject to EU Privacy Directives to follow when complying with discovery rules in U.S. matters. The document’s purpose is described thusly:

The working party sees the need for reconciling the requirements of the US litigation rules and the EU data protection provisions. It acknowledges that the Directive does not prevent transfers for litigation purposes and that there are often conflicting demands on companies carrying on international business in the different jurisdictions with the company feeling obliged to transfer the information required in the foreign litigation process. However where
data controllers seek to transfer personal data for litigation purposes there must be compliance with certain data protection requirements. In order to reconcile the data protection obligations
with the requirements of the foreign litigation, the Working Party proposes the following guidelines for EU data controllers.

The document is an excellent primer for EU-US cross-border discovery matters. It also discusses the differences in discovery between common law and civil code systems, and those of the U.S. with other common law nations.

Posted in Discovery, European Union, International Issues, Legislation, Privacy | Leave a Comment »

On a New British Standard for Storing Data to be Used as Evidence

Posted by rjbiii on December 25, 2008

The Register reports that the national standards body of the U.K., the BSI Group, has formulated a new standard for storing data properly for “maximizing” the weight of data presented in court. The standard deals with the manner in which evidence is stored.
From the article:

By complying with BS 10008, “it is anticipated that the evidential weight of electronic information transferred to and/or managed by a corporate body will be maximised,” said national standards body BSI British Standards.

The Standard is called Evidential weight and legal admissibility of electronic information – Specification. It sets out the requirements for the implementation and operation of electronic information management systems, including the storage and transfer of information, and addresses issues relating to authenticity and integrity of information.

Legal admissibility concerns whether or not a piece of evidence would be accepted by a court of law. To ensure admissibility, information must be managed by a secure system throughout its lifetime, which can be for many years. Where doubt can be placed on the information, the evidential weight may be reduced, potentially harming the legal case.

From the BSI Group’s description:

What does the standard include?

* The management of electronic information over long periods, including through technology changes, where information integrity is vital
* How to manage the various risks associated with electronic information
* How to demonstrate the authenticity of electronic information
* The management of quality issues related to document scanning processes
* The provision of a full life history of an electronic object throughout its life
* Electronic transfer of information from one computer system to another
* Covers policies, security issues, procedures, technology requirements and auditability of electronic document management systems (EDMS).

Posted in Best Practices, Data Management, Data Retention Practices, International Issues, United Kingdom | Tagged: | Leave a Comment »

UN Agency seeks to Curb Internet Anonymity

Posted by rjbiii on September 13, 2008

Somewhat alarming; but interesting with respect to forensics and investigations:

A United Nations agency is quietly drafting technical standards, proposed by the Chinese government, to define methods of tracing the original source of Internet communications and potentially curbing the ability of users to remain anonymous.

The U.S. National Security Agency is also participating in the “IP Traceback” drafting group, named Q6/17, which is meeting next week in Geneva to work on the traceback proposal. Members of Q6/17 have declined to release key documents, and meetings are closed to the public.

The potential for eroding Internet users’ right to remain anonymous, which is protected by law in the United States and recognized in international law by groups such as the Council of Europe, has alarmed some technologists and privacy advocates. Also affected may be services such as the Tor anonymizing network.

The article notes the potential of these standards to aid repressive regimes:

A second, apparently leaked ITU document offers surveillance and monitoring justifications that seem well-suited to repressive regimes:

A political opponent to a government publishes articles putting the government in an unfavorable light. The government, having a law against any opposition, tries to identify the source of the negative articles but the articles having been published via a proxy server, is unable to do so protecting the anonymity of the author.

Posted in Articles, International Issues, Privacy | Leave a Comment »