Hiding from eDiscovery in Plain Sight


QR or “quick response” Codes have been showing up a lot more in the last year. A QR code is a matrix barcode (or two-dimensional code), readable by QR scanners, also readable by mobile phones with a camera, tablet computers with built-in camera including iPads, and smartphones including iPhones. The code consists of black modules arranged in a square pattern on white background. The information encoded can be a text message, a SMS message, a URL, an email reply or several other types of data. The QR code in the top left corner of this blog is the QR code for the URL for the eDiscovery101.net blog site.

QR codes are increasingly gaining acceptance in United States business and end user mind share, though they have been popular in some Asian countries for many years.

So what do QR codes have to do with eDiscovery? A friend of mine was telling me about a new business he had started using QR codes in a very unique way and it occurred to me to wonder if eDiscovery collection and review applications would be able to recognize data encoded into QR codes and if not, how could custodians use QR codes to pass information they didn’t want to be found in an eDiscovery process. For example, could you email information to others without calling attention to yourself by using encryption or have the content indexed and flagged by eDiscovery applications?

The answer is absolutely…

Look at the following email example:

The QR code embedded in the email message is simply a link to the URL for this blog site. To connect to this site you would start up your free QR code scanner on your iPhone and it would automatically link you to the site. If the above email was part of the email corpus in an energy price manipulation case, would it be flagged for any suspicious activity?

But the main point is when collecting and running millions of emails through eDiscovery software, QR codes, as far as I can tell, would not be readable and index-able by any known eDiscovery software.

Now take a look at the email message again:

If you were to scan the above QR code with your free QR code scanner, you would see the following:

As you can see, a great deal of text can be embed in a QR code that is readable by a free QR scanner pointed at a printout or even your computer display.

Is the above example a reasonable way to pass information that you don’t want caught by eDiscovery processes? Not really…an easier way would be to call someone and give them the message verbally but I wanted to point out that eDiscovery search and review applications are not 100% effective and custodians can beat them if they really try. eDiscovery vendors need to be constantly on the lookout for these new techniques of sending and receiving ESI.

Advertisements

Will Spoliation Insurance Change How Judges Rule?


On Dec.2 2010, the Lexington Insurance Company started selling a new product–spoliation insurance. No, spoliation is not misspelled, and no, it’s not a witty descriptor for what’s likely to happen inside the office break room refrigerator before the end of the holidays. Spoliation is a legal term for the destruction of evidence in civil litigation matters. And this form of insurance protects you in the event a judge imposes fines or penalties because of lost evidence or other eDiscovery failures.

Why might you need spoliation insurance? Well, Duke University conducted a recent study finding 97 eDiscovery sanction cases in 2009, more than any prior year. These are cases where the judge has determined one of the parties destroyed evidence and now must determine a penalty for this destruction of evidence.

Some questions that come to mind for me:

  1. Does having spoliation insurance mean the discoveree can exercise less care with his records information management (RIM) program, litigation hold, or discovery processes because they don’t have to worry about a fine or penalty?
  2. Is the fact that you have spoliation insurance discoverable?
  3. Would the fact that you have spoliation insurance alter the ruling by the judge? (Would the judge, for instance, impose a higher fine or penalty to hammer the insurance company?)

Obviously, spoliation insurance will not affect whether your organization wins or loses the case. Also, I would expect insurance companies to set premiums to reflect their risk. If the insured has an effective RIM program and processes to find and protect responsive electronically stored information easily, insurers should lower premiums for these buyers over other applicants with questionable or no processes or other tools.

The next question that comes to mind is: Do you need spoliation insurance if your organization has prepared for effective eDiscovery by creating RIM policies, training employees on responsibilities and processes, and acquiring technology like an archive to better control ESI?

Now, the answer to this question is pretty commonsensical. Invest in responsible processes and training as well as the best tools/automation for RIM and eDiscovery, and you likely won’t need spoliation insurance.

The ABA Journal had a story on spoliation insurance on March 1, 2011. The ABA Journal article can be viewed here.

The Entrepreneur’s Guide to Litigation – Discovery


From an article in the National Law Review by Joseph D. Brydges

Discovery is a pre-trial phase of litigation during which a party to a lawsuit seeks to “discover” information from the opposing party. Discovery is meant to facilitate the truth-finding function of the courts and, as such, parties to a lawsuit have an automatic right to discovery. From a strategic standpoint, discovery is used to gather and preserve evidence in support or defense of the claims made in the complaint. Further, discovery often helps parties narrow the focus of the litigation in preparation for trial and, in some cases, may lead to a pre-trial settlement. Discovery is an extremely important phase of litigation because the evidence gathered during discovery will serve as the foundation of a motion for summary judgment and/or strategy at trial.

The entire article can be viewed here.

Destruction of Electronic Evidence, Misconduct Lead to $1 Million Fine, Default Judgment


From an article at Buchanan Ingersoll & Rooney PC

In a February 23, 2011 opinion and order, Judge Sharon Johnson Coleman granted the motion of Trading Technologies International, Inc. (“Defendant”) for default judgment and monetary sanctions, based on misconduct by Rosenthal Collins Group, LLC (”Plaintiff”) and its counsel with respect to the preservation and production of electronic evidence. Rosenthal Collins Group, LLC v. Trading Technologies International, Inc., No. 05-C-4088, 2011 WL 722467 (N.D. Ill. Fed. 23, 2011) (hereinafter, “Trading Techs.”).

Finding that “both [Plaintiff] and its counsel acted willfully in bad faith by engaging in conduct that resulted in deception of both the opposing party and the Court, the destruction of relevant evidence, the waste of judicial resources, and the undermining of the judicial process,” the Court imposed a sanction on Plaintiff of $1,000,000 and default judgment against Plaintiff. In addition, “[f]or their part in presenting misleading, false information, materially altered evidence, and willful non-compliance with the Court’s orders,” Plaintiff’s counsel was ordered to pay the costs and attorneys fees related to litigating the motion.

The entire  article can be viewed here.

The case of the disappearing text messages


I ran across an interesting mobile phone application the other day called Tiger Text (also called the cheating spouse app). Tiger Text is an app that bills itself as a tool to help people “cover their tracks”, in this case tracks that are left when sending traditional text messages from phone to phone.  What Tiger Text does is enable a user to send text messages back and forth to others also using Tiger Text and not worry about the text message being found by someone else, because messages sent via Tiger Text will essentially self destruct within a specified timeframe.

When you send a text message using Tiger Text, the content of your message is never sent to the recipient’s phone as it does when you send a standard text message.  Since the message doesn’t reside on the recipient’s phone, but rather stored on Tiger Text’s servers, you are given full control when the messages are deleted from Tiger Text’s servers.

 

 

 

 

 

 

 

 

 

As you can see from the screen shots above, once the messages are gone, they are gone.  You can set messages to ‘Delete on Read’ or set your own time limit such as 2 hours, 4 hours, etc. Keep in mind that both sender and recipient must have the Tiger Text application installed for the capability to work (there is a free reader if the other person doesn’t want to buy Tiger Text), and if a message is set to expire at a specified time period and it’s not read, then it’s gone forever. This “Delete” capability can be set from the menu shown below.

 

 

 

 

 

 

 

 

 

 

The actual content of TigerText messages are erased from the sender’s phone, the recipient’s phone and all servers when the message expires. TigerText does not allow the user to copy or save a message, however if someone really wanted to they could video capture your TigerText, take a screen shot, or take a photo of their phone. TigerText cannot promise that your messages will not be copied by some alternative means. Be smart! Anyone can take a picture of a phone.

Tiger Text is available for iPhones, Blackberrys, Microsoft powered mobile phones and Android phones.

What’s this got to do with eDiscovery?

With above description in mind, it occurred to me that this application could cause some problems for the eDiscovery process.

  1. If a custodian is using this application while they are potentially a party to litigation and are using this app to send or receive information relevant to the case, are they guilty of destruction of evidence? In my opinion, absolutely!
  2. How could you place and enforce a litigation hold on this data? The answer is you can’t.
  3.  How would an organization collecting responsive data for eDiscovery even know to look for this capability? It all comes down to knowing the technology landscape and asking the right questions of custodians such as “do you utilize any applications or other processes on any computing devices including cell phones which automatically delete ESI?”
  4. So what’s an organization to do? The only thing you can do is forbid installing these kinds of applications on any organization assets and audit to see that custodians are following the policy. You obviously can’t do anything about what employees do with their own non-company owned devices except to reiterate that company related business should never be conducted over non-company owned devices (and its always a good idea to remind employees that if they do use their own devices for company business this will open their personal computers, phones etc to eDiscovery).

The main point is to be aware of these capabilities and to look for them when in eDiscovery.

Your organization’s social media problem can’t be cured with antibiotics


You can’t control what employees do away from work on their own time and using their own equipment but companies do have a right to control their brand and that includes how they are represented by their employees on social media sites. For that reason, every organization should develop, implement and enforce a corporate-wide social media policy for all employees (because if you don’t enforce it, then do you really have a policy?).

Gary MacFadden was kind enough to pose a great question in response to my last blog posting titled “Did you hear the one about the Attorney who thought social media was a dating website for singles over 40?”. Gary pointed out that it would be helpful if I could give examples of a corporate social media policy (what it involved) and what the employee education process would be to make employees aware of the policy. With that in mind, here are some aspects of a corporate social media policy:

  1. A policy author with contact information in case employees have questions
  2. An effective date
  3. A definition of what social media is
  4. A description as to why this policy is being developed (for legal defense, brand protection etc)
  5. A description of  what social media sites the company officially participates in
  6. A listing of those employees approved to participate on those sites
    1. The fact that any and all approved social media participations will be done only from corporate infrastructure (this is to protect approved employees from discovery of their personal computers)
    2. A description of topics approved to be used
    3. A description of those topics not approved to be used
    4. A description of any approval authority process
    5. A description of what will happen to the employee if they don’t follow the approved process
  7. A direct statement that unapproved employees that make derogatory remarks about the organization, publish identifying information about clients, employees, or organization financials, talk about organization business or strategy etc. in any social media venue will be punished in the following manner…
  8. A description of how these policies will be audited and enforced

Once the policy is developed, it needs to be communicated to all employees and updated by legal representative on an annual basis. This education process could include steps like:

  1. A regularly updated company intranet site explaining the policy.
  2. A description and discussion of the policy in new employee orientation activities.
  3. A printed description of the policy which the employee signs and returns to the organization.
  4. An annual revisiting of the policy in department meetings.
  5. The publishing of an organization “hot line” to your corporate legal department for real-time questions.

On a related topic, for legal reasons you should be archiving all approved social media participations much like many companies now archive their email and instant message content.

This practice will seem rather draconian to many employees but in reality the organization needs to protect the brand and always have a proactive strategy for potential litigation.

A sampling of various organizations social media policies can be found here. I was particularly impressed with Dell’s.

From a previous blog post titled ”Beware: your facebook posts could end up in court”

Social networking posters beware…your Facebook and other social media accounts may be seen by more than just your friends; in fact, what you post and tweet could become court evidence.

But many of us don’t consider these implications when tweeting and posting. Current employers, potential employers and, yes, even attorneys review social networking sites for information on workers, job candidates and litigants.

Individuals as well as organizations need to carefully consider what they post to these sites. In the personal injury case of McMillen v. Hummingbird Speedway, Inc., No. 113-2010 CD (C.P. Jefferson, Sept. 9, 2010), Hummingbird Speedway, Inc. sought access to plaintiff’s social network accounts, requesting an eDiscovery production of his usernames, log-ins and passwords.

The olaintiff objected, arguing that the information on those sites was confidential.  Upon defendants’ Motion to Compel, the court found the requested information was not confidential or subject to the protection of any evidentiary privilege and ordered its production to defendants’ attorneys within 15 days. Additionally, the court ordered that plaintiff should not take steps to delete or alter the existing information on his social network accounts. The court said:

Specifically addressing the expectation of privacy with regard to Facebook and MySpace, the court found that any such expectation “would be unrealistic.”  The court then analyzed the relevant policies of the two sites, and concluded as to both that, “[w]hen a user communicates through Facebook or MySpace, however, he or she understands and tacitly submits to the possibility that a third-party recipient, i.e., one or more site operators, will also be receiving his or her messages and may further disclose them if the operator deems disclosure to be appropriate.”  Accordingly, the court determined that defendant could not successfully assert that his accounts were confidential.  In so holding, the court also noted the possibility that communications could be disclosed by friends of the account holder with whom the communications were shared.

Organizations need to establish and enforce employee social media policies to lower their risk and better protect their brand.

Did you hear the one about the Attorney who thought “Social Media” was a dating website for singles over 40?


A definition of the term social media from Merriam-Webster states “forms of electronic communication (as Web sites for social networking and microblogging) through which users create online communities to share information, ideas, personal messages, and other content.”

Another definition of “social media” from online matters reads “Social media is any form of online publication or presence that allows end users to engage in multi-directional conversations in or around the content on the website.”

Examples of social media include facebook, myspace, LinkedIn, twitter, YouTube, and WordPress (free blogging site) among many, many others. Social media is not limited to desktop computers either. Cell phones, smart phones, PDAs, iPhones and iPads are popular examples of mobile devices which can be connected to social media capabilities.

How popular is social media these days?

Facebook: 750 million plus active users (July 2011). Users spend over 700 billion minutes per month on facebook.

Twitter: 175 million total Twitter accounts, 119 million Twitter accounts following one or more other accounts (March 2011) with 177 million tweets sent in one day on M arch 11, 2011

LinkedIn: 100 million users (March 2011)

Based on the above numbers, the social media phenomenon has become a major source of electronic data which in turn means a major target in litigation.

Social media content as a source of evidence in civil litigation has become a popular topic in legal magazines, blogs, twitter posts and other information sources. There are several challenges around social media content from the employee’s point of view and its use in litigation. Individuals tend to view social media content the same way they thought about emails and voicemails years ago – transitory, something that was private and didn’t exist for long anyway. People are shocked that potential employers are looking at the individual’s public facebook page, twitter postings or LinkedIn profile to get a better idea of a job candidate’s background or when police view the same content to help build a case against someone.

“Seriously officer, I wasn’t at that party where someone got shot…I was visiting my grandmother in Fresno”

“Really?… then how come there’s a picture of you at the party holding a bottle of Jack Daniels in one hand and a Glock 9mm in the other hand?”

Does an employer have a right to an employee’s social media content? Some qualifying questions to determine this  would be:

  1. Has the employee mixed personal and business related content in their social media activity?
  2. Was the employee’s social media activity initiated from within the organization’s infrastructure or using their equipment?

In a 2010 US District Court decision, Equal Employment Opportunity Commission v. Simply Storage Management, L.L.C. and O.B. Management Services, the defendant, Simply Storage, sought to discover from  two employees claiming sexual harassment against their supervisors, all photographs and videos posted to their Facebook and My Space accounts, electronic copies, or alternatively hard copies, of their profiles which includes updates, messages, wall comments, causes/groups joined, activity streams, blog entries, blurbs, comments and applications. The EEOC objected to production on the grounds that the request was overbroad, not relevant, unduly burdensome, and improperly infringed on privacy and compliance would harass and embarrass the claimants. Simply Storage defended the request arguing that the claimants’ had put their emotional health at issue implicating all their social communications.

The Court ruled that the EEOC must produce relevant Social Networking Sites (SNS) communications in accordance with its guidelines noting first that SNS content is not shielded from discovery simply because it is locked or private.

In another case, TEKsystems, Inc. v. Hammernick et al., No 0:10-cv-00819, filed in the United States District Court for the District of Minnesota, is the first-known restrictive covenant lawsuit regarding allegedly unlawful conduct via social media (in this case, LinkedIn).

When Hammernick’s employment with TEKsystems ended, she went to work for Horizontal Integration, Inc., also an IT staffing firm. The complaint alleges that, after her employment with TEKsystems ended, Hammernick unlawfully communicated, on behalf of Horizontal Integration, with at least twenty “Contract Employees” via LinkedIn, the premiere social networking website used for business and professional purposes.

The allegations against Hammernick list, by name, the sixteen Contract Employees that she allegedly “connected” with on LinkedIn, in violation of her employment agreement with TEKsystems. This case raises the legal question whether merely “connecting” with professional contacts via professional networking websites constitutes a violation of a restrictive covenant prohibiting such “solicitation” or “contact.” Does the mere existence of a network of professional contacts equal solicitation? Will compliance with a non-solicitation restriction require individuals to “disconnect” or “de-friend” colleagues, customers, or clients of former employers until the non-solicitation period expires?

Smartphones are a super highway into your private social media content

Recently, California’s Supreme Court reached a controversial 5-2 decision in People v. Diaz (PDF), holding that police officers may lawfully search mobile phones found on arrested individuals’ persons without first obtaining a search warrant. The court reasoned that mobile phones, like cigarette packs and wallets, fall under the search incident to arrest exception to the Fourth Amendment to the Constitution.

Do you have a Twitter app or LinkedIn app on your smart phone? Does it automatically enter your logon and password when you start the app? If they do then law enforcement could take a look at you private facebook, LinkedIn or Twitter accounts.

Also be aware, if you voluntarily disclose or enter your mobile phone password in response to police interrogation, any evidence of illegal activity found on (or by way of) your phone is admissible in court, regardless of whether or not you’ve been Mirandized.

Its obvious social media is a new speed bump in the eDiscovery landscape. Employers need to create policies to address their concerns and educate their employees about these policies and the consequences of not following them.