ALM Properties, Inc.
Page printed from: Corporate Counsel
Select 'Print' in your browser menu to print this document.
3 Technology Change Agents Impacting E-Discovery
Law Technology News
Covering all bases when it comes to legal discovery isn't what it used to be for organizations. Just as technology forever changed the way we do business, communicate, and live our day-to-day lives, rapidly growing IT trends within the business world are now changing the way organizations need to approach electronic data discovery.
Social media, the cloud, and BYOD (bring your own device) movements are the main change agents that were highlighted at the 2012 Computer and Enterprise Investigations Conference earlier this year at Las Vegas. Hosted by Guidance Software, CEIC draws professionals and companies involved with digital investigations and e-discovery.
During the opening keynote, Guidance Software's President/CEO Victor Limongelli pointed out that the interoperability of EDD and forensic tools is critical. It's about more than honing in on Windows boxes, servers, backups, desktops and laptops, and emails, he said. Both business and legal organizations now use social networks, cloud, mobile devices, and web applicationsand must make decisions around ownership of work and data, in the context of personal devices. Technologies and services that were once used primarily for personal purposes have been permeating the business sector and the lines between personal and business use of these innovations are blurring.
With so much data and so many different data sources to keep track of, companies are struggling, he said. Proper e-discovery is driven by proper forensics, which is fed by proper security management, he said. These three functional turfs are converging at breakneck speed, and vendor offerings are starting to merge, he said.
Let's look at three trends.
1. SOCIAL MEDIA
A single post on Twitter, Facebook, or other social networking sites could be a key element in a legal matterpotentially demonstrating good or evil on the part of one or both parties in the case. With this piece of evidence, perhaps a case could be won; or without it, lost.
Public information on Facebook has already been proven admissible in many courts. Sometimes the questionable activity occurs via the organization's account, and sometimes it occurs via an employee's work or personal account. In either case, organizations must be prepared to capture and preserve this information, even if it has to be a coordinated effort with its employees. Facebook saves everything "forever"posted content is archived, including items that have been deleted by users.
To address the growing need for data collection, Facebook allows users to download their entire Facebook histories into single files. (See Craig Ball, "Easy Does It," Law Technology News, April 2011.) It would be reasonable to expect that this option would give users the ability to extract data from the service for purposes of legal evidence collection and deliverybut it requires users to first understand how it works. Given its inherent limitations, users should not rely on this method as the only option to gather their data.
To exercise this option, a user logs into his or her account, navigates to the account settings, and then selects to download the Facebook data. A link enables the user to download a .zip archive file, which contains a number of HTML files, including a main index.html file that links all of the HTML files together in a single HTML page. This HTML "package" essentially replicates the ability for the user (or recipient of the package) to navigate the content just as if he or she were logged into Facebook as that user.
The package includes a user's profile (timeline) information, wall (posts and content from the user and friends), uploaded photos and videos, friend list, and notes. The package does not include photos and status updates from friends, other people's personal information, and any comments the user has made to other people's posts.
The Facebook archive process does come close to delivering a good first step. However, the service does the collection in a non-forensically-sound way, making the collection of content questionable, at best, as the full context surrounding the data is missing.
Focusing on another aspect of these social media services, at the conference, Craig Ball raised the topic of images, stating that "there are roughly 200 million photos uploaded daily to Facebook. Facebook's service removes the GPS data from the images as it republishes them, protecting the user in some cases, but destroying the forensic quality of those elements in the process. But, what about some of the other social media siteswhat do they do when they take the images in?" Chances are, the users of these services don't know.
2. CLOUD COMPUTING
Using social networks to share status updates and photos is just one of the ways people connect online. Many use the Web for online collaboration, sharing various types of documents and other forms of content with multiple parties. Often, users turn to web-based sharing sites because of file size limitations presented within their organization's email systems. Or, they may be using the cloud to capitalize on key features such as real-time, synchronized, multi-user sharing and collaboration, while maintaining a complete record of the activity.
Owen O'Connor, managing director of Cernam Online Evidence), noted that online storage and collaboration services such as DropBox, Box.net, and ftopia, for exampleprovide easy signup and usage for consumers. This widely accepted consumer-driven model ultimately reaches enterprise users, who are consumersleaving organizations with two things they must recognize:
A primary concern with cloud services is not having control over what is collected, stored, and shared. As a simple example, an employee could upload confidential price sheets to a private room, sharing information with a competitor. Yet, as has been pointed out by Judge Andrew Peck of the U.S. District Court for the Southern District of New York, data stored in the cloud is subject to the same legal rulessuch as Federal Rules of Civil Procedure Rule 26(b)(2)(B)for collection, preservation, and production as data that resides on physical networks within an enterprise. So organizations are under pressure to meet these standards while they simultaneously struggle to maintain control over what data they have, where that data is, and where it goes.
U.K. consultant Chris Dale, author of the e-Disclosure Information Project blog, provided an example during a CEIC panel. When using the cloud-based note-taking service Evernote , the service pins a geotag to each note, associating it with the physical location where it was actually taken, he said. If a photo is taken and added to the note, the corresponding geo-information is stored as well. If a note is written in one town and then 20 minutes later a picture is taken and added to the note from a different town that happens to be located 20 minutes from where the note was originally pinned, it would be hard for the note-taker to claim that he or she wasn't at those locations at those dates and times.
Dale's comments help us understand that to address this lack of control, organizations must take a stance on what is acceptable to use for business. If control is necessary, then a company-provisioned, business-ready note-taking tool should be mandatedwhere the organization to turn on and off features such as the geotag option. If centralized control is not a requirement, a consumer-oriented offering such as Evernote may be perfectly fine.
Bring your own device is an unstoppable force. Employees are using their own smartphones, laptops, and tablets in the workplace, triggering numerous security concerns. But a main consideration that crosses both information security and EDD is the question of ownership.
From a security perspective, it's who owns the data on these personal devicesthe company or the employees? Can companies sufficiently protect their intellectual property and sensitive client informationpreventing it from leaving the "protected boundaries" via micro storage, USB devices, email, social media, and mobile applications?
From an EDD perspective, however, the organization also must consider the mobile device itself. Who owns everything on this devicefrom the physical unit to personal data such as contacts, text messages, call logs, geolocation information captured during mapped travels, and so on? What activity is appropriate to monitor as standard procedure; what's appropriate to track when there is cause for suspicion? What can be captured and preserved when the user of the mobile device is involved in a case? "It's a fine line between monitoring and invading privacy," said Dale.
Figuring out how to deal with the above scenarios is only half the battle. The origins and histories of these devices are unknown; organizations tend to make the assumption that these personal devices are brand new and bought directly from reputable stores, but of course, this assumption is not always true. Many devices are purchased with SIM cards already unlocked, "jailbroken," and/or are refurbished units obtained via Craigslist, eBay, or other sources. Origins and what has been installed on them (e.g., malware) may be murky.
What happens when an employee's device gets lost or stolen? Or when an employee simply wants to replace an old device? The IT department provisions the new device, but what happens to the old one? How does an organization ensure that the data on that device gets wiped before it gets relinquished?
The bottom line: Organizations must be proactive about managing personal devices in the workplace and capturing and preserving relevant data.
Sean Martin is the principal of imsmartin consulting, based in Redondo Beach, Calif. Email: firstname.lastname@example.org.
This article originally appeared in Law Technology News.