In November 2015, four friends gathered to have drinks and watch football. As sometimes happens when friends gather and alcohol is involved, a noteworthy story arose from the occasion. Unlike most instances, however, what happened is what authorities are saying was a murder: Later in the evening, one friend left while three remained at the house, where the homeowner said they could spend the night. In the morning, one of those friends was found dead in a hot tub. The cause of death was strangulation and, secondarily, drowning.
In the midst of the ensuing investigation, authorities think they may have found a new witness. That potential witness, however, wasn’t one of the people having drinks that night. It was Amazon Echo, a web-connected wireless speaker that, upon voice command, can provide information on a variety of topics and music. The device is, as some users put it, “always listening,” i.e., always ready to receive a command. Upon making a request of the device, it also records under 60 seconds of sound from its surroundings, which is erased as new sound as recorded. Amazon, however, refuses to release information on customers unless legally required.
This is just one of many intrigues posed by internet of things devices (IoT). Defined broadly as devices that have an internet connection and the ability to transmit data without the help of humans, these tools encompass everything from the everyday, such as cell phones and modern cars, to the esoteric, such as machinery used for manufacturing and medical devices like portable heart monitors. And while devices like Apple’s Siri and facial recognition technology used for security access may simplify and even expedite many of the tasks encompassing our daily lives, they pose considerable dilemmas, ranging from the ethical to privacy, ownership, and litigation.
Often overlooked is the challenges these toys of tomorrow are providing the e-discovery practitioners of today. In response, law firms are positioning themselves at what they view as an “IoT revolution” already underway. Among them is a consensus that the wide array of technologies interspersed in the IoT-sphere will increasingly define litigation in many arenas, adding to the already arduous task of collecting, reviewing and finding the smoking gun amid big data.
A Bigger Catch
Thermostats, refrigerators, motor vehicles, heart monitors and manufacturing equipment—these were not the devices that legal technologists likely originally had in mind when assembling e-discovery software. Yet as a new era of internet-connected devices becomes more integral to our social and professional existence, it is these creations that, because they often transmit data that isn’t in a textual format, will likely exacerbate big data challenges for years to come.
In some instances, parties may want to analyze information transmitted from one IoT device to another, and when computing devices are communicating with one another, their native language isn’t one easily understood by humans.
“The internet of things will succeed because computers are talking to computers,” says Edward McNicholas, partner at Sidley Austin. As co-leader of the firm’s privacy, data security and information law practice, he works with clients on IoT challenges. “Computers talk to each other in code, and … e-discovery is not set up to analyze that. E-discovery is set up to analyze human communication; it’s not set up to analyze computer communication. And computer communication is what the internet of things will thrive on.”
And the amount of “computers talking to computers” is only growing. A 2015 study by technology research group Gartner predicts that the amount of IoT devices to flood the market by 2020 will be nearly 21 billion, with 13.5 billion of those being in the consumer sector and the rest in business (about 4.5 billion devices in cross-industry use and nearly 3 billion in vertical-specific, respectively). Market research group IHT estimated in a whitepaper from Spring 2016 that the amount of IoT devices will reach 30.7 billion in 2020, up from 15.4 billion devices in 2015.
“As people start to have these devices talk to each other, the amount of data and the implications of that will be astounding,” says McNicholas. “I think people don’t appreciate that we’re in 1995. We’re right before the web, and regular people don’t appreciate that things are going to change dramatically. And e-discovery is just one of the implications of that.”
Also complicated by IoT devices is data ownership, an issue whose murkiness dates far before frequent interconnectivity was ever an expectation. This, says DLA Piper partner and IoT team member Mark Radcliffe, is “the core issue that, frankly, gets neglected” but is “significant to future challenges.”
To demonstrate how challenging this is, Radcliffe portrays the following scenario: Say you’re representing a company that insures industrial equipment, and during the manufacturing process, a machine explodes. Now, let’s say that the machines on the factory floor have sensors that can keep track of issues, such as when a machine “goes in the wrong direction,” and are intended to shut the machine down or notify an operator. But in the event that “a machine goes whack,” a firm and their client may want to look at the data generated by the machine because it could provide a clearer picture of what went wrong.
Assuming the data can be interpreted, you may be thinking the approach is fairly straightforward: Get the data from the manufacturer. However, therein lies the problem—who owns the data generated by the machine that exploded? The industrial company? The manufacturer of the machine? Perhaps the machine wasn’t created with this tracking device built in, but instead the tracker was purchased then placed on the machine. In that case, does the company that made the tracker own the data? To make matters worse, the parties involved may not be entirely on the same page as to who owns the data. “Ownership of data is a very slippery concept that frankly doesn’t mean a lot because the legal framework of dealing with data is fluctuating,” Radcliffe adds.
Still, when it comes to IoT, even in the context of e-discovery, there is perhaps no hotly-disputed concept more enmeshed than that of data privacy and security. The relationship was thrust to the forefront in late 2015, when two gunman murdered 14 people at the Inland Regional Center in San Bernardino, California. During the subsequent investigation, the FBI attempted to access the shooters’ smartphones, but the phones’ manufacturer, Apple, refused to provide passwords, arguing that doing so would potentially open the floodgates to compromising the privacy of other users’ mobile phones.
The issue isn’t limited to the battlefield of public opinion, either. Thomas Barnett, special counsel of e-discovery and data science at Paul Hastings, says privacy is an issue arising often, as everything from mobile devices to the social media platforms accessed through them can provide much useful information in a dispute. Barnett, who started the firm’s e-discovery and data science team a little over three years ago, also says the applicability of IoT data in discovery “crosses a lot of lines,” noting that among clients, such information has been useful in everything from trade secrets to employment law.
“I think people don’t realize the level of digital bread crumbs that follows them everywhere they go and in everything they do,” he says. “It’s only going to grow more apparent and be the basis of more dispute as time goes on.”
Yet acquiring such information can also be a challenge, for many employees across industries conduct work on a range of devices that fall into two increasingly broad and blurred categories—work and personal—where the distinction is important in determining what is discoverable. The access an employer has to an employer-owned device is far greater than a personal device used for work, yet in dealing with such, there are considerations to be made about conducting discovery in a way that balances privacy rights with the legal obligations to provide work-related information. Barnett adds, “These are real challenges that we deal with every day.”
Approaching the White Whale
Despite these challenges and more that will inevitably follow, law firms are already being called upon to employ the information generated by IoT devices in collection and review. And for those firms looking to add a competitive advantage amid this rapidly-nearing IoT curve, some have started their own IoT-focused teams to handle the nascent data challenges of the day. Comprised of lawyers from an array of backgrounds ranging from mathematics and statistical analysis to highly-specialized practice areas like intellectual property and cybersecurity, these motley assortments of highly-skilled professionals are collaborating within their respective firms to address multitude issues involving contracts, analytics, technology, and more, all of which involve e-discovery.
Such is the composite of Paul Hastings’ own e-discovery and data science group, which contains data scientists, including those with math PhDs and experience in text analytics, qualitative analysis, statistics, and programming and software architecture. Oh, and lawyers, of course. In dealing with the big data challenges around the IoT devices of today and tomorrow, Barnett stresses the importance of having a team that understands and can work with the technology, or are able to communicate with the experts on the technology side, in a meaningful way.
Barnett says in one case involving a company challenged on making public statements alleged to be knowingly false, his team was able to use an approach called “sentiment analysis,” which scoured electronic communications across devices and formats between employees and found actual “negative statements.” He adds that the firm’s employment law practice often relies on data from cars, personal devices and employee log ins for disputes.
But what about when the data is in a coding format? It’s here where traditional discovery methods and technologies fall short, with specialization required. Sidley Austin’s McNicholas says that at his firm, they’ve handled discovery on a “bespoke basis,” where they “looked at the particular technologies, the data flowing off of that, and then had to create tools” for analysis and presentation to courts, regulators, or whomever else.
This is the approach taken by Mayer Brown, where partner Eric Evans notes that every client-side specialized tool the firm works with may be “the only version of itself in the world.” Therefore, he adds, “Pulling information out of these customized IoT systems requires being able to talk to, understand, and work with the people who created that complex custom solution.”
But not all data collected from a device may be relevant to a case. Finnegan partner Kenie Ho, who heads the firm’s Internet of Things working group, notes that demanding parties often don’t demand such data. He partly attributes this to requesting parties not being “at the point” where they are “cognizant enough to be asking for that.” Yet he doesn’t ascribe the lack of IoT discovery to ignorance alone, noting that even if parties were aware of the option, he’s “not sure they would really want all that information” on account of cost and pragmatism.
Ho says to consider of an accident where you’re driving a smart (IoT-enabled) car driving on a smart road in a smart city using a smart traffic system. All of these systems generate IoT sensor data. Now, in the event that you hit a pedestrian, the person’s wearable technology also generates GPS and health data. In the event the pedestrian sues the driver and the insurance company is brought in, there’s potential to demand discovery for all of this IoT data.
“The thing is though—is it really necessary to get all of that data? I mean, it’s clearly relevant. But considering the cost of the case and the amount of time needed to process the data, do you really need to generate a 360-degree simulation of the accident based on sensory data” when a witness would be less costly, or tire marks indicate an abrupt stop, etc. “You have other information available that doesn’t require you to dig into the ones and zeroes of IoT data.”
As Big Law continues to work toward the best way to wrangle the array of data proliferating at an ever-increasing rate, IoT technologies themselves only continue to increase at a greater rate, expedited even further as devices once not considered in the context of a computer—like a refrigerator or a sofa—are increasingly plugged in. So while we continue to find ourselves more connected to this web of devices, communication and, quite simply, just things, it’s important that the legal industry remain and even grow more connected to the technology that will define the future of its practice.