Gartner Predicts the Future of Big Data’s Impact on Legal

Originally published on JDSupra© Business Advisor.

[author: Larry Gomez]

In February, the White House appointed DJ Patil as the first “chief data scientist” in U.S. history in order to address the challenges of Big Data, who will be tasked with trying to use that data to create efficiencies, promote innovation and unlock economic potential. Businesses face a similar situation in dealing with the tremendous amounts of data being created every day. In advance of its Business Intelligence & Analytics Summit earlier this month, Gartner predicted three ways businesses will be changed by Big Data. Each of these predictions is also relevant to the way eDiscovery processes and approaches are changing.

Prediction #1: As products become more digitized and connected, more processes will be automated. This will include many types of decision-making that will transition from manual to algorithmic processes. In eDiscovery, the use of technology-assisted review (TAR) is widely becoming an alternative to the slower and costlier manual review approach. By combining advanced machine learning and statistical analysis, algorithms can be developed to quickly and accurately automate the classification of certain types of documents relevant to a review through prioritization of likelihood of relevance. Another example is eDiscovery review tool workflow automation, which eliminates the human points of contact in routing documents to various parties for review (i.e., privilege, first pass, etc.).

Prediction #2: Due to an interconnected data-driven world, businesses will need access to databases outside their organizations to make timely, context-aware decisions. “It’s the Web itself and the world of exogenous data now available from syndicated and open data sources” that increasingly matters. Gartner predicts that companies will look to third parties that provide information services to assist with business decisions (i.e., data/decision brokers that comprise a new category of business-centric cloud services that delivers data to be used in business decisions). Forbes examples: How do weather patterns impact inventory? How do this season’s customer preferences as expressed in social media suggest greater or lesser inventory? Because so much enterprise data is now insufficient to provide context awareness to support functional use cases (sales, marketing, legal, compliance, etc.) business data now resides with third-party cloud hosters. In an eDiscovery context, access to data outside the organization raises specific challenges that businesses will need to ask (and understand the answers to, i.e., in the case of social media cited above): For example, who ultimately owns the data? How will your data be shared? What if regulators or lawyers need access to that data? How may your data be used? Where is it being stored? Who has access and under what circumstances?

Prediction #3: Gartner’s final prediction focuses on the increasing use of analytics to allow businesses to better track the use of their products and services. In an Internet of Things (IoT) and smart product context, products themselves will provide customers with relevant information regarding their location, maintenance and performance. In the context of eDiscovery, these devices may contain useful information that could be discoverable in the case of litigation or investigations. It will likely be necessary to collect, process and search these devices for data relevant to investigations, and apply analytical tools to parse through and assess. Take for example Fitbit data that was used in court as evidence. From Forbes.com:

Personal injury cases are prime targets for manipulation and conjecture. How do you show that someone who’s been in a car accident can’t do their job properly, and deserves thousands of dollars in compensation? Till now lawyers have relied on doctors to observe someone for half an hour or so and give their, sometimes-biased opinion. Soon, they might also tap the wealth of quantifiable data provided by fitness trackers. A law firm in Calgary is working on the first known personal injury case that will use activity data from a Fitbit to help show the effects of an accident on their client.

(In this particular case, the lawyers didn’t use Fitbit’s data directly, but pushed it through an analytics platform that uses public research to compare a person’s activity data with that of the general population.)

As data continues to grow, the key will be the ability to accurately and efficiently analyze this data and turn it into useful and actionable information. Transitioning from manual to automated processes and partnering with strategic data experts will be essential for making intelligent business decisions.

Easing eDiscovery Review Costs

Originally published on Legaltech news.

Privilege review typically involves attorneys meticulously inspecting collected documents—but it doesn’t have to.
Bill Piwonka, Law Technology News

International Data Corporation estimates the volume of digital data created globally will grow 40 percent to 50 percent a year, reaching 40 zettabytes by 2020. Managing these growing data volumes during eDiscovery is, and will continue to be, extremely challenging and costly. Nowhere is this more evident than in the review of documents for privilege, especially in large cases.

John Facciola, a retired magistrate judge from the District of Columbia, speaking on Exterro Inc.’s recent webcast, Federal Judges Panel: Avoiding Irreversible Mistakes in eDiscovery, estimates that review accounts for about 70 percent of eDiscovery costs, and much of that is spent on identifying privileged documents.

Facciola is among a great majority of federal judges who have long pushed parties to take advantage of Federal Rules of Evidence (FRE) Rule 502(d) as a means to ease the privilege review cost burden. FRE 502(d) allows parties to enter agreements during discovery to ensure that if privileged info rmation is unintentionally revealed during eDiscovery, it cannot be used against either party. It also prevents both s ides from having to engage in filing motions to get privileged information returned. Judicial support for FRE 502(d) was underscored in a recent survey conducted by Exterro, Federal Judges Survey: eDiscovery Best Practices and Trends. In the report, 45 percent of the participating judges said using the rule was the biggest way parties could cut eDiscovery costs.

Statistics like these make it something of a mystery to our judges as to why virtually no one takes advantage of the rule. Several survey respondents indicated that they’ve never once seen a party address the rule, including Chief Magistrate Judge Frank Maas of the U.S. District Court for the Southern District of New York. “I’ve had several cases where the amount of controversy was $1 billion or greater and even in those cases, counsel have never on their own raised with me a 502(d) order,” he says.

But Chief U.S. District Judge Joy Conti of the Western District of Pennsylvania shed some light on wh y this might be the case in Exterro’s webcast. Thanks to a default provision, orders in her district routinely have a FRE 502(d) clause included. But, she says, they don’t really result in significant savings.

“Lawyers are so concerned about accidentally producing privileged documents, they almost always want a full review prior to production. I do not know if it’s really going to save money as the profession and clients don’t want to use it,” Conti says.

Supporting this view in an interview with Corporate Counsel, an ALM affiliate of Legaltech News, Steve Ihm, vice president and assistant general counsel at Allstate Insurance Co., said that the adversarial relationship of attorneys contributes to parties’ reluctance to engage in any agreement perceived to be mutually beneficial.

“The adversarial approach has its place, such as at trial, but frankly clients would be better served—and costs and distraction would be mitigated—if there were less antagonism surrounding discovery, especially at the initial stages,” he says.

I’m not an attorney nor am I here to argue whether we should try and change decades of a mind-set that attorneys bring to every case. I’d rather avoid the argument of whether FRE 502(d) orders are underutilized to the detriment of companies, and instead focus on advancements in eDiscovery technology that can significantly reduce the cost of privilege review and bring needed proportionality to eDiscovery—with or without the rule.

I think we can agree that privilege review typically involves highly paid attorneys meticulously inspecting collected documents in search of privileged content. Yet attorneys and in-house legal teams now have the ability to index, search and analyze information “in-place” as it exists in its native store—all prior to collection. Furthermore, predictive coding, or machine learning technology, can be trained to quickly identify specific types of content or metadata and flag documents accordingly before anything is actually collected.

By leveraging these technologies, legal teams can apply advanced search filters and predictive coding to data in place and eliminate the need to conduct manual privilege searches. For example, an email containing a particular corporate attorney’s name could signal that there is a high likelihood the content is privileged. The system can be trained to flag and withhold those emails from any subsequent collection.

An added benefit of conducting the privilege analysis in place, versus post-collection, is that any privileged documents that do make it past the initial filtering (remember that no technology is perfect every time) can still be spotted and withheld from production in the latter stages of review. This is extremely important when you consider the fallibility of manual human review, especially with large document sets. Eliminating privileged data early in the process mitigates the risk that something will slip through the cracks later on.

Besides reducing the need for costly privilege reviews, applying advanced search filtering to data in place further controls costs by providing attorneys with insights into the data—volumes, types, locations, search terms, smoking gun issues—much earlier in the process and enable them to become much smarter and more informed about the potential evidence. Armed with actual data intelligence, attorneys can enter negotiations with solid proportionality and scope arguments based on facts, keeping discovery requirements (and costs) proportional to the case and issues at hand.

Whether the legal community ever comes around on FRE 502(d) remains to be seen. If rules can’t control the privilege review cost problem, it’s at least nice to know that technology can help.

Read more: http://www.legaltechnews.com/id=1202723520417/Easing-EDiscovery-Review-Costs#ixzz3YXqxNs1m

Litigators Who Don’t Know Enough About eDiscovery Should Be Afraid, Very Afraid

Originally published on Above the Law.

By Jeff Bennion
It seems like I can’t go to an eDiscovery CLE without someone talking about California’s Proposed Formal Opinion 11-0004. It’s probably my fault, at least in part. For those of you who only go to interesting CLEs, allow me to summarize: it’s a proposed opinion, not yet adopted by the rules committee, that gives a hypothetical about an attorney who doesn’t know anything about eDiscovery and suddenly finds himself neck deep in eDiscovery problems that have crept into his case. It suggests that litigators should have minimal competence in eDiscovery and may be violating their duty of competence if they do not either become competent or bring in someone who is competent.

A new 2015 version (and here’s the old one for comparison) of the proposed opinion has come out that has been significantly rewritten, but before I go into the changes, let’s talk about why it is important to everyone.

Why This is So Scary to Litigators

I hate family law. I hate tax law. I hate estate planning law. I choose every day to not take those cases. When people call me and ask me if I can help them get back custody of their kids, I tell them no and refer them to the county bar referral service. It’s not that I have anything against those areas of law or the people who practice in those fields, it’s just that I don’t know anything about those areas, and I don’t want to learn because they sound boring and horrible. A lot of people feel the same way about eDiscovery. To their credit, eDiscovery is mostly boring and horrible also. The difference is that eDiscovery can creep into any field of litigation. You don’t work on a products liability case and suddenly find yourself surrounded by the world of holographic wills. You don’t work up a partnership dispute case and suddenly find yourself having to prepare child custody declarations. But if your case involves parties or witnesses who text, Facebook, e-mail, or have information on computers, you can find yourself surrounded by boring and horrible questions about things like clawback agreements and native files and load files and computer forensics and preservation holds, and the like. Suddenly lawyers who still use WordPerfect are forced to be technology experts.

What Has Changed

The original version of the rule faced some pretty serious backlash, due largely to its harshness. At first glance, the Digest and the Conclusion parts of both opinions are roughly the same, save for some stylistic changes, but the Discussion is almost entirely rewritten.

Using the Compare feature of my new version of Adobe Acrobat, I was able to prepare a redline version of the two PDFs. Here are just two pages from the Discussion section (red is a deletion and blue is an insertion):

Screenshot 2015-04-13 22.00.53For comparison purposes, let’s look at how the arguments have changed.

The outline of the Discussion in the original opinion:

Attorney Duties Concerning Electronically Stored Information (“ESI”)

  1. Duty of Competence
  2. The Duty of Confidentiality Includes But Is Not Limited to Protecting The Attorney-Client Privilege
  3. The Duty of Confidentiality Includes But is Not Limited to Protecting The Attorney-Client Privilege [Yes, it is repeated]
    1. Duty Not to Suppress Evidence
    2. The Duty of Candor

The outline of the Discussion in the 2015 version:

  1. Duty of Competence
    1. Did Attorney Violate The Duty of Competence Arising From His Own Acts/Omissions?
    2. Did Attorney Violate The Duty of Competence By Failing to Supervise?
  2. Duty of Confidentiality

The hypothetical fact pattern is a little different in the 2015 version and I’m not really sure if it’s more scary or less scary. In the new version, the attorney knows the client and has represented his company before. The company has an IT department. He trusts the IT department and representations made by the client about what is and is not on the network servers and allows a third-party vendor to work with the IT department to collect the necessary data. The attorney fails to instruct the IT department about the scope of the search or the discovery issues at hand and the third-party vendor acquires more data than necessary, including confidential corporate records.

As you can see from the revised Discussion outlines, the new opinion goes into what attorneys need to do to supervise clients, IT staff, and third-party vendors.

From the new opinion:

Attorney did not instruct or supervise Client regarding the direct network search or discovery, nor did he try to pre-test the agreed upon search terms or otherwise review the data before the network search, relying on his assumption that Client’s IT department would know what to do, and on the parties’ clawback agreement.

Although there were some clear mistakes made here, it is scary because one of the reasons that attorneys outsource to IT staff and vendors is because they are the subject-matter experts and the attorney wants to defer to their judgment on those matters. This opinion reminds us that although you can defer some of the heavy lifting, the attorney is ultimately responsible for the final product. Here, this would have entailed a roundtable discussion with the client, the IT staff, and the attorney to discuss and educate each other on the manner of storage of the ESI, the search methods to be used, the potential to be overinclusive and pull in confidential documents, and the realities of the cost and time associated with a privilege review. They should have discussed things like de-NISTing, deduplication, load file creation, archiving, backups, etc.

One of the crucial mistakes that the attorney made was to not review the documents for privilege after they had been pulled from the client network. He just assumed, based on what the client had told him, what would or would not be there.

In both the old and the new opinions, the attorney gets a nasty letter from opposing counsel complaining that evidence was not preserved and was subject to automatic deletion per company policies, despite a legal hold that should have been in place. It turns out opposing counsel was right, but the attorney did not know about or did not know how to comply with his duty to preserve electronic evidence.

Core Lessons

The attorney is still being faulted for things that could have been prevented by a rudimentary understanding of eDiscovery. If the attorney knew even a little bit about the file structure of the network or the client’s auto-deletion policies, he could have avoided the problems that suddenly arose in his case. He might have been more confident in telling the IT staff how to avoid IT mistakes and properly supervised the production. That’s still kind of a high bar for most lawyers. Although this is still just a proposed opinion, it’s no less of a warning sign for those of you who have no idea what de-NISTing is.

 

Read more: http://abovethelaw.com/2015/04/litigators-who-dont-know-enough-about-e-discovery-should-be-afraid-very-afraid/

 

Microscopic Particles Can Cause Huge Damage

particlechart
When a data recovery service provider is needed, be sure the facility has the proper industry certifications. Otherwise, the data you are missing may be at a much higher risk of being unrecoverable or even permanently destroyed.

The Dangers of Microscopic Particles in Data Recovery

As the platters in an HDD speed along at an average rate of 7,200 RPM, a cushion of air is created on which the actuator arm and read/write heads float a mere 3 nanometers above the fragile surface of the rotating disks. This fly height is microscopic, and it is essential to the functionality of the drive.

Extreme damage and data loss can result if any particulate matter (even something as thin as a human fingerprint) gets between the surface of the rotating disk and the read/write heads. Any foreign object could be struck by one of the heads, causing damage to the mechanism and destruction of data.

Required: Certified ISO Class 5 Cleanroom

The data recovery company you choose should have a Cleanroom in which disabled drives and other sensitive equipment can be inspected and worked on without introducing any additional risks of contamination, damage or data loss.

In an average outdoor environment, one cubic foot of air could contain more than 35 million particles (dust, dirt, ash, smoke, etc.) bigger than 0.5 microns in diameter.

Indoor air is a bit cleaner, although there could still be roughly 1 million similar-sized particles in a cubic foot of atmosphere from an indoor location.

In an ISO Class 5 Cleanroom, like the one DriveSavers has, less than 100 particles bigger than 0.5 microns are present per cubic foot of air, making it safe to open up and work on hard drives and other sensitive data storage devices without fear of contamination.

Reduce Risk, Increase Recovery

Regular audits should be conducted to measure and certify the effectiveness of a Cleanroom installation while it’s in use. Some data recovery companies with certified Cleanrooms had their audits performed while the rooms being tested were unoccupied and not in operation. Particle counts may differ substantially while a Cleanroom is actually in use and occupied with people.

Cleanroom engineers must wear special suits, plus protective headgear and footgear to guard against contamination. All accessories—including writing paper and pencils, cleaning tools and more—are specially designed to reduce the release of any particulate matter into the atmosphere.

How do you know if the audit was performed while the Cleanroom was in use or not? Request the “Controlled Environment Testing Report” and look for “Occupancy State.” The status of the Occupancy State could be one of three: “as-built”, “at-rest” or “operational.” You want to see “operational.”

Our Certified ISO Class 5 Cleanroom allows our engineers to work within the manufacturer-recommended limits of cleanliness during the recovery process. Take a moment to review DriveSavers current ISO Class 5 audit report, which we passed with flying colors while operational.

Have a sneak peak at the DriveSavers Cleanroom.


Glossary of Terms

Given in order as they appear in the article.

HDD: Hard disk drive

Read/Write Heads: The mechanisms that record and retrieve information on an HDD

Platters: Spinning disks in an HDD on which data is written and stored

Actuator Arm: The armature from which the read/write heads are suspended over the platters in an HDD

Fly Height: The distance between the platters and the read/write heads in an HDD—3 nanometers, or about 3/1,000,000,000th of an inch

Cleanroom: A customized laboratory environment in which the air is filtered continuously to reduce the amount of particulate matter present

Micron: A unit of measurement equal to 0.000039 inches

Crashed Hard Drives: When in Doubt, Don't Throw It Out

Originally published on New York Law Journal.

By Stephen M. Kramarsky

Just about every practicing litigator has a story about electronically stored information, or ESI: how it won the case or lost the case or turned up or disappeared. It’s fair to say that electronic discovery has entirely transformed litigation over the last 20 years and there is no shortage of court opinions and commentary on the subject. In the federal courts, a series of opinions written in 2003 and 2004 by Judge Shira A. Scheindlin in Zubulake v. UBS Warburg1 planted the seed that has grown into the modern ESI discovery regime. Specifically, these opinions focused not only on the parties’ obligations to produce ESI, but to preserve it—even before litigation begins.

Since Zubulake, numerous courts have addressed how the discovery rules—which are general and apply to all types of materials—specifically apply to ESI. These opinions address when the obligation to preserve arises, what must be preserved, and when and how ESI must be searched and produced. As the law has developed, it has become clear that the obligation to preserve and produce ESI is broad, and a restrictive definition of ESI (email and electronic documents) is insufficient. ESI in the modern litigation landscape may include text messages, instant messages, voicemail, digital video, audio and images, and even social media postings. It may also include the metadata associated with those files and the media on which they reside, if that information is relevant to the case. An entire industry of ESI management products and consultants has sprouted and flourished in recent years to comply with the requirements of ESI preservation and production. But even now, a dozen years after Zubulake, new questions continue to arise.

In Dorchester Financial Holdings v. Banco BRJ S.A.,2 the litigants recently presented the court with a question of first impression, at least in the Southern District of New York: May a litigant dispose of a hard drive that might contain relevant, discoverable information if that hard drive has “crashed?” If not, what is the appropriate sanction for doing so?

In Dorchester, plaintiff’s attorney had destroyed a hard drive that he claimed had “crashed” even though the hard drive contained documents related to the case. The attorney did not inform the defendant or the court until discovery began two years later. Defendant sought sanctions for spoliation of evidence, which the court granted. In coming to its decision, the court had to address several open issues of law, and in doing so provided some insight into how courts analyze spoliation, particularly when it involves rapidly advancing technologies such as forensic data recovery.

Facts

In 2011, Dorchester Financial Holdings sued the Brazilian bank Banco BRJ, S.A. for the second time, alleging that BRJ had committed breach of contract and fraud by failing to honor a $250 million letter of credit that it had issued to Dorchester a decade earlier in 2001. BRJ moved to dismiss the complaint, arguing that the New York court lacked personal jurisdiction. BRJ claimed that it had never done business with Dorchester and that the $250 million letter of credit was counterfeit. Dorchester opposed the motion, maintaining that the letter of credit was authentic.

While arguing that the court had personal jurisdiction over BRJ, Dorchester unveiled a new allegation. It asserted that, just days before issuing the letter of credit, BRJ had executed a contract with Dorchester that contained a choice of law provision requiring BRJ to adjudicate all disputes related to the letter of credit in New York. Dorchester attached a copy of the contract to its brief. BRJ responded that the contract, like the letter of credit, was counterfeit. Shortly thereafter, Dorchester amended its complaint to allege breach of the newly discovered contract and BRJ filed another motion to dismiss on the same grounds as before. The trial court dismissed the case, but Dorchester successfully appealed, and the case moved on to discovery phase.3

Thus it was years later, in February 2014, that BRJ served its first document requests on Dorchester. Naturally, the requests sought communications and documents, including metadata, related to the 2001 contract that Dorchester was suing under. In response, Dorchester produced some documents, but appended a surprising statement to the production: Dorchester did not possess any documents related to the letter of credit or the contract except for those it had already disclosed, because “[a]ny such data was destroyed by computer failure between 2001 and 2013.”4 This was the first time that Dorchester had mentioned that it had lost any documents to either BRJ or the court.5 BRJ responded to this admission by filing a motion for sanctions for Dorchester’s spoliation of evidence.

The court ultimately found6 that the actions of Dorchester’s attorney, T.J. Morrow, who was also a corporate officer, constituted spoliation and merited sanctions. In 2002, in connection with a previous, similar action against BRJ, Morrow had gathered all of Dorchester’s hard copy and electronic documents related to the dispute. Morrow saved and kept all of the electronic documents on his personal computer, including the 2001 contract and related emails. Morrow printed some of these electronic documents in August 2011, while Dorchester was opposing BRJ’s first motion to dismiss and filing its amended complaint, and later printed more in March 2012, during the appeal. Other documents related to the case were on the computer, but Morrow chose not to print them.

According to Morrow, shortly after printing these documents, his computer “crashed” sometime in March 2012. Although Dorchester’s case was open and active at that time, Morrow chose to not inform BRJ or the court. Instead, he had a family member with no formal computer training look at his computer. The family member told him that the computer “was basically gone and that [Morrow] needed to get a new machine.” He advised Morrow to transfer anything he “could take off of it.”7 Morrow never consulted a computer specialist, and instead opted to dispose of the computer, despite knowing that its hard drive had never been backed up or forensically imaged. Any documents that Morrow had not printed were lost, along with any metadata about their creation.

Fact-Finding and Spoliation

The fundamental goal of any court engaged in fact-finding is to do so accurately. But this goal is tempered by reality. In the modern world, courts have recognized that there may sometimes be too much data for human beings to examine piece-by-piece.8 And business realities may cause data to be lost or destroyed in the ordinary course, long before litigation is even seen as a possibility. Responding pragmatically to these considerations, most courts balance the cost of locating and producing a given class of ESI against its importance to the case. However, spoliation—the destruction of evidence—is another matter.

Under the spoliation doctrine, courts may award sanctions, in various forms, to punish parties who destroy evidence, and to provide relief to parties who might have been harmed by that loss of evidence. Spoliation sanctions are also prophylactic: They are designed to deter parties from destroying evidence in the future.9 The Second Circuit has identified three elements that a court must find before issuing sanctions for spoliation: (1) that the party controlling the materials had a duty to preserve them when they were destroyed; (2) that the materials were destroyed “with a culpable state of mind”; and (3) that the destroyed materials were relevant to and would support a party’s claim or defense.10 Recently, New York state courts have largely adopted the federal standards for spoliation, at least as to ESI.11

Spoliation Analysis in ‘Dorchester’

The court in Dorchester began its spoliation analysis by identifying the three elements of spoliation—duty, culpability, and relevance. It then analyzed each element, and finished by determining the appropriate sanction.12

The court first determined that Dorchester was bound by a duty to preserve the documents and metadata at the time that Morrow’s computer crashed, which was during the appeal. Critically, the court held that “Dorchester’s duty to preserve did not end when the computer allegedly crashed,” though the court acknowledged that no other court in the Second Circuit had squarely addressed the issue.13 In support of its conclusion, the court asserted that it is common knowledge that experts can sometimes recover data from the hard drive of a computer that “crashes.” Therefore, the court held, “Dorchester had a duty to preserve Morrow’s computer after its alleged crash, and to make reasonable efforts to recover the data it contained.”14

Moving on to the second element, the court held that Dorchester had a culpable state of mind and had acted with at least gross negligence. Again, the court acknowledged that no court in the Second Circuit had addressed the issue at hand: whether a person is culpable for spoliation if they destroy a “crashed” computer that contains data that might still be recoverable with professional assistance. The court held that in Dorchester’s case, the destruction of the computer was the same “as [the] destruction of all data stored on the machine before the alleged crash.”15 The court identified three reasons supporting its conclusion.

First, the court found that at least some of the data on the machine likely could have been recovered by a computer specialist with present-day technological expertise. Second, the court recognized that spoliation is an equitable doctrine, and held that where there is a risk that a court will inaccurately determine the impact of the destruction of potential evidence on a party—because it is often uncertain exactly what evidence was destroyed—the court should place that risk of inaccuracy on the party who caused it by assuming that the data would have been recoverable. Third, the court warned that finding otherwise may incentivize future misconduct. Parties might let recoverable data perish, or even intentionally destroy it, if they are allowed to select which materials are preserved and used in a case—for example, by copying or printing select documents—and which are lost, without suffering repercussions.

Finally, for the third spoliation element—the relevance of the spoiled evidence—the court presumed that the lost data would have been relevant to BRJ’s defenses because Dorchester had acted with a culpable state of mind (at least gross negligence). Dorchester failed to rebut that presumption. In fact, Morrow’s own testimony supported it: He admitted that he had only printed documents that were beneficial to Dorchester’s case. Therefore, the final element was established.

Having held that BRJ had established the three spoliation elements, the only remaining question for the court was the appropriate sanction. The court considered the prejudice to BRJ, which it characterized as severe: “the potential scope of the evidence lost, and the pro-spoliator bias of the documents that remain.” The court surveyed the possible remedies: “further discovery, cost-shifting, fines, special jury instructions, preclusion, and the entry of default judgment or dismissal (terminating sanctions).”16 After ruling that it was bound to impose the least harsh sanction that would still provide an adequate remedy, the court held that the “substantial sanction” of a “mandatory adverse inference” was appropriate. In this case, that adverse inference will likely be fatal to Dorchester’s case, because the jury will be directed to infer that Dorchester “destroyed electronic evidence, including emails and metadata, favorable to BRJ’s claim that it did not participate in the transactions at issue.” In addition, the court ordered Dorchester to pay BRJ’s attorney’s fees and costs.

Conclusion

The decision in Dorchester is not especially surprising. Though the issue is apparently new to the federal courts, the First Department addressed it in 2013, when it upheld spoliation sanctions against a plaintiff who destroyed a purportedly broken computer that contained relevant documents after commencing the action.17 Regardless, these opinions are important reminders to attorneys that the state of the art is always advancing, and the courts are increasingly in touch with that. For instance, both of these opinions mention the importance of metadata and recognize that printed versions of documents do not preserve it. And in Dorchester, the court described in detail the advanced tools available for data recovery, and assumed that the parties understand that landscape as well. In this environment, the message to litigants is clear: When in litigation, it is far better to preserve potentially relevant information than to face the consequences.

Endnotes:

1. See Zubulake v. UBS Warburg, 220 F.R.D. 212, 220 (S.D.N.Y. 2003), and the three following opinions generally referred to as Zubulake III, 216 F.R.D. 280 (S.D.N.Y. 2003), Zubulake IV, 220 F.R.D. 212 (S.D.N.Y. 2003), and Zubulake V, 229 F.R.D. 422 (S.D.N.Y. 2004).

2. Dorchester Fin. Holdings v. Banco BRJ S.A., No. 11-CV-1529, 2014 WL 7051380 (S.D.N.Y. Dec. 15, 2014).

3. Id. at *2-3.

4. Dorchester, No. 11-CV-1529, ECF 81-8 (“There are no internal communications, drafts, memoranda, notes etc., in Dorchester’s possession in electronic or hard copy form. Any such data was destroyed by computer failure between 2001 and 2013. There is no available meta-data. Dorchester has provided all available documents in its possession.”).

5. Dorchester, 2014 WL 7051380, at *3.

6. Judge Kimba M. Wood’s decision on the spoliation motion is actually a review of the Memorandum and Order of Magistrate Judge Kevin N. Fox. On the spoliation issue, Wood reviewed the Memorandum and Order de novo. Id. at *1-2.

7. Dorchester, 2014 WL 7051380, at *3.

8. Moore v. Publicis Groupe, 287 F.R.D. 182, 190 (S.D.N.Y. 2012) (“Linear manual review is simply too expensive where, as here, there are over three million emails to review.”).

9. Chin v. Port Auth. of N.Y. & N.J., 685 F.3d 135, 162 (2d Cir. 2012).

10. Id. The standards governing a litigant’s duty to preserve ESI and the sanctions for breaching that duty vary amongst the federal circuits. See generally Ahunanya Anga, “Electronic Data Discovery Sanctions: The Unmapped, Unwinding, Meandering Road, and the Courts’ Role in Steadying the Playing Field,” 50 San Diego L. Rev. 621, 626 (2013) (“Various circuits employ different standards or approaches to determine whether sanctionable conduct exists.”).

11. See VOOM HD Holdings v. EchoStar Satellite, 93 A.D.3d 33 (2012) (upholding lower court’s explicit adoption of Zubulake standards for ESI preservation and spoliation). But see Strong v. City of New York, 112 A.D.3d 15, 23 (1st Dep’t 2013) (holding that New York’s adoption of the federal law of spoliation is limited to ESI context).

12. Dorchester, 2014 WL 7051380, at *4 (emphasis added) (quoting Zubulake v. UBS Warburg, 220 F.R.D. 212, 220 (S.D.N.Y. 2003)).

13. Dorchester, 2014 WL 7051380, at *5.

14. Id.

15. Id. at *6.

16. Id. at *7.

17. Harry Weiss v. Moskowitz, 106 A.D.3d 668 (1st Dep’t 2013).

Read more: http://www.newyorklawjournal.com/id=1202715268409/Crashed-Hard-Drives-When-in-Doubt-Dont-Throw-It-Out#ixzz3YeR86cCv

DriveSavers Digital Forensics Team Delivers Key Evidence in Murder Conviction

Recovered data from waterlogged iPhone brings Texas murder suspect to justice

Franklin Davis iPhone
DriveSavers performed a complete recovery of this iPhone, thus providing key forensic evidence in a recent Texas murder case.

LegalTech New York 2014

February 03, 2014 09:00 AM Eastern Standard Time

NOVATO, Calif.—DriveSavers Data Recovery played a crucial role in assisting to bring a murder suspect to justice in a Texas case where forensic evidence proved the killer lured the teenage victim to her death with deceiving text and social media messages.

Experts at recovering valuable data for more than 27 years, DriveSavers offers Digital Forensics and Electronic Discovery (eDiscovery) as legally defensible data recovery services that can be used to aid the legal community. The company’s certified computer forensic specialists are able to quickly and efficiently process information and recover electronically stored information (ESI).

In November 2013, two DriveSavers digital forensic investigators testified in the prosecution of Franklin Davis, who was charged with the murder of 16-year-old Shania Gray. The data that DriveSavers was able to recover from Gray’s destroyed iPhone was vital to convict Davis, who is now facing the death penalty.

Davis, who had already been charged for sexually assaulting Gray, lured Shania—his family’s babysitter—to a meeting in Carrollton, Texas, where he killed her to prevent her from testifying. Gray received text and social media messages from Davis, who was posing as a private investigator for the rape trial.

The iPhone, which was discovered in a pond near the victim’s body, was destroyed to the point where a federal government forensic lab was unable to retrieve the necessary information for prosecution.

The phone was shipped to DriveSavers for a secondary attempt at retrieving the critical data. The company was able to perform a complete recovery of the iPhone’s data that was key in the outcome of Davis’s murder trial.

DriveSavers is able to recover ESI from nearly any physically damaged or mechanically failed device including computers, PDA’s, cell phones, USB Flash Drives, digital camera cards, hard drives, RAIDs and enterprise level servers.

Members of DriveSavers’ eDiscovery/Digital Forensics Department will be at Legal Tech New York 2014, February 4 – 6, at The Hilton New York Hotel, booth #2500, to discuss this and other company news.

About DriveSavers Data Recovery

DriveSavers Data Recovery, the worldwide leader in data recovery, provides the fastest, most reliable and only certified secure data recovery and eDiscovery service in the industry. All of the company’s services meet security protocols for financial, legal, corporate and healthcare industries and it is the only company that posts proof of its annual SOC 2 Type II Audit and HIPAA data security and privacy compliance. DriveSavers adheres to US Government security protocols, the Gramm-Leach-Bliley Act Data Security Rule (GLBA), the Data-At-Rest mandate (DAR) and the Sarbanes-Oxley Act (SOX). DriveSavers engineers are trained and certified in all leading encryption and forensic technologies and operate a Certified ISO Class 5 Cleanroom. Customers include: Bank of America, Google, Lucasfilm, NASA, Harvard University, St. Jude Children’s Research Hospital, US Army and Sandia National Laboratories.

Contacts

Press:
BLASTmedia
Sabrina Cook, 317-806-1900 x 119
sabrina@blastmedia.com
or
DriveSavers Data Recovery
John Christopher, 415-382-8000 x 123
john@drivesavers.com

iPhone Data Key to Texas Murder Conviction

Franklin Davis
Image: CBS 11 News

DriveSavers played a key role in helping to bring a murder suspect to justice in a Texas case where forensic evidence proved the killer lured the teen-age victim to her death with false text and social media messages.

The death penalty was handed down last month in the jury trial of Franklin Davis, who was found guilty of killing 16-year-old Shania Gray in September, 2012. The girl’s body was discovered by investigators in a river near Carollton, Texas. Her badly damaged iPhone was found in a nearby pond.

Davis was facing rape charges involving a sexual assault of the girl prior to the murder. Prosecutors said the defendant used text messages and social media messages to lure the victim –who was his children’s babysitter– to a meeting where she was killed to keep her from testifying in the rape case.

Since the water-damaged iPhone held the only available copies of those messages, the case revolved around that evidence.

Texas authorities were unable to get anything useful from the phone. They sent the device to a federal government forensics laboratory, but they were unable to obtain a forensic image of the contents.

In desperation, the prosecutors asked Apple for help with the device. Apple referred them to DriveSavers and our engineers were able to make a Cellebrite forensic image of the phone’s data. That data ended up being a key factor in the outcome of the trial.

Two DriveSavers forensic investigators testified for the prosecution, providing details about how the work was done to gather information from the water-logged phone.

“Each and every one of you played a very unique and significant role in uncovering the murderous plot beset upon a beautiful 16-year-old child, and for that each of you are to be commended,” wrote Brandon Birmingham of the Dallas County District Attorney’s Office.”For all of that, and on behalf of Shania’s family, and the Dallas County District Attorney’s Office, please let me say ‘Thank You.’ You all did a good thing, and we are grateful.”

Click here for more details of the case.

DriveSavers has a world-leading reputation for data recovery, forensic investigation and recovery and eDiscovery.

Case Study: With UFED Physical Analyzer, Investigative Team Helps Prove a Case for Capital Murder

Case Snapshot

Who: Law enforcement forensic examiners in Carrollton and Dallas, Texas, in cooperation with DriveSavers Digital Forensics Department in Novato, California.

What: Use of Cellebrite UFED Physical Analyzer to prove a murder suspect faked text messages from his victim.

Why: Without the evidence from the victim’s badly waterlogged phone, prosecutors couldn’t prove premeditated homicide.

Results: UFED Physical Analyzer helped establish that the victim had not recanted her rape accusation, and that her abuser lured her to her death.

Case

The destruction of evidence has become an increasing problem for digital investigators, who are often faced with mobile phones that have been crushed under the wheels of vehicles, submerged in water, and even charred in accelerant-fueled blazes or explosions.

This kind of physical damage can compound the difficulties investigators experience in recovering evidence stored on the devices. Device data ports may be crushed, displays unreadable, memory chips corroded. In one such case, device damage was the only thing standing in investigators’ way as they sought to bring a child killer to justice.

Shania Gray was just 16 when she was shot to death in Carrollton, Texas in September 2012. Prosecutors believed that her killer, Franklin Davis, had lured her to her death. His motive: keep her from testifying that he had raped her.

Davis had thrown both her iPhone and his own into two separate ponds. Police had recovered both devices, reported a DallasNews.com article, but Davis’ device revealed text messages, which appeared to be from Shania. One contained an apparent confession that stated she had lied to police about his involvement in her rape.

Still, prosecutors believed there was more to it than that. The text messages tone and content were inconsistent with other messages Shania had sent, and although Davis’ phone showed that they had come from her number, her wireless carrier had no record of her number having sent them.

To prove their case, prosecutors needed her device. However, her iPhone was so badly waterlogged that neither state nor federal law enforcement forensic labs had been able to recover its data. Prosecutors desperately approached Apple, who referred them to a Novato (Calif.)-based rm, DriveSavers Data Recovery.

“When [Dallas County District Attorney] Brandon Birmingham first approached us, we didn’t know whether he was looking for data recovery, or a full forensic image,” said Bob Mehr, DriveSavers’ Legal Services Advisor. “But, based on the case details, I recommended the forensic image.”

The iPhone arrived disassembled in multiple pieces, owing to an earlier lab’s effort. “We thoroughly cleaned all the components and repaired the resistors/jumpers ,” said Rene Novoa, one of DriveSavers’ Forensic Project Managers. “Then we assembled the pieces and placed them into a known good housing. Once connected, the device vibrated, but we still couldn’t see an image on the screen.”

Novoa then turned to UFED Physical Analyzer to perform the extraction. “I was able to obtain a full image on the first attempt,” he said.

“Because it parsed the data so quickly, we didn’t have to carve data manually; we identified the key data based on the easy access Physical Analyzer gave us to the data categories, and we were able to provide [DA Birmingham] with response within forty-eight hours of receiving the phone.”

The next step was to make sure that the Carrollton Police Department had access to the latest version of UFED Physical Analyzer so that its examiners could read the data and validate the evidence. They could, and the investigators were able to parse the victim’s Facebook timeline along with the text messages.

They found that Davis was pretending to be a man named “D,” and had used phone calls, text and Facebook messages to contact Shania and gain her trust. The forensic image also definitively showed that Shania had not sent the text messages, and that the message that claimed she’d lied to police was a fake.

Prosecutors ultimately were able to show that Davis used an app called FakeSMS to send himself spoofed text messages, which appeared to come from Shania. That evidence and other data proved that the murder had been premeditated, not a reckless act as the killer claimed. This meant that the state could prosecute for a capital offense.

Following Davis’ sentence, Birmingham noted that Shania had “had a right to speak out about her abuse,” a right that Davis tried to deny her and that ultimately, investigators’ work with UFED Physical Analyzer gave her a voice.

About Cellebrite

Founded in 1999, Cellebrite is known for its technological breakthroughs in mobile forensics. Its Universal Forensic Extraction Device (UFED) is used internationally by law enforcement, military, intelligence, corporate security, and eDiscovery agencies to extract data from legacy and feature phones, smartphones, portable GPS, tablets and phones manufactured with Chinese chipsets.

www.cellebrite.com

About DriveSavers

DriveSavers works extensively with law enforcement agencies, attorneys, corporate legal, IT departments, HR departments and individuals to provide legally defensible investigations and reports.

DriveSavers delivers electronic discovery solutions that are legally defensible, repeatable and auditable. The company offers customized solutions to help control costs and manage the collection, processing, review and production of Electronically Stored Information.

Government Discounts for Forensics and eDiscovery

GSA Schedule

DriveSavers offers special government pricing for computer Forensics and eDiscovery services.

Under the DriveSavers GSA schedule, government agencies can purchase specialized legal services, litigation support and electronic discovery for a reduced rate.

In addition to these services, DriveSavers also offers GSA-level pricing on more traditional data recovery service.

Similar discounted rates are also available to state, local and regional government agencies in need of data recovery work, eDiscovery and/or data forensic services.  

Click here for more details.

Press Release: DriveSavers Adds Discounted eDiscovery Pricing

GSA Schedule

U.S. Government Agencies can now take advantage of electronic solutions using GSA Schedule Contract GS-325F-0121S

(NOVATO, Calif. – Sept. 9, 2013) – DriveSavers Data Recovery, the worldwide leader in data recovery services, announced today the addition of eDiscovery/Forensic Service solutions through the General Services Administration (GSA) schedule contract. The GSA provides established long-term government-wide contracts with firms to provide agencies with access to millions of products and services at discounted prices.

As an approved GSA Schedule #GS-35F-0121S contractor, DriveSavers provides federal, state and local government agencies with the best value for professional data recovery services, as well as the latest addition of eDiscovery competitive pricing services.

For years, DriveSavers has offered the highest level of data collection, processing, hosting and analytics for eDiscovery. With state-of-the-art lab space, advanced software and hardware technology, free consultations with staff and customized working solutions, DriveSavers is able to provide cutting edge solutions for eDiscovery scenarios. Now, with the addition of eDiscovery Services to the GSA Schedule, government agencies will be able to take advantage of the service with affordable pricing, favorable terms and convenient payment options.

“The eDiscovery process is more time consuming and expensive now than ever before. It is of the utmost importance that electronic documents of all types receive proper handling throughout the process. The failure to properly preserve and produce Electronically Stored Information (ESI) in litigation can result in serious consequences including court sanctions, loss of reputation and financial implications,” said Michael Hall, CISO at DriveSavers.

“With eDiscovery services now available on the GSA schedule, US government agencies are able to take full advantage of DriveSavers electronic discovery solutions at highly competitive rates,” said Doreen Griffiths, Senior Manager, Business Relations.

As a 2013 recipient of the “Exceptional” Administrative Report Card rating for its GSA contract, DriveSavers has been able to successfully manage the GSA contract regulations and looks to continued success with the addition of eDiscovery. For more information on DriveSavers GSA services please visit: http://www.drivesaversdatarecovery.com/partner-programs/government-program/

###