LAWTECH GURU BLOG by Jeff Beard

Bring eDiscovery In-house While Avoiding Pitfalls

InsideCounsel offers some tips for those interested in bringing eDiscovery in-house while avoiding pitfalls, including some comments from yours truly. Check out "Inside Job" in InsideCounsel's November issue, published in the monthly Technology section.

It's truly a challenging time for companies, but it's doable with the appropriate vision and approach.  Many GC's and AGC's are under significant pressure to reduce their litigation and eDiscovery spend.  Along with other approaches, more and more this usually includes looking inward to insource and automate repeatable and defensible processes as well as gaining greater control over their information management.  Increases in efficiency and effectiveness in identifying, preserving, and culling down the data in-house in earlier stages should translate to lower review and hosting costs, and hopefully shorter review cycles related to the decrease in volume.

However, it's not just about bringing in technological solutions.  I see technology as enabling processes and improving efficiency when done right.  But before that can happen, companies need to discern the impact that various policy and technical choices will have on their ability to manage, identify, and cost-effectively work with their corporate data in eDiscovery, investigative, and compliance contexts.  There's also the question of scale, as many small to mid-sized companies may not have either the volume or types of litigation or perhaps the internal human capital to justify some of these investments.  For larger companies, the concerns typically fall at the other end of the spectrum, such as will their insourced solutions scale appropriately and cover the desired data types through all the hand-off points?  Thus I think it's safe to say that for most companies, insourcing will be a multi-year effort, with iterative cycles of designing effective and defensible workflows to connect all the dots.

Legal EHR Summit: Thoughts & Impressions

From the many presentations and discussions at the AHIMA sponsored Legal EHR Summit in Chicago, it's clear that healthcare records and records management in the U.S. are changing.  (In case you were wondering, "EHR" = Electronic Health Record).  In George Paul's (Lewis & Roca) keynote, he shared how the U.S. government is pouring money into healthcare records via incentives in the ARRA and HITECH acts.  Several presenters referred to these changes as the biggest change to healthcare privacy and security rules since HIPAA was enacted.  Indeed, even as we discussed these developments, new security breach notification rules were due out yesterday.  Also discussed in several sessions, these new laws will likely require many business associate contracts to be renegotiated.

It's also interesting to note that as much as some think of U.S. healthcare as high-quality and high-tech, the underlying HIT and records management systems and professionals are struggling with addressing these new changes, challenges, and ramifications, especially with respect to the legal aspects.  For instance, many HIT systems are not geared toward the legal aspects of preservation (think dynamically changing databases on a daily basis) and production.  Not surprisingly, their focus is on enabling the healthcare professionals and organizations in the provision of their services.  Several cases were mentioned where the plaintiff's attorney wanted to see the data and screens of what the doctor saw when he/she was treating the patient.  The response I heard throughout was that this wasn't possible due to the constantly changing nature of the data in these systems.  It doesn't take much imagination to sense how well this goes over in litigation, and the need for creative solutions.  Much discussion also centered around records management and creating/refining document retention policies, and just as importantly, complying with them.

There were also some pretty scary stories relating to Iatrogenesis, or the patient harm caused by the use of computer systems, and the lack of transparency and sharing of those problems by the software vendors.

There's also the issue of creating the necessary interoperability and sharing of information across different HIE's (Health Information Exchanges) - from local to regional to state to national levels.  So there's a fair amount of catching up and transformation that needs to happen in this industry.  The good news is that these issues are being discussed in depth across multiple disciplines - IT (HIT), Records Management, Legal, Risk Management, and Compliance, just to name a few.

With respect to the summit itself, this was the first time I attended an AHIMA conference.  It's been well organized and everyone at AHIMA has been very helpful and friendly.  There is definitely a spirit of cooperation and collaboration among everyone here, including the attending HIT, records and risk managers, consultants, and attorneys.  Indeed, there is a high degree of interest in addressing and resolving these issues through better understanding of the legal issues by health information professionals, better definition of standards (for instance, what constitutes the "Legal Electronic Health Record"?), and transforming the records management systems and processes.

Blogging at the Legal EHR Summit in Chicago Next Week

What do e-Iatrogenesis, HIT, CPOE, EHR, and eDiscovery all have in common?  They're just some of the many medicolegal and technological terms and issues being discussed next week at the Legal EHR Summit at the Chicago Marriott Downtown.  The summit is organized by AHIMA, the American Health Information Management Association.

As our nation's healthcare industry becomes even more computerized and integrated, partly due to ARRA (the American Recovery and Reinvestment Act of 2009), the intersection of healthcare, electronic records, records management, and legal issues (including litigation and eDiscovery) will likely explode as well.

I'll be attending and blogging as time and Wi-Fi access permits.  Please feel free to look me up as I enjoy the many opportunities for discussions at these events.  For the uninitiated, I've put together a quick cheat sheet for a few select terms below, along with their sources on the Web for more in-depth definitions:

HIT:  Health Information Technology

Think of HIT as IT for healthcare-related systems, along with ARRA's goal of establishing a nationwide interoperable Health IT infrastructure.

CPOE:  Computerized Physician/Provider Order Entry - An electronic system that healthcare professionals can use to enter drug prescriptions and diagnostic orders, among other things.

EHR (aka Legal EHR):  Electronic Health Record

The Electronic Health Record (EHR) is a longitudinal electronic record of patient health information generated by one or more encounters in any care delivery setting. Included in this information are patient demographics, progress notes, problems, medications, vital signs, past medical history, immunizations, laboratory data and radiology reports. The EHR automates and streamlines the clinician's workflow. The EHR has the ability to generate a complete record of a clinical patient encounter - as well as supporting other care-related activities directly or indirectly via interface - including evidence-based decision support, quality management, and outcomes reporting.

e-Iatrogenesis:  "Patient harm caused at least in part by the application of health information technology."

Think of e-Iatrogenic events as things that can go wrong for patients when CPOE systems are implemented and involved.  For example, consider errors relating to patient drugs or diagnostic tests, including errors of commission or omission.

This succinct discussion of e-Iatrogenesis contains a nice explanation of the types of "unintended adverse events":

These unintended adverse events may fall into technical, human-machine interface or organizational domains.  Some e-iatrogenic events will represent the electronic version of "traditional" errors, such as a patient receiving the wrong drug dosage due to a human click-error.  But other HIT precipitated or enabled errors may have no exact analog in the non-electronic context. For example, a clinical decision support system (CDSS) embedded within an electronic health record might contribute to a clinician's incorrect diagnosis or treatment plan; this could represent either a "type-one" or "two" error (e.g., making a diagnosis that was not present or missing one that was).

Stay tuned for more blog posts on these topics . . . 

“Moldy” Twitter Post Draws Lawsuit

Yet another twitter post, this one by a Chicago tenant referring to an allegedly moldy apartment, draws a $50,000 lawsuit against the Twitterer for defamation.  As the tweet was reposted within Twitter and around the world, it provides a wealth of evidence as to not only the post itself, but its far reach across the Internet.

Both sides are going to lose in this suit, though.  According to the article, the original poster could very well lose the suit.  Even if she ultimately prevails, it's going to cost her dearly in defense fees.  Likewise, the realty management firm's statement to the the Chicago Sun-Times that "We're a sue-first, ask-questions-later kind of an organization" resulted in a "firestorm of criticism."  It's a harsh lesson that companies sometimes learn the hard way in responding to customer complaints in the online arena.  "This could generate bad press for them for years, and that wasn't (Bonnen's) doing," said Sarah Milstein, co-author of the just-released "The Twitter Book."  Who's going to want to rent from or otherwise do business with a a self-admitted "sue-first" company?

There are lessons to be learned from both sides.  First, don't make posts on public or social networking sites that are intended for a particular individual, especially when you are peeved at something or otherwise under emotional stress.  Public postings on social networking sites amplifies the dangers of bad e-mail decisions by several orders of magnitude.  Far too many people are either unaware of or forget to change their privacy settings so that only those users can see the post.  You might as well be shouting it to the Washington Post, New York Times, your adversary and their counsel.  There is some very good advice in the SFGate article cautioning posters about this.

Likewise, companies also need to be very mindful of their reactions and public responses to such incidents.  They often damage themselves in the public's eye far worse by how they responded to such a posting, than the original posting caused in the first place.  Sometimes lawsuits can be avoided, and sometimes they can't.  Regardless, it's important for businesses to avoid kneejerk responses that only serve to reinforce public opinion that they are the villains.  They may win the suit, but then can lose even more business in the process by generating additional reputational harm whether they realize it or not.  So which was the better business decision?

Enterprise Information Management Issues to Consider in the Convergence of eDiscovery and eCompliance

Karthik Kannan, VP of Marketing and Business Development at Kazeon, just published a very helpful article on SC Magazine's site discussing the convergence of eDiscovery and eCompliance.  As you'd expect, it's a marketing and business development article, so let's get that out of the way early.  But regardless of whichever technology and process solutions one may prefer, I found the following to be an excellent summary of the issues and requirements one is likely to encounter when addressing the litigation readiness, information management, and compliance challenges in many organizations:

Due to the confluence of legal and compliance regulations and IT management issues, the perfect ESI storm has emerged -- and with it, the confluence of both eDiscovery and eCompliance.

Looking forward, these features are necessary for any workable amalgamation of practical eDiscovery and eCompliance initiatives:

• Enterprise-class scalability and performance. An eDiscovery/eCompliance suite must be scalable to search across hundreds to thousands of terabytes of electronically stored information, as well as scale into the billions of documents, and have the performance to process that data to keep pace with today's information growth.


• Auto-discovery of data sources - An eDiscovery/eCompliance suite must have the capability to auto-discover informational sources anywhere on the network, since critical data may reside in the enterprise file, storage file server or a laptop in Shanghai.


• Holistic and Dynamic Organizational Information Map - Since network topology can change rapidly, having a dynamic and active continuous auto-discovery capability is critical for information indexing, internal investigations, litigation procedures and information capacity planning.


• Agent-less and agent information management - Organizations have enough critical data running on servers, laptops and desktops today. Having the option to run agent-less or agent searches is a critical capability. Agent-less search has a low impact on the IT infrastructure and is easier to deploy. Search with an agent takes longer to deploy, but can deliver effectively on active data sets.


• Robust search, analysis, and classification - Searching, analyzing and classifying information is a complex challenge. Having a strong analysis and auto-classification capability that can sort large data sets based on metadata, document content, file type, an so forth is necessary to accurately and quickly reduce the volume of data to a relevant and manageable set.


• Tagging - Automating the tagging of individual content or grouping content into relevant virtual categories with a robust policy-based engine enables administrators to simplify the review and reporting process by delivering a virtualized organizational information overview.


• Workflow management - After gaining insight into and classifying critical information, bring the "in the wild" data into the ECM platform for workflow management and preservation. With the ability to automate the move, copy, encrypt, and delete actions; an automated policy-based methodology accelerates the manual processes for processing all the enterprise data.


• Unified management - With billions of documents and petabytes of storage, corporations can easily be overwhelmed by the volume of data. A robust eDiscovery/eCompliance suite must have a unified management view across the entire network and the ECM platform, to simplify operational management.


• In-place record hold - Being able to tag and hold potential critical information at the source, i.e., server or laptop, is a capability that separates the efficient eDiscovery/eCompliance suite from an unusable one. It is not reasonable to move all potential critical data back to a repository before review. The in-place hold and review and subsequent collection process streamlines and accelerates the process.


• Enterprise-wide critical information capture - With 80 percent of a corporation's informational assets outside the control of the ECM platform, an eDiscovery/eCompliance suite will need to have the flexibility to identify, access, search, and review information which resides in databases, email archives, servers, email systems and storage systems across the entire network. With an automated workflow policy engine, capture and movement of critical information to the ECM repository can be accomplished on a daily, weekly or monthly basis.

Certainly some of the points are subject to debate.  For instance, the decision of which information or types of information should be subject to in-place holds is often an interesting and sometimes even a pointed discussion around the table.  Also, while the article doesn't directly mention e-mail archives, many of the above principles would certainly apply.  Overall I found it a helpful list of topics and features to consider when attempting to address enterprise eDiscovery and eCompliance initiatives.

I think it's even more important to remember that capability lists like these are most helpful when taken in the context of building a comprehensive information management and compliance program.  Supporting policies and processes must also be developed to address the specific legal, records management, compliance, IT, and end business unit and users' needs and responsibilities.  The resulting solution needs to make sense in the context of that organization's unique circumstances.  It's in this context that these are excellent items to discuss and from which we can draw valuable insight in shaping those solutions.

Free ILTA White Paper: Best Practices for the Legal Hold Process

I'm honored that ILTA asked me to contribute a white paper on best practices for legal holds.  It's a topic near and dear to my heart, as I advise companies seeking to implement more effective hold policies and procedures.  The legal hold process is a critical stage in eDiscovery.  Implementing and executing a well-designed legal hold process can significantly reduce the risks and costs associated with eDiscovery and other compliance requirements.

Crafting, adopting and implementing legal hold best practices often raises the following questions:

• When is our legal obligation to preserve information triggered?
• Where is all of our data relating to this matter?
• How should we notify people of the need to preserve their information?
• Who needs to be notified?
• How much or how little information do we need to preserve?
• How can we best preserve and collect the data to meet our legal obligation?
• When should we rely upon custodian self-selection of data to preserve, and when is it more appropriate to follow a different procedure?
• When can we dispose of the information preserved subject to the legal hold?

You can download a PDF reprint here at LTG, which answers these increasingly important questions along with examples from recent key eDiscovery case decisions.

I also recommend downloading and reading the full white paper collection, made possible by the combined efforts of ILTA's Litigation Support, Records Management and Law Department Peer Groups.  There are a number of great contributions on the subject which many should find quite helpful:

Litigation Support: Document Forensics and Legal Holds
Articles included in this white paper:
- Overcoming Data Encryption for Forensic Imaging and Collections
- When is Full-Blown Forensic Collection Necessary?
- When "Deleted" Doesn't Mean "Gone"
- Disaster Recovery or Discovery Disaster?
- Legal Hold and Subpoena Compliance Coordination
- Best Practices for Legal Hold Processes
- The Effects of Litigation Holds on the Corporate Lawyer

I frequently hear that what keeps GC's and AGC's awake at night is their legal hold preservation and collection process, or lack thereof along with the fear of sanctions for spoliation and other discovery violations.  If your organization has issues with its legal hold and other discovery processes or you'd like to know how you can improve their repeatability and defensibility while reducing cost and risk, please contact me via either the e-mail link on this blog or the e-mail address in the white paper.  I'd be happy to discuss.

Microsoft Exchange 2010 Adds E-Mail Archiving & Limited E-Discovery-Friendly Features

According to InformationWeek, the next version of Microsoft's e-mail server, Exchange 2010, "will include integrated archiving and multi-mailbox search capabilities at no extra cost, making it easier for companies to, for example, comply with e-discovery requirements. But Microsoft will have to be careful not to alienate third-party archiving vendors such as Symantec and Quest."

"Until this version of Exchange, companies seeking to archive their e-mail centrally have had to rely on third-party software. That costly proposition has hurt adoption, and according to Osterman Research, only 28% of companies currently have central e-mail archives."

From this report, Exchange 2010 will also include the ability to view e-mail discussion threads, and a button to ignore those threads.  It will also feature speech-to-text transcription of voicemails, something that lawyers have struggled with in advising companies who wanted to implement more convenient services such as universal messaging, where voicemails get sent to your inbox.

Another interesting Exchange 2010 feature for legal departments:

"There's also new role-based administration, which means that Exchange administrators can delegate responsibility for some non-IT tasks to non-IT workers. For example, human resources managers could update employee information, the legal department could handle e-discovery and audits, and employees could create their own distribution lists." (emphasis added)

However, don't get overly excited at these new developments, at least not yet.  Microsoft has a long history of working in and dumbing down features from competitors' offerings.  The mimicked features often haven't had nearly the same range or depth as a competitor's fuller offering.  However, in some cases, companies have recognized that it was "good enough" for their immediate needs and later purchased additional capabilities from other solution providers to fill the gaps as they were identified.

A hat tip to ARMA for their post pointing this out: "Analysts note that Exchange 2010 will not provide such advanced features as content analytics and archiving of multiple content types commonly found in higher-end products geared toward e-discovery." (emphasis added)

Thus a key question will be: What will cash-strapped organizations lacking e-mail archiving systems opt for in their next round of e-mail management purchase decisions?  Some might start off with Exchange 2010 to see if it's "good enough", particularly if their eDiscovery needs are relatively light.  E-mail archiving vendors may also need to step up their game by offering enhanced value-added tools such as advance search, deeper and more robust content analytics, and handling of diverse content types, as well as making it easier to identify and export data to other downstream eDiscovery systems for processing, analysis, review, and production.

I tend to think that organizations with more diverse, complex, and/or higher volume discovery tasks will still need additional tools and services than simply Exchange 2010.  But it's good to see that Microsoft is recognizing the shifting role that e-mail is playing in organizations' compliance, discovery, and risk management programs and beginning to add more data management features.

Exchange 2010 is coming right around the corner, per InformationWeek: "The company plans to release Exchange Server 2010 in the second half of this year. The rest of Office is due in the first half of 2010, with limited test releases beginning the third quarter of this year. Outlook 2010 will come as part of the rest of the Office suite, though it's unclear when the next version of Outlook Mobile will be available."

Think Before You In-source

My latest InsideCounsel article, "Think Before You In-source" is now available online.  While there has certainly been a trend to bring eDiscovery in-house, lately I've been hearing from a number of corporate legal and enterprise IT professionals regarding their frustration in this area.  I'm not alone, having heard the same from colleagues at LegalTech NY and elsewhere.

As I shared in the article,

I have recently heard from a number of companies who have been dissatisfied that what they've brought in-house from software providers hasn't lived up to the hype, delivered the best results or integrated with all the necessary data systems to address their needs. Some of those acquisitions are even being shelved or curtailed prematurely, well before realizing their return on investment.

Thus I offer seven key factors and issues to consider before deciding to bring various e-discovery services and technology in-house.  In addition, often a number of difficulties can be addressed through better process design, since technology isn't a broad spectrum panacea.  It's a tool to support and automate those processes, not the other way around, and it's important to keep things in the proper perspective:

Keep in mind, this discussion isn't advocating that various aspects of e-Discovery shouldn't be brought in-house. Obviously, many companies are doing just that with the goal to reduce costs, improve consistency and gain better control over their processes to improve compliance. Thus a better statement is that the decision on whether to bring eDiscovery tasks in-house shouldn't be made lightly or because you heard another company in your industry has done so. It needs to make sense and fit well with your particular company's abilities, goals, resources, culture, business processes, risk management, and more.

Like most things worth doing, it's important to consider a number of critical factors and issues before jumping on the bandwagon and throwing technology at the problems, some of which aren't even technological issues.  The more you have done your homework, including having a good handle on the particular issues, gaps, costs, risks, and processes needing to be addressed, the better off you'll likely be when the smoke clears.

In addition, it's important that companies don't just explore the obvious if they want to make meaningful improvements and cost reductions.  There are a number of concurrent or alternate cost-saving measures than can offer significant benefits, which should also be explored or they may be otherwise overlooked in all the hype.

Multi-Pass Erasure Myth Debunked

In his latest LTN column, Ball in Your Court, Craig Ball debunks the long-held hard drive multi-pass erasure myth, that goes like this:

"Top notch computer forensic examiners have special tools and techniques enabling them to recover overwritten data from a wiped hard drive so long as the drive was wiped less than 3 or 7 or 35 times."  The myth also goes that someone using a magnetic force electron microscope would be able to discern the trace magnetic signal left behind on a drive that wasn't wiped enough times, and somehow piece together the underlying wiped data.  Which is a leading reason why common file and disk wiping tools have included all kinds of multi-pass wiping options, ranging from the DOD-specified wipes to the massive 35 times Gutmann wipe.

One part of the myth also says that one can recover trace magnetic data from the spaces between the tracks as the drive heads don't track exactly the same on each pass when writing data.  (Think of this as the space between the grooves on a vinyl record, for those of us who fondly remember them.)

To which Craig says, "Nonsense!" and "[i]t's all a lot of hogwash, at least with respect to any drive made this century."  He explains how the vastly increased "areal density" of modern hard drives leaves little room for wiped data to be resurrected, even if it's only wiped with a single pass.  Areal density simply refers to how closely packed together all the data bits are, which allows manufacturers to place hundreds of GB on a single hard drive platter these days.

Like him, I've heard the myth for years and questioned the ability to use a magnetic force electron microscope to resurrect wiped data.  First, it would be incredibly expensive to do (but that factor only makes it impracticable).  So it was interesting to hear the results, as Craig related from several professionals performing such an experiment, was that it was less successful than a simple coin toss.

Thus he concludes:

"You only need one complete pass to eviscerate the data (unless your work requires slavish compliance with obsolete parts of Department of Defense Directive 5220.22-M and you make two more passes for good measure).

No tool and no technique extant today can recover overwritten data on 21st century hard drives. Nada. Zip. Zilch."

While fascinating from a technical perspective, the real take-away from Craig's article is the reminder that:

"The most egregious is the assumption that formatting a hard drive is the same as wiping its contents. In fact, formatting obliterates almost none of a drive's contents. Any eBay purchaser of a formatted drive can easily restore its contents."

If only I had a Google share for every time I advised someone about this danger and resulting risk.  If you are disposing of a hard drive or giving it to someone else to use, use a proper drive wiping tool first, not a simple format command.

Another good take-away is Craig's discussion of the "G List" sectors on a hard drive, and why conventional wiping cannot touch that data.  So what are those?

In essence, modern hard drives have the ability to sense when a sector is going bad (i.e., not able to store information reliably).  When that is detected, the hard drive automatically copies the contents of the ailing sector to another unused sector on the hard drive, and remaps (points) to its new location on the drive.  This map is kept in the G List on the drive, which stands for Growth List or Growing Defect List.  This is a good thing so you don't lose data to bad spots on the hard drive.  However, when you use wiping software to wipe the drive's data, it can only wipe data in the accessible areas of the drive (which include the second copies of the bad sectors).  However, the original "bad" sectors cannot be wiped by conventional software as they are not accessible to it.

But as Craig points out, for the industrious there's a cure for that as well:

"Remarkably, nearly all hard drives manufactured after 2001 incorporate the ability to rapidly and securely self-erase everything, including the G List; but, drive and computer manufacturers are so petrified you'll mess that up, they don't offer an easy way to initiate a self-destruct sequence.

For those at ease with command line interfaces, the Secure Erase commands can be run using free tools developed for the NSA and available at http://tinyurl.com/serase. But be careful with these as there's no road back."

It's a good read for anyone curious (and paranoid) about securely deleting data.

Risk Assessments Recommended for Companies as SEC Prepares to Flex Its Muscles

The increase in the SEC's enforcement tone, coupled with mass layoffs, could be setting the stage for serious compliance risks at various public companies.

I just read "Companies in Dangerous Position as SEC Prepares to Flex Its Muscles", a National Law Journal interview with Michael Dockterman, a litigation partner at Chicago's Wildman, Harrold, Allen & Dixon, whose practice includes advising boards on corporate governance and compliance issues.  He spoke about why boards need to boost compliance, even amid corporate budget cutbacks.

A key take-away is that as the remaining employees are increasingly overworked as the result of mass layoffs, there are fewer people with less time to focus on compliance issues.  Meanwhile, the SEC appears to be gearing up via policy changes to boost the commission's enforcement powers.  This doesn't bode well for companies who may be spending less time on compliance in order to deal with more pressing issues.

Thus he recommends that directors should not reduce the amount of time spent on performing and evaluating risk assessments that should be at the foundation of all compliance programs.  "Companies should look at where their operations are rubbing up against legal requirements, financial or otherwise. How are we certain that the way in which we're conducting our operations is in compliance with laws, including labor laws, environmental, antitrust and securities laws -- the whole gamut?"

I'll add that in addition to the more obvious areas above, eDiscovery and litigation readiness are just as important in companies' compliance programs.  In all those areas listed above, electronically stored information (ESI) is going to be present.  The company's ability - or inability - to properly preserve, collect, review, and produce ESI could have far-ranging implications and impact.

I've heard from so many companies' attorneys that they know they have significant risks relating to eDiscovery and many feel that they've just been "lucky so far."  Typically, preservation, collection, and spoliation issues are keeping GC's and AGC's up at night.  As law department budgets are being cut by as much as 20%, their job is certainly made more difficult.

However, those with the appropriate balance of short-term and long-term vision are finding ways (and funds) to invest in the future of the company by addressing these issues before they blow up on counsel and IT.  When you consider the hard dollar costs, the blow to both the company's and legal department's reputations and position in the marketplace, and resulting fallout, one "compelling event" (as we tend to call it in the trade) can cost the company far, far more than any amount of proactive investment that could have prevented or greatly mitigated it in the first place.

Some are taking better stock of where they are, identifying their gaps, and then putting in place both procedures and technology, where justified, to address them.  For some, it's slow going, making only modest gains and inching along while hoping the recession doesn't stretch out too long, or the cuts become too deep.  And many, I suspect, are experiencing much quiet desperation hoping (and some might even say gambling) that they don't experience that "compelling event" before they are better able to address the underlying issues.

The problem is that in the current economic climate, between terminations of executives and increased SEC investigations, companies will likely experience more of these with upper management involved as both plaintiffs and defendants.  These tend to be higher dollar, higher risk, and higher visibility.

Especially with staff culling, many companies simply lack the internal expertise to have a broad enough understanding of industry best practices and the resources to define and implement them effectively - whether it's records management, information governance, or litigation readiness.  My suggestion is that it's better to spend a relatively small amount on addressing them now with outside help and making steady progress (even if it's not as fast as you'd prefer, it is still progress) and positioning it internally as a significant cost avoidance program.  It's also a metric that can be reported upward to the board as a sign of responsible management.

You might be surprised how much people are willing to listen about cost avoidance these days.  Be prepared to discuss ROI not so much in terms of estimable dollars (as we know these types of matters are very difficult to predict dollar-wise), but in terms of number of events avoided.  If you could make your money back by avoiding just a handful of these events, that's a very compelling ROI story to tell.  If pressed for dollar estimates, give ranges and tiers for enhanced credibility.

So while budgets are being cut, there is still a need for proactive risk management.  As internal resources dwindle, consider augmenting your efforts with outside expertise.  Compared to the cost of not doing it, it's actually a very responsible thing to do in the long run.

Thoughts From LegalTech 2009

Back from a very busy week in New York.  The buzz from the show centered around several themes this year:

Naturally, discussions about the economy and the overall health of the legal market prevailed.  With the shuttering or RIF'ing of a number of law firms and service providers alike, many believe we're just seeing the first wave.  Vocal concerns over where to place ESI tells me there is a definite Flight to Quality as corporations, law firms, and independent consultants want to know the service provider will be around throughout the life of their legal matters, which typically span several years or more.  So check out your eDiscovery service providers' financial strength and definitely check out their facilities firsthand before you place your data in their hands.  You might be surprised.

Interest in the right balance of sourcing eDiscovery work to control cost was a major theme as well.  Many companies are looking into which tasks, processes, and supporting technologies they can reasonably in-source and maintain defensibility, while realizing they can't do everything at once.  Thus a preferred approach is in-sourcing what you can, but partnering with a leading services provider to fill the gaps and provide a defensible end-to-end process from the internal notification/preservation/collection all the way through review and production.  Having worked with a number of companies in this regard, the dynamics are changing.  Having an experienced and trusted partner can make a huge difference as I've seen companies try to go it alone, only to end up spending a lot more in the long run that could have been avoided.

New FRE Rule 502 - I have yet to see much, if any, impact from its enactment.  First, it's too soon for having any meaningful corpus of case decisions as guidance.  Second, I wouldn't want to be a party in the position of having to rely upon Rule 502 as my main privilege defense.  I attended a panel discussion of eDiscovery issues and trends, and heard Ron Hedges state a very similar perspective.  Thus I feel it's going to be "business as usual" with respect to privilege reviews and related tasks.  No one wants to be the test case.

Great quote from one of the panels:  "We'll never see a well-run discovery process mentioned in the case law."  All too true, as we tend to learn from the opposite in case decisions.

While eDiscovery topics dominated the show, online social networking was also big, as sessions on Web 2.0, Twitter, Facebook and more pulled in a good number of attendees and generated some high Twitter activity.  The eDiscovery Town Hall was an interesting new experiment, as video questions were gathered before the event in Web 2.0/YouTube fashion.  Some good questions were asked and it was interesting to get the panelists' perspectives on topics such as the globalization of eDiscovery.

As with last year, the Bloggers Breakfast was a nice opportunity to meet fellow bloggers and put some faces with URLs.  While I'm certainly not against capitalism by any means, I would caution several of the publicists, PR firms, and marketing agents not to swamp or overwhelm bloggers in your zest to use them in your overall marketing push (emphasis on the "push").  A brief introduction and being mindful of not monopolizing our time will go a long way.

As always, the ILTA-sponsored sessions on Tuesday were good fodder for discussion among in-house professionals and their outside providers.  As any ILTA member will say, it's ILTA's fantastic ability to bring professionals together that is the true value of being a member.

U.S. Magistrate Judge Facciola had a very thought-provoking, engaging, and I daresay, entertaining keynote.  His focus was on competence and collaboration, with the money quote: "Watching an incompetent lawyer is like watching a clumsy ballerina."  He shared his frustration and a certain amount of self-restraint from wanting to jump over the bench and do a cross-examination himself over concern that a party has adequate representation in his court.  He further shared his concern that the certifications and standards of competence for attorneys may need to be revisited.  It was therefore no surprise when he cited the Sedona Cooperation Proclamation, and said what we already knew - that judges don't particularly like to deal with discovery disputes, particularly those when one or both sides are not well-informed.

Overall, it was another good show, and a great place to network and "feel the vibes" of the market.  2009 will continue to be a year of challenge and some changes in the legal market.  I'm reminded that the Chinese word for "crisis" consists of the characters for "danger" and "opportunity", leading to the proverb:  "In crisis, there is danger - and opportunity."

See You at LegalTech New York!

It's been a busy week preparing for an even busier one next week.  I'm looking forward to seeing many friends and colleagues in the Big Apple.  Look me up if you'll be there, and you can also leave word for me at the Daticon EED booth.

With the somber economic situation, everyone is trying to cut costs while increasing efficiency.  eDiscovery process, technology, and sourcing decisions are naturally important concerns and priorities within many companies.  Enterprise platforms and service combinations are evolving and emerging to address the entire eDiscovery process, from in-house processes and solutions to those provided by leading service providers.

Please join Jeff Jacobs and me, Senior Consultants from Daticon EED, and Aaron Brown, Program Director from IBM, for a very informative and engaging discussion on:  "E-Discovery Technologies & Services in the 2009 Economic Environment:  In-sourcing, Outsourcing, and Hybrid Solutions", Monday, Feb. 2nd, at 10:30 a.m. in the Emerging Technologies session track.

See you there!

2009 Predictions From Across the Blogosphere

It wouldn't be a new year without predictions popping up all over the blogosphere.  I've made a number myself in previous years.  This time around, I thought I'd share those that caught my attention and got stuck in my "filter" if you will.

Regardless of those that may amount to nothing more than either wishful thinking or pessimism, it's illuminating to read and keep them in mind as we move forward into the fresh year.  Without further ado:

1. Sonya Sigler (Guest blogger at Ralph Losey's e-Discovery Team blog): 2009 Predictions and Trends

GC Sonya Sigler covers such compelling issues as cooperation, controlling costs, and competence, and along the way discusses effective information management and using technology to your advantage.  Well written and worthy of inclusion on Ralph's inestimable blog.

2. Tom O'Connor (docNative Paradigm Blog): 2009 Predictions

Litigation technology veteran Tom O'Connor discussses the prospects of eDiscovery vendors and consultants in light of the economy and other factors.

3. Tom Asacker (a clear eye): Nine Predictions for 2009

Tom Asacker (author, speaker, provocateur, and marketing guru) doesn't post about legal or technology issues.  Instead, he provides a motivational kick in the seat of the pants that should jolt every business leader out of their current doldrums and into action: "The reality of the coming year is that the precipitous decline in the economy will create a collective pause; a 'space' of epic proportions for organizations and individuals. Yes, it will be unpleasant for many. But it will also be an opportunity in disguise for those willing to seize the moment."

4. Clearwell: 2009 Electronic Discovery Forecast

An EDD vendor shares its Top 10 Electronic Discovery Predictions for 2009.  Caveat:  While I enjoy reading Clearwell's e-discovery 2.0 blog, I think several of the items in this particular list are slanted toward selling their particular offerings.  So you may want to keep this in mind as you read and decide for yourself.  For example, I disagree that the newly enacted FRE Rule 502 will rise to the level of the desired panacea for automated review.  Professional care and competence (both legal and technological) will remain under the microscope.  However, I agree that being able to "show your work" is not only important, but will provide increasing advantages over time.

5. The CMS Watch Analyst Team: Technology Predictions for 2009

Predictions about the intersection of eDiscovery, compliance, and technology would be incomplete without a discussion of the content management market.  Perhaps my favorite prediction from this article:  "Taxonomies are dead. Long live metadata!"  Anyone who's ever worked with a content management system (DMS in legal circles) knows that people do not, and will never, categorize things in the same way.  So don't fight it.  Use the data's own unique characteristics to make it accessible and useful.  Also look for an interesting nugget on social computing's near-term future and splintered progress in the enterprise at prediction #9, as well as some interesting comments explaining a new emphasis on application search at #8.

And there you have it - a wide range of predictions sure to make us think about trends and priorities over this coming year.

E-Discovery Career Choices: Know the Operational Differences Between Corporate Departments & Law Firms (& Vendors Too!)

Deena Coffman, Discovery Director at Johnson & Johnson, offers a comparison for E-Discovery staff between large corporate law departments and law firms. I've read these types of articles before, which usually focus on the pros and cons of the positions and other likely fodder. However, Deena presents candidates with much-needed insight into both the stark and subtle differences between corporate legal and law firm approaches to evaluating projects, investments, and managing careers. While this isn't a "grass is greener" article per se, I'd say the "Your Agenda" section at the end tends to pitch the corporate side's benefits a bit more, which leads me to perceive this as a recruiting vehicle.

With that aside, she puts forth a fairly straightforward comparison of how both types of organizations operate, consider project proposals, manage headcount and workload, and the types of experience one would obtain at each. She did a superb job of describing the difference in how corporate legal departments are often perceived across a company (as opposed to law firm practice groups), and discussing the more subtle effects of political capital.

I too have had career-enhancing experiences with both a Fortune 50 legal department and a large national law firm. For E-Discovery professionals evaluating their career choices, it is a rare "deep look" that candidates considering their futures should definitely read. Here's the money quote:

Work life in corporations and law firms affords advantages and disadvantages. To make the best choice for you, understand how those advantages and disadvantages align with your personality, goals and motivations. It is analogous to matching a boat with a captain. The speedboat captain does not want to carry cargo. Rather, he or she is focused on moving simply and quickly through a clear course. The freightliner captain appreciates that with patience and time, he or she can deliver enormous results.

Be sure you are boarding the right ship to get to your destination.

I'll add that the article is incomplete in one key respect: A very good and satisfying personal and professional life can also be obtained outside law firms and corporate law departments. There are numerous E-Discovery service providers, software developers, and consultancies to consider, as well as starting your own. I have many friends and colleagues who, after evaluating all their options, chose one of these paths. These organizations tend to be more nimble than either law firms or corporations, and provide the opportunity to gain a wide range of experience across many clients in a rather short period of time. Even with the competitiveness of this market, or perhaps in spite of it, there is a sense of collegiality that cannot be easily discounted.

This isn't to say one of the above choices is inherently better or preferred over the other. I heartily agree with Deena -- it helps to know what kind of captain you are, so you can choose the right boat for you. Even in these turbulent economic times, there are more boats and harbors than one may initially realize.

Don't Blink! This Week's eDiscovery Developments

To catch you up for the week --

New FRE Rule 502 signed by President

New Evidence Rule 502 protects against the inadvertent waiver of the attorney-client privilege or the work product protection. It will apply in all proceedings commenced after the date of enactment and, insofar as is just and practicable, in all proceedings pending on such date of enactment.

Discovery Disaster Threatens to Derail Case Against Former McAfee GC

Contract attorney reviewers, like Rodney Dangerfield, just get no respect. Despite being under subpoena for two years, several key e-mails were not produced by a law firm until the eve of trial, allegedly because their contract review attorneys tagged them as "not relevant", and the senior lawyers missed them as well.

My take: Supervising attorneys, regardless of whether they're supervising the work of internal legal assistants, outsourced contract attorneys or other service providers still bear the ultimate responsibility for their collective work. The timing of the firm's "discovery" is sure to be good fodder for cocktail and blogger discussions for weeks to come. The judge initially reacted by saying "heads will have to roll", but then relented upon hearing the explanation.

E-Discovery Response Must Include Context?

Sometimes the electronic equivalent of papering your opponent to death can backfire: The producing party responded with 400,000 pages worth of ESI, significantly more than the requesting party was seeking. The problem: They delivered the documents in 220 unlabeled computer folders -- the way the company said they were kept in "the ordinary course of business." Per the article:

"A party who in response to a discovery demand has chosen to produce documents as they are ordinarily maintained must do just that - produce the documents organized as they are maintained in the ordinary course of producing party's business, with at least some modicum of information regarding how they are ordinarily kept in order to allow the requesting party to make meaningful use of the documents," the magistrate judge wrote in Pass & Seymour v. Hubbell Incorporated, 5:07-cv-00945. (emphasis added)

To make information meaningful, parties have to provide their adversaries with some context to help them navigate their way through it, according to the magistrate judge.

"At a minimum, that means that the disclosing party should provide information about each document which ideally would include, in some fashion, the identity of the custodian or person from whom the documents were obtained, an indication of whether they are retained in hard copy or digital format, assurance that the documents have been produced in the order in which they are maintained, and a general description of the filing system from which they were recovered," wrote Peebles, who sits in Syracuse, N.Y.

GCs See Major Changes in Company Risk Management in Wake of Wall Street Meltdown

"Corporate general counsel expect increased company risk management and more regulatory enforcement in the wake of collapsing financial institutions, such as Fannie Mae, Lehman Bros Holdings Inc. and American International Group.

State government regulatory oversight will rise with more attorney general probes, and federal oversight will expand in step with the next presidential administration, said some general counsel attending the Argyle Executive Forum in Chicago this week."

Not an eDiscovery development per se, but a sign GCs are already seeing they'll need to intensify their risk management and compliance initiatives or suffer the consequences, which in my opinion will include eDiscovery ramifications and costs.

Ralph Losey: Trial Lawyers Turn a Blind Eye to the True Cause of the E-Discovery Morass

Ralph Losey has a very thought-provoking analysis of the new Interim Report & 2008 Litigation Survey of the Fellows of the American College of Trial Lawyers. I recommend Ralph's post as it provides some welcome perspective.

Ralph covers a number of points in the interim report and survey, some of which he agrees with, but also points out what they missed. As Ralph summarized, the report is quick to place the blame on poorly drafted rules (which underwent a significant commenting, revision, and review process), e-discovery vendors, and even the judiciary. As he commented, no fingers point back to the trial lawyers themselves:

"I agree with the eminent trial lawyers and academics that conducted this study that our rules and law need reform, and our judges need to do a better job. But, in my opinion, the fundamental cause of the e-discovery problem is the failure of the legal profession, especially the trial bar, to keep up with the rapid changes in technology. That is why new rules and legislation alone will never fix the problem. Such reforms must be coupled with an aggressive attorney education program that starts in law school. Some law firms today are starting to awaken to this problem and set up internal training programs. So too are a few law schools. But the vast majority of our profession still refuses to own-up to the competency issue. They either ignore the problem of e-discovery all-together, like most academics, or they acknowledge the problem, like this report does, then blame anyone other than themselves." (sic)

Ralph raises a very important issue: Lawyer competence, education, and experience with technological and e-discovery matters. Ralph illustrated how a number of these distinguished trial lawyers hardly seem in touch with these issues:

"'Nearly 60% of Fellows reported having cases that raise electronic discovery issues.' (My Comment: this means that 40% of these distinguished Fellows have never had a case with electronic discovery issues! And yet, this same group, 87%, agree that electronic discovery is too costly.)"

Please note the comment above is Ralph's, not mine. I tend to be careful in not relying on bare statistics too much, but it is scary to contemplate that 40% of the responding Fellows have never had a case involving e-discovery, yet they are opining in a report on e-discovery.

Another tidbit from the survey:

"71% of Fellows say that the costs of outside vendors have increased the cost of ediscovery without commensurate value to the client"

All I'll say to that, in the immortal words of Red Adair: "If you think hiring an expert is expensive, try hiring an amateur." It's widely accepted and frequently quoted that the largest cost of e-discovery is the legal review. Which is usually performed by . . . (wait for it) . . . the legal team! Yes, fellow readers, there is an elephant in the room. Consider that most legal review is billed by the hour, a process which does not usually encourage efficiencies. So it's not the preservation, collection, or processing that's the most expensive component of e-discovery in most cases, but the lawyer review.

I also read the August 22nd Wall Street Journal article, "Tech Firms Pitch Tools For Sifting Legal Records," (subscription required) the day it came out. A main theme of the article was contained in the second page's heading, "Record-Sifting Software Meets Lawyers' Resistance." Again, trial lawyers being portrayed as avoiding technological solutions in e-discovery?

I was very tempted to blog about the WSJ article, as I took issue with the comment by Autonomy's chief executive regarding e-discovery work: "It is work that requires little brain-power or legal training." I'm inclined to infer from that quote that he hasn't gotten his hands dirty in too many (if any) e-discovery cases if he thinks that and was quoted properly. By the way, a number of other notable e-discovery and legal bloggers felt similarly about the article, including Ralph Losey, Carolyn Elefant, Ron Friedmann and Brett Burney. (Update: Read the comments at the end of Ralph Losey's post, where Mr. Lynch states he was indeed misquoted. Regardless, the gist of the WSJ article sparked a tremendous amount of negative feedback from the eDiscovery community.)

Regarding the use of new automated systems to aid in e-discovery, the WSJ reporter stated:

"But big law firms, facing the loss of lucrative client fees, are crying foul. They question how much of the e-discovery process can be automated and how much money the tools will really save."

Let's also examine where the vast collections of ESI come from, and about which the trial lawyers are complaining: From the litigants themselves, at least for the most part. Ralph describes them more colorfully as "disorganized pack-rats". Thus a key part of the "e-discovery morass" stems from the over-retention of the litigants' own data. An effective litigation and e-discovery readiness program includes the active (not passive) approach to appropriate electronic records and information management. If you want to save on the most expensive part of the e-discovery process -- the legal review -- then it makes sense to reduce the mountains of data to review. That's where the experts, consultants, and vendors add commensurate value. We know legal review is expensive, and part of the "eDiscovery 2.0" paradigm is to take a more savvy approach to how companies manage their data and especially in more efficient culling techniques. So until the companies themselves address their internal information management issues, relaxing the federal rules or their interpretation could end up as a band-aid used to cover the gaping wound.

As with many complex problems, there are multiple perspectives, approaches, and solutions. I respect that, but also tend to agree with Ralph's statement: "The College of Trial Lawyers is correct to see e-discovery as a real problem, even if they do not yet understand the full dynamics of the problem." He suggests adding two items to their plan:

1. Lawyers stepping out of their long shadow and recognizing that they are part of the problem, and that most are deficient in understanding the new technologies that drive today's world. (I'll add that you can't address a problem properly until you recognize that one actually exists.)
2. We need to address the problem with strong educational efforts in both the Bar and academic institutions.

Thus I really liked the last paragraph of his conclusion, and frankly I can't think of a better way to put it:

"Electronic discovery can be done in a cost effective manner, if you know how. The way out of this morass is learning, and the knowledge and wisdom that eventually comes with it. Study is required by everyone: lawyers, judges, paralegals, technicians, professors and law students alike. We all need to master technology, especially technologies related to electronic discovery. This in turns requires learning to work with Information Technology experts. The alternative is to turn back the clock to a paper world, turn off all of the damn computers and stop sending emails. I know many lawyers out there who might like that. But, since that is not likely to happen (your kids won't allow it), we need to start understanding all of these high-tech toys, at least well enough to find the evidence they generate and hold, and not break the bank in the process. It can and will be done, as soon as we accept responsibility for this problem ourselves, stop blaming it all on the rules and judges, roll up our sleeves and start learning how it all works."

eDiscovery 2.0: Early Case Assessments Reduce Risks and Costs

If expensive “brute force” reviews of large volumes of electronic documents can be called eDiscovery 1.0, then Early Case Assessments are very much part of a more refined eDiscovery 2.0 approach. The benefits from performing an ECA include learning key information earlier in the matter, improved identification of relevant documents and e-mails (and their custodians), and reducing costs by sampling data prior to an extensive document review. Using a combination of tools and savvy approaches, companies can greatly reduce their risk and review costs (which is often a staggering 80+% of a matter's total discovery cost).

I just published an extensive discussion of ECA's at InsideCounsel's Inside Tech column, including useful data analytics, social networking analysis of e-mails and IMs, and concept search. Those of you interested in Judge Grimm's take on the limitations and problems inherent with keyword searches in the recent Victor Stanley, Inc. v. Creative Pipe, Inc. decision (involving the loss of privilege) will appreciate a discussion of his observations in context of an effective Early Case Assessment.

Join Verizon's Patrick Oot and Me for InsideCounsel's Free Webinar Tomorrow: eDiscovery and ECM -- Natural Partners

Please join us Tuesday, August 5th, 2008, at 2 p.m., ET for a key presentation entitled: "eDiscovery & ECM: Natural Partners in Content Lifecycle Management and FRCP Compliance". It's being hosted by InsideCounsel, and you can register online and attend for free.

Patrick Oot, Director of Electronic Discovery and Senior Litigation Counsel at Verizon, and I will engage in an informative discussion on how eDiscovery in companies has been evolving, covering such issues as:

• The impact of Enterprise Content Management (ECM) on legal departments


• Benefits of taking an integrated approach to ECM and eDiscovery


• eDiscovery and litigation readiness process design


• Tips on building a business case for integrating ECM and eDiscovery

Who should attend?

• Chief Legal Officers


• Litigation Attorneys


• Litigation Support Staff


• CIOs and IT Managers


• Document Control Managers

I welcome you to attend as this topic is increasingly gaining attention across both legal and IT camps. As we've seen from numerous decisions and sanctions, it's become clear that organizations need to get a better handle on their ESI, and at earlier stages, to minimize risks and improve compliance.

Yet Another Redaction Infraction

As reported on Law.com, a plaintiff's firm against GE in a class action sex discrimination case improperly redacted filings appearing on PACER, allowing readers to copy and paste the sensitive redacted text into another program like Word. Sounds like the classic mistake of adding black boxes without stripping the underlying text. I'm surmising they filed PDFs which is usually the standard in e-filing.

Taking the plaintiff firm's spokesperson at their word (I'm assuming the leak wasn't intentional), it sounds like it was a mistake made from ignorance. The article reports that they were working to correct the problem by making emergency, corrected filings with the federal court clerks. At that point, it's probably best thing they could do to prevent further inadvertent disclosures. But how do you unring the bell?

Rather than restate the article (which I recommend reading as a cautionary tale), I'll add that law firms and corporate law departments still need to be vigilant in the proper way to redact electronic documents. Historically, Adobe Acrobat did not provide appropriate redacting tools (a point I've suggested to them over the years and to which they listened by adding redaction in Acrobat 8 Professional -- but take note, it's not in the Standard version). So firms running on older versions of Acrobat or other PDF tools without built-in or third-party redaction tools (such as Redax from Appligent), remain at risk. By the way, Acrobat 9 was just announced and will likely ship in the next month or so. The same caveat re: Standard-sans-redaction applies per Acrobat's Feature Comparison Table.

If you haven't already invested in these tools, your process may be similar to this:

- Justifying the need for the proper tools (um, just read the article above)
- Communication to the legal staff as to why they are required, using real world examples to demonstrate the impact and that it's not just a hypothetical
- Investment in the appropriate software tools
- Training and practice for the legal staff actually performing the redaction, and it's not a bad idea for supervising attorneys to at least understand the underlying principles (as the plaintiff's lead counsel said, "I didn't know that.")

If your organization is already using appropriate redaction tools (you are, right?), it's probably a good idea to have redaction "tune-ups" with your staff. Meaning, reviewing and/or creating documentation for the standardized and firm-approved process of redacting documents, holding periodic refresher and new user training (consider "on-demand" video training snippets for training or follow-up support so busy professionals can fit it into their schedule), and consider making it part of the organization's overall risk management initiatives so it's at least on the radar. While you're at it, you might want to take a look at how many people actually know how to properly secure or lock a PDF, particularly those posted to external sources such as web sites.

For other helpful resources, the NSA (yes, that NSA) published a guide several years ago describing how to redact documents after the federal government suffered several information breaches and embarrassments from improper redaction efforts. There are also several very informative blogs dedicated to using PDFs in the legal market, such as Acrobat for Legal Professionals and PDF for Lawyers, both of which have definitely addressed redaction issues.

While these tools have significant price tags, as the saying goes, "an ounce of prevention..." Taken into perspective, an organization is likely going to incurs costs far greater than software and training when dealing with just one of these mis-redaction incidents. Sounds like a pretty good ROI to me.

Presenting on Litigation Readiness Teams in D.C., May 15th-16th

Next week, I am leading the panel discussion on "Litigation Readiness: The Team is Growing and Evolving" at the International Litigation Support Leaders Conference being held in Washington D.C. on May 15th & 16th.

In today's complex litigation where ESI is now the norm, numerous organizations and teams all need to work effectively with each other, have clean lines of communication and expectations, and yet it's not always clear who's doing the driving. Please join me for an interactive and informative session sharing the challenges, best practices and take-aways for litigation professionals, corporate teams, and more.

The conference is organized by the great people at Litigation Support Today Magazine. They've assembled an impressive list of presenters that reads like a "Who's Who" in litigation support and eDiscovery professionals, and I'm looking forward to many interesting discussions.

Announcing My New E-Discovery Position

I'm very pleased to announce that I've joined Electronic Evidence Discovery, Inc. (EED) as Senior Consultant, reporting directly to the VP of Consulting Services. In my new role, I'll be advising law departments in their overall litigation readiness, legal hold, and e-mail and document retention strategies, processes, and solutions. In addition, I'll be consulting on active litigation matters to provide enhanced strategy and guidance.

On a personal note, I'm pleased to join a company who has been a trendsetter in directing eDiscovery technologies and methodologies for over 20 years, a rarity in this often volatile market. Great company, with fantastic people who really know their stuff. I'm particularly excited as my new responsibilities will draw on my deep experience with corporate legal departments, law firms, and enterprise business units and systems. In other words, I understand their specific challenges as I've been there too, as a practicing attorney, corporate legal IT manager, and large law firm and legal technology consultant. As a law firm executive director recently shared with me, "finding someone who can think like a lawyer and understand 'tech speak' is a rare animal."

I'm also a Six Sigma Green Belt with extensive experience with systems and processes that include e-mail and document retention, electronic invoicing, matter and document management, and enterprise content management. Thus I understand the challenges corporate teams face in managing their data, as well as in designing and implementing effective processes to improve defensibility and compliance. In addition, a number of companies are looking ahead to their "next steps" to proactively address these issues, which include evaluating whether and how to bring more preservation and collection efforts in-house, retooling or refining their data retention policies and practices, and further automating and systemizing their litigation hold processes.

I'll repeat the disclaimer that the posts and opinions expressed on this blog are solely my personal opinions and viewpoints. They do not represent or reflect (nor are they intended to represent or reflect) the positions, opinions, viewpoints, policies and/or statements of my employer or any other entity or person.

As always, if you'd like to discuss anything or just want to bounce ideas around, please feel free to contact me via the e-mail link at the top of my blog.

A PSA for Qualcomm Counsel

I really enjoyed watching this video, an interesting awareness test.

It's a public service announcement to watch out for cyclists. But its main message is equally applicable to managing and finding your own data. As the announcer says at the end, "It's easy to miss something you're not looking for." (And, sometimes, for things you are.)

It often takes a fresh and expert eye to spot what others have missed. Don't be afraid to seek them out, as it's often more cost-effective than missing what's in plain view.

Free "Shadow Explorer" Displays & Recovers Shadow Copies on Any Version of Vista

I've posted previously about Vista's Shadow Copy feature, and its security and e-discovery implications. Having explored it a bit more over the past several months, here are some things legal and IT professionals should know about it. Consider it a crash course in Vista Shadow Copies, and I'll share how to get a new utility program for accessing and restoring these hidden files.

Please keep in mind some of these items are based on information found online including unofficial sources, so it's best taken as my personal interpretation of that information (meaning that if I've unintentionally stated something incorrectly, don't hold it against me, and I would appreciate constructive feedback):

• Numerous postings online have stated that by default, all versions of Vista automatically create shadow copies of your documents and other user data files and folders as part of the "System Restore" feature.



• You can turn off "System Restore" to disable shadow copies, but it's a bit of throwing the baby out with the bath water. You see, "System Restore" allows you to roll back the clock on your system to an earlier (and hopefully more stable) state. This is incredibly useful whenever your Vista system experiences problems (such as after installing a problematic program, driver, or update, adverse registry changes, etc.). FYI, newer Apple operating systems offer a somewhat similar feature called "Time Machine".



• By default, Vista allocates 15% of the drive's size or 30% of available free space, whichever is smaller, for storing this data. In Vista, Microsoft removed the nice slider control available in Windows XP, so changing its space allocation requires some arcane text commands with administrator privileges. Thus most users will just leave it as-is. On larger hard drives, this creates a fairly large backup cache. For instance, on a new 200GB hard drive, up to 30GB would be dedicated to storing these hidden backups. When the allocated space fills up, Vista deletes the oldest backups as needed to make room for the new ones.



• However, only the Ultimate, Business, and Enterprise editions of Vista actually allow users to access and retrieve the hidden shadow copies via the "Previous Versions" feature in Windows Explorer.



• This means the Vista Home Basic and Premium versions create these hidden shadow copies but do not provide any way for their users to access or retrieve them. This results in potentially large amounts of wasted disk space and additional data retention concerns. Perhaps Microsoft intended this as a teaser to entice Home users to upgrade to Vista Ultimate, but they really should have disabled shadow copies on those editions or alternately provided the "Previous Versions" feature to access and restore them as needed.



• To help address these issues, Shadow Explorer is a free basic utility program (not affiliated with Microsoft) which allows these users of other Vista versions to access and restore these prior shadow copy backups. However, unlike "Previous Versions", it requires administrator privileges to run. (But see my caveat at the end of this post since it's a 0.1 release.)



• Even Vista Ultimate, Business, and Enterprise users and IT departments may find Shadow Explorer of use. I've discovered firsthand that Vista's "Previous Versions" feature is dependent on a number of system and service prerequisites, and the lack of any one of them will disable the ability to access and restore these Previous Versions. For instance, disabling a drive's administrative share, certain Windows services, or networking settings can all disable the "Previous Versions" listing in Vista Ultimate even though the backups are still present on the drive.



• Tip: If you have Norton Internet Security installed and have run its "Security Inspector", it may have reported and disabled several hidden administrative drive shares (such as C$) as security risks (which they are indeed). However, as mentioned above, these administrative shares are necessary for "Previous Versions" to function in Vista. So if you want to leave these shares disabled for better security, the Shadow Explorer utility program allows you to access and restore shadow backups even though Vista's own "Previous Versions" feature is disabled.

As you can easily surmise by now, Vista's Shadow Copy feature is a mixed bag. The above complexities and issues are partially caused by the fact that Microsoft elected to combine the Windows system file backup (System Restore) with the data file backup (Shadow Copies a/k/a Previous Versions). While an expedient choice, I would have greatly preferred having the additional option to turn off the users' data file Shadow Copies while allowing the System Restore to operate normally. Microsoft, are you listening?

Organizations interested in migrating to Vista will need to explore these issues in more detail before crafting their security and group policies. I expect some will elect to disable System Restore altogether and rely upon other system restoration methods to address user support issues as they arise. Others may move user folders onto a separate disk partition or drive and simply turn off "System Protection" for that location. Such options may improve Vista's performance if it's not churning away saving hidden backup copies, and it's usually a good idea to separate documents from program files for a number of valid reasons.

So it's all the more puzzling to try to understand why Microsoft chose to disable access for Vista home users, as they are the ones most likely wanting to use and restore Shadow Copies. I seriously doubt informed businesses would want multiple hidden document versions floating around on their corporate laptops and desktops, particularly in light of numerous regulatory and litigation concerns.

Shadow Explorer Tutorials can be found at:
http://www.howtogeek.com/howto/windows-vista/recover-files-with-shadow-copies-on-any-version-of-windows-vista/
http://www.shadowexplorer.com/documentation/manual.html

Please keep in mind that Shadow Explorer is a very basic version 0.1 release. While it worked fine for me during my brief testing, it may contain bugs and other issues consistent with a new release. With that said, it provides an easy way to access, view, and restore the various shadow copies in Windows Vista. I applaud the author for providing such a useful tool, and for considering these additional planned features as it's developed further.

Breaking through the ESI Inaccessibility Wall - Feature Guide

My latest article, "Breaking through the Inaccessibility Wall -- A New Angle", is published in the current February/April 2008 issue of Litigation Support Today magazine. You can download the PDF reprint here.

Corporate counsel struggling with records retention should be among the first to read this, as their regular business information can be used against them in unforeseen ways. Indeed, my alternate title for this practical guide is "Call the Help Desk, Your Accessibility is Showing". From discussions with various corporate and outside counsel, a common misconception under the new rules is that backup tapes are an inaccessible “safe harbor” media as long as one asserts they are only used for disaster recovery. Depending on the specific facts, this could prove to be a costly assumption as newer decisions consider the totality of the burden and cost under Rule 26(b).

As a result, I suggest a novel but very practical approach to challenge or confirm an opposing party's assertions using business intelligence methods and their own data. In accessibility matters, courts are increasingly demanding objective data on which to base their discovery rulings rather than relying upon subjective arguments and affidavits claiming excessive time and expense are required. It’s also contemplated in the Committee Notes regarding sampling and other techniques.

As an example, corporate help desk logs can be used to quantify the frequency and purposes for which backup media are being accessed. However, other seemingly mundane systems and data may be useful and relevant. This further illustrates why companies continue to need savvy e-discovery professionals to bridge the legal/IT gap and identify opportunities and weaknesses others have missed. I also provided an update on how the backup technology landscape is changing and what you should know about it when dealing with ESI accessibility issues.

2008 Corporate Legal Technology Trends @ InsideCounsel

From insourcing the e-discovery process to automated document review, the world of legal technology is rapidly changing. If you missed LegalTech New York or just want to keep up on the current trends, my latest InsideTech column at InsideCounsel will bring you up to speed.

Among other hot topics, LegalTech was brimming with discussion on the Qualcomm fallout, records retention, proactive approaches, and automated review. In addition, I covered key issues such as cost reduction, the effects of globalization, data privacy, and outsourcing/insourcing. With recessionary concerns on the rise, corporate law departments are being asked to do more with less, and these issues will continue to compound through 2008 and into 2009.

Download Gartner's E-Discovery Vendor Market Analysis

Thanks to Guidance Software, who received Gartner's highest rating as a "Strong Positive", you can download Gartner's research note, "MarketScope for E-Discovery and Litigation Support Vendors, 2007", dated Dec. 14, 2007.

Gartner included 29 e-discovery vendors in its analysis. Its weighted evaluation criteria was based on each vendor's Market Understanding, Innovation, Market Responsiveness and Track Record, Offering (Product) Strategy, Business Model, Customer Experience, and Marketing Strategy. Gartner then rated each vendor on a 5-scale range between "Strong Negative" and "Strong Positive".

Keep in mind that analysts' projections and predictions should be taken as just that — sometimes they're right on and sometimes they miss the mark. With that said, this makes for an interesting current summary of the vendors' relative strengths and weaknesses, as well as providing further insight into the ever-changing e-discovery market.

Perhaps the most telling predictions are found in the executive summary:

"STRATEGIC PLANNING ASSUMPTION(S)
By the end of 2008, there will be four viable categories of vendors in the e-discovery market: platform players, review and analysis platforms, collection, preservation and processing and full service outsourcers. By the end of 2008, there will be 25% fewer vendors claiming to have e-discovery functionality." (emphasis added) Time will tell whether this will be from continued market consolidation and shakeout, and/or from other factors.

The research helps confirm that enterprise transformations will not happen overnight: "Through at least YEO8, enterprises should acquire tools in this market tactically. Achieving full proactive control over unstructured data — which is the ultimate answer to e-discovery challenges — will take between five and 10 years for most enterprises." "Few software vendors offer credibly complete solutions for e-discovery. Enterprises can, however, select products tactically to begin their long-term e-discovery strategy."

I agree it will take years, and may not even occur completely for some. When you consider large global Fortune 500 companies having numerous different systems deployed throughout different geographical and functional groups, there is no immediate silver bullet. It will take time for companies to define and analyze their needs, gaps, and problem areas, and then select and implement these solutions, not to mention effectuating the necessary change management throughout their organizations.

Congratulations to Guidance Software, and I'm sure many will appreciate having access to this market research.

Qualcomm Sanctions Handed Down, Lessons Learned

Yesterday, the U.S District Court for the Southern District of California handed down the sanctions in the high-profile Qualcomm Incorporated vs. Broadcom Corporation case. In some aspects, this case is similar to the earlier Rambus memory case -- where one high-tech company participated in a standards-setting committee to gain an inappropriate business advantage over their competitors. In the Qualcomm case, Qualcomm could not win their patent infringement case against Broadcom if it was found that it had previously participated in the standards-setting body. Thus thousands of requested e-mails were not produced during discovery, and their existence was denied.

The 42-page order describes the circumstances and the court's reasoning. Both Qualcomm and its outside attorneys were sanctioned for what it called a "monumental discovery violation." Qualcomm either hid the existence of extremely damaging e-mails throughout, or at the very least stuck their heads in the sand by not searching key custodians' data. Either way, it's clear Qualcomm committed severe discovery violations. The court's problem was in determining the role played by their outside counsel, particularly as Qualcomm preserved its attorney-client privilege, which prevented outside counsel from fully defending their actions. Thus the court reasonably described four alternate scenarios regarding Qualcomm's outside counsel's knowledge and actions relative to the undisclosed e-mails that were substantially adverse to Qualcomm's case:

"The next question is what, if any, role did Qualcomm's retained lawyers play in withholding the documents? The Court envisions four scenarios. First, Qualcomm intentionally hid the documents from its retained lawyers and did so so effectively that the lawyers did not know or suspect that the suppressed documents existed. Second, the retained lawyers failed to discover the intentionally hidden documents or suspect their existence due to their complete ineptitude and disorganization. Third, Qualcomm shared the damaging documents with its retained lawyers (or at least some of them) and the knowledgeable lawyers worked with Qualcomm to hide the documents and all evidence of Qualcomm's early involvement in the JVT. Or, fourth, while Qualcomm did not tell the retained lawyers about the damaging documents and evidence, the lawyers suspected there was additional evidence or information but chose to ignore the evidence and warning signs and accept Qualcomm's incredible assertions regarding the adequacy of the document search and witness investigation."

The court rejected the first three (partially due to Qualcomm preserving its attorney-client privilege and lack of direct evidence on the third), and found the fourth option to be most likely given these constraints:

"Thus, the Court finds it likely that some variation of option four occurred; that is, one or more of the retained lawyers chose not to look in the correct locations for the correct documents, to accept the unsubstantiated assurances of an important client that its search was sufficient, to ignore the warning signs that the document search and production were inadequate, not to press Qualcomm employees for the truth, and/or to encourage employees to provide the information (or lack of information) that Qualcomm needed to assert its non-participation argument and to succeed in this lawsuit. These choices enabled Qualcomm to withhold hundreds of thousands of pages of relevant discovery and to assert numerous false and misleading arguments to the court and jury. This conduct warrants the imposition of sanctions."

In all the lengthy discussion, however, here's the money quote for those engaged in electronic discovery efforts:

"This dilemma highlights another problem with Qualcomm's conduct in this case. The Federal Rules of Civil Procedure require parties to respond to discovery in good faith; the rules do not require or anticipate judicial involvement unless or until an actual dispute is discovered. As the Advisory Committee explained, "[i]f primary responsibility for conducting discovery is to continue to rest with the litigants, they must be obliged to act responsibly and avoid abuse." Fed. R. Civ. P. 26(g) Advisory Committee Notes (1983 Amendment). The Committee's concerns are heightened in this age of electronic discovery when attorneys may not physically touch and read every document within the client's custody and control. For the current "good faith" discovery system to function in the electronic age, attorneys and clients must work together to ensure that both understand how and where electronic documents, records and emails are maintained and to determine how best to locate, review, and produce responsive documents. Attorneys must take responsibility for ensuring that their clients conduct a comprehensive and appropriate document search. Producing 1.2 million pages of marginally relevant documents while hiding 46,000 critically important ones does not constitute good faith and does not satisfy either the client's or attorney's discovery obligations. Similarly, agreeing to produce certain categories of documents and then not producing all of the documents that fit within such a category is unacceptable. Qualcomm's conduct warrants sanctions." (emphasis added)

Thus legal professionals are again cautioned that it is not sufficient to blindly rely upon a client's collection and production, whether it be paper or electronic. I came across this issue a number of times when involved in business litigation. Due to the huge volume of electronic data, it's tempting for a number of reasons to rely upon the data set produced to the law firm. However, as the court correctly held, that's not sufficient in of itself, especially when surrounding circumstances give rise to these concerns. From reading the ruling and earlier reports, I think it's fair to say that both Qualcomm and its outside counsel engaged in excessive gamesmanship, gambled, and lost big time.

Thus it's important for outside counsel to have access to a client's ESI, to direct their efforts, and to even withdraw if the client refuses. That's easier said than done, especially when an important big client flexes its muscles. However, it's still very important to prevent your firm from knowingly or unknowingly being made part of a fraud upon the court. It's also incumbent on outside counsel to conduct reasonable searches of the information themselves. While this is often delegated to more junior staff, senior attorneys are still responsible to ensure it has occurred. While some senior attorneys may not be particularly tech-savvy, they understand the importance of identifying and producing relevant and responsive documents, they understand the role that e-mail plays in modern litigation as a form of correspondence, and should know that sooner or later, it's going to bite them and their client if not appropriately addressed early on. Besides, most litigators know that it's usually better to disclose bad news yourself than have it come from the other side.

What's so surprising in this case is that Qualcomm was in possession of those e-mails before it filed suit against Broadcom, and therefore should have known it had critical weaknesses in its case. While unfortunate for all involved, at least it serves as yet another example of what not to do in handling problem items in electronic discovery.

More coverage of the ruling is found on Law.com.

Are Legal Service & E-Discovery Providers Becoming a Commodity?

It's funny how personal events tend to lead me into various thoughts and discussions about the legal market. Yesterday I flipped on my digital cable box to see that effective with the new year, Comcast has taken over Insight's cable business in Illinois. Knowing that Comcast has had several years of turbulent press (e.g., regarding tracking customers' web history, firing customers who used "too much" of their broadband connection, and the latest controversy over interfering with customers' BitTorrent file transfers), I did a little Googling to reacquaint myself with the latest news and blog posts.

In doing so, I found this insightful post at the Manifest Destiny blog. The gist is that broadband ISP providers are afraid to admit to themselves that they're just selling a mere commodity -- shipping bits. And, that it's virtually impossible for them to be honest with their customers if they can't first be honest with themselves. Before I relate this to the legal market, let me quote the following to help put things into clearer perspective:

"It must be pretty awful to wake up one day and suddenly realize that you're in a commodity business. As a software developer I've at least had a taste of it - it was unsettling to realize that an army of developers in Bangalore could churn out code better than I could, dollar for dollar. I had fooled myself into believing that what I was selling was so extraordinary and great that people would be begging - begging! - for me to deign to craft some SQL and PHP on their behalf. Such a rarified gift! Such a technical artiste!

When you realize that you're selling a mere commodity your ability to profit (and extract rents) from your cleverness is severely limited. It won't help to roll out an ad campaign or make the product mint-scented. You can't differentiate your product from your competitors'. It's all pretty much the same. The users can't tell the difference. All you can do is sell as much of it as you can while spending as little money as possible."

Which got me to thinking, "Haven't we been experiencing this in the legal market?" Legal work is being outsourced to armies of contract reviewers both here and abroad. Some of these lawyers aren't employed directly by law firms, as e-discovery providers are quick to tout their expanding review centers and legal outsourcing companies are growing. There are more e-discovery service providers than hardly anyone can keep track of (although my friend George Socha provides great value in doing so with Tom Gelbmann). Like the constant M&As in the wired and wireless telcos, e-discovery vendors are continuously being merged, acquired, and/or creating strategic partnerships with their "coopetition".

Is "Distinguishing" Easier Spun Than Done?

At various conferences this past year, such as ILTA's and ACC's annual conferences, plus the IQPC 4th E-Discovery Conference, I've asked many e-discovery vendors -- especially the conversion and hosting providers -- what distinguishes their services from their competitors? Some were quick to mention their proprietary web-based hosting and review software, while others point to their lower-cost contract legal reviewers, high-tech review centers, high-volume capacity, and/or quick turnaround. A few also mentioned either their top Socha-Gelbman survey rankings and/or their blue chip client list. While certainly impressive factors, these last two didn't serve to distinguish what they actually do.

Very few, if any, truly offer the full soup-to-nuts range of services all by themselves (i.e., without partnering). This isn't a criticism, mind you, as it's extremely difficult to build and excel in all aspects of the EDRM model by yourself, especially in the deadline-driven high-volume and high-stakes cases. Instead, several have distinguished themselves with niche software mousetraps for litigation holds and e-mail analysis. Others have begun building litigation-readiness consulting teams to get their feet in the door. I have to say I sincerely appreciated all their candor and hospitality, and overall found it to be a very congenial group of dedicated professionals trying their best to help their clients.

But for the most part, when I speak with lawyers and e-discovery consultants (some of which are both), many feel it's difficult to see any significant differentiation from a client's perspective, at least until they've had a chance to work together on projects. It's far easier for me to speak with friends and colleagues at law firms and in-house legal departments to hear who they've had good luck with (and those who have not been so good), than in trying to determine this from the e-discovery and law firm providers themselves. In short, even their best sales and business development executives have some difficulty with this, and it's understandable.

Now don't get me wrong -- legal and e-discovery providers offer valuable and necessary services, especially in light of the wide and blindingly bright spotlight cast by the increased focus on ESI. Rather, I'm simply left wondering how many firms and providers have truly recognized the market has already shifted into a more pronounced stage of commoditization. Everyone talks about providing "value-added services" while sustaining growth and profitability. The savvier ones focus on the client value not as the lower per-unit cost (thus recognizing the commoditization and competition issues), but on the overall cost savings achieved in successfully and timely resolving the matter -- all while avoiding the costs and negative publicity of discovery sanctions.

Larger law firms have been building up their litigation support and related IT professionals, and changing focus to make them a profitable line of business rather than a cost center. Yet some are still challenged to find this magic path while being extremely cautious (and rightfully so!) in taking on the liabilities and risks associated with the more forensic aspects. In addition, corporate counsel routinely say the top large law firms generally all provide high-quality services. In my opinion, this just adds to clients' perception of commoditization and their increasing desire to receive them at reduced or fixed cost -- assuming most everything else is being perceived as nearly the same.

Where Does This Leave Us From the Client's Viewpoint?

Answer: A rapidly-changing, crowded, and confusing set of choices. All of which makes it challenging for any single provider to, well, single itself out or make a large enough splash. Of course, a top-ranked spot still helps as lawyers tend to go with whomever most others are using -- as long as their professional network confirms good results. Offering a unique niche product or service is good too, and even better when properly aligned with one's other offerings and resources. Making it onto a client's preferred provider list is still incredibly important. Getting there and staying there without cannibalizing future revenues is the challenge. To borrow Bill Engvall's tagline, "Here's your sign" of legal commoditization.

Most recently, we've seen the entré of automated document search providers. In attempting to prove their solution is significantly more accurate and perhaps less costly than manual review, they are beginning to distinguish themselves from commodity-level contract reviewers. Indeed some of us are keeping an interested eye on these developments. While still nascent, there is potential here if they can deliver on their assertions and convince legal decision-makers that it's worth a try. Only time will tell if this is sustainable or just another tech fad that didn't catch on with more conservative lawyers. And if it does prove sustainable, how long before it too becomes commoditized? Or will there be a legal market "Google" to emerge as the distinguished leader?

As recessionary concerns grow, it will be even more incumbent on corporate counsel to continue to reign in legal costs while generating positive results for their corporate client. Some types of litigation matters increase in bad economic climates. Which means, of course, that the next few years could bode well for those service providers who can distinguish themselves with their potential client base and return consistently good results at an acceptable price. I'd even say the latter is the best way to distinguish yourself in the long run. As we all know from recent cases and the press, bad news travels fast.

As these services become even more commoditized, however, there will likely be even more shakeout and consolidation among providers. Now is a good time for those looking to fill in their gaps. Corporate clients generally prefer more depth in their outside providers. Not to mention their purchasing departments likely have been minimizing the number of outside suppliers to gain better pricing advantage and to simplify (i.e., reduce) their vendor administration overhead. They will likely provide some pushback to legal departments seeking new providers. In some cases, this will extend the RFP process unless or until corporate legal puts their foot down and tells them they need someone "Now!" So while there will be growth, particularly among e-discovery providers, expect it to be rather dynamic in terms of the overall player makeup. Like Comcast above, I expect the larger players will enjoy a larger land-grab. We'll also see a number of middle and smaller players assimilated or perhaps relegated to the less complex, more localized matters, where low cost and local access for clients is very attractive. We've seen this time and time again in the scanning and coding industry.

However, there's no magic crystal ball, and only time will tell how the legal market responds. There will be some legal decision-makers who have already recognized the importance of addressing these issues early, and many who will be economically cautious, only paying as needed. Sometimes that saves money, and sometimes saving money gets very expensive on the clean-up side. That's where having a good discovery advisor-partner is worth its weight.

We'll continue to see further consolidations and partnerships among e-discovery and other technology providers. We'll see more outsourcing, even if it's only internal to that provider (think coding banks in India and China, for example), to increase their global reach and financial efficiencies. And like my cable TV, we'll be launching our browsers or RSS readers only to find that ABC provider is now part of XYZ. Stay tuned...

Addressing Laptop Data Vulnerabilities

Law.com has an excellent article discussing several workable approaches for securing data on corporate laptops. A quick look at one list of data breaches illustrates how sensitive data continues to be compromised by unsecured storage on laptops.

It's a particularly savvy article because its first piece of advice is not to overreact and go overboard -- "Draconian laptop-use policies may, ironically, increase an enterprise's vulnerability." Consider that employees often respond by finding other ways of circumventing security to make their jobs easier, which usually means making the data more accessible (i.e., less secure). For instance, blocking file saves to the laptop's hard drive or limiting e-mail inbox sizes can result in employees saving the data to unsecured thumb drives or forwarding sensitive e-mail to personal e-mail accounts. Where there's a will, there's a way. EMC was quoted as opting for a more blended approach, depending on the sensitivity of the data.

Another interesting suggestion was full hard drive encryption, rather than just encrypting the documents folder. This is often a highly debated solution. In my experience, some IT professionals will quickly suggest that doing so will entail a performance hit on the user and cause additional support problems. I'd say that noticeable performance hits are more likely with older, slower laptops. If this presents serious problems, consider phasing in encryption or issuing new laptops to those accessing more sensitive data.

Also keep in mind that when you are working on a laptop, it is likely creating a number of temporary file copies on the hard drive, sometimes in places outside the document folders. Full drive encryption therefore provides more complete protection for these additional copies of sensitive data. Naturally, such a solution would need to be thoroughly tested to determine the real-world impact on users and the IT support organization. Another issue to consider is segregation of the master keys -- do you allow one person or group to have them, or do you segregate them between two entities within the organization to avoid unilateral and potentially undesirable actions? I liked the allusion to the missile silo two-operator requirement.

Removable storage continues to be a major concern, such as flash thumb drives and external hard drives. And let's not forget iPods, which are either the former or latter type of devices. On one hand, these drives are very useful tools for mobile users. When unsecured (e.g., unencrypted), they can represent a larger security threat due to their tiny physical size and increasing storage capacities. For example, an 8GB thumb drive goes for less than $100 and can store a staggering amount of information. The article mentions products that control which devices can be plugged into which computers, and the best ones allow exceptions to be set when needed. If thumb drives will be used and supported, I'd suggest issuing employees with the following: only those models which support high-end encryption, such as AES, and make its entire capacity encrypted before it's issued to the employee. While a savvy user will likely know how to reformat the thumb drive to make it unprotected, the default encryption status is in your favor for the majority of users.

Many new laptops have built-in fingerprint readers, which can make security a bit more convenient. But as the article states, users often forget a key step: Register more than one finger with the device, so if you cut or burn your primary finger, you can use another one to gain access via the reader. Also, without the back-end drive encryption, keep in mind that a fingerprint reader only locks the front door. There are other ways to get to the unencrypted data on the hard drive, such as removing it from the laptop and accessing it from another PC.

Lastly, the article mentions lojack services for laptops, which hopefully reduce their recovery time. However, once the horse is out of the barn, it's too late to employ any of the above security measures. An unprotected hard drive containing sensitive data can be copied very quickly to a number of storage devices. The data contained on missing laptops is often much more valuable and/or costly to an organization than the cost of the physical laptop itself. An ounce of prevention...

Add Brett Burney's New E-Discovery Blog to Your List

In addition to my preceding post, be sure to add "ediscoveryinfo" to your list of useful e-discovery blogs. Prolific author and e-discovery consultant Brett Burney launched it several months ago, and he's populated it with excellent posts on e-discovery issues and vendor offerings. For example, he's already posted on vendor convergence via acquisitions, e-mail and storage issues, and various industry trends.

On a personal note, Brett and I discussed his plans for his forthcoming e-discovery blog at ILTA's annual conference back in August, and it's good to see him blogging about key issues and adding his savvy perspective.

Ambrogi on Keeping Up With EDD Blogs and Tools

Bob Ambrogi just published his latest list of useful e-discovery blogs and vendor sites on Law.com, which runs his Law Technology News column, "Web Watch". When Bob makes reference to legal blogs or web sites, it's very often worth the time perusing them. Bob has done great job pulling the list together along with providing succinct descriptions for each site, and it's worth noting that LawTech Guru is included.

Overall, it's a great resource if you're looking for an excellent collection of EDD blogs and other sites to keep you informed of e-discovery issues and developments.

Key Issues Covered at the 4th E-Discovery Conference

I just got back from presenting at the IQPC 4th E-Discovery Conference in Jersey City on the Hudson, a stone's throw from Manhattan. It was a very focused conference on e-discovery issues, strategies, and updates, with the majority of attendees from corporations. In speaking with attendees and service providers there, it's quite apparent that companies are in various stages of litigation readiness with respect to ESI and the new rules. Many are struggling with the massive amount of data sitting in numerous silos, and how to best train their employees in better practices (appropriate e-mail content, retention practices, etc.).

Several presentations provided a number of informative case updates and brought them to life. Perhaps one of the most telling was the effect of the Rambus "shred days" on their patent litigation strategy. Let's face it, some document retention programs may not be so much about retention as they are about destruction. Of course, who wants to admit in a deposition they have a document destruction program. Just ask Rambus. Instead, companies have a document "retention" program. Myself, I prefer to call it ILM (Information Lifecycle Management), which takes into account its dual nature -- keeping the documents you need, and retiring the documents you don't (both paper and electronic), all according to pre-defined schedules and categorization so it's performed appropriately.

Also discussed was the potentially negative effect of labeling e-mails and documents with "attorney work product". While the work product label can provide significant protection, it's a dual-edged sword and needs to be used carefully. By it's very nature, its use infers the attorney was anticipating litigation at the time s/he applied it to the e-mail or document. As such, it would also likely trigger the responsibility to begin preservation efforts across the enterprise to avoid spoliation claims, sanctions, and other adverse results later. When companies routinely apply "attorney work product" to protect communications, they may have inadvertently knocked over the first domino in a much larger preservation and discovery imbroglio.

The value of protecting those communications via "work product" could be negated by the larger costs of preservation noncompliance. This is not a new problem, as this ISBA article suggests from 2004: "The legal counsel of a corporation should consider the dangers associated with writing work product on communications and other documents by weighing the actual benefit received in the form of potential protection from discovery, with the potential danger of triggering an unanticipated date by which evidence may have to be preserved." The new rules and subsequent cases have helped in raising our collective consciousness on the issue. When in doubt, it was suggested at the recent IQPC conference to use "attorney client privilege" instead.

It's clear to me that most companies still need significant assistance in navigating the discovery minefield. There aren't any silver bullet solutions, and there are significant judgment calls to be made. Thus I believe the best approach involves a combination of knowing what you have (for better or worse, but don't ignore it -- what you don't know can hurt you), providing consistent processes, procedures, and systems that make it easier for employees to manage their growing data, and educating/training them on how to do so appropriately.

As we discussed on my panel regarding training issues, however, there is an inherent conflict for most employees: Many want and/or need to retain e-mails and other data for their own benefit. Reasons range from simple work-related needs (e.g. referring to past e-mails, documents, etc. for informational and project-related reasons) to keeping them as the basis for justifying their actions or decisions should they be called into question later. Until companies provide a better way to reconcile these conflicting needs and goals, and more intuitive methods to manage e-mail and unstructured data such as file shares, they will continue to experience these issues.

There were many other sessions on e-discovery issues, including preservation and collection, foreign language challenges, cost management, document review, and more. Although it will take time for companies to more fully address these issues, it's a good sign to see some corporate law departments actively interested in how to get there.

[Update 10/13/07: Ari Kaplan just published his favorable impression of the conference on Law.com. He too liked the intimacy of a smaller, focused conference. He also has some interesting comments on the presentation regarding sourcing trends, and another on automated review. Given that attorney review is likely the most expensive part of e-discovery, automated review is generating a fair amount of buzz.]

[Please Note: This posting shall not be construed as legal advice by the author. It is merely an educational tool suggesting possible points-to-ponder and in no way constitutes legal advice or the author's legal position on these issues.]

EDD -- ILM Needed to Take Out the Trash

This Law.Com article by Stanley M. Gibson, "Hit 'Delete' to Prevent EDD Disaster", tells the tale of how a company was ordered to produce millions of electronic documents and e-mails spanning over half a decade to the losing tune of a $570 million judgment. That's in addition to the costs incurred for legal fees and allocated costs of collection, restoration, conversion, review, and production of the data.

Unfortunately, hitting "Delete" is not sufficient. If nothing else, the result just became a compelling benchmark of why implementing ILM (Information Lifecycle Management) can indeed be cost justified. If a company may have to pay millions (or perhaps billions in the total tally), why not invest that money -- proactively -- into a solution that reduces financial risk and produces tangible operating benefits to its users in terms of structured data management and collaboration ease? As real-life EDD examples such as this continue to occur, an effective ILM implementation with proper policies, training, and management reinforcement could very well be the gift that keeps on giving.

More on Vista Shadow Copies & the Dreaded Index.dat Files

As I posted previously, by default Windows Vista enables shadows copies in Vista Ultimate, Business, and Enterprise editions. Shadow copies aid in recovering prior versions of files and are part of Vista's system restore points protection (which was also included in XP). So, basically, it appears the only way for a user to turn off shadow copies is to disable the system restore point protection. The problem is that the system restore point feature is incredibly helpful in troubleshooting and curing a system's ills by rolling back Vista's system files to a previous point in time. This is especially useful after installing a problematic program, driver, or update. In effect, turning off shadow copies is throwing the baby out with the bath water. Nice going Microsoft. If there's a way for enterprises to set a Windows policy to disable shadow copies but keep system restore points active, that would be a good solution. However, I haven't come across that yet.

Now on to Index.dat files. Windows has used these for many years as a way to store data histories, such as your complete URL browsing history. Since these Index.dat files were always kept open by Windows, it took special utilities such as the Index.dat Suite to view their contents, and even better, delete them at bootup before Windows fully loaded. It seems Microsoft has been aware of the problem and has changed the way that Windows and IE work to better clear out the contents of these tell-all files. This blog post from the Windows Core Networking MSDN blog has a greatly detailed discussion of how the WinInet's Index.dat files work under Vista, as well as this one about clearing tracks with IE7.

With e-discovery hot on everyone's plate with the new federal rules, these are additional reasons to have qualified and experienced professionals on your forensic team.

On the Ball with Vista

Thanks to Dennis Kennedy commenting on my last post, I came across the link to Craig Ball's Vista overview. As usual, Craig does a great job of walking the uninitiated through Vista's enhancements and their impact on EDD. Of course, Craig left me feeling like I just took a trip though Willie Wonka's Chocolate Factory with a rockin' Stones soundtrack. (Did you really want to know what the Vista Oompa Loompas are doing with your data?)

I also mention it since it supplements my comment about considering encryption pros and cons. He introduces the new BitLocker encryption in Vista's Enterprise and Ultimate editions and the challenges it presents.

Vista Shadow Copies -- Helpful to Users, Even More to EDD Recovery?

Microsoft has billed Vista as their most secure operating system to date. However, there's a little-known feature that could cause some data security concerns. Amidst the flurry over EDD and the new rules, Microsoft included a feature to certain versions of Windows Vista that may aid in recovering prior versions of files.

From Microsoft's Vista site:

Have you ever accidentally saved over a file you were working on? Accidental file deletion or modification is a common cause of data loss. Windows Vista includes a useful innovation to help you protect your data: Shadow Copy. Available in the Ultimate, Business, and Enterprise editions of Windows Vista, this feature automatically creates point-in-time copies of files as you work, so you can quickly and easily retrieve versions of a document you may have accidentally deleted. Shadow copy is automatically turned on in Windows Vista and creates copies on a scheduled basis of files that have changed [...] It works on single files as well as whole folders.

Very helpful indeed. There have been a number of occasions over the years when I've accidentally replaced a file when I should have saved it as new one with a different file name. We've all been there.

However, now consider the difficulty in trying to rid a system of shadow copies for legitimate security and confidentiality concerns. A laptop user may need to work on a confidential file while traveling. Since laptops are easily stolen, accidentally left behind, etc., it may be desirable to wipe the file later to maintain security and confidentiality. Consider some of the recent news stories covering thefts of laptops containing considerable amounts of personal data. It's a good bet that most file wiping utilities can't handle wiping the Vista shadow copies, at least not yet anyway.

Note that Shadow Copy is enabled by default in Vista Ultimate, Business, and Enterprise editions. So if data security and confidentiality is paramount to file recovery, organizations should consider disabling this feature in their Vista rollouts. On-the-fly encryption is another consideration, recognizing it has pros and cons as well.

[P.S. Seeing as I'm posting this on April 1st, I thought I'd emphasize this information was gathered directly from Microsoft's site. Also, Ars Technica has a post on this from as far back as last summer. Now if you're looking for an April Fools gag, Google got their hands dirty this year with Google's TiSP Beta. More on the gag at USA Today.]

iPod Used as an Identity Theft Cache -- Only the Beginning

The San Francisco Chronicle reported yet another use for iPods: storing lots of stolen identity-related information. iPod users have known for quite some time that they can be used as portable storage for computer files, just like a thumb drive. Perhaps more troubling than a criminal using it that way is that the San Francisco police sounded surprised and considered this novel -- and that was the fraud division. They got their man through a sting operation, though, and I'm glad to hear it given the details of the identity thefts and other crimes perpetrated.

But it underscores the need for law enforcement and security professionals to consider new uses for everyday tech tools and gadgets, especially when theft of data with iPods is nothing new. As the Tech Law Prof Blog correctly pointed out on this issue, at least four years ago we learned that one could walk up to demo Macs in stores, plug in an iPod, and copy entire software programs for use on other Macs. I remember reading about this on Wired.com ("Have iPod, Will Secretly Bootleg") at the time. So why is this considered something "new"?

With all due respect to our police departments (I mean that sincerely), it sounds like they would benefit from a "Tech Culture 101"-type class. Give them some freebies to go play with -- iPods, thumb drives, camera phones, Treos, BlackBerries, Bluetooth devices, digital cameras, flash cards, etc. Show them how they work, how they capture, store, and transfer information, and perhaps most importantly, how easy it is to hide information on them "in plain sight". I hate to say this, but "you gotta think like a teen".

For example, it would not surprise me to hear one day very soon that someone was caught smuggling confidential information on one of the tiny flash cards inserted into innocuous-looking devices like a cell phone or a PSP (Play Station Portable). In fact, the PSP is quite a useful computer in its own right, well beyond playing games. Heck, you can already remotely control your home with it, not to mention all of these cool uses. Sony is also empowering it with the LocationFree console to stream all kinds of digital media to your PSP at any hotspot.

There's also a new project for porting Linux over to the PSP. As any hacker knows, once you've got Linux running on a capable device with Wi-Fi (yup, it's a Wi-Fi Finder too). . . well, it doesn't take much imagination, does it? Now that makes toting stolen info on your iPod très passé.

Mighell on Metadata and User Error

Tom Mighell has a great reference post on Inter Alia that links to several informative metadata articles, including discussions of ineffective PDF redactions. Be sure to check out the comments following the Washington Post article, as it features an interesting post by none other than the metadata diva, Donna Payne.

New E-Discovery Blog

I was all set to write up a nice blog post about Preston Gate's new Electronic Discovery Law blog, but saw that my good friend, Dennis Kennedy, had already done so in this great post.

To that, all I can say is "Ditto" and his post is worth a read along with visiting Preston Gate's new blog. Per the site, it's "a blog on legal issues, news, and best practices relating to the discovery of electronically stored information published by the Document Analysis Technology Group at Preston Gates & Ellis LLP." They're off to a good start, with good EDD categories and content already in place in advance of their official launch on Monday.

I agree with Dennis that I'm glad they've included an RSS feed. So few large law firms have gotten "it" that blog and web sites by themselves are only half of the equation. The other half, and perhaps the only one that really matters to many diehard blog readers, is to be able to receive the content via RSS (or Atom) so they don't have to visit hundreds of different web sites to keep themselves informed. Other firms, webmasters, and bloggers take note: If I don't have a blog in my RSS reader, then I rarely visit it -- and that's usually only when another blogger or online article has posted a link to it within a useful context.

Electronic Discovery is growing in importance so rapidly there is still a big need to find good online resources and track developments. Dennis' post also provides links to several other good EDD blogs and sites, a number of which I've also mentioned previously.

I also agree with Dennis with the professional manner in which I was contacted to check out their blog. I wasn't asked to provide a link or a post. There was none of the "I already posted a link to your blog, so please post a link to ours" ploys. Instead, I received a simple, elegant, e-mail stating they had come across my blog with a nice compliment, informing me of their blog and some highlights, and asking me to check it out when I had a chance. Even if it was a form e-mail, Bravo for thought put into it, and welcome to the Blogosphere.

More on In-House EDD

Continuing the discussion between Dennis Kennedy, Ron Friedmann, Bruce MacEwen, and myself on law firm in-house EDD:

Dennis is "a bit more optimistic about law firms going into the electronic discovery services business". Along those lines, I think that the right combination of legal, lit support, and IT staff could do well with examining, searching, organizing, and producing electronic evidence that has been collected by a qualified EDD source. Indeed, many firms have been doing this to some degree already. There is a particular line of evolution that has the potential to serve firms quite well if they're willing to commit to it and recognize the value of their Lit Support Manager and IT Department collaboration.

Before I get to that, however, Dennis could very well be right in that an extremely small number of law firms with the properly trained and certified EDD people on staff and the right hardware and software savvy just might pull it off -- but by far this is the exception to the rule, as it's going to require an unconventional progressive-thinking and tech savvy culture (not too common in law firms, I'm sad to say). And they will still need to consider and address all the issues we've collectively mentioned, and more. Is there first-mover advantage? Possibly. However, I think there's a more "balanced" approach worth considering.

For this, I'm going to refer to several sources that Mike Arkfeld mentioned on his Electronic Discovery and Evidence blog a little over a month ago:

75% of Top Law Firms Not Qualified to Handle EDD Matters

E-Discovery Execs Name Top EDD Law Firms; 75% of AmLaw 200 Not Qualified to Handle Complex EDD Matters. "However, when asked, "What percentage of AmLaw 200 firms has the requisite knowledge and experience to professionally handle a complex EDD matter?" there was broad consensus that the answer was not more than 25%."

I actually read Mike's post well after I expressed similar thoughts. I'll reiterate from my prior posts that I believe that counsel and staff need to challenge themselves to be more educated on technical matters relating to computer systems, data, and EDD issues, and they need to be closely engaged with the EDD process. Of course, this is not going to happen overnight. But in doing so, they can guide the process, offer counsel, and make sure that the expensive EDD resources are being focused in the appropriate areas.

Mike also has another key post on this topic that is definitely worth mentioning:

Role of IT in Law Firms re EDD, which links to this article: Conference Preview: Use your EDD by Andrew Haslam. Andrew explores many of the issues we've discussed, and the example of a firm who crashed their entire computer system by hosting EDD is a good caution.

Having worked closely with various Lit Support and Project Managers, I think he's on the right track in the following quote, because I've seen it happening already:

"How will all of this affect IT departments? I believe that the role of the litigation support manager will evolve from one focused on the processes of scanning, coding and hosting systems, into a higher level of strategic adviser and project management. In parallel, the IT function could start to move from being a cost centre to a business contributor."

Now this is where I suspect more firms will be successful overall in extending their EDD savvy, rather than trying to become the full-blown in-house EDD provider. It allows a more gradual, less-costly ramp up. It also provides a greater opportunity to improve the quality of advice and service to their clients -- with less overall risk to both relating to EDD collection and custodianship. Another advantage is that it gives the firm time to evaluate their options and directions as they evolve with EDD. For more firms, this is probably the most doable proposition I've seen to date, because it enables firms to progress while keeping closer to doing what they know best -- their core competencies.

In-House EDD: A Controversial Topic at Best

Ron Friedmann (Strategic Legal Technology), along with Bruce MacEwen (Adam Smith, Esq.), think that bringing Electronic Evidence Discovery processing in-house in law firms (as suggested by this recent Law Technology News article) is a bad idea.

I agree with Ron and Bruce's comments, which I've summarized below:

Bruce's post explains several reasons why law firms should not bring EDD in-house:

1) EDD is not a law firm's core competency (the "stick to your own knitting" Management 101 theme)
2) Evidentiary issues
3) Malpractice issues
4) Highly variable demand and capacity utilization
5) Technology and processes in a constant state of flux
6) Disequilibrium in the state of the EDD industry and its profit margins

To this, Ron adds his note of caution:

"It is much easier to explain and justify a third-party disbursement than a law firm’s own time or line item charges (e.g, copying). Clients realize that the EDD space is rapidly changing and can reasonably expect a law firm to seek competitive bids. This does not mean that the lowest price wins; rather, it helps assure a reasonable price for the right services."

To these I'll add a few thoughts of my own:

1) Anything that puts a law firm member on the witness stand during the course of client representation is probably not a good thing. In the case of EDD, I believe it increases one's malpractice risk and the risk of losing cases and clients -- unreasonably so.

2) Consider the conflicts of interest inherent in offering certain ancillary services. This isn't new ground. It's been done before, and here's the best example of its impact: Recall the great "consulting" expansion of the Big Six (now Big Four) accounting firms? These firms discovered that their consulting arm created a number of conflicts.

Section 201 of Sarbanes-Oxley now expressly prohibits a large number of these ancillary services from being offered in conjunction with audit services. Even before SOX, some firms began to spin off their consulting divisions. Maintaining objectivity, especially when it comes to rendering expert services and opinions, is more valuable than most professionals realize.

3) While I know a number of very tech-savvy attorneys, I believe most law firms, and their lawyers in particular, lack the required competence in technical and forensic matters. This probably sounds harsh, and perhaps even a bit jaded, but it's my perception of current state of the legal market. There are always exceptions, and lawyers are generally becoming more tech savvy -- but overall, very few have the requisite tech knowledge in this highly specialized area.

I'll extend this point: Many law firm IT and litigation support departments, in general, are probably not properly trained in the necessary forensic techniques and issues, nor on all of the various client computer systems from which they would need to extract and collect data. Again, I'm talking about the technical proficiency issues here, not the legal ones. While a firm could go out and hire EDD professionals, consider then who will be responsible for managing them and the results. It just doesn't seem to me to be anywhere near the average law firm's core competence. This stuff is tricky, and if you don't know what you're doing, you can end up in a world of hurt in a hurry. Which brings me to my next point...

4) For a reality check, read "Prosecutors Leave an E-Trail" from October 2004 issue of Law Technology News as a good example of in-house EDD processing gone seriously wrong -- in this case, for the U.S. Attorney's Office. While they were fortunate in securing a conviction, it illustrates many of the points above. For a simplistic-yet-drastically more catastrophic result, read "Fax Error Costs EC €100m Court Case". While these are probably the more extreme examples of what can go wrong with technology, the sad fact remains that they occurred.

5) As Ron stated, clients pay for outside experts in litigation all the time. Why would they believe a law firm would have a higher or even equal level of experience and objectivity with lower overall costs when compared to an established outside expert/consultant? Also consider that if a lawyer or a client becomes dissatisfied with an expert's services, they can fire the expert and obtain another while maintaining the valued continuity of the lawyer's core services. When the lawyer or law firm becomes the expert, guess who gets fired? Donald Trump would have a field day with his slogan. The lawyer/firm gets thrown out with the bath water.

6) EDD service providers and consultancies have sprung up out of the woodwork, and I expect the EDD market to grow in revenue dramatically as more "core" information in cases is digital. However, like Bruce mentioned, I too expect a lot of shakeout in this market segment. Remember the ASP (Application Service Provider) craze near the end of the dot.com boom? Where are they now? A lot of consolidation and bankruptcies occurred in the interim -- and it all took place in less than five years (I'd say between 1999-2003). There are still ASPs in various markets, including legal, but it was a very turbulent ride that many did not survive.

This isn't to say that all ancillary services are a bad idea, nor should this be taken one way or the other regarding MDP (multidisciplinary practice) in general. These are all controversial issues at best. I'd suggest that one needs to look beyond the perceived gravy train to consider all ramifications, and especially those for the clients. However, I believe most law firms (and their clients) considering this specific service option would be better served in the long run by letting this one go.

However, as a seemingly-paradoxical corollary, lawyers (not just the litigators) as well as their clients need to challenge themselves to become as tech savvy as possible in this electronic era. Only more electronic information is being created, not less. There's much value to be had in the ability to know which questions to ask, how and where to find information, perceive patterns and issues, identify appropriate courses of action, and counsel clients on the associated risks and cost-benefit analyses. Now those are the lawyers and legal staff I want to know.

[As with all my posts, I should clarify that the above statements are made completely in my individual capacity as my own thoughts, and that none of this constitutes legal advice of any kind. You're free to draw your own conclusions. I'm simply applying good old fashioned common sense coupled with my experience in legal technology issues.]

Metadata Resource Sites

Trying to get a leg up on metadata before it sneaks up on you? Here are several excellent sites worth visiting:

• Metadatarisk.org (sponsored by Workshare, makers of DeltaView)
• DiscoveryResources.org (sponsored by Fios)
• Electronic Discovery and Evidence (Mike Arkfeld's successful blog in support of his book by the same name)

If you're aware of other good metadata-related sites, by all means, please leave a comment with the full URL.

After Threats, Caller ID Spoofing Entrepreneur Selling Business

Three days, that's all it took. The Net has been rife with criticism over this new startup endeavor, which I posted late last week. From the NY Times (free registration required):

"It may be known as caller ID spoofing, but it is evidently no laughing matter.

Three days after the start-up company Star38 began offering a service that fools caller ID systems, the founder, Jason Jepson, has decided to sell the business. Mr. Jepson said he had received harassing e-mail and phone messages and even a death threat taped to his front door - all he said from people opposed to his publicizing a commercial version of technology that until now has been mainly used by software programmers and the computer hackers' underground."

Here's the real irony: According to the article, Mr. Jepson's own privacy was severely compromised:

"While network security consultants and some other technology professionals are known to have a cottage industry involving the use of caller ID spoofing, Mr. Jepson said the nature of the threats he had received made him conclude they had come from so-called phishers - people who use caller ID spoofing and online techniques to trick people into handing over confidential information.

The people who threatened him, he said, had already tapped his phone calls and had obtained details about how much money he last deposited into his checking account. 'Some people,' he said, 'are pretty fired up about this.' "

Yet another example of asking the wrong question. Instead of asking, "Can we?" perhaps he should have asked, "Should we?" While I think many of us would probably not condone the more extreme actions taken against him, it sounds like he got a little taste of what it feels like to be harassed by unknown callers. For some strange reason, I just don't think he's going to get much sympathy.

The problem, however, remains. The genie is still out of the bottle, and his business is now up for sale. I feel it's one thing if a caller chooses to block their caller ID. The recipient still has the choice whether or not to pick up the call, knowing that it may be unwanted (after all, what did we do before Caller ID?). However, intentionally forging a caller's identity plunges Caller ID into a level of uncertainty and deceptiveness that crosses the line in my book.

Controversial New Caller ID Spoofing Service

Here we go again. When Caller ID was first introduced, it raised numerous privacy issues. Now, just as we're finally comfortable with it, along comes new technology to disturb the status quo. According to the New York Times (free registration required), a new company called Star38 (or *38) is offering a new service which enables debt collectors, law enforcement officials, and private investigators to spoof, or fake, their Caller ID information when they call you.

The service is cheap and easy to use, and the callers can set the Caller ID telephone number and name to whatever they want. The NY Times article discusses the legal concerns involved, including the Fair Debt Collection Practices Act. Engadget, one of my favorite tech blogs, recently had an interview with Star38's CEO and included photos of the service in action. Star38's sparse information is found here.

The following from the Times article is an eye opener:

"The developers of Star38, who say they required only 65 lines of computer code and $3,000 to create their service, insist that they will take steps to ensure that it is not used maliciously. They plan to spend up to 10 days checking the business licenses of all applicants and will ask subscribers to agree not to use Star38 to commit fraud, and to accept legal liability if they violate state or federal laws."

It will be interesting to see how effective asking subscribers not to commit fraud will be. It doesn't give me any warm fuzzies. It certainly wasn't good enough for the RIAA in the 321 Studios lawsuit, wherein the controversial DVD X Copy software asked its users whether the DVD being copied was borrowed or rented. Granted, that was primarily a DMCA suit, but you get my point.

Initially, the service will only be offered to the above types of customers following some type of background check, but not the general public. On this point, per the Times article:

"The company also plans to cooperate with police forces, if asked, to provide records of what numbers customers dialed to and from, and what numbers they chose to show the recipients of their calls.

"Law enforcement will have complete access to search our database," said Jason Jepson, the chief executive of Star38, of Newport Beach, Calif. "We don't want the insinuation that they can sign up, use it temporarily and then run off."

Mr. Jepson, 30 - who says he got the idea for his service after speaking to his aunt, a bounty hunter, about the best ways to get in touch with people - said Star38 had no immediate plans to sell its service to ordinary consumers because of the potential for misuse. "There are too many things that can go wrong," Mr. Jepson said.

But industry experts say that the caller ID spoofing, as it is known, is simple enough to develop that it is only a matter of time before other service providers make it available to anyone."

In the immortal words of George Carlin: That's what scares me.

Taking Electronic Discovery to the Molecular Level

Ever since nanotechnology heated up with discussions of nano-sized computer chips, I've been wondering when it would be extended to storing information. This time, it's taken on an organic spin: Courtesy of Engadget, it's been reported that "Korean scientists have created the world’s first Nano-DNA Barcode System (NDBS)."

"Suspended in a DNA-friendly buffer solution, the synthetic DNA may be sprayed-on or suffused into items that are normally hard to tag with a sticker, such as oil, agriculture products, or even money, providing invisible information on product origin, quality, or supplier. And unlike the stuff in us, this barcode DNA doesn’t mutate and is unhackable, making code alteration impossible."

This reminds of when, a number of years ago, graphic artists and photographers starting inserting digital signatures and copyright notices directly into their JPEG images -- due to the massive copying of web art going on at the time.

A DNA barcode would be a cool surreptitious way to track items and supposedly prove authenticity at the same time. However, I question whether it could also be abused. For a simple example, while the DNA code is purportedly unalterable, could a less-than-ethical oil distributer add a lesser grade of oil into a DNA-barcoded lot to "cut" or dilute it, yet still piggyback or pass itself off on the "authentic" DNA code present in the remaining original molecules? It seems to me there would need to be a parts-per-million type baseline established before it shipped, and not the mere presence of the barcode as the authentication.

The "money" application above also opens itself up to tracking other kinds of paper documents -- thus making the usually low-tech analog world of paper suddenly rich with its own style of metadata.

While some of this sounds Sci-Fi-ish, I've been thinking for quite some time that techno-tagging is going to get a lot more personal. RFID and DNA barcoding issues are only the first baby steps. Right now they're only sewing it into our garments.

I've seen numerous EED checklists expanding due to new data storage advances (PDA's, flash drives and memory cards, iPods, cell phones, hybrid consumer devices, etc.). I fully expect that list to become noticeably longer over the coming decade and beyond.

The EDDix 50: Another Great Resource for Legal Blogs

If there's one thing you've probably noticed about blogs and bloggers: we like useful lists with links. Thus you'll probably want to add the EDDix 50 to your collection.

This is a great resource, because the blawgs listed (and the blawgers behind them) are among the best resources for insightful, creative, savvy, and cutting edge information and discussions relating to the legal market. With all due respect to legal publishers, if you've ever watched "Men in Black", I consider blawgs to be the "Hot Sheets" of the legal world. To adapt Tommy Lee Jones' line: "Best damn legal practice commentary on the planet. But hey, go ahead, read the New York Times if you want. They get lucky sometimes." Per EDDix, "...the bLAWgs listed below -- the EDDix 50 -- are different."

The "value add" is EDDix 50's additional editorial features. Besides offering a savvy capsule review for each, it clearly indicates whether each blawg features an RSS feed, is listed on the Daily Whirl site (see below), and/or features an e-mail newsletter subscription. In addition, the EDDix 50 editors have coded select blawgs with a blue- or red-bordered box. It's marked blue if the "bLAWg being reviewed covers EDD topics", and red to signify that "regardless of focus, [EDDix] thinks this bLAWg or blog is MUST READING". Nice job.

You've also got to love an EDD site that doesn't take itself too seriously: "The EDDix 50 is dynamic because the world's dynamic and, quite frankly, we're fickle." Amen. If you haven't come across EDDix (Electronic Data Discovery Information eXchange) yet, that's because they're still in their site's beta launch. EDDix's niche is attempting to provide independent research, analysis and reporting on the EDD marketplace, and their mission is to make sense of EDD so you can make the right decisions.

Thus I'm truly honored to be included on the EDDix 50, and it's long been my goal to make this techie stuff more understandable and useful for others, as well as pointing out savvy ways to bake it into the practice and improving how we ultimately serve our clients. It also doesn't hurt to poke light fun at ourselves in the process. (I sometimes share with a wink that I'm a "recovering attorney" -- and it's a 47 step process.) Per EDDix: "We like people who make sense out of nonsense. In legal tech, JB's our man." Thanks. It's also important to point out that there are many other great blogs (legal and otherwise) available online, so these are not the end-all. They are, however, a good starting point to find information of interest and then finding others via their blogrolls and other links.

Other good legal tech lists and links that I HIGHLY recommend:

• Dennis Kennedy's "The Strongest Links" column on the ABA LPM's Law Practice TODAY e-zine.

  Each issue, the column provides a crème de la crème list of web links on a particular topic. While there's no separate link to his columns, they appear to be archived under the e-zine's "Technology Articles" category -- which is another great resource for legal tech info and tips. I recall reading that Tom Mighell (of Inter Alia, another EDDix 50 blawg) will also be contributing to the column, so it's in great hands.

• Ernie the Attorney's list of legal feeds.

  If you're new to reading RSS feeds, read his post first. Otherwise, all you really need is his list of blawgs in the standard OPML format, which you can easily import into your favorite news aggregator/RSS reader.

Finding other blawgs:

• My Detod
• Daily Whirl

On the subject of EDD, another good web resource is DiscoveryResources, which provides "up-to-date information, resources and news available about electronic discovery." There are a ton of free articles written by savvy experts on a variety of EDD, case law, and legal technology issues and developments.

iPods & Flash Drives Are Probably Worse Risks Than Camera Phones

...At least in my opinion. Many camera phones on the street still take fuzzy low-res photos (although that's a-changing too, with more megapixels coming all the time). This isn't saying that they can't be used to compromise sensitive information, record movies, violate privacies, etc. Of course they can.

However, while the mainstream is busy banning camera phones like it's the latest fashion craze, innocent-looking camera-less devices (and their owners) can easily be making off with a LOT more information. Compact, high capacity, and high speed USB and Firewire devices connect nearly instantly, without security measures or additional drivers, and can receive or transmit a lot of information in a very short time. Consider iPods, portable hard drives, tiny flash drives, flash card readers, and more. Why steal a desktop or laptop PC when you can make a copy of its potentially more valuable data in a fashion that's quick and nearly undetectable? On the flip side, they could be used as entry points for distributing malware into various networks.

The allure of these tiny, light, ultraportable, hot-swapping, plug 'n' play marvels (which Windows instantly mounts) is incredible. After all those years of suffering through torturous legacy hardware incompatibilities, popping off PC cases, and incurring the lifetime scars from sharp innards, we've finally arrived into hot swap Nirvana.

Apparently, Gartner thinks so too, as the The Register reports these devices are the latest security risks. Don't get me wrong, as I'd rather part with a thousand blurry (and thus mostly useless) camera phones before giving up my High-speed USB drives. They're that convenient and they just plain work (like doing a full Ghost dump of my laptop's drive in 12 minutes under full compression, and restoring it in under 5). Quite a long while ago, I read an online news article about folks walking into computer stores with hard drive music players and using them to download and pirate Mac software right off the sales floor PC's (it was probably on Wired News or The Register). Back then I wondered how long it'd be until these devices would be banned in commercial places.

So once again, the mainstream feels good in banning cell phones all over the place to feel secure. In my mind, why capture bad video when you can get perfect copies of the source? Doh! It's not like these things haven't been around longer than camera phones. Just something to think about if you routinely leave your PC unattended and unwatched during meetings, lunch, etc. Even if you tie it down with a Kensington cable, make sure you lock it via Ctrl-Alt-Del. With new tiny flash drives being endowed with 32-bit processors and server capabilities, I truly feel it's only a matter of time until someone comes up with an even slicker way to suck your secrets while you're standing in the express check-out lane during lunch.

Of course, all of this discussion begs the question of why chance getting caught in the physical act at the scene of the crime? What the news story really should have mentioned is that even USB (Ultra Speed Burglary) and laptop lifting is passé today when you think of the chic-ness and thrill of doing it wirelessly through all of the many grossly insecure consumer-configured Wi-Fi networks and personal firewall-less notebooks. Somehow it gives new meaning in a Wi-Fied McDonalds when they ask if you want it "to go".

[P.S. It's good to be back posting again after over a week's self-imposed abstinence, which is highly unusual for me. Between the new job, the near-endless unpacking, holiday, and being an active Dad and husband, something had to give. Like life, the summers in the Midwest are too short to miss -- especially when it comes to grilling beer brats and enjoying good company on a perfect summer's eve. Rest assured the tips and tricks are still in the works.]

CDs & Long-term Data Storage Tips

Courtesy of Dave Rakowski, who posted this link today on the ABA-LawTech listserv:

"Long Term Data Storage on CD-R Discs (how to store your data for a long, long time)", while containing some dated references, covers the controversy surrounding just how long one can expect data stored on burned CDs to survive. In this regard, I liked how it colorfully mentioned "Don't Screw Up the Dye Layer". Most people take great care to protect the clear plastic bottom of the CD, the one that the laser reads, and there's even handy devices like the Skip Doctor to help buff out scratches on that side to bring even badly scratched CDs and DVDs back from the dead.

However, what some people may not realize is that your disc's data is stored literally right behind the label, in what's known as the dye layer. So while there's a lot of clear plastic between the laser side and the data, your data is only a hair's breadth away from being rendered partially or completely unreadable by even a small scratch on the label side. The good news is that this makes it very easy to dispose of these discs securely by taking a sharp object like a flat head screwdriver to the label side with a minimum and quick effort (which I've done in well under a minute). The bad news is that once the dye layer is damaged, say hasta la vista to the affected data.

Perhaps even more helpful, the article discusses why some file formats are better than others -- not for storage, but for long term accessibility due to the fact that technology and formats change so frequently. For example, the included file type table suggested various MPEG versions as preferred over more proprietary formats such as AVI, Quicktime, and RealVideo, which may or may not be around in say, five, ten, or more years. Another great suggestion: "To maintain maximum flexibility for your archived data, you might want to store two copies on each disc, one copy in an industry-standard format, and another in the application-specific format of your choice." Lastly, it pays to check your data collection every few years, to make sure they're still readable and to transfer them to new media types as the old ones become obsolete (not to mention the hardware required to read them).

Microsoft Metadata Chuckle of the Day

This one was just too good to pass up. John Lederer, a fellow Wisconsinite and friend of mine on the ABA LAWTECH list, posted this gem last evening:

"Microsoft has produced a sales document explaining why MS Office is better than OpenOffice.

OpenOffice.pdf
[Note: Link text shortened from John's original post for formatting reasons.]

Among other reasons Microsoft argues are:

'Seamless Information Exchange There are over 300 million users of Office worldwide who can seamlessly exchange documents without concerns for loss of data or formatting errors.'

And

'Office includes Publisher, which enables small businesses to create professional sales and marketing documents, Web sites and email campaigns in-house, without the need for expensive outsourcing.'

The marketing document? Oh, that is a pdf produced on a Macintosh using QuarkExpress as can be seen by looking at the last few lines of the pdf code. After all it needs to be seamlessly exchanged and look professional."

Indeed, the PDF above contains the following text near the very end, when viewed with even the simplest text editor:

/CreationDate (D:20030911160553)
/Producer (Acrobat Distiller 4.05 for Macintosh)
/Author (Gravity)
/Title (competitive OpenOffice.qxd)
/Creator (QuarkXPress\(tm\) 4.11)
/ModDate (D:20030911160603-07'00')

Yep, that's why MS Office is better than OpenOffice all right.

[Also posted to illustrate another hard lesson in the dangers of metadata. If this content is accurate, not only was the document not created using MS Office, but it wasn't even done on Windows.]

But Does Your Sports Car Have a Cheat Code?

The BMW M3 is apparently the first car with a cheat code, sometimes referred to as an easter egg. Given the car's completely electronic transmission, it was only a matter of time until other aspects of computer programming crept into automobiles. Basically, the M3's normal operation doesn't allow neutral drops, to the disappointment of some of its drivers. Popular Science lists the undocumented details to enable the rocket launch. (And kids, don't try this at home!)

Of course, the next question is whether the M3 also comes with its own "black box", which would verify what one was doing right before that sudden "accident". Head on over to Vetronix for information regarding their $2,500 Crash Data Retrieval System, which can recover the logs from a number of these automotive black boxes.

Erasable, Editable, Recallable E-mail?

E-mail is a big problem for businesses and individuals alike. Say something in person without a recording device, and the hard evidence evaporates almost immediately, devolving into the wiggle room arena of "he said, she said".

Not so with most e-mail messages -- which can linger like bad fish left in someone else's kitchen. The sender suspects it's still out there, becoming more pungent with age, but generally can't do much to reach out and toss the spoiled thing away before it's discovered and used against him or her. Thus a number of developers have attempted to re-engineer the e-mail process into something often touted as completely controllable by the sender. Frankly, the false sense of security generated by these attempted solutions scares the dickens out of me. Let me tell you why:

But first, a couple of much-needed disclaimers:

1) This article intentionally begs the question of the propriety of destroying e-mails and/or attachments after they were sent. It could go either way depending on the situation. At one end of the spectrum, a company that has crafted a legal and appropriate document retention policy may also have a legitimate need to ensure their e-mails comply with that policy (although the Sarbanes-Oxley Act has potential impact here). At the other extreme, one who has engaged in inappropriate or illegal acts could abuse these enhanced e-mail services by attempting to destroy key evidence after the fact. As with most technology, good or bad results depend heavily upon how it was ultimately used.

2) Therefore, this article is intended to discuss the technical advantages, disadvantages, and even potential fallacies of "controllable" e-mail systems. It is not meant in any way to denigrate these developers, their products, services or attempts to provide more secure e-mail systems. Everyone is free to reach their own conclusion on this subject.

I came across this post today at Mike Arkfeld's excellent Electronic Discovery and Evidence blog. It describes BigString.com's new e-mail service that purports to "recall, modify or set an expiration date for emails that have already been sent. These emails can be erased, modified or expired even if the recipient has read them."

Having researched and written on the subject of "controllable", "recallable", and "disappearing" e-mail over three years ago for the National Law Journal, this naturally piqued my interest. The underlying idea is nothing new. Back in 2000, several companies experimented with new e-mail services that gave the sender a much higher level of control over dissemination, viewability, and expiration of their e-mails. Some developers encrypted e-mails with keys the sender controlled. In essence, a recipient's e-mail service or program could only decrypt a message if the key hadn't been revoked or otherwise expired by the sender. Other services took a different approach by "play[ing] host to an entire self-destructing mail system. Users must go to their sites to send and receive encrypted mail." At the very end of my NLJ article, I provided links to a few services who took this latter approach as examples.

Once the decryption key became unavailable, the theory was that the e-mail became an unintelligible, encrypted mess of alphanumeric soup. That was supposed to give the sender a huge sense of relief and protection that it had, for all practical purposes, "disappeared".

Except that the e-mail didn't disappear, did it? In some cases, the recipient still had a record that they received an e-mail from Sender X, but the contents were scrambled. Even such a limited e-mail could be used to establish that communication had in fact occurred between two parties who may have otherwise denied it. And as you may note from my NLJ article above, depending upon the method used for control, there was little to stop the recipient from printing, screen-capturing or copying-and-pasting it (while the e-mail is still active) into another format that couldn't be so easily controlled. If printed, one has a hard copy that is completely independent of its digital counterpart. Screen captures allow one to store a picture of the e-mail in a common graphical format, such as a bitmap (.BMP) or JPEG (.JPG), that can't be recalled and can also be printed. The same goes for copying and pasting text into a separate document or e-mail message. And then there's low tech: If the recipient can read the e-mail, they can take a photo with a video or still camera. Given some of the tiny yet high resolution digital cameras that covertly fit into a pocket, one should consider this as another threat which has long been used in corporate espionage.

Unfortunately, I have yet to see one of these consumer or commercial services that didn't have some holes in it -- so be wary. As mentioned, there was some exception that enabled the recipient to retain some or all of the message beyond the control of its sender -- especially if they acted immediately while the e-mail message was still in an "enabled" and thus "readable" state. Naturally, these exceptions required some tech savvy on the part of the recipient or their hired gun. However, a security system that works best off a user's ignorance, while effective most of the time, is still flawed.

Coming back to the present: To be fair to BigString, I asked myself, how could BigString's service be different? Were they using encryption as well, or perhaps taking a different approach by hosting the source e-mail and then tricking/redirecting the recipients' e-mail programs via HTML, scripting, or other dynamic or active web content? So I visited BigString.com's site, and began reading through all their pages. All but one of them extolled the many virtues of the service without explaining how it worked under the hood. Note to marketing department: Seeing that much unsubstantiated hype generally makes one very skeptical. The more I read between the lines, the more I began to think that they must be providing some type of e-mail hosting service. By hosting it they control access to the source e-mail message and attachments. I figured that the recipients probably just received an e-mail containing a unique redirected link back to the original message, or something very similar. If an HTML-formatted e-mail was crafted properly, it would appear to the reader that the e-mail message was indeed sitting in their inbox, when in actuality it was being fetched over the web automatically by their HTML-ready e-mail program. All quite clever indeed.

Then, buried in the press releases, I finally found the one page (a New York Times reprint) that provided a limited description of how it works, which confirmed these musings. And once again, the old "print", "save as image", and "copy/paste" concerns were mentioned:

"BigString e-mail recipients can save the messages, but only as image files, and they cannot cut-and-paste from them. Mr. Myman said the company would release an optional feature next month that blocks the receiver's ability to print the messages.

As with any Web-based e-mail service, it is possible, albeit unlikely, that a hacker might tap into BigString servers and gain access to e-mail messages.

'Sure, you could crack the mother lode by getting at this one location," Mr. Clinton said. "But at least that's a location that's working on security.' "

Technically speaking, if one can save a text or HTML-formatted message as an image (via screen capturing built right into Windows, no less, or by one of many such programs available), then wouldn't one also have the ability to:

1) Preserve the e-mail long past its edit, recall, or expiration date,
2) Forward the saved image to others, beyond the control of the original sender,
3) Print the saved image to hard copy to preserve it completely outside the digital realm,
4) OCR the image to convert the image back into text,
5) Which then allows it to be copied and pasted into another document or format,
6) Which also allows it to be printed, and
7) Which also means that one need not even try to hack into BigString's servers.

Another observation, and admittedly this is based on some conjecture on my part to which I welcome additional clarification to be fair:

Per the NYT article, the e-mail is stored in HTML format. I have encountered web sites which have prohibited right-clicking, saving, printing, and the like. Generally this was done by inserting additional coding in the HTML page that prevented these actions by average web visitors -- who viewed the content in web browsers that properly executed these limitations. However, with a minimal amount of additional effort (say less than 30 minutes), it is sometimes possible to download this "protected" content into an HTML or text editor, and then either edit out the prohibiting code or instead copy and paste the desired content into another document window. Again, I'm not making the call on the propriety of doing so -- my point being that it is often, in fact, doable by someone knowledgeable, and is doable beyond the direct control of the author. Again, I have not seen BigString's HTML-formatted e-mail, and this is indeed guesswork on my part. Thus I welcome clarification from BigString since I did not see any whitepapers or other truly technical information on their site.

However, experience has taught me that reliance upon a false sense of security is a very dangerous thing, leading to dangerous assumptions, such as: The Titanic was unsinkable, or that a system is completely secure. No security system is foolproof, only "fool resistant" at best. Another point worth offering is that security is not a product nor a service. It is a process, and it is equally important to know where the strengths and weaknesses lie in that process. Notice that nowhere here have I stated to use or not to use any of these services. That was not my intent or point at all, but rather education and informed consent. With any type of digital rights management (DRM) system, it behooves the users to understand exactly what it can and can't do, and plan accordingly. Ask all the right questions and don't relent until you have sufficient answers. Quantify the upside gains and downside risks. And then just maybe, you'll have an intelligent means to conclude whether using such a system is feasible, justified, and even advisable. The rest is up to you.

3.18.04 Update: As I reflected on this post for a few days, I realized that I hadn't stated a key point:

While these e-mail services are not perfect, the 80/20 or the "good enough"' rule is applicable. Without these services, all e-mail one sends out could potentially come back to bite him/her and/or the organization. While these services would not prohibit all attempts by recipients to preserve e-mails, in the due course they could be fairly effective due to the relative technical ignorance of most recipients. If a company could reduce its e-mail risk by say, 80%, that could very well justify its adoption -- with a savvy decision maker recognizing that it's a practical tool with a few warts, not a panacea.

My main point here is that people could become overly reliant upon these services to the point where its users get too comfortable. Thus they could make some monumental mistakes that they wouldn't have done absent their reliance on this technology. Without this technology in place, a person may think twice about sending a particular e-mail if they know they can't unring the bell. If the person thinks that all e-mails are recallable or can be excised through automated expiration, they may become less likely to think about the consequences before clicking "Send".

For example, a key officer sends an inappropriate or incriminating e-mail to a cohort thinking that it will automatically disappear after X days to cover his/her tracks. Another would be senior management adopting the services thinking that it will completely eliminate their exposure in electronic discovery with respect to e-mails. As with any change in technology, management and user training should encompass not only the technlogical aspects but the real-life ramifications associated with it. I've said it before and I'll say it again: Security is a process, not a product, and when people are involved in that process, they often become the weakest link.

More on Microsoft Metadata

Back on January 6th, I reported the release of Microsoft's "Remove Hidden Data add-in for Office 2003 and Office XP".

With Microsoft's track record, I was somewhat skeptical that such a free utility would live up to its hype. With that in mind, I cautioned:

"I mentioned the readme file so that savvy users could compare its functionality to other metadata removers on the market. Although it's free, I strongly suggest that you make sure this tool removes everything you need it to remove. If it doesn't, then I recommend obtaining a program that will do the necessary job rather than rely upon this free utility. Otherwise, it could create a false sense of security, which when relied upon can cause many of the same problems as not using a metadata remover at all. Still, if you do not currently have a metadata remover and use the Office XP or Office 2003 suites, then using this add-in is probably better than the alternative."

Microsoft recently posted "Known issues with the Remove Hidden Data add-in for Office 2003 and Office XP". Also, Microsoft's Knowledge Base Article 834427 provides more information on the types of data this add-in can remove.

Therefore, it's up to each person to decide whether or not this tool properly suits their needs, and how it stacks up against leading programs such as Payne Consulting Group's Metadata Assistant for Word, Excel and PowerPoint. If the Microsoft tool removes what you need it to remove, then it may be worth using. The problem is that many people are just not tech savvy enough to know how to determine this -- thus my caution about false reliance on a metadata remover. My best advice is that whenever you can achieve it, as a general rule, Word document files do not contain revision and other metadata after conversion to HTML and PDF files. If you must share or send MS Office files, then make sure it is properly cleansed before sending. As part of one's due diligence in this regard, I believe a bit of in-house testing is required. If you don't know how to do this, then I heartily recommend engaging someone who does, such as Donna Payne.

As a good example of why we need to understand and care about metadata is this intriguing article by Preston Gralla. Mr. Gralla, a noted technology author, outlines how savvy privacy experts were able to debunk a supposedly valid high-level U.K. intelligence dossier about Iraq to be little more than a "cut-and-paste job" from three publicly available articles, one of which had been written by a postgraduate student in the U.S. I've also read similar approaches being used on college research papers and even attorneys' briefs to see who really wrote them and how much editing time was involved (cut-and-pastes take much less time than actual drafting) compared against the time billed.

[Thanks to Tom Mighell of inter alia and Sabrina Pacifici of beSpacific for some of the links.]

Now *That's* a Lot of Data...

The new Firewire column at the LawPractice Today e-zine really puts things into perspective.

John Tredennick cites a report from the UC Berkeley School of Information Management and Systems, which makes some conclusions about how much data was created in 2002. Assuming this is accurate, we are collectively cranking out some serious data, most of which is not being stored in paper form.

The accompanying chart helps to illustrate exactly how huge this data pile is. Ever try to figure out how much a Terabyte, Petabyte, or even Exabyte means in a measure that's comprehensible to mere mortals? Here's one good example: 200 Petabytes represents all printed material. (A Petabyte is 1,000,000,000,000,000 bytes or 10¹⁵ bytes.) While that is certainly mountainous, it doesn't hold a candle to the total volume of information generated in 1999, which is 2 Exabytes (an Exabyte is 1,000,000,000,000,000,000 bytes or 10¹⁸ bytes).

Considering that was over four years ago, and the estimation that 5 Exabytes represents "All words ever spoken by human beings," and one quickly realizes we are at a point where we are collectively cranking out one heck of a lot of data. To put the above into perspective, the entire print collection of the U.S. Library of Congress only amounts to a paltry 10 Terabytes (a Terabyte is 1,000,000,000,000 bytes or 10¹² bytes).

Just a few orders of magnitude in difference, wouldn't one say? It certainly explains why electronic data discovery (EDD) has grown in leaps and bounds. In the most simplistic terms, I consider paper and electronic evidence to make up the two basic parts of the iceberg: Paper represents the tiny tip that is visible in comparison to the overwhelming mass that lies hidden under the surface. Let's extend this analogy a bit further: Attorneys still working predominantly with paper-based discovery remind me of the captain of the Titanic, under the belief that his ship was unsinkable because he would be able to see the icebergs in sufficient time to avoid them.

While there are certainly tech-savvy attorneys available who are ready and will rise to the challenge, in my humble opinion there are many more who are not. This may be difficult for some to accept, but there is still hope. In many cases, these latter attorneys are going to need someone to help them muddle through. This is where I see much opportunity for quality EDD consultants to fill this gap.

While many EDD "vendors" will readily collect the data, there is often far too much for "mere mortals" to wade through and still meet litigation and transaction deadlines. It's the worst kept secret among litigation support professionals as to how many times they've seen electronic evidence get blown back to paper, which diminishes much of their usefulness and portability. A true consultant will find savvy ways to separate the wheat from the chaff and present it in ways which work well with legal professionals and their clients (with the latter, the cost issues alone are huge barriers to overcome). In other words, finding the right huge pile of data is one thing, but digging in the right place with the right shovel is quite another.

ABA Task Force Offers E-Discovery Standards Draft

Today's ABA Journal eReport provides an update on the ABA's efforts to assist in developing standards for electronic discovery. The ABA Litigation Section’s Task Force on Electronic Discovery has proposed amendments to the ABA Civil Discovery Standards addressing electronic discovery, and is taking comments on these draft amendments.

According to the eReport article, "[t]he draft was designed to address three primary issues: allocating the cost of electronic discovery, altering or destroying evidence, and handling privileged information. Standards exist for such issues in the paper world, but there are new issues associated with electronic evidence."

The task force has proposed five standards, which are summarized in the article. The thrust behind this effort is that technology changes faster than the ability of the system to update the rules accordingly (which is also the subject of one of the proposed standards regarding storage medium). For attorneys looking to get their feet wet in ED, the proposed standards offer a nice checklist of the types of data involved, cost-sharing issues, and more. For more experienced cyber-litigators, it's helpful to see which way the wind is blowing as the profession attempts to address these issues. These proposed standards may indeed assist in forming the basis of Electronic Discovery Best Practices.

Five Good Articles on Electronic Discovery Issues

Via Law.com, these links to five articles from the Law Technology News magazine on EDD (Electronic Data Discovery) are well worth the read:

• "The Discovery Dance", Daniel Blouin, Law Technology News, Jan. 15, 2004

  Discusses recent EDD cases such as Zubulake v. UBS Warburg LLC, et al., and In re Ford Motor Co., and their effect upon negotiating and drafting electronic discovery requests.

• "Data Collection Standards", Albert Barsocchini, Law Technology News, Jan. 15, 2004

  An analysis of why the current methodology for collecting electronic evidence in response to Hart-Scott-Rodino second requests and large electronic discovery cases is about to change dramatically, and suggested factors to use when evaluating EDD vendors.

• "Can Your Old Files Come Back to Life?", Craig Ball, Law Technology News, Jan. 15, 2004

  A good primer for explaining how hard drives retain information, the forensic implications of "slack space" and "cluster size", and why these issues should be addressed in drafting discovery requests and the actual forensic collection.

• "The Dilemma of Duplicates", Stephanie Sabatini, Law Technology News, Jan. 15, 2004

  Another good primer on the pros and cons of either keeping or removing duplicate data in electronic discovery cases, as well as related metadata, contextual, and privilege issues.

• "Raves for Two New EDD Books", Albert Barsocchini and Craig Ball, Law Technology News, Jan. 15, 2004

  Good reviews on two essential EDD books, "Electronic Discovery and Evidence" by Michael Arkfeld, and "Essentials of Electronic Discovery: Finding and Using Cyber Evidence" by Joan Feldman.

  While you're at it, I highly recommend checking out Mike's two blogs, Electronic Discovery and Evidence and Digital Practice of Law, for a host of useful tips and resources.

More Legal Tech Trends for 2004

The beginning of a new year naturally brings a number of predictions, or put more accurately, trend analysis. Ron Friedmann kicked things off with his savvy crystal ball, and Dennis Kennedy just posted his. As usual, these are excellent articles well worth the read.

To these interesting points, I'll add five of my own:

I believe a number of projects law firms will be working on this year won't be "new" per se, but in actuality are a natural extension from their prior efforts. Specifically:

1. Integration

Over the past five years, law firms have invested massive amounts of time and money to install and upgrade office suites, billing and accounting, e-mail, practice management (CMS, DMS, KMS, etc.), marketing, contact management, human resources, recruiting, and intranet and extranet systems, among others. The problem is that for the most part, the data is still located in silos throughout the organization. In many cases, human resources, marketing, accounting, and practice groups all have their various databases in separate applications. In terms of internal business intelligence and responding to RFP's, there are just too many hurdles in the way. In order to gain the necessary productivity, effectiveness, and timely responses to inquiries, firms are looking at ways to bridge these gaps.

2. E-mail & Attachment Management

Most businesses have a real love/hate relationship with e-mail. Spam, viruses, web bugs, malware, document retention, electronic discovery, attachment management, and content search and retrieval has become some of the largest challenges to both IT directors and lawyers alike. Then mix in the additional issues with instant messaging and instant file transfer. As Dennis Kennedy has aptly stated, spam and spam filtering has broken the trust upon which we've come to rely in communicating via e-mail.

Thus identifying and implementing effective solutions to these challenges will most likely be high on the project lists. The problem is that there is no one program, no silver bullet, that will magically address all of these issues. With that said, more documents are received electronically, and there are systems available which help automate the storage and indexing of e-mail attachments. Note the use of the word "help", as the human element is still critical. Therefore, look for firms to try to find an acceptable balance between automatic system controls (i.e., spam filtering), ease of use, and meeting both their staff's and clients' needs in filing and finding those electronic needles in ever-growing haystacks.

3. Proactive Client Partnering

There have been quite a number of recent articles explaining why law firms get fired by in-house counsel. Controlling costs, lack of responsiveness, and failure to adapt to their clients' evolving needs are among the top reasons. Firms who want to retain their clients for the long haul are learning the value of proactively meeting with them to best determine what they want and what they need. There's been a lot of buzz regarding how portals can bridge this gap. However, the smart firms will be the ones who take the time to get to know their clients' business, and work backwards to mold their services (professional, technological, etc.) to fit those needs like a glove. A portfolio approach in this regard will serve firms quite well. Lastly, they need to bake these new processes into their staff's daily routine so they are not perceived as "extra work".

4. Electronic Discovery & Litigation Support

This topic was already mentioned in other "trends" articles, and for good reason -- this is hot technology. Lawyers in firms of all sizes are being dragged into electronic discovery whether they like it or not. Nearly gone are the days of the gentleman's agreement, "I won't ask for yours if you don't ask for mine." Ever-increasing percentages of electronic documents and data never make it to paper. New cases are refining the factors used for determining scope and cost-shifting. Thus it's probably only a matter of time until lack of due diligence in electronic discovery-related matters will have consequences with many sharp teeth.

In addition, there has been an explosion of new service provider entrants in this area. Lawyers don't have time to meet with them all. So the savvy law firms are compiling a list of "preferred providers", ones they've pre-screened or have tested previously. Recalling the previously "Hot" ASP market from several years ago has taught us this lesson: Trickling down, this will result in shakeout and consolidation in the ED market over the next several years. Indeed, there is already noticeable instability in this market niche. I have observed much mobility of key people between ED vendors -- people I've spoken with at one provider only 6-12 months ago are now with a competitor. Some ED businesses are already being acquired by larger companies. Expect all of these activities to continue during 2004 and beyond as the marketplace continues to self-adjust.

5. Mobile Technology

Let's face it: The more one uses technology, the more one generally becomes dependent upon it. Thus having access to the right information at the right time at the right location is key. Remote access isn't enough anymore. Professionals need mobile access to their calendars, address/cell phone books, e-mail, document attachments, research, notes, databases (both online and internal), and much more from a growing number of locations. Thus look for firms to take more of a portfolio approach to their mobile technology systems and offerings, rather than having just one or two pat solutions. A combination of desktop-like remote access, webified program extensions, wireless (Wi-Fi, broadband cellular, Blackberries, Palms, combo devices like the Treo 600, etc.) are already being offered at firms. Therefore, look for savvy firms to approach these not as discrete technologies, but as part of a broader plan to further integrate and yet untether their attorneys.

Well, there you have it -- my take on where things are headed for 2004. While challenging, most of these are not "rocket science", but rather are just the next evolutionary steps for those willing to move forward.

New MS Office 2003/XP Add-in to Remove Hidden Data

Microsoft just published a free tool to remove hidden data (metadata) from the following Office applications:

• Microsoft Office Word 2003


• Microsoft Office Excel 2003


• Microsoft Office PowerPoint 2003


• Microsoft Word 2002


• Microsoft Excel 2002


• Microsoft PowerPoint 2002

Microsoft's overview states: "With this add-in you can permanently remove hidden and collaboration data, such as change tracking and comments, from Word 2003/XP, Excel 2003/XP, and PowerPoint 2003/XP files." There is a "readme" file included in its installation which provides a complete list of all of the types of data that the tool will help to remove.

Per MS, "you can run the Remove Hidden Data add-in on individual files from within your Office XP or Office 2003 application. Or, you can run Remove Hidden Data on multiple files at once from the command line."

Here's the big catch (you knew there had to be one): Currently, the only supported operating system for this add-in is Windows XP. Microsoft states that "[t]he Remove Hidden Data add-in has not been tested on Microsoft Windows 2000. Also, the add-in cannot be installed on Windows 98 or Windows Millennium Edition." While I'll resist the temptation to mention this appears to be yet another MS ploy to drive Win XP upgrades, I have to admit the thought crossed my mind. It could also be that MS wanted to release it as soon as they had a Win XP-ready add-in. Here's hoping they will support other Windows versions (but I'm also not holding my breath on this one).

Apparently this add-in is free to licensed users of these programs. Please note this is not a separate standalone program, so you must have the necessary Office program installed in Windows XP for the add-in to work. Microsoft's web page above also lists a number of helpful tips, such as saving to a new file so as to preserve any wanted items (e.g., Track Changes) in the original collaborated files.

I mentioned the readme file so that savvy users could compare its functionality to other metadata removers on the market. Although it's free, I strongly suggest that you make sure this tool removes everything you need it to remove. If it doesn't, then I recommend obtaining a program that will do the necessary job rather than rely upon this free utility. Otherwise, it could create a false sense of security, which when relied upon can cause many of the same problems as not using a metadata remover at all. Still, if you do not currently have a metadata remover and use the Office XP or Office 2003 suites, then using this add-in is probably better than the alternative.

On another note, while speaking at a recent legal technology conference, I was glad I attended a presentation from Donna Payne of Payne Consulting. She emphasized that metadata issues and improved metadata control is at least one compelling reason to upgrade to either Office XP or 2003 from prior versions. Of course, she then "scared us straight" by demonstrating metadata issues about which MS was unaware until she showed them. Yikes.

New and Redesigned Legal Technology Blogs

First, Ron Friedmann has recently redesigned his web site, Prism Legal Consulting, and integrated his blog, Strategic Legal Technology. Ron has consistently authored some of the most insightful and topical posts I've read on the strategic issues facing firms today. With the redesign, he added an RSS news feed so you can add it to your favorite news aggregator. Well worth the visit in my humble opinion.

Next, Mike Arkfeld has added not one, but two blogs which correspond to the books he's written: Digital Practice of Law is his "daily digest of cases, comments and practical references for applying technology to the practice of law." Electronic Discovery and Evidence covers "cases, comments and other matters relating to electronic discovery and evidence." Both blogs also have an RSS feed.

A little over a month ago, I ran into both Ron and Mike at the Chicago LegalTech conference -- two of the nicest and most intelligent guys I know in the legal technology corner. It was my first opportunity to meet Ron who I chanced to sit next to during the keynote. As you may have guessed, with blogging in common the introductions were seamless. In fact, the main reason I recognized Ron was that I had seen his web site photo which I found via his blog -- so web sites and blogs do work. During my conversation with Mike, I mentioned to him that he might want to consider starting a blog to tie in his books. I had just launched this blog back in September, and was simply amazed at the traffic it generated compared to a conventional web site. Plus, anyone who knows Mike also knows how much useful information he can contribute. However, I can't claim any originality on the book blog, as I was inspired by Rick Klau when he marketed the second edition of "The Lawyer's Guide to Marketing on the Internet".

In any event, if you should have the opportunity to see either Ron or Mike present on legal technology and/or strategic planning issues, my advice is take advantage of it. In the meantime, there's gold in them thar blogs. ;^)

What To Do When You Get an Odd Electronic File

It's only a matter of time before you receive a data file you can't open. Perhaps it was created by a program you don't have, such as a CAD or a graphic design program. Regardless, the first thing you'll need to do is identify the type of file.

I've collected a list of sites that identify and describe computer file types by their extension or suffix, e.g. .BMP for Windows Bitmap file. This is particularly handy when dealing with files obtained from clients, opposing and co-counsel, or various parties via electronic discovery, especially when you don't have copies of the original programs that created them:

• Ace.Net list of "Almost Every file format in the world"
  
• Burncreek.net, File Format Extensions
  
• FILExt, The File Extension Source
  
• TechTarget.com, "Every File Format in the World"
  
• Webopedia, Data Formats and Their File Extensions
  
• Wotsit's Format, The Programmer's File Format Collection

Then, of course, you'll need to open the file in a program that can understand it. Therefore, having a versatile file viewer is a handy tool for viewing and/or printing those files. While there are a lot of them, I particularly like these two:

• Quick View Plus handles more than 225 Windows, UNIX, Macintosh, DOS and Internet file formats. It's not freeware, but it's well worth the price since you don't have to go out and purchase all the programs it supports.
  
• IrfanView supports many graphic, video, and audio file formats, although some plugins may be needed. From their web site: "IrfanView is a very fast, small, compact and innovative FREEWARE (for non-commercial use) graphic viewer for Windows 9x/ME/NT/2000/XP." You'll need to purchase a license for business use.

File viewers, while not a complete substitute for the full original program, also enable you to open a suspect file safely. They do so by opening the data files without executing any embedded malware such as viruses or trojans.

Lastly, some software developers provide free downloadable viewers so that people without their software can still view those formats. Adobe has long made their Acrobat Reader free via download. Even Microsoft offers some freebies. For example, Microsoft provides free viewers for Word, PowerPoint, Excel, Access, and Visio. Other vendors' viewers are easily found via some savvy Google searches.

So the next time you receive that oddball file, there is much more help at your fingertips than you may have realized.

Internal E-mail: Take Me to Your Leader

Nature Science Update has an intriguing report on HP's own organizational study, "E-mail Reveals Real Leaders".

Researchers at Hewlett Packard have "developed a way to use e-mail exchanges to build a map of the structure of an organization. The map shows the teams in which people actually work, as opposed to those they are assigned to."

In other words, they're studying the flow of e-mail to learn how their organization really works -- who speaks to whom, who holds the real power, etc.

In essence, large organizations tend to divide into informal collaborative networks, called "communities of practice." Sound familiar? Large law firms formally divide themselves into practice groups, or formal silos. However, there's often a lot of cross-talk via e-mail, except that no one really knows who's talking to whom. That's why identifying the informal "communities of practice" is otherwise so elusive. This time around, e-mail provides a nice big bread crumb trail. Just as Google's results ranking algorithms make heavy use of inbound web site linkages, it seems that HP's methods are doing something along similar conceptual lines with internal e-mail.

With all the KM buzz, wouldn't it be handy to have a visual map of your organization's leaders "in the trenches", and perhaps even more importantly, determine who are the real influencers? My thinking is that if you consider an organization's people to be its brain cells, then the mapping the e-mail communication between them is akin to mapping that brain's neural network.

As firms create more virtual and cross-functional teams, the lines blur and having good information on how the organization truly functions can provide vital feedback for their leaders. Is it functioning efficiently, or is it having seizures and blockages instead, in which case vital segments are routing work around them to accomplish their projects?

By the way, the article references other such endeavors over the past several years. While this is probably too cerebral for most organizations, as well as a potential threat to some in formal management, it could be an emerging technology worth watching.

In fact, it occurs to me that something like this could be quite effective in electronic discovery cases. Imagine showing the jury a visual map illustrating how and when key e-mails were circulated throughout a company. No doubt you've heard of TimeMap for preparing timeline exhibits. How about MailMap? (In case any developers are reading this, I'll gladly accept royalty checks. ;^)