I'm honored that ILTA asked me to contribute a white paper on best practices for legal holds.  It's a topic near and dear to my heart, as I advise companies seeking to implement more effective hold policies and procedures.  The legal hold process is a critical stage in eDiscovery.  Implementing and executing a well-designed legal hold process can significantly reduce the risks and costs associated with eDiscovery and other compliance requirements.

Crafting, adopting and implementing legal hold best practices often raises the following questions:

• When is our legal obligation to preserve information triggered?
• Where is all of our data relating to this matter?
• How should we notify people of the need to preserve their information?
• Who needs to be notified?
• How much or how little information do we need to preserve?
• How can we best preserve and collect the data to meet our legal obligation?
• When should we rely upon custodian self-selection of data to preserve, and when is it more appropriate to follow a different procedure?
• When can we dispose of the information preserved subject to the legal hold?

You can download a PDF reprint here at LTG, which answers these increasingly important questions along with examples from recent key eDiscovery case decisions.

I also recommend downloading and reading the full white paper collection, made possible by the combined efforts of ILTA's Litigation Support, Records Management and Law Department Peer Groups.  There are a number of great contributions on the subject which many should find quite helpful:

Litigation Support: Document Forensics and Legal Holds
Articles included in this white paper:
- Overcoming Data Encryption for Forensic Imaging and Collections
- When is Full-Blown Forensic Collection Necessary?
- When "Deleted" Doesn't Mean "Gone"
- Disaster Recovery or Discovery Disaster?
- Legal Hold and Subpoena Compliance Coordination
- Best Practices for Legal Hold Processes
- The Effects of Litigation Holds on the Corporate Lawyer

I frequently hear that what keeps GC's and AGC's awake at night is their legal hold preservation and collection process, or lack thereof along with the fear of sanctions for spoliation and other discovery violations.  If your organization has issues with its legal hold and other discovery processes or you'd like to know how you can improve their repeatability and defensibility while reducing cost and risk, please contact me via either the e-mail link on this blog or the e-mail address in the white paper.  I'd be happy to discuss.

According to InformationWeek, the next version of Microsoft's e-mail server, Exchange 2010, "will include integrated archiving and multi-mailbox search capabilities at no extra cost, making it easier for companies to, for example, comply with e-discovery requirements. But Microsoft will have to be careful not to alienate third-party archiving vendors such as Symantec and Quest."

"Until this version of Exchange, companies seeking to archive their e-mail centrally have had to rely on third-party software. That costly proposition has hurt adoption, and according to Osterman Research, only 28% of companies currently have central e-mail archives."

From this report, Exchange 2010 will also include the ability to view e-mail discussion threads, and a button to ignore those threads.  It will also feature speech-to-text transcription of voicemails, something that lawyers have struggled with in advising companies who wanted to implement more convenient services such as universal messaging, where voicemails get sent to your inbox.

Another interesting Exchange 2010 feature for legal departments:

"There's also new role-based administration, which means that Exchange administrators can delegate responsibility for some non-IT tasks to non-IT workers. For example, human resources managers could update employee information, the legal department could handle e-discovery and audits, and employees could create their own distribution lists." (emphasis added)

However, don't get overly excited at these new developments, at least not yet.  Microsoft has a long history of working in and dumbing down features from competitors' offerings.  The mimicked features often haven't had nearly the same range or depth as a competitor's fuller offering.  However, in some cases, companies have recognized that it was "good enough" for their immediate needs and later purchased additional capabilities from other solution providers to fill the gaps as they were identified.

A hat tip to ARMA for their post pointing this out: "Analysts note that Exchange 2010 will not provide such advanced features as content analytics and archiving of multiple content types commonly found in higher-end products geared toward e-discovery." (emphasis added)

Thus a key question will be: What will cash-strapped organizations lacking e-mail archiving systems opt for in their next round of e-mail management purchase decisions?  Some might start off with Exchange 2010 to see if it's "good enough", particularly if their eDiscovery needs are relatively light.  E-mail archiving vendors may also need to step up their game by offering enhanced value-added tools such as advance search, deeper and more robust content analytics, and handling of diverse content types, as well as making it easier to identify and export data to other downstream eDiscovery systems for processing, analysis, review, and production.

I tend to think that organizations with more diverse, complex, and/or higher volume discovery tasks will still need additional tools and services than simply Exchange 2010.  But it's good to see that Microsoft is recognizing the shifting role that e-mail is playing in organizations' compliance, discovery, and risk management programs and beginning to add more data management features.

Exchange 2010 is coming right around the corner, per InformationWeek: "The company plans to release Exchange Server 2010 in the second half of this year. The rest of Office is due in the first half of 2010, with limited test releases beginning the third quarter of this year. Outlook 2010 will come as part of the rest of the Office suite, though it's unclear when the next version of Outlook Mobile will be available."

The ABA Journal ran this article about a juror who tweeted from his cell phone both during and after his jury service in a trial where the jury awarded a $12.6M verdict.  Obviously this is cause for concern and consternation by the losing party and their attorneys, but the judge found that it didn't rise to the level of improper conduct.  The lesson learned by one of the plaintiff lawyers is that he will ask potential jurors about cell phone and Internet use.  The juror's response:  "The courts are just going to have to catch up with the technology."

Bob Ambrogi over at Legal Blog Watch posted some of the juror's more inflammatory tweets.  Definitely not so sweet.

It's all over Twitter and the web - how a Twitterer made a negative Tweet about her new job offer from Cisco.  Naturally, someone who identified himself from Cisco saw it and responded.  It's now an urban wegend (web legend), dubbed the "Cisco Fatty" incident, in reference to the "fatty paycheck" comment in her Tweet.  There are already YouTube videos parodying and discussing it.

Covered in a DailyTech article, the Twitterer identified as Connor Riley explained her situation and intent in why she turned down the job and sarcastically tweeted about it to her friends.  But she didn't protect the tweet from others seeing it.  She even authored a thoughtful blog post to explain, apologize, and add her thoughts on the subject of social media.  But really, the damage is done to her professional and personal reputation.  Not exactly how one wants to gain their 15 minutes of fame in transitioning from college into the workforce.  The Chicago Tribune also ran an article, "'Cisco Fatty' incident provides cautionary tale to those who tweet about work".

The moral of the story: Think before you tweet.

Consider this post as a public service announcement.  I've recently been shopping online for a nice big capacity external hard drive, as well as a larger capacity notebook drive.  Over the years, I've seen the major hard drive manufacturers go through major problems with quality control and drive failure issues.  So naturally I headed on over to Amazon and Newegg to check out the feedback on various drives.  It's good to know which zone they're in at the moment before buying.

Since my last 3.5" drive was a Seagate that has performed exceptionally well in one of my desktops, I checked the Seagate drives first.  However, after reading about their failure rates in both their external FreeAgent series as well as the internal drive models, I would recommend staying away from them for some time, especially in the 1 - 1.5TB range, and even their previously acclaimed Barracuda series.  I also read some negative feedback on their 500GB notebook drives - that users have experienced serious performance issues with audio or video media stuttering while trying to play back from these hard drives.

I thought I'd share my online findings as a "Buyer Beware" post, based on the following numerous sources:

Slashdot:

• "Seagate Hard Drive Fiasco Grows" (Jan 16, 2009)
• "Seagate Firmware Update Bricks 500GB Barracudas" (Jan 21, 2009)

Newegg User 1-Egg Reviews:

• Seagate FreeAgent Desk ST315005FDA2E1-RK 1.5TB 7200 RPM Silver External Hard Drive - Retail
• Seagate FreeAgent XTreme ST315005FPA2E3-RK 1.5TB 7200 RPM USB 2.0 / IEEE 1394a / eSATA Black External Hard Drive - Retail
• Seagate Barracuda 7200.11 ST31500341AS 1.5TB 7200 RPM 32MB Cache SATA 3.0Gb/s Hard Drive (bare drive) - OEM (This last one is an internal drive, so it seems to illustrate that the problems run across the Seagate 3.5" drive line)

Amazon User 1-Star Reviews:

• Seagate FreeAgent Desk 1 TB USB 2.0 Port External Hard Drive-Silver ST310005FDA2E1-RK
• Seagate FreeAgent Xtreme 1.5 TB External Hard Drive (Black)
• Seagate 1TB Barracuda 7200.11 Bulk/OEM Hard Drive ST31000340AS (this is an internal drive)

In my book, when the 1-star reviews (the worst rating) constitute the first or second highest category of customer feedback for each drive on multiple sites, this indicates a serious problem, which is backed up by the Slashdot articles and postings above.

You see, a number of the 3.5" Seagate drives were/are affected by a firmware issue that makes the drives inaccessible after a very short period of use.  While Seagate has issued firmware updates, the feedback from users on their effectiveness is not encouraging at all.  In fact, it's downright miserable out there, and I wouldn't be surprised in the least to hear of a class action in Seagate's near future.  [3.31.09 - I figured I wasn't the only one, see this law firm's site.]

Supposedly the data stored on the drive is still intact, it's just rendered inaccessible.  Gee, just what I want to experience with a brand new drive!  Others reported the dreaded "click of death" within just days or weeks of use - a sound that usually signals drive failure is imminent.  So while Seagate's firmware recommendations page states this "affects a small number" of drives, it would seem that the above Slashdot and negative user feedback pages provide more insight into the scope of the problem(s).

So until we hear of users being more successful with a firmware update, it's probably best to steer clear of those drives for a while.  Even if Seagate should release an effective firmware update, the average purchaser probably won't know which dealer stock has the fix, and which ones won't.  To have to flash a hard drive right out of the packaging is ludicrous, and who would feel safe trusting their data in this context?  Our data is worth far, far more than the drives themselves.  As I said, I've had good luck with Seagate drives previously, so it's a shame to hear all the negative feedback with their latest drives.  I sincerely hope they're able to turn things around for everyone's sake.

Seagate Not Alone:

That's not to say that Western Digital doesn't have its issues as well.  A number of their 3.5" large capacity external "My Book" drive models have received significant negative or mixed feedback online as well, which makes me question why we're seeing such poor or mixed reliability in the 1TB and 1.5TB drive range.  Technical issues?  Cost-cutting?  Quality control issues?  Bueller?  Bueller?

For a nice in-depth review of several external 1TB drives, see the following at Tom's Hardware:

"External Storage: Terabyte Drives Compared"

WD Scorpios in the Notebook Spotlight:

Moving on to notebook drives, the bright spot seems to be the Western Digital Scorpio Blue and Black 2.5" SATA drives, which have received very good feedback on the above sites.  FYI, WD's marketing folks made it very easy to understand the product line:  the Scorpio "Blue" notebook drives run at 5400 rpm, while the "Black" drives run at the faster 7200 rpm speed.

The difference is that currently, WD offers a 500GB notebook drive in the Blue series, while the faster Black series maxes out at 320GB, forcing one to choose between larger storage and faster performance.  However, looking at the in-depth performance testing over at Tom's Hardware, it appears that the 500GB Scorpio Blue drive provides a very nice balance of high capacity notebook storage, better performance than smaller capacity drives from even a year or two ago, and reasonable power consumption.  Because the Scorpio Blue 500GB drive has received overwhelmingly good feedback at several major sites (Amazon, Newegg, Tom's Hardware), this is the one I've selected for a swap for my laptop's 200GB drive.  I want a bit more room for my many projects, photos, and other media, without sacrificing battery life, and its user reviews are overwhelmingly very positive.

SimpleTech to be Acquired by Hitachi:

It was recently announced that SimpleTech (by Fabrik) is being acquired by Hitachi Global Storage Technologies.  While SimpleTech's base-level offerings have never appealed to me,  I was very much intrigued by their Pro Drive external hard drive line, particularly the 1TB and 1.5TB models with the quad interface (USB, FireWire 400, FireWire 800, and eSata).  That's when I saw the acquisition announcement.

I'm informed from both their sales and tech support departments that while their previous Pro Drive external hard drive products were multi-sourced with drives from several different drive manufacturers, their newly manufactured Pro Drives will contain Hitachi drives only.  No surprise there, given the acquisition.  So far the limited online feedback I've seen on the 1TB Hitachi drive appears to be fairly good in balance, although I've never tried a Hitachi drive yet myself.  But given the mixed feedback on both Seagate and Western Digital 3.5" external drives, it's enough to make me consider SimpleTech's Pro Drive line instead.  It's certainly more versatile in the connection department, and it received a good recommendation in the Tom's Hardware article listed above.

Another option is to roll your own external drive, by buying the drive you prefer along with an external drive enclosure.  Just make sure that the enclosure is rated for the drive.  Because of power and potential chipset limitations, though, many enclosures are not rated for these big capacity drives, which is why it's nice to buy a ready-made external drive in the first place.

[Update 3.31.09:  I should also note the external V2 ABSplus USB 2.0 & eSATA drives offered by CMS Products.  Their bundled backup software, BounceBack Ultimate, has some interesting features, including full drive restoration including partition formatting, continuous data protection, versioning, synchronization, and support for backing up open files.

It also backs up your files in their native format on the drive.  Native file format is nice for the fact that you can simply copy the backed up files from the external drive to another drive without having to first install or use the proprietary backup software on another PC.  You can also use the BounceBack software to restore them too, it's your choice.  The trade-off with native file storage is that you lose some of the space savings that comes from backing up in a compressed format, but I really like that you aren't handcuffed to the backup software to restore it.

By the way, CMS Products is based in California (est. 1983), their sales and tech support people both answered the phone quickly, and were very helpful and pleasant in answering all my questions.  It was soooo nice not having to deal with outsourced tech support, so score one for a domestic tech company with great customer service.

I'm informed that while their external 1TB V2 ABSplus drives were using drives from Western Digital and Hitachi, their 1.5TB drive was indeed the exact same model number as the Seagate Barracuda drive I listed as the third one under the Newegg heading above.  Thus I shared with them my concern over the Seagate drives at the present time.

Notably, their 1TB drive recently won the top "Best Buy" category in PC World's "Top Ten External Hard Drives" list.  Unlike most other 1TB external drives that have a plastic enclosure, this drive comes in an aluminum case - which makes it far more durable and protected, and the metal case also serves to dissipate heat.  I also like that it has a power switch on the back, something most consumer brand external drives lack these days.  So I ordered a 1TB V2 ABSplus unit, and am looking forward to putting it through its paces.]

My latest InsideCounsel article, "Think Before You In-source" is now available online.  While there has certainly been a trend to bring eDiscovery in-house, lately I've been hearing from a number of corporate legal and enterprise IT professionals regarding their frustration in this area.  I'm not alone, having heard the same from colleagues at LegalTech NY and elsewhere.

As I shared in the article,

I have recently heard from a number of companies who have been dissatisfied that what they've brought in-house from software providers hasn't lived up to the hype, delivered the best results or integrated with all the necessary data systems to address their needs. Some of those acquisitions are even being shelved or curtailed prematurely, well before realizing their return on investment.

Thus I offer seven key factors and issues to consider before deciding to bring various e-discovery services and technology in-house.  In addition, often a number of difficulties can be addressed through better process design, since technology isn't a broad spectrum panacea.  It's a tool to support and automate those processes, not the other way around, and it's important to keep things in the proper perspective:

Keep in mind, this discussion isn't advocating that various aspects of e-Discovery shouldn't be brought in-house. Obviously, many companies are doing just that with the goal to reduce costs, improve consistency and gain better control over their processes to improve compliance. Thus a better statement is that the decision on whether to bring eDiscovery tasks in-house shouldn't be made lightly or because you heard another company in your industry has done so. It needs to make sense and fit well with your particular company's abilities, goals, resources, culture, business processes, risk management, and more.

Like most things worth doing, it's important to consider a number of critical factors and issues before jumping on the bandwagon and throwing technology at the problems, some of which aren't even technological issues.  The more you have done your homework, including having a good handle on the particular issues, gaps, costs, risks, and processes needing to be addressed, the better off you'll likely be when the smoke clears.

In addition, it's important that companies don't just explore the obvious if they want to make meaningful improvements and cost reductions.  There are a number of concurrent or alternate cost-saving measures than can offer significant benefits, which should also be explored or they may be otherwise overlooked in all the hype.

In his latest LTN column, Ball in Your Court, Craig Ball debunks the long-held hard drive multi-pass erasure myth, that goes like this:

"Top notch computer forensic examiners have special tools and techniques enabling them to recover overwritten data from a wiped hard drive so long as the drive was wiped less than 3 or 7 or 35 times."  The myth also goes that someone using a magnetic force electron microscope would be able to discern the trace magnetic signal left behind on a drive that wasn't wiped enough times, and somehow piece together the underlying wiped data.  Which is a leading reason why common file and disk wiping tools have included all kinds of multi-pass wiping options, ranging from the DOD-specified wipes to the massive 35 times Gutmann wipe.

One part of the myth also says that one can recover trace magnetic data from the spaces between the tracks as the drive heads don't track exactly the same on each pass when writing data.  (Think of this as the space between the grooves on a vinyl record, for those of us who fondly remember them.)

To which Craig says, "Nonsense!" and "[i]t's all a lot of hogwash, at least with respect to any drive made this century."  He explains how the vastly increased "areal density" of modern hard drives leaves little room for wiped data to be resurrected, even if it's only wiped with a single pass.  Areal density simply refers to how closely packed together all the data bits are, which allows manufacturers to place hundreds of GB on a single hard drive platter these days.

Like him, I've heard the myth for years and questioned the ability to use a magnetic force electron microscope to resurrect wiped data.  First, it would be incredibly expensive to do (but that factor only makes it impracticable).  So it was interesting to hear the results, as Craig related from several professionals performing such an experiment, was that it was less successful than a simple coin toss.

Thus he concludes:

"You only need one complete pass to eviscerate the data (unless your work requires slavish compliance with obsolete parts of Department of Defense Directive 5220.22-M and you make two more passes for good measure).

No tool and no technique extant today can recover overwritten data on 21st century hard drives. Nada. Zip. Zilch."

While fascinating from a technical perspective, the real take-away from Craig's article is the reminder that:

"The most egregious is the assumption that formatting a hard drive is the same as wiping its contents. In fact, formatting obliterates almost none of a drive's contents. Any eBay purchaser of a formatted drive can easily restore its contents."

If only I had a Google share for every time I advised someone about this danger and resulting risk.  If you are disposing of a hard drive or giving it to someone else to use, use a proper drive wiping tool first, not a simple format command.

Another good take-away is Craig's discussion of the "G List" sectors on a hard drive, and why conventional wiping cannot touch that data.  So what are those?

In essence, modern hard drives have the ability to sense when a sector is going bad (i.e., not able to store information reliably).  When that is detected, the hard drive automatically copies the contents of the ailing sector to another unused sector on the hard drive, and remaps (points) to its new location on the drive.  This map is kept in the G List on the drive, which stands for Growth List or Growing Defect List.  This is a good thing so you don't lose data to bad spots on the hard drive.  However, when you use wiping software to wipe the drive's data, it can only wipe data in the accessible areas of the drive (which include the second copies of the bad sectors).  However, the original "bad" sectors cannot be wiped by conventional software as they are not accessible to it.

But as Craig points out, for the industrious there's a cure for that as well:

"Remarkably, nearly all hard drives manufactured after 2001 incorporate the ability to rapidly and securely self-erase everything, including the G List; but, drive and computer manufacturers are so petrified you'll mess that up, they don't offer an easy way to initiate a self-destruct sequence.

For those at ease with command line interfaces, the Secure Erase commands can be run using free tools developed for the NSA and available at http://tinyurl.com/serase. But be careful with these as there's no road back."

It's a good read for anyone curious (and paranoid) about securely deleting data.

The increase in the SEC's enforcement tone, coupled with mass layoffs, could be setting the stage for serious compliance risks at various public companies.

I just read "Companies in Dangerous Position as SEC Prepares to Flex Its Muscles", a National Law Journal interview with Michael Dockterman, a litigation partner at Chicago's Wildman, Harrold, Allen & Dixon, whose practice includes advising boards on corporate governance and compliance issues.  He spoke about why boards need to boost compliance, even amid corporate budget cutbacks.

A key take-away is that as the remaining employees are increasingly overworked as the result of mass layoffs, there are fewer people with less time to focus on compliance issues.  Meanwhile, the SEC appears to be gearing up via policy changes to boost the commission's enforcement powers.  This doesn't bode well for companies who may be spending less time on compliance in order to deal with more pressing issues.

Thus he recommends that directors should not reduce the amount of time spent on performing and evaluating risk assessments that should be at the foundation of all compliance programs.  "Companies should look at where their operations are rubbing up against legal requirements, financial or otherwise. How are we certain that the way in which we're conducting our operations is in compliance with laws, including labor laws, environmental, antitrust and securities laws -- the whole gamut?"

I'll add that in addition to the more obvious areas above, eDiscovery and litigation readiness are just as important in companies' compliance programs.  In all those areas listed above, electronically stored information (ESI) is going to be present.  The company's ability - or inability - to properly preserve, collect, review, and produce ESI could have far-ranging implications and impact.

I've heard from so many companies' attorneys that they know they have significant risks relating to eDiscovery and many feel that they've just been "lucky so far."  Typically, preservation, collection, and spoliation issues are keeping GC's and AGC's up at night.  As law department budgets are being cut by as much as 20%, their job is certainly made more difficult.

However, those with the appropriate balance of short-term and long-term vision are finding ways (and funds) to invest in the future of the company by addressing these issues before they blow up on counsel and IT.  When you consider the hard dollar costs, the blow to both the company's and legal department's reputations and position in the marketplace, and resulting fallout, one "compelling event" (as we tend to call it in the trade) can cost the company far, far more than any amount of proactive investment that could have prevented or greatly mitigated it in the first place.

Some are taking better stock of where they are, identifying their gaps, and then putting in place both procedures and technology, where justified, to address them.  For some, it's slow going, making only modest gains and inching along while hoping the recession doesn't stretch out too long, or the cuts become too deep.  And many, I suspect, are experiencing much quiet desperation hoping (and some might even say gambling) that they don't experience that "compelling event" before they are better able to address the underlying issues.

The problem is that in the current economic climate, between terminations of executives and increased SEC investigations, companies will likely experience more of these with upper management involved as both plaintiffs and defendants.  These tend to be higher dollar, higher risk, and higher visibility.

Especially with staff culling, many companies simply lack the internal expertise to have a broad enough understanding of industry best practices and the resources to define and implement them effectively - whether it's records management, information governance, or litigation readiness.  My suggestion is that it's better to spend a relatively small amount on addressing them now with outside help and making steady progress (even if it's not as fast as you'd prefer, it is still progress) and positioning it internally as a significant cost avoidance program.  It's also a metric that can be reported upward to the board as a sign of responsible management.

You might be surprised how much people are willing to listen about cost avoidance these days.  Be prepared to discuss ROI not so much in terms of estimable dollars (as we know these types of matters are very difficult to predict dollar-wise), but in terms of number of events avoided.  If you could make your money back by avoiding just a handful of these events, that's a very compelling ROI story to tell.  If pressed for dollar estimates, give ranges and tiers for enhanced credibility.

So while budgets are being cut, there is still a need for proactive risk management.  As internal resources dwindle, consider augmenting your efforts with outside expertise.  Compared to the cost of not doing it, it's actually a very responsible thing to do in the long run.

Back from a very busy week in New York.  The buzz from the show centered around several themes this year:

Naturally, discussions about the economy and the overall health of the legal market prevailed.  With the shuttering or RIF'ing of a number of law firms and service providers alike, many believe we're just seeing the first wave.  Vocal concerns over where to place ESI tells me there is a definite Flight to Quality as corporations, law firms, and independent consultants want to know the service provider will be around throughout the life of their legal matters, which typically span several years or more.  So check out your eDiscovery service providers' financial strength and definitely check out their facilities firsthand before you place your data in their hands.  You might be surprised.

Interest in the right balance of sourcing eDiscovery work to control cost was a major theme as well.  Many companies are looking into which tasks, processes, and supporting technologies they can reasonably in-source and maintain defensibility, while realizing they can't do everything at once.  Thus a preferred approach is in-sourcing what you can, but partnering with a leading services provider to fill the gaps and provide a defensible end-to-end process from the internal notification/preservation/collection all the way through review and production.  Having worked with a number of companies in this regard, the dynamics are changing.  Having an experienced and trusted partner can make a huge difference as I've seen companies try to go it alone, only to end up spending a lot more in the long run that could have been avoided.

New FRE Rule 502 - I have yet to see much, if any, impact from its enactment.  First, it's too soon for having any meaningful corpus of case decisions as guidance.  Second, I wouldn't want to be a party in the position of having to rely upon Rule 502 as my main privilege defense.  I attended a panel discussion of eDiscovery issues and trends, and heard Ron Hedges state a very similar perspective.  Thus I feel it's going to be "business as usual" with respect to privilege reviews and related tasks.  No one wants to be the test case.

Great quote from one of the panels:  "We'll never see a well-run discovery process mentioned in the case law."  All too true, as we tend to learn from the opposite in case decisions.

While eDiscovery topics dominated the show, online social networking was also big, as sessions on Web 2.0, Twitter, Facebook and more pulled in a good number of attendees and generated some high Twitter activity.  The eDiscovery Town Hall was an interesting new experiment, as video questions were gathered before the event in Web 2.0/YouTube fashion.  Some good questions were asked and it was interesting to get the panelists' perspectives on topics such as the globalization of eDiscovery.

As with last year, the Bloggers Breakfast was a nice opportunity to meet fellow bloggers and put some faces with URLs.  While I'm certainly not against capitalism by any means, I would caution several of the publicists, PR firms, and marketing agents not to swamp or overwhelm bloggers in your zest to use them in your overall marketing push (emphasis on the "push").  A brief introduction and being mindful of not monopolizing our time will go a long way.

As always, the ILTA-sponsored sessions on Tuesday were good fodder for discussion among in-house professionals and their outside providers.  As any ILTA member will say, it's ILTA's fantastic ability to bring professionals together that is the true value of being a member.

U.S. Magistrate Judge Facciola had a very thought-provoking, engaging, and I daresay, entertaining keynote.  His focus was on competence and collaboration, with the money quote: "Watching an incompetent lawyer is like watching a clumsy ballerina."  He shared his frustration and a certain amount of self-restraint from wanting to jump over the bench and do a cross-examination himself over concern that a party has adequate representation in his court.  He further shared his concern that the certifications and standards of competence for attorneys may need to be revisited.  It was therefore no surprise when he cited the Sedona Cooperation Proclamation, and said what we already knew - that judges don't particularly like to deal with discovery disputes, particularly those when one or both sides are not well-informed.

Overall, it was another good show, and a great place to network and "feel the vibes" of the market.  2009 will continue to be a year of challenge and some changes in the legal market.  I'm reminded that the Chinese word for "crisis" consists of the characters for "danger" and "opportunity", leading to the proverb:  "In crisis, there is danger - and opportunity."

It's been a busy week preparing for an even busier one next week.  I'm looking forward to seeing many friends and colleagues in the Big Apple.  Look me up if you'll be there, and you can also leave word for me at the Daticon EED booth.

With the somber economic situation, everyone is trying to cut costs while increasing efficiency.  eDiscovery process, technology, and sourcing decisions are naturally important concerns and priorities within many companies.  Enterprise platforms and service combinations are evolving and emerging to address the entire eDiscovery process, from in-house processes and solutions to those provided by leading service providers.

Please join Jeff Jacobs and me, Senior Consultants from Daticon EED, and Aaron Brown, Program Director from IBM, for a very informative and engaging discussion on:  "E-Discovery Technologies & Services in the 2009 Economic Environment:  In-sourcing, Outsourcing, and Hybrid Solutions", Monday, Feb. 2nd, at 10:30 a.m. in the Emerging Technologies session track.

See you there!

I rather enjoy reading Walt Mossberg's Personal Tech column.  Walt likes to tell things as they are, the good and the bad, without slanting it with too much tech enthusiasm or jaded pessimism.  He recently loaded the Windows 7 Beta onto two laptops and overall had some good things to share about it, including a personal video. If his experience is any indicator, performance is noticeably better than Vista, its nag prompts are better controlled, and there's some interesting tweaks to the user interface relating to the task bar for better control.

I'm also interested in the new multi-touch input feature likely heavily influenced by Apple - think iPhone and iTouch for sizing photos and videos with your two fingers.  But as it requires new hardware that supports multi-touch, I just found another compelling reason to look for a new laptop when Windows 7 is officially released.

On the downside, he notes that currently only Vista users can upgrade directly to Windows 7, not XP users.  Supposedly there will be a migration process from XP that will involve several hops aimed at preserving data, but it doesn't sound too appetizing.  This may affect some, perhaps more the consumer and small business side.  However, as most experts will tell you, a fresh install of a new OS is usually far better than an upgrade, and I'd expect many enterprise deployments to follow this curve.

Also, he confirmed what I've been hearing that Microsoft is removing some of its basic free apps (Windows Mail, Calendar, Movie Maker, Photo Gallery, etc.) from the Windows 7 installation package.  Instead, there will be Windows Live counterparts available for download, with the idea that they will be more web enabled.  I tend to use more third party apps for those tasks anyway (e.g., Outlook, Photoshop, etc.), so it's probably not as big of a deal as it may sound, and if it helps Windows 7 to be a bit leaner than Vista, that should be a very good thing.

Many of us are hoping that Windows 7 will be what Vista should have been.  Don't expect too much of a departure from Vista, though - it's been said repeatedly that Windows 7 shares much of Vista's kernel (the main operating component) - which would also explain why Walt didn't experience any compatibility issues with some leading third party apps.  If his first impression with the beta is any indication, it sounds like Microsoft has learned from some of its mistakes with Vista.  But as with any major new release, we'll definitely be hearing more as its release date nears.

It wouldn't be a new year without predictions popping up all over the blogosphere.  I've made a number myself in previous years.  This time around, I thought I'd share those that caught my attention and got stuck in my "filter" if you will.

Regardless of those that may amount to nothing more than either wishful thinking or pessimism, it's illuminating to read and keep them in mind as we move forward into the fresh year.  Without further ado:

1. Sonya Sigler (Guest blogger at Ralph Losey's e-Discovery Team blog): 2009 Predictions and Trends

GC Sonya Sigler covers such compelling issues as cooperation, controlling costs, and competence, and along the way discusses effective information management and using technology to your advantage.  Well written and worthy of inclusion on Ralph's inestimable blog.

2. Tom O'Connor (docNative Paradigm Blog): 2009 Predictions

Litigation technology veteran Tom O'Connor discussses the prospects of eDiscovery vendors and consultants in light of the economy and other factors.

3. Tom Asacker (a clear eye): Nine Predictions for 2009

Tom Asacker (author, speaker, provocateur, and marketing guru) doesn't post about legal or technology issues.  Instead, he provides a motivational kick in the seat of the pants that should jolt every business leader out of their current doldrums and into action: "The reality of the coming year is that the precipitous decline in the economy will create a collective pause; a 'space' of epic proportions for organizations and individuals. Yes, it will be unpleasant for many. But it will also be an opportunity in disguise for those willing to seize the moment."

4. Clearwell: 2009 Electronic Discovery Forecast

An EDD vendor shares its Top 10 Electronic Discovery Predictions for 2009.  Caveat:  While I enjoy reading Clearwell's e-discovery 2.0 blog, I think several of the items in this particular list are slanted toward selling their particular offerings.  So you may want to keep this in mind as you read and decide for yourself.  For example, I disagree that the newly enacted FRE Rule 502 will rise to the level of the desired panacea for automated review.  Professional care and competence (both legal and technological) will remain under the microscope.  However, I agree that being able to "show your work" is not only important, but will provide increasing advantages over time.

5. The CMS Watch Analyst Team: Technology Predictions for 2009

Predictions about the intersection of eDiscovery, compliance, and technology would be incomplete without a discussion of the content management market.  Perhaps my favorite prediction from this article:  "Taxonomies are dead. Long live metadata!"  Anyone who's ever worked with a content management system (DMS in legal circles) knows that people do not, and will never, categorize things in the same way.  So don't fight it.  Use the data's own unique characteristics to make it accessible and useful.  Also look for an interesting nugget on social computing's near-term future and splintered progress in the enterprise at prediction #9, as well as some interesting comments explaining a new emphasis on application search at #8.

And there you have it - a wide range of predictions sure to make us think about trends and priorities over this coming year.

For personal PCs, download and install this patch from Microsoft. It should also be available in your Windows Update (remember to log in as an administrator first). If you're in an enterprise environment, check with your IT department as they are very likely already painfully aware of this and are probably working on it.

I read through the Microsoft-suggested workarounds in lieu of applying the patch, and none are pretty. For instance, setting your IE's security level to "High", while effective, disables ActiveX and scripting, and would disable a number of features on legitimate sites. Plus, you'll likely get nagged to death from prompt after endless prompt while surfing.

Of course, the best suggestion is to not use IE at all, and instead use an alternate browser such as Firefox, Opera, or Chrome. However, even if you don't use IE overtly, you could still be at risk. For example, some people use a Firefox plugin or extension to have an IE tab open within Firefox -- useful when a specific site just won't work properly in Firefox. Guess what? It's as if you're using IE to visit that site, and so you're vulnerable if the new IE patch isn't installed. Also, remember that IE's core components are used in a number of non-web browsing functions, so you may be vulnerable even if you're not using IE as your default browser.

Some experts suggest that eventually hackers will find a way to use this exploit in a slightly different manner than what the MS patch was designed to fix. But for now, I'd say your best bet is to apply this IE patch, and set and use Firefox or another non-IE browser as your default browser in Windows.

First off, the biggest noticeable change for me is that the web site PDF capture and conversion module actually works, for the first time since they added the feature several versions ago. It even captures Flash animations. I often bemoaned how poorly the prior versions performed, often missing collecting and packaging most of the graphics, instead adding x'ed out boxes as placeholders. Starting with version 9, whether you want to capture and convert a single web page or an entire site (including all the active interlinking of pages) to PDF, it actually does a very good job. There's a new "Select" button added in Internet Explorer's toolbar that lets you specify a particular region if desired. Alas, there's no such conversion button for Firefox, so you need to use IE for the time being. Here's hoping Adobe adds Firefox support in upcoming versions. While I wouldn't say the PDF web copies are exact bit-for-bit matches, they are a reasonable representation in many instances. I understand from Rick Borstein at Adobe that they incorporated a completely different web capture engine, and it shows. Bravo.

For those assembling and publishing PDF binders, the newly named "Portfolio" feature is really a refinement of the binder along its evolutionary scale. You can now choose to package a Portfolio with different graphics (think firm logo) and even select an interesting document flipping interface that's very reminiscent of flipping through album cover art on a newer iPod. Also, the Bates numbering features first seen in the prior version have been offered some minor refinements, such as renaming files to the Bates number range, and you can now create a log file for the Bates operations.

Document comparison that actually works has been a welcome theme in our office tools of late. With the release of Office 2007, Microsoft finally gave us a usable document comparison tool in Word 2007 (it really couldn't have gotten any worse) -- yet I wouldn't say it has all the bells or whistles either. Likewise, Adobe has also included a completely new document comparison engine in Acrobat 9 that provides more granularity. They've been listening to both legal and business professionals alike, who need to be able to rely upon decent comparison tools. Sure, there have been other commercial software packages available for document comparison for quite some time. However, depending on what you need to accomplish in your review process, you may be happy with one or both of these built-in tools (i.e., Word and Acrobat). If you already have a full-feature third party comparison tool, great, but if not, I'd say give both of these comparison tools a try first to see if either meets your needs.

Those of us concerned with embedded metadata will be happy to hear that the metadata removal features have been enhanced as well. From Adobe: "In recent years, legal professionals have become increasingly aware of the risk of accidental disclosures of confidential information in document metadata. While PDF is relatively benign compared to Microsoft Office documents, legal professionals require the equivalent of digital bleach -- the ability to easily find and remove document metadata. The enhanced Examine Document feature in Acrobat 9 ensures that documents are clean and safe to send. Acrobat 9 can remove metadata, hidden text, bookmarks, comments, and other potentially dangerous information from documents." More specifically, the Examine Document feature has the following improvements in Acrobat 9:

1. Examine and remove hidden text, layers, and objects on a per item basis.
2. Preview any type of metadata.
3. Examine metadata from a convenient panel.
4. Examine Document is now available via Batch Processing.

There are a number of other refinements as well, including file splitting, enhanced forms and OCR, and a new online collaborative mode for dual remote viewing. There's also new document sharing at Acrobat.com, but legal professionals will need to decide for themselves whether to post sensitive documents online. Give it a try with something innocuous first, but with version 9, it's clear that Acrobat has finally embraced the Internet.

For a balanced, in-depth review, I'll point you to Brett Burney's article on Law.com. Also, Rick Borstein's Acrobat for Legal Professionals blog has a great post detailing all of these changes and more. Overall, Acrobat 9 Professional and Professional Extended seem to launch more quickly and seem more refined. Bottom line, those who are only using Acrobat 8 for the most basic use may not see much reason to upgrade to 9, but those who are responsible for creating and distributing more complex and professional-looking PDFs should definitely give it a try.

Starting with the 2007 version, Symantec recoded these products from the ground up in an effort to make them lighter on system resources. It was a partial success. While it was a good restart for the Norton line, I still saw my system take a noticeable performance hit during the Live Updates, with a lot of disk thrashing as it processed the chunkier updates. When it wasn't updating, though, it was mostly transparent. The main problem was that it always wanted to update shortly after I logged into Windows, which I found quite interruptive and annoying. I could've turned off the automatic updates, but I tend to forget to turn them back on, and my protection would become outdated.

Well, no more. The folks at Symantec have finally gotten the message, loud and clear. NIS 2009 has several new features designed to significantly lighten the load on your PC. In fact, Symantec went out their way to not only make it faster, but to show you as well (can you say, "win back customers"?). In addition to several key performance enhancements, NIS 2009 includes two CPU meters on its main screen and other visual cues and logs to show how much lighter it is on your system resources. The user interface was also streamlined to present users with cleaner status view:

Also new is "full screen detection", which temporarily disables non-essential alerts, updates, and scans while you're running a program in full screen mode, such as while watching a movie or playing a game. Rest assured, the auto-protection feature smartly provides continuous protection while in this "silent" mode. Norton Insight is a new feature which speeds system scanning by identifying files that don't have to be scanned again. It checks your program and system files against a database of trusted programs and displays a large meter showing how many it can skip next time to save you a lot of time. I'm hoping that it also tracks each file's checksum or hash as it's not uncommon for malware to replace system or program files with its own tainted versions.

For further explanation of all the new features and performance enhancements, I'll direct you to the following review and online resource guide which provide more depth:

• PC Magazine Review and Editors' Choice
• How To Master New Norton Internet Security 2009 -- Guides and Tutorials

The only downside -- and it's a big annoying one for me -- is that in NIS 2009, Symantec disabled all standard user accounts from being able to change its settings by entering the administrator password. Remember, even if it's your own personal laptop, it's more secure to run programs and access the Internet using Windows accounts without administrator privileges. So I mainly run as a standard user in Vista and only log in as the administrator when needed. However, prior versions of NIS would allow me, as a standard user, to enter the administrator password in NIS when I needed to temporarily disable the firewall or antivirus for troubleshooting, or when a blocked program needed temporary Internet access.

With NIS 2009, I either have to log off or switch users to the admin account in Windows to do this, which is time-consuming and a royal pain. When I inquired about this, Symantec's tech support responded the product team changed this behavior to make it more secure in case users discovered the admin password. Unfortunately, this is faulty logic as users could do a lot more in that situation. I logically suggested that Symantec provide a program update which retains this as the default behavior for maximum security, but which simply adds a configuration setting in which the administrator can re-enable the option to accept the admin password from standard users. In other words, give the customer the choice! Don't just take it away in the name of security.

Last but not least, since the Norton products are now subscription-based: If you have a current subscription for a previous version of NIS or NAV, you should be able to upgrade for FREE to the 2009 versions as I did, and your remaining subscription period carries over. Just remember you need to uninstall any older version first so they don't conflict. I also recommend storing your Norton product activation code in your online Norton account -- it just makes reactivation easier.

It also appears Symantec's tech support has improved over the past year or two. I used both the built-in chat feature as well as the telephone option and both went very well with only a minor wait. While no security suite is perfect (many reviewers report the spam module is still subpar), I'd say that Norton Internet Security 2009 is a welcome advance and it's good to see Symantec getting back in touch with the needs of its customer base.