I am not above inventing a headline whose connection with the subject-matter is less important than its potential for attracting readers curious to know what the article has got to do with eDiscovery. In this case, the headline is an honest, if partial, summary of what lies below: metrics are the key to eDiscovery decision-making; social media is the fastest-growing source of potentially discoverable data; Magistrate Judges turn up to share their wisdom with us; monkeys appear twice, once as part of the question “who are you talking to?” and once in an echo of a recent post of mine about cross-border discovery and blocking statutes; risk mitigation is the theme which binds them all together.
I have been at Guidance Software’s CEIC 2012, a pool of civilised learning and meeting in the cultural and topographical deserts of Nevada. There have been more than 1,500 attendees here from 43 countries, with 53 exhibitors and 118 information sessions. I have been here since Saturday; the show has now closed and I am stuck here until tomorrow, giving me the first opportunity to write anything since I arrived. The rest of the time has been filled with preparing and giving my own sessions, attending excellent presentations given by others, and with parties, dinners and useful conversations by the pool.
UK and US eDiscovery side by side
The first big exercise here was finishing off the slides for a three-hour talk which I must give in London next week. I normally reckon on one side per minute and the final result duly came in at 175 slides (that means you get five minutes off, boys and girls). The talk’s title is Electronic Disclosure: the Tools and Techniques which allows me to pick out the parts which have practical application and to pool the legal, tactical, technical and business reasons for understanding the subject.The course provider is MBL Seminars and this is the first of an intended series of such talks around the country.
I mention it here because of the cross-over between the subjects covered in that long talk and the things which are my subjects in this (not much shorter) article. That, perhaps, is unsurprising, save for the UK perception that eDiscovery is a US invention which has nothing to do with UK litigation, and the equally curious US notion that US eDiscovery is somehow “two years ahead of the UK”. Both assertions are bollocks, as we restrained Englishmen say.
This is, I think, my fourth CEIC. As the pure numbers have grown, so has the ambition of the eDiscovery tracks which sit alongside the technical and forensic sessions which are the primary purpose of the conference. Guidance Software has now trained 50,000 people in the use of its forensic, security and eDiscovery tools and associated techniques. It has also just announced the launch of EnCase App Central which will give some of those 50,000 people fresh scope for their skills and talents. This is a lively place at a lively time.
The Future of Social Media in eDiscovery
Craig Ball and I did the opening eDiscovery session together, with the title The Future of Social Media in eDiscovery. One of the things about social media is that no one is in charge, and you have no idea who is going to turn up nor what they are going to say. The same spirit infused our session. If I took charge, it was only in the sense that the pilot, the engine driver or the jockey is notionally in charge of their respective modes of transport; the motive power was given by Craig Ball, who followed my introduction with his usual masterly survey of the scene. That social media point about never knowing who will show up was reinforced when US Magistrate Judge Andrew Peck, who arrived as the session was about to begin, accepted our invitation to take a seat on the platform, whence he participated with the knowledgeable enthusiasm and light touch which is characteristic of him (see Monica Bay’s account of Judge Peck’s contribution to LegalTech West Coast for further evidence of this)
eDiscovery is a serious subject, with millions of dollars turning on often arcane and technical subjects. One can give the subject its due in a serious fashion without necessarily being over-serious in the delivery or, at least, one can leaven the heavyweight points with lighter touches. I opened by comparing social media discovery to Cleopatra’s nose, repeating the well-known idea that this apparently delightful feature led Mark Antony to leave Rome, giving rise, in turn, to the Battle of Actium, to Octavian rebranding himself as Augustus, and to the Roman Empire. The “Cleopatra’s nose” theory of history has it that mighty events can turn on trivial things, and I suggested in opening that it will not be long before a major case turns on some nearly-overlooked and apparently trivial piece of social media data.
Craig asked if I was sure that it was Cleopatra’s nose, of all her features, which so entranced Mark Antony, and we were off. The pictures included one of a urinal (“where were you?”), one showing a monkey with an iPad (“who are you talking with?”), and one of more naked people than you have ever seen gathered together in one place (“baring all in public”) although not, perhaps, at a forensic event, where ways of finding pictures of naked people tend to dominate the conversation.
The paramedic who said on Facebook ”Saved someone’s life and managed to cop a feel of some cracking jubblies. Excellent shift”, is an object lesson to us all, even if it transpired that the “cracking jubblies” belonged to the patient’s friends and not to her (before or after the life-saving?, I wondered). Serious points were delivered along the way, for the individuals whose most trivial utterances may one day end up turning a case, for their employers, and for the lawyers who may overlook entirely the potential horde of evidence lying in social media.
Party by the pool
Guidance Software always brings a certain style to its parties, and this year was no exception. The welcome party took place around the pool (or, rather, pools, something to watch out for as one wanders around in the dark clutching a plate and a glass). Performers from Cirque du Soleil wandered around, one on stilts, one walking atop a large ball, some in costumes and make-up from their show. All that, and plenty of people to talk to as well – a great party to launch the event.
Metrics, Sampling and Standards
The parties don’t detract from the hard work here. 8.00am the next morning found me in the front row of a session called Metrics, Sampling and Standards given by Tom Gelbmann, Browning Marean of DLA Piper US and Tony Lin of Smith & Nephew. Tom Gelbmann is co-founder of the EDRM and (with George Socha) the high priest of eDiscovery metrics. Browning Marean is eloquent (and amusing) on any subject at the intersection of law, technology, professional competence, common sense and clients’ objectives. Tony Lin has responsibility at a major corporation for treating eDiscovery as the recurring pain-point which it is, and for introducing and managing in-house software, systems and people to rationalise, and thereby reduce, the disruption and the expense which eDiscovery brings.
I will not attempt to boil down 90 minutes of their collective wisdom, beyond passing on the apparently simple suggestion that companies should start collecting basic metrics – files per custodian, processing time, hosting costs and the like – to help understand where the money is going. That is a prerequisite for the search for alternative approaches and for making a case to the legal department and to budget-holders for internal investment. It seems obvious to say that the one is the prerequisite for the other, but if it was that obvious then we would not see the startling statistics which emerged last year from studies in both the US and the UK to the effect that many companies do not actually know what they are spending on eDiscovery.
There is more to this than metrics, of course, and Tony Lin emphasised that some judgements had to be made without attempting to assess the cost or value of every input – how do you measure internal time spent on Discovery which might otherwise be spent on a more constructive things, for example?
As an aside, but a relevant one, I point you to an article called Lies, Damn Lies and Metrics published recently by Tom Kilroy, acting CEO of Misys, on the importance of metrics to company decision-makers. I like particularly his analysis of the difference between lawyers and accountants when dealing with words and figures. There are not many CEOs willing to share their insights like this.
The Judicial Panel
Ken Withers of the Sedona Conference was the able moderator of the judicial session at which US Magistrate Judge John Facciola, US Magistrate Judge Andrew Peck and Judge Herbert Dixon of the Superior Court of D.C. brought both gravitas and humour to a range of subjects including social media, predictive coding, the cloud, proportionality, forensic collections and spoliation amongst other topics. Again, how can one do justice to a panel like this in a short note?
As to social media, Judge Facciola said that the demands for Facebook information are now routine, raising (in addition to many other factors) issues derived from the mixed work and social use of company phones. We were told of a case where court staff spent weeks going through a Facebook account before determining that there was nothing relevant in it, something which is clearly impracticable as a general proposition. Judge Peck said that a party seeking discovery of information that lay behind the privacy settings would have to show the strong probability that relevant information would be found there; even then, a request must be limited to information which went directly to the issues.
Forensic collection of social media information remained difficult, and parties must sometimes rely, perforce, on a circumstantial assembly of information from multiple sources. There is no privacy in what you choose to make public.
Two messages came out clearly about the cloud. Judge Peck told of a GC who had been told of the savings which would result from a move to the cloud; he required a renegotiation to take account of the company’s obligations to give discovery of the cloud data, and the additional costs which resulted wiped out out the alleged savings. The message, Judge Peck said, was to involve the legal department at the beginning of a proposed move to the cloud.
The second cloud point concerned the control of data. You can be required to give discovery only of data which you control. Do you still control the data if it is on a foreign server? A dispute between eBay Canada and the tax authorities had shown that the answer was largely one of fact – if you have the right and ability to access and use the data then, wherever it is located, you may well have “control” for eDiscovery purposes.
The most interesting part of the discussion on predictive coding arose, almost inevitably, from having on the same panel Judge Facciola, the author of US v O’Keefe with its “where angels fear to tread” message about expertise, and Judge Peck who took a different line in Da Silva Moore. Judge Peck said unequivocally that “Rule 702 and Daubert simply are not applicable to how documents are searched for and found in discovery”. Do I have to take sides here, in a jurisdiction which is not my own, and between these two likeable giants of US eDiscovery jurisprudence?
Putting one’s head above the parapet invites the risk of a sniper shot, as I discovered when the panel discussion turned to Pippins. In that case KPMG were required to keep a a large collection of hard drives, largely as a result of their own failure to reach agreement about sampling. I was critical of the decision on broad principles of proportionality, seeing some merit in what the English would call the “floodgates” argument advanced by the defendants. The sniper’s bullet came from Judge Dixon: there was, he said, “a blogosphere attack on the judge” in Pippins over proportionality, involving amongst others a “prominent blogger who is in this room”. I decided not to rise to the bait, partly because (as I acknowledged in a subsequent article) I appeared to be in the minority in my view of Pippins, partly because of things I did not know at the time (such as the fact that the defendants had other reasons for keeping the drives), but mainly because the precious minutes of a high-powered judicial panel like this are not to be wasted on my defence of an old article.
Judge Peck gave a shout-out for the Sedona Conference proportionality paper. Ken Withers told the story of a company whose extreme preservation measures to avoid spoliation risks would probably bankrupt the company in the (apparently unlikely) event of litigation, when all this stuff so carefully preserved at such vast expense would be potentially discoverable. We were reminded of Rule 37(e) which protects parties from sanctions in relation to deletion in the normal course of business. I have made the same point in a couple of recent speeches, expressing bewilderment that so few companies seem to take advantage of the protection explicitly given by the rule.
The session ended with a story from Judge Dixon about an employee who, in wrongful termination proceedings, kept producing e-mails which had not in fact been been sent to her. Her partner, it transpired, was in a position to create such e-mails, as appeared from an image of their computer. The need for forensic examination turns up all over the place.
There was much more. Let me say again, as I did a recent article, that we owe an enormous debt to these senior judicial figures who are willing to give their time, not merely to sharing their wisdom and expertise with us, but to mingling with the crowds, as it were, and finding out what problems are faced by litigants and their lawyers, and what solutions exist which may reduce those problems.
International eDiscovery: Data Protection, Privacy and Cross-Border Issues
Patrick Burke of Guidance Software moderates this panel every year at CEIC. When I first took part, four years ago, almost nobody in the room had had experience of cross-border data collection. A show of hands this time revealed that almost everyone had been involved in collecting information from abroad for US proceedings. We still got a sharp intake of breath, however, by saying that the application of a legal hold constituted “processing” in EU terms. Mention of the EU proposals to levy fines of up to 2% of turnover for breach of data protection laws brought a similar reaction.
We had a lot of material between us, and the subject provoked many questions, so our allotted 90 minutes whizzed by. We began by covering the differing notions of discovery, both as between common law jurisdictions where discovery is the norm and civil jurisdictions where it is not, and as between the US and everyone else. The collision is fundamental, resting on the contrast between the almost unqualified US demand for “mutual knowledge of all the relevant facts gathered by both parties” and the notion held in the EU and elsewhere that privacy is a fundamental human right.
The proposed new EU Data Protection Regulation implies a hardening of EU attitudes. Recommendations made this year by the ABA and the Sedona Conference suggest a greater respect for foreign sovereign powers than has been shown hitherto by US courts, authorities and lawyers. The rest of the world disapproves of the breadth of US discovery even before principles of data protection and privacy are taken into account.
In most cases, compromise ought to be possible by (as the Sedona Conference recommends) narrowing the scope of discovery to those things which really matter (“There’s an idea”, I said), and by sharing the problems up front with opponents and the court, perhaps with a protective order defining both the scope of the discovery and the future care of the data.
Technology offers ways to refine the data, and proper information governance would minimise the problem, not least by the segregation of personal data and by observing the EU requirement to keep data only for as long as its original purpose requires.
I showed, as I have done before, photographs of D-Day, first from the viewpoint of the GIs storming ashore from a landing craft and then from that of a defender on the cliffs above Omaha Beach. That, I said, this is what many US discovery demands look like from the other side. Dominic Jaar wondered how the US would feel if, say, China had the same attitude to US data as the US claims in relation to the rest of the world.
The point is not simply to paint the US has the villain of cross-border discovery – those who trade with the US and seek the protection of its courts cannot simply play by their own rules. Those rules exist, however, and must be factored into commercial decision-making, both through information governance and (perhaps) through squaring up to the acceptance of an adverse inference as part of the cost of doing business. This is better done as a matter of policy, knowing of the rules, rather than in surprised reaction to something which no one in the company had thought about.
I ended with a summary of my article about the Trueposition case called Cross-Border Discovery: Federal Judge makes a Monkey of the Cheese-Eaters which gives you some idea of the implications which can arise.
It is perhaps appropriate that this event took place in an hotel built on top of a casino. Casinos imply risk, and risk is the common theme of much of what appears above. I spoke whilst here to someone who is a regular at the tables of Las Vegas. The word “gambling” does not do justice to the cold, hard, calculation which he makes at every stage during an evening’s play. Risk management arises repeatedly in facing discovery, whether in devising social media policies, in weighing the costs of repeated eDiscovery exercises against the investment which will minimise their impact, in walking the line between a proportionate response to one’s obligations and risking sanctions, and in balancing US discovery demands against the data protection restrictions of other countries. Weighing risk against the cost of mitigating that risk cannot begin without knowing what the risks are, what costs you are incurring anyway, and what the costs and functions are of the tools, techniques and processes required to face the risks.
While we were engaged in sessions about these wide-ranging eDiscovery subjects, hundreds of forensic and security experts were learning their trade in packed rooms around us. They are the front-line troops whose services will be needed by the companies and their lawyers in the security and eDiscovery battles ahead.
To bring both sides together under one rather large roof, as Guidance Software does each year at CEIC, is a significant ambition, comfortably met by the agenda here and by the surrounding opportunities to meet with and talk to the other players. Hard work, but enjoyable with it.