Category Archives: Uncategorized

Under our ongoing effort to monitor legal developments concerning social media evidence, we again searched online legal databases of state and federal court decisions across the United States — this time to identify the number of cases in January 2017 where evidence from social networking sites played a meaningful role in the litigation. The initial search returned over 2,000 results. That is far too many to review manually, but through random sampling to eliminate duplicates and de minimis entries — defined as cases with merely cursory or passing mentions of social media sites — we counted over 1,200 cases accessible through Westlaw and/or Google Scholar for January 2017.

And as only a very small number of cases — approximately one percent of all filed cases — involve a published decision or brief that we can access online, it is safe to assume that tens of thousands more cases involved social media evidence during this time period. Additionally, these cases do not reflect the presumably many hundreds of thousands of more instances where social media evidence was relevant to a corporate or law enforcement investigation yet did not evolve into actual litigation. Even so, this limited survey is an important metric establishing the ubiquitous nature of social media evidence, its unequivocal and compelling importance, and the necessity of best practices technology to search and collect this data for litigation and compliance requirements. There is no question that nearly every criminal investigation and civil litigation matter involves at least some social media and internet-based evidence.

The following are a brief synopsis of five notable cases from the survey:

Brown v. State, (Ga: Supreme Court, January 23, 2017). In this case, the prosecution presented key evidence from a variety of social media sources, including a “cropped screenshot” from a YouTube video, several incriminating Facebook postings and a copy of a photograph downloaded from a Twitter account. The items were admitted into evidence and the defendant was convicted on all counts. However, a motion for new trial was brought on the basis of challenging the authenticity of the social media evidence introduced as screen shots. The court overturned the conviction on one of the counts (count of criminal gang activity). The Georgia Supreme Court upheld that ruling but determined that improper authentication was a harmless error as to the remaining counts that Defendant was also convicted on.

State v. Kolanowski, (Wash: Court of Appeals, January 30, 2017).  In another case involving the failure to authenticate social media evidence, a criminal defendant unsuccessfully sought to admit a screenshot of Facebook evidence that he maintained would have served as critical impeachment against the prosecutions’ main witness.  During pretrial motions, the State sought to exclude Facebook records that lacked foundation, and the defendant sought to admit a March 2015 screenshot of what purported to be a 2:49 a.m., February 8, 2014 Facebook post. The authenticity of that screenshot was successfully contested. It is apparent from the record that various metadata and other circumstantial evidence was not available (which could have been collected using best practices technology) that very well may have served to establish a proper evidentiary foundation.

ZAMUDIO-SOTO v. BAYER HealthCARE PHARMACEUTICALS INC. (US Dist. Ct, ND California, January 27, 2017). In this matter, a major product liability claim was barred on statute of limitation grounds based exclusively on the Plaintiff’s comments on her Facebook post.  Plaintiff’s Facebook comments drew a connection to her injury and the alleged defective product in question, and was posted on May 26, 2011, more than two years prior to her filing suit against Bayer. The court determined that Plaintiff’s Facebook post started the clock for her to bring her claim within the two year statute of limitations period. However, as she did not file her suit until January 2015, the court ultimately barred her action.

Jacobus v. Trump, (NY Supreme Court, January 9, 2017) This high-profile libel case is notable in that the claim against then-candidate Donald Trump was exclusively based upon social media evidence in the form of two separate tweets. Plaintiff Jacobus is a Republican political consultant and frequent commentator on television news channels and other media outlets, who was contacted by the Donald Trump campaign to potentially serve as a key staff member. After several meetings, Plaintiff ultimately did not join the campaign, based upon what she asserts was a mutual decision.  A few months later, Jocobus appeared on CNN where she made some comments that were critical of Trump. In response, Trump tweeted:  “@cherijacobus begged us for a job. We said no and she went hostile. A real dummy!”  A day later, on February 3, 2016, Plaintiff’s then lawyer sent Trump a cease and desist letter. Two days after that, Trump posted the following tweet about Plaintiff: “Really dumb @CheriJacobus. Begged my people for a job. Turned her down twice and she went hostile. Major loser, zero credibility!” Ultimately the court construed Trump’s comments to be “hyperbolic” opinion, based upon subjective perception of events, and thus did not constitute defamation under the law, and thereby dismissed Jacobus’s claim.

Johnson v. ABF Freight System, Inc. US Dist. Court, MD Florida, January 27, 2017. This opinion is based upon a motion to compel discovery of the Plaintiff’s Facebook account. The Defendant asserted that Plaintiff’s Facebook account would be relevant to his damages claims arising out of a serious personal injury claim. The Court granted the motion to compel, but limited the production of the Facebook account to a certain date range and also only information that related to his employment and business activities and efforts to gain employment.

There is no question that the volume of cases involving social media evidence is increasing on a monthly basis. In addition to case law, another metric reflecting the industry’s standardization of social media evidence collection is the sheer volume of sophisticated customers that have now adopted X1 Social Discovery. Nearly 500 eDiscovery and computer forensics services firms have at least one paid copy of X1 Social Discovery. I cannot think of a single service provider in the eDiscovery space that performs at least some ESI collection services that does not have at least one paid X1 Social license. Social media evidence collection is now a standard practice in many law enforcement matters as well. So, if you are one of the minority of digital investigative or eDiscovery professionals who have not adopted X1 Social Discovery, please contact us for a demo today.

X1 and Reed Smith recently hosted a timely webinar on new Federal Rule of Evidence 902(14) and its expected impact on eDiscovery and computer forensics collection practices. Reed Smith senior partner and eDiscovery practice chair David Cohen led the discussion, providing a substantive and detailed discussion on the new rule, including its nuances and expected practice impact. FRE 902(14) provides that electronic data recovered “by a process of digital identification” is to be self-authenticating, thereby not routinely necessitating the trial testimony of a forensic or technical expert where best practices are employed, as certified through a written affidavit by a “qualified person.” A detailed discussion of Rule 902(14) can be found here.

The webinar, which also provides a detailed overview of the rule, features excellent analysis and insight from David Cohen on how he anticipates the new rule will be applied. In fact, the key takeaway from the webinar is that while FRE 902(14) technically goes into effect on December 1, 2017, Cohen correctly noted that ESI collected in a Rule 902(14) compliant manner any time prior to the rule’s effective date can be subject to the new rule’s provisions once the rule goes into effect. This is important, because digital evidence is routinely collected well in advance of trial. Electronic evidence that an examiner collects today may not be actually introduced at trial until one year or more from now, so practitioners need to understand and account for Rule 902(14) immediately.

Cohen believes that FRE 902(14) will be widely applied and will overall increase the utilization of eDiscovery and computer forensics practitioners. This is because the rule provides a streamlined and very efficient process to establish a foundation for ESI collected in a Rule 902(14) manner. This will increase predictability by eliminating surprise challenges, and will encourage, instead of discourage, the use of forensics and eDiscovery practitioners by allowing written certifications in the place of expensive and burdensome in-person trial testimony. Cohen also noted that while most cases do not proceed to trial, a much higher percentage involve dispositive court motions (such as a motion for summary judgment in civil actions) and he expects FRE 902(14) to be widely used in support of such motions.

I have covered eDiscovery and computer forensics law for over 15 years, and in my opinion, FRE 902(14) is the single most important legal development directly impacting ESI collection practices to date. All eDiscovery and computer forensics professionals have a professional responsibility to keep current with key legal and technological developments in the field. There is no question FRE 902(14) is such a development, and all those involved in ESI preservation and collection from both a technical, legal and managerial perspective need to be fully briefed on the law.

Viewing the video recording of the webinar is a good start, and it can be accessed here.

The Sedona Working Group on Electronic Document Retention & Production (WG1), recently published for public comment a Commentary on Defense of Process: Principles and Guidelines for Developing and Implementing a Sound E-Discovery Process (“The Commentary”). According to the authors, “the Commentary seeks to address what should be done to prepare for—or better yet, avoid—challenges to process, and how courts should address those disputes that arise.” Public comments are invited through November 15, 2016.

The Commentary provides excellent insight and guidance on many aspects of eDiscovery, with an extensive discussion on defensible ESI collection and culling that is particularly instructive for larger enterprises. This is important, as ESI is growing exponentially and even with the advent of predictive coding, the costs associated with ESI over-collection are often astronomical. The only way to reduce that pain to its minimum is to employ a smart but defensible process to control the volumes of data that enter the discovery pipeline. So the holy grail for large enterprises is a truly scalable capability that targets only potentially relevant ESI for collection. The Commentary provides general guidance on the reasonableness and defensibility of such a capability.

For instance, Principal 7 of the Commentary provides that “A reasonable e-discovery process may use search terms and other culling methods to remove ESI that is duplicative, cumulative, or not reasonably likely to contain information within the scope of discovery.” Comment 7.c notes in part that “search terms are a defensible technique for limiting the number of documents for review and production, provided that care is taken in their development and use.” Additionally, an iterative search process is recommended: “In an iterative process, information in documents returned by the first list of search terms can help attorneys to further refine existing terms or to identify new terms that should be added in subsequent rounds. This process can continue until a reasonable result is achieved.” It is also recommended that the search process be subject to validation and be properly documented.

Also instructive in The Commentary is a hypothetical “illustration” that reflects a smart and effective approach to an enterprise level ESI collection and preservation process:

“Illustration: The responding party has determined that the most efficient way of preserving discoverable emails is to collect the emails that “hit” on a broad set of search terms, rather than to modify the company’s default 30-day retention policy or rely on individual custodians to manually preserve potentially discoverable documents. Since a later determination that the responding party’s search terms were too narrow could come too late to prevent the loss of discoverable information, or cause a significant delay or expense from efforts to restore lost emails from back-up media, it may be prudent for the responding party to notify or seek agreement from the requesting party about the planned preservation approach and the specific search criteria to be applied.”

While the above-cited guidelines are very instructive for a well-designed, cost-effective and defensible process, such a goal is only attainable with the right enterprise technology. With X1 Distributed Discovery (X1DD), parties can perform targeted search and collection of the ESI of hundreds of endpoints over the internal network without disrupting operations. The search results are returned in minutes, not weeks, and thus can be highly granular and iterative, based upon multiple keywords, date ranges, file types, or other parameters. This approach typically reduces the eDiscovery collection and processing costs by at least one order of magnitude (90%), thereby bringing much needed feasibility to enterprise-wide eDiscovery collection that can save organizations millions while improving compliance.

And in line with concepts outlined in The Commentary, X1DD provides a repeatable, verifiable and documented process for the requisite defensibility. For a demonstration or briefing on X1 Distributed Discovery, please contact us.

eDiscovery collection and preservation efforts are often costly, time consuming and burdensome. Even worse, courts continue to routinely dish out punitive sanctions for ESI preservation failures. The volume of Electronically Stored Information is growing exponentially and will only continue to do so. Even with the advent of predictive coding, the costs associated with collecting, processing, reviewing, and producing documents in litigation are the source of considerable pain for litigants. The only way to reduce that pain to its minimum is to use all tools available in all appropriate circumstances within the bounds of reasonableness and proportionality to control the volumes of data that enter the discovery pipeline.

Counsel for large enterprises embroiled in litigation often gravitate to custodian self-collection, as it is a method to limit ESI preservation to only a limited set of documents and email deemed responsive by the individual custodians to the parameters of the litigation hold. However, traditional custodian self-collection is fraught with risk as it is usually not performed in a systemized or defensible manner.  Various custodians are not employing uniform search criteria and methodology across the same case.  Corporate counsel who rely on self-collection lack confidence in the accuracy and thoroughness of the process. Further, an average employee has neither the legal nor the technical expertise needed to identify and/or acquire potentially relevant ESI for purposes of litigation.

In a recent case that dramatically illustrates the perils of custodian self-collection, a company found themselves on the wrong end of a $3 million sanctions penalty for spoliation of evidence. The case illustrates that establishing a litigation hold and notifying the custodians is just the first step. Effective monitoring and compliance with the litigation hold is essential to avoid punitive sanctions. GN Netcom, Inc. v. Plantronics, Inc., No. 12-1318-LPS, 2016 U.S. Dist. LEXIS 93299 (D. Del. July 12, 2016).

In GN Netcom, Plantronics promptly issued a litigation hold, conducted training sessions, and sent quarterly reminders to custodians requiring affirmative acknowledgment of compliance with the hold. Despite these efforts, a senior Plantronics executive deleted relevant emails and asked his subordinates to follow suit. The court ultimately found that Plantronics acted in bad faith, “intend[ing] to impair the ability of the other side to effectively litigate its case.” In addition to the $3 million monetary penalty, Plantronics also faces severe evidentiary sanctions at trial.

At the other end of the spectrum, full disk image collection is another preservation option that, while being defensible, is very costly, burdensome and disruptive to operations. Recently in this blog, I discussed at length the numerous challenges associated with full disk imaging.

Litigators and commentators often pine for the advent of a systemized, uniform and defensible process for custodian self-collection. Conceptually, such an ideal process would be where custodians are automatically presented with a set of their documents and emails that are identified as potentially relevant to a given matter though a set of keywords and other search parameters that are uniformly applied across all custodians. This set of ESI would be presented to the custodian in a controlled interface with no ability to delete documents or emails, and only the ability to review and apply tags. The custodian would have to comply with the order and all documents responsive to the initial unified search would be collected as a default control mechanism.

With X1 Distributed Discovery (X1DD), the option for a defensible custodian assisted review is now a reality. At a high level, with X1DD, organizations can perform targeted search and collection of the ESI of thousands of endpoints over the internal network without disrupting operations. The search results are returned in minutes, not weeks, and thus can be highly granular and iterative, based upon multiple keywords, date ranges, file types, or other parameters. This approach typically reduces the eDiscovery collection and processing costs by at least one order of magnitude (90%), thereby bringing much needed feasibility to enterprise-wide eDiscovery collection that can save organizations millions while improving compliance.

As a key optional feature, X1DD provides custodian assisted review, where custodians are presented with a listing of their potentially relevant ESI though a controlled, systemized and uniform identification process for their review and tagging. Instead of essentially asking the custodians to “please rummage through your entire email account and all your documents to look for what you might think is relevant to this matter,” the custodians are presented with a narrow and organized subset of potentially relevant ESI for their review. While the custodians are able to assist with the review, they cannot impact or control what ESI is identified and preserved; this is controlled and managed centrally by the eDiscovery practitioner. This way, custodians can apply their own insight to the information, flag personal private data, all while effectuating very cost-effective and systematic ESI collection.

The process is very defensible as the exercise is logged and documented, with all metadata kept intact and a concise chain of custody established. I could describe this very important feature a lot further, but candidly the best way to get a full picture is to see it for yourself. I recommend that you view this recorded 9 minute demonstration of X1 Distributed Discovery’s custodian self-review feature here.

We believe X1DD’s functionality provides the optimal means for enterprise eDiscovery preservation, collection and early data assessment, especially with the key additional (and optional) feature of custodian assisted review. But please see for yourself and let us know what you think!