November 2, 2016 · 9:07 AM

Federal Rules Advisory Committee Provides Key Guidance on Authenticating Social Media Evidence

Recently, the Advisory Committee on the Federal Rules of Evidence published an important treatise, “Best Practices for Authenticating Digital Evidence.” The Advisory Committee is an arm of the Judicial Conference of the United States, which drafts all proposed Federal Rules of Civil Procedure and Evidence, which the US Supreme Court and Congress ultimately ratify. Their advisory committee publications are given great weight by the courts in applying the Federal Rules of Evidence.  In fact, in the official minutes from its April 29, 2016 meeting, the Committee noted it considered whether to draft new specific Federal Rules of Evidence to govern authentication of electronic evidence, opting instead to draft the official best practices guide to serve as an accompaniment to the Federal Rules:

“The Committee concluded that amendments regulating authenticity of electronic evidence would end up being too detailed for the text of a rule; they could not account for how a court can and should balance all the factors relevant to authenticating electronic evidence in every case; and there was a risk that any factors listed would become outmoded by technological advances.

The Committee unanimously concluded, however, that publication of a best practices manual on authenticating electronic evidence would be of great use to the bench and bar. A best practices manual can be amended as necessary, avoiding the problem of having to amend rules to keep up with technological changes. It can include copious citations, which a rule or Committee Note could not.”

Federal District Court Judge Paul Grimm is the lead author on the best practices guide. Judge Grimm is widely seen as the one of the most influential judges concerning electronic discovery issues. He is known for several ground breaking decisions in the field including Lorraine v. Markel (2007), and Victor Stanley, Inc. v. Creative Pipe Inc. (2008), and The American Lawyer profiled him as one of the top 5 judges at the forefront of eDiscovery.

The best practices guide includes a very notable section dedicated to Internet website and social media evidentiary authentication, noting that “Parties have increasingly sought to use social media evidence to their advantage at trial.  A common example would be a picture or entry posted on a person’s Facebook page, that could be relevant to contradict that person’s testimony at trial.” However, “authenticity standards are not automatically satisfied by the fact that the post or the page is in that person’s name, or that the person is pictured on the post.” The guide notes that where affirmative direct testimony of the actual author is not available (which is often in the case of “smoking gun” type evidence), then circumstantial evidence is required for authentication.

As noted in the guide, absent uncontroverted and cooperative witness testimony, lawyers must turn to circumstantial evidence to help establish an evidentiary foundation for social media evidence. The guide provides many examples of circumstantial evidence that can be used to authenticate social media evidence. For instance metadata is particularly important as a “distinctive characteristic” under Rule 901(b)(4), as social media items contain a wealth of key metadata that represent or can establish “internal patterns or other distinctive characteristics” of the social media items in question.

In such situations, the testimony of the examiner who preserved the social media or other Internet evidence “in combination with circumstantial indicia of authenticity (such as the dates and web addresses), would support a finding” that the evidence presented is what the proponent asserts. See, Perfect 10, Inc. v. Cybernet Ventures, Inc. (C.D.Cal.2002) 213 F.Supp.2d 1146, 1154. (See also, Lorraine v. Markel American Insurance Company, 241 F.R.D. 534, 546 (D.Md. May 4, 2007) (citing Perfect 10, and also referencing MD5 hash values as an additional element of potential “circumstantial indicia” for authentication of electronic evidence).

One of the many benefits of X1 Social Discovery is its ability to preserve and display all the available “circumstantial indicia” or “additional confirming circumstances,” in order to present the best case possible for authenticating social media evidence collected with the software. This includes collecting all available metadata and generating a MD5 checksum or “hash value” of the preserved data for verification of the integrity of the evidence. It is important to collect and preserve social media posts and general web pages in a thorough manner with best-practices technology specifically designed for litigation purposes.  There are over twenty unique metadata fields associated with individual Facebook posts and messages. Any one of those entries, or any combination of them could provide unique circumstantial evidence that would establish foundational proof of authorship.

The bottom line is that, as reinforced by the Federal Rules Advisory Committee, collection and preservation of all the metadata and other critically important circumstantial evidence, which can be effectively obtained with tools like X1 Social Discovery, is absolutely essential to an effective social media discovery practice.

 

 

1 Comment

Filed under Case Law, Uncategorized

October 13, 2016 · 8:33 AM

New Sedona Commentary Provides Guidelines for Defensible eDiscovery Collection and Early Data Assessment

The Sedona Working Group on Electronic Document Retention & Production (WG1), recently published for public comment a Commentary on Defense of Process: Principles and Guidelines for Developing and Implementing a Sound E-Discovery Process (“The Commentary”). According to the authors, “the Commentary seeks to address what should be done to prepare for—or better yet, avoid—challenges to process, and how courts should address those disputes that arise.” Public comments are invited through November 15, 2016.

The Commentary provides excellent insight and guidance on many aspects of eDiscovery, with an extensive discussion on defensible ESI collection and culling that is particularly instructive for larger enterprises. This is important, as ESI is growing exponentially and even with the advent of predictive coding, the costs associated with ESI over-collection are often astronomical. The only way to reduce that pain to its minimum is to employ a smart but defensible process to control the volumes of data that enter the discovery pipeline. So the holy grail for large enterprises is a truly scalable capability that targets only potentially relevant ESI for collection. The Commentary provides general guidance on the reasonableness and defensibility of such a capability.

For instance, Principal 7 of the Commentary provides that “A reasonable e-discovery process may use search terms and other culling methods to remove ESI that is duplicative, cumulative, or not reasonably likely to contain information within the scope of discovery.” Comment 7.c notes in part that “search terms are a defensible technique for limiting the number of documents for review and production, provided that care is taken in their development and use.” Additionally, an iterative search process is recommended: “In an iterative process, information in documents returned by the first list of search terms can help attorneys to further refine existing terms or to identify new terms that should be added in subsequent rounds. This process can continue until a reasonable result is achieved.” It is also recommended that the search process be subject to validation and be properly documented.

Also instructive in The Commentary is a hypothetical “illustration” that reflects a smart and effective approach to an enterprise level ESI collection and preservation process:

“Illustration: The responding party has determined that the most efficient way of preserving discoverable emails is to collect the emails that “hit” on a broad set of search terms, rather than to modify the company’s default 30-day retention policy or rely on individual custodians to manually preserve potentially discoverable documents. Since a later determination that the responding party’s search terms were too narrow could come too late to prevent the loss of discoverable information, or cause a significant delay or expense from efforts to restore lost emails from back-up media, it may be prudent for the responding party to notify or seek agreement from the requesting party about the planned preservation approach and the specific search criteria to be applied.”

While the above-cited guidelines are very instructive for a well-designed, cost-effective and defensible process, such a goal is only attainable with the right enterprise technology. With X1 Distributed Discovery (X1DD), parties can perform targeted search and collection of the ESI of hundreds of endpoints over the internal network without disrupting operations. The search results are returned in minutes, not weeks, and thus can be highly granular and iterative, based upon multiple keywords, date ranges, file types, or other parameters. This approach typically reduces the eDiscovery collection and processing costs by at least one order of magnitude (90%), thereby bringing much needed feasibility to enterprise-wide eDiscovery collection that can save organizations millions while improving compliance.

And in line with concepts outlined in The Commentary, X1DD provides a repeatable, verifiable and documented process for the requisite defensibility. For a demonstration or briefing on X1 Distributed Discovery, please contact us.

Leave a comment

Filed under Uncategorized

September 27, 2016 · 10:02 AM

LTN: Social Media Evidence Even More Important than email and “Every Litigator” Needs to Address It

legaltech-news-thumbBrent Burney, a top eDiscovery tech writer of Legaltech News, recently penned a detailed product review of X1 Social Discovery after his extensive testing of the software. (Social Media: A Different Type of E-Discovery Collection, Legaltech News, September 2016). The verdict on X1 Social Discovery is glowing, but more on that in bit. Burney also provides very remarkable general commentary on how social media and other web-based evidence is essential for every litigation matter, noting that “email does not hold a flicker of a candle to what people post, state, admit and display in social media.” In emphasizing the critical importance of social media and other web-based evidence, Burney notes that addressing this evidentiary treasure trove is essential for all types and sizes of litigation matters.

Consistent to that point, there is a clear dramatic increase in legal and compliance cases involving social media evidence. Top global law firm Gibson Dunn recently reported that “the use of social media continues to proliferate in business and social contexts, and that its importance is increasing in litigation, the number of cases focusing on the discovery of social media continued to skyrocket.” Undoubtedly, this is  why Burney declares that “every litigator should include (X1 Social Discovery) in their technical tool belt,” and that X1 Social Discovery is “necessary for the smallest domestic issue all the way up to the largest civil litigation matter.” Burney bases his opinion on both the critical importance of social media evidence, and his verdict on the effectiveness of X1 Social Discovery, which he lauds as featuring an interface that “is impressive and logical” and providing “the ideal method” to address social media evidence for court purposes.

From a legal commentary standpoint, two relevant implications of the LTN article stand out. First, the article represents important peer review, publication and validation of X1 Social Discovery under the Daubert Standard, which includes those factors, among others, as a framework for judges to determine whether scientific or other technical evidence is admissible in federal court.

Secondly, this article reinforces the view of numerous legal experts and key Bar Association ethics opinions, asserting that a lawyer’s duty of competence requires addressing social media evidence. New Hampshire Bar Association’s oft cited ethics opinion states that lawyers “have a general duty to be aware of social media as a source of potentially useful information in litigation, to be competent to obtain that information directly or through an agent, and to know how to make effective use of that information in litigation.” The New York State Bar similarly weighed in noting that “A lawyer has a duty to understand the benefits and risks and ethical implications associated with social media, including its use as a … means to research and investigate matters.” And the America Bar Association recently published Comment [8] to Model Rule 1.1, which provides that a lawyer “should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology.”

The broader point in Burney’s article is that X1 Social Discovery is enabling technology that provides the requisite feasibility for law firms, consultants, and other practitioners to transition from just talking about social media discovery to establishing it as a standard practice.  With the right software, social media collections for eDiscovery matters and law enforcement investigations can be performed in a very scalable, efficient and highly accurate process. Instead of requiring hours to manually review and collect a public Facebook account, X1 Social Discovery can collect all the data in minutes into an instantly searchable and reviewable format.

So as with any form of digital investigation, feasibility (as well as professional competence) often depends on utilizing the right technology for the job.  As law firms, law enforcement, eDiscovery service providers and private investigators all work social discovery investigations into standard operating procedures, it is critical that best practices technology is incorporated to get the job done. This important LTN review is an emphatic punctuation of this necessity.

 

Leave a comment

Filed under Social Media Investigations

Tagged as , , , , , , , , , , , , , , , ,

September 13, 2016 · 10:20 AM

Defensible Custodian Self-Collection Now a Reality

eDiscovery collection and preservation efforts are often costly, time consuming and burdensome. Even worse, courts continue to routinely dish out punitive sanctions for ESI preservation failures. The volume of Electronically Stored Information is growing exponentially and will only continue to do so. Even with the advent of predictive coding, the costs associated with collecting, processing, reviewing, and producing documents in litigation are the source of considerable pain for litigants. The only way to reduce that pain to its minimum is to use all tools available in all appropriate circumstances within the bounds of reasonableness and proportionality to control the volumes of data that enter the discovery pipeline.

Counsel for large enterprises embroiled in litigation often gravitate to custodian self-collection, as it is a method to limit ESI preservation to only a limited set of documents and email deemed responsive by the individual custodians to the parameters of the litigation hold. However, traditional custodian self-collection is fraught with risk as it is usually not performed in a systemized or defensible manner.  Various custodians are not employing uniform search criteria and methodology across the same case.  Corporate counsel who rely on self-collection lack confidence in the accuracy and thoroughness of the process. Further, an average employee has neither the legal nor the technical expertise needed to identify and/or acquire potentially relevant ESI for purposes of litigation.

In a recent case that dramatically illustrates the perils of custodian self-collection, a company found themselves on the wrong end of a $3 million sanctions penalty for spoliation of evidence. The case illustrates that establishing a litigation hold and notifying the custodians is just the first step. Effective monitoring and compliance with the litigation hold is essential to avoid punitive sanctions. GN Netcom, Inc. v. Plantronics, Inc., No. 12-1318-LPS, 2016 U.S. Dist. LEXIS 93299 (D. Del. July 12, 2016).

In GN Netcom, Plantronics promptly issued a litigation hold, conducted training sessions, and sent quarterly reminders to custodians requiring affirmative acknowledgment of compliance with the hold. Despite these efforts, a senior Plantronics executive deleted relevant emails and asked his subordinates to follow suit. The court ultimately found that Plantronics acted in bad faith, “intend[ing] to impair the ability of the other side to effectively litigate its case.” In addition to the $3 million monetary penalty, Plantronics also faces severe evidentiary sanctions at trial.

At the other end of the spectrum, full disk image collection is another preservation option that, while being defensible, is very costly, burdensome and disruptive to operations. Recently in this blog, I discussed at length the numerous challenges associated with full disk imaging.

Litigators and commentators often pine for the advent of a systemized, uniform and defensible process for custodian self-collection. Conceptually, such an ideal process would be where custodians are automatically presented with a set of their documents and emails that are identified as potentially relevant to a given matter though a set of keywords and other search parameters that are uniformly applied across all custodians. This set of ESI would be presented to the custodian in a controlled interface with no ability to delete documents or emails, and only the ability to review and apply tags. The custodian would have to comply with the order and all documents responsive to the initial unified search would be collected as a default control mechanism.

With X1 Distributed Discovery (X1DD), the option for a defensible custodian assisted review is now a reality. At a high level, with X1DD, organizations can perform targeted search and collection of the ESI of thousands of endpoints over the internal network without disrupting operations. The search results are returned in minutes, not weeks, and thus can be highly granular and iterative, based upon multiple keywords, date ranges, file types, or other parameters. This approach typically reduces the eDiscovery collection and processing costs by at least one order of magnitude (90%), thereby bringing much needed feasibility to enterprise-wide eDiscovery collection that can save organizations millions while improving compliance.

As a key optional feature, X1DD provides custodian assisted review, where custodians are presented with a listing of their potentially relevant ESI though a controlled, systemized and uniform identification process for their review and tagging. Instead of essentially asking the custodians to “please rummage through your entire email account and all your documents to look for what you might think is relevant to this matter,” the custodians are presented with a narrow and organized subset of potentially relevant ESI for their review. While the custodians are able to assist with the review, they cannot impact or control what ESI is identified and preserved; this is controlled and managed centrally by the eDiscovery practitioner. This way, custodians can apply their own insight to the information, flag personal private data, all while effectuating very cost-effective and systematic ESI collection.

The process is very defensible as the exercise is logged and documented, with all metadata kept intact and a concise chain of custody established. I could describe this very important feature a lot further, but candidly the best way to get a full picture is to see it for yourself. I recommend that you view this recorded 9 minute demonstration of X1 Distributed Discovery’s custodian self-review feature here.

user-assisted-review-video

We believe X1DD’s functionality provides the optimal means for enterprise eDiscovery preservation, collection and early data assessment, especially with the key additional (and optional) feature of custodian assisted review. But please see for yourself and let us know what you think!

1 Comment

Filed under Uncategorized

August 31, 2016 · 8:01 AM

Hundreds of Thousands of Legal Cases Estimated to Address Social Media in 2016

As part of our ongoing effort to monitor legal developments concerning social media evidence, we again searched online legal databases of state and federal court decisions across the United States — this time to identify the number of cases in the last 12 month period ending August 26, 2016 — where evidence from social networking sites played a sigsocial-media-courtsnificant role. The initial search returned over 14,000 results. That is far too many to review manually, but through random sampling to eliminate duplicates and de minimis entries — defined as cases with merely cursory or passing mentions of social media sites — we counted over 9,500 cases accessible through Westlaw. This represents over a 50 percent increase from 2015.

And as only a very small number of cases — approximately one percent of all filed cases — involve a published decision or brief that we can access online, it is safe to assume that hundreds of thousands more cases involved social media evidence during this time period. Additionally, these cases do not reflect the presumably many hundreds of thousands of more instances where social media evidence was relevant to a corporate or law enforcement investigation yet did not evolve into actual litigation. Even so, this limited survey is an important metric establishing the ubiquitous nature of social media evidence, its unequivocal and compelling importance, and the necessity of best practices technology to search and collect this data for litigation and compliance requirements.

The cases were generally split evenly between criminal and civil matters. The civil matters often involved personal injury/insurance claims, employment cases, family law disputes, and copyright/intellectual property. The following are a brief synopsis of some notable cases from the survey:

US v. Brown (D.C. No. 3-13-cr-00037-001) (3rd Circuit August 25, 2016). The opening line in the Federal Appellate Court’s opinion reads: “The advent of social media has presented the courts with new challenges in the prosecution of criminal offenses, including in the way data is authenticated under the Federal Rules of Evidence—a prerequisite to admissibility at trial.” The court goes on to rule that social media is not self-authenticating but must be authenticated through extrinsic or circumstantial evidence under Federal Rule of Evidence 901. I have previously addressed this issue concerning utilizing circumstantial evidence to authenticate social media evidence under Rule 901 and how social media investigation software is instrumental for that purpose.

Stewart v. State of Iowa (No. 14-0583) (C.A. Iowa, August 17 2016). Defendant brought a motion for mistrial after it was discovered (post-trial) through key Facebook evidence that several jurors appeared to be associated with the key witness, despite those jurors’ denials during voir dire. However, the court disallowed the screenshots of the Facebook pages as lacking proper authentication and denied the motion for mistrial. This case underscores the necessity of a timely and proper social media investigation (not mere screen shots), as well as the general importance of conducting social media due diligence on prospective and empaneled jurors.

State of Louisiana v. Demontre Smith, (La. Court of Appeals, April 20, 2016) In yet another court decision illustrating why software that supports best practices is needed to properly collect and preserve social media evidence, the Louisiana appellate court, 4th Circuit, issued a written opinion in a felony criminal case disallowing key social media evidence due to a lack of authenticity. Under cross-examination, the police officer, who offered the evidence in the form of screen shots, conceded that she lacked any corroborating circumstantial evidence to support the authentication of the social media posts. The appellate court ultimately ruled: “We find the social media posts the state seeks to introduce at trial were not properly authenticated, as the state presented no evidence in order to carry its burden at the hearing.”

Xiong vs. Knight Transportation, (D.C. No. 1:12-CV-01546-RBJ) (D. Colo. July 27, 2016). This case arose out of a personal injury from a major rollover traffic accident and illustrates the importance of performing a diligent and timely social media evidence investigation. The jury awarded the Plaintiff $832,000, finding that she incurred severe pain from her injuries, which impacted her social life and daily activities. Post-trial, a paralegal for the defense counsel found a litany of Facebook evidence apparently showing the Plaintiff taking a trip to Las Vegas, visiting nightclubs, attending a wedding and smiling happily with friends at restaurants. Despite this newly discovered Facebook and Facebook-derived evidence, the district court denied Knight Transportation’s motion, finding that “the new (Facebook) evidence could have been discovered before trial and Knight offered no justification for its failure to develop it earlier.”

In addition to case law, another metric reflecting the industry’s standardization of social media evidence collection is the sheer volume of sophisticated customers that have now adopted X1 Social Discovery. Over 400 eDiscovery and computer forensics services firms have at least one paid copy of X1 Social Discovery. I cannot think of a single service provider in the eDiscovery space that performs at least some ESI collection services that does not have at least one paid X1 Social license. Social media evidence collection is now a standard practice in many law enforcement matters as well.

So, if you are one of the minority of digital investigative or eDiscovery professionals who have not adopted X1 Social Discovery, please contact us for a demo today.

 

 

5 Comments

Filed under Case Law, Social Media Investigations

Tagged as , , ,