February 21, 2013 · 1:35 PM

Live Social Media Evidence Capture from Today’s Vegas Strip Shooting

Unfortunately, a tragic event transpired this morning in Las Vegas leaving three people dead and at least three others injured after a shooting and fiery six-vehicle crash along the Strip. According to reports, at about 4:20 a.m. someone in an SUV opened fire into a Maserati that had stopped at a light. The Maserati moved into the intersection at Flamingo Road and collided with a taxi, starting a chain of crashes that involved four other vehicles. Our thoughts and prayers are with the victims and their families.

Given the criminal investigation and civil liability implications of this event, we wanted to demonstrate the new important capabilities of X1 Social Discovery to immediately identify, preserve and display geolocated Tweets (and often Instagram posts) at or near the scene immediately before, during and after the incident. X1 Social Discovery is now able to map a given location, such as a city block or even a full metropolitan area, and search the entire public Twitter feed to identify any geolocated tweets that have been made in the past three days (sometimes longer) within that designated area, as well as to capture any new tweets within that area going forward. As illustrated below, this capability is extremely useful for law enforcement, corporate security and civil litigators.

When we learned of the Vegas incident, we mapped the general area of the strip  and within seconds, all the recent Tweets from the past several hours were populated within the grid and collected within X1 Social Discovery.

Accident 4

From there, we were able to sort those tweets within the interface and identify some key Tweets made immediately after the incident, such as this post:

Accident 5

Accident 2

We are able to sort and identity the exact time (in GMT) of the posts in question as well as associated metadata.

Accident 3

Here is another post below. Both this example and the one above contain notable intel in the comments, suggesting the possible identity of one of the victims, as well as a reference to another posted picture on Instagram. This reflects the utility of X1 Social Discovery’s ability to collect not just the social media post, but the comments thereto in real-time.

Accident 1

This feature can also be employed proactively, to map an area around a school, an embassy, an oil drilling facility overseas, or other critical infrastructure assets to collect and store any geolocated tweets in real time. But of course in order to take full advantage of this ability to gather key evidence such as the evidence, posted above, you need to own the software at the time of the incident.

2 Comments

Filed under Social Media Investigations

Tagged as , , , , , , , , , , , , ,

February 5, 2013 · 9:24 AM

Social Media Discovery Hotter Than Predictive Coding?

fire isolated over black backgroundIt was a great show last week at LegalTech New York. Definitely an increase in the number and quality of attendees and it was nice to see many friends and colleagues both old and new.

Also very noticeable were the many, many vendors sporting predictive coding (aka technology assisted review) messaging in their respective booths and various forms of marketing material. In fact, one industry colleague pointed me to a recent bold prediction offered by Recommind lawyer Howard Sklar, essentially proclaiming that predictive coding will have really hit the big time when a state bar organization issues an ethics opinion stating “that failure to use predictive coding is ethically questionable, if not unethical.” Sklar goes on to predict that such an opinion will come within the next 18 months.

I don’t disagree that such a development would be a big deal. But my question is, why stop at an advisory ethics opinion? What about an actual published court opinion where a sitting appellate judge decrees, without mincing words, that legal ethics obligations require lawyers to employ predictive coding? Now that would be huge. Something, in fact, like Griffin v. State, 192 Md. App. 518, 535 (2010), which addresses another hot topic in eDiscovery:

“[I]t should now be a matter of professional competence for attorneys to take the time to investigate social networking sites.”

Now to be fair, I must point out that Griffin v. State was reversed and remanded on other grounds (419 Md. 343 (2011)), but I would argue the overall impact from an ethics and best practices standpoint is still there.

Sklar also points out three appellate level cases with written opinions that discuss the concept of predictive coding, without any definitive rulings compelling its use, but nonetheless discussing the concept. Two of the three are even retrievable on Westlaw. I think such appellate-level published decisions are important, which is why we highlight the several thousands of published court decisions in the past three years (see here and here) that have compelled the production of, admitted into evidence, or otherwise recognized the importance of social media evidence to the case at hand. New cases are being published every day, to the point where we candidly have stopped counting due to the deluge. So by the standard set by of my esteemed fellow eDiscovery lawyer Mr. Sklar, social media discovery is a very hot field indeed.

Leave a comment

Filed under Case Law, eDiscovery & Compliance, Social Media Investigations

Tagged as , , , , , , , , , , , , , ,

January 24, 2013 · 1:36 PM

Social Media Geolocation Provides Critical Evidence – Including Admissible Hearsay

Nearly all new mobile devices not only feature geo-location but set its activation by default. Many of the most popular mobile apps are built around the premise of geo-location to help you navigate the streets, find new restaurants and other points of interest, and even find your friends, so more and more mobile users are enabling this function. As such, a significant number of social media posts made from a mobile device have geo-location coordinate metadata associated with them. The evidentiary value of such information cannot be understated.

For court purposes, the content of such Tweets may be admissible hearsay themselves even if the actual identity of the author of a Tweet is never ascertained.  Under Rule 803(3) of the Federal Rules of Evidence, “[a] statement of the declarant’s then existing state of mind, emotion, sensation, or physical condition . . . but not including a statement of memory or belief to prove the fact remembered or believed unless it relates to the execution, revocation, identification, or terms of declarant’s will” is not excluded by the hearsay rule. Rule 803(3) arguably describes the vast majority of Tweets, especially those from the likes of Paris Hilton or Charlie Sheen.

And then there is the “excited utterance” exception under Rule 803(2) which provides that, “[a] statement relating to a startling event or condition made while the declarant was under the stress of excitement caused by the event or condition” is not excluded by the hearsay rule. So, a Tweet stating “Oh my gosh, a big SUV just ran a light and nailed that Prius!!!!” would arguably fall under Rule 803(2).

To enable our user base to leverage this key evidence, this week we are announcing a major enhancement to X1 Social Discovery software that we believe significantly advances the ball for social media investigations. X1 Social Discovery will now be able to map a given location such as a city block or even a full metropolitan area, and search the entire public Twitter feed to identify any geo-located tweets that have been made in the past three days (sometimes longer) within that designated area, as well as to capture any new tweets within that area going forward. This capability is extremely useful for law enforcement, corporate security and civil litigators.

Below is an example of a geo-located area with X1 Social Discovery, with the highlighted, captured Tweet suggesting that the author could be a key witness to a traffic accident:

accident4

From there, an investigator can silently follow identified persons of interest in furtherance and highly efficient investigation. For law enforcement, this is obviously useful to gather facts and identify potential witnesses for various crime scenes. This feature can also be employed proactively, to map an area around a school, an embassy, an oil drilling facility overseas, or other critical infrastructure assets to collect and store any geo-located tweets in real time. But in order to take full advantage of this ability to gather key evidence, you need to own the software at the time of the incident.

This upgrade is part of our continuing innovation for X1 Social Discovery. We strongly believe that we have the top social media investigation tool on the market and this new feature only solidifies this position.

> To learn more, contact us for a demo or come visit us next week at Legal Tech New York, where we will be in booth #2012.

Leave a comment

Filed under Best Practices, Social Media Investigations

Tagged as , , , , , , , , , , , , , , , ,

January 17, 2013 · 9:43 AM

“Act Reasonably” — Two Court-Issued Checklists Outlining Defensible, Targeted ESI Collection

Recently two separate and prominent courts — the federal court for the Northern District of California and the Delaware Court of Chancery (which is the primary court of equity for Delaware registered corporations) issued eDiscovery preservation guidelines. This is not unprecedented as other courts have issued similar written guidance in the form of general guidance or even more enforceable local rules of court specifically addressing eDiscovery protocols. What I found particularly interesting, however, is both courts provided fairly specific guidance on the scope of collection and preservation. In the case of the California court, which notes that its “guidelines are designed to establish best practices for evidence preservation in the digital age,” the Court offers a checklist for Rule 26(f) “meet and confer” conferences with good detail on suggested ESI preservation protocols. The Delaware Court of Chancery also issued a detailed checklist or “sample collection outline.” ESI preservation checklists are useful practice guides, and these are sanctioned by two separate influential courts.

This is important as the largest expense directly associated with eDiscovery is the cost of overly inclusive preservation and collection, which leads to increased volume charges and attorney review costs. To the surprise of many, properly targeted preservation initiatives are permitted by the courts and can be enabled by adroit software that is able to quickly and effectively access and search these data sources throughout the enterprise.

The value of targeted preservation is recognized in the Committee Notes to the FRCP amendments, which urge the parties to reach agreement on the preservation of data and the keywords used to identify responsive materials. (Citing the Manual for Complex Litigation (MCL) (4th) §40.25 (2)).  And In re Genetically Modified Rice Litigation, 2007 WL 1655757 (June 5, 2007 E.D.Mo.), the court noted that “[p]reservation efforts can become unduly burdensome and unreasonably costly unless those efforts are targeted to those documents reasonably likely to be relevant or lead to the discovery of relevant evidence.”

The checklist from the California Northern District and the guidelines issued by the Delaware court are consistent with these principles as they call for the specification of date ranges, custodian names and search terms for any ESI to be preserved. The Northern District checklist, for instance, provides for the identification of specific custodians and job titles of custodians whose ESI is to  be preserved, and also specific search phrases search terms “that will be used to identify discoverable ESI and filter out ESI that is not subject to discovery.”

However, many lawyers shy away from a targeted collection strategy over misplaced defensibility concerns, optioning instead for full disk imaging and other broad collection efforts that exponentially escalate litigation costs. The fear by some is that there always may be that one document that could be missed. However, in my experience of following eDiscovery case law over the past decade, the situations where litigants face exposure on the preservation front typically involve an absence of a defensible process. When courts sanction parties, it is usually because there is not a reasonable legal hold procedure in place, where the process is ad hoc and made up on the fly and/or not effectively executed. I am personally unaware of a published decision involving a fact pattern where a company featured a reasonable collection and preservation process involving targeted collection executed pursuant to standard operating procedures, yet was sanctioned because one or two relevant documents slipped through the cracks.

This is because the duty to preserve requires reasonable efforts, not infallible means, to collect potentially relevant information. As succinctly stated by the Delaware court: “Parties are not required to preserve every shred of information. Act reasonably.”

Another barrier standing in the way of defensible and targeted collection is that searching and performing early case assessment at the point of collection is not feasible in the decentralized global enterprise with traditional eDiscovery and information management tools. What is needed to address these challenges for the de-centralized enterprise is a field-deployable search and eDiscovery solution that operates in distributed and virtualized environments on-demand within these distributed global locations where the data resides. In order to meet such a challenge, the eDiscovery and search solution must immediately and rapidly install, execute and efficiently operate locally, including in a virtual environment, where the site data is located, without rigid hardware requirements or on-site physical access.

This ground breaking capability is what X1 Rapid Discovery provides. Its ability to uniquely deploy and operate in the IaaS cloud also means that the solution can install anywhere within the wide-area network, remotely and on-demand. Importantly, the search index is created virtually in the location proximity of the data subject to collection. This enables even globally decentralized enterprises to perform targeted search and collection efforts in an efficient, defensible and highly cost effective manner. Or, in the words of the Delaware court — the ability to act reasonably.

Leave a comment

Filed under Case Law, Cloud Data, Enterprise eDiscovery, IaaS

Tagged as , , , , , , , , , , ,

Aside

Analysis of The Sedona Conference’s Publication on Social Media

images - sedonaThe Sedona Conference® has published for public comment a key document: The Sedona Conference® Primer on Social Media. Sedona is a highly influential organization so this is an important development further underscoring the importance of social media evidence. According to Sedona, the Primer “provides best practice guidance on the corporate use and management of social media, as well as their preservation, collection, and production in the form of electronically stored information (ESI).”

The document is publicly available for download here.

The Primer is a good read and the section II in particular highlights the discoverability of social media, its importance and necessity for best practices technologies such as X1 Social Discovery.

I have extrapolated some of the key quotes, adding headings to segment them by subject, with my comments to some in italics:

On the Scope of Social Media Usage:

“Hundreds of millions of individuals now use social media to communicate and to build online communities…Social media is also increasingly important for business organizations and the legal community—the former largely because of their marketing potential, and the latter as yet another source of information to be regulated, managed, and ultimately preserved and produced during investigations or litigation. Twenty-two percent of Fortune 500 companies now have a public-facing blog that has received at least one post in the last 12 months.”

-Page 1

On the Court’s Increasing Trend to allow Liberal Discovery of Social Media:

 “As the case law continues to develop in the area of social media and privacy, the trend appears to be that courts will not recognize or protect privacy interests of those who voluntarily engage in social media communications. Although initial cases addressing this issue arise in the context of labor and employment, family law, and personal injury matters, where unique considerations broadly implicate the sort of information found on social media sites, the opinions indicate that, in the future, social media and privacy could likely become mutually exclusive concepts in the law.”

-Page 22

“Various courts have already found that social media content that is relevant to litigation is discoverable.  For example, one court found that social media might be relevant to understanding the emotion, feeling, or mental state of claimants in a sexual harassment suit. And sanctions are possible for spoliation of social media content, as with any sort of relevant information. Thus, it is clear that social media content that is relevant to reasonably anticipated litigation must be preserved.”

-Page 34

On Defensibility of Collection and Preservation Processes:

“simply printing out social media site data could result in an incomplete and inaccurate data capture that is hard to authenticate…Also, social media sites can contain data and information, such as video content, that cannot be properly collected in the form of static images (i.e., screen shots and .pdf images).”

-Page 38

Comment: This is a key point emphasized many times on this blog. Screenshots are not only questionable in terms of defensibility and incompleteness, but also prevent any scalable investigation process.

“Third-party providers are developing solutions that go beyond capturing static and single point in-time images from a specific social media site, and instead allow certain content to be downloaded or collected in a way that better preserves the content and captures the unique metadata fields associated with social media data. Properly captured, these metadata fields can assist with establishing the chain of custody and with authentication, and help to facilitate more accurate and efficient data processing and review. Currently, the full range of metadata associated with social media data can only be collected with specialized e-discovery software designed for that purpose.”

-Page 39

Comment: We could not have said this better. Sedona is essentially describing X1 Social Discovery, in our opinion.

“Social media sites can, and some do, publish rules and specifications that allow application programming interfaces (APIs) to interact with the social media site in order to capture social media site data by automated means. Because these products integrate with the APIs published by the providers, they are better able to filter data and collect social media data in a more defensible manner, including by collecting all available metadata fields for individual social media items and by generating MD5 hash values for collected social media items. The products are multiplying rapidly and undergoing refinement, spurred on by the need to fill the new regulatory niche, with flow-on effects for e-discovery. When properly developed, these products are registered and approved by the provider and their use is subject to specific terms of service for developers.”

-Page 39

Comment: Again, we could not have said this better. Only software specifically designed to collect social media evidence for judicial purposes can collect social media evidence in a manner consistent with the functionality described by Sedona. 

Leave a comment

December 24, 2012 · 12:21 PM