Category Archives: eMail

When Your #Privacy is #Breached, This is how It’ll Happen

MP900177963The best examples in life are of the 'real-world' variety.  These days, I've been hunkered down in my bunker (also known as my dining room) writing sections for the upcoming State Bar of California book, "Growing and Managing a Law Office".  This will also explain why I haven't been posting on the blog as often as I'd prefer.

A couple of days ago, I experienced a serious breach of privacy.  Not my own, mind you, but someone else's!  Specifically, I was emailed a copy of their surgical records.  Why?  Human error.  The sender simply got the email address wrong.

The message contained a 'HIPAA' privacy notice, with contact information.  Not wanting to create another electronic record by replying to the email, I picked up the phone and left a voice mail message that the person had sent the records in error and I was immediately destroying the original message.  Apparently, they didn't check their voice mail, because a few minutes later, the same person emailed me the password to access the records.  At that point, I figured I'd better reply to the message itself…

The sender – and the patient – were lucky in at least two respects:

  1. They sent the records to an eDiscovery attorney, and
  2. I wasn't the least bit interested in looking at them.

Fifteen years ago, when I was purely on the data side, people used to ask me how difficult it was to refrain from peeking at so much confidential information.  My answer was the same then as it is today; curious people don't do well in our line of business.  Now, you'll note, I didn't say 'inquisitive'.  Obviously, there are times and events that will require a reasonable investigation – but this isn't one of them.

As I've oft repeated, a disaster or breach will not likely manifest itself in the manner you expect.  In this case, it wouldn't have mattered if the sender's company employed the most cutting-edge security procedures available.  In the end, the whole thing was thwarted by the 'send' key.

How do you think their security, technology and legal personnel would feel if they knew?

“My Receipt? I Left it in my Other PDA.”

MP900422446 Receipts are going digital.  Great.  Now I can lose them electronically instead of accidentally throwing them into a physical trash bin.  But seriously folks…

The upside?  No more wasting paper (which not only makes the ‘green’ folks happy, but also lowers costs), ease of organization, tracking, recall and portability.  The longer the item is warranted, the more useful this is, of course (unless you enjoy digging up that receipt nine-years after a device warranted for ten-years goes on the fritz).  And has anyone noticed that when they go back through those older heat-created receipts, some of them have faded to the point of being completely unreadable?

The downside?  Privacy.  In order to get the receipt, the sender needs your information such as an e-mail address (although there are ways around that, if you wish, but some of them are clunky).  One way to retain privacy would be for the retailer to project your receipt on a screen as a Bar or Q-code.  Then you could scan it onto your PDA with the appropriate app.

Just spit-ballin’ here, but eventually, this will be the standard way of doing things.

News of the World Buries the eDiscovery Lede: Spoliation

SuperMario
For those who aren't familiar with the term, "burying the lede" refers to an article that fails to express the most important issue in the 1st sentence or paragraph.

Obviously, by now you've heard about the News of the World phone-hacking scandal.  If you're an eDiscovery professional, then you'll find the lede buried all the way in paragraph nineteen:

"On Saturday, the Guardian newspaper, which has led the reporting on the scandal, said Scotland Yard was investigating evidence that a News International executive may have deleted millions of internal e-mails to obstruct the phone-hacking probe. The company denies the allegation." [italics/bold added]

If the allegation turns out to be true, I only have one question.  When will they ever learn?

The 6th Amendment, the Blackstone Ratio & #eDiscovery

GOOBF Card

"Better that ten guilty persons escape than that one innocent suffer."

– William Blackstone, 1783

"’tis much more Prudence to acquit two Persons, tho’ actually guilty, than to pass Sentence of Condemnation on one that is virtuous and innocent."

– Voltaire, 1749

Whether you agree with the passages above (or a similarly-stated quote by Benjamin Franklin, circa 1785), one thing is certain; they form the basis of criminal jurisprudence in the United States.  At least, they used to…I think that claim would be up for strenuous debate these days.

But that's why I wanted to bring you this particular case for our examination.  It doesn't matter what I think; what matters is, familiarize yourself with these issues because there's a high likelihood you'll see them – or something like them – in civil or criminal court.  After all, attorney-client privilege is attorney-client privilege – it just so happens the venue in this example is criminal court, and the argument is Constitutionality in theory; the 6th Amendment Right to Counsel.

One thing that distinguishes a criminal complaint from a civil one is, when the government discovers and/or seizes evidence (whether due to reasonable suspicion, probable cause or a formal warrant) in many instances, the target does not enjoy the benefit of attorney representation (hey, it might be torture for you, but I'd say my company is enjoyable…).

Such is the case with defendant.  The government seized certain computer records, and among those records were emails from defendant to his wife – which were subsequently forwarded to defendant's attorney.  Defendant was convicted, but upon appeal, it was determined that the emails were subject to attorney-client privilege and the prosecutor's review of same was deemed a violation of defendant's 6th Amendment rights.

What am I telling you?  First, you won't always have control over what data is turned over to the other side (do I hear "clawback agreements", anyone?) and second, if you find yourself in a situation like this, somebody on your side had better examine each and every shred of data in the possession of your adversary.

Again, this isn't a judgment on the validity/invalidity of overturning a conviction based on a technicality (I'll leave it to followers of the Casey Anthony trial to argue their perception of what's fair or unfair about the current judicial system).  We have a job to do, our clients depend on us and we are to zealously represent – and protect – their interests.

File this one under Segal's Ratio: "For your client's sake, where electronic evidence is concerned, endeavor to know what you don't know."

Rants & Raves! Recruiters: Keyword Search 1st, Document Review 2nd!!!

MP900448714 Coming to you from the 'cutting my own throat' department today…

Recruiters, you've proven that you're deft at performing keyword search for the word "eDiscovery".  Now, how about giving all of us techies and attorneys a break and actually doing some document review.  What do I mean?

READ THE DAMN RESUME!!!

For the (I kid you not) fourth time in a week, I've been appproached by a different recuiter for the same IT eDiscovery desktop support position.  One of them apparently continues to forget that he already contacted me – and received a polite response – and has contacted me two more times.  Never mind that the last time I did any type of direct desktop support was for Hughes Space & Communications in 1993, but my resume has a title.  It says "eDiscovery Attorney and Consultant".

Oh, the irony…

I have nothing against recruiters.  I've gotten lots of excellent work through many of them, and I'm certain I will in the future.  However, when they do these searches, then send an email blast to everyone with the term "eDiscovery" in their resume, they're telling us that we're meaningless to them – and they don't mind wasting our time.  Why?  Because, many of them also call, so I will always either return the call or email them back.  I will never ignore an inquiry from a recruiter because its unprofessional and just plain rude.  However, it doesn't exactly entice me to want to work with them.

You think I'm being too hard on them?  At least recruiter number one was honest about the position.  The others apparently could already tell it probably wasn't an appropriate position, so they attempted to 'dress it up' by changing it to desktop analyst and desktop engineer.  Shame on you!

There.  I said it.  I feel much better.  Now, where are those band-aids?!?!

e-Evidence Insights: bin Laden’s Secret Weapon: Cut & Paste

MP900423113 Yes…I'm still here…and I'm about to clear out that backlog of interesting items I mentioned a few posts back.  Funny how Osama bin Laden has already moved to the back pages – unless you're interested in 'his' porn collection.

If we learned one thing from 9/11, it was that we should cast a large net, but the webbing must be finite – lest the minnows pass through.  For our purposes, 'minnow' is a metaphor for 'analog'.  We expected machine guns…instead, we got box cutters.  We expected a sophisticated digital network of operatives…instead, we got bin Laden writing up some text, copying it onto a flash drive, then a courier cutting & pasting it into an email message at a remote location.

Just something to keep in mind the next time you're collecting digital evidence.  Don't jump the shark while overlooking the minnow.

e-Evidence Insights: A Good Senator, Spoliated.

…with deference to Mark Twain…

MP900400181 Recently-former-Senator John Ensign's (R-NV) affair and alleged attempts to cover it up would normally be fodder for the press – and I'd take little notice of it.  However, with the release of the Senate Ethics Committee Panel report, we find this:

"The report also accuses Ensign of deleting documents and files the committee was likely to request. The senator deleted the contents of a personal email account after the investigation was launched, it says." [italics added]

And this:

"The committee's report describes Cynthia Hampton as running up $1,000 in phone bills by texting Ensign while he was traveling in Iraq with a congressional delegation."

I want to distinguish between the first quote and the second.  The former is clearly in the realm of relevance (save for an attempted-but-likely-futile privilege argument against access to his personal email account), but the latter is an example of how 'beside-the-point' ESI becomes relevant.  The affair may be morally wrong, but texts between the two players are private – or at least they would be, except for the likelihood that access to them might lead to relevant evidence that would tend to prove or disprove a material fact.  Examples?  Did they conspire to cover up the affair through means that would be deemed improper?  Plus, who paid the phone bill?

This is how your personal cell, PDA or email account ends up in the hands of your adversaries.  You're not immune.

What do you think the odds are that Sen. Ensign knew, or should have known that destroying evidence after learning of an investigation is at best sanctionable conduct and at worst, a crime?

This is how destruction turns into obstruction.  Time to call "Aunt Judy"…or Judge Judy…

e-Evidence Insights: From Innocuous to Probative

MP900401435 If you'll forgive me my lack of time today,  I'd like to link you to a New York Times examination of the case, Skyhook Wireless v. Google (or as I like to call it, the "Jabbar" case).  The reason I'm singling this out is, if you follow the story, you'll see a great example of how seemingly innocuous statements contained in email messages, laid end-to-end, balloon into something much bigger.

Oh, and if somebody sends you an email – and you feel it would be more appropriate to continue the discussion off-line – walk by their office (if possible) or pick up the phone.  Don't email them back, "PLEASE DO NOT! Thread-kill and talk to me off-line with any questions".

If I saw that in document review, where do you think I'd start digging?

White House Correspondence: Private v. Public or Paper v. Plastic?

MP900385809 The other day, I caught this article from Politico regarding House Oversight and Government Reform Committee Chairman (R-Calif.) Darrell Issa's desire to get his committee's hands on White-House-generated emails, Facebook posts and Tweets.  Nothing unusual about that, we would agree.  But therein lies the rub; he wants personal emails, Facebook posts and Tweets.

Let's put Issa's political motivations aside for a moment and look at this objectively.  I've certainly mentioned several times that the line between public and private is becoming more blurred by the day.  None of us helps the cause, do we?  We send public email from private accounts and private email from public accounts.  Many people use Facebook for both private and public purposes with no separation whatsoever.  Same with Twitter.

Hey, even in the accounting department, they know about the rules against commingling!  The problem is, it's so easy to circumvent what would be normal auditing protocols, isn't it?  And who wants to log into – and check – multiple accounts, anyway?  Besides, as an example, you can use your Facebook account to log in to other resources, so why not?  I could even do so to write this blog – if I had a Facebook account, that is…

That's what my headline means:  It matters little whether you choose paper or plastic; either way, you're still transporting groceries