Category Archives: International

“Welcome to what feels like the 17th Day of LegalTech”

MP900432728 If you were following my tweets from LTNY, I posted that quote from Jason Baron Tuesday afternoon.  But no, it wasn't day 17, it was day two – or for Logan's Run fans, last-day for me since I had to catch an early flight home Wednesday.  And that leads me to my first comment.  Drat!  Yeah, it's a word.  There was a "government" track on day three, but I couldn't stay to attend.  Worse, one session was on the contrast in ediscovery rules between civil and criminal investigations – right up my alley.  But, we make choices, and I couldn't be in two places at once, so let me settle for giving you my summary of day two…

As mentioned prior, by the time I got to my hotel room Monday night, I'd been awake about 35 hours.  The Tuesday keynote involved United Nations war crimes investigations with Gonzalo de Cesare.  I was fortunate enough to be attending the Zylab reception for Mr. de Cesare at the close of the day, so I elected to catch up on some zzz's and skip the keynote.

I started my 1st session back on the international track with 75 minutes on Multinational Discovery.  It was great.  Unlike the "overview" feel to all of my Monday sessions, this was loaded with in-depth information. 

In terms of looking at a map, North Americans tend to think of borders vertically (Canada, down to the United States, down to Mexico), but in Europe, thinking horizontally or vertically, one may hop in their car and cross several borders in a single day – and violate privacy laws in each and every one along the way.  The speakers handled this smartly.  They understood that the bulk of the audience were americans (or US-based), so they illustrated the risks both from the standpoint of moving data between EU countries, among others, but also from the standpoint of moving it to/from the United States.  Considering the limited time, they accomplished the goal.

* * * * * * * * * * * *

I stopped in to see my friends at Iron Mountain, then caught the last half of the federal judges session on the federal rules and where things are headed.  Whether you're in technology or law, I urge you to learn as much from judges as you can.  People question judges about ediscovery issues, but a lot of times the answer is, "It depends on the particular facts."  That's the problem.  A snapshot today will serve as a guide, but ediscovery law is a rapidly-changing discipline.  I like to 'get inside the heads' of the judges to try to understand what they're thinking about the future.

* * * * * * * * * * * *

Later, I moved on to a Kroll session on Data Breach & Security (something I may have written about once or twice).  The problem with a successful lecture of this type is, you learn a lot, but you leave with a knot in your stomach because they made you think about what you don't want to think about; all the security risks you haven't thought about.

As I've stated before, the goal is to be proactive in the interest of avoiding having to be reactive.  This session certainly covered the former, but what was fascinating is that they really got into the latter; how do you react once a breach (perceived or actual) has occurred?  The answers aren't as simple as they appear, and here's why:

  1. Should we call an outside source (e.g. if the CEO is informed, is he outside the breach parameters, or does he become a part of the breach?)
  2. Is the breach as serious as we think it is?
  3. Who within the company should we tell?
  4. Who outside the company should we tell?
  5. Who outside the company are we obligated to tell (customers?)
  6. Who should we not tell?

You get the idea.  Regarding points four through six, there are conflicting laws in this area, so doing what you perceive to be the right thing may – by law – be the wrong thing.

* * * * * * * * * * * *

Ralph Losey: "So…Predictive Coding…for or against?"  Having run into Mr. Losey a couple of hours prior to his late afternoon session on the subject, I faced that question.  For the answer, stay tuned for my 3rd and final LTNY post.

An Inauspicious Anniversary

MP900448582 Sorry, folks…it's year-end for corporations and I've been buried this week getting out the last-minute reports and preparing for LegalTech NY.  However, I did want to share something of interest with you for a late Friday afternoon.  Twenty-five years have passed since the accidental creation of the computer virus.

I know what you're thinking.  What does this have to do with e-discovery?  A lot, actually.  This isn't just about annoyances or stealing individual accounts and/or passwords; although that in itself is bad enough.  If you take it to the extreme, the issues are much more serious.

Have you heard of Stuxnet?  I've personally seen relatively benign viruses like "I Love You" bring corporations to a screeching halt, let alone one that specifically targets Iran's centrifuges.  Many corporations underestimate the danger – especially when it comes to the security of their data, since many viruses exist to open tunnels in security systems.

It's a dangerous way to lose safe harbor protection.

e-Discovery LOL: Truth is Stranger than Fiction, Eh?

MP900423020 I wasn't even going to post today; that is, until I happened to spot this gem from my friends at Above the Law.  Forget my advice.  Post stupid photos on Facebook.  Get into public pissing contests.  Solicit sex via text message, it's all good!

Because, while you're doing all of those things, everyone will be looking at this

Is that what they mean by Winnipeg "Free" Press?  Maybe a little too free, perhaps.

Oy Canada…thanks for providing me with the perfect Friday post.

If Viagra Treats ED, will PBoR Treat EDD?

MP900403705 Yeah, I know…gratuitious…but I thought you'd come (don't even go there) to expect that from me on a Friday…

Thing is, yesterday I posted about the humor I observed in litigation response, but I wasn't laughing that heartily, believe me.  I didn't have enough time to flesh out the greater point, but for those who've seen the movie, you know what I'm talking about.  For those who haven't, I suggest you do – and not the 2008 remake.  As the team comes together, you'll see everything we see in real-life litigation; mistrust, disorganization, hidden personal weaknesses, incomplete planning/testing, secret and diverging agendas, hubris, the works.

My favorite is how a small slip of paper almost results in a nuclear catastrophe!

As I learned in my early days, it's not enough to point out risks; it must be accompanied by a proposed plan to address those risks.  The federal government (specifically, the Commerce Department's Internet Policy Task Force) is taking a shot at it with this report (warning – link opens 88-page pdf) calling for the creation of a so-called "Privacy Bill of Rights".

Obviously, the easiest thing to do is criticize, but as I've said before, you can't fault people for trying.  At the very least, this opens a dialogue.  But if I were to make some cursory observations, I'd point out – as some of you would also – that an individual's position on their personal right to privacy may not necessarily be best represented by Procter & Gamble, Walmart or AT&T (three of the panelists and/or respondents).

Looking at the list of entities involved in the symposium, I'd certainly be on the lookout for mistrust, disorganization, hidden personal weaknesses, potentially incomplete planning/testing, secret and diverging agendas, hubris, the works.

Ain't that a pill!!!

Does this ‘Border’ on Unconstitutional?

MP900400680 When you endeavor to cross a border, you give up many of your 4th Amendment protections against illegal search and seizure.  To put it another way, a search at the border, absent probable cause – or even reasonable suspicion, for that matter (a lower standard) – isn't an illegal search.  Lawyers are well aware of this, but what about the general public?

Two issues are triggered here.  The first, privacy, I've written about before (see my International category).  Also, the mere act of crossing the border with certain ESI on your device (and many paper documents, for that matter) may violate the privacy laws of the country you seek to enter (possibly criminally).

However, today's discussion is a little more nuanced than that.  It's one thing to be granted the right to search a person, their luggage and their electronic devices for a bomb; but does that right extend to the contents of the device?  Well, the short answer is, yes.  Is that proper?  Do you agree?

I suppose this might bring new meaning to the retort, "Don't touch my junk!"

Say you have a password-protected file with your personal banking, credit card and other financial information on it.  Now let's go one step further.  Suppose it's a company laptop, the file contains your employer's financial information and it contains evidence of a crime?  Two steps further?  You keep both personal and corporate information on it (does that sound like you?).  What's the difference between a federal official accessing it at the border versus going into your bank, demanding the key and opening your safe-deposit box – without a warrant?

I'll tell you the difference.  When you show up at the border, it's implied consent.  You waive your right to protest.  That's how the law stands now.  However, that may – or may not – change, subject to the outcome of the latest challenge.

In the meantime, this is a cautionary tale for executives who travel internationally; oh, and don't forget your charger.

O Canada!

MP900403250 Canada Day is tomorrow, July 1st.  In honor of this annual event, I'd like to highlight two stories of interest:

The 1st item is a tip of the hat to firms who take preservation of critical data seriously.  Roebothan McKay and Marshall suffered a catastrophic loss when the practice was destroyed by fire.  Yet, it'll be business as usual for the firm.  Partner Steve Marshall said that the hard drive containing client data was retrieved and that back-up
data files were also contained off-site.

What if this happened to your firm?

The 2nd item is a link to an excellent article by Clifford F. Schnier (who is also on my blogroll) about the "state of the union" of e-discovery in Canada.  Of course, when Cliff learns that I used "Canada" and "state of the union" in the same sentence, I suspect he'll be in touch to give me a history lesson…

Cloud(y), with a Slight Chance of Microsoft

Microsoft cloud Microsoft is lobbying Congress to pass something they call the Cloud Computing Advancement Act.  It would modify three areas of internet policy related to privacy, security and international issues.  I'm not sure how I feel about this.  Depending on the specified language involved, this could be a good or bad thing.

Whether it's an oil refiner, automobile manufacturer or software development company, when private entities involve themselves in public policy, there's always a danger of self-interest overwhelming public interest.  Technically, Microsoft is a public company, due to its publicly-traded status, but it begs the question; who are they really trying to protect?

If and when I see the actual language of this proposed Act, I might be able to give an opinion on that.  In the meantime, I'll give them the benefit of the doubt.  After all, sometimes private and public interests dovetail.  Maybe what's good for Microsoft in this instance is also good for the rest of us.

Run for the Border!

J0442382 For those who travel to and from the United States, I thought it would be useful to re-visit the revised DHS guidelines announced August 27, 2009.  This article from the Canadian Bar Association sums it up very well.  To quote them directly:

"U.S. Customs officers have the authority to search and detain any
device capable of storing electronic information for any reason; they
can examine the electronic device without the traveller present; they
can copy from the device or “detain” the device; and they do not need
to obtain the traveller’s consent to conduct the search. “Electronic
devices” can include computers, BlackBerrys or similar devices, cell
phones, travel drives, DVDs and CD-ROMs, cameras, music and other
electronic media players."

Two things:  1) Yes, they use two 'ls' in the word 'traveller' in Canada, and 2) I wonder how many execs at your firm know about these rules?