What is Electronic Evidence? Answer: A lot more than you might Think!

Part I of a two-part series.  Part II will appear 12/04/08.


A cardinal rule, known to law students everywhere, was broken.  “When on a break from the bar exam, don’t discuss a specific part of it with anyone – and if you absolutely must, ask permission first!”  The reasoning behind this rule; to prevent students from freaking out because inevitably the other student will point out something they themselves missed, thus setting off a chain reaction of worry, panic and distraction.

There I was, on a break from the California Bar Exam, and another student really wanted to discuss the evidence question with me.  We had a pleasant conversation – as pleasant as it could be between two stressed-out bar candidates in the middle of a three-day exam.  We discussed the facts as they pertained to the question and the issue of whether each piece of evidence put before us was authentic.


All was going well until I pointed out the ones that were legit, but weren’t admissible in court.  The pallor of my counterpart changed noticeably.  That’s when he realized that he’d done a great job analyzing whether each piece of evidence was authentic, but forgot the next step – determining whether each was admissible.

Finding evidence is just the beginning.  If all of your dominoes don’t line up properly, it will never be admitted.  The technology gurus have a huge role to play and may not even be aware of it.

A few years ago, if you explained to the average person what electronic evidence – or e-evidence was, then asked them to give you an example, 99% of them would have given you the same answer – e-mail.  We’ve all read news stories about this individual or that one who was caught red-handed through his or her e-mail messages.

Later, another example started showing up more often – text messages.  Just ask the former Mayor of Detroit how that turned out for him…


In law school and on the bar exam, the testers took pride in finding ways to slip a piece of written evidence right by a student by putting it into a form that he or she wouldn’t normally think of as “written”; engraving on a tombstone, label on a medicine bottle, a license plate.  We’re conditioned to think of written evidence as something more mainstream, like a letter, a book or a bill of receipt.

A lot of e-evidence is still written – but now it’s written to computer hard drives, DVDs and cellular phones.  Just like law school students, we have to broaden our thinking and remember that virtually any device that can save, store – or even process electronic information (e.g. RAM in printers/fax machines) may qualify. Then, we have to remember the really tough part – many of these devices are mobile.  They could be virtually anywhere in the world.

Let’s take a hypothetical look at Jane Doe.  She works for a multi-national corporation, “Multi-Corp”.  She has an office in Los Angeles and one in Tokyo, and an apartment in each city as well.  She has a desktop computer in each office, plus a laptop to use when she’s out in the field, at home or traveling.  She stores some of her work on the company file servers.  She’s taken to transferring work from her laptop to her home computers in both Tokyo and L.A. – because she likes them better (the boss doesn’t know).  It’s annoying for her to connect the machines directly, so she either hooks up wirelessly through her router or uses her thumb drive.  She has two cellular phones (one is personal) and a PDA.

Multi-Corp is sued by Uni-Corp, and the Plaintiffs subpoena Jane’s correspondences.  Am I the only one with a headache?  Probably not.

If I’m in the IT department at Multi-Corp, I have to think of every possible device – and the location of each – where relevant data may be stored (let’s hope Jane remembers to tell me about the thumb drive).  Then, once I do, I have to locate the data on the device itself.  What if I need to retrieve it from back-up media?  What happens if a device – and the data it contains – is owned/managed/outsourced to a third party (e.g. the file servers or the cellular phones)?  How do I get them to grant me access when they don’t want to be dragged into a lawsuit?  Do they have to do so?  I might have to ask the legal department.

If I’m in the Legal department at Multi-Corp – or in their outside counsel’s office – I’m depending on the expertise of my IT resources, but I’m also worried about issues that IT doesn’t normally think about; chain-of-custody being a prime example.  I’m looking for data that will exonerate the defendant and relevance is only one issue.  I’m also responsible for making sure it’s admissible and I don’t want it thrown out on a technicality.  How can I impress this and other concepts upon people who don’t work directly for me?

Meanwhile, both departments – and management – are thinking about the costs and whether the Plaintiff’s subpoena is too broad in its scope.

A lot of questions.  A lot of concerns.  I will endeavor to address all of them in tomorrow’s post.

Speaking: Lost in Translation

“Language is the source of misunderstandings.”
— Antoine de Saunt-Exupéry

j0438482Attorneys.  High-tech professionals.  High-tech professional attorneys.  Management.  Laymen.  Not only do they have to communicate between themselves, they have to communicate with all of the support staff that will handle an EDD issue.

Many cases also involve foreign participants – and, as logic will follow, their data.  Nothing like adding multiple languages to the mix to really complicate matters…

What we got here is a potential failure to communicate.  A potential failure of grandiose proportions.  What steps can be taken to avoid it?

Attorneys follow rules of discovery – electronic or otherwise – from state & federal civil procedure and criminal procedure law.  Procedure is the ‘road map’ of every case.  It’s the nuts & bolts of the legal system – the ‘plumbing‘, if you will..

Technology professionals are tasked with creating a ‘map’ of their hierarchy in order to identify, preserve and collect ESI.

Management has a vested interest in both groups being excellent cartographers.

Does this cover every contingency?  Who else might we – or our colleagues – be responsible for communicating with about this?

Young Businesswoman with Her Finger on Her Lips --- Image by © Royalty-Free/Corbis

Proportion is a major factor.  The larger the parties involved, the likelihood increases exponentially of laymen taking an interest (public or private shareholders, staff, reporters, etc.) who have no experience with either discipline.  The rumor mill starts grinding.  Like it or not, there may be public relations aspects to all of this.

The attorneys and technology professionals who ‘make it happen’ will not likely be directly exposed to this part of the equation, but there is one element they should be concerned about; making sure that the information flowing upward – and downward, for that matter – is accurate and concise for the benefit of those who will be directly exposed.

Credibility is key.  A mistake that initially appears to be harmless can turn into a nightmare for a professional who is held to a particular standard of duty.  These duties may involve split loyalties, and worse, there is a risk to the parties that their duties may diverge.  One may be forced to walk a tightrope.

Corporate executives may have duties to their companies, their counterparts, their shareholders (if they’re structured that way) and the public.  Attorneys – first and foremost – are Officers of the Court, and this duty supersedes all others.  Disseminating incorrect and/or misleading information – even when unintentional – may get these people in hot water.

We all must take care to assure that this doesn’t happen.  That’s our duty.

Listening: How a Dog became a Cat & other ‘Tails’

Today is Thanksgiving, and aside from wishing you a safe and happy holiday, I thought I’d have a little fun.  Everybody’s talking turkey, so let’s talk about dogs and cats instead…

“There’s a reason we have two ears and one mouth”.  That old proverb is admonishing us in a subtle way; listen more and speak less.

Jack Russell Terrier Snarling --- Image by © Royalty-Free/Corbis

Many years ago, someone told me a great story about a design team, tasked with making improvements to a client’s dog.  A long narrative follows about how the various team members come up with all sorts of creative ideas about what they can do to accomplish this goal.  To make a long story short, by the time they’re done, the dog’s design has been improved so much that it’s now a cat – a really fantastic cat!

The team is thrilled, and they can’t wait to present the results to the client.  But when the client sees the cat, he says, “You’ve done a great job here, but what I asked for was a better dog.”

Whether you’re an attorney, a technology professional – or somewhere in between – it’s important to always remember that somebody is your client – or customer.  Highly-skilled individuals forget this sometimes.  It can be a product of hubris, but I’m not concerned with that.  I’m referring to the more common reason; the perception that your audience won’t understand what you’re saying or doing.  Complex activities go on behind the scenes that can be very difficult
to explain to someone outside of your particular field of expertise, so why not just do it, get it done, then get back to them when you’re finished?

The Leaning Tower of Pisa, Tuscany, Italy

What other two disciplines are in danger of exhibiting this train of thought more than law and technology?  Contrary to
popular belief, a trial does not seamlessly take place like it appears on Law & Order, and techies don’t shout “I want tactical and database assimilation by 0-900!” – at least not that I’ve experienced.  Your computer won’t say to you, “I’m sorry, Dave, I’m afraid I can’t do that.” but your IT Manager might.  If you adopt an ivory tower attitude toward e-discovery under these circumstances, you may find yourself in the Tower of London instead.

EDD (electronic data discovery) may require so many human resources with such specific skill-sets (IT, Management, Inside and/or Outside Counsel, Consultants, Paralegals, Tech-Support) that the risk of mis-communication – or complete lack thereof – becomes great.  You forget to listen carefully, and worse, refrain from going back to
the source for more input and guidance when necessary.  Attorneys refer to this as ‘assuming facts not in evidence’.

The line becomes blurred.  Who is the client?  It’s easy to lose sight of the fact that – for most of the parties involved – the company itself is the client!

I solve this problem by assuming that everyone is my customer; and this may include everyone inside of my department as well.  It’s true if you think about it.  Anyone I owe a deliverable to technically is my customer – even if we work together.

Keeping this in mind helps me remember that I have four primary goals:

  1. Understand my tasks – if I don’t, keep asking questions until I do
  2. Perform them competently and efficiently
  3. Deliver exactly what my customer requires by the agreed-upon deadline (or find and present suitable alternatives if conditions outside of my control delay or prevent a deliverable from being met)
  4. Communicate clearly and concisely with my customer at all stages of the project – even if the news is unpleasant.

Following this simple formula will hopefully get you through the ‘dog’ days of litigation.

Testing 1-2-3…Are you ‘Really’ Ready for a Litigation Request?

Part II of a two-part series.  Part I appeared 11/24/08.


I read a lot of of excellent articles, white papers and documents (as do you)
which present reasonable, astute and prescient approaches to getting a
handle on your company’s ESI (electronically stored information).

However, in virtually all of the materials I see, one important element is missing:


j0433180Buildings run fire drills. Do you run data recovery drills?

Sounds counterintuitive, doesn’t it?  Common sense would tell you that if you’re backing up your data, it should be relatively easy to recover it on demand.  After all, the software “tells” you in your morning report that last night’s run went fine.  But did it?  Is that all that matters?

 Think about it for a moment.  How many spokes are in your hub?  Where are they?  How many people are responsible for protecting the data?  What software do you use?  What hardware?  What media?  Is it easily accessible?  Physically?  Remotely?  Do you handle it in-house or do you depend on outside vendors?  Do you use off-site media storage?  Do you know the time it would require for you to comply with a request to produce data?  Do you have an alternate location to restore it?  It isn’t always restored to the location where it originated, and certainly not when litigation is involved.

Let’s boil it down to one simple question.  What would you do if you received a call with a demand for data – a large quantity of data – that isn’t at your fingertips?

Woman with Headache --- Image by © Royalty-Free/Corbis

It would surprise you how many companies haven’t thought about this.  They do everything right in terms of the front-end of this process, but never anticipate the back-end.  They do a terrific job of thinking about data protection, yet don’t think about more important issues – data integrity and the ability to restore it.

What good is all of this technology if, when the big request comes down, you can’t deliver?  It’s bad enough when this has nothing to do with e-discovery (such as my location in California, where we have to worry about earthquakes), but when it does, there are sanctions on the line – and not just civil sanctions.  Some of the penalties are criminal in nature.

Admittedly, criminal liability would most likely require intentional and/or egregious conduct, but the spectre is out there (I’ll address the facts vs. fictions in a future post).

You don’t want to be the attorney who has to stand in front of the judge and say “I’m sorry, Your Honor.” because you are either experiencing delays in producing the data, produced it very late in the litigation process or are unable to produce it at all.  You might get a response like this one from a Judge in the recent McAfee case – “Heads will have to roll“.

Let’s hope it isn’t your head she’s talking about.

Disaster, Recovery and e-Discovery – What You Don’t Know CAN Hurt You

Part I of a two-part series.  Part II will appear 11/25/08.


j0439550Perception is reality – or so the saying goes.  With e-discovery, perception cannot be reality.  The divergence of these concepts is illustrated by the following statistics:

When queried, a high percentage of law firms and in-house counsel believe the companies they represent are ready to comply with a litigation request.

Apparently, they didn’t ask the IT department.  A dismal percentage of IT managers believe they are ready to comply.

A lot of this obvious disconnect can be attributed to lack of communication between the parties.  However, another major element is what’s lost in translation.  Do the attorneys understand how IT accomplishes this task – or the difficulty of achieving it?  Does IT understand what the attorneys are asking of them?  Do both groups understand what is encompassed in the term “ESI” (electronically stored information)?

Lawyers are thinking about the litigation hold.  IT is thinking about incremental, differential and full backups.  Never the twain shall meet.

How many times has IT received a call like this?  “I created a document this morning and I accidentally overwrote it this afternoon.  Can you please restore it for me?”  That’s a problem.  Regardless of what day it may be in the rotation, most companies perform a back-up once per evening.  As such, there is no back-up of the caller’s file.  Unless the over-written file can be restored somehow from the disk it was saved to, the caller is out of luck.

Back-ups are not normally a dynamic process; they’re snapshots in time.  Even if you do full backups every night, theoretically, an infinite number of people may “touch” a file between those two periods.  This is something lawyers would easily understand; but many are not aware of it.

What the lawyers need is for the data to not only be located – and restored, if necessary.  The data must also be preserved.  Nobody must touch or modify that snapshot – a line in the sand, so to speak.  Again, this is something IT would easily understand; but many are not aware of it; nor the massive amounts of storage that may be required to accomplish it.

Also, most rotation schemes involve eventually overwriting the media (Grandfather-Father-Son?  Tower of Hanoi?).  What happens if, like in the recent McAfee case, data is requested that is from the year 2000?

Rows of Drawers at Library ca. 2001

Basic definitions also come into play.  Do all of the parties mean the same thing when they use the terminology?  What is a back-up and a restore?  What is disaster-recovery?  Do you have separate processes for each?  Are they considered the same thing at your company?  What is the intent of the process; ready access to the files or worst-case-scenario access?  Is the data stored on-site or off-site?  Both?

IT is thinking about how feasible it is to access the data.  Attorneys are thinking about Zubulake.

Be careful you’re not creating your own homonyms.  Webster’s Dictionary defines them as, “Two words…pronounced or spelled the same way but have different meanings”.

If Legal thinks it’s one thing and IT thinks it’s another, both groups are going to face some very unpleasant realities down the road.  This would be a good time to get those definitions written down.  Then make sure you’re all on the same page.

Money Pot or Money Pit? The ‘Proactive vs. Reactive’ Debate

j0382668Want to re-create the experience of salmon swimming upstream?  Try convincing the higher-ups that making an initial capital outlay to implement highly-efficient technology will benefit them in the long run.

Want to re-create the experience of salmon swimming upstream in a tsunami?  Try doing it in our current economic environment, while IT budgets are being slashed; and the highly-efficient technology you want to implement is a new discipline that almost nobody understands.

I’ve been making the”proactive” argument my entire career.  Certainly, I always had logic on my side, and lined up all of the metaphors to support my position.  Who would possibly argue against fixing potential leaks before the dam bursts?  “Don’t be penny wise and pound foolish!”.  “You can pay now or pay a lot more later!” (my brilliantly-usurped line from the Fram oil filter guy).

The problem is, you may win the argument, but still lose the debate.  CIO magazine illustrates this point beautifully.  There are a mass of sinister forces working against you; not the least of which is, to a lot of executives, the IT department is like that not-too-popular uncle they keep in the attic.  A necessary evil.  Their mantra is, “IT should be seen, but not heard”.  You end up running into four common issues and one exception:

  1. Management looks at IT as a non-revenue-generating cost center, and as such doesn’t want to fund it.
  2. Management has no idea what you’re talking about.  They won’t fund it.
  3. Management actually listens to you and even likes what they hear.  Then comes the dreaded result, “That’s a great plan, but we simply don’t have room for it in the budget.  We can’t fund it.”.
  4. Management likes it and wants you to implement it, but thinks it can be done on a shoe-string.  They fund it, but just enough to set you up for failure.
  5. Management funds it!Pennybags

First of all, views one through four are highly short-sighted.  I phrase it this way.  In IT, we produce nothing!  Our job is to make sure that everyone else can do THEIR jobs.  Management sometimes doesn’t see the bigger picture.  They don’t realize that a catastrophic failure means that the revenue-generating parts of the company will not be able to generate revenue.  In short; time is money.

Times are changing, though.  Some companies have broadened their definition of the IT department and have brought them in to support projects that actually generate revenue.

Also, one can’t blame management all the time.  If it’s not in the budget, it’s not in the budget.  That changes your mandate.  How do you move yourself up in the pecking order?  If management can’t see the big picture, it’s your job to MAKE them see it!

This is where IT and Legal can really cooperate to achieve a beneficial
result for both departments – and by default, the organization as a
whole.  How?  By using the one thing that is the singular goal of most attorneys:


Legal eagles face dire consequences for failure.  Their licenses are on the line.  IT knows what it feels like when they can’t deliver what’s requested of them – it’s already happened many times.  And the organization?  Somebody will end up paying the penalty.  Everybody has skin in this game.

This is a true opportunity for IT and Legal to come together to play to each other’s strengths.  Get into a room together.  Formulate a plan.  Then persuade management as a team.  This has to happen!

Back to the Future – Reebok v. Tristar, 1996 (the “Jerry Maguire” case)

*** NOTE – No privileged or proprietary information is contained in this post. ***

Movie Reel

My first foray into the realm of e-discovery occurred in early 1997 – when it was still just called “discovery”.  I was a Consultant to Sony Pictures Entertainment at the time and Manager of Groupware Services Worldwide, which – unfortunately for me – included responsibility for the company email system.  I was not yet an attorney.

(I have a feeling most of you know where this is going…).

In late, 1996, Reebok Int’l filed suit against Tristar Pictures (at the time a subdivision of SPE) for breach of contract due to the handling of a product placement in the movie, “Jerry Maguire“.  Reebok’s attorneys issued a subpoena for relevant email correspondence between Tristar representatives who were parties to the negotiations.

We faced a serious problem, which was not an unusual one given the time elapsed between negotiations to make a motion picture and the actual production and release of that picture.  The emails were several years old and the Company had done away with the archaic tape backup system used at the time.

A consultant’s job is to find a reasonable method to deliver what a client requests.  As such, I tasked one of our best number-crunchers to figure out what it would realistically take to re-create the prior backup system from scratch, then catalog all of the old tapes to
even give us a starting point as to what would be required for review and production.  Keep in mind that this was a much more difficult feat to accomplish in 1997 than it is today.  The results were striking.  The estimated cost to comply with the subpoena was approximately $250,000!Movie Reel and Film

Obviously, management wasn’t too keen on the idea of spending that sum of money, and thus began a motion by Tristar’s representatives to quash the subpoena due to the high cost, or failing that, shift the burden – or at least a large portion of it – onto the Plaintiff.  Being on the tech side of things – and with a stack of responsibilities on my desk – I moved on to the next “crisis” and have no knowledge as to what specifically transpired after that.  Eventually, the word came down from on high; “you don’t have to worry about producing the data”.  Whew!

I wanted to relay this story because it mirrors exactly how an e-discovery request might fall upon an IT department today.  It also raises several of the most important issues:

Are we able to comply with the request?  How much time/resources will this take away from our other pressing issues?  How much will this cost?  Who will bear the cost?

Luckily, I had at my disposal the qualified brainpower to comply – and had we been asked to proceed, we could have done so.  But it would also have meant taking one of my best minds away from what he was doing, leaving me short-handed with the prospect of making do without him or hiring a temporary replacement and bringing him/her “up to speed”.

The question is, what would happen if you received the request?

Attorneys – Get with the ‘Program’

An interesting survey appeared in the September 2008 issue of the American Bar Association Journal.  The subheading states, “Lawyers Slow to Adopt Cutting-Edge Technology“.

I took solace in the statistic that only 2% of lawyers maintain a law blog (assuming readers consider this a blawg then I’m certainly ahead of the pack) and only 8% of law firms follow suit, but as a general trend, the data is somewhat troubling.  It’s a symptom of a larger illness.

The number-one complaint against attorneys is lack of communication.  I’m not just speaking in terms of what their employees or clients say – it’s also the number-one complaint lodged against them with bar associations.


It’s bad enough when the subject is one in which an attorney feels comfortable discussing.  But add complex technology to the mix and that’s a recipe for disaster.  In the “wild west” days of e-discovery – before it even had a name – one could get away with mistakes.  Now that the rules have been formalized, the path is littered with attorneys – and their clients – who have suffered greatly for their mistakes.

There’s an old saying, attributed to Confucius, which states; “He who does not know, and does not know that he does not know, is a fool”.  In the e-discovery world, the new saying is, “He who does not know, and does not know that he does not know, will be sanctioned”.


Core competency in this area is no longer hoped for; it is expected j0439531and presumed, both by clients and the courts.  It’s not enough for attorneys to rely on IT personnel; they must also be able to understand what their IT professionals are telling them so they can communicate this information effectively to their clients, the courts and even their adversaries. Otherwise, it’s the attorneys and their clients who will bear the consequences of mistakes.

Further hampering this process is the fact that very few IT personnel speak “English”.  Many a layman has become glassy-eyed while listening to a “techie” explain a process in “techno-speak” while not understanding a word of what was said.

Like it or not, the onus is on the legal professional to be competent and understand this process.  If something goes wrong, blaming the incident on a lack of technical knowledge and expertise is not going to fly.

e-Discovery California Rules: They’ll be Ba-a-a-ck!

j0339246Relief – or opportunity?

Governor Arnold Schwarzenegger ‘terminated‘ – albeit temporarily – Assembly Bill No. 926, the proposed e-discovery California rules (Sorry – I just couldn’t help myself).

Depending upon the source you consult, you’ll either take the Governor at his word that his veto is due to the lack of a budget agreement, or perhaps you’ll suspect that other political considerations are involved.  Politics are politics.  Although I’ve been preparing for implementation of the new e-discovery California rules, I’ve also been around politics long enough to know that these things rarely happen on schedule.

Make no mistake, formal rules are coming to California.  In several states, they’ve already arrived.  This is a ‘golden’ opportunity for Corporations and Law Firms in California – or serving California – to get ahead of the game.

The State Bar of California concurs.  “Several major cases in recent years highlight the perils of electronic discovery
gone wrong and illustrate the risks of failing to have in place document preservation
procedures and litigation hold policies.”

I couldn’t have said it better myself.


Question Mark Key on Computer Keyboard

Almost everyone is familiar with the term “Blog”, which is a combination of the words “weB” and “LOG”.  Not so familiar is the term “Blawg” which is a humorous play on words and refers to blogs about legal matters, normally written by lawyers, law students or law professors.

So which type am I writing?  Good question.  Well, obviously I was a law student (but I have no desire to relive that experience or the stress that accompanies taking the California bar exam).  Now, I’m a lawyer (mom is very proud – oh, and mom, I wouldn’t make any bets on my ever becoming a professor…).  But prior to that, my area of expertise had been exclusively technology – with an emphasis on the legal aspects of compliance, policies and procedures.

That’s the thing about e-discovery.  It’s like Jekyll and Hyde; part law, part technology.

On the one hand, it’s a pure extension of civil procedure law; for those who haven’t had the pleasure, civil procedure is like a combination of law and algebra – and I was hardly a fan of algebra.  At least it isn’t property law.  Don’t even get me started on property law – if anyone mentions the “rule against perpetuities” I tend to break out in hives…

On the other hand, one absolutely cannot address an e-discovery issue without some very competent people in the IT department getting involved.  Now, these are two groups that don’t tend to mix together well since they speak different languages.

But right now, all over the nation, an executive is calling the head of the Legal Department and asking, “Bob, what are you doing to prepare us for all of these new e-discovery rules?” and then Bob is placing a call to the CIO or the CTO and asking, “Steve, what are you doing to prepare us for all of these new e-discovery rules?”.  Hopefully, Steve has someone he can call…most likely Steve will be calling me – or someone like me.

This site will be a great resource for both the legal and technology professional who is tasked with unraveling this very complex discipline.  Luckily, I speak both languages.

An IT Executive Turned California eDiscovery & Litigation Attorney and Consultant Shares his Personal Insights.