Electronic Discovery Law

Legal issues, news and best practices relating to the discovery of electronically stored information.

1
Microsoft Device Helps Police Pluck Evidence from Cyberscene of Crime
2
Court Reminds Parties of Their Duty to Preserve and Enters Preservation Order
3
Court Rejects Cost Shifting Since Moving Party Failed to Meet and Confer in Good Faith; Cost Estimate and Conclusory Characterizations of ESI as “Inaccessible” Insufficient Under Rule 26(b)(2)
4
Status Conference Today in Qualcomm, Inc. v. Broadcom Corp. Regarding Discovery Plan and Further Proceedings
5
Risk and Insurance Management Society 2008 Annual Conference & Exhibition
6
U.S. Courts’ Notice: Invalid Subpoenas
7
Defense Attorneys Sanctioned for Obstructing Forensic Inspection of Defendant’s Computer Servers
8
Court Further Refines Search Protocol, Adds Search Terms and Orders Distinct Conjunctive and Disjunctive Keyword Searches
9
Additional Information Needed Before Court Will Order Production of Email from Backup Sources
10
Party that Sought Metadata Only After Production of Document in .PDF and Paper Formats Not Entitled to Native Production

Microsoft Device Helps Police Pluck Evidence from Cyberscene of Crime

The Seattle Times, April 29, 2008
By Benjamin J. Romano, Seattle Times technology reporter

Microsoft has developed a small plug-in device that investigators can use to quickly extract forensic data from computers that may have been used in crimes.

The COFEE, which stands for Computer Online Forensic Evidence Extractor, is a USB "thumb drive" that was quietly distributed to a handful of law-enforcement agencies last June.  Microsoft General Counsel Brad Smith described its use to the 350 law-enforcement experts attending a company conference Monday.

The device contains 150 commands that can dramatically cut the time it takes to gather digital evidence, which is becoming more important in real-world crime, as well as cybercrime.  It can decrypt passwords and analyze a computer’s Internet activity, as well as data stored in the computer.

It also eliminates the need to seize a computer itself, which typically involves disconnecting from a network, turning off the power and potentially losing data.  Instead, the investigator can scan for evidence on site.

More than 2,000 officers in 15 countries, including Poland, the Philippines, Germany, New Zealand and the United States, are using the device, which Microsoft provides free.

Read the full article here on the Seattle Times website.

Court Reminds Parties of Their Duty to Preserve and Enters Preservation Order

In re Flash Memory Antitrust Litig., 2008 WL 1831668 (N.D. Cal. Apr. 22, 2008)

The court’s order, in its entirety, provides:

All parties and their counsel are reminded of their duty to preserve evidence that may be relevant to this action.  The duty extends to documents, data, and tangible things in the possession, custody and control of the parties to this action, and any employees, agents, contractors, carriers, bailees, or other non-parties who possess materials reasonably anticipated to be subject to discovery in this action.  "Documents, data, and tangible things" shall be interpreted broadly to include writings, records, files, correspondence, reports, memoranda, calendars, diaries, minutes, electronic messages, voice mail, E-mail, telephone message records or logs, computer and network activity logs, hard drives, backup data, removable computer storage media such as tapes, discs and cards, printouts, document image files, Web pages, databases, spreadsheets, software, books, ledgers, journals, orders, invoices, bills, vouchers, check statements, worksheets, summaries, compilations, computations, charts, diagrams, graphic presentations, drawings, films, charts, digital or chemical process photographs, video, phonographic, tape or digital recordings or transcripts thereof, drafts, jottings and notes, studies or drafts of studies or other similar such material. Information that serves to identify, locate, or link such material, such as file inventories, file folders, indices, and metadata, is also included in this definition.  Until the parties reach an agreements on a preservation plan or the Court orders otherwise, each party shall take reasonable steps to preserve all documents, data, and tangible things containing information potentially relevant to the subject mater of this litigation.  In addition, counsel shall exercise all reasonable efforts to identify and notify parties and non-parties of their duties, including employees of corporate or institutional parties, to the extent required by the Federal Rules of Civil Procedure.

Court Rejects Cost Shifting Since Moving Party Failed to Meet and Confer in Good Faith; Cost Estimate and Conclusory Characterizations of ESI as “Inaccessible” Insufficient Under Rule 26(b)(2)

Mikron Ind., Inc. v. Hurd Windows & Doors, Inc., 2008 WL 1805727 (W.D. Wash. Apr. 21, 2008)

In this decision, District Judge Robert S. Lasnik denied defendants’ motion for a protective order which asked the court to shift the costs of producing ESI to the plaintiff.  Relying on Fed. R. Civ. P. 26(b)(2), defendants argued that searching through their ESI would generate substantial costs and yield cumulative results.

Finding that defendants failed to discharge their meet and confer obligation in good faith, as required by Fed. R. Civ. P. 26(c), the court denied the motion on that basis.  The court then went on to consider the merits of the motion.  It found that defendants had also failed to demonstrate that plaintiff’s discovery requests were unduly burdensome and/or cumulative, or that the requested ESI was “not reasonably accessible because of undue burden or cost.”  The court explained:

Read More

Status Conference Today in Qualcomm, Inc. v. Broadcom Corp. Regarding Discovery Plan and Further Proceedings

On March 20, 2008, the court convened a status hearing and counsel reported their progress toward developing the CREDO protocol ordered by the court.  The court also conferred with the parties regarding the status of the case in light of Judge Brewster’s March 5, 2008 Order Remanding in Part Order of Magistrate Court re Motion for Sanctions Dated 1/07/08.  Because Judge Brewster vacated the 1/07/08 Sanctions Order to the extent it required the named Responding Attorneys to participate in the CREDO project, the Magistrate Judge observed that only Qualcomm remained responsible for completing the protocol.  Thus, the court ordered Qualcomm to submit a final version of the CREDO protocol by Thursday, April 10, 2008.  (If it was filed by the court’s deadline, the protocol does yet not appear to be publicly available.)

On April 2, 2008, counsel for the Responding Attorneys and Broadcom submitted their Proposed Discovery Plan in preparation for the evidentiary hearing on attorney sanctions ordered by the District Judge. Read More

Risk and Insurance Management Society 2008 Annual Conference & Exhibition

April 27 – May 1, 2008
San Diego Convention Center
111 West Harbor Drive
San Diego, CA 92101
www.visitsandiego.com

K&L Gates partner David R. Cohen will be one of the speakers presenting “An Ounce of Prevention:  Your 12-Step Guide to Avoiding e-Discovery Disasters," on Monday, April 28 from 3:30 to 5:00 p.m.

This session will introduce risk managers, as well as counsel, to the hot topic of e-discovery and discuss concrete steps to reduce risk exposure and costs related to records management and e-discovery.  A series of 5- to 10-minute videotaped vignettes will show scenes from a sample litigation matter involving e-discovery issues.  Relevant information about new rules and case law will be summarized by the panelists and by a federal court judge from one of the videos.  With your input, the scenes will serve as a springboard for an interactive discussion on records management and e-discovery readiness steps.

Additional speakers at this presentation include Michael Lubben of Ryder System, Inc. and Debra Samuel of Alcoa Inc.

Click here for more information about the conference.

U.S. Courts’ Notice: Invalid Subpoenas

The U.S. Courts’ website (www.uscourts.gov) has the following alert:

Reports have been received of bogus e-mail grand jury subpoenas, purportedly sent by a United States District Court.  The e-mails are not a valid communication from a federal court and may contain harmful links.  Recipients are warned not to open any links or download any information relating to this e-mail notice.  The federal Judiciary’s email address is uscourts.gov.  The e-mails in question appear to be sent from a similar address that is not owned and operated by the federal courts.  Law enforcement authorities have been notified.

More information about the e-mail scam may be found in this New Jersey Law Journal article by Mary Pat Gallagher, "Businesses Hit With E-Mail Blast of Virus-Carrying Pseudo-Subpoenas," an excerpt from which follows:

Read More

Defense Attorneys Sanctioned for Obstructing Forensic Inspection of Defendant’s Computer Servers

Sterle v. Elizabeth Arden, Inc., 2008 WL 961216 (D. Conn. Apr. 9, 2008)

In this wrongful termination case, plaintiff sought the production of certain “DSFG Reports” which summarized information regarding the sales performance of employees in relation to their peers, and other key sales information.  Plaintiff knew about the existence of the DSFG Reports because he had received a facsimile of the June 2004 DSFG Report before he was terminated.  The fax was sent anonymously but the fax number was from defendant’s Stamford, Connecticut office.  The June 2004 DSFG Report revealed that plaintiff was leading his division in sales performance.  After nine months of discovery, defendant had produced only four additional DSFG Reports.  In October 2007, plaintiff moved to compel production of the remaining seven DSFG Reports from the year prior to plaintiff’s termination.

The court held a telephone conference to discuss the motion to compel and the whereabouts of the seven remaining DSFG Reports.  During the conference the attorneys maintained their respective positions on the matter:  plaintiff’s attorney believed that the defense attorneys were hiding or had deleted the DSFG Reports, and defense counsel gave assurances that such reports could not be located.  The court proposed that defendant permit a forensic computer consultant to inspect its computers, to which the attorneys agreed.  The court entered an inspection order, which included the following provisions:

Read More

Court Further Refines Search Protocol, Adds Search Terms and Orders Distinct Conjunctive and Disjunctive Keyword Searches

ClearOne Communications, Inc. v. Chiang, 2008 WL 920336 (D. Utah Apr. 1, 2008)

This decision further refines the search protocol to be used to search data from computers used by certain defendants, which were imaged pursuant to two court orders issued in 2007.  The second imaging order sought to establish a protocol for searching the mirror images to identify relevant and responsive documents.  That protocol was refined in a November 5, 2007 order.  The protocol in place required keyword searches by technical experts; review of search result reports by defense counsel for facial claims of privilege; delivery of the reports to plaintiff’s counsel for preliminary assertion of responsiveness; defense counsel’s review for responsiveness and privilege; and delivery of documents and privilege logs.

The parties had agreed on many search terms.  Plaintiff had accepted, with five additions, the search terms proposed by defendants in September 2007.  The issue decided on this motion related to the five additional search terms proposed by plaintiff, and the conjunctive or disjunctive use of the terms in the searches to be conducted.

Read More

Additional Information Needed Before Court Will Order Production of Email from Backup Sources

Baker v. Gerould, 2008 WL 850236 (W.D.N.Y. Mar. 27, 2008)

Plaintiff, an employee in the New York State Department of Environmental Conservation (“DEC”), alleged that defendants failed to promote him to the position of Captain in retaliation for having exercised his constitutional rights.  Plaintiff moved to compel the production of email between and among the parties, challenging the adequacy of defendants’ production.

Following oral argument on the motion, the court directed defendants to submit an affidavit describing the search undertaken to locate the requested emails.  In response, defendants filed an affidavit of the Director of the DEC’s Division of Information Services.  Instead of explaining the steps undertaken to search for the emails, however, the affidavit only described the work that would be entailed in restoring deleted data from backup sources.  Although the director evidently assumed that as a result of the systematic, automatic deletion of unsaved emails generated more than 12 months earlier, any additional responsive emails between the parties were not reasonably accessible, his affidavit did not address what efforts, if any, were employed to search for such emails from accessible sources.  For example, the affidavit did not identify whether any search was undertaken to locate archived or saved emails, which, as he explained, was one method available to users to avoid deletion of emails.

Read More

Party that Sought Metadata Only After Production of Document in .PDF and Paper Formats Not Entitled to Native Production

Autotech Techs. Ltd. P’ship v. Automationdirect.com, Inc., 248 F.R.D. 556 (N.D. Ill. 2008)

In this trademark infringement litigation, defendant sought to compel Autotech to produce an electronic copy of a word processing document entitled “EZTouch File Structure.”  Autotech had already produced the document in both .PDF format on a compact disc and paper format, and had also provided a “Document Modification History” representing a chronological list of all changes made since the “EZTouch File Structure” document was created.  Defendant argued that the  production was not acceptable, because the document existed in its “native format” on a computer at Autotech’s offices in Bettendorf, Iowa.  Defendant wanted the “metadata” — information it claimed was within the electronic version of the document including when the document was created, when it was modified, and when it was designated “confidential.”

Read More

Copyright © 2022, K&L Gates LLP. All Rights Reserved.