In This Issue:

	FROM THE BENCH: COURTS SET HIGH STANDARDS FOR HARD DRIVE INSPECTIONS BY OPPOSING PARTIES’ COMPUTER FORENSIC EXPERTS
	THE BRILL FILES: MIND OVER METADATA
	TECHNOLOGY YOU SHOULD KNOW: IMPLICATIONS FOR INFORMATION STORED IN RANDOM ACCESS MEMORY (RAM)
	NEWS & EVENTS

FROM THE BENCH: COURTS SET HIGH STANDARDS FOR HARD DRIVE INSPECTIONS BY OPPOSING PARTIES’ COMPUTER FORENSIC EXPERTS

Court Refuses to Require Defendants to Produce Mirror Images for Inspection by Plaintiff’s Computer Forensic Expert
Calyon v. Mizuho Securities USA, Inc., 2007 WL 1468889 (S.D.N.Y. May 19, 2007). In a suit alleging violation of the Computer Fraud and Abuse Act, breach of fiduciary duty, unfair competition, inter alia, the plaintiff motioned the court to compel the defendants to produce mirror images of the hard drives of their personal computers and other computer storage devices to the plaintiff’s computer forensic expert for inspection. The plaintiff alleged the defendants used e-mail and small computer storage devices to remove vast quantities of the plaintiff’s confidential and proprietary data. While the defendants agreed to preserve the hard drives by creating mirror images, the parties disagreed as to who should inspect the mirror images. The plaintiff argued their expert should have complete access to the images, and the defendants argued that granting the plaintiff’s expert unfettered access would impermissibly invade the privacy rights of the defendants and their non-party family members who also used the computers. The defendants proposed their own expert should inspect the mirror images using search terms provided by the plaintiff, or that the search be performed by an independent third-party expert. The court referred to the committee notes of Fed. R. Civ.P. 34(a), which states that a party is not entitled to “a routine right of direct access to a party’s electronic information system, although such access might be justified in some circumstances.” The court held the plaintiff failed to show how its direct access was justified under these circumstances. As the defendants’ expert was fully capable of performing the search, as well as working with the plaintiff’s attorney, the court found no reason to introduce an additional layer of expertise by requiring an independent expert. The court ordered the defendants to preserve the mirror images in question and to make their expert accessible for consultation with the plaintiffs counsel and expert on an on-going basis.

Plaintiff Cannot Employ Forensic Expert to Search Defendant’s ESI Based Upon Mere Suspicion; Parties Must Meet and Confer on Other Discovery Disputes
Scotts Co. LLC v. Liberty Mut. Ins. Co., 2007 WL 1723509 (S.D.Ohio June 12, 2007). In this case, the plaintiff requested the court enter a discovery order, allowing its computer forensic expert to search the defendant’s computer systems, network servers, databases and backup tapes for the last nine years. The plaintiff also sought to compel the re-production of ESI previously produced in hard copy form and the production of deleted documents. The defendant argued the request for a forensic examination was not authorized as a matter of course by the Fed. R. Civ. P. amendments in 2006 and that its production was proper since the plaintiff's requests made no such production format specification. The defendant further argued the deleted information sought by the plaintiff was inaccessible and not relevant. The court found the plaintiff’s request for an intrusive examination of its opponent's computer systems was based on mere suspicion that the defendant may be withholding discoverable information and denied the request. On the production format and request for deleted documents discovery issues, the court ordered the parties to further meet and confer.

THE BRILL FILES: MIND OVER METADATA

Recently, while I was speaking at a legal technology event, the topic of metadata was raised by an audience member. Most people know what metadata is, but for those that do not, it is generally defined as “data about data”. While this definition can encompass just about any behind the scenes bit or byte that travels with a file, commonly cited examples include, a file’s name, location, creation date, modification date and date of last access. Some metadata can easily be seen by users, and some can be hidden and not easily found.

Most people don’t think about metadata let alone worry about others seeing it, but in today’s digital era, those people are growing fewer and fewer. For example, let’s say I spend about an hour writing and editing a one page article for publication in a magazine. I then have three people review it and give me feedback, all before considering it the final version. Obviously, I would not want the company publishing the magazine to see the edits or know how long it took me to write the article. However, all of that information may be saved as metadata, reviewable by the recipient once I send them the final version.

In an attempt to protect employees from divulging sensitive metadata, many companies have created policies requiring the use of metadata scrubbing technology that removes the metadata from a document. While that concept seems rather easy to grasp, is it really necessary for all people in all professions to go to this extent? Is it allowable for all professions to scrub their metadata? What happens when a company is facing a litigation hold? Can metadata scrubbing continue? The answer cannot be a simple yes or no, but let me lay it out for you.

Metadata scrubbing is an allowable business practice and in some industries clearly an important part of the status quo. However, lawyers struggle with determining what, if any, metadata they should produce to the opposing side when exchanging ESI in discovery. In a series of opinions in the Williams v. Sprint/United Mgmt. Co. matter, Judge Waxse in the federal district of Kansas provided the standard when he discussed this issue at length. The basic rule is that once an organization is sued, they can no longer continue to delete metadata from relevant documents. Not only do they have an obligation to preserve the metadata, but they also have to hand it over to the other side unless they first object, agree to the contrary with the other side, or seek a protective order.

If you would like to explore the opportunity of Alan Brill speaking at a conference you are supporting or organizing, please contact Kristin Husom at 952 516 3781 or at khusom@krollontrack.com.

TECHNOLOGY YOU SHOULD KNOW: IMPLICATIONS FOR INFORMATION STORED IN RANDOM ACCESS MEMORY (RAM)

A recent court decision issued by the Honorable Jacqueline Chooljian of the Central District of California, Columbia Pictures Industries v. Justin Bunnell, No. 06-1093 FMC (JCx) (C.D.Cal. May 29, 2007), has the legal technology community mystified and in debate about the accessibility of data that is seemingly hard to retrieve. In a suit alleging copyright infringement, specifically claiming the defendant enables, encourages, and induces profit from online piracy, the plaintiff sought preservation and production of the IP addresses of users of the defendant’s Web site and the dates and times of the users’ requests. The defendant argued that this server log data was not stored on its Web site or in any form from which it could be retrieved. Instead, this data was temporarily stored in random access memory (RAM) on servers located in the Netherlands and routed through a contracted server. The defendant also argued the data did not constitute ESI, was not within their possession, custody or control, that preservation and production was tantamount to requiring the creation of new data, and such an order would be unduly burdensome. Additionally, the defendant argued that the preservation and production of their Web site user IP addresses raised privacy issues. Disagreeing with the defendant and ordering preservation and production of the data stored in RAM, the court found that the data was extremely relevant, did constitute ESI, was within the defendant’s possession and control, and the IP addresses should be masked to protect the privacy of the Web site users. The court also rejected the defendant’s arguments as to violation of the Stored Communications and Wiretap Acts, holding that compliance with this order provides a complete defense to any civil or criminal action predicated on either statute. Lastly, the court refused to sanction the defendant or require them to pay plaintiff’s attorney’s fees and costs.

Critics claim this ruling will require anyone involved in civil litigation to begin preserving and producing ESI stored in RAM. As RAM is generally overwritten within hours of its creation, this could result in a massive amount of information being stored and produced when relevant in a pending litigation. Supporters claim courts have long considered RAM electronically stored information and that the ruling will not have an effect on anyone other than people attempting to illegally share files. They also point out that the illegal downloading of copyrighted movies costs U.S. studios more than $2 billion annually.

NEWS & EVENTS

Meet our representatives at the following events:

Visit www.krollontrack.com/upcomingevents for more information on these events and others.

Back To Top

WE REQUEST YOUR INPUT

Our legal consultants, project managers, and technology experts strive to stay on top of e-discovery law. If you are aware of any additional local court rules or new cases in this area of the law, please contact us by writing to mlange@krollontrack.com.

This newsletter is written by Michele C.S. Lange, an Ontrack Forensics staff attorney with Kroll Ontrack, with assistance from Joni Heikes, a Kroll Ontrack staff attorney. Ms. Lange has published numerous articles and speaks regularly on the topics of e-discovery, computer forensics, and technology’s role in the law. She can be contacted by writing to mlange@krollontrack.com.

For more information about e-discovery and computer forensics services, contact Kroll Ontrack at 800 347 6105 or www.krollontrack.com.