Cybersecurity’s a Pain Point for Plaintiffs

law-firm-breachCybersecurity and personal privacy are real and compelling concerns.  Whether we know it or not, virtually everyone has been victimized by data breach. Lawyers are tempting targets to hackers because, lawyers and law firms hold petabytes of sensitive and confidential data.  Lawyers bear this heady responsibility despite being far behind the curve of information technology and arrogant in dismissing their need to be more technically astute.  Cloaked in privilege and the arcana of law, litigators have proven obstinate when it comes to adapting discovery practice to changing times and threats, rendering them easy prey for hackers and data thieves.

Corporate clients better appreciate the operational, regulatory and reputational risks posed by lackluster cybersecurity.  Big companies have been burned to the point that, when we hear names like Sony, Target or Anthem, we may think “data breach” before “electronics,” “retail” or “health care.”  The largest corporations operate worldwide, so are subject to stricter data privacy laws.  In the United States, we assume if a company owns the system, it owns the data.  Not so abroad, where people have a right to dictate how and when their personal information is shared.

Headlines have forced corporate clients to clean up their acts respecting data protection, and they’ve begun dragging their lawyers along, demanding that outside counsel do more than pay lip service to protecting, e.g., personally-identifiable information (PII), protected health information (PHI), privileged information and, above all, information lending support to those who would sue the company for malfeasance or regulators who would impose fines or penalties.

Corporate clients are making outside counsel undergo security audits and requiring their lawyers institute operational and technical measures to protect company confidential information.  These measures include encryption in transit, encryption at rest, access controls, extensive physical security, incident response capabilities, cyber liability insurance, industry (i.e., ISO) certifications and compulsory breach reporting.  For examples of emerging ‘standards,’ look at the Model Information Protection and Security Controls for Outside Counsel Possessing Company Confidential Information lately promulgated by the Association of Corporate Counsel.

Forcing outside counsel to harden their data bulwarks is important and overdue; but, it’s also disruptive and costly.  Many small firms will find it more difficult to compete with legal behemoths.  Savvier small firms, nimbler in their ability to embrace cybersecurity, will frame it as a market differentiator.  At the end of the day, firms big and small must up their game in terms of protecting sensitive data.

Enhanced cybersecurity is a rising tide that floats all boats.

Well, maybe not all boats.  Let me share who’s likely to get swamped by this rising tide: requesting parties (or, as corporations call them “plaintiffs’ lawyers”), and their experts and litigation support providers.  Requesting parties and others in the same boat will find themselves grossly unprepared to supply the rigorous cybersecurity and privacy protection made a condition of e-discovery. Continue reading

Inquiring into Intent: FRCP 37(e) Opens the Door

evil intentLawyers spend a ton of time thinking about intent.  Intent is what separates murder from negligent homicide.  It’s key to deciding whether minds have met to form a binding contract.  Intentional torts are punished.  Notions of intent pervade the law: testamentary intent, transferred intent, malice, bad faith, mens rea, scienter and premeditation.  The intent of the framers of the U.S. Constitution was the linchpin of the late Justice Antonin Scalia’s interpretation of that great document.

Intent is the attitude with which one acts.  It can be general intent in the sense of acting in the way you meant to act, or it can be specific intent in anticipating and seeking a specific outcome.  Intent is all in the mind.

Proving intent is one of the harder things trial lawyers do.  Short of the rare Perry Mason moment when a party confesses intent ( i.e., “You’re damn right I killed him, and I’d do it again.  The bastard NEEDED killing!!”), lawyers must resort to evidence that illuminates the intent of a specific person or corporation or that of a reasonable person or corporation similarly situated in terms of what he, she or it would have thought, anticipated or known.

When lawmakers demand proof of intent, they necessarily contemplate that evidence of intent be brought forward.  Lawyers must be able to delve into intent and discover direct and circumstantial evidence of intent.  We must be permitted to probe the knowledge, experience, attitudes, motives, expectations and prejudices of the person or entity whose intent is at issue.

Because intent is elemental but difficult to prove directly, the law gives leeway to the discovery process.  For example, Courts generally prohibit evidence of other wrong acts or bad character to prove a specific act in accordance with character or traits but make an exception and permit the evidence to come in when prior bad acts show intent. Federal Rules of Evidence Rule 404(b)(2).

All of this is prelude to discussing the broader impact of amended Rule 37(e) of the Federal Rules of Civil Procedure, now requiring a finding of an “intent to deprive” as predicate for sanctioning evidence destruction and discovery obstruction.  Continue reading

A New Paradigm in Mobile Device Preservation

mobile-device-security[1]Can anyone doubt the changes wrought by the modern “smart” cellphone?  My new home sits at the corner of one-way streets in New Orleans, my porch a few feet from motorists.  At my former NOLA home, my porch faced cars stopped for a street light.  From my vantage points, I saw drivers looking at their phones, some so engrossed they failed to move when they could.  Phones impact how traffic progresses through controlled intersections in every community.  We are slow-moving zombies in cars.

Distracted driving has eclipsed speeding and drunken driving as the leading cause of motor vehicle collisions.  Walking into fixed objects while texting is reportedly the most common reason young people visit emergency rooms today.  Instances of “distracted walking” injury have doubled every year since 2006.  Doing the math, 250 ER visits in 2006 are over half a million ER visits today, because we walk into poles, doors and parked cars while texting.

Look around you.  CAUTION: This will entail looking up from your phone.  How many are using their phones? At a concert, how many are experiencing it through the lens of their cell phone cameras?  How many selfies?  How many texts?  How many apps?

Lately I’ve begun asking CLE attendees how many are never more than an arm’s length from their phones 24/7.  A majority raise their hands.  These are tech-wary lawyers, and most are Boomers, not Millennials.

Smart phones have changed us.  Litigants are at a turning point in meeting e-discovery duties, and lawyers ignore this sea change at peril.  The “legal industry” has chosen self-deception when it comes to mobile devices. It’s a lie in line with corporate bottom lines, and it once found support in the e-discovery case law and rules of procedure.  But, no more.

Today, if you fail to advise clients to preserve relevant and unique mobile data when under a preservation duty, you’re committing malpractice. 

Yes, I used the “M” word, and not lightly. Continue reading

A Dozen E-Discovery Strategies for Requesting and Producing Parties

competency-and-strategy_ballTwo characteristics that distinguish successful trial lawyers are preparation and strategy.

Strategy is more than simply doing what the rules require and the law allows.  Strategy requires we explore our opponent’s fears, goals and pain points … and our own.  Is it just about the money?  Can we deflect, distract or, deplete the other side’s attention, energy or resources?  How can they save face while we get what we want?

In a world where less than one-in-one-hundred cases are tried, discovery strategy, particularly e-discovery strategy, is more often vital than trial strategy.  Yet, strategic use of e-discovery garners little attention, perhaps because the fundamentals demand so much focus, there’s little room for flourishes.  As lawyers, we tend to cleave to one way of approaching e-discovery and distrust any way not our own.  If you only know one way of doing things, how do act strategically?

Strategic discovery is the domain of those who’ve mastered the tools, techniques and nuances of efficient, effective discovery.  That level of engagement, facility and flexibility is rare; but, you can be still be more strategic in e-discovery even if you’ve got a lot to learn.

Recently, I had to dash off a dozen e-discovery strategies for requesting and producing parties.  I’m not completely happy with my lists, but I think I nailed a few of the essentials for each side.

A Dozen E-Discovery Strategies for Requesting and Producing Parties

(from Ball, Competency and Strategy in E-Discovery (2017))

Continue reading

Come Enjoy an Evening with Nina Totenberg and E-Discovery Heroes

ninatIf you are in New York on Monday evening, please come hear me interview Nina Totenberg, NPR’s legendary legal affairs correspondent, and honor your peers in the corporate and government e-discovery world who are being recognized for excellence in e-discovery strategy, process and success.  We will also honor noted author Michael Arkfeld for his contributions.

Thanks to our hosts, Zapproved et al., there will be ample refreshment and loads of friendly folks, making for a delightful evening.  It will be free, fun and illuminating.

Click here to register.

DATE AND TIME

Mon, January 30, 2017
7:00 PM – 8:30 PM EST
Add to Calendar

LOCATION

New World Stages
340 West 50th Street
New York, NY 10019
View Map

If you have questions you’d like me to pose to Nina Totenberg, please send them to craig@ball.net  You may have heard there’s been some stuff happening in Our Nation’s Capital of late (turns out there was an election and an inauguration; who knew?).  I thought I’d touch on those matters, just in case they might bear on, oh, say, the composition of the U.S. Supreme Court and the viability of the U.S. Constitution.

Hope to see you Monday evening!

William P. Butterfield, Champion of Just Discovery

butterfield_web-1Bill Butterfield died on Tuesday, December 13 after a brief, silent battle with cancer.  He was a good man and an exemplary attorney.  Knowing that I will never meet him again, I mourn that I cannot know him better.   I know well Bill’s tireless efforts to protect every litigant’s right to obtain full and fair discovery.  His was a revered and respected voice at The Sedona Conference, where he stood against multitudes who would cripple our right to seek the truth that lives in electronically-stored information.  Bill employed canny strategies that the naysayers couldn’t match: He was sensible, practical, courteous and kind.  Bill listened.  He considered, and he contributed.  Bill was a worthy opponent to many, an enemy to none.

Exactly five years to the day before he died, Bill testified before a subcommittee of the House Judiciary Committee concerning electronic discovery.  I watched Bill’s testimony and saw the poise and candor that distinguish a good advocate from a great one.  I was invested in Bill’s success as he’d done me the honor of seeking my thoughts about his testimony the weekend prior.  We had a nice chat, and I shared a memo with talking points afterward that he encouraged me to publish.  I was pleased to see Bill touch on those points in his Congressional testimony, but I don’t imagine they were mine alone.  Bill knew e-discovery as well as anyone, and I expect he sought advice from many who till this field.  He was wise that way.

I am flattered as well that Bill sought to engage me in his cases on several occasions.  For one reason or another, I had to decline each time; so, now I rue having missed the opportunity to work with Bill as his counsel.  That would have been nice.  I expect I would have learned a lot, for Bill, a former Eagle Scout, set a fine example for us all.

I send my earnest sympathies to Bill’s wife, Susan, his family, partners at Hausfield and many friends. Though I know he will be remembered in many lasting ways, like a scholarship or other commemoration, Bill’s legacy is the balance he brought to the last decade of e-discovery standard setting and rule making efforts.  At a time when we really needed someone like Bill Butterfield to step in front of the tanks, we were fortunate indeed that Bill stepped in and stepped up.

Tech Tip: Get your iPhone Back

lock-screen“Will the person who left their cell phone at the security checkpoint please retrieve it?”  People constantly leave their phones behind at security checkpoints, washrooms, checkout counters and charge stations.  Too, the little buggers slip out of pockets and purses.  More than three million phones are lost in the U.S. every year, and less than one-in-ten lost phones finds its way home.  Saturday night, I found an iPhone on the floor at a big party in the Faubourg Marigny in New Orleans.  I located the owner by asking everyone in sight if they’d lost a phone, and when I found her, the owner didn’t know she’d dropped it.

There are high tech tools to find lost phones like the Find My iPhone app or Tile locators; but, these only work for owners and require a second connected device.  What do the persons who find your phone or the Lost & Found staff do to quickly locate you, often before you realize your phone’s gone?  You don’t have an ID tag with contact data on your phone, right?

I do something that’s so darn simple, it’s a wonder it’s not already an option on every iPhone: I embed my name and email address in the lock screen photo (i.e., the wallpaper image that appears when you press the sleep/wake button, even when the phone is locked).  Now, any announcement over the P.A. includes my name, and I’ve furnished a secure way for good samaritans to contact me to arrange return.  It’s also an easy means to supply emergency contact information, should the good samaritan find you dropped alongside your phone.

There are plenty of ways to add text to your lock screen image–I’ve used the drawing tools in PowerPoint–but the simplest is to use the image editing tools right on your iPhone.  Here’s how (in iOS 10.1.1):

  1. Select an image to serve as your lockscreen wallpaper.  Use one with not-too-busy space for text (like the clouds in mine).  The text location shouldn’t conflict with the date and time text.  You may prefer to use a picture of yourself to make it easier to find you and prove it’s your phone.
  2. Duplicate the image so as not to alter your original.  Do this by selecting Share (box with the up arrow) and Duplicate.
  3. Working with the duplicate image, choose Edit from the toolbar (abacus-like slider), then choose More (circle with three dots).  Select Markup (toolbox icon) and finally choose the Text option (uppercase “T” in a box).
  4. A text box will appear in the center of your image.  You can resize it by dragging the blue dots or reposition it by dragging the box.  You can change the font face, font size, text color and alignment from the menu bar.
  5. Type your information.  Be sensible, e.g., don’t include your home address, and don’t use your mobile number (duh). Click Done (upper right corner).
  6. To make the edited image your lockscreen wallpaper, go to Settings>Wallpaper>Choose a New Wallpaper.  In All Photos, navigate to the annotated image you just created and select it (tap). Move and scale the image as suits you, then select Set from the menu and choose Set Lock Screen.  You’re done!

Happy E-Discovery Day!

e-discovery-day-2016As I stow the turkey platter and box up the pilgrim décor, I’m reminded that it’s time once more to celebrate E-Discovery Day, TODAY, Thursday, December 1.  No doubt, you’re saying, “So SOON?!?!  I still haven’t retrieved those E-Discovery Day 2015 balloons that got loose in the atrium, and who’s going to eat all that E-Discovery Day Kringle taking up space in the office freezer?” (Special-ordered from Racine in the traditional e-discovery flavor, Cinnamon, TIFF and Tears™).

I know.  Already?  We don’t even have new Federal rules this time!  Judges are still exercising discretion when meting out sanctions for spoliation, and proportionality is back on top, though no one knew it was gone!

But, as the E-Discovery industry has thoughtfully fashioned a holiday to fill the tedious weeks between Thanksgiving and Christmas/Chanukah/Kwanza, let’s warm the wassail, join hands and lift our voices in celebration for those few cherished hours that are E-Discovery Day.  Remember: there’s still time to shop for the perfect E-Discovery Day gift, and as a tip, Ralph “Gimpy” Losey has a new $100 book of reprinted blog posts, perfect for the e-discoverer on your list still stymied by the web browser.  (Get well soon, Ralph!)

Let me invite you to begin your fun-filled E-Discovery Day at the non-intuitive time of 11:15 am eastern/8:15 am pacific TODAY, Thursday, December 1, 2016, by listening to a panel comprised of Robert Cruz, Tara Jones, Zach Warren and Yours Truly discussing Mainstream News & E-Discovery: What You Should Be Watching Out for in 2017. Per our hosts Actiance and Exterro, we will be recapping “what news events you should be tracking and proactively advising your legal team on to ensure you’re prepared to take on new e-discovery risks in 2017.”

In truth, we will be talking about a plenitude of topics that pop into our heads, including how e-discovery in 2017 will not even slightly resemble e-discovery in 2016.  Thanks to automation, TAR 42.0, automobile telematics, deeply-buried ABA commentary and easy-to-apply proportionality standards, you won’t even have to show up at work anymore.  Instead, you’ll just tell Alexa, Siri, Cortana and Hey Google, “Get me the non-privileged e-stuff,” and it will be done in seconds for a pittance.  But, sadly, if you miss our webcast (and the hours of fine programming that follow), don’t be surprised if e-discovery in 2017 looks to you, the uninitiated, just exactly like e-discovery in 2016.

Later today [4PM EST / 3PM CST / 1PM PST], I’m doing another webcast, this one for Nuix, entitled, The Tipping Point of New Technology in Discovery.  The topic grows out of an essay posted here on October 19, 2016 wherein I addressed proportionality considerations when weighing the cost and accuracy of automated transcription and translation tools in e-discovery.  Put simply, for inexpensive technologies that displace manual processes, how inaccurate can such technologies be before the savings won’t defray failure?  I’ll be speaking from New Orleans, and the discussion will be led from Sydney by Nuix’ Angela Bunting.  I’m joined on the panel by Judge Xavier Rodriguez (USDC WDTX) in San Antonio and Scott Cohen of Winston & Strawn in New York.  This promises to be a lively talk!  Please stop by.

There’s a lot of really good content coming your way for free TODAY. Don’t miss it.

Happy E-Discovery Day to You and Yours!

E-Discovery Lessons from the Huma Abedin E-Mails

comey

I’m livid about FBI Director James Comey’s handling of the Huma Abdein e-mails. “Reckless” doesn’t begin to describe Comey’s self-indulgent decision to release information about a situation he clearly does not yet grasp, in a manner that elevates Jim Comey above longstanding Justice Department policy and the integrity of a Presidential election.  Mr. Comey’s justification is couched entirely in his personal predilections, not those of the Bureau or Justice.  It is all “I, I, I” and none of  “we the Bureau” or “we the Justice Department.”  Mine is a procedural objection, not a political one. Whatever my glee at seeing Trump exposed for the weasel I know him to be, I would be every bit as critical had Comey’s half-baked announcement concerned Trump’s e-mail as Clinton’s.  But, Comey’s folly is an opportunity to glean some e-discovery insight.   Continue reading

Proportionality and Emerging Technologies

angela-buntingIn the wee hours last evening, I received a question posed by Angela Bunting with Nuix down in Sydney, Australia.  Angela has such deep knowledge of e-discovery above and below the Equator that I was flattered to be queried by someone I’d go to for guidance.  It was a magnificent hypothetical question.

Angela posited a scenario where a producing party used emerging technolgies to either mechanically translate foreign language text to English or voice recordings to text.   In each instance, the quality of the resultant searchable text was poor, akin to bad OCR, and characterized by poor searchability due to malformed and missing words, misleading substitutions, etc.  As a  consequence of  this poor searchability, some documents that should have been produced were not and, to make matters worse, the requesting party had some of the omitted documents, so could readily demonstrate serious flaws in production.

Challenged by the requesting party, the producing party defends the use of the automated transcription or translation based on proportionality.  To do the same work any other way would have required use of costly and time-consuming manual labor.

So, there you have it: the automated approach was faster and cheaper, but also much less accurate and complete, resulting in a failure to produce non-privileged responsive material.

Angela asked what I believed the view of the courts might be in such a situation?  Would the Court require the work be done again using a more accurate, more expensive method? Might sanctions issue?  Would the Court excuse the failure based on proportionality?

Predicting what courts will do based on skeletal hypotheticals is a crap shoot.  Outcomes turn on the peculiar facts of each case and, when the issue is e-discovery, on counsels’ skill in acquainting the judge with the technical underpinnings.

But, I gave it a shot, and here’s my reply:

Continue reading