While watching the Sedona Conference webinar on the Cooperation Proclamation today, it struck me that I had never talked in Ride the Lightning about the Seventh Circuit's Electronic Discovery Pilot Program. This program, whose first phase is October 1, 2009-May 1, 2010 was developed in response to the obvious need for reform of the civil pretrial discovery process.
If it was bad before, and it was, it is much worse now with the advent of e-discovery.
The august group which developed the program composed a set of Principles Relating to the Discovery of Electronically Stored Information. These principals are enumerated in the link given above. The principles are really an extension of the Cooperation Proclamation and involve early case assessment, proportionality in formulating an e-discovery plan, the participation of e-discovery liaisons, specificity of preservation requests and orders, the proportionate scope of preservation, identification of electronically stored information, production format and education.
Also included is a model Standing Order Relating to the Discovery of Electronically Stored Information.
All in all, some very nice work. Of course, they are trying to defy the natural order of litigation today- the "take no prisoners" approach that seems so deeply rooted in our (less than civil) civil justice system. But it is a call to action backed up by the court's inherent authority to punish those who disobey the order. I applaud it and hope it will bear some fruit.
Some of the judges in the circuit bravely volunteered to walk this gangplank and will apply the principles to selected cases, which will then be evaluated using objective and subjective measuring tools. The resulting data will be presented at the Annual Meeting of the Seventh Circuit Bar Association and Judicial Conference of the Seventh Circuit, to be held in Chicago on May 2-4, 2010. After that, the Pilot Program will move on to Phase Two (yet to be precisely defined), which will be conducted from June 2010-May 2011.
So can lawyers, famous for eating their young, be retrained to be cooperative? I'm not betting the mortgage money.
E-mail: snelson@senseient.com Phone: 703-359-0700
http://twitter.com/sharonnelsonesq
Anyone interested in e-discovery may want to attend the next Sedona Conference “Voices From the Desert” webinar focusing on the first year of the existence of the Cooperation Proclamation. The seminar will be held on Wednesday, November 4th at 1 p.m. Eastern and you may register here: http://www.thesedonaconference.org/wgsa_html
The Cooperation Proclamation was intended to stop escalating e-discovery costs which have threatened to undermine the civil justice system. Since its issuance, nearly 100 state and federal judges have signed on as endorsers of the Proclamation. It has also been cited in at least a dozen reported court decisions, and it has received widespread press coverage.
To celebrate the Proclamation's first anniversary, The Sedona Conference Journal® is publishing a special Supplement to Volume 10, devoted to the theme of "cooperation," with a preface by Associate Supreme Court Justice Stephen Breyer.
Happily, there is no additional charge for more than one person to participate from a single phone line, so bring a friend. Or attend in your conference room and use the speaker phone so that a group may participate. The registration fee is $99 for the general public and $79 for members of Sedona’s Working Group Series.
Once registered, you will be able to listen to the discussion by telephone, view PowerPoint slides, download the Supplement in PDF format, and ask questions during a question-and-comment period.
We'll certainly be among the attendees!
E-mail: snelson@senseient.com Phone: 703-359-0700
http://twitter.com/sharonnelsonesq
A guest post submitted by Joe Howie on behalf of the eDiscovery Institute:
"I’ve enjoyed reading your blog and thought you might want to blog about the upcoming 5th Annual Pizza After Party in support of the eDiscovery Institute to be held in two weeks – Nov. 12, following that day’s activities at the Georgetown University Law Center Advanced eDiscovery Institute CLE.
The Institute is a 501(c)(3) organization doing some important work in researching solutions to problems with ediscovery processing and costs, and the Pizza After Dinner in a fund-raiser in support of their mission. Lawyers who seriously want to find and/or validate e-discovery processing and review alternatives should be supporting the Institute. If they’re looking for a way to do more than continue debating the concept of improved ways of handling e-discovery and actually fund an organization that is doing research and providing metrics on benefits of different techniques, this is their opportunity.
It’s a great opportunity to interact and mingle with some of the leading e-discovery jurists, lawyers and providers. Last year’s party drew 150 participants, and it looks like this years party will have an even larger crowd.
This year’s sponsors include: Alix Partners, Aphelion Legal, BIA, Crowell Mooring, Encore Discovery, Epiq Systems, Guidance Software, Integreon Discovery Solutions, Jurinnov, Kroll OnTrack, Mayer Brown, Peak Discovery, Precision Discovery, Recommind, RenewData/Digital Mandate, Shook Hardy & Bacon, TCDI, UHY Advisors, and Winston & Strawn.
For ticket information, contact one of the above sponsors or email info@ediscoveryinstitute.org"
E-mail: snelson@senseient.com Phone: 703-359-0700
http://twitter.com/sharonnelsonesq
To my knowledge, this is the first time that a state Supreme Court has ruled that its public records law requires the disclosure of metadata. The Supreme Court of Arizona issued this opinion on October 29, 2009 in the Lake v. City of Phoenix.
Hat tip to Olivier Long.
E-mail: snelson@senseient.com Phone: 703-359-0700
http://twitter.com/sharonnelsonesq
Our friend and colleague Jason Baron, the Director of LItigation for the National Archives and Records Administration, wrote me recently to let me know about a free CLE that sounds terrific.
It is called "E-disovery: The Future of Search" and will be hosted by Capital One on November 10th at their corporate headquarters in McLean, Virginia.
The stellar faculty includes Chief Magistrate Judge Paul Grimm, Judge Andrew J. Peck, Craig Ball, Ralph Losey, Patrick Oot and Jason Baron. There will be discussion of proper search techniques, the intersection of searching and ethics, the economics of searching and a mock hearing regarding search issues.
For further information and to register, please visit http://tinyurl.com/yfchb84
John and I are teaching courtroom technology on the same date, but later in the afternoon, so we plan to be there for most of the day. Hope to see you there!
E-mail: snelson@senseient.com Phone: 703-359-0700
http://twitter.com/sharonnelsonesq
My team of computer forensics technologists was indeed happy today when they spotted a blog posting by Paul Larimer, Group Manager, Microsoft Office Interoperability. Paul says that Microsoft will be releasing documentation for the PST file format.
While his blog post was directed primarily to developers who need to achieve interoperability, this document could give computer forensics examiners a lot of helpful information about the contents of a PST file. Paul cautions that this work is still in the early stages, but I can tell you that my guys are salivating waiting for it.
E-mail: snelson@senseient.com Phone: 703-359-0700
http://twitter.com/sharonnelsonesq
Those of us involved in electronic evidence certainly took note of a story earlier this week. Computerworld reported that engineers from North Carolina State University have created a material that could hold a terrabytes of data on a fingernail-sized chip. That would be 50 times the capacity of today's best silcon-based technologies.
In a word, wow. I am so NOT a scientist - I barely made it through "Physics for Humanists" in college. My sympathetic professor undoubtedly passed me for sheer doggedness. I remember him commenting that he "never saw someone work so hard to learn so little."
But even I was fascinated by the account of "selective doping" (this had an unscientific meaning in my college days) and working at the nanoscale level. Take a read and marvel at the implications for computer forensics and EDD . . .
Hat tip to Jesse Lindmar.
E-mail: snelson@senseient.com Phone: 703-359-0700
http://twitter.com/sharonnelsonesq
Last week, we had the pleasure of lecturing at the University of Virginia's School of Law during a special two-week program. The course was the brainchild of our friend and colleague John Tredennick, who led the course, which included a number of notable guest speakers.
The course was entitled "Electronic Discovery in a Global Environment." The faculty included Dr. Michael Berry, Magistrate Judge John Facciola, Richard Kershaw, Chris Ohly, Amir Milo, Jon Rosenthal, Chris Toomey and Jim Eidelman. We were delighted to be on this illustrious faculty but regret we couldn't attend the course to hear everyone else.
Unsurprisingly, John and I spoke on computer forensics. As the course was limited to 20 students, they had a very interactive and personal experience. Brilliant as they were, we had to laugh when one of them asked us, "you mean reformatting my machine didn't delete all the data?" No, my dear, it sure doesn't.
We hope more law schools will consider adding electronic discovery to their curriculum. Without question, there is no escape for the modern day lawyer: e-discovery is now fundamental to the practice of law. To practice competently, a lawyer will have to understand the fundamentals of e-discovery.
Congratulations John, on pulling together so many talented folks in the field and developing such a terrific program!
E-mail: snelson@senseient.com Phone: 703-359-0700
http://twitter.com/sharonnelsonesq
In a recent post, I discussed the massive Blue Cross/Blue Shield data breach, which elicited a thoughtful e-mail from Rob Rost. I was apparently less than clear in my post, because I agree with Rob that policies and technology must work together to secure data - neither alone will suffice. Thanks, Rob, for this thoughtful reply.
I have some comments about your blog post. I agree with everything that you wrote. However, I think that technology in isolation does not secure data. Technology, just as a poorly written policy, is just as susceptible to human frailty.
For example, Blue Cross Blue Shield may have deployed the following technologies to protect the laptop and the data stored on it:
1) The Blue Cross Blue Shield logo laser-engraved on the laptop cover. The goal of this technology is to deter the physical theft.
2) Phone-home software like Absolute (not the vodka company) Computrace. The goal of this technology is to protect the data by increasing the probability of recovering a stolen laptop.
3) Microsoft bit-locker encryption. Of course, the goal of this technology is to protect the data.
The above technologies can be circumvented by a thief if the employee does not follow a written policy (The employee not follow the policy because he/she is not aware of it, it is not practical, or chooses to ignore it). For example, the person can leave the laptop in his or her car while running errands. The person can also choose (if it is allowed by policy and technology) to use an simple (or none at all) password, and subsequently, easy to guess password. This increases the risk for a thief to successfully guess the employee’s password and gain access to the unencrypted data (this is not an easy task, especially if the thief knows nothing about the employee. On other hand, the success rate of the unauthorized is higher if the “cached” credentials and last login are not required by policy to be deleted and removed, respectively).
I agree that there should be a log entry every time this confidential data is accessed or copied. However, as you know, each security technology, like the ones you are correctly proposing, has the potential (if not a guarantee) to make an existing procedure, task, more inconvenient. For example, the security team at Blue Cross Blue Shield may have wanted to deploy Bit-locker with a USB startup key. However, this extra technical requirement may have been deemed too inconvenient or cost prohibitive so it couldn’t be included in any mobile device policy. In addition, it has been my experience that no employee (especially physicians) will accept any unnecessary inconveniences unless there is a policy that approves it; the assumption is that the policy has been signed by the CEO, or other C-suite executive.
I suspect that BCBS is evaluating their policies to make sure they are not too lax in terms of security \ privacy requirements. If so, I am sure they will update the policy to add new requirements (i.e. two factor authentication to and full-disk encryption of laptops with ePHI), and this will translate to new technologies (e.g. IBM Thinkpad T400 with an integrated Fingerprint reader and Sophos Safeguard encryption software).
Bottom line: Protecting data requires a combination of policies, processes, people, and technology (with a dose of common sense). Unfortunately, as you indicated in your blog entry, human frailty is typically the weakest link in this matrix.
Keep up the great work.
Rob Rost, MA, CISSP, GCFA
I/T Security Consultant
P.S. You guessed correctly. I am one of those security folks who is now primarily focused on e-Discovery and forensics.
E-mail: snelson@senseient.com Phone: 703-359-0700
http://twitter.com/sharonnelsonesq
The Posse List reported today on EDRM developments announced at The Masters Conference. EDRM now has a new website - and has announced progress in each of its eight projects.
There has been a certain amount of chatter on the wires about how much EDRM has accomplished - or not accomplished - since its creation. I have no dog in this hunt because I have not been involved with EDRM.
However, I would be interested in the thoughts of others and would willingly reprint any thoughtful guest posts on this subject.
E-mail: snelson@senseient.com Phone: 703-359-0700
http://twitter.com/sharonnelsonesq