(CSI1000) Compliance Weblog

NYSE Picture

2007-09-08T22:38:02-04:00

I had a meeting this week at the New York Stock Exchange as I was walking into the building I snapped this picture from my cell phone. I liked it so much it's now my wall paper on my PC. I'm posting it here, feel free to take a copy.

Corporate Cell Phone Compliance, the time is coming

2007-05-22T21:05:33-04:00

It's taken fewer number of years for the cell phone to become as ubiquitous as e-mail.

Until, e-mail reached the point of the reliability of a dial-tone - not to many years back - it could not have been deemed ubiquitous. There are many factors, the snow ball effect, that needs to come to fruition simultaneously for any single technology to reach the point of being truly ubiquitous.

In the case of email you have storage - the cost of storage, and storage technological advancements as major components that needed to mature in order for email to be part of the dial-tone reliability age.

Also, data-center advancements in cooling, smaller form factors, basically servers doing a lot more, in less space with less power and networking from the cost and technology advancements of routers and switches - and emergence of widely used protocols to emerging standards that made it easier for everyone to talk the same language without the overhead and errors of bridges and translation.

Note, that it wasn't to long ago when servers spoke IPX/SPX, DEC LAT, NetBeui we were working with Token Ring, Banyan Vines, etc. It's rare to find any of these today on the average corporations LAN.

All of these together, have combined to bring the reliability of a dial-tone to e-mail. And it didn't take long.

I find it amazing, how so much attention - from a compliance, records management, classification, long term retention, legal discovery, etc. perspective - has been paid to electronic communications over the last 5 years, yet another technology that has evolved to the state of being ubiquitous, is used more so and at much lower costs than email, and is as creating a new wave of text messaging, is as prevalent a communication tool, if not more so, than email has received so little attention - the cell phone.

A quick look at the industry which has, in essence, started it all is the financial services industry, specially the broker dealer space. They gave birth to the e-mail supervision industry with regulations which required that certain e-mails be supervised. The regulations were broad enough that it gave room for wide interpretations and with little to no teeth , at least early on, enforcement and compliance was lackadaisical.

Vendors came and went and emails were supervised, but not retained, since the regulations didn't require retention, just supervision.

This went on for sometime, then post ENRON, a definite point in time, came the requirement to 'retain' these same communications, plus the inclusion of instant messaging with email.

These were definitely a monkey wrench, because the same system that was designed to supervise email had no concept of long-term retention and although instant messaging looked like another message on the surface, the issues took a while to iron out, and generated yet another breed of vendor specialized and focused on instant messaging capture.

It all amounted to higher volumes, increased processing and a new technological direction was needed to meet the new requirements, archival software.

Alec Baldwin's Phone Tirade

2007-04-24T00:55:49-04:00

One of the recent pieces to bubble to the surface of the news media has been the Alec Baldwin tirade that was caught on voice mail and then circulated into the internet and television media. I have no personal comments on the actual phone message content, context etc. Those are private matters between family members of the Baldwin family.

However, it does have a related lesson for anyone and everyone including private and public sectors of business - its been a long standard regulatory requirement on trading desks to record all telephone calls, technologies called trading turrets provided by a number of manufacturers facilitate the logical recording of these telephone communications. And like most technologies responsible for accumulating large amounts of data, little or no thought is given to the search and retrieval of the same data - hundreds of phone calls were recorded each minute and stored and if you ever needed to get one of them back to listen to it, well, good luck, another million of so dollars and six months later you found that call.

So, back to the Alec Baldwin voice recording, its pretty amazing how times have changed and a single voice message is so easily extracted and made available across the internet with a few commands and is played on multiple media outlets around the world in minutes. The nature of communications is ferocious to say the least. And in the compliance and legal discovery world the lesson for all is that voice mail, email, and nearly all communications have a shelf life that will long out-live us and that in the touch of a few key strokes any communication medium can be replicated worldwide to millions in a matter of seconds. So, never never never communicate anything that you would not be perfectly OK being read in aloud in a public forum.

I've heard some speakers, along the same lines, infer that if you can't read it aloud in church then don't write it - I wouldn't go that far - lots of my normal business correspondence would not be appropriate for church - but thats just business. Another popular speaker I once heard used an analogy of riding in a car and that we are often misled by the sense of privacy we have in a car, although everyone is peering in through the windows, a reminder of the Jerry Seinfeld episode and the famous nose pick was the moral of his story, everyone is watching. It may be time to deliver a new form of communications, void of traceability or maybe we should just be more careful.

Legal Technology Article: The Real Implications of the New Rules on EDD

2007-03-02T22:41:26-05:00

One of many articles on FRCP below. The Federal Rules of Civil Procedure - if your an IT manager and you haven't Google'd FRCP and boned up on everything there is to know about the effect that it will have on how you deliver, deploy and maintain systems and technology I strongly suggest you give it a go!

Domestic and even world-wide corporate entities, as a whole, are still living under the post effects of SOX, Enron, Anderson and all of the others which have created the umbrella of hyper-sensitivity to regulations which were originally intended to provide "adequate" levels of audit ability, checks and balances and transparency - and what has now turned into governmental control of the corporate environment.

The cause for much of the chaos can be traced back to various technology accelerations over the last few years. And how many different links on a technology chain that have traditionally been delineated are now truly linked.

An example of this is the storage industry and the advancement of CAS (Content Addressable Storage). In the past the application really didn't need to know a whole lot of where an object was being stored. Today to write an object to a CAS storage device you have to write to an API and be prepared from within your application to receive back an acknowledgment, think of it as a coat check ticket, so that you application knows how to get that object back - and also be aware of the no ticket, no object mantra that goes along with the territory. So, applications and now intrinsically tied to particular storage devices, in a way that they never were before. This is just one example, of two links on a technology chain and how they truly are linked.

Moving onto another example, let's use the car racing industry, NASCAR, as an example for a moment. Imagine that their was a sudden breakthrough in the engine technology that caused the top attainable vehicle speed to nearly double. Wow! Well done. Now let me ask you this, do you want to be in the drivers seat - at top flight - using the same seat belt technology that was tested and certified to keep you in your seat at half the speed that your driving! Well the answer is certainly no, but as a competitive driver are you going to ignore the breakthrough, the answer there is also 'no'. What you'll probably do, as a team, is take baby steps together, weigh the trade-offs, and go win the race, with as many guardrails in place to afford you protection given that the tires, seat belts, and other pieces of the vehicle are not in-line with the new speed of the vehicle.

That is sort of what we have experienced over the last decade and certainly within the last few years in the technology industry. The pace of acceleration of core technologies such as storage and bandwidth (the engine, and those are just two of many) have effected other technologies (the tires and the seat belts), which in themselves have advanced either at an accelerated or (slightly below) pace. Also, technologies that provide resilience and durability such a servers and clustering have weighed in heavily as being part of the wave.

E-Mail, in order to have the explosive effect that it has today, in terms of usage or over usage, needed some basic elements, namely the resiliency of a "dial-tone". No one has any doubt that when you pick up a telephone hand set (oddly enough a less and less frequent event these days) that you will here a dial-tone. E-Mail needed to reach that stage and it has. There is no longer any more conversations about an email never being received and falling prey to the black hole of death called the internet. It's now reliable as a dial-tone. The other critical piece to the over or abusive use of email had to be storage, storage prices had to come down, and deployment and management tools around storage area networks, NAS and heterogeneous storage environments had to improve immensely and be easier to acquire and maintain from a capital standpoint, and that has happened, although not as fast as we still need, as well.

Lastly, bandwidth for transmitting large attachments had to be better than what we had with original ISDN channels, and that's happened. It's all amounted to a 'perfect storm' of technological advances happening each on their own stream, that has created the storm of system over use, with little time for planning the consequences that we have today. In retrospect, if other technologies had accelerated at an even pace, the use of email, and the chaotic nature of electronic discovery would not be such a major and costly problem like we have today, namely effective file sharing technologies - Xdrive coulda woulda shoulda. Now Google Documents. Java Toasters had a shot but they were too early. Combine two of the SUN and Google add a compliance culture and you have all of the makings of all of the technological pieces needed at the size and scale necessary to deliver a culture of efficiency transparency and compliance.

So where are we, well what you see at every turn is talk about FRPC. Accelerations will continue to happen on separate streams without the team work and guardrails that a good NASCAR team will have and someone like the Federal Government will have to keep stepping in to figure out what happens since you will eventually find yourself in their playground and it's their ball.

At the Federal Level, where evidence and rules for discovering evidence have been updated to reflect what they now recognize as electronically stored information or ESI for short. If I had to encapsulate the spirit of the rule amendments they all speak loud and clearly to one major theme, which is "being prepared".

This article from Law.com Legal Technology has been sent to you by peter.mojica@ATT.NET.

The Real Implications of the New Rules on EDD Scott Oliver Tuesday, January 23, 2007

Effective Dec. 1, 2006, the Federal Rules of Civil Procedure were amended to provide definition, structure and predictability to electronic discovery. For many litigators, the rule changes represent a fundamental shift in the way we prepare for and manage the discovery of electronically stored information (ESI) for federal cases.

Changes to state rules are not far behind. In fact, several states, such as California, Maryland and New Hampshire, are in various stages of implementing rule changes. Similar changes are already in effect in Idaho and New Jersey. While the objectives of the new Rules are clear, the necessary steps to comply with them are not. This article examines the major FRCP rule changes and their real implications. It provides a roadmap for becoming compliant while controlling business risks and understanding how the new rules can be leveraged in the courtroom.

EARLY ATTENTION TO ELECTRONIC DATA DISCOVERY

Rules 16 and 26 were amended to provide the court with early notice of e-discovery issues. Specifically, Rule 16(b) now states that the scheduling order must include "provisions for disclosure or discovery of electronically stored information" and "any agreements the parties reach for asserting claims of privilege or of protection as trial-preparation material after production." Rule 26(f) requires that parties "discuss any issues relating to preserving discoverable information and to develop a proposed discovery plan." Before the new Rules, this plan was often communicated well into the litigation process, years afterward in some cases. But since these new requirements are now part of the initial "meet and confer", the time frame has been significantly reduced. Under Rule 16(b), parties must "meet and confer" at least 21 days before the scheduling conference (which must occur within 120 days after filing the lawsuit). The bottom line is that parties must define and share their e-discovery plans within the first 99 days of a case.

The real implication of this rule change is that the number of cases subject to rapid case assessment, litigation holds, evidence preservation and collection will increase significantly. Large U.S. companies are already concurrently managing 556 cases on average, with an average of 50 new disputes emerging each year.[FOOTNOTE 1] Moreover, due to the increased number of requests and the large amounts of data now categorized as discoverable ESI -- e-mail being the most voluminous -- these rules will significantly impact corporate resources and e-discovery processes. This will be especially challenging in e-mail-related cases, where the job of finding and sifting through repositories of e-mail is notoriously costly and timely.

To cost-effectively scale and meet the new timeline, technology must play a role in the discovery process to:

1. accurately analyze terabytes of data, enabling rapid early case assessment and ensuring litigation readiness; and

2. audit the current e-discovery process to ensure it's cost-effective, predictable and defensible.

A defined, defensible e-discovery process will also be necessary for protection under Rule 37(f), the so-called "Safe Harbor Rule." The Rule states that "[a]bsent exceptional circumstances, a court may not impose sanctions under these rules on a party for failing to provide electronically stored information lost as a result of the routine, good-faith operation." Rule 37(f) may offer companies protection if ESI is lost, but only if a "routine, good faith" discovery process is well-defined, documented and followed.

KNOW WHERE THE RELEVANT ESI LIVES

With the new Rules, the first step in any litigation with e-discovery will be to identify all relevant data sources and formats. Rule 26(a) states that initial disclosures during the meet and confer include a "copy of, or a description by category and location" of relevant ESI. A critical requirement to comply with this rule is the ability to rapidly identify all relevant data sources of ESI. If additional sources are added after the fact, a judge can impose costly sanctions.

The real implications for Rule 26(a) is that litigants must inventory ESI, classify data and communicate time and cost estimates for its discovery. This cannot be done in silos -- legal and IT departments must work together to understand the various forms of ESI, where they reside and how to access them.

An inventory of ESI will also help companies that seek protection from e-discovery costs under Rule 26(b)(2), "protection due to undue burden or cost." In fact, it would be impossible to seek protection under Rule 26(b)(2) without it. Rule 26(b)(2) was designed to handle the difficulties in discovering information by stating that a party "need not provide discovery of electronically stored information from sources that the party identifies as not reasonably accessible because of undue burden or cost." This might sound like available protection for ill-prepared companies but be warned -- it's not a panacea for all e-discovery issues. It's widely accepted that business e-mail and documents -- comprising the vast majority of company ESI -- be readily accessible, so these type of documents won't normally be protected by this rule. The key here is to make the e-discovery process as scalable and cost-efficient as possible using sufficient resources and available technology. Make sure you determine the best way to:

* Efficiently access corporate data sources where ESI is created, stored and archived (e.g., e-mail systems, networked storage, archives);

* Rapidly find, hold, analyze and produce only the relevant ESI for each case;
* Minimize e-discovery costs by centralizing ESI repositories over time;
* Send only the relevant ESI to requesting parties.

The combination of inefficient e-discovery processes and large amounts of ESI make the inadvertent transfer of privileged or otherwise protected ESI a real possibility. Don't be lulled into thinking that Rule 26(b)(5), which provides a mechanism to "claw back" inadvertent transmission of privileged and protected ESI, offers suitable protection. That simply isn't the case.

The real implication is that if inadvertent transmission does occur, it's almost impossible to completely recover all trade secrets, intellectual property, privileged information, etc., resulting in potentially significant legal, business and financial risks.

This rule should serve as an alarm to the real risk of privileged information disclosure. Because of potential damages, take heed and only produce relevant and nonprivileged ESI. Utilize readily available technology to expedite the process by analyzing and "culling down" ESI from an initially large set to a much smaller, relevant, nonprivileged set for production. By performing more analysis up front in the e-discovery process, litigants not only protect themselves against transferring privileged information but significantly lower the cost of production.

SUPPORT NATIVE FORMATS FOR ESI PRODUCTION

Rule 34(b) was amended to determine how ESI is produced. The rule states that it's the requesting party, not the responding party, which requests "the form or forms in which electronically stored information is to be produced." Rule 34(b)(ii) goes on to state that if the request does not detail the form(s) of production, the responding party must produce it "in a form or forms in which it is ordinarily maintained or in a form or forms that are reasonably usable."

The real implication is that we are likely to see an increase in requests to produce ESI in native formats because of the importance of searching and reviewing metadata. The knowledge gained from close inspection of ESI's metadata, which is unavailable when ESI is produced as hard copy, can be extremely useful. For example, the date when a certain document was created or when an e-mail was forwarded can make or break a case.

CONCLUSION

The amended Federal Rules of civil Procedure dramatically change the way courts govern the use and discovery of ESI during litigation. As a result, e-discovery compliance is a subject that must be taken seriously -- or invite serious consequences.

Technology is no longer a "nice to have"; with the rule changes it's a "must have." The best solutions will be technology or services capable of analyzing and producing ESI in native formats. As an industry, we cannot afford to ignore the rising costs of e-discovery or view ESI investigations as an ad hoc fire drill. To effectively comply with the new rules and turn the tide of e-discovery costs, e-discovery must evolve into an efficient, accurate and predictable process.

::::FOOTNOTES::::

FN1 2006 Jaworski Survey.

Scott Oliver is a partner at Pooley and Oliver LLP. Oliver specializes in the litigation and trial of patent, copyright and complex technology-related cases in state and federal courts, as well as before the International Trade Commission. Prior to joining Pooley and Oliver, Oliver was a partner with Gray Cary Ware and Freidenrich, specializing in intellectual property litigation. Oliver spearheaded his firm's decision to implement the Clearwell E-Mail Intelligence Platform to automate its e-discovery process.

Law.com's ongoing IN FOCUS article series highlights opinion and analysis from our site's contributors and writers across the ALM network of publications.

http://www.law.com/ltn/pubArticleLTN.jsp?id=1169028153099

CP Rail deleted e-mails related to Minot accident

2007-01-18T09:04:08-05:00

Interesting article that appeared in the Minot Daily News. Comments?

CP Rail deleted e-mails related to Minot accident

By DAVE CALDWELL, Staff Writer dcaldwell@minotdailynews.com

A new twist in the legal wrangling over a deadly train derailment five years ago this Thursday has shed some fresh light on the tactics purportedly used by one of the parties in the resulting lawsuits.

According to a legal brief by U.S. Chief District Judge James Rosenbaum dated Thursday, the deletion of e-mails concerning the deadly Jan. 18, 2002, derailment of a Canadian Pacific Railway train just outside Minot has prompted Rosenbaum to allow a defense team access to evidence gathered by a computer forensics expert.

The brief states that during state court proceedings, representatives of one of the derailment plaintiffs, Claudia Roberts, discovered an e-mail message sent by a Soo Line manager to the railroad's top claims agent that began by stating, "In the tradition of keeping very few Minot-related e-mails." During the deposition of the same manager in the case, he was asked about the message, at which time he admitted destroying e-mails about the Minot derailment, saying he had been ordered to do so by a higher-up in the company.

After this revelation, CP Rail hired the computer forensics expert to investigate whether electronic data had been destroyed and, if so, whether that data could be retrieved, according to the brief.

The plaintiff was seeking, via the discovery process, access to the information gathered by the computer expert and permission to depose the expert as soon as possible.

The railroad argued that the motion should be denied until the issue of preemption had been solved, stating that if it was ruled to be immune to lawsuits under federal law, any destruction of evidence in the case would be irrelevant. Calling it a "no harm, no foul" argument, Rosenbaum denied the request, likening it to a group of bank robbers planning to rob a bank, only to arrive and "find that the bank failed and closed its doors the day before the robbers' arrival. Just as the conspiracy to rob the bank is, itself, a crime, regardless of the impossibility of the bank robbery's success, so too, is an attempt to suborn the fact-finding process an affront to the court, even if there will ultimately be no fact-finding."

Also, the railroad argued that any issue on the state court cases would be precluded by the change in jurisdiction to federal court. Rosenbaum also denied that argument, stating that the court has authority to make sure that its processes are followed properly.

Attorney Mike Miller of the Fargo office of Solberg, Stewart, Miller and Tjon, which represents Roberts in the case, said that the revelation that evidence is being destroyed could be "dynamite stuff if the cases go forward."

"It's a very unusual thing," he said. "I can't think of too many cases where one of the parties involved has destroyed evidence. Right now, we don't even know the amount of evidence that has been destroyed, but we're going to get those answers."

Attempts to contact Minneapolis transportation attorney Timothy Thornton, who represents CP Rail in the cases, were unsuccessful Monday.

Miller said that regardless of what the outcome is on the issue of preemption, the discovery is going to make a difference to the judge in the case.

"The judge may be able to pursue numerous remedies available to him," he said.

Miller said that issues being addressed by Congress in Washington, D.C., might also have an impact on the status of the cases.

"This fight is being fought on more than one front," Miller said. "I can't say an adverse decision by the Eighth Circuit is going to be the end of it."

Miller said that if the Minot cases go forward in front of the jury, the judge will be able to inform the jury that evidence was likely destroyed in the case and that evidence was likely very harmful to the railroad's case.

"It could be a big step in the right direction when we go forward," Miller said.

VP, Product Strategy.Management AXS-One Inc. www.axsone.com 301 Route 17N Rutherford, NJ 07070 201-935-3400 Corporate | 704-895-2146 Direct 704-756-1736 Mobile | 877-370-3906 eFax e-mail: pmojica@axsone.com

New Tidbit - Comments forth coming....

2006-12-20T15:33:21-05:00

Regulator: Morgan Stanley withheld e-mail in cases

NASD says Morgan Stanley made false claims that millions of e-mail messages in its possession had been lost in 9/11 attack.
The New York Times

By Gretchen Morgenson

Published: December 20, 2006, 4:57 AM PST

The NASD, the nation's largest self-regulatory organization for the securities industry, accused Morgan Stanley on Tuesday of routinely failing to provide e-mail messages to aggrieved customers who had filed arbitration cases against the firm over three and a half years and with making false claims that millions of e-mail messages in its possession had been lost in the September 11 attack on the World Trade Center.

The regulator also contended in its complaint against Morgan Stanley that the firm regularly destroyed millions of e-mail messages by overwriting its backup tapes and by allowing employees to delete messages. Securities and Exchange Commission rules require that firms keep all e-mails and business communications for three years.

Morgan Stanley's failure to provide e-mail messages relating to arbitration cases began in October 2001, the NASD said, and extended through March 2005. While claiming that the World Trade Center disaster had destroyed many of its e-mail messages, Morgan Stanley actually held millions of pre-September 11 e-mail messages that were restored to its system from backup tapes shortly after the attack, NASD said.

Many other of the firm's e-mail messages were maintained on individual users' computers and therefore were not affected by the attacks, regulators said. Yet Morgan Stanley often failed to search those computers when responding to document requests.

"We think what happened here was unprecedented," said James S. Shorris, head of enforcement at NASD. "The firm's actions undermined the integrity of the regulatory and arbitration processes, potentially leaving in question the validity of the outcomes in hundreds of cases."

Rather than ask that Morgan Stanley pay a fine to settle the case, NASD has asked that it be required to provide relief to arbitration claimants whose cases might have been helped by the e-mail that was missing or not produced.

"Our principle objective here is to help the aggrieved parties, the individuals," Shorris said. That could include asking for payments to be made to claimants, he said, or for a process to be established where aggrieved investors could bring their cases to a neutral party.

During the three and a half years that Morgan Stanley failed to produce e-mail messages, more than 1,000 arbitration cases were filed against the firm. It is not clear how many of those involved missing or unproduced e-mail, but Shorris estimated the number as "sizable." Because arbitration cases are almost never overturned, reopening customer cases against Morgan Stanley would be highly unusual.

A Morgan Stanley spokesman said the firm had made extensive efforts to settle the NASD matter, but that the NASD's "disproportionate and unprecedented demands" left it no choice but to litigate.

"The 9/11 attacks destroyed the firm's legacy Dean Witter e-mail servers and archives," Morgan Stanley said in a statement. "When prior management learned there were still backup e-mails from that era that might bear on arbitrations, it informed regulators, plaintiffs' counsel and outside counsel; built searchable databases; produced newly discovered e-mails; and cooperated fully with the NASD's review."

The firm has a month to respond to the complaint; the case will then be assigned to an NASD hearing officer who will preside over it with two securities industry officials.

NASD also noted in its complaint that Morgan Stanley failed to produce e-mail that was the subject of regulatory requests. For instance, in an investigation by NASD into the firm's fee-based brokerage practices, Morgan Stanley falsely claimed that it did not have pre-October 2001 e-mail and failed to produce over 12,000 e-mail messages and attachments that NASD had requested, the regulator said.

By the time the firm conducted the search that led to the production of the e-mail, the firm had already deleted millions of other messages from its servers and the regulatory matter at issue had been settled, NASD said.

A person briefed on Morgan Stanley's position said that the firm's failure to produce and retain e-mail in the period covered by the NASD case was not intentional, but reflected a miscommunication between information technology employees and the firm's legal department.

But Morgan Stanley has had a history of failing to comply with discovery obligations in arbitration proceedings, NASD said. In 1998, NASD censured and fined the firm $10,000 for violating rules about document production and in 2004, it censured and fined the firm $250,000 for failing to comply with discovery requests. In both cases, Morgan Stanley neither admitted nor denied the allegations.

"To use a terrorist attack to deny claimants documents in arbitration proceedings--that is about as low as you could possibly get," said Steven B. Caruso, a lawyer at Maddox, Hargett & Caruso and president of Public Investors Arbitration Bar Association.

Google eMail on Cell Phones

2006-11-13T11:31:58-05:00

If I had to encapsulate Google into a simple word or phrase I would call Google, "simple". Simplicity in their interface, search, and ability to deliver complexity in a shielded way from the end user has to be a major key to their success. I guess if your audience is the masses, the kiss approach has to be the order of the day, and taking the least common denominator approach is something that has proven to be a winning formula, and not just for Google by the way. The acronym KISS (keep it simple stupid, or is it keep it stupid simple) was around long before Google. So given the Google ability to reduce complexity and KISS and manage to capaitalize with the lowest common denominator approach to the masses what will happen when your corporate users begin the process of installing gmail.com/app on the masses of cell phones in use for everyday business mean to an ever changing industry around email and compliance? More to come....

Spolilation

2006-07-31T00:24:45-04:00

Kirk v. Ford Motor Company, 2005 Ida. LEXIS 112 (Idaho June 23, 2005) (updated on Jul/12/2005 06:00 pm EST) Summary: Because the plaintiff did not elicit testimony about the company’s destruction of data relevant to the vehicle’s rollover propensity, the trial court did not err in declining to give a jury instruction that the data could be inferred to be unfavorable to the defendant.

Instant Messaging and Rules of Evidence

2006-07-31T00:16:04-04:00

Instant Messaging Summary:

A criminal defendant convicted of assault claimed that instant messages threatening the victim should not have been admitted without authentication evidence of their source from the Internet Service Provider or the testimony of a computer forensics expert. The court rejected this argument, which it characterized as having the court create a whole new body of law just to deal with e-mails or instant messages.

Although the court recognized that such digital messages are inherently unreliable because of their relative anonymity and the fact that while an electronic message can be traced to a particular computer it can rarely be connected to a specific author with any certainty, the court found that the same uncertainties exist with traditional written documents.

Thus the court saw no justification for constructing unique rules of admissibility of electronic communications such as instant messages. Therefore, the court held that under Pennsylvania Rule of Evidence 901 circumstantial evidence, such as the contents of the writing and surrounding events, is sufficient to establish authenticity. In this case, the circumstantial evidence establishing authenticity included the fact that defendant had acknowledged his first name in one of the instant messages and had failed to dispute having sent the instant messages in verbal discussions shortly after their occurrence.

Tape Restoration and E-Mail Archival

2006-07-31T00:14:08-04:00

Depending on the industry and the typical damage periods (i.e. Anti-Trust where the damage period can go back 10-15 years on averge) most of the data needed for responding to legal discovery will reside on tape. So if you’ve recently implemented an archival strategy for capturing e-mails, where you can use the system for legal discovery, you may still need to deal with tape restores for quite some time, years even.

It’s prudent to consider tape restoration to the archive as part of your implementation and strategy upfront.

About the picture. PowderHorn 9310 tape library

The cost for tape restoration can usually be high and typically involve third parties other than your archival vendor to deal with the factory style logistics needed for managing 100’s or maybe 1000’s of tapes. The key need however resides within the archive tier and it’s ability at the component layer to handle lower level e-mail formats such as internet standard RFC822, EML, DXML, etc. basically as many formats as possible, so that the avenues for re-ingestion are flexible. What’s more important however is the ability to separate or mark the data that is coming from tape, as such. Perhaps, keeping more than just a virtual store makes the most sense.

One of the key pieces of information that you lose when restoring from tape is access to unwind the address books or directory servers containing group based addressing information. So the search for all e-mails to [Fred Smith] will only yield those messages where Fred Smith is listed explicitly in the To: field. All of the messages where Fred Smith received messages as a result of being a member of a group will not be presented in the search.

Some vendors enumerate the information backwards by simply identifying all of the mailboxes that contained a certain message and then deducing that if a message was in your INBOX and you are not on the address line, then you were a member of the group distribution. That doesn't catch the use case where Fred received a message, opened it, read it, and then deleted it, before the next backup cycle - if the email backup system is backing up mailboxes then the tape restoration, even with a deduced distribution list is completely unaware of this transaction.

In the case where the group lists are preserved, the system would know the more pertinent piece of data, which is that Fred received a message, but its not in his Inbox.

This is one reason why it’s a good practice not to mix newly captured e-mails where the distributions lists are expanded in real-time, with legacy data imports where access to the distribution list which was active and current at the time was integrated separately - the context for errors, questions and further research really do require separate approaches to real-time vs. legacy email data.

Lastly, once the tape data is successfully ingested into the archive, and now managed via policies which govern it’s expiration based on categories, destroy the tapes, for legacy data they no longer serve a purpose and represent potential risk!

Google Desktop Search

2006-07-26T22:11:45-04:00

I've been asked several times this week about local desktop search software such as Google Desktop. Interesting that the questioners were all major worldwide corporations who themselves were evaluating tools for long term archival and more importantly legal discovery.

So what's the answer; well in this writers opinion; it boils down to one word "risk".

Backup vs. Archival

2006-07-22T17:12:23-04:00

Backup technologies, as they relate to the actual hardware and software involved in the backup process, have and continue to improve - more density, faster robotics, etc. etc. - it's an extensive list. However, what has not changed much over the last year is the actual "process" of backup execution.

The process hasn’t changed much in over a decade, it’s a well tuned systematic process of incrementals, fulls, swapping tapes, sending tapes off-site, etc. As prices for the backup technology have dropped overall, their has been a lack of attention paid to the actual cost of data stored on tape, but the cost today, is being fueled by a completely different rationale - compliance.

{For the purpose of this discussion let's define compliance simply as governance of data as it relates to an organizations legal and regulatory liabilities or requirements}

It’s no longer prudent to keep data that may be subject to discovery in a billion dollar class action lawsuit locked away, safe secure, and accessible on a tape - just waiting to be "discovered" by lawyers who know how to ask for the information.

So, what does that mean to today's backup approaches?

I don't know a single systems administrator that will put his job at risk by not backing up their e-mail stores, just one example of content.

But what's the risk to keeping millions of e-mails lying around on backup tapes?

Well Morgan Stanley was just fined 1.4 billion dollars. That should be reason enough to call together all the departmental CIO's and business unit heads and talk about how the organization is executing backup today.

I have some concrete ideas and practices which involve the use of archival technologies in relation to backup for securing and protecting data in a manner that delivers more protection with respect to risk.

It’s an interesting dilemma that requires a fresh look at process, existing and new technologies, and how they can be re-deployed to meet both the old and new challenges facing today’s corporations.

Every IT manager should evaluate how and what data is being written to tape, how it is being stored, where, how many copies, and what is the destruction policy in relation to legal or regulatory requirements and or corporate policies which are well documented.

Upfront Considerations for E-Mail Archival

2006-07-22T17:11:20-04:00

E-Mail archival has taking several twists and turns over the last few years.

The primary one is the use of the archive for legal discovery, sometimes referred to as eDiscovery.

This has left many vendors flat footed and the reasons are in fact quite simple.

Number one, the same product that you, if your a commerical software company,contruct for archiving and stubbing / the process of removing the e-mails from the mail server store, and relocating the physical bits to an archive server, and creating a link so that the end-user can seamlessly retrieve the bits from the archive server instead of the e-mail server.

That solution value proposition is simple and strong.

You can reduce the storage on the primary mail server, which unto itself has many benefits, to many to list, but now your server and server administrators can focus on the main task of a mail server - to "process" e-mail - and not spend expensive cycles on managing storage and all of the sundry IT issues that account for storage management, which are voluminous, complex and expensive.

So, the point, is that the construction of a product to solve this problem is not the same product construction plan that you would necessarily use to solve another distinct problem called eDiscovery. These two are at odds with each other.

Vendors who were focused on pure play e-mail archival are now left flat-footed and looking for third party hooks to help shore up their product lines.

Basic rule, is that re-architecting commerical platforms is difficult, and once you have customers in production it’s literally open heart surgery, so you as the customer now, working with a pure play e-mail archival solution, is really looking at 2 or 3 vendors coming together to solve your business problem.

Both you and the vendor will be constantly challenged with EAI (enterprise application integration) and the final cost of a working solution can be 10x your original license price when it’s all said and done.

Bottom line, is that eDiscovery, legal discovery, compliance elements, storage consequences, cannot be after-thoughts to an e-mail archival due diligence.

The consequences for not considering the bigger picture upfront are costly from a capital expenditure perspective and more importantly the risk to the business for systems which are now error prone due to the inherent disconnects between the varying technologies.

Correct and Complete Data Archival

2006-07-22T17:10:27-04:00

When we are going down the road of e-mail archiving for regulatory reasons is there a thing as 100% complete, or is 5 - 9’s accuracy good enough?

What is the consequence for correct and complete as it relates to data archival systems deployed for compliance, legal discovery and ultimately corporate risk management.

If you are challenged with the requirement for capturing all electronic communications (inbound/outbound) what mechanism, process or IT controls can help you to achieve 100% accuracy or better put - can guarantee both complete and correct results? Even in the best case scenario can you ever really account for technology outages, software bugs (that can occur at every layer below the application, firmware for example on a hardware device), or even good old fashion human error. Although the vision of an archival system gives you the impression that you are dealing with a very static durable almost simple piece of technology that houses long-term data - nothing could be further from the truth.

The reality is that archival systems technology has evolved more over the last two years, than the entire previous decade - which included the internet, TCP/IP, local and wide area networking and more? Hard to imagine, but true.

This has been due to the regulatory shift that has occurred over the last few years, as a result of e-mail being required for long term retention (archival) in the financial services sector - all due to corporate malfesance. The technology shift and subsequent consequence for archival systems has been in having to extend the arms of the archive and reaching out to actively participate in the details of - how - the data is captured from it’s source systems. Traditionally, archives relied on the source system placing content some place where it could be picked up and then archived.

{A lot like dropping a laundry bag at the back door and having someone from the cleaners come by and pick it up}

Well imagine if the laundry pick up service didn’t have the bag of laundry waiting for them and instead they had to open the front door to the house and every house in the neighborhood, and deal with every type of security system in order to enter. The comparison is the archival system knocking on the door of many different systems (i.e. MS Exchange 2000, 2003, Lotus Notes 5,6,6.5, IM (instant messaging systems) ERP, and integrating into each distinct security system from the application to the OS, plus centralized directory sources. Now, can you imagine the laundry pickup service person walking through your home and locating all of the dirty laundry, opening up every draw, closet, and so on… Then drawing conclusions on each piece of laundry; which need light starch, heavy starch and so on…

The picture is pretty insane, but that is essentially the extended role of the todays archival technologies and more importantly - its required - if they are to remain both viable and competitive in solving problems for businesses - especially in this climate of heightened awareness of corporate content, security, audit requirements and the overall pertinence to protecting an organization reputation and profit.

With all of the moving parts involved in todays processes for archival technologies its critical that these parts are all part of a single comprehensive system - the alternative is an EAI approach and dealing with connecting these moving parts across different technology vendors. This is a task that even in the best case scenarios leaves major exposure with respect to both completeness and correctness of the overall system. If we evaluate completeness and correctness and 100% through several nines of reliability/accuracy what are we really talking about?

Well at a very basic level if your organization message traffic is 5mil messages/day completeness would account for capturing and archiving each of the 5mil messages transmitted each day. At the end of 5 years your archive would contain 5mil*264 (business days)*5 =6,600,000,000 (over 6.5 billion records).

If your ability to deliver completeness ranked at 99.9% reliability your 5 year archive, used and relied on for compliance and legal discovery, would be missing over 6.5 million records.

{Can you afford to knowingly miss access to 6.5million records?}

This is the overall importance of completeness. An EAI approach is not the answer for delivering complete record archival, the disconnect between systems present risk for errors and inability to manage processes end-to-end; a single flexible platform gives you all of the tools and redundancies needed to achieve to 100% completeness.

A modular approach through a single platform to the archival process is paramount, as logging can be done at each module which provides the ability to systematically reconcile and rollback in the event of process exemptions. Correctness is yet another area of major consequence that is often ovelooked - and it has to be combined with completeness in order to deliver reliable data archival. Data has to be more than just successfully captured, indexed and archived, it must be processed correctly.

{Indexing errors have consequences on correctness, while you have the "complete" record it may not find it's way into a result set if the index was not created in it's entirety}

A simple example can be made with record categorization. If a rule is applied incorrectly at the program; level, then data can be lost down-stream, accidentally deleted, not found or even not provided in the case of legal discovery (when it should have), etc. A more complex example can be an indexing operation, the details of indexing are complex, what happens if the indexing operation of an attachment containing 100 pages of MS Word fails to index pages 99-100?

The record, while complete is not 100% correct. The consequences for correctness is high.

The audit logging of events such as capture, indexing, combining, categorizing and nearly every discreet process involved in the overall archival operations must be capable of system logging.

And as important, if not more so, these log files must be monitored and automated to deliver alerts and triggered events so systems personnel can be alerted to and participate in re-repocessing information, while maintaining the full integrity of the data and the correction processes, when errors in key processes occur.

Few vendors have grown their systems organically and are delivering the required capabilities end-to-end through a single system approach this is the better and less error prone approach needed in todays business climate for both technical and business reasons - and most importantly combining both correct and complete.

Outsourcing message to a CIO friend of mine

2006-07-22T17:09:14-04:00

Like most of you I spend a lot of my time on airplanes reading and writing e-mails. On a recent flight I decided this would be worth posting and sharing. It's an email communication with a friend of mine who I met with earlier in the day. He's a CIO at one of the largest banks in the US. Our meeting was to discuss his banks storage dilemmas and how his normal IT operations were being frustrated and quite frankly confused with the heightened awareness around regulatory compliance. He and I grew up in the IT industry together, so our meeting and conversations are pretty casual.

After our meeting I told him that it sounded like his dilemma was keeping him up at night, he concurred, and offered that 'it's just not as easy as 'writing a program' like the old days' to solve a business problem, that the issues of 'business risk' is daunting for both him and his IT managers and it does in fact 'keep him up at night'.

As a friend and trusted confidant I told him that I would try to help him with his 'sleep' problem.

Anyhow, moving on, when the plane hit 10,000' and the familiar bell tolled I reached for my notebook and started jotting him a note. An excerpt from my note to him follows.

e-Mail to a Large U.S. Bank Corporate CIO.

Excerpt begins here...

...does your daily "archived" data "really" need to be stored internally on your floor space, your power, your SAN's etc.? Does all of the "archived" and "long-term" managed content have to be stored internally? Keyword, "long-term" content.

Have you considered asking some of your team to run the numbers and see if it's cheaper and actually more efficient and even "safer" to the business to store all (or part) of it externally.

Let's review the simplicity without getting into all of the details.

Use one of your operational systems as an example, Sungard. Sungard provides some of the back-office operational systems that the bank runs, and everyday like clockwork it transmits end of day back office reconcilliation data to your network, that data is processed, and written to your disk, then migrated to SAN, then duplicated across data-centers, and backed up to tape, and accessed by the end users doing reconcilliation work for the front-office, and your required to keep that data "long-term" keep it readily accessible
"just in case" someone asks a question that only that data can answer.

Doesn't seem like a little much. By the way, where does your responsibility to destroy the data begin and end? The application can take care of the purge, but your OPS folks still have it on tape and who else knows where - considering that you have chartered them with ensuring "business continuity" and "disaster recovery" and they are doing a bang up job, but at what risk for 'certain' types of content.

Using the same example, of the data that you are housing from that one "outsourced" system. What if Sungard can send it to an outsourced provider of our archival services (EDS for example) and all your processing, storage management, long term record keeping and end user access happens off site. You have no internal infrastructure, no full-time administrators, no dedicated telecom, no "extra copies" of compliant content floating around, and best of all your teams get back to delivering value added IT services you have a Service Level Agreement and a monthly bill, and possibly a little more rest at night.

One of the other things that your teams are dealing with today is protection from hardware obsolescence, that's costly to manage internally especially over the life-cycle of long term data content. What is the longest time period that the business side is telling you to keep their compliant data, 3,4,5 years?

Let me guess, they don't know - and your stuck with it indefinitely. We've always joked that not having a plan, is in fact having one, just not a good one! Why deal with the risk of the business not knowing all of the pertinent facts around their regulated "compliance" data, while it may be normal course of business for them it means a tremendous amount of disruption for you, and your in the business of delivering 'steady state operations'. I think that realistically you'll start to see that that various departments have real retention periods for certain records that will exceed 20 years.

Which means that you will have to plan "today" for the obsolescence of hardware, operating systems, etc. to ensure accessibility to that data over its life cycle. Is that something you really want to budget and plan for in your next budgeting cycle, think about how that one requirement alone will effect your agility in solving the more important projects like improvements to the front office trading system, market data delivery, the data center move, etc.

Also, this one is almost as an aside to our discussion, from my perspective, your IT departments should not be internally responsible for ensuring that data is accurately deleted and removed from the "corporate DNA" when it’s supposed to - you have to be in the business of providing the tools, capabilities, and the little button that says "press here to delete" but make sure that you are clear that this last mile has to be executed by our "content business owners".

Look at it this way, do you really want to own the responsibility for ensuring that all of the banks commission reports are deleted exactly 10 years after the date of payment, unless there was a commission dispute then hold it 1+ years from the date of the dispute resolution, unless there is a legal hold for pending or potential litigation, then hold it for 3+ years after the date of settlement, unless the case was summarily dismissed before a suit was joined, otherwise revert to the original deletion schedule.

And that’s just one rule for one content type, called commission reports! You should be in the business of delivering the capabilities, and let the owner of the business create the policies and more importantly 'hit the button'.

Your area's risk for mis-firing or mis-communicating on that process, is that some "legal eagle" discovers through the commission reports that someone was cooking the books 10 years ago and it if it wasn’t for the evidence that you didn’t “destroy”, which you had a right to and were supposed to based on your business policies, the bank was found guilty, and now your top 100 customers start to close their accounts and walk to that other institution across the street because you guys are "shady". There goes the end of year bonus, pool, and that's if your lucky, you can be sure that some head's will roll.

So, what's the point my friend, consider why are you managing all of this risk, long-term records management that is somewhat tricky given the nature of the data, why not sign outsource to an industry trusted provider and let someone else own this particular process.

Do what you do best and keep the front office highly tuned, efficient, and making money! Manage the operations aspects that you have to, but this particular one is different than normal backup and DR, it's tied to the business, legal, compliance and it poses way to much risk.

Wouldn't you would rest better at night knowing that you have successfully negotiated a SLA for making sure that this is taken care of for the bank, focus on the "core" business, and re-capture those resources that are now dealing with this full-time.

The way I see if you are really presented with two choices, build out a new group, which has to be cross-functional between, IT, legal, compliance, and business unit specific, and prepare to house a couple of peta-bytes over time for this business requirement - or - sign on the dotted line, buy an SLA and get some rest at night.

Think about it my friend. Mitigate your risk.

Let’s talk more when I’m in town next week.

Regards,
Peter

VP, Product Strategy.Management
AXS-One Inc. www.axsone.com
301 Route 17N Rutherford, NJ 07070
201-935-3400 Corporate | 704-895-2146 Direct
704-756-1736 Mobile | 877-370-3906 eFax
e-mail: pmojica@axsone.com

Deleting e-Mails From Your Archive

2006-03-29T01:30:27-05:00

To delete or not to delete, this now appears to be one of the holy grails of the e-mail archival industry, and it’s extending beyond regulated industries. On the surface, you would think that the regulatory industry is the best suited for deleting e-mails as the regulations are very specific for how long particular e-mails have to be kept. What more could you ask for, you have it in black in white, from the government in a loud booming voice "thou shall keep the Equity traders e-mails for a period of 5 years, thou shall only delete it after the prescribed period has come and gone".

So what’s the issue with deleting that e-mail on it’s 5 year anniversay date? With today’s systems you can schedule the deletion for the exact second it reaches it’s 5 year anniversay. So again, what’s the big deal, well let’s take a look at look at it from the opposite perspective.

What happens when you don’t delete the record. The answer to that one can be found in the Federal Rules, the pertinent rules are 26 and 34, which regulate the production of evidence. These rules make electronic information available for broad discovery, with some protections for the party whose information is being sought, these rules are currently under review with proposed amendments before congress, however let’s see how they can effect whether you delete or not today. Rule 26, states that all parties in litigation must disclose "a copy of, or description by category and location of, all documents, data compilations, and tangible things in possession, custody, or control of the party that are relevant to disputed facts alleged with particularity in the pleadings" FED. RUL. CIV. PROC. 26(a)(1)(B). Rule 26 also provides the scope of discovery: "Parties may obtain discovery regarding any matter, not privileged, which is relevant to the subject matter involved in the pending action . . . including the existence, description, nature, custody, condition, and location of any books, documents, or other tangible things." FED RUL. 26(b) So, if you have it, and it’s relevant and not privileged you are compelled to turn it over. The protections under Rule 26 also defines discovery limits: "The frequency or extent of use of the discovery methods . . . shall be limited by the court if it determines that: (i) the discovery sought is unreasonably cumulative or duplicative, or is obtainable from some other source that is more convenient, less burdensome, or less expensive . . . (iii) the burden or expense of the proposed discovery outweighs its likely benefit . . ." FED. RUL. CIV. PROC. 26(b)(2). In addition, Rule 26 allows a court to authorize a protective order to protect a party from "annoyance, embarrassment, oppression, or undue burden or expense" FED. RUL. CIV. PROC. 26(c).

These protections essentially are designed to bring some law and order to the process which is admittedly out of control with respect to both electronic evidence and even paper records. The rules simply were not written to account for today’s massive volumes of both electronic and paper records.

So, back to the small matter of deleting records. Why not delete them if you can?

Otherwise you will have to provide them, if they are relevant to a particular legal matter. If you are being litigated for the largest deal your company ever executed and the government is requesting every piece of electronic information from or to these three senior securities traders in your organization, would you want to turn over less or more information. The answer to that one is obvious. So why keep the records that you are allowed, by the same laws that you are trying to comply with, to delete.

The answer is simple, fear.

Fear of doing the wrong thing or more relevant lack of confidence in the electronic systems, people, processes and internal policies that are standing behind the delete key. And here is a dilemma where spending millions of dollars on a top tier consultancy to devise the processes, pick the systems, train the people, and possibly even hit the delete key doesn’t make a difference. For good or bad, Enron and Sarbox have changed the world’s business landscape, so much so that it is spreading from the USto other parts of the world. The consequences for doing the wrong thing will be your problem and burden to bear, and Section 802 of the Sarbanes Oxley act talks to those penalties. There will be no one to point the finger at except yourself.

So, is the answer to keep everything? It’s certainly a strategy, however not a very good one given the risk. The answer is to take full and absolute control of your electronic systems, people and processes. Build internal confidence, training, re-training, certifications so that everyone is aware of the processes that govern your electronic data. Start with the most critical first, e-mail. Have a plan for what’s second and third on the list, and execute according to a well documented plan, that is part of your official corporate archive. And, lastly a small fact that seems to go unspoken, but execute swiftly and publicly for corporate violations of compliance matters. {My kids high-school hand-book is a good example, strike another student and receive an automatic 10 day suspension, no questions asked. And yes, I have beeen in the principals office pleading my kids case "the other kid pushed him first", no level of articulation was going to make a difference, the punishement was executed and swiftly}.

Within a system a record targeted as compliant should follow a specific chain of custody which can be re-produced through verifiable audit logs that are designed and sequenced to electronically prove, to the satisfaction of forensics experts, that what the audit logs reports is what actually occurred. A file plan for example, which dictates how a record from the Equity Trader is managed through it’s five year life-cycle should be recorded as part of the corporate archive, and if the file plan changes, the new file plan should be recorded and the electronic audit logs should be updated, and the states of times copies of the audit logs should be stored serially by date of occurrence within a secure tamper proof system.

These small level’s of detail within large systems with many moving parts will pay dividends in proving that even wrong decisions in data deletion were done without malicious intent, and under the umbrella of good faith, because you have designed full transparency into your entire governance platform.

What is needed within your overall systems is the element of “transparency”, shareholders tend to like that, and so do the regulators as well as the courts.

Proving what you did, how you did it, fully, is as important as to why.

You shouldn’t keep records longer than needed, unless you make a conscious corporate decision based on the “smoking gun” factor. And that is that it is just as prudent if not more so, to know what the other side may possibly already know. Just because you deleted the Equity Trader’s mail after five years, doesn’t mean that some other party joined in the same litigation didn’t delete their corresponding copy. So one of your records may be turned over as part of another party’s discovery request, and you are potentially unaware. That is a viable reason, if made consciously to keep records, but certainly not because of fear.

It should also be noted that the current proposed amendments to the Federal rules discussed here, take into account that, based on the massive volumes of electronically stored information involved in particular legal matters, that errors in the discovery process are likely to occur, and they will not penalize one side or the other for accidentally turning over records that are not relevant or privelged. Basically, you may be able to call time-out and ask for a "do over". ESI or Electronically Stored Information will soon be recognized more fully at the Federal level, this will certainly make the years to come more interesting and challenging for providers of systems which manage ESI for the purposes of compliance and legal discovery.

What's Discoverable and the Value of Where

2005-10-24T01:09:00-04:00

Let’s suppose that a user’s local hard-drive (or shared file system) contains the following directories with the file entries listed below:

>>directory1>projects>ibm>file1.doc (note, these are the same file)
>>directory1>projects>ibm>file2.doc
>>directory1>projects>ibm>file3.doc

>>directory2>projects>oracle>file1.doc (note, these are the same file)
>>directory2>projects>oracle>file4.doc
>>directory2>projects>oracle>file5.doc

Now, your comapny is joined in a legal suit and recieved a discovery request for relevant documents to the legal matter. You are now on the receiving end of having to find and produce relevant documents in a very important legal matter. On the surface the request seems clear, "all relevant documents", well after many rounds of legal back and forth (the discovery order is to broad, etc.) the discovery request is now understood and amended to specify "documents" containing the word "IBM"

Now comes the conundrum.

Let’s cover the simple scenarios first, if file2 or file3 contain the word "IBM" they are clearly discoverable pursuant to the request and should be turned over.

But, what if file1 does not contain the word "IBM", though it is clearly in a folder named "IBM" is this document discoverable?

If the supplier of the information withholds the document pursuant to the agreement that only "documents" containing the word "IBM" are relevant, is the supplier within his rights to withhold the document?

Let’s suppose that this document is withheld, but later discovered under a broader discovery request, will the opposing counsel claim foul and will a judge potentially find that while the letter of the discovery request was met that the company’s action was in bad faith and although the "document" did not contain the word "IBM" that it was obviously relevant, having been stored in a folder named "IBM" and should have been included - and the courts has no choice but to find that it was excluded intentionally and impose sanctions or even worse instruct the jury that there was tricky business afoot by the company and this should be considered as they deliberate, (ouch).

What about the fact that the same document was in a folder clearly marked "Oracle" wouldn’t this be enough to prove that this document was relevant to "Oracle" and not IBM ? By the way, the contents of the document did contain the word "Oracle" and not "IBM".

Ah, the never ending complexities of discovery, a lawyer with an engineering background in systems can probably have a field day.

And, the point is exactly that - these are all issues, questions, suppositions, assumptions for legal counsel, many with answers that rely on their ability to make (or not) successful arguments in front of a judge as well as dig up any relevant case law and or legal precedents.

These are not questions suitable for software vendors providing the underlying technologies that support responding to legal discovery requests.

However, there are some very pertinent quetions that the above scenario(s) do present for software vendors that are more important to your companies ability to support any number of scenarios; I’ve addressed the importance of flexibility before and here we go again; a system of record, namely a durable active archival system must support documents, e-mails, instant messages, other electronic data in the form of XML messages (as an example) that represent transactions in various states usually traversing through a series of queues within a message bus, end of day or intra-day report out-put such as FX tickets, trade-confirms and end of day confirms with cancel corrects; all of this data must be recorded as states of time, categorized, and marked for expiration based on regulatory and internal policy.

A vendors ability to handle the sheer volume associated with the above is critical.

Now, if a record must be maintained for 7 years, an organization may take the approach of expiring the document on the 7 year anniversary to the second, or go 7 + 1 year, etc.

Systems should provide event based flexibility to support liability and risk factors, for example the logic and reasoning that goes into expiring a tax document after 7 years is pretty simple, that’s what the law allows.

But, are complex business processes for global enterprises ever that simple cut and dry, well not in my experience.

Expiration logic which can be expressed as *expire* tax documents in 7 years, if account numbers beginning with "Z" ("Z" equals international) have passed all external audits (maintained in another system) and if company names contained within the documents (as a indexed field) are not part of any legal matter irregardless if the tax documents are on legal hold, also based on the previous triggers send these documents to the legal department for review and purge or retain with a recorded attestation.

This example is probably more in keeping with complex business processes;

So, back to the matter of :where: obviously where documents originate from, reside, or are moved to can have consequences to their admissibility.

So vendors should record this information as part of a "complete" record, referring back to another post, we have discussed the differences between complete and correct, they are distinct and both critical.

How a vendor tracks where and to what extent, such as the physical asset is important, see that your vendor understands and incorporates "where" as part of their overall systems.

Updates to Federal Rules of Evidence

2005-09-05T14:47:00-04:00

Some heavy but pertinent reading below. There has been unanimous approval by the Judicial Conference of the US on approved changes to the Federal Civil Procedures Rules that will significantly impact electronic discovery practice and procedure in federal courts. Unless the Supreme Court disapproves the amendments by next May the changes will take effect in 12/06. The major changes can be encapsulated as the recognition of "electronically stored information" as a distinct component electronic discovery and specific guidelines around ESI. I've excerpted and commented some of the proposed amendments below. In short, this recognition at the Federal level shows the continued need and importance for solutions that enable electronic discovery, it recognizes that electronic data discovery is now a standard way of life and that state and local rules will not suffice as the creation of electronic information continues to grow. I do not think that most software vendors will manage to keep up with these rules and the effect that they have on their solutions and marketing positions. As we continue to see the market evolve and solutions converge towards legal discovery and archival it is important that we do stay aware of these rulings. More information can be found at http://www.uscourts.gov/rules rules6.html <http://www.uscourts.gov/rules/newrules6.html>

Best,
Peter Mojica

Clarifying and Conforming Proposed Amendments to Rules 33 and 34. The proposed amendment to Rule 33 provides that a party may answer an interrogatory involving review of business records by providing access to ESI if the burden of finding the answer is substantially the same for either party.

The proposed amendment to Rule 34 explicitly recognizes ESI as a category subject to discovery that is distinct from "documents" and "things" to clarify that there are differences among them important to managing discovery. Rule 34 is also amended to authorize a requesting party to specify the form of

production and for the responding party to object. Absent an order, agreement, or a request for a specific form, a party may produce responsive ESI only in one form - the form in which the party ordinarily maintains it or in a reasonably usable form.

They are recognizing that the amount of information is in many cases simply to much. This effects several industries, especially those that focus n evidence preparation, that are specific to how law firms produce evidence, this can negate the transformation of electronic information into paper, where defendants overwhelm plaintiffs counsel with 1000's of boxes of paper. This makes our strategy for continuing to build and expand web based tools and profiles for data access the continued correct direction. Other vendors are stopping at the archival and basic search and query and interfacing into third party tools for evidence preparation or what they generally term e-discovery. Our view is that these industries of archival and e-discovery are converging and this recognition at the federal level will continue to support that view.

Addressing Inadvertent Privilege Waiver - Proposed Amendment to Rule 26(b)(5). The proposed amendment to Rule 26(b)(5) provides a procedure for asserting privilege after production that is parallel to the similar proposals for Rules 16 and 26(f). The volume of ESI searched and produced in response to discovery can be enormous, and certain features of the forms in which such information is stored make it more difficult to review for privilege and work-product protection than paper. Thus, the inadvertent production of privileged or protected material is a substantial risk. See Report at 10-11. Under the proposed amendment, a producing party may notify the receiving party, within a reasonable time, of a claim that privileged material or work product was inadvertently produced. After receiving notification, the receiving party must return, sequester, or destroy the information, and may not use or disclose it to third parties until the claim is resolved. If the receiving party disclosed the information before being notified, the receiving party also must take reasonable steps to retrieve the information. The receiving party has the option of submitting the information directly to the court to decide whether the information is privileged or protected as claimed and, if so, whether a waiver has occurred.

Again, the federal courts are recognizing that the amount of information is overwhelming, and thus saying that mistakes will be due to the volume and course corrections are allowed. So, one side or the other can call a time-out and say we shouldn't have given you those documents, please return and forget you ever saw them. If counsel follows the above changes to Rules 33 and 34 and provides electronic access ESI then a full chain of custody is maintained within our systems. For example, ACME Corp. has to produce records to plaintiff counsel, after deciding what they will provide they provide access to the data instead of sending the data. What this actually does, is give ACME Corp. a full audit trail of what plaintiff looked at and when, it becomes part of the audit trail for the chain of custody. It may actually be better than providing paper of CD's/DVD's of files. In the later case, ACME Corp has no idea if plaintiff looked at every document provided, by providing access defendants can know not only what they looked at, but more specifically what, if anything, they did not look at.

Two-Tier Discovery: Proposed Amendment to Rule 26(b)(2). The proposed amendment to Rule 26(b)(2) would require a court order for production of ESI that is "not reasonably accessible because of undue burden or cost." The proposal recognizes a "distinctive, recurring problem" in e-discovery and builds on existing rules to facilitate early production of relevant and accessible ESI. And, it specifically references the 1983 proportionality amendments first empowering judges to limit or forbid discovery where costs and burdens outweigh benefits, explicitly implemented in the adoption of "two-tier" discovery in the 2000 Copy right 8 2005 Washington Legal Foundation 4 ISBN 1056 3059 amendments. See Report at 11-13.

The amendment requires the responding party to identify, "by category or type," the sources of potentially responsive information that it has not searched or produced because of the costs and burdens of accessing the information. If the requesting party moves for production of such information, the responding party has the burden to show that the information is not reasonably accessible. Even if the responding party makes this showing, a court may order discovery for good cause, "considering the limitations of Rule 26(b)(2)(C)," and "may specify conditions for the discovery." Such conditions "may also include payment by the requesting party of part or all of the reasonable costs of obtaining information from sources that are not reasonably accessible." See Committee Note at 45, 48.

Here we see that at the Federal level they want to impose a standard of reasonableness for request for electronic information. This has already been hashed out in lower court rulings and this takes into account that not all ESI is equal in terms of finding and producing it. The court is saying that they will be the final arbiter when asking for data that is not easily accessible; this can potentially mean; stored on tape, across thousands of local hard disks, other and its still open to interpretation, probably the best litigator wins unless precedence exists or more prior rulings are established at the Federal level which establish precedence moving forward. The accessibility of programs like Google Desktop and other freeware tools and the "accessibility" that they provide can create a condition where data that was unreasonable to produce can suddenly become reasonable to produce and require production of more data during initial discovery with no cost to the requesting party. I believe that those companies that are mindful of data accessibility and this rule of reasonableness will err on the side of caution for deploying or permitting use of certain systems, operating systems and software as ubiquitous technologies within their organizations. Massive indexing and search a capability across the board with no controls is not necessarily a good thing with respect to litigation, the archival approach continues to bear well for the long-term.

Sanctions - Proposed Amendment to Rule 37(f). Under the addition to Rule 37: "absent exceptional circumstances, sanctions cannot be imposed for loss of electronically stored information resulting from the routine, good faith operation of an electronic information system."

The proposed rule recognizes that all electronic information systems are designed to recycle, overwrite, and change information in routine operation, even without "specific direction or awareness," not because of any relationship between the content of particular information and litigation, but because they are necessary functions of regular business operations. The proposed rule also recognizes that suspending or interrupting these features can be prohibitively expensive and burdensome, again in ways that have no counterpart in managing "static" hard-copy information. Even when litigation is anticipated, it can be very difficult to interrupt or suspend the routine operation of computer systems to isolate and preserve discrete parts of the information they overwrite, delete, or update on an ongoing basis, without creating problems for the larger system. Routine cessation or suspension of these features of computer operation is also undesirable; the result would be even greater accumulation of duplicative and irrelevant data that must be reviewed, making discovery more expensive and time-consuming.

However, sanctions are not avoided simply by showing that information was lost by routine operation of an information system. It also must be shown that the operation was in good faith. One factor in the good faith determination may involve intervention to modify or suspend certain features of a system's routine operation to prevent the loss of information, if that information is subject to a preservation obligation. When and if such an obligation arises depends on the substantive law and the circumstances of each case; the amendment does not create a new preservation obligation. The logic behind the proposal is that the cost and disruption of interrupting routine computer systems are not justified when there exist other means for preserving necessary and relevant information, such as: a "litigation hold" process, early discussion of the need for such extreme preservation measures, and entry of preservation orders tailored to the specific case. The proposed rule should provide necessary guidance in a troublesome area distinctive to electronic discovery.

This is the last and most interesting. It discusses sanctions. On the surface it can be interpreted that accidents such as erasure of data might be OK, as long as you can show that you were running your systems under the good faith premise. The second paragraph does add clarity that this is not as simple, and that efforts must be made to preserve and prevent loss of information. The "other means" of preserving information and not interrupting routine systems is what we provide with the archival platform. This continues to add more emphasis that major corporations should not build applications internally for managing content that is regulated and possibly destined for legal discovery, which today means nearly all data, from telephone call logs, conversations, etc.