e-discovery 2.0

As a long-time reader of The Economist, I was excited to find that this week’s edition writes at length about the exponential growth in electronically stored information (ESI), and how people are using technology to manage it.  I believe this is one of the most significant “mega-trends” impacting our economy, and I was thrilled to see it recognized by a mainstream publication. But when I read the 14-page special report, I was disappointed to find that its analysis of the legal and regulatory implications of “the data deluge” is really weak.

The survey does a good job of teeing up the issue:

The world contains an unimaginably vast amount of digital information which is getting ever vaster ever more rapidly. This makes it possible to do many things that previously could not be done: spot business trends, prevent diseases, combat crime and so on. Managed well, the data can be used to unlock new sources of economic value, provide fresh insights into science and hold governments to account.

It goes on to talk about how companies like Walmart, which has 2.5 petabytes of point-of-sale transaction data, is using business intelligence software to analyze the 1 million transactions it does every hour. By doing so, Walmart is able to improve the efficiency of its supply chain and the effectiveness of its marketing. The article also describes how companies like Amazon and Google use web analytics software on click stream data to improve their services.

What’s missing is an equally intelligent analysis of the legal and regulatory implications of all this data. The move from paper to ESI (email and files) has created a user-generated, written record of everything that happens in a company. That’s incredibly helpful when, after the fact, questions or disputes arise. Rather than relying on incomplete recollections, courts and regulators can now consult a written record – one where every document is time-stamped and very often attached to a person’s name via email. That enables judges and regulators to get better information which, in turn, leads to better decisions. It’s hard to quantify the value of that, but there’s no doubt it’s substantial.

There is, however, a catch. Because the volume of ESI is so great, it’s really expensive to gather, sift through, and then produce information. Add the requirement that the process needs to be defensible (i.e., easily explained in court), and the whole thing gets really expensive really fast. Hence the need for electronic discovery software: it’s the only cost-effective way for companies to manage their ESI from a legal and regulatory perspective.

That’s why I believe e-discovery software will be as big a category as web analytics software or business intelligence software – it’s a different side to the same coin. Or, more specifically, a different dimension to managing digital information stores which, as The Economist points out, are growing tenfold every five years.

Update: Nick Patience at The 451 Group has also posted on this topic, at almost exactly the same time as me.

On of August 14, 2009, the California Judicial Counsel amended their Rules of Court to augment discussion of electronic discovery issues during the meet and confer process.

Rule of Court 3.724 was amended to require discussion of “Any issues relating to the discovery of electronically stored information” no later than 30 calendar days before the date set for the initial case management conference.  The broad language (i.e., “any”) was augmented by eight specific categories that must be expressly discussed:

(A) Issues relating to the preservation of discoverable electronically stored information;

(B) The form or forms in which information will be produced;

(C) The time within which the information will be produced;

(D) The scope of discovery of the information;

(E) The method for asserting or preserving claims of privilege or attorney work product, including whether such claims may be asserted after production;

(F) The method for asserting or preserving the confidentiality, privacy, trade secrets, or proprietary status of information relating to a party or person not a party to the civil proceedings;

(G) How the cost of production of electronically stored information is to be allocated among the parties;

(H) Any other issues relating to the discovery of electronically stored information, including developing a proposed plan relating to the discovery of the information;

Many of these issues track FRCP language (including forms of production, preservation, privilege issues, etc.).  However, section G seems somewhat novel given the historical “American Rule” where the producing party is required to bear all necessary costs of production.

Curiously missing, in comparison with FRCP 26 B(2)(b), is the need to discuss the handling of “inaccessible” ESI, although this could easily be subsumed in the “any other issues” language of section H.  Also missing is a discussion about proposed searching and/culling protocols (aka “keyword negotiations”) which are often part of the core meet and confer topics in Federal court.

Nevertheless, the scope is broad enough to require *a* discussion of all likely relevant electronic discovery issues, which was often lacking historically.  Once that discussion starts, reasonably savvy counsel should be able to flesh out most of the significant issues.  And, given this broad language a judge would presumably give them a hard time for any material omissions.

Lately, the electronic discovery blogosphere has been, well, a-twitter about twitter and other social media as they relate to electronic discovery. While twitter struggles to find a business model, enterprises and law firms are racing to understand the implications of this latest boomtown of user-generated content that’s being built in out on the frontier of the World Wide Web (or is that Wild Wild West?).

There’s talk of intellectual property being cast out, irrevocably, onto the Internet for all to see. Or slanderous things being uttered for which your company may be held liable. But, hold on a second: is there really anything new here? Anyone heard of e-mail? Web pages? Peer-to-peer? Google? Instant messaging? As Debra Logan astutely points out in her recent post on the topic, “everything that exists is discoverable (at least pretty much).” If you haven’t already, take a look at the FRCP’s definition of ESI and you’ll get her point. So, yes, it’s obviously important to have a common sense corporate policy around what’s appropriate and what’s not for the public Internet, but it shouldn’t be any different from the policy that you should have already had in place regarding blogs, web pages, and email.

What about the other side of the electronic discovery coin: finding information that’s responsive to a request? If anything, social media are more easily discoverable than just about any other form of user-generated content (though admittedly in some cases they can be more transient, which can post unique challenges). And, while it’s not universally true, the argument can be made that the more easily something can be discovered, the lower the cost and risk of that content to you. Worried if anyone on twitter is stealing your new idea for a router architecture? How about the top-secret approach to making coffee you were thinking about patenting? Well, if anyone twittered about it, tracking it down is a snap. Just keep in mind that because of the public nature of social media, it’s likely that the more important the information is to your company in the context of electronic discovery, the less likely it is to live out on the public Internet. Obviously, there will be exceptions. But when there are those exceptions, tracking down the relevant information will likely be a fairly straightforward and relatively inexpensive process.

However, before we dismiss social media as nothing new and something that can largely be addressed through already-existing policies and discovery techniques, let’s consider one aspect of social media that is on the upswing, but often out of the blogging limelight: enterprise applications.

Increasingly, companies are moving to advanced enterprise social media platforms such as Jive or SocialText as a way of improving internal collaboration and making projects run more smoothly and effectively. Because such enterprise platforms are often used on a company’s most important and strategic projects, having robust e-discovery capabilities to allow internal blog, wiki, and discussion content to be captured and placed into a format that can be seamlessly searched along with other more traditional documents is becoming critical to forward-thinking enterprises.

For example, I recently came across a large financial institution that uses Jive SBS as its wiki and Clearwell as its e-discovery solution. What surprised me is that this company has created its own Jive/Clearwell “adapter” that feeds Jive discussions directly into Clearwell as a conversation thread. This is just one example, but I’m sure more will follow. Over time, it will become a requirement for e-discovery platforms to integrate with enterprise social media products. And, rest assured, as that happens, we’ll be sure to tweet about it!

UPDATE: Whit Andrews of Gartner was kind enough point out his (prescient) research note on the subject of e-discovery and social networking from November, 2007. He points out that there is in fact a very important “new new thing” about social networks, which is that they may be able to be leveraged in an e-discovery context to find out more about the people relevant to an investigation. By tapping these publically-available sources of information, investigators may be able to gain better insight into private (i.e. enterprise) information stores to guide the e-discovery process. More detail on this and other insights can be found at http://www.gartner.com/DisplayDocument?id=543110&ref=g_forward&call=email.

I was recently asked: “what are the first things you do when your client calls you about a case requiring e-discovery?”  So, for the benefit of all, I’ll post my answer.

My first caveat to the advice was context.  Since, while a lot of attorneys have attended CLEs or have read about e-discovery, it’s not the same in the real world.  As the old Spanish Proverb goes:

It’s not the same to talk of bulls as to be in the bullring.

Keeping in mind that reality may differ significantly from academics, here are some things to consider when the next e-discovery case comes up.   Please also keep in mind that these steps (like the EDRM workflow) aren’t linear and may in fact occur cyclically or in parallel:

1. Preserve, preserve, preserve

Nothing is more important than meeting the initial preservation obligation, which begins when litigation is “reasonably likely” – as opposed to just when the complaint is filed.  This first step in the long journey can easily be a trap for the unwary/unprepared.

The challenge once you’re past the trigger issue is to then identify the boundaries of the duty to preserve, i.e., what evidence must be preserved?   This inquiry is often initially comprised of identifying key players, date ranges and data types.

Another significant challenge in this step is to monitor and update the legal hold process.  And, given that litigation more often than not spans years, it’s easy to initially succeed at the preservation effort, but then later fail on execution.  The best way to minimize risk in this step is to move quickly from preservation to collection.  See Is Preservation in E-Discovery Overrated?

2. Work backwards

Once preservation (and ideally collection) is adequately covered, the next step is to start thinking about the end of the process and what success (or lack of failure) looks like.  The exposure and profile of the matter are important to consider when you embark upon an e-discovery project since it’s critical to scale discovery efforts appropriately.

One thing, in particular, that is very important to consider early in the process is the type of production format that will be preferred by reviewing counsel and the opposition.  TIFF-based image productions (which are historically well accepted) are often pitted against native file ESI reviews.  Either format may or may not be acceptable given the situation and the applicability of FRCP Rule 34.

3. Understand the technical landscape

Most attorneys, but for a rare few, aren’t capable of really comprehending technical nuances of the complex and interrelated IT systems found at most Fortune 2,500 enterprises.  Fortunately, they are quite adept at working with experts (either consulting or testifying) to help them get to the bottom of difficult to comprehend and explain issues.  The key is find the right technical people who understand IT systems and who can explain it to judges, juries, and attorneys alike, especially for some of the most common ESI repositories like: email servers, archival systems, shared network drives, instant messaging servers, archival repositories (e.g., tape libraries, real time back-up systems, etc.), records management systems, knowledge management systems, proprietary, but highly leveraged, internal applications, offsite repositories (e.g., hosted IT or email systems) and significant partner or subsidiary data stores.  In many instances it will make sense to leverage or create a map of the data universe so that nothing is missed and inaccessibility arguments can be cogently detailed.

4. Get your lingo straight

Assumptions, whether in e-discovery or not, are often dangerous.  In the complex undertaking where multiple parties are handling ESI it’s critical to make sure that everyone is on the same page especially since every company handles IT, records management, ILM and information security differently.  So, when working with these disparate constituents the outset of an engagement is the right time to make sure everyone is on the same page.  Therefore, standardize on a set of commonly used terms. Examples of potentially ambiguous topics include “imaging” ,“archive”, and “records.”

5. Don’t assume your client will really be helpful

I’ve been involved with hundreds of e-discovery engagements and I’ve found that almost universally the end client professes a profound willingness to help out.  And yet, actual “help” is relatively rare.  To qualify this, it may be prudent to ask several additional questions:

• Does the Client have the time to actually help?  Everyone at the client’s site has a day job that they’re tasked with above and beyond transient e-discovery needs.  So, while bandwidth generally is important, what’s more critical is the ability to comply with aggressive judicial deadlines.
• Are the people helping the ones you’d want to see on the stand?  It’s often not realistic to have internal folks (especially IT and Records Managers) stay isolated during the various pre-trial events – meet & confer conferences and potentially 30(b)(6) depositions so it’s important to evaluate how a given witness will fare when providing testimony.
• How likely is it that you client would throw you under the bus if things went wrong?  In my opinion, there is now more reason for outside counsel to manage the risks of an e-discovery project going awry.  See, Sullivan and Cromwell’s suit against EED.  Some will wisely bring in 3rd party consultants/experts to have a neutral, unbiased constituent in the process.

6. Build a budget and team (internal/external)

Everyone is probably now aware of how expensive e-discovery can be if managed improperly.  This makes it all that more imperative to work quickly to get a rough sense of the scope (which will lead to a budget) and the client’s willingness to absorb associated charges.  The most important step is to right-size the e-discovery effort with the risks inherent in the corresponding litigation/investigation.  Otherwise, there’s a high likelihood that e-discovery process will be over-engineered (too expensive) or under-scoped (cutting dangerous corners).

7. Figure out your risk profile

Similar to right-sizing the budget, it also makes sense to adopt a “horses for courses” approach to e-discovery since there is no singular way to handle a given matter.  For example, in one case you make take forensic images, restore backup tapes, capture instant messaging data, harness metadata, or decide to do an automated review with a with a “clawback” provision. In either case, the only mistake is to assume that an approach from another, dissimilar matter is warranted in the instant case.

8. Assume the opposition is better informed than you are

While this actually may not be the case, it’s a safer bet that assuming a level of naiveté that may not exist.  What is certain is that the Plaintiff’s bar is increasingly well informed and can be very aggressive.  They’ve seen the playbook that calls for baiting the opposition into a discovery misstep that can result in significant, case altering sanctions.  According to a recent survey, 63% of the polled attorneys said that e-discovery is being abused by counsel, so it’s important to be wary initially.

It’s also important to consider the potential reciprocity of a given matter and adjust your position accordingly.  In many instances it’s easy to consider your role only as a producing party, but with cross/counter claims it may be possible to simultaneously be propounding discovery and in the opposition’s shoes.

9. Prepare for an early case assessment

A recent industry survey found that effective early case assessment (ECA) approaches reduced overall litigation in half of the cases evaluated, and resulted in favorable outcomes for 76 percent of the cases.   The key to this methodology is to use the available next generation case analysis solutions earlier in the process, not just to review data for relevancy and privilege, but to:

• Identify the key players. This is critical in order to have a defensible legal hold process
• Evaluate the posture of the case to determine how it looks on the merits
• Diagnose potential outliers in the e-discovery process to facilitate meet and confer discussions and help create “inaccessibility” arguments
• Conduct a search term analysis for keyword negotiations during meet and confer discussions.  Objectively demonstrating the results of proposed search queries can go a long way in speeding up keyword negotiations

10. Don’t take search for granted

For many attorneys, e-discovery search is just like Lexis or Google.  Unfortunately, that isn’t the case.  Instead, it’s become highly complex and is now receiving significant judicial scrutiny.  In Victor Stanley v. Creative Pipe Judge Grimm suggested that attorneys need to rethink how they’ve traditionally managed the search process:  “[F]or lawyers and judges to dare opine that a certain search term or terms would be more likely to produce information than the terms that were used is truly to go where angels fear to tread.”  It’s now important to devise (and share at early meet & confer conferences) a defensible search strategy that can withstand judicial scrutiny.

On August 5, IBM announced eDiscovery Manager, which it says “enables organizations to better control the eDiscovery process by bringing key eDiscovery tasks in house. This helps clients more easily manage electronically stored information; provide earlier insights into collected evidence; and prioritize downstream evidence review, analysis and production.”

Taken at face value, this is potentially very significant. IBM is the world’s second-largest software company and its Lotus Notes/Domino email system is used by approximately one-third of corporate America. So I decided to dig a little deeper to understand exactly what IBM’s new litigation discovery product can do, and which customers it can best serve.

Product Capabilities

The first and most important thing to understand about eDiscovery Manager is that, before you can use litigation support software, you must first buy and install IBM’s unstructured data stack. This comes in two forms: you can either deploy IBM Content Manager and IBM Common Store; or, you can choose Filenet P8 and Filenet Email Manager. Either way, the deployment time is months and typically involves an army of consultants.

For data in IBM’s content management solutions, eDiscovery Manager enables users to search and export. There is no review functionality, no tagging, and no analysis. The limitations in functionality stem from eDiscovery Manager not really being a new product; rather it’s a rewrite of an old product (eMS or email search) with a new AJAX-based user interface.

Target Customers

The best litigation support software customers for eDiscovery Manager are those enterprises which have large amounts of data in Filenet P8 / Email Manager or IBM Content Manager / CommonStore. For those enterprises, it will be a useful tool, which IT departments will use to identify and collect data, just as they use utilities like ExMerge for Microsoft Exchange and Robocopy for file shares. Most companies will then choose to process, review and analyze data from all these different repositories with an e-discovery solution.

To my mind, what’s more significant than the announcement of eDiscovery Manager is the fact that IBM is waking up to the opportunity in e-discovery. There’s no doubting the company’s reach and technical prowess, and it will be interesting to watch what future products (e.g., “IBM eDiscovery Review”?) are in the works.

In my experience, e-discovery does not make the radar screen of most corporate General Counsels (GCs). Typically, it is one many issues left to others (e.g., Chief of Litigation, Director of Litigation Support) within the GC’s group. That may change after the recent verdict in the case of Broadcom vs. Qualcomm.

See below for the story, as told by Corporate Counsel in their October issue, with additional commentary from me [added in brackets]:

Collateral Damage

After a string of punishing legal defeats, Qualcomm Incorporated has switched general counsel. On August 13 the company announced that Carol Lam would replace Louis Lupin as its legal chief [Sounds like he got fired]. The move came a week after a federal judge issued a scorching order accusing Qualcomm and its outside lawyers of “gross litigation misconduct.” [Sounds like a pretty good reason why he got fired]

Emily Kilpatrick, Qualcomm’s director of corporate communications, says Lupin is leaving for personal reasons [Isn’t that what they always say?]. “He has been an outstanding leader and contributor to Qualcomm’s success over the past 12 years,” according to Kilpatrick. “However, he has decided to step down as general counsel and take a personal leave.” [a decision most likely made at the request of his boss]

Lam, who was hired in February to supervise Qualcomm’s worldwide litigation, will take over as interim GC, according to a company statement. Lam is one of the U.S. Attorneys fired by the U.S. Department of Justice this past winter. [oh, the irony…]

Based in San Diego, Qualcomm licenses semiconductor technology and system software to cell phone makers. For several years it’s been engaged in a pitched battle with rival Broadcom Corporation over who has infringed whose patents.

Qualcomm’s biggest problems have come in a case in San Diego federal district court. In January a jury ruled that the company had violated Broadcom’s patents. But even before the verdict, Qualcomm suffered a major setback as the trial drew to a close. One of the company’s witnesses revealed the existence of email that Broadcom said should have been produced during discovery. [Yet again, email is the smoking gun]

In April general counsel Lupin and one of Qualcomm’s outside attorneys sent letters of apology to the court, saying they failed to do a detailed enough keyword search of the company’s email. [No big deal, right? After all, we are saying sorry]

But that wasn’t enough for Judge Rudi Brewster, who has been hearing the San Diego case. On August 6 he issued a blistering 54-page ruling. He accused Qualcomm not only of failing to turn over more than 200,000 pages of relevant email and electronic documents during discovery, [i.e., this is a case of a deeply flawed e-discovery process, not of a simple missing email] but of engaging in a years-long campaign to deliberately mislead a technological standards body. Brewster ordered Qualcomm to pay Broadcomm’s litigation costs, and voided two of its patents. (David Rosmann, vice president of intellectual property litigation at Broadcom, estimates that its fees could be around $10 million). [The legal costs alone are several times what it would have cost Qualcomm to purchase an e-discovery solution and avoid this whole situation in the first place]

In a statement, Qualcomm said it “respectfully disagrees” with Brewster’s ruling and intends to appeal. “Qualcomm acknowledges the seriousness of the court’s findings and reiterates its previous apology to the court for the errors made during discovery and for the inaccurate testimony of certain of its witnesses,” the statement read. [We said sorry, isn’t that enough for you guys?]

The company’s problems aren’t over, however. Federal magistrate judge Barbara Major is now considering whether to levy sanctions against Qualcomm’s attorneys. [Don’t think you can hide behind your deep-pocketed employer. If you screw up e-discovery, it will be your neck on the line] Major has given “any and all…attorneys who signed discovery responses, signed pleadings and pretrial motions, and/or appeared at trial on behalf of Qualcomm” until September 21 to file a statement explaining why they shouldn’t be penalized. [For the lawyers in question, it’s guilty unless their arguments convince the judge they are innocent]

The other day, Michael Clark of EDDix sent me a fascinating academic paper (thanks, Michael!) about “information inflation” at its impact on the legal system. I had never really thought of it this way, but there have really only been 3 significant events in the evolution of information:

1. Writing (c. 5,000 years ago): Pre-historic man started to etch his markings on clay tablets, stone, wax, papyrus, bark, cloth, wood, paper, cave walls and anything else that came to hand.
2. Printing (c. 1450): Gutenberg’s movable type printing press enabled mass production of information, contributing to (among other things) the Renaissance and the Scientific Revolution.
3. Digitization (c. late 20th Century): The personal computer, wide area networks, internet, email, have all led to a massive explosion of information in the past 50 years. As the article points out, “close to 100 billion emails are sent daily…In a small business, whereas formerly there was usually 1 four-drawer file cabinet full of paper records, now there is the equivalent of 2,000 four-drawer file cabinets full of such records, all contained in a cubic foot or so in the form of electronically stored information.”

How can the legal profession cope, given that a lawyer’s job is often to synthesize this mind-boggling amount of data? Fortunately, the authors have a solution:

“A family of computer technology employing new types of search methods and techniques beyond use of mere keywords should now be considered for use in litigation….Litigators can no longer depend on manual review alone. It is too time-consuming and expensive – with cost often exceeding the amounts in dispute.”

To illustrate its point, the paper tells the story of the White House and the problem of a billion emails. During the Clinton administration, the White House agreed to a form of electronic record keeping called ARMS (Automated Records Management System). At the end of each administration, these records are handed over to the National Archives and Records Administration (NARA). The table below shows the number of stored emails NARA has, or expects to receive at the end of each administration.

Now assume that, like previous administrations, the Next President’s administration is subject to a lawsuit that requires e-discovery. The paper calculates:

“Without employing any automated computer process to generate potentially responsive documents, the review effort for this litigation would take 100 people, working 10 hours a day, 7 days a week, 52 weeks a year, over 54 years to complete. And the cost of such a review, at an assumed billing rate of $100/hour, would be $2 billion. Even, however, if present day search methods are used to initially reduce the email universe to 1% of its size (i.e., 10 million documents out of 1 billion), the case would still cost $20 million for a first pass review conducted by 100 people over 28 weeks, without accounting for any additional privilege review.”

This is a great example of why companies and government agencies are adopting e-discovery 2.0 technologies that go far beyond keyword search. In the face of information inflation, what choice do they have?

If there’s one idea that has captivated Silicon Valley in the past 3 years, it is Web 2.0. People may debate its meaning and definition, but the gist of it is clear: a handful of powerful forces have coalesced to make the internet of today fundamentally different to what it was 5 years ago. Opinions vary on which of these forces is most important: the growth of broadband to the home; open source, ajax and other technologies which lower the cost and increase the functionality of web applications; the power of community in a world where more people are on the web. Whichever you choose, there is no doubt that collectively these forces have had a huge impact, powering the growth of now-household names such as Google, MySpace, and YouTube.

I believe that an analogous set of changes is transforming the way companies do e-discovery. Ten years ago, e-discovery was an after-thought – a necessary, but incidental, part of corporate legal expenses. Today, it is a huge line-item in the legal budget, a headache for corporate IT, and the foundation upon which many cases are built.

E-discovery 1.0 was an ad hoc activity; e-discovery 2.0 is a core business process. E-discovery 1.0 was barely noticed; e-discovery 2.0 is driving the news cycle, affecting everyone from Intel to the US Attorney General. In the legal world, e-discovery 2.0 has had every bit as big an impact on enterprises as Web 2.0 has had on the dating lives of teenagers.

What happened? A series of fundamental changes have made e-discovery far more important, expensive, and complex than it was in the 1990s. Chief among these changes are:

1. Email, Not Voicemail: In the past 10 years, companies have switched from voicemail to email as the primary way they communicate. This has created a written record where none previously existed. Just as oral histories eventually die out, every voicemail eventually gets deleted; but emails and the written word live forever. Whatsmore, the convenience and time-efficiency of email makes it addictive, with the result that every meaningful conversation is captured, time-stamped, and attached to a person’s name. Given that many legal cases turn on intent, and proving who knew what when, this makes email a virtual treasure trove for anyone building a case.

2. Electronic Files, Not Paper: Electronic files are fundamentally different to paper documents: they reproduce like rabbits and are far cheaper to store. For example, one laptop is the equivalent of 2,000 boxes of paper; one server corresponds to 8,000-40,000 boxes of paper. The number of servers and laptops holding vast quantities of email is only increasing as the cost of hard disk storage falls, down from $2.04 per GB in 2004 to $0.77 per GB in 2006. Net net: going electronic has vastly increased the amount of data that must be analyzed as part of the discovery process.

3. Sooner, Not Later: Recent changes to the FRCP guidelines have moved e-discovery up in the process, forcing companies to have an e-discovery plan within 99 days of a suit being filed. Since disputes rarely settle that quickly, that means enterprises must now incur the expense of e-discovery on every case, not just the small number that actually make it to court. The result is a massive increase in e-discovery expenses and workload.

Anecdotal evidence of e-discovery 2.0 is everywhere. A few years back, no one would have guessed that every major analyst firm would have people dedicated to tracking e-discovery. Nor would you have expected to find a litigation support manager at every major enterprise.

So what exactly is e-discovery 2.0? Well, I will talk about that in a future post.