e-discovery 2.0

The electronic discovery world is buzzing about the malpractice case filed again Amlaw 100 firm McDermott Will & Emery.  There are a few good summaries here and here, but the gist of the complaint is that McDermott failed to properly supervise the electronic discovery efforts for their client J-M Manufacturing (J-M) in response to a qui-tam investigation.  According to a lawsuit filed by J-M in a California state court, McDermott inadvertently produced 3,900 privileged documents that were handed over to the federal government (and subsequently to a 3^rd party).

In terms of the nitty-gritty, the complaint alleges that McDermott used electronic discovery vendor Stratify (formerly part of Iron Mountain, now absorbed into Autonomy) to process and host the data.  Then, McDermott apparently retained a bevy of contract attorneys to review collected ESI from the 160 custodians, ultimately producing 250,000 documents that were presumably relevant, but not privileged.  The complaint contains the following particulars:

“12. Defendants owed PLAINTIFF a duty to render legal services competently. Defendants breached that duty by, inter alia, producing privileged documents to parties adverse to JME in litigation without obtaining its informed consent, failing to supervise attorneys and vendors MWE contracted with to perform the review and production of documents, and charging JME fees and costs for performance of such work that was not properly performed, or not performed at all.”

Surprisingly, this entire discussion is about a mere complaint filed against a large firm, who assuredly will wage numerous procedural challenges.   Thus, it’s questionable whether this case even sees the light of day.  So, why is it showing up on the radar of so many experts and pundits?  First of all, as Ralph Losey notes:

“This malpractice suit is an important and widely talked about event because it represents the first time, to my knowledge, that a law firm has been sued for e-discovery malpractice. We have all been waiting for this to happen. It was inevitable.”

But, novelty alone doesn’t usually make headlines, unless where there’s also smoke there’s probably fire.  Given the rise in electronic discovery sanctions against counsel, it has long been a fait accompli that a corporate client who experienced spoliation sanctions or an inadvertent production would start pointing fingers at other participants in the process, including the law firm that directed the e-discovery effort or the service provider who hosted the review process.  A recent Duke article noted that “[c]onsistent with the overall increase in sanction cases,…counsel sanctions for e-discovery have steadily increased since 2004.”  The article identified various levels of misconduct as the basis for counsel sanctions — “four cases involved negligence, seven cases involved gross negligence, nine cases involved reckless disregard, and ten cases involved intentional conduct or bad faith.”  Significantly, the article also noted that sanctions can be based on the “counsel’s personal execution of discovery tasks or on the counsel’s role in coordinating and overseeing the client’s discovery.”  That latter element seems to be the case with the claims against McDermott, and coupled with an inadvertent production (the third rail of electronic discovery) it doesn’t seem too shocking that a malpractice action would get filed.

This lawsuit does serve as a cautionary tale for those firms that continue to do things the old fashioned (i.e., 1.0) way.  While not an exhaustive list, this means some or all of the following: employing custodian self collections, using blind key word searches, failing to do sufficient data sampling (at the search and production phases), opting to not utilize early case assessment approaches, lack of search strategy and iteration, failing to optimize the review process, etc.  Surprisingly, old school approaches to electronic discovery are staggeringly common.  In fact, I’ve recently talked to some well traveled practitioners who’ve actually felt like their firms have gone backwards in recent years as prices for basic, block and tackling e-discovery services have plummeted.

If nothing else, we know that attorneys are hyper vigilant about their malpractice insurance.  And, it’s not too hard to see how premiums may go up with increasing e-discovery claims, successful or not.  So, while it’s unclear what will happen to McDermott, if it can happen to an Amlaw 28 firm (with roughly 1,000 lawyers) it can probably happen to any firm who’s not being as diligent as they should.

As a final note of supreme irony, McDermott will likely have to conduct electronic discovery as they defend their electronic discovery malpractice claims.  I wonder if they’ll use Stratify and outside contract attorneys.  I’d guess not.

According to a complaint filed by the U.S. government, the FBI secretly recorded an employee at one of Apple’s suppliers passing confidential information about the soon to be released Apple iPad in an October, 2009 telephone conversation.  The recording, along with other evidence, led to the arrest of the employee and others on charges on of wire fraud and conspiracy to commit securities fraud on December 16, 2010 as part of a major insider-trading investigation.  In the conversation, a director for Flextronics named Walter Shimoon is heard saying:

“they [Apple] have a code name for something new … It’s … It’s totally … It’s a new category altogether… It doesn’t have a camera, what I figured out. So I speculated that it’s probably a reader. … Something like that. Um, let me tell you, it’s a very secretive program … It’s called K, K48. That’s the internal name. So, you can get, at Apple you can get fired for saying K48.”

Four months later, the first Apple iPad, code named K48, was unveiled to the public.    To read more about the case background, read the press release issued by the U.S. Attorneys’ Office on December 16, 2010.

The case is interesting from an eDiscovery standpoint because it highlights challenges related to finding critical evidence as part of an investigation or lawsuit when people are intentionally using code words to hide information.  Finding or overlooking important documents that have been disguised can make or break your case, so determining whether or not key players are using code words is an important part of a thorough investigation.  Equally important to the investigation is segregating relevant and irrelevant documents quickly before key evidence is lost or destroyed without being required to conduct a painstaking page by page review of each document.

How Does Technology Help?

The good news is that even though technology innovation has resulted in massive data growth requiring the review and analysis of more documentary evidence during lawsuits and investigations, advances in eDiscovery technology have also made sifting through this information faster and easier.  In other words, technology can help solve the data growth problem technology created.

One of the newest advances is the use of “transparent concept search” technology to find important electronic files in lieu of basic “keyword” or “traditional” concept searching technology.  In many situations investigators or lawyers simply aren’t aware code words are being used to hide activity, so critical evidence is often overlooked.  For example, in the present case assume the investigator is unaware that “K48” is the internal code name used for the first iPad.  A simple keyword search for the term “iPad” may not retrieve critical documents about the “iPad” because the code name K48 is being used to disguise the product name.  If this is the only search methodology used, information could easily be overlooked during the investigation due to the limitations of simple keyword search technology.

On the other hand, running the same search using a traditional concept searching tool is likely to retrieve documents containing the word “iPad” as well as other conceptually related documents.  The problem is that the user has no ability to control the breadth of the search using traditional concept searching technology.  That means even though a traditional concept search for the term “iPad” is likely to include documents containing the term “K48” and “iPad,” it is also likely to retrieve a large number of irrelevant documents containing terms like “iPod, iTouch and iTunes that may appear to be conceptually related to the search term “iPad.”  The problem may seem trivial initially, but when investigators are required to read hundreds or thousands of irrelevant documents about the iPod, iTouch or iTunes in an effort to find relevant documents about the iPad, the time and cost of the investigation can skyrocket.

Next Generation Transparent Concept Search Technology

To solve this problem, next generation transparent concept search technology takes traditional concept searching a step further by empowering investigators to reap the advantages of traditional concept searching while actually reducing instead of increasing e-discovery expenses.  The secret is that transparent concept searching technology significantly reduces the time and expense resulting from over-inclusive document retrieval by allowing users to eliminate documents containing concepts that are not relevant to the intended search.  This is accomplished by providing a transparent view of concepts related to a search so that users can actually visualize and select (or deselect) the range of concepts to be included in a search before the search is executed.

For example, using transparent concept search technology to search for the term “iPad” would reveal conceptually related terms like “K48” just like traditional concept searching.  However, a transparent concept search would also provide a list of all concepts related to the keyword “iPad” prior to the search such as “K48, iPod, iTouch, Shimoon, iTunes, etc.  Prior to executing the search, the user could de-select irrelevant concepts and limit the search to “iPad”, “Shimoon”, “internal” and “K48” to make sure only the most relevant documents are retrieved. (See Figure 1).  In addition to decreasing the cost associated with segregating relevant and irrelevant documents, the transparent approach to concept searching results in strategic advantages for investigators and legal teams because the most relevant evidence is found quickly so cases can be assessed faster, with more accuracy, and before evidence disappears.

Conclusion

Not knowing what to search for as part of eDiscovery or investigations is often the biggest organizational challenge that basic keyword and traditional concept search technology has not been able to solve.  Next generation transparent concept search technology overcomes the inherent limitations of basic keyword and traditional concept searching technology by empowering users to uncover, assess, and review evidence faster and with more accuracy, thereby giving litigators or investigators new strategic advantages on every case.

These days, being mentioned on a late-night talk show is pretty much a stamp of “going mainstream”. This is true of celebrities (notably the One-Man Band that is Charlie Sheen), public figures (Captain “Sully” Sullenberger, who piloted the US Airways plane to a safe landing on the Hudson River), and even infomercial goods (who isn’t familiar by now with the Snuggie?)

In the e-discovery world, we realized just how mainstream this industry is becoming when we made mention on The Daily Show with Jon Stewart. With guest star Fareed Zakaria, fresh off the release of his new book, on set to discuss the American economy and the impact of technology on corporations, audiences were treated to this nugget:

Zakaria:   Machines can do things that people used to. There’s now computer programs that can do stuff that lawyers used to be able to do – discovery and things like that. May not be such a bad thing…

Stewart:   What can lawyers do that computers can’t do?

Lawyer jokes are never in short supply, and leave it to Jon Stewart not to miss a timely jab when one can be thrown. But we took notice because, of all the examples Zakaria could have used for technology’s impact on businesses everywhere — he chose to highlight the role of e-discovery software.

This was far from the first “mainstream” move for the e-discovery industry. In March, The New York Times published a featured – and top-emailed – article on advances in electronic discovery software. In May, leading analyst firm Gartner published the Magic Quadrant for E-Discovery Software, its first Magic Quadrant on the electronic discovery industry. And then in June, there it was: electronic discovery, right alongside CNN’s Fareed Zakaria and all Jon Stewart’s comedic antics on The Daily Show. Taken together, it’s clear that e-discovery is a hot topic on the minds of business folks and, increasingly, mainstream audiences. We’re eager to see where it comes up next – and secretly hoping the SNL sketch team is taking note.

In the world of technology we live in, a huge amount of benefit is created when people apply certain well-known techniques to solve problems and create value to the broader community. Such techniques are often the result of painstakingly long and laborious research, driven primarily by academic institutions with private industry either funding such research directly or by co-opting them in their own work. When the industry as a whole recognizes a certain methodology, it gains popular usage.

In information retrieval, searching and retrieving relevant content from unstructured text has been a vexing problem, and we’ve had decades of the brightest minds applying their collective intelligence and the rigors of peer review to validate and establish the most effective way to solve a retrieval problem. And, research forums such as TREC, SIGIR and other information retrieval conferences establish a venue for advancing the state of the art. So, when Recommind announced that they have been issued a patent on Predictive Coding, I took notice, especially since it touches a nerve with those who believe research should be openly shared.

The patent lists six claims that describe a workflow whereby humans review and code a document and the coding decisions applied to the document sample are projected or applied to the larger collection of documents. Anyone who has even the slightest exposure to information retrieval research will recognize this as a very common interactive relevance feedback mechanism. Relevance feedback as a way to perform information retrieval has been studied for well over forty years, with a paper as early as 1968 by Rocchio J.J., titled Relevance Feedback in Information Retrieval. It falls under a category of methods broadly known as machine learning.

Any supervised machine learning system involves creating a training sample and using that sample to project into a larger population. The fact that one could claim patentable ideas on something that is so widely known and used is puzzling.  Any workflow that employs machine learning would include the steps of creating an initial control set, coding that by human review, and applying the learned tags to a larger population.  In fact, the Wiki article Learning to rank describes precisely the workflow that is claimed in the patent and as part of our participation in the TREC Legal Track 2009, Clearwell submitted a paper with iterative sampling based evaluation and automatic expansion of initial query.  In that paper, we describe exactly the workflow postulated by the six claims of the patent.

In terms of other prior art that would potentially invalidate the patent, the list is long. Let’s start with Text Classification. Text Classification using Support Vector Machines (SVM) was first published by Thorsten Joachims in 1998, in the Proceedings of Sixteenth International Conference on Machine Learning, as well as his book Learning to Classify Text Using Support Vector Machines: Methods, Theory and Algorithms, published by The Springer International Series in Engineering and Computer Science.  Now a well-recognized Professor of Computer Science at Cornell University, that work is widely cited as a seminal work on the area of machine learning and text classification. Interestingly, this work was cited by the Patent Examiner as prior art, but the inventors missed listing it. Nevertheless, that work and further work by several academics such as Leopold and Kindermann has already established the use of Support Vector Machines as a useful technique for machine learning. To claim the novelty of its use in automatically coding documents is, in my opinion, a hollow claim.

Another technology mentioned in passing is Latent Semantic Indexing (LSI). This is proposed as a retrieval technique by Deerwester, S., Dumais, S.T., Furnas, G.W.,Landauer, T.K., Harshman R. in their paper, Indexing by Latent Semantic Analysis, in Journal of the ASIS, 41(6):391-407, 1990. The use of LSI for semantic analysis, concept searching and text classification is also very widespread, and once again, it seems ridiculous to claim that it is something novel or innovative.

Next, let’s examine the use of sampling to validate the initial control set. Use of sampling for validation of a control set of documents is in fact such a widely known technique that most e-discovery productions employ sampling. In fact, the Sedona Commentary on Achieving Quality and the EDRM Search Guide recommend use of sampling to validate automated searches. Furthermore, several E-discovery opinions such as Judge Grimm’s opinion in Victor Stanley [Victor Stanley, Inc. v. Creative Pipe, Inc. , 2008 WL 2221841 (D. Md., May 29, 2008)]  suggests that any technique that reduces the universe of documents produced must employ sampling to validate automated searches.

In short, we think the claims issued in the patent and the associated workflow are so commonly used that the workflow is neither novel nor non-obvious to a trained practitioner, and there is enough prior art on each of the individual technologies to warrant a re-examination and eventual invalidation of the patent. In any event, it is fairly easy for anyone to pick up existing prior art and devise a similar workflow that achieves the same or better outcome, and attempt to enforce the patent will likely be challenged.

But there is an even bigger issue at stake here beyond the status of Recommind’s patent: namely, shouldn’t the e-discovery vendor community continue to work, as it has for years, toward what is in the best interest of the legal community and, more broadly, the justice system? Recommind’s thinly veiled threats about requiring industry participants to license their technology are an affront to those who have invested years developing the technology and practicing the approach in real-world e-discovery cases. Spend a few minutes trolling (no pun intended) around on archive.org and you’ll see that early predictive coding companies like H5 were practicing machine learning and predictive workflows in e-discovery over two years before Recommind announced their first version of Axcelerate.

Wouldn’t a better outcome be for corporations and law firms to benefit from the innovation that comes from free competition in the marketplace, while still honoring the sort of novel, non-obvious innovation that warrants patent protection? Legitimate patents that actually encourage and protect investments by an organization are fine, but process patents that attempt to patent a workflow are bad for business. With such an approach, the full promise of automated document review (which, as any truly honest vendor should admit, still has much more room to grow and develop) can be fully realized in a way that both provides vendors with the fair and just economic rewards they deserve while helping the legal system become radically more efficient.

Last month, Gartner published the 2011 Magic Quadrant for E-Discovery Software, its first ever Magic Quadrant (MQ) on the electronic discovery industry.

We believe the Gartner MQ signals e-discovery’s arrival as a major category of enterprise software, and creates a single, definitive “buyers’ guide” to help companies choose between the various solutions.  As the report points out, “The reason e-discovery is now a pressing issue for most companies is clear: ESI in all its many forms dominates legal proceedings because modern business is mostly conducted using electronic communications and electronic records. Regulators require this ESI to be archived for proof of compliance.”[1]

The authors of the report, Debra Logan and John Bace, are two of the industry’s leading lights. The report reflects their deep understanding of the domain and includes several keen insights into emerging trends and market dynamics.

Most software buyers are familiar with Gartner Magic Quadrants and the rigorous methodology behind them. In order to be included in the MQ, vendors must meet quantitative requirements in market penetration and customer base and are then evaluated upon certain criteria for completeness of vision and ability to execute. In the Magic Quadrant for E-Discovery Software, Gartner states that, “Ease of use, intuitive user interfaces, attorney-focused workflow, advanced but transparent semantic analysis features, native file format review, and foreign language support are all considered desirable features from the end user’s point of view.”[2] According to the report, “A vendor’s ability and willingness to perform proofs of concept (POCs) is also important, and many references told us that, with certain vendors, “try before you buy” arrangements or POCs were so successful that they did not even open their tendering process to competitive bidding.”[3]

In total, the Gartner Magic Quadrant for E-Discovery Software report analyzes 24 different e-discovery software vendors, and is meant to help CIOs, general counsel, IT professionals, lawyers, compliance staff and legal service providersunderstand the dynamics and landscape of the e-discovery software market. Combined with its analysis of the factors driving the growth of e-discovery and its vendor-by-vendor evaluation, we believe this makes the report a must-read for anyone involved in selecting an e-discovery solution.

For a limited time, please register here to download a complimentary copy of the Gartner Magic Quadrant for E-Discovery Software.

About the Magic Quadrant
The Magic Quadrant is copyrighted 2011 by Gartner, Inc. and is reused with permission. The Magic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts Gartner’s analysis of how certain vendors measure against criteria for that marketplace, as defined by Gartner. Gartner does not endorse any vendor, product or service depicted in the Magic Quadrant, and does not advise technology users to select only those vendors placed in the “Leaders” quadrant. The Magic Quadrant is intended solely as a research tool, and is not meant to be a specific guide to action. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

---

[1] Gartner, Inc. “Magic Quadrant for E-Discovery Software”, by Debra Logan, John Bace, May 13, 2011, page 5.

[2] Gartner, Inc. “Magic Quadrant for E-Discovery Software”, by Debra Logan, John Bace, May 13, 2011, page 8.

[3] Gartner, Inc. “Magic Quadrant for E-Discovery Software”, by Debra Logan, John Bace, May 13, 2011, page 9.

I’ve just returned from a trip across the pond where I spoke at IQPC’s Information Retention and eDisclosure Management conference, which was well attended by both local practitioners and experts from the States.  In addition to numerous discussions comparing and contrasting the US e-discovery and UK e-disclosure practices, there was also a ton of time spent focusing on regulatory compliance.  In particular, the Bribery Act 2010 was a hot topic, not surprisingly given its looming implementation date of July 1.

It occurred to me that both with the Bribery Act and its kissing cousin, the FCPA, the UK and US are strikingly similar in many ways.  We both speak the same language (sort of), but there are any number of things that are just different enough that Americans must take pause.  As an easy example, crossing the street in London can be a perilous journey given our tendency to “look left.”  Fortunately our friends abroad don’t want their lorries dented up by hapless yanks so they kindly paint numerous “look right” signs on street corners throughout their fair city.

As e-discovery and e-disclosure continue to mature in their respective lands, the sense is that the difference will rapidly become obscured, especially in light of how well the countries seem to be collaborating around best practices and civil procedure standards.  During the judges’ panel at the IQPC event, noted e-discovery legends (Judges Grimm, Peck and Facciola) roundly complimented the UK’s disclosure process, often describing how much the US can learn from our allies.

Similarly, it’s interesting to see how the Bribery Act has “gone to school” on the FCPA.  For the past decade or so the UK has been criticized for its Laissez-faire attitude towards commercial bribery, particularly with a glaring gap in applicable legislation (like the FCPA). And, while a wee bit late to the party, the UK finally enacted its anti-bribery statute (on April 8, 2010), curiously dubbed the “Bribery Act 2010,” which in many way leapfrogs the 34 year old FCPA.  While ostensibly similar, the Act differs from the FCPA in a number of ways, many of which broaden applicability. For example, unlike the FCPA, the Act covers bribes to both the public and private sector and does not make an exception (like the FCPA) for facilitation payments (small payments given to public officials to speed up a routine service).  Similarly, the Act applies to all organizations that do business in the UK, even if they’re not based there, and even if the bribery occurs in another country.

The Bribery Act was originally scheduled to become effective in October of last year but, after numerous delays and outcries from the business community, the Ministry of Justice recently issued its “Bribery Act 2010: Guidance” and announced that the Act will finally take effect on July 1, 2011. This guidance has been eagerly awaited by anxious enterprises given the extremely broad potential of the Act.In concert with the recently promulgated prosecutorial guidelines, the guidance document gives some insight into how UK prosecutors (as enforced by the Serious Fraud Office) will initially decide who to pursue and then how the Act will be applied.  Fortunately, the promulgated guidance documents suggest that the Act is “directed at making life difficult for the mavericks responsible for corruption, not unduly burdening the vast majority of decent, law-abiding firms.”

To this end, the Guidance states that “[i]t is a full defence for an organisation to prove that despite a particular case of bribery it nevertheless had adequate procedures in place to prevent persons associated with it from bribing.”  It is these “adequate procedures” that provide a safe harbour of sorts and therefore should be perused quite carefully by impacted organisations to ensure that their compliance programs are up to muster.  The following six “guiding principles” are designed not to be prescriptive or “one-size-fits-all,” but rather to suggest a “risk-based” and proportionate approach to managing bribery risks.

1. “Proportionate procedures: A commercial organisation’s procedures to prevent bribery by persons associated with it are proportionate to the bribery risks it faces and to the nature, scale and complexity of the commercial organisation’s activities. They are also clear, practical, accessible, effectively implemented and enforced.
2. Top-level commitment:  The top-level management of a commercial organisation (be it a board of directors, the owners or any other equivalent body or person) are committed to preventing bribery by persons associated with it. They foster a culture within the organisation in which bribery is never acceptable.
3. Risk assessment: The commercial organisation assesses the nature and extent of its exposure to potential external and internal risks of bribery on its behalf by persons associated with it. The assessment is periodic, informed and documented.
4. Due diligence: The commercial organisation applies due diligence procedures, taking a proportionate and risk based approach, in respect of persons who perform or will perform services for or on behalf of the organisation, in order to mitigate identified bribery risks.
5. Communication (including training): The commercial organisation seeks to ensure that its bribery prevention policies and procedures are embedded and understood throughout the organisation through internal and external communication, including training, that is proportionate to the risks it faces.
6. Monitoring and review: The commercial organisation monitors and reviews procedures designed to prevent bribery by persons associated with it and makes improvements where necessary.”

Organisations looking for clarity should certainly start with an analysis of how well their existing anti-bribery procedures (many likely designed with the FCPA in mind) map to the six principles.  The hope of many is that the Bribery Act won’t inherently require a complete reboot for entities trying to comply.  Instead, a more measured and reasonable goal should be to have complaint entities examine the Act to see if any augmentation is necessary.  Fortunately, the Guidance principles are peppered with terms like “proportionate”, “risk-based” and “practical” that should give solace to the entities that had significant indigestion when the Act was first released.

Traditional e-discovery solutions may very well be called into duty to help augment an organisation’s “adequate procedures” particularly regarding the “risk assessment” and “due diligence” principles.  These two principles specifically call out procedures that proactively facilitate:

• Identification of the internal and external information sources that will enable risk to be assessed and reviewed.
• Accurate and appropriate documentation of the risk assessment and its conclusions.
• Conducting direct interrogative enquiries, indirect investigations, or general research on proposed associated persons.
• Appraisal and continued monitoring of recruited or engaged “associated” persons may also be required, proportionate to the identified risks.

Re-purposing of e-discovery tools in this compliance context makes sense given how things have played out here in the States with the FCPA and provides yet another way to rationalize bringing solutions in-house.  In this scenario the advanced analytical components will likely come more into play than will the downstream review and production elements.  This expansion of traditional e-discovery concepts, procedures and applications is logical and coincides with a leftwards movement on the EDRM spectrum.  It’s also aligned with rapidly expanding notions of IMRM and information governance.  I postulate that soon it will be too limiting to just talk about pure “e-discovery”tools since it inherently leaves out the rest of the compliance story.  In addition to looking “right” we’ll also need to look “left” (on the EDRM) to take into account use cases like the Bribery Act.

It seems all too easy to poke fun at Charlie Sheen’s antics of late.  And, while they serve as cautionary tales in numerous contexts, his use of social media to launch his “tiger blood” fueled rampage against his former employer may mean that these rants may actually turn into evidence someday soon in his breach of contract action.  On one hand, his public meltdown was surely a high water mark for social media as a window into the real-time (can’t look away) train wreck that is now Mr. Sheen’s career.  After all, he now has over 3 million Twitter followers and for those who don’t expressly follow his now infamous rants (e.g.,“#winning”) other media outlets stand by to repost and re-tweet every scintillating (less than 140 character) proclamation.

For those who think that they’d prefer to have less Sheen in their daily diets, let’s use his 15 minutes of über-fame to examine the impact of social media on the traditionally email oriented electronic discovery process we’ve all come to know and love.  On balance, while the electronic discovery and regulatory issues are all fundamentally the same, the social media genre does genuinely pose a range of tactical and strategic challenges.

Accept Reality and Plan Accordingly

For many organizations, it’s easy to exhale as they’ve finally reigned in some of the email chaos during the 2000s.  But, this small victory in the larger information management war has been eclipsed by new challenges posed by social media.  The problem isn’t just that the types (Twitter, LinkedIn, Facebook, Flickr, YouTube, etc.) are increasing at a mind numbing speed, but the volumes of accumulated data (1 billion tweets per week) is also proliferating wildly.  A recent article published under the Sedona Conference’s aegis, The Impact of the Internet and Social Media on Records and Information Management: Unexpected Bedfellows Highlight the Need for Effective Information Management –Now More than Ever points out:

“Most commentators agree that, if social networks in the workplace are inevitable, corporations must resign themselves to the inevitable and prepare accordingly. …

To combat these risks, companies must understand the interactions between IT and legal and how they intersect in the world of Records and Information Management. Companies must also employ a cross-discipline approach to issues in order to properly address access rights, digital security, Records and Information Management policies and programs, short and long-term data storage strategies, audit processes, enforcement protocols, incident and litigation response plans, and employee education programs.”

The authors correctly state: “[h]ard decisions need to be made, and resources committed, but an ounce of current prevention now may certainly outweigh the inevitable pound of information loss.”  This “pound” is most often paid out by organizations in response to electronic discovery costs, which are axiomatically linked to the amount of electronically stored information (ESI) a company needs to collect, process, review and produce for the matter at hand.

So, like the first stage in the Kübler-Ross grief process (denial), organizations need to accept the reality of social media, understand the implications (cost, risk, information security challenges, etc.) and start to plan accordingly.  Yet, the denial seems to be ever-present.  In a recent survey by the Electronic Discovery Reference Model (EDRM) it was shockingly noted that “[w]ritten policies for social media are non-existent,” with 85 percent of industry professionals admitting that “no written policies existed within their organizations regarding the preservation of data for any of the wildly popular social networking sites.”

Deploy the Right Information Governance Policies

Step one in this challenging task is to reign in the authorized/unauthorized use of social media.  This likely doesn’t equate to the wholesale prohibition of all social media (which would be nearly impossible to enforce).  Instead, the goal should be to define what is permissible via policies and procedures, and that in turn should be used to identify expectations of reasonable corporate conduct.  This effort should inherently recognize that there are legitimate business purposes (ideally with defined corporate objectives), as well as individualized usages (that nevertheless may still be supportive of company goals) for the use of social media.  In all instances it will be important to calculate the benefits of the social media activity (increased collaboration, real-time communication, ubiquity, etc.) with the risks (lack of information control, reduced productivity, etc.).

Organizations may also consider which of their own social media forays constitute a business record and whether or not they should be proactively archiving/capturing/preserving such ESI to create a robust document trail if social media ever becomes a factor in litigation.  Unfortunately, as with a number of other quickly developing paradigms such as cloud computing, there’s often a “ready, fire, aim” approach where the legal, risk and compliance ramifications aren’t well thought out prior to deployment.

Social Media Use Cases Proliferate

In just the past few months there have been numerous instances where social media has taken center stage in the electronic discovery and compliance realms.  Here are just a few recent examples:

• Facebook – In what’s been called the Facebook firing case, the National Labor Relations Board (NLRB) jumped in to chastise an employer for allegedly firing an employee due to a Facebook post (where she allegedly called her boss a “mental patient”).  The NLRB said that policy was in violation of the National Labor Relations Act, which gives employees the right to discuss “the terms and conditions of their employment with others.”
• LinkedIn – In a recent breach of contract action, an employer claimed it had evidence of improper solicitation of its employees through the LinkedIn connections of one of the defendants.

Electronic Discovery Costs Rise in Concert with Social Media

While “ESI is ESI” to some extent, there are tactical challenges with conducting electronic discovery of social media.  Using the EDRM model as a guide, the first main hurdle will be Identification.  In this stage, the challenge will be to identify (ideally through data maps and corporate policies) the instances of social media that are being legitimately used within an enterprise.  This process is typically linked to key players, versus searching the entire data universe for specific key terms.

Once this thorny issue is confronted, the even bigger challenge involves determining how to manage the risk-laden Preservation process.  Here, the highly dynamic nature of social media stands in contrast with its email counterpart, which in many ways was designed to be used in a linear, threaded format.   The preservation of social media has two main challenges.  The first one is access since the information may be private or semi-private.  In this setting, the recent case of Romano v. Steelcase Inc. (N.Y. Sup. Ct. 2010) shed light on some of the privacy issues:

“[W]hen Plaintiff created her Facebook and MySpace accounts, she consented to the fact that her personal information would be shared with others, notwithstanding her privacy settings. … Since Plaintiff knew that her information may become publicly available, she cannot now claim that she had a reasonable expectation of privacy. As recently set forth by commentators regarding privacy and social networking sites, given the millions of users, ‘[i]n this environment, privacy is no longer grounded in reasonable expectations, but rather in some theoretical protocol better known as wishful thinking.’”

Assuming the privacy issue can be overcome, the next issue is encountered during the Collection phase, since it will be hard to actually preserve social media in situ because the content is dynamic and at the whim of the user and the applicable site.  Aside from a few recent developments like Facebook’s “Download Your Information” feature and the library of Congress’ decision to archive all tweets since March, 2006, most social media ESI is fleeting and hard to collect.  The current brute force methodology is to simply take screenshots of the relevant blog, tweet or status update.  The challenge with this approach isn’t necessarily with admissibility (see below).  Instead, this static modus operandi makes it nearly impossible to utilize analytical tools to search and review the social media content.  Assuming the use cases and volumes continue to proliferate at current speeds (which is a safe bet), then leveraging analytical tools becomes that much more important in the effort to control costs.

Over time, enterprises will attempt to funnel users into corporate social media platforms that have governance abilities built in, particularly export functionality that will permit more advanced search and analytics from purpose-built e-discovery applications.  But, for now, the herding cats exercise will continue as the corporate community tries to keep up with the faster moving user base.

Admissibility is an Open Question

Not to be forgotten, the core underpinning to a successful collection of social media content is the ESI’s admissibility, since the ability to use data in court is the sine qua non for conducting the electronic discovery process in the first place.  In the seminal case on the admissibility topic, Lorraine v. Markel Am. Ins. Co., (2007), United States Magistrate Judge Paul W. Grimm noted that “[v]ery little has been written, however, about what is required to insure that ESI obtained during discovery is admissible into evidence at trial.”  He went on to note that “[t]his is unfortunate, because considering the significant costs associated with discovery of ESI, it makes little sense to go to all the bother and expense to get electronic information only to have it excluded from evidence or rejected from consideration during summary judgment because the proponent cannot lay a sufficient foundation to get it admitted.”

While it’s difficult to quickly summarize the authentication requirements for social media, it is an important aspect that can be achieved a number of ways (pursuant to FRCP 901, which only provides illustrations).  The most likely course would be to utilize the “personal knowledge” approach, which permits authentication by testimony “that a matter is what it is claimed to be.”   Other approaches, such as utilizing metadata (which works well for more static ESI) will be less applicable for social media since it is more ephemeral.

Conclusion

Many have proclaimed that social media will soon render email obsolete as the primary form of corporate communication.  While this remains to be seen, social media is quickly elbowing its way into the electronic discovery conversation and this new kid on the block needs to be taken seriously, or the unwary practitioner may unwittingly find out (via tweet) that their case has been dismissed because of spoliation.

I am thrilled to announce that Clearwell has signed an agreement to be acquired by Symantec for $410 million ($390 million, net of our cash balance of $20 million). By bringing together Clearwell’s market leading e-discovery platform with Symantec’s market-leading archiving solution, we are uniquely positioned to provide customers with the next generation of information management solutions.

The e-discovery software industry has matured rapidly in the 6 years since Clearwell was founded. As electronic information has become a key part of all litigation, regulatory inquiries, and internal investigations, companies have had no choice but to adopt e-discovery software to keep their costs down. Some have done so by bringing e-discovery in-house; others prefer to work with law firms and litigation support companies who provide cloud-based solutions. Either way, e-discovery software has become widely adopted by corporations, government agencies, and law firms around the world.

Clearwell has been a major beneficiary of these trends. Our annual sales have grown rapidly to over $50 million, and the company has been profitable since 2009. Today, we have over 400 customers and 75 partners in 14 different countries.

Many of these customers are using Clearwell together with Symantec Enterprise Vault in a single integrated workflow, and they have often requested that we couple our products more tightly to better serve their information management needs. That’s what led us to partner with Symantec for the past several years and ultimately led to this transaction. Over time, we see corporations and government agencies increasingly seeking information management solutions that encompass both e-discovery and archiving, making the combination of Clearwell with Enterprise Vault incredibly compelling.

In the near term, we expect very little to change for our existing customers. The product will continue to be sold on a standalone basis and supported by the Clearwell team. We remain committed to serving law firms and litigation support partners, who are absolutely critical to our success in more ways than we can describe.

This is an exciting time for the e-discovery industry. Last week, Gartner published its first ever Magic Quadrant For eDiscovery Software. Today, Symantec and Clearwell join forces to deliver a seamless, integrated archiving and e-discovery management workflow, benefitting all our customers. You can find more information about the acquisition at: http://www.symantec.com/clearwell.  There are exciting times ahead.

As the buzz around Watson and its foray into human-like (actually super-human) performance subsides, it may be time to take stock of what all the fuss was about. After all, we’re all used to computers doing better than humans in many things and even take its superior store of knowledge for granted. And, on the surface, we get answers to questions on pretty much anything from a simple Google or Bing search. So, what really is the big deal and is it even relevant in the context of electronic discovery?

For those not clued in on this, Watson is a brainchild of a four-year effort from 20-25 researchers at IBM, to build a computing engine that would successfully compete at champions-level at the popular quiz show, Jeopardy. Although it blundered on a couple of answers, it competed very well, with a wide margin of victory. Several industry experts that learned of it and watched the show have lauded this as an accomplishment at the same scale or even better than the IBM Deep Blue beating Chess Grand Champion, Gary Kasparov, in 1997. So, let’s examine if this is indeed worthy of the accolades it has gotten.

Behind Watson is an impressive piece of hardware – a series of 90 IBM Power 750 nodes, adding to 16TB of memory and 2,880 Power7 processor cores delivering a staggering 80 teraflops of peak performance.  All the hardware is highly inter-connected with ability to work on problems in parallel, but still marching to a final result in three seconds or less – just fast enough to beat the human buzzer. Some highlights of the computing infrastructure from the hardware architect, Dr. James Fan, at IBM indicate that the three-second timeframe meant the entire corpus of 200 million pages was loaded into memory. Also, with several processors simultaneously working on pieces of the problem, they place very high I/O requirements. The hardware supports a multi-processing OS, with virtualization, in a workload optimized system. The software drives the hardware using thousands of dense threads, with each thread of execution processing a large chunk of work with minimal context switch. Also, given the large number of cores, each thread is optimally allocated to a core. Branded as DeepQA, the software executes a series of complex algorithms in order to solve a very specific problem: winning on Jeopardy.

First, the Jeopardy game provides categories of clues. Some categories help in understanding the clue, while others are simply misleading to a computer. Next, the clue is revealed and one needs to determine what the clue is really asking, since many clues do not ask for a factoid with a direct question, but rather is a composition of multiple sub-clues, each related to another in some linguistic, semantic, syntactic, temporal or other forms of connection. The decomposition of clues and figuring the relationships is a challenge even for humans. Finally, after one understands the clue, you then have to hone in on an answer with some level of confidence, within a three-second window, and must activate the answer buzzer ahead of the rest of the competitors. Besides individual clues, one has to also devise an overall game strategy for selecting the next category, selecting a clue within that category, how much to wager on the Double Jeopardy and the Final Jeopardy. Overall, the game is a complex amalgamation of knowledge, language analysis, gaming strategy and speed of recall of answers.

The software architecture of the DeepQA system is documented in a paper published in AI Magazine. The team built several components to address each area of the problem, with many independent algorithms in each component.  There are lots of complicated technical details, but the final outcome is a human-like response.

A question on that anyone who examines its inner workings has is whether the system is really natural language processing, or statistical language analysis, or machine learning or some sort of ad-hoc program, which doesn’t fit any traditional area of analytics. It does appear to be an combination of several techniques, which may mirror exactly how humans go about solving these clues. We seem to have a large collection of knowledge, initially unconnected but the category, the clue, the hypothesis all appear to generate word and concept associations and a fuzzy evaluation of confidence measures which all converge into a confidence with which a competitor answers a question. It is the replication of these processes by algorithms that makes it truly an astounding achievement.

Given the success of DeepQA’s performance, a natural question is whether it has any practical value for helping us solve day-to-day problems. More specifically, can it cope with the information overload and the challenges of e-discovery posed by that mass of information?  Use within e-discovery context has been explored by several authors, most notably, Robert C. Weber of IBM and Nick Brestoff in recent Law.com articles. Their analysis is based on the ability to explore vast volumes of knowledge. But really, what DeepQA tackled is something more significant – the inherent ambiguity in human spoken and written communication. Our natural instincts are to employ subtle nuances, indirect references, implicit assumptions, and incomplete sentences. We tend to leverage prior and surrounding context in most of our communications. It’s just the natural way of communications, since doing so is actually very effective. We assume establishing context is redundant, unproductive and unnecessary as it tends to make communication repetitive. By not employing a rigid structure in how we write, we are able to bring to bear concise exchanges that span a large volume of information.

If the last two decades is an indicator, the nature of communication is getting less formal, with emails, instant messages, tweets, and blog posts replacing well-crafted formal letters and memos. And, forcing individuals to communicate using rigid, unambiguous text in order for it to be processed by computers easily would mean a huge change in behavior in how people communicate. Any action that contemplates such a change in behavior across billions of people is simply not going to occur. What this means is that the burden for automated analysis using computing algorithms is even greater. This is what makes the discovery of relevant content in the context of e-discovery a very hard problem, one that is worthy of the sort of technological prowess employed by DeepQA team.

Given that our appetite for producing information is ever-increasing, while its discoverability is getting harder, taking the work of DeepQA and adapting it to solve e-discovery needs has the potential to make significant improvements in how we tackle the search, review and analytical aspects of e-discovery.  DeepQA took an easily articulated goal of answering at least 60% of the clues with 85% precision in order to reach champion levels. That was sufficient to win the game. Note that there was never an attempt to get 100% of all clues, with 100% confidence. In the realm of e-discovery, we would be looking at taking a very general production request such as the TREC 2009 Topic 201 “All documents or communications that describe, discuss, refer to, report on, or relate to the Company’s engagement in structured commodity transactions known as prepay transactions.” and use just such a simple articulation of the request to produce relevant documents. It is the core algorithms of machine learning, multiple scoring methods, managing relevance and confidence levels along with traditional information retrieval methods that form the ingredients of the new frontier of automated e-discovery. Beyond e-discovery, application of DeepQA algorithms for business analytics also has significant potential, where fact and evidence-based decision making using unstructured data is likely the norm. DeepQA’s very public Jeopardy challenge has shown that the ingredients needed for enabling such problem solving is well within the realm of possibility.

I was at Sedona midyear meeting last week and during Ken Withers’ excellent discussion of recent e-discovery case law, a few thoughts occurred to me. First, there are so many cases coming out now each week it’s hard to stay above the fray and mine for useful nuggets. The task is a bit Sisyphean, so folks like Ken (who keep a rolling index of cases) are particularly helpful. Next, I was struck by how hot Pension Committee still is, even after almost a year and a half. Certainly, this ongoing spotlight wasn’t an accident, and it’s almost certain that Judge Scheindlin is pleased by the ongoing debate.

I frequently get questions from enterprise clients regarding which cases they should know about, and so I put together an EDRM oriented (left to right) list for folks who just can’t get to all the latest cases. While it’s not an annual roundup per se, I do think it’s a bit more functional for busy electronic discovery professionals who need to stay current. So, here’s the buzz index of cases arranged by topic:

Preservation: The Legal Hold Gold Standard

Case: Pension Committee of the Univ. of Montreal Pension Plan, et al., v. Banc of America Securities, LLC, et al. (S.D.N.Y. 2010).

Summary: The dispute focused on claims by a group of investors who brought an action to recover losses of $550 million dollars stemming from the liquidation of two British Virgin Islands based hedge funds. Unlike many typical e-discovery disputes, this instant action focused on the conduct of the plaintiffs as they attempted to deal with the often murky landscape of electronically stored information (ESI) preservation, collection and production. Judge Scheindlin goes out of her way to crystallize duties and identify the type of conduct that can cause an e-discovery breach. “After a discovery duty is well established, the failure to adhere to contemporary standards can be considered gross negligence. Thus, after the final relevant Zubulake opinion in July, 2004, the following failures support a finding of gross negligence, when the duty to preserve has attached:

• to issue a written litigation hold;
• to identify all of the key players and to ensure that their electronic and paper records are preserved;
• to cease the deletion of email or to preserve the records of former employees that are in a party’s possession, custody, or control;
• and to preserve backup tapes when they are the sole source of relevant information or when they relate to key players, if the relevant information maintained by those players is not obtainable from readily accessible sources.”

Why it’s (still) important: First of all, Pension Committee is written by Judge Scheindlin, who is the most famous electronic discovery jurist on the planet. Next, since she’s in the Southern District of New York, it means that folks even in other jurisdiction that aren’t bound by her opinions still must take heed given the fact that New York is home to so many multinational organizations. Finally, her opinion is the clearest (even if disputed) articulation regarding the standard of care for the issuance of legal holds and the duty to preserve ESI. She attempts to categorically define conduct that is grossly negligent and therefore susceptible to extreme sanctions, including spoliation inferences and terminating sanctions. Fortunately, she recognizes the numerous challenges associated with electronic discovery. And, so as to blend in a healthy dose of reality Judge Scheindlin also said: “In an era where vast amounts of electronic information is available for review, discovery in certain cases has become increasingly complex and expensive. Courts cannot and do not expect that any party can meet a standard of perfection.”

In the end, Pension Committee, was the case of the year in 2010 and even in 2011 it’s generating an unprecedented level of retrospectives (here and here). It may be because Judge Scheindlin’s relatively bright line standard has created so much debate, but in the end the Pension Committee discussion will likely continue for the foreseeable future (perhaps only ending when/if the culpability rules are amended to create a unified national standard).

Preservation: Why Preserve in Place is Risky?

Case: Wilson v. Thorn Energy, LLC, (S.D.N.Y. 2010).

Summary: In Wilson, the defendant corporation identified a flash drive that contained relevant ESI, but rather than copying that data safely to a centralized evidence repository, the defendant’s employee chose to hold on to the drive, putting it instead into a desk drawer. When the files were requested for review and production, the files could not be read from the drive. The defendant’s employee attempted to recover the ESI contained on it, but those efforts failed. Granting plaintiffs’ motion for sanctions, the court ordered that defendants would be precluded from offering evidence at trial concerning the data contained on the discarded drive.

Why it’s important: In today’s e-discovery world, many organizations are instituting hold processes via manual solutions and then waiting weeks or months to ultimately collect the ESI. Wilson shows the danger of simply preserving data and makes the argument that you should either “collect to preserve” or collect very shortly after the litigation hold notice goes out. While focusing on a certain media type (flash drive), this analysis can be extended to any digital system containing ESI that inherently has some set failure rates or can be imagined to fail without express, conscious action (due to loss, theft, recycling, etc.).

Identification & Collection: “Manual” Collections Come Under Fire

Case: Green v. Blitz U.S.A. (E.D. Tex. Mar. 1, 2011)

Summary: In this case, Plaintiff sought to re-open her lawsuit despite prior settlement upon learning that defendant had failed to produce relevant documents. Finding that defendant had committed discovery abuses, including failing to disclose relevant evidence and failing to issue a litigation hold, the court ordered defendant to pay plaintiff $250,000, to provide a copy of the court’s order to plaintiffs “in every lawsuit proceeding against it” for the past two years and to file the court’s order in every case that defendant is involved in for the next 5 years. It was revealed that the employee “solely responsible for searching for and collecting documents relevant to litigation” issued no litigation hold, conducted no electronic word searches for emails, and made no effort to speak with defendant’s IT department regarding how to search for electronic documents.

Why it’s important: Green is the latest in a line of cases [See also Ford Motor Co. v. Edgewood Properties Inc., 257 F.R.D. 418 (D.N.J. 2009) and Phillip M. Adams & Assoc., LLC v. Dell, Inc., 621 F. Supp. 2d 1173 (D. Utah 2009) ] that have been highly critical of manual (or self) collection efforts by the individual custodians. Historically, if the custodians were monitored/supervised enough by counsel, this manual collection process was largely deemed defensible, but it looks like this behavior is simply too risky for any conservative enterprise. The better practice is to leverage the custodians to point out where relevant ESI might exist and utilize software tools to conduct broad collections from key players. While it’s not necessary to use IT tools to collect data immediately for all custodians who have received a litigation hold notice, it’s probably unreasonable to not quickly collect ESI (via formal, IT based methods) from at least some subset of key players. The main point is that this isn’t an all or nothing calculation. Costs, risks and benefits should all be carefully evaluated and documented, in case there’s a downstream challenge.

Analysis & Review: Failure to Test Keywords and Sample

Case: Mt. Hawley Ins. Co. v. Felman Prod., Inc., (S.D. W. Va., 2010).

Summary: In this case the court examined the reasonableness of plaintiff’s precautions to prevent disclosure of email, which was inadvertently produced by the plaintiff amidst “a massive disclosure of e-discovery.” The Mt. Hawley court applied the five-factor test established in Victor Stanley, Inc. v. Creative Pipe, Inc. (D. Md. 2008) and found that the producing party had not taken reasonable steps during discovery. In particular, the court was unwilling to find that the inadvertent production of 377 privileged documents was “solely attributable” to a technological glitch and instead found that plaintiff and counsel “failed to perform critical quality control sampling to determine whether their production was appropriate and neither over inclusive nor under-inclusive.” This finding meant that their attorney client privilege was waived as to the subject documents.

Why it’s important: Mt. Hawley demonstrates why sampling and keyword search term formulation is critically important to any defensible discovery effort. In many instances where “blind” keyword strategies are used, the producing party is taking on an undue risk, in essence flirting with the “3^rd rail” of electronic discovery (inadvertent production). Blind keyword searching (followed by brute force review and production) is sadly still a very common practice today. My hope is that cases like Mt. Hawley will force the blissfully ignorant practicioners to take stock of their risky practices and get with contemporary best practices like ECA, sampling, iterative search and the like.

Conclusion

Simply by creating such a list, I’m sure to leave off cases other folks think are more buzz worthy. But, for me, having a few good legal chestnuts is better than trying to boil the ocean and synthesize all the available case law. If you have any comments I’d be eager to hear (good, bad or indifferent).