e-discovery 2.0

Last month, Gartner published the 2011 Magic Quadrant for E-Discovery Software, its first ever Magic Quadrant (MQ) on the electronic discovery industry.

We believe the Gartner MQ signals e-discovery’s arrival as a major category of enterprise software, and creates a single, definitive “buyers’ guide” to help companies choose between the various solutions.  As the report points out, “The reason e-discovery is now a pressing issue for most companies is clear: ESI in all its many forms dominates legal proceedings because modern business is mostly conducted using electronic communications and electronic records. Regulators require this ESI to be archived for proof of compliance.”[1]

The authors of the report, Debra Logan and John Bace, are two of the industry’s leading lights. The report reflects their deep understanding of the domain and includes several keen insights into emerging trends and market dynamics.

Most software buyers are familiar with Gartner Magic Quadrants and the rigorous methodology behind them. In order to be included in the MQ, vendors must meet quantitative requirements in market penetration and customer base and are then evaluated upon certain criteria for completeness of vision and ability to execute. In the Magic Quadrant for E-Discovery Software, Gartner states that, “Ease of use, intuitive user interfaces, attorney-focused workflow, advanced but transparent semantic analysis features, native file format review, and foreign language support are all considered desirable features from the end user’s point of view.”[2] According to the report, “A vendor’s ability and willingness to perform proofs of concept (POCs) is also important, and many references told us that, with certain vendors, “try before you buy” arrangements or POCs were so successful that they did not even open their tendering process to competitive bidding.”[3]

In total, the Gartner Magic Quadrant for E-Discovery Software report analyzes 24 different e-discovery software vendors, and is meant to help CIOs, general counsel, IT professionals, lawyers, compliance staff and legal service providersunderstand the dynamics and landscape of the e-discovery software market. Combined with its analysis of the factors driving the growth of e-discovery and its vendor-by-vendor evaluation, we believe this makes the report a must-read for anyone involved in selecting an e-discovery solution.

For a limited time, please register here to download a complimentary copy of the Gartner Magic Quadrant for E-Discovery Software.

About the Magic Quadrant
The Magic Quadrant is copyrighted 2011 by Gartner, Inc. and is reused with permission. The Magic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts Gartner’s analysis of how certain vendors measure against criteria for that marketplace, as defined by Gartner. Gartner does not endorse any vendor, product or service depicted in the Magic Quadrant, and does not advise technology users to select only those vendors placed in the “Leaders” quadrant. The Magic Quadrant is intended solely as a research tool, and is not meant to be a specific guide to action. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

---

[1] Gartner, Inc. “Magic Quadrant for E-Discovery Software”, by Debra Logan, John Bace, May 13, 2011, page 5.

[2] Gartner, Inc. “Magic Quadrant for E-Discovery Software”, by Debra Logan, John Bace, May 13, 2011, page 8.

[3] Gartner, Inc. “Magic Quadrant for E-Discovery Software”, by Debra Logan, John Bace, May 13, 2011, page 9.

I’ve just returned from a trip across the pond where I spoke at IQPC’s Information Retention and eDisclosure Management conference, which was well attended by both local practitioners and experts from the States.  In addition to numerous discussions comparing and contrasting the US e-discovery and UK e-disclosure practices, there was also a ton of time spent focusing on regulatory compliance.  In particular, the Bribery Act 2010 was a hot topic, not surprisingly given its looming implementation date of July 1.

It occurred to me that both with the Bribery Act and its kissing cousin, the FCPA, the UK and US are strikingly similar in many ways.  We both speak the same language (sort of), but there are any number of things that are just different enough that Americans must take pause.  As an easy example, crossing the street in London can be a perilous journey given our tendency to “look left.”  Fortunately our friends abroad don’t want their lorries dented up by hapless yanks so they kindly paint numerous “look right” signs on street corners throughout their fair city.

As e-discovery and e-disclosure continue to mature in their respective lands, the sense is that the difference will rapidly become obscured, especially in light of how well the countries seem to be collaborating around best practices and civil procedure standards.  During the judges’ panel at the IQPC event, noted e-discovery legends (Judges Grimm, Peck and Facciola) roundly complimented the UK’s disclosure process, often describing how much the US can learn from our allies.

Similarly, it’s interesting to see how the Bribery Act has “gone to school” on the FCPA.  For the past decade or so the UK has been criticized for its Laissez-faire attitude towards commercial bribery, particularly with a glaring gap in applicable legislation (like the FCPA). And, while a wee bit late to the party, the UK finally enacted its anti-bribery statute (on April 8, 2010), curiously dubbed the “Bribery Act 2010,” which in many way leapfrogs the 34 year old FCPA.  While ostensibly similar, the Act differs from the FCPA in a number of ways, many of which broaden applicability. For example, unlike the FCPA, the Act covers bribes to both the public and private sector and does not make an exception (like the FCPA) for facilitation payments (small payments given to public officials to speed up a routine service).  Similarly, the Act applies to all organizations that do business in the UK, even if they’re not based there, and even if the bribery occurs in another country.

The Bribery Act was originally scheduled to become effective in October of last year but, after numerous delays and outcries from the business community, the Ministry of Justice recently issued its “Bribery Act 2010: Guidance” and announced that the Act will finally take effect on July 1, 2011. This guidance has been eagerly awaited by anxious enterprises given the extremely broad potential of the Act.In concert with the recently promulgated prosecutorial guidelines, the guidance document gives some insight into how UK prosecutors (as enforced by the Serious Fraud Office) will initially decide who to pursue and then how the Act will be applied.  Fortunately, the promulgated guidance documents suggest that the Act is “directed at making life difficult for the mavericks responsible for corruption, not unduly burdening the vast majority of decent, law-abiding firms.”

To this end, the Guidance states that “[i]t is a full defence for an organisation to prove that despite a particular case of bribery it nevertheless had adequate procedures in place to prevent persons associated with it from bribing.”  It is these “adequate procedures” that provide a safe harbour of sorts and therefore should be perused quite carefully by impacted organisations to ensure that their compliance programs are up to muster.  The following six “guiding principles” are designed not to be prescriptive or “one-size-fits-all,” but rather to suggest a “risk-based” and proportionate approach to managing bribery risks.

1. “Proportionate procedures: A commercial organisation’s procedures to prevent bribery by persons associated with it are proportionate to the bribery risks it faces and to the nature, scale and complexity of the commercial organisation’s activities. They are also clear, practical, accessible, effectively implemented and enforced.
2. Top-level commitment:  The top-level management of a commercial organisation (be it a board of directors, the owners or any other equivalent body or person) are committed to preventing bribery by persons associated with it. They foster a culture within the organisation in which bribery is never acceptable.
3. Risk assessment: The commercial organisation assesses the nature and extent of its exposure to potential external and internal risks of bribery on its behalf by persons associated with it. The assessment is periodic, informed and documented.
4. Due diligence: The commercial organisation applies due diligence procedures, taking a proportionate and risk based approach, in respect of persons who perform or will perform services for or on behalf of the organisation, in order to mitigate identified bribery risks.
5. Communication (including training): The commercial organisation seeks to ensure that its bribery prevention policies and procedures are embedded and understood throughout the organisation through internal and external communication, including training, that is proportionate to the risks it faces.
6. Monitoring and review: The commercial organisation monitors and reviews procedures designed to prevent bribery by persons associated with it and makes improvements where necessary.”

Organisations looking for clarity should certainly start with an analysis of how well their existing anti-bribery procedures (many likely designed with the FCPA in mind) map to the six principles.  The hope of many is that the Bribery Act won’t inherently require a complete reboot for entities trying to comply.  Instead, a more measured and reasonable goal should be to have complaint entities examine the Act to see if any augmentation is necessary.  Fortunately, the Guidance principles are peppered with terms like “proportionate”, “risk-based” and “practical” that should give solace to the entities that had significant indigestion when the Act was first released.

Traditional e-discovery solutions may very well be called into duty to help augment an organisation’s “adequate procedures” particularly regarding the “risk assessment” and “due diligence” principles.  These two principles specifically call out procedures that proactively facilitate:

• Identification of the internal and external information sources that will enable risk to be assessed and reviewed.
• Accurate and appropriate documentation of the risk assessment and its conclusions.
• Conducting direct interrogative enquiries, indirect investigations, or general research on proposed associated persons.
• Appraisal and continued monitoring of recruited or engaged “associated” persons may also be required, proportionate to the identified risks.

Re-purposing of e-discovery tools in this compliance context makes sense given how things have played out here in the States with the FCPA and provides yet another way to rationalize bringing solutions in-house.  In this scenario the advanced analytical components will likely come more into play than will the downstream review and production elements.  This expansion of traditional e-discovery concepts, procedures and applications is logical and coincides with a leftwards movement on the EDRM spectrum.  It’s also aligned with rapidly expanding notions of IMRM and information governance.  I postulate that soon it will be too limiting to just talk about pure “e-discovery”tools since it inherently leaves out the rest of the compliance story.  In addition to looking “right” we’ll also need to look “left” (on the EDRM) to take into account use cases like the Bribery Act.

It seems all too easy to poke fun at Charlie Sheen’s antics of late.  And, while they serve as cautionary tales in numerous contexts, his use of social media to launch his “tiger blood” fueled rampage against his former employer may mean that these rants may actually turn into evidence someday soon in his breach of contract action.  On one hand, his public meltdown was surely a high water mark for social media as a window into the real-time (can’t look away) train wreck that is now Mr. Sheen’s career.  After all, he now has over 3 million Twitter followers and for those who don’t expressly follow his now infamous rants (e.g.,“#winning”) other media outlets stand by to repost and re-tweet every scintillating (less than 140 character) proclamation.

For those who think that they’d prefer to have less Sheen in their daily diets, let’s use his 15 minutes of über-fame to examine the impact of social media on the traditionally email oriented electronic discovery process we’ve all come to know and love.  On balance, while the electronic discovery and regulatory issues are all fundamentally the same, the social media genre does genuinely pose a range of tactical and strategic challenges.

Accept Reality and Plan Accordingly

For many organizations, it’s easy to exhale as they’ve finally reigned in some of the email chaos during the 2000s.  But, this small victory in the larger information management war has been eclipsed by new challenges posed by social media.  The problem isn’t just that the types (Twitter, LinkedIn, Facebook, Flickr, YouTube, etc.) are increasing at a mind numbing speed, but the volumes of accumulated data (1 billion tweets per week) is also proliferating wildly.  A recent article published under the Sedona Conference’s aegis, The Impact of the Internet and Social Media on Records and Information Management: Unexpected Bedfellows Highlight the Need for Effective Information Management –Now More than Ever points out:

“Most commentators agree that, if social networks in the workplace are inevitable, corporations must resign themselves to the inevitable and prepare accordingly. …

To combat these risks, companies must understand the interactions between IT and legal and how they intersect in the world of Records and Information Management. Companies must also employ a cross-discipline approach to issues in order to properly address access rights, digital security, Records and Information Management policies and programs, short and long-term data storage strategies, audit processes, enforcement protocols, incident and litigation response plans, and employee education programs.”

The authors correctly state: “[h]ard decisions need to be made, and resources committed, but an ounce of current prevention now may certainly outweigh the inevitable pound of information loss.”  This “pound” is most often paid out by organizations in response to electronic discovery costs, which are axiomatically linked to the amount of electronically stored information (ESI) a company needs to collect, process, review and produce for the matter at hand.

So, like the first stage in the Kübler-Ross grief process (denial), organizations need to accept the reality of social media, understand the implications (cost, risk, information security challenges, etc.) and start to plan accordingly.  Yet, the denial seems to be ever-present.  In a recent survey by the Electronic Discovery Reference Model (EDRM) it was shockingly noted that “[w]ritten policies for social media are non-existent,” with 85 percent of industry professionals admitting that “no written policies existed within their organizations regarding the preservation of data for any of the wildly popular social networking sites.”

Deploy the Right Information Governance Policies

Step one in this challenging task is to reign in the authorized/unauthorized use of social media.  This likely doesn’t equate to the wholesale prohibition of all social media (which would be nearly impossible to enforce).  Instead, the goal should be to define what is permissible via policies and procedures, and that in turn should be used to identify expectations of reasonable corporate conduct.  This effort should inherently recognize that there are legitimate business purposes (ideally with defined corporate objectives), as well as individualized usages (that nevertheless may still be supportive of company goals) for the use of social media.  In all instances it will be important to calculate the benefits of the social media activity (increased collaboration, real-time communication, ubiquity, etc.) with the risks (lack of information control, reduced productivity, etc.).

Organizations may also consider which of their own social media forays constitute a business record and whether or not they should be proactively archiving/capturing/preserving such ESI to create a robust document trail if social media ever becomes a factor in litigation.  Unfortunately, as with a number of other quickly developing paradigms such as cloud computing, there’s often a “ready, fire, aim” approach where the legal, risk and compliance ramifications aren’t well thought out prior to deployment.

Social Media Use Cases Proliferate

In just the past few months there have been numerous instances where social media has taken center stage in the electronic discovery and compliance realms.  Here are just a few recent examples:

• Facebook – In what’s been called the Facebook firing case, the National Labor Relations Board (NLRB) jumped in to chastise an employer for allegedly firing an employee due to a Facebook post (where she allegedly called her boss a “mental patient”).  The NLRB said that policy was in violation of the National Labor Relations Act, which gives employees the right to discuss “the terms and conditions of their employment with others.”
• LinkedIn – In a recent breach of contract action, an employer claimed it had evidence of improper solicitation of its employees through the LinkedIn connections of one of the defendants.

Electronic Discovery Costs Rise in Concert with Social Media

While “ESI is ESI” to some extent, there are tactical challenges with conducting electronic discovery of social media.  Using the EDRM model as a guide, the first main hurdle will be Identification.  In this stage, the challenge will be to identify (ideally through data maps and corporate policies) the instances of social media that are being legitimately used within an enterprise.  This process is typically linked to key players, versus searching the entire data universe for specific key terms.

Once this thorny issue is confronted, the even bigger challenge involves determining how to manage the risk-laden Preservation process.  Here, the highly dynamic nature of social media stands in contrast with its email counterpart, which in many ways was designed to be used in a linear, threaded format.   The preservation of social media has two main challenges.  The first one is access since the information may be private or semi-private.  In this setting, the recent case of Romano v. Steelcase Inc. (N.Y. Sup. Ct. 2010) shed light on some of the privacy issues:

“[W]hen Plaintiff created her Facebook and MySpace accounts, she consented to the fact that her personal information would be shared with others, notwithstanding her privacy settings. … Since Plaintiff knew that her information may become publicly available, she cannot now claim that she had a reasonable expectation of privacy. As recently set forth by commentators regarding privacy and social networking sites, given the millions of users, ‘[i]n this environment, privacy is no longer grounded in reasonable expectations, but rather in some theoretical protocol better known as wishful thinking.’”

Assuming the privacy issue can be overcome, the next issue is encountered during the Collection phase, since it will be hard to actually preserve social media in situ because the content is dynamic and at the whim of the user and the applicable site.  Aside from a few recent developments like Facebook’s “Download Your Information” feature and the library of Congress’ decision to archive all tweets since March, 2006, most social media ESI is fleeting and hard to collect.  The current brute force methodology is to simply take screenshots of the relevant blog, tweet or status update.  The challenge with this approach isn’t necessarily with admissibility (see below).  Instead, this static modus operandi makes it nearly impossible to utilize analytical tools to search and review the social media content.  Assuming the use cases and volumes continue to proliferate at current speeds (which is a safe bet), then leveraging analytical tools becomes that much more important in the effort to control costs.

Over time, enterprises will attempt to funnel users into corporate social media platforms that have governance abilities built in, particularly export functionality that will permit more advanced search and analytics from purpose-built e-discovery applications.  But, for now, the herding cats exercise will continue as the corporate community tries to keep up with the faster moving user base.

Admissibility is an Open Question

Not to be forgotten, the core underpinning to a successful collection of social media content is the ESI’s admissibility, since the ability to use data in court is the sine qua non for conducting the electronic discovery process in the first place.  In the seminal case on the admissibility topic, Lorraine v. Markel Am. Ins. Co., (2007), United States Magistrate Judge Paul W. Grimm noted that “[v]ery little has been written, however, about what is required to insure that ESI obtained during discovery is admissible into evidence at trial.”  He went on to note that “[t]his is unfortunate, because considering the significant costs associated with discovery of ESI, it makes little sense to go to all the bother and expense to get electronic information only to have it excluded from evidence or rejected from consideration during summary judgment because the proponent cannot lay a sufficient foundation to get it admitted.”

While it’s difficult to quickly summarize the authentication requirements for social media, it is an important aspect that can be achieved a number of ways (pursuant to FRCP 901, which only provides illustrations).  The most likely course would be to utilize the “personal knowledge” approach, which permits authentication by testimony “that a matter is what it is claimed to be.”   Other approaches, such as utilizing metadata (which works well for more static ESI) will be less applicable for social media since it is more ephemeral.

Conclusion

Many have proclaimed that social media will soon render email obsolete as the primary form of corporate communication.  While this remains to be seen, social media is quickly elbowing its way into the electronic discovery conversation and this new kid on the block needs to be taken seriously, or the unwary practitioner may unwittingly find out (via tweet) that their case has been dismissed because of spoliation.

I am thrilled to announce that Clearwell has signed an agreement to be acquired by Symantec for $410 million ($390 million, net of our cash balance of $20 million). By bringing together Clearwell’s market leading e-discovery platform with Symantec’s market-leading archiving solution, we are uniquely positioned to provide customers with the next generation of information management solutions.

The e-discovery software industry has matured rapidly in the 6 years since Clearwell was founded. As electronic information has become a key part of all litigation, regulatory inquiries, and internal investigations, companies have had no choice but to adopt e-discovery software to keep their costs down. Some have done so by bringing e-discovery in-house; others prefer to work with law firms and litigation support companies who provide cloud-based solutions. Either way, e-discovery software has become widely adopted by corporations, government agencies, and law firms around the world.

Clearwell has been a major beneficiary of these trends. Our annual sales have grown rapidly to over $50 million, and the company has been profitable since 2009. Today, we have over 400 customers and 75 partners in 14 different countries.

Many of these customers are using Clearwell together with Symantec Enterprise Vault in a single integrated workflow, and they have often requested that we couple our products more tightly to better serve their information management needs. That’s what led us to partner with Symantec for the past several years and ultimately led to this transaction. Over time, we see corporations and government agencies increasingly seeking information management solutions that encompass both e-discovery and archiving, making the combination of Clearwell with Enterprise Vault incredibly compelling.

In the near term, we expect very little to change for our existing customers. The product will continue to be sold on a standalone basis and supported by the Clearwell team. We remain committed to serving law firms and litigation support partners, who are absolutely critical to our success in more ways than we can describe.

This is an exciting time for the e-discovery industry. Last week, Gartner published its first ever Magic Quadrant For eDiscovery Software. Today, Symantec and Clearwell join forces to deliver a seamless, integrated archiving and e-discovery management workflow, benefitting all our customers. You can find more information about the acquisition at: http://www.symantec.com/clearwell.  There are exciting times ahead.

As the buzz around Watson and its foray into human-like (actually super-human) performance subsides, it may be time to take stock of what all the fuss was about. After all, we’re all used to computers doing better than humans in many things and even take its superior store of knowledge for granted. And, on the surface, we get answers to questions on pretty much anything from a simple Google or Bing search. So, what really is the big deal and is it even relevant in the context of electronic discovery?

For those not clued in on this, Watson is a brainchild of a four-year effort from 20-25 researchers at IBM, to build a computing engine that would successfully compete at champions-level at the popular quiz show, Jeopardy. Although it blundered on a couple of answers, it competed very well, with a wide margin of victory. Several industry experts that learned of it and watched the show have lauded this as an accomplishment at the same scale or even better than the IBM Deep Blue beating Chess Grand Champion, Gary Kasparov, in 1997. So, let’s examine if this is indeed worthy of the accolades it has gotten.

Behind Watson is an impressive piece of hardware – a series of 90 IBM Power 750 nodes, adding to 16TB of memory and 2,880 Power7 processor cores delivering a staggering 80 teraflops of peak performance.  All the hardware is highly inter-connected with ability to work on problems in parallel, but still marching to a final result in three seconds or less – just fast enough to beat the human buzzer. Some highlights of the computing infrastructure from the hardware architect, Dr. James Fan, at IBM indicate that the three-second timeframe meant the entire corpus of 200 million pages was loaded into memory. Also, with several processors simultaneously working on pieces of the problem, they place very high I/O requirements. The hardware supports a multi-processing OS, with virtualization, in a workload optimized system. The software drives the hardware using thousands of dense threads, with each thread of execution processing a large chunk of work with minimal context switch. Also, given the large number of cores, each thread is optimally allocated to a core. Branded as DeepQA, the software executes a series of complex algorithms in order to solve a very specific problem: winning on Jeopardy.

First, the Jeopardy game provides categories of clues. Some categories help in understanding the clue, while others are simply misleading to a computer. Next, the clue is revealed and one needs to determine what the clue is really asking, since many clues do not ask for a factoid with a direct question, but rather is a composition of multiple sub-clues, each related to another in some linguistic, semantic, syntactic, temporal or other forms of connection. The decomposition of clues and figuring the relationships is a challenge even for humans. Finally, after one understands the clue, you then have to hone in on an answer with some level of confidence, within a three-second window, and must activate the answer buzzer ahead of the rest of the competitors. Besides individual clues, one has to also devise an overall game strategy for selecting the next category, selecting a clue within that category, how much to wager on the Double Jeopardy and the Final Jeopardy. Overall, the game is a complex amalgamation of knowledge, language analysis, gaming strategy and speed of recall of answers.

The software architecture of the DeepQA system is documented in a paper published in AI Magazine. The team built several components to address each area of the problem, with many independent algorithms in each component.  There are lots of complicated technical details, but the final outcome is a human-like response.

A question on that anyone who examines its inner workings has is whether the system is really natural language processing, or statistical language analysis, or machine learning or some sort of ad-hoc program, which doesn’t fit any traditional area of analytics. It does appear to be an combination of several techniques, which may mirror exactly how humans go about solving these clues. We seem to have a large collection of knowledge, initially unconnected but the category, the clue, the hypothesis all appear to generate word and concept associations and a fuzzy evaluation of confidence measures which all converge into a confidence with which a competitor answers a question. It is the replication of these processes by algorithms that makes it truly an astounding achievement.

Given the success of DeepQA’s performance, a natural question is whether it has any practical value for helping us solve day-to-day problems. More specifically, can it cope with the information overload and the challenges of e-discovery posed by that mass of information?  Use within e-discovery context has been explored by several authors, most notably, Robert C. Weber of IBM and Nick Brestoff in recent Law.com articles. Their analysis is based on the ability to explore vast volumes of knowledge. But really, what DeepQA tackled is something more significant – the inherent ambiguity in human spoken and written communication. Our natural instincts are to employ subtle nuances, indirect references, implicit assumptions, and incomplete sentences. We tend to leverage prior and surrounding context in most of our communications. It’s just the natural way of communications, since doing so is actually very effective. We assume establishing context is redundant, unproductive and unnecessary as it tends to make communication repetitive. By not employing a rigid structure in how we write, we are able to bring to bear concise exchanges that span a large volume of information.

If the last two decades is an indicator, the nature of communication is getting less formal, with emails, instant messages, tweets, and blog posts replacing well-crafted formal letters and memos. And, forcing individuals to communicate using rigid, unambiguous text in order for it to be processed by computers easily would mean a huge change in behavior in how people communicate. Any action that contemplates such a change in behavior across billions of people is simply not going to occur. What this means is that the burden for automated analysis using computing algorithms is even greater. This is what makes the discovery of relevant content in the context of e-discovery a very hard problem, one that is worthy of the sort of technological prowess employed by DeepQA team.

Given that our appetite for producing information is ever-increasing, while its discoverability is getting harder, taking the work of DeepQA and adapting it to solve e-discovery needs has the potential to make significant improvements in how we tackle the search, review and analytical aspects of e-discovery.  DeepQA took an easily articulated goal of answering at least 60% of the clues with 85% precision in order to reach champion levels. That was sufficient to win the game. Note that there was never an attempt to get 100% of all clues, with 100% confidence. In the realm of e-discovery, we would be looking at taking a very general production request such as the TREC 2009 Topic 201 “All documents or communications that describe, discuss, refer to, report on, or relate to the Company’s engagement in structured commodity transactions known as prepay transactions.” and use just such a simple articulation of the request to produce relevant documents. It is the core algorithms of machine learning, multiple scoring methods, managing relevance and confidence levels along with traditional information retrieval methods that form the ingredients of the new frontier of automated e-discovery. Beyond e-discovery, application of DeepQA algorithms for business analytics also has significant potential, where fact and evidence-based decision making using unstructured data is likely the norm. DeepQA’s very public Jeopardy challenge has shown that the ingredients needed for enabling such problem solving is well within the realm of possibility.

I was at Sedona midyear meeting last week and during Ken Withers’ excellent discussion of recent e-discovery case law, a few thoughts occurred to me. First, there are so many cases coming out now each week it’s hard to stay above the fray and mine for useful nuggets. The task is a bit Sisyphean, so folks like Ken (who keep a rolling index of cases) are particularly helpful. Next, I was struck by how hot Pension Committee still is, even after almost a year and a half. Certainly, this ongoing spotlight wasn’t an accident, and it’s almost certain that Judge Scheindlin is pleased by the ongoing debate.

I frequently get questions from enterprise clients regarding which cases they should know about, and so I put together an EDRM oriented (left to right) list for folks who just can’t get to all the latest cases. While it’s not an annual roundup per se, I do think it’s a bit more functional for busy electronic discovery professionals who need to stay current. So, here’s the buzz index of cases arranged by topic:

Preservation: The Legal Hold Gold Standard

Case: Pension Committee of the Univ. of Montreal Pension Plan, et al., v. Banc of America Securities, LLC, et al. (S.D.N.Y. 2010).

Summary: The dispute focused on claims by a group of investors who brought an action to recover losses of $550 million dollars stemming from the liquidation of two British Virgin Islands based hedge funds. Unlike many typical e-discovery disputes, this instant action focused on the conduct of the plaintiffs as they attempted to deal with the often murky landscape of electronically stored information (ESI) preservation, collection and production. Judge Scheindlin goes out of her way to crystallize duties and identify the type of conduct that can cause an e-discovery breach. “After a discovery duty is well established, the failure to adhere to contemporary standards can be considered gross negligence. Thus, after the final relevant Zubulake opinion in July, 2004, the following failures support a finding of gross negligence, when the duty to preserve has attached:

• to issue a written litigation hold;
• to identify all of the key players and to ensure that their electronic and paper records are preserved;
• to cease the deletion of email or to preserve the records of former employees that are in a party’s possession, custody, or control;
• and to preserve backup tapes when they are the sole source of relevant information or when they relate to key players, if the relevant information maintained by those players is not obtainable from readily accessible sources.”

Why it’s (still) important: First of all, Pension Committee is written by Judge Scheindlin, who is the most famous electronic discovery jurist on the planet. Next, since she’s in the Southern District of New York, it means that folks even in other jurisdiction that aren’t bound by her opinions still must take heed given the fact that New York is home to so many multinational organizations. Finally, her opinion is the clearest (even if disputed) articulation regarding the standard of care for the issuance of legal holds and the duty to preserve ESI. She attempts to categorically define conduct that is grossly negligent and therefore susceptible to extreme sanctions, including spoliation inferences and terminating sanctions. Fortunately, she recognizes the numerous challenges associated with electronic discovery. And, so as to blend in a healthy dose of reality Judge Scheindlin also said: “In an era where vast amounts of electronic information is available for review, discovery in certain cases has become increasingly complex and expensive. Courts cannot and do not expect that any party can meet a standard of perfection.”

In the end, Pension Committee, was the case of the year in 2010 and even in 2011 it’s generating an unprecedented level of retrospectives (here and here). It may be because Judge Scheindlin’s relatively bright line standard has created so much debate, but in the end the Pension Committee discussion will likely continue for the foreseeable future (perhaps only ending when/if the culpability rules are amended to create a unified national standard).

Preservation: Why Preserve in Place is Risky?

Case: Wilson v. Thorn Energy, LLC, (S.D.N.Y. 2010).

Summary: In Wilson, the defendant corporation identified a flash drive that contained relevant ESI, but rather than copying that data safely to a centralized evidence repository, the defendant’s employee chose to hold on to the drive, putting it instead into a desk drawer. When the files were requested for review and production, the files could not be read from the drive. The defendant’s employee attempted to recover the ESI contained on it, but those efforts failed. Granting plaintiffs’ motion for sanctions, the court ordered that defendants would be precluded from offering evidence at trial concerning the data contained on the discarded drive.

Why it’s important: In today’s e-discovery world, many organizations are instituting hold processes via manual solutions and then waiting weeks or months to ultimately collect the ESI. Wilson shows the danger of simply preserving data and makes the argument that you should either “collect to preserve” or collect very shortly after the litigation hold notice goes out. While focusing on a certain media type (flash drive), this analysis can be extended to any digital system containing ESI that inherently has some set failure rates or can be imagined to fail without express, conscious action (due to loss, theft, recycling, etc.).

Identification & Collection: “Manual” Collections Come Under Fire

Case: Green v. Blitz U.S.A. (E.D. Tex. Mar. 1, 2011)

Summary: In this case, Plaintiff sought to re-open her lawsuit despite prior settlement upon learning that defendant had failed to produce relevant documents. Finding that defendant had committed discovery abuses, including failing to disclose relevant evidence and failing to issue a litigation hold, the court ordered defendant to pay plaintiff $250,000, to provide a copy of the court’s order to plaintiffs “in every lawsuit proceeding against it” for the past two years and to file the court’s order in every case that defendant is involved in for the next 5 years. It was revealed that the employee “solely responsible for searching for and collecting documents relevant to litigation” issued no litigation hold, conducted no electronic word searches for emails, and made no effort to speak with defendant’s IT department regarding how to search for electronic documents.

Why it’s important: Green is the latest in a line of cases [See also Ford Motor Co. v. Edgewood Properties Inc., 257 F.R.D. 418 (D.N.J. 2009) and Phillip M. Adams & Assoc., LLC v. Dell, Inc., 621 F. Supp. 2d 1173 (D. Utah 2009) ] that have been highly critical of manual (or self) collection efforts by the individual custodians. Historically, if the custodians were monitored/supervised enough by counsel, this manual collection process was largely deemed defensible, but it looks like this behavior is simply too risky for any conservative enterprise. The better practice is to leverage the custodians to point out where relevant ESI might exist and utilize software tools to conduct broad collections from key players. While it’s not necessary to use IT tools to collect data immediately for all custodians who have received a litigation hold notice, it’s probably unreasonable to not quickly collect ESI (via formal, IT based methods) from at least some subset of key players. The main point is that this isn’t an all or nothing calculation. Costs, risks and benefits should all be carefully evaluated and documented, in case there’s a downstream challenge.

Analysis & Review: Failure to Test Keywords and Sample

Case: Mt. Hawley Ins. Co. v. Felman Prod., Inc., (S.D. W. Va., 2010).

Summary: In this case the court examined the reasonableness of plaintiff’s precautions to prevent disclosure of email, which was inadvertently produced by the plaintiff amidst “a massive disclosure of e-discovery.” The Mt. Hawley court applied the five-factor test established in Victor Stanley, Inc. v. Creative Pipe, Inc. (D. Md. 2008) and found that the producing party had not taken reasonable steps during discovery. In particular, the court was unwilling to find that the inadvertent production of 377 privileged documents was “solely attributable” to a technological glitch and instead found that plaintiff and counsel “failed to perform critical quality control sampling to determine whether their production was appropriate and neither over inclusive nor under-inclusive.” This finding meant that their attorney client privilege was waived as to the subject documents.

Why it’s important: Mt. Hawley demonstrates why sampling and keyword search term formulation is critically important to any defensible discovery effort. In many instances where “blind” keyword strategies are used, the producing party is taking on an undue risk, in essence flirting with the “3^rd rail” of electronic discovery (inadvertent production). Blind keyword searching (followed by brute force review and production) is sadly still a very common practice today. My hope is that cases like Mt. Hawley will force the blissfully ignorant practicioners to take stock of their risky practices and get with contemporary best practices like ECA, sampling, iterative search and the like.

Conclusion

Simply by creating such a list, I’m sure to leave off cases other folks think are more buzz worthy. But, for me, having a few good legal chestnuts is better than trying to boil the ocean and synthesize all the available case law. If you have any comments I’d be eager to hear (good, bad or indifferent).

In past blogs I’ve discussed a number of cases that have expressed skepticism over the self collection of electronically stored information (ESI) in the electronic discovery process.  In many of these cases, the reviewing judge or magistrate has looked at this process with an increasingly jaundiced eye, in some cases using the self collection component as part of its rationale for sanctions.

My conclusion up until now has been that this collection methodology (where employees manually select and potentially harvest their own data) could be defensible if properly executed; meaning with the requisite level of attorney guidance and oversight.  And, while this is still technically accurate, I think the pendulum has swung far enough to proclaim that this approach is simply far too dangerous for most enterprises, except perhaps those that are extremely risk tolerant.

While there was no particular straw that broke the camel’s back, the trend in the case law now seems to be moving inextricably in one direction – i.e., that self (or manual) collection is no longer safe enough for average enterprises.  Just like tight rope walking without a safety net, self collection protocols aren’t inherently doomed to failure, but there isn’t much (probably any) margin for error.

In the recent case of Green v. Blitz U.S.A., (E.D. Tex. Mar. 1, 2011) we see yet another example of self collections gone awry.  In Green the Plaintiff sought to re-open her lawsuit despite a prior settlement, once she suspected that the defendant had failed to produce relevant ESI.  Finding that defendant had committed numerous discovery abuses, including not disclosing relevant evidence and failing to properly issue a litigation hold, the court put the hammer down, issuing a wide range of sanctions:

• Defendant had to pay plaintiff $250,000
• Defendant had to provide a copy of the court’s order to plaintiffs “in every lawsuit proceeding against it” for the past two years
• Defendant had to file the court’s order in every case that it is involved in for the next 5 years.

Self collection was again a material culprit in the culpable behavior.  It was revealed that the employee “solely responsible for searching for and collecting documents relevant to litigation” issued no litigation hold, conducted no electronic word searches for emails, and made no effort to speak with defendant’s IT department regarding how to search for electronic documents.  To exacerbate matters, the main individual in charge of collections was also closely tied to the research and development of the “flame arresters” that were at issue in this exploding gas can case.

Adding fuel to the fire (pun intended) was the fact that the responding company failed to locate or collect emails with the search term “flame arrester.”  The court went on to note that some of the smoking gun emails not only contained this “most obvious term to search for in electronic documents in this case”, but in fact “flame arrester” was used in the title of certain emails.

While folks have called this practice an example of a “fox guarding the henhouse,” in my mind it’s less that custodial bias renders self collection too risky for prime time.  While there are certainly examples like the Green case where bias likely was an issue, the bigger problem is that any significant reliance on custodians to direct a collection process (even a well supervised one) has too many failure points.  The most obvious (and innocent) scenario is where custodians simply can’t remember if they had responsive ESI or where such information might reside.  This problem can be particularly acute given the fact that litigation is almost always conducted in the rear view mirror.  Since I often can’t remember what I had for breakfast I don’t find it surprising that a custodian might not recall if they had data relating to a discrete issue 4-5 years ago.

As such, the contemporary “best practice” for the collection of ESI is quickly evolving past the old manual collection workflow.  Technology is rapidly making it quick and painless to conduct searches for blatantly relevant ESI (like emails with “flame arrester” in the title).  Not only can you conduct basic searches with existing technologies, but recent advancements around concept search and other analytical tools makes the failure to leverage these technologies seem that much more unreasonable.  For example, in the recent case of Northington v. H&M Int., (N.D. Ill. Jan. 12, 2011) the defendant was sanctioned, in part, because they didn’t search for minor misspellings of the plaintiff’s name.

When a court sees manual blunders like that in the Green case it’s not surprising to see such missteps cast as at least negligent and perhaps even more culpable.  This conclusion is made even easier when organizations like the Sedona Conference (in its Best Practices Commentary on the Use of Search and Information Retrieval Methods in E-Discovery) state:  “[i]n many settings involving electronically stored information, reliance solely on a manual search process for the purpose of finding responsive documents may be infeasible or unwarranted. In such cases, the use of automated search methods should be viewed as reasonable, valuable, and even necessary.”

Green is now the latest in a line of cases [See also, Ford Motor Co. v. Edgewood Properties Inc., (D.N.J. 2009) and Phillip M. Adams & Assoc., LLC v. Dell, Inc., (D. Utah 2009)] that have been highly critical of self collection efforts by individual custodians.  The better practice is to utilize technology to conduct collections from key players and perhaps leverage the custodians (and technology) to point out where relevant ESI might exist.  As such, a belt and suspenders approach is undoubtedly the safer way to go.  In this “dual protection” scenario “key custodians still search, identify, and self-collect what they think are relevant emails, but, as a fail safe, IT also collects all of the key custodians’ emails. Then attorneys search and identify relevant documents from this full, uncensored, unfiltered, collection. This double effort guards against the intentional and unintentional mistakes that can sometimes arise in self-collection.”

We know that electronic discovery is never going to be a perfect process, but self collections simply inject too much risk into an already complicated process.  Now is the time to change tactics and stop tight rope walking without a safety net.  After all, no enterprise wants to be the next to endure a highly publicized fall.

On February 21, 2011, U.S. Immigration and Customs Enforcement (ICE) filed a declaration as part of its ongoing case with the National Day Laborer Organizing Network (NDLON). That declaration, written by Ms. Pavlik-Keenan, made references to Clearwell that have since been selectively quoted and commented on by several of our competitors. Essentially, these competitors have tried to exploit the declaration and use it in a way which was not intended by ICE.

We realized on reading the Pavlik-Keenan Declaration (PK Declaration) that it contained many mis-statements. Until now, we have not responded publicly because this is an ongoing legal matter involving one of our customers, and we do not want to weaken ICE’s stated position. We also felt that, rather than speak out ourselves, it was more appropriate to approach ICE and ask for its help in correcting the public record. That process is ongoing, but there are now new documents from ICE in the public domain which correct some of the mis-statements in the PK Declaration. This blog post is based on information from these new documents.

When reading the PK Declaration, there are 4 important considerations to keep in mind:

#1: NDLON vs. ICE is a precedent-setting case

This is bleeding-edge stuff. The issue here is whether metadata is part of the public record and therefore discoverable under the Freedom of Information Act (FOIA). Judge Scheindlin says it is; ICE disagrees and is opposing her order to produce it. This is a grey area because the standards for FOIA are quite different from those for electronic discovery. Unlike with litigation, FOIA requests are governed by 9 exemptions which are designed to protect private information from being released to the public, and not by the FRCP. Should government agencies now be required to provide metadata, then they must redact that metadata to remove information covered by these 9 exemptions, which (according to the government) is difficult and expensive to do. To our knowledge, it’s also something that has hardly ever been done before, because people generally don’t redact metadata in a load file. So, prior to Clearwell’s use in this case, e-discovery products have typically not been used in this way.

#2: A declaration is an advocacy document, not a ruling from a judge.

This means the PK Declaration is designed to argue a point of view based on personal opinion, not be a statement of fact or legal conclusion. The stakes for the government in this matter are very high, since there are potentially thousands of FOIA requests which could be impacted by Judge Scheindlin’s ruling. So ICE has every incentive to argue forcefully that, whatever technology is used, the resources needed make it excessively expensive to comply with the court’s order. It just so happens that the technology used in this particular case is Clearwell.

#3: The PK Declaration is factually incorrect in several important areas.

There are many statements in the PK Declaration which are – quite simply – not true. To give 2 specific examples from the document:

A. Claim in PK Declaration: 11. … OPLA [Office of the Principal Legal Advisor] estimates that it was forced to expend more than $270,000.00 in upgrades, including the acquisition of a new $32,000.00 server, during this period in order to have access to and run the application.

A. Fact: Neither OPLA nor any other part of ICE paid a dime for upgrades or a new server. In reality, its use of the product for this matter is covered under ICE’s existing license, and we provided an extra server and services for free to help them meet a tight deadline. Clearwell’s “re-usable” license is specifically designed to allow customers to deal with unexpected cases at no incremental software cost, which is what happened here.

B. Claim in PK Declaration: 19. … ICE has been advised by the software vendor that ICE’s software, as it currently exists, cannot produce a “load file” that is compatible with Concordance 8X and/or Opticon 3X.

B. Fact: There are many customers using Clearwell today to produce “load files” for any of several industry leading formats in its export/production options, including Concordance, Summation, EDRM XML and Opticon. Clearwell also offers “Configurable Templates” to produce in any form that is requested.

To address these inaccuracies, on April 11, 2011, the US Attorneys’ Office took the highly unusual step of filing a supplementary declaration to (in their words) “clarify” its earlier statements. In the newly filed Document 86, Declaration of Ryan Law, it states:

6. … “the $270,000.00, which includes $32,000.00 for acquisition of a new server, has not yet been spent. … Clearwell loaned a new server to ICE for the duration of the January 17, 2011 production.”

7. … “ICE was not stating that Clearwell does not allow for the production of such a load file, just that ICE cannot do it with its current software.” All that’s required is a configuration file.

In addition to specific statements, such as those listed above which are now being clarified, the PK Declaration also makes broad generalizations about Clearwell which are untrue. ICE has released new information to address the most widely circulated of these:

C. Claim in PK Declaration: 14. … the agency should abandon the Clearwell application and discontinue its use.

C. Fact: ICE is a happy Clearwell customer who regularly takes reference calls on our behalf from other Federal agencies. As evidence of this, on April 8, 2011 (i.e., 6 weeks after the PK Declaration was filed), the contracting officer at ICE issued a letter (referenced in Document 86) which states that Clearwell “meets the government’s needs and performed in a satisfactory manner. As a result…ICE exercised the option (effective September 23, 2010) to extend the term of the contract through September 22, 2011.” You can read more about this in today’s press release.

#4: The PK Declaration misrepresents how Clearwell is being used at ICE.

ICE purchased Clearwell in 2009 for use by OPLA (Office of Principal Legal Advisor) on civil litigation matters. FOIA requests are handled by a different department with whom we had no contact until, without our knowledge, ICE FOIA decided to borrow Clearwell from ICE OPLA to respond to the FOIA request from NDLON in December 2010. In 16 working days, Clearwell was used to process a large volume of information and produce nearly 15,000 pages of Opt-Out Records (Document 79, Filed 3/30/11, Declaration by Sarahi Uribe). To help ICE meet its deadline, two Clearwell consultants worked onsite during this period – at absolutely no cost to ICE.

Much of this is recounted in the first Declaration of Ryan Law (Document 68, Filed 3/23/11), in the section entitled “Description of Events that Led to the Use of Clearwell”. I draw from that document below:

21: I [Ryan Day] consulted with other program offices within ICE and determined that using the e-discovery platform “Clearwell”, which is owned by the ICE Office of the Principal Counsel (“OPLA”), would offer the best chance for the Agency to meet its court-ordered disclosure requirement.

24: Clearwell was not obtained by ICE for FOIA applications. During the three-year application procurement and development process, OPLA did not take FOIA needs into consideration in determining the relevant capabilities the application would require.

26: At the time of the Court’s December 9, 2010 order, the Clearwell application was untested and was not yet approved for use. At that time, OPLA was in the beginning stages of establishing protocols for the use of the software and had originally anticipated a pilot phase of testing to begin in February or March 2011.

27: ICE OPLA was able to deploy Clearwell on December 20, 2011 for use by the FOIA Office on a provisional basis specifically to meet the January 17, 2011 deadline imposed for the production of records responsive to the Plaintiff’s request for “opt-out” records.

***

There is still a lot that we cannot say publicly about the PK Declaration, out of respect for ICE (our customer) who’s engaged in active litigation. But we would be happy to provide further information to concerned parties under NDA.

It’s widely known that Microsoft is a Clearwell customer, and uses our product for e-discovery across a wide range of matters. One such matter is the case of Datel Holdings v. Microsoft Corporation, which is presently in District Court for the Northern District of California. As part of those proceedings, Microsoft mentioned Clearwell in its Opposition to Datel’s Motion to Compel that was ruled upon on March 11, 2011:

Defendant explains that after potentially responsive documents were collected from custodians, they were loaded into a computerized document processing system known as “Clearwell.” Clearwell extracted metadata from each document and converted the documents into a format that allowed for text searching. Once the documents were processed through Clearwell, they were entered into an online platform, where they were reviewed by attorneys. For reasons still unknown to Defendant, Clearwell truncated some “Re-auth” documents during processing.

In itself, this sounds unremarkable. But we’ve noticed that some of our small competitors have been using this statement, and particularly the last line of it, to suggest that there are problems with the Clearwell product.

We realize that, as the market leader, there will always be small competitors seeking to leverage any opening to their advantage. Usually, we ignore this nonsense. But this time, to set the record straight, we asked our customer at Microsoft to respond on our behalf

Here’s what Joe Banks, who manages the e-discovery team at Microsoft, wrote about the issue and gave us permission to publish:

Statement from Microsoft:

In regard to the Declaration of Hojoon Hwang referenced in the 3/11/11 Order granting in part and denying in part plaintiff’s Motion to Compel in Datel Holdings LTD v. Microsoft, No.C-0905535EDL in the Northern District of California, the statement ‘For reasons still unknown to Defendant, Clearwell truncated some ‘Re-auth’ documents during processing’ should be corrected.  Microsoft subsequently learned that the cause of the truncation was the Microsoft software (AD/RMS Bulk Protection Tool) employed to decrypt previously encrypted content, and the truncation issue had nothing to do with Clearwell’s technology whatsoever.  Shortly after Mr. Hwang’s declaration was filed, he clarified – on the record in open court on February 22 – that Microsoft’s decryption process was the true cause of the data truncation:

6 A lot of Microsoft documents, including e-mails, are

7 encrypted when they are sent. And for production purposes, we

8 have to decrypt it. In that process, some of the material got

9 cut off.

Microsoft does not use Clearwell technology to decrypt its data.  In actuality, Clearwell’s Engineering and Support teams were instrumental in helping to identify the root cause of the truncation issue.  Microsoft continues to use Clearwell’s processing and analysis technology on this matter and greatly appreciates the partnership and support Clearwell provides without fail.

At Clearwell, we’re constantly ruminating on innovative ways to help make our customers’ e-discovery process more efficient. Given the astronomical growth of social gaming, we began asking ourselves, “How can we harness the power and passion of millions of social gamers for the greater good?”

Questions like this really get our engineers cooking, and what they came back with is, to steal a word from one of our most popular product launches a year ago, simply “magical”.

Starting today, Clearwell’s eDiscovery World leverages the red-hot consumer social gaming trend to provide dramatic and previously unattainable increases in e-discovery technology training and productivity. In fact, the promise of eDiscovery World is so great that we have added social gaming as a core part of our product architecture across all Clearwell modules, from legal hold through production.

And we’re not stopping there. We believe that strategic social gaming delivers such powerful benefits to a best practices e-discovery process, that we’ve proposed modifying the EDRM diagram to account for this critical new requirement for truly end-to-end discovery.

Prior to today, unstructured obsession with social gaming has actually been an obstacle keeping end-to-end e-discovery from becoming a reality in many organizations. Interviews conducted across law firms, service providers, and every major enterprise vertical indicate that the time spent protecting crops from withering and urban blight from descending upon virtual cities has left insufficient hours with which to implement next-generation electronic discovery technology. As a result, legal costs have continued to rise and the risk of sanctions has grown substantially. One Director of E-Discovery at a Fortune 100 company, when grilled about his organization’s failure to implement a robust legal hold process, pleaded, “Can you spare some Facebook credits so I can buy a chicken?”

Now, Clearwell has turned this challenge into a tremendous opportunity. In eDiscovery World, we provide an alternative to traditional social gaming that allows users to perform end-to-end e-discovery in a virtual environment – first in training mode to gain e-discovery process knowledge and experience, and then working with live documents and high-stakes cases. All stages of the e-discovery process are functional in the eDiscovery World environment, which is backed by a robust cloud computing platform able to support the largest and most complex cases. Best of all, in addition to the substantial productivity gains our beta customers have already achieved, many have even found their employees clamoring to forego significant portions of their salaries in order to earn precious Facebook credits, thus delivering dramatic cost savings for the organization.

eDiscovery World is truly a win-win, and we couldn’t be more excited about it. Enjoy!