eDiscovery was one of the hot topics at the recent International Legal Technology Association 2011 (ILTA 2011) Conference in Nashville, Tenn., which drew more than 2,500 attendees. Nearly 25% of the 185 vendors exhibiting at the show claimed to provide discovery products and/or services, and many more had offerings that could play a role.
Why did eDiscovery make such a big impact, and why now? The answer may lie in the fact that as law firms and in-house counsel engage in the identification, collection and processing of electronic evidence, they are experiencing significant challenges in the centralization, management and preservation of the information.
As way of background, it has been roughly five years since electronic discovery was introduced by the U.S. Federal courts as part of amendments made to the Federal Rules of Civil Procedure (FRCP). eDiscovery data, often referred to as electronically stored information (ESI), is digital data identified, collected and placed on legal hold as digital evidence until it is analyzed using digital forensic procedures in preparation for various types of legal matters and court proceedings.
eDiscovery is hard to get right, and, to make matters worse, the sheer volume of data and the number of data sources continues to grow exponentially. In a recent IDC report sponsored by EMC, the research firm forecasted that, by the end of this year, the volume of data created annually is expected to exceed 1.8 zettabytes, having grown by a factor of nine over the previous five years. That number is anticipated to increase to 35 zettabytes created annually by 2020.
That, of course, is a big challenge for inside counsel, law firms and lawyers who will need to securely store and then make sense of the data collected. This is a likely reason why 32 vendors at the conference provide document management and/or document storage products and services. An interesting side point is that the products and services offered by 11 of these firms are either cloud-enabled or cloud-based.
Where does all of this ESI data come from? It comes from any consumer, enterprise or government source of data creation, storage and communication operation imaginable: hard drives, databases, document management systems, websites, email and messaging systems, message boards, social networks and mobile devices, just to name a few.
To help organizations gain some level of control over this data, Recommind Inc. was demonstrating its eDiscovery solution designed to help organizations and firms get a grip on big data. The company claims its predictive analytics and predictive coding technologies will enable organizations to perform their own in-house collection of evidence while intelligently filtering out the unnecessary items, reducing the amount of data to be collected and stored. [Also see: "E-discovery options increase"]
During a few sessions at ILTA, however, there was discussion surrounding the risks associated with self-collection. The act of self-collection effectively puts the responsibility of preserving the evidence on the backs of the organizations themselves as they would be handling the collection and management of the evidence directly; consider a victim in an assault case collecting the weapon(s) and other evidence used in or associated with the assault. The risk here is that the organization may not have a full legal grasp of the requirements defining what needs to be collected from which assets during which time periods; a key piece of evidence could be missed.
Furthermore, by collecting the evidence themselves, organizations could mishandle the evidence, potentially rendering it inadmissible in court. Without question, the mishandling of evidence could introduce more risk than simply not capturing the right evidence. When queried on this topic, some legal firms said they were willing to accept the risks of self-collection if the legal firms representing both sides of the case agree to it. However, most said they would prefer their clients use accredited evidence collection services.
There were also discussions surrounding the topic of remote collection, the collection of data performed by an external source such as a cloud-based eDiscovery service provider. In this scenario, a secure connection is made between the evidence collection service provider and the organization whose systems are providing the evidence. Remote collection was deemed reasonable for certain situations where on-site collection was not feasible. However, in these cases, legal firms would require the providers of the remote collection service to leverage and provide assurance that they were utilizing secure collection channels, proven collection methods, trustworthy forensic tools, and end-to-end hash checks on both sides of the collection pipe. [Also see: "Symantec to acquire Clearwell for e-discovery"]
Reverting back to the self-collection tools for a moment, this method presented a slightly different story from that of the remote collection tools in that the self-collection tools were typically seen to be more acceptable to the law firms and viewed as being sufficient for non-critical metadata. As noted earlier, this acceptance applied when the law firms on each side of the case agreed. In the eyes of the law firms, self-collected evidence could potentially be considered legally-defensible, but not forensically-sound.
During the "Hands-On: Forensics 101 for Legal Professionals," session led by David Speringo of AccessData, Speringo discussed two forms of evidence: legally defensible and forensically sound.
Evidence is considered legally defensible if common tools are used that are part of the everyday policy management routine. The tools may not necessarily be forensic tools, but they get the job done in terms of collecting and saving the data. Procedurally, it is repeatable.
Evidence is considered forensically sound if it is acquired in a repeatable fashion such that if the final work product is ever called into question, it could be duplicated with proof that, throughout the entire process, the data never changed.
All efforts are effectively wasted if some of the evidence is missing or if the evidence has been tampered with in any way, said Owen O'Connor, founder of Cernam, an online evidence software vendor company based in Dublin, Ireland. O'Connor described the need to not only collect evidence from traditional sources, such as email and hard drives, but to go beyond the antiquated method of taking screenshots of data.
You must collect full HTML and supporting metadata from the likes of Facebook, LinkedIn, Twitter, Salesforce.com and others, O'Connor said. He took it a step further to suggest that, "with this uniquely fragile form of evidence, it is critical to collect the evidence correctly the first time -- there are often no second chances. Additionally, the evidence must be digitally signed as it is being collected, using a technology such as GuardTime's keyless signatures, converting trust to proof; proof of the time that the evidence was collected and proof that it had not been tampered with in any way since it was collected." [Also see: "Cernam raises the bar for capturing and preserving online content as evidence"]
Legal business is all about the evidence and related case matter. Organizations that delay in their development of a good plan surrounding the identification, collection, organization, processing, analysis, production and preservation of information from all relevant sources could find themselves faced with spoliation claims, court sanctions and legal judgments, potentially resulting in huge penalties and even brand destruction.
Fortunately, there are a number of technologies and services available to aid in the eDiscovery process, giving organizations options to help avoid such cases.
Martin is a CISSP and the founder of imsmartin consulting. Write him at [email protected]
Read more about wide area network in Network World's Wide Area Network section.