Ride The Lightning

John and I are both excited to be lecturing at the Intermountain eDiscovery Conference. If you haven't heard about it, it is organized by Orange Legal Technologies and Fabian & Clendenin. The conference will be held on September 24th in Salt Lake City.

It is very inexpensive - $50. Gotta love that price, and it even includes lunch. Speakers include:
 

• Ryan G. Baker – Partner, Baker Marquart Crone & Hawxhurst
• Daniel S. Day – Senior Attorney, Litigation, SUPERVALU Inc.
• Michael I. Katz – Partner, Thomas Whitelaw
• Sharon D. Nelson, Esq. – President, Sensei Enterprises (Social Media and eDiscovery)
• Tom O’Connor – Director, Gulf Coast Legal Technology Center
• Rudy Perrino – Partner, Fulbright & Jaworksi L.L.P.
• John W. Simek – Vice President, Sensei Enterprises (Computer Forensics and eDiscovery)
• Mark L. Smith – Associate, Winston & Strawn

eDiscovery topics include:

• Social Media and Electronic Discovery:  Riches and Risks (this is the one John and I are presenting)
• The Challenge and Benefit of Integrating IT into Electronic Discovery
• The Continued Emergence of Early Case Assessment
• Considering eDiscovery?  Time, Cost and Risk Considerations
• Best Practices: Complex Discovery in Corporations and Law Firms
• Metadata: What It Is, Why It Is Important, and Why You Should Care
• Organizing and Managing Large Document Reviews
• eDiscovery 101 – An Overview of eDiscovery

We're looking forward to seeing our old friend Tom O'Connor who spends altogether too much time having fun in New Orleans.

It should be an excellent conference - if you'll be attending, please stop by and say hello.

E-mail: snelson@senseient.com      Phone: 703-359-0700

www.senseient.com

http://twitter.com/sharonnelsonesq

Is it the year of the deleted text message as suggested in John's note below? Oh yeah, in a very big way.  Consider that Sensei has quite a few computer forensics videos posted on YouTube. Our video on recovering deleted text messages has received more than 14,000 views. Our second most-watched video has less than 500 views.

My Inbox is further confirmation that this is indeed the year of the deleted text message. We receive an average of two inquiries on this subject every day.

Here's a portion of what John wrote in response to my previous post about the tsunami of cell phones arriving in our computer forensics lab . . .

Sharon,
 
This is the most encouraging thing I've read all week!  My forensics firm specializes in mobile. And yes there's been an uptick this summer. It is shaping up to be the year of the deleted text message.
 
John
 
John J. Carney, Esq.
Carney Forensics
1442 Osceola Avenue
Saint Paul, MN  55105
www.carneyforensics.com

John also inquired about the source of all of our cases involving the theft of proprietary data. Business and IP law firms are the primary source, as well as those that handle general civil litigation. Also, in this arena, we are frequently contacted directly by corporate counsel, who may wish to conduct an internal investigation before determininng whether to take legal action. Hope this helps John.

And for those of you numbing your thumbs and creating those golden nuggets of evidence on smartphones, please keep it up!

E-mail: snelson@senseient.com Phone: 703-359-0700

www.senseient.com

http://twitter.com/sharonnelsonesq

Two years ago, I began to say in lectures that we had seen a 200% rise in the number of cell phones passing through our forensics lab. Today, I am beginning to say that the increase is more like 500%.

As a society, we seem increasingly to regard our cell phones as an appendage of our bodies. To confirm our addiction to our phones, Nielsen recently conducted a study which offers some interesting stats. They studied the monthly phone bills of 60,000 U.S. customers and here's what they came up with:

Women spend 22% more time chatting on their phones than men, spending an average of 856 minutes on the phone monthly compared to 667 minutes for men.

Women also text more, sending or receiving an average of 601 texts per month - the number was 447 for men.

Black, Hispanic and Asian users text more than white users - no explanation why.

It comes as no surprise to anyone that teenagers are obsessive texters, texting a mind and thumb-numbing 2,779 texts per month.

Texting has been a boon to computer forensics, supplementing the gold nuggets so often found in e-mail. Divorce cases most often involve cell phones in our shop, closely followed by theft of proprietary data cases. And as the teens grow up, I can only imagine that the volume of this kind of electronic evidence will increase dramatically. I like that thought. :-) 

E-mail: snelson@senseient.com Phone: 703-359-0700

www.senseient.com

http://twitter.com/sharonnelsonesq

We just returned from the Outer Banks and frankly, I'd rather be gazing at the ocean than at the brick office building across the street. All good things must end and I am once again in the salt mines and blogging.

I was recently appointed by the Chief Justice of the Virginia State Supreme Court (he did politely ask first, but I have always regarded a request by the Chief Justice as tantamout to an order) to the Statewide Bar Advisory Commission on Virginia's Electronic Filing project. So I was interested yesterday to see an article on the redaction of personally identifiable information in e-filed documents.

As author Shari Claire Lewis points out, it is the lawyer's duty to make the redactions of personally identifiable information required by F.R.C.P. 5.2. As she also notes, we haven't yet seen a case where a lawyer's failure to redact has resulted in legal liability, though it is quite clear that a lawyer has a duty to protect certain information from public disclosure.

How will it happen? Who knows? Perhaps an angry ex-lover will find a woman's address and rape or murder her. Perhaps a woman who has lost custody of her children will find their location and kidnap them. Perhaps a health condition will cause someone to lose their employment. Russian hackers (who seem to be pretty good at this) may raid a particularly fat bank account.

So far, knock wood, we just haven't had a serious incident yet. But one is sure to come - so lawyers should take redaction very seriously indeed, lest they become the test case for legal liability.

E-mail: snelson@senseient.com   Phone: 703-359-0700

www.senseient.com

http://twitter.com/sharonnelsonesq

John and I lectured for two days this week for the New York Prosecutors Training Institute. Our hosts have been wonderful and gracious but Syracuse was just as hot as Northern Virginia. And it's straight uphill to get to the law school!

Our primary mission was to talk about Ethics and E-Discovery, which mean ttackling the subject of prosecutorial misconduct. Honestly, there is not much to be found specific to this kind of misconduct in the e-discovery world. Here are a couple of real-life stories that we told:

In one case, law enforcement took a chat log (between a young teenage girl - a law enforcement officer of course - and someone seeking sex with young girls) and cut and pasted from the chat log into a Word document. Never a good idea, because this is obviously not the 'best evidence" and it lends itself to the temptation of altering or excluding portions of the evidence. In this case, it was clearly not the full chat log - material had been removed, presumably something that might have helped the defense. The log had obvious holes where cuts had been made. When asked for the original evidence, the claim was that the hard drive the evidence was on had failed and had been discarded. Somehow, this didn't seem very credible. The case was thrown out, as well it should have been.

In a murder case, John found evidence on a computer that a camera and a scanner had been attached to the victim's computer. When asked in court why those items had not been provided to the defense, the prosecution represented that it had examined the evidence and determined it not to be relevant. This proved to be a blatant lie. The curious thing was WHY the prosecutor chose to lie since the evidence, once obtained upon order of the court, supplied a motive for the murder. The victim had taken photos of the defendant and then used the scanner to produce posters advising local merchants that the victim was a shoplifter. The defendant was thereafter found guilty. The right result, but certainly a failure to be truthful with the court.

One of biggest controversies regarding prosecutors and e-discovery today is "open file access" - where the prosecutor gives defense counsel full access to his/her case file. These days, that often results in a large volume of electronic data being turned over. The claim is that this satisfies the Brady requirement that all exculpatory evidence be provided to the defense. In the electronic era, this is equivalent to providing defense counsel with a haystack and inviting counsel to discover the needle. So far, courts, even the U.S. Supreme Court, have allowed this tactic, though I believe it often violates the spirit of Brady. If electronic data is turned over, it seems to me that the "Brady evidence" should be noted in a cover letter or in a file index. Some courts have noted that the result might be different if it is clear that the evidence is padded with irrelevant material. Respectfully, I think the spirit of Brady requires more specificity to ensure that justice is done.

It seems as though Brady evidence will often remain hidden from counsel in a data dump and that data dumps are likely to proliferate as a way of making the Brady material more difficult to discover.

Thanks to the many prosecutors we met on the streets of Syracuse who stopped to say how much they enjoyed the presentations (even if we DO primarily work for defense counsel). And if you are ever in Syracuse, try Francesca's Cucina - great Italian food.

E-mail: snelson@senseient.com Phone: 703-359-0700

www.senseient.com

http://twitter.com/sharonnelsonesq

Thanks to my buddy (and Digital Edge co-podcaster) Jim Calloway for sending me this story from Oklahoma.

A former Stillwater, Oklahoma police communications dispatcher has been accused of using an iPhone to record a conversation dispatchers had about his girlfriend after he left the room. Kenneth Wayne Cates, 32, was charged last week with unlawful interception of aural communication, a felony punishable by a maximum fine of $5,000 and five years in prison.

He allegedly recorded a conversation three dispatchers had after he left to get food, according to the arrest warrant affidavit. Barbara Bennett, Jason Roy and Aaron Kelly spoke critically about Cates’ girlfriend, Talara Stumbaugh, for 15 to 20 minutes.

Bennett noticed Cates’ iPhone was left on a counter, and Kelly determined it had been recording them. Cates returned a few minutes later and took the phone. Communications Supervisor William Bowen later found the recorded conversation on a city computer.

Cates was terminated July 21st.

So, as the title of this blog post suggests, if you want to get arrested, there is indeed an app for that.

E-mail: snelson@senseient.com   Phone: 703-359-0700

www.senseient.com

http://twitter.com/sharonnelsonesq

I received an excellent comment from Judi Maier with Omnitek Systems Solutions regarding scrubbing metadata from Acrobat documents. Here's what she said:

Sharon,
    First, let me say I have enjoyed your comments at ABA TechShow and have used many of them.  Thank you!

    To respond to your comment about the Adobe tips for scrubbing documents of metadata versus the metadata scrubber for email,  I offer the following.  In this era of e-discovery, if the organization’s intent is to always remove all metadata before “using” the document, for example, sharing it with a client or another organization, that policy should be expressed in the organization’s written data retention policies and procedures.  Then it should be followed.  I would prefer that the adobe document have been scrubbed of all metadata, because if I were served with an e-discovery request, then all  I would have to provide is the “scrubbed” version because a) that is the only one I have and b) my policy is in place to protect me.  On the other hand, if I keep the “un-scrubbed” version and rely on the metadata scrubbers when I send it out, when faced with an e-discovery request, I will have to produce the “un-scrubbed” version, which I might not wish to do.   Further, if the document that resides on my server is the scrubbed version, there is little chance that someone could or would inadvertently send out an “un-scrubbed” one, and I do prefer that level of security, as well.  Perhaps it takes a moment or two longer to use the process that Adobe outlined, but in the end, I think it affords a better degree of security for an organization.

Judith Maier, MBA, JD

Judi - You raise two great points. However a company decides to handle metadata, it should be clear in the company's policies, which should be enforced, reviewed annually and constantly underscored to employees through training.

We are beginning to see the process you describe more and more often, where companies will retain documents ONLY as Acrobat documents scrubbed of metadata. This is part of e-discovery readiness for a number of companies, though I would say the number is still small. But it is growing and I expect it will continue to grow. As we everything in e-discovery, the ground is shifting underneath us all time.

E-mail: snelson@senseient.com   Phone: 703-359-0700

www.senseient.com

http://twitter.com/sharonnelsonesq

Thanks once again to Dave Stromfeld, Acrobat's Senior Product Manager, for his response below to yesterday's post on removing metadata from PDFs. Dave has provided some very valuable information here, so pay heed if you want to scrub metadata using Acrobat.

Sharon,

Thanks for posting my response and your comments.

I think there are advantage to either or both types of workflows. The advantage of tools like Metadata Assistant, as you point out, is that it sits at the point of “send” or “check into DMS”. The attorney doesn’t need to remember to do an explicit scrubbing step. The advantage of a tool like Acrobat is that it sits at the point of “authoring” or “editing”. The attorney is preparing his document using Acrobat’s editing tools (rearranging pages, redacting content, adding Bates numbers); checking for and removing metadata is just one of those editing steps. And obviously Acrobat knows a lot about the details of a PDF document and can do a very thorough job scrubbing it.

Also, the firm has options in order to make Acrobat metadata scrubbing more automatic. The IT person at the firm can configure Acrobat (prior to installing it on the attorney’s computer) so that “Convert Document Information” is off by default when creating PDF documents. (See my earlier email.) And if the attorney would like to be reminded to scrub a document’s metadata when closing Acrobat or when sending a file using Acrobat, there are preferences under Edit > Preferences > Document which will prompt the attorney to remove the metadata. So Acrobat also has the capability to show the attorney “pop up” messages if he would like to be reminded about scrubbing his PDF.

Thanks.

Dave

Dave's first paragraph is well-articulated and very well taken. Indeed, there are advantage to both types of workflow. I love the second paragraph, which details how to make Acrobat function more like Metadata Assistant. I think this is a great solution for mid to large enterprises, which often have savvy IT folks who can do exactly what Dave suggests (if that's the preference). I fear the small enterprises will rarely have IT folks who will know these options exist - and certainly very few users will know. As is so often the case, even with an extraordinary product like Acrobat, only a small portion of its feature set tends to be used.

But this discussion has been most instructive and John and I will join Dave in "spreading the gospel"  whenever we lecture.

Thank you Dave for the illumination. :-)

E-mail: snelson@senseient.com    Phone: 703-359-0700

www.senseient.com

http://twitter.com/sharonnelsonesq

Dave Stromfeld, Acrobat's Senior Product Manager, wrote me a very thoughtful comment with respect to removing metadata from PDFs. An excellent description of how one can make sure PDF documents are thoroughly scrubbed!

Hi Sharon.

I wanted to leave a quick comment on your 7/13 blog post:
http://ridethelightning.senseient.com/2010/07/metadata-scrubbing-are-lawyers-finally-getting-the-message.html

You are correct that the act of creating a PDF using Adobe Acrobat does not necessarily scrub that document of all metadata. This is because first and foremost, the PDF should be a faithful representation of the original document. If the original document contained text, graphics and layout, the user wants the PDF to contain that same text, graphics and layout. And (usually), if the original document contained information like “Document Title” or “Document Keywords”, the user wants the PDF to contain that information (that metadata) as well.

However there are certainly cases where the user does not want the PDF to contain the original document information. For those users, I would recommend they look at two areas of Adobe Acrobat:

• If the user is creating a PDF with Acrobat, Acrobat has various ways in its creation tools to not retain the document information or metadata. For example, if the user is converting from Word to PDF on Windows using Acrobat’s PDFMaker functionality, there is a checkbox called “Convert Document Information” which (when unchecked) will not retain information like Title or Author when the Word document is converted to PDF.

• Regardless of how the PDF was created, Acrobat 8 and higher have a powerful tool called Examine Document, which will scan through the PDF, identify any potential hidden information and allow the user to remove it with a single click. This can include metadata, comments, bookmarks, file attachments and even “hidden text” (text hidden by another object or white text on white background). This tool can give a user confidence that (regardless of how the PDF was created), he can check what information may be in that document prior to publishing it. For more information about Examine Document, your readers could check out the Acrobat Help File here or they could read this good overview article here (which includes a link to an excellent eSeminar on “Redaction and Metadata Removal”).

Thanks and kind regards,

Dave Stromfeld

Dave - This is truly excellent information and I thank you for taking the time to write. I will continue to pass this information along in my lectures. Here's where I see a problem: Lawyers by and large will blindly accept defaults, both because they don't know what the software options are and because they are in a hurry. Examine Document is a very powerful feature, but unless an attorney is dealing with a very sensitive document, he or she is unlikely to take the time to go through these extra steps.

What people like about pure metadata scrubbers is the idiot box that pops up to ask whether you want metadata scrubbed from the document when you attach it to an e-mail. While I understand the "faithful representation" of the original document that you describe above, I wonder whether users wouldn't prefer the easy choice of a pop-up box that allows the user to keep or scrub the metadata. Curious if I am missing something here? Happy to continue the discussion . . . and thanks again for writing!

E-mail: snelson@senseient.com     Phone: 703-359-0700

www.senseient.com

http://twitter.com/sharonnelsonesq  

It is ALWAYS a good day when someone calls to tell you they enjoyed your quote in TIME magazine, and better still when you had no idea that TIME intended to quote you.

In TIME's August 2nd issue, it ran a parenting article called: "A Watchdog in Their Pocket" which discussed a new service called My Mobile Watchdog. MMWD for short, it is a smartphone surveillance service that can capture texts, e-mails and photos and store them online. A dozen law enforcemen agencies are now using the service along with thousands of parents.

The cost is $9.95 a month for up to five children per family. Anytime an "unapproved person" communicates with a child, the parent gets a copy of the communication. This is not spyware - the child will periodically receive a message saying that the phone is being monitored. From what I'm told, this function cannot be disabled.

Of course, teens who wish to evade surveillance will simply use a friend's cell phone or buy a cheap, pre-paid phone. And as a betting woman (nothing more serious than the odd encounter with the Wheel of Fortune machines), I would bet that tech-savvy teens will find a way to defeat the technology. If history is our guide, it won't take long.

As an author, I am always pleased when my quote ends the article as it did here. As I said, "MMWD has a very good upside . . . but it has a downside: The kid is going to hate it."

We'll see how long the kid vs. tech war takes and who emerges victorious (if thereby endangered). My money is on the kid.

I learned this years ago when I attempted to restrict my youngest daughter's activities on AOL and she promptly constructed a workaround. I remained blithely convinced that I had guarded her for several years before I learned that my work had been undone in a matter of days by my clever child. This served as a valuable lesson however - and I have never forgotten that all technology guardians are fallible.

E-mail: snelson@senseient.com    Phone: 703-359-0700

www.senseient.com

http://twitter.com/sharonnelsonesq