Posts By :

Doug Austin

A Mergers-Acquisitions-Investments Update and a CloudNine Product Update: eDiscovery Trends

Years ago, there was a TV commercial for chili where the spokesman said “Neighbors, how long has it been since you’ve had a big thick steaming bowl of Wolf brand chili?  Well, that’s too long.”  It’s been too long since we’ve provided an update of M&A+I activities in eDiscovery, so let’s fix that.  Also, I’ve had a lot of questions recently about what’s going on with the products that CloudNine acquired a year ago, so let’s provide an update on that as well.

As always, the best resource for tracking eDiscovery Mergers, Acquisitions, and Investments is Rob Robinson’s ComplexDiscovery site – after all, Rob via ComplexDiscovery has noted more than 375 M&A+I events between November 2001 and today.

Rob’s latest update is for the just completed Q1 of 2019.  His review was through March 22, but I’m not aware of any significant M&A+I announcements since then, so it’s probably good for the entire Q1.  Based on that, Rob notes five key findings for Q1 2019:

  • There have been at least 14 M&A+I events in the eDiscovery ecosystem during Q1 2019.
  • January was the most active month in Q1 2019 for M&A+I events with at least 11 total events. This is the most active January since the inception of eDiscovery ecosystem M&A+I pattern tracking in November 2001.
  • March was the least active month in Q1 2019 for M&A+I events with two known events.
  • The investment pulse rate for the three months of Q1 2019 appears to be higher than annual Q1 investment patterns. Q1 2019 is tied with Q1 2012 for the most active Q1 since the inception of eDiscovery ecosystem M&A+I pattern tracking in November 2001.
  • Q1 2019 investment pulse rate appears to be slightly higher than the investment pulse rate during the same period in Q1 2018.

As usual, Rob also provides some charts to reflect the activity graphically: for 2019 (so far), a per month history since Rob started tracking in November 2001 (January is the most active month historically) and activity on a per year basis, which does a great job of reflecting how many more transactions have occurred in recent years than in the past.  To wit: Q1 2019’s 16 transactions are more than all but one year from 2001 to 2009.

Interesting stuff.  BTW, speaking of ComplexDiscovery, Rob yesterday launched his Spring 2019 eDiscovery Business Confidence Survey.  As usual, the survey only takes about a minute or two to complete, so drop in and complete it if you have a minute (or two).  Rob says the survey will close around mid-April, so do it sooner rather than later to get your feedback included.

Anyway, speaking of acquisitions, it’s hard to believe that it was a year ago last week that CloudNine acquired the eDiscovery product lines from LexisNexis.  When I was at the University of Florida E-Discovery Conference a couple of weeks ago, several people asked me what was going on with the LAW, Concordance and EDA (now renamed Explore) product lines that we acquired.  So, let me address each of those (and our own CloudNine Review platform) with a brief update.

Normally, when I start to talk about CloudNine products, I preface it with a “shameless plug warning!”.  So, consider yourself warned.  And, if you want to complain that this blog post isn’t educational, remember that I started it with some interesting eDiscovery M&A+I info.  ;o)

LAW: LAW PreDiscovery is now known as CloudNine LAW and we just announced a new 7.1 release yesterday (unlike yesterday’s blog post, this was no April Fool’s Day joke).  This is our third release since the acquisition and our second in just the last two months!  The cornerstone of our 7.0 release back at the end of January was our new multi-core, multi-threaded Turbo Import ingestion engine to process and load data considerably faster than the traditional ED Loader module – with the 7.1 release now officially out, we have improved the ingestion speeds up to 12x faster compared to ED Loader.  Imagine having a super large PST file that used to take over 24 hours to process – now it can be processed in just over 2 hours.  Talk about saving time!

We have implemented several other new features and fixes over the past year and have partnered with Compiled to provide an automated link between LAW and Relativity (announced back in January).  And, we have several additional exciting features coming out over the next couple of quarters (targeting two more releases before Q4).

Explore: Also referenced in yesterday’s announcement, Explore has also seen some speed improvements and other feature additions over three releases since acquisition.  Explore has a unique index-in-place approach that also supports multi-threaded processing of large container files and the ability to distribute processing over multiple machines.  We recently partnered with a third party to conduct benchmarking of Explore and were able to index a terabyte (TB) of data in 7 hours, 15 minutes!  So, Explore is a terrific product for indexing and searching large collections of data quickly to support early data assessment, compliance on investigation needs and we have talked with a number of customers who are impressed with its speed and capabilities.

Concordance: Many people have asked what we’ve been doing with Concordance since we acquired it and we have had three software releases for Concordance as well since we acquired it.  We are currently working on brand new viewer technology to improve the experience for users of both the Concordance image viewer (e.g., support of color images, search within image) and Concordance native viewer (e.g., speed of image retrieval) that we expect to roll out around mid-year.  And, we are finalizing a link with Hot Neuron’s Clustify product to enable Concordance users to perform conceptual clustering, near dupe identification, email thread identification and predictive coding!

CloudNine Review: Our flagship CloudNine review platform is now known as CloudNine Review and we are also working on a number of new features and capabilities with that product as well.  We recently released a brand new managed review module within CloudNine Review and are currently working on several updates and improvements to the user interface overall – to provide a cleaner and even more intuitive look and feel.

There’s a lot more to say about each of these products – for example, we have doubled the size of our teams developing, testing, supporting and training on the products since acquisition – but, I try to keep our blog posts reasonably short.  Feel free to drop me a line if you want to know more.

So, what do you think?  Are investments in eDiscovery companies on the rise?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Facebook Finally Reveals the Full Extent of the Cambridge Analytica Breach: Cybersecurity Trends

When I see news stories related to eDiscovery, cybersecurity or data privacy that I think would be of interest to our readers, it seems appropriate to share those stories here on this blog.  And this story is no exception.  It appears we finally now fully understand the extent of the Facebook/Cambridge Analytica breach from a few years ago.

According to the DailyER (Facebook relieved to discover data breached was just millions of minion memes, written by Chris Goehring), a newly released report confirmed the only data Cambridge Analytica accessed during the U.S. presidential campaign season a few years ago from 50 million Facebook users was millions of minion memes.

As you may recall, minion memes gained popularity on Facebook after the first Despicable Me movie was released in 2010.  Three years later, the popularity of minions was extended with the sequel Despicable Me 2 – sadly, it wasn’t until 2015 that the minions got their own movie, appropriately titled Minions.

A typical minion meme features one or more minions, which are goofy yellow characters from the movies who speak in gibberish, along with a funny saying in the background that is relatable to a group of people in some way. Here are some examples in a photo with Facebook CEO Mark Zuckerberg:

The minion memes have been a hit among suburban moms who constantly share the memes on their Facebook pages.

“I can’t believe someone stole all my funny minion memes!” exclaimed Lincoln, NE native Sharon Smith, mother of two loving children and grandmother to three grandchildren. “I can’t believe Facebook would let hackers access my data! If they let those hackers take any of my personal information, I’m gonna dab on those haters, LOL! Watch me whip and nae-nae!”

According to the article, Zuckerberg spoke about the scandal in a recent press release.

“Thank God they didn’t take any sensitive information,” said Zuckerberg. “This really could have been a huge disaster. What a relief it is they only took the minion memes. Hopefully, they don’t find the millions of credit card numbers I put on Craigslist last night. Now THAT would be a disaster.”

As they used to say in the old days, “that’s all the news that’s fit to print” on this, the first day of April, 2019.  ;o)

So, what do you think?  Did you have any minion memes on Facebook during this time?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Court Rejects Carpenter Argument for Third Party Subpoena of Google Subscriber Info: eDiscovery Case Law

In U.S. v. Therrien, No. 2:18-cr-00085 (D. Vt. Mar. 13, 2019), Vermont District Judge Christina Reiss denied the defendant’s motion to suppress evidence obtained via a subpoena of Google for subscriber information, rejecting the defendant’s argument that the United States Supreme Court decision in Carpenter v. US forecloses the government’s ability to obtain this type of data without a warrant.

Case Background

In this case related to a one count Indictment against the defendant that he knowingly transported child pornography, an order for eighty-five photograph prints was placed with an online company in February 2018.  An employee of the online company’s outsource print provider informed the Federal Bureau of Investigations that it was concerned that some of the photographs may contain child pornography. Law enforcement subsequently discovered an e-mail address that was associated with the order.

A grand jury subpoena was issued in March 2018 to obtain subscriber information from Google pertaining to the account associated with the email address. In response, Google produced subscriber information, services utilized by the account, the date the account was created, the date and time of the last login, and the IP addresses associated with the account from December 6, 2017 through March 15, 2018. Asserting that law enforcement violated the Fourth Amendment in obtaining records from Google without a warrant, the defendant sought suppression of all evidence obtained pursuant to the grand jury subpoena, citing Carpenter v. US.

Judge’s Ruling

While noting that, in Carpenter, the Supreme Court held that cell-site location information (“CSLI”) was not subject to the third-party doctrine, Judge Reiss also noted that SCOTUS reasoned that “the notion that an individual has a reduced expectation of privacy in information knowingly shared with another” and that “reasoned that because there was no way for individuals possessing cell phones to avoid generating CSLI and because cell phones are now effectively a necessity of daily life, it was unreasonable to conclude that an individual voluntarily exposed CSLI information to a third party.”

Judge Reiss also observed that “Since Carpenter, courts have held that IP address information and similar information still fell ‘comfortably within the scope of the third-party doctrine’ because ‘[t]hey had no bearing on any person’s day-to-day movement’ and ‘[the defendant] lacked a reasonable expectation of privacy in that information.’”  Judge Reis cited several cases, including United States v. Rosenow, 2018 WL 6064949, at * 11 (S.D. Cal. Nov. 20, 2018), which said “The Court concludes that Defendant had no reasonable expectation of privacy in the subscriber information and the IP log-in information Defendant voluntarily provided to the online service providers in order to establish and maintain his account.”

As a result, Judge Reiss ruled as follows in denying the defendant’s motion to suppress the evidence obtained:

“In this case, law enforcement obtained information that an account holder voluntarily turned over to Google. This information is squarely within the third-party doctrine and requires a different result than in Carpenter. As a result, Defendant did not possess a reasonable expectation of privacy in the information obtained by law enforcement.”

So, what do you think?  Should people have a reasonable expectation of privacy for their email accounts in third party subpoenas?  Please let us know if any comments you might have or if you’d like to know more about a particular topic.

Case opinion link courtesy of eDiscovery Assistant.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Fired IT Guy Deleted 23 of His Ex-Employer’s AWS Servers: Cybersecurity Trends

When it comes to data breaches and other cybersecurity threats, many people discuss the threats from outside hackers.  But, it’s the internal employees who can do as much, if not a lot more, damage to an organization’s IT infrastructure.  Especially if the internal employee has been canned and is bent on getting revenge.

An article in Naked Security (Sacked IT guy annihilates 23 of his ex-employer’s AWS servers, written by Lisa Vaas) reports that the UK’s Thames Valley Police announced on Monday that 36-year-old Steffan Needham, of Bury, Greater Manchester, was jailed for two years at Reading Crown Court following a nine-day trial.  Needham pleaded not guilty to two charges of the Computer Misuse Act – one count of unauthorized access to computer material and one count of unauthorized modification of computer material – but was convicted in January 2019.

As the Mirror reported during Needham’s January trial, the IT worker was sacked after a month of lousy performance working at a digital marketing and software company called Voova in 2016.

In the days after he got fired, Needham got busy: he used the stolen login credentials to get into the computer account of a former colleague – Andy “Speedy” Gonzalez – and then began fiddling with the account settings. Next, he began deleting Voova’s AWS servers – 23 servers of data in all, which related to clients of the company.

The company lost big contracts with transport companies as a result. Police say that the wreckage caused an estimated loss of £500,000 (about $700,000 at the time). The company reportedly was never able to claw back the deleted data.  And, it took months to track down the culprit. Needham was finally arrested in March 2017, when he was working for a devops company in Manchester.

Prosecutor Richard Moss noted during the trial that security experts agreed that Voova could have done a better job at security.  Most notable was their failure to implement two-factor authentication.

According to the 2017 Verizon Data Breach Investigations Report (DBIR) (covered by us here), 81 percent of hacking-related breaches used stolen passwords and/or weak passwords.  But, according to this infographic from Symantec, 80 percent of data breaches could have been eliminated with the use of two-factor authentication.  With two-factor authentication, a stolen password is useless if the thief doesn’t also have the device where the authorization code is being sent.  So, you should implement two-factor authentication wherever possible – Voova sure wishes they did.

So, what do you think?  Do you use two-factor authentication to secure your technology solutions?  As always, please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Today is the Day to Learn about Blockchain and How it Impacts Legal Technology: eDiscovery Webcasts

If you think you’re hearing more and more about blockchain and bitcoin, you’re probably right. Blockchain is even being discussed as having potential application in legal technology and electronic discovery. But, what exactly is it? How does it work? And, how do you need to be prepared to address it as a legal professional?  Today’s webcast that will answer those questions – and more!

Today at noon CST (1:00pm EST, 10:00am PST), CloudNine will conduct the webcast Understanding Blockchain and its Impact on Legal Technology. In this one-hour webcast that’s CLE-approved in selected states, we will discuss, define and describe blockchain and how it can apply to legal technology and eDiscovery today and in the future. Topics include:

  • History of Blockchain and Bitcoin
  • Defining Key Terms
  • How Blockchain Works
  • Advantages and Challenges of Blockchain
  • Smart Contracts and Other Use Cases for Blockchain
  • Impacts of Blockchain on Legal Technology and eDiscovery
  • Is Blockchain Really as Secure as People Think?
  • Future of Blockchain
  • Resources for More Info

As always, I’ll be presenting the webcast, along with Tom O’Connor, whose white paper of the same name was published on this blog a few weeks ago.  To register for it, click here.  Even if you can’t make it, go ahead and register to get a link to the slides and to the recording of the webcast (if you want to check it out later).  If you want to learn about blockchain and how it can affect your job as a legal professional, this webcast is for you!

So, what do you think?  Do you know the ins and outs of blockchain or even how it works?  If not, please join us!  If so, please join us anyway!  And, as always, please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Court Orders Defendant to Respond to Interrogatories to Identify Number of Phone Calls it Made: eDiscovery Case Law

In Franklin v. Ocwen Loan Serv., LLC, No. 18-cv-03333-SI (N.D. Cal. Mar. 12, 2019), California District Judge Susan Illston ordered the defendant to respond to interrogatories, “with, at minimum, information regarding the total number of phone calls defendant made during the relevant period to California residents (including any account associated with a California address and any account containing a California area code)” and ordered the parties to stipulate to a method for extrapolating the total number of recorded phone calls defendant made to California residents during the relevant period.

Case Background

In this case brought by the plaintiff, individually and on behalf of all others similarly situated, for illegal recording of cellular phone conversations pursuant to California Penal Code § 632.7, the plaintiff requested “information related to the number of California residents whose conversations with Defendant were recorded.”  The defendant objected that the request was “unduly burdensome and disproportionate to the needs of the case because responding to them would take thousand[s] or hundreds of thousands of hours of work”, requiring them “to examine each account with a California address or area code, determine if any calls were made on that account, attempt to locate those calls and any recordings of those calls, and then listen to the recordings to determine whether the person being called answered the call and was recorded rather than a message being left on voicemail or someone else answering the call.”  Instead, the defendant proposed that the parties stipulate that it called and recorded a minimum number of persons in California, such as “over 100 persons.”

Judge’s Ruling

Referencing Fed. R. Civ. P. 26(b)(1), Judge Illston stated “The Court agrees with plaintiff that information regarding the number of recorded calls defendant made is relevant to his motion for class certification, going not only to numerosity but also to the question of whether ‘a class action is superior to other available methods for fairly and efficiently adjudicating the controversy.’…It is also relevant, among other things, to the question of damages, particularly in light of the Court’s ruling that ‘plaintiff may seek a class-wide award of statutory damages in an amount up to $5,000 per class member[.]’…It will not suffice for defendant to stipulate to an arbitrary number such as ‘over 100 persons.’”

Both parties cited the case Ronquillo-Griffin v. Transunion Rental Screening Sols., Inc., No. 17-cv-129-JM (BLM), 2018 WL 325051 (S.D. Cal. Jan. 8, 2018), where the district court denied the plaintiff’s motion to compel production of the actual recordings defendant made with the potential class members.  However, Judge Illston stated: “Here, plaintiff is not seeking the recordings themselves but requests the total ‘number of California residents whose conversations with Defendant were recorded.’…This is consistent with what the Ronquillo-Griffin court ordered.”

As a result, Judge Illston ordered the defendant to respond to the plaintiff’s interrogatories, “with, at minimum, information regarding the total number of phone calls defendant made during the relevant period to California residents (including any account associated with a California address and any account containing a California area code)” and ordered the parties to stipulate to a method for extrapolating the total number of recorded phone calls defendant made to California residents during the relevant period – all by March 26, 2019.  Hey, that’s today!

So, what do you think?  Was this the right decision or should the judge have accepted the defendant’s proportionality argument?  Please let us know if any comments you might have or if you’d like to know more about a particular topic.

Case opinion link courtesy of eDiscovery Assistant.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

About Half of Surveyed Companies Haven’t Started Preparing for CCPA: Data Privacy Trends

Does this sound familiar?  Last week at the University of Florida E-Discovery Conference, I talked about the California Consumer Protection Act (CCPA) as one of the things that organizations need to be prepared to address these days as part of their compliance obligations.  Sounds like a lot of organizations haven’t gotten around to that just yet.

In an article in Legaltech® News (Almost Half of Companies Haven’t Started CCPA Compliance: Survey, written by Frank Ready), a recent survey of 250 executives and managers at U.S. technology, manufacturing, financial services, utilities and health care companies finds that 44 percent of companies that will impacted by the CCPA haven’t yet taken steps towards compliance.  Only 14 percent of respondents are fully CCPA compliant at this point.

The state’s forthcoming privacy regulation, which is scheduled to take effect next January 1st, empowers Californians with more control over the way their data is collected, shared or viewed by U.S. companies on a daily basis. According to the survey, a large majority of respondents, 71 percent, expect to spend at least $100,000 on compliance efforts. But consulting attorneys may not wind up seeing as much of that money as one might think.

The survey was conducted by Dimensional Research on behalf of the privacy compliance company TrustArc. Chris Bable, CEO of TrustArc, attributed some of the compliance delay to companies that have never had to wrap their heads around these issues before. While the European Union’s General Data Protection Regulation (GDPR) impacted only U.S. companies with business interests in Europe, the CCPA hits a little closer to home.

“One of the pieces that I had underestimated was truly the amount of companies that were not impacted by GDPR, so CCPA is their foray into doing this,” Babel said.

“The legal fees are going to play a role, but I don’t think the legal fee is going to be the largest chunk of the expense. It will really be the in-house kind of grind that needs to be done in order for the compliance steps to be in place,” said Jarno Vanto, a shareholder at Polsinelli.

The “grind” he’s referring to includes extensive work around understanding what data an organization holds and mapping the flow of that data. It also includes checking in with third party vendors and partners to determine what information they have access to as well.

So, how are companies planning on making the leap before the deadline? According to the survey, 72 percent of respondents plan on investing in some sort of technology to help smooth the way.  That doesn’t surprise me – as I discussed in Florida last week, Information Governance (IG) policies are vital to organizations’ ability to meet compliance obligations, but it’s going to take a combination of IG policies and technology for organizations to really get a handle on their data.

So, what do you think?  Are you surprised that so many companies haven’t begun to address CCPA yet?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Judge’s Facebook Friendship with Party Causes Decision to Be Reversed and Remanded to Different Judge: eDiscovery Case Law

In the case In Re the Paternity of B.J.M., Appeal No. 2017AP2132 (Wis. App. Feb. 20, 2019), the Court of Appeals of Wisconsin, concluding that “the circuit court’s undisclosed ESM connection with a current litigant in this case {by accepting a Facebook “friend” request from the litigant} created a great risk of actual bias, resulting in the appearance of partiality”, reversed and remanded the case for further proceedings before a different judge.

Case Background

In this case where the parties entered into an order granting parties Timothy Miller and Angela Carroll joint legal custody and shared physical placement of a minor child in 2011, Carroll filed a motion to modify the court order on the basis that Miller had engaged in a pattern of domestic abuse against Carroll. After the parties had submitted their written arguments, the judge deciding the motion – Judge Michael Bitney – accepted Carroll’s friend request on Facebook. Subsequently, Carroll “liked” eighteen of Judge Bitney’s Facebook posts and commented on two of his posts – none of which related to the pending litigation.  Judge Bitney did not “like” or comment on any of Carroll’s posts, nor did he reply to any of her comments on his posts; however, Carroll’s other activities (“liking” multiple posts from other parties and “sharing” one third-party photograph) did appear on Judge Bitney’s “newsfeed.” One of these shared stories related to domestic violence.

On July 14, 2017, Judge Bitney issued a decision granting Carroll’s modification motion. After the decision, Miller learned that Judge Bitney and Carroll were Facebook friends during the period prior to making his ruling, and moved to reconsider the judge’s decision.  At a hearing on Miller’s motion, Judge Bitney confirmed that he had accepted Carroll’s friend request after the custody hearing and before rendering his written decision. However, he concluded he was not subjectively biased by accepting Carroll’s “friend” request, because he already “had decided how I was going to rule, even though it hadn’t been reduced to writing.” Further, he concluded that “[e]ven given the timing of” his and Carroll’s Facebook connection, the circumstances did not “rise[] to the level of objective bias. . . .” Consequently, he denied Miller’s motion. Miller appealed the decision.

Court’s Ruling

In an opinion written by Justice J. Seidl, he noted that “This case involves what appears to be an issue of first impression in Wisconsin: a claim of judicial bias arising from a judge’s use of electronic social media (ESM)” and stated that “we need not determine whether a bright-line rule prohibiting the judicial use of ESM is appropriate or necessary”.  He also referenced a New Mexico supreme court in Thomas as “particularly instructive”, which said:

“While we make no bright-line ban prohibiting judicial use of social media, we caution that ‘friending,’ online postings, and other activity can easily be misconstrued and create an appearance of impropriety… A judge’s online ‘friendships,’ just like a judge’s real-life friendships, must be treated with a great deal of care.”

The opinion also stated that “the time when Judge Bitney and Carroll became Facebook ‘friends’ would cause a reasonable person to question the judge’s partiality. Although Judge Bitney apparently had thousands of Facebook ‘friends,’ Carroll was not simply one of the many people who ‘friended’ him prior to this litigation. Rather, Carroll was a current litigant who reached out to Judge Bitney and requested to become his Facebook ‘friend’ after testifying at a contested hearing, at which Judge Bitney was the sole decision-maker. Judge Bitney then took the affirmative step to accept this ‘friend’ request before issuing his decision in this case…This timing creates a great risk of actual bias and a resulting appearance of partiality because, even assuming that a Facebook ‘friendship’ does not denote the type of relationship traditionally associated with the term ‘friendship,’ it is unquestionably evidence of some type of affirmative social connection…Carroll’s choice to send a ‘friend’ request to Judge Bitney, combined with Judge Bitney’s choice to accept that request before issuing his decision, conveys the impression that Carroll was in a special position to influence Judge Bitney’s ultimate decision – a position not available to individuals that he had not ‘friended,’ such as Miller.”

As a result, the court reversed and remanded the case for further proceedings before a different judge.

So, what do you think?  Should judges accepting friend requests from litigants disqualify them from ruling in their cases?  Please let us know if any comments you might have or if you’d like to know more about a particular topic.

Hat tip to Sharon Nelson’s Ride the Lightning blog for coverage of this case.

Case opinion link courtesy of eDiscovery Assistant.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Ignoring Internet of Things Devices Could Be IdIoTic: eDiscovery Trends

See what I did there?  ;o)  While I’m speaking at the University of Florida E-Discovery Conference today, let’s take a look at a couple of articles related to Internet of Things (IoT) devices that you need to know from an eDiscovery standpoint.

In an article in Legaltech News (E-Discovery’s New Challenge: Not Ignoring Internet of Things Data, written by Victoria Hudgins), the author notes that, in addition to smartphones, items such as Fitbits, Amazon’s Alexa, self-vacuuming Roombas and internet-connected cars also fall under the IoT umbrella of items that are connected to the internet and collect and share data.

Dana Conneally, managing partner at QDiscovery and Evidox Corp., noted IoT devices may have multiple data repositories, which creates more data for attorneys to review.

“You want to know what’s on the hard drive of the device, but they are typically connected to the internet and cloud. … Now you have three different rabbit holes you are trying to chase down at the same time,” Conneally said.

Such devices represent a new source of evidence for a lawyer’s clients, but how to find value in such data can be difficult.

“Attorneys, a lot of the time, haven’t been trained how to do that,” said Cozen O’Connor eDiscovery and practice advisory services group chairman Dave Walton. “What are the types of evidence out there? We need to know to win in this environment.”

Walton said attorneys are “overwhelmed” by IoT devices in e-discovery, and they usually reason that it’s not practical to assess such devices. However, Walton suggested lawyers should always evaluate if their client’s legal matter warrants obtaining information from an IoT device and make proportional requests for the data, an approach that also governs other types of discoverable content.

“You have to be proportional about how you go about the evidence. The more you know about the evidence, the better you know about alternatives” and efficient ways to obtain the evidence, Walton said.

Smartphones aside, while I have seen several criminal cases involving IoT devices (including this one, this one and this one), I haven’t too many civil cases involving IoT devices (yet).  But, I expect to see more over time.

But, that’s not all!  Earlier this month, the Cloud Security Alliance (CSA) announced the release of the CSA IoT Controls Framework, its first such framework for IoT which introduces the base-level security controls required to mitigate many of the risks associated with an IoT system operating in a range of threat environments. Created by the CSA IoT Working Group, the new Framework together with its companion piece, the Guide to the CSA Internet of Things (IoT) Controls Framework, provide organizations with the context in which to evaluate and implement an enterprise IoT system that incorporates multiple types of connected devices, cloud services, and networking technologies.

Utilizing the Framework, user owners will assign system classification based on the value of the data being stored and processed and the potential impact of various types of physical security threats. Regardless of the value assigned, the Framework has utility across numerous IoT domains from systems processing only “low-value” data with limited impact potential, to highly sensitive systems that support critical services.

The CSA IoT Working Group develops frameworks, processes and best-known methods for securing these connected systems. Further, it addresses topics including data privacy, fog computing, smart cities and more. Individuals interested in becoming involved in future IoT research and initiatives are invited to visit the Internet of Things Working Group join page.

Hat tip to Rob Robinson’s Complex Discovery blog for the info on the CSA IoT Controls Framework.  Here’s the press release with more information.  Dealing with IoT devices is inevitable, so don’t be idIoTic and get informed!  ;o)

So, what do you think?  Have you had to deal with IoT devices in your eDiscovery projects?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Tomorrow is the U-Fla E-Discovery Conference!: eDiscovery Best Practices

Usually, I remind you the day of a conference about it, but this one is big enough that I want to give you more time to register – at least for the livestream.  Believe it or not, tomorrow is the seventh annual University of Florida E-Discovery Conference.  And, as usual, the panel of speakers is an absolute who’s who in eDiscovery.

The conference focus this year is effectively managing discovery from the opposition. As they state on the site: “The opposition often holds the keys to the case. How can you make sure you get the documents you are entitled to? How can you assure that the opposition is doing the best job identifying, collecting, searching and producing requested documents.”

The conference is tomorrow from 8am to 6pm ET.  And, again this year, U-Fla will also be hosting CareerFest the day before (which is today!) at noon ET.

As you can always expect from the U-Fla conference, there are a veritable plethora of experts, including Craig Ball, George Socha, Aaron Crews, Scott Milner, Kelly Twigger, Tessa Jacobs, David Horrigan, Canaan Himmelbaum, Suzanne Clark, Mike Dalewitz, Mike Quartararo, and Ian Campbell.  And, a bunch of distinguished federal and state judges, including U.S. Magistrate Judges William Matthewman, Mac McCoy, Patricia Barksdale, and Gary Jones and retired Florida Circuit Court Judge Ralph Artigliere.

I will be there again as well, presenting in the E-Discovery Nuts and Bolts session.  The topic is Why Waiting Until the Case is Filed May Now be Too Late for Discovery!

I’ll be discussing the drivers and challenges (such as #MeToo, growing data privacy concerns with GDPR and the pending California Privacy Act) facing organizations today to understand their data better to avoid litigation in the first place and discuss where discovery is heading in the future.  Expect a lot of interesting (if not sobering) stats!

From what I understand, unless you’re a student, the conference is sold out in person!  (Maybe you’d better act earlier next time if you want to attend in person!)  But, livestream attendance is still available – and it’s still only $99 for a whole day of CLE-accredited education from a who’s who of eDiscovery experts.  And, it’s free to university and college faculty, professional staff, judicial officials, clerks, and employees of government bodies and agencies.  To register for livestream attendance, click here.

So, what do you think?  Are you going to attend the conference in person or via livestream?  There’s still time to register!  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.