Close
Enter your
text here

Electronic Discovery

Working Successfully with eDiscovery and Litigation Support Service Providers: Monitoring Work and Preventing Problems
 

So many law firm litigation support folks that I know have an unpleasant war story or two about a project they did with a vendor.  I usually find these frustrating, because more often than not, the problems could have been avoided.  Taking a few preventative steps early on, and doing a good job of monitoring project activity can make all the difference.   In the next few posts in this series, we’re going to look at ways to make the projects you do with vendors run smoother.

First, let’s look at the potential problem areas.  There are three:

  • Unexpected project costs
  • Missed deadlines
  • Poor work quality

Very often, the problems in these areas result from poor communication between the litigation team and the service provider.  Sometimes, the problems stem from poor up-front communication, which results in a misunderstanding of requirements, priorities and expectations.  Other times, the problems arise because of poor communication during the project itself.

There are several steps you can take up-front to minimize the potential for problems.  These steps will foster a good understanding of expectations and requirements and build lines of communication into the process.  Constant communication with the service provider throughout the life of the project is likewise important.  If you are in frequent communication you are likely to catch problems before they get out of hand and before they turn into major headaches.

The next several blog posts will cover steps you can take to minimize the potential for problems with unexpected project costs, problems with meeting deadlines, and problems with sub-standard work quality.

What steps do you take to prevent problems with vendor work?  Please share any comments you might have and let us know if you’d like to know more about an eDiscovery topic.

eDiscovery Best Practices: Checking for Malware is the First Step to eDiscovery Processing
 

A little over a month ago, I noted that we hadn’t missed a (business) day yet in publishing a post for the blog.  That streak almost came to an end last week.

As I often do in the early mornings before getting ready for work, I spent some time searching for articles to read and identifying potential blog topics and found a link on a site related to “New Federal Rules”.  Curious, I clicked on it and…up popped a pop-up window from our virus checking software (AVG Anti-Virus, or so I thought) that the site had found a file containing a “trojan horse” program.

The odd thing about the pop-up window is that there was no “Fix” button to fix the trojan horse.  There were only choices to “Ignore” the virus or “Move it to the Vault”.  So, I chose the best available option to move it to the vault.

Then, all hell broke loose.

I received error messages that my hard drive had corrupted, that my RAM was maxed – you name it.

Turns out the trojan horse has provided a “rogue” pop-up window, designed to look like AVG Anti-Virus, to dupe me into activating the program by clicking on a button.  If you studied the Trojan War in school, you know that’s why they call it a “trojan horse” – it fools you into letting it into your system.

While its common to refer to all types of malware as “viruses”, a computer virus is only one type of malware.  Malware includes computer viruses, worms, trojan horses, spyware, dishonest adware, scareware, crimeware, most rootkits, and other malicious and unwanted software or program.  A report from Symantec published in 2008 suggested that "the release rate of malicious code and other unwanted programs may be exceeding that of legitimate software applications”.

I’ve worked with a lot of clients who don’t understand why it can take time to get ESI processed and loaded into their review platform.  Depending on the types of files, several steps can be required to get the files ready to review, including “unarchiving” of container files, OCR (of image only files) and, of course, indexing of the files for searchability (among other possible steps).  But, the first step is to scan the files for viruses and other malware that may be infecting the files.  If malware is found in any files, the files have to be identified.  Then, those files will either be isolated and logged as exceptions or the virus software will attempt to remove the malware.  While it may seem logical that the malware should always be removed, doing so is technically altering the file, so counsel need to agree that malware removal is acceptable.  Either way, the malware needs to be addressed so that it doesn’t affect the entire collection.

As for me, as soon as the infection was evident, I turned my laptop off and turned it over to our support department at Trial Solutions.  By the end of the day, I had it back, good as new!  Thanks, Tony Cullather!

So, what do you think?  How do you handle malware in your collections?   Please share any comments you might have or if you’d like to know more about a particular topic.

eDiscovery Best Practices: 4 Steps to Effective eDiscovery With Software Analytics
 

I read an interesting article from Texas Lawyer via Law.com entitled “4 Steps to Effective E-Discovery With Software Analytics” that has some interesting takes on project management principles related to eDiscovery and I’ve interjected some of my thoughts into the analysis below.  A copy of the full article is located here.  The steps are as follows:

1. With the vendor, negotiate clear terms that serve the project's key objectives.  The article notes the important of tying each collection and review milestone (e.g., collecting and imaging data; filtering data by file type; removing duplicates; processing data for review in a specific review platform; processing data to allow for optical character recognition (OCR) searching; and converting data into a tag image file format (TIFF) for final production to opposing counsel) to contract terms with the vendor. 

The specific milestones will vary – for example, conversion to TIFF may not be necessary if the parties agree to a native production – so it’s important to know the size and complexity of the project, and choose only an experienced eDiscovery vendor who can handle the variations.

2. Collect and process data.  Forensically sound data collection and culling of obviously unresponsive files (such as system files) to drastically decrease the overall review costs are key services that a vendor provides in this area.  As we’ve noted many times on this blog, effective culling can save considerable review costs – each gigabyte (GB) culled can save $16-$18K in attorney review costs.

The article notes that a hidden cost is the OCR process of translating extracted text into a searchable form and that it’s an optimal negotiation point with the vendor.  This may have been true when most collections were paper based, but as most collections today are electronic based, the percentage of documents requiring OCR is considerably less than it used to be.  However, it is important to be prepared that there are some native files which will be “image only”, such as TIFFs and scanned PDFs – those will require OCR to be effectively searched.

3. Select a data and document review platform.  Factors such as ease of use, robustness, and reliability of analytic tools, support staff accessibility to fix software bugs quickly, monthly user and hosting fees, and software training and support fees should be considered when selecting a document review platform.

The article notes that a hidden cost is selecting a platform with which the firm’s litigation support staff has no experience as follow-up consultation with the vendor could be costly.  This can be true, though a good vendor training program and an intuitive interface can minimize or even eliminate this component.

The article also notes that to take advantage of the vendor’s more modern technology “[a] viable option is to use a vendor's review platform that fits the needs of the current data set and then transfer the data to the in-house system”.  I’m not sure why the need exists to transfer the data back – there are a number of vendors that provide a cost-effective solution appropriate for the duration of the case.

4. Designate clear areas of responsibility.  By doing so, you minimize or eliminate inefficiencies in the project and the article mentions the RACI matrix to determine who is responsible (individuals responsible for performing each task, such as review or litigation support), accountable (the attorney in charge of discovery), consulted (the lead attorney on the case), and informed (the client).

Managing these areas of responsibility effectively is probably the biggest key to project success and the article does a nice job of providing a handy reference model (the RACI matrix) for defining responsibility within the project.

So, what do you think?  Do you have any specific thoughts about this article?   Please share any comments you might have or if you’d like to know more about a particular topic.

eDiscovery Trends: Apple Responds to the iPhone/iPad Location Controversy
 

Yesterday, we talked about the latest litigation for Apple, which was sued for alleged privacy invasion and computer fraud by two customers in a federal complaint in Tampa, Florida who claim the company is secretly recording and storing the location and movement of iPhone and iPad users.  Yesterday, Apple issued a press release response to questions regarding this controversy, published here on Business Wire.

Highlights:

  • Apple reiterated that they are “not tracking the location of your iPhone. Apple has never done so and has no plans to ever do so.”
  • Instead, according to Apple, the iPhone is “maintaining a database of Wi-Fi hotspots and cell towers around your current location, some of which may be located more than one hundred miles away from your iPhone, to help your iPhone rapidly and accurately calculate its location when requested.”
  • Apple says that the “database is too big to store on an iPhone, so [they] download an appropriate subset (cache) onto each iPhone. This cache is protected but not encrypted, and is backed up in iTunes whenever you back up your iPhone.”
  • Geo-tagged Wi-Fi hotspot and cell tower data is sent to Apple in an anonymous and encrypted form” and “ Apple cannot identify the source of this data.”
  • The reason the iPhone stores up to a year’s worth of location data is “a bug we uncovered and plan to fix shortly”.  “We don’t think the iPhone needs to store more than seven days of this data.”
  • The iPhone sometimes shouldn’t continue updating its Wi-Fi and cell tower data when Location Services is turned off.  “This is a bug, which we plan to fix shortly”.
  • Apple also noted that they will release a free iOS software update “sometime in the next few weeks” that: “reduces the size” of the database cached on the iPhone, “ceases backing up the cache”, and “deletes this cache entirely when Location Services is turned off”.

We’ll see how this press release impacts the litigation and various regulatory investigations.

So, what do you think?  Have you been involved in a case where GPS location data was relevant?   Please share any comments you might have or if you’d like to know more about a particular topic.

eDiscovery Trends: It’s 10 PM, Does Apple Know Where You Are?
 

Over 30 years ago, local TV stations across the country ran this ad, asking the question “It’s 10 PM, do you know where you children are?”

Today, they could ask the question of many iPhone and iPad users, “It’s 10 PM, does Apple know where you are?”

According to Bloomberg on Monday, “Apple Inc. (AAPL) was sued for alleged privacy invasion and computer fraud by two customers who claim the company is secretly recording and storing the location and movement of iPhone and iPad users, according to a federal complaint filed…in Tampa, Florida.”

Vikram Ajjampur, an iPhone user in Florida, and William Devito, a New York iPad customer, sued April 22 in federal court in Tampa, Florida, seeking a judge’s order barring the alleged data collection and requesting refunds for their phones.

The lawsuit references a report from two computer programmers who indicated that “those of us who own either an iPhone or iPad may have been subjected to privacy invasion since the introduction of iOS 4.0” (operating system).  The report claims that Apple’s iOS4 operating system is logging latitude-longitude coordinates along with the time a spot is visited, is collecting about a year’s worth of location data, and logs location data to a file called "consolidated.db", which is unencrypted and unprotected.

“We take issue specifically with the notion that Apple is now basically tracking people everywhere they go,” Aaron Mayer, an attorney for the plaintiffs, said. “If you are a federal marshal, you have to have a warrant to do this kind of thing, and Apple is doing it without one.”

In addition to the Florida lawsuit, the Illinois Attorney General has asked to meet with Apple executives to discuss these reports and French, German, Italian and South Korean regulators are also investigating the alleged location collection feature as a result of the programmers’ report.

So far, Apple has not commented – officially.  However, MacRumors reports that Steve Jobs has responded to one emailer who requested “Maybe you could shed some light on this for me before I switch to a Droid. They don't track me.”  To which Jobs allegedly responded, “Oh yes they do. We don't track anyone. The info circulating around is false.  Sent from my iPhone.”

True or False?  We’ll hopefully see.  It seems that every week there is a new type of data that can be relevant to the eDiscovery process, doesn’t it?

So, what do you think?  Have you been involved in a case where GPS location data was relevant?   Please share any comments you might have or if you’d like to know more about a particular topic.

Working Successfully with eDiscovery and Litigation Support Service Providers: Questions to Ask when Checking References, Part 3
 

Last week, we started and continued a list of questions to ask when you are doing a reference check.  So far, the list includes general project questions, questions about communicating with the vendor, questions about costs, and questions aimed at evaluating the quality of a vendor’s work. Today we’ll complete the list with questions about the vendor’s ability to meet schedule requirements, and questions aimed at assessing the vendor’s overall performance. 

Questions regarding schedule requirements, meeting deadlines, and flexibility:

  1. Did you establish a schedule with milestones and deadlines for the vendor?
  2. Did they meet your milestones and deadlines?  If not, why was there a problem?
  3. Did the scope of the project – in terms of volume – change after the project started?  How did the vendor handle that? 
  4. Did the vendor need to add additional resources to your project to meet deadlines?  If not, should they have?
  5. If deadlines were missed, how much advance notice were you given?
  6. Did you change priorities that required adjustments to work flow during the project?  If so, how did the vendor handle that?  Were they able to accommodate changing needs?

Questions aimed at assessing overall performance

  1. Will you use this vendor again?
  2. Are there changes you would make to the way in which you work with this vendor?  Or changes you would request regarding their services?
  3. Are there project thresholds under which you wouldn’t use this vendor (for example, not for a collection above a certain size, or not for a rush project)?
  4. What do you believe is this vendor’s greatest strength?  Weakness?
  5. What is the one thing you would change about this vendor if you could?
  6. How would you rank this vendor against other vendors you have used?  Are they on your list of preferred vendors for future projects?  Under what circumstances might you choose another vendor over this vendor?

The list of questions we’ve compiled in the last several posts should be a good starting point for you!  Remember, though, that a good reference check session will be interactive.  Some of the answers you get will prompt additional questions.  Don’t be afraid to do some digging to uncover what you need to know.

Do you get good information when you check vendor references?  What questions do you ask?  Please share any comments you might have and let us know if you’d like to know more about an eDiscovery topic.

eDiscovery Trends: Thought Leader Interview with Jeffrey Brandt, Editor of Pinhawk Law Technology Daily Digest
 

As eDiscovery Daily has done in the past, we have periodically interviewed various thought leaders in eDiscovery and legal technology to provide insight as to trends in the industry for our readers to consider.  Recently, I was able to interview Jeffrey Brandt, Editor of the Pinhawk Law Technology Daily Digest and columnist for Legal IT Professionals.

With an educational background in computer science and mathematics from the University of Pittsburgh, Jeff has over twenty four years of experience in the field of legal automation working with various organizations in the United States, Canada, and the United Kingdom.  As a technology and management consultant to hundreds of law firms and corporate law departments he has worked on information management projects including: long range strategic planning, workflow management and reengineering, knowledge management, IT structure and personnel requirements and budgeting. Working as a CIO at several large law firms, Jeff has helped bring oversight, coordination and change management to initiatives including: knowledge management, library & research services, eDiscovery, records management, technology and more. Most recently, he served as the Chief Information and Knowledge Officer with an AMLaw 100 law firm based out of Washington, DC.

Jeff has also been asked to serve on numerous advisory councils and CIO advisory boards for key vendors in the legal space, advising them on issues of client service and future product direction.  He is a long time member (and former board member) of the International Legal Technology Association (ILTA) and has taught CLE classes on topics ranging from litigation support to ethics and technology.

What do you consider to be the current significant trends in eDiscovery in 2011 and beyond on which people in the industry are, or should be, focused?

I would say that the biggest two are the project management component and, for lack of a better term, automated or artificial intelligence.

The whole concept and the complexities of what it takes to manage a case today are more challenging than ever, including issues like the number of sources, the amount of data in the sources, the format in which you’re producing, where can the data go and who can see it.  I remember the days when people used to take a couple of bankers boxes, put them in their car and go home and work on the documents.  You simply cannot do that today – the amount of information today is just insane.

As for artificial intelligence, as was discussed in the (Pinhawk) digest recently, you’re seeing the emergence of predictive coding and using computers to cull through the massive amounts of information so that a human can take the final pass.  I think more and more we’re going to see people relying on those types of technologies – some because they embrace it, others because there is no other way to humanly do it.

I think if there’s any third trend it would probably be where do we go next to get the data?  In terms of social media, mining Facebook and Twitter and all the other various sources for additional data as part of the discovery process has become a challenge.

You recently became editor of the Pinhawk Law Technology Daily Digest.  Tell me about that and about your plans for the digest.

Well, I think there are several things going forward.  My role is to keep up the good work that Curt Meltzer, the founding editor, started and fill the “big shoes” that Curt left behind.  My goal is to expand the sources of information from which Pinhawk draws.  There are about 400 sources today and I think by the time my sources (and possibly a few others) are added in, there will be over 500.  We’ve also talked about going to our readership and asking them “what are your go-to and must read sources?” to include those sources as well.  We’ll also be looking to incorporate social media tools to hopefully make the experience much more comprehensive and easier to participate in for the Pinhawk digest reader.

And, what should we be looking for in your column in Legal IT Professionals?

Well, I like to dabble in multiple areas – in the small consulting practice that I have, I do a little bit of everything.  I’ve recently done some very interesting work in communities of practice, using social media tools, focusing them inward in law firms to provide the forum for lawyers to open up, share and mentor to others.  I like KM (Knowledge Management) and related topics and we had a recent post in Pinhawk talking about the future of the law firm.  To me, those types of discussions are fascinating.

You take the extremes and you’ve got the “law factory”, you take the high-end and you’ve got the “bet the farm” law firm.  How technology plays a role in whatever culture, whatever focus a law firm puts itself on is interesting.  And then you watch and see some of the rumblings and inklings of what can be done in places like Australia, where you have third-party investment of law firms and the United Kingdom, where they are about to get third-party investment.  There was a recent article about third-party ownership of law firms in North Carolina.  You look at examples like that and you say “is the model of partnership alive?”  When you get into “big law”, are they really partnerships?  Where are they in the spectrum of a thousand sole practitioners operating under one letterhead to a firm of a thousand lawyers?  That’s where I think that communities of practice and social media tools are going to help lawyers know more about their own partners and own firms. 

It’s sad that in some firms the lawyers on the north side of the building don’t even know the lawyers on the south side of the building, let alone the people on the eighth floor vs. the tenth floor.  It’s a changing landscape.  When I got into legal and was first a CIO at Porter, Wright, Morris & Arthur, 250 lawyers in Columbus, Ohio was the 83rd largest law firm in the US – an AMLAW 100 firm.  Today, does that size a firm even make it into the AMLAW 250?

In my column at Legal IT Professionals, you’ll see more about KM and change management.  Another part of my practice is mentoring IT executives in how to deal with business problems related to the business of law and I think that might be my next post – free advice to the aspiring CIO.

This might sound odd coming from a technologist, but…it’s not really about the technology.  From a broad standpoint, you can be successful with most software tools.  A law firm isn’t going to be made or broken whether it chose OpenText or iManage as a document management tool or chose a specific litigation support tool.  It is more about the people, the education and the process than it is the actual tool.  Yes, there are some horrible tools that you should avoid, but, all things being equal, it’s really more the other pieces of the equation that determine your success.

Thanks, Jeff, for participating in the interview!

And to the readers, as always, please share any comments you might have or if you’d like to know more about a particular topic!

Working Successfully with eDiscovery and Litigation Support Service Providers: Questions to Ask when Checking References, Part 2
 

Yesterday, we started a list of questions to ask when you are doing a reference check.  That list included general project questions, questions about communicating with the vendor, and questions about costs. Here are some questions aimed at uncovering information on the quality of the vendor’s work:

  1. Were you satisfied with the quality of the vendor’s work and did it meet your expectations?
  2. Were you involved in initial project training of the vendor’s staff?  Do you recommend that with this vendor?
  3. Did you do quality control checks of the vendor’s work?  How did you check the work?  How much of the work did you check?
  4. Did you spend time checking work at the vendor’s facility?  Do you recommend that with this vendor?
  5. Did you provide feedback to the vendor on quality?  How was that received?  Did the vendor incorporate your feedback and did the work quality improve?
  6. If there were quality problems, were they dealt with quickly?  Was it necessary to escalate problems above the project manager to get them resolved?
  7. Do you know what quality control procedures the vendor used?  How much work did they check?  What quality control was done manually?  What automated checks were done?
  8. Do you know if the vendor needed to do rework?  Was rework precipitated by issues you brought to their attention?  Did you have to ask the vendor to do any work over?
  9. If you had the technology tools and resources to do this work yourself, do you think you could have done a better job?  If so, in what way?
  10. Do you feel that the vendor had a good grasp on your requirements and the experience to do the work efficiently?
  11. Did the project manager have the right background and experience to handle your project?

In the next issue, we’ll continue this list with questions aimed at getting a handle on a vendor’s ability to meet schedule requirements and some closing questions aimed at assessing overall performance.

Do you get good information when you check vendor references?  What questions do you ask?  Please share any comments you might have and let us know if you’d like to know more about an eDiscovery topic.

In observance of Good Friday, eDiscovery Daily will not publish a new post tomorrow.  See you Monday!

Working Successfully with eDiscovery and Litigation Support Service Providers: Questions to Ask when Checking References
 

Getting good information about a vendor in a reference check is a skill worth developing.  As a starting point, you should be armed with a good set of questions.  Don’t limit yourself to the list, though.  A good reference-check call will be interactive and answers to some questions will probably prompt additional questions.

Here’s a good starting point list that might apply to any type of vendor or service you are inquiring about:

First, get a handle on the scope of the project the vendor handled for the client:

  1. What services were provided?
  2. What volume of data / documents were handled?
  3. What deliverables did the vendor provide to you?
  4. What was the schedule?

Ask questions about the communication frequency and effectiveness between the vendor and the client:

  1. Were you the primary point of contact?
  2. If not, can you point me to the person who was?
  3. Did you have regular contact with the project manager?  With anyone else?
  4. Did you get regular status reports from the vendor?  How often did you get them?  What information was included in the status reports?  Were the reports useful?  Could you tell if the project was on schedule?
  5. How quickly did the vendor respond to phone calls?  Email?
  6. Did you ever have trouble reaching the vendor, or reaching the right person at the vendor organization?

Ask questions about the project costs:

  1. Were the costs what you expected?
  2. Were costs within the vendor’s estimates?
  3. Were the invoices clear and sufficiently detailed?  What information was included on the invoices?
  4. Were there any cost surprises?  Any cost line items on the invoices that you weren’t expecting?

Tomorrow we’ll continue this list with questions aimed at getting a handle on the quality of a vendor’s work.

Do you get good information when you check vendor references?  What questions do you ask?  Please share any comments you might have and let us know if you’d like to know more about an eDiscovery topic.

What eDiscovery Professionals Can Learn from the Internet Gambling Crack Down
 

Many of you may have heard about the FBI cracking down on the three largest online gambling sites in the past few days, as the owners of those sites in the United States have been indicted and charged with bank fraud, money laundering and illegal gambling offenses and the sites have been essentially shut down in the US.  Restraining orders have been issued against more than 75 bank accounts in 14 countries used by the poker companies PokerStars, Full Tilt Poker and Absolute Poker.  Many US customers of these sites are now scrambling to try to get their funds out of the sites and finding it difficult to do so.

So what?  This is an eDiscovery blog, right?  What does an Internet gambling crack down have to do with eDiscovery?

PokerStars, Full Tilt Poker, Absolute Poker and other gambling sites are cloud-based, Software-as-a-Service (SaaS) applications.  Just like Amazon, Facebook, Twitter, eBay, YouTube and SalesForce.com, these sites provide an application via the web that enables its clients to receive a service.  In the case of Amazon, it’s the ability to purchase any number of products.  For Facebook, it’s the ability to share information with friends and family.  For these gambling sites, it’s the ability to play poker for money with anyone else in the world who has the same gambling itch that you do and a broadband connection.

The problem is: in the US, it’s illegal.  The Unlawful Internet Gambling Enforcement Act of 2006 prohibits gambling businesses from knowingly accepting payments related to a bet or wager that involves the use of the Internet and that is unlawful under any federal or state law.  So, these sites are hosted in other countries to attempt to skirt the law.

What many US customers of these sites are finding out is the same thing that eDiscovery professionals discover when they need to retrieve cloud-based data in response to a discovery request: it’s imperative to know where your data is stored.  It’s likely that many customers of these gambling sites knew that their funds were kept off-shore, while others may not have known this was the case.  Regardless, they’re now scrambling to get their data (i.e., funds) back — if they can.

Many organizations are “in the same boat” when it comes to their SaaS providers – it may be unclear where that data is being stored and it may be difficult to retrieve if it’s stored in a foreign country with a different set of laws.  It’s important to establish (in writing if possible) with the provider up front where the data will be stored and agree on procedures such as records management/destruction schedules so that you know where your data is stored and can get access to it when you need it.  Don’t gamble with your data.

So, what do you think?  Do you have organizational data in a SaaS-based solution?  Do you have a plan for getting that data when you need it?  Please share any comments you might have or if you’d like to know more about a particular topic.

Full disclosure: I work for Trial Solutions, which provides SaaS-based eDiscovery review applications FirstPass® (for first pass review) and OnDemand® (for linear review and production).  Our clients’ data is hosted in a secured Tier 4 Data Center in Houston, Texas, where Trial Solutions is headquartered.