subpoena

July 25, 2009

Tag Disclosed ESI | Privacy, Control, Security

Warn FBI, Auditor, Examiner, Adversary, Regulator, Investigator or Inspector General

Ediscovery Production Strategy-Services for Text, Email, Twitter, Facebook Google+ or Other Social Network Records

Subpoena . . . tax audit . . . court order . . . police raid . . . search warrant . . . criminal investigation . . . regulatory proceeding . . . administrative summons . . . grand jury inquiry . . . litigation discovery demand -- any of these could compel or motivate a party holding e-records to reveal or produce them.

But often the party that receives (or seizes) the records should be expected to safeguard them after they arrive.

Laws requiring the safeguarding of records are many and diverse.  One small example:  As a business discloses information to the federal government, it can (if justified) tag or annotate the information as a “trade secret.”  By so doing, the business warns government employees that they violate federal law (18 U.S.C. Section 1905) if they abuse the trade secret, such as disclose it to a competitor or to the news media.

Legally speaking, the tagging or annotating of records can be strategically powerful.  But when a large quantity of e-records (SMS, chat, e-mail, Web 2.0, iPhone, BlackBerry) is involved, manual annotation is laborious and expensive.

Emerging technology affords a solution.  Technology empowers producing parties to annotate (label, tag) records with ever-better precision and efficiency.

When records like instant messages are disclosed under law, it is becoming more common that they be disclosed in an electronic format that supports annotations, such as XML.

Electronic annotation (commenting) enables highly granular, specifically-targeted legal notices.  Targeted annotation can give the producing party an advantage.  The advantage is more apparent when large numbers of record are at issue and different records require different notices.

By long-standing practice, lawyers often mark disclosed records with warnings or reservations of rights. But historically these notices were expressed as general, blanket statements in transmittal letters. (See footnote.)

When numerous records are involved, blanket statements may not be as effective as specific, record-by-record annotations.   Label ediscovery data elements Suppose for example that five million email records are being produced.  Within those records are, say, 2137 that contain personally identifiable information (PII), which the producing party is obligated to safeguard.  The producing party may better fulfill its obligation by specifically annotating each of the 2137 with strong warnings, rather than with general notices covering the whole five million.  (Example:  “WARNING: This email may contain private data protected by law.  Access on need-to-know basis only.”)

Specific annotations can include any of a range of legal statements:  disclaimers, instructions, interpretations, cross references, self-serving language, reservations of rights, claims of privacy, contractual terms of use, designation as attorney work product and more.

According to Ranjit Sarai, e-discovery consultant at Messaging Architects, “Annotations can involve advanced services in e-record production.  Manual annotation of individual records can be very time consuming.  But we can recommend or develop routines for identifying relevant records and placing the prescribed annotations on them.  We can facilitate collaborative, team annotations.  We can also help bring the appropriate attention to annotations.  Some annotations should be understated.  Others should scream out in blinking neon lights.”

Update:  Tags and annotations can be inserted according to varying degrees of granularity, whether record-by-record, word-by-word, or something else.  US intelligence agencies are managing massive databases on terrorists by tagging each word, one-by-one.  A tag can show, for example, the level of security clearance an analyst needs in order to see the word.  Advanced search software can prevent an analyst from seeing information for which he does not have adequate clearance, while alerting him that the database may contain additional information relevant to his inquiry, access to which will require higher authority.   Siobhan Gorman, "How a Team of Geeks Cracked Spy Trade," Wall St. J., 4 Sept. 09.



Mr. Wright delivers education on cyber defense law under the SANS Institute.


Footnote:  A case known as Teachers Insurance(1) suggested that when a company discloses information to the Securities and Exchange Commission, it waives attorney-client privilege on that information, unless it explicitly reserves its privilege rights.  Applying that idea, a company in another case(2) attempted to make such a reservation of rights in the transmittal letter sent with documents disclosed to the SEC. 

(1)Teachers Insurance and Annuity Assn. of America v. Shamrock Broadcasting Co, 521 F. Supp. 638 (SDNY 1981).

(2)In re Subpoena Duces Tecum to Fulbright and Jaworski and Vinson & Elkins, 183 Fed. Sec. L. Rep. para. 99,505 (DDC 1983).

Jul 25, 2009 5:06:57 PM | annotate, chat privacy, demand, ediscovery search, Facebook, facebook disclaimer, facebook investigation, FBI investigation, instant & text message records, regulatory audit, search warrant, secret, seize, sms, social network subpoena, software, strategy, subpoena, summons, tag, tax, text message subpoena, trade secret, Twitter

June 15, 2009

Email Recovery | Network Back-up

E-mail Database Search and Forensics

Archival | What is a Subpoena?



As litigation and other requests for e-mail from backup tapes grow more frequent, an enterprise may be wise to restore, consolidate and archive all of its old e-mail held in backup.

Historically organizations did not think of e-mail as an asset worthy of preservation.  They did not archive it, though copies would end up in network backup.  

But experience has taught that e-mail evidence can be critical to defense of a lawsuit or enforcement of a contract.  Alternatively its disclosure might be required under a subpoena (see definition below), a court order, an administrative summons, an IRS tax audit or a freedom of information act request (FOIA).  Further, e-mail might be needed in an investigation (led internally or by outside criminal prosecutors) of a bribe, a kickback, an overcharge, tax evasion or a embezzlement of money, or it might be needed for an audit of alleged misallocation of funds

Archival

Greg Smith of Messaging Architects observes that repeated requests for e-mails from backup can warrant a change of thinking in the IT department. “While most backup software deals very efficiently with individual electronic records, it cannot provide the same level of access to email. This is because enterprise email exists as a record within a database (such as for Groupwise or Microsoft Exchange).  The database must be restored in its entirety and searched in its entirety in order to ascertain the contents of the database. With database sizes exceeding 100GB and scores if not hundreds of tapes, the cost to restore and search the tapes can be considerable. Recovering records for selective users and dates may satisfy the current discovery requirement, but with each successive lawsuit, or changes in discovery parameters for an existing lawsuit, restoration from tape can become a recurring financial liability.”

Greg continues, “The practical solution is to remove the information from tape permanently and place it in an electronic records format where information can be retained and managed as individual records and not conglomerates of information.  In such a format, individual email records can be sorted by user or date.”

Restored records can be archived in an open (non-proprietary) format, such as XML, which enables searchers to tap an ever-expanding array of search and forensics tools.  XML may or may not qualify as "native format" as that term is sometimes used in court decisions, though XML may be a more useful format than whatever the native format was.

–Benjamin Wright

Mr. Wright is an advisor to Messaging Architects, experts in e-discovery and consultants in e-mail investigations.

Post Script  What is a subpoena?  A subpoena is a legal demand that someone turn over information or evidence. Commonly the laws of litigation enable a party to subpoena other parties for records or other evidence. Sometimes the law also invests the power to subpoena in an official who conducts investigations, such as a government auditor or an inspector general. If a party abuses the power to subpoena, by demanding irrelevant records or by issuing a demand with no regard for the cost of compliance, a court may sanction the issuer of the subpoena.

Jun 15, 2009 9:40:38 AM | archive software, asset, backup, backup restoration, computer forensics litigation, corruption audit, eDiscovery consultant, electronic discovery expert, electronically stored information, enforcement, Exchange, foia, foia computer, FOIA evidence, FOIA investigation, freedom of information act, government network, internal investigation, IRS, misallocation of funds, misappropriation of funds, native format, overcharge, preservation, subpoena, summons, tax, tax evasion

May 09, 2009

Recordkeeping for Social Networking Managers

Social Networks for Official, Commercial & Employment Transactions

By law, employers generally need to keep records of employment decisions.  So when the boss conveys a pink slip by way of Facebook, the employer needs a legal record of it.

What?  Fire someone by Facebook . . . a posting on a wall?  Would a manager do that?  Yes.  A spa in Canada (British Columbia) used Facebook to notify Crystal Bell of her job termination.

The history of electronic messaging tells a story about business records.  As each new form of message comes along, we initially doubt you can conduct business with such a flimsy thing.  Fax as a medium for transacting serious business?  No way, people thought in the early 1980s.  But as time passed –- and as court cases enforced fax contracts -- we grew more comfortable with fax as a business tool.  Today, fax is considered a responsible, even conservative medium for transmitting signed agreements and binding business records. 

Then, when electronic mail came into the workplace, conventional wisdom dismissed it.  Convention said e-mail was not a business record, said it could not (conveniently) be authenticated with a signature, and said it should be deleted quickly like so much water-cooler chitchat.  But naturally business people embraced e-mail as a tool for making obligations and delegating authority.  Today we see the law giving enterprises growing reason to store e-mail as business records.

I predict the same process will unfold for collaborative (Web 2.0 and social network) media like instant message, Facebook, Twitter and Myspace.  Old-fashioned folks will try to ban these technologies as methods for conducting important business.  They will, initially, ignore them as records to be kept.

But the outcome of the story is inevitable.  Busy people (like the boss in BC) will use the new channels to hire, fire, negotiate, agree and so on.

The managers of records need to plan for capturing the records of Web 2.0.  Those records can become the subject of a subpoena, an IRS taxpayer audit, an administrative summons or an internal investigation or the source of exculpatory evidence in defense of lawsuits.