The eMag Link Monthly Articles
May Edition
View previous articles
Proposed Amendments to the Federal Rules of Civil Procedure - Do You Need to Make Changes by December 1, 2006?
Metadata Emerging as a Vital Component of E-discovery*
Proposed Amendments to the Federal Rules of Civil Procedure - Do You Need to Make Changes by December 1, 2006?
On April 12, 2006 the United States Supreme Court approved the proposed amendments to the Federal Rules of Civil Procedure that address the discovery of electronically stored information (ESI).[1] The new proposed rules and amendments will take effect on December 1, 2006, unless Congress passes legislation to reject, modify, or postpone the amendments.
Rule 26(b)(2)(B): General Provisions Governing Discovery; Duty of Disclosure; Discovery Scope and Limits; Limitations.
Under accepted changes a party seeking discovery of electronically stored information that is not reasonably accessible must first obtain a court order based on a showing of good cause. The good cause analysis weighs the requesting party's need for the information against the burden on the responding party. While the accepted amendments do not define the term, the Committee Notes suggest that reasonably accessible information likely includes any information that the responding party routinely accesses or uses, but may not include disaster recovery data, legacy data, deleted data, or other data that requires significant cost, effort, or burden to produce.
Accessibility of Backup Tapes
Generally backup tapes that are maintained for the purpose of disaster recovery have been considered to be inaccessible data during discovery. When backup tapes are used for active information storage and archiving, they will be considered accessible for litigation purposes. With the proposed rules changes, companies will be required to disclose their full backup catalogs, and depending on the circumstances and requirements of the tapes, you may be required to provide samples of disaster recovery backup tapes that were previously considered inaccessible.
Intelligent Asset Management: What Should You Do?
Over the next several months companies will be faced with the daunting task of determining what backup tapes are necessary for continuing archival. If your company has created a compliant records retention policy, then generally there would be no need to keep tapes that fall outside of the retention requirements and possibly subject your company to the undue burden of these tapes being considered accessible during future litigation. In some cases you may have to adjust retention polices to avoid archiving tapes that are not needed and serve no useful purpose.
Once you've ensured that your record retention requirements are compliant, the next step would be to audit and track your existing tape catalog to determine the relevant backup tapes that need to be kept. eMag offers a tool, MM/FileFinder, for just such a requirement as well as allowing you to significantly shrink the scope of a discovery request. MM/FileFinder allows you to interrogate and adopt the management of tape media catalogs thus enabling for the enforcement of retention policies. In addition when a discovery request is made, file-level scans produce the file names that exist on each tape, along with the server info and the backup session, to determine the relevance of each tape. Scope is significantly reduced enabling you to restore only relevant tapes and greatly reduce the costs of a discovery request.
Companies that opt not to audit their archived tapes and tighten up their existing retention policies may incur additional and unnecessary retention and discovery costs for years to come. Contact eMag to learn more about how you can greatly reduce these potential costs.
[1] Applies only to federal courts and jurisdictions that have adopted the Federal Rules of Civil Procedure.
Back to topMetadata Emerging as a Vital Component of E-discovery*
Those who keep their fingers on the pulse of emerging issues in e-discovery appreciate the growing importance of metadata. So-called “data about data” — also known as an audit trail — has played a significant role in recent legal cases and is increasingly recognized as discoverable.
Because metadata contains information about file names, sizes, authors, dates, modifications and recipients, it can shed light upon the circumstances and intent of the document being produced as evidence — in some cases uncovering a “smoking gun” and, in others, substantiating charges or corroborating defense arguments. Because of the increasing value being assigned to metadata, those involved with electronic discovery must ensure that the process they use preserves the integrity not only of the content of the files, but the metadata as well.
Metadata Provides Audit Trail
In essence, metadata provides an audit trail that reveals the who, what, when and how relative to the creation, modification, and distribution of any electronic information — from Word documents to Excel spreadsheets, to e-mail, to image files, to executables. In other words, metadata can reveal who originally created a file, who subsequently opened the file or had access to it, during what time frame the document was created and made accessible to others, and who may have altered the document, in what way and when.
Metadata originates from a number of sources. Most commonly, computers create it automatically when users create and work with a file. However, metadata can also be supplied by a user or inferred through relationships documents have with each other.
Because metadata can be automatically saved and is generally hidden (both on the screen and when files are printed), most computer users aren’t even aware that they are creating these bits of information. In fact, the overwhelming majority of metadata is not accessible to typical users. However, even when they’re not conscious of it, there are times when users rely upon metadata themselves: for example, when they conduct an electronic search to identify files or e-mails created by particular individuals or during a specified date range, or when they use the “Properties” function on some e-mail servers to track when (and to whom) messages were sent, received and opened.
Metadata also can be locked, lost or scrubbed from files — in some cases, innocently but in others, intentionally. When a user copies and pastes files from an Excel spreadsheet into another format or copies a document into a local folder, some or all of the metadata may not migrate with the data and the user may inadvertently lose or change information that may later need to be produced in court.
Tools and utilities that allow users intentionally to remove metadata from files are also available from software manufacturers, (e.g., the Service Metadata Utility tool from Microsoft). These are most often used to protect proprietary information or ensure security of documents and files.
For example, a spreadsheet might be created with pricing for a specific product line. Another user might copy the spreadsheet for a similar product line and want to scrub identifying data from the previous version for confidentiality’s sake. However, such tools can be dangerous, enabling spoliation of data and subjecting the producing party to sanctions or adverse inference orders.
Emerging Standards Govern Metadata Discovery
While the question of how to address the existence of metadata in a legal setting has been under scrutiny over the past several years, there are no hard-and-fast rules concerning its discoverability. Nevertheless, standards are emerging and precedents are being set.
Serving as primary guideposts for legal rulings regarding metadata to date are The Sedona Guidelines: Best Practice Guidelines & Commentary for Managing Information and Records in the Electronic Age and the Federal Rules of Civil Procedure (particularly Rule 34). While both documents define metadata, the Sedona Guidelines more clearly sets forth direction regarding the discoverability of metadata. In part, it notes that metadata should not “presumptively be treated as part of the document.” However, it continues, “ there are circumstances in which the data may be relevant and should be preserved and produced.”
These principles came into play recently in the age discrimination/reduction in force case of Williams v. Sprint/United Management Company, 230 F.R.D. 640 (D. Kan. 2005) (requiring the production of electronic spreadsheets’ metadata, as well as requiring the spreadsheets to be produced with “unlocked” cells and data). In Williams, the presiding judge acknowledged that discoverability of metadata should be decided on a case-by-case basis. However, he also ruled that when parties are required to produce documents as they are maintained in the ordinary course of business, those documents should be supplied with the metadata intact (emphasis added). Exceptions may be made if the producing party files a timely objection, both parties agree the metadata is not relevant, or the producing party requests a protective order.
Similarly, a securities class action levied against Priceline.com in U.S. District Court in Connecticut addresses the critical nature of metadata. (In re Priceline.com, Inc., Sec. Litig., No. 3:00CV01884(DJS), 2005 U.S. Dist. LEXIS 33636 (D. Conn. Dec. 8, 2005) While the court ruled that the defendants could produce responsive information non-natively in TIFF or PDF formats, it also required them to supply searchable metadata databases, and maintain all data in its native format for the duration of the litigation.
The synthesis of these guidelines and rulings indicate a clear trend reinforcing that metadata is discoverable, and that parties should be prepared to include metadata when documents are produced. In fact, removal of metadata typically will require an affirmative act by the producing party.
E-Discovery Tools Verify Integrity of Metadata
While providing guidance, these principals also acknowledge the challenges inherent to metadata and e-discovery. The Sedona Guidelines, in fact, identify one specific problem: that metadata can potentially be altered or extracted during file conversion and restoration. This means that parties must take appropriate steps to ensure that whatever technique they use to archive, restore or search files during e-discovery must preserve metadata.
One method used to verify that an object (e.g., file, document, spreadsheet, etc.) has not been altered throughout a process is to “hash” the object at the outset. This hashing process produces a unique number (or “fingerprint”) that can then be compared at the end of the process. This comparison verifies that the process has not altered the file.
Fingerprinting a file quantifies every keystroke, command, or action that affects a file. During digital discovery, for instance, computer forensic technicians conduct a hash on the file content prior to conducting searches, cleaning up files, etc. At the end of the process, the hash should be identical, validating that nothing was altered or deleted from the file. A finely tuned technique, hashing is sensitive enough to detect the smallest alteration — a comma converted to a period, for instance, or the file’s origination date changed from one time frame to another.
Most e-discovery experts rely upon one of two hash algorithms (MD-5 and SHA-1) to ensure metadata is preserved properly. These compute a condensed representation of a message or a data file. The condensed representation is of fixed length and is known as a “message digest” or fingerprint.
The SHA-1 algorithm, which is the tool our company, eMag Solutions, typically employs, provides a larger confidence interval than MD-5 because of the precision of the algorithm it implements. This implementation enables detection of subtle changes in the object that can be quantified by the extra 32 bits of the digest.
Experts liken this to developments in criminal fingerprinting techniques. Early tools used to evaluate suspects’ fingerprints were less sensitive than today’s methods — and may have missed characteristics like a faint whorl or indentation that would have definitively matched the print to a particular individual, or exonerated another.
Similarly, the SHA-1 algorithm more accurately distinguishes changes in metadata. MD-5, for instance, encounters more “collisions” — instances where two files seem to be identical — when hashing files. SHA-1, on the other hand, can detect even the subtlest differences, providing greater accuracy in the e-discovery process.
Reliance On Metadata Expected To Grow
While treatment of metadata in digital discovery continues to evolve, virtually all experts anticipate that it will continue to play a central role. Metadata, in and of itself, facilitates electronic searches so that appropriate files can be produced — e.g., allowing those involved in the discovery process to construct search parameters based on key words or elements (authors, date ranges, etc.) that are found in the metadata. In addition, the value metadata contributes in confirming the veracity and authenticity of responsive documents most likely will only grow.
In short, current legal precedents and trends serve only to underscore the importance of employing processes that fully preserve and protect metadata during the course of activities like archiving, searching and restoring electronic files. With these demands in mind, it is vital that producing parties select electronic discovery vendors and partners that are capable of preserving all metadata — so they can be assured of supplying responsive documents that meet the emerging standards regulating e-evidence.
* The following article was authored by Chuck Bokath and Shawn Strickler of eMag Solutions and is reprinted with permission from Digital Discovery & e-Evidence, Volume 6, Number 5, pages 9-11, published by Pike and Fischer. Copyright 2006 by IOMA, Inc. For more information on Digital Discovery & e-Evidence, call 1-800-255-8131 ext 248 or visit www.pf.ddee.
Back to topThis article may be re-published as long as the following resource box is included at the end of the article and as long as you link to the email address and the URL mentioned in the resource box:
Article by eMag Solutions. For more articles on eDiscovery and Data Restoration, subscribe to our e-mail Newsletter by sending a blank email to newsletter@emaglink.com or by going to http://www.emaglink.com.