EvidenceProf Blog

Editor: Colin Miller
Univ. of South Carolina School of Law

Saturday, February 6, 2010

New Problem. Old Solution: Andrew Perlman's "The Legal Ethics Of Metadata Mining" & What I Think It Tells Us About Compelled Forensic Imaging

Metadata is essentially information that is embedded in -- not apparent on the face of -- electronic documents, such as word processing files or spreadsheets.  Metadata can contain a wide range of information, including the name of the person who originally authored the document, the date the document was created, the dates it was edited, the names of other people who edited it, and even the contents of previous edits. Andrew M. PerlmanThe Legal Ethics of Metadata MiningAkron Law Review (forthcoming)

Obviously, metadata can be extremely important to litigants as Professor Perlman makes clear in the following example:
Consider a case in which a large volume of electronic documents are produced in response to a discovery request.  The parties did not agree in advance whether metadata was discoverable, and the recipient wants to review the metadata of the produced documents to determine who authored them and on what dates.  In some cases, the discovery documents were produced in their native format (e.g., Microsoft Word’s “.doc” format), so the information is easily discoverable in the metadata.   

Other electronic documents, however, were converted to Adobe’s “.pdf” format before production.  The sender digitally redacted (and asserted a privilege regarding) some of the text in those documents through the use of what is effectively a digital black magic marker that covers the visible text.  The receiving lawyer, however, knows how to remove the digital "black out" and examine the text that lies underneath.  Is it ethically permissible for the lawyer to do so? 

This question of whether and to what extent litigants may engage in metadata mining is the question that Professor Perlman addresses in his forthcoming article, and, as he notes, it is a question that has divided bar associations. As Professor Perlman notes,

Seven bar associations have concluded that it is generally unethical to review a document’s metadata unless the sending party has expressly permitted it....Two bar associations – the American Bar Association and the Maryland State Bar Association – have rejected these arguments....[Specifically], the American Bar Association has concluded that metadata mining should be handled in the same way as inadvertent disclosures more generally....[Meanwhile], [f]our bar associations have concluded that metadata mining should be permissible, at least in some circumstances.

According to Professor Perlman, flat bans on metadata mining are problematic because flat bans are overbroad, metadata mining serves legitimate purposes, metadata mining is not like snooping in someone's briefcase, and metadata mining will not increase the cost of legal services. Professor Perlman concludes that "[t]he best approach to metadata mining is to analogize it to the review of inadvertently disclosed documents more generally [because] [t]he two issues are conceptually indistinguishable." Thus, the ABA's approach is the approach that all bar associations should adopt. New problem. Old solution.

I agree with Professor Perlman and think that I have found a similar new discovery problem that deserves an old solution: compelled forensic imaging:

A forensic image, mirror image, or clone copy “is a forensic duplicate, which replicates bit for bit, sector for sector, all allocated and unallocated space, including slack space, on a computer hard drive.” Communications Center, Inc. v. Hewitt, 2005 WL 3277983, No. Civ.S-03-1968 WBS KJ (E.D.Cal, April 25, 2005). Forensic imaging is not uncommon during civil discovery, “and district courts have, for various reasons, compelled the forensic imaging and production of opposing parties‘ computers.” John B. v. Goetz, 531 F.3d 448, 459 (6th Cir. 2008).   

For instance, in “cases where trade secrets and electronic evidence are both involved, the Courts have granted permission to obtain mirror images of the computer equipment which may contain electronic data related to the alleged violation.” Balboa Threadworks, Inc. v. Stucky, 2006 WL 763668, No. 05-1157-JTM-DWB at *3 (D. Kan., March 24, 2006). Moreover, “courts have also compelled production based upon discrepancies or inconsistencies in a response to a discovery request or the responding party’s unwillingness or failure to produce relevant information.” White v. Graceland College Center for Professional Development & Lifelong Learning, Inc., 2009 WL 722056, No.07-2319-CM at *7 (D. Kan., March 18, 2009). That said, “[c]ourts have been cautious in requiring mirror imaging of computers where the request is extremely broad in nature and the connection between the computers and the claims in the lawsuit are unduly vague or unsubstantiated in nature.” Stucky, 20009 WL 763668 at *3.

This caution is based in large part upon the Advisory Committee's Note to Federal Rule of Civil Procedure 34(a)(1)(A), which generally governs “[r]equests for physical inspection of another party’s hard drives or requests for forensic and mirror imaging of hard drives....” White, 2009 WL 722056 at *7. Rule 34(a)(1)(A) provides that:

A party may serve on any other party a request within the scope of Rule 26(b)(2):

(1) to produce and permit the requesting party or its representative to inspect, copy, test, or sample the following items in the responding party's possession, custody, or control:

(A) any designated documents or electronically stored information — including writings, drawings, graphs, charts, photographs, sound recordings, images, and other data or data compilations — stored in any medium from which information can be obtained either directly or, if necessary, after translation by the responding party into a reasonably usable form.

This provision is a relatively new wrinkle to Rule 34(a) which was added when the Rule was amended in 2006. The Advisory Committee's Note to the amendment indicated that

Inspection or testing of certain types of electronically stored information or of a responding party's electronic information system may raise issues of confidentiality or privacy. The addition of testing and sampling to Rule 34(a) with regard to documents and electronically stored information is not meant to create a routine right of direct access to a party's electronic information system, although such access might be justified in some circumstances. Courts should guard against undue intrusiveness resulting from inspecting or testing such systems.

This Note strongly suggests “that direct inspection of an opponent’s hard drive is not routine, but may be justified in some circumstances....” White, 2009 WL 722056 at *7. But what are those circumstances? On one end of the spectrum, courts consistently have refused to compel forensic imaging in response to requests that were extremely broad, with the connection between computers and claims attenuated. On the other, courts have compelled such imaging when the requesting party can prove some inconsistency or impropriety by the responding party. Courts, however, have  not articulated any singular evidentiary showing required of requesting parties to compel forensic imaging. This places the current state of the law in this emerging field in a similar position to the crime-fraud exception to the attorney-client privilege before the Supreme Court’s 1989 opinion in United States v. Zolin, 491 U.S. 554 (1989).  

Before the Court’s opinion in Zolin, “some courts had endorsed the practice of automatic inspection of the alleged material by the judge to determine the applicability of the crime-fraud exception.” S. Aftab Sharif, Case Comment, Another Independent Evidence Rule Goes Up in Smoke:  The Supreme Court Strikes a Balance in United States v. Zolin, 109 S.Ct. 2619 (1989), 16 T. MARSHALL L. REV. 127, 142 (1990). Meanwhile, “many jurisdictions followed an analysis set out in United States v. Shewfelt,” in which the Supreme Court “held that before the privileged status of communications can be lifted, the government must first establish a prima facie case of fraud independently of the said communications.” Kendall C. Dunston, Student Commentary, The Crime-Fraud Exception to the Attorney-Client Privilege, 20 J. LEGAL PROF. 231, 237 (1995-1996). Finally, some courts, such as the Ninth Circuit, “barred all use of in camera review for” purposes of determining whether communications fell within the crime-fraud exception to the attorney-client privilege. Zolin, 291 U.S. 554, 565 n.9.

In Zolin, the Supreme Court reviewed the Ninth Circuit opinion barring in camera ruling and reversed while also disagreeing with those courts requiring a prima facie case. Id. at 572. According to the Court, a prima facie case is merely what is needed to overcome the privilege, and “a lesser evidentiary showing is needed to trigger in camera review....” Id. According to the court that showing is “‘a showing of a factual basis adequate to support a good faith belief by a reasonable person[]’...that in camera review of the materials may reveal evidence to establish the claim that the crime-fraud exception applies.” Id. (quoting Caldwell v. District Court, 644 P.2d 26, 33 (Colo. 1982)).

I think that courts should require the evidentiary showing of parties seeking compelled forensic imaging. If a party can present evidence adequate to support a good faith belief by a reasonable person that compelled forensic imaging may reveal evidence to uncover electronic data related to the alleged violation, the court should compel it.



| Permalink

TrackBack URL for this entry:


Listed below are links to weblogs that reference New Problem. Old Solution: Andrew Perlman's "The Legal Ethics Of Metadata Mining" & What I Think It Tells Us About Compelled Forensic Imaging :


Post a comment