Preserving ESI on Twitter

Once litigation is “reasonably anticipated,” parties have an obligation to preserve all potentially relevant material.  That obligation extends to information reasonably under a party’s control, even if it is not actually in its possession.  This raises significant concerns when it comes to information on social media sites such as Facebook and Twitter—the information may well be relevant, should likely be preserved, but is it in the reasonable control of the party?  Some recent changes with Twitter reveal that the answer is yes—it is reasonably under the control of the party, and must be preserved.  Fortunately, Twitter also now provides an easy-to-use tool to preserve this information.

During one of Twitter’s quarterly “Hack Weeks”, employees engineered Twitter archiving, which allows users to access Tweets from their Twitter account past. On December 19, Twitter launched this new feature to a small group of users who have their account language setting on English.  It’s not yet clear whether this archiving feature will include “Direct Messages,” so attorneys should ensure that any such information is either captured or separately preserved.  It will be rolling out to all other users over the coming weeks and months, according to Mollie Vandor, part of Twitter’s User Services Engineering Team. 

Archiving allows users to access and download Tweets from the beginning of their account, including retweets.  After they have their account set up to access the archives, they can view Tweets by month, or search their archive based on certain words, phrases, hashtags, or @usernames, according to Vandor’s blog.

You might be wondering how you can access the archiving feature on your Twitter account.  After logging into your account, go to Settings, scroll down to the bottom, then check for the feature, which will allow you to access your Twitter archive.  Click on the button, and you will receive email instructions on how to access your archive once it is ready to download.

Some thoughts and potential best practices for attorneys:

-       -  Include Twitter usage in initial interviews with clients regarding ESI

-       -  Ensure clients are directed not to delete or modify their Twitter accounts in a litigation hold letter until such time as the account can be fully preserved

-      -   It’s not yet clear whether the archiving feature will include Direct Messages or lists of accounts followed by a specific user, so extra care should be taken to ensure this information is separately preserved if applicable

Obtaining Documents (Including ESI) Through a Subpoena Duces Tecum

In Colorado, can you obtain documents from an individual or company by serving a subpoena duces tecum without taking a records deposition?  The answer used to be no, according to a June 18th, 2012 ruling of the Colorado Supreme Court.  See In re Marriage of Wiggins, 279 P.3d 1 (Colo. 2012).

However, the Colorado Supreme Court has approved a change to C.R.C.P. 45 (see text of new Rule 45 here), which will take effect January 1, 2013.  The new Rule 45 will allow parties to compel by subpoena (1) appearance at a deposition, (2) production of records or other items, or (3) both.  Accordingly, the plain text of Rule 45 now permits a subpoena for records alone, without simultaneously noticing a records deposition.  This change will greatly streamline the non-party discovery process in Colorado state courts.

Perhaps just as importantly, the new Rule 45 expressly permits subpoenas of records "in physical or electronic form." In contrast, the old Rule 45 simply permitted a request for production of "books, papers, documents, or tangible things designated therein."  While a subpoena for ESI was arguably still permissible under the old rule, it was likely to result in an objection and a fight.  The new rule plainly supports a subpoena for emails, digital images, word processing files, spreadsheets, etc. in their native format, as well as text messages, voicemail messages, etc.

E-Discovery White Paper

Our new E-Discovery white paper is available now:  E-Discovery White Paper

Entitled "Avoiding E-Discovery Nightmares:  Simple Steps for Small Businesses," this paper discusses key steps small businesses should consider to prepare for the eventuality of electronic discovery in litigation.

Colorado State E-Discovery Law

In 2009, the Colorado Supreme Court rules committee rejected incorporating either the Federal or proposed Uniform E-Discovery Rules into the Colorado Rules.  See http://www.courts.state.co.us/userfiles/file/Court_Probation/Supreme_Court/Committees/Civil_Rules_Committee/CivilRulesMeetMinutes1302009.pdf at page 3 (discussing the E-discovery Subcommittee’s report on the Uniform State Laws E-Discovery Rules Proposal.  The subcommittee reported that Colorado’s rules are not easily compatible with either Federal or the proposed uniform e-discovery rules; that C.R.E. 1001 already defines writings to include ESI, and that the C.R.C.P. already contemplates early intervention by the court in discovery matters tailored to the specific needs of the case.  Ultimately, the subcommittee recommended that the Rules Committee not adopt either the F.R.C.P. or proposed uniform rules on e-discovery). 

Normally, the similarity between Colorado and Federal rules of civil procedure allow case law interpreting federal rules to be cited as persuasive authority in Colorado state court cases.  See, e.g., Benton v. Adams, 56 P.3d 81, 86 (Colo. 2002) ("When a Colorado rule is similar to a Federal Rule, [the court] may look to federal authority for guidance in construing the Colorado Rule").  The Supreme Court Rules Committee's decision, however, distances Colorado state court discovery jurisprudence from case law interpreting the federal rules regarding e-discovery, and makes a review and analysis of Colorado state court case law on e-discovery issues all the more relevant. 

Assuming, for the moment, that Colorado courts will not be easily persuaded by citations to federal e-discovery case law following this Rules Committee decision, what is the current state of Colorado state court e-discovery law?  Unfortunately, the answer is “very limited.”  For example, only three Colorado state court cases contains the phrase “Electronically Stored Information,” and none contain the phrase “e-discovery” or "ediscovery."  See Wiggins v. Wiggins, 279 P.3d 1 (Colo. 2012) (quoting C.R.C.P. 45 as permitting subpoenas to request ESI); People v. Buckner, 228 P.3d 245 (Colo. App. 2009) (interpreting C.R.E. 801); Tax Data Corp. v. Hutt, 826 P.2d 353 (Colo. App. 1991) (public records access includes access to ESI).  Further, these cases provide no real guidance to e-discovery rules or limits in Colorado.

There are, however, a few cases that provide useful guidance to E-Discovery practice in Colorado state courts:

One case contains the phrase “Native Format” – People v. Preston, 276 P.3d 78, 85 (Colo. 2011).  That case states that “[w]hether or not Respondent believed he was adhering to normal procedures, his conduct had the effect of ‘promot[ing] principles of gamesmanship’ and ‘hid[ing] the ball,’ and his lack of diligence in responding to Rice’s requests was tantamount to obstructing the discovery process.  Likewise, that discoverable information relevant to Hoch’s claims was stored electronically, be it in ‘native format,’ Windows, or scanned PDF files, cannot justify departure from Respondent’s obligations as an attorney; Respondent had a duty to disclose and produce “any data compilations from which information can be obtained [and] transferred, if necessary, . . . through detection devices into reasonably useable form.”

Another case provides some guidance in requesting inspection of a computer by computer forensics experts.  In Cantrell v. Cameron, 195 P.3d 659 (Colo. 2008), the Colorado Supreme Court considered a challenge to the trial court’s order compelling production of Defendant’s laptop for inspection.  The Supreme Court vacated the order and remanded for a hearing to assess the scope of inspection required to determine first if the laptop was in use during the accident.  Here, the substantive information on the laptop was not relevant to the claims.  Rather the relevant question was whether the laptop was in use by the driver at the time of the car accident.  The Court, concerned about the invasion of Defendant’s privacy, held that the three-part test from Martinelli v. District Court, 612 P.2d 1083, 1091 (Colo. 1980), was the appropriate test in these circumstances, and that the trial court failed to apply this test.  The Court reasoned that there may be less-intrusive options available to determine whether the laptop was in use at the time of the accident, relying on alternative recommendations of a computer forensics expert, the order compelling production was vacated and the issue remanded for the trial court to balance these issues properly under Martinelli.  Generally, however, Cantrell supports the notion that a party may request inspection of a computer by its computer forensics expert.

In Lauren Corp. v. Century Geophysical Corp., 953 P.2d 200 (Colo. App. 1998), the court affirmed an order imposing sanctions and granting adverse inference instructions at trial due to failure to produce computers for inspection and subsequent spoliation when the party then disposed of the computers in question.  While the case is short on broadly applicable tests or principles to govern e-discovery disputes, it does approve spoliation sanctions where computer hardware—here only relevant because it contained ESI—was not produced and later destroyed despite requests in discovery to inspect these computers.

Colorado courts' guidance on the discoverability of social media is similarly sparse:  no case mentions the phrase “Twitter,” and only one uses the phrase “Facebook,” though not in an e-discovery context.  See People ex rel. R.D., 259 P.3d 562 (Colo. App. 2011).  The situation with respect to discovery of text messages is no better, with several cases discussing text messages in a criminal context, but no discussion in the context of the acceptable scope or procedure for their discovery.

Perhaps most importantly, the text of C.R.C.P. 34 and C.R.E. 1001 leave the door wide open to requesting production of ESI if carefully and creatively applied:

For example, C.R.C.P. 34(a)(1) allows for production and inspection of “data compilations from which information can be obtained.”  As suggested in Preston, above, this likely includes electronically stored, native format files because these are ultimately nothing more than “data compilations from which information can be obtained.”  This phrase should permit requests for production of native format files, email and attachments in native file format (e.g. .PST files), as well as the production and inspection of file structures, databases, electronic accounting files, etc. 

C.R.C.P. 34(a)(1) also covers documents that are under a party’s control, though not in its actual possession, and which are obtainable upon its order or direction.  See Michael v. John Hancock Mut. Life Ins. Co., 334 P.2d 1090 (1959).  This provision should extend the reach of Rule 34 to cover cloud-based and hosted “data compilations” such as Google docs, email hosted by third-party providers, information in Facebook and Twitter accounts, cloud-based storage systems such as Dropbox, cloud-based project management systems like Basecamp, etc.  In certain situations, these sources may yield a treasure trove of relevant information.

C.R.C.P. 34(a)(1) also allows for the requesting party to “inspect and copy, test, or sample any tangible things which constitute or contain matters within the scope of C.R.C.P. 26(b).”  This should permit actual inspection and copying of computers, hard drives, or specific folders within computers and hard drives if copying the entire device would be overly broad or unduly burdensome.  Additionally, this should permit extracting data from cell phones (text messages, call records, voicemails, photos).  Many attorneys consider E-mail to be especially valuable in discovery because it often provides candid communications between parties.  This characteristic is equally, or even more true of text messages, Tweets, or Facebook posts, especially among a younger generation where it may be common to send dozens of such messages in a day with little thought as to editing, consequences, or discoverability.

Finally, Colorado's Civil Access Pilot Project implemented in business cases in some Colorado districts provides additional rules that impact e-discovery, including Rules 1.3 (proportionality in discovery of ESI), 6.1 (preservation of ESI), 6.2 (cost of preservation borne by producing party), and Appendix B (Case Management Order format requires parties to discuss their strategy re: ESI).  However, as the rules have been in effect less than a year, no appellate orders currently exist discussing the scope or providing guidance in interpreting these ESI-related rules.  Arguably these rules are mere formalization of good case management practices already in effect, and may support arguments outside the CAPP system about the proper manner for management of e-discovery.

The Law Office of Jeff Vail focuses on providing innovative and cost-effective business litigation solutions to Colorado small and medium-sized businesses.  If you have a business dispute, or if you need advice or guidance in E-Discovery matters in Colorado courts, visit our website to learn more about our services.

Determining the Scope of Preservation of Evidence

The duty to preserve evidence requires the producing party to make a good faith effort to identify and manage relevant discoverable information.   Once the party recognizes when the duty to preserve attaches, the next step is to determine what potentially discoverable information must be preserved.  See,  Mosaid Techs. Inc. v. Samsung Elecs. Co., 348 F. Supp. 2d 332, 336 (D.N.J. 2004) (“…while a litigant is under no duty to keep or retain every document in its possession, even in advance of litigation, it is under a duty to preserve what it knows, or reasonably should know, will likely be requested in reasonably foreseeable litigation.”).  And because the vast majority of business information is now generated electronically without ever being printed to paper, the scope of preservation naturally includes electronically stored information (ESI).   Determining the scope of preservation of ESI presents a great challenge and must be balanced with a party’s right to continue to manage its electronic information and operate its business in a relatively normal fashion.

Preservation issues should be addressed at the outset of litigation, and both sides should be prepared to discuss the matter at the initial meet and confer sessions.  All parties are responsible for taking steps to preserve relevant evidence, and pursuant to Fed. R. Civ. P. 26(b)(2)(C) need to consider the cost, burden and necessity of preserving the information.  In Colorado state court, there is substantially less case law related to preservation, especially of ESI, but a good rule of thumb would be to ensure that one conforms to the requirements under the Federal Rules as well as any unique Colorado requirements.

Following are some suggestions to assist you in determining the scope of preservation:

• Consider the complexity of the case and seek cooperation, common ground, and fiscal reasonableness.
• What is the cost of production compared to the amount in controversy?
• What are the resources of each party?  What is the ability of each party to control costs, and what is its incentive to do so?
• What is the relevance of the evidence relative to the claims and defenses in the case?
• Consider the need to protect privileged, proprietary, or confidential information (including trade secrets).
• Know where a party’s electronic information may be found.
• Avoid unreasonable, overly broad, burdensome, or unnecessarily costly requests to produce ESI.  Consider collecting data from repositories used by key individuals rather than searching through an organization’s entire electronic storage systems.
• Apply reasonable selection criteria (search terms, date restrictions, folder designations, etc.).
• Determine the need for preservation and production of ESI that may not be apparent to ordinary employees or a party’s records custodians.
• What is the ease of accessing the information, and is it available from other sources?
• Is the ESI stored in such a way that it is unreasonably more costly or burdensome to access?  See, Zubulake v. UBS Warburg LLC, 217 F.R.D. 309, 324 (S.D.N.Y. 2003) ("...plaintiff entitled to all emails and electronic documents relevant to employment discrimination claim, including those only preserved on backup tapes; however, given burden and expense of restoring inaccessible backup tapes, a cost-shifting analysis is appropriate.”)
• Could a subset or representative sample of the requested ESI be provided to determine whether production of additional information is warranted?
• Identify potentially relevant materials that are most critical or most difficult to preserve/collect.
• Know document retention and destruction policies and practices--as soon as the duty to preserve has attached, immediately suspend any document destruction or data deletion policies until they can be reviewed to ensure compliance with preservation duties.
• Has a party deleted, discarded or erased any ESI after litigation was commenced, or after the party was aware that litigation was reasonably foreseeable? (Spoliation is defined as the destruction or failure to preserve resulting in the loss of evidence in pending or reasonably foreseeable litigation. Silvestri v. General Motors, 271 F.3d 583, 589 (4th Cir. 2001)).

It may be possible to reach a stipulation as to the extent of preservation required in a given case.  Where a stipulation is not reached, it is wise to advise the opposing party in writing as to the scope of preservation duties you believe they have.  See, e.g., Optowave Co. Ltd. v. Nitikin, 2006 U.S. Dist. LEXIS 81345 at *30 (M.D. Fla. Nov. 7, 2006) (finding that notice from opposing counsel about relevant categories of information put party on notice about scope of preservation duty).  Likewise, it is wise to err on the side of over-preservation of evidence of one's own data, especially where the potential damages or sanctions for failure to preserve are significant.

Jeff Vail is a business litigation attorney in Denver, Colorado.  Visit www.vail-law.com for more information.

Discovery of Social Media Information: Privacy, Authentication, and Practice Tips

Last week’s blog post briefly discussed the evolution of FRCP 34 as it relates to the admissibility of electronic compilations of data for discovery purposes, and how social media, with its cache of potentially discoverable electronic information, has impacted the e-discovery process.  Generally speaking, the courts treat social media information the same as other electronic data obtained for discovery purposes.  However, social networking sites represent a new frontier for electronic discovery and bring with them a novel set of issues to be explored. 

Not only is the admissibility of ESI from social networking sites subject to application of the Federal Rules of Civil Procedure, evidentiary criteria for electronic data are further defined by the Federal Rules of Evidence (addressing such matters as relevance, authenticity, prohibition on hearsay, reliability, probative value, etc.). Case law provides a significant repository of information related to the discoverability of social media, including decisions related to privacy; First Amendment issues; Fourth Amendment issues; application of the Federal Rules of Civil Procedure and Federal Rules of Evidence; duty to preserve/spoliation of evidence; and authentication.  Two of these issues are frequently litigated: user privacy rights and authentication of data.

Privacy issues are complex, and discovery of social media raises not only First and Fourth Amendment issues, but may also involve the Electronic Communications Privacy Act (“ECPA”), 18 U.S.C. § 2701 (1986) (also referred to as the “Stored Communications Act” (“SCA”)). Courts are grappling with the role of traditional privacy rights as they relate to discovery of social media and have found that individuals generally do not have a reasonable expectation of privacy with regard to information they provide on social networking sites.

In Ledbetter v. Wal-Mart Stores Inc., 2009 U.S. Dist. LEXIS 126859, No. 06-1958 (D. Colo. Apr. 21, 2009), plaintiffs filed a personal injury action against defendant Wal-Mart, alleging physical injury, mental trauma, and loss of consortium.  Defendant subpoenaed Facebook, MySpace, and Meetup.com to obtain Plaintiff’s personal information, and plaintiff filed a motion for protective order claiming physician-patient and spousal privilege. Magistrate  Judge Watanabe denied plaintiff’s order, finding that the information requested in the subpoena was relevant and reasonably calculated to lead to the discovery of admissible evidence.

With regard to authentication of ESI from social networking sites, some courts have suggested that the ease with which social media data can be manipulated creates the need for a higher standard of authentication.  So, while ESI from social networking sites can be discoverable, it is not considered to be self-authenticating. In Griffin v. Maryland, No. 74, 2011 WL 1586683, at *1-10, *4 (Md. Apr. 28, 2011), the Maryland Supreme Court found that the State failed to provide extrinsic evidence to properly attribute a MySpace profile and postings to the purported author, and remanded the case for a new trial.  The court stated that "anyone can create a fictitious account and masquerade under another person's name or can gain access to another's account by obtaining the user's username and password."

E-discovery cases continue to grow in number and complexity, and federal e-discovery decisions are sometimes inconsistent. Internet usage should be given a high priority when advising clients as the potential for a client to damage their own case is very real. Alternately, social media provides fertile ground for the discovery of useful information about adverse parties.

Some practice tips to consider:

1.         Before issuing a subpoena to a social networking site, seek discovery of social networking information from the opposing party first.

2.         Public searches yield a surprising amount of information about which social networking sites a user participates in, what their user profile includes, and what type of information they are posting.

3.         Be cautious of hiring a private investigator to “friend” the opposing party on any social media sites.  And certainly don’t attempt to contact the opposing party yourself via any SNS.  Such approaches are likely to backfire, may constitute impermissible communication with a represented party, and are likely unethical if they involve deceit.

4.         Take care to avoid spoliation of evidence—as soon as claims are reasonably known to exist, prepare a plan with your client to preserve any social networking information that may be relevant.  It’s likely insufficient to assume that the social networking provider is maintaining an archive of posts and information—you or your client should preserve and maintain an archive of this information on a regular interval.

5.         When a claim does arise, notify the opposing party with the specifics of what social networking information you anticipate will be relevant in this case and instruct them to ensure this information is properly preserved.

6.         Remember – just because something is available electronically doesn’t mean that it can or should be produced instantly.  It may not even be subject to search.

7.         If your case is very complex, consider “unbundling” discovery tasks. Consider assembling a litigation management team to tackle electronic data discovery tasks.

8.         Maintain at least a general familiarity with developments in social networking in order to properly advise clients about how recent changes and developments may alter these recommendations.

9.         Plan in advance for proper authentication of electronic information obtained from social networking sites.  Consider whether it is appropriate to authenticate this information at an individual or 30(b)(6) deposition.

I will be posting more about the unique challenges posed by discovery of electronic information from social media networking sites, including ways to authenticate electronic data.  I’ll also address issues related to the preservation and spoliation of electronic evidence (including Tweets and text messages, to name just a few of the many sources of electronic evidence).

Jeff Vail is a business litigation attorney in Denver, Colorado.  Visit www.vail-law.com for more information.

Written Discovery: Re-Thinking the Definition of "Documents" in the Social Media Age

The social networking era presents attorneys with new challenges that directly affect client representation.  Law dealing with electronic discovery obtained from social networking sites is currently in a state of flux, and attorneys need to be familiar with which types of electronic data are discoverable. The answer is not always clear.

What is clear is that information stored on social media sites is becoming increasingly critical in litigation.  What may have once been a communications medium primarily used by youth is now a mainstay of business communications.  New sources for potentially discoverable social media information include Facebook profiles and messages, Twitter “tweets” and direct messages, LinkedIn profiles and messages, information on Google+ and countless other social media services.

While there may be complications in compelling discovery from some of these sources, at a minimum the definition of “documents” used in written discovery requests, as well as the specific text of requests for production, should specify that the information sought includes these categories of information.  Before discovery even begins, parties should ensure that litigation hold letters sent to their own clients as well as opposing parties also specify that these categories of social media information are likely to be relevant to the disputes in a given case and that they must be appropriately preserved (and preservation of social media is another emerging field—something that I will cover down the road).

To date, there are no new discovery rules that specifically govern social media.  Old rules are being applied to new technology, and the approach of the Courts has generally been to treat social media information the same as other electronic data obtained for discovery purposes.  Federal Rules of Civil Procedure 26, 30, and 34 apply, and in effect broaden the definition of paper documents to include social media information as discoverable electronic data.

FRCP 34(a) was amended in 1970 to include discovery of data compilations.  Dramatic growth in the type and volume of electronically stored data resulted in further amendments to Rule 34 in 2006, to more clearly define discovery of electronically stored information (“ESI”) as being the same as discovery of paper documents. Rule 34(a)(1) is expansive, and is intended to be broad enough to cover the types of ESI available in 2006, and flexible enough to cover future technological developments. Rules 26(b), 26(c), and 34(b) provide guidance on whether and in what form ESI should be produced.  Therein lies the rub -- social networking sites contain a potential treasure trove of discoverable electronic data – but when does this type of data fit the traditional definition of the term “document” and what factors come into play in making such documents admissible evidence?  Lawyers and Judges are only just beginning to navigate this complex realm of discoverable information.

Two key issues are at play when it comes to discovery of ESI from social networking sites. First, what right to privacy do users have when personally expressing themselves in this new area of communication?  Second, because the type of data available on social media can be easily manipulated, what steps should be taken to authenticate data obtained from social media?  Answering those questions and meeting the criteria set forth in the Federal Rules will bring us closer to defining the term “document” as it relates to discovery of ESI from social media.

My next post will address the issues of privacy and authentication of social media discovery.  The courts have held both for and against protecting a users’ privacy, and have suggested that discovery of ESI from social networking sites be held to a higher standard, given the ease with which it can be manipulated.

Jeff Vail is a business litigation attorney in Denver, Colorado.  Visit www.vail-law.com for more information.