4-Step Computer Security Upgrade
Learn to encrypt your files, secure your computer when using public Wi-Fi, enable two-factor authentication, and use good passwords.
Guest post by Jeff Kerr.
The most important part of the e-discovery process is arguably the preparation phase. This phase encompasses the work you do before the discovery period begins. In the first part of this series, I described how to take an inventory of your client’s data so that you can devise a plan for preserving, collecting, and producing it.
Taking an inventory serves a defensive purpose, exposing what needs to be preserved and collected to provide iron-clad protections against spoliation claims. Here, we turn from defense to offense: gathering information from your client and other sources to help you map out enemy territory.
Effective opposition research for e-discovery draws from two often-overlooked sources: your client and Google.
Mining Your Client and Friendly Witnesses for Information
In most cases, litigation parties knew each other before one of them decided to file suit against the other. These cases include business disputes, family law proceedings, employment cases, and worker’s compensation claims. (Personal injury and product liability lawsuits are common exceptions.)
If the parties had (or still have) a relationship, they probably know a lot about each other, and this knowledge often encompasses details that are extremely useful in e-discovery. For example, say that your client is a former employee of the defendant. You can ask the following questions:
- What program did you use to check your email at work? Do you know if your email was backed up in any way?
- Did employees have mobile devices issued to them by the business? If so, how did they use the devices?
- Who did you contact for technical support issues at work? Was there an IT department?
- What software did you use at work? Do you know if the data from these programs was stored on-premises or in the cloud?
- Do you know any specifics about the devices (smartphones, tablets, notebooks) used by the bad actors in this case?
- Did the company have any rules about backing up data or purging old data or emails? Did employees follow these rules?
On the other hand, if the opposition is an individual (perhaps you’re defending the business in the above example), the following questions can be helpful:
- What do you know about the devices (smartphone, tablet, notebook) the plaintiff uses? How does the plaintiff use them, if you know?
- Does the plaintiff use social media? Are you friends with the plaintiff on any of these accounts? Do you know how often and for what purposes the plaintiff uses these accounts?
- What email addresses do you have for the plaintiff? Do you know what the plaintiff uses these accounts for?
- Is the plaintiff tech-savvy or not very good with technology?
- Do you know if the plaintiff carried a thumb drive or other portable storage device?
Another reason to ask your client questions like this is that judges expect you to obtain this sort of information. Too often, attorneys seek information in discovery that they could get from their own clients. This often comes up in e-discovery, where parties routinely ask each other questions about devices and IT infrastructure. While your client can’t give you all the information you need, you will almost always get information that will help you make your discovery requests more targeted and, consequently, more likely to lead to valuable evidence.
Google: The Holy Grail of Opposition Research
Ah, Google. What can’t you find on Google? My favorite story of the power of Google search is how an IRS agent used Google’s “advanced search” feature to discover the identity of the mastermind behind the illegal Silk Road marketplace–a problem that had baffled numerous government agencies with access to expensive proprietary tools for years. To get the best results out of Google, you have to be creative and you have to know advanced search operators (my favorite cheat-sheet is here).
The first and most obvious technique is to search Google for names and nicknames of the opposing parties and witnesses. Doing this, you’ll often find blogs, social media profiles, LinkedIn profiles, wish lists, forum posts, and more.
In addition to finding interesting personal information through name searches about individuals, you can find tons of information about business IT systems. If you want to know what kinds of technology and software a particular business uses, search for press releases, employee LinkedIn profiles, technical blog posts, and job postings. You’ll often find announcements about the installation of new systems or job postings stating the technologies that employees in various departments will need to know. Once you have this information, you can almost always download manuals for those technologies that explain exactly how information is stored and how it can be both search and exported.
This last tip may only be embraced be hardcore nerds like myself, but it is powerful indeed. It’s wonderful to sit down at a Rule 26(f) conference knowing more about your opponent’s IT infrastructure and export capabilities than your opposing lawyer. And nothing is more powerful than using your opponent’s own website to rebut their counsel’s assertions about the feasibility of various search or export tasks.
Ensuring What You Have Found is Admissible
Inspect what you find and print to PDF (including the URL and timestamp headers and footers). You can also take screenshots of things that don’t format well for print to PDF.1
I recommend save-to-PDF and screenshots, but some will object that these duplications may not be admissible. This is only somewhat accurate. On their own, those may be difficult to authenticate, but you’ll have ample opportunities to authenticate them during discovery, often simply by having the parties and witnesses who created the relevant content authenticate the evidence during depositions. Accordingly, it’s probably not necessary to buy expensive web-based evidence collection software unless you’re handling criminal cases.
If you have a cagey or dishonest opposing party who you think might deny authoring their own LinkedIn profile or social media posts, then I suggest a strong setup before asking authentication questions directly in a deposition. Here’s a sample series of questions that you can use to lock down authentication of Facebook messages:
- You use a password when your access your Facebook account, right?
- You don’t give away your Facebook password or tell it to strangers?
- Do you keep your password secret?
- You protect your account with a password because you don’t want someone breaking into your Facebook account and pretending to be you?
- To your knowledge, no one has broken into your Facebook account and pretended to be you?
- No one has made unauthorized posts on your Facebook account under your name?
- All of the posts under your name on Facebook were posted by you?
This line of questioning works because the witness feels smart when providing the answers that you need. By answering “yes,” the witness blocks off any escape routes and will be compelled to authenticate the evidence you found.
You can go very deep when preparing for e-discovery. These lines of inquiry may seem too time-consuming and too far from the core facts of the case for some lawyers to pursue. But the rewards of preparation—which include both finding valuable evidence and smooth handling of the e-discovery process—are worth the effort.
Jeff Kerr is CEO of CaseFleet, a platform for helping litigators manage their practices and win more cases. Before starting CaseFleet, Jeff was a managing partner at Mays & Kerr LLC, where he focused on employment litigation and eDiscovery and was selected as a Rising Star in 2015. Jeff frequently writes and speaks on the topics of legal technology and eDiscovery.