- You are here:
- Home »
- Uncategorized »
- The Masters Conference wrap-up
The Masters Conference wrap-up
With two major conferences back-to-back, The Masters Conference (click here) and the ACC Annual Meeting (click here) we have been a bit pressed for time to write up our thoughts on both plus all the interviews we conducted at each.
We agree with Brett Burney’s observation: vendors at the Masters Conference seemed to emphasize a general lean towards the “left side”” of the Electronic Discovery Reference Model. For Brett’s full post click here .
And it was the same at the ACC Annual meeting. The seminars and presenters (and the attendees) repeated the same theme: how do we, as in-house counsel, manage our endless streams of digital data? It was more than just “how do we reduce the costs for e-discovery and cut the time necessary to complete EDD projects?” As we said in our first post from ACC (click here) corporations need “enterprise class products” because of the global convergence of audit, compliance, regulation, and risk. Because the mantra was: cost and communication. Give us technologies that make all our information “reasonably accessible and at an affordable cost …. help us close the gap between the technology out there and what we need”. And help us manage the data at the start. Our coverage at ACC was extensive, and we chalked up 8 major interviews. We’ll have much more on ACC in our wrap-up later today.
But now, some observations on The Masters Conference:
On Tuesday and Wednesday, October 13 and 14, 2009, the Ronald Reagan Center hosted the Masters Conference Series for Legal Professionals with a theme of Navigating through Discovery, Risk and Security.
The big news: the guiding light of the Conference, Sasha Hefler, has left The Masters Conference and has joined a major e-discovery consulting company (for our profile on Sasha click here). There will be a press release issued this week detailing her new position. It is a company that has pioneered “early information assessment” and is a step ahead in the ECA market.
One big take-away for contract attorneys who make up the largest percentage of Posse List members was a suggestion by Dave Benton (head of Digital Forensics & eDiscovery at The Home Depot) who recommended that those interested in developing the skills needed for new e-discovery should become members of the American Society of Digital Forensics and eDiscovery (www.asdfed.org) a non-profit organization that promotes education and the distribution of information related to digital forensics and electronic discovery. There is a Washington, DC chapter. With so many contract attorneys moving away from the document review side of the EDRM (or who want to move away from that side) it is a good suggestion. We’ll have a more detailed post about Asdfed.
We had various reporters at the two days of educational tracks and the following are some highlights from various panel discussions and seminars on everything from leveraging cloud computing, to early case assessment tool evolution, to discovery cost determination and cost cutting. The sessions were held in 3 staggered conference rooms with space for 100 to 250 attendees in lecture hall format, including two projection screens for presenting the more difficult lecture or panel concepts. (For a more detailed agenda of what was covered click here).
Each day had its own keynote speaker.
On Day One the keynote speaker was Randy Sabett, a partner in the Sonnenschein law firm and based in the D.C. office He is a member of the Internet, Communications & Data Protection practice. He counsels on information security, privacy, Public Key Infrastructure (PKI), digital and electronic signatures, federated identity, Sarbanes-Oxley, state and federal information security laws, identity theft, and security breaches among other areas. Randy is a commissioner for the Commission on Cyber Security for the Obama Administration and teaches information policy as an adjunct professor at George Washington University and is on the faculty of IANS.
Sandy’s address was entitled “The Evolving Nature of Data Protection…And Some New Ideas To Consider” and focused heavily on one of the themes of the conference, “cyber security.”
Historically, corporate America has perceived data protection purely as an unavoidable expense. A number of factors have contributed to a shift in this view point, including continued and worsening data breaches involving personal information, much more focused and insidious attacks, and very high profile losses of intellectual property. Now, Congress has become an active participant with at least 30 bills pending that in some way, shape, or form relate to data security. What are some of the more radical players considering in protecting their data? Some of Randy’s comments:
1. There is growing activity at the state and federal levels: States are increasingly enacting breach of security notification and encryption requirements. Earlier this year the Health Information Technology for Economic and Clinical Health Act (HITECH Act) was signed as a part of the Stimulus bill, providing funds to improve health IT systems for greater data production. Over 30 other security related bills that are still pending.
2. Security DOES NOT equal compliance: Balance must be achieved between security and compliance because by solely focusing on security you might miss something that is required from a compliance perspective. On the other hand, you may be in compliance, but overlook something that needs to be done to keep your data secure.
3. Protecting the network enterprise: The “perimeter” can no longer be the sole focal point as more of as more information resides outside the “perimeter” of a company. This presents increasing vulnerability/risk to cyber attack. A security culture must be developed within an organization to protect the network enterprise.
4. What does cyber security have to do with e-discovery? According to Sabett, there is a large overlap. Figuring out where data is stored and how to preserve the data free of security risks is necessary for both computer security and eDiscovery professionals. There is procedural and technical overlap that requires computer security professionals to play active role in both areas: Some of the procedures followed and technical methods developed from an information security perspective are the same techniques and procedures used and applied on the ediscovery on side of equation: example ediscovery procedures and techniques need to take into account how and to what extent encrypted data will be identified, accessed, etc.
5. One of the keys in dealing with information security and e-discovery is to think progressively about data protection and balance that progressive way of thinking with the number one issue: the budget available to achieve it. Information security and ediscovery are cost sources.
6. Other examples of progressive thinking:
– Offensive cyber capabilities
– Cross compliance initiatives
– Cloud computing
– Follow trends in information security laws and legislative activities
– Develop a security culture within the organization
– Getting rid of credit card numbers altogether (the technology is available)
The Day Two keynote speaker, Magistrate Judge John Facciola, has been a US Magistrate Judge in DC since 1997. Prior to the bench, Judge Facciola was an assistant DA in Manhattan from 1969-1973, and in private practice in DC from 1974-1982. He joined the U.S. Attorney’s Office in 1982 and served as Chief of the Special Proceedings section from 1989 until his appointment as magistrate judge. He now is a frequent lecturer and speaker on the topic of electronic discovery as well as a member of the Sedona Conference Advisory Board and the Georgetown Advanced E-Discovery Institute Advisory Board. He is also the former editor in chief of The Federal Courts Law Review, the electronic law journal of the Federal Magistrate Judges Association. He has recently been appointed to the Board of Directors of the Federal Judicial Center. His most recent publication is Sailing on Confused Seas: Privilege Waiver and the New Federal Rules of Civil Procedure, 2006 Fed. Cts. L. Rev. 7 (2006). He received his A.B. from the College of the Holy Cross and his J.D. from the Georgetown University Law Center.
Judge Facciola focused his remarks on ESI and how best to navigate competent legal practice with a perspective from both sides of the bench. He instructed that attorneys with the best approach to ESI as a litigation tool know that:
▪ humility is a key trait: A judge notes when an attorney does not have the humility required, by overpromising – waiting until discovery deadline is impending only to assure a judge that 30 days is sufficient to get discovery done….several months in a row. And by underpromising – as in telling a judge that something like removing software cannot be done, only to have the judge’s clerk do just that in chambers during a 15 minute recess. Both affect credibility with the judge.
Have the humility to appreciate that on the technical side of discovery, there is a lot to understand and there must be a willingness to educate oneself and/or associate with those who have the technical skills or knowledge necessary to assist in educating oneself. You must be willing to associate with others who know the e-discovery industry and be prepared to work collaboratively between and among lawyers, and those in the technical services industry. Failure to do so, can often lead to making tactical errors in a case and bringing into question the issue of attorney competence and ability to effectively represent the client.
▪ birds of a feather: associate with those who know what they are doing in the ESI realm. Attend a Rule 26(f) conference with a forensic scientist with you every time.
▪ law is becoming a team sport: more and more, law is only for those that never stop learning, and look to their fellow members of the bar to help them learn the nuances in this Brave New World.
▪ the unique roleof the judge: a judge brings order, peace and sanity to litigation – and must handle larger volumes than ever thought possible. For example, the next generation of servers and PC’s will include storage capacity of an ectobyte – to provide some perspective, FIVE ectobytes of storage would include “all words ever spoken.”
He emphasized: the role of the judge is bring order, peace, and sanity to pending cases by entering orders or enforcing orders which bring teeth to the notion of cooperation between and among the parties.
Although there is a great notoriety around cases in which there are court ordered sanctions against an attorney, party or both ( i.e spoliation) in reality, judicial attitudes toward the sanction power is this: let’s not order sanctions and rather mediate toward “How do we fix this?” prior to the point of sanction. The success of a judge depends upon their ability to get people involved in litigation to cooperate and work collaboratively.. And judges must also be willing to self educate in the technical realm of discovery and associate with those in the industry that have the technical expertise.
▪ put some teeth in it: the judge is in the position to ensure litigants and their attorneys cooperate, and challenge the adversarial system as we now know it.
▪ break new ground: a judge observing the Sedona Conference carefully also notes that each session “blows up” a chapter at a time from the civil procedure textbook. He challenged attendees to contemplate what “the cloud” is doing to such basic concepts as personal jurisdiction when servers are anywhere in the world.
His conclusion: judges and lawyers are lay persons when it comes to the subject matter of e-discovery and have an obligation to develop a level of competency and willingness to work collaboratively. Both need to recognize and understand what they are capable of from a competency stand point and where they need education or expertise.
And that provides a nice segue to the key panel of the conference ….
US-UK Judicial Panel on E-Discovery
Although the US leads the world in both the legal and technical aspects of electronic discovery, there is a general acceptance that there is much to do to make this aspect of litigation an efficient and cost-effective component of case management. Although the essential difficulties are the same in England and Wales, the approach taken is a slightly different one, and there is growing recognition that the two jurisdictions have something to learn from each other.
Chief US Magistrate Judge Paul Grimm and US Magistrate Judge John Facciola are the undisputed leaders of judicial thought in this area in the US. Their counterparts in the UK are Senior Master Whitaker and His Honour Judge Simon Brown QC.
These four were brought together again by Chris Dale of the UK based e-Disclosure Information Project (for our profile on Chris click here and for a link to his site is click here). It was a repeat of a successful panel in London in May 2009, moderated by Patrick Burke, Assistant General Counsel at Guidance Software. For our profile on Patrick click here.
Patrick has already written about the panel on his blog so rather than duplicate comments please click here for his analysis.
Among the other sessions we covered:
E-Discovery: The Government Perspective
Private industry struggles with the scope and burdens of e-discovery, but so do government entities, whether as the requesting or responding party. This panel discussion addressed how government agencies are structuring their internal e-discovery groups and how they expect private industry to respond to their requests.
Wendy Butler Curtis, Special Counsel for E-Discovery, Orrick, Herrington & Sutcliffe LLP was moderator, and she encouraged a healthy discussion among Paul Bohr, enforcement attorney with the SEC; Larry Creech, of the U.S. Postal Service; and David Shonka, Principal Deputy General Counsel at the FTC. The panel discussed, among other things, how the government addresses the cost of electronic discovery.
A summary of their comments:
– The FTC encourages dialogue, Shonka said. His agency makes broad requests necessarily, and will refine those requests often after a discussion with an attorney or based upon prior, recent investigations. They key is to pick up the phone and discuss costs in time and money with the government. With the FTC handling the data in house, the government lawyers are most able to have discretion during an investigatory request.
– Bohr states that he is always shocked when private securities attorneys say there is a “lack of communication”’ with the SEC – because he is always willing to meet on costs of his requests, and yet seldom even get the initial phone call. His preference is to get a call from a compliance officer, perhaps with a series of report layouts to guide the discussion, so that Bohr’s request targets the most relevant and available information. The SEC also handles produced data in house, so Bohr and his colleagues welcome discussion on what makes sense financially and practically.
– Creech’s ” businessman’s perspective” was apparent during his overview of policy. He feels strongly that every entity should have a “datamap” of all electronic information held by the entity. This datamap will guide internal resource planning and budgeting through retention schedules and federal retention laws, and will guide discussions with government when a request arrives. He reminds the panel and attendees that this is not a “money maker” per se, so has not received the attention it deserves. Creech cautions that as the matters work through the courts, such information can be a “money loser” when policy-not-followed results in judicial sanctions/fines or in information being produced to adversaries in discovery and resulting in large awards in litigation.
Effective Document Collection, Legal Hold Protocols (… and the cost, my God, the cost!!)
This was a panel discussion with a Powerpoint presentation that never got past the first slide. Well, that’s not quite true – at the end they showed the last slide, with the names of the moderator and panelists. The moderator was Craig Carpenter (Recommind, in-house counsel), while the panelists were Wendy Curtis (Orrick Herrington), Julia Peixoto (DHL in-house counsel), and Tess Blair (Morgan Lewis) and they did a fabulous job.
The reason that the session never got beyond the first slide was that it took on a life of its own and wandered from the path dictated by its deck of slides. It was a wonderful collaborative stroll with comments triggering supporting comments or segues onto related topics. Comments and questions from the audience were welcomed and incorporated into the discussion and the session was very fruitful and covered the topic as well as it could in an hour. The panelists’ contributions complemented each other effectively and they were obviously chosen for the different perspectives that they brought to the session.
Having said this, what were the paths strolled down? Our notes went all over the place and maybe somewhat cryptic, but here is a reconstruction of the main points:
Discussion of the legal hold process. First takeaway: There is no specific or standard form, no one rule, no one size fits all. Second takeaway: It is important to know your client, the corporate culture, how employees work together, and what tools are available. Also, to what extent legal matters are handled in-house. Third takeaway: There is little case law in this area and few judges are aware of the law. Therefore, be balanced, be reasonable, be consistent, and be practical. A plaintiff will send out a litigation hold notice, also called a preservation notice, when there is a “reasonable anticipation of litigation”. It is also at this point that you can start to apply any privilege protection under the Work Product doctrine. At this point you should get a survey of what documents people have. From this you can determine who the key custodians are, what the sources of the data are, and what types of documents or data you have. You will later provide a collection certificate that specifies the locations of all the relevant documents and that they have been produced. You will be able to show good faith by establishing and following policy for the 1) training, 2) implementation, and 3) managing of the collection. You need to have a good faith argument for not preserving data. Factors usually used are proportionality and cost. As a practical matter, a lot of negotiation is done behind the scenes and you can have a meet and confer on the side.
Quick preservation of relevant data. A litigation hold affects all of the data that is within the possession, custody, or control of the company. The company has to identify, preserve, and collect this data. The company can make this easier by having the proper processes in place and by anticipating litigation. This is especially important for a company that is sued frequently. Most records now are electronic and they present their own challenges. It is important to be consistent and understand the consequences of what you are doing. In-house counsel does not want to overconserve, because of the significant costs involved. You cannot do this in an ad hoc manner. You need to have policies and procedures for document retention and production. Also, you need to spend some time and effort up front. This will save you a lot of time later, and you need to convince the finance people of this savings. The use of ediscovery tools can be used to automate the process and also save some of the costs. Advise your client that ESI that is not stored, is not in its possession, custody, or control and, therefore, does not need to be produced. Similarly, and for the same reason, IM is usually not saved or archived. You need to ask each person in the organization how they manage their data and advise them accordingly. (The caveat with this is that as soon as you give advice to your client, the technology will have changed.) In the discussion on back-up tapes, it was noted that this is the least efficient method for storage and recovery, that the data is generally elsewhere, and that backup tapes are redundant. They only form a snapshot at a particular point in time and it is the last full back up tape that is the most important. The company can save lots of money by even a slight modification in its backup procedure and schedule. Note here that if data is not deemed to be reasonable accessible, it does not have to be produced. The client should be counseled to use back up tapes only for disaster relief.
What about the costs? It is expensive to lock down data. Internally, the company should have a policy in place to prevent the unnecessary retention of records. Ninety-five percent of a business’ records consists of junk! Determine what needs to be retained and involve the IT, business, and records management people. It is useful to use date ranges for this purpose. Outside counsel should be used to narrow the scope and to negotiate – that is where they are effective. But don’t let outside counsel run the matter and don’t do things by consensus; the company needs to take ownership and determine the direction, so long as it’s done reasonably. Use proportionality. Consider the dollar value of the cases and give priority to your high profile cases; for a small case take a less costly approach (it might be sufficient to stash a CPU or retain a hard drive in a storage area, for example). Also, limit the number of vendors that you send your data to.
Some of the questions asked/answers given:
Q. Do you always have to consult outside counsel before lifting the hold?
A. No. In fact, you can schedule an automatic lift that will occur unless there is an affirmative objection by outside counsel. It is often advisable to do a “targeted” preservation instead of a “blanket” preservation, and this makes it easier to lift a hold.
Q. Do you have to notify the custodian that you are preserving his data?
A. No, and there are ways to preserve the data without notifying the custodian. In fact, there are even ways to download his electronic data from the back end.
Q. What if your client is involved in the litigation, but is not a party to it?
A. Sorry. Pursuant to Rule 45, a subpoena applies equally to a third party. But you can move to quash.
Q. What do you do if you are served with a subpoena?
A. If you get an agency subpoena, be sure to wear both a belt and suspenders initially (Wendy Curtis). Later, you can negotiate the scope with the agency or move to quash.
Q. What about data archiving?
A. Very few companies have archives in place at the moment. Archiving is a massive (and expensive) undertaking.
And a shout from the audience: “Eh, what the hell. The world is going to be Google-ized anyway!”
Our “notable quotes” concerning the present state of effective document collection:
“Business is not designed to preserve records — it is designed to make money.”
“The cost of preservation is peanuts compared to the cost of collection.”
“To reduce the costs, eliminate the junk.”
“We are at the end of the beginning” (Tess Blair). It will take another decade to get to the middle and most clients are still at the fundamental stage. We desperately need people with new skill sets to come on board”.
“Technology can help, but first you need to have a very solid process in place.”
Legal Outsourcing: Analysis of the Myths and Realities and its Impact to Counsel
Changing business drivers within the U.S. legal industry have compelled corporate counsel and law firms to reassess the traditional cost structures and resource allocation within their relationship. Legal outsourcing (the proponents say) has proven to be “valuable for both when properly integrated into the litigation process”. Well, they would say that, wouldn’t they? But is the bane of U.S. contract attorneys.
And although many global corporations and law firms are embarking upon outsourcing strategies, questions and hesitancies remain for many regarding qualifications, capabilities, ethics, and geographic considerations.
But we have decided to award this session the booby award. This so-called “analysis of myths and realities” created its own self-serving construct, spoke in generalities, and did not give enough attention to the special nature of legal offshoring. The real value of this session consisted of the comments from the audience and not the presenters, who made me think of something Judge Facciola said earlier in the day: the importance for lawyers in knowing what they don’t know. Perhaps the presenters, unknowing as they are, could have improved their session by outsourcing it.
New World Technology and Enterprise Opportunity: Cloud Governance, VOIP and Unified Messaging – Mission Impossible and Information Assurance
Just when corporations began to stabilize their IT services, an explosive new portfolio of technologies are emerging. These new services are economically compelling, but present general counsel with new legal complexities. Suddenly, all of the related records are “in the cloud” , e-communications are tweets and texts, “unified communications“ are Voice over the Internet (VoIP), email converts to voice recordings, voice converts to text, systems track “presence” and location. Privacy, discovery, surveillance, Federal communications law, cloud computing—how does legal ever gain control over the risks?
This new “kid” on the block (unified communications) was introduced to attendees at the Masters Conference by Jeff Ritter (of Waters Edge Consulting) with the claim that, as a new way for storing business communications, it will displace email. Instant messaging, VOIP, Video, email to voicemail, voicemail to email, and presence are all contained in unified communications (“presence” is the ability to let the system know how to communicate with you and where you are.) These forms of communication are all creating kinds of records, with huge amounts of context, that defy “finding”. And when you try to find them, it may violate the Electronic Communications Privacy Act.
In the world of electronically stored information (ESI), and especially in the rapidly expanding space where corporate communications thrive, there is an evolution of data forms which, although not well understood by lawyers generally, is actually already being stored and is subject to discovery under the new Federal Rules. In some cases, like that of cloud computing, it is the manner of storage that is innovative; in other cases, it is the behind-the-scenes technology of innovations whose surface functionality we are all familiar with as users, such as internet telephony (Voice-over-Internet-Protocols), Instant Messaging (IM), audio to text and text to audio message conversions, and so-called “presences” which, in response to messaging, signal an individual’s presence or absence at a certain place and time.
Ritter raised three crucial questions:
1. What unified communications services are being brought in and what will be allowed?
2. What unified communication session-related content and data will be stored? (session logs, session content records, source content records)
3. What uses will be made of any stored unified communication related content or management content? (What will we do with the data? Security wants to analyze records historically, for example.)
There was discussion of the provisions of the Electronic Communications Privacy Act (major point is that it is illegal to listen to conversations in audio form) and the difference in privacy distinctions between Europe and the United States. There was discussion of who should make up the unified communication implementation team of the business. And there was considerable discussion of packet architecture, since this is the common denominator of the different communications and of different protocols. Importantly, once the packet is sent, it cannot be reassembled without all of the data that is in the packet. None of these topics will be explained here, since those interested in them can readily research them on the internet or in publications.
Ritter has an uncommon talent for visualizing the digital landscape in lawyerly terms. Seen through his eyes, the sensory overload of resources and devices on the scene today – and even those still barely discernible on the horizon – take on legal shape and substance. And they have consequences. One of Ritter’s strengths is his ability to clarify the datalogic of these digital forms of communication. As he drills down, you see that they all rely on a packet architecture similar to internet protocols, and you realize that all are decodable and can be reconstructed to recover supposedly transient historical conversations and messages. Indeed, Ritter’s bread and butter is expert testimony. He delights in deconstructing the assertions and credibility of corporate affiants whose claims conflict with the historical record he produces – a record most were unaware existed.
Another strong focus of his presentation is trustworthiness. His warning: security for these stored data forms is frequently absent. Ritter told stories of “penetration” tests of clouds in which the expert discovered worms capable of exporting data to offsite bad actors. In some particularly embarrassing cases, cloud storage techniques in use by discovery vendors were found to be insecure – vendors to whom in-house counsel had entrusted all manner of sensitive corporate data under an assumption of confidentiality.
Many of Ritter’s presentations from previous events are already viewable on his blog (click here) but we encouraged him to make this one available as well. You will his presentation by clicking here and a companion piece by clicking here. The Posse List plans to publish a more in-depth interview with Ritter.
Bridging the Gap Between Forensics and Native Review
With many corporations defaulting to forensic imaging as a standard methodology for data collection and the cost savings associated with performing at native review – many corporations and service providers are seeking ways to bridge the gap between these two approaches. The session focuse on how new techniques for performing economical forensic acquisitions, an ways of extracting information from these sources.
The panel was sponsored by Nuix and before the session we spoke at length with Stephen Stewart, CTO of NUIX. The panel discussed the different generations of tools for harvesting data, emphasized full forensic imaging, told war stories of criminal investigations where they had discovered key evidence in the unallocated disk space (i.e., perps had “erased” incriminating computer files), and admonished attendees to be ever mindful of sound forensic processing procedures to preserve chain of custody, etc.
The benefit of the session for professionals engaged in criminal investigations was clear. We suppose some of the more technical takeaways would apply equally to professionals harvesting for Early Case Assessment in corporate environments (hence the presence of Intel’s in-house litigation support expert, Steve Watson, who we met at the IQPC conference in Brussels.
After the session the panelists raved to us about the power of NUIX in ECA. Chuck Kellner (Vice President of E-Discovery Consulting, Anacomp) spoke of its incomparable power and speed; Gary Amos (Professor of Forensic Technology, George Mason University) added that, unlike other software, NUIX seems to have been written with the Rules of Evidence in mind. But during the session, none really mentioned this tool – they were all focusing on a stage of harvesting that precedes use of NUIX – the stage when best practice tools include FTK Imager (by AccessData who was not at the conference) and Encase by Guidance Software.
Which brings us to our last bit … early case assessment, the gorilla in the room and the subject area that seemed to dominate the conference.
As we have reported in several posts these last few months, early case assessment (ECA) has been a major focus this past year an a half. And, there have been no shortage of of ECA solutions to hit the market. Obviously, as we have also been contending for over 18 months, a single integrated and affordable e-discovery platform will revolutionize e-discovery processing.
Right now there seem to be 3 vendors leading the ECA market according to surveys conducted by The Cowen Group and ILTA: ClearWell, Recommind, and Digital Reef. But coming up fast are eTERA Consulting , CentralCentral, Nuix and Orange Legal Technologies.
We recently profiled Recommind (click here). We had extensive interviews with Digital Reef, eTERA, Nuix and Orange Legal Technologies at the Masters Conference, and we interviewed CaseCentral at the ACC annual meeting. Those interviews will post this week in our ACC follow-ups and our special post on ECA.
The key in all of these attempted solutions is: start with ECA and extend through analysis, review, production and post-production re-use. Oh, and at a price point that changes the current ECA pricing model.
But we are getting ahead of ourselves. Given the size of the e-discovery market, and given the history “first movers” in the technology industry, there is going to be plenty of room for additional players and several next generations of integrated ECA before the eventual market leaders emerge.