21st century discovery and evidence: …the vast body of information known as “electronically...

© 2010 Richard R. Orsinger All Rights Reserved

21ST CENTURY DISCOVERY AND EVIDENCE: ELECTRONICALLY STORED INFORMATION

RICHARD R. ORSINGER, [email protected]

http://www.orsinger.com

McCurley, Orsinger, McCurley, Nelson & Downing, L.L.P.

San Antonio Office:

1717 Tower Life Building San Antonio, Texas 78205

Telephone: (210) 225-5567 http://www.orsinger.com

and

Dallas Office:

5950 Sherry Lane, Suite 800 Dallas, Texas 75225

Telephone: (214) 273-2400

State Bar of Texas NEW FRONTIERS IN MARITAL PROPERTY LAW

October 28-29, 2010 Scottsdale

CHAPTER 4.1

-i-

Table of Contents

I. INTRODUCTION. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . -3-II. FIVE ASPECTS OF DEALING WITH ESI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . -3-

A. RETAINING/DESTROYING ESI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . -1-1. Zubulake v. UBS Warburg, LLC. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . -1-2. FRCP 37(e). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . -2-3. Post-FRCP 37(e) Case Law. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . -4-3. The “Litigation Hold.” . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . -5-

B. IDENTIFICATION. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . -6-1. Seeking Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . -6-2. Providing Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . -6-

C. COLLECTION. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . -6-D. PROCESSING. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . -7-E. REVIEW. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . -7-

III. INTERNET PRIVACY. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . -7-A. SEARCH ENGINES. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . -7-B. BROWSER HISTORIES. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . -8-C. SOCIAL NETWORKING WEBSITES. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . -8-

IV. ELECTRONIC DISCOVERY. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . -9-A. FEDERAL DISCOVERY PROCEDURES. . . . . . . . . . . . . . . . . . . . . . . . . . . . -9-B. TEXAS DISCOVERY PROCEDURES. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . -9-C. COMMON ESI DISCOVERY-RELATED ISSUES. . . . . . . . . . . . . . . . . . . . -11-D. SUBPOENAING ESI FROM NON-LITIGANTS. . . . . . . . . . . . . . . . . . . . . . -11-E. SOURCES OF PRIVILEGE OR PRIVACY FOR ESI. . . . . . . . . . . . . . . . . . -12-

1. Federal Statutes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . -12-2. Privileges Under Texas Law. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . -14-

V. METADATA. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . -14-VI. AUTHENTICATION OF DIGITAL INFORMATION. . . . . . . . . . . . . . . . . . . . . . . . -16-

A. AUTHENTICATION OF EVIDENCE (GENERALLY). . . . . . . . . . . . . . . . . -16-B. AUTHENTICATING COMPUTER-RELATED EVIDENCE. . . . . . . . . . . . -17-C. BEST EVIDENCE RULE ISSUES. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . -20-D. HEARSAY. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . -21-E. PROCESS OR SYSTEM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . -22-F. EXPERT OPINIONS EMBEDDED IN COMPUTER OUTPUT. . . . . . . . . . -23-G. THE SEDONA CONFERENCE COMMENTARY ON ESI EVIDENCE. . . -23-

VII. COMPUTER FORENSICS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . -23-A. CERTIFYING ORGANIZATIONS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . -23-B. ADMISSIBILITY OF FORENSIC EXPERT TESTIMONY. . . . . . . . . . . . . -24-

1. Qualifications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . -24-2. Reliability of Methodology. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . -24-3. Reliability of Underlying Data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . -25-4. Relevancy of the Expert Evidence. . . . . . . . . . . . . . . . . . . . . . . . . . . . -26-5. Helpfulness of the Expert Evidence. . . . . . . . . . . . . . . . . . . . . . . . . . . -26-6. Applying These Standards to Computer Forensics. . . . . . . . . . . . . . . . -26-

VIII. APPENDIX. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . -27-A. FAMILY LAW PRACTICE MANUAL. . . . . . . . . . . . . . . . . . . . . . . . . . . . . -27-

21st Century Discovery and Evidence: Electronically Stored Information Chapter 4.1

-ii-

B. LITIGATION HOLD LETTER. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . -28-IX. BIBLIOGRAPHY. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . -32-


-1-

21st Century Discovery and Evidence:Electronically Stored Information

by

Richard R. OrsingerBoard Certified in Family Law& Civil Appellate Law by the

Texas Board of Legal Specialization

I. INTRODUCTION. The prevalence ofcomputers and the growth of the Internet havegreatly increased the amount of informationthat is captured and available to seek, review,use, and protect, in litigation. This Articleraises issues that should be considered aboutthe vast body of information known as“Electronically Stored Information” (“ESI”).

II. FIVE ASPECTS OF DEALING WITHESI. Because of the convenience and nominalcost of digital storage, and redundancy builtinto data processing, and the tracking featuresthat are inherent in Internet protocols, theworld is saving more data than ever before. Infact, we have reached the stage where theproblem is too much information, rather thantoo little. When it comes to handling ESI incompliance with statutes and regulations, andto meet the demands of litigation, writers inthe field divide the problems of electronicdata into five categories: retaining/destroying,identifying, collecting, processing, andreviewing ESI. See generally The ElectronicD i s c o v e r y R e f e r e n c e M o d e l<http://edrm.net>, and particularly<http://www.edrm.net/wiki/index.php/Main_Page>.

A. RETAINING/DESTROYING ESI.While some companies are required byvarious federal and state statutes andregulations to maintain certain information forcertain periods of time, just because thosetime periods have been met does notnecessarily mean that information can be

safely destroyed. Plus, companies andindividuals, whether or not they are subject toany statutory or regulatory retentionrequirement, must consider potential litigationwhen destroying data or allowing data to bedestroyed.

Any time a company or person destroysrecorded information, there is a risk that insubsequent litigation the opposing party willclaim spoliation, and ask for discoverysanctions, fees, and costs. Nonetheless, peoplein the document management business saythat it is permissible to destroy recordspursuant to a commercially reasonabletimetable that is applied as a consistent policy,with sensitivity toward information whoseimportance requires special treatment, andwith an appreciation that the destruction ofrelevant information must cease whenlitigation can be reasonably anticipated.

1. Zubulake v. UBS Warburg, LLC. InZubulake v. UBS Warburg LLC, 220 F.R.D.212, 217 (S.D. N.Y. 2003), the U.S. DistrictJudge Shira A. Scheindlin wrote that “anyonewho anticipates being a party or is a party toa lawsuit must not destroy unique, relevantevidence that might be useful to anadversary.” The court relied upon Turner v.Hudson Transit Lines, Inc., 142 F.R.D. 68,72-73 (S.D. N.Y. 1991), where the court said:

[N]o duty to preserve arises unless theparty possessing the evidence has noticeof its relevance. See Danna v. New York


-2-

Telephone Co., 752 F.Supp. 594, 616 n. 9(S.D.N.Y.1990). Of course, a party is onnotice once it has received a discoveryrequest. Beyond that, the complaint itselfmay alert a party that certain informationis relevant and likely to be sought indiscovery. See Computer AssociatesInternational, Inc. v. AmericanFundware, Inc., 133 F.R.D. 166, 169 (D.Colo. 1990); Telectron, Inc. v. OverheadDoor Corp., 116 F.R.D. 107, 127 (S.D.Fla. 1987). Finally, the obligation topreserve evidence even arises prior to thefiling of a complaint where a party is onnotice that litigation is likely to becommenced. See Capellupo v. FMCCorp., 126 F.R.D. at 550-51 & n. 14;Alliance to End Repression v. Rochford,75 F.R.D. 438, 440 (N. D. Ill.1976).

The Turner case in turn relied upon Wm. T.Thompson Co. v. General Nutrition Corp.,593 F.Supp. 1443, 1455 (C.D. Cal. 1984),where the court said:

Sanctions may be imposed on a litigantwho is on notice that documents andinformation in its possession are relevantto litigation, or potential litigation, or arereasonably calculated to lead to thediscovery of admissible evidence, anddestroys such documents andinformation. While a litigant is under noduty to keep or retain every document inits possession once a complaint is filed, itis under a duty to preserve what it knows,or reasonably should know, is relevant inthe action, is reasonably calculated tolead to the discovery of admissibleevidence, is reasonably likely to berequested during discovery and/or is thesubject of a pending discovery request.

2. FRCP 37(e). In 2006, the U.S. Congressadopted what is now FRCP 37(e). Rule 37(e)provides:

(e) Failure to Provide ElectronicallyStored Information. Absent exceptionalcircumstances, a court may not imposesanctions under these rules on a party forfailing to provide electronically storedinformation lost as a result of the routine,good-faith operation of an electronicinformation system.

Viewed literally, these words appear tocontemplate destruction of data as necessaryfunctions of the computer’s operating system,such as the overwriting of digital informationthat results from random access storage ofdata on disk drives, and perhaps even therecycling of back-up tapes (which effectivelywipes out earlier back-ups and replaces themwith new ones).

Here is what the Advisory Committee notesaid about Rule 37(e). The Comments refer tosubdivision 37(f), which now is subdivision37(e):

Subdivision (f) is new. It focuses on adistinctive feature of computeroperations, the routine alteration anddeletion of information that attendsordinary use. Many steps essential tocomputer operation may alter or destroyinformation, for reasons that havenothing to do with how that informationmight relate to litigation. As a result, theordinary operation of computer systemscreates a risk that a party may losepotentially discoverable informationwithout culpable conduct on its part.Under Rule 37(f), absent exceptionalcircumstances, sanctions cannot beimposed for loss of electronically storedinformation resulting from the routine,good-faith operation of an electronicinformation system.

Rule 37(f) applies only to informationlost due to the “routine operation of anelectronic information system” -- the


http://www.TexasBarCLE.com/CLE/PMCasemaker.asp?table=US_distctopinions&volume=752&edition=F.Supp.&page=594&id=129835_01


-3-

ways in which such systems are generallydesigned, programmed, and implementedto meet the party's technical and businessneeds. The “routine operation” ofcomputer systems includes the alterationand overwriting of information, oftenwithout the operator's specific directionor awareness, a feature with no directcounterpart in hard-copy documents.Such features are essential to theoperation of electronic informationsystems.

Rule 37(f) applies to information lost dueto the routine operation of an informationsystem only if the operation was in goodfaith. Good faith in the routine operationof an information system may involve aparty's intervention to modify or suspendcertain features of that routine operationto prevent the loss of information, if thatinformation is subject to a preservationobligation. A preservation obligation mayarise from many sources, includingcommon law, statutes, regulations, or acourt order in the case. The good faithrequirement of Rule 37(f) means that aparty is not permitted to exploit theroutine operation of an informationsystem to thwart discovery obligations byallowing that operation to continue inorder to destroy specific storedinformation that it is required to preserve.When a party is under a duty to preserveinformation because of pending orreasonably anticipated litigation,intervention in the routine operation of aninformation system is one aspect of whatis often called a “litigation hold.” Amongthe factors that bear on a party's goodfaith in the routine operation of aninformation system are the steps the partytook to comply with a court order in thecase or party agreement requiringpreservation of specific electronicallystored information.

Whether good faith would call for stepsto prevent the loss of information onsources that the party believes are notreasonably accessible under Rule26(b)(2) depends on the circumstances ofeach case. One factor is whether the partyreasonably believes that the informationon such sources is likely to bediscoverable and not available fromreasonably accessible sources.

The protection provided by Rule 37(f)applies only to sanctions “under theserules.” It does not affect other sources ofauthority to impose sanctions or rules ofprofessional responsibility.

This rule restricts the imposition of“sanctions.” It does not prevent a courtfrom making the kinds of adjustmentsfrequently used in managing discovery ifa party is unable to provide relevantresponsive information. For example, acourt could order the responding party toproduce an additional witness fordeposition, respond to additionalinterrogatories, or make similar attemptsto provide substitutes or alternatives forsome or all of the lost information.

Some people consider Rule 37(e) to be a “safeharbor” provision that protects businesses orpersons who destroy ESI pursuant to a routinerecord retention/destruction policy if theylater find themselves in litigation. Timothy J.Carroll and Bruce A. Radke, Federal Rules ofCivil Procedure Concerning E-DiscoveryImpact (2010).1 Safety is a relative concept.The language of the Rule and the commentsby the Advisory Committee do not reflect thatFRCP 37(e) is a completely safe “safe harbor”when it comes to intentionally destroying dataor allowing data to be lost.

1<http://www.busmanagement.com/article/Federal-Rules-of-Civil-Procedure-Concerning-E-Discovery-Impact>.


-4-

3. Post-FRCP 37(e) Case Law. Zubulakecontinues to be cited in cases decided afterFRCP 37(e) was adopted. In Wilson v. ThornEnergy, LLC, 2010 WL 1712236, *2-4 (S.D.N.Y. 2010), the U.S. Magistrate Judge citedZubulake when imposing sanctions for thefailure of a litigant to preserve a copy of thecontents of a flash drive. The MagistrateJudge rejected a Rule 37(e) safe harbor,saying: “the data on the flash drive was notoverridden or erased as part of a standardprotocol; rather, it was lost because theDefendants failed to make a copy.” Id. at *3.In Consolidated Edison Co. of New York, Inc.v. U.S., 90 Fed.Cl. 228, 256 (Fed. Cl. 2009),Zubulake was cited in connection with aspoliation claim. In John B. v. Goetz, 531 F.3d448, 459 (6th Cir. 2008), Zubulake was citedfor the proposition that “a party to civillitigation has a duty to preserve relevantinformation, including ESI, when that party‘has notice that the evidence is relevant tolitigation or ... should have known that theevidence may be relevant to futurelitigation.’” There appears to be no doubt thatthere is a duty to preserve relevant data atsome point in time. The point goes from theobvious (once a discovery request has beenreceived for the information in question) tothe not-so-obvious (when a person “shouldhave known that the evidence may be relevantto future litigation”). Caution is advised.

Judge Shira A. Scheindlin, the judge whowrote the Zubulake opinion in 2003, revisitedsanctions for mishandling ESI in 2010, inPension Committee of the Univ. of MontrealPension Plan v. Banc of America Securities,LLC, 685 F.Supp.2d 456 (S.D. N.Y. 2010).Judge Scheindlin commented: “This is a casewhere plaintiffs failed to timely institutewritten litigation holds and engaged incareless and indifferent collection efforts afterthe duty to preserve arose. As a result, therecan be little doubt that some documents werelost or destroyed.” In a 48-page opinion JudgeScheindlin methodically evaluates the

behaviors of various plaintiffs who failed toretain emails prior to litigation or failed tomake a thorough search for them oncelitigation was underway.

Judge Scheindlin wrote:

It is well established that the duty topreserve evidence arises when a partyreasonably anticipates litigation.“‘[O]ncea party reasonably anticipates litigation,it must suspend its routine documentretention/destruction policy and put inplace a ‘litigation hold’ to ensure thepreservation of relevant documents.'” Aplaintiff's duty is more often triggeredbefore litigation commences, in large partbecause plaintiffs control the timing oflitigation”

Id. at 466. The lawsuit was initiated inFebruary of 2004. Id. at 473. But the judgeruled that the plaintiffs should have saved allrelevant data starting by April of 2003, whenthe defendant’s financial condition wasdeteriorating and several of the plaintiffs hadconsulted attorneys. Id. at 475.

The Federal Magistrate Judge’s decision inPhillip M. Adams & Assoc. v. Dell, Inc., 621F. Supp. 1173 (N.D. Utah 2009), imposedspoliation sanctions based on the dataretention practices of a defendant company ina patent infringement case. The defendantcompany had no centralized storage ofcomputer, files or email. Individual employeeswere instructed to preserve emails theythought had long term value on theirindividual computers. Id. at 1181 and 1188.The Court noted that people in the computerindustry were well aware of a flaw in floppydisk controllers for which, in late 1999,Toshiba paid billions of dollars in a classaction suit. Id. at 1191. A class action suit wasfiled against Hewlett Packard in 1999 for thesame problem, and against Sony in 2000. Theclaimed reverse-engineering of the plaintiff’s


http://www.TexasBarCLE.com/CLE/PMCasemaker.asp?table=US_5thcircuit&volume=531&edition=F.3d&page=448&id=129835_01


http://www.TexasBarCLE.com/CLE/PMCasemaker.asp?table=US_distctopinions&volume=685&edition=F.Supp.2d&page=456&id=129835_01



-5-

patented technique for correcting such floppydisk errors allegedly occurred during 2000,and no emails or source code of thisengineering project was preserved. Id. Themagistrate judge ruled that the defendantcorporation should have been preservingevidence related to floppy disk controllererrors in year 2000, Id. at 1190-91, althoughthe patent infringement suit was not filed until2007. Id. at 1190. The defendant companyinvoked the FRCP 37(e) “safe harbor for theroutine good faith of an electronic operationsystem.” The Court noted that the defendantcompany had no data back up policy. Theemail server overwrote old emails regardlessof their importance. Id. at 1192. Whencomputers were replaced, individualemployees were charged with moving datafrom the old computer to the new one. Andyet the company did store certain financial-related data in centrally accessible back-upservers, showing that the defendant company“does know how to protect data it regards asimportant.” Id. at 1192. The Court said:

The culpability in this case appears at thistime to be founded in ASUS'questionable information managementpractices. A court-and more importantly,a litigant-is not required to simply acceptwhatever information managementpractices a party may have. A practicemay be unreasonable , g ivenresponsibilities to third parties. While aparty may design its informationmanagement practices to suit its businesspurposes, one of those business purposesmust be accountability to third parties.

Id. at 1193.

3. The “Litigation Hold.” A “litigationhold” is a request that the destruction ofrecords and information be suspended becauseof anticipated litigation, or the onset oflitigation, or especially when the client hasreceived a letter requesting retention of ESI

(typically emails) or a discovery request forproduction of ESI. The “litigation hold” maybe issued by the opposing party’s lawyer, orby the lawyer for the party whose data mightbe targeted.

In the Pension Committee case, counsel forsome of the plaintiffs were taken to task forfailing to issue a “litigation hold” to theclients. Pension Committee, 685 F. Supp.2d at473. The court found the following failures toconstitute gross negligence with regard tospoliation of evidence:

After a discovery duty is well established,the failure to adhere to contemporarystandards can be considered grossnegligence. Thus, after the final relevantZubulake opinion in July, 2004, thefollowing failures support a finding ofgross negligence, when the duty topreserve has attached: to issue a writtenlitigation hold; to identify all of the keyplayers and to ensure that their electronicand paper records are preserved; to ceasethe deletion of email or to preserve therecords of former employees that are in aparty's possession, custody, or control;and to preserve backup tapes when theyare the sole source of relevantinformation or when they relate to keyplayers, if the relevant informationmaintained by those players is notobtainable from readily accessiblesources.

Id. at 471. The attorney for the plaintiffs wascriticized for (i) failing to create a mechanismfor collecting the preserved records so thatthey could be searched by someone other thanthe employees; (ii) failure of the attorney toprovide supervision of the record reviewprocess; and (iii) failure of the attorney tosupervise the collection process by reviewing,sampling, or spot-checking the collectionprocess. Id. at 473.


-6-

B. IDENTIFICATION. In the context ofthe present discussion, “identification” is theprocess of differentiating information that iswanted from information that is not wanted.

1. Seeking Information. In litigation, if youare seeking information from others, there areforms and checklists you can use to helpformulate your information request. Viewingthese forms and these checklists critically, itbecomes clear that many are derived from apaper-world perspective and merely ask fortraditional information that is storedelectronically rather than asking forinformation that is uniquely electronic. If youhave hired a forensic expert, the expert canprovide you with a list of items or categoriesof information s/he will need to review indoing her/his job. Even experts, however, mayfocus on the information that is traditionallyrequired for the task, and not information thatis unique to computer-based data. The keyconcern with seeking information in the 21st

Century is 20th-century thinking: a lack ofawareness of the digital information that isavailable, and a lack of creativity in imagininghow available digital information mightimpact a case.

2. Providing Information. If you receive adiscovery request from the opposing party, itmay contain broad categories of informationthat are described in general terms. There maybe judgment calls to be made about whethercertain information falls under one category,or another, or is not included at all in theinformation request. It is often necessary todecide whether to produce the information inpaper form, or pdf-format, or as originalsoftware files (i.e., Word, Wordperfect, Excel,etc.), and with or without metatdata. It is alsonecessary to identify confidential informationthat should be withheld from production. Theconfidential privilege may belong to yourclient, or it may belong to non-litigant thirdparties. In a lawsuit, the danger of evidencedestruction arises, which can occur when even

innocent policies regarding informationretention and destruction are followed and youlater learn that relevant evidence wasdestroyed, leading to claims of spoliation andrequests for discovery sanctions.

C. COLLECTION. Data collection is anissue regardless of whether you are collectingdata to assist your own client or in response toa discovery request from the opposing party.There can be client-related problems with thecollection of information. This occurs, forexample, where the client is unsophisticatedin information management, or proves to beunreliable in locating and producinginformation, or where the process of gatheringinformation requires the assistance ofoutsiders (like IT professionals), or where thecollection of information interferes with thenormal operation of a business.

If a business organization is required to locateand produce documents, it can be difficult andexpensive just to find out where theinformation is stored. In addition to the maincomputer network servers, data may be storedon backup disks or tapes, individual workstations, laptops, hand-held devices, thumbdrives, CDs, floppy drives, and personalcomputers of current and former employees.Data storage may have been outsourced tothird parties.

The process of collecting ESI in response to adiscovery request may become an issue in amotion for sanctions. A litigant can besanctioned for a failure to “execute acomprehensive search for documents” or a“failure to sufficiently supervise or monitortheir employees’ document collection.”Pension Committee of University of MontrealPension Plan v. Banc of America Securities,LLC, 685 F. Supp.2d 456, 477 (S.D. N.Y.2010) (Judge Shira A. Scheindlin). Inevaluating the earnestness of the search fordocuments, the court may consider “[w]hichfiles were searched, how the search was



-7-

conducted, who was asked to search, whatthey were told, and the extent of anysupervision are all topics reasonably withinthe scope of the inquiry.” Id.

D. PROCESSING. Once the neededinformation is identified, and has beengathered or is being gathered, it is necessaryto process the information so that it can bereviewed and appropriate portions deliveredto the requesting party. In a process of“culling,” irrelevant documents are identifiedand segregated so they do not have to bereviewed by professionals who bill by thehour. De-duplication is advisable to removerepeated copies of the same document. Aseries of questions then arises. Will paperdocuments be scanned? Will scanneddocuments be text-searchable? Will electronicfiles be printed? Will documents be Bates-stamped? How will indexes be created, andwho will do the indexing? Is there “legacydata” that is in old computer formats that areno longer kept current by the client?

E. REVIEW. In the old days, documentreview meant sitting in a room for days onend, looking at paper after paper out of boxafter box. Nowadays, outside vendors havedeveloped software systems that can searchESI in a myriad of ways to pinpoint usefulinformation. Many law offices, however,consign the review work to paralegals orassociate attorneys, to visually inspectdocuments one-by-one. Or law firms delegatethe review process to forensic experts to dopage-by-page review.

The ruling in the Pension Committee casestates that the litigant’s attorney must ensurethat the review process to identify relevantrecords should be robust, and should besubject to meaningful supervision andchecked to be sure that the review process isexecuted according to plan. Texas courts havenot endorsed these exacting standards, and itshould not be forgotten that standards that are

achievable by large, monied institutions whoare litigating in federal district courts inManhattan may not be fully transportable tosmall companies or individuals in thehinterland.

Extensive discussion of approaches to thereview process are set out at The ElectronicD i s c o v e r y R e f e r e n c e M o d e l<http://edrm.net>.

III. INTERNET PRIVACY. The computersthat make up the Internet are accumulatinguncountable quantities of information abouteveryone and everything. While much of thisinformation has technical utility only,companies who want to sell advertising aredoing nearly everything within their power toconnect Internet information to particularInternet users, so that the information theyhave can be used in selling advertising. In theliterature, the focus of the debate is on“personally identifiable information.” Google,for example, takes the position that it can onlyassociate its information with a particular IPaddress. Detractors argue that it is oftenpossible to correlate the IP address with aspecific individual, based on data from thecontent of searches, or by correlating the IPaddress to a subscriber to Gmail, or when theISP connects the IP address to a specific streetaddress that in turn can be associated with aparticular person.

A. SEARCH ENGINES. The biggestcollector of data is the Internet search engineGoogle.2 According to a January 2010estimate,3 Google conducts 3 billion searchesper day. The estimate credited Yahoo with280 million searches per day, and Bing with

2 Alma Whitten, Are IP addresses personal?<http://googlepublicpolicy.blogspot.com/2008/02/are-ip-addresses-personal.html>.

3

<http://searchengineland.com/by-the-numbers-twitter-vs-facebook-vs-google-buzz-36709>.


-8-

80 million searches per day. Princetoncomputer scientist Edward Felton calledGoogle’s storage of vast amounts of personalinformation “perhaps the most difficultprivacy [problem] in all of human history.”4

These Internet search services keep all theinformation they can about these searches.5 Toquote an October 2006 article from MotherJones Magazine: “Over the years, Google hascollected a staggering amount of data, and thecompany cheerfully admits that in nine yearsof operation, it has never knowingly erased asingle search query.”6 The searches can betied back to a particular Internet ProtocolAddress (“IP address”), which identifies thecomputer connected to the Internet thatinitiated the search.7 While the IP addressitself does not identify the person using thatcomputer, the pattern of searches and thecontent of search queries can sometimes makeit easy to identify the computer user.

B. BROWSER HISTORIES. A survey ofmembers of the American Academy of

Matrimonial Lawyers (“AAML”) indicatedthat a high percentage of those lawyers usedbrowser histories as evidence in divorcecases.8 In most instances, an internet browser(like Internet Explorer or Mozilla Firefox)will record a history of search strings and webcites visited. The browsing history can becurtailed and erased with a little effort, but inmost instances nothing is ever really erasedfrom a hard drive by a user “delete.” Plus, asnoted above, the search engine providers savesearch data in their own archives.

C. S O C I A L N E T W O R K I N GWEBSITES. “A social networking site is anonline place where a user can create a profileand build a personal network that connectshim or her to other users.”9 “The share ofadult internet users who have a profile on anonline social network site has more thanquadrupled in the past four years -- from 8%in 2005 to 35% now,” according to the PewInternet & American Life Project’s December2008 tracking survey.10 A survey of membersof the AAML reflected that “81% of AAMLmembers cited an increase in the use ofevidence from social networking websitesduring the past five years, while just 19% saidthere was no change. Facebook is the primarysource of this type of evidence according to66% of the AAML respondents, whileMySpace follows with 15%, Twitter at 5%,

4Omer Tene, What Google Knows: Privacy andInternet Search Engines, 2008 UTAH LAW REV. 1433,1434 (2008).

5 Google says: “Like most websites, our serversautomatically record the page requests made whenusers visit our sites. These server logs typicallyinclude your web request, IP address, browser type,browser language, the date and time of your request,and one or more cookies that may uniquely identifyyour browser.”<http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=162743> (last visited 9-27-2010).

6 Adam L. Penenberg, Is Google Evil? October 10,2006<http://motherjones.com/politics/2006/10/google-evil>.

7An insightful discussion about whether an IP addressis “personally identifiable information” is at<http://googlepublicpolicy.blogspot.com/2008/02/are-ip-addresses-personal.html>.

8 Married Browsers Beware: Top Divorce LawyersNote Soaring Use of Internet and Spyware Evidence(April 21, 2008)<http://www.aaml.org/go/about-the-academy/press/press-releases/married-browsers-beware-top-divorce-lawyers-note-soaring-use-of-internet-and-spyware-evidence>.

9 Social Networking Websites and Teens (Jan. 7,2007)<http://www.pewinternet.org/Reports/2007/Social-Networking-Websites-and-Teens/Data-Memo.aspx>.

10 Pew Internet Project Data Memo (Jan. 14, 2009 )<http://www.scribd.com/doc/10530929/PIP-Adult-Social-Networking-Data-Memo-FINAL>.


-9-

and other choices listed by 14%.”11

IV. ELECTRONIC DISCOVERY. Pre-trialdiscovery of ESI is a growing issue in 21st

Century litigation. For a general listing ofESI-related discovery cases, see FederalCourt Decisions Involving ElectronicDiscovery December 1, 2006 – July 31, 2009(Kenneth J. Withers, Ed.),12 and FederalCourt Decisions Involving ElectronicDiscovery January 1, 2009 - May 31, 2010(Kenneth J. Withers, Ed.).13 Since it is mucheasier to request information in litigation thanit is to gather and produce it, the challenge ofresponding to discovery requests is oftengreater than the challenge of making therequests. A comprehensive treatment onhandling pretrial discovery of ESI is at JerryCust is , LI T I G A T I O N MA N A G E M E NT

HANDBOOK § 7:28, Managing electronicdiscovery--Electronic discovery issues (2009)[available on Westlaw at LTGMANHB §7:28).14

A. F E D E R A L D I S C O V E R YPROCEDURES. Federal Rule of CivilProcedure 34 deals with pre-trial discovery ofdocuments and “electronically storedinformation.” FRCP 45 deals withsubpoenaing information, including ESI.FRCP 45(d)(1) governs “producingdocuments or electronically storedinformation” in response to a subpoena. Animportant concept introduced in Rule45(d)(1)(D) is the idea that “[t]he personresponding need not provide discovery ofelectronically stored information from sourcesthat the person identifies as not reasonablyaccessible because of undue burden or cost.”Under FRCP 26(a)(i), a litigant who intends touse evidence, including ESI, must inform therequesting party of where the potentiallyrelevant evidence exists, including where ESIis stored. FRCP 26(b)(2)(B) contains a “clawback” provision for confidential informationaccidentally produced. FRCP 26(b)(2)(C)(iii)requires the Court to limit the frequency orextent of discovery if the burden or expenseoutweighs its likely benefit.15 FRCP 37provides that “[a]bsent exceptionalcircumstances, a court may not imposesanctions under these rules on a party forfailing to provide electronically storedinformation lost as a result of the routine,good-faith operation of an electronicinformation system.”

B. T E X A S D I S C O V E R YPROCEDURES. Texas Rule of CivilProcedure 196.4 deals with ESI:

To obtain discovery of data or

11 Big Surge in Social Networking Evidence SaysSurvey of Nation's Top Divorce Lawyers (Feb. 10,2010) <http://www.aaml.org/go/about-the-academy/press/press-releases/big-surge-in-social-networking-evidence-says-survey-of-nations-top-divorce-lawyers>.

12

<http://www.fjc.gov/public/pdf.nsf/lookup/EDis0919.pdf/$file/EDis0919.pdf>.

13 On Westlaw at CR045 ALI-ABA 1<https://web2.westlaw.com/result/default.wl?ss=CNT&db=100059&mt=210&scxt=WL&caseserial=2019824761&tc=1&cxt=DC&sv=Full&rp=%2fFind%2fdefault.wl&ppt=SDU_119&findtype=1&rlti=1&cnt=DOC&ordoc=2019824761&serialnum=0354771406&vr=2.0&ifm=NotSet&fn=_top&service=Find&rlt=CLID_FQRLT8885172717189&tf=12&n=1&pbc=BC6E23F9&casecite=2009+WL+2957317&rs=WLW10.08>.

14

<https://web2.westlaw.com/find/default.wl?serialnum=0304634779&ifm=NotSet&rp=%2ffind%2fdefault.wl&sv=Split&caseserial=2018546046&rs=WLW10.08&db=166688&casecite=621+F.Supp.2d+1173&findtype=1&fn=_top&mt=210&vr=2.0&pbc=BC6E23F

9&ordoc=2018546046&RLT=CLID_FQRLT98663565418189&TF=756&TC=1&n=1>.

15In In re eBay Seller Antitrust Litigation, 2009 WL361351 (N.D. Cal. 2009), a federal district judgeordered eBay to spend an estimated $300,000 tocreate a new data set of eBay data for the plaintiff touse in suing eBay.


-10-

information that exists in electronic ormagnetic form, the requesting party mustspecifically request production ofelectronic or magnetic data and specifythe form in which the requesting partywants it produced. The responding partymust produce the electronic or magneticdata that is responsive to the request andis reasonably available to the respondingparty in its ordinary course of business. Ifthe responding party cannot--throughreasonable efforts--retrieve the data orinformation requested or produce it in theform requested, the responding partymust state an objection complying withthese rules. If the court orders theresponding party to comply with therequest, the court must also order that therequesting party pay the reasonableexpenses of any extraordinary stepsrequired to retrieve and produce theinformation.

The Texas Supreme Court case of In reWeekley Homes, L.P., 295 S.W.3d 309 (Tex.2009), contains several statements of noteregarding ESI:

• Deleted and un-deleted e-mailmessages, stored on a computer harddrive, constitute "electronic ormagnetic data," within meaning ofrule of procedure governing discoveryrequests for production of electronicor magnetic data.

• While a discovery request forproduction of e-mail messagesmay imply deleted e-mailmessages, a party seekingproduction of deleted e-mailmessages should expresslyrequest them.

• The purpose of the Texas Rulesof Civil Procedure specificityrequirement for discovery

requests seeking production ofESI is to ensure that such requestsare clearly understood anddisputes are avoided.

• Prior to sending requests forproduction of ESI, parties shouldshare relevant informationconcerning electronic systemsand storage methods so thatagreements regarding protocolsmay be reached, or failing that, sothat trial courts have theinformation needed to craftdiscovery orders that are notunduly intrusive or overlyburdensome.

• The trial court could treat a"motion for limited access to[homebuilder's] computers" as amotion to compel production ofelectronic or magnetic data.

• If the trial court determines thatrequested ESI is not reasonablyavailable, the court maynevertheless order productionupon a showing by the requestingparty that the benefits ofproduction outweigh the burdens.

• In determining how ESI shouldbe searched and then produced,courts are discouraged fromgiving litigants direct access toanother party's electronic storagedevices; courts should beextremely cautious to guardagainst undue intrusion.

A court-order allowing discovery of a non-resident defendant’s computer hard drive wasstruck down in In re Stern, 2010 WL 3365856(Tex. App.–Houston [1st Dist.] 2010) (orig.pet.). The trial court ordered this electronicdiscovery while the defendant’s special


http://www.TexasBarCLE.com/CLE/PMCasemaker.asp?table=TX_caselaw&volume=295&edition=S.W.3d&page=309&id=129835_01

-11-

appearance was still pending. Because thediscovery allowed exceeded jurisdictionalissues, it was overbroad. It was stricken as aprohibited “fishing expedition.” Id. at *13.The trial court appointed Houston attorneyCraig Ball as a special master to review thedefendant’s entire hard drive. The court ofappeals criticized the order appointing Ball:“Because the order does not supply searchterms, Ball was given virtually free reign toplumb Stern’s hard drive.” Id. at *16. Theappellate court went on to say:

Granting a special master carte blancheauthorization to sort through Stern'scomputer hard drive clearly violated thelongstanding prohibition againstimpermissible “fishing expeditions.”

Id. at *16.

C. COMMON ESI DISCOVERY-RELATED ISSUES. Texas attorney CraigBall, who has often served as a court-appointed discovery master, has explained theprincipal issues he sees in electronicdiscovery disputes: (i) what e-mail systemdoes the party use; (ii) what is the party’s e-mail retention policy and practice; (iii) whatare the party’s backup practices; (iv) whatdevices and applications do the key playersuse that might implicate relevant ESI; (v)what forms of ESI does each party seek, andwhat forms will each party furnish; (vi) whatdata are at greatest risk of alteration ordestruction; (vii) how does each party plan tofilter, search and redact ESI; (viii) is ESI thatis “gone” really gone?16

D. SUBPOENAING ESI FROM NON-LITIGANTS. As noted above, divorcelawyers are aware that non-litigants may haveESI that would be helpful in litigation.

Lawyers are therefore subpoening ESI fromnon-parties, under the discovery-relatedFederal Rules of Civil Procedure and underthe discovery rules of various states. TexasRule of Civil Procedure 205.1 permits a partyto issue a subpoena to a non-party to producedocuments and information. The party seekingthe discovery must give ten days’ notice toother parties of the intent to issue thediscovery subpoena.

Three federal courts have ruled that a personhas standing under the Federal Rules of CivilProcedure to seek to quash a subpoena thatwould require a business to produce ESI thatis protected by the Stored CommunicationsAct, 18 U.S.C. § 2701(a)(1). See Crispin v.Christian Audigier, Inc., 2010 WL 2293238,*4 (C.D. Cal. 2010) (quashing subpoenas forprivate information stored at Facebook, MySpace, and other social networking sites); J.T.Shannon Lumber Co., Inc. v. Gilco Limber,Inc., 2008 WL 3833216 (N.D. Miss. 2008)(quashing subpoena on Microsoft, Google,and Yahoo); Hone v. Presidente U.S.A. Inc.,2008 U.S. Dist. LEXIS 55722, *4 (N.D. Cal.2008) (quashing subpoena on Yahoo). TRCP205.2. TRCP 192.6 permits the non-party, and“any other person affected by the discoveryrequest,” to move for a protective order. Rule192.6 is essentially a “standing” rule,indicating that motions for protective orderscan be filed any anyone “affected” by thediscovery request.

The Federal Stored Communication Actprovides privacy for communications storedwith many third parties. Several courts haverecognized a right to privacy for anonymouspostings on web sites. See Clay Calvert,Kayla Gutierrez, Karla D. Kennedy, KaraCarnley Murrhee, David Doe v. Goliath, Inc.:Judicial Ferment in 2009 for BusinessPlaintiffs Seeking the Identities of AnonymousOnline Speakers, 43 J. MARSHALL L. REV. 1(2009).

16 Craig Ball, E-Discovery: A Special Master'sPerspective<http://www.craigball.com/EDD_SM_PERSP.pdf>.


-12-

In Solarbridge Technologies, Inc. v. Doe,2010 WL 3419189 (N.D. Cal. 2010), theUnited States Magistrate Judge permitted aplaintiff to subpoena Yahoo! and Google toget information permitting the plaintiff toidentify the source of an anonymous emailthat contained the plaintiff’s trade secrets, etc.

It should be noted that in In re NapsterCopyright Litigation, 462 F.Supp.2d 1060,1068 (N.D. Cal. 2006), the federal districtjudge mentions in passing a non-party’s dutyto preserve information that has beensubpoenaed.

Courts have litigated the question of when thecourt should shift the cost to a non-party ofcomplying with subpoenas related to litigationin which the third party is not involved. Thefederal district judge in Tessera, Inc. v.Micron Technology, Inc., 2006 WL 733498(N.D. Cal. 2006), enumerated eight factors toconsider: “(1) the scope of the request; (2) theinvasiveness of the request; (3) the need toseparate privileged material; (4) thenon-party’s financial interest in the litigation;(5) whether the party seeking production ofdocuments ultimately prevails; (6) the relativeresources of the party and the non-party; (7)the reasonableness of the costs sought; and,(8) the public importance of the litigation.”17

E. SOURCES OF PRIVILEGE ORPRIVACY FOR ESI.

1. Federal Statutes. In U.S. v. Olmstead,277 U.S. 438 (1928), the Supreme Court heldthat the Fourth Amendment protection againstsearch and seizure did not apply to a wiretapinstalled without physical intrusion into ahome or office. Congress thereafter adopted

the Communications Act of 1934, whichprohibited intercepting communicationswithout the consent of the sender. 47 U.S.C.§ 605. In Katz v. U.S., 389 U.S. 347 (1967)("bug" on exterior of telephone booth), theSupreme Court revised its analysis, and heldthat the Fourth Amendment applied to areas inwhich the person had a reasonable expectationof privacy. In 1968, Congress enacted theFederal Wiretap Act (FWA), which prohibitedthe interception of wire communications (i.e.,telephone) and oral communications. In 1986,Congress enacted the ElectronicCommunications Privacy Act (ECPA), whichextended the wiretap prohibition to mobileand cellular telephones and to electroniccommunications (i.e., email). However,capturing the broadcast portion of portablehouse telephones was not prohibited. In 1994,the ECPA was amended to protect thebroadcast portion of portable telephones.After the disaster on September 11, 2001,Congress enacted the USA Patriot Act, whichrevised the Federal Wiretap Act, theElectronic Communications Privacy Act, andthe Foreign Intelligence Surveillance Act.See Robert A. Pikowsky, An Overview of theLaw of Electronic Surveillance PostSeptember 11, 2001, 94 LAW LIBR. J. 601(2001).

The Fifth Circuit Court of Appeals oncedescribed the Federal Wiretap Act as being"famous (if not infamous) for its lack ofclarity." Steve Jackson Games, Inc. v. UnitedStates Secret Service, 36 F.3d 457, 462 (5thCir. 1994).

The Federal Stored Communication Act(“SCA”) was adopted in 1986. The SCAdistinguishes between an “electroniccommunication service” (ECS), which is aservice that enables one to send or receivewire or electronic communications,” and a“remote computing service” (RCS), which isa computer storage or processing service thatuses an electronic communications system.

17 The Sedona Conference Commentary on Non-PartyProduction and Rule 45 Subpoenas (Blakely, et al.,editors 2008)<http://www.thesedonaconference.org/dltForm?did=Rule_45_Subpoenas>.



http://www.TexasBarCLE.com/CLE/PMCasemaker.asp?table=US_supremeopinions&volume=277&edition=U.S.&page=438&id=129835_01



-13-

The prohibition against disclosure containedin the SCA is:

§ 2702. Voluntary disclosure of customercommunications or records

(a) Prohibitions.--Except as providedin subsection (b) or (c)--

(1) a person or entity providing anelectronic communication service tothe public shall not knowinglydivulge to any person or entity thecontents of a communication whilein electronic storage by that service;and

(2) a person or entity providingremote computing service to thepublic shall not knowingly divulgeto any person or entity the contentsof any communication which iscarried or maintained on thatservice--

(A) on behalf of, and receivedby means of electronictransmission from (or created bymeans of computer processingof communications received bym e a n s o f e l e c t r o n i ctransmission from), a subscriberor customer of such service;

(B) solely for the purpose ofproviding storage or computerprocessing services to suchsubscriber or customer, if theprovider is not authorized toaccess the contents of any suchcommunications for purposes ofproviding any services otherthan storage or computerprocessing; and

(3) a provider of remote computingservice or electronic communication

service to the public shall notknowingly divulge a record or otherinformation pertaining to asubscriber to or customer of suchservice (not including the contents ofcommunications covered byparagraph (1) or (2)) to anygovernmental entity.

In the case of J.T. Shannon Lumber Co., Inc.v. Gilco Limber, Inc., 2008 WL 3833216, *1(N.D. Miss. 2008), the court ruled that storedemails could not be subpoenaed from theemail service provider:

The Stored Communications Act of 1986prohibits the unauthorized disclosure ofstored electronic communication andcustomer account information unless anexception applies. 18 U.S.C. § § 2701-03(2006). The statute prohibits a person orentity that provides an electroniccommunication service to the public fromknowingly divulging the contents of anycommunication that is carried ormaintained on the system. 18 U.S.C. §2702(a). The exceptions listed in thestatute do not include a civil subpoenaissued under Rule 45. 18 U.S.C. §2702(b); In re Subpoena Duces Tecum toAOL, 550 F.Supp.2d 606, 611 (E.D. Va.2008); See also18 Theofel v. Farey-Jones,359 F.3d 1066 (9th Cir. 2004); F.T.C. v.Netscape Communications Corp., 196F.R.D 559 (N.D. Cal. 2000). Further, anelectronic communication serviceprovider is also prohibited from divulgingcustomer records unless an exceptionapplies. 18 U.S.C. § 2702(c). Again,there is no exception to this statutoryprohibition against disclosure pursuant toa civil discovery subpoena.

18 Timothy G. Ackermann, Consent and Discoveryunder the Stored Communications Act, 56-DEC FED.LAW. 42 (2009).




-14-

See Flagg v. City of Detroit, 252 F.R.D. 346(E.D. Mich. 2008) (declining to permit alitigant to subpoena stored text messages butallowing the messages to be pursued througha request for production of documentsdirected to a party); In re Subpoena Ducestecum to AOL, LLC, 550 F.Supp.2d 606, 611(E.D. Va. 2008) (quashing subpoena of emailrecords from AOL); O'Grady v. SuperiorCourt, 39 Cal.App.4th 1423, 44 Cal.Rptr.3d72 (Cal. App. 2006) (SCA rendersunenforceable subpoenas seeking to compelemail service provider to disclose the contentsof emails stored on their facilities).

In Crispin v. Christian Audigier, Inc., 2010WL 2293238, *11 (C.D. Cal. 2010), the courtheld that the social networking sitesFacebook and My Space were electroniccommunication services and that privatemessaging information was protected by theSCA and could not be produced in response toa civil subpoena.

Viacom International Inc. v. Youtube Inc., 253F.R.D. 256, 264 (S.D. N.Y. 2008), held thatthe ECPA prohibited discovery in a civil caseof “private videos” stored on You Tube, in thearea where videos are not made available tothe public.

While the communication content stored byECS and RCS is protected from disclosure, itis possible that non-communication data maybe discoverable, such as the number and timesof communications, total hours logged on tothe system, etc.

2. Privileges Under Texas Law. Article 5of the Texas Rules of Evidence set outevidentiary privileges that cut off discovery incertain areas (lawyer-client, doctor-patient,psychotherapist-patient, etc.). There are otherprivileges in state and federal law. TRCP192.5 makes attorney work product non-discoverable.

V. METADATA. “Metadata” is data aboutdata, or more specifically, “informationdescribing the history, tracking, ormanagement of an electronic document.”Williams v. Sprint/United Mgmt. Co., 230F.R.D. 640, 646 (Dist. Ct. Kan. 2005)(discussing the law concerning discovery ofelectronic documents and associated metadatain litigation). Metadata was described thisway eDISCOVERY & DIGITAL EVIDENCE:19

It refers to hidden data that usually canonly be seen when a digital document isviewed in its native format using theprogram that originally produced thedocument. Often even the user of aprogram may not know it is there unlesshe or she knows how to find it. When adocument is created by a particularprogram (such as MS Word) there ishidden information (metadata) about thatdocument that can only be viewed if thedocument is opened by that program.Examples include the modificationhistory or the date and time when thedocument was first created or edited andby whom.

An authoritative definition of “metadata” iscontained in the Sedona Conference’sGlossary p. 34 (2010):20

19 Jay E. Grenig and William C. Gleisner, III withgeneral consultants Troy Larson and John L. Carroll,EDISCOVERY & DIGITAL EVIDENCE § 1:5 [availableon Westlaw as EDISCOVERY § 1:5]<https://web2.westlaw.com/result/previewcontroller.aspx?TF=756&TC=4&serialnum=0307455661&rs=WLW10.08&ifm=NotSet&casecite=187+P.3d+822&fn=_top&sv=Split&pbc=3F1E7F52&ordoc=2016562293&findtype=1&caseserial=2016562293&db=190121&vr=2.0&rp=%2ffind%2fdefault.wl&mt=210&RP=/find/default.wl&bLinkViewer=true>.

20

<http://www.thesedonaconference.org/dltForm?did=glossary2010.pdf>.



-15-

Metadata: Data typically storede l e c t r o n i c a l l y t h a t d e s c r i b e scharacteristics of ESI, found in differentplaces in different forms. Can be suppliedby applications, users or the file system.Metadata can describe how, when and bywhom ESI was collected, created,accessed, modified and how it isformatted. Can be altered intentionally orinadvertently. Certain metadata can beextracted when native files are processedfor litigation. Some metadata, such as filedates and sizes, can easily be seen byusers; other metadata can be hidden orembedded and unavailable to computerusers who are not technically adept.Metadata is generally not reproduced infull form when a document is printed topaper or electronic image. See alsoApplication Metadata, DocumentMetadata, Email Metadata, EmbeddedMetadata, File System Metadata,User-Added Metadata and Vendor-AddedMetadata. For a more thoroughdiscussion, see The Sedona Guidelines:Best Practice Guidelines & Commentaryfor Managing Information & Records inthe Electronic Age (Second Edition).

Wikipedia has a detailed entry on metadata.The Wikipedia entry describes metadata as “aconcept that applies mainly that appliesmainly to electronically archived or presenteddata and is used to describe the a) definition,b) structure and c) administration of data fileswith all contents in context to ease the use ofthe captured and archived data for furtheruse.” Id. at 1. The entry says: “Metadata isdefined as data providing information aboutone or more other pieces of data, such as:

- means of creation of the data - purpose of the data, - time and date of creation, - creator or author of data, - placement on a network (electronic

form) where the data was created,

- what standards used, etc.”

Id. at 2.

Here is what the Sedona ConferenceCommentary on ESI Evidence &Admissibility21 says about metadata:

Metadata can be another usefulcheckpoint for determining authenticity.For example, email messages generallycontain a substantial amount of metadatainformation, including a unique messageID as well as information on the uniqueInternet locations (IP addresses) wherethe message originated and was handledalong the way to its destination.

Similarly, operating system metadata canbe a useful tool. Most operating systemsmaintain information about individualfiles – the dates that a file was created,last modified and last accessed. Forexample, in a case where an individualclaims that it did not create a documentuntil July 1, but the system metadatashows that the document was created onMay 1, this data may be helpful.

However, metadata can be unreliable andis usually subject to manipulation andnon-obvious deletion. A moderatelysophisticated user may be able tomanipulate system dates, and althoughtraces of this manipulation may be leftbehind, detecting such traces can beextremely difficult and expensive, orsimply impossible. Worse, use of filesafter the fact, such as an investigatoropening a file for review, can modifymetadata and make it useless ormisleading for authenticity purposes.Accordingly, careful attention should be

21

<http://www.thesedonaconference.org/dltForm?did=ESI_Commentary_0308.pdf>.


-16-

paid to the methods used to authenticatemetadata.

Id. at 13.

The court in O'Neill v. City of Shoreline, 187P.3d 822 (Wash. App. 2008), held that, wherean email was read out loud by the deputy-mayor of a city during a public meeting, boththe email and the metadata associated with theemail constituted a public record underWashington State’s Public Records Act.

As noted above, metadata can play animportant role in authenticating ESI.

VI. AUTHENTICATION OF DIGITALINFORMATION. Litigation in the 21st

Century will require lawyers and courts todetermine acceptable ways to authenticatedigital information, and to puzzle through theapplication of the hearsay rule to ESI.

A. AUTHENTICATION OF EVIDENCE(GENERALLY). No evidence is admissibleunless it has been authenticated. Thisauthentication requirement is met by evidencesufficient to support a finding that the matterin question is what its proponent claims. TRE901. Typical forms of authentication are bytestimony of a witness with knowledge, layopinion on genuiness of handwriting,identification of a voice by someone who hasheard the speaker speak, etc. TRE 901(b).Digital information is notably absent from thelist of examples.

Some documents are self-authenticating:domestic government documents under seal,or if not under seal then attested to under sealby a public officer that the signer had thecapacity and the signature is genuine; foreignpublic documents which are attested andcertified as genuine; certified copies of publicrecords; official publications; newspapers andperiodicals; trade inscriptions showingownership, control or origin; acknowledged

documents; commercial paper; and businessrecords accompanied by "business recordsaffidavit." TRE 902 ("Self-Authentication").

TRCP 193.7 provides that documentsproduced by a party in response to writtendiscovery are automatically authenticatedagainst the producing party for pretrialpurposes, unless the producing party makes anobjection with 10 days of notice that thedocument will be used.

Authentication requires only a prima facieshowing that the evidence is what it is claimedto be. As stated in United States v. Gotchman,547 F.2d 778, 784 (3rd Cir. 1976):

What appellant overlooks is that theshowing of authenticity is not on a parwith more technical evidentiary rules,such as hearsay exceptions, governingadmissibility. Rather, there need be onlya prima facie showing, to the court, ofauthenticity, not a full argument onadmissibility. Once a prima facie case ismade, the evidence goes to the jury and itis the jury who will ultimately determinethe authenticity of the evidence, not thecourt. The only requirement is that therehas been substantial evidence from whichthey could infer that the document wasauthentic . . . .

Accord, U.S. v. Pantic, 308 Fed. Appx. 731,733 (4th Cir. 2009) (“The district court plays agate-keeping role in assessing whether theproponent has established a suitablefoundation from which the jury couldreasonably find that the evidence is authentic.. . . The proponent's burden of authenticationis slight–only a prima facie showing isrequired.”); U.S. v. Jardina, 747 F.2d 945,951 (5th Cir. 1984) (“When confronted withevidence of questionable origin, the courtshould admit the evidence if a prima facieshowing of authenticity is made”); AlexanderDawson, Inc. v. NLRB, 586 F.2d 1300, 1302


http://www.TexasBarCLE.com/CLE/PMCasemaker.asp?table=WA_caselaw&volume=187&edition=P.3d&page=822&id=129835_01

http://www.TexasBarCLE.com/CLE/PMCasemaker.asp?table=WA_caselaw&volume=187&edition=P.3d&page=822&id=129835_01




-17-

(9th Cir. 1978) (per curiam) (“The issue forthe trial judge under Rule 901 is whether thereis prima facie evidence, circumstantial ordirect, that the document is what it ispurported to be. If so, the document isadmissible in evidence.”); State v. Bell, 2009WL 1395857, *3 (Ohio App. 2009) (“the‘sufficient to support a finding’ standard is notrigorous, and the threshold of admissibilityarticulated in it is low”). Some courts havesaid that the threshold for authenticatingevidence is low. United States v. Reilly, 33F.3d 1396, 1404 (3rd Cir. 1994). Stateddifferently: evidence is admissible if there isa sufficient showing that the proposedevidence could be what it is claimed to be; thejury decides whether or not, in actuality, theevidence is what it is claimed to be. For thecourt, the burden of persuasion is prima facieproof. For the jury, the burden of persuasionis a preponderance, clear and convincing, orbeyond a reasonable doubt, as the case maybe. In support of a motion for summaryjudgment, the authentication must beconclusive. In opposition to a motion forsummary judgment, the doubt aboutauthenticity must be sufficient that reasonableminds might differ on the question of whetherthe evidence is what it is claimed to be.

It should be noted that merely authenticatinga document does not guarantee itsadmissibility. See Wright v. Lewis, 777S.W.2d 520, 524 (Tex. App.--Corpus Christi1989, writ denied) (despite the fact that aletter was authenticated, the letter was notadmissible because of the hearsay rule).

B. AUTHENTICATING COMPUTER-RELATED EVIDENCE. In the early days ofcomputers, one appellate court expressed theview that proof regarding the reliability of thecomputer equipment in question was anecessary prerequisite to the admission ofbusiness records generated by that computer.See Railroad Comm'n v. So. Pacific Co., 468S.W.2d 125, 129 (Tex. Civ. App.--Austin

1971, writ ref'd n.r.e.). Subsequent Texasdecisions abandoned the requirement forproving up the validity of the computingprocess as a predicate for business records.Courts now agree that computerized businessrecords can be authenticated in the samemanner as hand-written business records. SeeVoss v. Southwestern Bell Tel. Co., 610S.W.2d 537, 538 (Tex. Civ. App.--Houston[1st Dist.] 1980, writ ref'd n.r.e.) (computerrecords are admissible if requirements forbusiness records are met). Accord, Longoriav. Greyhound Bus Lines, Inc., 699 S.W.2d298, 302 (Tex. App.--San Antonio 1985, nowrit) (computerized business records may beauthenticated in the same manner as otherbusiness records, and it is not necessary toshow that the machine operated properly orthat the operator knew what he was doing; atits inception, however, the data itself must bebased upon personal knowledge); Hutchinsonv. State, 642 S.W.2d 537, 538 (Tex.App.--Waco 1982, no writ) (criminal case)(adopting same rule established in civil casesregarding admissibility of computer-generatedrecords). See Hill v. State, 644 S.W.2d 849,853 (Tex. App.--Amarillo 1982, no writ)(telephone company records admissible asbusiness records, even though the informationwas initially recorded automatically onmagnetic tape, rather than by a human being).

At the present time, the focus is less on thetechnicalities of the computer data and ismore on disputes over whether ESI such asemails, chat room or blog postings, or WorldWide Web pages, can properly be attributed toa particular person. In cases someone asserts“I didn’t send that email message,” eventhough the email was connected to thatperson’s account or was sent using his or hercomputer. Any email user knows that it ispossible to “spoof,” meaning to alter an emailheader to make it look like it is from aparticular sender when it is not. In GovanBrown & Assoc., Ltd. v. Does 1 and 2, 2010WL 3076295 (N.D. Cal. 2010), the Court














-18-

explained how to identify the sources of a G-mail email: “once it obtains the IP addressesfor the two electronic mail accounts fromGoogle, that information, in turn, will allow itto determine the Internet Service Providers forthe account holders. [Plaintiff] furtherexplains that once the Internet ServiceProviders are identified, it will be able toinitiate separate proceedings to compeldisclosure of the identities of the two emailaccount holders.” Id. at * 1. Such discoverywas allowed in Solar Bridge Technologies,Inc. V. John Doe, 2010 WL 3419189 (W.D.Cal. 2010).

See People v. Johnson, 875 N.E.2d 1256,1259-60 (Ill. App. 2007) (“In the case ofcomputer-generated records, a properfoundation additionally requires a showingthat: standard equipment was used; theparticular computer generates accurate recordswhen used appropriately; the computer wasused appropriately; and the sources of theinformation, the method of recording utilized,and the time of preparation indicate that therecord is trustworthy and should be admittedinto evidence”).

In U.S. v. Whitaker, 127 F.3d 595, 601-02 (7th

Cir. 1997), cert. denied, 522 U.S. 1137(1998), the court rejected an attack on theauthenticity of computer records obtainedfrom a third party’s computer that implicatedthe defendant in criminal activity, eventhough no government witness was able tovouch for anything beyond the fact that theobtained the information from the thirdparty’s computer.

Paul F. Rothstein, FED. RULES OF EVIDENCE

(3d ed.), Rule 901 [on Westlaw atFEDRLSEV R 901], lists the following casesa n d a u t h o r i t i e s r e l a t i n g t o“Computer-Generated Material, E-mails,Web-Postings, and Related Material”:

• U.S. v. Jackson, 208 F.3d 633, 53 Fed. R.

Evid. Serv. 1030 (7th Cir. 2000)(authentication required to be sure material inwebsite was actually put there by groupwhose website it was, rather than someoneelse; web posting offered for its truth ishearsay; not business record of internetservice provider; also doesn't meettrustworthiness requirement).• ACTONet, Ltd. v. Allou Health & BeautyCare, 219 F.3d 836 (8th Cir. 2000) (HTMLcodes authenticated by similar foundation toauthentication of photographs).• U.S. v. Tank, 200 F.3d 627, 53 FED. R. EVID.SERV. 830 (9th Cir. 2000) (identification ofwho made chat room posting on Internet).• U.S. v. Simpson, 152 F.3d 1241, 49 FED. R.EVID. SERV. 1631 (10th Cir. 1998)(authentication under Rule 901(a) of websitedata).• U.S. v. Siddiqui, 235 F.3d 1318, 55 FED. R.EVID. SERV. 301 (11th Cir. 2000) (e-mail canbe authenticated under 901(b)(4) bycircumstantial features).• Superhighway Consulting, Inc. v. Techwave,Inc., 1999 WL 1044870 (N.D. Ill. 1999)(e-mail produced from a party's files thatpurports on its face to have been sent by theparty can be authenticated by thesecircumstances).• Van Westrienen v. AmericontinentalCollection Corp., 94 F. Supp. 2d 1087, 54Fed. R. Evid. Serv. 511 (D. Or. 2000) (thedefendants' websites containing misleadinginformation about debt collections wereadmissible to show punitive damages becausethe plaintiff had viewed its contents andsubmitted an affidavit detailing what heviewed, although authenticity appears not tohave otherwise been questioned).• Richard Howard, Inc. v. Hogg, 1996 WL689231 (Ohio Ct. App. 3d Dist. PutnamCounty 1996) (under state equivalent of901(b)(1), witness who was neither recipientnor sender of e-mail who offered no otherdetails as to how he knew this e-mail was sentbetween these particular parties could notauthenticate the e-mail nor did anyone offer


http://www.TexasBarCLE.com/CLE/PMCasemaker.asp?table=IL_caselaw&volume=875&edition=N.E.2d&page=1256&id=129835_01









-19-

any other method of authentication).• U.S. v. De Georgia, 420 F.2d 889 (9th Cir.1969) (absence of record of particulartransaction in company computer allowed toprove it did not occur; discusses foundationneeded and the access that must be given tothe other side).• St. Clair v. Johnny's Oyster & Shrimp, Inc.,76 F. Supp. 2d 773, 774, 53 Fed. R. Evid.Serv. 1 (S.D. Tex. 1999) (internet informationis "one large catalyst for rumor, innuendo, andmisinformation" and therefore inherentlyuntrustworthy; furthermore, there is no way too v e r c o m e t h i s p r e s u m p t i o n o funtrustworthiness).• Cobauth, Bloom v. Commonwealth:Identifying the Face Behind the InstantMessage, 8 RICH. J.L. & TECH. 17 (2002).• Joseph, Internet and E-Mail Evidence, 13PRAC. LITIGATOR 45 (2002).• Mason, Electronic Signatures Evidence: TheEvidential Issues Relating to ElectronicSignatures, Part I, 18 COMPUTER L. & SEC.REP. 175 (2002).• Schultz & Keena, Navigating the Perils ofDiscovery in the E-Information Age, 56WASH. ST. B. NEWS 20 (2002).• Thompson, The Paper Trail has GoneDigital: Discovery in the Age of ElectronicInformation, 71 J. KAN. B.A. 16 (2002).• Zimmerman, Evidence in the Digital Age, 76Law Inst.J. 77 (2002); Raysman & Brown,Electronic Signatures, 214 N.Y. L.R. 3(1995).• Peritz, Computer Data and Reliability: ACall for Authentication of Business Recordsunder the Federal Rules of Evidence, 80 NW.U. L. REV. 956 (1986).• Long, Discovery and Use of ComputerizedInformation: Examination of CurrentApproaches, 13 PEPP. L. REV. 405 (1986).• Younger, Computers and the Law ofEvidence, 1 N.Y.L.J., (1975).• Abelle, Evidentiary Problems Relevant toChecks and Computers, 5 RUTGERS J. OF

COMPUTERS AND THE LAW 323 (1976).• Lautsch, Digest of State Law Relating to

Computers, 17 JURIMETRICS J. 39 (1976).• See generally, the periodical, Law &Computer Technology.

Hon James Carr and Patricia L. Bellia, 2 LAW

OF ELECTRONIC SURVEILLANCE § 7:59, BasicE l e m e n t s – A u t h e n t i c i t y a n dAccuracy–Computer Data [on Westlaw atELECTSURV § 7:59] give the followingcases regarding the admission of computer-based information [the following case-relatedinformation is quoted or taken from the text,footnotes 10-16]:

• admitting e-mails: U.S. v. Gagliardi, 506F.3d 140, 151 (2nd Cir. 2007); U.S. v. Siddiqui,235 F.3d 1318, 1322-23 (11th Cir. 2000); U.S.v. Safavian, 435 F. Supp. 2d 36, 40 (D.D.C.2006); Bobo v. State, 285 S.W.3d 270, 274(Ark. App. 2008); Simon v. State, 632 S.E.2d723 (Ga. App. 2006); People v. Downin, 828N.E.2d 341, 350–51 (Ill. App. 2005); Dickensv. State, 927 A.2d 32, 36-38(Md. App. 2007); Kearley v. State, 843 So. 2d66 (Miss. App. 2002); State v. Taylor, 632S.E.2d 218, 230-31 (N.C. App. 2006); State v.Bell, 882 N.E.2d 502 (Ohio App. 2008),judgment aff'd, 2009 WL 1395857 (Ohio App.2009), appeal not allowed, 914 N.E.2d 1064(2009); Varkonyi v. State, 276 S.W.3d 27, 35(Tex. App.--El Paso 2008, pet. denied); Sheav. State, 167 S.W.3d 98, 104–05 (Tex. App.Waco 2005, pet. denied); Massimo v. State,144 S.W.3d 210, 215-17 (Tex. App. --FortWorth 2004, no pet.).

• admitting e-mails copied verbatim from acell phone: U.S. v. Culberson, 2007 WL1266131 (E.D. Mich. 2007) (admissionallowed even though the original electronicversion had been purged automatically by theservice provider).

• admitting instant messages: U.S. v.Gagliardi, 506 F.3d 140, 151 (2nd Cir. 2007);Hammontree v. State, 642 S.E.2d 412, 415(Ga. App. 2007); People v. Clevenstine, 68








http://www.TexasBarCLE.com/CLE/PMCasemaker.asp?table=AR_caselaw&volume=285&edition=S.W.3d&page=270&id=129835_01



http://www.TexasBarCLE.com/CLE/PMCasemaker.asp?table=MD_caselaw&volume=927&edition=A.2d&page=32&id=129835_01

http://www.TexasBarCLE.com/CLE/PMCasemaker.asp?table=MS_caselaw&volume=843&edition=So.2d&page=66&id=129835_01

http://www.TexasBarCLE.com/CLE/PMCasemaker.asp?table=MS_caselaw&volume=843&edition=So.2d&page=66&id=129835_01

http://www.TexasBarCLE.com/CLE/PMCasemaker.asp?table=NC_caselaw&volume=632&edition=S.E.2d&page=218&id=129835_01

http://www.TexasBarCLE.com/CLE/PMCasemaker.asp?table=NC_caselaw&volume=632&edition=S.E.2d&page=218&id=129835_01





-20-

A.D.3d 1448, 891 N.Y.S.2d 511, 515 (3dDep't 2009), leave to appeal denied, 14N.Y.3d 799, 899 N.Y.S.2d 133, 925 N.E.2d937 (2010); People v. Pierre, 41 A.D.3d 289,838 N.Y.S.2d 546, 548–49 (1st Dep't 2007);In re F.P., 878 A.2d 91, 93-95 (Pa. App.2005).

• admitting chat room communications: U.S.v. Tank, 200 F.3d 627, 631–32 (9th Cir.2000); U.S. v. Simpson, 152 F.3d 1241, 1249(10th Cir. 1998); Ford v. State, 617 S.E.2d262, 265–266 (Ga. App. 2005); State v.Webster, 955 A.2d 240, 244 (Me. 2008); Statev. Bell, 882 N.E.2d 502 (Ohio App. 2008);U.S. v. Barlow, 568 F.3d 215, 220 (5th Cir.2009) (logs).

• admitting text messages: State v. Damper,225 P.3d 1148, 1152-53 (Ariz. App. 2010);Dickens v. State, 927 A.2d 32, 36–37 (Md.App. 2007); State v. Thompson, 777 N.W.2d617, 624-25 (N.D. 2010) (dictum).

• admitting copies of digital images: Midkiffv. Com., 54 Va. App. 323, 678 S.E.2d 287,294 (2009), judgment aff'd, 2010 WL2305819 (Va. 2010).

• admitting records relating to use of thecomputer: People v. Hawkins, 98 Cal. App.4th 1428, 99 Cal. App. 4th 1333a, 121 Cal.Rptr. 2d 627, 643 (Cal. App. 2002), asmodified on denial of reh'g, (July 2, 2002),review denied, (Aug. 28, 2002), cert. denied,123 S. Ct. 1256, 154 L. Ed. 2d 1021 (U.S.2003) (record of when computer wasaccessed).

• admitting data obtained by mirror imaging ahard drive: Bone v. State, 771 N.E.2d 710,716 (Ind. App. 2002); State v. Cook, 777N.E.2d 882 (Ohio App. 2002).

See also 71 AM. JUR. TRIALS §111, ComputerTechnology in Civil Litigation [on Westlaw at71 AMJUR TRIALS § 111].

See also Monique C.M. Leahy, Civil PretrialInvolving Text Messaging Evidence, 115 Am.Jur. Proof of Facts 3d 1 (2010).22

A recent case is State v. Craycraft, 2010 WL610601 (Ohio App. 2010), where a criminaldefendant claimed that the state had notproven that he was the person whoparticipated by computer in a series of instantmessage (IM) exchanges on AOL. The IMswere made using the defendant’s girlfriend’sAOL screen name. A third-party witnessinvolved in the IM exchanges copied andpasted them into an email that he sent tohimself, then printed it. The appellate courtruled that extrinsic evidence, coupled with thecontent of the IMs, sufficed to warrantadmission of the IMs into evidence. Theappellate court discussed what it called the“distinctive characteristics” method ofauthentication where “a speaker in aconversation may be identified because onlyhe could utter the speech under thecircumstance.” Id. at *7. Stated differently,authentication can be achieved by showingfrom what is said or the way something is saidthat a fact finder could believe that the personclaimed to have sent the message did in factsend the message.

C. BEST EVIDENCE RULE ISSUES.TRE 1001(3) provides that "[i]f data arestored in a computer or similar device, anyprint-out or other output readable by sight,shown to reflect the data accurately, is an'original'." In Robinson v. State, No.B14-91-00458-CR (Tex. App.--Houston [14thDist.] 1992, pet. ref'd) (not for publication)[1992 WL 133831], the Court held that it was

22

<https://web2.westlaw.com/find/default.wl?serialnum=0354974574&ifm=NotSet&rp=%2ffind%2fdefault.wl&sv=Full&caseserial=0348595640&rs=WLW10.08&db=119405&casecite=56-DEC+FEDRLAW+42&findtype=1&fn=_top&mt=210&vr=2.0&pbc=BC6E23F9&ordoc=0348595640&RLT=CLID_FQRLT44663195316189&TF=756&TC=1&n=1>.


http://www.TexasBarCLE.com/CLE/PMCasemaker.asp?table=PA_caselaw&volume=878&edition=A.2d&page=91&id=129835_01



http://www.TexasBarCLE.com/CLE/PMCasemaker.asp?table=ME_caselaw&volume=955&edition=A.2d&page=240&id=129835_01


http://www.TexasBarCLE.com/CLE/PMCasemaker.asp?table=MD_caselaw&volume=927&edition=A.2d&page=32&id=129835_01

http://www.TexasBarCLE.com/CLE/PMCasemaker.asp?table=ND_caselaw&volume=777&edition=N.W.2d&page=617&id=129835_01

http://www.TexasBarCLE.com/CLE/PMCasemaker.asp?table=ND_caselaw&volume=777&edition=N.W.2d&page=617&id=129835_01

http://www.TexasBarCLE.com/CLE/PMCasemaker.asp?table=VA_caselaw&volume=54&edition=Va.%20App.&page=323&id=129835_01

http://www.TexasBarCLE.com/CLE/PMCasemaker.asp?table=VA_caselaw&volume=678&edition=S.E.2d&page=287&id=129835_01

http://www.TexasBarCLE.com/CLE/PMCasemaker.asp?table=US_supremeopinions&volume=123&edition=S.Ct.&page=1256&id=129835_01

http://www.TexasBarCLE.com/CLE/PMCasemaker.asp?table=IN_caselaw&volume=771&edition=N.E.2d&page=710&id=129835_01

http://www.TexasBarCLE.com/CLE/PMCasemaker.asp?table=OH_caselaw&volume=777&edition=N.E.2d&page=882&id=129835_01

http://www.TexasBarCLE.com/CLE/PMCasemaker.asp?table=OH_caselaw&volume=777&edition=N.E.2d&page=882&id=129835_01

-21-

proper to permit a witness to testify to theresults of a computer search withoutqualifying as an expert or presenting computerprintouts. In this case, the witness said that acomputer search on the bank's computerconfirmed that an account number on asuspicious check was fictitious. According tothe Court, the best evidence rule was notimplicated because the witness was merelyexplaining the process he went through todetermine whether an account number was avalid one with his bank. The Court also saidthat the best evidence rule did not applybecause the evidence was offered to show thenon-existence of a bank account. The caseraises an interesting question. The bestevidence rule objection would go to thecomputer data reflecting the results of thesearch. Can the witness properly testify towhat the computer search indicated, withoutintroducing into evidence a printout of theresults, or is such testimony tantamount tooral testimony as to the contents of a writing?Arguably TRE 1001(3)'s provision, that thebest evidence rule is met by a print-out or"other output readable by sight," applies toprint-out brought to court or output readableby sight in the courtroom.

D. HEARSAY. Hearsay is defined as astatement of a person. TRE 801(a). A machineis not a person, and therefore computer outputis not inherently hearsay. Stevenson v. State,920 S.W.2d 342, 343 (Tex. App.--Dallas1996, no pet.). However, a computer mayissue information that contains hearsay. Indealing with computerized records, it isimpor tan t to d i s t inguish humancommunications stored on a computer, orhuman communications processed by acomputer, from computer-generatedinformation that reflects the internal operationof the computer. For example, in Burleson v.State, 802 S.W.2d 429 (Tex. App.--FortWorth 1991, pet. ref'd), a prosecution forharmful access to computer, the court heldthat information displayed by computer, as to

how many payroll records were missing, wasnot hearsay, because it was not an out-of-courtstatement made by a person. Even if it were,said the court, the computer operator, whotestified based on what he saw on thecomputer display, qualified as expert whocould rely on the computer's display, even ifthe display's results were not admissible. Thecourt observed, however, that the informationreflected on the computer display was"generated by the computer itself as part ofthe computer's internal system designed tomonitor and describe the status of the system."Id. at 439. The court cited two out-of-statecases. In People v. Holowko, 109 Ill.2d 187,93 Ill.Dec. 344, 486 N.E.2d 877, 878-79(1985), the Illinois Supreme Court held thatcomputerized printouts of phone traces werenot hearsay because such printouts did notrely on the assistance, observations, or reportsof a human declarant. The print-out was"merely the tangible result of the computer'sinternal operations." In State v. Armstead, 432So.2d 837, 839-41 (La. 1983), the LouisianaSupreme Court held that computerizedrecords of phone traces were not hearsay, inthat they were computer-generated rather thancomputer-stored declarations. Burleson v.State, 802 S.W.2d at 439 n. 2.

In May v. State, 784 S.W.2d 494, 497 (Tex.App.--Dallas 1990, pet. ref'd), the appellatecourt surprisingly held that numbers viewedon an intoxilyzer's computer screen werehearsay. May in turn relied upon Vanderbilt v.State, 629 S.W.2d 709, 723-24 (Tex. Crim.App. 1981), which held that it was improperfor the state's firearm witness, not testifying asan expert, to relate that a computer search ofan FBI database rendered a print-out of a listof weapons that could generate the ballisticmarkings on the bullet in question, and thatthe gun in question was on that list. The Courtof Criminal Appeals cited to an earlier casewhere it had held it to be error for a witness torepeat in front of the jury informationobtained from a computer database. See




http://www.TexasBarCLE.com/CLE/PMCasemaker.asp?table=IL_caselaw&volume=109&edition=Ill.2d&page=187&id=129835_01


http://www.TexasBarCLE.com/CLE/PMCasemaker.asp?table=LA_caselaw&volume=432&edition=So.2d&page=837&id=129835_01

http://www.TexasBarCLE.com/CLE/PMCasemaker.asp?table=LA_caselaw&volume=432&edition=So.2d&page=837&id=129835_01




-22-

Vanderbilt, 629 S.W.2d at 723. Theconclusion reached in May was criticized inSchlueter, Hearsay--When Machines Talk, 54TEX. B.J. 1135 (Oct. 1990). It is apparent thatin May the Dallas Court of Appeals did notdistinguish testimonial information containedin a computer information file from computer-generated calculations based on a scientificand mathematical algorithm, with nocomponent of human communication. Thiserror was rectified in Stevenson v. State, 920S.W.2d 342 (Tex. App.--Dallas 1996, no pet.),which said: "We overrule May only as to thelanguage that refers to the intoxilyzer result,itself, as hearsay." Id. at 344. To recap: If theinput is hearsay, then the output is hearsay. Ifthe hearsay input meets an exception to thehearsay rule, then the output should meet thesame exception.

In State v. Bell, 2009 WL 1395857, *5 (OhioApp. 2009), the court held that printouts ofon-line conversations on MySpace are notbusiness records as they are not “records of[the] regularly conducted activity” of theowner of MySpace.

E. PROCESS OR SYSTEM. If an attack isto be levied on computer-generatedinformation, as opposed to computer-storedhuman communications, the attack could bean attack on authenticity under TRE901(b)(9), relating to a process or system, forfailure to show that a process or system thatwas used to produce the result produces anaccurate result. In the Holowko case referredto above, the Illinois Supreme Court notedthat judicial notice of the reliability ofcomputer science might be appropriate incertain situations. The Louisiana SupremeCourt, in Armstead, also referred to above,likened the computer-generated information todemonstrative evidence of a scientific test orexperiment.

When a computer program takes data andprocesses it to reach a result, there can be

questions about the validity of the computerprocess. In many instances, the calculations orprocessing performed by the computerprogram will require proof of reliability. Thereliability of the output of standardizedcomputing devices, such as a hand-heldcalculator, are not suspect and should be easyto authenticate. In proprietary software thatmakes calculations or generates charts orgraphs based on non-standardizedprogramming, the validity of the processcould be in issue. For example, in anelectronic spreadsheet an issue can arise aboutthe formulas that were entered into thespreadsheet. In specially-designed software,the validity of assumptions or calculationsembedded in the computer program can be aconcern. In such situations, the court has thepower to require that the underlying code bemade available in discovery so that the codingof the program can be checked and theprogram can be tested. However, some courtswill protect the proprietary interest of thelitigant or the forensic expert by not requiringthe production of computer coding orspreadsheet formulas, where (as is often thecase) the calculations can be verified from theoutput or results without the necessity ofinspecting the underlying coding or formulas.See Viacom International Inc. v. Youtube Inc.,253 F.R.D. 256, 259-60 (S.D.N.Y.2008),where the court refused to require You Tubeand Google to produce its search coding in asuit for copyright infringement.

Several courts have held that merely printingout computer data does not implicate the Rule901(b)(9) proof of process or systemauthentication requirement. United States v.Meienberg, 263 F.3d 1177, 1179-80 (10th Cir.2001) (“The computer printouts were not theresult of a ‘process or system used to producea result’; they were merely printouts ofpreexisting records that happened to be storedon a computer”); People v. Huehn, 53 P.3d733, 737 (Colo. App. 2002) (“courts havegenerally declined to require testimony






http://www.TexasBarCLE.com/CLE/PMCasemaker.asp?table=CO_caselaw&volume=53&edition=P.3d&page=733&id=129835_01

http://www.TexasBarCLE.com/CLE/PMCasemaker.asp?table=CO_caselaw&volume=53&edition=P.3d&page=733&id=129835_01

-23-

regarding the functioning and accuracy of thecomputer process where, as here, the recordsat issue are bank records reflecting dataentered automatically rather than manually”).

F. EXPERT OPINIONS EMBEDDED INCOMPUTER OUTPUT. It is important torecognize the interplay between theadmissibility of computer output and theadmissibility of expert opinions that rely onthe computer output or are woven intocomputer output. Many times experts rely oncomputer-generated information as the basisfor their expert opinion. Issues of reliability ofmethodology and the reliability of underlyingdata can be latent aspects of the computerprocessing involved. In these situations, thedata entered into the computer program andthe way the computer program “massages” thed a t a a r e p r e c i s e l y w h e r e t h eDaubert/Robinson focus should be brought tobear. These issues are discussed in SectionVI.B below in connection with computerforensics, but the same standards ofadmissibility apply equally to an expert whohas constructed a “model” based on the factsof a situation and renders opinions based onthat model. As an example, testimony aboutlost profits in a business litigation contextoften turn on the reliability of the model usedby the expert and the data the expert feedsinto the model. Although these issues mayarise in a fight over computer output, they arereally governed by Daubert/Robinsonstandards. It must be remembered thatcomputers do only what they are told to do.So, reliability issues involve who gave thecomputer the instructions, what thoseinstructions were, and the quality of the datathat were fed into the computer.

G. THE SEDONA CONFERENCECOMMENTARY ON ESI EVIDENCE.The Sedona Conference has published aCommentary on ESI Evidence and

Admissibility.23 The Commentary states:

This commentary . . . is divided into threeparts: Part I is a brief survey of theapplicability and application of existingevidentiary rules and case law addressingthe same. Part II addresses new issuesand pitfalls that are looming on thehorizon. Part III provides practicalguidance on the use of ESI in depositionsand in court.

Id. at 1. The Commentary argues that differenttypes of ESI require different approaches. Itdiscusses the admissibility of email, websiteposting, text messaging, chat room content,and computer-stored records and databases.Id. at 4-8.

VII. COMPUTER FORENSICS.Computer forensics involves techniques thatpermit a skilled person to obtain and analyzeESI that is not available to those who merelyuse application software, i.e., metadata. TheInternational Association of ComputerInvestigative Specialists (IACIS) gives thefollowing definition:

Computer forensics may be defined as theretrieval and analysis of data

From a seized computer hard drive orother electronic media…Performed in such a manner that theresults are...Reproducible by another examinerwho...Following the same steps, reaches thesame conclusions.24

A. CERTIFYING ORGANIZATIONS.

23

<http://www.thesedonaconference.org/dltForm?did=ESI_Commentary_0308.pdf>.

24

<http://www.iacis.com/assets/docs/trainning/IACIS_Program_Description-20101.pdf>.


-24-

The forensic computer industry is in the earlystages of becoming formalized. See JasonKrause, Computer Forensics Experts, Who'sYour Daddy?, Law Technology News (8-31-2010).25 Krause quotes Texas attorney CraigBall as saying:

“The fact is that most certifications incomputer forensics mean little more thanthat the person has paid a fee andcompleted a form,” says Craig Ball, acomputer forensics examiner in Austin,Texas. “I hold multiple certifications, soit's not that I feel they have no value; butI think that you can pass the certificationexams and still be a markedly inadequateexaminer.”

Krause mentions three certificationorganizations: International InformationSystems Security Consortium, Inc. (open onlyto law enforcement and military); the EnCaseCertified Examiner program from GuidanceSoftware; and the International Society ofForensic Computer Examiners' CertifiedComputer Examiner program.

B. ADMISSIBILITY OF FORENSICEXPERT TESTIMONY. In order to admitexpert evidence, over objection, the proponentmust show five things: (1) that the expert isqualified; (2) that the expert's methodology isreliable; (3) that the underlying data isreliable; (4) that the evidence is relevant; and(5) that the expert's opinion would assist thetrier of fact.

1. Qualifications. Under TRE 702, a personmay testify as an expert only if (s)he hasknowledge, skill, experience, training oreducation that would assist the trier of fact indeciding an issue in the case. See Broders v.Heise, 924 S.W.2d 148, 149 (Tex. 1996).

Whether an expert is qualified to testify underRule 702 involves two factors: (1) whether theexpert has knowledge, skill, etc.; and (2)whether that expertise will assist the trier offact to decide an issue in the case. Courtssometimes evaluate the first prong, ofadequate knowledge, skill, etc., by askingwhether the expert possesses knowledge andskill not possessed by people generally.Broders, 924 S.W.2d at 153. See Duckett v.State, 797 S.W.2d 906, 914 (Tex. Crim. App.1990) ("The use of expert testimony must belimited to situations in which the issues arebeyond that of an average juror"); John F.Sutton, Jr., Article VII: Opinions and ExpertTestimony, 30 HOUS. L.REV. 797, 818 (1993)[Westlaw cite 30 HOULR 797].

2. Reliability of Methodology. In the caseof Daubert v. Merrell Dow Pharmaceuticals,Inc., 509 U.S. 579, 113 S. Ct. 2786, 125L.Ed.2d 469 (1993), the U.S. Supreme Courtheld that FRE 702 overturned earlier case lawrequiring that expert scientific testimony mustbe based upon principles which have gained"general acceptance" in the field to whichthey belong. Id. at 594, 2797. Under Rule 702,the expert's opinion must be based on"scientific knowledge," which requires that itbe derived by the scientific method, meaningthe formulation of hypotheses which areverified by experimentation or observation.The Court used the word "reliability" todescribe this necessary quality. Id. at 595,2797. The U.S. Supreme Court's opinion inDaubert applies in all federal courtproceedings.

In Daubert, the Supreme Court gave anon-exclusive list of factors to consider on theadmissibility of expert testimony in thescientific realm: (1) whether the expert'stechnique or theory can be or has been tested;(2) whether the technique or theory has beensubject to peer review and publication; (3) theknown or potential rate of error of thetechnique or theory when applied; (4) the

25

<http://www.law.com/jsp/lawtechnologynews/PubArticleFriendlyLTN.jsp?id=1202471294324>.







-25-

existence and maintenance of standards andcontrols; and (5) whether the technique ortheory has been generally accepted in thescientific community. In Kumho Tire Co. v.Carmichael, 526 U.S.137, 11 S. Ct. 1167, 143L.Ed.2d 238 (1999), the Supreme Court saidthat the reliability and relevancy principles ofDaubert apply to all experts, not justscientists, and where objection is made thecourt must determine whether the evidencehas "a reliable basis in the knowledge andexperience of [the relevant] discipline." Id. at148, 1174. The trial court has broad discretionin determining how to test the expert'sreliability. Id. Kuhmo Tire acknowledged thatthe list of factors in Daubert did not applywell to certain types of expertise, and thatother factors would have to be considered bythe court in such instances.

The Texas Supreme Court adopted the U.S.Supreme Court's Daubert analysis for TRE702, requiring that the expert's underlyingscientific technique or principle be reliable, inE.I. du Pont de Nemours v. Robinson, 923S.W.2d 549 (Tex. 1995). The Texas SupremeCourt listed factors for the trial court toconsider: (1) the extent to which the theoryhas been or can be tested; (2) the extent towhich the technique relies upon the subjectiveinterpretation of the expert; (3) whether thetheory has been subjected to peer reviewand/or publication; (4) the technique'spotential rate of error; (5) whether theunderlying theory or technique has beengenerally accepted as valid by the relevantscientific community; and (6) the non-judicialuses which have been made of the theory ortechnique. Id at 557.

As with the U.S. Supreme Court, the TexasSupreme Court was required to adapt theRobinson "hard science" criteria to otherfields of expertise. In Gammill v. JackWilliams Chevrolet, Inc., 972 S.W.2d 713(Tex. 1998), the Texas Supreme Courtannounced that the reliability and relevance

requirements of Robinson apply to all types ofexpert testimony. In Gammill a unanimousSupreme Court said:

We conclude that whether an expert'stestimony is based on "scientific,technical or other specializedknowledge," Daubert and Rule 702demand that the district court evaluate themethods, analysis, and principles reliedupon in reaching the opinion. The courtshould ensure that the opinion comportswith applicable professional standardsoutside the courtroom and that it "willhave a reliable basis in the knowledgeand experience of [the] discipline."[FN47]

Id. at 725-26. After Gamill, Daubert/Robinsonchallenges may involve two prongs: (1)establishing the "applicable professionalstandards outside the courtroom" and (2)establishing that these standards were met bythe expert in this instance.

3. Reliability of Underlying Data. Experttestimony is inadmissible if the underlyingdata does not provide a sufficient basis for theexpert’s opinions and conclusions. Therequirement that the expert's underlying databe sufficient is explicitly stated in TRE705(c).

TRE 705. Disclosure of Facts or DataUnderlying Expert Opinion

(a) Disclosure of Facts or Data. Theexpert may testify in terms of opinion orinference and give the expert's reasonstherefor without prior disclosure of theunderlying facts or data, unless the courtrequires otherwise. The expert may inany event disclose on direct examination,or be required to disclose oncross-examination, the underlying factsor data.







-26-

(b) Voir dire. Prior to the expertgiving the expert's opinion or disclosingthe underlying facts or data, a partyagainst whom the opinion is offered uponrequest in a criminal case shall, or in acivil case may, be permitted to conduct avoir dire examination directed to theunderlying facts or data upon which theopinion is based. This examination shallbe conducted out of the hearing of thejury.

(c) Admissibility of opinion. If thecourt determines that the underlying factsor data do not provide a sufficient basisfor the expert's opinion under Rule 702 or703, the opinion is inadmissible.

(d) Balancing test; limitinginstructions. When the underlying factsor data would be inadmissible inevidence, the court shall exclude theunderlying facts or data if the danger thatthey will be used for a purpose other thanas explanation or support for the expert'sopinion outweighs their value asexplanation or support or are unfairlyprejudicial. If otherwise inadmissiblefacts or data are disclosed before the jury,a limiting instruction by the court shall begiven upon request.

4. Relevancy of the Expert Evidence.Daubert and Robinson contain a relevancyrequirement for expert evidence. As explainedin Gammill v. Jack Williams Chevrolet, Inc.,972 S.W.2d 713, 720 (Tex. 1998):

The requirement that the proposedtestimony be relevant incorporatestraditional relevancy analysis under Rules401 and 402 of the Texas Rules of CivilEvidence. To be relevant, the proposedtestimony must be "sufficiently tied to thefacts of the case that it will aid the jury inresolving a factual dispute." Evidencethat has no relationship to any of the

issues in the case is irrelevant and doesnot satisfy Rule 702's requirement thatthe testimony be of assistance to the jury.It is thus inadmissible under Rule 702 aswell as under Rules 401 and 402.

Some courts and commentators call thisconnection the "fit" between the evidence andthe issues involved in the case.

5. Helpfulness of the Expert Evidence.Tex. R. Evid. 702 requires that the expert'stestimony "assist the trier of fact." There aresome issues where the jury is capable ofmaking its own determination, without theassistance of expert testimony. In thoseinstances, expert testimony is not admissible.K-Mart Corp. v. Honeycutt, 24 S.W.3d 357,360 (Tex. 2000) ("When the jury is equallycompetent to form an opinion about theultimate fact issues or the expert's testimony iswithin the common knowledge of the jury, thetrial court should exclude the expert'stestimony").

6. Applying These Standards toComputer Forensics. The field of computerforensics is relatively new compared tobiochemistry, engineering, fingerprintcomparison, arson investigation, etc. Theprinciples of computer forensics are not taughtin every university or police department, andthere are no widely-accepted authoritativetexts concerning these matters. Certifyingorganizations are in their infancy, and theircertification process lacks the rigorcharacteristic of more mature fields. Whilesome standardization has been achieved byANSI and ISO, there is no central authoritythat issues standards for computer forensics.However, computer manufacturers, operatingsystem designers, and software designers,have consistent protocols for the way theirproducts process data. Internet email protocolsare by their very nature standardized acrossthe industry. So there are pockets ofstandardization in the computer industry.




-27-

Computer forensics has the advantage,assuming that the metadata is not altered ordestroyed, that the expert’s methodology,once explained, may be duplicated, theunderlying data can be confirmed, and thedegree to which the expert’s conclusions aresubjective will be evident. As noted above,however, there are concerns about theintegrity of some metadata.

VIII. APPENDIX.

A. FAMILY LAW PRACTICEMANUAL. The Texas Family Law PracticeManual deals with ESI, but in a non-robustway. Here is the form book’s request for ESI.References to electronic information are initalics. Note that the form request only asksfor paper-like information that is storedelectronically. No information that is uniquelyelectronic is specified, such as metadata, diskdrives, etc. The form Response does havethree provisions that deal with purelyelectronic data.

Form 5-23

[Petitioner/Respondent]’s Request forProduction and Inspection

[to Party]* * *

Definitions* * *

“Item,” “document,” or “documents”includes, but is not limited to, each tangiblething, recording, or reproduction of any visualor auditory information, including but notlimited to papers, books, accounts, drawings,graphs, charts, photographs, electronic orvideotape recordings, data, and datacompilations, however made, whetherhandwritten, typewritten, or printed material,drafts, duplicates, carbon copies, photocopies,e-mail, scanned documents, digitaldocuments, and all other copies.

* * *Instructions

* * *If any of this information is solely in

electronic or magnetic form, you mustproduce this information by providing[Petitioner/Respondent] with this informationon CD-ROM computer disks formatted forIBM-compatible computers with a notationidentifying the computer program (includingversion identification) necessary to access theinformation.

* * *

Exhibit AGeneral Documents

1. . . .

2. All diaries, notes, memoranda,journals, or calendars, including electronicdiaries, memoranda, journals, or calendars,letters and correspondence, includingelectronic writings (for example, e-mail andtext messages), or other written logs that relateto–

a. conservatorship;b. possession and access;c. child support and health

insurance for the child[ren];d. division of community

property and liabilities,including claims for adisproportionate division ofthe community estate;

e. claims for reimbursement;f. claims for spousal

maintenance;g. attorney’s fees;h. fault in the breakup of the

marriage;i. tort claims; and j. requests for permanent

injunctions.* * *

36. All residence [include ifapplicable: business,] and wireless telephonerecords of the parties since [date].

* * *


-28-

Form 5-24

Response to Request for Production andInspection

* * *Objection is made to the request for

production of data or information that existsin electronic or magnetic form because[Petitioner/Respondent] failed to specify theform in which [Petitioner/ Respondent] wantsit produced. Tex. R. Civ. P. 196.4.

Objection is made to the request forproduction of data or information that existsin electronic or magnetic form because[Respondent/Petitioner] cannot—throughreasonable efforts—retrieve the data orinformation requested. Tex. R. Civ. P. 196.4.

Objection is made to the request forproduction of data or information that existsin electronic or magnetic form because[Respondent/Petitioner] cannot—throughreasonable efforts—produce the datarequested in the form requested. Tex. R. Civ.P. 196.4.

B. LITIGATION HOLD LETTER.The following letter was offered by the PublicAgencies Risk Management Association26 asa sample of a letter placing a “litigation hold”on an opposing party’s ESI.

Opposing party preservation letter-[sample]

Re: [CASE NAME] PRESERVATION OFELECTRONIC DISCOVERY

Dear [OPPOSING COUNSEL/PARTY]

I. Demand for Preservation of ElectronicallyStored Information

[OUR CLIENT] hereby demands that[opposing party] preserve all documents,tangible things and electronically storedinformation (“ESI”) potentially relevant toany issues in the above entitled matter.

As used in this document, “you” and “your”refers to [Opposing party] and itspredecessors, successors in interest, assignees,parents, subsidiaries, divisions or affiliates,and their respective officers, directors,employees, servants, agents, attorneys, andaccountants.

You should anticipate that much of theinformation subject to disclosure orresponsive to discovery in this matter is storedon your current and former computer systemsand other media and devices (such as:personal digital assistants, voice-messagingsystems, online repositories and cell phones).

Electronically stored information (hereinafter,“ESI”) should be afforded the broadestpossible definition and includes (by way ofexample and not as an exclusive list)potentially relevant information electronically,magnetically or optically stored as:

• Digital communications (e.g., e-mail, voicemail, instant messaging);• Word processed documents (e.g., Word orWordPerfect documents and drafts);• Spreadsheets and tables (e.g., Excel or Lotus123 worksheets);• Accounting Application Data (e.g.,QuickBooks, Money, Peachtree data files);• Image and Facsimile Files (e.g., .PDF,.TIFF, .JPG, .GIF images);• Sound Recordings (e.g., .WAV and .MP3files);• Video and Animation (e.g., .AVI and .MOVfiles);• Databases (e.g., Access, Oracle, SQL Serverdata, SAP);• Contact and Relationship Management Data(e.g., Outlook, ACT!);

26

<http://www.parma.com/documents/10RMC/F6_Opposing%20party%20preservation%20letter-%5Bsample%5D.pdf>.


-29-

• Calendar and Diary Application Data (e.g.,Outlook PST, Yahoo, blog tools);• Online Access Data (e.g., TemporaryInternet Files, History, Cookies);• Presentations (e.g., PowerPoint, CorelPresentations)• Network Access and Server Activity Logs;• Project Management Application Data;• Computer Aided Design/Drawing Files; and,• Back Up and Archival Files (e.g., Zip,.GHO)

ESI resides not only in areas of electronic,magnetic and optical storage mediareasonably accessible to you, but also in areasyou may deem not reasonably accessible. Youare obliged to preserve potentially relevantevidence from both these sources of ESI, evenif you do not anticipate producing such ESI.

The demand that you preserve both accessibleand inaccessible ESI relevant to this matter islimited, reasonable, and necessary. As you areaware, the recent state and federal lawsrequire that you preserve and at theappropriate time produce all sources of ESI.For good cause shown, the court may orderproduction of the ESI, even if it finds that it isnot reasonably accessible. Accordingly, evenESI that you deem reasonably inaccessiblemust be preserved in the interim so as not todeprive [our client] of his right to secure theevidence or the Court of its right to adjudicatethe issue.

II. Preservation Requires Your ImmediateIntervention

You must act immediately to preservepotentially relevant ESI including, withoutlimitation, information with the earlier of aCreated or Last Modified date on or after[insert date] through the date of this demandand concerning: [examples]

1. The events [related in any matter to{describe event}or [causes of action

described in your complaint];2. All e-mail communications andattachments…3. All text message communicationson any cell phone or other electronicdevice use by [name] between [dates]4. All voice mail communications….5. All electronic tracking data ofvehicles involved in the incident…6. All dashboard cameras or otherelectronic surveillance of …..7. ESI you may use to support claimsin this case;8. Communications [by, to, with,involving]…9. The [insert event] alleged inparagraph 15 of the Complaint;10. All dispatch communications…

Adequate preservation of ESI requires morethan simply refraining from efforts to destroyor dispose of such evidence. You must alsointervene to prevent loss due to routineoperations and employ proper techniques andprotocols suited to protection of ESI. Beadvised that sources of ESI are altered anderased by continued use of your computersand other devices. Booting a drive, examiningits contents or running any application willirretrievably alter the evidence it contains andmay constitute unlawful spoliation ofevidence. Consequently, alteration and erasuremay result from your failure to act diligentlyand responsibly to prevent loss or corruptionof ESI.

Nothing in this demand for preservation ofESI should be understood to diminish yourconcurrent obligation to preserve document,tangible things and other potentially relevantevidence.

III. Suspension of Routine Destruction

You are directed to immediately initiate alitigation hold for potentially relevant ESI,documents and tangible things, and to act


-30-

diligently and in good faith to secure and auditcompliance with such litigation hold. You arefurther directed to immediately identify andmodify or suspend features of yourinformation systems and devices that, inroutine operation, operate to cause the loss ofpotentially relevant ESI. Examples of suchfeatures and operations include:

• Purging the contents of e-mailrepositories by age, capacity or othercriteria;

• Using data or media wiping,disposal, erasure or encryption utilitiesor devices;

• Overwriting, erasing, destroying ordiscarding back up media;

• Re-assigning, re-imaging ordisposing of systems, servers, devicesor media;

• Running antivirus or other programseffecting wholesale metadataalteration;• Releasing or purging online storagerepositories;• Using metadata stripper utilities;• Disabling server or IM logging; and,• Executing drive or filedefragmentation or compressionprograms.

IV. Guard Against Deletion

You should anticipate that your employees,officers or others may seek to hide, destroy oralter ESI and act to prevent or guard againstsuch actions. Especially where companymachines have been used for Internet accessor personal communications, you shouldanticipate that users may seek to delete ordestroy information they regard as personal,confidential or embarrassing and, in so doing,may also delete or destroy potentially relevantESI. This concern is not one unique to you oryour employees and officers. It’s simply anevent that occurs with such regularity inelectronic discovery efforts that any custodian

of ESI and their counsel are obliged toanticipate and guard against its occurrence.

V. Preservation in Native Form

You should anticipate that certain ESI,including but not limited to spreadsheets anddatabases, will be sought in the form or formsin which it is ordinarily maintained.Accordingly, you should preserve ESI in suchnative forms, and you should not selectmethods to preserve ESI that remove ordegrade the ability to search your ESI byelectronic means or make it difficult orburdensome to access or use the informationefficiently in the litigation.

You should additionally refrain from actionsthat shift ESI from reasonably accessiblemedia and forms to less accessible media andforms if the effect of such actions is to makesuch ESI not reasonably accessible

VI. Metadata

You should further anticipate the need todisclose and produce system and applicationmetadata and act to preserve it. Systemmetadata is information describing the historyand characteristics of other ESI. Thisinformation is typically associated withtracking or managing an electronic file andoften includes data reflecting a file’s name,size, custodian, location and dates of creationand last modification or access. Applicationmetadata is information automaticallyincluded or embedded in electronic files butwhich may not be apparent to a user,including deleted content, draft language,commentary, collaboration and distributiondata and dates of creation and printing. Beadvised that metadata may be overwritten orcorrupted by careless handling or impropersteps to preserve ESI. For electronic mail,metadata includes all header routing data andBase 64 encoded attachment data, in additionto the To, From, Subject, Received Date, CC


-31-

and BCC fields.

VII. Servers

With respect to servers like those used tomanage electronic mail (e.g., MicrosoftExchange, Lotus Domino) or network storage(often called a user’s “network share”), thecomplete contents of each user’s networkshare and e-mail account should be preserved.There are several ways to preserve thecontents of a server depending upon, e.g., itsRAID configuration and whether it can bedowned or must be online 24/7.

VIII. Home Systems, Laptops, OnlineAccounts and Other ESI Venues

Though we expect that you will act swiftly topreserve data on office workstations andservers, you should also determine if anyhome or portable systems may containpotentially relevant data. To the extent thatofficers, board members, employees, salerepresentatives, or other employees have sentor received potentially relevant e-mails orcreated or reviewed potentially relevantdocuments away from the office, you mustpreserve the contents of systems, devices andmedia used for these purposes (including notonly potentially relevant data from portableand home computers, but also from portablethumb drives, CD-R disks and the user’sPDA, smart phone, voice mailbox or otherforms of ESI storage.). Similarly, ifemployees, officers or board members usedonline or browser-based email accounts orservices (such as Facebook, Twitter, AOL,Gmail, Yahoo Mail or the like) to send orreceive potentially relevant messages andattachments, the contents of these accountmailboxes (including Sent, Deleted andArchived Message folders) should bepreserved.

IX. Ancillary Preservation

You must preserve documents and othertangible items that may be required to access,interpret or search potentially relevant ESI,including logs, control sheets, specifications,indices, naming protocols, file lists, networkdiagrams, flow charts, instruction sheets, dataentry forms, abbreviation keys, user ID andpassword rosters or the like. You mustpreserve any passwords, keys or otherauthenticators required to access encryptedfiles or run applications, along with theinstallation disks, user manuals and licensekeys for applications required to access theESI. You must preserve any cabling, driversand hardware, other than a standard 3.5”floppy disk drive or standard CD or DVDoptical disk drive, if needed to access orinterpret media on which ESI is stored. Thisincludes tape drives, bar code readers, Zipdrives and other legacy or proprietary devices.

X. Paper Preservation of ESI is Inadequate

As hard copies do not preserve electronicsearchability or metadata, they are not anadequate substitute for, or cumulative of,electronically stored versions. If informationexists in both electronic and paper forms, youshould preserve both forms.

XI. Agents, Attorneys and Third Parties

Your preservation obligation extends beyondESI in your care, possession or custody andincludes ESI in the custody of others that issubject to your direction or control.Accordingly, you must notify any current orformer agent, attorney, employee, custodianor contractor in possession of potentiallyrelevant ESI to preserve such ESI to the fullextent of your obligation to do so, and youmust take reasonable steps to secure theircompliance.

XI. System Sequestration or ForensicallySound Imaging


-32-

We suggest that with respect to [insertnames], removing their ESI systems, mediaand devices from service and properlysequestering and protecting them may be anappropriate and cost-effective preservationstep. In the event you deem it impractical tosequester systems, media and devices, webelieve that the breadth of preservationrequired, coupled with the modest number ofsystems implicated, dictates that forensicallysound imaging of the systems, media anddevices is expedient and cost effective.

As we anticipate the need for forensicexamination of one or more of these systemsand the presence of relevant evidence inforensically accessible areas of the drives, wedemand that you employ forensically soundESI preservation methods. Failure to use suchmethods poses a significant threat ofspoliation and data loss. By “forensicallysound,” we mean duplication, for purposes ofpreservation, of all data stored on the evidencemedia while employing a proper chain ofcustody and using tools and methods thatmake no changes to the evidence and supportauthentication of the duplicate as a true andcomplete bit-for-bit image of the original. Aforensically sound preservation methodguards against changes to metadata evidenceand preserves all parts of the electronicevidence, including in the so-called“unallocated clusters,” holding deleted files.

XII. Preservation Protocols

It is my intent to work with you to form anagreement regarding an acceptable protocolfor forensically sound preservation. If youwill promptly disclose the preservationprotocol you intend to employ, perhaps wecan identify any points of disagreement andresolve them.

XIII. Do Not Delay Preservation

I’m happy to discuss reasonable preservation

steps; however, you should not deferpreservation steps pending such discussions ifESI may be lost or corrupted as a consequenceof delay. Should your failure to preservepotentially relevant evidence result in thecorruption, loss or delay in production ofevidence to which [client] is entitled, suchfailure would constitute spoliation ofevidence, and could result in sanctions.

XIV. Confirmation of Compliance

Please confirm that you have taken the stepsoutlined in this letter to preserve ESI andtangible documents potentially relevant to thisaction. If you have not undertaken the stepsoutlined above, or have taken other actions,please describe what you have done topreserve potentially relevant evidence.

I appreciate your continuing courtesy andprofessionalism.

Very Truly Yours

IX. BIBLIOGRAPHY.

• Clay Calvert, Kayla Gutierrez, KarlaD. Kennedy, Kara Carnley Murrhee,David Doe v. Goliath, Inc.: JudicialFerment in 2009 for BusinessPlaintiffs Seeking the Identities ofAnonymous Online Speakers, 43 J.MARSHALL L. REV. 1 (2009).

• Timothy J. Carroll and Bruce A.Radke, Federal Rules of CivilProcedure Concerning E-DiscoveryI m p a c t ( 2 0 1 0 )<http://www.busmanagement.com/art i c l e / F e d e r a l - R u l e s - o f - C i v i l -Procedure-Concerning-E-Discovery-Impact>.

• The Electronic Discovery ReferenceModel <http://edrm.net>.


-33-

• Sheldon M. Finkelstein and Evelyn R.Storch, Admissibility of ElectronicallyStored Information: It's Still the SameOld Story, 23 J. AM. ACAD. MATRIM.L. 45 (2010).

• Jayni Foley, Note, Are GoogleSearches Private? An OriginalistInterpretation of the FourthAmendment in Online CommunicationCases, 22 BERKELEY TECH. L.J. 447,457 (2007)

• Omer Tene, What Google Knows:Privacy and Internet Search Engines,2008 UTAH LAW REV. 1433 (2008).

• The Sedona Conference Commentaryon Non-Party Production and Rule 45Subpoenas (Blakely, et al., editors2008)

<http://www.thesedonaconference.org/dltForm?did=Rule_45_Subpoenas>.
