Fordham Forensics in Atlanta, GA is a sophisticated provider of e-discovery processing and consulting services.
To learn more about electronic discovery or
discuss a specific matter,
Those familiar with Electronically Stored Information (ESI), know that its history long predates the 2006 changes to the federal rules. For example, the case of Bills v Kennecott Corp., 108 F.R.D. 459, 461 (D. Utah 1985) not only used the term ESI 20 years before the 2006 federal rules it also stated that, “It is now axiomatic that electronically stored information is discoverable under Rule 34 of the Federal Rules of Civil Procedure. . . .” Another case decided more than a decade before the 2006 changes claimed that the discovery of computerized data was now black letter law. (Anti-Monopoly Inc. v Hasbro, Not Reported in F.Supp., 1995 WL 649934 (S.D.N.Y.))
While the headlines about recent decisions involving ESI have focused on the 2006 changes to the federal rules and involved issues like undue burden and expense, accessibility, preservation and sanctions; a newer yet familiar storm is visible on the horizon. The impending tempest is one of ESI admissibility.
The issues surrounding ESI admissibility are not new either, however. Just as in other ESI areas, it has been long established that computer records are subject to the same foundational issues as other evidence. (For example, See U.S. v DeGeorgia 420 F.2d 889, (9th Cir. 1969) at FN11, ". . . [I]t is immaterial that the business record is maintained in a computer rather than in company books, this is on the assumption that: (1) the opposing party is given the same opportunity to inquire into the accuracy of the computer and the input procedures used, as he would have to inquire into the accuracy of written business records, and (2) the trial court, as in the case of challenged business records, requires the party offering the computer information to provide a foundation therefor sufficient to warrant a finding that such information is trustworthy. " ; U.S. v Russo, 480 F.2d 1228 (6th Cir. 1973) at 1240, ". . . [O]nce the reliability and trustworthiness of the information put into the computer has been established, the computer printouts should be received as evidence . . ." ; and U.S. v Croft, 750 F.2d 1354 (C.A.Wis. 1984) at 1365, "The record reveals that defense counsel thoroughly cross-examined Laufenberg concerning the accuracy of the computer and the input procedures." )
What these earlier cases have held is that the computer information is trustworthy and is what it purports to be. This determination has often involved an examination of the computer itself along with its programs and data input to determine that the information it contains is trustworthy.
During the intervening years between the above cited cases and those decided in more modern times the lines had blurred. Principles like business records and self authentication along with testimony by those having knowledge about the records have been determined adequate to authenticate computer records. It even went so far as placing the burden on the challenger and not the presenter to prove fault with computerized records.
Such concepts have been problematic for situation where evidence has been spoliated. The hurdles are already high to gain spoliation sanctions. In fact, to survive a claim of spoliation once must prove that the spoliated evidence had relevance to the case, which can be hard to do when the data has been destroyed and its exact contents no longer available for inspection.
Thus under the old concepts one not only was hobbled from proving spoliation, one was also subjected to whatever alternative data had been used as its replacement. After all, spoliation is not just limited to deleting data. Indeed, it can be changed.
In more recent times, however the pendulum as swung the other way as people realized
In re Vin Vinhee
This ever-expanding complexity of the cyberworld has prompted the authors of the current version of the Manual for Complex Litigation to note that a judge should “consider the accuracy and reliability of computerized evidence” and that a “proponent of computerized evidence has the burden of laying a proper foundation by establishing its accuracy.” MANUAL FOR COMPLEX LITIGATION (FOURTH) § 11.446 (2004),FN6 citing with approval, Gregory P. Joseph, A Simplified Approach to Computer–Generated Evidence and Animations, 43 N.Y.L. SCH. L. REV. 875 (1999–2000).
In effect, it is becoming recognized that early versions of computer foundations were too cursory, even though the basic elements covered the ground. For example, it has been said that a qualified witness must testify as to the mode of record *446 preparation, that the computer is the standard acceptable type, and that business is conducted in reliance upon the accuracy of the computer in retaining and retrieving information. BARRY RUSSELL, BANKRUPTCY EVIDENCE MANUAL ¶ 803.17 (2005) (“RUSSELL”); cf. 5 WEINSTEIN § 900.07[c].
Professor Imwinkelried perceives electronic records as a form of scientific evidence and discerns an eleven-step foundation for computer records:
1. The business uses a computer.
2. The computer is reliable.
3. The business has developed a procedure for inserting data into the computer.
4. The procedure has built-in safeguards to ensure accuracy and identify errors.5. The business keeps the computer in a good state of repair.
6. The witness had the computer readout certain data.
7. The witness used the proper procedures to obtain the readout.
8. The computer was in working order at the time the witness obtained the readout.
9. The witness recognizes the exhibit as the readout.
10. The witness explains how he or she recognizes the readout.
11. If the readout contains strange symbols or terms, the witness explains the meaning of the symbols or terms for the trier of fact.
What many practitioners may not realize is that autheticating ESI can be a lot more complicated than its paper counterpart.
Business records are exampt from hearsay rule but if not kept as business record then not exempt. Thus Validating computer system and media using registry, event logs, file system remnants is important for business record exemption.
There is a notion that production of documents authenticates them since they are in possession. This would seem counter to cases above where production of computer records still requires authentication that machine is reliable.
Need for Forensic Imaging
timing of preservation and
Situations where evidence is positive and needed for assertion. If lethality of that evidence could be mitigated if it cannot be authenticated. This could be particularly troublesome where targeted data acquisition was performed instead of forensic imaging.
Situation where spoliation was performed but consequence on deleted data not known about how it prejudiced case. The next best thing could be to deny defenses becaus of sloppy preservation that was done to hide spoliation. Could this be a way to emasculate a party's defenses.
How about where good info found on devices where poor preservation methods were used
Consequences not just limited to trial.
A more recent incarnation of this subject involves the decision in Lorraine v. Markel American Ins. Co., 241 F.R.D. 534 (D.Md.,2007). In that case, Judge Grimm decided that, “failure of both parties to observe evidence rules, as they applied to [ESI], precluded any entry of summary judgment.”
Judge Grimm then went on to explain that, “[C]onsidering the significant costs associated with discovery of ESI, it makes little sense to go to all the bother and expense to get electronic information only to have it excluded from evidence or rejected from consideration during summary judgment because the proponent cannot lay a sufficient foundation to get it admitted.”
The decision in Lorraine is very instructive in its examination of the various Federal Rules of Evidence (FRE) and their interplay governing the admissibility of ESI into evidence. Of equal interest are the decisions in the other cases discussed in Lorraine.
In its March 2008 Commentary the Sedona Conference expands on the information in Lorraine by interweaving practical discussions of ESI issues. One of the Commentary’s more unique and interesting examinations involves “Understanding the Threat Landscape” and the inherit reliability or unreliability of ESI considering anti-forensic forces and system interconnectivity.
Although the Commentary cautions against allowing these threats to become a casual means to preclude harmful evidence, a lot of litigators, by now, have experienced the so called “virus” defense. Under the virus defense the claimant seeks to avoid the consequences of possessing contraband or having destroyed the smoking gun by claiming it was all done by a virus.
Despite the warnings against overreaction, after reading the Commentary, one realizes the doubled edged nature of the publication. Will realizations about the threat landscape erode the usefulness of ESI or will the threat along with admissibility issues highlight the weaknesses in the Sedona Best Practices?
For example, it is only in its most recent revision (2007) that the Sedona best practices removed its limitation that the preservation and production of metadata be by expressed agreement of the parties. Interestingly, application metadata embedded in a document could authenticate that document under FRE 902(7). In addition, the authenticity of that data could be substantiated with system metadata which is not subject to a hearsay limitation under FRE 801.
Despite the 2007 changes, the current Sedona best practices still contain preservation weaknesses. For example, principle 8(c) discourages the practice of forensic data collection except in certain cases. Yet without such collection techniques is the authenticity of the evidence not compromised particularly in light of the decision in Lorraine?
In fact, the more one studies the decision in Lorraine and its predecessors along with the Sedona Conference’s latest commentary on ESI admissibility, one must question whether this latest commentary reveals new trends or spotlights “Best Practice” flaws.