The Paperless Chase
Litigators are supposed to know all the ins and outs of a trial --what’s allowed and what makes compelling evidence. But talk to experienced lawyers about electronic evidence in litigation and they start to get vague. Talk to them specifically about using evidence from a database in court and it might sound like listening in on a late-night college bull session about the meaning of life.
That’s because the question of what is discoverable from a database undermines fundamental notions, such as what constitutes a document, or even what constitutes information.
“The litigation system we have involves documents, which denotes paper, which is a physical thing made of atoms, a recorded artifact that you can identify as an original,” says George Paul. A Phoenix-based partner with Lewis and Roca, Paul has used information from data bases in several cases. “In the paper world, you can hold an original and authenticate it. But our society doesn’t really record information that way anymore.”
Databases are a difficult question for courts because they are not made up of discrete documents or even discrete pieces of information. Database information is constantly changing, being updated and being linked together from multiple sources. And on top of that, information is constantly changing in ways that make it hard to know what’s authentic.
In addition, information in a database can be meaningless unless it arrives with the entire system of software from which it is pulled. The database is meant to function as a whole, with data stored in separate columns and fields that signify nothing when taken out of their context. A database needs some sort of software to take raw data and information and turn it into useful and readable reports and documents. “A database is a big organic whole,” says Paul. “If you take a few gears out of a watch, it won’t tell time anymore.”
The database issue is not new. Michael Prounis, CEO of New York City-based Evidence Exchange, an electronic discovery company, has been involved in discovery of database information since 1987. However, the courts are just beginning to wrestle with the problem. “It wasn’t called e-discovery back then, but that’s what we were doing,” he says. “It’s still an issue the courts aren’t comfortable with.”
Discovery of electronic evidence, or e-discovery, has become a jurisprudential growth area. Conferences, continuing legal education programs and an entire new industry have been dedicated to resolving the thorny issue.
And what constitutes a database is itself a slippery topic. “The definition of database is in the eye of the beholder,” says Ken Withers, senior judicial education attorney with the Federal Judicial Center in Washington, D.C. “It could be a set of index cards in a box or a huge, dynamic database running a major American corporation.”
For the purposes of this article, a database is a collection of structured information that can be accessed and analyzed by a computer program. Most of such databases are separate files linked so that information can be pulled from different sources and compiled. A common example is a human resources system that allows an employer to access all records on different employees. The employer can analyze different aspects of one employee’s file or pull information from multiple files to analyze information about the workforce.
But Withers says even common e-mail, productivity and organizational programs like Microsoft Outlook or Word or Lotus Notes can be called databases. When you print an e-mail, you’re essentially printing a report from a number of fields, including the text of the e-mail, the subject line and information about who sent the message and when.
Lawyers have to be aware of all of the pieces of data that are discoverable because metadata and related pieces of information can be vital evidence in a trial. “For example, in an e-mail, you can’t see who was bcc’d [blind carbon copied]. That information is hidden in the metadata,” says Paul. “But knowing who got bcc’d on the e-mail could win the case if it shows, for example, that the company president was bcc’d about how his company’s books were altered.”
Courts have wrestled with and settled some fundamental issues in the past couple of years, such as discovery of e-mail. Most notably, U.S. District Judge Shira A. Scheindlin for the Southern District of New York has issued five influential decisions, culminating with Zubulake v. UBS Warburg, No. 02 Civ. 1243 (July 20, 2004).
Zubulake is a sex discrimination case originally filed in 2002, but it is still tied up in pretrial discovery motions. In a series of rulings, Scheindlin held that courts must consider factors such as the likelihood of discovering critical information and the cost to each party of producing documents. Courts have made it clear attorneys can be sanctioned if their clients don’t produce required electronic documents.
However, this ruling concerned the discovery of e-mail stored on a corporate backup tape system, and did not touch on issues specific to databases.
“Zubulake specifically addressed backup tapes, which are painful to deal with,” says Dean Gonsowski, director of litigation strategy services with Fios Inc., a Portland, Ore.-based electronic discovery support company. “But backup tapes are all the same. With databases, there are hundreds of flavors, each with its own special problems.”
Case Law Unclear
There are a handful of current cases that address the discovery of databases, though none give clear guidance as to how discovery of a database should proceed. About all that is clear at this point is that a database is, indeed, discoverable. In one federal case in New York, the court ruled production of database files had to be done in electronic form and that printing database files to paper was not sufficient. In re Honeywell International Inc., No. M8-85 WHP (S.D.N.Y. 2003).
In that case, accounting firm PricewaterhouseCoopers had produced documents for securities litigation on paper, but the plaintiffs argued that in doing so, the firm was out of line with Federal Rules of Civil Procedure Rule 34(b), which specifies that documents must be presented as they are kept in the ordinary course of business. The court ordered PricewaterhouseCoopers to produce a copy of its work papers on CD-ROMs.
But, though electronic database files are discoverable in electronic form, courts have been reluctant to grant plaintiffs broad access to them. Elizabeth Russell brought a claim in U.S. District Court in Alabama against Ford Motor Co., alleging her seat belt came unbuckled during an accident. Arguing that Ford was not forthcoming with information, she requested direct access to Ford’s database to find out what complaints the company had received about its seat belts prior to her accident.
The 11th U.S. Circuit Court of Appeals based in Atlanta ruled that direct access to a database might be permissible, but decided Russell hadn’t shown discovery abuses by Ford. In re: Ford Motor Co., 345 F.3d 1315 (2003).
While her discovery request was probably overbroad, observers think the court may have overreacted in shooting down the request. Here, the court seemed to say a database is only discoverable if it can be shown the producing party is withholding documents and information.
Meanwhile, in Texas, the 14th Court of Appeals in Houston reversed a broad database discovery order against home improvement giant Lowe’s. The plaintiffs had asked that Lowe’s be forced to allow full access to its databases. The court said plaintiffs need to offer specific requests explaining what they hope to find in a database, including items that should be produced and in what format. In re: Lowe’s Companies Inc., 134 S.W.3d 876 (May 18, 2004).
“The Lowe’s decision really tries to home in on what’s required for direct access to a database,” says Gonsowski. “They’re saying that if there are no guardrails or limits, full access is overbroad.”
And there is a good reason why courts have been hesitant to allow discovery of databases: Databases are central to the ongoing operation of most modern companies. “Many corporations, particularly in the service industry, are creatures of their databases,” says Withers. “It would be hard to freeze the database at Amazon for pending litigation without destroying their business.”
New Rules on the Horizon
The Committee on Rules of Practice and Procedure of the Judicial Conference of the United States is working on new amendments to the Federal Rules of Civil Procedure to account for electronic evidence, including databases. The amendments would create a framework for resolving discovery disputes.
“The intent is not to dictate certain results, but to get the parties to think about the issues early in litigation,” says Withers, who is the Federal Judicial Center’s liaison to the committee. “We want to keep the courts out of it as much as possible by building the framework for discovery to take place.”
However, the new rules do not spend much time expanding on existing definitions of what is discoverable, since technology will certainly evolve faster than rules can be written. The amendments have been expanded to make explicit that “electronically stored information” is as discoverable as paper documents. But, what’s more important, the proposed amendments offer expanded guid- ance for how opposing sides should negotiate for the retrieval and presentation of electronic evidence.
According to the proposed amendments, Rule 34(b) would allow the requesting party to decide how it wants information produced while allowing the responding party the right to object to impractical requests. If the requesting party doesn’t specify the form for producing data, the producing party has the option to either produce the information in a form in which it is ordinarily maintained or in an electronically searchable form. Unless otherwise ordered, the responding party need only produce the information in one form.
Negotiations will begin with what is known as a 26(f) conference, which happens before any discovery. At this point, opposing parties should discuss the forms of production. If they can’t agree within two weeks, they face the judge for what is known as the Rule 16 conference, where the judge can offer guidance for resolving any disputes. Once an actual discovery request is issued, the responding party may object under Rules 26(c) and 37(a).
Withers hopes the amendments, if ratified, will force both sides to negotiate early in the process, short-circuiting ugly disputes later on. “Too often it takes on an adversarial tone–‘We’ll do it our way’–and then it gets thrown to the courts,” says Gonsowski. “Then the judge barely understands e-mail and has no idea how expensive or time-consuming database discovery could be, and the rules are not sufficient, so it turns into a big mess.”
The amendments are aimed at stopping the dirty tricks opposing lawyers often play on each other during discovery. In electronic discovery, that typically means printing electronic documents so that much of their usefulness is lost. Printing database files or producing them in a format other than their native format creates unusable gibberish.
“In the paper world, lawyers used to pull trucks up to a law firm and dump boxes and boxes of documents on the other side in order to make their life hard,” says Prounis of Evidence Exchange. “Unfortunately, you can do things like that in the electronic world, too.”
One problem with electronic files is that they are changeable. That means both the producing and requesting parties can manipulate data and present it in any light they choose.
“You can slice a given database into hundreds of thousands of views,” says Gonsowski. “Your report and extrapolations can be interpreted any number of ways if you let someone sit down with the database.”
Therefore, part of any discovery protocol involving databases ought to be an attempt to maintain the integrity of the database. Evidence Exchange offers a service that will effectively notarize a database so that it is possible to determine if a file has been manipulated. “We’ve had to take another step in that effort,” says Prounis. “You have to guard against the other side changing data, even accidentally. That is a scary problem.”
Because some courts have frowned on producing an entire database, e-discovery experts have been experimenting with some solutions. One is a database viewer, which is software that allows someone to look at data and manipulate it in limited ways, but without the full functionality of a database.
“A viewer is a good middle ground, but only if you’re dealing with a really simple database,” says Gonsowski. “The best example would be something like Outlook or Lotus Notes. For anything else, it’s probably not powerful enough.”
Another option is to present database files in a format that maintains as much metadata and original formatting as possible. For example, it is possible to create something called a “fat PDF,” which creates a copy of a file in the popular portable document format but retains metadata associated with the original document. This solution is also best for smaller, relatively uncomplicated databases.
An increasingly popular method is for courts to appoint an electronic discovery special master. Prounis has worked as a special master, primarily dealing with the parties to negotiate a protocol. “It’s important to have someone who understands both the case law and what’s technically possible,” says Prounis.
A special master can be most helpful with the thorny issue of protecting privileged information, an issue even more complicated than a normal discovery proceeding. That’s because databases often contain personnel, financial or medical records that are protected by law. “The biggest challenge for us is to reconcile what attorneys think is possible and what the technology guys think is possible,” says Gonsowski.
But everyone who has studied this issue seems to agree on one point: No one solution will work for every case. That means if electronic evidence from a database is going to be part of any litigation, lawyers need to negotiate exactly how it will be presented and used.
“I’ve been in law 23 years, and when I started there was a completely different information paradigm,” says Paul. “The only way to make [database discovery] work is to force lawyers to get together and agree on how to produce information from a database in a meaningful way.”
Mining Data for Dirty Deeds
Law enforcement and counterterrorism experts have increasingly turned to data-mining software to wade through information, looking for patterns that point to criminal activity. But as data mining becomes more common, investigators struggle with the perception that personal privacy is being compromised.
According to a 2004 General Accounting Office report, there are 199 data-mining efforts run by 52 different federal agencies either planned or in operation. Most are designed to do relatively mundane tasks like improve services or manage human resources. At least 14 separate efforts, however, were aimed at analyzing intelligence information and detecting terrorist activities, and another 15 were categorized as efforts to detect criminal activity. State and local governments are working on many more such efforts.
How Far Can They Go?
People’s lives are increasingly tracked by databases, and law enforcement expects to use the technology to track individuals and pro file threats. However, it’s not clear what limits there are on such efforts.
“A subpoena or search warrant used to mean an officer was likely to knock on your door, but today that could just as likely mean that law enforcement is going to be searching records in a database somewhere, perhaps never physically bothering an individual,” says Fred Cate, a law professor at Indiana University at Bloomington. “The question is how to make the same protection apply to virtual warrants as they do in the physical world.”
Without the judicial oversight required for search warrants in the physical world, police would be able to conduct the equivalent of a fishing expedition through personal information. “Police can’t barge into every house and find out who has a red parka, but they could search a database for everyone who’s bought one,” says Cate, who was the reporter for the Department of Defense Technology and Privacy Advisory Committee Report on Data Mining.
One issue that no one has figured out is how to make agencies accountable for how they compile information or how it is used.
Perhaps the best-known law enforcement database effort is the Transportation Security Administration’s watch list, compiled from various law enforcement sources. David Sobel, general counsel with the Electronic Privacy Information Center in Washington, D.C., says several due process problems arise when government agencies rely on data mining to compile lists. He divided the problem into three separate issues that he calls the Ted Kennedy problem, the Cat Stevens problem, and the David Nelson problem.
U.S. Sen. Ted Kennedy and Yusuf Islam, the singer formerly known as Cat Stevens, were not allowed to travel because their names showed up on watch lists. “The Sen. Kennedy problem is when a person is stopped apparently because their name is similar to someone on a watch list,” says Sobel. “The Cat Stevens problem is when your name is on the watch list and you actually are the person they’re looking for.”
In both cases, it is hard to find out why your name is on a list and what to do if you think the list is mistaken. However, in the case of people named David Nelson, travel was even more difficult. “The David Nelson problem is the same as the Sen. Kennedy problem, except somebody named David Nelson will presumably have a harder time than a well-connected Kennedy in getting things sorted out,” says Sobel. “Once you’re on a list or they think you’re on a list, getting your name cleared is not easy.”
The Transportation Security Administration has created an ombudsman position and a verification form to help passengers to confirm whether their names should appear on a watch list. The agency acknowledges it can’t say how long it takes to sort out any mistakes. It also declines to explain how data is compiled and what factors are considered.
Another problem is making those behind data-mining efforts accountable for the information they create. Brandon Mayfield, the Portland, Ore.-based attorney who was held in connection with the bombing of a train in Spain last year, apparently was mistakenly arrested when the FBI’s fingerprint database tied his prints to the case.
Mayfield’s attorney, Eldon Rosenthal, says he and his client want to know when FBI analysts were given secondary information that may have made Mayfield a target. They believe databases may have used factors like Mayfield’s religious orientation to profile him as a suspect. “That is something we’re investigating,” he says. “Nobody knows when they get what pieces of information and why.”
Last summer the ABA Journal requested, under the Freedom of Information Act, documents that outline guidelines regarding how these data-mining efforts ought to be employed in criminal investigations. So far, no government agency has provided the information being sought.
Safeguards Against Abuse
The Technology and Privacy Advisory Committee recommended a couple of ways to protect individuals from being wrongly targeted by data-mining probes or from having private information exposed. When agencies use databases for investigations, the committee said, there should be not only safeguards against overbroad searches but avenues for people to clear their names.
One recommendation that’s gaining support is to protect individual information by making it anonymous. That is, law enforcement personnel can search through personal information, but won’t be able to know the name of the person the information belongs to until they’re certain they’ve identified criminal activity. That makes it less likely personal information can be leaked or an individual can be targeted and harassed without solid evidence. At that point, investigators can go to court to have the individual’s name released.
But the main recommendation is simply more judicial oversight and review of data-mining efforts. “Data mining presents some interesting challenges because there’s just so much more data about ourselves out there,” says Cate. “But if you can put accountability into the system, you can make law enforcement more effective without becoming Big Brother.”
Jason Krause is a legal affairs writer for the ABA Journal.
Jason Krause is a legal affairs writer for the ABA Journal.