Electronic Mail gains further scrutiny in electronic discovery during 2007
Since 1995 I've had the luxury of working with email and fax systems. Back then the only thing Microsoft was selling was Microsoft Mail and Windows 95 Inbox Client (Inbox Client was included in Windows 95, but you needed the plus-pack to get internet mail services). In early 1996 Microsoft released Microsoft Exchange 4.0, which started their path down email and calendaring software growth. It was also 1996 that Microsoft realized they needed to focus on this thing called the Internet. Through 1997 Microsoft's flagship product continued to support Novell and X.400 systems as a default configuration.
From 1997 through 2000, Microsoft gained considerable ground in the email world and during 1998 it released a feature and function called "Journaling." Journaling gave messaging systems managers the ability to review "copies of original emails" sent by users of the system. Through 2000, this was an under-utilized feature in many organizations. However, after Microsoft Exchange 2000 was released and the feature crept into the administrative interface, it became the standard way to collect email for SEC inquiry within Microsoft Exchange, at least for Financial Services. Many companies still recover data from tapes, but that has slowly been changing and will continue to change over to Journaling for future inquiry and evidence needs.
As the millennium turned a small, private company headed by Nigel Dutt was formed in Reading, Berkshire, UK. This company will later be known as KVS, Inc (kVault Software, LTD). KVS was started by Nigel Dutt and Eileen Christie, who were later joined by Mike Hedger, the final CEO of KVS, Inc. KVS was originated as a software group within Digital Equipment Corporation in the late 1990's. The software group focused on Digital All-in-one messaging systems and found themselves without work after DEC's acquisition by Compaq. Nigel, using his experience as a Technical Director and Entrepreneur, secured funding and space at an incubator location in Reading, Berkshire, UK.
Around 2002 KVS, Inc found themselves growing wildly in the US on the wave of Financial Compliance in New York's Financial District. Elliot Spitzer was clambering for digital evidence related to the fraud and mis-representation by analyst's and brokers. Thus, KVS introduced a new product called Compliance Accelerator designed to address the review requirements laid out in North American Securities Dealers (NASD) rule 3010. About that same time, a firm in Houston was undergoing significant requests by the Federal Energy and Resource Commission. During the few years that followed, KVS would continue to develop it's email archiving system and two business accelerators; one for review and the other for electronic discovery. During the development, sales and delivery of those systems, KVS product engineering was hard at work ensuring the integrity of data stored within the archiving system. As early as 2004, KVS product management and engineering were evaluating & updating architecture and security sub-systems to support email integrity within the archive storage systems.
Since leaving KVS, acquired by Symantec Corporation in late 2004, quite a bit has transpired in the email archiving and electronic discovery industry. Just this past year several cases have challenged authenticity and articles have been written regarding the legitimacy and privacy of emails. As someone who looks for way's to capitalize on business processes, especially eDiscovery process, I gathered a few cases and rules to consider, with proper acknowledgment to the original authors and their articles:
After reading this short list, be sure to review the cases and rules in more detail, as well as the articles from which they were elicited.
Email is an interesting form of evidence, because there isn't an original email to deem as evidence. Moreover, the processes that collect (Microsoft Journaling) and the systems that retain them (KVS/Symantec, Zantaz, etc) are all subject to further scrutiny as the archive system and storage is further understood by attorneys and judges.
Since most cases are not criminal, the wanting to alter or destroy evidence is lessened. However, when a criminal or high-value case is under scrutiny, you can be assured authenticity of a system will be evaluated. That system will be made up of software, storage and organizational rules, all of which come into question. Your teams must be sure to evaluate software, storage and organizational rules against the cases and rules I've identified above. Also, be sure to read through the articles referenced at the bottom of this entry. You can be assured more cases and rules will surface to affect authenticity and admissibility of emails from archive systems. We'll do our best to collect and expose them in our Electronic Discovery feed.
References for the above cases and rules can be found in these news articles:
Don't Let your E-Evidence get Trashed, June 11, 2007, www.nlj.com, By Jerold S. Solovy and Robert L. Byman
Authenticating E-Mail Discovery as Evidence, August 13, 2007, www.law.com/pa, By Beatrice O'Donnell And Thomas A. Lincoln
Cutting Out Privacy in the Office, December 19, 2007, www.nlj.com, By Kelly D. Talcott
From 1997 through 2000, Microsoft gained considerable ground in the email world and during 1998 it released a feature and function called "Journaling." Journaling gave messaging systems managers the ability to review "copies of original emails" sent by users of the system. Through 2000, this was an under-utilized feature in many organizations. However, after Microsoft Exchange 2000 was released and the feature crept into the administrative interface, it became the standard way to collect email for SEC inquiry within Microsoft Exchange, at least for Financial Services. Many companies still recover data from tapes, but that has slowly been changing and will continue to change over to Journaling for future inquiry and evidence needs.
As the millennium turned a small, private company headed by Nigel Dutt was formed in Reading, Berkshire, UK. This company will later be known as KVS, Inc (kVault Software, LTD). KVS was started by Nigel Dutt and Eileen Christie, who were later joined by Mike Hedger, the final CEO of KVS, Inc. KVS was originated as a software group within Digital Equipment Corporation in the late 1990's. The software group focused on Digital All-in-one messaging systems and found themselves without work after DEC's acquisition by Compaq. Nigel, using his experience as a Technical Director and Entrepreneur, secured funding and space at an incubator location in Reading, Berkshire, UK.
Around 2002 KVS, Inc found themselves growing wildly in the US on the wave of Financial Compliance in New York's Financial District. Elliot Spitzer was clambering for digital evidence related to the fraud and mis-representation by analyst's and brokers. Thus, KVS introduced a new product called Compliance Accelerator designed to address the review requirements laid out in North American Securities Dealers (NASD) rule 3010. About that same time, a firm in Houston was undergoing significant requests by the Federal Energy and Resource Commission. During the few years that followed, KVS would continue to develop it's email archiving system and two business accelerators; one for review and the other for electronic discovery. During the development, sales and delivery of those systems, KVS product engineering was hard at work ensuring the integrity of data stored within the archiving system. As early as 2004, KVS product management and engineering were evaluating & updating architecture and security sub-systems to support email integrity within the archive storage systems.
Since leaving KVS, acquired by Symantec Corporation in late 2004, quite a bit has transpired in the email archiving and electronic discovery industry. Just this past year several cases have challenged authenticity and articles have been written regarding the legitimacy and privacy of emails. As someone who looks for way's to capitalize on business processes, especially eDiscovery process, I gathered a few cases and rules to consider, with proper acknowledgment to the original authors and their articles:
- Scott v. Beth Israel Medical Center, Inc., 2007 WL 3053351 (N.Y. Sup. Oct. 17, 2007) - private emails from Doctor to Attorney over Hospital's email system
- Long v. Marubeni America Corp., 2006 WL 2998671 (S.D.N.Y. Oct. 19, 2006) - Temporary copies of email created by private password-accessed online email systems stored on business computers
- Lorraine v. Markle American Insurance Co., 2007 U.S. Dist. Lexis 33020 (D. Md. 2007) - includes 101 page brief regarding admissibility problems of electronic evidence
- Rambus Inc. v. Infineon Technologies A.G., 348 F. Supp. 2d 698 (E.D. Va. 2004) - eMail chain authenticity
- U.S. v. Safavian, 435 F. Supp. 2d 36 (D.D.C. 2006) - possible altering doesn't mean they should be excluded, due to high volume of email, see Lorraine V. Markle brief by Judge Paul Grimm
- Bouriez v. Carnegie Mellon University - no evidence supporting authenticity
- New York v. Microsoft Corp - hearsay and admissibility rejection
- Federal Rule of Evidence 26(f) conference - a meeting to determine authenticity and admissibility requirements
- Federal Rules of Evidence 803(1) and
803(2) - emails written about an event, during the course of the event are considered evidence
- Federal Rule of Evidence
803(6) - regular business practices over email define email as business records
- Federal Rule of Evidence 901 - the need to legitimately infer a document is genuine
- Federal Rule of Evidence 902(7) - self authenticating email as evidence due to personal style, email address, etc
After reading this short list, be sure to review the cases and rules in more detail, as well as the articles from which they were elicited.
Email is an interesting form of evidence, because there isn't an original email to deem as evidence. Moreover, the processes that collect (Microsoft Journaling) and the systems that retain them (KVS/Symantec, Zantaz, etc) are all subject to further scrutiny as the archive system and storage is further understood by attorneys and judges.
Since most cases are not criminal, the wanting to alter or destroy evidence is lessened. However, when a criminal or high-value case is under scrutiny, you can be assured authenticity of a system will be evaluated. That system will be made up of software, storage and organizational rules, all of which come into question. Your teams must be sure to evaluate software, storage and organizational rules against the cases and rules I've identified above. Also, be sure to read through the articles referenced at the bottom of this entry. You can be assured more cases and rules will surface to affect authenticity and admissibility of emails from archive systems. We'll do our best to collect and expose them in our Electronic Discovery feed.
References for the above cases and rules can be found in these news articles:
Don't Let your E-Evidence get Trashed, June 11, 2007, www.nlj.com, By Jerold S. Solovy and Robert L. Byman
Authenticating E-Mail Discovery as Evidence, August 13, 2007, www.law.com/pa, By Beatrice O'Donnell And Thomas A. Lincoln
Cutting Out Privacy in the Office, December 19, 2007, www.nlj.com, By Kelly D. Talcott
New for April 2008 we are offering
updates via email, including a monthly electronic discovery
newsletter starting in May.
0 TrackBacks
Listed below are links to blogs that reference this entry: Electronic Mail gains further scrutiny in electronic discovery during 2007.
TrackBack URL for this entry: http://www.dciginc.com/cgi-bin/mt/mt-t.cgi/78
Excellent entry. Very informative and interesting...
However, it’s left me wondering, which now begs a few questions:
What is causing the scrutiny and the authenticity of these records to be challenged?
Is there a perceived weakness in the capture and storage methods that may be considered non-complaint with specific regs (e.g. erasable/modifiable archives)?
What are companies like KVS, Symantec, and Zantaz doing to address these concerns?
--> What is causing the scrutiny and the authenticity of these records to be challenged?
The scrutiny originates from judges, attorneys and specialists having increased knowledge of electronic mail, documents and enterprise resource planning systems. As more cases come to trial, attorney’s work on both defense and prosecution, gaining valuable insight into potential authenticity or admissibility issues. In the article titled “Don’t let your evidence get trashed” by Jerold S. Solovy and Robert L. Byman, they quote Judge Paul Grimm’s 101 page opinion on admissibility problems of electronic evidence where Grimm says “…it would be prudent to plan to authenticate the record by the most rigorous standard that may be applied.”
If one uses this as a baseline, it would be very easy to require a trace of an email or document back to its source and question the integrity of the trace and document, especially in a high-value criminal or civil case. Suggesting someone wouldn’t edit an email or coax someone in to editing it, is not far from possible. It sounds a bit like a novel or movie, but when the stakes are high, editing emails, deleting documents, etc will happen.
For example, consider editing an email ahead of legal collection. eMail archiving systems require a built in capture mechanism within the messaging system, i.e. Microsoft Exchange Message Journaling. eMail archiving systems then capture and store the Journaled email data on alterable storage systems using basic security controls (UNIX or Windows). It would be very easy for an unscrupulous character to edit the email on those systems or during a time the emails are copied to another system for legal processing and review. Significant edits wouldn’t be required, just word deletions, etc. Making small changes retains the stylistic integrity of a person’s writing style, which is one way to authenticate an email.
--> Is there a perceived weakness in the capture and storage methods that may be considered non-complaint with specific regs (e.g. erasable/modifiable archives)?
To my knowledge, there is not a perceived weakness in the alterable storage methods used by many companies, but there could be. Software, storage and organizational rules will be scrutinized to help determine authenticity and integrity, perceived weaknesses will appear. Cases like U.S. v. Safavian, 435 F. Supp. 2d 36 (D.D.C. 2006), suggest authenticity may not be that critical, at least in 2006. However, in 2007, Judge Paul Grimm’s opinion on electronically stored information admissibility set’s the bar for admissibility at an appropriate level.
The only regulation that requires Electronically Stored Information (ESI), i.e. eMail, be stored on unalterable media is Securities Exchange Commission (SEC) 17a4. There aren’t any other regulations that require unalterable media storage. However, even in unalterable media storage, the ESI must be copied off those systems to be reviewed and redacted. During the copy phase, ESI can be altered from its original state.
In the case of unalterable media, ESI is stored with a hash value. That value should be read and incorporated into the chain of custody and referenced for authenticity purposes. To my knowledge, hash values on unalterable storage media have not been required or evaluated in any known case. Practically speaking, it won’t be necessary, but high-stakes cases should consider them as another mechanism to validate ESI. [Definition: hash is a computer generated value that can be used to validate the data being read to what was originally written.]
--> What are companies like KVS, Symantec, and Zantaz doing to address these concerns?
This is a great question, I’ll drop them a note about the cases and rules I’ve commented on to determine what their product management teams are doing. I’ll write another blog entry pertaining to their response. It'll take me a couple of weeks to get to this.
~~Joshua Konkle