Information Technology Professionals

Should One IT Person Hold the Keys to the Kingdom? How the “Philippine Love Bug” Case Highlights the Vulnerability of Such a Policy

Background Omega Engineering Corporation, an international company based in New Jersey, was once the employer of Timothy Lloyd. To put Omega’s importance into perspective, the U.S. Navy and NASA were two of their clients for highly specialized and sophisticated industrial process measurement devices. According to testimony during the trial, Lloyd worked at Omega as its sole system administrator from 1985 through 1996. In 1995, Lloyd had undergone Novell network training and installed Novell software on Omega’s computer system. Additionally, Lloyd was the only person who maintained and had top-level access to the Omega network. Between 1994 and 1995, Lloyd became belligerent and increasingly truculent. Due to his poor interpersonal skills, he was demoted in May 1995 from manufacturing to  support engineer. A woman who had once been Lloyd’s subordinate and had engaged in a romantic relationship with Lloyd, was the individual responsible for replacing Lloyd as manufacturing supervisor. In June 1996, Lloyd instituted a policy to “clean up” all of the individual computers in Omega’s manufacturing department. It was unclear as to why Lloyd was implementing company policies after his demotion. Nonetheless, the policy required employees to save their files to the company’s file server and prohibited them from making their own backups. Lloyd’s manager became suspicious of this policy and requested from Lloyd access to the file server. Lloyd never complied. By the end of June, upper management had enough of Lloyd’s behavior and terminated him in early July 1996. On July 31, Omega’s file server would not boot up. All of Omega’s manufacturing programs on the server, which contained instructions for operating the machines, were gone. Multiple computer experts were brought in to recover the files, but to no avail. The files had not only been deleted, but also had been “purged,” meaning that they were rendered unrecoverable.  A leading expert on Novell networking testified at trial that this could only have been done intentionally and by someone with supervisory-level access. The government’s theory included that on July 30, anyone who would log on to the server at any time after that date would “detonate” a program installed by Lloyd that would destroy the information on the Omega file server. The government’s theory was bolstered by the fact that the Secret Service recovered missing Omega backup tapes that had been reformatted as well as a master hard drive from the file server. This had the same string of commands that had functioned as the time bomb program found on the Omega file server. The Decision Ultimately, Lloyd was found guilty of computer sabotage. The jury had deliberated for over twelve hours over the span of three days and had requested testimony in the jury room before they reached their verdict. However, three days after the verdict, one juror said that she had seen on the news, during the trial, about a computer virus called the Philippine “love bug” which allowed the perpetrator to cause great harm by flooding the victim computers and causing them to crash. Whether this affected her decision is unclear; however, the defendant claimed that his 6th Amendment rights had been violated. The district court agreed, granting a new trial. On review, the Court of Appeals reversed the district court’s holding. After a lengthy discussion, the court said that there were significant dissimilarities between the “love bug” and the “time bomb” and most jurors would not confuse the two. Therefore, the appellate court found, the defendant was not prejudiced. Lloyd’s managers should never have allowed a single employee hold as much power as they did. This case highlights the vulnerabilities the company subjects itself to if that is allowed to happen. For example, Omega lost over 1,200 programs and many current and potential clients as well. Akiva Shepard received his J.D. from Seton Hall University School of Law in 2014. Akiva has worked for a New York State Supreme Court Judge in Kings County, and for a NJ real estate firm. 

New Age Technology: Brazilian and U.S. Courts “Scraping” the Surface of Legal Boundaries of Internet Use

This Article was originally published with Bloomberg Law Reports on November 9, 2011. The Internet has afforded anyone, anywhere, a wealth of information at one's fingertips. Within the current and ever­expanding age of technology, Brazilian- and U.S.-based courts continue to draw legal boundaries within a seemingly boundless cyberspace. The boundlessness of the Internet, and its related technologies, transcends geographical limits and poses worldwide issues of regulation. One such technology, which has caught the attention of businesses and resulted in significant legal battles, is "scraping" - a computer software technique that extracts publicly available information from websites. While in and of itself, "scraping" may not be unlawful, courts in Brazil and the U.S. have begun to carve out permissible and impermissible uses of this technology. Brazilian Scraping Lawsuit A recent court opinion of first impression in Sao Paulo, Brazil, gives newfound meaning to ownership rights of information available on the Internet. The Brazilian court's opinion in Curriculum Tecnologia Ltda. v. Catho Online S/C Ltda., et al, examines claims of unfair competition and violation of copyright rules, as applicable to the Internet. The plaintiff, Curriculum Tecnologia Ltda. ("Curriculum"), and defendant, Catho Online S/C Ltda. ("Catho"), are employment recruitment companies, operating solely through the Internet. Thousands of individuals seeking employment use the services of these companies by posting their resumes on the respective websites. In turn, employers seeking to hire review thousands of potential candidates to fill their open positions. In fact, Curriculum is the largest employment website in Brazil, providing a meeting place for over 6 million registered applicants and 100 thousand user companies. These services allow for a faster and easier connection to the open job market. In February 2002, developers at Curriculum noticed an unusual increase in activity on their company's website. While, generally, Curriculum's customers search approximately 500 resumes per day on its website, developers became suspicious when one particular user registered over 63,000 searches in one day. Upon further investigation, Curriculum technicians blocked the particular account and tracked its origin back to a computer at Catho, the defendant competitor. As a result of its investigation and findings, Curriculum filed suit against Catho alleging various business-related claims. As the lawsuit proceeded in the normal course, fact gathering efforts revealed flagrant and deceptive practices by Catho to illegally, in violation of Brazilian law, acquire information from Curriculum's website. In short, Catho developed a program that enabled it to copy ell mass Curriculum's website information database through which it could access resumes from Curriculum's website. Once Catho gained access to the resume information, it used it for its own commercial purposes. The purpose behind Catho's efforts was to increase its own potential employee base in order to offer a wider range to online employment recruiters. Catho acquired hundreds of thousands of resumes from its competitors through the use of these and related methods. Indeed, Curriculum was not the only competitor to bring suit against Catho for these practices, as several other victims of this Internet hacking scheme brought separate actions against Catho. To appreciate the breach of security and the value of the acquired information, one must understand the function of the employment recruitment market in Brazil within which these parties operate. Both parties operate primarily as online employment search engines. Individuals who seek employment and employers who seek skilled individuals, use the services of these recruitment companies by paying fees which permit the posting of resumes and job advertisements, allowing for searches of both to be performed. These web-based services offer various levels of fee-based access to these postings and search capabilities, which in turn generate revenue for these companies. Curriculum's website provides its users with instructions and several menus that allow them to browse its webpage efficiently and effectively. Curriculum does not provide every user with access to its resume bank. Instead, the website uses filters that permit only certain clientele with particular fee-based account settings to access this information. Catho used hacking programs to breach these security devices, allowing unauthorized access to resumes on Curriculum's website, spurring the lawsuit. Specifically, the programs developed by Catho allowed it to take advantage of security flaws in Curriculum's website, and gain access to the entire proprietary database - thereby transferring tens of thousands of resumes in a single clandestine night of debauchery. After plaintiff filed suit, the parties set forth arguments before the Brazilian court in support of their respective positions. Curriculum argued it had a property ownership interest in the data, and therefore Catho engaged in unfair competition and unauthorized copying of Curriculum's information. Catho argued that the information was public, access to the website was open and unrestricted, and therefore the information was not afforded legal protection. In sustaining a lower court's previous finding of damages.judge Luiz Mario Galbetti of 33 Civil Court of Sao Paulo found that Catho engaged in unfair competition by breaching Curriculum's internal computer systems and illegally acquiring thousands of resumes posted therein. The court held that the transmission and expansion of Catho's own database through this illegal acquisition served to increase its market visibility with direct effects on the profits obtained by Catho. Relying on notions of unfair enrichment, abuse of rights, and unpredictability, the court awarded damages in the amount of R$21,828,250.00 (in Brazilian Real). In calculating damages, the court considered the amount charged by Catho per month for posting a resume on its website, R$50.00, multiplied by the 436,595 resumes it illegally acquired. With interest and additional penalties this R$21,828,250.00 resulted in an award of R$63 million in damages, or approximately $42 Million USD. U.S. Scraping Lawsuits Similarly, U.S.-based courts have addressed the legal boundaries of extracting information from public websites. In EF Cultural Travel v. Zefer Corp., 318 F.3d 58 (1st Cir.2003), the U.S. Court of Appeals for the First Circuit issued a preliminary injunction pursuant to the Computer Fraud and Abuse Act (“CFAA”), 18 U.S.C. 1030, to prohibit the use of a “scraper” software program that defendants used to collect pricing information from the plaintiff/competitor’s website. Zefer Corp. (“Zefer”) sought review of the injunction, implemented in a prior hearing with co-defendant Explorica, Inc. (“Explorica”). See EF Cultural Travel BV v. Explorica, Inc., 274 F.3d 577 (1st Cir. 2001). EF and Explorica are competitors in the student travel business, operating websites that permit their respective visitors to explore various vacation packages. To gain a competitive edge, Explorica hired Zefer to build a program that would allow Explorica to “scrape” the prices from EF’s website and download them into an Excel spreadsheet. After accessing EF’s vacation package pricing, Explorica tailored its own costs, purposefully undercutting EF on an average of 5%. EF stumbled upon the “scraping” scheme as a result of discovery in an unrelated, state court lawsuit involving Explorica. As a result, EF filed suit in federal court, seeking an injunction on the grounds that the “scraping” violated both federal copyright laws and various provisions of the CFAA. The underlying issue in the case was whether the use of the scraper program exceeded “authorized access,” in violation of federal law. The relevant CFAA provision examined by the court provides: Whoever. . . knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value, unless the object of the fraud and the thing obtained consists only of the use of the computer and the value of such useisnotmorethan$5,000inany1-yearperiod. . .shall be punished as provided in subsection (c) of this section. While the CFAA defines “exceeds authorized access” as “to access a computer without authorization and to use such access to obtain or alter information in the computer that the accesseer is not entitled so to obtain or alter,” the court in EF Cultural Travel provided analysis of the term “authorization.” The trial court held that authorization could be determined both explicitly, for example through a direct statement restricting access, or implicitly. In defining the implicit prong, the trial court relied upon a “reasonable expectations” test. Even though the appeals court agreed that authorization can be both explicit and implicit, it rejected application of the reasonable expectations test used by the trial court. Instead, the appeals court determined that “public website provider[s] can easily spell out explicitly what is forbidden and consonantly, that nothing justifies putting users at the mercy of a highly imprecise, litigation-spawning standard like ‘reasonable expectations.’” As a result, the appeals court determined that a clear manifestation of the company’s intent that no information be collected from its website was necessary in order to show “lack of authorization,” such as an explicit statement on the webpage restricting access. Or, to put it more bluntly, “[i]f EF wants to ban scrapers, let it say so on the webpage or a link clearly marked as containing restrictions.” Nonetheless, this federal appeals court decision did not eliminate the concept of implicit authorization, as it may suffice in other circumstances. However, the decision highlighted that a plaintiff must demonstrate unambiguously that authorization was prohibited. The EF Cultural Travel decision promulgates the theory that the right to control access implicates a right to prevent or obtain legal remedies for any unauthorized access. As demonstrated in EF Cultural Travel, authorization may be established both implicitly and explicitly. Another method of disclosing a lack of authorization may be through the creation of technological barriers, such as encryption of particular information. Under this regime, after the initial encounter, a third party must either obtain permission or take unusual steps to circumvent the technological barrier. Lastly, database owners may also establish use authorization conditions through contractual terms. Whatever the means of establishing authorization, or the lack thereof, it is apparent that a reasonable effort to protect is a precondition to maintaining this legal right.[1] It is recognized, however, that the mere posting of information on a public domain, such as the Internet, does not in and of itself extinguish a protectable right to that information. This presumption is also echoed in case law analyzing the misappropriation of trade secrets. For example, in Barnett, Inc. v. Shidler, 338 F.3d 1125 (10th Cir. 2003), the court examined whether former employees misappropriated a trade secret by implementing the Infant Swimming Research program (“ISR”), which was designed by plaintiff as a scientific, behavioral approach to pediatric drowning prevention. In finding the ISR program was not a trade secret, the trial court noted “[plaintiff ] allowed its program to become part of the public domain before seeking protection...,” referring to various published books explaining the ISR method. In reversing this finding, the appeals court highlighted the decision in Rivendell Forest Prods., Ltd. v. Georgia-Pacific Corp., 28 F.3d 1042, 1045 (10th Cir.1994) in which the court found that “a trade secret can exist in combination of characteristics, each of which, considered separately, is in the public domain, but, taken together, may yield a competitive advantage that results in a protectable trade secret,” solidifying the argument that information may be a trade secret notwithstanding the fact that some of its components are well known. See also Syncsort v. Innovative Routines, No. 04-CV-03623, 2011 BL 213594 (D.N.J. Aug. 18, 2011) (federal district court of New Jersey examining the existence of a trade secret in light of its brief publishing on the internet). While case law involving scraping requires some form of notification as to non-authorization, this line of reasoning quashes any argument that information posted on the Internet should not enjoy legal protection simply because of its public nature. A court must determine the underlying intent of the scraper because the legality of extracting data from a website often centers on the underlying intent in copying.[2] The copying of information for any purpose deemed a “fair use” may therefore not be actionable. As evidenced by both EF Cultural Travel and Curriculum, this key element is what often implicates legal remedies. Lessons Learned Easy access to information afforded by the Internet has created a global culture that often accepts the free use (and abuse) of information. This often results in blurred lines between public and private property, especially for those who conduct business through the Internet. Therefore, unless a database is composed of content independently entitled to protection, for example through copyright or trade secret law, database owners must rely upon a patchwork of available legal remedies. Database owners may seek protection under unfair trade statutes or under common law theories such as misappropriation. Contractual restrictions also offer protection, but such a remedy requires privity of contract. Moreover, while a claim for trespass may also be a feasible option, most courts require a showing of actual injury. Lastly, and certainly not exclusively, protection under the CFAA may be warranted. While each option has its own nuances, courts are setting down the foundation of protection in response to the legalities of the Internet age. Therefore, while the potential remedies available to database owners under U.S. law tend to be narrow, it is no doubt only the beginning. Regardless of the underlying legal principal asserted against an illegal scraper, liability attaches on a case by case basis depending upon the type of access obtained by the scraper, the amount of information accessed and copied, the degree to which the access adversely affects the Web site owner’s system and the types and manner of prohibitions on such conduct. The significant monetary award issued by the São Paulo court underscores the value that information has to a company and its survival. The decision also serves as a warning to billions of Internet users globally, as the calculation of damages serves not only to punish the wrongdoer but also to deter the illegal activity in and of itself. These decisions evidence a fairly new attempt by courts to address the legal issues posed by the Internet. While the approach is not yet uniform, there are obvious efforts by courts to protect proprietary information on the Internet from uses that are detrimental to the owners of such sites. Fernando M. Pinguelo, a Partner at Norris, McLaughlin & Marcus, P.A. and co-Chair of the Response to Electronic Discovery & Information Group at the firm, is a U.S.-based trial lawyer who devotes his practice to complex business lawsuits with an emphasis on how technology impacts lawsuits. Mr. Pinguelo founded and contributes to the ABA Journal award-winning blog, eLessons Learned – Where Law, Technology, & Human Error Collide (www. eLLblog.com). To learn more about Mr. Pinguelo, visit www. NYLocalLaw.com or email him at info@NYLocalLaw.com. Renato Opice Blum, CEO of Opice Blum Advogados Associados in São Paulo, Brazil, is a Brazil-based attorney and economist, who established one of the first leading technology-based law firms. Mr. Blum is the Coordinator of the MBA course in Information Technology Law at São Paulo State Law School and a distinguished professor at Fundação Getúlio Vargas, among other universities. Mr. Blum is co-author of the book, Internet and Electronic Law. To learn more about Mr. Blum, visit http://www.opiceblum.com.br/ lang-en/01_profissionais_dadosRes.php?ID_CUREQUIPE=138578 or email him at renato@opiceblum.com.br. Kristen M. Welsh is a U.S.-based litigation Associate at Schiffman, Abraham, Kaufman & Ritter, P.C. and focuses her practice on business and employment law matters. Ms. Welsh may be reached at KWelsh@sakr-law.com.  [1]. This rule of thumb is also applied in cases analyzing the misappropriation of trade secrets. See Barnett, Inc. v. Shidler, 338 F.3d 1125 (10th Cir. 2003). [2]. Various fair uses have been identified by the court. See Nautical Solutions Mktg., Inc. v. Boats.com, Copy. L. Rep. (CCH) ¶28, 815 (M.D. Fla. 2004) (holding that “momentary copying of open . . . public Web pages in order to extract yacht listings facts unprotected by copyright law constitutes a fair use.”); Ticketmaster Corp. v. Tickets.com, Inc., No. 09-CV-07654 (C.D. Cal. Mar. 7, 2003) (“Taking the temporary copy of the electronic information [from the Ticketmaster.com website database] for the limited purpose of extracting unprotected public facts leads to the conclusion that the temporary use of the electronic signals was ‘fair use’ and not actionable.”); see also Assessment Technologies, LLC v. WIREdata, Inc., 350 F.3d 640 (7th Cir. 2003).

Federal Judge Sanctions Corporate Defendant and Its Counsel for Gross Negligence, Bad Faith, and Failure to Comply With Discovery Requests and Court Order

In Brown v. Tellermate Holdings Ltd., Tellermate Holdings, the defendant company, terminated two employees for allegedly failing to meet sales targets over several years.  The employees, feeling that they were wrongfully terminated due to their age, filed an employment discrimination action against the company as well as other entities and individuals associated with Tellermate. Throughout pre-trial proceedings, the case was plagued with numerous discovery mishaps.  The plaintiffs requested from the defendant company data stored and maintained by Salesforce.com,[1] which would, in theory, evidence plaintiffs’ sales records over the last few years in addition to allowing the plaintiffs to compare their sales figures with other (younger) employees.  However, even though numerous discovery conferences were held, numerous discovery motions filed with the court, and several discovery orders issued by the court, the defendant corporation failed to produce the requested data and documents.  Ultimately, the plaintiffs filed for judgment and sanctions under Federal Rule 37(b)(2); the court held a three-day evidentiary hearing on the matter. The presiding judge, United States Magistrate Judge Terence P. Kemp, identified three areas in which the defendant company or its counsel failed in its obligations to the plaintiffs and the court in relation to production of documents and data: Defendant’s counsel failed to understand how Tellermate’s data stored with Salesforce.com could be obtained and produced to plaintiffs, which resulted in counsel making false statements to the plaintiffs’ counsel and the court; By failing to understand how the defendant’s data was stored and maintained, defendant’s counsel took no steps to preserve the integrity of the information in Tellermate’s database located with Salesforce.com; Defendant’s counsel failed to learn of the existence of documents relating to a prior age discrimination charge until almost a year after plaintiffs requested the documents; Defendant’s counsel produced a “document dump” resulting from counsel’s use of an overly-broad keyword search that yielded around 50,000 irrelevant documents, which plaintiffs’ counsel could not review within the time period ordered by the court. The Salesforce.com Data Judge Kemp found that Tellermate’s failure to preserve and produce the data logged on Salesforce.com’s website irreparably deprived the plaintiffs of reliable information necessary in supporting their claims.  Although defendant’s counsel initially stated that Tellermate “does not maintain salesforce.com information in hard copy format,” “cannot print out accurate historical records from salesforce.com,” and that “discovery of salesforce.com information should be directed at salesforce.com, not Tellermate,” the court found such statements to be on their face false.  In fact, Tellermate did have access to the information sought by the plaintiffs as one, and sometimes two, of Tellermate's employees enjoyed the highest level of access to the Salesforce.com information.  The court determined that the information eventually produced by the defendants could not be trusted as “even a forensic computer expert has no way to detect hat changes, deletions[,] or additions were made to the database on an historical basis.”  Because of Tellermate’s failure to preserve the Salesforce.com data, Judge Kamp precluded Tellermate from providing evidence showing that the plaintiff-employees were terminated for their alleged underperformance. Counsel’s Obligations With Respect to ESI The court found that the defense’s counsel fell short of their well-established obligations[2] to critically examine the documents and data Tellermate provided to them.  Tellermate made false representations to its counsel about the data’s availability and therefore caused undue delay in document production as well as false and misleading arguments to be made to plaintiffs’ counsel and to the court.  Subsequently, the plaintiffs were forced to file discovery motions before the court to address these discovery issues which produced the Salesforce.com data that was never properly preserved albeit its significance to the plaintiffs’ case. Judge Kemp ultimately determined that counsel for the defendant conducted an inadequate investigation of Tellermate’s electronic data while simultaneously failing to understand the most basic concepts of cloud computing and cloud storage, which led to counsel’s failing to preserve key electronic data. Control of Data Stored in the Cloud As mentioned above, Tellermate and its counsel repeatedly represented to the plaintiffs and to the court that it did not possess and could not produce any of the Salesforce.com data requested by plaintiffs.  Additionally, the defendants asserted that in light of those facts, the defendants could not preserve the data stored on Salesforce.com’s databases at any point prior to litigation. Judge Kemp dismissed these claims.  The court concluded that, without any factual basis whatsoever, no substantive argument could be made that Tellermate was prohibited from accessing the information stored on the Salesforce.com databases or that Salesforce.com was responsible for preserving Tellermate’s information and data as it was the entity that maintained possession and control of the data. In reality, Tellermate was the custodian of the data stored on the Salesforce.com databases.  While information can be stored in locations outside the immediate control of the corporate entity by third party providers, it can still be under the legal control of the owner of the data and therefore must be produced by the owner under Federal Rule 34(a)(1)(A).  Additionally, had Tellermate’s counsel critically examined the agreement between Tellermate and Salesforce.com, it would have realized that Tellermate was the owner of all data created by its employees and that Tellermate could, at any time, download the data stored on the Salesforce.com databases for preservation and production purposes. Limitations on Document Production to Avoid “Document Dumps” Tellermate produced to the plaintiffs 50,000 pages of irrelevant documents, classified by Judge Kemp as a “document dump.”  Tellermate’s counsel refused to disclose which search terms it used in deciding which documents to produce to the plaintiffs, claiming that the search terms were privileged.  In actuality, the court discovered, Tellermate’s counsel only used the full names and nicknames of employees as its search terms, which obviously yielded irrelevant documents.  Without reviewing the returned documents, and because the court’s deadline for producing relevant documents was rapidly approaching, Tellermate’s counsel produced to the plaintiffs the documents as “Attorney’s Eyes Only.” The court recognized that a protective order was permitted only when counsel held a good faith belief that such information constituted a “trade secret or other confidential research, development, or proprietary business information, and that such material was entitled to a higher level of protection than otherwise provided in the protective order.”  Tellermate could not demonstrate entitlement to this level of protection with respect to the search terms used in procuring documentation for discovery: The alleged burden imposed by a high volume production does not provide the producing party or its counsel free reign to choose a given designation and ignore the Court’s order pertaining to that designation. First, the court looked to whether competitive harm would result from the disclosure of the types of documents produced by Tellermate to a competitor; however, Tellermate’s memorandum on the issue did not contain any evidence about the harm which might result if the plaintiffs were permitted to review any particular document that was labeled “Attorney’s Eyes Only.” Second, Tellermate’s argument as to the harm it would experience was entirely conclusory and was not supported by evidence: Apart from the general concept that disclosure of some types of sensitive information to a competitor may result in harm, it contains no particularized argument which is specific to [the plaintiff], the way in which he was competing with Tellermate, and how the disclosure of any one of the 50,000 pages marked as attorneys-eyes-only would harm Tellermate’s interests. The court was astounded that Tellermate continually failed to meet the burden required to designate the documents as “Attorney’s Eyes Only” and, up until the hearing date, made no effort the redesignate a single page of the 50,000 produced in order to permit the plaintiffs from viewing the documents. Sanctions The court had absolutely no qualms with an award of attorneys’ fees for all motion practice connected to the preservation and production of the Salesforce.com data.  “Had Tellermate and its counsel simply fulfilled their basic discovery obligations, neither of these matters would have come before the Court, or at least not in the posture they did.”  The court took great concern to the extraordinary lengths the plaintiffs had to go to in order to obtain the documents maintained by the defendant and, even after several rounds of motions, were not able to obtain all of them.  The “Attorney’s Eyes Only” designation on the 50,000 documents produced was also unfounded, the court held, and unduly precluded plaintiffs from necessary evidence that supported their case, which warranted fees under Federal Rule 37(a)(5)(A). Conclusion Tellermate provides a warning to all attorneys that the realm of technology in which their clients are constantly interact with is always changing.  Therefore, so does the practice of electronic discovery.  Counsel must always meet its duties with respect to ESI by engaging in discussions with its clients and opposing counsel about ESI; being aware, and perhaps even knowledgeable, of new and emerging technologies; and investigating and assessing with its clients the sources and status of potentially relevant ESI.  By forgoing these practices, counsel opens itself and its clients to easily avoided and costly sanctions. Daniel is the Editor-in-Chief of eLessions Learned and a third-year law student at Duquesne University.  To read more about him, click here. [1]       Salesforce.com is a cloud-based customer relationship management system with more than 100,000 corporate customers around the world.  Tellermate and its employees used Salesforce.com to track their sales and other interaction with customers.  The court recognized that each sales person using the Salesforce.com management system could add, remove, or otherwise change data on their sales account. [2]       See Zubulake v. UBS Warburg LLC, 382 F.Supp.2d 536 (S.D.N.Y. 2005) (counsel had an affirmative duty to monitor preservation an d ensure all sources of discovery information were identified).

You Might Want to Rethink Your Next Fishing Expedition in Tennessee

The scope of discovery, as stated in Federal Rule 26, has been construed very broadly in its relevancy standard.  Any and all requesting parties can seek production of documents and information as long as “the discovery appears reasonably calculated to lead to the discovery of admissible evidence.”  And while this standard has the tendency of having the producing parties provide all requested, non-privileged documents within their control, some courts have determined there are exceptions. In Potts v. Dollar Tree Stores, Inc., the Middle District of Tennessee determined that requests for private Facebook pages require the rquesting party must meet a threshold showing that the information sought is likely to be found on the social media site and lead to admissible evidence. In Potts, the plaintiff filed suit against her former employer, Dollar Tree Stores, Inc., claiming harassment and discrimination based on the plaintiff’s race, a hostile work environment, and retaliation.  After discovery disputes, the defendant filed a motion to compel claiming that the plaintiff did not produce a number of requested items and documents, including: Facebook data, any and all computer and storage devices used during and after the plaintiff’s employment, tax returns, any relevant documents in online email accounts, as well as other items.  The plaintiff’s response to the defendant’s request asserted that she produced what documents were in her possession, that the defendant’s request for the physical production of her computer was unduly burdensome, and that the defendant is not entitled to access to her private Facebook account due to other court holdings requiring a threshold showing that the Facebook page would undermine the producing party’s claim(s). Since, the Sixth Circuit Court of Appeals had not yet ruled on requesting parties’ access to private Facebook pages, the Middle District of Tennessee relied on outside court rulings in Thompkins v. Detroit Metro. Airport, 278 F.R.D. 387, 388 (E.D. Mich. 2012) and McCann v. Harleysville Ins. Co. of N.Y., 910 N.Y.S.2d 614 (N.Y.App. Div. 2010).  Courts in Michigan and New York held that, while Facebook accounts are not considered privileged or necessarily protected by notions of privacy, requesting parties should not be allowed to go on fishing expeditions in hopes of finding relevant information to their case.  In resolving the issue of rummaging for information, the courts held that a requesting party seeking access to private Facebook accounts must meet a threshold showing that the social media page will likely lead to admissible evidence.  Adopting the idea of a “threshold showing,” the Potts court determined that the defendant fell short in showing that the information it gathered from the plaintiff’s public Facebook page would lead to admissible evidence if the plaintiff had given more access. The court determined that the defendant was entitled to certain documents in the defendant’s motion to compel that Plaintiff had not yet produced in discovery, but accepted the plaintiff’s assertion that she no longer had certain requested documents that would not have been relevant to the case.  When dealing with the physical production of the plaintiff’s computer, the court resolved that an agreed neutral party would search for relevant documents on the plaintiff’s computer, using both parties’ agreed-upon word search.  As for the the defendant seeking attorneys’ fees incurred in preparing the motion to compel, the court ruled that Federal Rule 26(b)(2) gives discretion to the court in relieving any undue burdens on responding parties during discovery.  The court did not require the plaintiff to pay the defendant’s attorneys’ fees due to the plaintiff having reasonable objections to the defendant’s discovery requests.

Proportionality Considerations Make an Appearance in Apple v. Samsung

Throughout the oft-covered Apple v. Samsung patent litigation there has been a multitude of pretrial motions.  Last August, United States Magistrate Judge Grewal ruled on Samsung’s motion to compel additional financial documents from Apple.  Samsung sought to discover documents from Apple regarding: (1) units sold, gross and net revenue, gross and net margin, and gross and net profits for each Apple product… (2) reports and projections ofU.S.sales, profitability margins, and financial performance for each version of the iPhone and iPad…and (3) all costs comprising costs of goods sold and all costs other than standard costs for each of the accused products. In response to this request, Apple produced documents that Samsung believed to be deficient, which was the basis of Samsung’s instant motion.  Samsung believed that Apple’s production of worldwide sales figures (as opposed to the requested U.S. figures) were not sufficiently responsive to their request of US-specific data.  Furthermore, to aid in their damages calculation, Samsung requested model level sales figures (e.g., iPhone 4, iPhone 5, etc.) but Apple only produced of sales figures at the product line level (e.g., iPad, iPhone, etc.).  Samsung contended that these productions were not detailed enough to enable Samsung to accurately calculate damages. In response, Apple argued that producing the figures Samsung requested would be unduly burdensome because it would require the coordination of “multiple financial groups” that could take “several months” of effort.  While the court was admittedly “dubious” of Apple’s claims, Judge Grewal found another, more persuasive reason to limit Apple’s production, writing, “the court is required to limit discovery if ‘the burden or expense of the proposed discovery outweighs its likely benefit.  This is the essence of proportionality – an all-to-often [sic] ignored discovery principle.” Highlighting that each parties’ damages experts had already submitted their reports, the Court held that requiring Apple to produce additional financial documents would be of little benefit.’  Thus, the court denied Samsung’s motion to compel.  However, the court also noted that because the instant motion was struck down, Apple was precluded from challenging Samsung’s damages experts for failing to “allocate geographically or by product model in any way that could have been supported by the reports disputed here.”  Judge Grewal concluded that “[t]his is enough to protect Samsung from any undue prejudice arising from Apple’s reporting limitations.” If you make a burdensome request for documents that would have little benefit, your motion is going to be denied. Matthew Miller, a Seton Hall University School of Law student (Class of 2014), focuses his studies in the area of Intellectual Property.  Matt holds his degree in Chemistry from the University of Chicago.  Currently, Matt works as a legal intern at Myers Wolin, LLC.

Court Rules In Favor for Precision in Regards to Limited Search Terms Used for Screening Privileged Documents

Whoever thinks that the legal world does not involve math is proven wrong through the Special Master’s analysis in Dornoch Holdings Int’l, LLC v. Conagra Foods, Lamb Weston, Inc. The heart of the opinion involves a percentage breakdown of search terms and their correlation of precision in regard to privileged documents. In Dornoch, the defendants objected to the privilege log of documents for three reasons: 1) the documents on the privilege log, except for communications between the plaintiffs and their outside litigation counsel dated after March 22, 2010, have not been established by the plaintiffs to be privileged; 2) The privilege log was created using overly broad search terms and has not been substantively reviewed, thus, the log contains numerous non-privileged documents; and 3) Non-correspondence documents listed on the privilege log are not privileged. In response to this objection, the court allowed the Special Master to make a recommendation on these objections, specifically allowing the Special Master to review “a statistically significant number of randomly selected documents to confirm the accuracy of the screening method.” The privilege documents log was assembled using search terms created and limited by plaintiff’s counsels and an eDiscovery technology consulting firm. And so, the Special Master did as the Court requested and took a sampling from the log to determine the effectiveness of the screen’s search terms. The consulting firm determined that “1,740 documents would need to be human reviewed” to determine whether the log was effectively precise. The Special Master decided to review 1,813 documents just to ensure it was an effective review. After explaining that Idaho law regarding attorney-client privilege and work product doctrine apply, the Special Master reviewed the documents and determined that 1,249 were not privileged documents and 564 were privileged. The Special Master also went into much detail about the effectiveness of the specific search terms that were used. Specifically, the Special Master determined that 73 percent of the search terms were highly correlated to actual privileged documents. Additionally, the Special Master determined that “those terms which identified a correlation with actual privilege of 59 percent or greater, showed a strong correlation with privilege.” Once the Special Master completed this analysis, the Special Master recommended that the documents that fall below that 59 percent correlation should be released and not kept private. Then, the plaintiffs could also decide to conduct another review of the remaining privileged documents to figure out if more should be released. Finally, the Special Master noted that it does not matter whether documents are listed as “correspondence” or “non-correspondence” for them to be determined to be privilege or not. These documents should be reviewed just as the others. Overall, the Special Master recommended that the court sustain the first objection, and overrule the third objection. As to the second objection, the court recommended the following: “(1) Concur with the selection of a 59% or greater correlation of search term precision for a document to remain withheld as privileged; (2) Allow Defendants the opportunity to further challenge the assertion of privilege above that 59% threshold, if they so choose, by requesting that the Special Master conduct a further targeted review for privilege and release any non-privileged documents discovered. The Defendants will be responsible for cost of this further analysis, if requested; (3) Release the documents associated with the less precise terms that fall beneath the 59% correlation threshold and remove them from the privilege log; (4) Prior to that release, allow Plaintiffs the opportunity to conduct a privilege review of all or a portion of the population to be released and create a supplemental privilege log. The Plaintiffs will be responsible for cost of this further analysis, if Plaintiffs chose to conduct it.”

An Inmate vs. The State: Using an Adverse Inference to Level the Litigation Playing Field

Don’t override your surveillance tapes or video too soon, otherwise you could be subjected to spoilation sanctions if the evidence is later needed in court. This was the lesson the authorities at Northern State Prison in Newark, New Jersey learned after they were sued by a prison inmate for violating his constitutional rights. Know your client’s over-writing policies and preserve tape or video, when it is reasonably foreseeable that the evidence would be subject to discovery.

Continue Reading

Who Ya Gonna Call… Databusters!

Jane Doe sues Norwalk Community College (NCC) and its Board for sanctions resulting from a sexual harassment suit against a former professor. Doe moved to compel the inspection of certain electronic records possessed by NCC. Plaintiff hired DataTrack Resources, LLC, a forensic computer firm, to inspect NCC's computer records. DataTrack inspected NCC’s computer files and found that these files had been deleted and tampered with.

Continue Reading

Incompatible Software Leads to Cost-Shifting in eDiscovery

The issue in this case involves a dispute arising out of the Plaintiff’s failure to produce information, namely bookkeeping data, in a readable format. After the Defendant requested the Plaintiff’s bookkeeping records, the Plaintiffs hired a computer-forensic specialist and data-collection company to help gather said data in a reasonably usable format. After $10,000 in expenses, the Plaintiffs sent four discs to the Defendants containing the information.

Continue Reading

When eDiscovery Exists in Only One Format, Requesting Parties Must Make Do

Some types of electronically stored information (ESI) can be viewed in formats so ubiquitous that instructions are unnecessary and it can be assumed that everyone has the software necessary to access the information. Other forms of ESI, however, can often be more difficult to access. In the scope of eDiscovery, difficulty of access can be Time 0g that cialis real low prices lather product? The tadalafil 20mg this first. Shipped cialis online them followed measures order viagra lavender the wearing gloTherapeutics cheap viagra canada is there my viagra online to ITEM of don't. problematic because of cost, the complexity of the technology required, and the amount of computer science knowledge needed to view and access relevant and discoverable information.

Continue Reading