Mr. Boucher was Mirandized, but waived his rights and continued to talk to the agent.  During this conversation Mr. Boucher told the agent that he sometimes accidentally downloaded child pornography but would then delete the files when he realized what they were.  The agent requested that Mr. Boucher show him where he stored the files that he downloaded and Mr. Boucher directed him to a drive “Z”.

The agent continued to search the laptop and found several more instances of child pornography.  Mr. Boucher was subsequently arrested and the laptop seized (it was shutdown).

Nine days later a forensic bit image was made of the drive and the drive “Z” was found to be encrypted by PGP, and the content unaccessible without the encryption key which, curiously enough, Mr. Boucher has refused to turn over.

In November 2007 Judge Jerome J. Niedermeier granted Sebastien Boucher’s motion to quash the subpoena directing him to turn over his encryption key for the drive, citing his fifth amendment rights.

An appeal was filed and U.S. District Judge William Sessions in Vermont ruled this week that Mr. Boucher does not have a fifth amendment right to keep the files encrypted.

What motivates me most to write about this case is the knee-jerk response that will surely follow by those that only read news releases and not the actual filings in the case.  Both judges have raised some fascinating issues regarding the fifth amendment and this specific case, and both the granting of the motion to quash and the subsequent reversal hinged on specific facts in this case, and NOT a blanket decision as some blogs will have you believe.

Judge Niedermeier weighed issues regarding compulsion to testify (subpoena) and the various components that make up a valid fifth amendment argument. In pondering these points the judge notes:

Both parties agree that the contents of the laptop do not enjoy Fifth Amendment
protection as the contents were voluntarily prepared and are not testimonial. See id. at 409-10 (holding previously created work documents not privileged under the Fifth Amendment). Also, the government concedes that it cannot compel Boucher to disclose the password to the grand jury because the disclosure would be testimonial. The question remains whether entry of the password, giving the government access to drive Z, would be testimonial and therefore privileged.

The state evidently agreed to “not use the production of the password against Boucher.”  In so doing the state felt it would remove the testimonial aspect of entering the password.  Judge Niedermeier rejected this outright, citing United States v. Hubbell, 530 U.S. 27 (2000).

In rejecting further arguments, Judge Niedermeier pointed out that the password was something in Boucher’s mind, and further stated:

This information is unlike a document, to which the foregone conclusion doctrine usually applies, and unlike any physical evidence the government could already know of. It is pure testimonial production rather than physical evidence having testimonial aspects. Compelling Boucher to produce the password compels him to display the contents of his mind to incriminate himself.

In his reversal, Judge Sessions notes that neither side questions the fact that “the contents of the laptop were voluntarily prepared or compiled and are not testimonial, and therefore do not enjoy Fifth Amendment protection.”, but notes that the root of the issue is the production of the password that in effect causes the accused to “‘disclose the contents of his own mind’”.

He also mentions the “compelling” aspect of the subpoena and notes that there are two scenarios under which the act of production in response to a subpoena may communicate incriminating facts:

(1) ‘if the existence and location of the subpoenaed papers are unknown to the government’; or (2) where production would ‘implicitly authenticate’ the documents.” Id. (quoting United States v. Fox, 721 F.2d 32, 36 (2d Cir.1983)).

Drawing from this the judge concludes that because Boucher already let the Government see the drive and the contents (unencrypted) and because the Government does not require Boucher’s production of the unencrypted drive to link him to the files on his computer, then the production is not considered incriminating and so the fifth amendment protection is not valid.

I have to say that without reading the opinions I would assume that because Mr. Boucher was Mirandized, willingly volunteered information regarding the existence and contents of the drive (prior to shutdown and encryption) and willingly allowed a Government agent to browse his drive I would have assumed that he had rung a bell that could not be unrung.

[  Copies of the opinions will be uploaded soon]

In fact the “need” to preserve and produce metadata has been addressed in such cases as:

Shirley WILLIAMS, et al. v. SPRINT/UNITED MANAGEMENT COMPANY, 2005, and

Ryan v. Gifford, 2007

Both of which address the need to produce and preserve intact metadata.

In reading through Aguilar  I find the extended definitions of metadata and the issue of timing of the request to be the most interesting aspect.

This case stemmed from allegations of unlawful search and seizure.  Plaintiffs filed their initial discovery request in Feb. 2008.  Their request failed to address manner of production – specifically metadata.  In late March the plaintiffs filed a more specific request for certain documents to be produced in TIFF format with separate files documenting metadata fields and text, while others were to be produced in native format (spreadsheets and databases).

In mid-July the defendants objected.  As it turned out they were already well into assembling the requested documents in searchable PDF format.

In ruling on the case Judge Frank Maas takes time to define the different types of metadata using the Sedona Principles:

• Substantive metadata – Created upon generation of a file by an application and reflective of changes made by a user.
• System metadata – Information created by the user or the organizations IT structure.
• Embedded metadata – Information not visible that becomes part of a native file.

He then refers to Federal Rules of Civil Procedure and states:

“Metadata is not addressed directly in the Federal Rules of Civil Procedure but is subject to the general rules of discovery.  Metadata thus is discoverable if it is relevant to the claim or defense of any party and is not privileged.”

He adds:

“[f]or good cause, the court may order discovery of any matter [including metadata] relevant to the subject matter involved in the action.”

He goes on to note that metadata is subject to the balancing test introduced by Rule 26(b)(2)(c) that would require a court to weigh probative value against burden.

This is all pretty standard stuff, and seems to be where a lot of the various forensic firms have stopped in their analysis of this case.  Too bad!  All of this has already been established in other cases (for instance the two I noted above).  There IS more, though, and it is interesting.

The judge states that metadata “has become the ‘new black,’ with parties increasingly seeking production in every case, regardless of size or complexity.”  And then he notes the time difference between the plaintiffs initial request (which did not specify manner of production) and when they actually specified the requirement for metadata.  By this time the defendants “collection efforts were largely complete” and didn’t include the metadata.  Because of this he observes that the plaintiff is essentially requesting a second production and faces an increased burden.

Even this ruling, though, has been well established in many cases – and Judge Maas cites a number of them in his decision.

The real interesting part that seems to be missed in most of the write-ups is what Judge Maas does with this “build-up”.

Relating to the emails to be produced a second time with metadata he rules that since the defendants had previously indicated a willingness to produce the emails with metadata intact that they would be ordered to produce emails that had not already been identified (about 300) with metadata.  It is interesting to me as a forensic examiner that the judge notes that “forwarding” emails kills the original metadata – someone noticed!

In addressing the Back up tapes Judge Maas applies the balance principle in Rule 26(b)(2)(B) and rules against the plaintiff.

Judge Maas addresses “Word processing documents and Powerpoint Presentations” by acknowledging the value of metadata in these documents to establishing timelines, but rejected the plaintiffs argument that metadata is required to efficiently search the documents.  He acknowledges that the probative value of metadata related to these documents outweighs the burden of production.  With this he ordered the defendants to produce the Word and Powerpoint documents with metadata intact with the provision that the plaintiff would bear the cost of production.

Regarding spreadsheets Judge Maas makes an interesting observation.  He states “the relevance of metadata depends upon complexity and purpose.”  While the spreadsheets in question did have formulas, they computed a simple sum and were not complex.  Stating that the plaintiffs had no evidence or reason to think fraudulent manipulation had occurred he found that the arguments of the plaintiff had no “relevance to claims or defenses in this case.”  Regardless, since the defendants had expressed a willingness to produce the spreadsheets in native format prior he ordered their production.

The last type of metadata addressed by Judge Maas relates to the defendants databases.  Previously the parties had agreed to review one of the databases in a live demonstration.  The plaintiff had demurred for lack of an expert to assist in the review.  The judge ruled that lack of an expert was no longer a cause for extension and ordered a date by which the plaintiffs must complete the review.

It is the many facets of metadata addressed that make this case interesting and useful.  I have no idea why others are focusing solely on the “need” to preserve and produce metadata, we already knew that.  Judge Maas has provided us with a fascinating study in metadata that goes beyond need.

——————————————————————————————————————————————

In re Teleglobe Communications Corp., 2008
Category – Production, Spoliation
WL 3198875
( Bankr. D. Del. Aug. 7, 2008 )

Background:  Defendants’ motion to exclude testimony of the plaintiff’s expert as a sanction for the alleged spoliation of information considered in forming their opinions is denied.  The court found that Rule 26(a)(2)(B) does not require the plaintiffs’ experts produce all drafts of their reports.

In addition, the court rejected the notion that draft reports fall into the category of data or information “considered” by the expert, which must be produced:

“The expert does not really ‘consider’ prior drafts in forming his opinion; the prior drafts are simply preliminary iterations of his opinion.  Rather than ‘consider’ his prior thoughts and statements, in editing the report the expert is considering the underlying data which forms the basis of the revisions.”

The court recognized that the Plaintiff’s experts did not destroy any documents, they simply made corrections to their reports and failed to save the drafts.