Weekly Highlights: September 17, 2012

September 17, 2012

Things You Might Have Missed Last Week

(Highlights in legal, forensics, and electronic discovery news for the past week)

Interesting Electronic Evidence Cases

Inhalation Plastics, Inc. v. Medex Cardio-Pulmonary, Inc., No. 2:07-CV-116, 2012 WL 3731483 (S.D. Ohio Aug. 28, 2012)

The defendant inadvertently produced almost 350 pages of email. Even though, after in camera review, the court found that many of the produced materials were “within the ambit of attorney-client privilege”, the court found that privilege had been waived.

Weekly Highlighted Article

From E-Discovery Beat:

Experts Consider E-Discovery Implications of New ABA Ethics Rules Amendments

From BowTieLaw.com:

Forensically Examining a Lawyer’s Computer

Electronic Evidence News

Twitter Gives Occupy Protester’s Tweets to U.S. Judge

Court Issues 20-Year Product Injunction in Trade Secret Theft/eDiscovery Sanctions Case

Samsung Flexes Litigation Muscles at Apple Ahead of iPhone 5 Launch-Again


Weekly Highlights: September 10, 2012

September 10, 2012

Things You Might Have Missed Last Week

(Highlights in legal and electronic discovery news for the past week)

Interesting Electronic Evidence Cases

Robinson v. Jones Lang LaSalle Americas, Inc., No. 3:12-cv-00127-PK (D. Or. Aug. 29, 2012)

The defendant was seeking to compel production of discovery in (among other things) “all social media content involving [Plaintiff] since July 1, 2008” related to the Plaintiff’s “‘emotion, feeling, or mental state,’ to ‘events that could be reasonably expected to produce a significant emotion, feeling, or mental state,’ or to allegations in [Plaintiff’s] complaint.”.

Magistrate Judge Paul Papak (Oregon) found:

“I see no principled reason to articulate different standards for the discoverability of communications through email, text message, or social media platforms. I therefore fashion a single order covering all these communications.”

Link to Opinion PDF

Apple, Inc. v. Samsung Elecs. Co. Ltd., No. C 11-1846 LHK (PSG) (N.D. Cal. July 25, 2012)

The Defendant in this case was sanctioned for the loss of relevant emails due to Defendant’s failure to follow-up with employees to ensure compliance, and the Defendant’s failure to halt the email system’s auto-delete function.  Sanctions included an adverse inference that allowed the jury to presume that the missing evidence was relevant and favorable to the Plaintiff.

Link to Opinion PDF

Weekly Highlighted Case

EEOC v. Simply Storage Mgmt., LLC, 270 F.R.D. 430 (S.D. Ind. May 2010)

This case can be very useful when dealing with social media electronic evidence matters.  It was utilized by the Oregon magistrate in the above listed case (Robinson v. Jones Lang LaSalle Americas) when forming his opinion.

The defendant in this matter was seeking production of claimants’ social networking site profiles, as well as other communications from social sites used by the claimant.

Last May, the Great State of Texas saw a similar matter that relied, in part, on the EEOC case:

IN RE MAGELLAN TERMINALS HOLDINGS, L.P. AND MAGELLAN MIDSTREAM HOLDINGS GP, LLC 
Link to PDF Document

Electronic Evidence News

State Bar of Texas Alert Says ‘Scam Artist’ Stole Nonpracticing Lawyer’s ID for Fake Website

West Let Off the Hook on Web Malpractice Claim

OJ Simpson Prosecutor: Johnnie Cochran May Have Tampered with Bloody Glove


Changes to FRCP 8, 26 and 56 Just Around The Corner

November 16, 2010

December 1, 2010 marks the date that some important changes to Federal Rules of Civil Procedure will take effect.

The changes will affect the following:

1. Rule 8:  General Rules of Pleading  (Last amended Aug. 1, 1987)

2. Rule 26:  Duty to Disclose; General Provisions Regarding Discovery (Last amended Dec. 1, 1993)

3. Rule 56: Summary Judgment (Last amended Dec. 1, 2009)

As an expert witness, Rule 26 is the change that has most impact to me and how I interact with my cases and my clients.  For this reason I have focused on outlining the more significant changes.  I have provided a link to the full House Document 111-111 at the bottom of this post.

The biggest change is in the wording and interpretation of Rule 26(a)(2)(C) regarding disclosures of draft copies and communication of the expert witness.  While the previous 1993 interpretation meant that all drafts, notes and communications are to be disclosed, the new Rule 26 fixes this interpretation.

Citing the “profoundly practical” argument for extending work-product protection to certain communications and all drafts of the written report, the Civil Rules Committee went on to point out the loss of “robust communication” between the attorney and the expert [1] (we all know the wild gyrations we take to avoid discoverable material) , the “tortuous steps to avoid having the expert take any notes”, and the “often futile” attempts to show that the expert was unduly influenced by the retaining lawyer. [2]

On a real-life level, I never take notes unless they are to document methodology, and unless given specific permission I avoid email and other written communication to my retaining attorney.  Report generation (unless it violates a specific order) means that I generate a report without saving it and have a remote viewing session with my retaining attorney.  This tends to create:

  • Extra phone calls to verify recollection of information,
  • Unnecessary phone tag,
  • Additional report generation time, and
  • A decrease in the retaining litigant’s view of the efficiency and effectiveness of the process.

Here are some of the highlights of the Rule 26 changes that fix the above issues:

  1. 26(a)(2)(B)(ii) has been amended to read that disclosure is to include all “facts or data considered by the witness in forming” their opinions.  This changes the previous wording of “the data or other information” verbiage that was used to imply all communications, written notes and drafts.
  2. The “Time to Disclose Expert Testimony” has been shifted to 26(a)(2)(D) and specifies the time limit for rebuttal evidence for both 26(a)(2)(B) and 26(a)(2)(C).  The new 26(a)(2)(C) deals with witnesses that are not required to provide a report.
  3. 26 (b)(4)(B) protects “drafts of any report or disclosure required under 26(a)(2), regardless of the form in which the draft is recorded.”  Essentially this makes the verbiage change in 26(a)(2) explicit.
  4. 26 (b)(4)(C) provides protection for “communications between the party’s attorney and any witness required to provide a report under Rule 26(a)(2)(B), regardless of the form of the communications”.  There are three types of communications that are exempted from this protection, though:
  • Communications that relate to compensation for the expert’s study or testimony;
  • Communications that identify facts or data that the party’s attorney provided and that the expert considered in forming the opinions to be expressed (emphasis added)
  • Communications that identify assumptions that the party’s attorney provided and the the expert relied on in forming the opinions to be expressed (emphasis added)

In short – better communication, less wild gyrations by the experts and their retaining attorney and shorter deposition without all the attempts to show undue influence. I was excited to see this discussed at Sedona and am thrilled to see the results just around the corner.

The only thing I will miss is the competitive advantage actually knowing FRCP gave me in this area vs. the numerous experts that didn’t seem to take the time.

The benefits, though, definitely outweigh this one advantage.

The link to the Supreme Court’s Approved Rules page is here:

Approved Rules Page

Direct links to the component PDF documents are below:

Rules (Clean Version)

Excerpt of the Judicial Conference Report

Excerpt of the Report of the Advisory Committee on Civil Rules

[1] 111th Congress, 2d Session House Document 111-111, page 35
Civil Rules Committee Report 5/8/2009, page 3

[2] 111th Congress, 2d Session House Document 111-111, page 25
Excerpt From The Report of the Judicial Conference 12/18/2009, page 3


McAfee Alleged to Hand Subscriber Credit Cards to Third Party

April 8, 2010

A Federal class action suit filed by Rosen, Bien & Galvin, out of San Francisco alleges that McAfee uses deceptive techniques to “trick” users into handing their credit card information to a third party partner.

After entering the information, previously undisclosed charges charges appear on the user’s credit bill.  The suit alleges that when the user attempts to contact the third party to cancel the “service” they receive a recording that states it “does not offer cancellation or subscription services”.

The complaint also states that upon contacting McAfee the users are told that the AV software company cannot do anything about the charge.

Add this one to the “One More Reason McAfee Sucks” category, and file under “Dirt Rat Bastards”.

CourtNews Link:

Class Claims McAfee Pulled A Fast One


DEA Proposes Allowing Electronic Prescriptions for Narcotics

April 6, 2010

On March 31 the DEA published a proposal to allow electronic prescriptions for narcotics (Docket No. DEA-218I).

The effective date for this is June 1, 2010 pending congressional review.  The RFC section gives insight into how they plan to implement (bold text added by yours truly):  Identity proofing, access control, authentication, biometric subsystems and testing of those subsystems, internal audit trails for electronic prescription applications, and third-party auditors and certification organizations.

It looks like there will be a requirement to be “certified” to perform electronic fill of narcotic prescriptions, but is that really enough (think Heartland)?

There are several really interesting tidbits that can be derived from this document that I did not realize:

1. “The responsibility for the proper prescribing and dispensing of controlled substances is upon the prescribing practitioner, but a corresponding responsibility rests with the pharmacist who fills the prescription.” – This makes sense, but also indicates that they will likely follow a path where the responsible parties determine the means by which they accomplish an outline of requirements surrounding security related to narcotics prescription.  Ask yourself this:  Did HIPAA end internal patient record theft?

2. “[M]ost electronic prescriptions are routed from the electronic prescription or EHR application through intermediaries, at least one of which determines whether the prescription file needs to be converted from one software version to another so that the receiving pharmacy application can correctly import the data. There are generally three to five intermediaries that route prescriptions between practitioners and pharmacies.” – This points to the lack of standards, potential for screw ups and also multiple points of potential abuse.

I am still reviewing the text document (it is long) but I am also preparing and educating myself in this area – I feel some cases coming.

Original Federal Register Text:

FR Doc 2010-6687


Financial Institutions Using Live Data Sets in Test Environments

March 16, 2010

A recently released survey finds 83% of financial firms use production data for testing.  What this means (for the non-developers) is that your customer data is used unmasked and in its full form to test systems that, by the very fact that they should be TEST systems, have an unknown level of security and integrity.

Even though the study was commissioned by a company that works specifically with data protection in test environments (important to call out bias!), I believe the numbers on this one – especially when I go back and research the number of financial institution data breaches that have occurred because “live” customer data sets were in the hands of a third party contractor, or other employee off-site.

I have done development work on health data and I understand full well the challenges of creating meaningful data sets (as well as the enormous expense) for testing purposes.  The bottom line comes to this:  There is no excuse that justifies exposing personal data in this manner.  Period.

In performing penetration tests a common tactic that we use during the “recon” phase is to look for servers that are obviously development systems.  We do this because patch levels and security are typically at a minimum on these systems and they are usually the “low hanging fruit”.

So it makes me wonder – just what justification can possibly make these guys think this is OK?

Here are some more stats from the study that should give you pause:

  • identity compliance procedures (used by only 56 percent of companies surveyed);
  • intrusion detection systems (used by only 47 percent of companies surveyed);
  • data loss prevention (DLP) technology (used by only 41 percent of companies surveyed); and
  • Social Security number usage (88 percent of those surveyed still use this as a primary identifier)

Remember these findings the next time you read a news release regarding a financial institution data breach and some chuckle-head says that they are quite certain no sensitive data was taken or misused.  The very next question to ask is: How would you even know?

Sources:

http://money.cnn.com/news/newsfeeds/articles/globenewswire/185342.htm

http://cpwr.client.shareholder.com/releasedetail.cfm?ReleaseID=448389


ID Theft: It’s Not Just For Credit Cards Anymore

March 10, 2010

George Jenkins, the writer for the “I’ve Been Mugged” blog (http://ivebeenmugged.typepad.com) writes about a recent survey release discussing medical identity theft.  While this has been going on for a while (I had my first case involving electronic MedID theft 8 years ago) it serves as an excellent proactive warning:  THINK about any and all information systems that you give your ID to and QUESTION the flow of information.  We are not living in an age where blind trust/acceptance is acceptable.

The study was performed by the Poneman Institute and sponsored by Experian.  One of the Privacy analysts with Poneman was quoted (emphasis added):

“The two results that stood out to me were the more than $20,000 average cost to consumers who suffered ID/credit fraud as a result of a medical data breach, as well as the potential for physical harm to those who have their medical records ‘polluted’ due to healthcare fraud,” says Mike Spinney, a senior privacy analyst at Ponemon Institute.

The residual issue of “physical harm’ due to a corruption of medical records gives plenty to ponder – especially given the efforts to aggregate medical records in an electronic environment.  Also particularly interesting are the number of people that were aware they had a problem and did not report it.  I wonder about the psychology of that.

By the way – George is an excellently informed writer on these types of stories, and his blog is definitely worth a follow.

George Jenkins’ Link:

Survey: 5.8% Of US Adults Have Been Medical Identity Theft Victims