Judge rejects party's offer to hand over blog credentials (login/password) instead of documents during discovery

In the highly contentious realm of electronic discovery where login passwords are zealously guarded, one plaintiff had no qualms about granting such access if it meant evading her burden of production in an acceptable format.

In German v. Micro Elecs., 2012 U.S. Dist. LEXIS 4594 (S.D. Ohio 2013), the trial court held it impermissible for a party to shift its burden of production due to the party’s refusal to produce the sought after electronically stored information (ESI) in an acceptable format.

In a discovery dispute arising from an employment action, the plaintiff offered to provide the defendants with her login credentials and passwords to her blogs and websites she frequented in lieu of producing responsive ESI. The defendants refused the offer due to the risk of being accused, or found to have altered relevant evidence.

Although it was an unusual offer, the defendants’ attorney employed commendable dexterity in effectively forecasting the risk associated with accepting the plaintiff’s offer to hand over her passwords.  

During the course of discovery, the defendants requested that the plaintiff produce all online postings, blogs and similar online activities that addressed the plaintiff’s workplace, health condition, or other issues raised in her complaint. 

The plaintiff responded by sending over a hundred pages of portions of blogs and websites that she had copied and pasted without any source attribution. The defendants rejected the submission because it considered the production deficient as it did not capture the original and complete text, formatting, and images of a blog or website. The defendants suggested that the plaintiff utilize a portable document format (PDF) or any format that is reviewable and that captures the documents in their original format. 

Although the plaintiff characterized herself as an extensive blogger and sophisticated user of the Internet, she stated that defendants’ request for production of screen shots or PDF was particularly too burdensome.  As an alternative, she offered the defendants direct password access to all her online journals, blogs, and social media websites.

The court found the plaintiff's excuse and suggestions to be unacceptable and noted that despite the defendants not requesting a specific form for producing the ESI, the plaintiff had a burden to produce the requested information in a form that the information is ordinarily maintained or in a reasonably usable form. The court ruled that the copied and pasted excerpts were neither an acceptable nor reasonable form of production. 

Read More

"Egregious spoliation conduct" of plaintiff, who used various pieces of software to scrub his computer, results in claim forfeiture

Update: I've placed a link to the case in the write-up

In Taylor v. Mitre Corp., 2012 U.S. Dist. LEXIS 162854 (E.D. Va. September 10, 2012), the plaintiff in an employment related suit (FMLA and ADA claims), through "egregious spoliation conduct" - use of CCleaner, Evidence Eliminator, and a sledge hammer - had his suit tossed out and forfeited his claims.

The action was brought before the court on a Motion for Sanctions, filed by the defendant, after Mitre Corp. discovered (through a court ordered forensic examination of the plaintiff's computer) that the defendant had knowingly deleted large swaths of files on his new computer. The plaintiff was also requested to produce an old HP laptop that he had used during his employment with Mitre and which had significant litigation related information on it. The plaintiff, however, indicated that he had tried to back up the computer, only getting 30-40% of the files off, before taking a sledgehammer to the computer and taking it to the dump.

Aware of the plaintiff's new Dell computer, the court ordered a computer inspection of the Dell to discover any related evidence. The court described what happened next:

 E-mails between Plaintiff and his counsel illustrate Plaintiff's frustration with the Court's consideration of a mandatory computer inspection. For example, on May 30, 2012, in an e-mail to counsel, Plaintiff said, "As a computer expert very familiar with forensic examinations, I find this overly invasive and unwarranted" and that he and his wife would "not submit to a voluntary submission of [their] electronic devices without a court order."  Plaintiff goes on to say that if his counsel returned with a court order requiring inspection of his laptop he "will either not provide the devices or [he] will move all non-sensitive files to a CD and wipe the drive." . . . At the conclusion of the e-mail he jokes that "an electrical surge just fried my computer and a 50 pound anvil fell over and landed on it" and asks "what penalties [he would] suffer from a contempt of court citation."

The attorney client emails above were discoverable due to the fraud exception to the privilege.  After the court order was clarified to fall under FRCP 34, a forensics firm conducted a keyword search on the computer, but the defendant refused to allow it to be imaged.

The forensic company then ran various forensics programs on the computer and discovered a plethora of evidence showing the plaintiff's spoliation activity. The day the plaintiff heard about the court order for inspection, he bought Evidence Eliminator, which overwrites files on the computer to make them unable to be recovered upon forensic examination. However, the plaintiff did not make any attempt to remove the program after using it, so it was easy to confirm he had in fact done so. Additionally, he had run CCleaner (which cleans temporary internet files), to destroy additional evidence, to the tune of approximately 16K files being deleted. Finally, in another effort to avoid discovery, he used Private Browsing to ensure browsing history would be erased when the browser was exited.

The court was not pleased, and dismissed the case and ordered forfeiture of the plaintiff's claims - the harshest sanction possible. This was a ruling based on all of the activities the plaintiff took, willfully to destroy evidence - taking a sledgehammer to the old PC, using CCleaner, private browsing, and most especially, using Evidence Eliminator. With regard to the latter, the court stated:

This Court cannot, and will not, tolerate the use of such a program by a plaintiff in litigation—in the middle of the discovery—who had knowledge that his computer was about to be searched pursuant to a Court order. The undersigned Magistrate Judge concludes that downloading and running of Evidence Eliminator just days after finding out about the Court-ordered computer inspection constituted willful spoliation of evidence.

The court went on to say that the conduct noted above highly prejudiced the defendant, and to let the suit proceed after such willful conduct, would be to the detriment of the defendants.

My question is - how could a self-described computer expert not know he would get caught?

Read More

Federal court holds that 15-month delay in reviewing electronic evidence was an unlawful seizure

In what I would call a very significant case, a New York federal court has held that failure to examine a defendant's imaged hard drive within 15-months after it was obtained was an unlawful seizure in violation of the Fourth Amendment. In United States v. Metter, 2011 U.S. Dist. LEXIS 155130 (E.D.N.Y. 2012) the government imaged over 60 hard drives as part of a criminal investigation into securities fraud, yet held on to the images and failed to actually do anything with them for over 15 months. The defendant argued that "the government's significant delay in conducting off-site searches of the imaged evidence merits blanket suppression of all seized and imaged evidence as routine delays of this duration would eviscerate the Fourth Amendment's privacy protections." While treading very cautiously, the court ultimately held that such delay, especially due to the amount of irrelevant, yet highly personal information that could be on a computer hard drive, was an unreasonable seizure.

At the outset, the court noted that the defendant's argument raised "an interesting issue of first impression in this Circuit that may impact electronic discovery in future criminal investigations and cases: How long may the government retain seized and imaged electronic evidence before conducting a review of that evidence to determine whether any of it falls outside the scope of a search warrant?" (This is indeed an interesting question. Think, for example, of evidence collected from a murder scene. The officers may take pictures, blood swipes, fingerprints, etc., but they cannot bag up the entire site or completely capture it for future use. That is the case with imaging a defendant's hard drive, though - essentially the evidence (relevant or irrelevant) lasts forever; it can be revisited ad nauseum, and consequently raises a plethora of Fourth Amendment concerns. Ultimately, and because of this evidentiary effect, this ends up as a case where the court was forced to treat electronic evidence different from physical evidence because of the fundamental difference in nature and kind between the two.)

The court went on to note that courts have long recognized that searches (typically of papers) will inevitably involve reviewing documents that are outside of the scope of the search because it is impossible to conduct a search otherwise; pragmatically, there are "tactical difficulties" in cabining a search when you don't know what you will find, or where "it" will be found, per se.  This recognition has been extended to computers, but:

Computers and electronic information present a more complex situation, given the extraordinary number of documents a computer can contain and store and the owner's ability to password protect and/or encrypt files, documents, and electronic communications. As a result, the principle of permitting law enforcement some flexibility or latitude in reviewing paper documents just described, has been extended to computerized or electronic evidence. Courts have applied the principles recognized in Andresen "in analyzing the method used by the police in searching computers and have afforded them leeway in searching computers for incriminating evidence within the scope of materials specified in the warrant."

Thus, courts look to the heart of the Fourth Amendment for the lawfulness of the search - was it "reasonable?"

The court recognized that the warrants issued in this case (there were multiple, spanning both homes and offices), were facially valid, sufficiently particular, and clearly defined the scope of each search. Additionally, the police acted reasonably in executing the searches, and promptly returned the hard drives back to the owners after they were imaged. Thus, the crux of the case does not involve a failure of the warrants themselves, or the procedure in which they were executed on-scene, but the process involved afterwards.


The court pointed out that delays of several months have been found to be reasonable - there may be law enforcement delays, an ongoing investigation, etc., but that there was a lack of precedent on the ceiling of this temporal question - when did a delay become presumptively unreasonable. While not actually answering that question, or establishing a black-letter rule, the court stated that:

The parties have not provided the Court with any authority, nor has the Court found any, indicating that the government may seize and image electronic data and then retain that data with no plans whatsoever to begin review of that data to determine whether any irrelevant, personal information was improperly seized. The government's blatant disregard for its responsibility in this case is unacceptable and unreasonable.

The court dismissed the government's argument that because they returned the original hard drives they were not really violating any privacy. I find this argument to be almost laughable - why does having a copy of a personal document lessen its embarrassing or incriminating nature? The court found this a "distinction without a difference."

Notably, the defendant's counsel had also notified the court that the government was willing to provide copies of these hard drives to attorneys of other defendant's involved in the fraudulent scheme, upon request. While this might have been helpful in a discovery sense, the failure to triage these hard drives for irrelevant information was damning. Ultimately, the court stated:

The government's retention of all imaged electronic documents, including personal emails, without any review whatsoever to determine not only their relevance to this case, but also to determine whether any recognized legal privileges attached to them, is unreasonable and disturbing. Moreover, the government repeatedly asserted its intent to release indiscriminately the imaged evidence to every defendant, prior to conducting any review to determine if it contained evidence outside the scope of the warrants. The Court agrees with Defendant that the release to the co-defendants of any and all seized electronic data without a predetermination of its privilege, nature or relevance to the charged criminal conduct only compounds the assault on his privacy concerns. It underscores the government's utter disregard for and relinquishment of its duty to insure that its warrants are executed properly.

After holding the government's actions in contravention of the Fourth Amendment, the court wrestled with the remedy. Did such process "deserve" complete suppression of all evidence - a remedy quite harsh to a case built around such evidence. The court ultimately decided complete suppression was warranted:

The Court has not reached this conclusion lightly. However, the Court cannot, in the interest of justice and fairness, permit the government to ignore its obligations. Otherwise, the Fourth Amendment would lose all force and meaning in the digital era and citizens will have no recourse as to the unlawful seizure of information that falls outside the scope of a search warrant and its subsequent dissemination. 

The impact of this case is wide-reaching for law enforcement - essentially they must do something with seized evidence in a reasonable amount of time. This raises a series of questions:

1. What must law enforcement do to prevent suppression if the amount of time grows - merely do a keyword search, or fully triage and redact irrelevant evidence?
2. We know 15 months is too long, but what about 10, 12 or 8 months? Another line drawing problem is born.
3. How does this decision affect law enforcement timetables for existing and future investigations, and what if any impact will it have as more cases involve electronic evidence and case loads and backups increase?
4. What will the impact of this decision be on general electronic discovery as it relates to passing unredacted/reduced electronic evidence to co-defendants, since such discovery implicates privacy concerns due to the nature of hard drives and the "intermixing" of relevant and irrelevant evidence?

Read More