Emerging content formats challenge e-discovery
The sheer volume of potential discovery information from the IoT will tax the technical capabilities of those responsible for that task, whether they are in-house legal departments or litigation support services. “A year or two ago, people might just have a laptop and a phone,” Linn says, “but now they can easily have a dozen or more devices that are connected, including their automobiles, home security systems and health monitoring systems.”
Not only is the data from each device potentially relevant, but the way they correlate with each other and along a timeline is also a factor. “To get the larger picture, it’s necessary to start overlaying this data with input such as GPS and all the events that occurred over time,” says Linn. “At that point, the information obtained through e-discovery has to be presented in an intelligible way through maps, graphs and charts. It becomes a knowledge management issue.”
No exemption for the cloud
Fitbit, Nest and other devices send their information to the cloud. “Nothing exempts the cloud from discovery,” says Jason Straight, senior VP, cyber risk solutions and chief privacy officer at UnitedLex, “at least in the United States, although in some countries certain types of data such as geolocation are much more protected. The rules of discovery are intentionally written broadly and cover anything that provides factual information relevant to the case.” UnitedLex offers legal, cybersecurity and business services on a global scale.
The gap between the law and technology has been ever-present and does not apply just to e-discovery, as the slow change in rules for electronic records indicates. However, in the case of e-discovery the stakes can be high and the technology complex. “I got a request for data from surveillance cameras last week,” Straight says, “but cameras don’t have tapes anymore—they store the video in the cloud in digital format, and most have proprietary formats that have different CODECs for coding and de-coding. Using this information in a case can require a lot of work.”
Other data in proprietary form includes data from self-driving automobiles and collision warnings emitted by automobiles driven by humans. “Right now the demand is not strong for tools that will make this information discovery-ready,” comments Straight. “However, eventually there will be a tipping point, and then companies will find a way to do it.”
There is no single right way to preserve Facebook data, Straight points out. “Certainly there are now forensic tools designed to create a copy of a website or Facebook page. However, the page could also be captured in a simple screenshot or produced using a viewer,” he says. That method could be considered forensically sound as long as the process is properly documented and verified. “A video recording of someone navigating the site could also be considered forensically sound,” Straight adds, “as long as it has a verifiable date and time stamp, but like making screenshots, it is a manual process and quite painstaking.”
As each data type becomes more important in discovery, new ways will be found to find and preserve it. Cellebrite, for example, has developed methods of extracting information from mobile devices. Its physical extraction methods can retrieve even deleted files including both passwords, applications, geo tags, location information and media files. EnCase Mobile Investigator from Guidance Software is another product that specializes in extracting data from mobile devices.
“Although some sources of data are not yet mainstream, as each one becomes more relevant, we and other companies will make forensic collection for e-discovery more efficient,” Straight concludes.