Richmond Journal of Law and Technology

The first exclusively online law review.

Author: Sean Livesey (Page 8 of 8)

A Litigator's Guide to the Internet of Things

Peyton Publication Version PDFpdf_icon 

 

Cite as: Antigone Peyton, A Litigator’s Guide to the Internet of Things, 22 Rich. J.L. & Tech. 9 (2016), http://jolt.richmond.edu/v22i3/article9.pdf. 

Antigone Peyton, Esq.*I

I. Introduction

[1]       Maybe you’ve heard about the Internet of Things (IoT). It’s the network of physical objects (or “things”) that connect to the Internet and each other and have the ability to collect and exchange data. It includes a variety of devices with sensors, vehicles, buildings, and other items that contain electronics, software, and sensors. Some IoT objects have “embedded intelligence,” which allows them to detect and react to changes in their physical state.[1] Though there is no specific definition of IoT, the concept focuses on how computers, sensors, and objects interact with each other and collect information relating to their surroundings.[2]

[2]       In 2009, the number of “things” connected to the Internet surpassed the number of people worldwide.[3] That was just the beginning of the IoT movement.[4] In fact, some industry experts estimate that there will be up to 50 billion connected devices by 2020.[5] The LinkedIn “Internet of Things Community” is 12,000 members strong, and it’s growing every day.[6] Lawyers need to understand how this explosive growth in the IoT market is going to change their practice in the courtroom.

[3]       From a litigator’s perspective, there are benefits and risks associated with IoT evidence. These connected objects, combined with big data analytics, can make cases simultaneously clearer and more complicated. The IoT movement also challenges litigators to roll up their sleeves and think creatively about how all these connected objects can tell a story. The key evidence that blows the case wide open may be right in front of your face, flying through the interweb, waiting patiently in a client’s smart phone app, or sitting on their fitness device.

[4]       For instance, and as this paper explores, IoT information can be used to track suspects’ movements at the time a crime occurred and provide evidence of an alibi. It can be used to attack the credibility of witness testimony and show how a vehicle was (or wasn’t) functioning properly when an accident occurred. As with all evidence we might use in the courtroom, lawyers, juries, and judges need to understand how IoT data should be interpreted and its limitations.

[5]       Lawyers also need to talk with clients about the smart objects they interact with and which objects might have information that is potentially relevant to litigation. The data those objects collect might reflect a client’s physical injury and diminished capacity, indicate the physiological response to a sexual harassment incident, or provide evidence of a former employee’s unauthorized access to company systems to steal data. Consider the narrative that can be created once you obtain the right IoT data from a client or opponent. You can’t consider the options, however, until you ask the right questions.

[6]       It’s time to hone your technical competence and start thinking about how IoT will forever change the way you prepare and try your case! This is the litigator’s guide to the Internet of Things.

II. The Internet of What?

[7]       The basic premise behind IoT is that everyday objects can be turned into “smart” devices that operate better, are more efficient, and communicate with their people masters and other objects. These objects are programmed to communicate via apps, text messages, browsers, and other tools. They tend to communicate using embedded sensors and wired and wireless communication protocols and systems, including Wi-Fi, Bluetooth, and a variety of specialized IoT protocols.[7]

[8]       Imagine a refrigerator that tells you when you need more milk,[8] or a home thermostat that can be adjusted remotely using an app on your mobile device and learns your behavior patterns relating to your home climate.[9] Or a networked house that connects power outlets to sounds systems, TVs, smoke detectors, security cameras, coffee pots, and the home owner through a software app.[10] These homes already exist,[11] and more are coming online everyday.

[9]       This increased connectivity includes objects outside the home. Workers and service professionals are connecting remotely and communicating with their company’s business equipment and office systems via mobile devices.[12] Consumers are buying networked cars,[13] and walking around with wearable fitness and health technologies strapped to their arms and embedded in their clothes that track their vitals and activity levels.[14] Bikers are using apps and devices to track their workouts and film their surroundings.[15] Google Glass wearers are creating and recording information as they travel and they are communicating with the Internet using voice commands.[16] All of these connected technologies create interesting information about their users and have some level of situational awareness.

III. The Connected State 

A. Connected Toys

[10]     There are a surprising number of everyday objects found in homes that are recording information and transmitting it offsite. One creepy example of the IoT revolution is Mattel’s talking Barbie.[17] Mattel’s connected Barbie can talk with your child through an embedded microphone and a Wi-Fi connection that’s engaged when you hold down a button on her belt.[18] When someone talks to “Hello Barbie,” the conversation is recorded and sent to a server back at the company that makes the voice recognition technology powering Barbie.[19] There, speech recognition software (think of a Barbie version of Siri) interprets the child’s statements and sends back a pre-programmed response.[20] That’s right, the doll talks back to the child. Mattel’s partner, ToyTalk, stores all of the children’s conversations and the conversations of others who interact with the doll.[21]

[11]     Whether ToyTalk is controlling the object or its behaviors or listening to the people or other objects that its products interact with, these activities are important to lawyers investigating potential sources of relevant evidence in the litigation context. Perhaps a lawyer might send a subpoena to ToyTalk seeking the audio records from its client’s Hello Barbie doll for use in a domestic abuse case. And Hello Barbie is not an outlier—there are a number of connected toys popping up on store shelves. It’s rarely, if ever, explained to the consumer where the conversations these toys record and transmit are being stored, how that information is being used by the manufacturer or a partner company, and how it might be collected for use in litigation.

[12]     Some enterprising companies, including several rent-to-own companies that ran into a bit of trouble with the FTC, put spyware (called Detective Mode) on their rental laptops that would turn on the built-in-cameras if the customer failed to make timely payments.[22] The spyware could also track the user’s location, disable the computers, and add a fake software registration popup window that would take a user’s registration information and transmit it back to the rental store, who would use it to track the renters to collect money.[23] Detective Mode also gathers data about whoever is using the computer, and transmits it to the software manufacturer every two minutes, who then sends the data to the rent-to-own store.[24] Since the software collected private data including user names and passwords for e-mail accounts, social media websites, financial institutions, Social Security numbers, medical records, private e-mails, bank and credit card statements, along with webcam pictures of children, partially undressed individuals, and intimate activities at home, the FTC put a stop to the practice.[25] While these rental laptops are not considered an IoT object, similar spyware can be loaded on any object with a chip that includes a camera and access to the Internet and used to collect massively sensitive information.

B. Wearable IoT Devices 

[13]     Wearable IoT devices include a wide range of medical devices and health and fitness products, including casual wearable fitness devices (like the Apple watch) and connected pacemakers and insulin pumps.[26] Wearable fitness devices, including smart watches and smart clothes, now monitor geolocation as well as heart rate, pulse, calorie consumption, sleep patterns, and other biological data.[27] Most wearable devices monitor very sensitive personal and health data. The devices constantly store data that users unconsciously create while going about their day. Wearables also transmit that data to the manufacturer and other entities for analysis and to share the information with the user so they can track their health and fitness over time.[28] Without a doubt, this data can be used in a court of law.

[14]     The information wearable fitness and health devices collect can be highly relevant in determining, for example, where an individual was at a particular time and whether they have been “disabled” or injured as a result of a particular accident. A personal injury lawyer might be interested in the data collected from their client’s wearable fitness device. For instance, the data obtained from a Fitbit device[29] has been used as evidence of an individual’s diminished physical activity resulting from a work-related injury in a Canadian personal injury case.[30] The plaintiff used her Fitbit data to show that her post-injury activity levels were lower than the baseline for someone of the same age and profession to prove she deserved compensation for the injury.[31] With the help of a startup analytic company that aggregates Fitbit data and prepares analytical reports, her lawyers contrasted her personal data with the general population’s health and wellness data (from other Fitbit devices) to make their case.[32]

[15]     Prosecutors and defense counsel seeking incriminating or exculpatory evidence can also use wearable device data. In a case alleging rape in Pennsylvania, the Fitbit data contradicted the statements of the alleged victim by showing that at the time of the crime, she was awake and walking around, even though she claimed she was attacked while asleep.[33] She now faces misdemeanor charges because the Fitbit data contradicted her story.[34]

[16]     Some wearables, like Google Glass, transmit location information, take photos and videos, and perform web searches. Imagine if a person who witnesses a crime while wearing this device took pictures of the perpetrator and the scene after the crime occurred.[35] Unlike surveillance technology, humans tend to look at something interesting or important. Technology like Google Glass might help them record valuable eye-witness evidence. The device may contain evidence like photos and geolocation information, along with time stamps, that police may use to investigate and prosecute crimes and civil litigants may use to pursue their cases.

[17]     However, there are downsides to a person’s voluntary collection of sensitive health information using a wearable device. Insurers and employers seeking to deny injury and disability claims can just as easily use wearable devices to support their own litigation claims and positions. It is generally seen as illegal for employers and insurers to force people to use the wearable devices.[36] But if individuals decide to collect this information on their own, device manufacturers or companies that store or report wearable device data might receive a subpoena for it, assuming the consumers don’t have it.

[18]     The fact that wearable device data may have evidentiary value should come as no surprise, given the fact that evidence from other self-tracking devices has already been used in court. Courts already use data from GPS devices and biking apps in cases involving bike accidents.[37] Police routinely use surveillance technology like Automatic License Plate Readers (ALPR) mounted on police cars, or on objects like road signs and bridges, to photograph thousands of plates per minute and track motorist movements.[38] Private companies also collect license plate photos and geotagged images and sell that data to law enforcement, insurers, and financial institutions.[39] They consider this analogous to taking photographs in public and disseminating the information, an activity protected by the First Amendment.[40] This is one part of a larger trend toward surveillance of private citizens’ activities. While this type of surveillance usually occurs without consent, wearable tracking is voluntary.

[19]     One issue raised by wearable evidence involves the reliability of the data and the analyses performed on it. The software that analyzes wearable data interprets the wearer’s daily activities and compares that data to predetermined baselines and standards set by the manufacturer. For example, Fitbit monitors sleep patterns, decides how many hours a user sleeps, and determines the quality and efficiency of that sleep.[41] The wearer is compared to the “average” sleeper (as determined by the manufacturer’s algorithm).[42] That information might be useful for an employer defending itself against a worker’s compensation claim, particularly if the sleep analysis reveals that the worker was considered “sleep deprived” by the data analysis at the time of the accident. So regardless of her personal optimal sleep duration or the outside forces that might have impacted her sleep the night before the accident occurred, she would be categorized and measured against a population baseline.

[20]     Other wearable devices collect different data, function differently, and use different algorithms and standards to analyze data and report trends and health information in comparison to the general population.[43] All of this means that before wearable evidence is used in a case, you need to understand what it means and the limitations inherent in the analysis of that data. This information should be clearly explained to the fact finder by someone who knows the IoT device that collected the data and the analytic method or methods it uses to interpret that data. Perhaps the IoT revolution will give rise to a whole new class of “experts” who interpret wearables data and the analytics engines in a courtroom setting.

C. Connected Cars

[21]     Another category of IoT technology relates to connected transportation. Today, many cars have sophisticated software that connect the user to many remotely managed features including real-time navigation, mapped points-of-interest, dash-based Internet search, streaming music, and mobile device app connectivity.[44] IoT implicates a wide variety of technologies involved with running and monitoring connected cars, including connected control systems, Event Data Recorders (EDRs), and other vehicle telematics.[45] Vehicle control software may use proximity sensors to identify collision risks and automatically engage the brake, survey blind spots and report objects, and park a vehicle without driver assistance. Automakers are turning vehicles into smartphones using connection technology that controls the entertainment and navigation systems, enables phone calls, and provides a Wi-Fi hotspot. Further, a number of well-know tech companies are currently testing driverless cars and intend to offer self-driving cars in the near future.[46] These cars will be connected to the Internet and they will transmit all kinds of data relating to the vehicle and its passengers’ activities.

[22]     Particularly in light of the Volkswagen emissions scandal,[47] the connected control systems on vehicles are of great interest to the public and regulatory bodies. Additionally, an insurance carrier might seek records reflecting the information an auto manufacturer collects through a connection with an in-dash entertainment system and the data relating to car speed and breaking that resides in the vehicle control system. Was the driver checking her email while driving 70 miles an hour before she rear-ended another car? And a class action lawyer might find the data housed on EDRs useful in a class action lawsuit relating to certain safety issues involving the physical components of vehicles or the software that runs them.

[23]     Some vehicles have safety features that include automated calls in case of emergencies, and in at least one reported incident, a hit and run accident was foiled when the fleeing driver’s car called the police after impact.[48] The car synced to the driver’s phone using Bluetooth, and because the emergency call feature was enabled, it gave police the vehicle’s GPS location and opened the line so the driver could talk with the police.[49] The owner told the police that her car was not in an accident when connected, but the dents in the front of her car and her airbags told a different story when the police showed up at her house later.[50]

[24]     At least one rental car agency is already putting cameras in navigational devices installed in its fleet of cars, and the user cannot disable the camera.[51] While the agency reports that these cameras are not currently optional, they are clearly moving towards the day when customers (and the entire interior of a car) will be visible to their representatives if a service call is made using the navigational device.[52]

IV. e-Discovery of IoT Information

[25]     Lawyers and clients should prepare for IoT-related e-discovery issues. IoT objects will present many challenges in the e-Discovery context. There are limitations on wearable devices and other IoT objects and the information they collect, however, the technology is becoming more sophisticated, accessible, and shareable every day. And when information is shared among multiple objects—a watch, a smartphone and a cloud computing system—the preservation issues are complex. Also, some IoT data is ephemeral and never really stored for future use or access. The Federal Rules of Civil Procedure provide some flexible guidance for dealing with this technical revolution, and counsel against “a limiting or precise definition of electronically stored information.”[53] Yet companies that store data from IoT devices will need to develop processes for preserving, collecting, and producing it when the duty arises—whether it’s the consumer’s duty or their own.

[26]     The legal regimes that govern the capture, processing, use, and ownership of object data are important when determining whether we—or our clients—have a duty to protect data generated from IoT activities (keep it secure and confidential) or preserve and produce it in a litigation. Often, consumers will expect that their wearable device data is “off limits” and they are surprised to learn that it can be used in certain types of cases. The sooner litigators identify the important IoT data clients and their customers generate and the objects they interact with everyday, the better off everyone will be when evaluating the legal risks and obligations to secure and produce that information.

[27]     Additionally, as IoT finds its way into the courtroom, judges will be asked to analyze the complex possession, custody, and control issues encountered in the IoT context. These questions may involve an analysis of the relative cost and burden associated with owner focused or manufacturer focused production options. For example, if an owner must jailbreak her device and hire an expensive expert to collect data off her wearable device, but the manufacturer can export her data with relative ease, courts should consider such practical realities when deciding their relative obligations. Moreover, access controls, privacy restrictions, and contractual obligations play a role in determining the appropriate process for engaging in e-discovery of IoT data.

[28]     One of the practical problems relating to collection of IoT information is that device manufacturers each collect data in their own way. And the analytic platforms that collect and aggregate IoT data do the same thing. Raw data residing on IoT objects may not be preserved or collected without undertaking significant efforts at a significant cost. The manufacturers don’t build these objects with the purpose of making it easy to collect information from them directly. This makes it particularly difficult to develop standard processes for preserving, collecting, reviewing, and producing information from a wide variety of IoT objects using their APIs or built in data reporting and download features. It also makes it hard to aggregate data from different devices and standardize it to obtain big data metrics using data collected from all wearable devices of a particular class. Given these issues, the cost associated with using this type of data could be prohibitive, given the relatively lower value of a case and the damages at stake. This is a prime area in which companies and e-discovery vendors can innovate and create a strong market for flexible services and solutions involving IoT device data.

[29]     Undoubtedly, more lawsuits involving IoT data are coming, as more lawyers and litigants realize that the data is discoverable, relevant, and useful as evidence that can support their case. Litigators and clients should understand how IoT objects work, what information they collect, where it is stored, how long it is stored, and who is obliged to keep it safe. Only after we understand how the system works, can we make strategic decisions about legal risks, e-discovery options and obligations, and appropriate use of IoT data in court. It will be interesting to see how the market responds to the challenges that will arise when parties start engaging in IoT discovery.

V. IoT Object As Witness 

[30]     As wearables and other IoT objects find their way into the courtroom, litigators must figure out how we will use IoT information as “witness” evidence. Did we ever imagine that the objects gathering information about us could be used against us? Will judges and juries treat it like forensic evidence, and give it the same weight and credibility as scientific analysis or the results reported by an expert witness? Not unlike scientific researchers or forensic experts, wearable technologies collect data, interpret it, and reflect it in reports that provide information about the user activity and experience.

[31]     It will be particularly interesting to see what happens when a witness’s sensory experiences (sight, sound, taste, etc.) clash with the “experience” reported by their wearable device and how the fact finder reconciles these competing stories. For example, if a biker testifies that they were traveling down a hill towards an intersection at about 15 miles per hour, but their wearable device or Strava[54] app reports the speed down the slope at 25 (due to a complicated three-dimensional GPS reading and reporting algorithms), which “witness” will the jury credit more? Both systems for reporting experiences are fallible and fraught with errors. But if litigators prioritize IoT data-driven evidence over eyewitness statements or expert analysis, then we must ensure that the algorithms used to analyze IoT data are understood and their imperfections are disclosed. As one commentator noted, if we think of devices as partial witnesses, we must understand that they carry biases and have a worldview, based on their relationship with their environment.[55]

[32]     There is a significant risk that IoT object information, for instance, the Fitbit data and its sleep analysis,[56] would carry more evidentiary weight than the owner’s own experience and view of her sleep patterns or alertness at the time an injury occurred. As with forensics results, there is a significant risk that judges and jurors will conclude that device data doesn’t lie or have an imperfect memory. Yet there is an interpretive activity lurking behind the scene. When wearable object data is collected and interpreted by analytics companies using proprietary algorithms, counsel, judges and juries will need to understand what’s happening under the hood, whether the results reported are reliable, and what evidentiary weight they should be given. The interpretive tools used to report IoT data are often highly subjective or an imperfect fit for a number of users because of their crude analysis methods or the individual’s health status and biology. This is but one area where possibilities are far ahead of the law on witness-style testimony from things connected the Internet.

[33]     Only time will tell whether this type of IoT information is seen as objective and unbiased evidence in the courtroom. If we can’t demonstrate that IoT evidence meets the requirements for introduction of scientific or forensic evidence, then it may be excluded.[57] If introduced, it may be given too much weight in light of its significant limitations. A balanced approach is needed.

[34]     Courts will also have to figure out how the Fifth Amendment protects the right against self-incrimination when the incriminating evidence involves user data created by an IoT object. And the Sixth Amendment provides the Constitutional right to confront a witness that will provide evidence against the accused in a criminal prosecution.[58] How would a witness confront her wearable device or the companies that think they know the best way to interpret the data it collects? This raises fundamental philosophical questions regarding the witness who must be available for “confrontation.” Is it you, your device, the manufacturer, the service provider that collects and analyzes your data, or the company that provides the algorithms used to interpret it? The case law is going to be messy and inconsistent as courts start considering the obstacles presented by use of IoT evidence in the courtroom and sorting the Constitutional issues out.

[35]     Additionally, as more IoT objects are used in litigations, people’s relationships with their wearables are likely to change. How will they react after learning that the connected IoT objects they interact with can be used as an involuntary informant? Perhaps the day is coming when eyewitness testimony will become almost irrelevant and will be replaced by the information our objects provide about our location, health, conscious state, and activities at any given time. But while IoT can reveal truths, those truths must be understood in context, in all their fallible or limited glory.

VI. Litigating in an IoT World

[36]     Some have called IoT a third major revolution—one built on the industrial revolution and the Internet revolution.[59] Lawyers and their clients are becoming more reliant on IoT to manage, monitor, and control their objects, interact, and work on the substantive aspects of their job. Regardless of the source, the information that IoT objects collect and share provide litigators rich new evidence stores that should be explored to find interesting information that impacts their case.

[37]     A tech-savvy lawyer knows how to get the right evidence in the right format from her client or opponent. The fact that IoT raises a number of novel and interesting legal issues and practical complexities means that tech-savvy lawyers, with a good grasp of the basic issues, will be well positioned to provide thoughtful and constructive advice. This guidebook provides some basic information regarding IoT technologies, legal issues, and practical concerns that should be considered. But it needs to be applied to the real world, for each client and case, and in the context of each connected collection of objects, companies, and people. The IoT movement is your opportunity to continue your self-education journey, and learn more about the implications of IoT on lawyering in the Information Age.

 

 

* Antigone Peyton is the founder and CEO of Cloudigy Law PLLC, an intellectual property and technology law firm located in McLean, Virginia. Antigone is an unabashed technophile focused on intellectual property litigation and cutting-edge legal and emerging technology issues, particularly those involving social media, patents, trademarks, copyrights, and trade secrets. Antigone is a frequent speaker and writer covering technological competence, IP, social media, and e-Discovery issues. You can find her on Twitter (@antigonepeyton) or on SnapChat (assuming you know what it is and how to use it).

[1] See Embedded Intelligence – Connecting Billions of Smart Sensors Into the Internet of Things, ARM Holdings, http://ir.arm.com/phoenix.zhtml?c=197211&p=irol-embeddedintelligence, archived at https://perma.cc/3HWX-QBWW (last visited Mar. 23, 2016).

[2] The “things” or “objects” in the IoT generally do not include desktop or laptop computers, smartphones, and tablets.

[3] See Dave Evans, Cisco Internet Bus. Solutions Grp., The Internet of Things: How the Next Evolution of the Internet Is Changing Everything 3 (2011), http://www.cisco.com/c/dam/en_us/about/ac79/docs/innov/IoT_IBSG_0411FINAL.pdf, archived at https://perma.cc/HDF9-NM6T.

[4] See Accenture, The Internet of Things: The Future of Consumer Adoption (2014), https://www.accenture.com/t20150624T211456__w__/us-en/_acnmedia/Accenture/Conversion-Assets/DotCom/Documents/Global/PDF/Technology_9/Accenture-Internet-Things.pdf, archived at https://perma.cc/JKG7-UT4P.

[5] See Evans, supra note 3, at 3. IDC’s Digital Universe study reports that by 2020, there will be 200 to 300 billion connected IoT objects. See The Digital Universe of Opportunities: Rich Data and the Increasing Value of the Internet of Things, EMC2 (Apr. 2014), http://www.emc.com/leadership/digital-universe/2014iview/internet-of-things.htm, archived at https://perma.cc/86RJ-786G; see also Data Set to Grow 10-fold By 2020 As Internet of Things Takes Off, ComputerWeekly.com (Apr. 9, 2014, 1:00 PM), http://www.computerweekly.com/news/2240217788/Data-set-to-grow-10-fold-by-2020-as-internet-of-things-takes-off, archived at https://perma.cc/KGW9-K7DF.

[6] See Internet of Things Community, LinkedIn, https://www.linkedin.com/groups/4662022/profile, archived at https://perma.cc/2CPN-EAXX (last visited Mar. 23, 2016).

[7] Current IoT products are communicating through a variety of communication platforms and standards, including new home automation standards produced by Google (Brillo/Weave) and Apple (HomeKit) that connect each company’s devices in a proprietary communication network.

[8] See Michael Gowan, LG Smart Fridge Spots Spoiled Food, Orders Groceries, NBCNews.com, http://www.nbcnews.com/id/50364798/ns/technology_and_science-tech_and_gadgets/t/lg-smart-fridge-spots-spoiled-food-orders-groceries/#.VvNWzmQrL6c, archived at https://perma.cc/6JXM-ZUY7 (last updated Jan. 4, 2013, 12:46 PM) (explaining how LG’s smart refrigerator connects to the Internet, allowing users to remotely access the refrigerator content list, keep track of their grocery list, and identify out-of-date products stored in it).

[9] See Bernard Marr, Google’s Nest: Big Data And The Internet of Things In The Connected Home, Forbes (Aug. 5, 2015, 10:52 AM), http://www.forbes.com/sites/bernardmarr/2015/08/05/googles-nest-big-data-and-the-internet-of-things-in-the-connected-home/#5a41706b58a1, archived at https://perma.cc/F2SQ-F867 (discussing the Nest thermostat and the usage data uploaded from individual devices via the Internet, which allows Nest to understand energy usage trends across community microcosms and around the world).

[10] See, e.g., A Smart Home Solution That Lives in the Cloud, Comcast, http://corporate.comcast.com/news-information/news-feed/the-future-of-the-home-bringing-the-power-of-the-cloud-to-home-management, archived at https://perma.cc/CR59-UF3J (last visited Mar. 23, 2016) (describing the Xfinity Home technology, which allows users to monitor and control security cameras, smoke detectors, thermostats, lights, and motion sensors through web browsers or Internet connected devices); see also Marr, supra note 9 (discussing how Google is building infrastructure for smart homes of the future that are fully networked by its own devices).

[11] See Daniel H. Wilson, Smart House: Your So-Called Sci-Fi Life, Popular Mechanics (Sept. 30, 2009), http://www.popularmechanics.com/technology/gadgets/a4109/4216434/, archived at https://perma.cc/R3LT-HH69.

[12] See Angela Moscaritolo, Your Printer Can Now Order Ink for You, Thanks to Amazon, PCMag.com (Jan. 19, 2016, 11:35 AM), http://www.pcmag.com/article2/0,2817,2498102,00.asp, archived at https://perma.cc/9HRR-R6MT.

[13] See Brendan O’Brien, The Cloud-Connected Car Drives IoT Monetization, TechCrunch (Oct. 20, 2015), http://techcrunch.com/2015/10/20/the-cloud-connected-car-drives-iot-monetization/, archived at https://perma.cc/7NJJ-VV8K.

[14] See James Stables, Best Fitness Trackers 2016: Jawbone, Misfit, Fitbit, Garmin and More, Wareable (Mar. 7, 2016), http://www.wareable.com/fitness-trackers/the-best-fitness-tracker, archived at https://perma.cc/HF2M-BJU9.

[15] See Elisha Hartwig, 5 Apps to Map Your Bike Route, Mashable (Sept. 11, 2013), http://mashable.com/2013/09/11/bike-route-apps/#nIAaDJ1kfEqZ, archived at https://perma.cc/E8D9-HTHM.

[16] See Matt Swider, Google Glass Review, TechRadar (Feb. 20, 2015), http://www.techradar.com/us/reviews/gadgets/google-glass-1152283/review, archived at https://perma.cc/6NW4-FLK3.

[17] See Lee Moran, Mattel Unveils Talking Hello Barbie Doll, Which Will Have Conversations with Kids, N.Y. Daily News, http://www.nydailynews.com/life-style/mattel-unveils-barbie-talk-kids-article-1.2119732, archived at https://perma.cc/QLJ9-PHRQ (last updated Feb. 18, 2015, 8:18 AM).

[18] See James Vlahos, Barbie Wants to Get to Know Your Child, N.Y. Times Mag. (Sept. 16, 2015), http://www.nytimes.com/2015/09/20/magazine/barbie-wants-to-get-to-know-your-child.html, archived at https://perma.cc/BPV7-HDTD.

[19] See Ashlee Kieler, Mattel Unveils Hello Barbie, a Doll That Can Hold a Conversation, Consumerist (Feb. 17, 2015), https://consumerist.com/2015/02/17/mattel-unveils-hello-barbie-a-doll-that-can-hold-a-conversation/, archived at https://perma.cc/24CB-PK44.

[20] See id.

[21] Mattel and ToyTalk responded to these concerns by confirming that the recorded conversations will not be used to advertise or market products to children, further nothing that parental consent is required to set up a Hello Barbie account. Also, interestingly, parents can listen to their child’s recorded conversations and delete all recorded conversations. Additionally, ToyTalk states that it will only use the recordings to improve its speech recognition technology. See Privacy Policy, ToyTalk, https://www.toytalk.com/legal/privacy/, archived at https://perma.cc/Z8K8-2DRS (last updated Jan. 11, 2016). Mattel does seem to obtain data that it can use to market other products, and it does so with a parent’s consent when they use Mattel’s websites and apps. See Mattel Online Privacy Statement and Children’s Privacy Statement, Mattel, http://corporate.mattel.com/privacy-statement-shared.aspx, archived at https://perma.cc/QSV6-SXAV (last updated Apr. 9, 2014).

[22] See Press Release, Fed. Trade Comm., FTC Halts Computer Spying (Sept. 25, 2012), https://www.ftc.gov/news-events/press-releases/2012/09/ftc-halts-computer-spying, archived at https://perma.cc/R5XS-6DPR; see also David Kravets, Rent-to-Own Laptops Secretly Photographed Users Having Sex, FTC Says, Wired (Sept. 25, 2012, 6:11 PM), http://www.wired.com/2012/09/laptop-rental-spyware-scandal/, archived at https://perma.cc/NQV4-6HQP.

[23] See Kravets, supra note 22.

[24] See Complaint at 3–4, FTC v. Designerware, LLC., Kelly, & Koller (2012), https://www.ftc.gov/sites/default/files/documents/cases/2012/09/120925designerwarecmpt.pdf, archived at https://perma.cc/96PJ-YVVP.

[25] See id.; see also Kravets, supra note 22.

[26] See Accenture, supra note 4, at 3–4 (noting some reports indicate that over 28% of consumers will own wearable IoT technology by the end of 2016).

[27] See, e.g., Fitbit App, Fitbit, https://www.fitbit.com/app, archived at https://perma.cc/5WER-PS9L (last visited Mar. 23, 2016).

[28] See Murray Grigo-McMahon, My Data, Your Data, Our Data, Qlik (July 6, 2015), http://global.qlik.com/us/blog/posts/murray-grigo-mcmahon/my-data-your-data-our-data?SourceID1=SocialChorus&__2hqwt_=2hqwt, archived at https://perma.cc/V479-N3CU.

[29] Fitbit is an extremely popular wearable fitness tracker.

[30] See Kate Crawford, When Fitbit is the Expert Witness, The Atlantic (Nov. 19, 2014), http://www.theatlantic.com/technology/archive/2014/11/when-fitbit-is-the-expert-witness/382936/, archived at https://perma.cc/AW5G-5NY2.

[31] See id.

[32] See id.

[33] See Brett Hambright, Woman Staged ‘Rape’ Scene with Knife, Vodka, Called 9-1-1, Police Say, Lancaster Online (June 19, 2015, 2:57 PM), http://lancasteronline.com/news/local/woman-staged-rape-scene-with-knife-vodka-called–/article_9295bdbe-167c-11e5-b6eb-07d1288cc937.html, archived at https://perma.cc/YY5M-QEXF.

[34] See Kashmir Hill, Fitbit Data Just Undermined a Woman’s Rape Claim, Fusion (June 29, 2015), http://fusion.net/story/158292/fitbit-data-just-undermined-a-womans-rape-claim/, archived at https://perma.cc/2J6W-BYAT.

[35] See Kashmir Hill, Google Glass Will Be Incredible for the Courtroom, Forbes (Mar. 15, 2013, 5:02 PM), http://www.forbes.com/sites/kashmirhill/2013/03/15/google-glass-will-be-incredible-for-the-courtroom/#604082cd36eb, archived at https://perma.cc/2QCU-NAYZ.

[36] See Adam Satariano, Wear This Device So the Boss Knows You’re Losing Weight, Bloomberg (Aug. 21, 2014, 1:26 PM), http://www.bloomberg.com/news/articles/2014-08-21/wear-this-device-so-the-boss-knows-you-re-losing-weight, archived at https://perma.cc/GS3Y-KXF6.

[37] See Patrick Brady, Prosecution Rest in LA Road Rage Rase. Defense Will Call Witnesses Monday, VeloNews (last updated Nov. 3, 2009, 7:00 PM), http://velonews.competitor.com/2009/10/news/prosecution-rest-in-la-road-rage-case-defense-will-call-witnesses-monday_99537, archived at https://perma.cc/87G9-KLSP.

[38] See Conor Friedersdorf, An Unprecedented Threat to Privacy, The Atlantic (Jan. 27, 2016), http://www.theatlantic.com/politics/archive/2016/01/vigilant-solutions-surveillance/427047/, archived at https://perma.cc/NL4V-AJKA (discussing how one private company has taken approximately 2.2 billion license-plate photos to date, and each month it captures and permanently stores nearly 80 million more geotagged images).

[39] See id.

[40] See David Sirota, Companies Test Their First Amendment Right to Track you, Or. Live, http://www.oregonlive.com/opinion/index.ssf/2014/03/companies_test_their_first_ame.html, archived at https://perma.cc/VZ8R-K7QS (last updated Mar. 8, 2014, 7:10 AM).

[41] See What Should I Know About Sleep Tracking?, Fitbit, https://help.fitbit.com/articles/en_US/Help_article/Sleep-tracking-FAQs, archived at https://perma.cc/KB2D-MZMW (last updated Mar. 7, 2016).

[42] See id.

[43] The wearable fitness device market includes Nike Fuelband, Fitbit, Withings Pulse, and Jawbone Up, among others. A number of companies have also developed fitness apps that interact with these wearable devices and collect the user data they create. Fitbit lists over 30 apps that are compatible with the Fitbit device. See Compatible Apps, Fitbit, https://www.fitbit.com/partnership, archived at https://perma.cc/P2L9-TNE4 (last visited Mar. 25, 2016).

[44] See, e.g., Cisco Connected Transportation, http://www.cisco.com/c/en/us/solutions/industries/transportation.html, archived at https://perma.cc/548E-TPXF (last visited March 25, 2016).

[45] An EDR is “a device or function in a vehicle that records the vehicle’s dynamic time-series data during the time period just prior to a crash event (e.g., vehicle speed vs. time) or during a crash event . . . intended for retrieval after the crash event.” 49 C.F.R. § 563.5 (2015). Telematics refers to data collection transmission, and processing technologies for use in vehicles.

[46] See Alice Truong, Tesla Just Transformed the Model S into a Nearly Driverless Car, Quartz (Oct. 14, 2015), http://qz.com/524400/tesla-just-transformed-the-model-s-into-a-nearly-driverless-car/, archived at https://perma.cc/J439-T5JZ; Cadie Thompson, There’s One Big Difference Between Google and Tesla’s Self-driving Car Technology, Tech Insider (Dec. 5, 2015, 12:00 PM), http://www.techinsider.io/difference-between-google-and-tesla-driverless-cars-2015-12, archived at https://perma.cc/RED9-CQTZ; Feann Torr, Next-gen Audi A8 Drives Better Than You, Motoring (Oct. 22, 2014), http://www.motoring.com.au/next-gen-audi-a8-drives-better-than-you-46963/, archived at https://perma.cc/UFL4-76FG; Tom Risen, Report: Uber, Lyft Poised to Win on Driverless Cars, U.S. News & World Rep. (Nov. 13, 2015, 4:05 PM), http://www.usnews.com/news/articles/2015/11/13/report-uber-lyft-poised-to-win-on-driverless-cars, archived at https://perma.cc/3HPV-8RJ9.

[47] See Russell Hotten, Volkswagen: The Scandal Explained, BBC News (Dec. 10, 2015), http://www.bbc.com/news/business-34324772, archived at https://perma.cc/8YKM-6W5W.

[48] See Kashmir Hill, Florida Woman’s Car Calls Police After She Flees the Scene of an Accident, Fusion (Dec. 7 2015, 11:46 AM), http://fusion.net/story/242193/womans-car-calls-police/, archived at https://perma.cc/JDE6-SDST.

[49] See id.

[50] See id.

[51] See Kashmir Hill, Hertz Puts Cameras in Its Rental Cars, Says It Has No Plans to Use Them, Fusion (Mar. 13, 2015, 1:46 PM), http://fusion.net/story/61741/hertz-cameras-in-rental-cars/, archived at https://perma.cc/85TF-DDUM.

[52] See id.

[53] Fed. R. Civ. Pro. 34, advisory committee’s note on 2006 amendments.

[54] Strava is a running and cycling GPS tracker. See generally Strava, https://www.strava.com/about, archived at https://perma.cc/9F99-EWPY (last visited Mar. 21, 2016).

[55] See Crawford, supra note 30.

[56] See What Should I Know About Sleep Tracking?, supra note 41.

[57] See Fed. R. Evid. 702.

[58] See U.S. Const. amend. VI.

[59] See Harish Nivas, How Internet of Things is the Next Big Industrial Revolution, IOTWorm (Jan. 23, 2016), http://iotworm.com/internet-of-things-next-big-industrial-revolution/, archived at https://perma.cc/JD9Y-T64S.

"Connected" Discovery: What the Ubiquity of Digital Evidence Means for Lawyers and Litigation

Gottehrer Publication Version PDFpdf_icon 

 

Cite as: Gail Gottehrer, “Connected” Discovery: What the Ubiquity of Digital Evidence Means for Lawyers and Litigation, 22 Rich. J.L. & Tech. 8 (2016), http://jolt.richmond.edu/v22i3/article8.pdf.

Gail Gottehrer

I. Introduction

[1]       More than ten years ago, the Zubulake case[1] raised awareness of the importance of digital evidence in litigation. At that time, for many lawyers, the discovery process consisted of collecting paper documents, manually reviewing those paper documents, and responding to document requests by producing paper documents. Digital evidence existed, but was more limited in scope and volume than it is today. Back then it was often overlooked or not recognized as a potential source of valuable evidence to be obtained in discovery.

[2]       In the post-Zubulake era, the ways in which companies and individuals create and maintain information have changed dramatically. Many types of documents that were traditionally created on paper and stored in hard-copy now never exist on paper. Instead, they are created on computers or other digital devices and stored in e-mail archives, on backup tapes, or in the cloud. Business and personal communications that once took place via letters and faxes are now transmitted through e-mails and text messages. Microsoft Excel files replaced handwritten accounting ledgers. Medical records are routinely created and stored electronically, making the paper medical file a thing of the past. Carbon copy secretarial message books with tear-away message slips are replaced by programs that transcribe voicemail messages and deliver them to the recipient by e-mail. Designs are created and maintained in CAD files rather than drawn on paper. Many businesses advertise primarily, if not exclusively, on social media and the Internet and little, if at all, through paper mailings. Employees traded in paper calendars and address books for electronic schedulers, using programs and applications that reside on their computers and mobile phones.

[3]       The prevalence of digital information, and the corresponding decline in the use of paper for the creation and storage of information, profoundly affected litigation, including discovery and trials. The “documents” and information that are requested and produced in discovery are overwhelmingly electronic documents and data. Electronically created and stored information is being used in depositions, to support motions, and at hearings and trials. Given the ways in which technology transforms how people communicate and do business, the “smoking gun” in a case—to the extent one exists—is more likely to be an e-mail, text message or social media post than a tangible document. Knowing how potential sources of digital evidence are created and stored, how to obtain that data in discovery, and how to maximize the value of that information during depositions and at trial are now critical components of the practice of law.

[4]       Digital evidence is so significant in discovery and litigation that it should be acknowledged as being much more than a subset of discovery, often referred to as “e-Discovery.” Existing and emerging technologies provide digital evidence that can shape the outcome of a case or investigation. Digital evidence from a wide range of technologies finds its way into civil and criminal litigation in the United States and other countries, with dramatic results. Digital evidence is poised to take on an even greater role in litigation as the Internet of Things continues to grow,[2] autonomous vehicles become commonplace,[3] industrial business operations incorporate drones,[4] and blockchain revolutionizes banking.[5]

[5]       This article discusses some of the reported cases in which digital evidence was the subject of motion practice, was introduced at trial, and was a determining factor in a case. It is not an exhaustive look at all the cases that have been affected by digital evidence, or all the kinds of technology that generate data relevant to legal proceedings. A review of the cases in this article, however, is sufficient to dispel any doubt about the importance of digital evidence and to confirm the magnitude of its impact on the practice of law. 

II. Connected Devices

A. Telematics Devices

 [6]       Telematics devices are wireless devices, typically installed in personal vehicles or fleet vehicles. They collect data on how the vehicle is being operated, if the vehicle crashes or an airbag is deployed, and when maintenance is needed.[6] These devices transmit that data from the vehicle to an entity, such as an insurance company or a fleet owner, in real time.[7]

[7]       Telematics data led to the criminal conviction of a driver in the United Kingdom who was involved in a hit and run accident that resulted in the death of a pedestrian in 2014.[8] Police experts analyzed data from the telematics device Omar Tariq was driving at the time of the accident, which showed that he was speeding—driving more than 20 miles over the posted speed limit.[9] Confronted with that evidence, Tariq pled guilty to causing a death by dangerous driving and was sentenced to more than three years in prison.[10]

[8]       In the United States, data from a Progressive Insurance telematics device helped a Cleveland, Ohio father persuade a jury that he was not guilty of murder.[11] Michael Beard was accused of suffocating his infant daughter on May 8, 2011 at 4:45 a.m., after he finished his shift working as a nursing aide.[12] Counsel introduced data from the Snapshot telematics device in his car at trial, and showed that Beard had turned the car off in front of the child’s house “at 4:44 a.m. and turned it back on three minutes later.”[13] After deliberating for an hour, the jury found that Beard was not guilty of the crime.[14]

[9]       Important leads in another criminal matter came from data from the UConnect telematics system in a stolen Jeep Renegade.[15] That evidence, in combination with footage from a Nest home security camera in the Jeep owner’s house, led to an arrest and assisted police in identifying the other thieves.[16] When a group of teenagers broke into the house of a Baltimore man, their faces were caught on the Nest camera in the house, which led to the arrest of one of the thieves.[17] He refused to identify his accomplices, who also stole the homeowner’s Jeep.[18] When the homeowner got his Jeep back, he noticed three new device names on the Jeep’s UConnect system paired device list.[19] The homeowner matched one of the device names to an Instagram account of a teenager who appeared to match one of the individuals seen on the Nest footage.[20] The homeowner also noticed that one of the names on the Instagram account’s contacts matched one of the phones on the list on the UConnect System.[21] This digital evidence gave Baltimore police several leads in the case.[22]

[10]     On the civil side, data from a telematics device enabled a driver in the United Kingdom to successfully challenge a speeding charge by contradicting the evidence that allegedly supported it.[23] Police charged Neil Herron with driving 10 miles over the posted speed limit.[24] Herron insisted that he had not been speeding.[25] At the time of the alleged speeding incident, Herron had been conducting a trial of a telematics device in his car.[26] The data from that device enabled Herron to prove that the car had been traveling far below the speed limit, as he had claimed.[27]

B. GPS Navigation Systems

[11]     Data from a GPS device[28] introduced in a criminal non-jury trial led to the conviction of a New Jersey man for second degree murder for intentionally running over a twelve year old girl.[29] Prosecutors alleged that George Ford killed the girl to prevent her from reporting what had happened to her when he was alone with her in the hours before her death.[30] Ford contended that he had hit the girl by accident after showing her horses he had in a pasture near Binghamton.[31] The critical evidence came from a GPS device that Ford’s estranged wife placed in his vehicle when she suspected he was having an affair.[32] When she provided the GPS device to the police, the data from the device showed that Ford had not been at the pasture and had spent the hours before the girl’s death behind an abandoned farmhouse half a mile from where she was killed.[33]

[12]     Similarly, in State v. Jackson, data from a GPS device installed by police proved to be key evidence leading to the conviction of defendant William Jackson for the murder of his daughter.[34] Jackson told police that his daughter had been kidnapped on her way to school.[35] After a search of Jackson’s house and truck failed to yield any evidence, police obtained a warrant and put a GPS tracking device in his truck.[36] Data from the GPS device led police to a storage unit, an empty grave near a logging road and a new grave where the girl was buried.[37] Based largely on the GPS data connecting Jackson to the body and its burial and reburial sites, the court convicted Jackson of murder and sentenced him to fifty-five years in prison.[38] The conviction was affirmed by the Washington Supreme Court.[39]

[13]     Ironically, in the case of a Wisconsin man, the evidence used to convict him of stalking his former girlfriend was the data from the GPS device he himself had used to commit the crime.[40] Paul Seidler previously installed a GPS tracking device on his ex-girlfriend’s car that tracked the car’s location and reported it to him by cellphone or computer through the Internet.[41] Seidler used the data to follow his ex-girlfriend.[42] Prosecutors used the data to support their case against him, describing the GPS device as “the best witness.”[43]

[14]     GPS data is also used as evidence in civil cases, such as the wrongful termination action brought by a cable company employee against his former employer, Pacific Bell Telephone Company.[44] Pacific Bell terminated Blake Smith’s employment after an investigation into the theft of his work truck led the company to conclude that Smith had failed to safeguard company property and that he had lied during the investigation into the theft.[45] Smith claimed he parked the truck, took the keys out of the ignition, and locked the truck.[46] A significant factor in Pacific Bell’s determination that Smith was lying was the data obtained from the GPS technology in the truck, which revealed that the truck was idling when it was stolen.[47] In an affidavit filed in support of its motion for summary judgment, Pacific Bell explained that the GPS technology in its trucks generates a report in a Microsoft Excel spreadsheet that records various data, including the time and location of every vehicle, each time the ignition is turned on or off, the time and location of the vehicle every seven seconds, and the time and location of the vehicle every one mile it is driven.[48] The Court ultimately granted Pacific Bell’s motion for summary judgment.[49]

C. Wearables[50]

 [15]     Digital evidence from wearable fitness trackers will play a role in a pending criminal case in Pennsylvania and a pending civil case in Canada. In West Chester, Pennsylvania, police arrested defendant Jeannine Risley when data from her Fitbit showed she lied to police when she reported she was assaulted.[51] Risley told the police officers responding to her 911 call that she was sleeping until around midnight, when she awoke to find a man on top of her.[52] She alleged that the man assaulted and raped her.[53] An examination of data from the Fitbit she wore that night, however, contradicted her claims.[54] The Fitbit data showed that Risley was awake and walking around at the time she claimed she was sleeping and ultimately assaulted.[55] Risley now faces trial on three misdemeanor counts including knowingly filing a false police report.[56]

[16]     On the civil side, a Canadian law firm is planning to use Fitbit data as evidence in a personal injury case to prove the effect that a car accident had on their client.[57] The accident victim, injured years before Fitbits were available, was a personal trainer and led an active lifestyle before the accident.[58] To support the plaintiff’s claim that her activity level is impaired by the accident, her lawyers intend to run data from the Fitbit she currently wears through an analytics platform which uses publicly available research to compare a person’s activity data with that of the general population.[59] Her lawyers expect the data to show that their client’s activity levels are now below average for a woman of her age and profession, as a result of the injuries she sustained in the accident.[60]

D. Dashboard Cameras and Red Light Traffic Cameras 

[17]     Data from dashboard video cameras and government operated traffic cameras is effective in both civil and criminal cases. Evidence from an onboard video camera, in addition to cell phone records, led to an Alabama jury awarding nearly $1.3 million to a driver who was severely injured in a crash caused by a truck driver who was distracted by a work-related phone call at the time of the accident.[61] At trial, the jury saw video footage from a camera that was in the school bus with which Michael Duey collided.[62] Additional digital evidence from cell phone records from the truck driver Gregory Moore, whose negligence caused the collision, showed Moore was on a business call at the time of the accident.[63] Based on this data, the jury found Moore and his employer liable for the damages incurred by Duey.[64]

[18]     In a criminal case in California, the court convicted Carmen Goldsmith of failing to stop at a red light in an intersection, based on photos and video generated by a red light traffic camera system.[65] At trial, a police investigator testified that this computer based digital camera system records events that occur in an intersection after the traffic light turns red, and stores the information on the hard disc of a computer at the scene.[66] Technicians retrieve the data during the day via an Internet connection.[67] The system records and produces three photos and a twelve-second video.[68] The photos show the vehicle approaching the intersection before the violation, then the vehicle within the intersection turning right or going through the intersection, and finally the vehicle’s license plate.[69] The system puts a data bar on all three photos showing the date, time, location and amount of time the traffic light was red at the time of the photo.[70] In this case, the video shows the vehicle approaching the intersection and moving through it.[71] The Appellate Division of the Superior Court, the Court of Appeals, and the California Supreme Court all affirmed Goldsmith’s conviction. In response to Goldsmith’s claim that the camera evidence was not adequately authenticated, the Supreme Court explained that it frequently approved the “substantive use of photographs as essentially a ‘silent witness’ to the content of the photographs,” because to “hold otherwise would illogically limit the use of a device whose memory is without question more accurate and reliable than that of a human witness.”[72]

E. Event Data Recorders

[19]     Data from event data recorders, also known as black boxes, proves to be important evidence in criminal cases. In Commonwealth v. Zimmerman, the Massachusetts Appellate Court held that the trial judge properly admitted evidence taken from the event data recorder (EDR[73]) in the defendant’s car, which contributed to her conviction for motor vehicle homicide.[74] Michelle Zimmerman lost control of her SUV and it spun, sliding off the road, hitting a tree, and resulting in the death of the passenger in the front seat of her vehicle.[75] At the time of the accident, road conditions were poor, with both rain and snow.[76] The police accident investigator found there was probable cause to believe that “evidence of this crime would be found in the EDR.”[77] While Zimmerman claimed she was driving between 20 and 30 miles per hour, the data from the EDR in her vehicle showed that five seconds before the accident, she was driving at 58 miles per hour.[78] Zimmerman was charged with and convicted of operating her vehicle at a rate of speed that was not reasonable or prudent and criminally negligent operation of a vehicle.[79]

[20]     In Matos v. State, the Florida District Court of Appeal affirmed the conviction of Edwin Matos on two counts of vehicular manslaughter where the key issue in the case–the speed at which Matos had been driving–was established by the prosecution through data from an EDR.[80] Matos collided with another vehicle, killing two teenage girls.[81] Data from the EDR in Matos’s car showed he was driving at a 114 miles per hour (in a 30 mile per hour zone) four seconds before the crash, and 103 miles per hour within one second after the crash.[82] The defense’s expert estimated the car’s speed at only 56.91 miles per hour.[83] Data from the EDR helped the court to convict Matos.[84]

[21]     Similarly, in People v. Hopkins, data from the air bag module in the defendant’s car helped prosecutors establish “a prima facie case of depraved indifference murder” and defeat the defendant’s motion to dismiss the indictment.[85] The air bag module data showed that at the time of impact, the defendant’s vehicle was going between 65 and 70 miles per hour; that five seconds before impact, the defendant’s car was travelling at 104 miles per hour; and that three to four seconds before impact, the vehicle was going 106 miles per hour.[86] The posted speed limit in the area was 30 miles per hour.[87] The data further showed that the defendant did not apply the brakes until two and a half to three second before he crashed into the line of cars stopped at a red light.[88]

F. E-Z Pass Transponders

[22]     The E-Z Pass system, implemented in toll plazas in sixteen states, collects data used by both prosecutors and defendants in states like New Jersey. In S.S.S. v. M.A.G., a New Jersey appellate court reversed the lower court’s entry of a final restraining order in a domestic violence case and remanded the case for a new trial due to the improper exclusion of E-Z Pass evidence.[89] In this case, a woman alleged her former boyfriend picked her up at her school at Rutgers-Newark at 9 A.M., assaulted her at a Jersey City motel at 9:30 A.M., and returned her to her school at 10 A.M.[90] The defendant denied this and claimed that nothing had happened.[91] In addition to a letter from his employer stating he had been at work from 8:35 A.M. until 5 P.M., he also offered data from E-Z Pass transponder records, showing that he crossed the Bayonne Bridge in to Brooklyn at 8:16 A.M. that day.[92] The defendant argued that he could not have crossed the bridge into Brooklyn at 8:16 A.M., gotten to work at 8:35 A.M., and been in Newark at 9 A.M.[93] The appellate court found that in this he-said-she-said dispute, where no witnesses could be called or exhibits introduced, the E-Z Pass transponder evidence was critical to the defense and its exclusion on hearsay grounds was improper.[94]

[23]     In State v. McGuire, the prosecutor introduced E-Z Pass transponder data against Melanie McGuire, a New Jersey woman accused of killing her husband, cutting up his body, and disposing of it in suitcases in Virginia.[95] The prosecution introduced the evidence to support the allegation that she traveled from her home to Atlantic City in order to create false evidence showing that her husband was still alive and in the Atlantic City area.[96] McGuire had called E-Z Pass customer service trying to get them to remove two forty-five cent charges showing her traveling near Atlantic City, which she claimed were incorrect.[97] The prosecution also introduced E-Z Pass evidence from the vehicles of McGuire and her parents.[98] This data, in combination with the state’s case, suggested that on May 3, McGuire picked up her kids from day care, dropped them off with her parents, and then returned to her house to get the suitcases containing her husband’s body and travel to Delaware and Virginia to dump them.[99]

III. Social Networking Sites

[24]     Not only does the widespread use of social networking sites create new ways for individuals and businesses to communicate, but it also creates a treasure trove of relevant data for civil and criminal litigation. For example, in Reid v. Ingerman Smith LLP, Reid sued her employer and Mary Anne Sadowski for damages resulting from alleged sexual harassment by Sadowski.[100] Defendants sought production of postings and photographs from private portions of Reid’s Facebook account, arguing that since postings and photographs on the public portions of her account contradicted her claims in the lawsuit, the private portions may also contain relevant information.[101] After reviewing the public postings, the Court found them to be probative evidence of Reid’s mental and emotional state, and concluded that her private postings may also contain relevant information that reflected her emotional state.[102] The Court also found that postings by third parties about Reid’s social activities were discoverable, as they could be relevant to her claims of emotional distress and loss of enjoyment of life, and could reveal the names of potential witnesses in the case.[103] Reid was ordered to produce social media postings and photographs that “reveal[ed], refer[ed], or relate[d] to any emotion, feeling or mental state… [and] relate[d] to events that could be reasonably expected to produce a significant emotion, feeling or mental state,” including posts made by third parties that contain their observations of Reid and Reid’s responses to those posts.[104]

[25]     Similarly, in Romano v. Steelcase, Inc., the court required the plaintiff to provide the defendant with access to her Facebook and MySpace pages and accounts, as they were deemed to contain information relevant to her damages claims and to the extent of her alleged injury, including her claim for loss of enjoyment of life.[105] The plaintiff alleged that she was permanently injured as a result of the accident and could not participate in certain activities due to her injuries.[106] The defendant argued that information on the public pages of plaintiff’s Facebook and MySpace pages showed her to have an active lifestyle, and that one account contained a photo of the plaintiff smiling outside her home–even though she claimed that she was bedridden and confined to her house as a result of her injuries.[107] The contradictions between the information on the public portions of these social media sites and plaintiff’s claims in her lawsuit led the Court to find it was reasonably likely that the private portions of those sites may contain additional information relating to her activities and enjoyment of life, which were relevant and material to the defense of the case.[108]

[26]     In Held v. Ferrellgas, Inc., a recent employment discrimination and retaliation case, the Court found that data from the online job search engines that the plaintiff had used were relevant and had to be produced.[109] Defendants argued that any job searches conducted during the course of plaintiff’s employment related to his commitment to his job, his perspective on the working environment at the company, and any emotional distress he allegedly suffered.[110] Searches conducted after his employment ended, defendants contended, related to plaintiff’s alleged emotional distress, actual damages and attempts to mitigate his alleged damages.[111] The court ultimately agreed with the defendants.[112]

[27]     Being equally probative in criminal matters, postings and communications on Facebook played a role in the conviction of several men on terrorism conspiracy charges in U.S. v. Hassan.[113] The prosecution used the defendants’ Facebook postings and communications to demonstrate their violent tendencies and commitment to terrorism.[114] At trial, the prosecution’s evidence included messages posted by one defendant on Facebook promoting his radical Jihadist beliefs; another defendant’s postings on Facebook and other social media sites that demonstrated his belief in violent jihad and his willingness to further violent causes; and information showing that the second defendant had asked someone to delete the postings that related to his violent ideology.[115] The defendants were convicted of conspiracy to provide material support to terrorists and other charges.[116] Their convictions were affirmed by the Fourth Circuit Court of Appeals.[117]

IV. Text Messages and Tweets 

[28]     Digital evidence played a central role in the criminal trial of Dharun Ravi, a Rutgers college student charged with witness tampering, invasion of privacy, and bias intimidation arising from his activation of a webcam to watch his roommate’s date with a man in their dorm room.[118] The evidence of Ravi’s witness tampering included a series of text messages he sent to fellow Rutgers student Molly Wei while police interviewed her.[119] Those texts showed that Ravi tried to influence what Wei told the police about their spying on his roommate.[120] In one text message, Ravi wrote: “Did you tell them we did it on purpose? What did you tell them when they asked why we turned it on? I said we were just messing around with the camera.”[121] After the trial, where Ravi was convicted of witness tampering, one juror stated that Ravi’s texts convinced her that he had tampered with a witness.[122]

[29]     Texts and tweets were also important evidence introduced at trial in connection with the invasion of privacy and bias intimidation charges.[123] In a Tweet from Ravi to another student, he wrote: “Roommate asked for the room. I went to Molly’s room and turned on my webcam I saw him making out with a dude. Yay.”[124] In another Tweet, Ravi invited others to view video of his roommate during another date with the same man, saying “[a]nyone with iChat I dare you to video chat me between hours of 9:30 and 12. Yes it’s happening again.”[125] In an attempt to persuade the jury that he was not biased against gay people, Ravi’s attorney introduced a text Ravi sent to his roommate where Ravi wrote “I’ve known you were gay and I have no problem with it. In fact one of my closest friends is gay and I have a very open relationship.”[126] The jury found Ravi guilty on those charges as well.[127]

V. Blogs and Chat Rooms 

[30]     Litigants also rely on blog entries and chat room transcripts to support their claims in civil cases. Portions of a blog were among the evidence a father used to support his motion for a new trial in a divorce case, after a Louisiana trial court awarded domiciliary custody of his minor son to his ex-wife.[128] The father unsuccessfully relied on pages of his ex-wife’s blog to argue that she may have had a relationship with another man during the couple’s separation, despite having denied that she was in a relationship during the trial.[129] He further argued that his ex-wife’s blog entries showed she spent an excessive amount of time on the Internet rather than taking care of her child, and that she hated his parents because she accused them of cyberstalking her by reading her blogs.[130] The trial judge stated that while the Internet statements were evidence that could have been used to impeach the ex-wife’s credibility during the divorce proceeding, the statements occurred after the trial and were not made under oath, and therefore, did not provide the basis for a new trial.[131] The Court also noted that, more generally, it was not clear that the statements would be evidence that was important to the case.[132] The appellate court affirmed the trial court’s order.[133]

[31]     Conversely, other courts have found chat room transcripts to be relevant evidence. In Glazer v. Fireman’s Fund Insurance Company, the plaintiff was ordered to produce copies of all her chats from LivePerson, a website offering online advice and professional consulting services, including sessions with online psychics.[134] Glazer chatted with the online psychics on numerous occasions, and e-mailed portions of some of those online chats to her work e-mail account.[135] When she sued Fireman’s Fund for allegedly retaliating against her after “she complained about discrimination against non-African Americans and [ultimately terminating] her because of her religion,” Fireman’s Fund reviewed the excerpts of the chats and sought to obtain the transcripts of all chats in discovery.[136] Based on a review of the excerpts, the Court agreed with Fireman’s Fund that all the chats appeared to be relevant to one or more issues in the case—such as Glazer’s work performance, her relationships with her co-workers, her opinions about how she was treated during her employment at the company, her emotional state before, during, and after her employment, the steps she took to mitigate her damages, and her personal beliefs about African Americans—and allowed them to be discoverable.[137]

VI. E-mails

[32]     While there is a myriad of other digital evidence sought in building cases, perhaps the most frequently sought and used form of digital evidence is e-mail. In Arroyo v. Volvo Group North America, LLC, a military service discrimination and disability discrimination case, e-mail evidence led to the reversal of an order granting summary judgment to Volvo.[138] The Court found that e-mails sent between Volvo employees could lead a reasonable jury to conclude that Volvo had anti-military animus against Arroyo, and discriminated against her because she had post-traumatic stress disorder.[139] The Seventh Circuit Court of Appeals found that the District Court underestimated the “strength of the emails as support for Arroyo’s case.”[140]

[33]     In those e-mails, Volvo supervisors expressed frustration with Arroyo’s taking time off from work for military service, writing “are we required to give her the day before and day after for travel?” and “I find myself with a dilemma if I were to discipline a person for taking too much time off for military reserve duty․ I certainly give her credit for serving our country but of course I am also responsible for our business needs.”[141] During Arroyo’s deployment to Iraq, her supervisor sent an e-mail to Volvo’s head of labor relations complaining that Arroyo had contacted him only once since she deployed, stating that for scheduling purposes, “it would be beneficial for us to know her status.”[142] Responding to that concern, the head of labor relations wrote in another e-mail that “[u]nfortunately, there isn’t a lot we can do. Per the law we have to wait for her. Sorry it isn’t what you wanted to hear.”[143]

[34]     Internal e-mails from Volvo personnel also provided support for Arroyo’s disability discrimination claim.[144] One such e-mail showed that Volvo considered disciplining Arroyo for being absent while she was hospitalized for her post-traumatic stress disorder, even though she previously advised Volvo of her disabling condition.[145] In another e-mail, one of Arroyo’s supervisors joked about her absence, writing that there were “several rumors for [Arroyo’s] not being here,” including that “[s]he’s on vacation in Hawaii.”[146] In yet another e-mail, a Volvo employee opined that Arroyo was “really becoming a pain with all this.”[147] 

VII. Conclusion 

[35]     Digital evidence has disrupted discovery, civil and criminal litigation, and the practice of law. Advances in technology radically changed the way in which information is created, transmitted, preserved, and accessed–as well as the way in which potential litigants communicate. Technological innovation altered the types of claims that are litigated, the way in which they are litigated, and the kinds of evidence that must be used to support and undercut those claims.

[36]     There is no turning back. The days of document production consisting primarily of paper and of hard-copy trial exhibits sitting on easels in front of juries are behind us. When asked to find information about an opposing party, the initial inclination of lawyers who have recently graduated from law school and entered the practice of law will be to check social media to obtain information about that party. To investigate the allegations in a complaint, these lawyers’ first instinct will be to search the e-mails on the client’s office computer and their messages on cell phones and tablets. All lawyers must acknowledge that digital evidence plays an important role in litigation. Those who fail to understand the relevance of technology and digital evidence to the practice of law do so at their—and their clients’—peril.

[37]     The cases discussed in this Article illustrate why lawyers need to stay abreast of changes in technology and be knowledgeable about sources of data they create.[148] To competently and effectively represent their clients, lawyers need to know which digital evidence may be relevant in a particular case, what they should request from the opposing party in discovery, the proper way in which to craft those requests, how to confirm that what they received is what they requested, how to use digital evidence in depositions, as well as how to authenticate digital evidence at trial and overcome potential objections to its admissibility.

[38]     As the widespread adoption of new technology continues, and more companies, industries, and governmental entities recognize the transformative power of big data and analytics, the volume of data that will be relevant in litigation will increase exponentially. The frequency with which digital evidence will be used in litigation, in government investigations and administrative proceedings, and at civil and criminal trials will soar. It will become clear to lawyers and clients that gaining competence, if not expertise, in the use of digital evidence is not a necessary evil, but a way to enhance the litigation strategy for a case and to increase the likelihood of a successful resolution. The ubiquity of digital evidence means that litigation and data are inextricably intertwined and that mastering “connected” discovery and maximizing the value of digital evidence are critical skills for today’s lawyers.

 

 

[1] See Zubulake v. UBS Warburg, 220 F.R.D. 212, 214 (S.D.N.Y. 2003) (stating “Electronic evidence only complicates matters. As documents are increasingly maintained electronically, it has become easier to delete or tamper with evidence (both intentionally and inadvertently) and more difficult for litigants to craft policies that ensure all relevant documents are preserved. This opinion addresses both the scope of a litigant’s duty to preserve electronic documents and the consequences of a failure to preserve documents that fall within the scope of that duty.”).

[2] See Internet of Things: Privacy and Security in a Connected World Fed. Trade Comm’n i (2015), https://www.ftc.gov/system/files/documents/reports/federal-trade-commission-staff-report-november-2013-workshop-entitled-internet-things-privacy/150127iotrpt.pdf, archived at https://perma.cc/44WA-JH2N.

[3] See The Driverless Cars Are Coming Sooner than You Think, Classifiedleaks, (Oct. 27, 2015, 8:04 AM), http://classifiedleaks.com/driverless-cars-are-coming-sooner-you-think, archived at https://perma.cc/2G36-95AX; see also Catherine Clifford, There Will Be 20 Million Self-Driving Cars on the Road by 2025, Entrepreneur (Dec. 2, 2015), http://www.entrepreneur.com/article/253468, archived at https://perma.cc/7L4C-6Z8P.

[4] See Tim Devaney, Eight Industries that Want to Fly Drones, The Hill (Oct. 25, 2014, 2:43 PM), http://thehill.com/regulation/221788-eight-industries-that-want-to-fly-drones, archived at https://perma.cc/PYG5-YWMD; see also Megan Crouse, Which Industry Uses Drones Most? Manufacturing (July 31, 2014, 9:57 AM), http://www.manufacturing.net/news/2015/07/which-industry-uses-drones-most, archived at https://perma.cc/3M2R-PA9F; Sally French, Drone Delivery Is Already Here — And It Works, MarketWatch (Dec. 15, 2015, 7:32 AM), http://www.marketwatch.com/story/drone-delivery-is-already-here-and-it-works-2015-11-30, archived at https://perma.cc/TH98-ZPH8.

[5] See Jack Bowling & Steve Quinlivan, Bitcoin Blockchain Technology to Revolutionize Financial Services, StarTribune (Jan. 10, 2016, 2:00 PM), http://www.startribune.com/bitcoin-blockchain-technology-to-revolutionize-financial-services/364706851/, archived at http://perma.cc/R8GG-TBWM; see also Dion Hinchcliffe, How Blockchain Is Likely to Transform IT and Business, ZDNet (July 31, 2015), http://www.zdnet.com/article/how-blockchain-is-likely-to-change-it-and-business-forever/, archived at https://perma.cc/9DKA-C799.

[6] See What is Telematics, Fleetmatics, https://www.fleetmatics.com/what-is-telematics, archived at (last visited Mar. 18, 2016); see also Brian Hughes, Why Telematics (Think: Driverless Cars) Is the Future, Entrepreneur (Dec. 18, 2015), http://www.entrepreneur.com/article/252578, archived at https://perma.cc/5WZ5-2C2J.

[7] See Telematics, Gartner, http://www.gartner.com/it-glossary/telematics, archived at https://perma.cc/3A3Z-XRUZ (last visited Mar. 18, 2016).

[8] See Telematics Data Helps Jail Courtesy Car Driver for Hit and Run Collision, FleetNews (Jan. 26, 2016), http://www.fleetnews.co.uk/news/fleet-industry-news/2016/01/26/telematics-data-helps-jail-courtesy-car-driver-for-hit-and-run-collision, archived at https://perma.cc/THN5-SVKM.

[9] See id.

[10] See id.

[11]See Donna J. Miller, With Help from Snapshot Insurance Device, Parma Heights Man Is Cleared of Murdering His 7-Month-Old Daughter, Cleveland.com (July 2, 2013, 3:30 PM), http://www.cleveland.com/metro/index.ssf/2013/07/with_help_from_snapshot_insura.html, archived at http://perma.cc/8FSE-Y34E.

[12] See id.

[13] See id.

[14] See id.

[15] UConnect is a multimedia infotainment system in Chrysler vehicles that integrates with smartphones, has navigation functionality and gives drivers access to physical controls that adjust features from climate control to music preferences. See Lindsay Martell, What Is Chrysler UConnect?, Autotrader (Oct. 2013), http://www.autotrader.com/car-tech/what-is-chrysler-uconnect-215353, archived at https://perma.cc/J287-CYWM.

[16] See Sean Gallagher, Opsec Fail: Baltimore Teen Car Thieves Paired Phones with Jeep UConnect, arstechnica (Feb. 11, 2016, 11:44 AM), http://arstechnica.com/security/2016/02/opsec-fail-baltimore-teen-car-thieves-paired-phones-with-jeep-uconnect/?mc_cid=db1e887d36&mc_eid=664f313ded, archived at https://perma.cc/TU63-3LUG.

[17] See id.

[18] See id.

[19] See id.

[20] See id.

[21] See Gallagher, supra note 16.

[22] See id.

[23] See Telematics Successfully Used to Overturn Speeding Prosecution, FleetNews (Feb. 10, 2015), http://www.fleetnews.co.uk/news/manufacturer-news/2015/10/01/telematics-successfully-used-to-overturn-speeding-prosecution, archived at https://perma.cc/38XF-5NKS.

[24] See id.

[25] See id.

[26] See id.

[27] See Driver Wins Speeding Case Through Telematics, The Driving Instructor Leicester (Oct. 5, 2015), http://www.the-driving-instructor-leicester.co.uk/Blog/uncategorized/driver-wins-speeding-case-through-telematics/, archived at https://perma.cc/YFW8-YKM9; see also supra note 23.

[28] See What Is GPS?, Garmin, http://www8.garmin.com/aboutGPS/index.html, archived at https://perma.cc/PE47-QS93 (stating Global Positioning System (GPS) devices use a “satellite-based navigation system made up of a network of [twenty-four] satellites placed into orbit by the U.S. Department of Defense,” and made available for private use. The satellites transmit signal information to GPS receivers that use the data to determine a vehicle’s location and display it on an electronic map on the device) (last visited Feb. 23, 2016).

[29] See People v. Ford, 935 N.Y.S. 2d 368, 368–69 (NY App. Div. 2011); see also Carly Rothman, N.Y. Judge Convicts Piscataway Man of Killing Baby Sitter, NJ.com (Feb. 19, 2009, 7:08 PM), http://www.nj.com/news/index.ssf/2009/02/ny_judge_convicts_piscataway_m.html, archived at https://perma.cc/T29R-GVDF.

[30] See id.

[31] See id.

[32] See id.

[33] See id.

[34] See State v. Jackson, 46 P.3d 257, 260 (Wash. Ct. App. 2002); see also David A. Schumann, Tracking Evidence with GPS Technology, Wisconsin Lawyer (May 2004), http://www.wisbar.org/newspublications/wisconsinlawyer/pages/article.aspx?Volume=77&Issue=5&ArticleID=810, archived at https://perma.cc/D5PZ-4G8N.

[35] See id.

[36] See id.

[37] See id.

[38] See id.

[39] See Schumann, supra note 34.

[40] See id.

[41] See id.

[42] See id.

[43] Id.

[44] See Smith v. Pac. Bell Tel. Co., 649 F.Supp.2d 1073, 1076 (E.D. Ca. 2009).

[45] See id. at 1079–80.

[46] See id. at 1078.

[47] See id. at 1079–80.

[48] See id. at 1078.

[49] See Smith v. Pac. Bell Tel. Co., 649 F.Supp.2d 1073, 1101–02 (E.D. Ca. 2009).

[50] Wearable devices contain smart sensors and wirelessly connect to smartphones through a web connection. These devices collect and track data about the person who wears them, such as activity level, heart rate, calories burned and sleep patterns. They can also be used to make payments at stores and to alert the wearer about incoming calls and e-mails. Popular types of wearables include fitness trackers, smartwatches, smart glasses, smart clothing and smart jewelry. See Dan Sung, What Is Wearable Tech? Everything You Need to Know Explained, Wareable (Aug. 3, 2015), http://www.wareable.com/wearable-tech/what-is-wearable-tech-753, archived at https://perma.cc/FW2P-NKJY; see also The Wear, Why and How, The Economist (Mar. 14, 2015), http://www.economist.com/news/business/21646225-smartwatches-and-other-wearable-devices-become-mainstream-products-will-take-more, archived at https://perma.cc/8W62-JWAS. Experts have predicted that by 2019, 173.4 million wearable devices will have been shipped worldwide. See Fueled by Growing Demand for Smart Wearables, IDC Forecasts Worldwide Wearable Shipments to Reach 173.4 Million by 2019, IDC (Sep. 14, 2015), http://www.idc.com/getdoc.jsp?containerId=prUS25903815, archived at https://perma.cc/W4NQ-UTMU; see also Dinah Wisenberg Brin, As Wearables Become More Popular, What Is HR’s Responsibility?, Society for Human Resource Management (Feb. 16, 2016), http://www.shrm.org/hrdisciplines/technology/articles/pages/as-wearables-become-more-popular-what-is-hrs-responsibility.aspx?utm_source=SHRM%20HR%20Technology%20_%20PublishThis%20(17)&utm_medium=email&utm_content=February%2016,%202016&MID=01516098&LN=Gottehrer&spMailingID=24737172&spUserID=ODM1OTI3NDQzOTgS1&spJobID=742677018&spReportId=NzQyNjc3MDE4S0#sthash.kFaSjKe3.dpuf, archived at https://perma.cc/K69G-GT27.

[51] A Fitbit is a fitness tracker that allows the wearer to monitor things such as the number of steps taken, distance covered and calories burned. Some versions include an altimeter, which keeps track of the amount of stairs climbed and some include sleep tracking. The Fitbit syncs to the wearer’s Fitbit account through a computer or mobile device and enables the wearer to view the activity data collected by the wearable device. See Robert J. Nelson, Everything You Need to Know About Fitbit, iMore (Jun. 12, 2014, 8:24 AM), http://www.imore.com/everything-you-need-know-about-fitbit, archived at https://perma.cc/UD9A-GUD8; see also Brett Hambright, Woman Staged ‘Rape’ Scene with Knife, Vodka, Called 9-1-1, Police Say, Lancasteronline.com (Jun. 19, 2015), http://lancasteronline.com/news/local/woman-staged-rape-scene-with-knife-vodka-called–/article_9295bdbe-167c-11e5-b6eb-07d1288cc937.html, archived at https://perma.cc/4WQD-9EHZ.

[52] See Hambright, supra note 51.

[53] See id. 

[54] See id.

[55] See id.

[56] See id.

[57] See Parmy Olson, Fitbit Data Now Being Used in the Courtroom, Forbes (Nov. 16, 2014, 4:10PM), http://www.forbes.com/sites/parmyolson/2014/11/16/fitbit-data-court-room-personal-injury-claim/#67483e2a209f, archived at https://perma.cc/JAX9-G8UW.

[58] See id. 

[59] See id.

[60] See id. 

[61] See Video: Distracted Driving Lawsuit Draws $1.3M Award, Automotive Fleet (Feb. 8, 2016), http://www.automotive-fleet.com/channel/safety-accident-management/news/story/2016/02/video-distracted-driving-lawsuit-draws-1-3m-award.aspx?utm_campaign=topnews-20160212&utm_source=Email&utm_medium=Enewsletter, archived at https://perma.cc/J3QG-KXLQ.

[62] See id.

[63] See id.

[64] See id.

[65] See People v. Goldsmith, 203 Cal. App. 4th 1515, 1518 (Cal. App. 2d Dist. 2012).

[66] See People v. Goldsmith, 59 Cal. 4th 258, 264 (Cal. 2014).

[67] See id.

[68] See id.

[69] See id. at 264-65.

[70] See id. at 265.

[71] See People v. Goldsmith, 59 Cal. 4th 258, 265 (2014).

[72] Id. at 267.

[73] An Event Data Recorder (EDR), also known as a “black box,” is a device that is built into a vehicle’s airbag control module and records certain information from a vehicle immediately before and/or during most crashes. The data from the event data recorder’s memory can be downloaded to provide information about what happened to the vehicle, the deployment of airbags and seat belt tensioners, as well as data about the engine speed and vehicle speed prior to the crash. See Event Data Recorders, Insurance Institute for Highway Safety (Apr. 2015), http://www.iihs.org/iihs/topics/t/event-data-recorders/qanda, archived at https://perma.cc/ULM9-58YJ (last visited Feb. 18 2016).

[74] See Commonwealth v. Zimmerman, 873 N.E.2d 1215, 1218 (2007).

[75] See id. at 1217.

[76] See id.

[77] See id.

[78] See id. at 1216, 1219.

[79] See Commonwealth v. Zimmerman, 873 N.E.2d 1215, 1217 (2007).

[80] See Matos v. State, 899 So. 2d 403, 405 (Fla. Dist. Ct. App. 2005).

[81] See id. at 405.

[82] See id.

[83] See id.

 [84] See id.

 [85] People v. Hopkins, No. 2004-0338, 2004 N.Y. Misc. LEXIS 2902, at *17.

[86] See id. at *9.

[87] See id.

[88] See id.

[89] See S.S.S. v. M.A.G., No. A-1623-09T2, 2010 N.J. Super. Unpub. LEXIS 2479, at *1 (N.J. Super. Ct. App. Div. 2010). 

[90] See id. at *3. 

[91] See id. at *4.

[92] See id.

[93] See id. at *4–5.

[94] See S.S.S., 2010 N.J. Super. Unpub. LEXIS 2479, at *8–10.

[95] See State v. McGuire, 16 A.3d 411, 419, 426 (N.J. Super. Ct. App. Div. 2011).

[96] See id. at 426.

[97] See id.

[98] See id. at 427.

[99] See id.

[100] See Reid v. Ingerman Smith LLP, No. CV-2012-0307(ILG)(MDG), 2012 U.S. Dist. LEXIS 182439, at *1 (E.D.N.Y. Dec. 27, 2012).

[101] See id. at *3.

[102] See id. at *3–4.

[103] See id. at *7.

[104] See id. at *7, 9. Using the same relevance analysis, another court similarly required the plaintiff in a race discrimination action to produce her online social media communications, including “profiles, postings, messages, status updates, wall comments, causes joined, groups joined, activity streams, applications, blog entries, photographs, or media clips, as well as third-party communications that put the plaintiff’s communications in context.” See Robinson v. Jones Lang LaSalle Americas, Inc., No. 3:12-cv-00127-PK, 2012 U.S. Dist. LEXIS 123883, at *5–6 (D. Or. Aug. 29, 2012); see also Bass v. Miss Porter’s School, No. 3:08cv1807(JBA), 2009 U.S. Dist. LEXIS 99916, at *1, *3–4 (D. Conn. Oct. 27, 2009) (finding that the defendant was entitled to receive information from the Facebook account of the plaintiff, relating to her allegation that she was teased and taunted on Facebook and through text messages, because “Facebook usage depicts a snapshot of the user’s relationships and state of mind at the time of the content’s posting” and was therefore relevant to issues of liability and damages in the case)

[105] See Romano v. Steelcase, Inc., 907 N.Y.S.2d 650, 651 (2010).

[106] See id. at 653.

[107] See id. at 654.

[108] See id.

[109] See Held v. Ferrellgas, Inc., No. 10-2393-EFM, 2011 U.S. Dist. LEXIS 120980, at *1 (D. Kan. Aug. 31, 2011).

[110] See id., at *2.

[111]See id.

[112] See id., at *3. 

[113] See United States v. Hassan, 742 F.3d 104, 117 (4th Cir. 2014).

[114] See id.

[115] See id. at 147.

[116] See id. at 141.

[117] See id. at 151. 

[118] See Collen Curry, Rutgers Trial: Dharun Ravi Sent Texts to Witness During Police Investigation, abc NEWS (Feb. 27, 2012), http://abcnews.go.com/US/rutgers-trial-dharun-ravi-texts-witness-police-investigation/story?id=15800869, archived at https://perma.cc/GE6J-XBKT.

[119] See id. 

[120] See id.

[121] Id.

[122] See David M. Halbfinger & Beth Kormanik, Rutgers Case Jurors Call Digital Evidence Crucial, N.Y. Times (Mar. 16, 2010), http://www.nytimes.com/2012/03/17/nyregion/jurors-say-digital-evidence-convinced-them-of-dharun-ravis-guilt.html?_r=0, archived at https://perma.cc/5G4U-E74U.

[123] See id.

[124] Jamil Smith, ‘I Saw Him Making Out with a Dude. Yay.,MSNBC (Sept. 30, 2010, 12:10 PM), http://www.msnbc.com/rachel-maddow-show/i-saw-him-making-out-dude-yay, archived at https://perma.cc/Q4E4-Y58B.

[125] Tyler Clementi: Rutgers Suicide, CBSNEWS, http://www.cbsnews.com/pictures/tyler-clementi-rutgers-suicide/19/, archived at https://perma.cc/HR36-RJRR (last visited Feb. 25, 2016).

[126] Amy Davidson, The Tyler Clementi Verdict, The New Yorker (Mar. 16, 2012), http://www.newyorker.com/news/amy-davidson/the-tyler-clementi-verdict, archived at https://perma.cc/3YSQ-954S.

[127] See id. 

[128] See Steinebach v. Steinebach, 957 So.2d 291, 299 (Ct. of App. La. 2007).

[129] See id.

[130] See id.

[131] See id.

[132] See id. at 300.

[133] See Steinebach, 957 So.2d at 300.

[134] See Glazer v. Fireman’s Fund Ins. Co., No. 11 Civ. 4374 (PGG) (FM), 2012 U.S. Dist. LEXIS 51658, at *1–4 (S.D.N.Y Apr. 4, 2012).

[135] See id. at *2.

[136] See id. at *1–2.

[137] See id. at *2–3. Instant messages (“IMs”) have been introduced at trial and have been found to be sufficient evidence to support a verdict. See, e.g., State v. Voorheis, 844 A.2d 794, 796–97 (2004) (text of instant messages between defendant and mother of minor girl that contained graphic and sexually explicit language offered substantial evidence that defendant had attempted to promote a lewd performance by a child and to incite another to commit a felony and supported his conviction on both charges).

[138] See Arroyo v. Volvo Group North America, LLC, 805 F.3d 278, 280–81, 287, 288 (7th Cir. 2015).

[139] See id. at 285, 287.

[140] Id. at 285.

[141] Id. at 281–82.

[142] Id. at 282.

[143] Arroyo v. Volvo Group North America, LLC, 805 F.3d at 282.

[144] See id. at 287.

[145] See id.

[146] Id. at 283.

[147] Id.

[148] See Model Rules of Prof’l Conduct R. 1.1, Cmt. 8 (2015) (“A lawyer shall provide competent representation to a client. Competent representation requires the legal knowledge, skill, thoroughness and preparation reasonably necessary for the representation.”) (“To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology….”); see also Robert Ambrogi, 20 States Have Adopted Ethical Duty of Technology Competence, LawSites (Mar. 16, 2015), http://www.lawsitesblog.com/2015/03/11-states-have-adopted-ethical-duty-of-technology-competence.html, archived at https://perma.cc/H3XG-RPT3 (stating that as of October 2015, twenty states have recognized that lawyers have a duty to be technologically competent).

Preservation: Competently Navigating Between All and Nothing

Preservation: Competently Navigating Between All and Nothing pdf_icon 

Cite as: Lauren Wheeling Waller, Preservation: Competently Navigating Between All and Nothing, 22 Rich. J.L. & Tech. 7 (2016), http://jolt.richmond.edu/v22i3/article7.pdf.

Lauren Wheeling Waller*

I. Introduction

 [1]       Merriam-Webster defines “competent” as “having requisite or adequate ability or qualities.”[1] All professions require competence to be successful—from chefs, to tailors, to NFL quarterbacks. Without the adequate ability to poach an egg, alter suits, or read defenses, they lose patrons, customers, or—in the case of a quarterback—games and fans. Lawyers are no different. Without competence, they may not be successful. However, lawyers are different than the NFL quarterback in that they have an explicit duty of competence to their clients. The Model Rules of Professional Conduct provide “[a] lawyer shall provide competent representation to a client. Competent representation requires the legal knowledge, skill, thoroughness, and preparation reasonably necessary for the representation.”[2] The comments to the Model Rules make it clear that competency also requires that lawyers “keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology . . . .”[3] With this sentence, attorneys can no longer simply put up their hands and say, “it’s e-mail and text messages, I don’t know how nor do I want to handle that.”

[2]       Additionally, some State Bars implementing their own Rules of Professional Conduct have decided that attorney competence applies to handling electronically stored information (“ESI”), and at a minimum, that attorneys be able to carry out the following:

  • [I]nitially assess e-[D]iscovery needs and issues, if any;
  • [I]mplement/cause to implement appropriate ESI preservation procedures;
  • [A]nalyze and understand a client’s ESI systems and storage;
  • [A]dvise the client on available options for collection and preservation of ESI;
  • [I]dentify custodians of potentially relevant ESI;
  • [E]ngage in competent and meaningful meet and confer with opposing counsel concerning an e-[D]iscovery plan;
  • [P]erform data searches;
  • [C]ollect responsive ESI in a manner that preserves the integrity of that ESI; and
  • [P]roduce responsive non-privileged ESI in a recognized and appropriate manner.[4]

[3]       Attorneys now need to have an understanding of the components of the Electronic Discovery Reference Model[5] and the tools available to assist in each part of that process. If they do not have the requisite understanding, they need to associate with someone who does.[6]

[4]       Preservation of ESI is implicated in at least five of the competencies specifically listed in a California Rules of Professional Conduct’s Formal Opinion,[7] but preservation for some lawyers can be a scary concept. Why? For one, data never sleeps.[8] Every minute of the day, people generate data in the form of e-mails, Instagrams, Tweets, and Snapchats.[9] If you compare the data generated in 2012 to that created in 2015, not only has the amount of data increased, but also the type of data created has increased with the proliferation of new applications that create data.[10] Identifying the type of data that needs to be preserved and how it needs to be preserved can be complicated because of this ever-changing data landscape.

[5]       Additionally, preservation provokes fear in the heart of many attorneys, because failing to preserve potentially relevant evidence can have significant adverse consequences for not only the client in the lawsuit but also for the attorneys involved.[11] Attorneys, however, now have more guidance regarding the imposition of sanctions in Federal Court, as the Federal Rules of Civil Procedure were amended to clarify when a court can impose sanctions for the failure to appropriately preserve evidence, including when evidence is intentionally destroyed.[12]

[6]       Even with the amendments to the Rules, the following questions still exist for every piece of litigation:

  • When does the duty to preserve arise?
  • What must be preserved for the potential or current litigation?
  • What steps can I take to competently preserve potentially relevant information?

[7]       Is the answer to the above questions that every piece of data in your client’s possession must be preserved? No. Is the answer to preserve only e-mails a specific custodian sends to counsel on his or her own accord, without any further discussion with counsel? No. While there is no “one size fits all” answer to preservation, this article intends to guide practitioners through the preservation rubric outlined in the cases of “e-Discovery Canon,”[13] as well as recent case law and the 2015 amendments to the Federal Rules of Civil Procedure. This article also outlines questions practitioners should ask their clients and themselves in order to competently identify and preserve ESI.

II. The Duty to Preserve

[8]       The first question that a lawyer must answer is whether the duty to preserve has been triggered. Common law creates the duty to preserve evidence, and litigants owe this duty to the court, not just the opposing party.[14] Some commentators argue that the duty to preserve may be the most important duty a litigant has, in that failing to meet this duty can deprive the court of the ability to properly assess the claims of the parties before it.[15] This duty “arises not only during litigation but also extends to that period before the litigation when a party reasonably should know that the evidence may be relevant to the anticipated litigation.”[16] In the context of litigation for plaintiffs, the duty arises before the lawsuit is filed, and for defendants when the lawsuit is served, at the very latest.[17]

[9]       To be clear, though, whether a party is filing or has filed a lawsuit is not the test—it is the reasonable anticipation of litigation, in whatever form that takes. Recently, in Clear-View Technologies, Inc. v. Rasnic Magistrate Judge Paul S. Grewal (no stranger to preservation and e-Discovery issues[18]) found that a text message sent to a defendant over two years before suit was filed and eight months before any preservation notice was sent to the defendant triggered the duty to preserve.[19] Magistrate Judge Grewal stated that Plaintiff’s then-CEO “made clear in text messages to [defendants] that he was prepared to sue them for trying to interfere with” a potential business investment.[20] In his opinion, Judge Grewal noted that while the then-CEO later sent text messages apologizing for his previous texts, at no time did he take back his threat of litigation.[21] In the context of non-lawsuit triggers, courts have also found that a presentation regarding potential patent infringement claims,[22] ultimatums made to a CEO to “comply with [an] injunction” or face a lawsuit,[23] and of course, requests in writing that an individual or entity preserve evidence that may be relevant to a dispute trigger the duty to preserve.[24]

[10]     Accordingly, practitioners should not depend on the arrival of a complaint to trigger a client’s duty to preserve. While service of pleadings certainly can and does trigger the duty to preserve, once apprised of a potential dispute, practitioners should ask their clients not only about the facts of the potential dispute, but also how they communicated with the individuals involved with the potentially adverse party—in-person, telephone, e-mail, text messages, and/or any other medium of communication. As a practical matter, these queries will be easier the more you know about your client’s business and data landscape.[25] While a slip-and-fall, a failure to make a specified delivery under the terms of a contract, or a malfunction of a piece of equipment causing injury will remain clear triggers for the duty to preserve, practitioners should not overlook the wide variety of ways individuals now communicate with one another when analyzing whether and when the duty to preserve was triggered.

III. The Scope of Preservation

[11]     The duty to preserve evidence includes “an obligation to identify, locate, and maintain[] information that is relevant to specific, predictable, and identifiable litigation.[26] The duty pertains, however, only to relevant documents.[27] Relevant documents include:

[A]ny documents or tangible things . . . made by individuals “likely to have discoverable information that the disclosing party may use to support its claims or defenses.” The duty also includes documents prepared for those individuals to the extent those documents can be readily identified (e.g., from the “to” field in e-mails). The duty also extends to information that is relevant to the claims or defenses of any party, or which is “relevant to the subject matter involved in the action.” Thus, the duty to preserve extends to those employees likely to have relevant information—the “key players” in the case.[28]

The cases are clear on one point: once the duty to preserve is triggered, not every piece of data belonging to an organization must be preserved, just as every piece of paper belonging to an organization is not required to be preserved.[29] The cases outlined below demonstrate as much.

[13]     In Blue Sky Travel & Tours, LLC v. Al Tayyar, the Fourth Circuit vacated and remanded the district court’s decision to impose severe sanctions on the defendant for failing to preserve certain invoices requested by the plaintiff.[30] In this breach of contract action, the plaintiff’s damages included a claim for lost profits, and in an effort to prove those lost profit claims, the plaintiff requested that the defendant produce certain invoices.[31] When the defendant did not provide the invoices, the plaintiff moved to compel their production.[32] The court granted the motion, but the defendant still did not produce the invoices because the documents were not retained.[33] The plaintiff then moved for sanctions, and the magistrate recommended the court grant the motion and provide an adverse inference instruction.[34] The problem with this recommendation and ruling, though, was that the magistrate judge ruled that the defendant had a duty to hold “all” documents, stating:

[W]hen this litigation started, the defendants were required by law to preserve. Any document retention policy you had had to be stopped. . . . [o]nce you are put on notice that there is litigation pending, or once litigation starts, you are required . . . to stop [your] normal document retention policies and to preserve [ALL] documents because you don’t know what may or may not be relevant.[35]

[14]     The Fourth Circuit vacated and remanded the magistrate’s decision because the lower court used the incorrect standard for the duty to preserve.[36] The Fourth Circuit noted that a party may be sanctioned for spoliation if the party “(1) had a duty to preserve material evidence, . . . (2) willfully engaged in conduct resulting in the loss or destruction of that evidence, [and] (3) at a time when the party knew, or should have known, that the evidence was or could be relevant to the litigation.”[37] The Fourth Circuit reiterated that a party is not required to preserve all of its documents, only documents that the party knew or should have known were or could be relevant to the parties’ dispute.[38]

[15]     In Wandering Dago, Inc. v. N.Y. State Office of Gen. Servs., the court had to decide whether officials in one governmental agency and their attorney could be sanctioned for the destruction of e-mails, according to the terms of an e-mail retention policy, belonging to another governmental agency.[39] More to the point, the court had to determine whether a preservation obligation for one governmental agency involved in a specific litigation automatically applies to every other governmental agency not involved in the litigation.[40] The court said no, as the defendant agencies in the litigation had no control over the other governmental agencies’ e-mails.[41] Therefore, the defendant agencies had no obligation to preserve the other non-party agencies’ e-mails.[42] The court noted that to require a governmental agency in litigation to preserve and produce documents belonging to another governmental agency not a party to the litigation would “subject all [ ] agencies, the legislature, the judiciary, quasi-state agencies, and possibly public authorities to disclosure scrutiny, notwithstanding their relative remoteness to the case.”[43] The court found that “state agencies for most purposes are separate and distinct organs and should not be viewed in the aggregate.”[44] Moreover, the court noted that requiring each governmental agency “and thousands of officials to institute a litigation hold every time a party contemplates or even commences litigation against another agency would paralyze the State.”[45]

[16]     In AMC Technology, LLC v. Cisco Systems, Inc., Magistrate Judge Grewal distinguished between documents parties are obligated to preserve and those that they are not obligated to preserve and that can be destroyed as part of a routine retention policy.[46] Pursuant to Cisco’s document retention policy, Cisco reformatted departed employees’ laptops and deleted e-mail archives thirty days after an employee’s departure.[47] After one employee’s departure, and the deletion of his data, AMC requested his custodial data.[48] When Cisco did not provide the data because it had been destroyed according to its retention policy, AMC moved for spoliation sanctions.[49]

[17]     Judge Grewal held that sanctions were not warranted because Cisco was under no obligation to preserve his data at the time it was destroyed.[50] Judge Grewal underscored that the “scope of this duty is confined to what is reasonably foreseeable to be relevant to this action. Requiring a litigant to preserve all documents, regardless of their relevance, would cripple parties who are often involved in litigation . . . .”[51] In its analysis, the court also noted that the disposal of the employee’s documents “appears to have been routine—Cisco followed established company procedure, which deletes company emails and information within thirty days.”[52]

[18]     These cases provide a framework for identifying the scope of preservation. While each case turns on its own unique facts, these cases demonstrate that preserving everything is not the requirement of the duty to preserve, as such a requirement would create inefficiencies for business and government entities attempting to carry out their daily functions. Moreover, they show that only those documents that are reasonably foreseeable to be relevant to the action at the time the duty is triggered must be preserved. Obviously, what is relevant can change during the course of an investigation. As a result, practitioners should continue to monitor what has been preserved and the pertinent issues in the litigation to continue to observe their preservation obligations.

A. Identifying What Must Be Preserved

[19]     So the next question is: how do you identify and preserve documents that are potentially relevant to the parties’ dispute? Understanding who created and possesses potentially relevant ESI—and how that ESI is stored—is the first step to competently complying with the duty to preserve. Not taking these steps can lead to the destruction of potentially relevant information, and adverse consequences for that destruction. Brown v. Tellermate Holdings Ltd. outlines the failings of practitioners in executing their duty to identify and preserve potentially relevant ESI, and thus provides a good description of what practitioners need to do to competently comply with their preservation obligations.

[20]     In Brown v. Tellermate Holdings Ltd., the court found that Tellermate’s counsel “failed to uncover even the most basic information about an electronically-stored database of information” and that “as a direct result of that failure, took no steps to preserve the integrity of the information in that database.”[53] In this age discrimination case, the plaintiffs requested reports from both of their accounts in salesforce.com, a web-based application that allows businesses to track sales activities, as well as a number of other employees’ reports.[54] While at Tellermate, the plaintiff employees knew that Tellermate acquired licenses for their sales team to use salesforce.com and encouraged its employees to use it.[55] During discovery, Tellermate contended that it could not produce the reports because, among other things, Tellermate could not “print out accurate historical records from salesforce.com. . . .”[56] Counsel for Tellermate represented to the court that “Tellermate [did] not possess or control data maintained in the salesforce.com database and [was] not at liberty to produce it in discovery,” as well as that no one from Tellermate “has access to [the] ESI of salesforce.com . . . .”[57] However, in direct contradiction from its attorneys’ representations to the court, Tellermate’s representative testified that “any Tellermate employee with a login name and a password could access . . . historical information . . . at any time.”[58]

[21]     Additionally, after the plaintiffs’ departure, Tellermate changed the user names to the their accounts and took no action to preserve the information in the plaintiffs’ accounts, as the data in their accounts could be changed or deleted by salesforce.com administrators at the company.[59] For the above actions, the court admonished Tellermate’s counsel, stating “all of this information was clearly known to at least some Tellermate employees since Tellermate began using salesforce.com; had the right questions been asked of the right people, counsel would have known it as well.”[60]

[22]     The court also found that “counsel apparently never identified the persons having responsibility for salesforce.com information, which would have included those Tellermate employees (named by the [plaintiffs] in their document request) whose salesforce.com accounts were being requested, or the persons designated by Tellermate as its salesforce.com administrators.”[61] In short, the court found that “counsel had an affirmative obligation to speak to the key players at Tellermate so that counsel and client could identify, preserve, and search the sources of discoverable information.”[62]

[23]     To competently preserve ESI, practitioners must determine the individuals who may have knowledge or information about the different issues involved in the dispute, then determine what potentially relevant documents and data those individuals have in their possession, custody, or control.[63] Simultaneously, practitioners should speak with their client’s information technology personnel, who can explain the company’s system-wide back up procedures, any “auto-delete” functions, and gain a general overview of where and how data resides throughout the company (e.g., e-mail servers, file share servers, VM systems, databases, etc.).[64] These steps allow a practitioner to ask the right questions of the right people in order to determine where potentially relevant information resides.

[24]     Additionally, asking the right questions of the right people can also inform your decision as counsel as to what is reasonably accessible and therefore reasonably can be preserved. For example, if you learn from information technology personnel that the company’s disaster recovery systems are truly disaster recovery systems rather than a form of long-term storage, it may be worth mentioning at a Fed. R. Civ. P. 26(f) conference or meeting that, because these systems are for disaster recovery only, they are not reasonably accessible and will not be preserved.[65]

[25]     Moreover, discussing the data landscape with key custodians and information technology personnel provides valuable information about the various data sources and the amount it may cost to preserve those data sources, which can provide insight into whether producing from that data source is proportional to the needs of the case.[66] For example, in You v. Japan the court allowed defendant Sankei, a newspaper publisher, to modify a piece of a preservation order because of the undue burden it was placing on its business.[67] The preservation order required each party to take affirmative steps to preserve evidence related to the action by ceasing “any document destruction programs and any ongoing erasures of e-mails, voicemails, and other electronically recorded materials.”[68] Sankei took steps to comply with the order, including retaining versions of articles that it placed in a proprietary application used for laying out each edition of the newspaper.[69] The application typically retained these versions for 90 days.[70] Sankei stated that requiring that application to retain the article versions for greater than 90 days “could slow down the system or cause it to crash.”[71] Sankei also stated that installing a new storage system could take up to eight months and would cost $18 million.[72] Accordingly, Sankei filed a motion for relief from the preservation order and proposed an alternative method to preserve the documents in the proprietary application.[73] The Court, noting plaintiffs’ objections, granted Sankei’s proposal and included a modification proposed by the plaintiffs.[74] Without asking the right questions of the right people, Sankei may not have been able to seek an alternative that would allow it to continue functioning as a business and maintain its preservation obligations.

B. The Litigation Hold

[26]     While the litigation hold or legal hold notice should now be part of every practitioner’s litigation checklist, it is still an integral part of competently complying with the duty to preserve. As the court in Zubulake V stated, “[o]nce a party reasonably anticipates litigation, it must suspend its routine document retention/destruction policy and put in place a ‘litigation hold’ to ensure the preservation of relevant documents.”[75]

[27]     A litigation hold informs custodians and information technology personnel about the lawsuit and their preservation obligations to preserve potentially relevant information relating to the lawsuit.[76] However, implementing the litigation hold does not end a party’s preservation obligations—“[c]ounsel [also] must oversee compliance with the litigation hold.”[77]

[28]     Apple Inc. v. Samsung Electronics Co., Ltd. demonstrates the potential consequences of failing to monitor compliance with a litigation hold. There, Magistrate Judge Grewal analyzed “whether Samsung took adequate steps to avoid spoliation after it should have reasonably anticipated” litigation.[78] In this case, a Samsung entity/defendant failed to disable the “auto-delete” function of its e-mail system after the duty to preserve was triggered.[79] Judge Grewal noted that it is “generally recognized that when a company or organization has a document retention policy, it is ‘obligated to suspend’ that policy and ‘implement a “litigation hold” to ensure the preservation of relevant documents’ after the preservation duty has been triggered.”[80] Samsung issued a litigation hold notice requesting employees to “preserve any and all [] documents that may be relevant to the issues in the potential litigation . . . until [the potential litigation] is fully resolved.”[81] However, while the litigation hold notice provided categories of documents that should be retained, Samsung took no steps to evaluate what its employees were doing to comply with the litigation hold notice, especially in light of the continued use of the auto-delete function.[82] While under the legal hold, Samsung never checked to see whether a single custodian was in compliance with the given directives.[83]

[29]     Practitioners and clients should consistently monitor employee and information technology compliance with their legal hold directives. The longer a legal hold is in place and the more time that goes by opens companies up to something that can be described as “Litigation Hold Fatigue,” resulting in less enthusiastic preservation practices.[84] Additionally, as noted above, issues in a litigation change, which can change what needs to be preserved. Follow-up reminders and revisions to litigation holds not only assist in complying with preservation obligations, but they can also assist in defining the scope of preservation.

IV. What Can We Learn From Failing to Preserve

[30]     Cases outlining complete failures to preserve are instructive to practitioners as a template for “Preservation Do Nots.” In Altercare, Inc. v. Clark, the Ohio Court of Appeals was required to determine whether the trial court abused its discretion in dismissing Altercare’s case against its former employee, Clark, for failing to preserve the former employee’s computer after the obligation to preserve arose.[85] After being told not to return to Altercare for work, Clark’s attorney sent Altercare a letter stating that it had breached Clark’s employment contract, and requesting that Altercare preserve evidence relevant to the dispute.[86] The preservation notice portion of the letter provided a non-exhaustive list of data covered by Altercare’s obligation, as well as ways that Altercare could comply with its obligation.[87] Once suit was filed, Clark requested in discovery all ESI relating to Clark and/or Clark’s employment with Altercare.[88]

[31]     The trial court attempted to determine what Altercare did to preserve Clark’s ESI on numerous occasions.[89] The court found that, at one point, Altercare returned a different hard drive to Clark than belonged to the work computer she sent the company for preservation.[90] The trial court held that Altercare did not preserve Clark’s work computer, failing to either “[pull] it out of service or [make] a copy or clone of its hard drive at the time Ms. Clark put [Altercare] on notice” of its obligation to preserve.[91] Because the trial court found that Altercare’s conduct in failing to preserve Clark’s work computer showed “such extreme carelessness and indifference,” the trial court dismissed Altercare’s complaint.[92] The Court of Appeals affirmed the trial court’s ruling, finding that Altercare “took no action whatsoever” to preserve Clark’s computer, either when she was terminated—even though it was reasonably foreseeable that litigation with Clark was probable—or after receiving the preservation notice from Clark’s attorney.[93] Notably, the Court of Appeals also recognized that the trial court “found that there was no evidence that Clark’s computer was lost as a result of a routine, good faith operation,” [94] such as a retention schedule.

[32]     Similarly, in Alter v. Rocky Point Sch. Dist., in ruling on the Plaintiff’s motion to compel and for sanctions in a workplace discrimination claim, the court found that defendants had failed to satisfy their duty to preserve relevant evidence.[95] The court based its ruling on the following facts:

  • Defendants failed to issue a timely litigation hold, instead waiting more than two years after Plaintiff filed a Notice of Claim;[96]
  • Defendants “failed to discuss the litigation hold with key players” in the lawsuit;[97]
  • Defendants failed to inform key custodians regarding their obligation to preserve relevant evidence “on whatever devices contained the information, [including] [personal] laptops, cellphones or any personal digital devices capable of ESI storage.”[98]

[33]     In Clear-View Techs., discussed above, the defendants took “no reasonable steps to preserve relevant evidence” and, in fact, “affirmatively destroyed it,” after the text message that triggered the preservation obligation was sent and, in some cases, after the preservation letter was received and after suit was filed.[99]

[34]     In each of these cases, the party responding to destruction allegations failed to take reasonable steps to preserve potentially relevant evidence—no litigation holds issued, no custodian interviews performed or even simple questions asked, and in a workplace discrimination suit, the terminated employee’s workstation was not preserved—and was then punished in some manner by the court. As these cases demonstrate, it is this failure to competently preserve potentially relevant evidence that places clients and their attorneys on rocky ground with the court.

[35]     Prior to the 2015 amendment of Rule 37(e), the sanctions imposed by courts because of the destruction of evidence, whether through negligence or bad faith, created inconsistencies in the sanctions imposed throughout the federal circuits.[100] In one circuit, a party could receive an adverse inference instruction from the grossly negligent deletion of an employee’s ESI,[101] while in another, an adverse inference instruction was appropriate only where there was a finding of bad faith in the destruction of the evidence.[102] Amended Rule 37(e) no longer allows courts to punish parties through an adverse inference instruction in the wake of destroyed evidence if they can show they took reasonable steps to preserve evidence.[103]

[36]     So what does this mean for practitioners? In the words of algebra teaches everywhere, litigants must “show their work.” Litigants should document the processes by which and steps they took to preserve potentially relevant evidence. The following steps, while not all-inclusive, and when they were taken should be well-documented by practitioners:

  • Issue a litigation hold that outlines the potential forms of ESI (e-mail, text messages, word documents, databases, etc.) and the potential sources of ESI (e-mail mailbox, smart phone, workstation, network servers, social media accounts, etc.) available to custodians;[104]
  • Identify and interview key players and custodians regarding their ESI forms and sources;
  • Interview information technology personnel regarding forms and sources of ESI available to employees and other personnel at the company, as well as the back-up and disaster recovery systems in place;
  • Document which devices were identified as having potentially relevant evidence and how each device was preserved for each custodian;
  • Document how specific information on servers and other company sources was identified and preserved;
  • Monitor legal hold compliance and refresh litigation hold notice as issues in the litigation evolve and new custodians are identified and new employees hired;
  • Disable and document the disabling of “auto-delete” functions for systems containing such functions;
  • Evaluate software offerings available to assist with the implementation of a legal hold;[105]
  • Analyze records management or retention policies for those categories of documents under a litigation hold to ensure routine destruction as to those documents has stopped.

[37]     Practitioners should document what was done and when it was done to demonstrate to the court how they took reasonable steps to preserve ESI. Taking the time to identify whose data and what sources and forms of data need to be preserved, and then “showing your work” by documenting those preservation steps and the considerations necessary to make those choices, demonstrates competence and may save you from headaches and discord later.

* Lauren Wheeling Waller is a partner at Williams Mullen and chairs the firm’s e-Discovery and Information Governance Practice Group. She is an experienced litigator and provides guidance in crafting defensible and uniform approaches to records management and retention, litigation hold implementation, as well as managing complex e-Discovery projects in commercial litigation and investigations. She has written and spoken frequently on electronic discovery topics and is a member Working Group I on Electronic Document Retention and Production of The Sedona Conference.

 

 

[1] Competent, Merriam-Webster, http://www.merriam-webster.com/dictionary/competent, archived at https://perma.cc/VZ57-Z6TR (last visited Feb. 25, 2016).

[2] Model Rules of Prof’l Conduct R. 1.1 (2014).

[3] Model Rules of Prof’l Conduct R. 1.1 cmt. 8 (2014) (emphasis added).

[4] State Bar of Cal. Standing Comm. on Prof’l Responsibility & Conduct, Formal Op. 2015-193, 3–4 (2015) [hereinafter Cal. Ethics Op.] (emphasis added) (internal citations omitted).

[5] See EDRM Stages, EDRM, http://www.edrm.net/resources/edrm-stages-explained, archived at https://perma.cc/D63L-HC9E (last visited Feb. 25, 2016).

[6] See Cal. Ethics Op., supra note 4, at 3; see also HM Electronics, Inc. v. RF Techs., Inc., No. 12cv2884-BAS-MDD, 2015 WL 4714908, at *24 (S.D. Cal. Aug. 7, 2015) (holding that an “attorney’s duty to supervise the work of consultants, vendors, and subordinate attorneys is non-delegable. ‘An attorney must maintain overall responsibility for the work . . .,’ and, must do so by remaining regularly engaged in the . . . work.”) (internal citations omitted) (emphasis in original).

[7] See Cal. Ethics Op., supra note 4, at 3–4. (“[I]nitially assess e-[D]iscovery needs and issues, if any; [I]mplement/cause to implement appropriate ESI preservation procedures; [A]nalyze and understand a client’s ESI systems and storage; [A]dvise the client on available options for collection and preservation of ESI; [I]dentify custodians of potentially relevant ESI; [C]ollect responsive ESI in a manner that preserves the integrity of ESI”).

[8] See generally Data Never Sleeps 3.0, DOMO, https://web-assets.domo.com/blog/wp-content/uploads/2015/08/15_domo_data-never-sleeps-3_final1.png, archived at https://perma.cc/HN24-72YD (last visited Feb. 11, 2016). 

[9] See id.

[10] Compare id., with Data Never Sleeps 2.0, DOMO, www.domo.com/learn/data-never-sleeps-2, archived at https://perma.cc/83QJ-HM8Q (last visited Feb. 11, 2016), and Data Never Sleeps, DOMO, www.domo.com/blog/2012/06/how-much-data-is-created-every-minute, archived at https://perma.cc/Q5LW-ZK4B (last visited Feb. 11, 2016) (noting that applications such as Snapchat and Tinder were not identified in 2012 but generated vast amounts of data in 2015).

[11] See Victor Stanley, Inc. v. Creative Pipe, Inc., 269 F.R.D. 497, 538–41 (D. Md. 2010) (recommending sanctions including permanent injunction and attorneys’ fees); Malibu Media, LLC v. Tashiro, No. 1:13-cv-00205-WTL-MJD, 2015 U.S. Dist. LEXIS 64281, at *104 (S.D. Ind. May 18, 2015) (granting motion for sanctions for default judgment); HM Elecs., Inc. v. RF Techs., Inc., No. 12cv2884-BAS-MDD, 2015 WL 4714908, at *31–35 (S.D. Cal. Aug. 7, 2015) (recommending adverse inference instruction, as well as other sanctions). As these cases indicate, EDRM preservation tends to be the area where attorneys and clients make the most mistakes.

[12] See Fed. R. Civ. P. 37(e) (allowing for sanctions only when information is lost and cannot be replaced, and the court finds that another party is prejudiced from the loss or that the party acted with the intent to deprive the other party of information).

[13] See Pension Comm. of Univ. of Montreal Pension Plan v. Banc of Am. Sec., LLC, 685 F. Supp. 2d 456, 461 (S.D.N.Y. 2010) [hereinafter Pension Comm.], abrogated by Chin v. Port Auth. of N.Y. & N.J., 685 F.3d 135, 143 (2d Cir. 2012); Rimkus Consulting Grp. v. Cammarata, 688 F. Supp. 2d 598, 607 (S.D. Tex. 2010); Victor Stanley, Inc., 269 F.R.D. at 499–500; Zubulake v. UBS Warburg LLC (Zubulake V), 229 F.R.D. 422, 424 (S.D.N.Y. 2004), Zubulake v. UBS Warburg LLC (Zubulake IV), 220 F.R.D. 212, 214 (S.D.N.Y. 2003).

[14] See Victor Stanley, Inc., 269 F.R.D. at 525 (noting “the duty to preserve evidence relevant to litigation of a claim is a duty owed to the court.”) (emphasis in original).

[15] See Monica McCarroll, Discovery and the Duty of Competence, 26 Regent U. L. Rev. 81, 91 (2013).

[16] Silvestri v. Gen. Motors Corp., 271 F.3d 583, 591 (4th Cir. 2001).

[17] See Pension Comm., 685 F. Supp. 2d at 466.

[18] See generally Apple Inc. v. Samsung Elecs. Co., Ltd., 881 F. Supp. 2d 1132, 1132 (N.D. Cal. 2012).

[19] See Clear-View Techs., Inc. v. Rasnick, No. 5:13-cv-02744-BLF, 2015 U.S. Dist. LEXIS 63579, at *3. The text message stated, in part, “[D]on’t call my shareholders with your b.s. That is [tortious] economic interference. I will not accept this. . . . [K]eep it up and you’ll find [yourself] in court[.] Call Clyde again and I sue. Mark my words.” Id at *3–4 (alteration in original).

[20] Id. at *3.

[21] See id. at *21.

[22] See Apple Inc., 881 F. Supp. 2d at 1145 (noting that the presentation from Apple provided Samsung with “more than just a vague hint” that litigation “was at least foreseeable, if not ‘on the horizon.’”).

[23] In re Napster, Inc. Copyright Litig., 462 F. Supp. 2d 1060, 1069 (N.D. Cal. 2006).

[24] See, e.g., Altercare, Inc. v. Clark, 9th Dist. No. 12CA010211, 2013-Ohio-2785, at ¶ 2.

[25] While discussed only in the context of preservation below, information about a client’s data landscape prior to litigation should be part of an overall information governance effort. See Information Governance Reference Model (IGRM), EDRM, www.edrm.net/projects/igrm, archived at https://perma.cc/6F5N-D633 (last visited Mar. 18, 2016) [hereinafter IGRM].

[26] Apple Inc., 881 F. Supp. 2d at 1137; The Sedona Conference, The Sedona Conference Commentary on Legal Holds: the Trigger & the Process 1 (Conor R. Crowley et al. eds., 2007), https://thesedonaconference.org/download-pub/77, archived at https://perma.cc/EP4B-2AAY (download required).

[27] See Pension Comm., 685 F. Supp. 2d 456, 466 (S.D.N.Y. 2010), abrogated by Chin v. Port Auth. of N.Y. & N.J., 685 F.3d 135, 143 (2d Cir. 2012).

[28] Zubulake IV, 220 F.R.D. at 217–18. While this case was decided under the pre-2015 amendment scope of discovery, it remains a seminal case in defining the scope of the duty to preserve.

[29] See id. at 217 (noting that the duty to preserve does not require litigants to preserve “every shred of paper, every e-mail or electronic document, and every backup tape[.]”).

[30] See Blue Sky Travel & Tours, LLC v. Al Tayyar, 606 Fed. Appx. 689, 690 (4th Cir. 2015).

[31] See id. at 691.

[32] See id.

[33] See id. at 692.

[34] See id. at 692–93.

[35] Blue Sky Travel & Tours, LLC, 606 Fed. Appx. at 692.

[36] See id. at 690.

[37] Id. at 697–98.

[38] See id.

[39] See Wandering Dago Inc. v. N.Y. State Office of Gen. Servs., No. 1:13-CV-1053 (MAD/RFT), 2015 U.S. Dist. LEXIS 69375, at *1 (N.D.N.Y. May 29, 2015).

[40] See id. at *1–2.

[41] See id. at *22 (“Defendants correctly assert that they have no control over [Defendants’] emails. . . .”).

[42] See id.

[43] Id. at *23 (quoting N.Y. v. Amtrak, 233 F.R.D. 259, 266 (N.D.N.Y. 2006).

[44] Wandering Dago Inc., 2015 U.S. Dist. LEXIS 69375, at *24.

[45] Id. at *24–25.

[46] See AMC Tech., LLC v. Cisco Sys. Inc., No. 11-cv-3403 P, 2013 U.S. Dist. LEXIS 101372, at *4 (N.D. Cal. July 15, 2013).

[47] See id. at *4.

[48] See id. at *5–7.

[49] See id.

[50] See id. at *10.

[51] AMC Tech., LLC, 2013 U.S. Dist. LEXIS 101372, at *9.

[52] Id. at *11.

[53] Brown v. Tellermate Holdings, Ltd., No. 2:11-cv-1122, 2014 U.S. Dist. LEXIS 90123, at *6 (S.D. Ohio July 1, 2014).

[54] See id. at *7, *10.

[55] See id. at *8.

[56] Id. at *11.

[57] Id. at *13.

[58] Brown, 2014 U.S. Dist. LEXIS 90123, at *14.

[59] See id.

[60] Id. at *19 (emphasis added).

[61] Id. at *52–53.

[62] Id. at *56.

[63] See Zubulake V, 229 F.R.D. 422, 432 (S.D.N.Y. 2004); see also McCarroll, supra note 15, at 94–95.

[64] See Zubulake V, 229 F.R.D. at 432.

[65] See Zubulake IV, 220 F.R.D. 218. Amended Rule 26(f) now puts issues of preservation at the forefront of a 26(f) conference. See Fed. R. Civ. P. 26(f)(3)(C) (“A discovery plan must state the parties’ views and proposals on: . . . any issues about disclosure, discovery, or preservation of electronically stored information, including the form or forms in which it should be produced . . . .”) (emphasis added); see also Fed. R. Civ. P. 37(e), advisory committee’s note on 2015 amendments (“A party may act reasonably by choosing a less costly form of information preservation, if it is substantially as effective as more costly forms.”).

[66] Fed. R. Civ. P. 26(b)(1) (“Parties may obtain discovery regarding any nonprivileged matter that is relevant to any party’s claim or defense” and proportional to the needs of the case).

[67] See Hee Nam You v. Japan, No. C 15-03257 WHA, 2015 U.S. Dist. LEXIS 123877, at *2–5 (N.D. Cal. Sept. 16, 2015).

[68] Id. at *2.

[69] See id. at *2–3.

[70] See id. at *3.

[71] Id.

[72] See Hee Nam You, 2015 U.S. Dist. LEXIS 123877, at *3.

 [73] See id.

[74] See id. at *4–5.

[75] Zubulake V, 229 F.R.D. at 431 (quoting Zubulake IV, 220 F.R.D. at 218).

[76] See id. at 439.

[77] Id. at 432.

[78] Apple Inc. v. Samsung Elecs. Co., Ltd., 881 F. Supp. 2d 1132, 1134 (N.D. Cal. 2012).

[79] See id. In his opinion, Judge Grewal again reiterated that the duty to preserve includes identifying, locating, and maintaining information that is relevant to the litigation. See id. at 1137.

[80] Id. at 1137 (internal citations omitted).

[81] Id. at 1142–43.

[82] See id. at 1145.

[83] See Apple Inc., 881 F. Supp. 2d at 1147.

[84] See generally Legal Hold Software, Exterro, http://www.exterro.com/e-discovery-software/legal-hold/, archived at https://perma.cc/HS9M-VFVQ (last visited Feb. 20, 2016) (“Help custodians understand the importance of pending obligations, fight ‘notice fatigue’ by those on multiple legal holds, and promote consistent compliance.”).

[85] See Altercare, Inc. v. Clark, 9th Dist. No. 12CA010211, 2013-Ohio-2785, at ¶ 12.

[86] See id. at ¶ 2.

[87] See id. (“Altercare can most easily comply with its obligation by making mirror-image bit stream back-up copy of computers and storage media (such as hard disk drive[s], floppy disks, CDs, DVDs, back-up tapes, or any other electronic data), which will inexpensively preserve relevant electronic and digital evidence on searchable CD-ROMs or DVD.”).

[88] See id. at ¶ 3.

[89] See id. at ¶¶ 3–10.

[90] See Altercare, 2013-Ohio-2785, at ¶ 6.

[91] Id. at ¶ 10.

[92] Id.

[93] Id. at ¶¶ 2, 16.

[94] Id. at ¶ 16.

[95] See Alter v. Rocky Point Sch. Dist., No. 13-1100 (JS) (AKT), 2014 U.S. Dist. LEXIS 141020, at *3 (E.D.N.Y. Sept. 30, 2014).

[96] See id. at *28.

[97] Id. at *23.

[98] Id. *22­–24, *26, *28.

[99] Clear-View Techs., Inc. v. Rasnick, No. 5:13-cv-02744-BLF, 2015 U.S. Dist. LEXIS 63579, at *21–23 (noting that defendants “failed to implement a hold policy,” “deleted thousands of relevant emails, [and] discarded several phones, laptops, [and] iPads…”).

[100] Compare Residential Funding Corp. v. DeGeorge Fin. Corp., 306 F.3d 99, 108 (2nd Cir. 2002) (“The sanction of an adverse inference may be appropriate in some cases involving the negligent destruction of evidence because each party should bear the risk of its own negligence.”), with United States v. Artero, 121 F.3d 1256, 1259 (9th Cir. 1997) (noting that a “district judge did not abuse his discretion by refusing to give an adverse inference instruction, because the appellant showed neither bad faith imputable to the federal government nor prejudice from the loss and destruction of the evidence.”) (citing United States v. Jennell, 749 F.2d 1302, 1308–09 (9th Cir. 1984)).

[101] See Sekisui Am. Corp. v. Hart, 945 F. Supp. 2d 494, 504 (S.D.N.Y. 2013).

[102] See Rimkus Consulting Grp. v. Cammarata, 688 F. Supp. 2d 598, 614 (S.D. Tex. 2010).

[103] See Fed. R. Civ. P. 37(e) advisory committee’s note on 2015 amendments (“The rule only applies if the information was lost because the party failed to take reasonable steps to preserve the information.”).

[104] See generally D.O.H. v. Lake Cent. Sch. Corp., No. 2:11-cv-430, 2015 U.S. Dist. LEXIS 20259, at *23–25 (N.D. Ind. Feb. 20, 2015) (discussing where custodians identify social media as a potential source of potentially relevant information, practitioners should take steps to ensure that they understand how to preserve data from a social media site or engage a third-party vendor that does understand both how the site works and how to preserve the data contained in the site.).

[105] See generally Jie Zhang & Garth Landers, Magic Quadrant for E-Discovery Software, Gartner (May 18, 2015), https://www.gartner.com/doc/reprints?id=1-2G57ESF&ct=150519&st=sb, archived at https://perma.cc/SC7T-8DJP (evaluating over twenty e-Discovery software vendors).

Big Tech Company v. Federal Government Part I: Is Code Speech? Is Privacy at Stake?

think_different_apple-1680x1050By: Biniam Tesfamariam,

Silicon Valley Company against the Federal Government, who will win? Apple has so far refused to comply with a federal magistrate-judge’s demands of the company assisting the FBI to break the encryption of an iPhone. More specifically, Apple was asked to create new software that would allow law enforcement officials to break into the iPhone. Not just any iPhone, but the one iPhone that belonged to one of the San Bernardino shooters -of last year- responsible for killing 14 people in California.

So what is at issue here? There are multiple, one being centered around the All Writs Act, which in a nutshell, allows courts to make a company turn over a customer’s data to law enforcement.[1] The act reads, “The Supreme Court and all courts established by Act of Congress may issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law; an alternative write or rule nisi may be issued by a justice or judge of a court which has jurisdiction”.[2]

The Apple’s main issue with such a request is the apparent risk of all customer data by legal precedent. Never before has a federal court granted the government to force companies like Apple to weaken its security system. This issue could easily be categorize seem to belong to the legislature.

The legal argument Apple is expected to use can be summed up like this: Code is protected speech, so the government can’t compel Apple to write a new version of iOS any more than it can force an author to write a story. There is some precedent that code is protected speech.[3] Proving that code is protected speech isn’t the biggest obstacle Apple faces. Core to Apple’s argument against writing a new version of its operating system is that, by complying, it will make its customers less secure.[4]

Whatever the outcome of this current case, the disagreement will have a significant legal impact for the future of digital privacy in the United States.

 

[1] The All Writ Act, 28 U.S.C § 1651 (1789).

[2] Id.

[3] David Goldman, Apple’s Case Against the FBI won’t be easy, CNN (Feb. 25, 2016 10:39 AM), http://money.cnn.com/2016/02/25/technology/apple-fbi-court-case/index.html?iid=SF_LN.

[4] Id.

 

Photo Source: https://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&ved=0ahUKEwiEsOmn0OvLAhVE1CYKHSFLA0MQjBwIBA&url=http%3A%2F%2Fwww.hdwallpapers.in%2Fdownload%2Fthink_different_apple-1680×1050.jpg&psig=AFQjCNEXjBnl83KMr6BETq-O_1FCFAO7Dw&ust=1459537843768178

Page 8 of 8

Powered by WordPress & Theme by Anders Norén