CCII 45 - ClaimsXChange Presentation: Preserving Evidence - The Intent to Deprive

Show Notes

Recorded Live at ClaimsXChange in Nashville on April 30, 2025. 

Joshua Gilliland spoke on Preserving Evidence – The Intent to Deprive with James Daley from Consilio and W. Brett Mason, Esq., from Degan, Blanchard & Nash. The seminar covered the Intent to Deprive under Federal Rule of Civil Procedure Rule Rule 37 and related case law. The session addressed the duty to preserve electronic evidence, strategies and technology for collecting electronically stored information, and the six-factor analysis to show the Intend to Deprive under Rule 37.

Have a topic you'd like Bob to cover? Submit it to questions@gpsllp.com, or connect with Bob directly on LinkedIn.

And if you'd like to know more about GPSL, check out our website.

You can also find us on LinkedIn, X, and Facebook.

Transcript

Welcome! You are listening to Coverage Counselors In, a weekly podcast for insurance claims professionals. This podcast is for educational and informational purposes only. It should not be considered legal advice. No attorney -client relationship is created or implied. For legal assistance, contact a lawyer licensed in your state. And now, your host, Robert Sallander. 

Hello,
my name is Joshua Gilliland, I am an attorney with Bob Sallander. Bob and I were
both privileged to go to full for claims exchange at the end of April. We each had
our own panels. I was able to record my panel on preserving evidence and the intent to deprive a look at Rule 37e, corresponding case law, and best practices for
preserving evidence. Here is the recording from that panel, and I hope you enjoy it.

All right, hello, everybody. Great to see you discussing the thrilling action -packed
theme of litigation holds. Let's talk about the duty to preserve. My name is Joshua
Gilliland. I am an attorney at Green and Peffer Cylinder and Lally in the San
Francisco Bay Area. I enjoy your discovery a lot. I often blog on bowtielaw .com
explaining the bow tie and loves pro and evidence so we're gonna have a lot of fun
today to my right is I'm my name is James Daly I'm a senior director at Concilio
I work really in the collections and digital forensic side I am not aware although
I do enjoy your discovery might be the reason why yeah here's my colleagues to my left I'm Brett Mason I'm with Deegan Blanchard and Nash in Baton Rouge, Louisiana. So if anybody sat through the last session, I'm from Louisiana. That's the one they were talking about.

So let's begin. So let's talk about litigation holds and the duty to preserve and
the intent to deprive. So we'll hit a lot of the high notes of the rules and case
examples and more importantly how to actually handle preservation. So this is in a
doom and gloom session. It's here's how to be proactive and yes, here are terrifying case examples of what not to do.

Rule 37E, as in federal rule of civil procedure 37E, was amended back in 2015 to address preservation of evidence. The change came about because of -- well, born out of the 2006 amendments which dealt with e -discovery. Long ago, I toured the country talking about the first rule amendments in 2006 and helping people get ready and excited for e -discovery and you. Now, Around 2009, the onslaught began of litigation hold cases. And they were almost weekly and coming out that a case would start, there would be a deposition, and questions about what did you do to save evidence would come up. And parties would rush to the courthouse saying they didn't issue a litigation hold, take away their birthday, sacrifice the firstborn child, and hit them hard with nuclear sanctions. Terminate their case. And the federal judges got super tired of that. The Chief Justice of the United States Supreme Court got tired of that. And they had the 2015 rule amendments come out addressing this head -on. Because prior to this rule amendment, it was the Wild West. People were relying upon inherent authority in courts and meaning that different jurisdictions had different
standards. And things were wacky and weird on whether or not evidence had been lost into sanction someone or not to sanction someone. And so The rule changes were to put the brakes on that behavior. So the issue is, was there a duty to preserve? Did they take steps to preserve anything? And if something was lost, is there a way to cure the loss? Or did they act with the key phrase, the intent to deprive? So we have a six -part test, because we're lawyers. We like tests.
This is what goes on bar exams and what you put into motions part one. Did a
party lose electronically stored information? Yes, or no. Yes, go to step two.
Was the ESI subject to the duty to preserve? Yes, or no. No,
we're done. Yes, keep going. Was there a failure to take reasonable steps?
Yes, no. Can the lost DSI be restored or replaced? Is the requesting party
prejudiced by the loss? And this is the one where people fall down all the time.
Because it's like, oh, that wasn't important. And finally, if yes to any of the
above, was there specific intent to deprive? Now, the first time I gave this
presentation was in Minneapolis, and I think intent to deprive would have been a
song by Prince.
So what about in here in authority? It's all gone. Courts aren't supposed to do
that anymore. And I was hanging out with a federal judge before a panel. And his
law clerk emailed in saying, here's the standard for a lost DSI.
And he emailed back to the clerk, no. You just cited law.
Rule 37 (e) is what we need to be using. And so there's this knee -jerk reaction
with a lot of lawyers to look at cases first before looking at the Code of Civil
Procedure. Because the Code of Civil Procedure has the answer. That's dramatically
decreased in the past 10 years, but it still occasionally pops up. So are courts
consistent in 2015? No.
Today, pretty much. Pretty much. It took some time, but over a decade people are
pretty consistent in following Rule 3070 as opposed to making it up with inherent
authority. So the first example dealt with audio recordings on whether or not they
were lost with the intent to deprive. So they weren't preserved. Boo -boo happened.
And since this was one of the early cases, the party said it's unfair for us to
have to follow the new rules, to which the court said, wrong, you're following the
new rules. And also pointed out the rule only limits the court's discretion to
sanction a party and how. So, the court went through the six steps. Is there lost
DSI? Yes, litigation was ongoing. The company warned its employees not to delete
data, and there were actually included recordings on their own initial disclosures.
So, yeah, this stuff is clearly relevant, and they knew they needed to save it. Was
there a duty to preserve? Yes. There had been a triggering event, they knew that
litigation was evident, and they had issued a litigation hold. Was there a failure
to take reasonable steps? And this is where mistakes were made.
The party did not suspend their data destruction policy after they had a duty to
preserve. And so no one wants to see that in a case opinion about them or their
client.
Was it irreplaceable when there was no other way to get the data? Was there
prejudice? Yes, because the data was lost and there was no way to know if it was
relevant or not. And sanctions, and they said there was an inadequate legal hold,
but there was no intent to deprive. This was just a mistake. And so the sanctions
included money's fees and costs for the motion. The party was precluded from using
150 recordings that they had disclosed and the jury was instructed that the party
had a duty to preserve and failed to do so. So that's the analysis that needs to
happen in these cases. A lot of it's going to get truncated, a lot of courts are
going to follow here are the six steps, but let's break this down a little further.
And James, tell us about how do we execute a litigation hold and preserve evidence?
So I'm sure you guys know what this model is part of. So it's really important to
have an established process. And then once you have that established process, actually
follow that process. So for those of you who are unfamiliar with the EDRM, this is
the left side of it, or the left maybe third quadrant there. Yeah, it's really
talking about identifying, then preserving, which is your kind of little aspect, and
then if needed, collect, right? This is not jumping to collection, this is not, oh
my god, we have to save everything on the company. It's identifying what is
reasonably likely to be relevant, putting some preservation action around that,
you know, and it may not necessarily be a straightforward process,
either. I mean, your workflow should be straightforward. We do A, we do B, and then
we do C. But there may be kind of like a Dallas two step there, where you kind
of maybe take two steps forward, and then over to the left, and then some new
source comes up where you become aware of some additional data. You kind of have to
go back and now preserve that data later on down the road.
I think you had mentioned when we were talking about this. Yeah, so - The question
is, is this a nice straight line? Is that how real life works? - No, it looks more
like a shrub. It's more about shrubbering, you know? It's kind of got that fullness
to it. Some circles, maybe some backwards.
And anybody who's been through this will tell you, it's, that's normal. You know,
you'll get everything down, Pat, and you'll have everything preserved that you think,
and then you'll find a custodian who keeps a hard drive in their cabinet, where
somebody's using an app that the company doesn't officially sanction, but they're
using it anyway. And of course, they've got responsive data on us. Now, you've got
to kind of scramble to figure out, what is this app? Where is it? Who else is
using it? And then how do I get this stuff into my records? Repostoring my records.
So really starting in, have a plan, have a workflow, have a process so that you
know what your game plan is when you get to this place. And then once you identify
it, then it's fairly easy to kind of just walk through the process and condones
very straightforward. - For example, who here has done deposition preparation and you
think you've collected everything and then the future opponent says, "Oh yeah, we
save all of that on this D drive." And you go, "What?" When we said we wanted
everything, there was no discussion of the D -Drive. And then you have to do
collections again and go through this process because they didn't mention that in any
of the prior interviews. So, like, that happens. That's a real -life factor. That's
not an intent to deprive. That's an ugly surprise. Brett, let's talk about some of
the more recent case law. >> Sure. There's a recent case out of the Middle District
of Florida from February of this year that dealt with whether the party had
requisite intent or not and involved storage of video footage and whether there was
an intent to destroy it or keep it from the other side. It focused on Rule 37,
which, as Josh talked about, is really the cornerstone of all this analysis.
And this one, again, the party was entitled to sanctions only after demonstrating
that the information was lost because the opposing party failed to take reasonable
steps to preserve it. So there is - An interesting question in all these cases of
whether or not being grossly incompetent can amount to the intent to deprive.
I would say there's a split of authority. If the judge is super irritated, they
will find it. If they're not irritated going like this was just a huge comedy of
errors, they won't find that intent. So again, it varies on the judge, the
credibility of counsel, and what actually happened. - Josh, does this apply only to
electronic evidence or does it include ropes and chains and stuff like that?
- Rule 37E only applies to electronically stored information, so the old rules about
paper technically should still apply, but how many of you have clients living in
1985 still. You know, it's very few.
Not many. So the the question about like how many judges know what's going on.
So these cases are handled by magistrate judges almost exclusively. They're the front
lines of this. A lot of magistrate judges range in age from on the younger side in
their 40s. These are folks who know how to program Netflix,
understand how their phones work, and they were litigators who handled the discovery
cases. So like they were in a generation that understands how this stuff works.
So let's talk about another video case, and that was the deletion of video in the
normal course of business, which is one of the newer cases that we have, because
again, they're happening all the time, and Brad, if you can mention the trend that
was actually really strange to see on timing. >> I don't know.
>> You lost me. >> Well, the normal course of business is this accident happened,
and it was -- it's a prisoner case, and it was from the Northern District of
California,
and the video was just deleted in the normal course of business because there was
no duty to preserve. So there's no reason to sanction anybody because there was no
duty to preserve, thus there's no intent to deprive. That's just the normal course
of business. But when we were doing the planning of this, there's a bunch of cases
from 2016 and 2017. And then there's this weird wilderness period.
And then they start picking up again in 2024 and 2025. And I,
that's just curious. I I don't understand why that's happened. But it's just a
fascinating trend in some case law because you would expect 2018 and 2019 to have
the same amount and they don't. So we have an employment case that came up and
that was a party seeking sanctions under Rule 37 (e) and the court once again just
goes through the basic requirements. requirements, reaffirming that, you know, it's
listed as as three steps instead of six, but it's still the same attack on how to
handle these cases of, was there electronically stored information? Was it lost? Was
it relevant? Yes, no. And if it was lost, was there somebody intending to get rid
of it?
Go on. - Yeah, this next case is a case out of New York. It's from 2024. It gets
into a situation where the attorney learns they're in a deposition that certain
things were deleted or destroyed.
And his argument was they should be sanctioned and they exfoliated evidence this,
that, and the other. The problem the plaintiff had, or the party that was moving
for the motion had was they didn't know whether the information that was destroyed
was even relevant to the case. So that's certainly something that needs to be there.
It can't just be like, hey, they destroyed that they just destroy emails. It's got
to be more than that. Yeah, the court actually said this is just pure speculation.
It was, you know, wish fulfillment of being able to say that again, turning back
the clock to the 2009 time period of it's lost, sanctioned these guys,
and the court said, "No, like you haven't shown any indication that this was
relevant, give me something to look at." So let's talk about forensics in need
discovery, which we're going to have a lot of fun with this. Take it away, James.
>> Well, I have a lot of fun with this. I don't know if everybody's going to have
a lot of fun with this. One of the keystones that we kind of rely on in forensics
is documentation. You want to have a provenance for your data, regardless of where
you are in the process. You want to be able to trace that data back to the device
that it came from. So with something like a, you know, you start normally with a
chain of custody, right, which is a form that is generally filled out when there's
a change of custody your control of the device. So say for instance I'm going to
image a cell phone. I walk up to the custodian, they hand me their phone, I'm
going to hand them or have them sign this document that says you know I've turned
my phone over to James Daly, here's the phone, we're going to identify the phone
itself, and then when I hand my phone back we kind of do the same thing in
reverse, right? And really what that does is that it maintains that that unbroken
chain of where that data has been where it originated to where it ends up being
when it kind of gets produced. We can look back through this documentation through
this chain and find out everywhere it's been, every person that's touched it. So
once I get that data in -house, once I get the data in my hands and I hand this
phone back, then there are other ways that we document this process of what we're
doing with the data, whether we're converting it to a different format or we're
doing some searching or culling in it and every bit of that all these searching and
culling operations whether it's with phones or email or doc you know other computers
hard drives everybody that's documented for instance with as Josh was was talking
about earlier today we were you're talking about Microsoft Perview which is kind of
the Microsoft Online, the N365, they've got a lot of documentation now that they're
coming out with and that they're putting out there for use when you have e
-discovery searching that you need to do. It'll document the searches that were done,
who did them, the date and time, the results. When we're collecting,
say, web mail or personal email accounts, things like that, we use special forensic
applications that do this, and they'll also, and we also save the logs along with
the data, the logs will identify the person that was using the computer,
the credentials that were used, what criteria, if any, were used to collect the
data, how much data was there, if there were any issues, if there were emails that
were not captured because of some reason or another. Same thing with hard drives.
We'll get a full list of all of the files that were open or that were unable to
be copied. And these are things that are important to carry through this entire
process to say whether or not you got everything. And if you couldn't, why not?
- And one thing to keep in mind is a lot of things store electronic data. I mean,
a truck, a car, the internet of things, an alarm system.
So There might be things that don't come to mind. You're thinking of email, or
you're thinking about letters, this, that, and the other. But just keep in mind,
there's a lot of things that have a lot of data.
And you should look into getting that data if you think it's relevant. Yeah, your
refrigerator can have relevant, electronically stored information. Be a weird case,
but it could
>> Well, if it's got a sensor, say, to determine if there's water in the intake,
right, which is one, it's common one, you can tell the house was flooded if there's
also water in this. There's ways you can use that data that weren't intentionally
put in there, but you can use a lot of those for off -label. >> Or the app
-enhanced dryer, and you have a house fire, being able to pull that data to say,
was the dryer the cause of the fire. So again, you have to be creative with this.
The other-- collecting data, we don't want it to sound magical. So a lot of
companies use Office 365. Because of, for years,
emails the heavy backbone and electronically stored discovery disputes. Microsoft built
in a collection tool. So in the old days, you would have a collection expert using
something like FTK or NCASE to go out and pull email. That's changed a lot in the
past, I would say five years, where they actually just log into the corporation's
Office 365, run their forensic searches, export out the relevant custodians and data,
and they get a search term report that can say what terms were used,
number of hits, and can actually, I just did this, have an index of 50 ,000 email
messages so you know what you got that you then put into a review application.
So, but that's just on the email side. And there are other data sources or getting
the, For example, if you had somebody with Gmail or Yahoo Mail, would you use
something like Aid for Mail or some other product to pull right from the web? Yeah,
you would use Aid for Mail or forensic email collector or any number of
applications. And those are the ones that I was talking about before. They actually
inherently build in their own logs that when you're finished collecting that data or
that email account, it'll give you right in front-- as you're closing out the case,
it will kind of provide you with that log. And it'll say, well, we pulled 15 ,000
emails from 75 folders. And if you were the date ranges that you put in place,
and it'll tell you every bit of that. And it'll tell you how many emails there was
an issue on, how many times I had to restart, all that information. Because it's
very-- it's vital to know that, A, you're collecting everything. Because you're
dealing with huge data sets. You talk about emails. You can easily put a million
documents without really breathing hard, especially in a corporate tenant, like
Microsoft 365.
You hit somebody with maybe a thousand custodians or I'm sorry, a thousand email
accounts, right? You could very, very easily hit a million documents with that,
because not only are you getting email, especially with Microsoft, you're getting
something like Teams. If they have it turned on, you're going to be getting the co
-pilot, the AI information because all of that now runs through once through the
email box. So when you're pulling someone's email box, you're pulling their teams
data, you're pulling their calendar data, the contact data, their actual email,
Microsoft Copilot, all of their prompts and their search history, whatever you've got
turned on.
I wouldn't even go into modern attachments because I'd like to keep everybody here
happy. >> Let's talk about hyperlinks and scare them. >> So next slide.
Okay. Well, we're on the topic though. You know, some of this is going to depend
on the size of the case, obviously. Yeah, proportionate. If it's a small case, it
might not justify calling people like James to get involved. But one thing to keep
in mind is you want to be able to say at the end of the day that the reason
that you did it correctly was because it was worth spending the money. You don't
want to have it done improperly, in -house, buying insured, and then find out down
the road that they didn't have an evidence trail of who took the stuff off,
how it was taken off, this side and the other. To highlight when it comes to
collection
that this workflow has more than one search, so you're going to have a forensic
expert search for collection, and their search is going to hopefully be broad to
catch a lot.
When you actually get to the document review stage, you're going to be doing
searches on the data at that point as well. There's tools out there that can help
on the forensic side. One that I saw that impressed me was one called ONA,
that's now owned by Reveal. And it was the first collection tool I had seen that
had built in predictive analytics. So 15 years ago we would say technology assisted
review. 10 years ago we would say predictive coding. Then five years ago advanced
analytics. Now we're saying AI. It's virtually all the same thing. And so it's
marketing departments being lazy. But what -- because there's different flavors of it.
Whether it's a continuous act of learning or -- which is it's learning as you do
the review. But what Ona did on the collection stage was if you said I want all
of the rental car agreements, and you gave it one example of a rental car
agreement, it pulled all of them.
And so if that's the type of dispute that you have, knowing that this is the data
that we need, something that deals with this contract or this patent or this
pharmaceutical drug, that can expedite collection so you don't drown heavily in all
the collected data. So that's the fun side of it, that you can do this,
don't be afraid, but let's talk about some scary case examples. So this one was
wild, and there was motions for sanctions for the loss of a laptop, loss of an
external hard drive, loss of an iPhone, because if that happens once, you could go
like, hey, I went river rafting, The phone was in its watertight bag. I went
overboard, lost the phone. Like, you could walk that off. You could explain that.
When it's three of them,
the judge is going to get a little suspicious. So in this, the defendant discarded
his laptop saying it was malfunctioning, but he also admitted, yeah, I did use it
to access Dropbox to get get to the other side's data. So it was like an IP type
case. But the laptop doesn't work anymore, so the data is gone. And the court's
like, likely story, because I'm going to say that you clearly acted with the intent
to deprive to get rid of that laptop. There are case examples where laptops have
gone out windows. Courts don't like that. The external hard drive that came into
place. He claimed he deleted the data on it. So again, the court's like, yeah,
that's intended to bribe. And there was a fishy story with the iPhone on. Like,
yeah, I just lost it. So sanctions end up getting issued along with adverse
inference instructions on the willful loss of the laptop and the external hard drive.
Because nothing goes over like filing the jury, they intentionally destroyed this data
and it would have helped the other side. So you want to avoid being that lawyer.
The DVCOM case was one of the other ones that's out there because whenever you have
a party that has given them himself a nickname and it's the godfather of technology,
nothing good will happen,
except I get to make Godfather puns now. So he said, hey, all this data was lost
because I double deleted it. And so putting aside double secret probation, a computer
forensic expert was able to find remnants of what the guy claimed he destroyed. And
it highlights, don't betray the duty to preserve. And I will do you this favor on
the day of my daughter's bar admission, that the more intentional the destruction,
the more the reliable inference that the data would have helped the moving party.
And so that's a really bad adverse inference instruction for a court to be looking
at. The court found that the plaintiff acted with the intent to deprive, and going
for the jugular said that I find this by both clear and convincing evidence and a
preponderance of the evidence. If you say clear and convincing, that's also going to
include preponderance. The judge was mad to say both.
So yeah, so there were other findings of just being a very bad,
bad person and destroying this data and the abuse was cured. And again,
I stress the word the court used was abuse.
been told not to. It's kind of simple, but some people don't really follow
instructions. In fact, they deleted evidence,
they deleted documents and elements from an online platform called Onshape.
So if they're destroying stuff, they might be destroying other things that you're not
aware of. It could be that they're destroying things online that just be aware of
that. They could be destroying other things, and that's easy to prove intent when
they're destroying more than one thing. And James, the online repositories,
because there are people who have different online tools that then can have weird
possession, custody, and control issues per preservation, can you tell us about how
do you attack something like this? - No, so that's true. And I kind of look at it
in two different ways. Either you have an online repository that is designed to kind
of store data, you know, like think your Dropbox or Box or, you know,
iCloud files, right, where you store something there, or there's a, Or there's some
communication or transmission of messaging, right? So think Facebook Messenger.
And the reason I kind of split those in is because the true data itself, the data
you may be going after, may reside either in the cloud itself or partially in the
cloud and partially on your device. Something like, I'll give a good example, the
iPhone, if you look at your text messages. As long as you're connected to the
email, You're going to see all of your archived text messages going back however far
back you've had that Apple account Put in an airplane mode and turn off your your
internet and if you scroll back far enough You're going to start to see where
you're not actually getting the full text message You may get a stub or you may
get a header And that's actually because those text messages reside in iCloud and
that's for every single iPhone Whether you've turned iCloud or iMessages in the
iCloud on or off or not It's going to have some element of that communication
that's stored in the iCloud maybe entirely maybe just partially But it's going to be
there. So you can use that as a backup You you can use it as a forensic
collection backup, right? If if somebody's phone is not working properly in these
sites that just throw it out the window Maybe you can kind of go there and get it
Yeah, that was the key point is if my computer is not working or I get rid of
it.
But you can certainly use these different platforms in several different ways.
Just understand that the data may be dispersed, and it may not just be where you
conceptually think it is. Along those lines, a lot of times time is of the essence,
especially if you're dealing with cell phones, because you might have three or four
different Contractors out on a job and something horrible happens, and you know they
all had video of it By the time they get to pose they've got new iPhones.
They've lost their phone. They've destroyed their phone You name it While some of
it's in the cloud If you want to get the evidence off the phones the sooner you
get it the better off you're going to be let's talk about phones and mobile devices
because that hasn't been in the news.
And so there's a firm role messaging, which is apps out there that can self
-destruct after a certain amount of time or they're never saved. And there are cases,
and there's a couple out of the Northern District of California, where the parties
were under a duty to preserve, and they started using either WeChat or WhatsApp to
circumvent the duty to preserve. The judge was livid because -- and he found the
intent to deprive because they were trying to have this back channel conversation for
subject matter that was relevant to the lawsuit and they were using these apps to
make sure that it didn't -- they weren't saved. That's the intent to deprive and
and Again very angry article 3 judge throwing the hammer down now You can have the
Secretary of Defense do something like that How do you go out and then grab that
data? So yeah, so this is a really really critical point especially when you're
dealing with with cell phones One of the key factors in with mobile devices is that
you can have data that self -deletes or self -destructs without additional user
interaction. So if you look at your iPhone now, if you look at their settings,
you're going to have an expiration date of your text messages. Most of the time
it's by default set to never delete, but people can set that up for nine days, 30
days a year. And if you have a policy or if you've had a habit of maybe sending
your phone up to self -delete. And all of a sudden, you've got relevant data. You
need to know to either change that, or kind of go there and manage that
configuration setting. Now, something like Signal, which I know has been in the news,
WhatsApp as well, part of the feature of that software is that there is self
-deleting aspects to it where you have a conversation and you have a variable time
limit that that conversation will be out there. Once those are deleted, they're gone.
Maybe there's this very small chance that you cover something, but those messages
will self -destruct as the saying used to go. You know, so really what you need to
do is either get, you need to collect those as close to that time as possible. You
can use screenshots, you can use something like Celebrate Premium, which is a, you
know, a fairly high -end Forensic software that will go in and actually has the
capability of collecting signal from a from a live device Same go telegram There's a
lot of different messaging software out there. That's either by feature or by intent
used by people to Have these conversations of this data Disappear whether it's drug
users, you know in the you know earlier in this in this decade where they do
something like Wicker where you know you can actually have a variable setup you can
have some messages self -destruct in as little as 30 minutes or it's open once and
it's gone. So there's a whole lot of creativity in this in this realm of secured
messaging. James if I were a judge and one party wanted to get the other party's
cell phone understandably there's personal things on your cell phone, is there a way
for you guys to like only search a certain part of the cell phone or do you have
to image the whole cell phone? So that's a really good question and that comes up
I would say on virtually every time we've got to collect the cell phone.
So the answer is yes and maybe. There's software out there that will, now I sound
like a lawyer, don't I? Yeah, You're learning. We have software out there that can
kind of hone in on certain applications, whether it's WhatsApp or iMessage or Android
Message. And it will allow you to collect just the data between certain date ranges
or just between certain parties, which is really kind of cool. But if you're outside
of the kind of narrow window of applications that that supports, you may have to
collect the entire device, right, in a worst -case scenario. And actually, that used
to kind of be the go -to probably about five years ago. That was like the go -to
options. You had a cell phone, you just imaged the whole thing, right? It's a
couple hours, you're over and done. What we actually do in -house with Y Business,
and I know a number of other you know, organizations and others out there will do
this, is we'll collect the whole phone, that's what we have to do, And then we'll
pair that back, we'll open it up, and we'll, working with the attorneys, and with
the custodian generally, we will either have an inclusion list of here are the
relevant parties that we really want, or we'll have an exclusion list where it's
like, hey, here is a list of friends and family members, or the immediate family
members of this person, of these personal communications that we wanna get rid of,
that we don't wanna include in the searching, in the review platform. So we have
this intermediate stuff where we can open up that image that we've taken, open up
that collection, remove the undesired communications. I mean, frankly, you don't want
to be spending money or time reviewing conversations between a person and their
spouse, or their significant other, or whatever combination of that that you want to
look at.
And I'll leave this as to why. But the number one concern that I get from people
is, but I have pictures on my phone. Everybody says pictures of their kit. I'll be
honest with you, I have pictures of my kit on the phone. Okay.
With iPhones, especially because it has the iCloud, there are ways that we can
actually collect that phone without collecting the pictures themselves. And also in
all of the person's, you know, rejections go But you can use the iCloud to download
a backup of that, and you can do it in such a way that you don't necessarily make
a backup of the photos, kind of a one -time backup. So there's a bunch of different
options out there that you can do.
Actually with my company, I kind of front a lot of the phone collections we have,
whenever you get a very difficult custodian, you know, myself and one or two who my
colleagues will really be the person on the other of the phone talking to them. And
this is one of those things that's a fun challenge because it's, from a technical
perspective, this is what we can do and this is what the client wants us to do,
so how do we need to arrange this in such a way that we can get to what this
person wants and kind of assuage their concerns, which are generally legitimate,
right? There's a lot of information in the phone we don't really need that may not
be relevant but that we're going to collect anyway just because that's what the
technology demands of it. So you know it's finding a way to kind of reach that
middle ground.
And when you're going through that analysis of what to collect and what not to
collect there might be things that you're not aware of like photographs on an iPhone
will have some some will have geographic location of where it was taken, when it
was taken, and you might not want to look at the photograph itself, but you might
want to know where they were when they took the photograph, and what time it was
taken, and that sort of thing. So you might want to ask the expert if they can
collect photos without looking at the photos, if you're trying to mine the data for
location or time and >> Well, in any PI case,
you're going to want the photos, because most human beings are going to take a
picture of the accident that they were just in. They'll take a picture of the
fender. They'll take a picture of where they are to highlight that accident, and
that's the type of photo that you would want. So, we'll quickly go over this
Alabama aircrafty Boeing case. And the punchline is,
if you are, You know in the middle of a lawsuit you should not try to hoodwink
the judge Because what Boeing did in this case was say your honor we just thought
there was a bid dispute We didn't think we actually had a duty to preserve data
and and the court said shenanigans very quickly and said For everything that was
before 2006 you clearly acted with the probably this data, everything after 2007 you
did not. This gets into issues of what's reasonable steps. And since we're short on
time, we're just gonna get to big best practices and we'll kind of build in
reasonable steps here. But with any litigation hold case, you need to identify the
triggering event. Is there a duty to preserve? Do you reasonably anticipate
litigation? And there can be some variance in different districts across the country
of what is reasonably anticipated. But if you're planning to sue someone, you have a
triggering event. If somebody says I'm gonna sue you and burn your company to the
ground, you have a triggering event. And so sometimes it's a nice clear line. Then
the harder part, this is the artistic part and tech part of define the scope of
the duty to preserve. And that's where you need James, Brett and myself to figure
out what's the time period, what kind of people are involved with this,
is it like the toy at a break case, they did not image the computers for all 50
,000 employees, they went to the people who worked on the breaks and senior
management because those were the individuals that were relevant. What devices need to
be collected? Are we dealing with phones? You know, today's phones have more
computing power than the lunar module, okay?
We're not going to the moon with these, but still what needs to be collected. And
then what other data sources, you know, are we dealing with cloud data? And a lot
of us, for us the answer is yes now. So identifying what needs to happen is key.
Now let's talk about showing the intent.
Did is there gaps, you know, like is there some nefarious conduct here that comes
up in a deposition or other discovery responses? And even if there's no intent to
deprive a Lawyer might have acted unethically Nuss not necessarily intentionally,
but they might have a malpractice issue or get reported to the state bar for being
woefully inadequate when it comes to document preservation so it might not be intent
but it can still be something that can harm a lawyer's career. And along this lines
you know disciplinary counsel in various states might even look at electronic evidence
as you have to be reasonably capable of handling the lawsuit and if you don't
understand this, that might be grounds for them to come after you as well, because,
you know, you're not supposed to handle cases that you don't know enough about.
Yeah, for the last 19 years and doing new discovery presentations of frequent
responses, I plan to retire soon. Well, again, it's been 19 years. No,
like this is the world that we live in. We have to be confident with this. And if
you are watching Netflix And you keep watching World War II documentaries and you
keep getting in your queue more World War II documentaries. That's predictive
analytics. That's learning your behavior and giving you similar responses. That's what
document review can be today and that's what collection can be as well. So be
familiar so you know how to attack this. One Josh, one question I have is You've
talked about rule 37 of the federal rules, but across the country Do you see courts
applying either states? Waliation rules or using their inherent power to try and
force what they want to do so I don't I don't follow all 50 states and US
territories anymore, but I've seen a lot a lot of states mirror the federal rules
Some states go out on their own. There was a California case that dealt with
spoliation. And while it wasn't exactly the same type of analysis that the federal
courts had, I dealt with Mercedes -Benz cars and data that was not saved.
So they got a similar result from bad behavior. So again, the results vary.
But the federal rules have really thought about this and states vary
Thanks, so so with that questions Was this scary?
No,
so so it depends. What do you mean by AI and what?
>> So there's the concept of the AI agent that can be trained to go out and
collect. I'm not sure what forensic technology is using that yet. I only heard Kat
Cassidy talk about it recently. And the issue is how do you train it?
And This is the same type of discussion that we had in the early days of
predictive coding that is how is the model trained to go out and identify relevant
information? And does it learn it just once or does it keep learning as you keep
going? And as we learn, technology will only improve,
but you have to know how to use the hammer in order to pound a nail and you
don't want to pound a screw with a hammer. So, I have confidence things will keep
getting better with the different type of tech and maybe I'm a little wound up in
saying what do you mean because too many people use the shorthand and a lot of the
e -discovery companies are very bad at abusing the term AI and not Defining what
they mean by it. Yeah spell checks AI So what do you mean by AI?
Yeah, and there's a there's a huge broad gap between Something we were talking about
this before about you know predictive analytics, particularly coding tar that was AI
in 2005 right that's they had come out with it and then you jump out to now and
you've got companies that are coming out with, you know, agentic solutions where
you're actually training your LLM on your own data, right, and it's kind of self
-reinforcing, self -replicating, which is a really powerful tool for you to do that if
you've got long -term or long -horizon projects. And then you have other companies
that'll use AI, and it's, you know, there's a modicum of intelligence on the
software, and they put the sticker on it, and they >> Yeah, we did -- I told the
story once. It might have been our small group, but we had 250 ,000 sales records
that we got in discovery, which sounds like a lot of fun for document review. And
we had the service provider build in a plug -in for a limited chat GPT because we
didn't want client data getting uploaded for public use and it went through the date
ranges and summarized the invoice numbers and the shipment locations because we could
train it to look for those things and it found 150 out of the 250 ,000.
That's an easier number for us to do motion practice with, and depot prep with, as
opposed to slogging through all of those records. Well,
Josh, when you have a case with a lot of electronic data, does it normally get put
on a platform or a third -party vendor hosted, or how does that work? I hope to
God it's in a platform. Trying to do this the hard way, we'll just put 250
thousand records on an external hard drive and you kids have fun looking through it.
How are you collecting notes? How are you doing any searches? Because all of that's
lost. Yeah, all of that's lost. So if you're using a review application of any
kind, there are basic ones that just have basic search capabilities. And there are
the advanced ones that you can create, like iConnect has the ability to create a
model saying like here's a smoking gun document, go find me more of these. You have
things like Everlaw and Relativity that have different forms of predictive coding that
you train it for what it can look for. You can also train the tools,
they have generative AI plugins, so it can do basic summaries, but you need to
teach it how to summarize. So you don't get weird things that are relevant. It's
like that summary is not relevant. Like with my podcast, Buzzsprout has an amazing
AI product for doing the transcript summary, or excuse me, doing the transcript.
It sucks for doing a summary. It's like that's not what this podcast is about.
I'm going to write it myself. So again, you have to be aware what the tool can
do. Can it help level playing fields? Can it help? Yes. But you have to know how
to use it. Are there advantages to having one platform or the other? If you're in
a big case and the plaintiff wants to use one platform, but you're familiar with
another or there's competing platform providers that are in play,
how do you sort out which one the court is going to use or that the parties use?
There's this wonderful concept from contract law called fancy taste or preference and
that plays a heavy role on like What are you good at using and what are you
comfortable with and what you know? There are products that I can make dance There
are other ones where I'm pushing a boulder uphill because my brain just doesn't like
it And so you have to lean into those factors I'm also a big proponent from this
is in case law, and it's also in the Sedona Conference, that it's the producing
party's right to use what they want. That doesn't mean that they get to be
derelict. That means they have to do a production correctly. And if it's inadequate,
that's when their review methodology can be challenged, but that's not the default.
The other side doesn't get to approve what review platform you use. That's like
saying, No opposing counsel. How dare you use Westlaw? We are a Lexa shop Doesn't
matter that's the other law firm and they can use what they want to do their
document review as long as the production is reasonable Perfection is not the
standard, but that doesn't mean that they can be cavalier and commit errors that are
grotesque Does that answer it does okay, but but another question for you is?
Do you have to produce all your electronic data or can you just do you have to
produce native files? How do you go about selecting what needs to be produced? So
this is where we get to talk about rule 34 and The answer is you should produce
what's relevant and proportional to the needs of the case that are responsive to
discovery requests or support your claims and defenses that you have identified in
your rule 26 a initial disclosures, like those are the standards. And producing
everything with a document dump, judges hate that. That generally doesn't play well.
But you don't want to be hiding anything either. And so you need to go, what's
this request for production? What's responsive to said request? And do it that way.
So There are those who believe in, and again, there are some people who have very
bold thoughts and we collect, we run it through the system for anything privileged,
we have a clawback agreement and we just hit them with everything. I'm not one of
those guys, but there are people who are and there are some of the big tech
companies that are comfortable with that mindset.
Thanks.
Any other
>> So as you can see, this is how I like to have fun.
I also do legal panels at Comic -Con because I do that. I'm not the only one that
likes superheroes.
So with that, if there -- I think we're -- you know, we started at 2 .15?
>> 2 .3. >> Okay, so -- >> I think we're going to end a few minutes. >> Okay. >>
Absolutely what he's trying to say. >> Two minutes back. >> Okay, so that's
phenomenal. So we're actually ahead of schedule. Does anyone have specific questions
and it can be e -discovery? It could be Star Wars go go ahead be about the bow
tie. Yeah
Wow
What's different about Co -Pilot that makes it more safe than, say,
like ChatGPT, or at least from their perspective, why would they be very clear on
this one? Absolutely nothing. It's Microsoft's version of Co -Pilot. It's based on
ChatGPT because they had a relationship with OpenAI until very recently. It's been
partially developed by Microsoft in -house and they of kind of trying to build that
into Windows 11 and to all of the other Microsoft tenants out there. I know there's
a big uproar in the tech community about the increased subscription costs because
they kind of bundled a 30 % increase with co -pilot and said, "Hey, you're getting
this "and you're gonna pay us for it." There wasn't a question, it was a statement,
right? So a lot of people weren't very happy with that whole concept of things, but
be it as it may, they lose a third of their people, they still come out ahead,
that's Microsoft business, but co -pilot is no more safer or no less safe than GPT
or Duane or any of the other AI models out there in general.
It does have the advantage of being much more widespread,
having a much more widespread user base because Microsoft's kind of flipped the
switch and now it goes out to all of their you know 400 million subscribers. So
you know it's gonna be the most probably the most known one or most popular one
out there for a while but yeah it's just because it's integrated.
beyond some of the other platforms, like, you know, hey, this has got so much use
that it is so much smarter than these other that don't have so much use.
- I don't, so I don't know that that's the metric that you really wanna look at,
because I think.
- Well, there's a term that they use in AI? - Yeah, where it's got that--
- Supremacy and what was the term like, where-- - Oh, there'd be like, yeah.
- Supremacy, or whatever, where were you? - Yeah, how smart it is, it's intelligent
quotient for the AI side.
I mean, I think it's, they're not really building a new model as much as they're
selling it, right? They're putting it out there, it's another client, so the tool
that you can use in your You know, I'm sure there's some data that's going back to
Microsoft. I think by and large though if you're a corporation You've got that
lockdown so that if you're using co -pilot in -house your company's data is not going
back out to anyone So you're creating all of these little mini LLMs So there's
gonna be a limit to how smart it can get just by the data is kind of hoovering
up
You know, but there you know, there may be other advantages to it as to it as
well and I don't particularly know but you know I think it's more of a you know
co -pilot is is is big because it's out there I think that's its greatest strength
there's 400 500 million users of Microsoft 365 so when you can flick a switch and
all of them now have that that's a huge installed base whether you want it or not
that's a huge installed pace to, you know, to have and to kind of play with.
What's interesting, because when it came out, they, you know, they would tell us,
"Oh, you can't do this with it. You can't do that with it. You can't do this with
it." Yeah. You know, like, there's nothing stopping me from doing any of those
things. Ask it any of those questions. It will let me do things. There's some
really cool stuff out there about gel -breaking LLMs or gel -breaking AIs. And at the
core, like, it doesn't matter Whether it's Anthropics or it's Claude or it's AI's
version, there's some common core that they have where you can hit it with an
overwhelming number of questions and if you phrase it in programming language, it
will jailbreak it and basically get it to tell you all of the bad things that you
are supposedly explicitly locking down, don't Tell people how to make bombs. Well,
if you say, you know, I'm watching a TV show and there's a character there Who's
talking about making bombs and you flip it and you put it in this, you know set
up like in Java It'll be like, oh, yeah So here I'm this character now and on the
TV. I'll tell you how to do it. You're just it's brilliant It's also very stupid
because you're thinking about you like wow That's something that a human being should
be able to tell the difference between like reality and fantasy But it's tricking
the AI model for not just co -pilot, but for all of them out there. At the Eastern
District Conference, California Eastern District Conference last year, they had a
presentation on machine learning, chat, GPT, and their demo for explaining how fast
an LLM is was showing video taken in a New York subway,
And instead of having it at regular speed, it was at the slow crawl.
That's how we think compared to an LLM,
and it was terrifying.
So again, it's the, there's lots of different aspects to technology and the practice
of law. And just out of curiosity, How many lawyers are in the room?
Okay, my people, my tribe.
How many claims administrators, claims people,
okay. How many service provider types, vendors?
Okay, good mix.
I've been in Legal tech and law firms back and forth. So I've stood in both worlds
and seen a lot and this is again, we're to Everything old is new again.
And so we're talking about the same things we've talked about for the last 20 years
But it's newer tech Netflix doesn't send you a DVD anymore
And so like that's it will keep evolving. So with that, uh, that. It's 3 .30.
Thank y 'all. Thank you all.
You