A Civil Procedure Car Crash

A short Civil Procedure Overview: 1) A protective order must correspond to a discovery request; and 2) A motion to compel needs to have an underlying request. 

In an auto-recall case, the Plaintiff had produced 1.79 million pages of documents in discovery, plus an additional 84,000 pages of documents from the Japanese non-party parent company.  Nissan N. Am. v. Johnson Elec. N. Am., 2011 U.S. Dist. LEXIS 16022 ( E.D. Mich. Feb. 17, 2011).

For the tone of the opinion, discovery sounded as smooth as a student driver learning to drive a manual transmission up a hill.  On ice.

As we go into first gear, the Plaintiff was initially ordered to supplement its discovery responses to 1) identify the sources of ESI it did not search because of undue burden; 2) why the ESI was not reasonably accessible due to undue burden and cost; and 3) an estimated of costs and associated effort in retrieving the electronically stored information.   Nissan N. Am., at *2. 

Shifting to second gear, the Defendant claimed the Plaintiff’s supplemental discovery contained misstatements that undercut the sufficiency of the Plaintiff’s preservation and production of ESI.  Nissan N. Am., at *2-3.

Seeking a tune up to the Plaintiff’s production, the Defendant tried to informally communicate with the Plaintiff to cure the alleged discovery defects.  The Defendant asked (not in a discovery request) to produce the following to comply with the earlier Court order:

(a) A data map to show what data is stored on each of Plaintiff’s systems, who uses the systems, the retention of the data stored and where and how the data is backed up or archived;

(b) Document retention policies;

(c) Tracking records and/or requests for restores; and

(d) Backup policies.

Nissan N. Am., at *2-3.

In what conceptually could be making a right hand turn from the far left lane, the Plaintiff filed a Motion for Protective Order, claiming the Defendant’s informal request 1) sought discovery from “not readily accessible” systems and 2) demanded “broad and duplicative searches” of custodians whose data had already been collected.  Nissan N. Am., at *3. 

Plaintiff’s Motion for Protective would deny the Defendant the discovery of the following:

(1) Discovery of system-wide searches of Plaintiff’s systems and custodians beyond what Plaintiff has already provided;

(2) Plaintiff’s “not readily accessible” sources identified by Plaintiff, including backups;

(3) Plaintiff’s record retention practices or disaster recovery backup policies;

(4) Plaintiff’s tracking records and requests for computer restores to IT and vendors; and

(5) A “data map” to provide information on all of Plaintiff’s systems.

Nissan N. Am., at *3-4. 

The Red Light on Additional Searches

The Defendant argued they did not request the Plaintiff conduct additional searches, but wanted confirmation that custodians were searched involved in the recall or identified in the Rule 26(a)(1) initial disclosures.  Nissan N. Am., at *4. 

The Court held that since the Defendants were not seeking additional searches, but only confirmation, the Plaintiff’s motion for protective was denied on this issue. Nissan N. Am., at *5.  In the words of the Court: 

Since Plaintiff claims to have searched the documents of its key custodians and states that it has already produced all relevant documents for all readily-accessible sources, it should be able to provide this confirmation without significant effort. Presumably if Plaintiff did not search the computer systems of all or some of these forty-one individuals it can provide justification for its decision.

Nissan N. Am., at *5. 

Back-Up on the Back-Up Tape Argument

As for the back-up tapes, the Court agreed they were not reasonably accessible; however that was not the issue.  The Defendant asked for the Plaintiff’s back-up policies, tracking orders and requests for restores.  Nissan N. Am., at *8.

The Court found no basis to issue a protective order of the Plaintiff’s back-up systems when there was no request for the information.  Nissan N. Am., at *9.  Moreover, there was not good cause for a protective order over the Plaintiff’s policies.  Nissan N. Am., at *8-9.

Asking for Directions: Data Map & Rule 26(a)(1)

The Plaintiff’s request for a protective order to not produce a data map was an argument that could not be jump started.  

The Defendant’s request for a data map included identifying what data was located on different systems, who used the systems, data renention, and back-up information. Nissan N. Am., at *9.

The Court denied the protective order on Rule 26(a)(1) grounds.  As the Court explained

In order to comply with this mandatory disclosure counsel must become knowledgeable about their client’s computer systems and ESI at the onset of litigation. Hence, Plaintiff’s counsel should have access to information from which it could readily discern what data is stored on each of Plaintiff’s systems, who uses the systems, the retention of the data stored and where and how the data is backed up or archived. Plaintiff has not shown that it is in need of an order protecting it from annoyance, embarrassment, oppression, or undue burden or expense related to Defendant’s request for this information. The Court will therefore deny Plaintiff’s motion as to this request.

Nissan N. Am., at *9-10.

Spinning Out on at the Finish Line

Both parties essentially lost the race over the motion for protective order and the production of discovery.

First, the Court found the Defendant’s accusations of spoliation and unethical discovery practices to be unsubstantiated.  Nissan N. Am., at *10. 

Secondly, the Court found the informal discovery requests were separate from the prior Court order.  As such, the Plaintiff did not need to produce any of the informally requested information, which was only before the Court on a Protective Order Motion.  Id.

Bow Tie Thoughts

Effective pleading and motion practice are extremely important to e-Discovery.  A party must be sure to specifically request the desired information before bringing a motion to compel for that information.  Additionally, a party opposing production and seeking a protective order must actually oppose the specific request, not go on a related, but not requested, tangent.

Fashionable Sanctions

When sanctions are issued in Chicago on St. Valentine’s Day, you can imagine how the losing party might feel. 

The Defendants in a sexual and racial discrimination, hostile work environment, harassment and retaliation case did not properly preserve evidence or respond to specific discovery requests.  Northington v. H&M Int’l, 2011 U.S. Dist. LEXIS 14366 (N.D. Ill. Jan. 12, 2011), hereinafter Northington 1 and Northington v. H&M Int’l, 2011 U.S. Dist. LEXIS 14378, 1-2 (N.D. Ill. Feb. 14, 2011), hereinafter Northington 2.

The failed preservation can be summarized as 1) the failure to issue a litigation hold; 2) failure to direct individuals to preserve ESI in their possession; and 3) failure to follow-up with custodians on whether they preserved ESI or other relevant documents.  Northington 1, at *43-44. 

Just as a tailor measures for a suit, the District Court fashioned the appropriate sanctions against the Defendant.  While the Court denied the Plaintiff’s request that the Defendant be “barred from asserting a defense as to liability based on its discovery misconduct,” the Court ordered the following on searching the Defendant’s ESI:

Defense counsel is ordered to search all of the defendant’s electronic media (including its email system) and hard copy files that might contain information responsive to any aspect of the plaintiff’s original Request for Production V. With respect to electronic media, defense counsel should not limit the key search terms to the three terms previously used by defendant, but must also include misspellings of plaintiff’s first name as well as other key terms reasonably related to each of the topics set forth in Request for Production V. Those searches should cover the time period of February 2006 through October 2008, inclusive. Defense counsel should complete such searches and produce any nonprivileged, responsive documents not previously produced to plaintiff, within thirty days from the date this order is entered on the court’s docket.

Northington 2, at *2-3. 

The Court further ordered an adverse inference instruction of when the Defendants’ duty to preserve triggered and that the Defendant failed to preserve emails and other electronically stored information.  Northington 2, at *3.  Additionally, the Defendant was barred from arguing the absence of any discriminatory statements was not evidence that such damaging statements were not made.  Id. 

Bow Tie Thoughts

Judges, and attorneys, are becoming more sophisticated in addressing search term issues.  In this case, the Court ordered the Defendants to 1) search within specific date ranges; 2) include the Plaintiff’s search terms; 3) and include “misspellings of plaintiff’s first name as well as other key terms reasonably related to each of the topics” in the Plaintiff’s request.   Northington 2, at *3. 

The Judge showed an admirable level of understanding that search terms should include alternative spellings of keywords.  Key players might have nicknames, or variations in spelling, that frequently need to be included in a search.  Additionally, the phrase “other key terms reasonably related to each of the topics” introduces search terms that should be discussed at a meet and confer.  While one party might be in a better position to determine more effective search terms, this area should be discussed at a meet and confer between the parties.  

Narrowing data by date helps control the volume of ESI to be search to relevant time periods.  This helps control the amount of data that ultimately has to be reviewed and proposed after keyword searches.

Tagging Damages for Violating the CAN-SPAM Act on a Social Networking Site

A registered Facebook user allegedly gained unauthorized access to 116,000 Facebook accounts and sent in excess of 7.2 million spam email messages. Facebook, Inc. v. Fisher, 2011 U.S. Dist. LEXIS 9668, at *3 (N.D. Cal. Jan. 26, 2011). 

These spam emails were designed to “phish” for log-in information from Facebook users and continue the spam email message cycle.  Id.

Facebook received over 8,000 complaints and over 4,500 people deactivated their Facebook accounts.  Fischer, at *8.

Un-friending the Defendant was not simply enough for Facebook. 

Facebook sued on the following causes of action:

(1) Violation of the Controlling the Assault of Non-Solicited Pornography and Marketing Act (“CAN-SPAM Act”), 15 U.S.C. § 7701 et seq.;

(2) Violation of the Computer Fraud and Abuse Act (“CFAA”), 18 U.S.C. § 1030 et seq.;

(3) Violation of Cal. Penal Code § 502; and

(4) Violation of Cal. Bus. & Prof. Code § 22948. 

Fischer, at *4.

The Plaintiff obtained a default judgment and proceeded to tag the Defendant with as many damages as possible. 

The maximum penalty under the CAN-SPAM Act allows for an award of $100 for each of the 7.2 million violations, plus aggravated damages.  Total sought:  $2,160,000,000. Fischer, at *6.

The Plaintiff also sought $500,000 under the under Cal. Bus. & Prof. Code § 22948 and requested treble damages for a total award of $1,500,000. Fischer, at *6.

The Court found that a damages award in excess of $2 billion was not proportionate to the violation of the various statutes.  Fischer, at *6.  Instead, the Court awarded statutory damages of $.50 for each CAN-SPAM Act violation for $360,000,000.  The Court also awarded damages of $500,000 pursuant to Cal. Bus. & Prof. Code § 22948.2, making the total damages $360,500,000. Fischer, at *7.  The Court declined to award treble damages.  Id.

Bow Tie Thoughts

There is a phrase from Political Science and History classes on war: Making the rubble bounce. 

Some damage awards are to prove a point, and deterrence, from future violations.  Facebook sought to prove a point to deter spammers from any phishing and other attacks on identity theft by dropping a nuclear bomb on this Defendant.  While Facebook did not vaporize the Defendant, a default damage award of $360,500,000 certainly made the rubble bounce.  It showed both the Plaintiff, and the Court, did not tolerate 116,000 people having their Facebook accounts being compromised.

Nothing Says “Bad Faith” Like Throwing a Laptop off a Building

Is entering a default judgment against a party for destroying a laptop excessive and unduly harsh?  Not in Utah.  Daynight, LLC v. Mobilight, Inc., 2011 UT App 28, P2 (Utah Ct. App. 2011).

Daynight involved a destroyed laptop and what was the appropriate sanction for the destruction of evidence. 

Certainly not helping the Appellants’ cause was a video with employees discussing the destruction of “potential[ly] harmful evidence that might link [them] to any sort of lawsuit.” Daynight, at *3-4. 

Add actions including throwing a laptop off a building and running it over with a car, plus statements such as “[If] this gets us into trouble, I hope we’re prison buddies,” and you can kiss any good-faith defenses goodbye.  Daynight, at *4.

On a fundamental level, most document retention and destruction policies do not involve skeet shooting or monster trucks.

The Plaintiffs & Third-Party Defendant Appellants were sanctioned with a default judgment for the destruction of evidence, pursuant to Utah Code of Civil Procedure Rule 37(g).  The Appellants argued that the sanction was “excessive” and “unduly harsh.”  Daynight, at *1. The Court of Appeals did not agree. 

Rule 37(g), states in relevant part:

Nothing in this rule limits the inherent power of the court to take any action authorized by Subdivision (b)(2) if a party destroys, conceals, alters, tampers with or fails to preserve a document, tangible item, electronic data or other evidence in violation of a duty. Absent exceptional circumstances, a court may not impose sanctions under these rules on a party for failing to provide electronically stored information lost as a result of the routine, good-faith operation of an electronic information system.

Daynight, at *3.

Utah Rule of Civil Procedure Rule 37(g) lacked any case law interpreting the statute, so the Appellants argued the Code required a showing of “wilfulness, bad faith, fault or persistent dilatory tactics.” Daynight, at *3.

The Court of Appeals did not agree.  As the Court stated:

In our view, spoliation under rule 37(g), meaning the destruction and permanent deprivation of evidence, is on a qualitatively different level than a simple discovery abuse under rule 37(b)(2), which typically pertains only to a delay in the production of evidence. Compare Utah R. Civ. P. 37(b)(2) with id. 37(g). Contrary to KK Machinery’s assertions, rule 37(g) of the Utah Rules of Civil Procedure does not require a finding of “wilfulness, bad faith, fault or persistent dilatory tactics” or the violation of court orders before a court may sanction a party. Rule 37(g) states: Nothing in this rule limits the inherent power of the court to take any action authorized by Subdivision (b)(2) if a party destroys, conceals, alters, tampers with or fails to preserve a document, tangible item, electronic data or other evidence in violation of a duty. Absent exceptional circumstances, a court may not impose sanctions under these rules on a party for failing to provide electronically stored information lost as a result of the routine, good-faith operation of an electronic information system.

Daynight, at *2-3.

While the Court of Appeals held it was not necessary to find “wilfulness, bad faith, fault or persistent dilatory tactics,” the Court stated the skydiving laptop antics “unquestionably demonstrate bad faith and a general disregard for the judicial process.” Daynight, at *4.

Bow Tie Thoughts

Throwing a laptop off a building and running over it is probably the closest we will have to a strict liability offense for spoliation. While I doubt lawyers will issue litigation hold letters saying, “Don’t Throw Computers Off Buildings,” you never know what some people will do.

Espresso, WiFi, & Confidentiality with a Twist of Lemon

Many attorneys, as with a large contingent of the general public, do not possess much, if any, technological savvy. Although the Committee does not believe that attorneys must develop a mastery of the security features and deficiencies of each technology available, the duties of confidentiality and competence that attorneys owe to their clients do require a basic understanding of the electronic protections afforded by the technology they use in their practice. If the attorney lacks the necessary competence to assess the security of the technology, he or she must seek additional information or consult with someone who possesses the necessary knowledge, such as an information technology consultant.

California State Bar Professional Responsibility and Conduct Formal Opinion No. 2010-179, page 5.

Some associate attorney went out for coffee and got a lot more than an espresso with a twist of lemon.

California attorneys now need to consider 6 factors before enjoying a mocha and sending work emails on a firm issued laptop while on a coffee shop’s WiFi service according to the California State Bar Professional Responsibility and Conduct Formal Opinion No. 2010-179. 

The Opinion addressed whether an attorney violates their duties of confidentiality and competence when transmitting or storing confidential information that might be susceptible to third parties. Opinion No. 2010-179. In short, an associate attorney sending work emails from Starbucks on her laptop. And since the lawyer lives in the 21^st Century with a monthly billable hour requirement, she takes her laptop home every night to do legal research on her cases using her wireless Internet connection. 

The Opinion rationally discussed an attorney’s ethical duty to preserve client confidences.  For example, if a lawyer is on an airplane and working on a computer, they should turn the screen, so the person sitting next to them cannot see it.  Opinion No. 2010-179, fn 9. 

Fear of hacking  while on a wireless network is real.  For example, Firefox can be hacked by the add-on Firesheep.  This hacking add-on “adds a sidebar to Mozilla’s Firefox browser that shows when anyone on an open network — such as a coffee shop’s Wi-Fi network — visits an insecure site. ‘Double-click on someone [in the sidebar] and you’re instantly logged on as them.’” See, New Firefox add-on hijacks Facebook, Twitter sessions, Last Visited on 11/04/2010

As Opinion No. 2010-179 highlights, lawyers have an express duty to “[t]o maintain inviolate the confidence, and at every peril to himself or herself to preserve the secrets, of his or her client.” Opinion No. 2010-179, page 2, citing (Bus. & Prof. Code, § 6068, subd. (e)(1).)

Furthermore, California Rules of Professional Conduct, Rules 3-110(A) “prohibits the intentional, reckless or repeated failure to perform legal services with competence.” Opinion No. 2010-179, page 2.   

Moreover, “’competence’ may apply to an attorney’s diligence and learning with respect to handling matters for clients.” Opinion No. 2010-179, page 2, citing Rules Prof. Conduct, rule 3-110(B).

The Opinion outlined the following six factors before using wireless communications:

1) The level of security attendant to the use of that technology, including whether reasonable precautions may be taken when using the technology to increase the level of security;

2) The legal ramifications to a third-party who intercepts, accesses or exceeds authorized use of the electronic information;

3) The degree of sensitivity of the information;

4) The possible impact on the client of an inadvertent disclosure of privileged or confidential information or work product;

5) The urgency of the situation; and

6) The client’s instructions and circumstances, such as access by others to the client’s devices and communications.

Opinion No. 2010-179, page 1.

The Committee ultimately found the following: 

“[D]ue to the lack of security features provided in most public wireless access locations, Attorney risks violating his duties of confidentiality and competence in using the wireless connection at the coffee shop to work on Client’s matter unless he takes appropriate precautions, such as using a combination of file encryption, encryption of wireless transmissions and a personal firewall.”

Opinion No. 2010-179, page 7.

The Opinion stated that using a public wireless network might violate a lawyer’s ethical obligations, because of the “sensitivity” of the case.  Id.

The Committee also stated that using a personal wireless network to work from home would not violate a lawyer’s ethical duties, provided the network is configured with “appropriate security features.” Id. 

Translated: You might need your coffee to go, but working from home on the weekends should be ok.  

Bow Tie Thoughts

People are used to having wireless technology, especially as we become more “App” and “Cloud” dependant.  However, attorneys must always be aware of their ethical duties as they look to use new technologies.

Accessing email from a coffee shop is one thing, but there could be greater issues if an attorney is doing document review on a hosted review platform.  While document review can be extremely painful and working at a coffee shop a welcome break, attorneys should be very mindful where they are accessing “stored confidential information” on a public wireless network to avoid discovery and attorney work product from being hacked.

I, Hearsay: Computer Generated Reports as Testimony

Is a computer generated printout a statement according to the hearsay rules?  California law says “no.”  People v. Nazary, 2010 Cal. App. LEXIS 2207 (Cal. App. 4th Dist. Dec. 31, 2010)

People v. Nazary is an appeal from an embezzlement conviction.  Part of the evidence offered against the Defendant included computer generated printouts (receipts).  The Defendant opposed the computer generated evidence as hearsay, because the receipts were “offered for its truth to establish that he had stolen money…” Nazary, at *52-53. 

This raises the computer age-old metaphysical issues of whether a computer is a “person” who can make a statement.  To the eternal dismay of science fiction fans, the Court of Appeal did not once invoke Hal 9000 or reference the Outer Limits “I, Robot” trial. 

The Court of Appeals did, however, review the California Rules of Evidence. 

California Evidence Code 1200(a) defines Hearsay as follows:

“[E]vidence of a statement that was made other than by a witness while testifying at the hearing and that is offered to prove the truth of the matter stated”; 

Nazary, at *53. 

A “statement” is defined under California Evidence Code section 225, as follows:

 “(a) oral or written verbal expression or (b) nonverbal conduct of a person intended by him as a substitute for oral or written verbal expression”;

Nazary, at *53. 

A “person” is defined under California Evidence Code section 175 as “a natural person, firm, association, organization, partnership, business trust, corporation, limited liability company, or public entity.” Nazary, at *53. 

In the words of the Court of Appeal, the California Evidence code “does not contemplate that a machine can make a statement.” Nazary, at *53.  However, the witnesses who described the computer generated reports, plus how the computer generated the reports, were subject to examination for the jury.  Nazary, at *54-55.

As the Court of Appeal explained, the admissibility issues with the computer generated reports were foundational.  The issue was whether the computer was operated correctly or possible data errors.  These issues could be addressed by the cross-examination of the expert who used the computer system.  Nazary, at *54.

The Court of Appeals found the receipts were machine generated and thus not hearsay.  Nazary, at *54-55. 

The “Hearsay Rule” requires “testimonial assertions shall be subjected to the test of cross-examination.”  Nazary, at *55.   In the words of the Court, there was “no possible scenario” where the computer system could have been cross-examined.  Nazary, at *55. 

However, those who used the computer system to create the receipts were subject to cross-examination.  Nazary, at *55.  The evidence of machine error were presented for the jury, which was all that was required under California law.  Id.  

Bow Tie Thoughts

Computers do not take an oath to tell the truth and testify in court.  One day, we might live in that science fiction world.  Given that one can fly across the United States with an Internet connection in 5 hours is something that would have been science fiction to someone 90 years ago, do not be surprise if our grandchildren live in a world where a computer can testify as to how data was generated.