Posted on: April 27, 2016in Blog
eDiscovery Update: In Favor of Custodian Interviews and Other Low-Tech Approaches
This article was originally published on The Daily Record.
“Do you want me to scramble this one like the others?”
That’s a line from a deleted email I read while conducting a forensic examination a number of years ago. The email was addressed to a manager and sent by one of the engineers of a company accused of falsifying test data.
The manager responded affirmatively, but also added the following: “Don’t use the word scramble or anything else negative in email. Let’s call it, SOP, or standard operating procedure.” Unbelievable. I proceeded to run searches for SOP and Standard Operating Procedure and found dozens of emails containing incriminating conversations.
How did I find this juicy email? It certainly wasn’t the keywords provided by the case team. Sure, they had dozens of keywords from “alter” to “zap”, but not “scramble” or “SOP”.
I stumbled across this original email only because I was frustrated with the lack of results from the key terms that were suggested. So, I reverted to my comfort zone of randomly selecting and reading emails. This strategy had always proved fruitful in the past, and it always gave me insight into how people in the organization were communicating. How were they using email? Were they using code words? Were they engaging in small talk or were their communications strictly business?
The thought of this past investigation didn’t come to me randomly. It came to mind after I read a recent blog by Jon Fingas regarding the Volkswagen emissions scandal. In the article published by Engadget, it stated: “tipsters claimed that VW staff used dozens of code words to hide emissions cheating activities, making it difficult for internal investigators to find evidence.” They'd refer to the technology as "acoustic software," for example.
I have no personal knowledge of the methods or techniques being used by investigators in the VW case. Maybe they devised keywords to investigate, or perhaps they used some new-fangled analytical software that clustered emails based on some algorithm. But maybe, just maybe, they found the documents with the code words using one of my two favorite methods of searching for relevant ESI, both of which are “low tech”.
Randomly Selecting Emails
I’ve already mentioned the first technique: to select emails randomly and to start reading. I have used this method on nearly every investigation where I have been asked to find potentially relevant evidence. And nine times out of ten I have found communications that would have not been caught in the keyword net. This kind of random selection and reading can be tedious, but one can learn a lot about an organization and its people by this method of scouring business and not-so-business emails. Years ago I heard the New York Attorney General, Eric Schneiderman, speak when he was still a practicing litigator and he was investigating broker-dealer stock churning. If I recall correctly, he stated that his team reviewed most, if not all, email communications which led them to uncovering communications talking about POS trades. Later they discovered that the brokers were referring to questionable investments they were putting their clients into and” POS” stood for “piece of s#!t”.
I am sure they had to read through a lot of email to find those nuggets and I am not suggesting or advocating that we replace using keywords and data analytics with looking at every document. It is just not practical or feasible to read everything but what I do advocate is that attorneys take time to look at emails that didn’t caught in the net of key terms or analytics. This method will help you find new keywords, relevant documents, or the smoking gun. At the very least, you are going to learn a lot about the organization, how it speaks, and how it operates.
The second method is one that I highly recommend and fully support in most, if not all matters, regardless of size or value. That method is the custodian interview. If an organization is subjected to discovery for litigation or other purposes, it is critical to interview the employees who created and controlled the ESI. I could be wrong, but I sometimes get the feeling that case teams are moving away from the interview process. They think that the technology can be used to “boil the ocean” and just leave behind the relevant ESI.
Custodian interviews can help the lawyer learn about the case from the point of view of the potential witness. It can also help to identify or eliminate key terms, give insight into the internal business lexicon, identify new custodians or eliminate the need to include others that have been slated for preservation and collection.
eDiscovery vendors often receive entire hard drives or network shares that contain thousands or even millions of irrelevant files or junk. Maybe the thousands could be reduced to hundreds if a proper custodian interview had been conducted. It certainly takes more time and effort to do the interview, but the payoff can be great. Custodian interviews can help the lawyer learn about the case from the point of view of the potential witness. It can also help to identify or eliminate key terms, give insight into the internal business lexicon, identify new custodians or eliminate the need to include others that have been slated for preservation and collection. Interviews serve another purpose if the ESI collection occurs at the same time as the interview. The interviewer and technology team can do a targeted collection to reduce the volume of nonresponsive ESI collected, thereby reducing costs.
Again, I am not advocating the abandonment of key terms, predictive coding, TAR or any other approach or name one wants to attach to data analytics (actually, I think we need to use it more!). What I am proposing is that case teams also take a low-tech approach and conduct custodian interviews and review random samples of documents. Yes, it may take time and effort, but trust me, the payoff is worth the investment.
D4 Weekly eDiscovery Outlook
Power your eDiscovery intellect with our weekly newsletter.
Posted May 17, 2017
How to Comply with 21 CFR and HIPAA Data Retention Requirements
Posted May 11, 2017
4 Key Advantages of Conducting Remote Depositions
Posted May 03, 2017
eDiscovery in International Dispute Resolution: What Experts Want You to Know
Posted April 27, 2017
China Expands Data Transfer Requirements for its Cybersecurity Law
Posted April 26, 2017
How to Use Office 365 Advanced eDiscovery to Prioritize Your Review
Posted April 21, 2017
American Bar Association Section of International Law | 2017 Spring Meeting in Washington DC
Posted April 19, 2017
Office 365 Enterprise E5: 6 Features That Could Benefit Your Business
Posted April 12, 2017
Data Reuse in eDiscovery: 4 Questions to Help Start Your Policy
Posted April 05, 2017
ESI Data Mapping Basics for eDiscovery
Posted March 30, 2017
China’s Cybersecurity Law: Objectives, Compliance and Business Recommendations