Corporate E-Discovery Forum on Social Media

A few weeks ago I had a unique opportunity to attend the Corporate E-Discovery Forum’s (CEDF) New York Forum. The CEDF is a non-profit organization that hosts and guides gatherings for its members, consisting of over 200 corporations and 400 individual participants, to encourage collaboration on E-Discovery issues. The forums give members the opportunity to discuss document retention policies and enterprise content management practices, litigation holds, preservation, collection, processing of electronically-stored information, cost and risk management, best practices to avoid spoliation and sanctions, and understanding plaintiffs’ strategies. Although vendors participate in the forums, they contribute equally with other members based on their experience (no sales pitches allowed).

Although there was a large turnout, I was pleasantly surprised at the level of interaction achieved in the sessions. Board members Nicholas Bunin, Jeri Head, and Patrick Gibson did a great job introducing sessions and spurring conversation. The board places great emphasis on active communication as opposed to having a single presenter talking at the crowd.

This recent forum was all about social media – Facebook, LinkedIn, Twitter – in corporate environments. Social media has obviously been around for quite some time, but in the corporate environment, policy makers are just getting comfortable with its use for business purposes. As a user, my first instinct is to question why this causes a problem; as a corporate investigator, I can tell you that social media can cause significant problems in the workplace and creates a whole new medium in which violations can occur. There are myriad new legal guidelines emerging around how corporations should regulate these tools in light of the current legal landscape. Regulatory agencies have also recently had their say on the diligent monitoring that must occur in the financial industry in relation to social media.

The forum had four main sessions during the day: Social Media and Reducing Risk, Practical Guide for Corporations to the Identification, Collection and Production of Social Media, Social Media Policy, and Social Media Dialog with Judges. While the guidelines of the organization prohibit sharing of content outside of the forum, I’ll just say that the day was well spent and I learned quite a bit. The next forum theme will be Cloud Technology, and will take place at the San Francisco Forum in June. The Corporate E-Discovery Forum would love to have new members participate and contribute to the discussions, and welcomes technical practitioners as well. If you’re a member of a corporate E-Discovery team, whether legal or tech, I’d highly encourage you join and participate!

Lenovo Shipping Intel AMT with Web Server Enabled?

Intel AMT is a really great technology for IT administrators – you can push updates even when the box is turned off, get console access via serial over LAN, and a helpdesk tech can view and interact with a user’s active session to help them with issues. AMT comes with an enterprise access model that presents a REST interface, configurable with encryption and Kerberos authentication, for interaction with enterprise IT management tools which is great for central management. It also ships with an embedded web server that would typically be used in small business models. The previous link has some decent screenshots of the web interface.

Michael Herf makes a comment about AMT not only being present on his new Thinkpad, but also having the built-in web server active out of the box. This is kind of scary considering (if I’m reading this correctly) that in some Lenovo boxes the default password was “admin” (check out page 8 in the link). AMT does store logs of activity: “Persistent event logs, stored in dedicated memory (not on the hard drive) so the information is available anytime. IT technicians can now access the list of events that occurred even before a hardware or software problem was noticed, including events that occurred before a PC connected to the network.”

How many IR folks have looked at AMT logs before or even knew they were present? I’d love to know if there’s any useful content for investigations getting recorded in these. Perhaps they require configuration ahead of time to trap relevant data. Please let me know if you’ve had the occasion to use AMT logs in this capacity!

eDiscovery Review and Predictive Coding with Statistics

Anne Kershaw and Joe Howie recently wrote a great summary for LTN on predictive coding in eDiscovery. The article gives a brief history and the evolution of review and coding practices in discovery, then gets to the good stuff. They present some pretty compelling numbers from recent studies that show just how inconsistent review efforts can really be. This isn’t a technical deep dive article in predictive coding or statistics, but I hope it helps get the word out on what the Sedona Conference has been saying for a few years now.

I find their list of high points most interesting: Transparency, Replicability, Reevaluating production sets, Confidentiality, Shortened time lines. While you could say transparency is aided by the simple fact that predictive coding systems record more data from its users on how and why a document was coded one way or the other, the black box nature of the algorithms used to determine document links is still an issue for me. This probably won’t be changing any time soon unless consumers (attorneys and judges) demand it. Right now the amount of noise present in eDiscovery is so high that it is, perhaps, acceptable to give this a pass for the moment.

My absolute favorite quote from this article? Well, it has to do with why more attorneys aren’t using predictive coding:

Given the claimed advantages for predictive coding, why isn’t everyone using it? The most mentioned reason, cited by 10 respondents, was uncertainty or fear about whether judges will accept predictive coding. (Paradoxically, at a recent U.S. Magistrates’ Conference, a participant jurist asked for advice on how to convince lawyers to use this type of approach.)

This is in line with what I see in the industry every day. Despite eDiscovery education initiatives popping up in every legal conference, many attorneys still don’t seem to get it. Having sat through quite a bit of painful legal education in my time, I’ve seen a recurring issue with how new ideas are presented in the legal setting. Quoting David Alan Grier as Science Dude on tonight’s episode of Bones: “And what do we say about clarity? It’s barbarity that clarity is a rarity.” Just because you’re a good attorney, doesn’t mean you’re a good educator. This is true of so many professions…

Sampling, one of my favorite topics, is given a mention at the end of the article. I think many litigation shops fall back into old habits too easily, and forget how much time and money proper sampling can save them. Not just in processing and review, but also in time [not] wasted in the courtroom. Jason R. Baron and Ralph Losey literally talk about it all the time.

If you’re interested in learning more about statistical sampling for eDiscovery and how you can save us all a big headache (and maybe some money, too), head on over to my Presentations page and grab a copy of Statistical Validation And Data Analytics In eDiscovery, a talk I gave at IQPC eDiscovery West 2010 in San Francisco earlier this year. Let me know how you use sampling or predictive coding and how we can better educate the community in the comments!

Getting Started

Well I put off getting started as long as possible. Maybe I waited too long?

The truth is I’ve been outside the veil now for about a year and I’m consistently becoming re-involved in Real ForensicsTM. I occasionally made time in the past to speak about my passion with others, but as I spend more and more time on it again I’d like to share some things as I plod along. The first thing that comes to mind is EnScript, as I’ve published a few over the years. A decent number of questions pop up and these are answered by a few usual suspects: Lance Mueller does an awesome job posting new relevant stuff ; Jon Stewart has been posting on the Three Laws of EnScript; and Paul Bobby has recently been churning out illustrative scripting guides. You can also expect posts on general forensics, e-discovery, weirdo technical issues with my favorite email client Lotus Notes, and all kinds of other tech issue beasties that affect us every day. I hope that the topics I post on are interesting to general practitioners and developers alike, and if you’re keen on a particular subject please let me know!