Slashdot Mirror
Proposed Federal Rules On E-Document Destruction
runner345 writes "The Federal Advisory Committee on Civil Procedure is evaluating a series of 'e-discovery' rules that will change the way litigation handles electronically stored information for the federal courts. Included in this is proposed Fed. R. Civ. P. 37 which would exempt parties from sanctions for electronic evidence destroyed in a 'routine operation of the party's electronic information system.' Microsoft and other technology heavy-hitters have strongly backed this safe harbor because it judicially validates electronic document retention policies (perhaps the most effective Orwellian misnomer for outright document destruction). If you thought it was hard to get incriminating documents from the tech industry now, think about what this rule will do to a plaintiff's chances. You can get the proposed rule here (when their site works) and read what Microsoft and Intel have to say about it here. You can also read my law school thesis on the topic (still only in draft)."
At least with paper documents if you get information about a warrant or other legal issue you are supposed to halt destruction until the issue is resolved. I don't see why electronic documents would be any different. Most (all?) electronic document retention (destruction) managment software has the capability to halt all destruction of data if a warrant or something comes up.
Ie, retain, *everything*... absolutely *everything*, why should email/*doc* be an acceptable domain, where, one can simply erase data under dubious circumstances ?
*Everything* is a lot. Do you want every revision of your swap file to be backed up?
On the other hand, every email you send does seem like a reasonable requirement. But what if your email contains a URL. Should you be required to back up that version of the web page?
There sure is. It's called obstruction of justice. and after the judge orders you come up with the password it is called contempt of court.
"Am I the only one who thinks that government should be requiring companies to move the *other* way?"
Um, have you ever heard of a little piece of legislation called Sarbanes-Oxley? Yeah, you might want to check that out before you start assuming you're on a one-man crusade. Corporate ecords retention requirements have only increased over the past 10 years.
"Ie, retain, *everything*... absolutely *everything*, why should email/*doc* be an acceptable domain, where, one can simply erase data under dubious circumstances ?"
This would be fine... except for the fact that you'd have to remove the "delete" function from every application on every desktop. If I'm composing emails, and I decide not to send something I halfway finished, do I have to save it? How about drafts from 10-year-old memos? And what happens when you just have too much shit for your hard drives? Preserving EVERYTHING is a pretty goddamned big burden on businesses.
"Corporations are too powerful now.
Increasingly, law is coming to reflect the interests of Corporations, instead of the interests of countries citizens."
Go back and RTFA. These standards have NOTHING TO DO with corporate versus non-corporate entities. We're talking about a rule that applies equally to all parties in civil litigation, whether they're incorporated or not. If you run a small business as a sole proprietor, and you get involved in a lawsuit, this applies to you, too.
Is slashdot so easy that any pseudo-Marxist anticorporate ranting passes for "informative"?
"Eventually, when the little guy gets done taking enough crap from those on top... the little guy gives the other the boot."
Yeah, whatever.
i work in big pharma, and for a lot of our systems we *do* have to do this. legally, we've got to keep data for clinical trials for *twenty five years* after the patentable lifetime of a drug. not only that, but we've got to figure out a way of archiving complete systems for that long. suffice to say, it's really, *really* expensive...
I think some of this discussion is lacking in context.
/orders have taken parties to task for failing to suspend routine overwriting of backup tapes. Taken to the extreme, this means that once you get sued, you can't overwrite any of your backup tapes.
First, if you destroy evidence after the lawsuit gets filed (or when you enter the grey zone of when you "reasonably anticipate litigation"), you have just committed spoliation of evidence. While this makes intuitive sense - the rule prohibits a defendant from having a "shredding party" the day after a lawsuit gets filed - it becomes problematic as definitions of what constitutes "evidence" expand.
Active emails? Check. Files on network servers? Check.
Backup tapes from last night's cycle? OOPS. Yes, several court decisions
Updating databases that might result in some data (i.e., last accessed, last modified) being modified? Uhoh, better take a snapshot of that database.
Are your server logs at issue? Uhoh, better suspend rotation of your server logs.
Hey, when you TURN ON your desktop, aren't you overwriting some cache space and slack space, that might make recovery of deleted files impossible? Guess what? If the other side wants to do a forensic examination of your machines, you can't even continue using them without taking a bit-by-bit image.
And by the way -- if you miss any bit of this data, you get sanctioned. Monetary sanctions, or an adverse inference ("we don't know what was on that tape that was destroyed, but you can ASSUME it was bad!"), or even a default judgment. Yes, electronic discovery can turn into a game of "gotcha".
Think how expensive this is for a small shop with just a handful of machines. And then think what's involved for a nationwide company with, say, 80 far-flung locations and company databases.
See the problem?
The "safe harbor" to Rule 37 says that you don't sanctioned for failure to preserve information lost from ROUTINE operation of a system UNLESS THE LOSS WAS INTENTIONAL OR RECKLESS. The "reckless" hole is very large, admittedly. But the rule attempts to bring some sanity to some of the broad-reaching data preservation games being played today.
Also, note that a court can order a party to take steps above and beyond what the proposed Rule 37 requires.
I have worked in a firm involved in litigation (note: I am not the submitter). If the judiciary is shortsighted enough to allow this to become standard practice, I will merely make my discovery requests even more specific, demanding, and immediate. Bit for bit disk images of everything at the soonest opportunity. 200 "gigabytes" of storage costs $100 - that's merely half of my hourly rate.
Defragment your disk? Yes, that could be a sanction. There's nothing like jostling the files on a hard drive to erase/destroy the information retained in some of the slack space and formerly unallocated clusters. But, of course, I wouldn't discover anything useful there.
Copy files from an old computer to a new one? Yes, that could be sanction. Everyone knows that "copy the files" means that your tech will copy EVERY SINGLE FILE, including swap files, temporary files, hidden files, and that pesky c:\Documents and Settings\%UserName%\Local Settings\blah blah directory tree that just happens to contain local copies of the Outlook and Outlook Express mailboxes and other gems. I also wouldn't discover anything useful there.
Seriously, the legal rules already permit an attorney to argue that an extortionate discovery request should be denied. Let's review:
Federal Rule of Civil Procedure 26:
subsection (b)(2) Limitations.
By order, the court may alter the limits in these rules on the number of depositions and interrogatories or the length of depositions under Rule 30. By order or local rule, the court may also limit the number of requests under Rule 36. The frequency or extent of use of the discovery methods otherwise permitted under these rules and by any local rule shall be limited by the court if it determines that: (i) the discovery sought is unreasonably cumulative or duplicative, or is obtainable from some other source that is more convenient, less burdensome, or less expensive; (ii) the party seeking discovery has had ample opportunity by discovery in the action to obtain the information sought; or (iii) the burden or expense of the proposed discovery outweighs its likely benefit, taking into account the needs of the case, the amount in controversy, the parties' resources, the importance of the issues at stake in the litigation, and the importance of the proposed discovery in resolving the issues. The court may act upon its own initiative after reasonable notice or pursuant to a motion under Rule 26(c).
If the judge knows this, and you know this, and the company knows this, then why are you collectively so incompetant that you are incapable of using a rule that has been in existence since the late 1940s to protect your client?
Perhaps, according to your point of view, the judge doesn't "know this" quite as well as you'd like.
So God bless electronic retention policies. They're even better then document culling in the "real world", where a human being has to review what is being discarded to some degree (it's described somehow), because the human being might know that they're destroying something related to existing litigation, leading to that nasty phrase "spoilation of evidence". It's much more convenient to delay discovery production aux SCO vs. IBM while your electronic systems slowly chew through your archived emails and files until the evidence blamelessly disappears, never to trouble you again.
(IANAL, but I spent a few years writing software for a legal company.)
Found in the Microsoft testimony:
"One of the better comments I think that was submitted to you was from somebody who does a lot of employment class action litigation. And she expressed that very concern. She also cited a few statutes, like Title 7 and maybe the Wage and Hours Act in the employment area, that very specifically tell companies what they must keep and what they must not.
And I bet those statutes also provide penalties if they are not kept. And I'm pretty sure that they provide -- is it ten to twenty years in prison for the intentional destruction of documents? I mean, I think it would be insanity beyond belief for anybody, any serious lawyer, to advise their client that, oh, yeah, this is a way to get rid of something that might come back to bite us. Because the moment you have that thought, you're engaging in basically criminal conduct.
So the routine operations of systems has to strictly be for the business purposes of keeping your IT systems running."
Where this differs from the "safe harbor" provision (IMO) is that some companies *routinely* engage in the intentional destruction of electronic documents. Last week I had some confidential records for a client, and when I was done with them, I deleted my copy as a routine IT practice: don't store confidential data any longer than necessary. My client has the data, so I don't need to retain it; even if I need it again later, the risk of someone walking away with my laptop *far* outweighs the convenience factor of holding onto the file. When documents are deleted for security reasons, this amounts to intentional deletion for the express purpose of denying access, and *might* be viewed rather harshly under the safe harbor guidelines.
Microsoft cheerleader, blue flag waving, you got a problem with that?
A quick review for those not familar with "trusted" computing. The hardware uses digital signatures to enforce running an approved BIOS only, which in turn enforces running an approved OS, which in turn will only run approved applications. Documents are encrypted, and the approved applications can phone home to determine whether you are allowed to read a document. If the document is on a delete list, it is immediately erased. Microsoft Media Player already implements this system - except for the hardware enforcement. Microsoft Office is next. Evil Media companies, and Microsoft, want to make the hardware enforcement required by law on all computing devices.
In the not too distant future, having obtained a copy of an incriminating document, you could keep it stored on a banned Linux system running on illegal hacked hardware, and given Microsoft's expertise with security, probably crack the encryption in a reasonable amount of time due to some stupid design flaw (e.g. random seed for session key is derived from Document time stamp). However, the resulting evidence would not be admissable in court. So stock up on tin foil hats.
No, you gotta count the number of connections. Businesses have a lot more e-mail then your average person. Not to mention the automatic stuff sent by programs and systems. Throw in the attachments and other fun things and you get a nightmare. The cost isn't trivial and it adds to the administrative overhead. Adding a sudden need to do proper backup (and offsite storage) of what should be transient.
I understand it for certain industries (I used to work in Clinical Trials and as another poster mentioned that has strict rules). Although, you can use those industries as an example of costs being driven up by the information storage requirements (the cost of I.T. for clinical trials is very high in the US).