More than Drawing a Black Box: How to Get Redactions Right for eDiscovery Production
For most people, redacted documents are the material of spy movies and political scandal. But here in the world of eDiscovery and FOIA requests, they’re a part of everyday life. But that doesn’t mean they’re to be taken lightly! Failure to redact documents or to make sure that redacted content is produced in its redacted format can be case ending (and job ending for the person responsible for the error).
The most common reason this happens, is because law firms and government agencies are taking the “redact by hand” route instead of using tools that properly manage productions to ensure documents meet the expected requirements, making sure the information meant to be kept private is hidden.
Even with redaction technology in place, some file types (like spreadsheet documents) can be difficult to redact, as we see in this week’s eDiscovery Blues™ comic. These challenging file types result in the litigation support or FOIA personnel using Microsoft Office and Adobe Acrobat to draw black boxes over the sensitive material, which is fine if the documents are going to be printed to hardcopy but doesn’t actually redact the digital information from the file.
In one 2019 grand jury filing, a member of the press was able to defeat these types of manually created redactions by simply copying the black-out boxes and pasting the text into a new document, which also brought over the text and metadata.
So how can you make sure redactions on digital documents are done correctly?
“That’s kind of the challenge: picking the right tool for the right job,” says Derek Miller, VP of Business Development at Ipro. “Anyone doing redactions and producing redacted documents needs to understand how these tools work and build measures into their processes to avoid this type of mistake. But mainly you want to make sure you have the right tools in your toolbox. Which means using software that’s specifically designed to redact and produce those redactions accurately.”
Here are a few things to look for in software to ensure accurately produced redactions:
Automatically re-OCRs documents to remove the text under the redaction
Runs validations to make sure the redactions are burned in and the text is correct
Creates layered redactions so multiple production sets can be sent to multiple parties
Along with those functions, some eDiscovery software has added protections which identify documents which may need another layer of review before they’re produced. It’s similar to when your email platform asks if you want to send without a subject line or asks if you’ve forgotten an attachment.
One example of this is Ipro’s Production Shield™, which identifies these documents during the validation phase of the export process, giving administrators the opportunity to correct conflicts and ensure only appropriate documents are produced.
The main thing to remember when dealing with Electronically Stored Information (ESI) is that what you see on the screen is only the surface of the existing data. The same goes getting redactions right for eDiscovery: Just because all you see is a black box, doesn’t mean everything that lies beneath has disappeared.
Ipro’s Production Shield™ is available on Ipro’s Enterprise™ and Desktop™ eDiscovery Solutions.
How Government Agencies Walk the Line with Legacy Software
Written by Jim Gill Content Chief, Ipro
Have you ever cleaned out your closet and found that shoebox full of cassettes from college? Companies and government agencies are no different. Many of their electronic files are stored as legacy file types which are no longer supported. And these aren’t just files that are of little significance.
In an article from October 2019, Ars Technica reported that the U.S. Air Force’s intercontinental ballistic missile command had finally stopped storing data on 8-inch floppy disks. You read that correctly: data from active nuclear missile sites was being captured and managed using 40+ year-old technology. The Air Force cites the use of these legacy systems as a cybersecurity advantage, and even though data is now stored on a “highly secure solid state digital storage solution,” the Strategic Air Command still relies on IBM Series/1 computers installed at Minuteman II sites in the 1960s and 1970s.
One of the biggest challenges with legacy systems is that they work fine as long as things remain “business as usual.” But when outside events change the status quo, unforeseen weaknesses and challenges can arise quickly.
With the COVID-19 outbreak in early 2020, the number of applications for benefits from the CARES Act, passed in late March 2020, overwhelmed state employment offices. A good deal of the gridlock was state agencies relying on a 60-year-old programming language called COBOL, causing claims to take as long as two weeks to process.
As Robin Roberson, executive director of the Oklahoma Employment Security Commission, put the situation, “Our mainframe is literally over 30 years old. It’s very difficult to program, it doesn’t do much, [and] COBOL programmers are somewhat scarce.”
State agencies across the country are scrambling to update COBOL code, but according to Gartner, the average age of a COBOL programmer is above 60. Mahmoud Ezzeldin, 75, who was a COBOL programmer for Blue Cross Blue Shield and the IRS, offered to come out of retirement and volunteer help in training organizations updating their systems to meet the increased demand for relief benefits.
From an eDiscovery perspective, legacy data can prove a challenge as well. Government agencies, corporations, and law firms all most likely have some legacy data they may have to contend with regarding investigations, litigation, and FOIA or other compliance requests. As this week’s eDiscovery Blues cartoon highlights, these organizations may have the information required, but getting that data into a format that is reviewable and producible is where the challenge lies.
Which is why it’s important to work closely with your IT department to know if your organization has any potential legacy data obstacles, as well as ensuring that you have an eDiscovery technology partner who can effectively and efficiently manage those challenges.
Otherwise, you may end up like Rick Compliance, eDiscovery Manager, scouring the internet for used floppy drives.
Why eDiscovery Software is the Perfect Solution for FOIA Requests
Written by Jim Gill Content Chief, Ipro
As far back as 2013, the Department of Justice has received over 70,000 Freedom of Information Act (FOIA) requests per year, and this trend continues to rise. By law, all federal agencies are required to respond to a FOIA request within 20 business days, unless there are “unusual circumstances.” If the requests don’t receive a response to according to law, the agency can be sanctioned, as well as those individual employees, “…who are found to have acted arbitrarily or capriciously in improperly withholding records. Additionally, the court must award attorney fees and other litigation costs against the government.”
This puts a lot of pressure on the FOIA personnel assigned to perform all duties related to the processing of these requests: logging, tracking, searching for responsive records, analyzing responsive records for disclosure pursuant to FOIA provisions, applying exemptions to the documents as appropriate, and communicating with the FOIA requestor. These tasks become all the more formidable when trying to manage them with manual processes and basic tools.
One example of this involves the FOIA administrator at one of the agencies within the Department of the Interior. Their old process was manually searching email, native files and images, opening each one individually in Outlook, changing the metadata, and then making the decision on whether the document was relevant to the FOIA request. They used an Excel workbook to catalog document names since there were no other Document IDs to use as a reference. Needless to say, this proved to be a very labor-intensive process, not to mention that the data was spoliated when changes were made to the file headings and any related metadata.
As an added challenge, if redactions were needed, the documents had to first be converted into PDFs and then redacted manually, using a program like Microsoft Word or Adobe. As Ryan Joyce, VP of Strategy at Ipro, shares, “Time and time again we have seen the same headline—a law firm or government agency warding off the trouble caused by not handling their redactions correctly. Why is this still an issue after all these years? In reality, any software can place a colored box over text, but only the right eDiscovery solution will provide the correct and federally mandated result.”
This is where eDiscovery solutions designed with the specific result of making life easier for FOIA personnel come into play.
The dilemmas listed above are easily solved by a single tool with the features listed below:
Quickly ingest and OCR a large variety of file types that may be a part of a public request
Advanced search tools allow the finding of relevant documents in a fraction of the time
View text and metadata at the same time, without spoliation
Near-duplicate detection and email threading eliminates the need to review similar documents
Reporting features easily log and track documents
Alerts prevent redaction errors and ensure DOJ-quality productions
Create multiple productions if variations of a FOIA request are required
It’s clear that the challenges of FOIA requests can be daunting, so creating awareness is critical: the right solution for Government Agencies already exists in eDiscovery software originally created for litigation purposes.
When you would like to learn more how Ipro eDiscovery solutions help Government Agencies meet the challenges of FOIA requests, take a moment to visit us here.
The small law firm is often left out of the eDiscovery conversation. Faced with choosing an enterprise tool, sticking with legacy eDiscovery software that is no longer being developed, or the old standby, manual processes, it might seem that small firms are left little in the way of eDiscovery options.
But that isn’t the case. Recently, The Lawyerist interviewed Derek Miller, VP of Desktop Solutions at Ipro, on several of their podcasts, talking about just that: eDiscovery tools small law firms should keep in their toolboxes.
Why Do Small Firms Need to Care About eDiscovery?
Derek Miller: I have a firm that I work with here in Phoenix, a small firm, two attorneys and two paralegals. And they’ve decided to use technology from start to finish. From the first meeting with a client, they start a chronology on what they’re going to produce, and what they’re getting from opposing counsel. And they start with electronically created information and images, which means someone has to process it and work with it. So they use our desktop software to ingest that information, review, and produce it. They also manage their transcripts and synchronized video, and they build the entirety of their case through the use of this technology.
At every stage, they’re reviewing, producing, scanning, coding data, and putting it into a product that will allow them to then take all of that information and transition it through the litigation life cycle and then go into trial and present that information. Ironically, everyone has to prepare as if they’re going to trial; whether or not they end up there is dependent upon the case. And because they’re using technology at every stage, they’re already familiar with the facts all the way through, solidifying their strategy.
Lawyerist: They don’t have to wait until pre-trial, or even discovery, they’re ready to go from the beginning of the intake process. That sounds like a pretty powerful way to approach trial prep and litigation in general.
Derek Miller: I think so. And because they’ve adopted the software and are using it through the whole process, they don’t have to relearn it each time when they get to a certain stage. It’s just a natural part of the practice.
Lawyerist: How would a firm get started using technology like that?
Derek Miller: That’s a great question. First, go out and evaluate a couple of different products, decide what it is that you’re trying to do, and then how a particular software fits that goal.
Secondarily, I would invest heavily in the training. Once you become familiar with the software, then make that a part of your workflow.
Lawyerist: What’s a tool that you think should be in every litigator’s toolbox?
Derek Miller: I think one of the tools that can be really helpful, and that’s a little bit underrated, is a Fact management tool.
Lawyerist: What is a fact management tool?
Derek Miller: It’s a tool that bridges the gap between the discovery/production phase of litigation and the trial phase. And with every case, you should be preparing as if you are going to trial, even if you don’t ultimately end up in the courtroom.
Lawyerist: I’m imagining that a fact management tool uses key facts, material facts, extraneous facts, as the central organizing principle, and my assumption is that it helps me organize what those facts are and identify why they might matter, helping me draw connections between them.
Derek Miller: Yeah, I think one way to think about a fact management tool is it’s like one of those photographic mosaics, where you’re trying to take a bunch of those little individual pictures and turn it into one big picture. And with litigation, you start with one big picture in mind, and then with all the little pictures you’re given, you try and paint it so it’s accurate and clearly seen. Sometimes that’s harder to do, because you’re stuck with all these little pieces of evidence, and you have to align those with all of the facts and issues of the case. A fact management tool can help you do that. You have to have the ability to manage witnesses, documents, testimony, and a chronology, and the ability to visualize “what happened when” is a key part of painting that picture.
Lawyerist: You just mentioned a chronology, what are some other key features you want to look for in a fact management tool.
Derek Miller: Something that ties together facts and the evidence that goes with it, whether that is a document, an email, a video, a transcript testimony from a deposition, any of those are all key pieces you want to manage. Additionally, you don’t want a tool that’s a bridge to nowhere. And what I mean by that, is that it would be great if all the effort and work product was going to transition easily into whatever you’re going to use for trial.
Lawyerist: Because the idea here, is that whenever I see a fact, it’s providing me with the additional context. So I know what that fact means, what the significance is, if it turns out to exist or not exist, if the fact is disproved or proved, and what that means for my case, and what are the documents I’m going to need to prove it up or disprove it.
Derek Miller: You’re right, and then which witness is going to testify and who’s going to introduce that evidence to help you out.
Lawyerist: Is this something that will work with my presentation software, or is this just something I would use myself on my laptop at my desk?
Derek Miller: It could be either/or. As I mentioned earlier, it could be something that’s going to transition that work product right into the trial software, so that if you do end up in the courtroom, you’re not redoing that work. It’s all going along for the ride.
Lawyerist: And that’s the philosophy behind Ipro, right? It’s something you begin using at the beginning of the case that helps you along the way, and then it also turns into a fact management tool as you need it to be, and it also helps you present your case at trial, and handles the whole lifecycle of the case.
Derek Miller: Exactly. We’re all about simplifying that entire process, from the start of discovery all the way through trial.
Lawyerist: You were telling me about some PDF redaction disasters you were seeing recently that show what happens when you use software correctly, but for a purpose which it was not intended. Tell us what you’ve seen.
Derek Miller: Recently in the news, there was the story of the redacted information that was erroneously or accidentally exposed because of the tools that were used to do the redaction. It’s probably not the first or last time that will happen, but in this instance, it was an issue of understanding how the technology works versus the software itself, and that can be the bigger problem when it comes to selecting tools for the toolbox.
Lawyerist: So in this case, remind me, what was the situation and what was the tool that went wrong?
Derek Miller: Basically, the situation was they went through and they redacted some grand jury information, and the software did work as it was intended, and it did redact, but that doesn’t mean it was permanent or fixed, so an outside party was able to highlight, copy, and paste, and then show that redacted information in another document.
Lawyerist: This was the kind of situation where, someone drew black boxes over the document, which works if you’re going to print it, but doesn’t actually redact the digital information from the file.
Derek Miller: Correct. When you have an image or text, you can put a black box over it all you want, but the underlying data is still there. So while they did choose a redaction tool, they didn’t double check to make sure the information wasn’t still available.
Lawyerist: So how can lawyers make sure that when they are redacting PDF documents or other digital documents, they’re doing it correctly.
Derek Miller: That’s kind of the challenge: picking the right tool for the right job. Based on this recent experience, anyone doing redactions and producing redacted documents is going to understand how those tools work and be a little more careful so they avoid this type of mistake. But mainly you want to make sure you have the right tool in your toolbox. So use software that’s specifically designed to redact and produce those redactions accurately. And as far as the functionality of the software, you want to make sure it does a couple of things like automatically re-OCR the document to remove the text under the redaction, run validations to make sure the redactions are burned in and the text is correct, and then be able to create layered redactions so that multiple production sets can be sent to multiple parties.
In addition to those functions, in the Ipro for enterprise and Ipro for desktop products, there is a feature called Production Shield which identifies those types of documents that need that added layer of review before they’re produced.
Lawyerist: Which can keep you from making mistakes. Kind of like the email feature that reminds you when you’ve forgotten to attach something.
Derek Miller: Exactly. In a similar way that your email will ask, “Are you sure you want to send?” or “Did you mean to attach documents?” Production Shield works in a similar way where it says, hey, you may want to check these documents to make sure the redaction is correct and there’s no underlying text that could inadvertently get disclosed.
Lawyerist: That sounds pretty handy! Thanks so much for being with us today, Derek.
Derek Miller: Thank you.
Find out how 5 legal teams overcame their challenges, utilizing Ipro’s Hybrid approach to eDiscovery.
We’ve all been there: we know we need to change our way of doing things but are stuck in the status quo. We tell ourselves, if it isn’t broken, why fix it, because the thought of going through the difficulty of evolving often overshadows any benefits that might come with updating.
Those of us working in eDiscovery are no different. Even as digital information is constantly growing, file types changing, and processing and review costs continue rising, we hang onto outdated software that becomes more and more unstable with age—from limited processing capabilities, issues with filetype compatibility, or a lack of continued development and support.
Here are 5 reasons why continued use of unsupported legacy software is a ticking time bomb in your eDiscovery process.
This is an obvious one. Using legacy eDiscovery software that is no longer supported by the company that created it is like driving a car with high-mileage and no warranty: it may still run fine and get you from point A to point B, but when it breaks down, you’re on your own.
Operating System Support
As far as digital lifespans go, 5 years is a long time. If your legal team is using legacy eDiscovery software which was created for older versions of an OS, it could lead to issues if it’s no longer being supported to meet with scheduled OS updates. (For example, Microsoft released Windows 10 in 2015, which has had 7 additional versions updates since then, with various “end of service” dates scheduled in 2020).
It’s no secret that data is growing exponentially each year, particularly in the corporate sector. From an eDiscovery standpoint, the challenge lies with the near infinite number of file types (and variations within each type) in which data can live. Every program and application you use creates different file types: email, chat, social media, planning and content-creation tools, etc. Different versions of the same program or application create variations of those file types, and different formatting within each of those can create still more variations. From this perspective, it’s easy to see why a legal team needs software that is continually being updated in order to keep up with this growth.
Lack of advanced tools and analytics for today’s workflows
More and more, legal teams are looking to add the latest tools which increase the speed, accuracy, and efficiency of document search and review. If your team is using software that is no longer being developed or supported, you may be missing out on the latest innovations in Early Case Assessment (ECA), Technology Assisted Review (TAR), and other advanced technology which allows your team to deal with larger datasets and take on more complex cases.
Difficulty meeting unique production requirements
FRCP Rule 34(b) states that a requesting party may specify the form or forms of ESI production, which are determined by the parties at the Rule 26(f) “meet and confer” conference. The inability to meet unique production requirements due to outdated or unsupported software will result in having to turn to outside service providers to do the job for you, resulting in extra costs and added stakeholders, in order to meet the production deadline.
Functional Software isn’t a Long-Term Solution
It’s time to stop struggling with legacy eDiscovery tools. Ipro easily migrates data from the most popular legacy flat-file review databases and has been purpose-built with the most cutting-edge features in eDiscovery. No matter what your eDiscovery needs are, Ipro has the flexibility, scalability, and value to meet them.
Once again, eDiscovery and emerging data sources are at the center of a criminal murder investigation. A recent article in Wired highlights how investigators used data from the victim’s Fitbit and a neighbor’s Ring digital doorbell camera to establish a timeline, identify a suspect (the victim’s 92 year-old step father), and gain a warrant to search the suspect’s home, all of which led to his arrest.
Similar to other cases involving the use of data from mobile phones, social media, and the Internet of Things, it wasn’t the electronically stored information (ESI) alone leading to the arrest, but instead it gave investigators leads that otherwise wouldn’t have existed in a pre-digital world. These leads then gave them enough evidence to request warrants for further searches and investigations of specific suspects, which then brought about arrests. In other words, solving crimes still boils down to good old-fashioned detective work, only now, investigators have new ways to uncover what might have happened and who may have been involved.
Fitbit first introduced its personal fitness tracking device ten years ago, and today around 27 million people use them. Add that to other competitor’s devices (such as the Apple Watch) and it’s not hard to imagine how investigators often have ready access to biometric data of suspects and/or victims. Last year alone, 170 million wearables were shipped worldwide.
But while much of electronic data is self-authenticating under Federal Rules of Evidence rule 902(14), biometric data gathered from wearable devices is much harder to authenticate as accurate. An analysis of 67 studies on Fitbit’s movement tracking concluded that, “the device worked best on able-bodied adults walking at typical speeds. Even then, the devices weren’t perfect—they got within 10 percent of the actual number of steps a person took half of the time—and became even less accurate in counting steps when someone was resting their wrist on a walker or stroller, for example. ‘It’s not measuring actual behavior,’ says Lynne Feehan, a clinical associate professor at the University of British Columbia and the lead researcher on the paper. ‘It’s interpreting motion.’”
Evidence from fitness trackers has been admitted in homicide cases in Europe and the US, but expert witnesses and analysts are often used in conjunction with the data to authenticate it. Only a few judges have ruled on how to handle evidence from fitness trackers. For example, “In a 2016 Wisconsin case, Fitbit data was used to eliminate the possibility that a woman was murdered by her live-in boyfriend. The judge ruled that an affidavit from Fitbit established the device’s authenticity and allowed lawyers to introduce its step-counting data; at trial, a sheriff’s department analyst vouched for the reliability of the man’s particular device. However, the judge barred the Fitbit’s sleep data, citing a class-action suit that claims the sleep tracking could be off by as much as 45 minutes.”
Similar to older technologies (such as the polygraph), electronically created data isn’t necessarily irrefutable. Antigone Peyton, an intellectual property and technology law attorney who has used data from wearables in civil cases, states that people tend to see “data is equivalent to truth,” but there are “many ways the information on these devices can be interpreted.”
Another aspect that investigators have to consider with this type of data is users’ privacy. Last year, the Supreme Court ruled that police must have a warrant to search phone location data under the 4th Amendment. At times, the companies that have the data, refuse to hand it over to law enforcement if they feel privacy is being infringed upon, but largely, the tech industry seems to cooperate, especially as procedures for handling this type of data are becoming more defined.
What is important for the legal industry to consider is how different types of data and data sources work, and what that means when it comes to authenticating it. It’s similar to when wiretaps, phone data, and other electronic surveillance was introduced into the detective’s toolkit in the 20th century. The difference is the amount of information created today is much greater, and it’s created by every person on a near continuous basis from a large number of sources. And none of this data can be looked at in the same way.
But what this new data does provide is more ways to reconstruct scenes, rule out potential suspects, corroborate or contradict testimony, and gather information which allows investigators to pursue new tactics and lines of questioning which lead to further warrants and arrests. For attorneys, it’s important to stay up on the most recent investigative uses and court-rulings on these data sources, which will continue to define and clarify how ESI is being used in both criminal and civil cases.
Written by Jim Gill Content Writer, Ipro
Need to brush up on your Federal Rules of Civil Procedure as they apply to eDiscovery? Download Ipro’s FRCP Cheat Sheet!