Monthly Archives: January 2024

Legal Tech 2016 certainly had a lot to say about the state of the eDiscovery marketplace. Back in December I sampled the sponsor/exhibitor pages to see how this year stacked up against prior years. Although the conference picked up one sponsor and twenty exhibitors in the final 45 days, The LTNY event demonstrates the provider consolidation trend that has seen more acquisition/investment capital in the last 12 months than the prior 12 years. For an industry supposedly becoming mainstream and integrating with the traditional technology powerhouses, only the newly rebranded Hewlett Packard Enterprise (HPE) went for the full sponsorship route. All of the other track sponsors, keynote providers, etc. came from pure play eDiscovery providers such as FTI, Nuix, LexisNexis and others. Ad hoc counts of badge colors at various times gave me a rough 3-to-1 ratio of vendors to consumers in the exhibit maze or landings. All of this is purely anecdotal because ALM has not released actual attendance counts or rations since 2008 that I can find. To me, LTNY is our biz dev/career fair/trade show, even if some marketers dress it up in CLE clothing. I had a good time in the unexpectedly warm weather. Here are some of my briefing notes and event impressions:

Ever have meeting deja vu? That realization that you are asking the same questions and delivering the same advice over and over again? That feeling drives me to write in hopes that my next client will have read my blog and we can skip the rinse and repeat cycle. Several recent engagements have kicked off with overviews on the three primary ways that eDiscovery processing, review and analytics can be consumed. On-premise software – Classic purchase/lease that is installed on your servers and you administrate/run the software. Hosted Repository – A service provider processes, loads and manages your collections within their private data center. You are generally paying per GB plus optional services.SaaS Cloud – The newest option where you create an online account, upload/ship your data and generally administrate/run the review with minimal tech support. Each of these solution approaches has wildly differing pros, cons, costs, risks, required skills and more factors to consider. Some software (such as kCura’s Relativity) can be consumed via all three approaches. Others (such as Logikcull) are a pure SaaS Cloud offering. My point here is to do your homework before you start asking your favorite donut provider to send you a bid for taking control of your matters. Write down your usage cases and relevant requirements. Know your needs and your limits. Get input from outside counsel without letting them dictate the results. Some questions to consider before starting:

Have you conducted an eDiscovery RFI/RFP exercise? Did your phone blow up for days as persistent sales reps had ‘just a couple questions’? Did you throw your hands up in despair as the responses trickled in bearing little resemblance to what you asked for? Sending out a RFI/RFP is like ringing the dinner bell while standing in a pack of hungry hounds. You can’t blame them for wanting any scrap of inside information that might give their response an advantage. You can blame them for not reading instructions or the customer requirements. As you might guess, I am in the middle of another RFP engagement and I want to share some of the lessons learned.

Good sales and PR reps know have a patient persistence that pays off. I try to respond to briefing requests, even when they are outside of my current research or client focus. Identification and analysis of production sets is generally at the wrong end of the discovery lifecycle for our corporate clients. ESI’s lab’s marketing rep put up with being put off through the hectic pre/post LTNY weeks and earned a briefing for his client. In this age of cloud platforms and corporate ‘everything-in-one’ document management multitasking systems, the Production Analyzer is a throwback to old school single purpose software. You point it at an incoming or outgoing TIFF-text production set and it gives you a report that flags all the redactions; black box, text overlay or hybrid. My eDJ Matrix shows at least 14 unique offerings with automated redaction features developed to address increasing concerns over PII and cross border privacy mandates. Some of them have good logs to track redactions, but none of them that I have demo’d enable you to compare across production sets or versions of documents. Here are my briefing notes:

Last Friday kCura acquired the Content Analyst Company for an undisclosed amount. The CAAT® OEM analytic engine provides deduplication, email threading, clustering and other analytic visualizations for the majority of eDiscovery review and ECA platforms in the Market. kCura’s Relativity already dominates the hosted review market segment and most of their competition has CAAT powering their analytic functions. Are we going to see “iConect powered by kCura” branding? I doubt it. I am betting that the kCura team made a smart ‘cheaper to buy than rent’ analysis of the CAAT licensing fees derived from Relativity. It reminds me of the FTI acquisition of Attenex. Will kCura immediately leverage CAAT licenses against their competitors?

My headline may be a bit of tongue-in-cheek fun, but it is founded in years of creating ROI calculators for both clients and providers. Sales reps and marketing execs have run amuck with all too many of my well-intentioned spreadsheets in their quest to secure capex budget for their products or services. “If you don’t buy EasyButtonDiscovery, Greg says that you will go broke in 5 years!” Not going to happen*. You are talking about Return on Investment (ROI) because someone has identified the cost of eDiscovery as a problem already. Mikki and I tend to get called in when a company has recently tried to respond to a savvy regulator, prosecutor or plaintiff who ‘rocked the boat’ by asking hard questions about their preservation and collection scoping process (or lack thereof). Suddenly doing eDiscovery ‘right’ when you have been coasting on pre-FRCP methods is expensive. You are already behind the eight ball with the requesting party that caught you with your procedural pants around your ankles. Now you may have to go beyond the standard of reasonable care to appease a distrustful magistrate.

A recent RFP engagement reminded me how useful it is to be able to find SaaS-Cloud offerings without having to use the filters on my eDJ Matrix. So I created a new category for tech offerings that have a SaaS-Cloud purchase option. I am still updating listings for the new Online Purchase feature, but hope that providers will update their listings before I catch up.

No, I don’t have any secret inside information confirming the Israeli newspaper report that Israeli based Cellebrite is the unnamed third party that is attempting to help the FBI crack one of the San Bernardino terrorists locked iPhones. So unless one of my unnamed, anonymous forensic friends has some insight to share, I will limit my speculations to the potential impact in civil discovery. So why do we care if the Cellebrite and the FBI publicly access an encrypted, locked current generation smart phone? Corporations with proper ActiveSync policies, MDM or MAM software already have the ability to force an administrative password reset or remotely wipe the device. Up until this point, counsel could only access encrypted BYOD devices that were either unlocked by the owner or had been altered to grant access (when the user first connected to corporate email). Furthermore, corporations were not concerned with upgraded/outdated devices as long as protocols were followed to wipe the old devices. Depending on what the proposed hack is, if it can bypass the stored encryption keys to access the device, we may have a problem.

The simple answer is NO, but it does open the door for parties to request the court’s approval to use PC/TAR techniques for relevance determination. The Pyrrho decision is a quick read and has some interesting notes. In this case, the 3.1 million file collection was extracted from more than 17.6 million files restored from back up tapes using deduplication, custodians and search criteria. This was still considered overly large for full manual review in proportion to the matter. Folks, back up tapes are NOT a preservation repository. One counsel initially proposed using technology to relevance rank the entire collection for more efficient full manual review, but both parties agreed to use full Predictive Coding to minimize attorney time and have a trained system for any new data sources that turn up. So does this mean that every technology provider must support full PC/TAR for UK eDisclosure matters? Similar to the U.S. early bench decisions such as Da Silva Moore v. Publicis Groupe back in 2015, this just opens the door for parties to get court approval when both sides want to use the technology to tackle a big collection. Moreover, there are many different ways to implement machine learning functionality that support different usage cases before and after relevance review, most of which do not require court or opposing parties approval. I was sent an interesting exchange from the Vound Intella forum that demonstrates the natural tendency of a loyal customers to immediately request PC functionality in the wake of the Pyrrho decision. My ongoing analytics adoption research indicates that large scale PC for relevance review is still used in a very small portion of overall matters where the initial cost and potential overproduction of non-relevant docs are justified. I am more interested in providers thinking outside the box and using machine learning for selective collection criteria, trial prep, IG categorization and analysis of opposing productions. The right tool for the right problem is the key.

Well, so did I in my last post. Thanks to a friend, I can at least give you a method that a forensics provider could have used to determine the 4-6 digit pass code on that phone. It is not pretty or elegant, but it is a practical solution with the right infrastructure. We all know that the forensic image of the phone will wipe itself if you put in the wrong passcode 10 times. The first five tries can be made without delay and tries 6-10 have increasing wait times up to 60 minutes. They could just make LOTS of copies of the iPhone image and make 6 attempts on each before deleting that image and moving to the next. With enterprise class storage, connectivity, virtual machines and some scripting software it would just take time to run through the 1,000-10,000 code combinations. If you think that making copies of the large forensic image would be impractical, a 64 GB file should take roughly 93 seconds on a SATA III drive pushing 6 Gbit/s. This kind of brute force hack takes resources, time and a certain level of scripting expertise, but it only works if the phone has not deleted the encryption keys already. This method is burdensome enough to put it outside the normal proportionality/reasonableness limits in typical civil discovery. It requires either a very long time or the resources of a global service provider/governmental actor. This reinforces the need for proper mobile device termination/upgrade policies and procedures to protect sensitive data when devices leave the company.