Essays

I hit on a couple articles today that raised awareness on yet another mobile device security issue, this one applies to all the iPhones and iPads with active GPS. A little deeper digging uncovered an excellent forensic discussion and rebuttal by Alex Levinson that details his own research, paper and even forensic software that has been available for some time. The primary issue is that the Apple iOS has been storing your unsecured location history within different file locations since GPS enabled iPhones were available. The only way to prevent this slow accumulation of time-location information is to turn off your Location Services. Although this information has been available previously through the Lantern 2.0 application from Katana Forensics LLC, it is now accessible via a free open source utility called the iPhoneTracker. The June 2010 iOS 4.0 release by Apple moved all the diverse tracking information into a new Consolidated.db central location that is easier to access.

Recently, Iron Mountain announced that it might sell of its digital business unit and focus on its traditional physical storage strengths. Having watched Iron Mountain unfurl its transition into the digital world over the past decade, it’s not surprising that the company is retrenching. It’s not easy for a large physical storage company to become a software company. While many (including me) thought that the Iron Mountain brand name might translate well into the digital world, ultimately, the company was not able to turn acquisitions of small digital businesses (Stratify and Mimosa Systems) into a viable digital competitor.

This morning’s keynote speech by Symantec CEO Enrique Salem had several interesting take-aways for those of us focused on the intersection of legal and IT. Legal discovery was mentioned in the first 5 minutes as a key business requirement. That means global software companies now see eDiscovery and Information Governance as a market driver, not just a niche area. I remember having to do eDiscovery 101 talks with execs back in 2006 to explain the purpose of the software company that they had just acquired. So I see this as FRCP to market driver in a short 5 years. The eDiscovery market and industry as a whole has grown incredibly quickly and is still immature in many ways. Symantec started the eDiscovery acquisitions in 2001 with the Veritas/KVS merger. EMC, IBM, Iron Mountain and others have followed with acquisitions of Stratify, PSS,Kazeon, Mimosa, Legato and other products that are directly or indirectly used for eDiscovery.

Software vendors tend to be out a bit in front of a market in order to be well-positioned to capitalize when customer requirements mature. That’s why it was interesting to see Greg Buckle’s report from the Symantec Vision conference that eDiscovery is a major part of Symantec’s strategy going forward. The company is combining eDiscovery, data loss prevention, and encryption in an offering it defines as information governance. Other large software vendors couple eDiscovery offerings with content and records management, storage, and search offerings. From a market perspective, the reality is that eDiscovery is recognized as a major component of information governance. This creates some pragmatic challenges for enterprises that want to address eDiscovery challenges today, though.

All of us techies are familiar with strange computer requests from friends and family. I had one today from a good friend in the middle of a business dispute that got me thinking about what we now take for granted in civil discovery. The key question boiled down to, “So can you tell if this Excel 2007 spreadsheet was created or changed right before being sent?” I’m staring at the email with the attached spreadsheet and knowing that my friend will not like the answer. It only takes seconds to check the internal properties and see that the spreadsheet was created three months ago, but modified just prior to being emailed. But what does that really tell us? Not much. The sender could have popped open the original spreadsheet to recheck it and then hit save instead of just closing it. Without the key file system metadata that would have been acquired with any proper discovery collection, there was just no good answer for my friend. Friends, family and counsel all seem to expect that we will be able to do some kind of technical CSI magic to reconstruct every instant of a file’s life. Reality is that improper collection or preservation can effectively destroy any chance of being able to actually authenticate critical properties like dates, authors and more.

The smartest person that I’ve ever known was my mentor when I was living and working in Europe in the 1980’s. I learned a great deal from him about differences in personal management styles and how to build collaborative workgroups in technical environments. Of all of the people that I have known, he is the only one that truly had infinite patience while attacking key issues. Our strategic operating plans would literally stretch over years and as the headstrong ex-pat American executive, I would chafe at what I considered to be the glacial rate of progress. Each time that he saw I was getting frustrated, he would smile slyly and say, “You’re thinking about this as a business process. Remember - It’s not business, we’re creating art. Art takes time.”

For the first time in many years I am missing the EDRM Kickoff Meeting in St. Paul. Kevin Esposito is covering the project updates, goals and progress for us, but it still feels strange to not be anchoring a project meeting, even if I will continue to co-lead the new Testing project. Instead, I delivered the keynote to the 2011 LiveOffice user conference this morning. LiveOffice is the leading cloud email archiving company (Gartner 2010) and has had pretty incredible growth throughout the recent economic downturn. They asked me to speak to the attendees about the impact of eDiscovery on IT in 2011. This meshed well with their roll out of their new version of Discovery Archive. In polling the attendees, every single one had carried out discovery requests within the last year. Fifty percent were executing requests for Legal, while the rest allowed Legal to execute their own searches. Only a small portion were actively reviewing matters on the live data, but I could see the heads nodding as we discussed the prospect, it is definitely on the horizon for many of them. To organize my thoughts, I wrote a condensed speech (below) covering the primary points that I wanted to hit. The reality is that I can never resist opportunities to answer questions and transform a monologue into a dialogue.

The market has been awaiting word on where the assets of Iron Mountain Digital would end up. Previously, we speculated who the potential buyers might be and what the future might hold for Iron Mountain Digital. We now know the answer – Autonomy is purchasing the assets for $380 million. That’s not a huge multiple on the revenues of Iron Mountain Digital, but it’s still a big acquisition number in our space. Now we must wonder if this is good news, bad news, or something in between.

This has been the year for corporations shifting to eDiscovery readiness. We have seen few big announcements from the AmLaw firms regarding large technology investments, hiring industry personalities or building out eDiscovery practice areas. Today’s articles from The AmLaw Daily and Law.com put law firm eDiscovery back on my radar. David R. Cohen, leader of K&L Gates eDiscovery practice group has moved to Reed Smith’s Pittsburgh office and taken 14 attorneys and staffers with him. The K&L Gates eDiscovery Analysis and Technology (e-DAT) Group currently lists 42 professionals, but I am guess that the 30% actually represens the core of dedicated, experienced personnel. Going back in time to the big Microsoft anti-trust cases, this practice group reflected Preston, Gates & Ellis’s (original firm as I knew them) dedication to never lose a case based on technology or eDiscovery process. The groundbreaking analytic review interface by Attenex (acquired by FTI) was founded by the firm and leveraged by the e-DAT group to review huge collections. This background should help you understand the impact of the jump to Reed Smith.

Various reports state that the famous writer/director Woody Allen once said that eighty percent of success is just showing up. What wasn’t mentioned, however, is that to be truly successful, the other twenty percent consists of working your butt off once you’re there. I reported last week that I was participating at the EDRM Annual Kickoff Meeting in St. Paul, Minnesota. It was a very productive week with over 75 people participating in the various work streams. As mentioned previously, many people view EDRM as some sort of static entity – possibly due to the widespread use of the EDRM diagram – but EDRM is anything but static.