Virtual Canary in the Digital Mine #8: e-Discovery, it’s Not Just for Litigation Anymore . . .

Long ago, long ago, oh, let’s say March of this year – I began writing this column. In those golden olden days, I wrote about e-Discovery. “e-Discovery” was this marvelously discrete little sector in my mind where law and technology met and created a little sandbox to try out new stuff in a limited universe defined by discovery requests. Everything else was irrelevant, er, not responsive. Sure, the limited universes were huge but we had awesome tools to deal with them. And, once the universe that began with an incident leading to a claim reached its end-point -- settlement or judgment – it ended and we could move on to the next one, erupting somewhere in an HR Dept near you. My first dispatch, which seemed radical to me at the time, concerned the fact that our collective creation of electronic evidence had expanded beyond our desktops. Mobility was the wave of the future, I bravely announced. And that was true. For a day. Now, all these days later, mobility is simply part of our world. Paradigms have shifted. No one who follows this stuff at all can claim a lack of notice about the importance of mobile device data. OK. My work is done. You’re welcome. Today, I am back from the mine to with another sector-shaking alarm: my friends, there is more than one mine! Our limited universe is cracking open as we work . . .

Long ago, long ago, oh, let’s say March of this year – I began writing this column. In those golden olden days, I wrote about e-Discovery. “e-Discovery” was this marvelously discrete little sector in my mind where law and technology met and created a little sandbox to try out new stuff in a limited universe defined by discovery requests. Everything else was irrelevant, er, not responsive. Sure, the limited universes were huge but we had awesome tools to deal with them. And, once the universe that began with an incident leading to a claim reached its end-point — settlement or judgment – it ended and we could move on to the next one, erupting somewhere in an HR Dept near you.

My first dispatch, which seemed radical to me at the time, concerned the fact that our collective creation of electronic evidence had expanded beyond our desktops. Mobility was the wave of the future, I bravely announced. And that was true. For a day.

Now, all these days later, mobility is simply part of our world. Paradigms have shifted. No one who follows this stuff at all can claim a lack of notice about the importance of mobile device data. OK. My work is done. You’re welcome.

Today, I am back from the mine to with another sector-shaking alarm: my friends, there is more than one mine! Our limited universe is cracking open as we work . . .

In December of 2010, our CEO, wrote an inaugural blog post for AccessData about the importance of integrating forensics into e-discovery. It is still powerful reading today. In March of this year, he announced the beginning of the end of the forensics/e-Discovery divide. This convergence of forensics and e-Discovery seems inevitable and, when you look at it from a certain angle, it makes more sense than considering them as separate mines. Both involve searching for data and making sense out of the data that’s found. In forensics, the data has been obscured by destruction or deliberate obfuscation; in e-discovery, the data is obscured by clutter, by the sheer mass of itself, and by negligence. It makes sense to me that, when you get down to 1s and 0s, the tools to discover and restore order to the universe would operate similarly to achieve something like an economy of scale. So, ok, maybe there’s still just one mine. My universe is still intact. OK.

But . . . there’s another topic that’s been creeping up on us e-Discovery folk this year. From down in the mine, it sounded first like a far-off scraping sound. Then there was a strange waft of warm air from behind the rock. And then a smell of sulphur . . . and then . . . our mine was breached. And the FBI had to tell us.

Sponsored

By now, we’ve all heard of the numerous FBI warnings this year alone that “hundreds” of firms are being targeted by cyber criminals, at this moment, and that client data ostensibly held securely in their counsel’s vault is popping up on the other side of the world. The threat is real. And, as the story goes, law firms are not ready for it. They simply don’t have the technology to fight back or defend themselves. Please review this white paper, written by yours truly, for a dire description of why.

I’m not going to spend too much time on this today. What I want to do is sound the canary chirp. We can no longer do our jobs as if e-Discovery (and forensics) is all we have to do. The documents we retrieve from our clients and adversaries are under attack. And they are ours to protect. We need to begin craning our collective necks towards securing them. And I believe that the answer for detecting malicious data, or detecting breaches in our security and preventing them before too much is lost, could likely lie in this: bad data is obscured by malicious intent. Our discovery tools can find it.

We sponsored the inaugural ILTA LegalSEC Summit and have written much on this blog and elsewhere about the now-surfacing crisis.

And, yes, I just said ‘crisis’ and maybe that’s alarmist but maybe it’s not.

Officially published on the day that ILTA 2013 opened, the results of LegalSEC’s survey are (pun intended, Las Vegas) sobering. I could, and may yet, spend an entire article’s worth on the findings of the survey alone but I’d rather you read it yourself. Here it is again. Please, read it. And, while you’re at it, please take some time and review the presentations from the LegalSEC Summit.

Sponsored

And, here is the presentation from their update.

As I said last time, e-Discovery is a just a set of tools and a set of problems, neither good or bad. But when bad guys are using tools to make bad data with an intent to steal or destroy, the good guys need to use our best tools to defeat them.

Please visit our website to learn about solutions already out there . . . and stay tuned for more solutions to come.

Eric Killough is the virtual canary AccessData has released into your digital mine. He is a JD, a CEDS, and a librarian. He thinks about electronic discovery probably more than he should. Please join him here, at Twitter, at LinkedIn, and at his own blog. He’ll be happy to meet you.