The CLOUD Act and the Warrant Canaries That (Sometimes) Live There

The Clarifying Lawful Overseas Use of Data Act (Pub. L. No. 115-141 (2018), or the CLOUD Act, was enacted in the U.S. on March 23, 2018, in response to difficulties U.S. law enforcement agencies (LEAs) had when attempting to gain access to data held by cloud service providers through Stored Communication Act (SCA) warrants, as the SCA did not contemplate cloud computing when it was enacted into law; likewise, LEAs were also forced to utilize U.S. Senate-approved mutual legal-assistance treaties (T.I.A.S. No. 10-201 or MLATs) or letters rogatory to access data stored overseas.

The CLOUD Act was occasioned by the U.S. v. Microsoft litigation, in which Microsoft had argued that it was not required to provide access to its users’ private data stored on Dublin servers. Microsoft lost the case in 2014, but won an appeal in 2016. The U.S. Supreme Court heard argument on the case in February 2018. Demonstrating the CLOUD Act’s importance for LEA, in late March 2018 (immediately following the CLOUD Act’s passage), the U.S. Department of Justice (DOJ) asked the U.S. Supreme Court to drop the pending Microsoft litigation as moot, as the DOJ could (and did) alternatively use the CLOUD Act to issue a new warrant for the data held by Microsoft in Dublin. Continue Reading

E-discovery, the Cloud and Blockchain – How New Practices May Require a ‘Back to School’ Approach

The practice of e-discovery has always incorporated considerations of new and emerging technologies as well as related attorney competence. With the advent of cloud services and significant use by clients, e-discovery practitioners incorporated knowledge of those new platforms and offerings into their preservation strategies and requests for production, appropriately considering a variety of client and party uses of the cloud, especially for heavily used services such as email, customer relationship manager (CRM) platforms, and document storage and sharing. This focus on the cloud came to a head in the 2014 Brown v. Tellermate Holdings litigation, which examined the defendant’s use of a cloud provider and raised the following considerations for practitioners:

Continue Reading

eDiscovery and Technology

Should All States Require Continuing Technology Education (CTE)?

For more than five years we have discussed the need for attorney competence in technology, especially as related to discovery in posts like this one and this one. As Electronically Stored Information (ESI) continues to grow, it is critical for all attorneys to understand ESI and evolving technology. This need for competence is only enhanced as the volume of ESI increases and new technologies and methods of creating, storing and sharing data emerge. Continue Reading

What the Working Party might be Thinking about Discovery – WP 261 Derogations to the GDPR

On Feb. 6, 2018, the Article 29 Working Party (Working Party 29) published Working Paper 261 (WP 261), which provided guidance on the provisions of Article 49 of the European Union’s (EU) General Data Protection Regulation (GDPR). This guidance was especially interesting to data privacy attorneys and litigators (primarily e-discovery practitioners) in the United States who had been considering the operation of GDPR Article 49 as it relates to cross-border data transfers undertaken in the context of litigation or regulatory investigations and had been looking at the derogations in Article 49 as a means to continue data transfers in those instances. Many of those attorneys had already been cautious when determining how to best protect the privacy of citizens of EU Member States when responding to litigation or regulatory requests that originated in the United States, which does not specifically recognize the same types of privacy protections and does often require the production of information that raises EU privacy concerns, and they were especially concerned with how the GDPR would further modify that calculus.

Continue Reading

What Judges are really saying about Technology Assisted Review

Since the first judicial opinion endorsing the use of Technology Assisted Review (or TAR) was written by Judge Andrew J. Peck in 2012, an entire legal industry has grown up on the premise of streamlining the document review process in discovery – that is, taking a repetitive task traditionally performed entirely by attorneys and introducing the concept of computer assistance to increase efficiency and improve consistency. And while some of the marketing efforts surrounding TAR make it seem TAR can replace attorney review wholesale, some attorneys considering the use of TAR in litigation or in response to regulatory inquiries are more focused on ignoring the “buzz” and instead have zeroed in on what judges have actually said (and held) regarding TAR.

Continue Reading

Social Media Privacy Settings May Not Protect Your Information From Discovery

Users of social media are likely familiar with privacy settings, and understand that setting their profiles to “private” ensures that people who are not friends, connections or followers cannot view their information and postings. However, it is equally likely that most social media users have not considered whether those privacy settings protect their information from production in litigation. The Court of Appeals of New York recently considered the issue.

Continue Reading

What Controls: The Location of the Data or the Location of the Searches for the Data?

The U.S. Supreme Court recently heard oral arguments in U.S. v. Microsoft, tackling the question of whether an organization can refuse to disclose foreign-stored data sought by the U.S. government through domestic warrants. Currently, the Second Circuit says yes while other circuits tend to say no.

While several district courts have concluded that it is not an extraterritorial seizure to enforce warrants that require organizations to produce U.S. users’ account data stored in foreign servers, these decisions conflict with precedent from the Second Circuit Court of Appeals. The Second Circuit held that Microsoft could not be compelled to comply with a warrant if it meant producing foreign-stored data for use in a domestic case. Elsewhere in the United States, judges have rejected the Second Circuit’s decision, ordering the production of foreign-stored data pursuant to domestic warrants. These decisions follow the reasoning that a court can order the production of anything that can be accessed and delivered within the United States. Accordingly, no relevant extraterritoriality concerns are implicated despite the storage of data in a foreign location. Outside of the Second Circuit, it is clear that courts are focusing on where the access to and disclosure of the stored data occurs (domestically) rather than the location of the data (internationally). Conversely, the Second Circuit’s Microsoft decision focuses on the seizure of the data from a foreign location, which is where it locates the privacy violations and applies its extraterritoriality analysis.

Legislation could fix the differing interpretations, but despite near universal agreement that the Electronic Communications Privacy Act of 1986 needs to be updated and the repeated introduction of new legislation, Congress has been slow to act. Thus, both parties urged the Supreme Court to clarify the law during oral arguments in U.S. v. Microsoft, which focused on whether the search, retrieval, and disclosure of foreign-stored data constituted an extraterritorial act, and if so, how the law should apply. Continue Reading

E-Discovery and Cryptocurrencies – What you need to know

Does bitcoin keep appearing in your news feed?

As cryptocurrencies become adopted and accepted by mainstream vendors and consumers, it’s a good idea for attorneys to think about the potential litigation and eDiscovery challenges ahead. While U.S.-based cryptocurrency exchanges are subject to Bank Secrecy laws and anti-money laundering provisions, regulation and enforcement still lag, leaving the door open for manipulation, fraud and litigation.

This past fall, Bitcoin, the most popular cryptocurrency, experienced a massive run on its price –doubling in value within a two week span and ultimately reaching an all-time high of $19,205 per coin before falling sharply (just last February, Bitcoin traded at $902 per coin). Because of its volatile trading nature, and its lack of protections for investors, regulators and high end investment houses are skeptical of Bitcoin’s value and have been reluctant to encourage the cryptocurrency markets, deeming them a speculative investment.

Continue Reading

Perfection Not Required in Technology Assisted Review, but Transparency Might Be

A recent discovery order in a Southern District of New York public housing lottery discrimination case supported the use of technology assisted review (TAR) but required additional transparency, providing another view into how judges will consider the use of advanced analytics in litigation. In Winfield v. City of New York, Magistrate Judge Katharine H. Parker ordered limited transparency (and encouraged even greater transparency) regarding the defendant’s use of TAR after examining their process in camera. Ultimately, Judge Parker found that the defendant’s process was essentially accurate and reliable, although the defendant’s process was not without its own flaws.

Continue Reading

Why Aren’t You Using FRE 502(d)

FRE 502(d)In 2008, Federal Rule of Evidence 502(d) was signed and enacted into law by Congress to minimize the cost of civil litigation, particularly in matters with large volumes of ESI. The intent of the rule is to allow parties to produce large volumes of documents while reducing the risk of waiving privilege in a federal proceeding. The rule states:

Controlling Effect of a Court Order. A federal court may order that the privilege or protection is not waived by disclosure connected with the litigation pending before the court — in which event the disclosure is also not a waiver in any other federal or state proceeding.

Rule 502(d) gives heightened protection against waiver in instances where privileged information is both knowingly and/or unknowingly disclosed. In the case of the latter, the rule eliminates the need to demonstrate that the disclosing party took reasonable steps to prevent the disclosure, which is part of the requirements of Rule 502(b) under its “inadvertent production” standard. Accordingly, 502(d) eliminates costly and time-consuming potential motion practice regarding waivers of privilege where the issue of whether the production was inadvertent is disputed. Moreover, that protection carries over to any other proceeding in federal or state court even with different parties. Litigants should consider it a safety net protecting against waiver of privilege.

FRE 502(d) is not often used

Despite the inherent strengths of Rule 502(d), most litigants continue to ignore it.  U.S. Magistrate Judge Andrew Peck posits that perhaps the most obvious explanation for Rule 502(d)’s infrequent use is that lawyers simply aren’t aware of its provisions (see Judge Peck’s recent insights on 502(d)).

Alternatively, what might be causing some reticence among attorneys is a concern that pursuing a 502(d) order could give the court a green light to require a massive document production without conducting a thorough privilege review. Litigants, however, can protect themselves from such a scenario by crafting language within the order that outlines the scope of the privilege review and associated rights of the parties.

To address the aforementioned concerns, Judge Peck provides a simple model on his website that can be tailored to suit your specific matter:

  1. The production of privileged or work-product protected documents, electronically stored information (“ESI”) or information, whether inadvertent or otherwise, is not a waiver of the privilege or protection from discovery in this case or in any other federal or state proceeding. This Order shall be interpreted to provide the maximum protection allowed by Federal Rule of Evidence 502(d).
  2. Nothing contained herein is intended to or shall serve to limit a party’s right to conduct a review of documents, ESI or information (including metadata) for relevance, responsiveness and/or segregation of privileged and/or protected information before production.

Even in the unlikely event that a court compels a party to produce documents without conducting a careful privilege review, Judge Peck is of the opinion that it would be improper to do so, stating that a court should not infringe upon attorneys’ rights to protect their clients’ privileged documents for the sake of speed or cost.

Quick considerations when drafting a 502(d) order

1. Avoid confusion regarding what 502 standard should be applied.

Rule 502(b) requires an analysis that the producing party took reasonable steps to prevent disclosure — a standard not required by Rule 502(d). Given that, parties should draft language explicitly stating that an analysis considering Rule 502(b) is inapplicable (see paragraph 1 of Judge Peck’s model).

2. Be careful with the use of the term “inadvertent.”

In fact, avoid the use of the term “inadvertent” entirely. Use of the term only clouds the intent of the 502(d) order and puts the parties at risk of disputing what the term actually means.

Litigants should refer to the unconditional claw-back language of Rule 502(d). The point of drafting a 502(d) order is to avoid a Rule 502(b) “reasonable steps” analysis and to prevent prolonged and costly disputes regarding waiver of privilege.

3. 502(d) provides insurance even with purposeful disclosure.

Parties may wish to purposefully disclose privileged documents or data in a current proceeding, but may be concerned about a waiver or privilege in a future proceeding. The protection of a Rule 502(d) can carry over to any other proceeding in federal or state court with different parties, thus protecting parties even where there was a purposeful disclosure of privileged documents.

Consider using a Rule 502(d) order. It is an incredibly useful tool to protect against waiver in instances where privileged information is both knowingly and/or unknowingly disclosed.