The practice of e-discovery has always incorporated considerations of new and emerging technologies as well as related attorney competence. With the advent of cloud services and significant use by clients, e-discovery practitioners incorporated knowledge of those new platforms and offerings into their preservation strategies and requests for production, appropriately considering a variety of client and party uses of the cloud, especially for heavily used services such as email, customer relationship manager (CRM) platforms, and document storage and sharing. This focus on the cloud came to a head in the 2014 Brown v. Tellermate Holdings litigation, which examined the defendant’s use of a cloud provider and raised the following considerations for practitioners:
- Counsel about requirements to learn about client data storage (beginning with simply considering “even the most basic information about an electronically stored database of information”).
- Counsel about requirements to take appropriate steps to preserve the integrity of information held in client or client-controlled databases.
- Counsel about diligence to learn about client information that is responsive to party requests.
- Counsel about responsibility to take care when making representations to opposing counsel and the court that might ultimately be unsupportable (and even false and misleading), especially where a lack of diligence in examining client technologies and practices might hamper an opposing party’s ability to pursue discovery in a timely and cost-efficient manner (as well as a court’s ability to resolve a matter in the same way).
While the bar likely took those learnings to heart, adapting to (and learning about) cloud storage solutions as they existed in 2014, recent developments in cloud architecture and record keeping may warrant a “return to class” for litigators as well as attorneys generally.
These developments center specifically on the integration and adoption of another “buzzword” technology: blockchain practices and methodology as integrated into cloud service offerings. Specifically, cloud platforms are beginning to create public ledgers of transactions and activities that occur on their platforms and distribute copies of those ledgers to the edge of their networks (and beyond).
This change in practice and record keeping may matter very much for those attorneys who are required to uncover “basic information” about sources of discovery or business records for litigation because that information may not be available from their clients. Industry standard-bearer Gartner’s 2018 CIO Survey indicated that just 1 percent of CIOs reported blockchain adoption and only 8 percent were in planning or experimentation phases. Now, CIOs likely have acute awareness of the architecture of the systems where data is stored, as well as the efficacy and risk associated with that architecture. But, counsel should take care not to rely solely on their clients’ representations about how clients manage information or even what clients believe about their third-party service or storage solutions. Ultimately, counsel will be drafting specific discovery responses as well as taking actions associated with these technologies, and should work to develop their own fundamental understanding of what exactly is happening (or has happened) to client data and information.
In addition to the basic, initial questions e-discovery practitioners should be asking regarding client cloud providers (such as who is responsible for what when a client is utilizing a cloud platform or what visibility the client – and counsel – can have into the cloud environment), practitioners should now be considering what type of backups are occurring within the cloud as well as what manner of records are being kept – and by whom.
Specifically regarding blockchain, practitioners might focus on the following to begin the discussion:
- Is the cloud provider utilizing blockchain distributed ledger technology or practices to maintain logs, user records or even backup data?
- What information is being kept in such blockchain-based records?
- Is blockchain-based data anonymized, tokenized, or otherwise protected?
- Are any blockchain records being distributed outside the client’s primary (or contractually defined) environment?
- How, if at all, are the cloud provider’s and client’s information life cycles applied to those records?
These discussions often start with each client’s relationship with the cloud provider, as defined by service level agreements (SLAs) and the sometimes more granular performance guarantees (PGs). But as the Tellermate decision indicated, it may rest on the “steps” counsel takes to determine what reality is as well, and not just a review of SLAs or PGs. This may require counsel to also ask questions of enough people to confirm that the story told is accurate and consistent – and might require counsel to test those impressions and representations himself or herself sooner rather than later.