by Unknown
The plaintiff provided evidence of the defendant’s shred day where employees shredded about two million documents as part of the defendant’s document retention policy. The plaintiff argued that its motive was not to destroy potentially discoverable information and that the plaintiff was legitimately trying to reduce search and review costs.
The court held that when a party is aware of pending litigation or should reasonably anticipate pending litigation, it has a duty to suspend the destruction of documents that may be relevant to anticipated litigation. The firm must also suspend any routine document purging system that might be in
effect. Failure to do so constitutes spoliation. The court said that “even if a party’s intentional destruction of documents was not in bad faith, it would be guilty of spoliation if it reasonably anticipated litigation when it did so.”
Here, the court granted the defendant’s motion and ordered the plaintiff to produce documents relating to its document retention policy.
University Sports Publications Co. v. Playmakers Media Co. , 2010 U.S.
Dist. LEXIS 70361 (S.D.N.Y. July 14, 2010); defendant’s bad faith spoliation leads to adverse inference jury instruction.
On a claim for unauthorized access of a computer system under the
CFAA, the district court issued an adverse inference instruction due to the defendant’s bad faith spoliation of evidence.
Plaintiff USP filed suit against several of its former employees who had
quit to join the codefendant Playmakers Media Company. USP alleged that
one of its former employees (Pitta) had obtained unauthorized access to its customer and sales database, which was password protected and maintained
by an offsite third-party vendor. Forensic analysis showed that Pitta had obtained an exact copy of a spreadsheet from the database.
At issue in the case was the method by which Pitta obtained the database
information. If Pitta had accessed the database sometime after his departure from USP, his copying of the file would constitute an unauthorized access supporting the claim under the CFAA. If, however, Pitta had received the
spreadsheet from an employee of the third-party vendor, he would not have committed an unauthorized access and could not be liable under the CFAA.
Computer Forensics: Discovery and Spoliation
259
No direct evidence supported a conclusion on this dispositive issue. USP
had requested that Playmakers produce the laptop Pitta used during his time at Playmakers, believing that an examination would provide evidence of
Pitta’s unauthorized access. Forensic analysis of the laptop Playmakers provided during discovery showed that Pitta had not used that laptop. The relevant laptop remained missing.
On the defendant’s motion for summary judgment, the court examined
whether the evidence could support USP’s claim under the CFAA. The fact
that Pitta had obtained a direct copy of the spreadsheet alone could not provide enough evidence to show his unauthorized access of USP’s database.
Pitta’s intentional bad faith spoliation of the laptop evidence, however, justified an adverse inference that the laptop had contained evidence supporting the claim. The jury could reasonably infer that Pitta had destroyed the laptop because it would provide evidence of his unauthorized access. Because the adverse inference provided support for the CFAA claim, the court denied the defendant’s motion for summary judgment.
Ethics, Standards of Conduct, and Sanctions
Attorney Grievance Commission of Maryland v. Potter, 844 A.2d 367
(Md. 2004); attorney violates rules of professional conduct by deleting files from former employer’s computer.
The court heard a petition for disciplinary action against the defen-
dant, an attorney, alleging violations of the Maryland Rules of Professional Conduct. The defendant worked for a law firm that paid him a base salary
plus a percentage of the fees generated by cases he worked on. Before leaving the firm, the defendant took paper files pertaining to two clients believing the clients would have him continue to represent them. The defendant also deleted, without permission, all files relating to matters involving the two clients from the firm’s computer.
The court held that this was a crime under Maryland criminal law
because the defendant exceeded his authorized access to a computer with the intent to destroy data stored on the computer. The defendant was authorized to use the law firm’s computers to generate and store documents relating to client matters, but was not authorized to delete client files without the consent of his employer. The court held that the defendant violated the rules of professional conduct because his actions reflected adversely on his honesty, trustworthiness, and fitness as a lawyer. The defendant received a 90-day suspension from the practice of law.
United States v. Phillip Morris, 327 F. Supp 2d 21, (D.D.C 2004); sanctions for violating order preventing destruction of e-mail.
260
Advanced Criminal Investigations and Intelligence Operations
The court had initially ordered the defendants to retain all relevant documentation to the proceedings, as well as all e-mails. After the order, the defendant continued to destroy all e-mails over 60 days old monthly on a
system-wide basis. The defendant became aware that its lack of retention was not in compliance with either the court order or the defendant’s own document retention policy. The defendant did not notify the court for 4 months after it initially realized that some of the documents, which were relevant to the proceedings, had been destroyed.
Particularly troubling to the court was the fact that the 11 employees of the defendant, who were identified as not having followed the defendant’s documentation retention policy, were employees who held some of the high-est positions with the most responsibility in the company.
The court imposed two sanctions upon the defendant: (1) the defendant
was precluded from calling as a witness any individual who failed to com-
ply with the defendant’s own internal document retention program, and
(2) the defendant was required to pay a monetary fine (in the amount of
$2,500,000.00) to the court registry. The court also stipulated that the defendant would have to reimburse the United States for the costs associated with depositions on e-mail destruction issues (which totaled $5027.48).
Jones v. Bremen High School District 228, 2010 U.S. Dist. LEXIS 51312
(N.D. Ill. 2010); sanctions for failure to issue litigation hold.
In a race discrimination case, the defendant high school was sanctioned
for its failure to issue a litigation hold after receiving notice of the plaintiff’s filing with the EEOC. The defendant did not install a litigation hold but instructed several key players to maintain their own e-mail relevant to the dispute. The key players did not have the assistance of counsel and each was able to permanently delete e-mail at his own discretion. A proper litigation hold was not installed for over a year and potentially relevant e-mails were lost during this time.
The court found that the defendant had breached its duty to preserve
evidence. The defendant had not shown that installing a litigation hold would have been a burden and the incomplete production had harmed the plaintiff.
Because the loss of evidence did not appear to be deliberate, the court found an adverse inference instruction inappropriate. Instead, the defendant was precluded from arguing that the absence of e-mail containing discriminatory statements demonstrated that no such statements were made.
QZO, Inc. v. Moyer, 594 S.E. 2d 541 (S.C. App. 2004); default judgment for destroying computer evidence.
The plaintiff suspected that the defendant, a former officer at the plaintiff’s corporation, had plans to compete. The plaintiff was granted a TRO, which required the defendant to turn over his work laptop computer to the plaintiff. The defendant took 7 days to tu
rn over his computer and, when he
Computer Forensics: Discovery and Spoliation
261
did so, a computer forensic expert determined that the hard drive had been reformatted the day before. The reformatting destroyed any possible evidence that would have shown the defendant’s plan to compete. The court held that the defendant had willfully destroyed evidence related to the case and violated the TRO. Based on this, the court assigned liability to the defendant.
The appellate court affirmed the judgment denying the defendant’s argu-
ment that there was insufficient evidence to support the sanctions the plaintiff was seeking.
Appendix A: Electronic
Surveillance Law*
Wire and Electronic Communications Intercept and
Interception of Oral Communications (18 U.S.C. 2510–2521)
The Wiretap Act
(18 U.S.C. 2511) United States Code Annotated
Title 18. Crimes and Criminal Procedure
PART I—Crimes
Chapter 119: Wire and Electronic Communications Interception and
Interception of Oral Communications
§ 2510. Definitions
As used in this chapter—
(1) “wire communication” means any aural transfer made in whole or in
part through the use of facilities for the transmission of communica-
tions by the aid of wire, cable, or other like connection between the
point of origin and the point of reception (including the use of such
connection in a switching station) furnished or operated by any per-
son engaged in providing or operating such facilities for the trans-
mission of interstate or foreign communications or communications
affecting interstate or foreign commerce;
(2) “oral communication” means any oral communication uttered by a
person exhibiting an expectation that such communication is not
subject to interception under circumstances justifying such expecta-
tion, but such term does not include any electronic communication;
(3) “State” means any State of the United States, the District of Columbia, the Commonwealth of Puerto Rico, and any territory or possession
of the United States;
* Note: Statutes and case laws change constantly. Do not rely upon any source of law as being current without conducting legal research or consulting competent legal counsel.
Statutes and case law included here are current at the time of research but should be researched for current and up-to-date law before relying upon them. Always seek competent legal counsel on any legal questions.
263
264
Appendix A: Electronic Surveillance Law
(4) “intercept” means the aural or other acquisition of the contents of
any wire, electronic, or oral communication through the use of any
electronic, mechanical, or other device;
(5) “electronic, mechanical, or other device” means any device or
apparatus which can be used to intercept a wire, oral, or electronic
communication other than—
(a) any telephone or telegraph instrument, equipment or facility,
or any component thereof, (i) furnished to the subscriber or
user by a provider of wire or electronic communication ser-
vice in the ordinary course of its business and being used by
the subscriber or user in the ordinary course of its business
or furnished by such subscriber or user for connection to the
facilities of such service and used in the ordinary course of its
business; or (ii) being used by a provider of wire or electronic
communication service in the ordinary course of its business,
or by an investigative or law enforcement officer in the ordinary
course of his duties;
(b) a hearing aid or similar device being used to correct subnormal
hearing to not better than normal;
(6) “person” means any employee, or agent of the United States or any
State or political subdivision thereof, and any individual, partner-
ship, association, joint stock company, trust, or corporation;
(7) “investigative or law enforcement officer” means any officer of the
United States or of a State or political subdivision thereof, who is
empowered by law to conduct investigations of or to make arrests
for offenses enumerated in this chapter, and any attorney autho-
rized by law to prosecute or participate in the prosecution of such
offenses;
(8) “contents”, when used with respect to any wire, oral, or electronic
communication, includes any information concerning the sub-
stance, purport, or meaning of that communication;
(9) “judge of competent jurisdiction” means—
(a) a judge of a United States district court or a United States court
of appeals; and
(b) a judge of any court of general criminal jurisdiction of a State
who is authorized by a statute of that State to enter orders autho-
rizing interceptions of wire, oral, or electronic communications;
(10) “communication common carrier” has the meaning given that term
in section 3 of the Communications Act of 1934;
(11) “aggrieved person” means a person who was a party to any inter-
cepted wire, oral, or electronic communication or a person against
whom the interception was directed;
Appendix A: Electronic Surveillance Law
265
(12) “electronic communication” means any transfer of signs, signals,
writing, images, sounds, data, or intelligence of any nature trans-
mitted in whole or in part by a wire, radio, electromagnetic, photo
electronic or photo optical system that affects interstate or foreign
commerce, but does not include—
(A) any wire or oral communication;
(B) any communication made through a tone-only paging device;
(C) any communication from a tracking device (as defined in sec-
tion 3117 of this title); or
(D) electronic funds transfer information stored by a financial
institution in a communications system used for the electronic
storage and transfer of funds;
(13) “user” means any person or entity who—
(A) uses an electronic communication service; and
(B) is duly authorized by the provider of such service to engage in
such use;
(14) “electronic communications system” means any wire, radio, electro-
magnetic, photo optical or photo electronic facilities for the transmis-
sion of wire or electronic communications, and any computer facilities
or related electronic equipment for the electronic storage of such
communications;
(15) “electronic communication service” means any service which pro-
vides to users thereof the ability to send or receive wire or electronic
communications;
(16) “readily accessible to the general public” means, with respect to a
radio communication, that such communication is not—
(A) scrambled or encrypted;
(B) transmitted using modulation techniques whose essential
parameters have been withheld from the public with the inten-
tion of preserving the privacy of such communication;
(C) carried on a subcarrier or other signal subsidiary to a radio
transmission;
(D) transmitted over a communication system provided by a com-
mon carrier, unless the communication is a tone only paging<
br />
system communication; or
(E) transmitted on frequencies allocated under part 25, sub-
part D, E, or F of part 74, or part 94 of the Rules of the
Federal Communications Commission, unless, in the case
of a communication transmitted on a frequency allocated
under part 74 that is not exclusively allocated to broadcast
auxiliary services, the communication is a two-way voice
communication by radio;
266
Appendix A: Electronic Surveillance Law
(17) “electronic storage” means—
(A) any temporary, intermediate storage of a wire or electronic com-
munication incidental to the electronic transmission thereof; and
(B) any storage of such communication by an electronic com-
munication service for purposes of backup protection of such
communication;
(18) “aural transfer” means a transfer containing the human voice at any
point between and including the point of origin and the point of
reception;
(19) “foreign intelligence information,” for purposes of section 2517 (6) of this title, means—
(A) information, whether or not concerning a United States person,
that relates to the ability of the United States to protect against—
(i) actual or potential attack or other grave hostile acts of a
foreign power or an agent of a foreign power;
(ii) sabotage or international terrorism by a foreign power
or an agent of a foreign power; or
(iii) clandestine intelligence activities by an intelligence ser-
vice or network of a foreign power or by an agent of a
foreign power; or
(B) information, whether or not concerning a United States person,
with respect to a foreign power or foreign territory that relates to—
(i) the national defense or the security of the United States; or
(ii) the conduct of the foreign affairs of the United States;
(20) “protected computer” has the meaning set forth in section 1030; and