Amendments to Federal Rule of Evidence 902 went into effect on December 1, 2017. FRE 902 governs evidence that is “self-authenticating,” meaning evidence that does not require any extrinsic evidence of authenticity in order to be admitted into evidence at trial. One of the primary objectives of the amendments was to simplify the process of admitting into evidence electronically stored information (ESI), hopefully reducing discovery costs and burdens along the way. Specifically, the amendments added two new paragraphs: (1) FRE 902(13), which addresses records generated by an electronic process or system; and (2) FRE 902(14), which addresses data copied from an electronic device, storage medium or file, and contains a digital identification (a/k/a “digital footprint" or "hash value”). Under both, authenticity may be shown by the introduction of an affidavit by a “qualified person” without the necessity of court testimony for the sole purpose of authenticating the electronic evidence. While addressing these important changes, the focus here is on the implications of these amendments for litigation support professionals.
Presuming that most in the legal industry support the idea of streamlining e-discovery processes and costs, these amendments are likely to be greeted warmly. However, it would be prudent to wait to see how the courts interpret some of the more vague aspects of the amended language. For example, what is a “qualified person”? Further, how will the courts define, and respond to, failures to meet these simplified requirements? While we will have to wait on these answers, there are other questions that can be tackled now in an effort to be prepared for future judicial interpretations. For example, does this mean the end to self-collection of data? Does this signal an increased workload for litigation support and IT personnel in the area of data collection? What tools can be utilized that will be compliant with the new rules?
Given my experience as an e-discovery professional, client self-collection of data is something that I generally discourage, especially if the entity organization lacks internal IT with significant experience in e-discovery. However, business units not in the midst of, or imminently anticipating, litigation (and therefore not yet engaged with counsel) are unlikely to abandon self-collection entirely.
So What Do We Do Now and, for Starters, What is a Hash Value?
The amendments’ explicit expansion of evidence self-authentication through the verification of hash values is a wise, if not overdue, change. A hash value (a/k/a “digital footprint”) is determined through an algorithm that generates an alphanumeric sequence of characters unique to a document. An original document and its duplicate or copy would have the same hash value. Put differently, there is a very high probability that two documents with the same hash value are identical. While MD5 and SHA-1 hash algorithms (those most commonly used) are easy to generate, they provide sufficient uniqueness to verify electronic document authenticity. The Advisory Committee on Rules of Evidence also considered the fast pace of changing technology, noting that hash values may not always be the best and only method of document identification: “The rule is flexible enough to allow certifications through processes other than comparison of hash value, including by other reliable means of identification provided by future technology.”
Educating clients is always the first step. It is highly unlikely that anyone outside of the legal industry will be aware of changes to the Federal Rules of Evidence. Clients need to understand that data must be collected in a defensible manner, which means in a manner that captures hash values when they exist and by a “qualified person.” Although the amendments do not specifically state that the “qualified person” must be an IT specialist or e-discovery expert, they do state that the person should be able to provide an affidavit as to the process and authenticity of the data collection. This person should also be someone who could testify if necessary. For this reason, this person should also have an up-to-date bio that includes their computer experience and professional certifications.
While the education we provide our clients is critical, we also need to be sure to follow our own advice when asked to perform collections. Most e-discovery pros likely fall under the definition umbrella of a “qualified person” for performing collections, but it is still vital to keep our bios updated, use appropriate technical tools and keep detailed collection notes and logs.
Having a defined, repeatable process outlined in a formal Standard Operating Procedure, and following it, is key to ensuring defensible collections.
Collection Best Practices Include:
- Participate in an initial interview with IT and/or the exchange administrator to get a good understanding of the data sources in play. Be sure to consider retention and archival practices.
- Participate in, or carefully review, the custodian interview regarding the location and organization of potentially relevant data. Be sure to take detailed notes on data types and locations identified during the interview.
- Develop a collection plan that, when appropriate, includes the custodian’s participation in locating data. Custodians may be able to point you to a specific folder that contains all of the relevant data, meaning you can avoid an overly broad collection.
- Bring in an organization’s exchange administrator or internal IT team to assist when needed. In most collections, the participation of someone on the inside is critical to a collection’s success.
- Conduct a targeted collection whenever possible. This is why custodian interviews are so important.
- Make detailed notes during the actual collection. These notes often include folder paths for targeted collections and any follow up needed.
- Create a collection log that includes (at minimum):
- Custodian information;
- Date and location of collection;
- Device information (Model, Serial Number);
- Description of the collection process;
- Local and network locations of data collected;
- File count and file size collected; and
- Log exported from the collection software.
Tools will vary depending on the type of collection, but an emphasis should now be placed on those that will generate hash values and reports as part of the collection process. This will help with the self-authentication of electronic evidence and ease the admission of this evidence.
These amendments provide a good opportunity for e-discovery professionals to examine our processes and make sure they are repeatable, defensible and well-documented. We will be watching to see how far the courts will go in allowing data to be self-authenticated. We will also be watching to see how courts address the inevitable failure by some to adequately, accurately and properly collect data.