4 Questions to Ask During an International eDiscovery Project

eDiscovery is often unpredictable. The variables only multiply when you introduce an international component. Knowing what questions to ask is crucial, and the sooner you get the answers to those questions, the better off you are. By anticipating those additional challenges ahead of time, you can build the right strategy that sets you up for success.

1. What are the laws that govern data privacy?

One of the first things you’ll want to consider is likely pretty obvious already: different countries have different laws! Sometimes an organization can simply hand over the personal data of its employees, but you certainly shouldn’t take that for granted. Sometimes, an organization’s ability to transfer that data in the first place is limited by local policies.  

The European Union’s General Data Protection Regulation (GDPR) is the most famous of such regulations. The GDPR establishes standards of what data organizations can store on an ongoing basis. Compared to the U.S., there’s much stricter standards governing the level of consent that an organization must get from the employee in order to keep their information on file, or more importantly, share it with a third party. Organizations can incur hefty fines if noncompliant.

However, even if your project falls outside the purview of the GDPR, you still can’t assume that you should approach data the same way you would domestically. Jurisdictions all over the world are still hashing out their data privacy policies. Japan has their Act on the Protection of Personal Information, with new amendments set to take effect in 2022. Stateside, the most well-known is also have the California Consumer Privacy Act (CCPA), but we’re already seeing other states use that as a blueprint for their own rules. Virginia’s governor signed the Virginia Comprehensive Data Privacy Act earlier this year, and it will go into effect in 2023. A similar bill was also introduced in the New York State Senate.

There are fairly decent odds that between the time of this writing, and the time that you find this blog post in your internet meandering, some government somewhere has enacted or amended a privacy law. Make sure your team does their homework and is compliant with all relevant regulation.

2. How will we translate communications in other languages?

There are all sorts of ways in which language barriers can make discovery harder, but one of the hardest ones is translating relevant information into English for U.S. attorneys.

“[Machine] translation apps struggle with slang and can misinterpret the provided content,” says Jamente Cooper, Lead Forensic Analyst at Contact Discovery. “The data itself is still in commonly used databases or files but understanding the content as it was intended is still a daunting task.”

In a perfect world, you’d have actual humans who know the language in question doing review. This is your best shot at understanding how a native speaker might’ve intended their words.

In the imperfect world we actually live in, that’s not always possible. Oftentimes the most practical solution is something in the middle that utilizes technology and human knowledge. Maybe one or two reviewers actually know the other language, but English speakers can review digitally translated content and refer any trickier conversations to their teammates who can read the source language.

Before you start collection, start formulating your game plan for how you’re going to handle data in languages other than English. You’ll likely have to start looking for qualified reviewers earlier than you usually would to account for the extra challenge of a foreign language.

3. What apps are common in this market?

There are a few old standbys we go back to over and over again in the discovery world: emails; the word docs and pdfs that get attached to emails; in more recent years, text messages and other mobile apps have reached a similar level of prominence. However, messaging apps can vary in popularity depending on where you are on the globe.

During an international case you simply can’t take it for granted that custodians are communicating the same ways they would domestically. WhatsApp for example has a global userbase of over 2 billion, but only 75 million in the states. That means roughly 2/3 of the app’s users lie outside the United States. One study of Android devices showed that WhatsApp is the most popular chat app in 58 different countries. A Japanese-based app called LINE is virtually unheard-of in the U.S. but incredibly common in its home nation and some other Asian markets.

Every case is different, and you never want to confine yourself to business-as-usual data types without covering all your bases, even domestically. However, the possibility of overlooking an important data source goes up when you’re in a foreign market that has latched onto different communication channels.  

4. How much data is there?

So yes, this is a common question regardless of where you’re doing your discovery project. However, you might be surprised at how much the sheer quantity of data changes when there’s an international dimension to your case.

In the U.S., we generate a lot of data. Personally, I’ve worked in U.S.-based offices where people commonly used email to communicate with coworkers who were literally in the same room. Many people see it as more polite to send an email or Slack message so that their teammate can get to the issue on their time rather than call someone or pop into their office without prior warning. The U.S. has also normalized talking about work outside regular hours, and using channels outside official company email accounts. 

The result is piles and piles of data. In some ways that makes cases easier since your odds of finding relevant information go up when everything is so well documented. However, identifying and collecting that data becomes that much more daunting.

When discovery goes abroad, the social norms of how people communicate are different. In some places, it might be unthinkable to send work-related texts on a personal device. Maybe conversations that Americans would have over email instead happened over the phone. It could be a total waste of resources to collect lots of devices assuming that there’s more relevant data than there really is.

As important as it is to think of differences in the laws and technology, don’t underestimate how these kinds of alternative social norms can put a wrinkle in discovery. Do your research about how people tend to communicate, and adapt your strategy accordingly.

Are there any challenges you’ve faced in international discovery that you think more people need to be aware of? Let us know in the comments!

3 Things That Are Wasting Your Legal Budget

Virtually everyone across all industries is currently trying to “do more with less.” The legal world is no different. More and more attorneys want to know what investments will actually get returns, and many have become skeptical of pay models that once seemed infallible.

The best legal budgets that “do more with less” are a perfect calibration of technology investments, internal functionality, and strategic outside partners. At Contact, we pride ourselves on helping legal teams find the right balance that works for them. There are certain challenges we encounter over and over again, and today we’re letting you in on some of the common stumbling blocks that result in overspending.

1. Too Many Vendors

There’s often money to be saved by reducing the total number of vendors that you rely on to help you with litigation. Almost any vendor will offer you better pricing on services if you buy more from them. It also mitigates risk to limit sensitive data to as few people/organizations as possible.

The thing is, no managing partner or general counsel wakes up one day and says “I’d like my sensitive data scattered across as many vendors as possible.” So why is it such a common problem?

One issue could be misunderstanding which vendors are capable of what services. If you hired eDiscovery “R” Us for a processing job last month, but no one thought to ask if they also had forensic services, you might go to a separate vendor for this month’s collection. Meanwhile, you could’ve gotten a better deal by bundling forensics and processing together at eDiscovery “R” Us.

Another issue could be overestimating the need for “specialized” vendors. Many vendors position themselves as “specialists” but it’s not always clear if they’re adding more value than more generalized vendors who can do the same job. Such specialists certainly play a valuable role in the eDiscovery industry; however, it can be incredibly difficult for lawyers to decide if a specialist is necessary for a given matter.

Still another issue could be poor communication between team members who are all hiring vendors. Ideally, you don’t want different lawyers each blasting their own unique network of vendors for each new matter. What if Tom, Dick, and Harry each have their own internal investigation? You might be able to get a better deal by buying legal technology services “in bulk” from one vendor rather than letting Tom, Dick, and Harry each pick their favorite from their own address books. 

We recommend having some kind of system that allows all attorneys to pull their vendors from the same pool, and routinely weeding out the ones that underperform or are overpriced. There are even tech solutions such as Contact’s M8™ that are specifically designed to help you with this. It’s also good to have eDiscovery expertise either internally or in a trusted consultant. This expert can help determine if you need to bring in specialized vendors or if giving the entire job to one comprehensive vendor is the better move.

2. Investing in outsourcing rather than training.

As the old adage goes, “give a man a fish, he eats for a day. Teach a man to fish, he eats for a lifetime.”

Oftentimes, your internal team is capable of more than you think, they just need the right training. This is especially true as long as law schools focus on the theory and history of the law but devote relatively little time to teaching lawyers how to use technology.

It’s a waste of money to buy technology your team never adopts, but it’s also a waste of money to pay vendors to do things you could do internally. The best way to walk the fine line between these two forms of malinvestment is usually some combination of the right technology paired with proper training on how to use it.

Sometimes legal teams choose to switch to more modern technology, but grossly underestimate the growing pains of that transition. Don’t make that mistake. Understand that there will be an adjustment period, and give your team the requisite empathy. Ask them what resources they’ll need to become confident on the new solution and act on that intel. Maybe you’ll want to plan training workshops, or temporarily hire some extra support staff that can be on-call to answer your team’s questions. 

3. Paying lawyers to do things non-lawyers could do

Lawyers have hard-earned expertise and deserve to be compensated for it. The most efficient organizations tend to make the most of their attorneys’ knowledge and talent. They can’t do that when those lawyers are stuck sifting through spreadsheets or combing through the internet for trademark violations.

Efficient organizations let their lawyers focus on lawyering. If there’s enough grunt work to justify hiring more support staff, they do. That could take the form of an outside service provider, or bringing on more internal hires.

While it could seem counterintuitive to hire more people when budgets are tight, firms that give lawyers the support they need can usually afford to take on heavier caseloads and generate more revenue in the long run. In corporate settings, the legal department is less of a bottleneck when lawyers have ample support staff.

Every case is different, and there is a myriad of different reasons why you might not be making the most of your legal budget. It’s important to get to the root cause of such inefficiencies and come up with long term solutions that will work for you.  

If you have any other questions about how to make the most of your legal budget, reach out to Contact today.

Can eDiscovery Free Britney?

DISCLAIMER: This article revolves around an ongoing case where many specifics are sealed from the public. Much of it is speculation intended to educate, and should not be taken as any kind of legal advice. 

In 2008, one of the most famous people in the world was placed under a conservatorship shortly after having one of the most famous public breakdowns in the world.

That person was of course Britney Spears, and that conservatorship is still in place 13 years later. Over the last couple years, the legal arrangement has come under more public scrutiny, especially as it seems clearer and clearer that Britney herself is dissatisfied with the current arrangement. While most of the details of this court case are sealed from the public, it’s safe to assume that someone, somewhere is sifting through electronically stored information (ESI) looking for answers.

Some Quick Background

Conservatorships, or guardianships as they are referred to in some states, allow for the court to place another person in charge of a legal adult’s personal and/or financial affairs. They exist to protect those whose mental faculties may not be fit for high stakes decision making, such as elderly people with dementia or Alzheimer’s disease, or younger people with developmental disabilities.

As the self-proclaimed #FreeBritney movement has gained more traction online, more and more people are asking the question… “how can someone who spent much of the last decade putting out new music and performing regularly also be so incapacitated that she can’t be trusted to make decisions for herself?”

Different people have drawn different conclusions. Many in the #FreeBritney camp believe that Britney isn’t really sick enough to justify the conservatorship going on this long, but her father/co-conservator Jamie Spears makes too much money off the status quo to let his daughter have more autonomy.

According to a 2016 article in the New York Times, Jamie makes a yearly salary of $130,000 as conservator, and he also got to take home 1.5% of the gross revenue for her Las Vegas residency. In 2018, Billboard reported that gross revenue number was $137,695,392, which would make Jamie’s cut a little over $2 million.

On the other side of the coin, some close to Britney reject this as conspiracy theories spawned by outsiders who don’t know enough about Britney’s mental health or legal case for their claims to hold any water. They say removing the conservatorship could risk another potentially life-threatening breakdown a la 2007-2008. They point to the comparative stability since as evidence that the conservatorship is doing its job.

At the time of this writing, Britney’s team has not filed a petition to end the conservatorship altogether. However, it does seem clear that she wants her father removed from his role. Jamie Spears served as co-conservator from the beginning of the arrangement in 2008 until 2019 when his own health issues forced him to step aside. At this point, the courts appointed temporary co-conservator Jodi Montgomery, and Britney unsuccessfully tried to make this change permanent. According to Britney’s lawyer, “it’s no secret that [his] client does not want her father as co-conservator.”

So Why is The Britney Conservatorship Case So Complicated?

The conservatorship has been in place for 13 years, and technology has evolved at a rapid pace during that time. There’s also the fact that the case centers around someone who may have had varying levels of mental stability throughout those 13 years. Should Britney’s communications with other parties be taken seriously or not? It might take mental health expert witnesses to bolster either side’s case, and that’s an additional logistic concern for legal teams.

You also have to consider that (as far as the public knows) virtually everything Jamie did over these 13 years was technically legal. Britney’s team isn’t necessarily looking for evidence of a specific crime per se. Instead, they have to look for evidence that Jamie’s choices regarding Britney’s affairs were unjust enough that the courts should reconsider their previous arrangement.

Those unjust choices could take different forms. You could argue that Britney’s illness was bad enough that Jamie shouldn’t have approved the amount of work Britney did during this time frame. Since the conservatorship began, she’s put out four studio albums, done two world tours, and a Las Vegas residency consisting of 248 performances over 4 years. She was also in the process of planning and rehearsing for a second Vegas residency which was canceled in early 2019. One potential strategy is to argue that Jamie exercised poor judgement in letting someone so mentally ill take on such an ambitious workload.

You could also argue a case that directly contradicts that one: that Britney was well enough to be recording and performing regularly, but that she was so healthy in fact that the conservatorship should have been phased out long ago. Jamie shouldn’t be allowed to deprive a reasonably healthy Britney of rights that any other reasonably healthy adult is legally entitled to.

Either strategy would require a team to establish a multi-year narrative assembled from bits and pieces of data scattered across the digital landscape. The same is true if you’re on Jamie’s team. They’ll be trying to show that Britney really does still need a conservator, but that any work she did over the last 13 years posed a low enough risk to her mental health that a conservator could reasonably allow it.  

Such long-term patterns are often a far harder thing to prove than one clearly defined “crime.” That gives discovery teams far less specific parameters to guide their search for relevant data.

The Longer the Story, the Trickier Discovery Gets.

Britney Spears’s conservatorship began in 2008. Think of how we communicated back then. The first iPhone had only launched one year prior, and many people were still using flip phones. Camera phones were relatively new to the scene as well. Pictures weren’t always great quality, and phones weren’t always built with enough memory to also function as multi-year photo archives. While cloud technology had existed for decades, tech giants like Amazon, Microsoft, and Google were only just beginning to experiment with large-scale implementation.

That means that more conversations happened over regular phonecalls than text messages, and those are harder to capture. It meant people were more likely to delete messages and photos regularly since they didn’t have easy access to cheap cloud storage. It also means we didn’t have all the cloud backups that sometimes function as data safety nets in modern cases. These are all factors that any discovery team has to consider whenever a matter has gone on this long.

Alright, but what about her phone from more recent years?

Nowadays, the public has no way of knowing what kinds of electronic devices Britney has access to, or how much oversight other people have over her device usage. In 2019, TMZ claimed that Britney only had a flip phone and wasn’t allowed internet access. Whether that’s true or not, it poses some unique challenges for the discovery professionals on Britney’s case team.

Imagine collecting data from a device, but still having to wonder who really typed this message if not the primary custodian? If Britney’s phone usage really is highly regulated by her conservator, was she potentially able to communicate on other phones behind their backs? Could there be valuable ESI hiding on other devices we might not usually think to collect?

Then there’s the conversations that don’t involve Britney directly. The ones between her conservators and other members of her management team; the ones between conservators and medical personnel; the ones between her team and other relevant parties such as Caesars Entertainment, the company that signed her to the aforementioned Vegas residency.

It’s quite easy to imagine messages that are either proof Britney is a victim of conservatorship abuse or proof that Britney’s mental state is still unstable enough to justify continuing the current arrangement. It all depends on which side you’re trying to argue.

Maybe there’s a way for teams to cross-reference messages with medical reports or other custodians’ messages to give validity to Britney’s version of events. Maybe there isn’t. Either way, it’s not going to be easy. Legal teams have the difficult choice of what rabbit holes are worth their time and how far they should go before picking another strategy.

Good eDiscovery tells a complete story.

In eDiscovery, sometimes one single piece of evidence is enough to back up your side’s entire case. It’s also quite common that case teams have to build a case from the ground up. They find pieces of ESI that would never mean much individually. Sometimes these seemingly random puzzle pieces were scattered across multiple devices or were generated years apart from each other. It’s only when a skilled discovery team brings those pieces together that they have any legal significance.

This is a challenge for both sides in the Britney conservatorship debacle. Again, this case isn’t really about one isolated “crime.” That makes it really hard to imagine what a “smoking gun” would even look like.

Instead, this case is all about inner workings of both personal and business relationships over 13 years. There likely won’t be any single piece of data that can prove either Britney or Jamie’s version of events is correct, at least not by itself. Instead, teams on both sides have to string multiple data points together into a story that makes sense to a judge.

So how does an eDiscovery team come in handy?

There’s a lot of decisions to be made, and none of them have easy answers. First there’s the question of what documents you think are going to be most relevant. You oftentimes need a general idea of what your strategy is before you’ve seen all the data, that way you can convince a judge that the right documents should be included in discovery. Conversely, you might argue that certain documents that would be more helpful to your opposition than to you shouldn’t be included. 

You also have to weigh the odds that maybe you can find deleted or encrypted data that isn’t immediately obvious on the surface. Is it worth the resources to include certain devices in your search even when you know they might not give you anything useful?

There’s also the chance that as you get deeper and deeper into discovery, you may have to pivot to new strategies. Sometimes documents that you thought would be helpful aren’t. Even if everything is going according to Plan A, it takes a staggering level of precise coordination to turn a decade’s worth of communication between numerous parties into something that can be presented in court. Reviewers code documents as they go so that project managers can see trends emerge, even if those documents weren’t initially assigned to the same reviewer. 

All of these are areas where lawyers can gain valuable insight by consulting discovery experts. Service providers don’t just exist to take your data and give it back to you in a reviewable form; they can help you navigate the complex minefield of decisions that comes along with any case, and make sure your discovery strategy aligns with your larger legal strategy. They can also help you adapt as more information comes to light and the case inevitably evolves. Good service providers can keep the circus of discovery from driving you crazy before things get too toxic.

6 Document Review Metrics Every Lawyer Should Know

Document review can oftentimes be one of the most cumbersome parts of discovery. Separating relevant from irrelevant in a timely manner not only requires humans with specialized legal expertise, but someone at the helm who can keep track of it all. Whether you’re managing review internally or paying for outside managed review services, there are certain numbers regarding a matter’s progress that the attorney in charge should know at any given time.

1. How many documents do I have?

Yes, this seems pretty obvious but it’s still worth mentioning. The total number of documents in discovery is the metric that all other metrics are measured by. Oftentimes, countless other decisions stem from this number. How much will discovery cost? Should I settle because discovery is too expensive? How many reviewers need to be on this project to meet our deadline? There’s plenty of other variables that come into such equations, but there’s virtually no decision where the total number of documents isn’t part of that equation.

2. How many dupes do I have?

As important as the total number of documents is, it can’t be the only number you look at. That’s largely because it can sometimes be misleading thanks to dupes and near dupes.

A near-dupe dashboard within Contact Discovery’s Vu™ solution

Imagine we collect the phones belonging to both Jack and Jill. If Jack and Jill ever had correspondence with each other, then it’s likely those same threads exist on both devices. It’s a waste of resources to make reviewers read that twice.

Luckily, most eDiscovery platforms have gotten pretty good at recognizing dupes. In some cases, de-duping can make your pile of documents significantly smaller than what you initially thought. Since so many other strategic decisions will hinge on how costly review could be, you need to know this dupe number to have an accurate read on the scope of review.

3. What kinds of documents do I have?

Long gone are the days where discovery strategies were limited to emails and their attachments. Well at least, long gone are the days when good discovery strategies were limited to emails and their attachments.

Nowadays, “documents” can take the form of emails, text messages, Slack threads, and more. Those different communication channels can each pose different review challenges that hinder review progress if you’re unprepared.

For example, reviewing text messages can involve spreadsheets where iChat, SMS, and MMS are broken into different pages, and any attached images are another page. Reviewing communication this way without mobile-specific solutions to help can be significantly more time-consuming than reviewing the exact same conversation in email form.

Now, imagine 60% of your documents that need reviewing are text messages, but you’ve budgeted your time and money as though they were emails. This will cause major problems downstream when review progress isn’t happening at the pace you expected, and perhaps you need to hire a lot of extra reviewers at the last minute to meet your deadline. Your client is mad because the case is costing more than they initially thought. This could’ve been prevented if you’d known what kinds of data you had at the onset and how long it generally takes to review different data types.

4. How many documents are in other languages?

Documents in foreign languages are another curveball that can trip up large review projects. It’s hard enough to find attorneys with the right legal experience to be helpful to your case, but finding that attorney who’s also fluent in another language often proves even more difficult. Any precious time you spend tracking down qualified reviewers is time you could’ve spent reviewing documents.

Maybe non-English documents only make up a tiny portion of your total data, in which case you only need 1-2 reviewers who speak that other language, and the rest of your review team can review the English documents as usual. In other cases, you might need a team composed almost entirely of bilingual attorneys.

It’s also highly dependent on what languages you need your team to know. Reviewers fluent in Spanish are probably going to be easier to find than reviewers fluent in Bulgarian. Either way, the sooner you figure out that you have documents in other languages, the better you can plan for that added challenge and manage your client’s expectations.

5. How many documents still need to be reviewed?

This is another one that might seem obvious, but it’s not necessarily important for the reasons you might think. “Can I get through X documents by my deadline?” is a pressing question on any lawyer’s mind, but an equally important question is “do I have enough information to make good decisions about what to do next?”

The Master Summary screen within Contact Discovery’s Vu™ solution

Ultimately, the reason we do discovery in the first place is so that lawyers and their clients can reach a positive outcome. What lawyers consider “positive” can vary widely depending on the truth that lies in those discovery documents. Sometimes there’s enough exonerating evidence to win a trial; other times, there’s enough incriminating data that a “positive outcome” is a favorable settlement.

If your team has only gotten through 10% of their documents, it’s probably not wise to make any major decision regarding the case. You just don’t have enough information yet to make a good decision, and you don’t want to close yourself off to other potential strategies that might become evident later.

If you’ve gotten through 80% of the documents, you still don’t have ALL the information, but you might have enough to be a little more strategic about how you approach that last 20%. What other information would be helpful to the case? Can you make educated guesses about which documents might hold that information?

Knowing how many documents still need to be reviewed is a lot bigger than just “Am I on track to meet a deadline?” It’s a number that tells you whether it makes more sense to start building a specific case strategy, or more sense to hang tight and wait for more information before you commit to a strategy.

6. How fast are reviewers getting through documents?

Most lawyers already want to know how many documents are still in review. What not as many lawyers worry about is the pace of specific reviewers. 

It’s important to know the current pace of progress, but it’s also important to know if you should just accept that pace or if other changes could accelerate things. Knowing how many documents one reviewer is getting through on a given day is a massive help for gauging whether or not progress could be happening faster.

There’s all sorts of reasons why Reviewer A might get through 20 documents a day, and Reviewer B might get through 10 documents a day. Maybe one reviewer is dealing with longer documents or that time-consuming mobile data we mentioned above. In that case, there might not be much to change that, your data is what it is.

Maybe Reviewer A is more familiar with the review platform you’re using, and an hour or two of extra training for Reviewer B would have them reviewing their docs just as quickly. Maybe you’ll see that reviewers are doing the best they can, but they’re still not working at a fast enough pace to meet your deadline and you’ll need to expand the review team to make it. It’s hard to glean these kinds of insights if all your vendor is giving you is one collective “documents left to review” number.


Knowing the numbers behind document review affects your ability to make good decisions quickly. Contact Discovery’s solution, Vu™, is designed to put these metrics back in the hands of the attorneys who need them most. You can schedule a demo to learn more.

3 Questions to Help You Get the Most Out of Your eDiscovery Vendor

Like it or not, legal tech vendors are often a necessary part of complex matters. There are different ways to go about engaging a vendor, and some approaches can prove more helpful than others. While it’s easy to get swept up in a major litigation or investigation, we like to think that in-depth conversations with vendors are never a waste of time. At least, it’s not if you’re doing them right.

There are certain topics you may have never thought to bring up with your vendor before, but you might be pleasantly surprised where you end up if only you ask the right questions. In that spirit, we’re spotlighting three questions that will help you get more out of your vendor partnerships and why we think they’re important.

1. How Have You Handled Similar Matters for Other Clients?

It’s common for clients to enter into a vendor contract with certain expectations. One of the issues with this is that a client’s idea of what a vendor should do is oftentimes heavily based on how other vendors have handled those matters in the past. That begs the question… If you were satisfied with how that other vendor did things before, why did you seek out a new vendor for this matter?

Asking your vendor “How have you handled similar matters for other clients?” is a great way to signal that you’re open to other solutions beyond the predictable ones you’re used to. A vendor rightfully won’t reveal any identifying details about those other clients, but they can usually give you a general gist of other options on the table. It also mitigates risk if you know they’ve actually implemented the proposed solution before.

Try not to approach vendors with a preconceived notion of how they should handle your project. Instead, describe the project and your goals in as much detail as possible, and ask them what they think makes the most sense. If they’re worth their salt, you’ll probably find their perspective valuable regardless of whether or not you go with their exact plan.

2. Can You Present Several Approaches to This Matter That Would Still Work?

Oftentimes, there’s no “right answer” in eDiscovery. Good vendors can offer several different plans with different pros and cons and then leave the choice up to you. Maybe Strategy 1 is a prudent strategy that conserves budget while maximizing efficiency and Strategy 2 requires a higher investment but would provide for a more thorough approach.

Sometimes vendors will pitch a discovery plan not because they think it’s the best strategy, but because they think it’s the strategy their client wants to hear. Asking for multiple plans can give your vendor the freedom to strut their stuff and come up with a more innovative,  unconventional approach without the fear of losing a more conservative client. If you let them pitch you the “safe” strategy as well as the unexpected-but-potentially-better strategy, you negate that risk for them. The ultimate choice will still be up to you.

It can also reveal a LOT about a vendor if they’re unable to come up with more than one way to approach a problem. When vendors are consistently looking to their clients for guidance, or trying to fit square peg clients into the same round holes, it calls into the question whether they’re truly “experts” in eDiscovery. On the other hand, a vendor who can give you several possible approaches probably knows how to think creatively about your case, and will be able to quickly adapt to your needs should you decide to switch up your strategy later.

3. How Will Your Plan Help Me With Future Matters?

Truly great discovery work doesn’t just leave you with a positive outcome in this specific case. It also helps you win future cases. When you know which information is most relevant and it’s stored in places where the right people can easily recall it, you don’t have to devote as many resources to discovery if a similar case comes up again.

Some vendors are content to just process your data, give it back to you, then move on to the next client. That’s not exactly wrong, they’ve done everything they agreed to do for you; however, they could’ve done even more and established a plan for the future if only you’d asked.

Some data might not be relevant for the case at hand, but might be helpful in the future. If a vendor knows that planning for future matters is a priority, they can point stuff like that out. You can keep it in a safe place in case anyone tries to bring another suit against you later. Maybe your team can look for potential vulnerabilities and recommend you close them before anyone gets the chance to litigate. All of it begins with you telling your vendor that you want a proactive approach.

What questions do you think case teams should ask their vendors? Let us know in the comments!

What it Takes to Work in eDiscovery

It’s graduation season, which means there’s a new pool of bright, talented people weighing career options. Whether your background is in technology, business, or law, the world of eDiscovery offers ample opportunity to spread your wings.

We asked the Contact Discovery Team what kind of advice they’d give to their younger selves first starting in the industry. A few common themes emerged from their answers.

As more and more lawyers and new law grads consider careers outside traditional Big Firm Life, we thought it would be nice to offer up some advice to people considering a career in eDiscovery.

Always Be Learning

You are not going to learn everything in the first month. As technology advances so will our workflows. We will always be learning!”

– Justin, eDiscovery data engineer

One of the themes among the Contact team was the emphasis on continuous learning. eDiscovery is a great field for people who tend to be naturally curious anyway, and oftentimes the best discoverers lean into that.

A life-long learner mentality is an asset in a wide array of career paths, but eDiscovery is unique in that it’s the intersection of very different fields. Law, technology, and business can attract very different types of people; eDiscovery requires you to understand all three areas well enough to navigate between them and balance the concerns of all three.

CEO Dave DiGiovanni emphasized the importance of learning about all these areas rather than being a techie in law, or a lawyer in tech.

“There is as much to learn about litigation as there is about technology,” says DiGiovanni. “Don’t favor one over the other and balance your understanding of tech with your understanding of client business process.”

Don’t Be Afraid to Ask Questions.  

If you don’t understand, ask for clarification… This is how you learn.”

Krista, Senior Director of Business Development

eDiscovery has a steeper-than-average learning curve, and most people don’t get a lot of formal education about it in school. That means almost everyone you work with has been “the new kid” before. They’re unlikely to judge you while you’re in the earlier stages of your eDiscovery career.  

“Both within Contact, and in the larger eDiscovery community, everyone is eager to answer questions and help you however they can,” says Anne Butcher, Digital Brand Specialist. “Any fear I had that asking questions would make me look stupid went away quickly. People are so warm and welcoming.”

Again, lean into your own curiosity. Your co-workers will admire you for it.

Be Ready to Adapt

“Change is the only constant. Be flexible.”

Sean, Lead Software Architect

Every case is different. Even within a single case, strategies can change as cases go on longer and longer. Laws change. Technology changes. Laws sometimes change precisely because of technological changes, and vice versa.

There’s so many variables that go into each decision at every stage of discovery. The variables that mattered most last week might not be the variables that matter most this week. It’s a business that keeps people on their toes, and for some that’s part of the fun. The fast pace of change does mean that adaptability isn’t optional, it’s a requirement.

“Learn the fundamentals (both legal and technological) because that’s what will never change,” says Director of Project Management Zack Schanz. “Be ready to keep learning because everything else is always evolving.”

Those who are quick to adapt to new evolvements can also have significant advantages over those that don’t. Assistant Director of Project Management Michael Fuchs reflects on the how much eDiscovery has changed since he first started.

“I’m probably aging myself but when I started it was all photocopying, scanning, and printing hard copy documents,” says Fuchs. “Even when electronic documents started to come into play people chose to print and review paper. eDiscovery and processing was sort of a niche at first and it paid off for those who recognized its significance and adopted it early.”

Keep an ear to the ground for new industry developments. In just a few years, we’ve seen sizable upticks in the adoption of cloud-based discovery, artificial intelligence, and collaboration platforms replacing traditional email. What will the future hold? No one knows, but it’s safe to assume that those who can adapt sooner rather than later will be the ones that thrive.

7 Deadly Sins of Service Providers: Part 3

Note: This post is the conclusion to our blog series, “The 7 Deadly Sins of Legal Service Providers.” You can find the first 3 “sins” in Part 1 and the second 2 in Part 2. Here are the final two things alternative legal service providers do, either intentionally or unintentionally, that hurt their clients in the end.

Sin #6: Seeing your independence as a threat

All too often, eDiscovery service providers try to perpetuate client dependency. They want constant meetings/emails with you. They want you to be in the dark unless you go through them. They fear that giving you the ability to do more discovery work yourself, or more information about the work you’re paying them to do will hurt their business. This should give you pause.

If your service provider truly consists of experts in the field, they should be secure in the knowledge that they will always be helpful to you, no matter how much you internalize discovery. After all, how many lawyers worry about their clients suddenly firing them to defend themselves in court?

They don’t, because they know that their knowledge and expertise eclipses their clients’ knowledge of the law, and likely always will. True expertise will always be in demand. If your service provider is trying to monopolize as much of the process as they can out of fear that you’ll one day learn how easy it is to do it yourself… are they really experts?

Good service providers will let you keep control over the parts of discovery you’d like to control. (As we mentioned in part 1, an all-or-nothing approach is another sin!) Great service providers will even help you take more of the work in-house. That’s because they know that ultimately, they’re the discovery experts and they will always be able to help you in ways you can’t help yourself, much the same way lawyers can always be helpful to their clients.

Sin #7: Putting their own growth above efficiency

Service providers are businesses, and it’s totally normal for businesses to want growth. However, growing too quickly without carefully strategizing how you’re going to scale often leaves once-happy clients frustrated.

The story goes something like this:

  1. Let’s start an eDiscovery business since we know the space well, and are pretty good at it. Great! Clients are happy!

  2. There’s so much work to do! Time to hire more people. Great eDiscovery practitioners can be hard to come by, so maybe we’ll hire a few people here and there that are decent, but not great. We’ll also need more people in different cities to take care of clients in those other markets, which might hinder communication between teams if we’re not careful.

  3. You know what would really help though? Getting an injection of capital from investors who know absolutely nothing about eDiscovery. That way we can hire more new people and open more offices.

  4. Several years have gone by now. Remember those investors who knew nothing about eDiscovery? They’ve continued to take on more and more clients regardless of their team’s ability to keep up. They’ve instituted rigid procedures that their subordinates (who do know how eDiscovery works) have to follow; more work has to get subcontracted out; the ability to routinely reassess and improve procedures as discussed in Part 2 is significantly compromised; worst of all, those once-happy clients find that their once-reliable vendor is getting more and more difficult to work with as each year goes by.

Too often, vendors that do this are able to coast by on the prestige and name recognition they’ve built up despite their decline in quality. They grew, and will likely keep growing, but at the expense of efficiency and client satisfaction.

Now, none of this is to say that any eDiscovery business that’s big is automatically bad. Certainly there are advantages that come along with scale. It’s simply to say that as a service provider scales, it’s important to constantly ask “how will this affect my clients?” Careful, deliberate growth is a good thing, and usually benefits clients as well as service providers. Clients can streamline their outsourcing to fewer vendors as those vendors get big enough to expand their capabilities. Reckless growth that disregards client needs often creates inefficient workflows and lowers that vendor’s ability to tailor services to the matter at hand.

That concludes our 7 Deadly Sins series. We hope these blogs gave you an idea of what to look for in an ALSP if you’re in the market for one, and we hope they help other ALSPs better serve their clients. If you have more questions, or simply want to let us know what you think makes a good ALSP, you can reach out to us at info@contactdiscoveryservices.com or on social media.

Signal vs. Cellebrite: What You Need to Know

If you’re part of legal investigations that involve any kind of electronic data, you need to know what’s happening between Signal and Cellebrite.

Cellebrite makes one of the industry’s most commonly used digital forensics tools, and Signal CEO Moxie Marlinspike has recently publicized alleged vulnerabilities in Cellebrite’s security measures. Continuing to use outdated versions of Cellebrite, especially without other best practices of digital forensics in place, could open the door for system hacks as well as opposing counsel questioning the integrity of your evidence.

These types of legal proceedings can cause substantial disruptions in forensic labs worldwide.  Forensic extractions and analysis would have to pause for the duration of the imaging process; forensic labs would need to relocate sensitive data to other platforms; ultimately the legal costs associated with these additional acquisitions and analysis could be significant. Luckily, there’s a few relatively simple steps you can take now to prevent the astronomical time and expense it would take to deal with any spoliation issues.

The Background

Signal and Cellebrite exist on two opposite sides of the technology spectrum: Signal is a messaging app that offers end-to-end encrypted messaging. Digital privacy is their primary selling point. Cellebrite is a digital forensics company.  When law enforcement seizes an electronic device for an investigation, there are good odds that someone, somewhere is using Cellebrite technology to unlock it and collect data. That means one of their primary selling points is the ability to circumvent privacy measures when the situation calls for it. You can understand why two such companies would end up at odds. It’s a never-ending cat and mouse game: a win in forensics is normally seen as a loss in security and vice versa.

In a blog post, Signal CEO Moxie Marlinspike made several serious allegations against Cellebrite’s security protocols:

  • That Cellebrite has not updated some of their source code files since 2012, despite hundreds of updates to these files becoming available since then.

  • That because most of the data extracted by Cellebrite comes from third-party apps rather than the device itself, it would be possible for any untrusted app developer to put files in their apps that would corrupt Cellebrite output and reporting. 

  • That if such an exploitation were to occur, not only would it undermine that particular collection, but any prior and future collections done with that same Cellebrite device.

  • That “Industry-standard exploit mitigation defenses are missing, and many opportunities for exploitation are present.”

  • That Cellebrite appeared to also include unlicensed iTunes software, opening the door for legal challenges from Apple to Cellebrite and its users.

Marlinspike’s blog post also concluded with some “completely unrelated news” about how new updates to Signal would feature files in app storage for “aesthetic purposes.”

Some have interpreted this to mean that not only is Marlinspike saying these vulnerabilities in Cellebrite exist, but that he intends to actively use his own Signal app to wreak havoc on Cellebrite investigations.

Of course, no can know for sure, but if that’s true it poses a substantial threat. Signal had over 40 million users as of January 2021, so it’s only a matter of time until law enforcement ends up investigating a phone where the app is installed.

Other Important Context

While it’s not exactly wrong to say that some of these vulnerabilities look like rookie mistakes to an outsider, it’s important to recognize that unlike the consumer-facing Signal app, Cellebrite is not intended for use by laypeople. Anyone using Cellebrite to extract data from a device is most likely an expert in digital forensics who’s taking other precautions to prevent the kind of corruption that Marlinspike describes.

Cellebrite’s original customer base consisted of government and law enforcement agencies.  Many of these organizations use forensic workstations that are isolated from internet accessible devices. They also sanitize their workspaces between cases to avoid cross-contamination between different devices’ data. Assuming these best practices are in place, the risk of rogue executables coming from mobile devices the way Signal suggests is incredibly low.  

However, as Cellebrite has grown, so has their number of private sector clients who use workstations that rely on the same networks as other company devices. That means that if someone were to exploit the vulnerabilities that Marlinspike mentions in his blog, the ramifications could be company wide, not just a matter of corrupting one device.

More remote collections in light of the pandemic also complicates things. In light of these developments, the concern of untrusted data on a mobile device corrupting an acquisition is real; unlikely, but real none the less. We also have to remember that in forensics, theoretical possibilities matter. Ideally, you do not just want to prove that no one tampered with your data, but that it was highly unlikely that anyone could have tampered with your data.

The publicization of Cellebrite’s vulnerabilities is already having real-world consequences. In Maryland, a defense attorney named Ramon Razos is asking for a re-trial because law enforcement relied heavily upon Cellebrite evidence to convict his client.

So… can I keep using Cellebrite in my investigations?

The short answer is, yes. You can keep using Cellebrite and significantly reduce your risk of data spoliation with just a few best practices of forensics. Namely, run the most recent version of Cellebrite.

According to Vice, Cellebrite issued an update less than a week after Marlinspike published his blog post. While Cellebrite did not explicitly say that these patches were meant to address Marlinspike’s grievances, the timing certainly makes it look that way. In the same Vice article, Cellebrite allegedly asserts that “Based on our reviews, we have not found any instance of this vulnerability being exploited in the real-life usage of our solutions.”

Again, those using Cellebrite should be forensic experts with other tricks up their sleeve. They’re not relying entirely on Cellebrite technology for effective preservation, but some combination of Cellebrite technology and their own failsafe measures. 

A forensic analyst should always spot check their work by manually reviewing the raw files to confirm the forensic software parsed out the intended artifacts. Spot checks of the data on the physical device can also reassure the investigative team that they have maintained data integrity.

If you’re a lawyer who’s paying someone else to handle your forensics, make sure your vendor is aware of the current Cellebrite situation and has applied the most recent patches. It’s also totally fair to ask your vendor what other non-Cellebrite measures are in place to ensure data integrity and defensibility. Are they sanitizing work stations between collections? Are they spot checking their data? You deserve to know.

While the risk of data corruption is most likely far lower than Marlinspike wants Cellebrite customers to believe, it is there, and the consequences of an exploitation are too great not to check all your bases.

If you have any other questions about digital forensics, you can reach out to Contact at info@contactdiscoveryservices.com.

7 Deadly Sins of Legal Service Providers: Part 2

Last week we shared with you the first 3 Deadly Sins of Legal Service Providers. Well, we’re back at it now with part 2! Here are two more “sins” of eDiscovery service providers.

Sin #4: Not reevaluating their own processes often enough

A man once said “I’m starting with the man in the mirror. I’m asking him to change his ways.”

eDiscovery is an ever-changing industry, and it’s easy to get so caught up in client needs that providers never turn their focus inward. However, it’s precisely because of that fast pace and constantly shifting nature of the industry that self-reflection and improvement is important. A workflow that made sense six months ago might not make sense now.  Maybe there’s new software improvements that could streamline processes you’re currently using multiple solutions for.

A good service provider has to be vigilant about their own processes as well as all the work they do for clients. At the end of the day, an eDiscovery vendor that isn’t taking care of itself will struggle to take care of you. Let me repeat that.

An eDiscovery vendor that isn’t taking care of itself will struggle to take care of you.

You probably wouldn’t hire a personal trainer that doesn’t take time for their own workouts. This is no different.

Another great perk to hiring eDiscovery providers who are routinely reevaluating their own processes and implementing their own improvements is that that they can apply that experience to their work for clients.

If a service provider has recently evaluated different technology and implemented it internally, they’re in a great spot to answer your questions about the pros and cons of those solutions. They know what curveballs you should anticipate through implementation. They can help you train your team on new platforms. Their first hand experience translates into valuable knowledge that benefits their clients.

At Contact, we recently decided to merge two departments into one. It’s not that it was bad or wrong to do things the way we were before, we just realized that advancements in technology allowed us to train employees in things they couldn’t do before. Sure, we still would’ve been a functional eDiscovery vendor if we had stuck to our status quo. However, training more employees in more disciplines and making it easier for them to communicate with each other will make us an even more well-oiled machine.

On that note….

Sin #5: Not cross-training your employees

A lot of eDiscovery marketers (myself included) love to talk about their “specialized expertise.” And why not? eDiscovery is a discipline all to itself, apart from the discipline of lawyers. More than that, eDiscovery is the intersection of several very different disciplines, notably technology, law, and business. For that reason, no one can truly be a “specialist” in every last part of the process.

People who make great data engineers are not necessarily well suited for managing document review, and vice versa. People who understand the litigation process inside and out may be completely clueless when it comes to implementing new information governance practices that are compliant and secure. Discovery takes a village.

Sometimes eDiscovery service providers are so dead set on hiring ”specialists” that they lose sight of this bigger picture. They have a lot of people who are great at one specific thing, but lack the knowledge to effectively communicate with their teammates and clients.  

At Contact, we’ve found the key lies somewhere in the middle: hire specialists, but also make sure team members have a firm grasp on each other’s specialties. Our team is able to understand our clients’ larger strategy and how their specialty fits into it. This allows for more collaboration between people of different backgrounds, which often leads to better-fitting solutions for clients’ challenges.

Service providers who use this philosophy are also usually able to deal with the regular (or not-so-regular) curveballs of business with fewer disruptions to service. In March 2020, when nearly every company on the planet had to completely rethink how they do business, we were able to shift to our new COVID-world model with zero disruptions to clients’ cases. That’s partially because so many of our team members understood work outside their specialty.

Curious to know what the final two sins of eDiscovery service providers? Follow us on social media for updates!

The 7 Deadly Sins of Legal Service Providers: Part 1

Ah, the wonderful world of alternative legal service providers, or ALSPs. Like it or not, they’re a necessary part of the modern legal landscape. This is especially true in areas of the law where complex matters with large sums of data are commonplace. Such areas include intellectual property, corporate law, and antitrust, just to name a few. There comes a point where lawyers just can’t do it alone.

The problem is that legal service providers can all look pretty similar on the surface. This is especially true in fields such as eDiscovery that rely heavily on technology to get the job done. They all have “cutting edge technology;” they all have the “highest standards of security” and “certified experts” doing the work.

Usually, as long as lawyers have worked with someone before and the work got done adequately in time for the deadline, they’re happy. Unfortunately, a service provider can meet these criteria and still fall short in other respects without their clients realizing it.

That’s why we’ve put together the “7 Deadly Sins of Service Providers.” If you’re an ALSP reading this, we hope this helps make you a better ALSP. If you’re a law firm or in-house team, we hope it helps you figure out if you’re really getting the most bang for your buck out of these companies.

Deadly Sin #1: An “all-or-nothing approach”

Some of the marketing buzzwords that legal service providers use for this include words like “comprehensive,” “end-to-end,” and “all-inclusive.”

It sounds great on paper, the idea of one solution or company that can solve all your eDiscovery woes. Full disclosure: I’ve written versions of this pitch for Contact’s eDiscovery Managed Services, and I fully believe such all-inclusive approaches can be right for some clients, especially if it’s what that organization actually asked for.

However, it shouldn’t be the only thing on the menu.  

Sometimes clients and potential clients aren’t in this boat. They know there are certain aspects of the EDRM they can handle just fine, either internally or with other vendors, and they’re only in the market for a specific service such as processing, hosting, or forensics. Maybe they want to license software to address specific challenges such as mobile data, but are content to do most of the work themselves and maintain 90 percent of their status quo.

Some eDiscovery providers can’t handle that. Their model is based on the idea that clients should abandon anything and everything about their existing workflows to adopt whatever new technology or services that company is selling. They don’t know how to be helpful without completely turning their clients’ worlds upside down, and sometimes that can do more harm than good.

If your vendor’s answer is ALWAYS to throw the baby out with the bathwater and buy something new, they probably don’t have your best interests at heart. 

Deadly Sin #2: Believing new automatically = better

Sometimes new is better. Sometimes it isn’t. Remember that time Coke tried to make “New Coke?” That can happen in the eDiscovery space too.

On the tech development side of the industry, it just doesn’t look good to sit on your hands and say “yup, that thing we built two years ago is still the best!” There’s a perpetual pressure to innovate, exacerbated by the fact that all the competitors are constantly launching new products as well. That can spill over into legal service providers feeling like they have to offer the latest (but maybe not greatest) tech.

New technology can be great, especially if it’s addressing other impactful changes in the law or how technology is being used. For example, a solution that can better handle data from collaboration platforms such as Slack and Microsoft Teams will probably prove more helpful than a platform that is simply giving a prettier interface to emails and pdfs. This innovation was spurred by other industry developments rather than the pressure to get something new on the market just because everybody else is.

Sometimes the new solution is in fact better, but comes with significant adoption challenges like migrating data from one system to another and training staff on the new system. Perhaps the benefits of “new” are still there, but not in large enough quantities to outweigh the costs and justify the switch.

Either way, good legal service providers can help you weigh the pros and cons of implementing new technology. They won’t sell you something new that you don’t need just to make a quick buck.

Deadly Sin #3: NOT evaluating what your current investments can actually do

This is somewhat of an extension of sin #2. If you believe new tech is automatically better than older tech, it can lead to underestimating the problem-solving capacity of resources you already have.

Oftentimes legal service providers and tech companies are so excited to sell their flashy new products that they fail to assess whether or not those new products are really necessary for the matter at hand.

At Contact, sometimes clients come to us looking for new technology not because they don’t have suitable technology already, but because they don’t understand what their current technology could do. Sometimes the answer isn’t new tech, but just good ol’ fashioned know-how.

Your provider should always ask in-depth questions about what tech you already have before they try to sell you something new. If there’s outside counsel with their own resources, that should be taken into account as well. Service providers should ask about your team’s specific challenges so they can figure out if the issue is truly technology limitations, or just users who haven’t learned the ropes of that technology yet.

Oftentimes, we find that just a few tweaks to the technology our clients already have can solve their problems more economically than implementing new technology.

That concludes Part 1. Curious to learn what the other about Deadly Sins of Legal Service Providers? Follow the Contact Blog for updates. Visit us on Social Media and let us know what your biggest red flags are when dealing with service providers.