Monday, May 28, 2007

One of my favorite jokes remembered from that universal payground of my generation, late 1970's and early 1980's era television, was an old MASH bit. Well, at least I think it was MASH. If it was MASH, the bit went something like this...

Radar takes a stack of papers to the Colonel (I dont remember if it was Blake or Potter. I guess it could have been one of the bizzaro shows when Hawkeye or one of the majors was interim boss, not relevant here), and, while signing the stack of papers asks Radar why there are so many copies. Radar responds non-commitaly that he needed a copy for his files, a copy for HQ, a replacement copy for the copy HQ loses, and a copy to destroy so the form doesn't wind up in the hands of the Russians (although, the joke makes a little more sense if he said North Koreans, which in hind sight, he may have).

Despite the poorly set-up delivery, recent bankruptcy proceedings addressing privacy, confidentiality and sealed documents almost make it feel like we are doing the same bit.

Last week it was reported that the court-appointed examiner in the Northwest Airlines Corp., tasked with determining whether or not NWA has been running a "fumblerooski" around shareholders by considering a merger without their knowledge, has filed a motion with the court asking that his report be filed under seal. In accordance with the relief apparently sought by Richard Nevins, examiner, the report would only be accessible by "a select group of stakeholders" such as the creditor's committee counsel, and the ad hoc equity committee. Also at issue, apparently, is whether or not NWA under-estimated the value of its assets. The request to seal the report reportedly originated with NWA.

Contrast this with our old friends in the Catholic Diocese of Spokane case. Following closely on the heels of the dislosure by the local newspaper that supposedly secure, confidential third party information was readily available through "redacted" court filings, the court heard arguments of the newspaper's counsel in objection to a proposed claims protocol. The newspaper wanted the names of all of the priests accused of inappropriate behavior, at least those so identified by the proof of claim forms of the victims. During the latest hearing, debtor's counsel (well, I think it was Debtor's counsel), argued essentially that the names of the priests who had been identified in accusations only through the proof of claim/bankruptcy process ought not be identified and risk having their careers ruined. Counsel cited a few compelling instances, such as claims arising when the particular priest was not a part of the Spokane diocese. Counsel for the paper argued, correctly as memory serves, that it is still fairly common in the US that defendants' identities in criminal proceedings are not made confidential. Something about individual right to a public trial, or well, something like that. (In the interest of fairness, I ride in support of BACA (Bikers Against Child Abuse) and one could fairly argue that I might be a bit biased in this particular instance... FREEBIE ALERT! In one of the very first postings on this blog, I offered a free Amberstick for the first person to identify the name and location of the BACA chapter nearest them... still waiting!!!!).

Undoubtedly everyone who reads this blog has been invovled in the filing of sealed pleadings in bankruptcy, and understands the litany of legitimate reasons for requesting that certain documents be filed under seal. Not the least of those reasons is to protect valuable commercial information from falling into the hands of competitors (destroying a copy so the Russians don't get it). Another valid reason is to protect the confidential information of non-debtor third parties, especially those that don't ask to have their life stories posted on PACER.

The traditional concerns about sealing documents under file are all still existant... shouldn't creditors be entitled to full and complete disclosure? Is this the type of information that might, or might not, be protected outside of bankruptcy? Where does public interest end and personal privacy begin? Should we keep an additional copy in case the Russians do want a copy, the dog eats a copy, of the court clerk loses one?

Beyond the traditional concerns of filing sealed documents, the near total absorption by commercial entities of technology presents another interesting little problem for future examiners, trustees and other assorted and sundry parties looking to file "documents" under seal. Whether the bankruptcy bar likes it or not, items such as documents or "books and records" are becoming more on the side of ESI and less in the nature of document.

There was a recent article that, I don't remember if I read the whole article yet or not, but the article questioned whether or not an examiner's report is admissable. Notwithstanding the final conclusion of that simmering debate, take the problem a step farther and consider "completeness" of evidence, when the examiner is tasked with conducting an investigation involving any degree of digital forensics. If an examiner's report happens to reveal rampant fraud by insiders or contains damning digital evidence that others are not aware of, how then should courts handle requests for sealed and confidential filings? Who will know to object if know one knows what they are objecting to?

Even in the instances where redacted copies of some filings are made available to some, or all , of the interested parties, the Spokane Diocese bankruptcy highlights the problems that arise when we learn only the strengths of the software tools we use, and not their weaknesses or quirks.

For those of us who may be counting on proposed rule of evidence 502 to save us when we cannot save ourselves, I would not get too comfortable with that concept just yet. Although it may be difficult to raise the hue and cry about federal rulemaking when Pirates of the Carribean are navigating to the Ends of the World, and Lynsey Lohan is crashing into, well, all of Bellaire, the fact is that Rule 502 has more bugs than Texas roadkill in August, and it needs someone to come in and spray the stink off of it. I feel the same way about proposed rule 502 as my teenage daughter feels about my wardrobe --- it is a 1.0 version in a version 6.2 world. The proposed rule is going to be the subject of the upcoming NYCLA presentation on June 4, I will be curious to see if anyone comes up with a better visual than the whole roadkill thing...

The miasmic pathes to compliance with the growing multitude of privacy laws and increasing potential to waive privilege through disclosure ought not mean that everything be filed under seal just because it is borderline, or because it might make one uncomfortable, or (using my Lewis Black impersonation here) because it's too hard. I say that, during this involuntary hiatus imposed by a riproaring economy, we take this time to learn our computers as ourselves, and find a better way to address keeping our secrets from the badguys.

Thursday, May 17, 2007

Too Search the Metadata or Not to Search...

"I will not forgive you,
Nor will I accept the blame.
I will see you on Good Friday,
On good Friday"

Good Friday
Black Crowes

Last week, I let loose with both barrels on a recent ethics opinion from the Alabama Bar's general counsel about the ethical care and feeding of metadata. Having skewered one of my favorite states that I have yet to visit, it is time to turn the guns on the state of New York, serving as the spawn of this misguided opinion. However, rather than sit back and fire off a binary-fueled rant, I am taking this complaint straight to the heart of the source.

As luck would have it, the New York County Lawyers Association is sponsoring a landmark CLE panel presentation entitled Bankruptcy Cases and E-Discovery: How to Adequately Address E-Discovery While Protecting Privileges, which will cover ethical care and feeding of metadata, proposed evidentiary Rule 502, 707 issues, as well as recent case law that has thus far flown beneath the radar. Jack Seward, having previously identified me as being strong of back but weak of mind, was kind enough to ask me to attend the June 4 presentation as a panelist, and has tacked the NY, Alabama and Florida ethics opinions regarding metadata to his cerebral dart board.
The panel will be moderated by Todd Duffy of Duffy & Amedeo LLP; and by Bruce Weiner of Rosenberg, Musso & Weiner. The panel will include Hon. Ronald J Hedges, Former US Magistrate (now with Nixon Peabody); Hon. Andrew J. Peck who authored the recent In re NTL opinion relating to the proper care and feeding of ESI, US Magistrate, SDNY; Mark Foley of Foley & Lardner; and Jack Seward. I have had the disappointment and misfortune of attending CLE's that purported to relate to Bankruptcy ESI issues, that had no more to do with bankruptcy than I had to do with the incarceration of Paris Hilton. Since I have the insider's "sneak peek" at the conference materials, I know for a fact that this presentation is NOT to be missed by anyone who intends to practice bankruptcy over the course of the next 20 years or so...

See you in New York. GO 'BAMA!

Wednesday, May 16, 2007

Black's Law... Meet Wikipedia

"I have run, I have crawled.
I have scaled these city walls,
Only to be with you.
But I still haven't found,
What I'm looking for."

I Still Haven't Found What I'm Looking For
by U2

Following closely on the heels of the ABI's Annual Spring Conference, the Commercial Fraud Task Force e-newsletter reprinted an outline ( Ethical Duties Regarding ESI in Bankruptcy Pursuant to the ABA's Model Rules of Professional Conduct, Commercial Fraud Task Force - ABI Committee News, vol 4, No. 2, April 2007)that I had hastily prepared for the DC panel presentation. One of the many topics covered in the outline was the ABA's position regarding ethical obligations in "mining" for metadata.

Within 15 minutes of the ABI releasing the APril newsletter, Richard Carmody with Adams and Reese in Birmingham, Alabama was kind enough to forward to me a report on a March 14 opinion from the Alabama State Bar's ethics panel finding that "mining" for metadata to locate confidential information in "electronic documents" constitutes professional misconduct. See Alabama State Bar Ethics Opinion , RO 2007-02, Office of the General Counsel).

Wow. Anytime that an ethics opinion begins to establish its foundations for authority by citing to Wikipedia ought to serve as signal that the dear reader is in for a wild time. The Alabama opinion does not disappoint. I mean, really... WOW.

The opinion purports to actually address two questions: 1) does an attorney have an affirmative duty to take reasonable precautions to ensure that confidential metadata is properly protected from inadvertent or inappropriate production via an electronic document before it is transmitted; and, 2) is it unethical to mine metadata from an electronic document an attorney receives from another party?

Aside from the Wikipedia tip-off that the conclusion to this opinion is going to be two mason jars short of a full batch of legal moonshine, any attorney that plans to practice beyond the end of... well beyond the end of this week, ought to ask themselves if there really is any principled difference between an "electronic document" and some other kind of document. In case of a tie-breaker, call your malpractice carrier and see what they think. If a document is a document, (and certainly the Federal Rules of Civil Procedure seem to indicate that a document is a document) then presumably the opinion should have gone farther and added that, in the case of a paper document, it is impermissible for counsel to hold the paper up to the light to find the watermark on the document so as to not disclose the manufacturer of the paper. Most, if not all, new printers sold in the US today apparently utilize some form of micro print for homeland security, counterfeiting, and general aluminum hat tom-foolery. Presumably, it is also bad form in Alabama to mine for the micro printing, for fear that counsel might discover what brand printer her opposition is using. Since you can't hear the Lewis Black impersonation raging in my head, yes, I have chosen absurd examples to highlight an absurd distinction.

The Alabama opinion is exactly the type of thing that non-lawyers, academics, aging rock stars and politicians alike will bandy about to prove that the bar prefers to protect itself over the interests of our clients. By paying short shrift to the reasonable, affirmative steps that counsel must take to avoid disclosure of confidential (even privileged) information and shifting the burden to receiving counsel by ordering them just not to look sort of ignores the reality of technology. It is akin to determining that, since there is a risk that plumbing will back up and overflow, we prefer just to continue using the reliable outhouse just up the hill.

Incredibly, the opinion imposes, as a drive by mention of disclosing counsel's duties not to disclose, a "case by case" review citing the decreased risk in the mining of documents filed with the Court, as opposed to the likelihood that documents disclosed to opposing counsel will be "mined". The inferred result is that disclosing counsel has less of a duty to take reasonable, affirmative steps to protect confidential or privileged information if filing on PACER. Really? Elvis has left the building, but anyone else agreeing with that analysis, please scroll down to the previous post, then come back. Don't worry, I got all day, I'll be here when you get back...

It is not adequate, nor appropriate, to fix the metadata "problem" by telling disclosing counsel to play carefully, and further instructing receiving counsel not to be a tattle-tale. There are too many other bullies out on the playground, who are not attorneys, and who are even more technically equipped to ferret out metadata. If disclosing counsel is given a pass on its ethical duties regarding the proper care and feeding of the secrets of clients, who then is going to be responsible when a reporter, a hedge fund director, or my 12 year old takes a look at the metadata and discovers that the client is a cross-dressing drug fiend who is wanted on bench warrants issuing from 34 different states?

Another mystery that the Alabama opinion presents, is that, in the initial answer, the prohibition seems to be limited to those "electronic documents" (whatever the hell those may be) that are inadvertently or improperly received from another party. But the opinion never addresses under what circumstances receiving counsel might inadvertently or improperly receive such verboten confidential goodies from disclosing counsel. Indeed, the examples cited by the opinion refer to pleadings filed by disclosing counsel. Does this mean that, if disclosing counsel advertently and properly sends correspondence to receiving counsel that is loaded with damning metadata, then it is ok to mine the data? Or is the opinion limited to the dolt in all of us who pushes Send on the email, at the same instant we realize that opposing counsel is in the recipient list? Who can be sure. I have read the opinion three times this morning and still cannot tell.

Given that the opinion concludes that mining of metadata constitutes a knowing and deliberate attempt to acquire confidential and privileged information in order to obtain unfair advantage against the opposition suggests that the scope of the opinion is not so narrow as one would hope.

The opinion is not a total wash though. Apparently, even in Alabama, there is some concession that in the course of discovery, there may be that occasion when metadata might be possibly, in some limited role, be perfectly discoverable. I am glad we can agree that issue has been settled.

As always seems to be the case, the unique needs of bankruptcy get the red-headed step child treatment. In our little niche of the legal world, metadata is more than just some Sherlock Holmes gotchya. Metadata can be the electronic underpinning and foundation of the ESI which makes up the books and records of the estate. How, one wonders, will trustees, committees, creditors and other interested parties in Alabama based bankruptcies proceed with their vital and necessary investigations of the books, records and financial affairs of the estate without doing some data mining? As a profession, we need to understand that, despite the obvious persuasive authority of Wikipedia, that metadata is more than just "data about data".

Finally, the Alabama opinion crows about following earlier New York ethics opinions reaching the same conclusion. I recall reading, and will provide an update, efforts in Florida to establish ethical rules reaching the same conclusion. Just because all the other kids are doing it does NOT mean that it is alright for you to do it...

Thursday, May 10, 2007

To Err is Human, but to Shift Blame is Less Than Divine

In the early morning hours that are reserved for researching and writing the posts for this blog, I often wonder if these posts are for naught. My frustration runneth over in vacillating between the fear that ESI in bankruptcy will remain a non-issue by the machinations of a vast anti-technology conspiracy and the sullen, sulking admission that the majority of our bar is as equally stunted in its technical competence as it is brilliant in all other areas of our practice.

A brewing controversy in the the Chapter 11 proceedings for the Catholic Diocese of Spokane, Case No. 04-08822-PCW-11 in the Eastern District of Washington, may ultimately prove me right on both counts. Amidst a bitter dispute between lawyers for the debtor, and a local newspaper (and its web counter part) The Spokesman Review about access to certain information regarding related to the sexual abuse crisis within the Church, it appears that Debtor's counsel may have inadvertently filed documents on the Court's PACER system allowing users to discover the names of some of the victims.

On the petition date, debtor's counsel wisely filed an ex parte motion (Docket No 12) authorizing portions of Schedule F, the Master mailing list and other documents related to the abuse victim's claims to be filed under seal. The court entered an order authorizing the sealed filings on the same day. Two days later, the debtor filed an amended Schedule F and a notice pleading of same (Docket Nos. 42 and 41, respectively).

For reasons that will become clear later, it is interesting to note that the Unofficial Committee of Clergy Sex Abuse Survivors filed an objection to the employment of debtor's counsel for a number of reasons, including the allegation that proposed counsel's firm had pre-petition claims against the Diocese (Docket No. 67). Attached to the objection were excerpts of discovery responses, which, on their face at least, identify one of the plaintiffs without clarifying whether or not the person identified is a victim of abuse.

On November 30, 2005, the Court entered an extensive, mostly well-prepared order and protocol for handling the abuse claims while also maintaining victim confidentiality (Docket No. 883). Under the Court's order, non-abuse claim forms are scanned as .pdf's and uploaded to via ECF. Abuse claims are not scanned, rather a "dummy" .pdf form is created reflecting the claim amount only. When the ECF system generates a claim number, the number is written on the original hard copy form and retained by Debtor's counsel. Under the information sharing protocol (Exhibit G to the order), Debtors counsel is authorized to provide true and complete copies as well as redacted copies of each abuse claim. Distribution is limited to the usual list of suspects, and only after a "Compliance Declaration" is executed by the recipient.

Fast forward now to April 16, 2007, when Tracy LeRoy, an attorney with Witherspoon, Kelley, Davenport and Toole filed a motion on behalf of Cowles Publishing Company, the publisher of the Spokesman-Review seeking an order requiring the Debtor to "publicly file copies of the Court records, claims, and decisions regarding payment thereof, regarding which the Debtor will pay the claim, with the names and identifying information of the victims redacted." (Docket No. 1868). The supporting memo is docket no. 1870.

It seems that one of the complaints lodged by the Spokesman-Review was that the claims procedure only identified 8 of the priests alleged to have committed acts of sexual abuse, although the notice documents indicate that more priests than that have been accused of such acts.

So far so good.

On May 9, 2007, the Debtor filed its objection to the paper's motion. Pointing out that the paper had the opportunity to object, and did object to the claims protocol, the debtor also pointed to the Judge's instructions regarding the media's right to access certain information.

Four days prior to the objection, John Stucke, a staff writer for the paper, revealed that he had been able to access confidential information from documents that had apparently been filed online by the Debtor. Stucke, to his credit, revealed no victims' information, but also discovered that at least 38 priests were subject to allegations of abuse. Stucke indicated that his method of obtaining the information was simple, but he did not share the methodology in the article.

Debtor's counsel, on the other hand, did. In footnote 3 of the Debtor's objection, debtor's counsel revealed that Stucke copied the "redacted" text from the .pdf files on the Court's docket, pasted the redacted text into Microsoft Word, and then "undid" the redaction. Debtor's counsel went on to characterize Stucke's actions as "hacking". At least twice in the body of the objection, Debtor's counsel also suggests that Stucke obtained his information through "presumably illicit means". The objection also complains that paper was not an "authorized Person" under the protocol, and had never signed a Compliance Declaration, so as to claim that the paper had unclean hands and should be denied all relief.

In yet another footnote, Debtor's counsel indicated that the redacted pleadings were rescanned on May 5, 2007.

In the future, the Debtor's objection may be reprinted in law school text books as one of the landmark self-destructive pleadings addressing of attorney liability in the electronic era. Conversely, Judge Williams may side with the debtor. If she does, the American bankruptcy bar will be set even farther behind the technological curve than we already are.

The protocol and the order initiating same seem to make it pretty clear that Debtor's counsel has the responsibility of taking all reasonable steps to protect the confidentiality of the abuse victims. If the order and the protocol do not make that abundantly clear, the ABA Model Rules sure as hell do. For more on this issue, see this recent article in this month's edition of the ABI's Commercial Fraud Task Force newsletter.

If the .pdf's were uploaded by the Debtor's counsel, and it isn't clear to me yet that is what occur ed, but if so, that "technical gaffe" is very likely a significant violation of the protocol by Debtor's counsel, independent of any actions of Stucke. Preventing the discovery of information in a manner such as this, is easily prevented with a minimum of technological competence. That counsel compounded this error by explaining in Footnote 3 how easy it was for Stucke to discover this information is tantamount to an admission of malpractice; counsel then poured salt in its own wounds by indicating in Footnote 5 that the remedy was simply corrected by having the forms rescanned.

I spent 13 hours yesterday working on a pro bono child abuse/custody case which has been feeding some dis-enchantment about the legal system's ability to protect victims of abuse. Shame on Debtor's counsel for, in a filed pleading no less, trying to shift the blame on the Spokane-Review. Rather than excoriate Stucke, you should be thanking him for saving you and your partners from potential claims by the victims. Imagine if someone with less restraint than Stucke had accessed the poorly protected information and caused some genuine harm to those folks.

Thursday, May 3, 2007

Data Miners go Back to the Salt Mines of New Hampshire

Following the Texas Attorney General's decision to sue CVS for mishandling consumer information, as detailed in my previous post, I have been spending my free time surveying state laws regarding use and protection of data, as well as the proper care and feeding of business documents.

While grinding through that self-imposed project, Judge Paul Barbadoro, US District Judge for the District of New Hampshire handed down a welcome, and related, diversion. In a case styled IMS Health Incorporated, et. al. v. Kelly Ayotte, as Attorney General of the State of New Hampshire, Case No. 06-cv-280-PB (Opinion No. 2007 DNH 061 P), the court ruled that a New Hampshire state law prohibiting data mining companies from the commercial use of patient-identifiable and prescriber-identifiable data violates First Amendments rights to free speech. The statute specifically prohibits the licensing, transfer, use or sale of such data for any marketing, promotion or advertising purposes. See N.H. Rev. Stat. Ann. sections 318:47-f, 318:47-g, 318-B:12(IV) (2006). According to the Court, the New Hampshire law was the first of its kind in the U.S.

As described by the Court, the process generally works this way. Data is gathered from the participating pharmacies computers, which includes patient name, prescriber's name, dosage, quantity, etc. Apparently, the data miners have software installed on the pharmacy computers that collects all of this information.

The opinion is not clear on how the patient data is removed from the data before being pooled and sold to third parties. In the first paragraph of the opinion, individual personal data is "removed" before being sold. Later, the court explains that the patient information is encrypted, thereby "de-identifying" the patient information. Each de-identified record is then assigned a unique identification number, so that all subsequent prescriptions by the same individual can be aggregated. The opinion does not explain the level or complexity of the encryption, nor does the court address the sticky issue that, even if encrypted, the patient's identifying information is still present. Short of DOD approved/Tom Clancy endorsed encryption, other recent events have made it clear that encryption ain't necessary a complete bill of goods.

In any event, this was not the thrust of the underlying suit as the data miners make their gold coin from data concerning the prescriber, not the patient. The plaintiffs sell the data to the mega-pharm industry who uses the data, at least in part, to focus their marketing and promotional efforts on certain health care providers.

The Court ruled that the plaintiff's desire to use and disclose factual information, even if devoid of opinion or expression, constitutes speech for these purposes. The statutory text makes it pretty clear that the restrictions applied to commercial use of the data, meaning that an intermediate level of scrutiny is applied to the statute. In a thorough analysis, the Court explains why the statute, as applied to data miners' use of prescriber information doesn't muster-up to the demands of the First Amendment.

From an insolvency point of view, this case is interesting because it re-affirms, as though reaffirmation was required, that electronically stored information (ESI for all my readers in Mangum, Oklahoma) is a valuable asset of the enterprise. Beyond ensuring the safety and security of the ESI, this case also illustrates growing tensions between valuable commercial applications of ESI, competing interests in the ESI (the court raised briefly the potential that the use of the information might be subject to claims of confidential trade secrets), and the privacy of consumers or other third parties.

The musical chair scenarios are interesting to consider, especially in a bankruptcy context.