“Computer gobblydegook is not confusing or prejudicial.”
That’s a quote from U.S. Magistrate Judge David Nuffer’s 3/30/09 decision and order in Phillip M. Adams & Associates, L.L.C. v. Dell, Inc., et al., 2009 WL 910801 (D.Utah). It’s a decision nigh overflowing with quotable quips, and one sure to elicit a few groans from companies too-wedded to custodial preservation as the primary method of legal hold. Plus, the Court’s articulation of a need for “accountability to third parties in the design of information management practices” will raise some eyebrows high enough to qualify them as a comb over.
Adams claims that, beginning in 2000, defendants ASUSTEK Computer, Inc. and ASUS Computer International (“ASUS”) used pirated copies of Adams’ software to test motherboards and then had an ASUS engineer reverse-engineer the Adams software to create two infringing executables, called ifdc.exe and w2sec.exe. ASUS tried to patent this work. Throw into the convoluted mix that ASUS allegedly forced its chip supplier, Winbond, to incorporate the allegedly infringing technology in the products Winbond sold to ASUS.
This was not the first such suit. Adams litigated the same issues with Gateway, Inc., settling at trial. Notably, Adams obtained discovery of material from Winbond in the Gateway litigation that allowed it to question why ASUS failed to produce the same and related materials in the current suit.
It’s the classic Zubulake gambit: “I already have some of your stuff, so I know it existed. You improperly destroyed your copies.”
At issue was Adams’ motion for terminating sanctions and Asus’ motions to strike evidence obtained from the Gateway litigation. Adams claims:
“ASUS has failed and refused to produce FdcCheck.exe, HPFDC.exe, the source code for ifdc.exe, w2sec.exe, the source code for w2sec.exe, w4sec.exe, and the source code for w4sec.exe; and it has failed and refused to produce a single document or email relating to ASUS' development and use of these test programs. Specifically, ASUS has failed and refused any correspondence or related documents whatsoever for those programs or for ASUS' activities with its suppliers (e.g., Winbond) and its customers (e.g., Sony).”
ASUS’ inability to produce source code for the two test utilities it had been seeking to patent does seem odd. The near-complete absence of any surviving communications about a multi-billion dollar liability issue that rocked the PC industry is likewise…odd.
But ASUS explained that it visits all responsibility for preservation of mail and important documents on individual employees. Except for company financials, the servers are designed to purge anything that’s not downloaded to each custodian’s local hard drive and, hence, off the grid backup-wise. In short, choose it or lose it.
ASUS employees periodically get new machines to replace those that have become the sole repository of each custodian’s e-mail and important documents. For the swap, ASUS directs employees to identify e-mail and electronic documents the employee “deems important or necessary to perform his or her job function or comply with legal or statutory obligations” and download these to the new computer. Then, the hard drives of the old computers are “formatted to erase” their contents before they are recycled, reused or given away.
[Gentle Reader: Permit me to briefly digress into “rant” mode and scream, Which is it, formatted or erased!?!? The first doesn’t accomplish the second if “format” refers to the formatting command in the Windows operating system. Erasure demands overwriting of the unallocated clusters of a drive, something Windows won’t do. Formatting alone results in just a tiny fraction of stored information being erased.]
So, ASUS’ position boils down to (my words), ‘this is how we do it, and if it’s good enough for us, it should be good enough for those who sue us.’ Before we address that posture in earnest, let’s consider whether ASUS’ position holds water in terms of explaining why all but two e-mails about this important issue are in digital heaven.
Employee-directed transfer of data to a replacement computer may indeed result in the abandonment of relevant information, especially if that information is deemed dated or stored in areas where it’s likely to be overlooked. However, this is generally not the case for e-mail. Whether stored on a server or locally on a hard disk, business e-mail routinely resides in a container file format, not as individual messages. Accordingly, users moving data stored on an old computer to a new one rarely have the option to move messages piecemeal. E-mail stored locally tends to migrate as an all-or-nothing proposition.
Is it conceivable that a user might maintain local Outlook PST or Lotus .NSF container files for particular intervals and elect only to migrate selected collections? Yes, but in my experience, it’s the exception, not the rule. Most Outlook users have two local PST files: one typically called Outlook.PST (or unique_username.PST) and another called archive.pst. Might a user simply migrate their active PST and abandon the archive? Sure, but again, it’s exceptional.
Most people choose to hang on to their e-mail containers, particularly when they’re uncertain exactly what the container file holds. Plus, a PST holds more than just your e-mail. It’s got your calendar and contacts, too.
In my view, large numbers of employees don’t spontaneously depart from customary “lazy” retention practices. They have to be coerced to abandon their collections. It takes considerable time and effort to make a studied keep-or-discard division of unstructured e-mail collections—time and effort that few employees expend absent a powerful incentive that they do so.
For that matter, most users don’t know where in the Windows folder hierarchy their local e-mail container files reside. Do you? So, we really have to question the wisdom of leaving this migration solely in the hands of individual custodians—even the doubtlessly brilliant engineers at ASUS—particularly when some of the data in transit is subject to legal hold. The court called this data “at the mercy of individual employees' backup practices.” Perhaps it wasn’t actually as half-assed as it sounds; but like all lawyers who must counsel based on case law, I have to work within the four corners of the ruling and take the facts as the court finds them.
Upshot?: Custodial hold as the exclusive ESI preservation mechanism once again withers under judicial scrutiny. Whether we term it “the fox guarding the hen house” or simply acknowledge that in any group of custodians, you’re going to have people who do it well, people who do it badly and people who just don’t do it, relying too heavily on custodial preservation may not be prudent or evidence good faith.
Judge Nuffer:
“ASUS' practices invite the abuse of rights of others, because the practices tend toward loss of data. The practices place operations-level employees in the position of deciding what information is relevant to the enterprise and its data retention needs.”
The judge labels Asus’ automatic overwriting and reliance on custodial preservation, “irresponsible data retention practices.” But how different, really, are ASUS’ practices from your client’s practices? Are operations-level employees effectuating legal hold to meet enterprise preservation obligations?
For inside and outside counsel for whom an ASUS-style custodial hold is modus operandi—and there are plenty of you out there—it’s time to consider how you’ll avoid ASUS-style sanctions. Are you prepared to re-design your client’s or company’s information management practices to be accountable to people likely to sue you?
“Pshaw!” you say. “We design our information management practices to meet our business purposes, not cater to a bunch of frauds and malingerers taking their spin at the litigation wheel of fortune.”
Okay, you didn’t say the “pshaw” part. But you know you thought the rest.
But here’s what Judge Nuffer thinks:
“The culpability in this case appears at this time to be founded in ASUS' questionable information management practices. A court--and more importantly, a litigant--is not required to simply accept whatever information management practices a party may have. A practice may be unreasonable, given responsibilities to third parties. While a party may design its information management practices to suit its business purposes, one of those business purposes must be accountability to third parties.”
That last point about accountability to third parties in the design of information management practices nearly took my breath away until I considered that we expect businesses to tailor their electronic record keeping to meet reporting obligations to, e.g., the IRS, FDA or SEC. Why wouldn’t we expect businesses to design their information management practices with at least some eye to reasonably foreseeable preservation duties to courts and litigants?
“Information management policies are not a dark or novel art. Numerous authoritative organizations have long promulgated policy guidelines for document retention and destruction.”
Indeed, but the gulf between policy and practice on ESI retention makes the Grand Canyon look like a pothole. The irony is when companies’ have policies that call for the destruction of data, these policies are observed mostly in the breach. Data that’s supposed to go to digital heaven doesn’t. [Insert your own Easter analogy here].
“ASUS claims it can find a safe harbor against sanctions because of the recently adopted rule [Fed.R.Civ.P. 37(e)] that sanctions may not be generally imposed for ‘failing to provide electronically stored information lost’ if a party can show the loss was ‘a result of the routine, good-faith operation of an electronic information system.’ First of all, this provision only applies to electronic evidence. ASUS' arguments and factual summaries are very short on any discussion of paper documents.” [Footnote omitted].
True enough; and I’ll concede that the so-called safe harbor” rule is a platypus spawned of politics not reason; but why should there be a distinction between electronic and paper evidence lost despite the exercise of diligent, good-faith preservation efforts? Wouldn’t it make more sense to harmonize the two instead of carving out a confusing, toothless exception for ESI?
Reading between the lines, it seems clear to me that ASUS was being punished as much for its arrogance as its woeful preservation practices. Might the judge have caught the whiff of another Qualcomm v Broadcom-style disappearing act and decided that, as weak a showing as the plaintiff brought forward, it was the better part of valor to put the onus on Asus?
In the end, the court found ASUS’ conduct should be sanctioned and hung the sword of Damocles above Asus’ head, stating that it won’t decide upon the proper remedy for Asus’ sanctionable conduct until at least five weeks after discovery closes. Pucker, pucker, pucker.
Carrying sanctions along in this manner is something canny judges do. Once a sanction is imposed, its power melts away--the body blow is absorbed and the case goes on. But sanctions carried along offer incentive to better behavior and to settlement. Judges don’t get reversed on settlements.
I think we'll be talking about this one at CLE until the next one comes along.
Hello,
This is a very informative back and forth between you and Ralph Losey. I do want to comment on a couple of things, starting with (since you screamed about it) - "Which is it, formatted or erased!?!? ".
You are correct that the way many people use the latest Windows Format does not erase much actual data - however, it was pretty common for technical people from the days of Dos (to date and categorize myself) to instead utilize a "low level format" - which can be a true erase. Hard disks in the 90's, using the older hard disk interfaces, usually came with utilities to reformat the actual disk, or even to do a full destructive surface scan for defects. This was pretty common prior to the Windows 98 era. Even today, it is pretty easy to do a destructive format.
In addition, performing a quick check - on my Windows XP machine, the Format dialog box has the option to perform a "Quick Format" or not - and the default is Not. The online help describes the option as "Specifies whether to perform a quick format by removing files from the disk without scanning the disk for bad sectors. Use this option only if the disk has been previously formatted and you are sure the disk is not damaged". Only the quick format just deletes the index files, as you describe.
Essentially, for Windows XP and older systems (still available on new computers as a commonly used downgrade), the default Format also erases - so it is not such a black and white distinction.
With respect to ASUS's production of emails - yes, they should have something more available (especially useless junk) - which one should be able to check by identifying some of the relevant people still at the company, and checking their email archives (possibly including home systems) - but there truly might not be a lot available.
From what I have seen, few technical companies worried much about data preservation prior to this decade - at least in terms of management directives to technical employees.
I have worked for a company that lost the source code for a product - it did happen, especially pre-2000, and for smaller programs that might only have had a couple of programmers. For simple standalone drivers or utilites, finding the source for a 10 year old version could be quite difficult, since the company has probably migrated through at least 2 different source code control systems since then. I have also taken at least 2 company machines with me upon leaving jobs (by paying moderate amounts), and purchased other company machines that were available. Finally, the post-internet bubble saw a significant amount of staff turnover, and facility closings, that might truly leave few remaining people at the company with any information from that far back.
dgc
Posted by: Darryl Champagne | August 14, 2009 at 02:01 AM