This document discusses challenges related to email in litigation. It addresses managing email retention on corporate servers, locating emails within and outside corporate networks, accessing emails, including on employer systems and mobile devices, and proving the authenticity of emails. Key issues explored include retention policies, accessing employee emails, proving authentic versus fabricated emails, and authenticating cloud-based communications from various applications and providers.
Report
Share
Report
Share
1 of 14
More Related Content
Electronic Evidence - The Special Case of Email
1. The Special Case of EmailJohn Gregory and Dan MichalukJanuary 24, 2011
2. OutlineLet’s deal with the following four challengesManaging emailLocating emailAccessing emailProving email
3. But First… What’s an Email Nowadays?Stored, text-based communications todaySMTP communications – “classic email”Computer generated faxesWebmail, Webmail via social networking applicationMulti User DomainsText messagesVOIP communications
4. Managing Email (The Litigator’s View)This is a problem for corporationsRetention policies are keyEmail servers not ordinarily a business records repositoryEmail can be on a “short list” for retentionPressure to move it off server, sometimes auto-delete Limit: likely be relevant to reasonably anticipated litigationThis can be a discovery or trial issueRemmington (1998) – Common law duty to preserve?Broccoli v. Echostar (2005) – 21-day retention of e-mails
5. Locating Email…on the corporate network in an investigation Pre-confrontationEmail server Lotus Domino, MS Exchange, GroupWiseMobile messaging serverBESNetwork “clients”Post-confrontationMobile DevicesApplication-based communicationsCompany owned peripheral storage devices
6. Locating Email…outside the corporate networkIndividual controlledPersonal e-mail accountsHome computersThird-party controlledTelecommunications providersApplication providersAlex Cameron’s presentation covered access to these sources
7. Accessing EmailOn the corporate networkLaw has recognized a virtually unfettered right of employer accessBasis – ownership of system plus notificationLikely to see a greater balancing of interestsCorporations should considerRoutine monitoring based on special groundsPeriodic audits with controlsInvestigations based on reasonable suspicion
8. Accessing EmailRecent casesQuon – 2010, Supreme Court of the United StatesR. v. Cole – 2009, Ontario Superior Court of JusticeFrance v. Tfaily – 2010, Ontario Court of AppealCity of Ottawa – 2010, Divisional Court
9. Accessing EmailEmployee communicates with counsel on employer systemsA practical problem for employer counsel among othersKey Canadian casesDaniel Potter – 2005, Nova Scotia Supreme CourtEisses v. CPL – 2009, Ontario Superior Court of JusticeCounsel’s obligations are clearBut the ultimate right of access is a matter of factIs it better to attack basis for privilege than argue waiver?
10. Proving EmailEmail problem #1 – You didn’t send thatEmployee alleges termination on basis of pregnancyEmail pre-dates her pregnancy by two months showing bona fide intent to terminateEmployee says the e-mail is fabricatedHow would you prove the email?
11. Proving EmailEmail problem #2 – I didn’t send thatAgreement to arbitrate executed through intranetExecution by entering employee ID number plus password then clicking throughSupervisors can reset passwordsSupervisor resets password to help employee get accessEmail confirmation sent to employeeEmployee claims supervisor executed agreement and denies reading confirmation emailHow would you prove the email?
12. Proving EmailCloud based communications are harder to authenticateAuthenticate (go to ISP and not ASP)Figure out and prove the “system” whose reliability one would like to count on (or at least appreciate)No standardization – every application works differentlyConsumer oriented – so less rigorous than business systemsProprietary – so code etc. are not readily availableSurrounded by TP apps – Tweetdeck, thousands of FB suppliers, who, where and what are they?Are cloud providers in the ordinary course of business, i.e. should they be considered reliable?