Is it Possible To Ever Get Good At This?
First, let's remember that I am not, nor do I particularly wish to become, a litigator. That's thing one.
Second, I'm noticing that the fact I put disclaimer #1 up there means that I am getting embarrassed about my own ignorance. Like, I'm inclined to inhibit what I say because I'm afraid it will reveal to the world how much I don't know. That's crap, and is not my intention on this blog. So let's remember that I'm reasonably smart and well-intentioned, but I must renew my daily vow not to be ashamed to reveal all the worlds of things I don't know. That would really make for a boring blog. There's a ton ton ton of stuff I don't know. I think I can still be useful, here and there, in the small areas where I know some things.
Now that we've got the preliminaries out of the way, I was just chatting via AOL instant messenger with a nonlawyer friend of mine. He got chastised by some lawyers for some emails he sent, that might not look so good for their client, who is now in litigation. Somehow in our chat my friend and I got talking about instant messaging, and whether it would have been better for him to have said these things in a chat session. I have always assumed that instant messaging is transient. But of course it isn't -- you can record it, I learned from my friend. So we got talking about encryption and different chat clients and the security and the recording options for IM chat sessions (e.g., if a chat session has been recorded by one party, is there a way of knowing if it was authentic, or can someone change the recorded chat transcript after the fact, and would that tampering leave its own trace?)
I'm all fascinated by these questions. Surely they're not new, but they were new to me. I was using IM in law school, much more than now (there are one or two people I chat with sporadically), but I never wondered about the hows and whethers of discoverability. It didn't really occur to me. And of course, until sitting down writing this it wouldn't have occurred to me to wonder how one might discover cell phone text messaging exchanges, seeing as I don't use them myself.
It made me think about Pop!Tech -- one of the feelings I get when I go there is that the pace of change is so much greater than the pace at which I can learn things. And I wonder whether the legal profession, and the case by case advancement of the common law, is set up to adapt to new technologies (even to be AWARE of these technologies, their capabilities, their adoption etc.) at a swift enough pace to be useful. Probably it is. But it seems to move at such a slow pace. And cases are going to be led by senior attorneys, who are hardly the most cutting edge demographic in the population. And I'm no early adopter but I'm relatively young and inquisitive and am friends with a fair number of early adopters, and to me the task of staying on top of what can be learned and known about people and businesses from the electronic footprints they leave appears to be a really tricky one. I mean, as a profession, are we all going to be committing malpractice all the time if we don't know how to discover instant messaging logs or read the metadata in Word documents; if we don't even think to ask about them? And about the next generation of those kinds of things? And who will decide when we were supposed to have known about them and when it was too soon to really have thought to have asked about them?
The idea of developing an expertise in a substantive area of law -- just getting nimble and proficient about what already exists -- overwhelms me at times. The certainty that the subject area and the ways in which it can be seen and proven and understood are changing at a pace that accelerates every year, well, that makes my head spin.
First of all, the fact that you think you "don't know" a lot of stuff is a sign of your intelligence in my opinion.
Aside from that, e-discovery is a fascinating subject and I think you're right that lawyers (or at least young litigators) who don't know anything about it had better get with the picture. To begin with, almost any electronic trace of conversation like your IM chat IS discoverable. The only issue in most litigation matters is cost: hiring a forensic computer expert to preserve a hard drive or retrieve deleted IM chat sessions is expensive and in many cases simply not worth the cost.
Posted by: UCL | May 18, 2004 at 08:17 PM
UCL is right. And not only do lawyers need to get up to speed on e-discovery but we should also make sure our clients understand it too. E-mailing back and forth with someone can seem liek having a conversation because it is so quick and easy. As a result, it is very easy to put a comment in an e-mail without giving it the thought you would if you were writing a letter.
Your friend (the one who was chastised by lawyers) is not alone. We litigators see a LOT of people get burned by ill advised comments made off the cuff in an email. It's not pretty!
Posted by: cmc | May 18, 2004 at 10:12 PM
another point about emailing is that, compared with snail mail (or a phone call) it is much easier to accidentally send it to the wrong person. People *always* think this will never happen to them, but at my firm we've gotten a couple of REAL gems that were accidentally sent to our client.
whenever I send a draft of anything to be filed jointly to an opposing counsel for comments, I always send it as a pdf file, to eliminate the possibility of them being able to track info such as how many times I revised it, how long the doc was open (and there's no separate data for amount of time you spent procrastinating while having the doc open on your computer), etc. Since they can't edit it and send it back, it also helps keep anything extra from being tucked in there--I don't have to carefully re-check every page they send back against my original.
Other than that, I know not of technology.
Posted by: MS | May 19, 2004 at 11:30 AM
Hey, there's an avenue for me: computer forensics. That could be fun. It's the opposite of encryption security, which I find intriguing as well.
Yeah, with the right tools, anything that hits a hard disk is recoverable to some degree. There are specialized programs to "burn" files (mostly writing entropy to those disk sectors, over and over again) but not too many people use them. There's some interesting research about how much people don't delete. I tend to be in favor of physically damaging document removal methods, i.e. very large magnets or electric motors. A sledgehammer is also effective, if crude; the compulsive paranoid might consider getting the actual platters out and grinding them with machine tools.
Even deleted emails can be pulled back from the edge to some degree - most messages are delivered to an SMTP server and spooled there, and most people aren't too careful about keeping that mailbox neat. (Those disks are pretty busy, though, so traces of deleted mail don't last long before being overwritten.) There's also server logs tracing which messages went where over a given period.
IM sessions in general tend to be memory-resident and therefore more transient, but that's dependent on the program in use. (I'd say "client" but I'm in the wrong namespace for that jargon!) I've heard of "auditable" IM. Some servers might retain logs, and some programs might as well. As soon as it hits the disk... bam, it's retrievable with persistance and the right tools.
I think we need a Frost update. Instead of "Provide, provide" it will be, "Encrypt, encrypt!"
Posted by: pjm | May 19, 2004 at 12:14 PM
Interesting. . .
MS -
Quick FYI, there are programs that can "pull" a word document out of a .pdf, provided the .pdf was created by converting a word document and not scanning a printed page. I am not sure if they can do so if you "lock" the .pdf file.
Also, a good way around some of the more revealing Word statistics is to copy and paste the entire text of the "final" document into a brand new Word document right before you send it.
I know a number of people who routinely save IM chats as text documents on their hard drives. . .
Scoplaw
Posted by: Scoplaw | May 26, 2004 at 09:22 AM
Absolutely fascinating. Who knew there was this whole field out there? What would I need to do to become a "forensic computer specialist"?
More immmediately, does anyone know where you'd start looking if you wanted to find any trace of someone's AOL IM chat session? Transcripts would be great, but also just a record of when the client was active would be a good start. Can you subpeona something like that from an ISP or from AOL?
Posted by: ambimb | May 26, 2004 at 09:38 AM
Yes, you can subpoena AOL and any ISP. Assuming your subpoena is valid, though, the subpoena still may not produce any results if too much time has passed and all electronic records in the possession of AOL are gone.
Posted by: UCL | May 26, 2004 at 10:50 AM
Yeah, just FYI: I talked to a computer forensics specialist who said that AOL (and most other ISPs) purge everything they can as quickly as they can so they have fewer subpeonas to deal with. This expert also said chat programs (AOL IM and MSN Messenger) don't leave any trace on a drive; they used to, but they don't anymore. (MSN has an option to log chats so you can save complete transcripts of everything, but why would anyone turn that on?) E-discovery is tough business. Expensive, too.
Posted by: ambimb | May 28, 2004 at 08:55 PM
I need a computer expert in a criminal trial to explain how AOL instant messages can be altered and in my case it was. I am located in Phila.Pa.
Posted by: madeline | June 30, 2004 at 01:08 PM
As a Certified Computer Examiner (and a little late to your thread, but it's still relevant if people find it in search), I can tell you the rules are simple. If you don't want your information or thoughts on a subject to be disclosed - ever - than you should NEVER EVER transmit them or save them electronically. That includes AIM. Unless the user is more savvy than usual, it is possible to find almost anything on a hard drive.
Posted by: Carol Stimmel | May 06, 2005 at 03:45 PM