In the first of a two-part comment on Law.com's Law Technology News, Leonard Deutchman discusses the recent case of TR Investors LLC v. Genger No. 3994-VCS, Delaware Court of Chancery (Dec. 9, 2009) [PDF]. Somewhat oversimplifying matters, the relevant facts were that during the course of litigation between Genger and TR Investors (the Trump Group), there was a stipulated status quo order that provided, in part:
. . . the plaintiffs and the defendants, and their respective officers, directors, agents, [etc.] . . . are hereby restrained and enjoined from, directly or indirectly . . . tampering with, destroying or in any way disposing of any Company-related documents, books or records . . . .
At a point in the process of determining which documents on computer hard drives were relevant to the action and which were personal, Genger deliberately caused the unallocated space on the drives to be overwritten, thus effectively destroying any data that might have been recovered and intelligible.
The court found Genger in contempt of the order because among other things in so overwriting the unallocated space his employee at his direction removed "temporary files that were stored on Genger's hard drive."
Deutchman lays out the basic situation in this first part of "Does Discarding Unallocated Space Deserve Contempt?" and begins a critique of the judgment. He concludes the first part thus:
No IT professional or typical user would consider unallocated space to be a "backup" space, akin to an external drive or backup tape used to affirmatively back up files, simply because forensic searching could possibly locate therein lost files in their deleted or temporary states. An apt comparison might be considering a waste basket next the desk of a poet a "backup" because one might be able to assemble the completed poem from the dozens of discarded drafts found in the basket. In sum, then, the court's factual conclusions are unsubstantiated.
Clearly, whether or not this judge is correct in fact and in law — are any and all data fragments "records"? — an important part of any document security policy will address the regular or routine "cleaning" of unallocated space on hard drives, just as it will the more mundane removal of metadata from documents created by word processors and the like.
I'm not sure that what an IT professional or typical user would have thought matters, once there is a judicial order to preserve evidence. In the face of that order, and of the general obligation to put a litigation hold on data that one might otherwise discard, even the contents of the wastebasket should probably be sorted for relevance and anytying relevant kept.
I am prepared to be persuaded that what the company did was not spoliation, but I am not so persuaded by the short extracts of Mr Deutchman's argument that Simon provides us with here.
The virtual and the logical are heady places. When in doubt, always follow the sage advice of Olivia Newton-John: "Let's get physical." (The video, for all of you nostalgic old-timers, is on YouTube.)
Even clouds consist of water vapour. There's always a physical medium, and that's where the focus of inquiry needs to be placed. If a contract or a will was written on paper with a pencil, that's the physical medium that needs to be preserved. Of course you'd be concerned to discover and explain traces of lead and of eraser rubber, patched excisions, indentations, and so on. You wouldn't expect to be allowed to make crayon doodles in the white spaces of a disputed document. There's no difference in principle with magnetic or optical media.
(By the way, I've edited this message three times so far on Slaw, not to mention all the previous editing on my local machine. Did anybody notice? Nobody said it would be easy to investigate this stuff!)
A "deleted" file on a hard drive is still a file in every respect. The only difference is that the hard drive has permission to overwrite the file, and the file is hidden from ordinary view. It is quite simple to retrieve "deleted" files that have not been overwritten.
If the company discovered after the court issued its order that it had 50 boxes full of potentially damaging documents that had been set aside for disposal, but had not yet been shredded, should they be entitled to go ahead and shred them? In my opinion they should not.
The takeaway here seems to be that intent matters. Deliberate efforts to overwrite unallocated space speaks to intent to destroy. Without intervention, the unallocated space would have been overwritten at least once, making forensic recovery challenging.
Intent has to be viewed as the lynchpin, otherwise the implied burden to preserve unallocated space seems a step too far. Without special consideration of intent as an element, this opinion would seem to imply that the moment we become aware of a pending lawsuit, all in-use media that might contain responsive materials need to be "forensically" imaged. That just can't be right.
Unlike tangible evidence such as fingerprints, digital evidence presents a new challenge for today's judges to overcome. While the court viewed the wiping of the unallocated space as the deletion of a source of information that may have been relevant to the court's proceedings, this assumption is questionable. Also, the court's consideration of unallocated space as a legitimate backup for digital information may sound to be legally valid, but in today's electronic technical advanced world, it is problematic at best and probably economically and practically unworkable.
Please read the recent review I wrote about Arie Genger's lawsuit.