All posts tagged Electronic Evidence

Are there really no barriers to electronic commerce? Electronic evidence will decide.

Are there really no barriers in ecommerce?

Shouldn’t the Internet enable the free purchase of goods and services anywhere in the world no matter where you are located and what time it is? Well…the Internet might not be fully “open” to everyone after all. Have you ever noticed when purchasing an article online that you have been automatically redirected to another site before being able to carry out the payment or that you are unable to acquire a product online from where you are currently located? The clearest example most of us will probably recall is an annoying error message saying “this video is not available in your country” when attempting to view media content.

Recently, EU Competition Commissioner Margrethe Vestager announced that she intends to carry out an inquiry into the e-commerce sector, focusing on contractual restrictions and geo-blocking in the online sales of goods and digital content. The inquiry is due to start on 6th of May 2015 and will most certainly affect major corporations including Apple, Amazon, Youtube and Paypal amongst others major e-tailers.

What form will this investigation into the e-commerce sector take? The European Commission will make use of its investigative powers and send out numerous information requests to the e-tailers and other stakeholders concerned. Pursuant to Regulation n°1/2003 the European Commission is entitled to request any corporate documents, both in paper and electronic format that are related to the investigation. In practice, companies affected by this investigation will have to rapidly identify within their corporate repositories the requested documents in order to comply with the frequently tight deadlines set by the European Commission. Most importantly, if companies fail to supply the requested information before the deadline or supply incorrect or misleading information, they will risk fines of up to 1% of their total turnover in the preceding business year which could well cause financial distress for many companies.

How can companies who sell goods and services online best prepare for this? It is crucial for companies to be fully prepared for these potential information requests with the necessary technical means to identify and analyze information currently under scrutiny within tight time frames. To this effect, document review platforms that include keyword searching and other advanced analytics such as predictive coding (for further information please refer to these articles: The Final Act: Predictive coding take centre stage and Predictive Coding and Benedict Cumberbatch) can be a very useful tool and ally for companies in these situations since potentially relevant information will be identified more rapidly and high fines will be avoided.

In summary, e-tailers should be sufficiently prepared from a technical standpoint with professional edisclosure and review tools to locate and analyse data within their repositories since most of the evidence will be electronically stored information (ESI). This will allow them to respond to potential information requests within the prescribed time-limits and avoid heavy fines.

About Thomas Cavro Dupont

Thomas Cavro Dupont is a Discovery Services Consultant at Kroll Ontrack in the EMEA region and is based in Germany. He advises lawyers around Europe and their clients on how to effectively manage electronically stored documents in matters such as competition, litigation and internal or regulatory investigations. Before joining Kroll Ontrack in 2014, he worked as an Associate in leading international law firms in Brussels, Paris and Madrid advising clients on competition law issues. Thomas also worked as a Project Manager for a major ediscovery provider in London specialising in ediscovery projects in the antitrust and finance areas. Thomas, who is legally qualified in Spain and France, obtained his Law Degree from the Universidad Pontificia Comillas in Madrid and received an LL.M. in European Legal Studies from the College of Europe in 2009. His native languages are Spanish and French and he is fluent in German and English.

Electronic Evidence: A new era in Swedish Arbitration?

Young Arbitrators Sweden

Recently, on 16 October, I had the pleasure of being invited to YAS’ (Young Arbitrators Sweden) Arbitration day in Stockholm. The event gathered many of Sweden’s top young legal practitioners in the arbitration field. It was therefore with great interest that we were invited not only to speak about some of the advantages electronic evidence tools are bringing to practitioners in arbitration, but also to listen to some frank exchanges between lawyers as to the benefit of electronic evidence services, and what the future holds.

Swedish legal practitioners are on the cusp of a major change in the way firms approach their clients’ cases and manage their clients’ data. Only a year ago, many of the firms I was speaking to would acknowledge in conversation that they would sometimes have no choice but to turn to electronic evidence technology to manage particularly document heavy cases. However, this was not the norm, and particularly in the area of arbitration – a traditional approach to managing and reviewing documents (i.e. reviewing paper files) was preferred.

But times are changing… as the discussion at the recent YAS event demonstrated:

We sat down to listen to a panel composed of Mannheimer Swartling’s Kristoffer Lof, Hannes Snellman’s Caroline Snellman, and MAQS’s Pontus Erwerlof, with proceedings moderated by Sara Ribbeklint (MAQS).

Despite Sweden’s legal system, in which Kristoffer emphasised that the needs for disclosure or ‘discovery’ to use the American term are close to non-existent (when compared to the US or UK jurisdictions), the volumes of client data regularly presented to law firms for their cases is increasing constantly. Each of the panel had made use of electronic evidence tools for larger cases, although the degree to which they thought that these should be used as a matter of principle on a wider variety of cases varied.

One view expressed was that electronic evidence tools would only be used by a firm if the case required it, however, others expressed the view that there may be a case for using electronic evidence tools more systematically in order to increase the efficiency of the review work required for arbitration and litigation. In particular, one of the panel members mentioned that at a start of a case their team is often ‘flooded’ with documents sent from their client which often necessitated a tool to facilitate sorting and searching for key documents quickly and efficiently – so that an overview of the documentation in the case can be rapidly gained.

A trend that the panel agreed on is that they would be more likely to see requests for production of documents phrased in keyword search terms in the future.

Ultimately, one panellist was not persuaded that arbitrators are operating in a ‘new era’ in terms of using technology, and that fundamentally lawyers would not need to dramatically change the way they approach evidence in a case.   Another agreed to a certain extent, but did think that the work to gather evidence is what is issue here – and that given the increasing volumes of digital data – a more efficient way of working involving technology was needed to adapt to this.

Whilst the discussion in Stockholm did not provide a conclusive answer to the question of whether we are in a ‘new era’ of using legal technology in practice, Swedish arbitrators clearly already have their eye on the future. The degree to which firms are taking steps to prepare themselves for the inevitable flow of data that is coming their way is not consistent. Some firms have acquired much higher levels of knowledge of electronic evidence tools and techniques than others. Time will tell which of the top Swedish firms have taken the right approach.

About James Farnell

Qualified solicitor (commercial and intellectual property law) with four years international business development experience following four years of legal practice. Experienced in analysis and research of new business opportunities and developing new business strategy. Excellent project and people management skills. Successful record in developing new business products and revenue streams within the legal sector.

What is my Refrigerator Doing on the Witness List?

The custodian list on the last edisclosure matter I worked on involved 6 custodians and looked similar to this:

Rob Alexander
Tom Jones
Chris Van Winkle
Danielle Chapman
Marketing Groupshare (H: Drive)
Marketing Collateral (paper)

In the near future, I expect it could look like something like this:

Rob Alexander
Samsung RB RB31FERN Fridge (s/n: 763423253RB)
Britannia Q Line Dual Fuel Cooker (s/n: R-454712131D)
KitchenAid Pro Line Toaster (s/n: KMT4945603CA)

Why? Well, because your employment matter might depend on the times Rob made cheesy toast and the smart toaster might be the only evidence available. Or the product liability matter against your client might depend on the pool of structured data collected by temperature sensors in refrigerators across England and communicated to the manufacturing database. Alternatively, your malpractice case might hinge on the communications between medical devices.

The Internet of Things (IoT) has exploded. Not literally of course, but IDC, a global market intelligence firm, estimates in an infographic that at the end of 2013 there were 9.1 billion IoT units installed globally and given the projected rate of growth by the year 2020 there will be 28.1 billion units contributing to the IoT and adding to the amount of discoverable data in the world. Gartner, the technology and research firm, states in a study that the technology and storage infrastructure in existence now may not be sufficient to hold the enormous amounts of data generated by the IoT.

As businesses are encouraged to reap the benefits of the IoT and technological advances make analysing big data easier and faster it’s only be a matter of time before this data is called upon as evidence to make a case. I am not advocating the immediate collection of appliance data, nor serving your client’s kitchen with a preservation notice, but the idea that email, loose files, and the occasional bankers box of paper is the bulk of your data sources is an outdated one.

So have a serious think about what types of data your client owns and where it resides, because as the IoT grows it may very well be everywhere.


About Orion Wisness

Orion provides consultancy and training to assist clients with the identification, preservation, collection and analysis of potential evidence in document intensive cases. He advises clients on strategies and techniques to help lawyers and corporate clients deploy technology efficiently and cost effectively, as well as assisting them in the fundamentals of document reviews, the design of practical workflow processes and the selection of the technical solutions required to fulfill these goals. He is frequently called on to comment on best practices and new developments in the electronic disclosure and discovery industries.

Keep on Running


To many of you, the last Bank Holiday might have been a bit of a washout; a non-event. There was plenty of rain to water the garden but not enough sunshine to enjoy any time there. In Mother Nature’s fuse box, the switch marked ‘Summer’ was most definitely turned to ‘Off’.

I expect (as seems to be the norm these days) that most people would have been checking their smart phones or tablets every five minutes, shopping around for the best weather forecast in order to decide whether to wear sandals or galoshes.

So it wouldn’t surprise me if only a few of you realise how that very same weekend was a busy junction of ‘historic events’ (I use the term loosely because some of them, as you will soon learn, are peculiar to my own experience and really just facilitate the writing of this blog).

This is what I had on my mind:

  • Sir Roger Bannister helped to celebrate the 60th anniversary since he ran the first sub-four-minute mile, by appearing at the Westminster Mile.
  • At the same event, David Weir broke his own world record by completing the 1 mile wheelchair race in 3 minutes and 7 seconds.
  • I also took part in the Westminster Mile and the London 10,000 Metres (the next day), obtaining personal best times in both races (00:06:17 and 00:52:57 respectively). (See?! I warned you!)

Whether or not you are pleased with your results, it is always important to reflect on the reasons for your performance. Personally, I can’t fathom how I managed to shave 45 seconds off my previous best mile and over 6 minutes on the 10k. I wonder if (training aside) it had anything to do with some ediscovery issues that got me….well….a little worked up on both days.

The first was the matter of a short-sighted comment that I heard during my travels through Europe in the week leading up to the Westminster Mile.

I was told by a lawyer that they would never use predictive coding technology to review documents because the DOJ doesn’t accept it. Shortly before 4am on the morning of the race, I woke in my hotel room with these words ringing in my ears. Whether the DOJ accepts it or not, I just couldn’t believe that someone would write off technology that could save time, labour and cost, without considering how they could use it to gain advantage (after all, there are many situations where it is sorely needed and it’s use does not need approval from the DOJ or any other opponent). Anyway, a quick tweet seemed to be the remedy for this bout of insomnia and feeling much better, I managed to get some more sleep ahead of the race.

At breakfast I could see from the window (instead of the BBC Weather app) that it was raining heavily and I was thankful that this would dampen the pollen sufficiently to ensure that I could run reasonably fast and still have good lung power for the longer race the next day. I was mostly keen to ensure that I didn’t exhaust myself to rule out getting a decent time in the long race.

Despite my concern, I found that the going was definitely good. I started well; I got ahead of the rest of my fellow runners and went for it. I even slowed a little to make sure that I maintained a good pace and convinced myself that I would not beat last years’ time of 7 minutes and 2 seconds. So much so that I was very surprised to hear the commentator’s voice announcing through the loud-speaker at the 200 metres marker that anyone finishing now would be just outside of 5½ minutes. After the surprise, I realised there lurked another analogy to ediscovery technology and how it surpasses expectations when proper control is exercised.

But why so fast? Was I still fired up by one person’s ignorance? Was it my breakfast (an unhealthy and calorific Full English)? Or did it have something to do with the inclusion of the Spencer Davis Group’s classic hit “Keep On Running”, the lyrics to which I had already changed in my head:

Keep on running, keep on hiding / One fine day I‘m gonna be the one / To make you understand / Oh, yeah, [I’m gonna be your] Predictive Coding man

Did my time, took my chances

The danger of Twitter is that it is very difficult to compose something intelligent and all too easy to compose something controversial in just 140 characters. I discovered this after the first race when I found that someone had vehemently disagreed with my earlier tweet.

But, where there’s danger, there’s excitement. Having clarified what I meant, I found that the excitement comes in being able to engage with like-minded people around the world, who share the same passion for improving legal practice through the use of technology. In the words of Survivor (which kept me going between the 7th and 8th kilometres on the day of the long race) “risin’ up to the challenge of [my] rival” had made me feel much better.

At the end of both races I decided that integrity, honesty and skill is what wins races (more than mild aggravation, bacon and music), which brings me to another topic that has been on my mind.

The Governor of the Bank of England recently commented that “integrity, honesty and skill” in senior managers are not optional. He was targeting the financial services industry, but I think that this is a further sign of a high-standards culture of compliance in Europe that will eventually prevail in all industries and sectors.

The key thing to take away from Mr. Carney’s warning is that if your business is going to come under scrutiny, you have an opportunity to get ahead of the probe. And if there a probe is on the horizon, you have an opportunity to get ahead of the curve to investigate yourselves. As a company you should know what your liability is early and deal with it. Which brings me back to technology, and my final plug for it –if you are worried about what the DOJ (or the FCA for that matter) have to say, then use the best technology out there to root out the problem before they knock on your door.

About Rob Jones

Robert Jones is the manager of Kroll Ontrack’s team of Legal Consultants in Continental Europe, the Middle East and Africa.

Document Review with an Army of One?

Ralph_SearchOn 10 September we are hosting a complimentary breakfast seminar in London for lawyers and litigation support professionals on “Predictive Coding – How it’s Bringing Innovation to Legal Practice”.  We are delighted to have as our guest speaker Ralph Losey, Partner and National e-Discovery Counsel at the US law firm Jackson Lewis who will share his extensive experience using machine learning technology in legal practice. We are also pleased to have as our UK legal expert, Neil Mirchandani, Partner at Hogan Lovells in London who will be commenting on the applicability of these technologies to UK legal practice.  Although this technology is not new there is still a lot of uncertainty in the UK about how it works and which cases and which document collections it works best on.

The seminar will include discussion on scientific studies comparing human to computer review, some war stories showing how the technology has worked and the cost benefit analysis looking at a recent survey of corporates and how to control disclosure costs.  We are hoping to debate the issues that arise in the UK in relation to the use of this sort of technology and what our experience of it has been.  For those who would like to stay on afterwards, there will also be a more mechanical session and demonstration of how to use the technology with Ralph.

If you would like further information about the event please click here and if you would like to register please email us at  We are hoping for a lot of audience interaction and you can pose questions for the experts to answer during the session by emailing us or commenting below.

About Tracey Stretton

Tracey Stretton is a legal Consultant at Kroll Ontrack in the UK. Her role is to advise lawyers and their clients on the use of technology in legal practice. Her experience in legal technologies has evolved from exposure to its use as a lawyer and consultant on a large number of cases in a variety of international jurisdictions.

Electronic Health Checks for Companies

Electronic Health Check

The first in our series of webinars about the use of electronic evidence in Europe started with resounding success last week.  We had over one hundred attendees from 21 countries to listen in to the live panel discussion of Till Kleinhans (Head of Business Integrity at Allianz), Hugues Valette Viallard (partner at Latham & Watkins in Paris and Brussels) and our own electronic evidence consultant Thomas Sely (Kroll Ontrack, Paris).

The discussion focused on the conduct of internal investigations in terms of ‘staying a step ahead of the regulators’ (which was the official title of the webinar) and identifying wrongdoing within a company at an early stage so that remedial steps can be taken.  The role of electronic evidence was discussed in this context in terms of assisting both internal compliance departments and law firms to efficiently and quickly seek out evidence of prohibited activity.

We were particularly pleased to have Till Kleinhans and Hugues Valette Villard contributing to this topic.  Both have extensive experience in their respective fields and were therefore able to bring some valuable insights to this discussion.   An overview of the discussion is set out below, but if you would like to listen to the discussion in full, please use the following link:

Staying a step ahead of the regulators

Till provided some interesting insights on the internal systems Allianz use to monitor a very wide range of issues including internal fraud, corruption, antitrust activity, harassment, security and blackmail, and how such investigations are handled.  For investigations of a serious nature Allianz generally require the external support of lawyers and IT specialists to manage the electronic evidence aspects of the investigation.  Indeed, Till made the point that for ‘up to date’ knowledge in such matters he believed it was necessary to involve outside IT specialist providers.

Hugues who has a very wide range of experience assisting his clients in investigation situations stated that company ‘health-checks’ were on the increase because the tools are now available to take appropriate action (supported by legal advice) on the basis of the evidence that is found.  Hugues emphasized the importance of companies being ready and having a proper system in place to run internal investigations.  The robustness of evidence gathering was mentioned as a key point: any data being used for an investigation has to be correctly imaged in accordance with relevant data protection laws (which vary in each country).  The paramount importance of data being correctly captured, stored and managed emphasizes the need for expert external IT teams.

As the IT landscape continues to evolve, electronic evidence providers need to adapt their processes to be able to extract data from a wider and wider range of electronic devices.  To have the best chance of locating the ‘smoking gun’ early collaboration with IT providers is increasingly necessary.

Don’t miss our next webinar on 14 May which focuses on Dawn Raid Survival.  Practical tips will be discussed and shared amongst our panel of European experts including Dr Thomas Kapp (partner at Luther, Stuttgart), Julie Catala Marty (partner at Bird & Bird, Paris), and Rainer Ziener (Computer Forensic Consultant – Kroll Ontrack, Germany) so do join us again on May 14th!

About James Farnell

Qualified solicitor (commercial and intellectual property law) with four years international business development experience following four years of legal practice. Experienced in analysis and research of new business opportunities and developing new business strategy. Excellent project and people management skills. Successful record in developing new business products and revenue streams within the legal sector.

Mobile Forensics – What should companies be doing?

Mobile Forensics

Mobile Forensics

Anyone who’s tempted by the ‘There’s an app for that’ message from Apple eventually succumbs to the lure of an iPad® or iPhone®, believing (usually correctly) that their home and work lives will be transformed forever.  But as the newer versions of Apple’s ubiquitous devices continue to take the personal and business worlds by storm, it becomes increasingly important to understand the unique way in which they retain and share information.  Companies need to be aware of the security risks they present and to keep in mind the evidence trails they create.  According to the Kroll Fraud Report information theft is one of the most widespread categories of fraud currently facing companies and it’s not just customer data being stolen but also internal strategic company data and internal financial plans or data.

What information can you get off these devices?

Most mobile devices use technology similar to that used on a personal computer. As a result, nearly any kind of file or program that can be saved and run on a computer can also be saved and run on a mobile device.  iPhones and iPads (and more generally, devices that use Apple’s iOS operating system) are capable of being forensically analysed.  Exactly what you can get out of them varies depending on the particular version of iOS, how the device is set up with regard to encryption and other factors. There are, however, specific technical approaches and forensic protocols applicable to the IOS (and Android and Windows mobile) environments and companies like ours have made investments in the specific hardware and software needed to keep up with the evolution of these operating environments.

The challenges presented by mobile forensics

The iPad features solid-state device (SSD) memory and, similar to the iPhone, manages data within SQL database files. This storage process makes it difficult to forensically retrieve deleted information from an iPad, because the data is essentially locked down, requiring forensic investigators to gain access to raw data in order to retrieve the deleted information.  For the iPhone and iPad, tools to carry out this process have only recently become available to forensic investigators. The majority of commercially available forensic tools for the iPhone and iPad perform a backup of selected data contained on the device. This results in the partial extraction of user data, but does not allow forensic investigators to recover the majority of the deleted data.  Forensic tools that do allow for the recovery of deleted data have only recently appeared on the market.

Of the many “apps” these devices run, some are harmless, fun and useful, and others are poised to turn traditional forensic investigation on its head.   For example Dropbox® allows users to upload files into the Dropbox app from their mobile device. From there, the app automatically copies the files onto the user’s online Dropbox account, which is accessible from any device with internet access, anywhere in the world. In the corporate world, individuals could use this technology to capture and transfer confidential information. Even if the activity is suspected and the device can be seized for forensic examination, data transfer methods like Dropbox are often easily overlooked and instead investigators turn to email and the use of removable media.  Furthermore, iPads are equipped with the same remote wipe function found on the iPhone. If a seized device is not properly isolated from its network, this highly effective function allows users to send their device a command to permanently erase its contents – stopping any forensic investigation in its tracks.

And all of the signs are that Apple will continue to improve the safety and security aspects of the iPad as it competes for market share with other vendors such as Samsung. Mobile forensics experts are already anticipating new challenges from the introduction of next generation devices and iOS 6.

What should companies be doing?

Powerful tools such as the iPad emphasise the need for companies to fully understand the capabilities of the technology they choose to implement. If misconduct is suspected within a company (whether that be the theft of information or the involvement of employees in fraud, anti-competitive behaviour or corruption) it is important to determine quickly whether the subject of the investigation is using a tablet or smartphone device such as an iPad or iPhone.  If so, and the company has the ability to seize or access the device it should be handled by an expert in mobile forensics.  These devices provide additional ways in which individuals can take proprietary information with little to no trace left behind and also new evidence trails that forensic experts can tap into to work out what has been going on. As the usage of iPads in the BYOD corporate environment continues to grow, they will continue to present challenges to information security and opportunities to forensic investigators that companies cannot ignore.

About Graham Jackson

As a Legal Consultant at Kroll Ontrack, I promote our computer forensic and ediscovery services to both corporate companies and law firms. This is to support any form of their electronic evidence needs, whether that is advising our clients to help prepare in advance of an electronic incident occurring, a real time incident such as data theft, or advise on the best course of action in dealing with post incident response to better protect against future occurrence.

Electronic evidence in Continental Europe

Andrew Szczech - Kroll OntrackAs the first of our series of webinars about the use of electronic evidence in Europe is about to start (Tuesday 30 April), I thought it would be a good time to say a few words on the subject.  For our webinar series, we have been able to bring together a prestigious group of representatives of international companies and legal practitioners (along with our own e-discovery experts) to have an open discussion about how e-discovery technology is being used in Europe.  Given the calibre of the speakers, the discussions are set to be highly informative, and I’m very pleased to be moderating this discussion.

Having worked in this business for over nine years, we are seeing a number of ways in which e-discovery technology is assisting our clients in Europe.  Whilst the appetite for e-discovery technology here does not yet match that of the UK, or the US (the legal systems in Europe generally being of inquisitorial nature rather than adversarial) – electronic evidence still has an important part to play.

The main area in which we see the bulk of activity is (understandably due to the volume of documents involved) assisting clients to respond to EU competition investigations (both by local competition authorities and the European Commission).  These require a rapid response rate and the requisite experience to put in place the right strategy to deliver the results required.  However, in addition to responding to regulators, we have increasingly assisted companies to perform their own ‘internal audits’ in order to flush out any potential issues and deal with these (either through leniency applications to the authorities or even sometimes immunity) before any intervention by the authorities.  Another separate angle for e-discovery is that with the proliferation of different modes of communication in use today, from use of personal devices (iPads, iPods, Android phones and tablets) but also messaging systems (Reuters, Bloomberg, Instant Messenger, etc),  companies and law firms can benefit from the proper management of electronic evidence – whether this is helping to prevent theft of intellectual property, finding a key piece of evidence that supports your case, or simply checking that the business is running as it should.

Navigating the complex data protection laws in Europe when moving data across borders can prove challenging, but there are always practical approaches that can be adopted to overcome these obstacles.

I’m proud to say that our European team is growing, and that our new member, James Farnell, joins us a Legal Consultant for Continental Europe.  James is a UK qualified solicitor and will initially be working with us in Brussels and the Nordics.

I hope you can join us next week for the start of our European webinars series, Staying a Step Ahead of the Regulators, and will look forward to updating you on my next post.

About Andrew Szczech

Andrew Szczech, Director of Legal Technologies Services, EMEA, is responsible for the business development of Kroll Ontrack's legal technologies business in Europe, focussing on the provision of electronic evidence services to law firms and corporates. These services include e-discovery, computer forensics and consulting which are provided in order to assist clients in multiple practice areas including dispute resolution and antitrust. Frequently, there is a need for solutions to address complex cross border data protection challenges. Andrew also manages the growth and development of global accounts throughout Europe.