Since the 2006 amendments to the Federal Rules of Civil Procedure, which made explicit the discoverability of electronically stored information (ESI), a robust body of case law has developed addressing nearly every aspect of electronic-discovery practice. Courts have considered and decided such issues as when the duty to preserve ESI arises, the appropriate allocation of the costs of e-discovery, the sanctions appropriate for failing to satisfy one's ediscovery obligations, and, most recently, whether the use of more efficient review methodologies, such as predictive coding, can satisfy a party's e-discovery obligations. See, e.g., Zubulake v. UBS Warburgm, LLC, 229 F.R.D. 422 (S.D.N.Y. 2004); Sean M. Georges, "Zubulake and E-Discovery: Did You Get Your Wake-Up Call?" 50-Oct Res Gestae 12 (Oct. 2006); Kenneth J. Withers, "Electronically Stored Information: The December 2006 Amendments to the Federal Rules of Civil Procedure," 7 Sedona Conf. J. 1 (Fall 2006); Ophir D. Finkelthal, "Scope of Electronic Discovery and Methods of Production (pt. 3)," 38 Loy. L.A. L. Rev. 1591 (Summer 2005); Moore, et al. v. Publicis Group SA, et al., No. 11-1279 (S.D.N.Y. April 26, 2012).
Receiving less attention has been the topic of the admissibility of ESI at trial. To be sure, business litigators are indebted to Chief Magistrate Judge Paul Grimm for his thorough dissertation on the topic in his 2007 decision in Lorraine v. Markel American Insurance Co., 241 F.R.D. 534 (D. Md. 2007). But although Judge Grimm provided an authoritative exposition on the rules and case law governing the admissibility of ESI at trial and on summary judgment, his decision was not a mechanical how-to guide for trial lawyers.
The following two sample direct examinations of authenticating witnesses illustrate the mechanics of admitting ESI at trial. The first addresses the mechanics of admitting email when the authenticating witness is not particularly cooperative. The second addresses the critical issue of maintaining the chain of custody for the proffered ESI sufficient to show the information was not altered or tampered with from the time it existed on the computer from which it was extracted to the time it is offered at trial.
These sample examinations relate to a familiar fact pattern: a former employee now working for a competitor. Imagine you represent the former employer, Corporation, in an action against Former Employee and Competitor alleging claims for misappropriation of trade secrets, breach of contract, breach of fiduciary duty, and tortious interference. During his employment with Corporation, Former Employee was a sales professional privy to Corporation's confidential sales strategies, pricing, and customer lists. Despite signing a noncompete agreement when he began his employment with Corporation, Former Employee ultimately left Corporation for a similar position with Competitor. Corporation has since lost a number of key clients to Competitor.
During discovery, Corporation forensically imaged Former Employee's laptop computer. From that imaging, Corporation obtained a number of emails, including a smoking-gun email exchange sent one week before Former Employee left Corporation to work for Competitor.
That email exchange reads as follows:
From: CEO@competitor.com
Sent: Thursday, November 10, 2011, 9:04 AM
To: formeremployee@gmail.com
Subject: Employment offer
We are prepared to offer you a base salary of $80,000. We recognize this is only $5,000 more than your current salary with Corporation, but we are confident the intangible benefits of working here will make the change worthwhile.
Best regards,
CEO
From: formeremployee@gmail.com
Sent: Thursday, November 10, 2011, 10:12 AM
To: CEO@competitor.com
Subject: Re: Employment offer
As we've discussed on several occasions, if you want me to deliver Corporation's key clients to you, it's going to cost you more than $80,000. Please make an offer that better reflects what I'm bringing to the table.
FE
At trial, you call Former Employee to testify regarding the email. He testifies that he began working for Competitor on November 17, 2011, but denies using the promise of delivering Corporation's clients to Competitor to negotiate a higher salary. You intend to confront Former Employee with the November 10 email exchange and ask the court to admit the email into evidence. But how?
Initially, and as with all documentary evidence, you need to consider carefully how you plan to use the email at trial, taking into account its relevance (Fed. R. Evid. 401), anticipating hearsay objections (Fed. R. Evid. 801), addressing best-evidence concerns (Fed. R. Evid. 1003 & 1001(e)), and tailoring your authentication efforts accordingly.
Fortunately, as with more conventional evidence, establishing the relevance of email simply requires a showing that the email has "any tendency" to make a consequential fact more or less probable. Fed. R. Evid. 401. But nearly all email exchanges raise hearsay concerns, and embedded email chains, like the one quoted above, have the potential to raise unique issues. Consider, for example, an email chain in which a defendant writes to a third party, "looking forward to meeting with you tomorrow," and the third party responds the following afternoon, "it was great to meet you this morning." If offered to prove that a meeting took place between them on the morning in question, the defendant's email will be admissible as the statement of a party opponent (Fed. R. Evid. 801(d)(2)(A)), but the third party's reply is hearsay. On the other hand, if offered only to establish that the parties corresponded, neither portion of the chain would be hearsay. For best-evidence purposes, email is rarely problematic, as the evidence rules expressly provide for the admissibility of duplicates produced by an electronic process that accurately reproduces the original unless the circumstances would make it "unfair to admit the duplicate." Fed. R. Evid. 1003 and 1001(e).
More Than One Path to the Finish Line
As with other forms of evidence, email must be properly authenticated to be admissible. In a perfect world, a witness would definitively confirm that the email offered into evidence is an accurate copy of the email he or she previously sent or received. See Fed. R. Evid. 901(b)(1). But witnesses can be fickle when it comes to answering questions about email, particularly damning email, often hedging their bets and making statements such as "I may have sent that email, but I just can't be sure."
With these witnesses, courts routinely permit a party to authenticate an email by establishing distinctive characteristics regarding the email and the circumstances surrounding it. Did the witness ever communicate with the sender/receiver by email? Did they ever communicate regarding the subject matter of the email? Did such communications take place at or around the date of the proffered email? Did the witness use the sending/receiving email address identified on the email? Was it used at or around the date of the email? Does the witness recall the communication referenced in the email? And, importantly, does the witness have any reason to doubt that he or she sent or received the email? See Fed. R. Evid. 901(b)(4). Remember, the key to authenticating an email is simply to provide sufficient information to support a finding that the email is what you say it is.
With these considerations in mind, you proceed with the testimony of Former Employee necessary to authenticate the November 10 email exchange and to ask the court to admit it into evidence:
YOU: You've been handed what's been marked as Plaintiff's #1 for identification. Can you tell me what this document is?
EMPLOYEE: It looks like an email from me responding to an email from Competitor's CEO, but I just can't be sure.
YOU: Do you recall sending this email?
EMPLOYEE: Not specifically, no.
YOU: Do you have any reason to believe you did not send this email?
EMPLOYEE: No.
YOU: The email address here—formeremployee@gmail.com—is that your email address?
EMPLOYEE: It was.
YOU: Did you use that email address in November 2011?
EMPLOYEE: Yes, I'm sure I did.
YOU: Did you ever use that email address to send an email to Competitor's CEO?
YOU: Was that in November 2011?
EMPLOYEE: I believe so.
YOU: What address did you use for Competitor's CEO when you emailed him?
EMPLOYEE: I don't recall.
YOU: Was it CEO@competitor.com?
EMPLOYEE: I assume so.
YOU: Are you currently employed by Competitor?
EMPLOYEE: Yes, I am.
YOU: And when did your employment start?
EMPLOYEE: November 17, 2011.
YOU: In the course of your employment, do you communicate with the CEO by email?
EMPLOYEE: Yes.
YOU: What email address do you use to communicate with the CEO?
EMPLOYEE: I believe it's CEO@competitor.com.
YOU: Before you joined Competitor, did you discuss with the CEO the compensation you would receive if you went to work for Competitor?
EMPLOYEE: Sure.
YOU: Were those discussions in November of 2011?
EMPLOYEE: Some were.
YOU: Were any of those discussions by email?
EMPLOYEE: Yes.
YOU: Can you please read this email exchange starting with the CEO's email to you, followed by your response?
EMPLOYEE: [complies]
YOU: Does this email exchange refresh your recollection as to whether you used the promise of driving Corporation's clients to Competitor to negotiate a higher salary with Competitor?
EMPLOYEE: Did I send this email? Probably. But I wasn't trying to hurt anyone. I just wanted to be paid what I thought I was worth.
YOU: Your Honor, I ask that the document marked for identification as Plaintiff's #1 be admitted into evidence as Plaintiff's Exhibit 1.
THE COURT: Any objections? None? The document is admitted.
Despite Former Employee's resistance, you were able to elicit testimony regarding the email's distinctive characteristics and context sufficient to convince the court that the email is what you say it is and, therefore, that the email is admissible.
Avoiding Missteps on the Path to the Finish Line
Now consider a slightly different scenario. Former Employee challenges the authenticity of the email, claiming that Corporation cannot establish that the copy of the email offered at trial is a copy of the actual email exchange between him and the CEO that Corporation claims to have obtained from his laptop. So how does Corporation convince the court otherwise?
An important step in this process is establishing the chain of custody of the email from the time it resided on Former Employee's computer to its being offered into evidence at trial. This may require testimony from an authenticating witness familiar with the means by which a copy of the email was obtained from the computer and how the email was handled in the discovery process.
Often, the solution is to call a representative of your e-discovery vendor at trial:
YOU: Were you employed in November 2011?
VENDOR: Yes.
YOU: By whom?
VENDOR: Electronic Discovery Specialists, or EDS.
YOU: What does EDS do?
VENDOR: We're hired by law firms to assist with data preservation, collection, processing, and production in litigation.
YOU: Were you hired in connection with this case?
VENDOR: Yes. Your client, Corporation, hired me back on November 18, 2011.
YOU: What were you hired to do?
VENDOR: I was asked to image the hard drive of a laptop I was told was used by Former Employee.
YOU: At some point, did Corporation make the laptop available to you?
VENDOR: Yes, on November 19.
YOU: What, if anything, did you do with the laptop when it was made available to you?
VENDOR: Following industry standards, I made a forensic image of the laptop's hard drive.
YOU: Did you use a particular computer program for that purpose?
VENDOR: Yes, I used OneCase, a program that permits e-discovery professionals to make an exact duplicate of a computer's hard drive without altering any of the data during the process.
YOU: Before using OneCase on the laptop here, had you ever used it before?
VENDOR: Yes, I was on the development team that created OneCase. It's a proprietary EDS product. I've used it many times to do the same thing I was asked to do here, make a forensically sound image of a computer hard drive.
YOU: As part of the development process, did you test OneCase to determine whether it worked as you intended it to work?
VENDOR: Absolutely, it went through rigorous testing, both internally and by an outside company that tests and certifies software applications for law enforcement and governmental entities, and we perform this testing every time we update the software. OneCase was certified back when we developed it, and it has been certified every year since.
YOU: During this testing and certification process, were any deficiencies or problems identified with the software?
VENDOR: No, never.
YOU: On how many occasions before this case had you used OneCase to make a forensically sound image of a computer hard drive?
VENDOR: I would conservatively estimate about 250 to 300 times.
YOU: And during those 250 to 300 times, did you ever experience a failure with the OneCase software inasmuch as it failed to make a forensically sound image of a computer hard drive?
VENDOR: No, never.
YOU: In this case, after you used the OneCase software to image Corporation's hard drive, did you do anything to test whether a forensically sound image of the hard drive had been created?
VENDOR: Yes, we always QC the process, using another software tool to compare, bitby-bit and byte-by-byte, the image of the hard drive with the contents of the actual hard drive. We found that they matched identically.
YOU: So what, if anything, did you do with the image of the laptop's hard drive after you made it?
VENDOR: I immediately loaded it onto a new, fresh-out-of-the-box, external hard drive. I marked that hard drive with the date and time of the imaging, noting that I performed the work, and I noted the make, model, and serial number of the machine from which I took the image. I then sealed the hard drive in an evidence pouch and drove the hard drive to my office, where I placed the pouch into my company's safe. Each of us techies has our own safe, and we don't share combinations. The following morning, I opened the safe, took out the pouch, found it intact. I opened the pouch and connected the hard drive to my computer. From there, I ran searches on the data using keywords that your office provided to me, and I extracted all of the files that had keyword hits. I then loaded those files onto a review tool, and, at your request, I printed hard copies of all emails that Former Employee sent to or received from Competitor's CEO. Once printed, I drove to your office and handed the copies to you.
YOU: Before you came in here today, did I ask you to do something for me?
VENDOR: Yes, you gave me a copy of the email you pre-marked as Plaintiff's #1 and asked me to check the review tool onto which I loaded the files from Former Employee's laptop to confirm that Plaintiff's #1 is an exact duplicate of the same November 10 email on my system.
YOU: And did you do that?
VENDOR: Yes, I did.
YOU: And what did you find?
VENDOR: It's an exact duplicate.
Effectively establishing the chain of custody leaves little room for Former Employee to challenge the authenticity of the smoking-gun email.
Crossing the Finish Line
As these examinations reveal, the process for admitting ESI into evidence at trial involves largely the same considerations as admitting more conventional discovery materials. If you are attuned to the ways in which ESI may raise unique issues, you need only approach ESI with the same reasoned assessment of the relevance, hearsay, best evidence and authentication concerns that you would undertake for any other trial evidence.
Originally published in American Bar Association Summer 2012.
Keywords: litigation, business torts, e-discovery, authentication, admitting evidence
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
