Forensic Fishing Expedition Rejected

An employer recently tried to use e-discovery to its advantage, but did so in an unconvincing fashion, and failed. The district court rejected its motion to compel the forensic examination of the plaintiff’s home computer as a mere “fishing expedition.” Hedenburg v. Aramark American Food Services, 2007 U.S. Dist. LEXIS 3443 (W.D. Wash. Jan. 17, 2007).

Hedenburg is an employment discrimination case where the employer sought a mirror image of the employee’s personal computers. The employer wanted the cloned drives examined by a computer forensic expert serving as a special master. The forensic master would then prepare a report with built-in privacy safeguards to protect the employee’s non-responsive and privileged ESI along the lines set forth in Playboy Enterprises v. Welles, 60 F. Supp.2d 1050 (S.D. Cal. 1999).

The employer argued that forensic examinations of employee’s personal computers are common in employment cases, and was needed here to search for personal emails and web posts that might be inconsistent with plaintiff’s claims of sexual discrimination and emotional distress. The defendant, however, failed to establish valid factual grounds for the intrusive discovery requested, and so the Court easily distinguished the cases defendant relied upon, including the seminal Playboy case. Playboy was distinguished because the defendant in Hedenburg made no convincing showing that the forensic exam was likely to uncover discoverable evidence, and further failed to show any kind of nexus between the claim and the computers sought to be examined.

The three cases which the employer here choose to argue were interpreted and rejected by the court as follows:

The common thread of these cases is that a thorough search of an adversary’s computer is sometimes permitted where the contents of the computer go to the heart of the case. This court has in other cases permitted mirror image searches of computers where, for example, one party demonstrates the likelihood that trade secrets were forwarded to or sent by it. Here, the central claims in the case are wholly unrelated to the contents of plaintiff’s computer. Defendant is hoping blindly to find something useful in its impeachment of the plaintiff.

Blind hope may be a fisherman’s credo, but it is never good grounds for a forensic examination. The court concluded with an analogy of a paper files search equivalent of the electronic discovery here requested:

Plaintiff has responded that she has made a diligent search for her computer files, and contends that she does not have additional information. Defendant essentially seeks a search warrant to confirm that Plaintiff has not memorialized statements contrary to her testimony in this case. If the issue related instead to a lost paper diary, the court would not permit the Defendant to search the plaintiff’s property to ensure that her search was complete. The Motion to Compel is DENIED.

Court Disapproves Defendant’s “Hide the Ball” Discovery Gamesmanship

A recent case in Ohio illustrates a poor electronic discovery strategy by a defendant employer in a wrongful termination case. May v. Pilot Travel Centers,LLC, 2006 WL 3827511 (S.D. Ohio December 28, 2006). The defense here has seriously annoyed the presiding district court judge, who, right or wrong, is now convinced that missing electronic records are evidence that the defense has engaged in “hide the ball gamesmanship and deception.”   

The plaintiff here, a Wendy’s franchise restaurant manager, alleged that he was fired for exercising his rights to be with his newborn child under the Family and Medical Leave Act. The employer defended by claiming that the discharge was for cause.  The employer claims the manager had been using the restaurant’s computer to “cook the books” electronically.  The manager was alleged to have altered the records to make the restaurant look more profitable.  In this way, he was able to increase his formula bonus payments.  For instance, the plaintiff was alleged to have altered vendor payment dates, and to have revised employee time records to avoid overtime compensation.

After the discovery period ended in nine months, apparently with no discovery disputes, the defendant moved for summary judgment.  The plaintiff responded with a motion for sanctions for spoliation, alleging that defendant had destroyed evidence, namely some of the computer records at issue in the case.  The defendant employer responded vigorously to the sanctions motion.  It moved to strike the affidavit supporting the motion, and to be awarded attorney fees because it alleged the sanctions motion was meritless and filed in bad faith.

Defendant first made a procedural argument, correctly pointing out that there had been no motion to compel, not even a phone call from plaintiff’s counsel.  Defendant argued that because of these omissions there was no basis for a sanctions motion.  The court  disagreed with this procedural argument.  Aside from parsing a construction of the local discovery rules involved, the court was strongly influenced by the fact that defendant produced new evidence after the plaintiff filed his motion for sanctions.  The court referred to this as a “curiously belated supplementation” and held:

The suspect timing of Defendant’s post-motion supplementation suggests improper conduct. The documents were in Defendant’s possession and should have been turned over far before they were. Defendant’s violation of its duty to supplement in a timely manner was neither harmless nor substantially justified. This Court therefore finds Defendant’s conduct to be sanctionable.

The Court was also disturbed by defendant’s arguments that some of the documents were not previously produced because they were not specifically requested, pointing out the mandated initial disclosure requirement under Rule 26(a)(1)(B). The Court was also disturbed by what it called the defendant’s “coy avoidance” of whether it had destroyed computer records as plaintiff alleged.  Apparently the defense responded to the spoliation accusations by stating that the “documents might have been lost when defendant converted to a new computer system.”  That response did not go over well.  The court stated:

If the records exist, then Defendant should know this and must produce them. If the records no longer exist in any form, then Defendant should be able to provide this answer and an explanation as to how and why the records were destroyed-and by whom. To avoid the answer by blaming Plaintiff at this juncture creates an inference of gamesmanship that disturbs this Court.

The district court buttressed its holding by reliance on the Sixth Circuit’s remarks:

The Sixth Circuit has recognized that “[o]ur system of discovery was designed to increase the likelihood that justice will be served in each case, not to promote principles of gamesmanship and deception in which the person who hides the ball most effectively wins the case.” Abrahamsen, 92 F.3d at 428-29.

Employer Allowed To Mirror Employees’ Home Computers and Obtain Inaccessible ESI

A District Court in Missouri became one of the first in the country to employ the new inaccessibility analysis under Rule 26(b)(2)(B). Ameriwood v. Liberman, 2006 WL 3825291, 2006 U.S. Dist. LEXIS 93380 (E.D. Mo., Dec. 27, 2006). The plaintiff in another trade secret theft case moved to compel the defendants (former employees of plaintiff) to allow a complete mirror image inspection of the hard drives on all of their computers, including their home computers, and other portable storage devices (like thumb drives). The defendants objected on the basis that the mirror imaging sought constituted a request for inaccessible data, was unnecessary and intrusive.

A mirror image of a hard drive is an exact duplicate of the entire drive, including deleted files, slack and free space. Id. at fn. 3. A trained computer forensic expert can examine a mirror image of a drive and reconstuct files that have been deleted, thus transforming them from inaccessible to accessible. This process can, however, be quite expensive. As a general rule, mirroring or inspection of an entire hard drive is not permitted without good cause. It is analogous to allowing a requesting party to inspect an entire paper filing cabinet, instead of just the particular files in the cabinet that are relevant, and search the garbage cans too.

Still, in this case the court granted the employer’s motion because: (1) of the close relationship between the plaintiff’s claims and the defendant’s computer equipment; (2) facts placing in doubt that all responsive documents have been produced; and, (3) Plaintiff’s willingness to pay for the expert forensic examination costs involved in the mirroring.

The court followed the new burden shifting analysis of new Rule 26(b)(2)(B) to reach this result. The Rule provides:

On motion to compel discovery . . . , the party from whom discovery is sought must show that the information is not reasonably accessible because of undue burden or cost. If that showing is made, the court may nonetheless order discovery from such sources if the requesting party shows good cause, considering the limitations of Rule 26(b)(2)(C). The court may specify conditions for the discovery.

The defendants first argued that they had already searched their ESI and produced all discoverable ESI and thus there was no need for a complete mirror image production too. In essence, they argued that this was “just a fishing expedition” not permitted under the rules. Plaintiff effectively countered by producing an email to defendants that they had obtained by subpoena of a third party. This email should have been in defendants’ custody and produced by them, but it was not. This cast doubt on the completeness of defendants’ production, and thus supported plaintiff’s argument that the mirroring was needed.

Defendants next argued that the mirror was a request for ESI not reasonably accessible to them because of undue burden and cost. Defendants supported this objection with affidavits of the significant costs involved in mirroring all of their computers and drives, recovering deleted information and then translating it into reviewable formats. The court agreed that defendants had established that the ESI requested was inaccessible to them under Rule 26 (b)(2)(B). But, that is not the end of the analysis. The rule goes on to still allow discovery of inaccessible data if the requesting party, here the plaintiff, shows good cause.

The plaintiff sustained this burden under the seven point good-cause inquiry suggested by the advisory committee notes to the rule. The third criteria was particulary persuasive in this case: “(3) the failure to produce relevant information that seems likely to have existed but is no longer available on more easily accessed sources.” This factor was met by the email produced by the third party, but not by defendants.

Good cause for the mirroring requested was also found in the allegations of the complaint itself, in that the trade secret theft here was allegedly accomplished by the computers in question. As the court explained:

Furthermore, in cases where a defendant allegedly used the computer itself to commit the wrong that is the subject of the lawsuit, certain items on the hard drive may be discoverable. Particularly, allegations that a defendant downloaded trade secrets onto a computer provide a sufficient nexus between plaintiff’s claims and the need to obtain a mirror image of the computer’s hard drive. . . . .In the instant action, defendants are alleged to have used the computers, which are the subject of the discovery request, to secrete and distribute plaintiff’s confidential information. How and whether defendants handled those documents and what defendants did with the documents is certainly at issue. The Court recognizes defendants’ privacy concerns over the information contained on their computers, but finds that the procedure below in addition to the Court’s protective order sufficiently addresses these interests.

In performing the good-cause inquiry, the Court is also permitted to set conditions for discovery, including but not limited to payment by the requesting party of part or all of the reasonable costs of obtaining information from the sources that are not reasonably accessible. See Fed. R. Civ. P. 26(b)(2) advisory committee’s note. As plaintiff does not object to incurring the costs for the requested procedures and defendants do not perform these procedures in the regular course of their business, plaintiff will incur the costs involved in creating the mirror images, recovering the information, and translating the information into searchable formats, as described below. For the above reasons, this Court finds that plaintiff has shown good cause to allow it to obtain mirror images of defendants’ hard drives under the following conditions.

The court then set forth conditions designed to protect the privacy rights of defendants to the ESI on their computers, including their home computers. The court followed the procedures set forth by the seminal case in this area, Playboy Enterprises v. Welles, 60 F. Supp. 2d 1050, 1054 (S.D. Cal. 1999). Essentially, a third party expert does the exam and restoration, and then turns over a copy to defendants’ counsel of all ESI found and recovered, including deleted files. Defendants then review the restored ESI and produce all data responsive to discovery requests, and log any responsive but privileged ESI. Thereafter plaintiff may file motions to compel if warranted.

Thumb Drive Used To Misappropriate Trade Secrets; ‘Deduplication’ Used as an Excuse for Not Returning All ESI Taken

An e-discovery injunction case in Houston has an interesting fact scenario involving an employee’s illegal use of a “thumb drive” to misappropriate an employer’s trade secrets. Anadarko Petroleum Corp. v. Davis, 2006 WL 3837518 (S.D. Tex., Dec. 28, 2006). It also involves what is, to my knowledge, the first successful use of a “deduplication” defense.

A thumb drive as you probably know is a USB device for the flash memory storage of data. They can hold vast amounts of data in a small, hard to detect device. These flash memory drives are usually the size of a thumb, and thus the name. The one pictured above is a novelty version actually fashioned in the shape of a thumb as a joke.

Deduplication is the process of identifying electronically stored information (”ESI”) files that are exactly the same and eliminating them from production. This filtration process is an important tool of efficiency in e-discovery collection and review because it is not uncommon for a computer to contain multiple copies of the same file. Deduplication is made possible though a unique mathematical algorithm as explained in the “Hash” Blog Page above.

The employee defendant in this case, Billy Davis, used his thumb drive to take confidential information from his employer’s computers on his last day of work. Davis then transferred the proprietary ESI onto his personal lap top, and from there onto his new employer’s desk top computer, and then onto its servers. When the former employer found out what had happened, it filed suit against both Davis and his new employer for, among other things, theft of trade secrets, and sent out a preservation letter. The three page letter demanded the preservation of all data on the employee’s and new employer’s computers, including even deleted files. The employee received the letter and consulted an attorney on what to do. The attorney advised Davis to transfer all of the files back onto the thumb drive, so that he could return them - so far so good. But the attorney also supposedly advised Davis to delete all of the files on his new employers servers, desktop and his laptop. This is the exact opposite of the preservation demanded by the plaintiff’s letter (and the law).

At an emergency preliminary injunction hearing a few days after the suit was filed, Davis turned over the thumb drive to the plaintiff with the representation that this constituted all of the ESI taken, Davis also testified that he had deleted all other copies of the ESI. The defendants, both Davis and his new employer, also consented to an injunction requiring the return and full accounting of all ESI taken, and a forensic examination of all of their computers to verify that all of the ESI had in fact been removed as represented.

At a later temporary injunction hearing, the plaintiff asked to have the injunction strengthened to, among other things, prohibit Davis’ employment and competition on the basis of his alleged bad faith theft of trade secrets. The Judge rejected that because: 1) he believed Davis’ testimony that he had never actually used the data, at least not the confidential parts; and 2) he believed Davis’ testimony that he had returned all of the ESI taken. There was considerable reason to doubt that later assertion because Plaintiff’s forensic examination of its computers showed that 7.21 gigabytes had been downloaded by Davis, whereas the thumb drive returned contained only 1.14 gigabytes of data. Davis, who must have been a very credible witness, explained the missing five gigabytes of data with the explanation that he eliminated all redundant, duplicate files when he loaded the files back onto his thumb drive. In other words, he successfully employed a “deduplication” defense, the first I have ever heard of in a case like this. The Judge found the testimony credible, and denied the injunction requested for now, but left the issue open upon completion of the forensic examination. Obviously if the exam seriously impeaches Davis’s testimony, and shows the deduplication excuse was a sham, the court will reconsider its ruling.

The plaintiff also sought sanctions for the spoliation that occured in disregard of the preservation letter. The Judge agreed that the ESI should not have been deleted, that it should have been preserved, but denied sanctions because he found no credible evidence of bad faith destuction of evidence, at least not yet. In the words of the court:

This is an unusual set of facts for a spoliation claim. In most cases in which a party asserts that the alteration or deletion of electronically stored information amounts to spoliation, the party wanted that information to remain available in the form that it was maintained by the other party. In this case, by contrast, Anadarko specifically asked Davis and GeoSouthern to return all the electronically stored confidential and proprietary information Davis had taken from Anadarko and to prevent anyone at GeoSouthern from accessing or using that information. That request makes it necessary for GeoSouthern to make the Anadarko information Davis had placed on the GeoSouthern computer system inaccessible, which requires that such information be deleted. The second aspect that distinguishes this case from the typical spoliation case is that at the same time Davis deleted the information from the GeoSouthern computers and his own laptop, he testified that he placed the information on a thumb drive and delivered it to Anadarko. In most spoliation cases, when information is deleted, no other record of its existence is created, much less promptly produced to the other side. The third aspect that distinguishes this case is that Davis and GeoSouthern have agreed to allow Anadarko to conduct a forensic audit of their computer systems to ensure that no proprietary or confidential Anadarko information remains accessible and to ensure that Davis returned all that he took. . . . .

Anadarko asserts that it is harmed because it cannot verify that all the information Davis took has in fact been returned. Their contention is supported, at least superficially, by the discrepancy in the volume of electronically stored information Davis took compared to what he returned. . . . .

The alleged spoliation currently does not support the issuance of a broader injunction than is presently in place to protect Anadarko’s trade secrets from unauthorized use or disclosure. Because the parties’ computer experts are still conducting their forensic examination of GeoSouthern’s and Davis’s computers, the record necessary to rule on the spoliation motion and determine whether and what sanction should issue is incomplete. This court orders Anadarko to supplement its motion for sanctions within 30 days of the completion of the forensic analysis.

World’s Largest Data Repositories

Business Intelligence Lowdown purports to rank the “Top 10 Largest Databases in the World” as of February 2007.  Of course, no one really knows who has the largest repositories of data, including both paper and electronically stored information (”ESI”), but this article presents an educated guess.  It differs substantially from a prior 2005 list of the largest databases compiled by the Winter Corporation.  The 2005 list ranked Yahoo number one, whereas it is not even included in the 2007 list.  Some of the other choices are surprising too, especially their guess as to who has the most ESI, essentially the “weatherman.”  Their supposition that the tenth largest repository is the venerable Library of Congress is also almost certainly wrong, since it is generally accepted that most large corporations today have far more information stored in their computers than the equivalent of the entire paper and digital collection of the Library.  Still, it helps to include the Library because it provides a benchmark to try to grasp the enormity of the other repositories. 

Here are the rankings in reverse order, with a little detail provided on the tenth and first places: 

10. Library of Congress.  According to the Library of Congress (whose main public reading room is shown above), it is the largest library in the world, with more than 130 million items on approximately 530 miles of bookshelves. The collections include more than 29 million books and other printed materials, 2.7 million recordings, 12 million photographs, 4.8 million maps, and 58 million manuscripts. The Library expands at a rate of 10,000 items per day, and takes up close to 530 miles of shelf space.  
9. The Central Intelligence Agency.
8. Amazon.
7. You Tube.
6. Choice Point.
5. Sprint.
4. Google.
3. AT&T.
2. National Energy Research Scientific Computing Center.
1. The World Data Centre for Climate.  This ESI is located on one of the world’s largest supercomputers owned by the Max Planck Institute for Meteorology and German Climate Computing Centre. The WDCC has 220 terabytes of data readily accessible on the web, including information on climate research and anticipated climatic trends, as well as 110 terabytes (or 24,500 DVDs) worth of climate simulation data. In addition, six petabytes worth of additional information are stored on magnetic tapes for easy access. According to Business Intelligence Lowdown, six petabyts is 3 times the amount of ALL the U.S. academic research libraries’ contents combined. 

Revolutionary Effect of Revised Rules 16(b), 26(f)?

The December 1, 2006, amendments to the rules include small additions to Rule 26(f) governing ”meet and greet” attorney conferences, and Rule 16(b) governing scheduling conference hearings. These revisions were short and not particularly controversial, and yet e-discovery experts Adam Cohen and David Lender, call them “revolutionary in effect.” Rule 16(b) was simply revised to add  a new subsection five stating that the scheduling order may include: ”(5) provisions for disclosure or discovery of electronically stored information.” Rule 26(f) was just revised to add a new subject for the attorneys to discuss: “(3) any issues relating to disclosure or discovery of electronically stored information, including the form or forms in which it should be produced.”

Cohen and Lender are the authors of Electronic Discovery: Law and Practice.  They add a prediction in the just released 2007 Supplement that these additions to Rule 26(f) and 16(b):

are likely to be revolutionary in their effect - elevating electronic discovery to front and center status in many federal court litigations, and potentially “front loading” and defusing many disputes about electronic discovery.

Electronic Discovery,Section 2.03[D], 2007 Supplement, Aspen Publishers.  Cohen and Lender go on to explain that the early discussion requirements mandated in the revisions to these rules will necessarily require lawyers to “acquire a firm grasp in understanding the facts about their clients’ electronic information systems at the outset of litigation.”  To support this prediction they point to the Rules Committee Notes to Rule 16(b) that state that it “may” be important for counsel to become familiar with their clients computer systems before the conference.

Most experts on this subject agree with the prediction of Cohen and Lender; indeed, it seems to be the consensus view.  This view is also consistent with the duty set out in Zubulake V and other cases discussed at length in the Blog Page shown above as “Zubu Duty.” Zubulake v. UBS, 229 F.R.D. 422 (S.D.N.Y. 2004). Judge Scheindlin in Zubulake V requires outside counsel to make certain that all potentially relevant electronic data are identified and placed “on hold”:

To do this, counsel must become fully familiar with her client’s document retention policies, as well as the client’s data retention architecture. This will invariably involve speaking with information technology personnel, who can explain system-wide backup procedures and the actual (as opposed to theoretical) implementation of the firm’s recycling policy. It will also involve communicating with the “key players” in the litigation, in order to understand how they stored information.

This duty to become fully familiar with your clients’ “data retention architecture” is the so-called “Zubulake Duty” that has so many lawyers concerned. Rightly so, because if your client is a mid to large size corporation, its data retention architecture is probably horrendously complex. Very few of your client’s own IT people are likely to understand the whole thing, much less be able to explain it to you in laymen’s language. Still, if you fail to fulfill the Zubulake duty you could face personal sanctions, as the attorney did in Phoenix Four, Inc. v. Strategic Resources Corp., No. 05-CIV-4837, 2006 WL 1409413; 2006 U.S. Dist. LEXIS 32211 (S.D.N.Y. May 22, 2006). The case is fully discussed in the above Zubu Duty Blog Page, but suffice it to say the court held the attorney responsible for not thinking to ask about hidden partitions in his client’s servers, where, as it turns out, most of the evidence in this case was hiding.

The originator of the Zubulake Duty, Judge Shira Scheindlin, was quoted in this month’s ABA Journal, in the article by Jason Krause, E-Discovery Gets Real, as saying the new amendments to the rules “should make life much easier for attorneys.”  This seems like an ironic statement from the originator of the Zubulake duty.  She then points out that attorneys must come to the Rule 16(b) and 26(f) conferences prepared to discuss all aspects of  e-discovery, and if they do not, “that’s just not accepted by the rules.”  According to the ABA Journal she goes on to try to reassure attorneys by stating:

I’d like to put their [attorneys] mind at ease, you don’t have to know everything at the first conference.  But you at least have to start to assess the situation.

Based on her past decisions, the stress points here were likley on the words “everything” and “first.”

“Play It Like It Lies” and No Mulligans

Thanks to Judge Lungstrum in Williams v. Sprint/United Management Company, 2006 WL 3691604 (D.Kan. Dec. 12, 2006) (Williams II), a golf analogy has now entered the world of e-discovery.  Williams II, just like Williams I, delves into the depths of metadata and the circumstances when it must be produced.  Williams v. Sprint/United Management Company, 230 F.R.D. 640 (D. Kan. 2005) (Williams I).  These and other metadata cases are discussed in this Blog at the above Page entitled “Meta Prod?“

Judge Lungstrum is inclined to a general rule requiring the production of Electronically Stored Information in the same condition in which it is maintained.  This means that electronic documents should not be stripped of their metadata before production.  In one of several hearings on this issue, Judge Lungstrum used a golf analogy to illustrate this point.  He invoked the well known but often ignored rule of golf that requires a golfer to “Play it as it lies.”  This rule prohibits a golfer from improving the position of their ball before striking it.  A golfer must play their ball as they find it on the course, and not improve the lie of the ball, even if it lands in a divot.  Instead, you have to play it as you find it, “as it lies.” Footnote 5 of Williams II (written by Magistrate Waxse) states that Judge Lungstrum made the following comment on the form of production of discovery at the April 26, 2005, hearing:

I think we have to keep in mind that from the defendant’s perspective-to the extent that you’re asking for information that they have got to go chase down, it’s not the defendant’s fault for the purpose of this case that they don’t keep their records in a form that’s more easily discoverable, yet on the other hand, that’s not an excuse not to give it up either if they have got it some place. I mean, it cuts both ways. I mean, we have to play it like it lies. See April 26, 2006 Tr. p. 39.

This will, I predict, become a very popular analogy in this hotly contested area of e-discovery law. Interestingly, although Judge Lungstrum announced the general rule, his Magistrate Waxse applied a “no mulligans allowed” exception of his own creation, and allowed the defendant to improve its lie (so to speak).  The defendant’s production of 11,000 emails with all metadata stripped was permitted to stand, and the plaintiff’s call for penalty strokes was rejected.  Again, see the above Meta Page for the full story.  But the short explanation is that the plaintiff did not request metadata in the original request, and now wanted defendants to redo the entire production.  The plaintiff essentially wanted a mulligan, and the Magistrate would not allow it, citing Rule 34(iii) that only requires a production in one form.

Top Corporate Officers Continue To Write Embarrassing Emails

Everyone in e-discovery knows that people writing emails will, much like kids on the old Art Linkletter show, ”say the darndest things“.  Of course, instant messaging is even worse, as Congressman Mark Foley showed.  Private emails and instant messages have a way of becoming public, especially when discovered in litigation and introduced into evidence at trial. There are hundreds of examples of this from past lawsuits, and the phenomena has been widely discussed since the late 1990s.  See for instance the scholarly observation by Kenneth Withers in his 1999 article, Is Digital Different?:

Much is made in the electronic discovery literature of the informal, revealing, and often embarrassing nature of e-mail. E-mail is considered the window into the corporate soul, and is therefore a highly sensitive area for discovery. The literature also notes a deep disconnect between individuals’ perceptions of e-mail as private and transitory, and the reality of e-mail as a permanent and discoverable corporate record, although only rarely does the literature suggest that this phenomenon has been studied empirically in any other discipline, such as linguistics or psychology.

Since this has been known for a long time, you might think that, at the very least, senior management in businesses that are frequently involved in litigation would watch what they say.  But you would be wrong, and that is why email continues to be the best field for “smoking gun” searches.

Unfortunately for Microsoft, which was one of the first companies to be burned by email in its antitrust cases,  Microsoft offers the latest proof that senior corporate officers continue to say the darndest things in email.   The point is proven by a horde of once private Microsoft emails that were introduced into evidence at a trial in Iowa in December 2006.  The case is a class action styled Comes et al. v. Microsoft.  After the emails were admitted into evidence, plaintiff’s counsel, Roxanne Conlin, a former United States Attorney, posted them  on the Internet, just as she has done with all of the other evidence in this case.  (Note: when this blog was originally written, all of these materials were published on the web and some were linked here. A few weeks later the case settled and all of the materials were removed as part of the settlement.  I then removed the links since they no longer functioned.)

Plaintiff’s Exhibit 7,264, which Bates marking indicates was originally produced on June 15, 2005, and marked “Confidential”, was  circulated on the Net as soon as it was admitted into evidence, even before plaintiff’s counsel posted it last week.  It is an email dated January 7, 2004, from Jim Allchin to Bill Gates and Steve Ballmer.  The subject line of the email is “losing our way.” Mr. Allchin’s email to his bosses begins like this:

This is a rant. I’m sorry. I am not sure how the company lost sight of what matters to our customers (both business and home) the most, but in my view we lost our way.

The second paragraph of the email gets worse and he says: “I would buy a Mac today if I was not working at Microsoft.” This is the line that is now being widely quoted. Today Mr. Allchin is not working for Microsoft; he retired from Microsoft on the day Vista was released, January 30, 2007. According to Microsoft, “Allchin was a member of the Senior Leadership Team, responsible for developing Microsoft’s core direction along with Steve Ballmer and Bill Gates.”  No news yet on what kind of computer Jim Allchin is now using, but he did leave a humorous blog on what his life after Microsoft is like.

In fairness to Microsoft and Jim Allchin, this is the reply which Jim posted on the Windows Vista Team blog when this story first broke on December 12, 2006:

In the email, I made a comment for effect about buying a Mac if I was not working at Microsoft. Taken out of context, this comment could be confusing. Let me set the record straight:

This email is nearly 3 years old, and I was being purposefully dramatic in order to drive home a point. The point being that we needed to change and change quickly. We did: We changed dramatically the development process that was being used and we reset the Windows Vista development project in mid-2004, essentially starting over.

2-and-½ years later, Windows Vista has turned into a phenomenal product, better than any other OS we’ve ever built and far, far better than any other software available today, in my opinion. It’s going to be available to customers on Jan 30, and I suggest everyone go out and get it as soon as you can. It’s that good.

The spirit of being self-critical continues to flourish at Microsoft. Within Microsoft everyone considers it their duty to always put their convictions and our product quality ahead of everything else. That was the intent of my mail to Bill and Steve, and I consider it a great example of how this company can focus and do what’s right for customers.

It is interesting to note that the evidence admitted was not the original email from Jim Allchin to Bill Gates, but rather an email from Allchin to another Microsoft executive, Eric Rudder, sharing his private email to Gates.  Again, this shows the danger of email and other electronic documents; they can easily be circulated to others without your knowledge, and turn up later as part of an email chain.  Email has an amazing way of  surviving and appearing later, sometimes where you least expect it, despite all efforts to the contrary.

Eric Rudder still works for Microsoft. He has reported directly to Bill Gates since September 2005, when promoted to Senior Vice President leading what Microsoft calls the “Developer and Platform Evangelism division.” 

Yahoo Replaces Sex as the #1 Seach Query on Google

According to the Dailey Domainer, “Yahoo” has recently replaced “Sex” as the most popular search term on Google.  Very odd, isn’t it?  The most popular search term on Google is now the name of its biggest search competitor, Yahoo, more popular even than sex. 

Sex is, by the way, very popular as a search term in all languages and countries, but according to Google Trends, which monitors (and saves) every Google search ever made (but does not track or identify the persons or computers who make searches), “sex” as a search term is most popular in cities in India and Turkey.  The city of Chennai, India (aka Madras) today holds the record for the city making the most search requests for “sex.” In fact, all of the top ten cities for this term are in Turkey and India.  The United States does not even make the top ten of countries.  According to Google Trends, the top countries for this search are:

1. Pakistan
2. Egypt
3. India
4. Iran
5. Morocco
6. Turkey
7. Viet Nam
8. Saudi Arabia
9. Croatia
10. Indonesia

There is a global cultural message here to be sure; but enough about sex, how about about the new favorite, Yahoo?  Google Trends  says that the city where you most find this search is Bogota, Columbia, with three cities in Japan after that. Only two cities in the U.S. make the top ten list, Pleasanton and Irvine, California. The top ten countries to search for Yahoo on Google are:

1. El Salvador
2. Japan
3. Romania
4. Colombia
5. Malaysia
6. Bolivia
7. Venezuela
8. Peru
9. France
10. Mexico

Why are so many people worldwide now searching for Yahoo on Google? Obviously it shows the dominance of Google’s Internet presence.  But this curious phenomena also reveals a new trend in Internet computer usage.  It seems that fewer people are bothering to type in the domain addresses of the webs they want to go to.  Instead, they are typing the name into the Google search box.  So instead of typing www.yahoo.com into the top address bar on your web browser, and hitting the enter button, people are starting from Google, entering Yahoo, then clicking on the Google display of Yahoo after the search.  This is the speculation of the Dailey Domainer, and I am inclined to agree.  They have further research and information to back that up if you are interested.

Finally, to bring this all back home, what are the top cities for “e-discovery” search?  Google says they are:

1. Washington
2. New York
3. San Francisco
4. Chicago

After that, the other U.S. cities making up the top ten list have too few results to be significant.   A search of the terms “electronic discovery” brings a more reliable result, with the top ten cities reported to be:

1. Seattle
2. Washington
3. New York
4. Portland
5. Houston
6. San Francisco
7. Chicago
8. Boston
9. Minneapolis
10. Dallas