While we were all discussing the merits of the latest technology developments and ongoing compression in the service provider market, Federal Rule of Evidence 902(13) and (14) were amended late last year. Ordinarily, this probably would not be a big deal, but the amendments potentially alter the process for organizations that self-collect electronically stored information (ESI) for discovery.
The amendments, which took effect December 1, 2017, provide a new mechanism for authenticating ESI prior to admission into evidence. Under Rule 902, certain evidence has always been self-authenticating. That has not changed. Other evidence has been authenticated by stipulation or by witness testimony. More recent thinking recognizes that it is possible to forensically confirm the authenticity of electronic documents. This renders in-court verification unnecessary. Under the new FRE 902(14), ESI that is collected, processed, and produced in discovery may be authenticated by a “qualified person” before it is admitted in evidence.
According to the advisory committee notes on the change to FRE 902(14), the “amendment sets forth a procedure by which parties can authenticate data copied from an electronic device, storage medium, or an electronic file, other than through the testimony of a foundation witness.” The goal, of course, is to avoid the expense and inconvenience of using an authenticating witness. But, in their zeal, it appears the Judicial Conference may have overlooked a few things (more on this in a minute).
The advisory committee notes go on to read:
[D]ata copied from electronic devices, storage media, and electronic files are ordinarily authenticated by “hash value.” A hash value is a number that is often represented as a sequence of characters and is produced by an algorithm based upon the digital contents of a drive, medium, or file. If the hash values for the original and copy are different, then the copy is not identical to the original. If the hash values for the original and copy are the same, it is highly improbable that the original and copy are not identical. Thus, identical hash values for the original and copy reliably attest to the fact that they are exact duplicates. This amendment allows self-authentication by a certification of a qualified person that she checked the hash value of the proffered item and that it was identical to the original.
Hash values? Sequence of characters? Algorithm? I cannot speak for everyone, but when I use words like hash value or algorithm with lawyers, most of the time their eyes glaze over.
Basically, under the new rule, a qualified person needs to certify that the hash value or digital fingerprint of a document is the same at the time that document is being prepared for admission into evidence as it was when the document was collected. Sounds fairly simple, right?
Perhaps I’m overstating the case, but there are two problems with this. First, specialized software is used to generate hash values for electronic documents. Hash values don’t just appear out of nowhere in the footer of the original native file when the document is collected for discovery. Rather, using proper software, the hash value is generated based on the content of each original native file. Although it is widely available, most organizations do not possess or use the software needed to do this and, while the evidence of this is purely anecdotal, I’m going to go out on a limb here and say that the majority of organizations who self-collect ESI in discovery simply copy the files without giving any thought to hash values.
Second, even assuming a hash value is generated at the time the ESI is collected, the fact is that most parties who produce ESI do not produce the original native file. Instead, they produce in near-native format. This is a very different file from the original native file and near-native files will not generate an identical hash value because it is an altered copy.
It is not clear whether the rulemakers considered these two things when they amended the rule.
So, what’s a legal operations person to do? Frankly, authentication has not to my knowledge been a huge obstacle to the admission of documents into evidence. The point here is that to take advantage of the new, more efficient authentication procedure contemplated by Rule 902(14), a qualified person needs to generate hash values at the time of collection and again prior to admission in evidence to prove the file has not changed. Cut-and-paste self-collection won’t cut it.
Mike Quartararo is the managing director of eDPM Advisory Services, a consulting firm providing e-discovery, project management and legal technology advisory and training services to the legal industry. He is also the author of the 2016 book Project Management in Electronic Discovery. Mike has many years of experience delivering e-discovery, project management, and legal technology solutions to law firms and Fortune 500 corporations across the globe and is widely considered an expert on project management, e-discovery and legal matter management. You can reach him via email at firstname.lastname@example.org. Follow him on twitter @edpmadvisory.