Seeing Metadata Through a Different Prism

The government admits it collected data about personal communications through its Prism surveillance initiative, but it claims the court order permitting the collection “only” allows the collection of metadata, not the contents of conversations. Such is the import of a letter penned by the Office of the U.S. Assistant Attorney General in describing the information collected from Verizon and other companies.

Though its importance has been downplayed, metadata plays a key role in e-discovery. For example, it can determine data trends, pinpoint temporal gaps between documents, and identify areas for further investigation and collection. In some cases, it may even serve as a smoking gun:

• Metadata unveiled the scandal involving former CIA Director David Petraeus. The harassing, anonymous e-mails Paula Broadwell sent to Jill Kelley were tracked to an account Broadwell shared with Petraeus. The FBI studied location metadata from the e-mails and learned that some messages were sent through public Wi-Fi at hotels. The agency cross-referenced the location data with the hotel guest lists, ultimately deducing that the sender was Broadwell.
• Metadata was the downfall of antivirus software guru turned fugitive John McAfee. After police sought McAfee for questioning in connection with a murder, McAfee went on the run. But when Vice magazine published an iPhone photo of McAfee on its website, its location information revealed that he was in Guatemala.

Given its potential significance, parties must approach the discovery of metadata carefully. Here are some best practices to consider:

1. Always request metadata during discovery. At a minimum, ask for file names, file modification and creation dates and times, custodian names, e-mail authors and recipients, file sizes, and file locations.
2. Handle metadata with care. Improper handling can destroy this fragile information. As an example, access and modification dates can be altered simply by opening documents.
3. Use a forensic expert to search for metadata that may remain after files have been deleted from computers and servers.
4. Choose e-discovery experts and software capable of identifying unique client metadata. For instance, self-encrypted e-mails may include an additional metadata field that will appear blank unless the vendor knows to search for the field and obtains the password from the client.
5. Be mindful of the Stored Communications Act (SCA) when collecting e-mail and social media evidence. The SCA prohibits the disclosure of the contents of communications stored online without the consent of the subscriber, addressee, or recipient. Some courts have permitted the disclosure of “noncontent” metadata, such as senders, recipients, dates, and various dates, but not substantive e-mail subject lines. Before commencing collection, seek permission from custodians or find an alternate source of the information (the SCA does not extend to information stored on mobile devices or computers) to reduce the chances of violating this law.

When evaluating the role of metadata in e-discovery, counsel should remember an old adage: mighty oaks from little acorns grow.

Rachel Teisch is senior director of marketing at Conduent. She can be reached at info@conduent.com.