Sometimes information security and IT professionals may not see the big picture concerning an issue because the information they receive is from technology and service vendors. Vendors who sell hammers make it appear that the relevant issues concern only different kinds of nails. Electronic discovery and digital evidence are prime examples of this phenomenon.
Various technology and service vendors have particular perspectives on what it means to identify, preserve, collect, analyze, request, disclose, and present electronically stored information (ESI). And not surprisingly, the selection of problems that need to be solved and the range of solutions in vendor marketing collateral pass through the vendors’ filters. Consequently, infosec and IT professionals consulting only e-discovery vendors and their marketing collateral may not see all of the issues and may not see the entire range of solutions.
There is nothing wrong with consulting vendors concerning their take on e-discovery and digital evidence. They have done a certain amount of market vetting to determine what problems customers face and what customers want. If infosec and IT professionals consult only vendors, however, they might have the misimpression that e-discovery is solely a technology and business process issue. They may mistakenly believe that if they simply obtain the right combination of new technology and consulting services, their e-discovery problem can be solved easily.
Nonetheless, there is one area where technology and service vendors cannot help you: vendors cannot represent your company in court. Vendors don’t have a license to practice law and are not going to be the ones presenting the evidence at a hearing or trial. That responsibility falls to your attorneys – the ones who do have a license to appear in court.
E-discovery is part of a larger legal process. Its ultimate goal is the preparation of a case for trial. Thus, e-discovery at bottom is a legal issue. And the lawyers must be an integral part of the team to deal with the issue.
Too often, however, infosec and IT professionals may not be hearing the lawyers’ perspective on e-discovery and digital evidence. One source of the problem is the legal community itself. Attorneys may not communicate well with infosec and IT professionals, may not seek out the guidance of the infosec and IT community on technical issues, and may insulate themselves from IT operations. Where attorneys fail to communicate, however, infosec and IT professionals must pick up the communications slack, for the sake of their companies. Even if a company picks the best consultants and technology to support e-discovery, a communications gap between the consultants and the lawyers may cause the company to lose a case.
The good news is that the legal community is slowly coming to grips with e-discovery and digital evidence issues. We are seeing an increasing number of continuing legal education programs (including the RSA Conference) to teach lawyers about e-discovery. Moreover, the American Bar Association (ABA) has created a number of committees to study these issues. I am the Vice Chair of the ABA Section of Science and Technology, and recently attended its strategic planning session. At the session, I witnessed a great deal of excitement about the creation of the Section’s new E-Discovery and Digital Evidence Committee. The Section had been doing e-discovery and digital evidence work before under the umbrella of its Information Security Committee, but the Section saw the approaching legal tsunami of e-discovery and digital evidence and realized that these issues merit their own committee. I believe that the new committee will break important ground and will be a go-to source of information on these issues for legal, business, and technical professionals in the future.
I encourage you to consider joining the ABA and the E-Discovery and Digital Evidence Committee, and encourage your legal colleagues to join as well. One important reason to join is to seek out a perspective on e-discovery and digital evidence that is not filtered through technology and service vendors. The Committee is having a kickoff meeting on November 17-18, 2008 in Washington, DC (http://www.abanet.org/dch/comadd.cfm?com=ST203001&pg=1). For more information about the Committee, contact Committee Vice Chair Steven Teppler at [email protected] or me at [email protected].