Home » Topics » Data Analytics & Data Science » Navigating eDiscovery

Navigating eDiscovery

by Stefano Maruzzi

Regulators from the European Union raided the Munich office of chipmaker Intel in May last year, following allegations from rival AMD that the company was breaching competition laws by selling products for less than cost to preferred customers.

The following month the EU Commission filed charges against Intel for violating antitrust rules and in May 2009, issued the firm a record fine of €1.06 billion. Intel has said it plans to appeal.

The case is significant not simply because of the record fine, but because the EU’s cross-jurisdictional muscle flexing threatens to open the floodgates to similar civil procedures.

In the US, meanwhile, the promise of ruthless regulation enforcement following the banking crisis, a confessed priority of Barack Obama’s administration, is making many companies sit up and review the way in which they handle litigation and regulatory proceedings. For behind a case as large as Intel’s is a mountain of documents and emails that must be collected, processed and reviewed by a number of different legal teams according to a strict deadline laid down by the court.

With data volumes doubling each year, the bill for outsourcing that process is crippling. “It’s expensive,” Intel CEO Paul Otellini told reporters during a conference call following the EU’s announcement, when one queried the legal bill.

“I haven’t found a lowpriced lawyer yet that’s any good. You want to have the best, and they cost quite a bit. And the whole process, beyond the cost, is time consuming.”

Enter eDiscovery, a broad assortment of advanced search, content management and security technologies that are enjoying a meteoric surge in popularity by virtue of empowering companies to bring much of the expensive legal process in-house.

The expense of outsourcing

The arrival of the Financial Services Authority, fraud watchdog or any form of litigation at a company’s doorstep is rarely a cause for celebration. A company will be required to retrieve, process and legally appraise (‘discover’) a large quantity of paper and, inevitably, electronically stored information within a time frame requested by the court or other regulatory body.

“If the serious fraud office knocks on your door, it’s way too late to deal with the problem proactively,” says Craig Carpenter, VP of marketing and general counsel at eDiscovery search firm Recommind. “At that point, you need to call Ernst & Young or Deloitte or any of those gentlemen, which is very expensive.

“It can cost upwards of £15,000 per gigabyte of data to go through the whole process,” explains Carpenter. “So, instead of giving 500GB to an outside counsel to review, if you can collect, process and cull that to 50GB in-house, and if you already know where the real smoking guns are, then it’s easy to see how [eDiscovery] pays for itself very, very quickly.

More and more companies are looking for options other than running to KMPG every time.” The cost of processing, let alone reviewing, electronic data can be between $1,500 and $4,000 a gigabyte, says Patrick Burke, senior director and assistant general counsel at forensic eDiscovery firm Guidance Software.

“We’ve seen a downward pressure on that in the US,” he adds. “Now if someone is paying $1,500 a gigabyte, they’re really being ripped off. Now it is more like $400 to $500 a gig.” But there are many complicating factors when it comes to pricing, he warns.

“Very often [outsourced providers] make collection inexpensive and processing very expensive. The goal is to get hold of the data, earn what they can by processing it by the gigabyte, and then put it in a review platform hoping to host it for a long time because they can charge high fees based on volume and time.”

Comparatively, the returns on investment reported by eDiscovery users range from the gargantuan to the stratospheric. “I can tell you it’s not hard to sell a £1 million project that pays for itself in the first three to six months,” says Carpenter. “We’re seeing that in nearly every case.”

Similarly, Sharon White, Symantec’s EMEA product marketing manager, observes that, while the ROIs vary significantly, “they are consistently huge. It costs $300 to $400 per hour for the attorneys, and all they are doing is a simplified administrative role. eDiscovery is not something borderline that makes for a hard decision.”

Such is the surge in eDiscovery’s popularity, she says, it is driving approximately 80% of the sales of the security giant’s archiving products.

This is not just vendor postulating. Gartner estimates that 98% of companies with over $1 billion in revenue are involved in one to 20 lawsuits a year with claims of over $20 million. With the average cost of defending a case coming in at around $1.5 million, 10% of which is attributable to manual attorney review, the analyst firm speculates that automating the process reduces the cost of that manual review by 89%, “quickly justifying software solutions”.

Varying approaches

The eDiscovery sector is somewhat primordial and different vendors approach it from different angles. For a company like Symantec, eDiscovery is an effective upsell for its email archiving product, while EMC takes an even more content managementcentric approach by plugging eDiscovery partner StoredIQ’s tools into its content management platform Documentum.

Recommind, meanwhile, is essentially an enterprise search platform with a strong legal specialisation.

“Search vendors, including companies like Autonomy, are involved in this game at heart,” says Carpenter. “We take huge volumes of information and whittle it down to a manageable amount you really care about,” he says, an advantage for the search players that allows them to begin to address the problem “before the house is in order”.

Other vendors, such as Guidance, come at the problem from unlikely directions. A key problem in eDiscovery searches, unlike a Google search, is that the company must be able to stand up in court and say it has, to the best of its ability, presented everything it has on the subject – and crucially, prove that this has not been tampered with on the way from the server to the court room (a feature known to the sector as ‘legal hold’).

“We started 12 years ago as a technology used by the police to go into bad guys’ computers and pull out evidence that would stand up in court,” Guidance’s Burke says. “The cop would take a disk of our software, plug it into a PC, laptop or server and find deleted files, hidden partitions – everything at a bits and bytes level. This landed in something called a logical evidence file, which could not be changed. It was forensically sound and had a chain of custody, so you could prove who you got it from, the date and that nothing had been changed.”

In the early days of electronic evidence, defence lawyers became particularly adept at challenging its legitimacy. “But that case law worked in our favour,” Burke says. “In every single case, all over the world, the technology has been upheld.

“It spread to military intelligence, Scotland Yard, MI6, MI5, Interpol; when they capture an Al Qaeda guy’s laptop in Iraq, this is what they use to look at it.”

Guidance began to focus on eDiscovery in 2004, when the federal rules of civil procedure in the US were amended to cover electronic discovery. “The legal community decided you couldn’t judge a case effectively unless you went though email and people’s documents,” he says.

One subsector of the eDiscovery market that is currently drawing particular attention is early case assessment, which is “one of the hotter areas of interest right now”, according to Carpenter.

“If the serious fraud investigations unit of the FSA comes knocking, enterprises typically don’t know if they have a good case, a bad case or a ‘we’re all going to jail’ case until the outside counsel has gone through and looked at all the documents,” he explains. “That can take weeks or even months, and it’s a challenge because you don’t have that kind of time.”

Early case assessment is also winning converts among the frequently litigated, allowing companies to optimise their legal spend.

“If you know you have a case you can and should win, you’re going to fight it from the very beginning,” says Carpenter. “If a company has 100 proceedings in a year, it can focus on the five it really wants to fight and settle 95% of the others very cheaply.”

Blame the lawyers

In an IT climate where outsourcing is proving increasingly popular, eDiscovery is being driven by a strong trend to bring legal technologies in-house.

On the surface this would appear to carry significant risk: by taking responsibility for the process, are organisations throwing away one of their best defences if something goes wrong: blaming the lawyers?

“Typically no,” says Carpenter. “When folks do this right, they’re still able to blame outside counsel if they lose in court. The only time this could hurt them is if they do something horribly wrong, and most who do [go into eDiscovery] get good advice.”

The issue of proving you used an eDiscovery tool ‘in good faith’ (i.e. honestly and diligently) has arisen in US courts before, says Symantec’s White, with none other than the Department of Justice itself on the stand. “They were unable to produce information because they said they didn’t have it,” she says, “but nobody believed them. But they said they were using EnterpriseVault under certain criteria, and the court ruled in their favour because they had gone through that process.”

Conversely, the delays inflicted by a manual review process can often be seen by the court as proof of “bad faith”, White adds. Plus, a manual review can be fraught with human error.

“The process often literally involves printing those files to hard copy for individuals to search manually using keyword criteria,” she says. “Then those are sent out to a third party or external legal body who then has to go through the documents again under further scrutiny to find the information they need. The whole process is extremely time consuming, extremely costly and very, very prone to human error.”

Adoption blocked

Awareness of eDiscovery has risen rapidly very recently, says Carpenter, with Intel’s EU ruling “a shot across the bow”. However, “there is a significant disconnect”, he adds.

“Awareness is quite good and will continue to grow, but doing anything about it, in terms of budget dollars, is sorely lacking.” That disconnect between awareness and action is much more pronounced in the UK than in the US, he says.

“Events like Intel getting fined will generate awareness. But what will help the sector even more is when it is a bank like Barclays or another UK company [that is subject to such a ruling]. That is coming,” he adds, “it’s inevitable.”

Guidance has noticed similar reticence, says Burke. The adoption rate in the US is, he says, about two to three years ahead of the UK “in terms of how much electronic discovery is integrated into typical big company litigation. The US is also ahead by a year or so in terms of regulatory document requests.” The company hopes to address this with an on-demand product, appealing to many businesses’ current preference for operational expenditure over capital outlay.

The UK’s slow uptake is unlikely to cause the eDiscovery suppliers too many sleepless nights, however. Forrester Research predicts that spending on eDiscovery software will reach $4.9 billion by 2011, up from almost $1.5 billion in 2006. Such stratospheric performance, coupled with growing quantities of legislation and a natural affinity with the content management sector, means that eDiscovery is almost inevitably set for a flurry of acquisition activity in the near future.

“A lot of big companies like IBM and HP are all getting in on the act,” says Burke. “We’ve seen them taking a big storage capability and a content management solution, waving a magic wand over them and calling it eDiscovery, because if you search it in the right way you can use it for eDiscovery purposes. But that’s not the way litigators look at it, and [many large firms] are playing catch-up with things tracking whether data has been changed.”

Partnerships are more common. Recommind recently partnered with enterprise content management provider Open Text to develop an early case assessment platform. Carpenter observes that “the dance partners are already being chosen,” a concern for small vendors unable to differentiate themselves.

“The next logical step is the biggest guys start swallowing up the well-placed smaller guys,” he says. “We haven’t really seen that start yet, but it should happen around the back half of this year.”

Optimism on his part perhaps, but his company and others are certainly well placed to capitalise in the next few years, as the fallout from the credit crunch lumbers slowly through the law courts.

Related Topics

Related Stories

Data Analytics & Data Science

Observability – everything you need to know

Morgan Mclean, Director of Product Management at cybersecurity leader, Splunk, tells Information Age about all things observability

Data Analytics & Data Science

Why data isn’t the answer to everything

Splunk's James Hodge explains the problem with using data (and AI) in helping you make key business decisions

Cloud & Edge Computing

Two-thirds of UKI firms struggling with data insight costs

Research from SAS has revealed widespread struggles faced by businesses in the UK and Ireland to drive value from data insights

Data Analytics & Data Science

Qlik completes acquisition of Talend

Global data integration and analytics provider Qlik has acquired data management vendor Talend, to bolster automated delivery of business insights