C|M|LAW Library Blog

The ABA Rules of Professional Conduct, Model Rule 1.1 Comment 8 requires, “To maintain the requisite knowledge and skill, a lawyer shall keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology.” To that end, we have developed this regular series to develop the competence and skills necessary to responsibly choose and use the best technologies for your educational and professional lives. If you have any questions, concerns, or topics you would like to see discussed, please reach out to e.koltonski@csuohio.edu.

As a solo practitioner, a partner in a small firm, or a student who hopes to work in such an environment it is important to realize that you are at risk of a cyber-attack. Many small and medium-sized businesses (SMBs) wrongly believe that their size helps protect them from malicious hackers. This is not the case. Cybercriminals will attempt to steal your data or encrypt your data as part of a ransomware scheme no matter your size. An article published by Cybersecurity Magazine highlights this danger, reporting that 43% of data breaches involve SMBs.

Your SMB’s computers and data are also exposed because of any number of bugs and vulnerabilities that exist in the software and services you use. A recent example of this type occurred during late 2021 and is known as the Log4j Event. For those who don’t know, let’s begin with a brief introduction that won’t require us all to get degrees in computer science.

Log4j is an open-source bit of code used by software developers that is so useful that it is even used in lots of commercial software. Soon after this vulnerability was discovered, cybercriminals were able to exploit it to attack computers. Though the outcome of Log4j ultimately proved less-catastrophic than security professionals originally thought thanks to quick responses from industry, governments, and cybersecurity teams, the problem is nowhere near resolved. A recent report by the Cyber Safety Review Board, which operates under the Cybersecurity and Infrastructure Security Agency (CISA), believes that it will takes years to fully fix the Log4j issue.

According to a recent study, the average cost of a breach for an SMB with less than 500 employees is over $2 million. This is why it is necessary for solo practitioners, small firms, and current students to fully understand the value of working proactively to protect your data and computers. Thankfully, CISA provides many great publications and advisories about tools to help you protect your SMB.

Remember: you aren’t just protecting yourself, you’re protecting your clients.

The ABA Rules of Professional Conduct, Model Rule 1.1 Comment 8 requires, “To maintain the requisite knowledge and skill, a lawyer shall keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology.” To that end, we have developed this regular series to develop the competence and skills necessary to responsibly choose and use the best technologies for your educational and professional lives. If you have any questions, concerns, or topics you would like to see discussed, please reach out to e.koltonski@csuohio.edu.

In Part 1 we introduced the topic of metadata.

In Part 2 we looked at the usefulness of metadata.

Now we are going to examine when you may want to delete metadata and look at metadata in discovery.

Do I Delete?

The very aspects of metadata that makes it so useful, by helping to better organize and track changes in data, are the same things that may make it too useful for other people. For this reason, it is considered best practice to “scrub”—another word for delete—metadata whenever you are sharing a digital file with another person, organization, etc. This is important because you should only share what is necessary. For example, if you send a Word file then others may be able to go back and see all the changes you made to the document: including information that you decided not to share. Doing this could be bad for a regular user but inadvertent disclosure is devastating for those in the legal profession.

To better protect your metadata, it is possible to forego certain features or to get rid of things after the fact; however, that potentially makes Word less useful to you and adds extra time to your workflow. A simple best practice in to simply save your Word file as a Portable Document File (PDF) prior to sending it. A PDF is basically a snapshot of your document that does not include things like revisions, comments, and the like. If any metadata does transfer over to the PDF, simply open it in Adobe Acrobat then go to:

File > Properties > Then just delete anything you do not want to share in the Description tab > Then click “Additional Metadata” and delete anything else you wish to remove.

It is possible to accomplish the same thing with images. You can find a brief explanation here.

Metadata in Discovery

The ethical and legal issues surrounding metadata could probably fill an entire year’s worth of content in this series. At best we will be able to just touch on a few important aspects here, but I will include some suggested reading at the end and encourage you spend time understanding this topic.

The following are some common aspects of metadata in the legal profession, but you should check local laws and rules to know what is applicable to you:

• Parties to litigation are obligated to preserve metadata. Be prepared to explain to your client what metadata is and why they need to preserve it.
• When requesting materials from another party, you may need to word your request in a specific way to obtain “original” digital documents. In doing so be prepared to argue why it is important that you have access to the metadata.
• Both the transmitting and receiving attorneys may have ethical responsibilities when it comes to metadata. It is vital that you understand both how to protect your client from metadata leaking and whether you are allowed to use metadata in received documents.

Suggested Reading

Shira A. Scheindlin, Electronic Discovery and Digital Evidence in a Nutshell (2d ed. 2016)

Jeff Kerr, Why Native Files are Important in eDiscovery

The Sedona Principles, Third Edition, 19 SEDONA C ONF . J. 1

(2018). Link [PDF]

The ABA Rules of Professional Conduct, Model Rule 1.1 Comment 8 requires, “To maintain the requisite knowledge and skill, a lawyer shall keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology.” To that end, we have developed this regular series to develop the competence and skills necessary to responsibly choose and use the best technologies for your educational and professional lives. If you have any questions, concerns, or topics you would like to see discussed, please reach out to e.koltonski@csuohio.edu.

We live in a digital, always online world. In our purses and pockets reside devices infinitely more powerful than those used to send humans to the Moon. But, as we have discussed here in the past, we can trust our devices too much. Today, the country became more frightening, more unfair for far too many of our fellow citizens. Today, we remember that trust is precious and should not be given lightly.

Today, we are reminded that we protect ourselves when we protect our data.

Below are several excellent articles, from the last couple months, that I hope will be helpful as lives becomes less certain.

Period-Tracking Apps and Privacy

Period-tracking apps store users’ most private data. What will that mean in a post-Roe world?- protocol

Cycle-Tracking Apps Stand Behind their Privacy Policies as Roe Teeters- The Verge

Supreme Court Overturns Roe v. Wade: Should You Delete Your Period-Tracking App?- TechCrunch

Privacy

Yes, Phones Can Reveal if Someone Gets an Abortion- Scientific American

App Data Could be Used to Prosecute Women Under Anti-Abortion Laws- 9to5Mac

In A Post-Roe America, Googling “Abortion” Could Put You At Risk.- BuzzFeed News

Fertility Apps Bound by Weak Disclosure Rules in Post-Roe World- Bloomberg Law

Protection

Digital Safety Tips: for Providers of Abortion Support- Electronic Frontier Foundation

Digital Safety Tips: for People Seeking an Abortion- Electronic Frontier Foundation

How to Stop Apps from Tracking You and Get Your Privacy Back- CodeinWP

The ABA Rules of Professional Conduct, Model Rule 1.1 Comment 8 requires, “To maintain the requisite knowledge and skill, a lawyer shall keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology.” To that end, we have developed this regular series to develop the competence and skills necessary to responsibly choose and use the best technologies for your educational and professional lives. If you have any questions, concerns, or topics you would like to see discussed, please reach out to e.koltonski@csuohio.edu.

Last month we looked at metadata as it exists broadly. If you are unfamiliar with the topic or need a quick refresher, you can find Part 1 here.

Today, we are continuing our conversation by focusing more specifically on what lawyers and legal professionals need to understand about metadata. Over the next three sections we will develop knowledge about when metadata useful, when to delete your metadata, and then a more granular look at metadata during discovery.

When is Metadata Useful?

All the time. Now moving onto the next section. Just kidding. Though it is pretty much all the time, the context in which it is useful constantly changes. As we stated last time, “Metadata is information about data that makes the data easier to organize, utilize, and understand”. System metadata, which is generated by our devices, helps us organize and later locate our work. Without system metadata it would be near impossible for us to get the file that we need when we need it. A process which we do by using the various file managers available within operating systems. Where System metadata is concerned more with organization, Application metadata is focused on utilization and understanding.

Application metadata, which is created by our software, is also incredibly important. One of the better-known instances of application metadata is the ability to track edits in Microsoft Word. Metadata in a Word file allows users to see previous versions, track who made changes, and even find out how much time was spent creating and editing the document. In the legal profession, these data can mean a lot to your workflows and billings. Metadata, importantly, provides more utility to the documents created within applications.

But how does metadata allow us to better understand data? Consider a digital photo. During a case, you find an image which may or may not be useful. How do you determine if the image was taken anywhere near the area you are researching? Was it even taken at the right day or time? For that we look at a special form of metadata known as Exchangeable Image File (EXIF) data. The EXIF data may show when and where the picture was taken, the settings of the camera, the model of the camera, who took the picture, and even more. There are, however, two important caveats. First, it is possible on most cameras to control the amount of EXIF data created before a picture is taken. Second, it is possible to delete EXIF data after a picture is taken.

Speaking of deleting metadata, now is the time for something completely unexpected: that this two-part blog on metadata will in fact be three parts!

Why did I decide to do this? The most important reason is because this blog started to run longer than planned and I want to respect your time by keeping these posts manageable. The other reason is because this will provide us some extra space to really dive into deletion and metadata during discovery. Despite this spontaneous intermission, Part 3 will be available later this month.

The ABA Rules of Professional Conduct, Model Rule 1.1 Comment 8 requires, “To maintain the requisite knowledge and skill, a lawyer shall keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology.” To that end, we have developed this regular series to develop the competence and skills necessary to responsibly choose and use the best technologies for your educational and professional lives. If you have any questions, concerns, or topics you would like to see discussed, please reach out to e.koltonski@csuohio.edu.

Though I often get accused of hyperbole when I make this statement, I do believe that data is the biggest product of the 21^st century. Data helps us make decisions. It helps us to drive to places we’ve never been. Data sends targeted ads to the webpages that we visit and it digitizes the credit cards in our pocket so we can buy coffee with our phones. Like the Ouroboros, we are locked into a potentially never-ending cycle of creating and consuming data. There is so much data in our lives that every year a news outlet will claim that ‘90% of all the data that exists in the world was generated over the last two years’. We have so much data that our data has gone meta.

Metadata, by definition, is data that provides information about other data. “That’s great,” you say while possibly replaying scenes from the movie Inception in your mind, “but what does that mean?” It’s really great that you asked because the first of this two part series is going to try and explain what metadata is. Next month will look specifically at metadata in the legal profession. But before we get there, what do we mean when we say “data that provides information about other data”?

Think about how you use primary and secondary sources. In the legal profession, the former is constitutions; statutes; regulations; and cases, and the latter are the materials that talk about or analyze the primary sources. Metadata is analogous to this, which we will see when we look closely at the three types of metadata.

Descriptive: this information tells us something about the data and is usually used for discovering and identifying. A title or an author is the most common example.

Structural: this information explains how complex data is organized. For example, the table of contents and index of a book tells us where to go to find the information that we need.

Administrative: this information tells us about the creation and usage of the data. This type is relatively broad and is often broken down into subcategories. If you’ve ever brought up the properties for a file then a lot of what is there is administrative metadata. Examples of this are the person who created the data, when it was created, and who can view it.

This discussion was specifically crafted to be broad as there is a lot of nuance that can come up when discussing metadata in different disciplines; however, everything still tends to fall within these three categories. After looking at the types of metadata and understanding more about them, I think we can make a small tweak to our definition above to help better understand what it means.

Metadata is information about data that makes the data easier to organize, utilize, and understand.

Next month we will look at the unique issues that legal professionals should be aware of when it comes to metadata.