Government Information Forecast: Partly Sunny, Partly Cloudy -A NARA Lawyer’s Perspective Cloud Computing: A Life Cycle View MITRE Conference McLean, Virginia November 9, 2009 Jason R. Baron Director of Litigation Office of General Counsel National Archives and Records Administration A New Era of Government President Obama’s Memorandum dated 1/21/09 on Transparency and Open Government http://www.whitehouse.gov/the_press_office/TransparencyandOpenGovernme nt/ Life in the fishbowl FOIA Federal Records Act Privacy Act E-Government Act of 2002 Clinger-Cohen Act (formerly IT Mgmt Reform Act) Government Paperwork Elimination Act OMB Circular A-130 Etc. E-Discovery: The New Reality 4 A New Legal Term of Art Under the Federal Rules of Civil Procedure: Electronically Stored Information or “ESI” “Electronically stored information”: -The wide variety of computer systems currently in use, and the rapidity of technological change, counsel against a limiting or precise definition of ESI…A common example [is] email … The rule … [is intended] to encompass future developments in computer technology. --Advisory Committee Notes to Rule 34(a), 2006 Amendments Rule 26(f) Initial “Meet and Confer” The early meet and confer presents an opportunity to show that government “gets it” on the subject of ESI. Lead counsel for the government and agency point persons should be able to discuss preservation of ESI issues fluently, including with respect to + Scope of ESI holdings (key players and custodians of data) + Preservation of specific types and forms of electronic media involved + Formatting issues (TIFF v ‘native’ v. whatever) + Access issues (how searches will be conducted) ….The ever increasing volume of ESI is a problem In a world of limited tools and resources….. Web 2.0 Technologies as Weapons of Mass Collaboration 8 Text messaging, 2009-style 9 Wikis, TWikis 10 Social Software on the Web (e.g., Facebook, YouTube, etc.) 11 Blogs 12 Microblogs (e.g., NASA tweets from Mars) NEW YORK (CNN) – 2/13/09 NASA was honored Wednesday for its efforts to inform the public through the popular socialnetworking Web site Twitter. More than 38,000 people followed NASA's "tweets" of the Mars Phoenix Lander mission. NASA received the "Shorty Award" for documenting the mission of the Mars Phoenix Lander. The Mars Phoenix Lander spent nearly five months in 2008 on the red planet conducting research. Twitter allows users to post updates or "tweets" in 140 characters or less. NASA said it delivered more than 600 updates during the 152 days the Phoenix was operating in the north polar region of Mars. By the end of the mission in early November, more than 38,000 people were following its tweets, NASA said. "We created the account, known as Mars Phoenix, last May with the goal of providing the public with near real-time updates on the mission," said Veronica McGregor, a NASA spokesperson. "The response was incredible. Very quickly, it became a way not only to deliver news of the mission, but to interact with the public and respond to their questions about space exploration." 13 Virtual worlds The Library of Congress’ virtual Declaration of Independence display as officially announced and which has opened as an Info Island in Second Life. The exhibit includes dioramas, streamed audio, text in the form of larger-than-life documents, information kiosks and even period furniture. 14 Public Records in the Clouds 15 If you build it, the lawyers will come… 16 The Intersection of the Public Record Laws and E-Discovery + As a baseline, the Federal Records Act requires that appropriate preservation be taken for electronically stored information which falls within the federal record definition (44 USC 3301) + The existence of a valid record retention policy is a factor used by courts in considering whether to impose sanctions when hearing allegations of destruction of evidence + Failures of adequate recordkeeping (and information management) easily translate into litigation failure Examples of potential federal records “in the clouds” Google Docs Gmail Facebook, Twitter, Youtube postings Email and structured databases of all kinds hosted on private servers PDA text messaging hosted on private servers 18 Email is still the 800 lb. gorilla of ediscovery (whether in the clouds or not) The Supreme Court on Record Retention “’Document retention policies,’ which are created in part to keep certain information from getting into the hands of others, including the Government, are common in business * * * It is, of course, not wrongful for a manager to instruct his employees to comply with a valid document retention policy under ordinary circumstances.” --Arthur Andersen LLP v. U.S., 125 S. Ct. 2129 (May 31, 2005) The Litigation Minefield U.S. litigation increasingly demands the preservation of and access to all relevant documents, including in the form of “electronically stored information” or “ESI” Courts impose sanctions on parties for failing to preserve evidence under the “spoliation” doctrine Absent saving everything, often it is only with 20/20 hindsight that one can determine what should have been preserved in response to a lawsuit Recordkeeping solutions that rely on human judgment are prone to being second-guessed by litigants and judges. 21 Two Recent Cautionary Tales In re Fannie Mae Litigation, 2009 WL 21528 (D.C. Cir. Jan. 6, 2009) Aguilar v. ICE Division of US Dept of Homeland Security, 2008 WL 5062700 (S.D.N.Y. Nov. 21, 2008) E-Recordkeeping in Government: Five Paths 1. 2. 3. 4. 5. Print to hardcopy Backup tapes Preserve in online ad hoc folders DoD 5015.2 recordkeeping 100% email archiving Transformation Strategy = E-discovery strategy Paper recordkeeping True E-government Fractal Recordkeeping 25 The Tree = The Organization’s Knowledge And Every User’s Email Account as a Separate Twig 26 Electronic Archiving What is it? 100% snapshot of (typically) email, plus in some cases other selected ESI applications How does it differ from an RMA? Goal is of preservation of evidence, not records management per se NARA Bulletin 2008-05 Cloud issues not yet addressed in policy guidance 27 Impact of Technology on E-Records Management Applications: On the Ground and in the Cloud A universe of proprietary products exists in the marketplace: document management and RMAs DoD 5015.2 compliant products However, scalability issues exist Utopia is records mgmt without extra keystrokes Agencies must prepare to confront significant front-end process issues when transitioning to electronic recordkeeping Records schedule simplification is key Cloud computing adds new wrinkles: can existing products and services adequately capture non-transitory federal record content put up in cloudspace? 28 Obama Administration commitment to cloud architecture Vivek Kundra, Chief Information Officer in the White House Office of Science and Technology, announces launch of Apps.gov: https://apps.gov/cloud/advantage/main/start_ page.do With links to Business apps, Productivity apps, Social media apps, Cloud computing services 29 Leading case precedent Flagg v. City of Detroit, 252 F.R.D. 346 (E.D. Mich. 2008) (where City of Detroit, as defendant, entered into contract for text messaging services with nonparty service provider, held, City exercised sufficient control over ESI in form of text messages so as to require production to plaintiff under FRCP 34 standards; additionally, court ordered plaintiff to make its request under FRCP 34, in lieu of Court adjudicating dispute over the propriety of plaintiff’s pending 3rd party subpoena for same material). 30 Applicable Federal Rules of Civil Procedure FRCP 34(a)(1) requires a party to produce documents and ESI within its “possession, custody or control” FRCP 26(a)(1)(A)(ii) requires initial disclosure to opposing party of “location” of information in party’s possession, custody or control to be used in support of claims or defenses FRCP 37 governs ESI “lost as a result of the routine good faith operation of an electronic information system” FRCP 45 covers 3rd party subpoenas 31 Legal issues swirling in the clouds Implications for legal holds on stored data Preservation of metadata (e.g., access and modification logs) Who bears the risk (and cost) of spoliation? Who bears the risk if provider retains data that is subject to authorized destruction under pre-existing records retention schedules? What are search and retrieval capabilities? 32 Legal issues, con’t How does ESI get produced in litigation? How is privileged information protected? Will data be encrypted? How will actions of cloud provider be monitored for compliance? How are cross-border issues dealt with, privacy laws in EU, elsewhere? 33 Service provider agreements Need to address preservation/retention, access and control issues generally Subcontracting allowed? Define responsibilities when ediscovery hits Cloud service provider’s own retention and backup policies clarified Law enforcement access to dataset Segregation of data from other customers 34 Service provider agreements, con’t Notification if subpoenas directed to provider Shipment of ESI to 3rd parties for processing Capability of provider to meet regulatory/compliance requirements How is a right to audit clause satisfied? Cost allocations Security issues Cloud provider going out of business, will data be returned? What format? 35 Interdisciplinary Approaches-Three Languages: Legal, RM, and IT 36 What does the road ahead for federal agencies look like? 37 The leading rule for the lawyer, as for the man, of every calling, is diligence. -- Abraham Lincoln Jason R. Baron Director of Litigation Office of General Counsel National Archives and Records Administration (301) 837-1499 Email: jason.baron@nara.gov Disclaimer: the views expressed in this powerpoint presentation are the author’s alone, and do not necessarily represent the official view of any component or institution with which he is affiliated. 40 Relevant NARA Publications September 2004 – Expanding Acceptable Transfer Requirements for Permanent Electronic Records – Web Content January 2005 – NARA Guidance on Managing Web Records http://www.archives.gov/records-mgmt/policy/managing-web-recordsindex.html September 2006 - Implications of Recent Web Technologies for NARA Web Guidance http://www.archives.gov/records-mgmt/initiatives/web-contentrecords.html http://www.archives.gov/records-mgmt/initiatives/web-tech.html June 2009 – Guidance Concerning Managing Records in a Multi-Agency Environment http://www.archives.gov/records-mgmt/bulletins/2009/2009-02.html 41 Further Reading ARMA “E-discovery in the Cloud = Fog” (June 2009) (available on the Web) Mark Austrian et al., “Cloud Computing Meets e-Discovery, Cyberspace Lawyer, Vol. 14, Issue 6 (July 2009) NARA Bulletin 2008-05 Concerning use of Email Archiving to Store Email, www.archives.gov/records-mgmt/bulletins/2008 George L. Paul and J.R. Baron, “Information Inflation: Can the Legal System Adapt,” 13 Richmond Journal of Law and Technology 10 (2007), http://law. richmond.edu/ jolt/v13i3/ article10.pdf 42 Further Reading (con’t) The Sedona Conference®, Achieving Quality in EDiscovery (2009 forthcoming) The Sedona Conference®, Best Practices Commentary on the Use of Search and Information Retrieval in E-Discovery (2007) The Sedona Conference®, The Sedona Principles: Second Edition (2007) 43