Monday, July 21, 2008

litsupport summary for the week ending on 7/20/08

A lot of important and useful information is posted to litsupport each week. The following is a distilled summary, in the form of questions and answers.

Q. Does the electronic transmission of data from the United States to a foreign legal services provider waive Fourth Amendment protection with respect to the data that is electronically transmitted?
A. While this question is waiting for clarification in federal court, here is a review of the arguments.
  1. Obviously the big draw for overseas outsourcing is a large reduction in cost, but is it legal and what about the question above? Markets like New York and Chicago have been outsourcing for years, but others are more cautious;
  2. Since we know that the US government is monitoring all foreign traffic, when in doubt, encrypt and overnight hard drives;
  3. The US government has organizations that break almost any type of encryption;
  4. Forget the government: if your case has anything to do with a defense contractor, a financial institution, the auto industry, etc., it is highly probable that someone is actively looking for information on the web;
  5. US government does not have the time or resources to listen to all information flowing in and out of the US;
  6. Physically shipping ESI on encrypted media solves all issues;
  7. If there is a breach of data (Intellectual Property Theft) in a foreign country, what is the client's recourse?
  8. More discussion here.

Q. What is hashing? Does it take into account only the file contents and not metadata?
  1. Hashing can be done on any desired combination of data/metadata, and it is common to run a hash code on email body+attachment file name/content+selected metadata to support deduplication;
  2. For signature purposes metadata should not be included - there may be a question as to which metadata to include - and of its relative natures (such as dates and time zones where hash is computed);
  3. An MD5 or SHA-1 hash is calculated over any set of data. You can have 2 files which contain the same data, but with different file system MAC dates and file names, and they would have identical MD5 or SHA-1 hashes. The hashes in this case tell you that the contents of the files are identical;
  4. One use of hashing is to create an evidence container file that contains a collection of files, including full paths along with the related MAC dates, etc., generate a hash of the evidence container file, and use it to validate the collection;
  5. Here is an article on hashing, though its conclusions are open to debate.
This summary from the Litsupport Group postings created by the wonderful and talented members of the group has been culled by Mark Kerzner ( and edited by Aline Bernstein (

No comments: