The Cryptic Nature of Encryption: eDiscovery and Protected ESI

Posted by Jeremy Greer | Thu, Aug 20, 2020
How secure is the content of your hard drive?  Do you routinely protect confidential documents by assigning a password?  Does your company have an email encryption program for employee email?  Do you use encryption on mobile storage such as thumb drives?
There are several levels at which communications and document content can be encrypted for security, and many reasons to consider doing so.  Attorney client privileged communications are an obvious reason.
Encryption or password protection can be done on an individual file. In a recent ABA survey, 46% of law firm respondents reported having used file encryption on individual files.Container files, such as a .zip file containing multiple documents, can also be encrypted or password protected.  
Only 24% of law firms reported regular use of full drive encryption - that is an encryption method which protects data in storage on a server, desktop, laptop or other portable device. Full drive encryption may be necessary for example when shipping a drive and could make all data contained on a desktop or laptop computer inaccessible or illegible without a passkey, regardless of the application in which the file was created. The process for navigating these tools and methods can be confusing and cumbersome; combine that with the human tendency to think “a data breach is not going to happen to me", and that likely explains the slow adoption.
Growing data privacy laws is another example that could explain the recent increase in data protection tools. Several industries and a handful of states have legislation addressing the use of encryption or other secure methods of transporting information.  HIPAA addresses medical/health data security, Sarbanes Oxley addresses compliance and identity management, and several states have laws requiring use of encryption in specific situations. Not to mention there are inherent risks when transferring data across cloud platforms or physically shipping client data across different entities.
If you have not yet encountered protected data in an e-discovery situation, odds are you will at some point. What should you consider when approaching an e-discovery process that will involve protected content?   Be sure that the tools and processes to be used by your team or by a service provider can accurately identify protected content, can unlock or decrypt the files, and can track and report the steps that were taken, for the sake of process auditing and defensibility.

Though encryption technology and password protection on data files has been around for years, the capabilities of e-discovery processing tools vary widely.  Some software programs sweep the information about secured data under the proverbial rug, along with corrupt files or unrecognizable file types, increasing risk without advising you that a potential problem exists. 
At Digital WarRoom, our approach is pretty straightforward for identifying and dealing with password protected and encrypted content: 
  • As the Digital WarRoom software processes the dataset, it identifies and flags password protected or encrypted containers. At the completion of processing, an exception report provides details on password protected containers, and facilitates their easy export. 
  • This exception report providing details on password protected containers can then be used to determine which, if any, warrant additional effort - a cost and risk management decision.  If the source or other details about the file warrant a closer look, we export them for further analysis.  On many occasions, a password may be obtained from the custodian.  File ‘password cracking’ tools may also be used to open the file. After successfully decrypting or opening an encrypted or password protected file, the resulting file content can then be processed for review in the standard manner.
  • The Digital WarRoom processing interface retains information that relates the accessed container content and its parent dataset; this can be useful in managing and tracking processed data. Digital WarRoom automatically captures the details of every job in a log that allows you to track and explain all activity, and that connection between the reviewed documents and their original container file is retained as well.
If you know or suspect that ESI collected for your matter may contain protected data, ascertain the capabilities of your provider before the project begins, to avoid any unpleasant surprises.

Topics: Best Practices