February 2008 | Earn one hour of MCLE Credit in Legal Ethics
By Robert Brownstone
To complete the test, you must pay a $25 fee online.
Click the button below and follow the onscreen instructions.
The Titanic was sunk not
by what was visible above the waterline, but by what lurked beneath the
surface. In the stormy seas of electronic-information-era lawyering, what
you see when looking at an electronic document is just the tip of the iceberg
and metadata is the unseen danger looming below.
Metadata means “data
about data” or “information about information.” Both
the legal and Information-Technology (IT) worlds now generally define metadata
as “information describing the history, tracking or management of
an electronic document.”
In recent years, metadata
has started to become as familiar to lawyers and judges as it had been
to technologists. Indeed, metadata can implicate legal, procedural, technological
and ethical obligations. Yet the tech-savvy lawyer can readily learn how
to steer clear of the jagged edges that might sink a case or a client relationship.
The three principal metadata
categories are: file system; e-mail; and document (a/k/a embedded data).
FILE SYSTEM metadata tracks when an electronic
file was created or last modified and by whom, the folder location in which
it is — or has been — stored and perhaps also when the file
was last opened and/or printed.
E-MAIL metadata is a sub-category of file-system
DOCUMENT (IMBEDDED/ EMBEDDED) metadata
consists of prior content of an electronic file.
1. copying and pasting
a portion (just some of the cells) of an Excel file yet inadvertently embedding
the entire Excel spreadsheet; and
2. mishandling Tracked
File system and document
metadata are found in many file types, including those in the MS Office
family. Even when the context is neither electronic discovery nor even
litigation, lawyers should be cognizant of metadata’s daily reach.
The frequent re-use of prior electronic work-product places all attorneys
in the midst of the estimated 90 percent of computer users whose first
drafting step is “File . . . Save as” or right-click-copy on
a file icon followed immediately by right-click-paste. See Shankland,
Stephen, Hidden text shows SCO prepped lawsuit against BofA, c/net
(Mar, 18, 2004) <http://news.com.com/2102-7344_35170073.html?tag=st.util.print>.
A confounding problem
for lawyers and non-lawyers often derives from the misuse of Word’s
Track Changes feature. Businessman Derrick Max, reacting to Democrats’ outrage
when his e-mailed Congressional testimony revealed input from the Republican
Social Security Administration, vented that, “The real scandal here
is that after 15 years of using Microsoft Word, I don’t know how
to turn off ‘track changes.’” Zeller, Tom, Jr., Beware
Your Trail of Digital Fingerprints, N.Y. Times (Nov. 7, 2005) <http://www.nytimes.com/2005/11/07/business/07link.html?pagewanted=print>.
There are many other highly
publicized examples of embarrassing disclosures. The ranks of those bitten
by the cobra of embedded data include the United Nations, the British Prime
Minister’s Office, the Democratic National Committee, the California
Attorney General’s office and the Motion Picture Association of America.
For details, see Shankland, supra; Zeller, supra; Gene Koprowski, Networking:
Not-so-secret documents, UPI (Feb. 6, 2006) <http://www. physorg.com/news10567.html>;
Brian Bergstein, Cos., gov’t seek to keep lid on metadata,
AP (Feb. 3, 2006) <http:// Bergstein-AP-2-3-06.notlong.com>.
At least some of those
gaffes seem to have resulted from Tracked Changes. How? The creator or
modifier of a Word document can err by merely un-highlighting the tracked
changes, perhaps by choosing “Final” from the “Display
for Review” menu on the “Reviewing” toolbar. Then, any
recipient of the file can simply use the same toolbar to re-highlight the
changes. The best practice consists of affirmatively accepting and/or rejecting
all the tracked changes and then cleaning (“scrubbing”) the
metadata (see below).
There are at least three
ways to dig for embedded data (a/k/a metadata “mining”). Low-tech
manipulation includes the use of basic drop-down menus in Word, Excel,
PowerPoint and Adobe Acrobat. Higher-tech manipulation includes clicking
on the “analyze” command in any of the readily available, inexpensive
metadata cleaning software. Expert manipulation goes even farther by running
eDiscovery software on a batch of files to extract metadata and then search
In all areas of law practice,
sea-mines are present, whether a given document was drafted by one side
or both sides. Any lawyer e-mailing an attachment to opposing counsel,
an expert or a client may be breaching confidentiality. Why one’s
own client? Because Client A likely has no business knowing anything about
Client B, even the fact that you are representing Client B. Along those
lines, a recent California ethics opinion addressed the return of electronic
documents comprising a client-matter file upon the end of a representation.
State Bar of Calif. Standing Comm. on Prof’l Resp. and Conduct (COPRAC),
Formal Op. No. 2007-174 (Aug. 14, 2007) <http://www.calbar.ca. gov/calbar/pdfs/ethics/2007-174.pdf>.
That opinion mentioned a duty to strip metadata reflecting confidential
information as to other clients. See generally Brownstone, Robert
and Grunfeld, Gideon, Saying Goodbye Just Got More Expensive Redaction
Reaction; Do’s and Don’ts, 29 The Bottom Line, No. 2 (Feb.
Not all metadata contains
harmful or privileged information. Yet, when metadata does, inadvertent
disclosure can: waive attorney-client privilege and/or work-product; generally
jeopardize a client; and hurt the attorney-client relationship.
Nationwide, judicial decisions
and ethics opinions as to metadata have been evolving scattershot.
As to a recipient’s
ethical duty, there is a stark split:
• View # 1 – Metadata
Mining is Forbidden as it may Invade the Sender’s Client’s
SUMMARY: Treats confidential information
in metadata like other types of “inadvertently” disclosed information
by deeming it unethical to examine (“mine”) a file’s
metadata without consent of the sending attorney.
ADHERENTS: The Alabama, District of Columbia
and Florida bars and the New York State Bar Association (NYSBA).
• View # 2 — If
the Sender Didn’t Scrub Metadata, Fughetabout It!
SUMMARY: Allows an attorney to ethically
view metadata in a file received from opposing counsel. If the sender had
wanted to preclude the recipient from mining the metadata, he/she should
have used reasonable care by employing scrubbing software.
ADHERENTS: The American Bar Association and
the Maryland and New York City bar associations.
As to a sender’s
ethical duties, however, there is unanimity. All of the above bars’ and
bar associations’ ethics opinions agree that the sender has a “duty
. . . to use reasonable care when transmitting documents by e-mail to prevent
the disclosure of metadata containing client confidences or secrets.” N.Y.S.B.A.
Op. 782, Comm. on Prof’l Ethics (Dec. 8, 2004) <http://NYSBAOp782.notlong.com>.
As to the overall issue
of inadvertent disclosure — whether or not involving metadata — there
is much less consistency as to the recipient’s obligations. Some
states employ a tortured parsing of who knew what someone else intended — and
when. Others naively presume that a remedy can be satisfactory though it
is impossible to erase already-read information from a recipient’s
memory. According to a 2006 survey:
Only three California
decisions have squarely addressed inadvertently disclosed privileged material.
Two months ago, in the context of hardcopy lawyer notes, our state’s
highest court held that “an attorney . . . may not read a document
any more closely than is necessary to ascertain that it is privileged.
Once it becomes apparent that the content is privileged, counsel must immediately
notify opposing counsel and try to resolve the situation.” RICO
v. Mitsubishi Motors Corp., (2007) 42 Cal. 4th 807 <http://www.courtinfo.ca.gov/opinions/documents/S123808.PDF>.
Given the Pandora’s
Box that opens when one has to litigate an inadvertent disclosure dispute,
it is best to mitigate the risks in advance. Neither MS Office’s
menu options nor its free “Remove Hidden Data” (RHD) tool (now
called Document Inspector) remove all risky metadata. Thus, the soundest
approach is to use metadata-cleaning software to scrub any e-mail attachment
before it is sent out into the world from your law firm or legal department.
Payne Consulting Group’s (PCG’s) Metadata Assistant is a basic
metadata analysis/removal application that is effective, as is the more
powerful Work-share Professional or Workshare Protect. Both PCG and Workshare
can be configured to prompt a user each time he/she clicks to send an e-mail
outside of your firm or department.
Some rely on tall tales
to rationalize foregoing metadata-scrubbing software. For example, many
a lawyer thinks he/she (and therefore the client) is wholly protected by
an automated conversion of an MS Office file to .pdf format. Yet, even
there, at least some file system metadata migrates to the new file. A recipient
of a file converted without prior metadata scrubbing can simply input “Ctrl+D.” Then,
he/she can poke around in the .pdf’s properties to identify the Title
and Author borne by the file when in its original format.
To avoid that migration
scenario, scrub the original file before or during its conversion to .pdf.
And maybe after as well. Adobe Acrobat 8.0’s “Examine Document” feature
to .pdf does not magically fix — but, rather, perpetuates — an
improperly handled electronic redaction. Given that a federal eFiling exposes
a .pdf to anyone in the world with a PACER number, the stakes are even
higher. Electronic redaction — even more significant in light of
brand new Fed. R. Civ. P. 5.2 — is beyond our scope. For a detailed
exploration, see Brownstone, Robert, Gregorian, Todd and Sands,
Michael, Secrets Easily Leaked by Friend or Foe In Publicly Filed .PDF
Documents, 9 No. 10 E-Commerce L. Rep. 7 (West Oct. 2007), available
Follow the “Three
E’s” — Establish, Educate and Enforce — by: 1.
creating overall information management policies; 2. appropriately training
employees; and 3. deploying requisite software. For some of the benefits
and potential contours of an information regime, see Brownstone and Grunfeld, supra.
Now you have the navigational
equipment necessary to avoid those hidden dangers. Stay alert at the helm,
and avoid metadata mishaps. Bon voyage!
• Robert D. Brownstone,
the Law & Technology Director at Fenwick & West LLP in Silicon
Valley, is a member of four state bars, the Information Systems Auditing
and Control Association (ISACA) and the executive committee of the State
Bar’s Law Practice Management and Technology (LPMT) Section. Fenwick & West
paralegal Robert Winant assisted in the preparation of this article.
If you're having trouble taking the test, click here.