Law

On Discovery and Email

If you’re involved in any sort of civil legal action in the US Courts – whether that be claims of patent violation, defamation, sexual harassment or anything else – there’s a point in the pre-trial process where the opposing lawyers can request information from you, and also from any third-parties they believe may have useful information. This phase is called Discovery.
US civil discovery has very few limits: you can demand, backed by the power of the court, any material or information that might be reasonably believed to lead to admissible evidence in the case. That’s much, much broader than just relevance, and it allows fairly prolonged fishing expeditions not just for admissible evidence, but also for background information that will allow the opposing legal team to better understand both the case and the people and companies involved in it. Often the discovery phase leads to both sides agreeing on how strong a case it is, and deciding to settle or drop it rather than taking it to trial.
One aspect of discovery is interrogatories and depositions – asking someone a list of questions, and having them reply in writing or in person. While most people will be honest in their replies in that situation, they’re under no obligation to be helpful or cooperative beyond answering, minimally, the questions they are posed. (In a spam case I was involved in as an expert many years ago one of the lawyers was explaining what the oppositions lawyers might ask and told me “If they ask ‘What do you recall was said about <X>?’ you can tell them that I said he was an asshole.”). The information from these can be vital, but it’s a lot of effort to acquire, and unless you already know enough to ask the right questions you might not discover anything useful.
Asking someone to provide documents is another aspect. That might be a literal paper document, or I’d guess more commonly nowadays, electronic data. “Provide copies of any email your employees sent or received that mentioned <plaintiff’s company>.”, “From what IP addresses at what times did this user log in to your system?” …
As someone who does data analysis I love electronic documents. It’s relatively easy to mechanically grovel through thousands of pages of data and crunch it into summaries that you can use to make decisions, or to focus on a useful subset. Give me someones mailbox and I can do the easy stuff, like find any mention of a company, or any link to a companies website. But I can also find the messages they sent while they weren’t in the office. I can do semantic analysis and find the emails that use angry language. I can find all the attachments that were used, open them up and analyze the contents. I can sometimes find where in the world they were when the email was sent – down to which hotel bar, or which office in a building. I can crunch the routing data of their mailbox (and other peoples) and see who they communicated with – and make recommendations as to whether it would be worthwhile to subpoena those people. I can build relationship graphs. And all this applies not just to their work mailbox, but also their private gmail addresses, if it’s a reasonable assumption that any communication there might lead to any relevant evidence – and, well, it’s always a reasonable assumption. (And that’s just email – I can often pull similarly useful data out of web logs and forum posts and so on too).
The discovery process can be long, and can consume a lot of resources (time, legal fees) and work focus from the people targeted by it. Making analysis easier (and hence cheaper) makes it reasonably possible to expand and extend the discovery process to find additional data. Whether that’s good for you or not depends on the details of the case and whether you are the one doing the discovery.
None of this is intended to be legal advice, nor even a description of the process by someone with any legal training – it’s just some aspects I’ve noticed from my limited experience of the process as an expert working with some very good lawyers.
Finally, another piece of advice a lawyer I was working with gave me some years ago was “Always assume that anything you write anywhere may be made available to opposing counsel. And when it comes to legally sensitive matters, use email just for sending copies of documents that will be provided to opposing counsel and for scheduling ‘phone calls where you’ll discuss other details. Nothing else.”.

Canadian Anti-Spam Law

A few years ago, Canada passed an anti-spam law (CASL). In the time since then, the Canadian Radio-Television and Telecommunications Commissions (CRTC) have been working to establish the regulations to implement the law. Those regulations appear to have been published recently. Matt Vernhout, a email expert and Canadian citizen, published a link to the regulations and a summary of the rules.
There still doesn’t seem to be a firm date for when CASL will be enforced law. Matt says he’s hearing that the date will be around October. We’ll see if it slips from that.

SOPA / PIPA

I’ve not mentioned anything about the Stop Online Piracy Act (SOPA) and it’s companion bill the Protect Intellectual Property Act (PIPA) that are currently making their ways through Congress. Both bills put a lot of obligation on the ISPs to stop bad traffic on the Internet. Unfortunately, it seems no one writing the bill asked anyone with technical or operational experience for input. Many of the obligations are going to significantly impact ISP functioning and will probably degrade service for users.
The Messaging Anti-Abuse Working Group sent a letter to congress yesterday (PDF link), outlining the issues with SOPA and PIPA. I found it explained the bills and the flaws much better than many other summaries.

Spam lawsuit guide

Mailchimp has released a guide to spam lawsuits with advice on how to not be a target.
I had the pleasure of meeting some of the Mailchimp legal staff last year when I was down there to do on-site training for their abuse desk employees. I was quite impressed with them and their understanding of privacy and email issues.

Spammers and the law

Robert Soloway, one of the people crowned with the title “Spam King”, has been released from jail. He was an extremely prolific spammer, generating over 10 trillion messages over the course of his career.
As Mr. Soloway exits jail, another spammer heads to serve his 20 year sentence. Peter Maxson Anyanyueze sent Nigerian 419 spams telling people they could profit from helping him move money around. The scam is that the victim needs to pay small amounts of money, sometimes totalling tens or hundreds of thousands of dollars.

Fines for not honoring unsubscribes

Virgin Blue has been fined $110,000 by the Australian government for not honoring unsubscribes.

Canadian Law

A anti-spam bill was passed out of committee Monday in Canada. Other than chatting over drinks with a large contingent of Canadians, I haven’t followed the story too closely. However, Matt V. has a detailed summary of the bill at EmailKarma.
Have a great weekend.