RAM and Server Log Files in E-Discovery
Friday, June 8, 2007 at 09:44PM
Ira P. Rothken in Issues

Does a defendant in litigation have an obligation to store, preserve, reduce to a more permanent form, and produce in electronic discovery data that is available only in transient RAM?

According to an Order made available today - the answer is at least sometimes yes. The Order is being appealed and is stayed pending appeal.

Indeed, the Federal Court in Los Angeles today granted Torrentspy.com's request for a stay of an e-discovery order pending appeal that in essence found that since user HTTP header information is in transient RAM on Torrentspy's servers that such data was tangible enough to be considered "documents" that needed to be "stored" in log files, preserved, and handed over in civil litigation e-discovery. Torrentspy.com did not have server logging "turned on" prior to litigation and  therefore the Court in essence ordered that such server logging of user activity commence as part of its discovery order in response to a motion to compel production of documents.

You should note that in full disclosure this is a case I am working on and defending. But the "RAM" e-discovery Order is so important as an issue of first impression that I feel compelled to write about it on this site which focuses on e-discovery.

Here is a News.com story  on the Order.

We will be appealing the Order as it does sound like in my view that defendants are being required to "create" documents not merely "provide" documents. In responding to requests for documents one does not have an obligation to create documents but merely to provide documents already in existence.

The Order - "turn on logging" - or "write a program to convert the data in RAM into log files" - also seems like a de facto injunction without a bond under the guise of a discovery order.

In my view if this Order as it relates to "RAM" is not quickly overturned or narrowed the worldwide social and economic consequences can be staggering. You can imagine the e-discovery preservation letters that will start being flung around warning opposing parties to preserve "relevant" things found in transient computer RAM or risk spoliation claims - the result will likely be fear and over-compliance (if one had the staff to reduce stuff in RAM to a log file) - it would follow that corporate IT and e-discovery costs would go way up as allegedly relevant data in RAM will need to be reduced to permanent storage based on one merely being a party to a case (or about to be a party).

It would also follow that consumer privacy would take a step backwards since just being a defendant with a privacy centric web server may be enough to be forced to turn server logging on and such logs handed over in discovery to the other side (without any finding that a defendant did anything wrong or is likely to lose the case).

So much for any right to surf anonymously. This may chill users "worldwide" from going to a US site that is involved in litigation and had to turn logging on.

Wait a second - a client called who was in the process of typing up some thoughts using Microsoft Word and erased something in his "open" document - it was a serious thought he had about crucial evidence related to a case - it was in transient RAM for an hour and not saved in a file yet - let me see - was that RAM thought supposed to be preserved before he pressed the delete key and saved the final version? Let us do a balancing test to figure this out.

Article originally appeared on Moredata - Electronic Discovery and Evidence (http://www.moredata.com/).
See website for complete article licensing information.