Tuesday, December 11, 2007

Source Code May Set Us Free

Or, at least some folks who are putting up a battle against DWI charges in Minnesota. As reported by a local legal blog, a district court judge in Minneapolis is more or less foreshadowing that evidence from intoxilyzer results will be suppressed unless the manufacturer of the machine discloses its source code to the litigants. This has already been the rule for civil proceedings involving intoxilyzers, but this looks to be the first time the rule has impacted criminal proceedings in this state.

Of course, Minnesota is not the only state where this has been brought up in a defense motion to suppress. I understand that to date the manufacturer of this particular device has refused to grant access to the code, although I would welcome corrections to that understanding since I've only learned it through indirect sources.

Regardless of the facts or outcome of the particular battle between the DUI bar and the manufacturer (which in the end is not a battle we're well equipped to analyze other than as it deals with source code), the Cyberspace practitioner should already be well equipped to understand the fundamental pieces of this dispute. The manufacturer is undoubtedly claiming a right to maintain its source as a trade secret, and has so far only allowed its software to be distributed in object code (or lower) format that is not reviewable by human beings. That may well be its right under trade secret law (although we must leave open the possibility of arguments to be made on public policy grounds, or that somehow the manufacturer in this case waived its rights). Some, on the other hand, might argue that a business model based on proprietary code is not a wise one to follow where courts are more and more willing to demand openness. Could this manufacturer find its business model is ultimately a reason for a competitive manufacturer with a non-proprietary business model to step in and take business away? It all remains to be seen of course, and it's an interesting intersection between our world and another one.

Saturday, December 08, 2007

DC Bar Pipes Up on Inadvertent Disclosure of Metadata

The bar of the District of Columbia is the latest to issue a formal opinion on what lawyers need to do about metadata in documents being passed back and forth between adversaries.

The usual admonition to the lawyer doing the sending was there. Pay attention, learn what metadata is, and remove it if it might disclose privileged or otherwise confidential client data -- failure to so remove might itself be an ethical violation on the part of the sending lawyer. No controversy there.

The interesting part is that DC has joined the small chorus of states that have come out contrary (more or less) to the ABA's opinion on what the lawyer on the receiving end should do. Recall that the ABA's point is that the rules are essentially silent on taking advantage of metadata that an adversary should have removed from a document, although they do not go so far as to formally bless the practice. The abstract for Formal Opinion 06-442 (August 5, 2006) Review and Use of Metadata states, "The Model Rules of Professional Conduct do not contain any specific prohibition against a lawyer’s reviewing and using embedded information in electronic documents, whether received from opposing counsel, an adverse party, or an agent of an adverse party." But, at least two other states have formally come out against this view, Alabama and New York. We summarized those positions here. Alabama, for example, strictly prohibits mining of an opponents metadata: "Absent express authorization from a court, it is ethically impermissible for an attorney to mine metadata from an electronic document he or she inadvertently or improperly receives from another party."

The DC bar has struck a somewhat less harsh standard. "A receiving lawyer is prohibited from reviewing metadata sent by an adversary only where he has actual knowledge that the metadata was inadvertently sent." So, if the receiving lawyer is equally ignorant of how this inadvertent disclosure of metadata occurred, the receiving lawyer is free to use the data!

But, I am not sure how that plays out in practice, and even the opinion seems to acknowledge this. If you see data in the received document that is clearly unintentionally disclosed because it's obviously of a nature that the other side wouldn't want you to know, you're essentially deemed to have the actual knowledge cited in the rule.
Such actual knowledge may also exist where a receiving lawyer immediately notices upon review of the metadata that it is clear that protected information was unintentionally included. These situations will be fact-dependent, but can arise, for example, where the metadata includes a candid exchange between an adverse party and his lawyer such that it is “readily apparent on its face” that it was not intended to be disclosed.

(Citations ommitted.)

One might think that pretty much anything you might find in an adversary's inadvertent disclosure that you might find useful in your then-current dispute or negotiation or whatever is going on would fall in the category of stuff that the other side would have not wanted disclosed. Thus, the actual knowledge standard is probably only helpful to the extent meaningless or valueless information is inadvertently disclosed, which might avoid an ethics battle over trivial issues.

So, for the most part, DC lawyers are on notice that if they find meta-goodies in the other side's documents, they must immediately stop using it or examining it, and must "notify the sending party and abide by the instructions of the sending party regarding the return or destruction of the writing."

(I especially liked one aspect of this issuance, which was to clearly distinguish documents created by the other side for purposes of the inter-lawyer discussions versus documents being delivered under a discovery or other court order. In short, if it's evidence, you can't delete the metadata before you send it to the other side, since the metadata is itself part of the evidence. One would hope that this would evident without explanation, but with the ubiquitous use of metadata scrubbers coming into play now we should be careful to avoid unintentionally using them where inappropriate!)

It's also pretty late notice, but ALI-ABA, one of the educational arms of the American Bar Association, is giving a webinar entitled "Confidentiality and Ethics in a Wired World." Check it out soon, since it fires up on Tuesday December 11.