ESI: The Odyssey — Part 2: A Brief Meditation on Metadata

“A Brief Meditation on Metadata”

Metadata generally refers to the data surrounding the creation and use of a document, such as file name, format, location, dates and permissions. In other words, it encompasses the identifying characteristics of a file that are not evident just by looking at the file itself. For example, every time you create, open or save a Microsoft Word document, hidden information is automatically created and stored in that document. In addition to the data that is automatically added, there is other metadata that is user-introduced, such as hidden text, track changes, embedded objects, and so on.  Of course, metadata does not only reside in Microsoft Word documents. Hidden information can also reside in other Microsoft application files, such as Excel spreadsheets and PowerPoint presentations. Additionally, there is more to an email than its contents: there’s metadata in there, too. Emails are tracked and indexed by the email client itself, and every file holding email is tracked and indexed by the computer’s file system. Email metadata in particular can be extremely important evidence in its own right, as it helps to establish whether and when a message was received, read, forwarded, changed or deleted.

Although you can learn a lot about a document from its metadata,  it is not a perfect source of information. Application metadata resides within the file and moves with the file, not changing unless the contents of the file are altered. System metadata resides outside the file and can be altered without impacting the contents of the file. Indeed, system metadata has to change when you make a copy of a file because that copy must be stored somewhere, and the system has to track where the copy resides. It also has to track the new file’s name, size and MAC dates (Modified/Accessed/Created), including the date the date the file was created on that particular system. For example, a “creation date” in a Windows master file table doesn’t mean the date the file was created in the colloquial sense (in other words, the date a particular file was authored). It means the date it was created on that particular storage medium. As a result, a weird phenomenon occurs where copies of files typically have “creation” dates later than the date they were last modified. You may see a file that’s been modified before it was created, and jump to the conclusion that some kind of fraud has occurred, but the more probable explanation is that the file you are viewing is likely a copy. Additionally, the time stamp of the last print of a file is application metadata, and is only saved in the document when the file itself is saved. Thus, if a document is printed and not saved again at some point afterwards, the date of that last printing will not be saved to the metadata.

From a legal perspective, metadata presents myriad issues. It can include sensitive, confidential or privileged information. As a result, bar associations around the country have weighed in on attorneys’ ethical responsibilities regarding metadata. Interestingly, the opinions vary widely. For example, according to Colorado Bar Association Ethics Committee Opinion 119, a receiving attorney may ethically search for and review metadata in an electronic document that the receiving lawyer receives from opposing counsel or another third party. By contract, Florida Bar Ethics Department Opinion 06-02 provides that the recipient lawyer has an obligation to refrain from trying to obtain from metadata information relating to the sender’s client that the recipient knows or should know is not intended for the recipient.

In addition to the issues with privacy, privilege, and inadvertent disclosures, metadata presents issues in terms of discovery. The metadata attached to a particular electronic document or record can be used as a source of information to assist in authenticating the document or record. Metadata on its own, however, is not enough to conclusively establish authenticity. An unauthorized person may be able to access an unattended computer; a document or database can be viewed by persons in the network who may modify it; some network computer systems provide for a selected administrator to override an individual password when necessary; file metadata can be altered using native apps and special software, and so on. Thus, while certainly useful, metadata is simply not a perfect source of information.

In sum, metadata is a significant aspect of digital information. It can provide enormous value for companies and for attorneys in litigation. However, when metadata is ignored, or unknown, or not properly controlled, it can present significant problems for clients and counsel that might have been avoided.

Shields | Mott LLP utilizes e-discovery software for the analysis and development of construction law litigation in the New Orleans area.