An attorney looks in his inbox and finds a long-awaited settlement proposal from opposing counsel attached to an e-mail. The attorney opens the document and hits the print command. While the document is printing, the attorney eagerly looks at the monitor for details. “Good, the settlement figure is probably still too high, but very close to reasonable.” The document is quite short, actually. How long could drafting it have taken? Idly, the attorney clicks on the properties tab and sees the document was open on opposing counsel’s computer for three hours.
“Wait,” the attorney thinks. “Didn’t I get that metadata scrubber utility? They said it could be used to look at metadata, too. He locates the icon and clicks on it. In a few moments, he is reviewing the revision history of the document. It looks like several documents were combined and then a lot of deletions were made at the end. The lawyer pulls up a large block of deleted text and begins to read, “Notes. Client is desperate to recover something and not face the PR disaster of receiving nothing at trial. Offer $100K. But get it settled before end of month even if we have to take half that.”
The lawyer sits up with a cold chill, quickly closing the document. Then he stands up and starts pacing the room. What had the lawyer done? What was the lawyer supposed to do going forward? Was there something wrong with taking advantage of this information? Why does he already feel guilty? Finally, with a flash of anger, he thinks, “Why was that opposing lawyer dumb enough to send me that information?”
—
As the above example should illustrate, every lawyer needs to understand a few basic things about metadata. The legal ethics implications of metadata “mining” are no longer just of interest to the lawyers processing electronic discovery or the ethics mavens.
There is little dispute at this point over the pervasiveness of metadata that can be contained in digital documents and other computer-generated files. It is important to understand that for computer files, that “deleted” often does not really mean gone. This has been obvious for some time to those of us who have learned the magic of the Ctrl + Z (Undelete) keystroke combination.
In many law firms, proposed documents are circulated among lawyers by e-mail with each adding their own comments or suggestions. These comments from other lawyers in the firm attached to the document are ultimately deleted and never meant to be communicated outside of the office. But these comments might be revealed by anyone with a copy of the document. Document revisions may be revealed by using the right tools.
The ethical implications of one lawyer examining the metadata in a file received from another lawyer have generated a lot of discussion. We will discuss the legal ethics opinions issued so far will give you tips on how to avoid exposing confidential information unintentionally via metadata.
Let us note that these concerns are not present when examining the metadata contained in digital documents produced as a part of the discovery process. It is now considered routine to examine important documents that are a part of the evidence if there is an issue that might be explained with metadata. Metadata scrubbing of the electronic files received from a client related to litigation might be viewed very critically by the courts.
The steady growth of electronic document exchange has intensified awareness that Microsoft Office files include metadata beyond their printable content. Unintentional disclosure can be awkward or even raise malpractice concerns. Although metadata has been used to identify, classify, and manage documents in the legal environment for many years, the level of firm-wide understanding regarding metadata management is still lacking. While this article’s intention is not to provide a comprehensive “how to” guide on metadata, you will come away with a better sense of what metadata is, how it can be misused and overlooked, and what your firm can do to proactively control and manage it.
Just exactly what is metadata?
Simply put, metadata is data about data. For our purposes, we will refer to metadata as any data that is contained in a digital file (such as an e-mail, spreadsheet or word processing document) that is not readily apparent when normally viewing the file. For example, none of us are surprised that when we view a document, we can click on the “Properties” tab for more information, like the number of words in the document or the date it was last edited. But there are other types of metadata that can be viewed with special tools.
Here is an official example of the lawyer’s concerns:
“Metadata may reveal who worked on a document, the name of the organization that created or worked on it, information about prior versions of the document, recent revisions, and comments inserted in the document during drafting or editing, the committee said. The hidden text may reflect editorial comments, strategy considerations, legal issues raised by the client or the lawyer, or legal advice provided by the lawyer.” ABA/BNA Lawyers’ Manual on Professional Conduct 21 Current Rep. 39 (2004)
Metadata Scenarios
There is nothing nefarious about metadata. But, there has been a great deal of discussion about acceptable uses of metadata in the legal ethics community. Many users often dup-and-revise (using save as) to save time. When this occurs, the original author information, document properties, document variables, hidden text (forgotten), and last print date stay with the document. Much of this metadata can be seen by looking at the document properties or by opening the document using a text editor. If the document is being prepared for a client who is paying for its creation, then it is even more important that all the metadata is removed before it is shared with the client.
Tracked changes being left in a document are a common occurrence which alerts many people to the dangers of metadata. When a document has been edited using a powerful collaboration feature in Microsoft Word called track changes, they still remain with the document – even if they are not visible to the eye, unless those changes have been accepted. The track changes feature can be turned off, but this does not eliminate the existing track changes. If the document is sent to another user, whether a cooperator or an adversary, the recipient simply has to turn track changes on to see all the revisions of that document.
Comments, as with track changes, remain with a document, if not deleted. When the “Reviewing” choice is set to “Final” and not “Final Showing Markup”, then comments are invisible to the eye. If this document is shared outside the firm, the recipient can view the comments, which may contain embarrassing information that was never intended to be viewed outside of the originating company’s walls.
Metadata referred to here as “identifier metadata” can reveal the originator based on the metadata’s uniqueness to both the user and firm. Identifier metadata includes uniquely named styles, bookmarks, hidden document variables, and custom document properties. Identifier metadata, although not necessarily considered high risk, should to be managed if the originator needs to remain anonymous or if document creation strategy is revealed by the metadata trail.
Metadata “mismanagement” stories abound. Case in point; in 2004, a Microsoft Word document, produced as part of a lawsuit filed by SCO against DaimlerChrysler and AutoZone, revealed that SCO’s attorneys had also prepared a complaint against Bank of America. The document identified Bank of America as the defendant instead of the automaker. This revision and others in the document could clearly be seen through tracked changes. In another metadata disclosure blunder, the British government published a dossier on Iraq’s security and intelligence services without removing the related metadata. Upon further review, it was discovered that much of the text was plagiarized directly from a U.S researcher whose work was published on the internet. To add insult to injury, the report also revealed a list of the dossier’s last ten authors and their edits and commentary.
Conclusion
There’s no doubt that examining the metadata behind opposing counsel’s e-mail or transmitted documents seems unseemly and inappropriate to many. But the existence of metadata is a fact. It is a fact we will have to deal with, just as we have to deal with the fact that people make mistakes.
In this writer’s view, the problem with the opinions seeking to restrict viewing of metadata is that they attempt to impose a standard uniquely on the legal profession. Nothing restricts viewing of metadata in documents by private investigators, law enforcement officers, computer forensic examination professionals and every other individual without a law license, even the lawyer’s clients. What if the lawyer’s client in the first example had requested the document be forwarded to the client, examined the document’s metadata and then sent instructions to counteroffer at 50 percent without even telling the lawyer what happened?
Even if a consensus developed that lawyers should not look at metadata, can one assume the risk that the lawyer on the opposing side, or someone else, will not look?
The key is to avoid sending out documents with metadata that could disclose confidential information. Comparing metadata to a wrongly sent fax or e-mail is questionable and the idea that lawyers will be prohibited from examining metadata while parties, law enforcement officers and private detectives will be free to do so seems artificial at best. The Colorado rule that one must disclose receiving confidential information via metadata before acting on it seems to strike a rational balance.
The best rule is for law firms to develop best practices internally to keep metadata from “escaping” in the first place. Using PDF format for e-mail attachments generally instead of Word, WordPerfect, Excel or PowerPoint will go a long way toward alleviating the problem.
It is often the case to conclude legal analysis of an emerging issue with a note that we will have to watch for future opinions and developments for more instruction. Here, we take a contrary view. It would be better for lawyers, clients and the judiciary if this issue simply “went away” as all law firms strive to never transmit electronic files that might unintentionally disclose confidential information.
Guarding Against Metadata Disasters
There are many possible solutions to the issue of disclosing metadata. Some combination of the following may work best for your office. Obviously purchasing a metadata scrubber utility and using it is the best option.
- Assess the situation. If this is a new document you have created this week and only you have worked on it, there may be no potentially problematic metadata contained in it.
- Fax or snail mail rather than e-mail.
- Copy all text (Ctrl +A, Then Ctrl + C) and Paste it (Ctrl + V) into a blank document. Note: This will carry some metadata, but not Track Changes or Deleted Comments.
- Copy all text (Ctrl +A, Then Ctrl + C) and Paste Special – Unformatted Text into a blank document. Note: You lose the metadata, but all of the document formatting as well. This works great for pasting text into an e-mail, but not so well for heavily formatted legal document.)
- Every time you send an e-mail attachment that you have created or edited, send it out in PDF format (with rare exceptions) Note: PDF files will contain some metadata, but that limited amount is unlikely to cause trouble. This is not practical when you are co-authoring a document with another. With co-counsel, you just need to discuss the issue. With opposing counsel, you need to use a metadata scrubber.
- Purchase a third-party metadata scrubber and use it.