Craig Ball Serves Up Bacon and Hash: eDiscovery Best Practices

Unless you’re a vegetarian or vegan, that title might have made you hungry.  And, even if you are one of the two, you should be hungry – hungry for some good digital evidence (and even secret cypher) information, courtesy of Craig Ball, with (not one, but) two posts in four days!

In the first post on his excellent Ball in Your Court blog titled What’s in a Name (or Hash Value)?, Craig reflects on a bit of digital detective work where “[t]he plaintiff sought sanctions because its expert found hash values in the audit that matched hashes tied to stolen PowerPoint presentations.  The defendants were dumbfounded, certain they’d adhered to the settlement and not used any purloined PowerPoints.”

In an ongoing matter, the parties were attempting to use filename matching to identify contraband data, “sought to identify instances of a file called ‘Book3.xlsx;’ and the search turned up hundreds of instances of identically named files in the producing party’s data”.


As Craig explains, there was a logical (and benign) explanation to the matches in each case, which begs for “a modicum of common sense” when applying techniques like Hash and name matching.

In Craig’s second post titled Steganography: Because Who Doesn’t Love Bacon?, he presents new material for his discussion of digital encoding for his eDiscovery class at University of Texas School of Law.  He starts with a discussion of “Binary” or Base2 encoding, which is “notating information using nothing but two symbols: conventionally, the numbers one and zero”.  Surely, you knew that, right?

Even if you did, what you probably didn’t know is that an there is “obscure coding cul-de-sac” called Steganography, from the Greek, meaning “concealed writing.”  But first, as Craig says, “we need an aside of Bacon.”  And, by “Bacon”, he means “lawyer and statesman Sir Francis Bacon (1561-1626).”  See what he did there?  😉  “Among his many accomplishments, Bacon conceived a bilateral cipher (a ‘code’ in modern parlance) enabling the hiding of messages omnia per omnia, or ‘anything by anything.’”

But as Craig notes “Sir Francis Bacon wasn’t especially interested in encoding text as bits. His goal was to hide messages in any medium, permitting a clued-in reader to distinguish between differences lurking in plain sight.  Those differences—whatever they might be—serve to denote the ‘A’ or ‘B’ in Bacon’s steganographic technique.”


From there, Craig not only discusses how to use Bacon’s cipher to hide text within text, but also “the class photo of World War I cryptographers trained in Aurora, Illinois by famed cryptographers, William and Elizabeth Friedman” within which their poses (almost) encoded Bacon’s maxim “knowledge is power” (one letter short, but only because they didn’t have enough people).

Hopefully, I provided enough information to make you want to check out the full post – it’s very cool!

So, what do you think?  Are you interested in learning more about digital evidence and encoding? Or are you just hungry? 😉  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by my employer, my partners or my clients. eDiscovery Today is made available solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Today should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Leave a Reply