The year 1984 came and went without George Orwell’s “Big Brother” of his dystopian 1949 novel Nineteen Eighty-Four. But when it comes to remote review for eDiscovery, 1984 may now be here – thirty-seven years later!
In the Legaltech® News article 4 Remote Review Cybersecurity Measures That Are Raising Eyebrows—Literally (written by Frank Ready), the author describes some pretty extensive cybersecurity precautions for remote document viewers accessing sensitive client data. My comments are in blue italics below.
Background checks and contractual stipulations may not be the sexiest cybersecurity measure to come down the pike, but Redgrave partner Martin Tully (with whom I had a terrific session at ILTACON last week) noted that they are becoming a more common condition of remote document review. Clients want to know all about who is touching their sensitive data—and reviewers don’t necessarily appreciate the extra scrutiny. “I would say it’s probably the additional screening requirements that meet the most resistance [from reviewers] just because they are so personal,” Tully explained.
How personal? In addition to the usual inquiries about criminal histories and misdemeanors, Tully noted clients may also inquire into a remote reviewer’s financial history, for example.
These days, a reviewer’s online footprint may also come under scrutiny. “We’ve had some clients even want to go as far as doing social media checks,” said Michael Sarlo, chief innovation officer at HaystackID.
Perhaps a bit extreme, but understandable.
Anyone who has worked remotely during the course of the pandemic is probably used to hopping on a video call every now and again, but some remote document viewers have a camera on them throughout their entire workday. David Greetham, vice president of e-discovery sales and operations at Ricoh Forensics, has heard of e-discovery providers who send remote reviewers two cameras. “One is a facial camera and one is more like a 360 [degree] camera making sure that nobody else is in the room,” he said.
Sometimes cameras are triggered by specific actions or movements. Mary Mack, CEO and chief legal technologist at EDRM, received word of cameras that are designed to begin recording if a reviewer engages in a prohibited behavior—like sticking a thumb drive into their computer’s USB port, for example. It’s not a development that people performing remote review have necessarily greeted with open arms.
“As dehumanizing as it can be to sit with other people [in an office] and have that kind of oversight, like somebody in the room looking over your work and walking behind you. … Having the sort of like ‘1984’ aspect with cameras watching you all of the time, that’s a different thing,” Mack said.
However, some e-discovery providers and their clients may have already taken that reluctance into consideration in their efforts to attract the best reviewers. “Being on camera will often result in paying more to the reviewer,” Sarlo at HaystackID said.
Wow. This is literal “Big Brother” stuff. But wait, it gets better – or worse, depending on your point of view.
Cameras aren’t the only way that e-discovery providers are verifying the identities of those conducting remote review. Some are using biometric security tools—like retinal scanners—as an extra layer of protection. “I know of one document review company [that] as part of going remote, they’ve sent a fingerprint scanner that you attach to the computer,” said Greetham at Ricoh.
Still, with privacy regulations such as the California Consumer Privacy Act (CCPA) placing restrictions around the collection and safeguarding of biometric data, Greetham believes that the use of tools like fingerprint scanners could quickly become political among document reviewers.”[Like] ‘Hey company, you’re not having a copy of my retinal scan.’ [But] it used to be like that with social security numbers and now we give them out because we know we have to. So this is almost the next level of personally identifying somebody,” he said.
That will certainly do the trick. I can understand a company wanting to ensure that only authorized people are conducting the review, but I would expect more resistance from a data privacy standpoint.
Gaze and Activity Tracking
While security features like cameras or biometrics could be perceived as an invasion of privacy, other preventive measures foisted upon remote reviewers may simply fall under the category of “annoying.” Greetham at Ricoh noted that some providers are deploying software that automatically logs a user out if they haven’t completed a review within a certain amount of time—say, 45 seconds. “If you are reviewing a document, it’s very difficult to review a document in 45-seconds,” he said.
But it’s not just the clock that certain pieces of software are watching. Sarlo at HaystackID described tech that actually tracks a reviewer’s eyes and boots them out of the system if “they aren’t gazing at the screen for a certain amount of time.”
Still, the health implications may bother remote reviewers more than the tracking itself. “Back some years ago people were talking about ergonomics when you’re working and one of the things is ‘look away from the screen at least once every hour.’ So that would mean eight logins for an eight-hour day right there, if you look away from the screen,” Mack at EDRM said.
If I were asked to review under those conditions, I might look like this after a while:
So, what do you think? Are these measures necessary to manage remote review? Or are they over the top? Please share any comments you might have or if you’d like to know more about a particular topic.
Image Copyright © Universal Pictures
Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by my employer, my partners or my clients. eDiscovery Today is made available solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Today should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.
I DESPISE THEM ALL, AND IF THIS BOTHERS EMPLOYERS, THEY ARE FREE TO BLACKLIST ME. “ARGO”. JEFFREY ALAN HAWKINS, PA ATTORNEY LICENSE 205217.