Hidden Agendas
No one can accuse software company SCO of taking a casual approach to copyright. Last spring it sent letters to Fortune 1000 and Fortune Global 500 companies, claiming they were using SCO’s protected source code without authorization. SCO also filed infringement suits against AutoZone and DaimlerChrysler. The actions inflamed much of the technology community, and critics cried that the Lindon, Utah-based company was filing lawsuits against deep-pocket companies even though its rights to the source code were still in doubt.
Although the company denied acting inappropriately, a reporter with a major online technology publication begged to differ. He examined a computerized document that SCO created in its lawsuit against DaimlerChrysler and drew some interesting conclusions.
Specifically, he looked at the document’s metadata: invisible data embedded in a computer file that contains information about the file itself, such as when the document was created, who created it or when it was last modified.
Using this code, the reporter was able to show that SCO had originally drafted the letter with another possible defendant—Bank of America—in mind. The drafters also inserted and deleted comments, including a question about jurisdiction and venue issues.
SCO’s critics lauded the revelation as more support for their suspicions about SCO’s intentions. To lawyers, the incident stands as the latest example of the far-reaching and often unintentional effects of metadata.
“Metadata is not always a bad thing,” says Craig Ball, a Montgomery, Texas, trial lawyer and computer forensic expert. “There’s good metadata and potentially embarrassing metadata, and you need to know how to control it.”
Metadata can be as revealing as a postmark on a letter, fingerprints on the envelope, and DNA from saliva on the seal. It can reveal a cache of information, including the names of everyone who has worked on or seen a specific document, text and comments that have been deleted and different drafts of the document.
Yet tech lawyers familiar with metadata say that because it’s invisible, it’s often overlooked.
“The first thing lawyers need to know about metadata is that there is such a thing,” says Vincent Polley, chair of the ABA’s Cyberspace Law Committee and deputy general counsel for information technology and development at Schlumberger Ltd. in Sugarland, Texas. “The first thing I do when I get something is look for [metadata] like the author’s name, revisions and history.”
STRIPPING OUT SECRETS
The capability to view deleted text, comments or revisions in Microsoft Word can be handy when drafting a letter, but it’s not necessarily something outsiders should be able to read.
And because lawyers often reuse documents and templates, there’s often no telling how much metadata they contain. “I believe that any time a document goes outside of an office you should strip the metadata,” says Donna Payne, founder of the Payne Consulting Group. “There’s no sense in giving outsiders information you don’t have to.” Payne’s company sells software that identifies and removes metadata.
Alternatively, Microsoft Word users can easily strip out much of a document’s metadata by saving it in the Rich Text Format, or .rtf. Another way is simply to send a document as a pdf file, a popular format for legal documents. Microsoft also offers a plug-in tool that will strip metadata from a document, which users can download free from the company’s Web site.
The ABA has yet to take a position on whether lawyers may look at metadata. However, the New York State Bar Association Committee on Professional Ethics published an opinion in 2001 that says lawyers should not surreptitiously look at another’s metadata.
Lawyers who send documents without stripping metadata also could end up in trouble. “I don’t know of any cases yet, but there is always the danger of malpractice if you’re not careful with client information,” says Polley. “Lawyers can’t plead ignorance when it comes to this stuff anymore.”
He warns lawyers who do peek at metadata that it shouldn’t be taken as gospel. It can be altered, both on the writing and the receiving end, and it might be inaccurate.
“What I have done once or twice is to put information into the metadata for an opposing counsel to read,” Polley admits. “Usually it’s just a little ‘Hello.’ No one has mentioned it yet, but I don’t know if that means they didn’t find it or they’re too savvy to mention it.”
Sidebar
BURIED BOUNTY
Embedded electronic codes called metadata can reveal many things about a computer document. Here are some categories of metadata embedded in a Microsoft Word document:
• Track Changes. Shows changes that have been made to a document, including text that has been deleted.
• Last 10 Authors. Provides names of the last 10 people to have worked on a document.
• Comments. Allows people viewing a document to make comments that do not become part of the text.
• Document Statistics. Lists people who worked on a document, how long they worked on it and how many revisions they made.
• Versions. Displays different versions of the same document.
• Routing Slip. Reveals the names of people who have received copies of the document.
• Template. Reveals information about the origins of a document.
SOURCE: Payne Consulting Group