Fishing for the smoking gun

The shift from dawn raids to e-raids and the use of forensic IT tools in cartel investigations

By Dr. Michael Holzhäuser
DLA Piper

Download article as PDF

In recent years, competition authorities worldwide have begun and accelerated an unprecedented level of enforcement activity against price-fixing and other anticompetitive practices. They have launched sector-wide investigations and coordinated them globally. In addition, the overlap between regulatory investigations and private cartel damage litigation is growing. As a result, more and more businesses are facing multiple investigations of the same wrongdoing by different government agencies, local and foreign regulators, and private plaintiffs. Companies that are either under investigation or conducting internal investigations need to be able to access and examine information in order to assess culpability, respond to the authorities or self-report quickly and accurately. Failure to respond on time, or in a correct and complete form, can lead to severe fines and will certainly prejudice the relationship with the investigating authority. It can also lead lawyers to lose tactical advantages when planning defense strategies. Those days when officials found binders of paper documents in open sight bearing the words “cartel minutes” have long gone. Today, massive amounts of electronic information are being exchanged daily and are pouring from e-mail accounts, smartphones, tablets, social communities and search engines. Data cross borders, take new forms and are housed in virtual clouds. This adds complexity to the review process that challenges and probably overwhelms traditional practices and companies that rely on them.

Smoking gun and …

In the United States, all electronic information is now subject to the (e-) discovery provisions of the Federal Rules and other investigative provisions, just as paper documents were in the past. There is an affirmative obligation by the parties to produce these documents. In Germany, there is no comparable obligation for suspected undertakings to produce documents or records. Rather, authorities must gather the data through witness interviews and dawn raids, which include collecting and sifting through IT data. Typically, investigators recover huge amounts of electronic data from personal computers, servers and other devices. This may well include data that the author thought had already been deleted or that are not even generally available to users (for example, metadata, data in slack space or unallocated space). Unlike paper documents, electronic metadata can provide such additional information as the author or the date the document was created, altered, sent, received, accessed or deleted. Electronic data of this type are precisely what can provide authorities with a wealth of evidence about the conduct of the investigated company. “Smoking gun” documents that provide strong evidence of competition violations increasingly take the form of e-mails and other electronic data identified by the authorities using forensic IT. >> Investigators are technically not allowed to secure legally privileged information << Investigators have broad investigative powers and companies need to be aware that there are few practical limitations on their ability to identify and collect evidence. In theory, there are important limitations on those powers. For example, investigators are technically not allowed to secure legally privileged information and are also not allowed to conduct mere “fishing expeditions” on company records.

… a carte blanche

However, in a recent case (Nexans/ Prysmian, COMP/39.610, T-135/09 and T-140/09), the European General Court did not really sustain those limitations. That case involved claims that the European Commission had copied complete hard drives, had exceeded the scope of the authorized investigations and had therefore violated employees’ rights to privacy and confidentiality of correspondence. The investigated companies filed an action with the European General Court. The court did not elaborate on the lawfulness of the Commission’s measures. Instead, it stated that the companies had to challenge the Commission’s final fining decision before the court, a requirement that creates a high procedural burden on the companies. In practice, this gives the Commission carte blanche to seize electronic data without any repercussions. Finally, it is noteworthy that, in Germany, if the broad investigations disclose evidence that other –> cms-hs.com The secret to your success: an advisor you can trust. Performance driven Our clients trust us because we know what matters to them. We understand the business challenges they face and deliver results that allow them to act more decisively and with greater confi dence. Client-centric Our clients come back time and time again because their needs are always our top priority. A strong service ethos and high level of staff continuity, combined with a commitment to long-term relationships based on partnership and trust, offer maximum peace of mind. World vision We support our clients wherever they need us. Our recognised specialists apply their expertise from both a regional and global perspective. Sharing skills and insights across borders allows us to provide innovative advice backed by professional excellence. In a recent survey of the German legal market, no other law fi rm received as many top ratings from so many companies in almost every area of law and across every region as CMS Hasche Sigle. Kanzlei des Jahres für M&A CMS-1404-033 Business Law Journal 06-06_RZ.indd 1 06.06.14 14:51laws were violated (such as tax or other criminal statutes), that evidence can and will be used to initiate new proceedings. Given the importance of electronic evidence, Commission investigations have rapidly adopted electronic search tools to find it. Last year, after having introduced certain software search tools and having used forensic IT for electronic searches in numerous inspections, the Commission updated its explanatory note on inspections. This spells out the Commission’s powers during e-raids. It also addresses important questions raised by the Commission’s increasing use of forensic IT. These questions include the scope of an investigation, the methods used to gather evidence, the obligation to cooperate, the Commission’s powers to seize storage media, its duty to cleanse IT after the investigation and its jurisdiction to continue the review of data in its own offices after termination of the actual dawn raid. Confirming an already established practice, the explanatory note states that the Commission’s inspectors are empowered under Article 20, Paragraph 2 lit.b of Regulation 1/2003 to search the IT environment of a company under investigation. The Commission’s broad interpretation of the term “IT environment” comprises all data accessible from the company’s premises (including servers located outside the company).

It sounds harmless but it is not at all: storage media

“Storage media” include any sort of hardware such as servers, hard drives, removable and optical media, mobile phones, tablets or other handheld devices with electronic storage. In recent cases, it has become quite clear that the authorities’ investigative focus is not limited to any specific type of storage media. Instead, it targets every sort of media, regardless of its type or structure. As a result, during dawn raids last year, Commission officials even pried into cloud data stored remotely by BP Plc, Royal Dutch Shell Plc and Statoil ASA. Once they have the electronic data, investigators use different sorts of forensic IT tools to analyze them. These include search tools built into computers or software (such as keyword searches on Windows, Word or Microsoft Explorer) as well as dedicated software or hardware. In particular, the use of dedicated e-discovery software such as Recommind (used by the German Cartel Authority) or Nuix (used by the European Commission) fundamentally changes the challenges faced by investigated companies. With forensic IT tools like these, it is much easier for the authorities to copy and sift through huge volumes of electronically stored information (ESI) during raids. Indeed, these tools may give them access to more than they would be entitled to copy if they went through paper documents in the traditional way. During such a raid, the cartel authority will typically copy all accessible data on the company’s hard drives (irrespective of the server location) and will examine the secured ESI by using search terms designed to select documents that are within the scope of the investigation and relevant to its purpose. Those search terms usually arise from information already in the authority’s possession collected through interviews, complaints, leniency applications or any other data that relate to a suspected cartel. However, aside from the defined terms, the authority can add general or specific search terms during the examination.

Defense options for companies

The investigated company must immediately adopt a litigation strategy (or should already have one). Once an e-raid takes place, it should immediately start a parallel investigation of its own. In particular, it should carefully review the same data set that the authority examined to assess its own risk exposure and develop the most effective defense strategy. Typically, a company will use teams of specialized lawyers who are also experienced in handling the practical and legal challenges of a review (such as involvement of the works council or data-privacy issues). The lawyers will review documents for relevance, privilege, confidentiality, fact development and early-case assessment. These tasks, which are essentially carried over from traditional “paper reviews,” can be tackled by most law firms that have dealt with such investigations. >> Once an e-raid takes place, the company should immediately start a parallel investigation of its own << But there are two other decisive capabilities that could be critical to the outcome of the case. The investigated company should therefore attach great value to the limited number of law firms that have: _ A fundamental knowledge of modern legal project management and _ Extensive experience with state-ofthe-art e-discovery software. –> 27 – Cartel law/IT – BLM – No. 1 – June 26, 2014The only way to achieve time and cost efficiencies is with a systematic and structured approach to modern legal project management. This should include a modular concept that assigns various specialized skills to different teams of specialized players: for example, legal advisors, process consultants, legal forensics, and legal IT. The goal here is efficiency, but not just for time or cost savings. On the contrary, in an investigation, time could be of the essence in understanding the scope of the problem and the risks involved. Efficiency is therefore a priceless asset to be exploited in reaching the ultimate outcome.

It is not a miracle. It is predictive coding

Clients who work with law firms that have a sophisticated understanding of ediscovery software can even gain decisive advantages over the authorities. This is because the Commission and the Federal Cartel Authority still predominantly use traditional search term methods, instead of exploiting the full potentialities of state-of-the-art e-discovery software. This software is now able to automatically search data with contextual searching, clustering, prioritization and predictive coding. Predictive coding or technology assisted review (TAR) is a powerful tool for concept-searching and analyzing large volumes of electronically stored information. It is a type of machinelearning technology that combines input from a human reviewer as well as artificial intelligence to help identify responsive or important documents. Using this technology, a case expert reviews a sample of documents and codes the documents as either relevant or not relevant. Based on these relevance samples, the program develops an expanded vocabulary of predictive coding. This essentially means that information can be found even when a defined keyword is not present in the document. The program does so by applying a principal known as statistical learning theory to recognize complex substance patterns in the data and can actively learn from the reviewer’s coding decisions. >> The only way to achieve time and cost efficiencies is with a systematic and structured approach to modern legal project management << Since the software intelligently analyzes content, it can automatically identify relevant documents. This can be extraordinarily valuable for earlycase assessment because a search that relies only on keywords will almost certainly be incomplete. The reliability of predictive coding is best shown by the fact that, in several groundbreaking cases in the United States, courts ordered the parties to use predictive coding software instead of a traditional linear review [Da Silva Moore et al vs. Publicis and MSL Group (No 11 Civ 1279, 2012 WL 607412) and Global Aerospace vs. Landow (L.P., No. CL 61040)]. It may not be the appropriate tool in every case. But knowing how and when to use it to rapidly develop the facts or a deeper understanding of a case can be crucial to the defense of the investigated company.

And there is more to come: phonemic search technologies

Audio documents have also become increasingly important, and the latest revolution in the world of investigations is the use of phonemic search technologies to review audio evidence. Audio evidence, like documentary evidence, can be pivotal to a legal case. A failure to identify and understand this evidence effectively and efficiently can have severe consequences. Triggered by the financial crisis, regulations have been introduced around the world that require financial institutions to record all telephone (including cell phone) conversations and all electronic communications relating to client orders and the conclusion of transactions in the equity, bond and derivatives markets. Authorities have traditionally shied away from the review of audio evidence on grounds of proportionality, complexity and the perceived inadequacy of existing technical solutions. But reviewing audio has now become much more common in investigations. Triggered by the recent prominent investigations into the attempts of traders to rig the LIBOR, EURIBOR and TIBOR, tens of thousands of hours of telephone communications and electronic data (such as online chats used by traders) have been reviewed. Businesses from many sectors have also been affected. For example, in investigating an alleged abuse of a dominant position in the Internet connectivity market, Commission officials simultaneously raided the offices of Orange S.A., Deutsche Telekom AG and Telefónica S.A. and forced their respective CEOs to hand over their own smartphones. The traditional method of analyzing audio evidence is by linear review, where lawyers listen to audio recordings and evaluate them as they play. But this approach is not scalable. Expert legal advisors now use phonetic audio search solutions (such as Epiq Systems) to collect voice recordings for defense purposes, analyze the voice data, cut out the silent spots of the recording, and develop a search/filtering strategy. By using appropriate search tools (such as Nexidia) to identify key phrases, lawyers can prioritize the review, the data can be filtered effectively and potentially relevant audio documents can be exported more quickly into standard review platforms. This enables expert reviewers to analyze the data quickly and get straight to the meat of a conversation.

Conclusion

It is vital for lawyers to keep abreast of these developments and be able to tackle the challenges of dealing with audio evidence efficiently, both in terms of time and cost. Efficient review techniques that combine modern legal project management and state-of-the art forensic IT effectively reduce the costs of prolonged and expensive electronic document reviews. But their use is not just limited to responding to an investigation. To the contrary, experienced lawyers can also use them proactively during self-audits and internal investigations, as such programs can help screen businesses for anticompetitive behavior or investigate a specific incident of potential antitrust infringement. To sum up, compared with traditional reviews, e-discovery review and analysis—in the hands of specialized outside counsel—can exploit innovative investigative techniques. These can help deliver tangible and vital benefits to clients that include _ The ability to control the time and cost of a review much more effectively and _ The ability to reach a reliable risk assessment in a short and predictable period of time, so that outside counsel can develop the most effective and decisive defense strategy

michael.holzhaeuser@dlapiper.com