Chain of Custody: An Interview with HAYSTACKID CTO Jeff Stevens – Pt. 1

6504085395_03348c6dd4_z

Photo courtesy of Barbara Willi

The chain of custody has long been a sacred element of litigation. In this age of mass digitization, though, suffice it to say that each stage of the chain – and even the creation of evidence – is a bit different today than in the past.

HAYSTACKID Chief Technology Officer Jefferey Stevens has been working in chain of custody and evidence management side of litigation for the better part of two decades. His long history of engagement with these matters before and during the rise of electronically stored information and the explosion of device diversity makes him a valuable source of insights.

We recently sat down with the CTO to learn about some of the basic and more complex matters involved in chain of custody. In this three-part series, Mr. Stevens will take us through a variety of matters related to the chain of custody, beginning with the basics and his experiences with relevant activities.



HAYSTACKID: Good morning Jeff. How are you today?

Jeff: I’m doing well, how are you?

Doing well as well, thank you. So let’s get right to it – tell me what chain of custody entails in your eyes.

I guess the definition, when it comes to a litigation, would be first monitoring who has ownership, control, or the ability to make any changes to a particular piece of evidence. Then, you’ll have to have records of any and all changes that might have been made, where the evidence was at every moment since collection, and virtually any movement or manipulation.

Basically, this is the process of ensuring that you have solid, tangible logs and records of the evidence’s history ready to go at any point in time. That’s the 10,000-foot view of what I see chain of custody as being.

A lot goes into this process and, given the ways in which evidence is gathered and preserved today, most people want to ensure that a third party is in control of chain of custody for obvious spoliation reasons. That’s how I would define it, broadly speaking.

Okay, so when did you start working with evidence?

Probably in 2000.

So you’ve been working with it for a long time.

Yes. I started at a law firm, so I was handling the evidence received from clients.

So you must’ve seen some pretty big changes over the past 17 years.

Just a few, haha.

Haha, I’m sure.

Well when I started, discovery wasn’t – it was a thing, but it wasn’t what it is today. It was primarily paper. For example, when you needed an email, someone would usually print it out and give it to you. They weren’t giving you the .pst or .ost or other forms of data files associated with the email. What would be even rarer would be someone coming in and conducting a collection for you. You’d get what’s relevant from a custodian, usually in paper form, and you would simply only have what was provided.

So participation of vendors was not really evident at that stage.

No, though I will say I was involved in construction litigation, and maybe it was more specific to that area. It was definitely paper-intensive, a lot of change orders. A lot of what it circled around was emails, those were printed out. It was somewhat lax in many ways. You kind of had all an exchange of emails, with each party providing the ones that were important to them, and not much standardization or strict governance.

But it wasn’t a third party coming in and collecting everything. Once the search terms and everything else was produced to the other side, it seemed like there was a lot more cherry picking at that point.

Do you think that the scale aspect of today is the biggest change?

Oh, definitely. At least where I was, in construction, it was very paper intensive. The chain of custody was almost entirely dependent upon the paper trail. Everything had to be signed, if it didn’t have a signature it was pretty much moot. Emails didn’t have the same clout that they do now.

It didn’t matter if you had an email saying something that was unequivocally important and pertinent to a case, if you didn’t have the signed agreement saying it, it didn’t really matter. And maybe that’s why email wasn’t as important, or any kind of a big deal at all back then.

But now there’s more importance placed on those types of communications, right?

Yeah, I think now email has become almost a replacement of sorts for those traditional memos, business documents, or anything else that might have been your official record. Now all of that can, and often is, in email form. Before, email was considered a bit more informal, not official in any sense, similar to instant messaging today.

Now, email has become official and often critical to litigation procedures, including within collections and the chain of custody.

I wrote for a construction software provider once, and I remember finding stats that indicated the industry, still to this day, is further behind the digital train than any other industry.

They’re probably still heavily dependent on paper and traditional records. It was very much a process back then, maybe it’s been, I mean it used to be you just print out a piece of paper, actually sign – physically sign, the building financier or owner would review it, give it to the general contractor, if they needed to give it to the sub-contractor quoting on a project scope, that happened.

But without each of those steps occurring, it was almost like nothing happened. If you couldn’t find a piece of paper, it was sort of a big deal.

Alright, before moving on to more specific matters pertaining to today’s demands, and how HAYSTACKID gets the job done, why is accurate tracking of chain of custody so important?

I guess I hate to say it but back then, the evidence was more pertinent on a per-piece basis, because there’s so much more to it now. But because there’s so much more to it now, I think it’s easier to manipulate – because who could remember every email they sent or received? Before, when everything was hand-signed, things were handled in a much different way. I think people still give more care to what they physically sign as opposed to what they send or receive over email, despite the fact that those emails could hurt or help them just as much now as paper did back then.

Chain of custody is important because you can make or break or change a case by adding something very small into an email or document, some sort of manipulation that now, when it’s presented to the court, it can provide a significantly different context. Probably harder to manipulate a scanned document, a signed document, compared to a document where you can just go in and change it, print it out and it’s done.

Which now leads into why third parties have become an important part of that chain of custody. Those that don’t have a stake in the outcome of a case can dictate whether you win or lose. The vendor almost becomes the custodian and protector of it in a way.


Come back for part two of our interview with Jeff Stevens!

2 comments

  1. […] segment of this three-part series, Chief Technology Officer Jefferey Stevens explained some of the chain of custody basics, as well as the way it has evolved over the past two decades. We left off with a brief note on how […]

  2. […] CTO Jefferey Stevens on modern chain of custody management. In the first part, we discussed some of the basics, while the second segment took a deep dive into third party responsibilities and the technologies […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: