The Power of One™ .

The Current Landscape for Hyperlinked Files as “Modern Attachments”

One of the biggest challenges and areas of dispute in eDiscovery today is the challenge of hyperlinked files within emails and other messages, which are referred to by some as “modern attachments”. They are causing challenges throughout the EDRM life cycle, from preservation through production of electronically stored information.

Unlike embedded attachments, which are contained within the email and are a static version of the file at the time the email was sent, hyperlinked files are dynamic and may have been changed or even deleted since the email was sent. The handling of these linked files has been disputed in a growing list of case law decisions, and there are numerous misperceptions of the available technology to support discovery of these linked files.

In this post, we intend to discuss the current landscape for hyperlinked files, in terms of the case law associated with the handling of them, as well as current technical capabilities and challenges for handling them. While we recognize that the word “current” indicates that things will change, and indeed they will – rapidly, in this fast-growing issue – we intend to provide a current landscape that will enable you to understand the issues that you need to consider today, as well as what issues you need to consider for the future.

Five Important Case Law Rulings Regarding the Discovery of Hyperlinked Files
Case law rulings are an important driver of how parties in litigation should handle issues related to eDiscovery best practices and we have already seen several rulings related to the issue of hyperlinked files. Here are five important case law rulings that you need to know:

Nichols, et al. v. Noom Inc., et al.: In this March 2021 ruling, New York Magistrate Judge Katherine H. Parker denied the plaintiffs’ motion for reconsideration regarding production of hyperlinked documents to treat them as attachments, as handling them as such wasn’t specifically set out in the agreed upon ESI protocol.
In re StubHub Refund Litig.: In April 2023, California Magistrate Judge Thomas S. Hixson, stating “Litigants should live up to their agreements, especially when they are embodied in court orders, as the ESI Protocol is here”, ordered defendants to produce the linked documents as agreed to in the ESI protocol or “produce for deposition within 14 days after the deadline to complete document production a Rule 30(b)(6) witness with full knowledge of everything StubHub and its vendors did in attempting to produce linked documents as attachments as required by the ESI Protocol”.

In re Meta Pixel Healthcare Litig.: In this June 2023 ruling, California Magistrate Judge Virginia K. DeMarchi ruled that the ESI protocol should make clear that hyperlinked documents should not be treated as conventional attachments for purposes of preserving a “family” relationship in production, but that parties can consider reasonable requests for production of hyperlinked documents on a case-by-case basis.

In re Uber Techs., Inc. Passenger Sexual Assault Litig.: In April 2024, California Magistrate Judge Lisa J. Cisneros ruled that “’Attachment(s)’ shall be interpreted broadly and includes, e.g., traditional email attachments and documents embedded in other documents (e.g., Excel files embedded in PowerPoint files) as well as modern attachments”, but also ruled that Uber was not obligated to produce the contemporaneous version of Google Drive documents referenced by URL or hyperlinks if no existing technology makes it feasible to do so.

In re StubHub Refund Litig.: No, this is not a repeat! Thirteen months after the first ruling discussed above, in May 2024, California Magistrate Judge Thomas S. Hixson stating: “StubHub has demonstrated good cause to remove the requirement that hyperlinked documents should be produced as if they were attachments to emails”, granted the defendant’s Motion to Modify the ESI Order, striking the words “hyperlinks to internal or nonpublic documents” from the section titled “Email, Attachments, and Other Electronic Messages” and denied the plaintiff’s request for sanctions.

While most of the court rulings to date have found that hyperlinked files are not “modern attachments”, several of the courts did direct the parties to meet and confer regarding the handling of hyperlinked documents on a case-by-case basis. With technology changing rapidly in this area, expect the proportionality arguments to change as well, which could change the outcome for future cases. It’s best to be prepared for anything at this point.

What we have witnessed from active current matters is counsel agreeing to produce the linked files as attachments similar to the way we have handled physical attachment to emails and other files.

Current Technical Capabilities and Challenges for Hyperlinked Files
The technical landscape regarding the production of hyperlinked files involves many considerations and currently involves mostly manual processes. However, there are some mechanisms that have begun to automate the collection process, at least partly, for Microsoft 365 and Google.

Trustpoint One has recently taken the originally manual exercise and automated it with development of custom applications that properly download and link modern attachments to their original email (parents).

Microsoft 365 and Purview: In the past few months, M365 and Purview have added a cloud attachment collection feature which will not only collect the document, but it will even collect the version of the document at the time it was sent (i.e., the “contemporaneous version” referenced above), assuming you’ve set up the system through the compliance module to retain those documents. However, it only supports files going forward, not past files, so it may be a few months before we start to see cases involving files set up for cloud collection. Also, you must have an E5 license (either a full license or a Microsoft 365 E5 Compliance license as an add-on subscription) for cloud attachment collection.

Google Drive and Google Vault: In December 2023, Google added the ability for an administrator to automate exporting hyperlinks of Google Drive content from Gmail messages. However, Google doesn’t track the versions of the files, so the only version you can export is the current version, which may not accurately reflect what the parties saw at the time the link to the file was originally transmitted.

M365 and Google are just two platforms where hyperlinked files could exist. There are many other platforms which could have messages with hyperlinks to files, including Slack, Teams and others. It’s important to be aware of the platforms you or your opponent uses and how they currently handle the discovery of hyperlinked files.

There are eDiscovery platforms focused on collection – including automating the collection – from hyperlinked files, as well as general eDiscovery platforms which have tried to address the issue. However, these platforms are limited to what the source solution makes available for collection, which typically is limited in terms of only collecting the current version of the file (e.g., Google) or other limitations. To fully automate eDiscovery of these files to the extent needed, the solution will need to come from these source platforms, not eDiscovery platforms.

In addition to collection, preservation at the custodial level is also a challenge in cloud-based platforms like M365. When you preserve a custodian and all their data locations – such as their email and files within data locations like OneDrive, SharePoint and Teams – you’re only preserving the files that custodian sent – not the files sent to them by other custodians, which are in the data locations of those custodians. These files could eventually be lost despite the issuance of a legal hold for specific custodians.

Five Recommendations for Managing the Current Landscape for Hyperlinked Files
There is no “Staples easy button” for the discovery of hyperlinked files today. And expectations are constantly changing as technology evolves and case law rulings reveal court expectations. Regardless, here are five recommendations for managing the current landscape for hyperlinked files:

  1. Understand where your data is stored: Information Governance is the foundation for all data disciplines (including discovery), so it’s imperative to understand where your data is stored to understand the issues you may face with hyperlinked files.
  2. Keep current with technology capabilities: Platforms like M365 and Google Drive and Vault are continually adding features and capabilities, so it’s important keep current in understanding those changes as they pertain to the ability to automate the discovery of hyperlinked files.
  3. Keep current with relevant case law: There have already been several case law rulings which have impacted how this issue is being handled by the courts, but the issue is still evolving, so make sure you’re aware of the latest rulings that could help or hurt your case.
  4. Address issues in the case early: In the first StubHub ruling above, the defendant agreed to an ESI protocol before realizing the challenges associated with discovery of hyperlinked files. It’s important to address issues and challenges before you agree to anything with opposing counsel, especially when it’s an ESI protocol which can then be entered as a court order.
  5. Meet and confer to resolve differences: Parties on each side of the “v” have strong feelings regarding how hyperlinked files should be handled, or whether they should even be part of discovery at all. Whether you’re the requesting or producing party, it’s still important to try to work with the opposition to resolve issues without court intervention. A hardline approach to the issue may not be taken well by the court if the parties are at an impasse.

 

Managing eDiscovery requires flexibility, and no issue currently illustrates that better than the challenges associated with hyperlinked files. Remain flexible and embrace change, as this is a challenge that will continue to evolve for some time!

For more regarding Trustpoint.One’s Discovery capabilities, click here.