Gone But Not Forgotten: The Curious Dormancy of Metadata
Peter G. Yelkovac, Attorney at Law
Medical students are taught that certain viruses tend to take refuge in cells and live a latent existence long after symptoms have cleared. In many cases, such viruses remain dormant for the life of the patient. In other cases, they may spring back to life at an inopportune time.
Nearly every technologically literate person knows that viruses can attack a computer. Fortunately, such attacks are easily eradicated by automatic protection programs that capture and expel the offender forever. Few computer users, however, are aware that the mere use of a computer may create different type of organisms which, like a virus in a human cell, are not so easily discarded.
These organisms are commonly referred to as “metadata.” Chock full of information about documents and other user-created items, metadata remains on a hard drive in a dormant state long after a computer’s delete button has been pressed, the recycling bin emptied, and the cache eliminated. Metadata lie in wait, ready to resurrect themselves upon the mere insertion of a special recovery program into the drive of the computer.
In essence, metadata consist of such attributes as the title, author, content, location, and dates of the creation and revision of electronic documents. But metadata may also allow an unintended viewer to gain access to edits and changes that have been made to a document, such as deleted text and comments appearing in connection with the “insert comments” and “track changes” features of popular word processing programs.
Metadata are made visible – and are easily retrieved – by special viewing software. Accordingly, when using word processing documents or creating files in other software programs, care must be taken not to equate the word “delete” with the words “gone forever.”
Interestingly, and of consequence to public entities and their employees, a few state supreme courts have already ruled that metadata may be subject to public disclosure under their respective states’ open-records laws (often known as “sunshine laws” or “freedom-of-information acts”). For example, a Microsoft Word document received by a public hospital will likely contain metadata from the individual who created the document and from anyone who edited it. Under a particular state’s open-records law, the public may have a statutory right to access the metadata to view all the iterations of the document. If this document were a negotiated contract that traveled between different entities or individuals and underwent a number of revisions, the public could be privy to sensitive or private information revealed through an analysis of the contract’s metadata.
Moreover, courts have decided that the disclosure of metadata may be required as part of the information-gathering phase of litigation, known as “discovery.” A plaintiff’s attorney suing a physician for medical malpractice may be able to demand from the physician, the practice, and the medical care facility all documents regarding the subject matter of the litigation in their native form – that is, including their metadata. It is likely that a court would, upon request of an attorney for the plaintiff, order the disclosure of such electronic documents. Similarly, a physician should assume that such metadata are subject to subpoena.
Indeed, courts have severely punished parties for destroying metadata during the discovery phase of a lawsuit. For instance, in the very recent Pennsylvania case of Papadoplos v. Schmidt, Ronca & Kramer, PC, a married couple sued their former attorneys for legal malpractice. The couple contended that their attorneys failed to diligently pursue claims of alleged medical malpractice against a hospital relating to treatment received by the female spouse. During the discovery phase of this legal malpractice case, the defendant’s attorney learned that the couple had previously created documents that were critically important to establish the timing of certain events. The couple produced to the defendant’s attorney a CD-ROM containing copies of these documents. However, because the dates of the creation of the documents were essential facts, the defendant’s lawyers demanded that the documents be provided in native form – i.e., including metadata – in order to uncover the underlying details of the documents, such as the dates upon which those documents were created and modified. The couple, however, failed to respond to demands and court directives to produce the hard drive containing such details. Ultimately, the court determined that the hard drive had been willfully destroyed by the plaintiffs. As a consequence, the court dismissed the lawsuit, noting that “[n]ow we will never know when the documents were created, as Mr. Papadoplos has willfully destroyed the only evidence that would provide the answers to Defendants’ questions.” In essence, the destruction of metadata destroyed the plaintiffs’ entire case.
Interestingly, the American Bar Association recently issued an opinion regarding the ethical propriety of attorneys’ viewing of metadata. The ABA’s opinion, which is not legally binding but certainly instructive, noted that the ethics rules as applied to attorneys do not prohibit an attorney from studying the metadata that accompany a received electronic file. Thus, an attorney may search metadata for such details as changes, deleted text, and/or previous comments made within a document.
Computer users are not completely powerless to tackle the existence of metadata. Certainly, hammering a hard drive to smithereens before attempting to create a document is inherently self-defeating and will result in no documents but an expensive pile of flat hard drives. On a more serious note, records preservation laws and regulations may require the preservation of hard drives, such as in the event of the threat or initiation of a lawsuit. In such cases, the inability of a party to produce its hard drive may well lead to severe consequences, as the Pennsylvania couple learned upon the dismissal of their lawsuit against their former lawyers.
Thus, Computer users seeking to prevent the creation of metadata, or to determine whether metadata already have been created, should consult a competent computer professional who is able to provide assistance in determining which, if any, metadata exist as the result of the use of software. Additionally, user guides of some computer software programs contain explanations of protocols used to disable respective metadata-creation mechanisms. Finally, persons with specific legal questions or concerns regarding the existence or impact of metadata upon them should consult competent legal counsel for guidance.
Forensic computer investigators have known about metadata for many years, but as the concept of metadata becomes more widely understood, members of the press, the public and litigants will also become increasingly savvy about metadata. Therefore, medical care providers and their staff who use computer software programs are well advised to remember these dormant-but-not-forgotten organisms.
NOTE: This posting is not intended to constitute legal advice but, rather, to serve as basic information regarding a legal topic of interest to medical professionals. Accordingly, readers are advised to contact competent legal counsel with any questions or concerns about metadata.