Metadata: Protect Against Hidden Dangers
Peter Mierzwa is an attorney and general manager at Law Bulletin Publishing Company in Chicago. He can be contacted at firstname.lastname@example.org.
Whenever we create documents on our computers, the computer programs we use track what we are doing. They track who created the document, when it was created, how long they spent, how many words there are, when it was last edited, and much more. This information is called metadata. The common definition for metadata is data about data, which is not very helpful. One federal court defined metadata as describing “the history, tracking, or management of an electronic document” and including such useful information as file names, location, format, creation and access dates, and user permissions. (Williams v. Sprint/United Mgmt. Co., 230 F.R.D. 640, 646 (D. Kan. 2005))
Although metadata is contained within the documents you create, you cannot see it. You need to look for it. It is embedded in computer files about your document. These files are called OLE or “object linking and embedding” storage. The critical characteristic of OLE files is that they travel with the document wherever it may go. The following are examples of metadata that may be in your documents’ OLE files:
• your company or organization name
• the name of your computer
• the name of the network server or hard disk where you saved the information
• other file properties and summary information
• nonvisible portions of embedded OLE objects
• the names of previous authors
Identify the Hidden Danger
In Microsoft Word documents, two popular features create major metadata risks: Versions and Track Changes. The Versions feature will save a new version of the document in the OLE, often automatically without giving you notice. The risk here is that using a form document that had the Versions feature activated would record all prior versions of your work, including any client confidences. This information would be accessible by the receiving attorney.
The other feature creating metadata risks is the Track Changes feature, which allows parties to work collaboratively on electronic documents. Track Changes allows us to send draft documents for comments to cocounsel, the client, and even opposing counsel, then review those changes and either accept or reject them. The risk with Track Changes is that it can be set to keep changes hidden. With the hidden text option turned on, the person editing the document can make changes without knowing that those changes and the original text have been stored.
Much of this metadata appears innocuous enough on its face. In the context of litigation, however, metadata has often provided “smoking gun” evidence. Metadata can provide an electronic paper trail of who touched the document and what the person did. Imagine testimony that a document was created and sent on a particular date or that only one person worked on that document. A quick look at the metadata could reveal the truth and provide powerful ammunition for cross-examination.
Metadata is hidden for a reason. This is not information that you intended as part of your final document. The ability to view metadata raises ethical questions for the sending attorney and the receiving attorney. Although this article will not address these ethical issues, attorneys should familiarize themselves with ABA Formal Opinion 06-442, as well as any opinions from their own states about viewing metadata.
If you are producing a document, you can certainly take steps to ensure that you do not disclose confidential information. The ethics opinions suggest that it is your responsibility to your clients not to transmit damaging metadata.
There are a number of methods to prevent metadata from leaving your computer:
- Convert the data to Adobe Acrobat PDF format, which turns your multilayered document into a flat image with some basic metadata. If your recipient has the full version of Acrobat, they will be able to append comments via the extensive commenting features.
- If you have the new Acrobat 8 Professional, there is a built-in, user-friendly metadata removal and redaction tool that will search for and permanently remove selected data.
- Print the document and then scan it to PDF. The recipient will not be able to alter or access the original.
- Both Microsoft and Corel have metadata removal tools that work with their word processing and other programs. (See downloads at Microsoft.com; WordPerfect X3 includes a “save without metadata” function.)
- Third-party products such as Metadata Assistant, iScrub, or Change-Pro Metadata Suite allow you to remove metadata from individual files. Each integrates with Microsoft Outlook, allowing removal of metadata from emails before sending. (See www.payneconsulting.com; www.esqinc.com; and www.litera.com.)
- You can copy all the text and paste it into a new document, but you risk losing formatting. Also, be sure that you have reviewed any tracked changes and accepted or rejected those changes. If you fail to accept or reject the tracked changes, they will be copied into the new document.
- Where you don’t have to provide an electronic version, faxing or mailing the document is the best option. However, this “hardcopy” option is disappearing.
- Ethics & Technology 2006: How Not to Commit Malpractice with Your Computer (Audio CD Package). 2005. PC # CET05HNCC. Center for CLE and Law Practice Management Section.
To order online, visit www.ababooks.org