Attorneys: Be Aware When Reviewing Emails in Outlook

We are well aware that the use of Microsoft Outlook to review email is a convenient and low-cost method to review small volumes of email. However, this method is laced with potential issues that just aren’t worth the risks – and there are risks. This article addresses some of these risks to hopefully encourage the use of better technology to review email, or at least educate you enough to understand the risks.

Email Scenario

So your client produced his or her email for you to review in a PST format (Microsoft Outlook Email Database). You are already proficient in the use of Microsoft Outlook as it likely already dictates much of your day. Either you already know how to attach this file to Outlook or your IT staff will do it for you. You have the email loaded and you are ready to begin, but before you start, let’s talk about keyword searching.

Google has been a great asset to our culture in many ways. For the litigation field, it has inadvertently educated you how to perform Boolean searches. When you search Google for “Trade secret theft” and “Case Law” in the same query, you have performed a powerful Boolean search. However, Boolean search features such as this are not as intuitive in Microsoft Outlook and require extensive effort to execute. Difficulty performing Boolean searches is the good news. The bad news is that Microsoft Outlook, by default, will not search the contents of attachments for the keywords. Your searches will only address the email fields and the contents of an email message, which could potentially omit responsive information. We will visit the danger of attachments later in this article.

The read receipt option on sent emails presents another concern. If an unread email you are reviewing has the read receipt option set, your review of that email could inadvertently send a message to the sender that the email has been read. Consider the implications for that for a moment. There is one instance in which the custodian was deceased and his widow received a read receipt “from beyond the grave”.

Email Metadata

There are some instances in which the metadata aspects of an email are important. These details could include whether the email had been read or the Outlook folder structure in which the email existed. Examples that we have encountered amplify the significance of whether or not a critical email had been read and the archive location of where an email existed. Reviewing and modifying the metadata of these emails could alter critically important information.

If you are working from the PST provided by your client and simply “deleting” the emails that are not responsive, they are not gone. If that PST is provided to opposing counsel, it may still contain those emails unintended for production. Email databases such as PSTs work the same way that computer hard drives work in that the deletion of the email does not mean the email is gone. This even applies to the infamous “double-delete”. Leveraging computer forensics methods, these deleted emails are potentially recoverable unless extra efforts are taken to ensure their destruction.

Lastly, we want to cover the risk to your computer and the computer network of your law firm. I serve in various roles as an “expert”. These roles include eDiscovery expert, computer forensics expert and incident response expert. I know what you are thinking, “spread a little thing aren’t ya?” Not really, each of these disciplines is based on the same objective, handling large volumes of information to determine what is important to the objective at hand. A large majority of today’s threats to computers and computer networks are introduced via hyperlinks and attachments that are sent via email. The computer security term for this type of attack is “phishing“, and it is very effective. These malicious hyperlinks and attachments are designed to infect computers and networks with malware that both disrupt computer networks and permit unauthorized remote access to the attackers.

Anti-Virus Effectiveness

Please understand that on average, your anti-virus software will be successful in stopping a whopping 20 percent of these attacks. When reviewing email with Outlook, you will be susceptible to these attacks that were sent to your client via email. To make matters worse, you don’t even have to follow the link or open the attachment in some situations. Depending on system configuration and patch level, the email simply being rendered in the auto-preview pane can download malicious software to your computer.

The solution to these issues is simple; use technology designed for the review of electronic information. If it isn’t clear by now, Microsoft Outlook was not designed to for legal review of email. For email review that provides more advanced functionality such as multiple reviewers, advanced searching, data analytics, on the fly redaction and embedded production capabilities, choose a more advanced review platform. For assistance in determining the technology that is best suited for your situation, please contact us. Given adequate advice, the costs will be lower than you anticipate.

On the surface, Microsoft Outlook appears to be a low- cost solution to review email in various matters. However, you should be aware of the issues that accompany this decision: inadequate searching capabilities, the altering of metadata, read receipts, the potential recovery of deleted emails from productions and the inherent computer compromise issues. When considering the facts, it is strongly suggested that you choose a review platform that is designed for your needs.

Comments are closed.