#CaseoftheWeek Episode 43: The Production of Databases and Encrypted Data

Doug Austin of eDiscovery Today returns for another Case of the Week where he discuss the production of databases and encrypted databases. The case being analyzed is U.S. vs. Holmes, presided over by US District Judge Edward J. Davila, and is currently on trial.

Good morning and welcome to our Case of the Week for October 19, 2021. I’m Doug Austin, editor of eDiscovery Today. Thanks for joining me. I’m filling in for Kelly Twigger again this week as she takes some personal time. Thanks again to Kelly and eDiscovery Assistant for allowing me to speak about another interesting case this week.

Through eDiscovery Assistant’s partnership with ACEDS, we choose a recent decision in ediscovery each week that highlights key issues for litigators and those involved in the ediscovery process, and talk about the practical implications of that decision for you, your practice and your clients.

We’ve got another fun case this week, one that’s been highly covered in the news media. In fact, the trial is going on as we speak, and I’ll cover that in a moment.

First, I should note that the link to the decision should be in the comments section of whatever platform you’re viewing us in whether that’s LinkedIn, YouTube, Twitter or Facebook. There’s also a link to eDiscovery Today’s coverage of this case as well. And as Kelly kindly mentions every week, you can also view a link to the 2020 Case Law Year in Review Report that eDiscovery Assistant and eDiscovery Today jointly published earlier this year. We’re getting even closer to the end of the year so it’s worth noting that next year’s report will be even bigger as both eDiscovery Today and Case of the Week have been covering cases all year long. Look for that early next year.

We also invite you to check out the recently updated website at ediscoveryassistant.com, pop over and sign up for the blog to receive our weekly case law newsletter and regular blog posts about all things ediscovery.

With that said, let’s get into this week’s case, which is U.S. vs. Holmes. This ruling was issued by California District Judge Edward Davila, who has 17 case rulings on eDiscovery Assistant. As indicated by the style of the case, this is a criminal case, and it involves Elizabeth Holmes and the company she founded, which is Theranos. The ruling I’m discussing today involves production of an encrypted database. As I mentioned, the story of Elizabeth Holmes and Theranos has been covered a lot in the media, and there’s been several news reports about it, a 20/20 episode and even an HBO documentary about it. I think there’s even a movie in the works.

But as I also mentioned, the case we’re talking about today is currently in trial and has been for over six weeks already. This is an unusual case to cover on Case of the Week in two ways—that it’s a criminal case and then it’s currently in trial. Because it’s in trial and so much has been said about the story online, I’ll really try to confine my comments about the case to a very brief summary of what the case is about and leave it at that and then focus on really the ruling itself and the  ediscovery aspects of the ruling.

If you want to find out more about the Theranos and Elizabeth Holmes story, there’s plenty of information out there.

As a background of this ruling notes, in 2003, at the age of 19, Elizabeth Holmes founded Theranos, which was a Healthcare and Life Sciences company offering blood testing technology, and she served as the company’s CEO from its inception until mid-June 2018. Theranos was touted as a breakthrough health technology company with claims of having devised blood tests that required only very small amounts of blood. It could be performed very rapidly using small automated devices the company had developed. Theranos used a database called the Laboratory Information System (LIS) that housed, among other things, all patient test results and all quality control data at Theranos. Because of its promise, Theranos raised more than $700 million from venture capitalists and private investors, resulting in a $10 billion with a “B” valuation at its peak in 2014. However, in 2015, medical research professors and a Wall Street Journal investigative journalist began questioning the validity of Theranos’ technology, leading to a string of legal and commercial challenges for medical authorities, investors, Centers for Medicare and Medicaid Services, state attorneys general, former business partners, patients and the SEC and DOJ, among others.  The SEC and DOJ expressed interest in Theranos’ databases, including the LIS database, issuing multiple subpoenas and document requests.

During this period, outside counsel from Wilmer Hale represented Theranos in responding to government subpoenas and communicating with government attorneys. Those requests included a June 4, 2018 Grand Jury subpoena requesting the entirety of all blood test lab reports maintained in the LIS database that Theranos provided to its patients and a soft copy or proxy of the LIS database, along with any other proprietary software required to access and search the database.

The next day, according to the ruling,  counsel from Wilmer Hale, emailed David Taylor, Theranos’ general counsel, to touch base on LIS, and suggested that:

Subsequent emails between Wilmer Hale attorneys and Theranos in-house counsel discussed what was necessary to produce a copy of the LIS database to the government. Internal emails between Theranos employees revealed that the LIS database copy would be encrypted and require not only a password but also a private key to access the information in the database. Then, on June 14, 2018, a federal grand jury returned the first indictment against Holmes, where she and former Theranos COO and President Ramesh Sunny Balwani were charged with two counts of conspiracy to commit wire fraud and nine counts of wire fraud. Holmes resigned from her position as Theranos CEO to be replaced by GC Taylor, but she remained the chair of the board of directors.

Anyway back to the LIS Database, on July 25, 2018, the government requested Wilmer Hale attorneys produce the LIS database and any software necessary to access or query it by August 10th. Again, according to the ruling, Wilmer Hale responded on July 30, describing the proprietary third party software necessary to use the LIS database. Wilmer Hale’s response did mention the fact that the database copy would be encrypted and require an additional key to access. That same day, a Theranos employee working on procuring the database copy emailed Theranos in-house counsel, stating, “the other thing to understand is that it’s not just a database. It’s a whole system with layers and applications and data. I’m not sure what functionality it’s expected to have, but if we’re just handing over a database, I’m not sure it will meet the needs.” Theranos in-house counsel replied, “it’s ultimately not Theranos’ problem if our system of storing and accessing data is convenient for outsiders.”

Then we get to the four days that are key within this case ruling. On August 27, 2018, Wilmer Hale produced a copy of the LIS database to the government. Wilmer Hale’s email to the government attaching the transmittal letter included the password, but failed to mention that a private key would also be necessary to access the LIS database. So what happens next? Immediately after production of the LIS database copy, Theranos began moving to decommission the original LIS database at its Newark facility. Theranos began to dismantle the physical server hardware housing the LIS database on August 29th, with the all clear to shutdown arriving on August 30th, and by August 31st, Theranos vacated the Newark facility.

As the ruling notes, at that time Theranos employees’ agents knew that once the system was put into storage, it might be very difficult to resuscitate. A former Theranos IT employee who previously worked as the infrastructure architect for the LIS server, informed Theranos’ IT consultant in August 2018 that if they took the LIS apart, they would not be able to access it again because the encryption key would be lost. The encryption key was located on a disk array, which had a lot of pieces, and when they took the disk array apart, it would have destroyed the encryption key. The disk array was dismantled, of course, when the LIS server equipment was removed.

Within four days after Wilmer Hale and Theranos produced an encrypted database to the government, Theranos decommissioned and took apart the server and disk array. About twelve days after that, Wilmer Hale informed the government that Theranos was probably dissolving that day.

Fast forward a little bit to September and October of 2018, and the government had tried repeatedly and unsuccessfully to access the information from the copy of the LIS database. In March 2019, the government reached out to the assignee Theranos assets,  Sherwood Partners and its counsel, Dorsey and Whitney, with follow up inquiries about how the LIS database came to be encrypted and decommissioned. On March 21st, Dorsey informed the government that Sherwood’s understanding that it was that the encrypted database had since been decommissioned and before the company formally closed, “we were advised that it would be a herculean undertaking to getting it up and running again.”

The government communicated with Dorsey again in October and November 2020, with Dorsey ultimately informing the government that the LIS database was encrypted, that Sherwood lacked the means to decrypt it and that it had been unable to locate an alternative version of the LIS database. As the ruling notes, the parties agreed that for all intents and purposes, the LIS database copy produced to the government could not be accessed without the private key, and the information on the LIS database was lost, perhaps irretrievably.

After all that you would think this is a ruling related to emotion by the government regarding the production of an encrypted database to them, but it’s not. It’s actually a ruling related to defendant Holmes motion to suppress evidence of customer complaints and testing results, as well as findings in its January 25, 2016 report from the Centers for Medicare and Medicaid studies that was known as the CMS Report. Holmes contention was that allowing the government to use that evidence as evidence of fraud after it failed to gather and preserve the LIS database would violate her rights to present a complete defense and to receive due process because the entirety of the LIS database was necessary to refute that evidence.

Judge Davila analyzes the defendant’s motion on two fronts—whether the LIS database is potentially exculpatory, which he calls the threshold question for the court, and whether the government was responsible for destroying the evidence and whether that was done in bad faith.

With regard to the exculpatory value of the database, Judge Davila notes a couple of things. First, he states that the government has throughout this case, maintained its belief that the LIS was either highly inculporatory and could bolster its case against Holmes, as it would potentially corroborate the information that the government intends to present from witnesses or that it was useless to both sides because there’s no indication it contained data reflecting the accuracy of Theranos test results.

Second, while defense counsel in the hearing on the motion stated that Ms. Holmes has always believed the database would be exculpatory in this case, Judge Davila observed that there’s no indication in the record that Holmes ever informed the government of the database’s reported exculpatory value either prior to filing the present motion or prior to the decommissioning of the original LIS database. He also noted that there was no indication that Holmes attempted to rush the government along in its efforts to access the database copy, even though she now criticized the government for its delay.

Even though Holmes argued that the LIS database could have been used to assess the accuracy of Theranos test results, which she claimed was central to the government’s wire fraud case against her, she also didn’t dispute the need for Non-LIS information to draw any firm conclusions about the accuracy of the test results. As a result, Judge Davila rules that the LIS database information alone would not provide a conclusive determination of whether the Theranos blood tests were accurate, and it could just as likely contain incriminating evidence to the contrary. He indicated any exculpatory value is therefore speculative in nature.

That’s essentially game over for Holmes motion, as we’ll see in a moment, but next, Judge Davila turns to the government’s conduct and whether there was bad faith. He shoots that down pretty quickly as well stating the presence or absence of bad faith turns on the government’s knowledge of the apparent exculpatory value of the evidence at the time it was lost or destroyed. Because without knowledge of the potential usefulness of the evidence, the evidence couldn’t have been destroyed in bad faith. He notes that the exculpatory value of the LIS database wasn’t apparent to the government on August 31st for multiple reasons.

Those reasons included first, that the potential usefulness of the LIS data was speculative and the 9th Circuit has not found bad faith in situations involving speculative exculpatory value.

Second, both parties cited 9th Circuit cases that appear to suggest that the government must be the party ultimately responsible, whether through affirmative action or inaction for the destruction or loss of the potentially exculpatory evidence. Judge Davila draws the obvious conclusion here saying, “here the government did not lose or destroy evidence in its possession. The only entity in possession of the sole working version of the LIS database was Theranos up until it dismantled the database hardware, destroying the key and rendering the original database and usable as well. The government thus never had true possession of the LIS database in the first instance, and there is no dispute that the government played no role in the decommissioning and dismantling of the original LIS database.”

There he rejects Holmes argument that the government should have looked at the LIS database copy immediately upon receipt, and that if it had it would have realized there was a problem, then they could have raised the issue with Theranos or Wilmer Hale, and either of those two parties would have informed the government that an additional key was necessary and provided it. Judge Davila failed to find it reasonable to expect all these measures to be accomplished within the four days before Theranos decommissioned the LIS database, noting there were no facts suggesting the government was aware that Theranos planned to decommission the database and dismantle its hardware on August 30th, and that Holmes didn’t cite any case law that illustrated failure to look at the evidence within four days was unreasonable. He noted that a brief delay of four days hardly even approaches negligence, much less bad faith or due process violation.

Fourth, he rejected Holmes’ argument that the government could have reconstructed the LIS database, noting that even if the government had been able to resurrect the physical database hardware, it would have lacked still the encryption key, making their conduct after August 31st irrelevant.

Finally, he rejected the argument that the government failed to preserve evidence, noting that the government sought production of a presumably functioning LIS database, but Theranos knowingly and without comment produced an inaccessible copy. Still the government preserved the unusable evidence that Theranos produced and still has the nonfunctioning copy. It was a copy of which they provided to Holmes as well. Presumably Holmes couldn’t access it either.

Those are how he’s continued to address the Holmes’ arguments with regard to excluding evidence.

Holmes also requested two other things—an evidentiary hearing on the topic and further production on the matter. The request for an evidentiary hearing asserted that a factual dispute exists as to who bares responsibility for the loss of the LIS database and that someone might be able to reassemble the original database. The Court should therefore hold an evidentiary hearing to explore whether that’s a viable course of action. Judge Davila found that no material factual disputes existed in either case. Instead, an evidentiary hearing, therefore, would be fruitless.

He also rejected her request for further production on the matter, stating the information wasn’t relevant for the reasons stated above, and that Holmes hadn’t indicated why any of the information or evidence she sought was relevant, was helpful in establishing her defense, not cumulative or not exempt from disclosure due to deliberative privilege and or work product protection. Rejecting both of these requests was important because this ruling was on August 4th of this year, and the case was going to trial on August 31st. Either of these would have presumably resulted in delaying the start of the trial.

Let’s talk about takeaways. The first takeaway is that Judge Davila, like Judge Cole last week, rejected the defendant’s request in multiple ways. He rejected it from a standpoint of whether the LIS database was exculpatory, observing that at best it exculpatory value couldn’t be determined. That would have been enough right there to deny Holmes motion. Then he proceeded to find several other reasons deny it as well, debunking the idea that the government was responsible for the loss of the evidence. That it should have looked at the evidence right away. That it could have reconstructed the evidence because reconstructing databases that are encrypted is easy, right? That the government failed to preserve evidence by showing that the government actually did preserve their copy of the unusable LIS database and even shared a copy of Holmes.

That’s one takeaway. The other takeaway is about the form of production of the evidence itself, the encrypted database. There are two aspects to that.

The first is the fact that the evidence is encrypted. Believe it or not, producing encrypted evidence is actually more common than you think, and productions are provided in an encrypted form often. I’ve worked on several cases that involved protected health data that was subject to HIPAA requirements, and we were required to use a HIPAA compliant encrypted hard drive to produce that data to protect it. Obviously it’s not necessarily uncommon to produce data in encrypted form, but what is not common, of course, is failing to produce the encryption key along with the encrypted data and then decommissioning the only working copy of that data within a few days. Certainly Theranos rendered the production unusable when it decommissioned the original database. The takeaway aspect of that is that while the data was produced encrypted, producing encrypted data is not really uncommon at all.

The other aspect, and I think is one of the notable ones here, from a discovery standpoint, is the production of databases in discovery. There’s no other way to say it—production of databases is messy. That’s reflected in the comment by the Theranos employee who told their GC that it’s not just a database, it’s a whole system with layers of applications and data.

That’s a big part of the challenge here. We don’t know any of the details of the LIS database from the ruling here in terms of the software being used, other than it was noted to be proprietary, or the database management system being used, whether it was SQL Server, Oracle or some other DBMS. There’s a lot involved in producing a database because the database has a lot more than just data.

Take SQL Server, for example, the components of a SQL database are defined as objects, and there’s many types of potential objects in the SQL database. They can include things like tables, views, stored procedures, functions, constraints, rules, schemas, indexes, and triggers. That’s just the database itself before you add any top level application layer to it. It can include the data, different views of the data, and programs and mechanisms that can actually be applied to the data right from within the SQL database itself.

Often the application layer and the database work hand-in-hand to support the functionality of the platform being used. Not only that, there have been several versions of SQL Server released over the years, and they’re not all fully compatible with each other unless the compatibility level is set to support the version of SQL Server you’re using.

There’s a lot of variables before you even get to the application layer, which we consider to be the software. Of course, that doesn’t take into account things like the hardware requirements to run the software and database, which often entails multiple servers to replicate an enterprise level database solution.

Again, we don’t know the full details of what was requested by the government. All we know is they requested Wilmer Hale attorneys produce the LIS database and any software necessary to access or query it. Did they have discussions on the specifics of the database with Wilmer Hale and possibly Theranos and request the specifics? Or did they just request the database on the software? It sounds like the latter, but we don’t know for sure. It’s important to note that production of databases is messy, so parties often agree to produce information from a database itself instead of the actual database. That can include the information and often does include the information in production of reports and even screenshots from the software platform. Or maybe data dumps of data from the database, which could be provided as an Access database to preserve as much of the relational database structure as possible, or it could be flattened and produced as an Excel spreadsheet.

Information in that form is often easier to deal with, and it’s more of a near native form that can still be considered usable in discovery. Occasionally, it may be determined. The only way to fully understand the information in the database is to reduce the database itself and access it with the software application layer and use it the way trained users have used it. That’s not as common as agreeing to produce information from the database as opposed to the database itself, at least in my experience.

The takeaway for requesting production of databases is know what you’re asking for. That involves gathering information about what’s in the database, exploring alternatives for getting that information without requiring the database itself to be produced. If you decide that you have to have the database itself as a form of production, it’s important to understand and request everything you need to install and operate the database, including software and hardware requirements, specific software and database versions, training materials, and so forth.  Most importantly, on your end, you need the expertise to operate it. You need to keep that in mind if you’re thinking of requesting production of a database in discovery.

We’ll be back next week with another episode of the Case of the Week from eDiscovery Assistant.

If you’re an ACEDS member and interested in using eDiscovery Assistant, there’s a discount available to current ACEDS members and a free trial for folks taking the ACEDS exam. If you’re interested in either of those, send an email to aceds@ediscoveryassistant.com and one of the team will be in touch. If you’re interested in doing a free trial, eDiscovery Assistant case law and resource database, […] sign up to get started.

Thanks once again to Kelly Twigger for letting me keep the seat warm for her and thanks again to eDiscovery. Assistant and ACEDS as well. Have a great week and stay healthy and safe out there.

Watch Next Episode Live

#CaseoftheWeek streams live on the ACEDS YouTube, Facebook, Twitter, and LinkedIn company pages. Subscribe to the ACEDS social channels to be notified when we go live.

Catch the Replay

You’ll be able to read episode summaries and watch the recorded show right here on the eDiscovery Assistant blog or access the recorded versions from the ACEDS social media channels.