Does the duty to preserve potential evidence require you to save your Internet cache? A district court in Pennsylvania recently addressed this issue, and, indirectly at least, said NO. Healthcare Advocates, Inc. v. Harding, Earley, Follmer & Frailey, 2007 WL 2085358 (E.D. Pa. June 20, 2007). The court held that the defendant’s automatic and unwitting deletion of cache files did not constitute spoliation, and did not warrant any kind of sanctions, even though potential evidence had been destroyed. The court did not squarely hold there was no duty to preserve Internet cache per se; instead, it held that, in this case, the destruction of evidence contained in the temporary cache files was accidental, and was not prejudicial, so no sanctions were appropriate.
In my opinion, the court here got it right, and in most cases there is no need to take the time and effort required to preserve cache files. Still, there may be rare exceptions to this general rule where you should save cache; for instance, if an employee is fired for viewing porn-sites at work and then he or she immediately files suit. In this circumstance, Internet cache files would provide critical evidence, and the custodian of the computer should save the cache. Assuming the employer knows about Internet cache, then they would want to preserve the cache, because it proves what websites have been visited on a computer. Of course, if the employer does not know about cache files, and how they can be automatically deleted, much like the law firm defendant apparently claimed in the Healthcare Advocates case, then they would not know to save their cache. Can you breach a duty to preserve evidence that you did not even know existed, much less was in danger of destruction? That is a difficult question that was not really answered by this case. The answer depends on whether you think the party, or their lawyer, should have known about cache files, such that it was negligence, perhaps even gross negligence, not to preserve these mystery files.
Most of the readers here will know what Internet cache files are. But some may not be sure, so let’s start with a wee bit of technical background. Internet cache is not a misspelled “Pay-Pal” money thing, it’s a temporary storage area where frequently accessed data are placed for subsequent rapid access. It can be RAM memory type cache, or it can be cache that is written to a drive. The Internet cache files we are talking about here are of the latter variety. Microsoft calls this kind of cache “Temporary Internet Files.”
As you know, when you “go to” an Internet website, the website is actually coming to you. Copies of the website files are transferred from the web server computer to your computer. These files are actually downloaded and saved to your computer hard drive. (There are of course some exceptions to this for some website content, such as streaming video and the like, but as a general rule this is how it works.) These html and related web files are then viewed with your browser software, such as Microsoft’s Internet Explorer, from your own computer. The place where the downloaded web files are stored on your computer is called the “Internet cache.” Many people do not know that when they leave a website, and go someplace else on the web, the website itself remains lurking and hidden on their computer.
The Internet cache web files are stored on your computer because you may return to that same website again. If you do, and you point your browser to the same address, the browser will know that it already has the web in its cache, and so will not actually go out and fetch it again from the remote webserver. That could take some time. The browser will instead just display the web files you have already visited and stored in your cache. It is much faster that way, which is the whole point of a cache. Of course, in the meantime, the web may have changed, and you may not know it because you are looking at the web you previously downloaded. No worries, however, because you can defeat that, and force the browser to go out and get the file again from the webserver, by simply using the refresh file function.
You may wonder where these Internet cache files are stored; for if you do not know that, it is hard to preserve them. Assuming you are using Explorer, go to the “Tools” menu at the top, and select “Internet Options.” The first “General” page will have a “Browsing History” section. In Internet Explorer 7, you have the option to “Delete temporary files, history, cookies, saved pass words and web form information.” If you hit the “Delete” button you will erase all of the Internet cache files, the history of the webs you have visited. To the right of the “Delete” button is the “Settings” button. Go to the “Settings” page (the Explorer 6 version of this page is shown in the graphic below) and you will find choices for storing Internet files, meaning how often the browser will check to see if the web page has changed from the version stored on your disk. The Settings page also shows where these files are currently located. That is the location of your Internet cache, a/k/a your Temporary Internet Files folder. It will also allow you to specify how much space you want to allocate for the cache. When that limit is filled it will start writing over the old cache files. You can choose from between 8 to 1024 megabytes. Many people max out to the 1024 limit because space is plentiful and cheap, and the more cache the faster your web browsing.
The default location for the Internet cache is usually something like what is shown above: “C:\Documents and Settings\v-megans (the user’s name)\Local Settings\Temporary Internet Files\”. But you can change that to be any location you would like. On this same menu, you can also choose to view these files. At the bottom of this page, Explorer allows you to specify how many days to save “the list of websites you have visited.” This is not a full cache of the websites visited, just a list of the addresses.
The above summary is not intended to be complete; there can be many variances depending on browser software and other configurations. In addition, other files are cached when the Internet is used, most especially for email, where copies of all emails sent and received may be stored on disk in other locations depending on the software utilized.
Back to the Healthcare Advocates case: it involves some very interesting facts, albeit a farfetched complaint. I do not have all of the facts underlying this law suit (some are filed under seal), but from the court’s opinion, it appears that this is little more than a sour grapes type of spite suit. To understand this case, you have to understand the one that preceded it. There the same plaintiff, Healthcare Advocates Inc. (hereinafter “HAI”), sued a competitor for trademark infringement and trade secret misappropriation. HAI lost this case, in large part because of excellent lawyering by the defendant’s attorneys, the law firm of Harding, Earley, Follmer & Frailey (hereinafter “Harding”). Harding used the very handy service found at archive.org called the “Wayback Machine.” If you are not already familiar with this web and service, I suggest you check it out. The archive’s Wayback Machine allows you to view prior versions of websites that have been saved by archive.org. It is a very good way to determine what trademarks and other materials were actually in use by a company in the past. Harding used it to find out what HAI’s website had looked like in the past. The old versions of HAI’s web proved to be very powerful evidence against HAI, and they lost their case by summary judgment.
So what did HAI do next? They filed yet another law suit, this time against their competitor’s attorneys, the Harding law firm. Unbelievable, but true! What horrible things is the law firm alleged to have done? HAI accuses them of violating their copyrights by “hacking” the Wayback Machine so as to download old versions of their website! Never mind that there was no evidence of hacking, and Harding only used the archive.org repository the way any good law firm would: to find the truth and defend their client.
To add insult to injury, HAI tried to dress up this second case with charges of spoliation based solely on Harding’s failure to preserve the Internet cache files of the old HAI’s web pages. HAI even had the audacity to argue that the law firm should have stopped using their computers altogether so that the temporary cache files would not be lost. In their losing cross-motion for summary judgment, HAI’s lawyers got carried away, again, and argued that Harding’s failure to stop using their computers to preserve the Internet cache was such a bad act of spoliation that it “shocks the conscience.” Here is the understated way the court responded to these arguments:
The Harding firm had no reason to anticipate that using a public website to view images of another public website would subject them to a civil lawsuit containing allegations of hacking.
Thus, the failure to immediately remove computers that the firm used every day, when they had no reason to believe that their actions would subject them to a lawsuit for “hacking,” is not an action that shocks the conscience.
I am pleased to report that this second suit has been dismissed too, again by summary judgment. Obviously it was a “fair use” by the law firm of the discontinued copyrighted web pages, and not even close to a copyright infringement. Moreover, the spoliation charges were just as bad. It is not clear from the opinion, but I think that Harding knew full well about Internet cache files. It is after all a group of Phildelphia lawyers specializing in intellectual property law. Harding simply choose not to preserve these files because there was no reason to save them. They had already printed out all of the webs, and used them in evidence. Why should they also preserve the cache? The whole suit by HAI is just plain bizarre. The court agreed, and found no prejudice at all to the plaintiff from the deletion of the cache files.
There are two more things that surprise me about this case. First, Internet Archive, the non-profit group behind http://www.archive.org, was joined as a defendant to the case. That is not surprising given HAI’s obvious litigiousness, but it is hard to understand why the archive group settled with HAI, instead of moving for summary judgment. Apparently, they were concerned because their exclusion policy, which supposedly allows any website to opt-out of the archive and its Wayback Machine by the use of a robots.txt file, did not work in this case. HAI had, for obvious reasons, tried to have its web excluded from the archive before it filed the first law suit against its competitor, but the exclusion failed and Harding was able to get at the truth. The terms of the settlement are confidential, so we can only speculate why Internet Archive preferred to settle. The second surprising thing is that the Harding firm provided HAI with a forensic image of their computer’s hard drives. It impressed the court that Harding had nothing to hide, but one wonders why they bothered.
Although not reported in the decision, my review of the docket sheet for this case shows that there is now a motion pending by Harding for an award of $161,461.50 in attorney fees. They argue that this is a frivolous case, and an award of fees in this amount, plus costs of $9,348, is justified.
[…] are imaged, and forensic exams are performed to restore and search deleted files, fragments, Internet cache, slack space, memory, and the like. A diagram providing a simple overview of the forensic […]
Kirk
\”…There are many more ways in which you can lose all of the personal data that is stored on your computer…\”