LITIGATION SUPPORT TIP OF THE NIGHT

It's not only becoming common for law firms to submit briefs to courts which they drafted with the assistance of artificial intelligence software, courts are catching them in the act and finding that some of the caselaw cited to in these briefs is completely fictional. AI 'hallucinations' are instances where AI software generates fallacious information in response to a question.

In January, the Second Circuit issued a per curiam decision, Op., Park v. Kim, No. 22-2057 (2d Cir. Jan. 30, 2024), ECF No. 178-1, in which the court found that:

The attorney who filed the brief was referred to the Court's Grievance Panel. The Court cited the 5th Circuit's amendment to its rules which requires that attorneys certify that no generative artificial intelligence was used for a filing, or that at least that the filing was reviewed for accuracy by a human.

In May 2023, Judge Castel of the United States District Court for the Southern District of New York, issued an Order to Show Cause why the plaintiff's counsel should not be sanctioned pursuant to Fed. R. Civ. P. 11 and the Court's inherent authority for submitting an affirmation in opposition to a motion to dismiss which included citations to six "bogus judicial decisions with bogus quotes and bogus internal citations." Order to Show Cause at 1, Mata v. Avianca, Inc., No. 22-cv-1461 (PKC) (S.D.N.Y. May 4, 2023), ECF No. 31. The brief used citations to reporters which actually refer to other cases:

Id. at 2.

Not only did the plaintiff's affirmation refer to Varghese v China South Airlines Ltd., 925 F.3d 1339 (11th Cir. 2019), and other cases which are completely made up, but when the court issued an order asking that plaintiff's counsel submit copies of these cases (Order, Mata v. Avianca, Inc., No. 22-cv-1461 (PKC) (S.D.N.Y. Apr. 11, 2023), ECF No. 25) the counsel in turn filed an affidavit submitting AI generated copies of the imaginary cases! Affidavit, Mata v. Avianca, Inc., No. 22-cv-1461 (PKC) (S.D.N.Y. Apr. 25, 2023), ECF No. 29.

A copy of Varghese was filed on PACER, but it's something that AI simply invented:

PACER doesn't lie!

At a subsequent hearing, Judge Castel excoriated the plaintiff's attorney for submitting the fictitious case:

Hr'g Tr. at 15:17-17:6, Mata v. Avianca, Inc., No. 22-cv-1461 (PKC) (S.D.N.Y. Apr. 11, 2023), ECF No. 52. So the case that ChatGPT invented was not even one which had an internal logic of its own.

The court sanctioned the plaintiff's attorney under Rule 11, fined him $5,000 and ordered him to send a letter to each judge listed as the author of the false cases the affirmation cited to. Mata has been dismissed for being untimely under an international convention that covered a claim for an injury suffered by the plaintiff during an international flight.

This month the S.D.N.Y. dismissed much of the SEC's fraud suit against the software developer SolarWinds Corp. The SAML certificate [which exchanges authentication and authorization data between parties] for SolarWinds' information technology infrastructure platform, Orion, was compromised and malicious actors were able to gain access to the networks of government agencies that used Orion.

The SEC had alleged that SolarWinds failed to disclose information about the SUNBURST cyberattack in 2020 quickly enough. In his decision, Op. & Order, SEC v. SolarWinds Corp., No. 1:23-cv-09518-PAE (S.D.N.Y. July 18, 2024), ECF No. 125, Judge Paul Engelmayer, sustained a claim of fraud based on the SolarWinds Security Statement, but dismissed claims of fraud based on other filings.

In discussing whether or not cybersecurity risk disclosures made in a SolarWinds' SEC filings about its Orion platform used for IT infrastructure were adequate, the Court considered whether or not two previous incidents in which attacks allowed its platform to contact unauthorized external websites meant that it had been subject to a systematic attack. The two incidents were different in that in one Orion was exploited to send data about the network it was installed on, and in the other Orion was used to download malware. Because SolarWinds could not find the root cause of the attacks, and could not be certain that they were associated with one another, it was not required to update its cybersecurity risk disclosure.

To the extent the SEC, in terming the disclosure generic, means to fault Solar Winds for not spelling out these risks in greater detail, the case law does not require more, for example, that the company set out in substantially more specific terms scenarios under which its cybersecurity measures could prove inadequate. As decisions in this District have recognized, the anti-fraud laws do not require cautions to be articulated with maximum specificity. Indeed, these decisions have recognized policy reasons not to require as a matter of law that disclosures be made at the level of specificity known to the issuer. Spelling out a risk with maximal specificity may backfire in various ways, including by arming malevolent actors with information to exploit, or by misleading investors based on the formulation of the disclosure or the disclosure of other risks at a lesser level of specificity.

Id. at 73. (emphasis added).

The Court also rejected the SEC's claim on SolarWinds' post-SUNBURST disclosures. "As to post-SUNBURST disclosures, the Court dismisses all claims. These do not plausibly plead actionable deficiencies in the company's reporting of the cybersecurity hack. They impermissibly rely on hindsight and speculation." Id. at 3. Judge Engelmayer found unpersuasive the SEC's allegation that the failure to state in a Form 8-K filing (made days after the discovery of the SUNBURST breach) that malicious code had been used in the two prior attacks made the filing materially misleading.

In 2015, Magistrate Judge William V. Gallo, in United States ex rel. Carter v. Bridgepoint Educ., Inc., 305 F.R.D. 225 (S.D. Cal. 2015), ruled on a dispute over the production of data from backup tapes, and the format used for email productions.

The Plaintiffs contended that the Defendants were responsible for intentionally altering data transferred to backup tapes because litigation was anticipated, and this transfer constituted a form of intentional spoliation. The Defendants in turn asserted that the data was inaccessible and so the cost of production should shift to the Plaintiffs. The requested data was matrices used by the Defendants to track the their performance as enrollment advisors to the Plaintiffs, which in turn was used to determine how much employees were paid. The Plainiffs contended this is a violation of the Higher Education Act's prohibition against incentive payments.

The backup tapes in question were used for disaster recovery. The encrypted tapes could be used to store more than 1 TB of data. The Defendants stated that it was only possible to restore one tape per day, and that the full restoration process would take several months and cost more than $2.2 million for the data for all of the relevant custodians to be converted to native format. These facts would make the production unduly burdensome. The Defendants had been transferring data to backup tapes for a long time, prior to the suit's unsealing. (This is a qui tam action, which the Defendants only received notice of when the government chose not to intervene.)

The Plaintiffs argued that the Defendants as a large 'billion dollar' public company which emphasizes its technologcal capabilities should have the resources to handle the production, and noted that their suit concerned more than $2 billion in damages. They faulted the Defendants for failing to disclose how their backup tape system worked.

In his decision, Judge Gallo citing Zubulake v. UBS Warburg LLC, 217 F.R.D. 309 (S.D.N.Y. 2003)), acknowledged that a party is not entitled to cost shifting if it converts data into an inaccessible format when it's reasonably foreseeable that it will be discoverable in anticipated litigation. But he emphasized that the litigation must be probable not merely possible.

In rejecting the contention that the Defendants' deliberately made data inaccessible, the Court notes that, "[e]ven in making this accusation, Plaintiff acknowledge that this ESI has been placed onto 'backup tapes,' , thereby accepting Defendants' own description of the relevant ESI as 'inaccessible.' Dangerously, Plaintiffs have chosen to describe this storage system as adopted 'under the pretext or excuse of a business purpose,' , even though the use of backup tapes for non-active ESI has become standard business practice." Bridgepoint Educ., Inc., 305 F.R.D. at 241. The opinion cites dozens of holdings that ESI stored on backup tapes is inaccessible from a technological standpoint.

The Defendants did restore one backup tape to its native format which contained all of the emails between the relevant employee custodians and their superiors. This gives the Plaintiffs "an unfettered ability to examine almost every potentially relevant quantum of ESI" Id. at 242. The Defendants made a production in TIFF images of other less relevant emails. The Plaintiffs only offered their own attorneys' estimates of the cost of production, while the Defendants filed a declaration prepared by an expert. The Court also noted the Plaintiffs' failure to specify the exact data they were requesting. "If a party fails to identify

the form or forms in which it wishes ESI to be produced and any particular fields or types of metadata sought, the non-requesting party may rightly provide the ESI sought in the form in which it is regularly maintained. With Plaintiffs' request ambiguous as to form and format, Defendants were certainly reasonable in refusing to provide reasonably inaccessible ESI." Id. at 243. Judge Gallo rejected the claim of intentional spoliation because the Plaintiffs did not explain why the Defendants' storage process was unusual.

The Court also rejected that Plaintiffs' request for the production of emails from active storage in native format. It regarded a TIFF image production as a proper response to a "generic request for original documents". Id. at 245.