So, when the Texas Supreme Court — the state's highest tribunal — issued its first e-discovery opinion, I listened to oral arguments. In re: Weekley Homes, 52 Tex. Sup. Ct. J. 1231 (2009), concerned a litigant's right to directly access an opponent's storage media. The plaintiff wanted to run 21 search terms against the hard drives of four of defendant's employees in an effort to find deleted e-mails from 2004. I eagerly anticipated insightful arguments by advocates who grasped the important technical and legal issues afoot, but what I heard would make a hearse horse snicker. Judge for yourself by listening to the arguments at http://tinyurl.com/weekleyhomes.

Fortunately for Texans and all e-discovery practitioners inspired by well-reasoned opinions, the lawyers' confusion didn't infect the Court's decision. The Weekley Homes standards that emerged from the Court's remand serve as a sensible guide to those seeking to compel an opponent to recover and produce deleted e-mail, to wit:

1. Parties seeking production of deleted e-mails should specifically request them and specify a form of production.
2. Responding parties must produce reasonably available information in the format sought. They must object if the information is not reasonably available or if they oppose the requested format.
3. Parties should try to resolve disputes without court intervention; but if they can't work it out, either side may seek a hearing at which the responding party bears the burden to prove that the information sought is not reasonably available because of undue burden or cost.
4. If the trial court determines the requested information is not reasonably available, the court may still order production if the requesting party demonstrates that it's feasible to recover deleted, relevant materials and the benefits of production outweigh the burden, i.e., the responding party's production is inadequate absent recovery.
5. Direct access to another party's storage devices is discouraged; but if ordered, only a qualified expert should be afforded such access, subject to a reasonable search and production protocol protecting sensitive information and minimizing undue intrusion.
6. The requesting party pays the reasonable expenses of any extraordinary steps required to retrieve and produce the information.

Weekley Homes brings much-needed discipline to the process of getting to the other side's drives, but scant guidance about what's required to demonstrate feasible recovery of deleted e-mail or what constitutes a proper protocol to protect privilege and privacy. Something that sounds simple to counsel can enormously complicate forensic examination and recovery, at great cost. A sound protocol balances what lawyers want against what forensic experts can deliver.

Because everyone uses e-mail, everyone has a little knowledge about e-mail. A little knowledge is a dangerous thing. Most assume their e-mail experience is universal, transferable and relevant. "When I delete a message," an opponent may say, "it goes into that trash bin, and I just look in there to find it." Much of what even tech-savvy lawyers and judges understand about deletion of data doesn't apply to e-mail.

For example, one of the lawyers arguing the In re Weekley Homes case claimed his client wasn't seeking electronic data such as databases and spreadsheets. They were just seeking documents, i.e., deleted e-mail.

The problem with that distinction is that most e-mail systems are databases. And not simple sorts either, but poorly-documented, proprietary, compressed, encrypted, pull-your-hair-out-complicated databases.

To illustrate, when you delete messages from the Deleted Items folder in a Microsoft Exchange mail server or Microsoft Outlook mail client ("double deletion"), they don't go to the Recycle Bin. They don't even go to the same place documents go when you empty the Recycle Bin. They don't just slink off to the unallocated clusters, and they don't simply "lose their address in the file directory" as counsel claimed in the Weekley Homes arguments. Because individual messages aren't tracked by a computer's file system before deletion, they never had an address in the file directory!

Double-deleted Outlook messages lurk locally inside the mail container file, invisible to the user, until the container file is compacted. Maybe in a day. Maybe two weeks. Maybe never.

If deleted messages were stored on an Exchange server or backup media, everything changes — the potential for recovery, the places an examiner looks, the encoding of the messages and even the tools and techniques employed are different. For example, Microsoft's Exchange Server includes a deleted item recovery feature inelegantly named "the dumpster." Messages purged from a user's Deleted Items folder are gone insofar as the user is concerned; however, those double-deleted messages remain in the Exchange dumpster for a period of (typically) 14 to 30 days after deletion or for any interval set by the server administrator.

If the deleted messages were webmail, the leftovers lodge in entirely different forms and venues!

Again, e-mail are entries in a database; and thus, they reside within a world all their own. They are like the bottled city of Kandor in the Superman comics or domed Springfield in The Simpsons Movie — encapsulated and isolated from the outside world of the computer's operating system.

Deleted messages may serve as linchpins of liability and be well worth the cost and effort of recovery; but recovery methods and expectations must be calibrated to particular systems and applications, as well as to the needs and the budget of the case.

Recovering deleted e-mail is one of the most challenging tasks in computer forensics. If someone assures you it's easy or cheap, they've either never done it, or they're not doing it very well.

Austin's Craig Ball is a trial lawyer and computer forensics/EDD special master.
E-mail: craig@ball.net.