Freedom of Information Act Request To Attorney General Kenneth CuccinelliDate: September 6, 2012
Attorney General Kenneth J. Cuccinelli, II
Office of the Attorney General
900 East Main Street
Richmond, VA 23219
Office of the Attorney General
900 East Main Street
Richmond, VA 23219
Lawrence A. Hunter, Ph.D.
Chairman, Revoluton PAC
Chairman, Revoluton PAC
Freedom of Information Act Request in re Brandon J. Raub Incidents: Actual beginning date unknown; proximate beginning date August 16, 2012; ending date August 23, 2012
Beginning sometime before August 16, 2012, a group of Chesterfield County, Commonwealth, FBI, federal Secret Service and other unknown law-enforcement and national-security/military officials conspired to coordinate an unlawful combined strike force attack on Brandon J. Raub at his home in Chesterfield County, Virginia as evidenced by the fact that they all showed up at Mr. Raub’s house on August 16, 2012 without any precipitating incident or event and proceeded to interrogate and forcibly detain Mr. Raub after which he was transmitted by the Chesterfield County Police to appear before a Hopewell, Virginia magistrate where he subsequently was ordered held over the weekend against his will in John Randolph Psychiatric Medical Hospital in Hopewell, Virginia and ordered to undergo an involuntary preliminary mental evaluation. Chesterfield County Police transported him to the John Randolph Psychiatric Hospital.
On August 20, at a hearing before Special Justice Walter Douglass Stokes, Mr. Raub was ordered to be detained up to an additional 30 days and to be transferred from the John Randolph hospital and committed against his will in the Veterans Hospital in Salem, Virginia, a federal facility.
Mr. Raub was not read his Miranda rights, he was never formally arrested nor were any formal charges ever brought against Mr. Raub.
On August 23, 2012, Hopewell Circuit Court Judge W. Allan Sharrett dismissed the Commonwealth of Virginia’s involuntary commitment petition as invalid and ordered Mr. Raub released.
All of the above incidents hereafter are referred to as “The Raub Incidents.”
Pursuant to the Virginia Freedom of Information Act (FOIA), I, Lawrence A. Hunter for myself and on behalf of Revolution PAC, of which I am Chairman, demand that you submit the following information/documents to me:
1. Any and all videotapes, Skype or other video recordings/transmissions from every onboard camera or laptop of every law-enforcement vehicle—local, Commonwealth and federal—every stationary camera or laptop computer present where Mr. Raub appeared before a magistrate, special justice or circuit court judge or while he was held in detention at the John Randolph Psychiatric Medical Hospital in Hopewell, Virginia relating to the above-captioned interrogation, detention, mental evaluation, judicial proceedings and transportation of Brandon J. Raub on and between August 16 and August 23, 2012.
2. Any and all audio tapes, audio tracks, audio recordings, police radio traffic or transcripts of all communications between and among all individuals involved—including local, Commonwealth, federal and medical personnel—in the interrogation and detention of, judicial proceedings involving, medical/mental evaluation of, and transportation of Brandon J. Raub relating to the above-captioned incidents regardless of the date on which they occurred in preparation for, during the process of or afterwards involving said incidents.
3. Any and all police dispatch logs, notes of meetings, emails, telephone conversations, Skype or other such Internet communications (including transcriptions thereof) between and among all local, state and federal law-enforcement personnel, judicial officials, mental-health personnel and Virginia Department of Justice officials and personnel related to The Raub Incidents, including communications involving planning and coordination of the events that transpired between August 16 and August 23, 2012 and were intended to follow afterwards.
4. A copy of the original summons and/or police order for the interrogation, detention, transportation and mental evaluation of Mr. Raub during the afore-captioned dates.
5. Any and all police notices or advisories related to Brandon J. Raub held by local, Commonwealth and federal law-enforcement agencies.
6. Records specifically concerning the arresting/detaining officers kept pursuant to Va. Code § 15.2-1722, including without limitation any personnel records, any documents collected, created, or maintained in connection with complaints or concerns raised about the arresting officers’ behavior or conduct, and any documents collected, created, or maintained in connection with any investigations into the arresting officers’ behavior or conduct.
7. The number of records responsive to each of the above requests that are being withheld, and the specific basis for each such records being withheld.
Electronically Stored Information (“ESI”) Hold Litigation Hold of ESI
Additionally, I, Lawrence A. Hunter demand that you preserve all documents, tangible things and electronically stored information potentially relevant to any claims arising out of the Raub Incidents, including not only those occurring on and between August 16 and August 23, 2012 but also any of same that came into existence prior to August 16 during any discussion of Brandon J. Raub between and among all local, Commonwealth and federal personnel and officials in preparation for or in the process of his interrogation, detention, transportation and mental evaluation and any subsequent plans regarding the treatment of Mr. Raub by said officials and personnel, including but not limited to:
1. Any and all documents which describe actions taken by the interrogating, arresting, detaining and transporting officers or their supervisors planning but not present at said incidents involving Mr. Raub;
2. Any and all communications by any law-enforcement or judicial officer or any employee or officer of the Virginia Department of Justice, including Commonwealth Attorneys, the Attorney General’s Office and the Governor’s Office about the Raub Incidents;
3. Any and all communications by any party concerning Brandon J. Raub and the people involved in the Raub Incidents, including the court and/or the Commonwealth Attorney’s, the Attorney General’s office or the Governor’s Office;
4. Any and all documents related to the interrogation and detention of, transportation of, involuntary commitment for mental evaluation of and contemplated/planned future actions relating to, including surveillance by all means relating to Brandon J. Raub;
5. Any and all documents related to any actions or conduct of any law-enforcement officers, Commonwealth Attorneys, other judicial officials and personnel of the Attorney General’s Office or the Governor’s Office involved in the Raub Incidents;
6. Internal Investigations related to the Raub Incidents by any local, Commonwealth or federal agencies;
7. Any discipline arising out of the Raub Incidents.
As used in this demand and throughout this document, “agency” refers to all local, Commonwealth and federal departments, agencies, offices and their successors, divisions, affiliates, and their officers, directors, agents, attorneys, committees, accountants, employees, elected or appointed officials or other persons occupying similar positions or performing similar functions, including but not limited to all law-enforcement agencies, judicial agencies and courts, the Office of the Attorney General and the Office of the Governor.
All local and Commonwealth agencies involved in any way whatsoever with the Raub Incidents should anticipate that much of the information subject to disclosure or responsive to discovery in this matter, should the matter proceed to litigation, is stored on their current and former computer systems and other media and devices (including personal digital assistants, voice-messaging systems, online repositories and cell phones).
Electronically stored information (hereinafter “ESI”) should be afforded the broadest possible definition and includes (by way of example and not as an exclusive list) potentially relevant information electronically, magnetically or optically stored as:
• Digital communications (e.g., e-mail, voice mail, instant messaging);
• Word processed documents (e.g., Word or WordPerfect documents and drafts);
• Spreadsheets and tables (e.g., Excel or lotus 123 worksheets);
• Accounting Application Data (e.g., OuickBooks, Money, Peachtree data files);
• Image and Facsimile Files (e.g., .PDF, .TIFF, .JPG, .GIF images);
• Sound Recordings (e.g., .WAV and .MP3 files);
• Video and Animation (e.g., .AVI and .MOV files);
• Databases (e.g., Access, Oracle, SOL Server data, SAP);
• Contact and Relationship Management Data (e.g., Outlook, ACT!);
• Calendar and Diary Application Data (e.g., Outlook PST, Yahoo, blog tools);
• Online Access Data (e.g., Temporary Internet Files, History, Cookies);
• Presentations (e.g., PowerPoint, Corel Presentations)
• Network Access and Server Activity logs;
• Project Management Application Data;
• Computer Aided Design/Drawing Files; and,
• Back Up and Archival Files (e.g., Zip, .GHO)
ESI resides not only in areas of electronic, magnetic and optical storage media reasonably accessible to the agencies, but also in areas the agencies may deem not reasonably accessible. All agencies are obliged to preserve potentially relevant evidence from both these sources of ESI, even if the agencies do not anticipate producing such ESI.
Preservation Requires Immediate Intervention
The demand that all agencies involved with the afore-captioned Raub Incidents preserve both accessible and inaccessible ESI is reasonable and necessary. Pursuant to amendments to the Federal Rules of Civil Procedure that have been approved by the United States Supreme Court (eff. 12/1/06), you must identify all sources of ESI you decline to produce and demonstrate to the court why such sources are not reasonably accessible. For good cause shown the court may then order production of the ESI, even if it finds that it is not reasonably accessible. Accordingly, even ESI that agencies deem reasonably inaccessible must be preserved in the interim so as not to deprive individuals bringing an action against said agencies of their right to secure the evidence or the Court of their right to adjudicate the issue.
All agencies must act immediately to preserve potentially relevant ESI including, without limitation, information with the earlier of a Created or Last Modified date on or after January 1, 2012 through the date of this demand and continuing and concerning issues or allegations related to the issues set forth above including but not limited to:
1. Any and all e-mails and other electronic communications made or received related to the Raub Incidents;
2. Any and all e-mails and other electronic communications, statements or correspondences made by any officers responding to the Raub Incidents;
3. Any and all electronic records of statements or correspondences made by the responding, interrogating and detaining officers amongst each other and between and among said officers and any Commonwealth or federal agency;
4. Any and all documents related to the Raub Incidents;
Adequate preservation of ESI requires more than simply refraining from efforts to destroy or dispose of such evidence. All agencies also must intervene to prevent loss due to routine operations and employ proper techniques and protocols suited to protection of ESI. Be advised that sources of ESI are altered and erased by continued use of agency computers and other devices. Booting a drive, examining its contents or running any application will irretrievably alter the evidence it contains and may constitute unlawful spoliation of evidence.
Consequently, alteration and erasure may result from agencies’ failure to act diligently and responsibly to prevent loss or corruption of ESI.
Nothing in this demand for preservation of ESI should be understood to diminish agencies’ concurrent obligation to preserve document, tangible things and other potentially relevant evidence.
Suspension of Routine Destruction
All agencies involved in the Raub Incidents are directed immediately to initiate a litigation hold for potentially relevant ESI, documents and tangible things, and to act diligently and in good faith to secure and audit compliance with such litigation hold. Agencies are further directed to immediately identify and modify or suspend features of their information systems and devices that, in routine operation, operate to cause the loss of potentially relevant ESI. Examples of such features and operations include:
• Purging the contents of e-mail repositories by age, capacity or other criteria;
• Using data or media wiping, disposal, erasure or encryption utilities or devices;
• Overwriting, erasing, destroying or discarding back up media;
• Re-assigning, re-imaging or disposing of systems, servers, devices or media;
• Running antivirus or other programs effecting wholesale metadata alteration;
• Releasing or purging online storage repositories;
• Using metadata stripper utilities;
• Disabling server or 1M logging; and,
• Executing drive or file defragmentation or compression programs.
Guard Against Deletion
Agencies should anticipate that their employees, officers or others may seek to hide, destroy or alter ESI and act to prevent or guard against such actions. Especially where agency machines have been used for Internet access or personal communications, agencies should anticipate that users may seek to delete or destroy information they regard as personal, confidential or embarrassing and, in so doing, may also delete or destroy potentially relevant ESI. This concern is not one unique to any particular agency or their employees and officers. It is simply an event that occurs with such regularity in electronic discovery efforts that any custodian of ESI and their counsel are obliged to anticipate and guard against its occurrence.
Preservation by Imaging
Agencies should take affirmative steps to prevent anyone with access to their data, systems and archives from seeking to modify, destroy or hide electronic evidence on network or local hard drives (such as by deleting or overwriting files, using data shredding and overwriting applications, defragmentation, re-imaging or replacing drives, encryption, compression, steganography or the like). With respect to local hard drives, one way to protect existing data on local hard drives is by the creation and authentication of a forensically qualified image of all sectors of the drive. Such a forensically qualified duplicate may also be called a bitstream image or clone of the drive. Be advised that a conventional back up of a hard drive is not a forensically qualified image because it only captures active, unlocked data files and fails to preserve forensically significant data that may exist in such areas as unallocated space, slack space and the swap file.
With respect to the hard drives and storage devices of each of the persons identified below and of each person acting in the capacity or holding the job title named below, as well as each other person likely to have information pertaining to the instant action on their computer hard drive(s), demand is made that you immediately obtain, authenticate and preserve forensically qualified images of the hard drives in any computer system (including portable and home computers) used by that person during the period from December 4, 2011, to the present and continuing, as well as recording and preserving the system time and date of each such computer.
Once obtained, each such forensically qualified image should be labeled to identify the date of acquisition, the person or entity acquiring the image and the system and medium from which it was obtained. Each such image should be preserved without alteration.
Preservation in Native Form
Agencies should anticipate that certain ESI, including but not limited to spreadsheets and databases, will be sought in the form or forms in which it is ordinarily maintained. Accordingly, agencies should preserve ESI in such native forms, and they should not select methods to preserve ESI that remove or degrade the ability to search agencies’ ESI by electronic means or make it difficult or burdensome to access or use the information efficiently in the litigation. Agencies additionally should refrain from actions that shift ESI from reasonably accessible media and forms to less accessible media and forms if the effect of such actions is to make such ESI not reasonably accessible.
Agencies further should anticipate the need to disclose and produce system and application metadata and act to preserve it. System metadata is information describing the history and characteristics of other ESI. This information is typically associated with tracking or managing an electronic file and often includes data reflecting a file’s name, size, custodian, location and dates of creation and last modification or access. Application metadata is information automatically included or embedded in electronic files but which may not be apparent to a user, including deleted content, draft language, commentary, collaboration and distribution data and dates of creation and printing. Be advised that metadata may be overwritten or corrupted by careless handling or improper steps to preserve ESI. For electronic mail, metadata includes all header routing data and Base 64 encoded attachment data, in addition to the To, From, Subject, Received Date, CC and BCC fields.
With respect to servers, such as those used to manage electronic mail (e.g., Microsoft Exchange, Lotus Domino) or network storage (often called a user’s “network share”), the complete contents of each user’s network share and e-mail account should be preserved. There are several ways to preserve the contents of a server depending upon, e.g., its RAID configuration and whether it can be downed or must be online 24/7. If agencies question whether the preservation method they pursue is one that we will accept as sufficient, please call to discuss it.
Home Systems, Laptops, Online Accounts and Other ESI Venues
Though we expect that agencies will act swiftly to preserve data on office workstations and servers, they also should determine if any home or portable systems may contain potentially relevant data. To the extent that private parties, officers, board members or employees have sent or received potentially relevant e-mails or created or reviewed potentially relevant documents away from the office, agencies must preserve the contents of systems, devices and media used for these purposes (including not only potentially relevant data from portable and home computers, but also from portable thumb drives, CD-R disks and the user’s PDA, smart phone, voice mailbox or other forms of ESI storage.). Similarly, if employees, officials or private parties used online or browser-based email accounts or services (such as AOL, Gmail, Yahoo Mail or the like) to send or receive potentially relevant messages and attachments, the contents of these account mailboxes (including Sent, Deleted and Archived Message folders) should be preserved.
Agencies must preserve documents and other tangible items that may be required to access, interpret or search potentially relevant ESI, including logs, control sheets, specifications, indices, naming protocols, file lists, network diagrams, flow charts, instruction sheets, data entry forms, abbreviation keys, user 10 and password rosters or the like.
Agencies must preserve any passwords, keys or other authenticators required to access encrypted files or run applications, along with the installation disks, user manuals and license keys for applications required to access the ESI.
Agencies must preserve any cabling, drivers and hardware, other than a standard 3.5″ floppy disk drive or standard CD or OVO optical disk drive, if needed to access or interpret media on which ESI is stored. This includes tape drives, bar code readers, Zip drives and other legacy or proprietary devices.
Paper Preservation of ESI is Inadequate
As hard copies do not preserve electronic searchability or metadata, they are not an adequate substitute for, or cumulative of, electronically stored versions. If information exists in both electronic and paper forms, agencies should preserve both forms.
Agents, Attorneys and Third Parties
Agencies preservation obligation extends beyond ESI in the care, possession or custody of the agency and includes ESI in the custody of others that is subject to the agencies’ direction or control. Accordingly, agencies must notify any current or former agent, attorney, employee, custodian or contractor in possession of potentially relevant ESI to preserve such ESI to the full extent of agencies’ obligation
to do so, and agencies must take reasonable steps to secure their compliance.
System Sequestration or Forensically Sound Imaging
I suggest, with respect to all of the law-enforcement officers, mental-health personnel and appointed and elected officials, including Commonwealth Attorneys, magistrates, special justices, circuit court judges and individuals in the Attorney General’s Office and Governor’s Office involved in the actual interrogation, detention and transportation and mental evaluation of or in the planning and follow-up to the Raub Incidents, that removing from service and properly sequestering and protecting their ESI systems, media and devices may be an appropriate and cost-effective preservation step. In the event agencies deem it impractical to sequester systems, media and devices, we believe that the breadth of preservation required, coupled with the modest number of systems implicated, dictates that forensically sound imaging of the systems, media and devices is expedient and cost effective. As we anticipate the need for forensic examination of one or more of the systems and the presence of relevant evidence in forensically accessible areas of the drives, we demand that agencies employ forensically sound ESI preservation methods. Failure to use such methods poses a significant threat of spoliation and data loss.
By “forensically sound,” we mean duplication, for purposes of preservation, of all data stored on the evidence media while employing a proper chain of custody and using tools and methods that make no changes to the evidence and support authentication of the duplicate as a true and complete bit-for-bit image of the original. A forensically sound preservation method guards against changes to metadata evidence and preserves all parts of the electronic evidence, including in the so-called “unallocated clusters,” holding deleted files.
I am desirous of working with agencies to agree upon an acceptable protocol for forensically sound preservation and can supply a suitable protocol, if they will furnish an inventory of the systems and media to be preserved. Else, if agencies will promptly disclose the preservation protocol they intend to employ, perhaps we can identify any points of disagreement and resolve them. A successful and compliant ESI preservation effort requires expertise. If agencies do not currently have such expertise at their disposal, we urge you to engage the services of an expert in electronic evidence and computer forensics. Perhaps our respective experts can work cooperatively to secure a balance between evidence preservation and burden that’s fair to both sides and acceptable to the Court.
Do Not Delay Preservation
I’m available to discuss reasonable preservation steps; however, agencies should not defer preservation steps pending such discussions if ESI may be lost or corrupted as a consequence of delay. Should agencies’ failure to preserve potentially relevant evidence result in the corruption, loss or delay in production of evidence to which we are entitled, such failure would constitute spoliation of evidence, and we will not hesitate to seek sanctions.
Confirmation of Compliance
Please confirm that you have taken the steps outlined in this letter to preserve ESI and tangible documents potentially relevant to this action. If you have not undertaken the steps outlined above, or have taken other actions, please describe what you have done to preserve potentially relevant evidence.
I look forward to your prompt response.
Lawrence A. Hunter
406 First Street, SE, Third Floor
Washington, DC 20003