Sign in Subscribe
10 min read

Letter to VMware, Inc.

October 22, 2023

VIA: Facsimile +1 (650) 427-5001
and Certified Mail, Sent October 23, 2023

VMware, Inc.
Attn: Legal Department
3401 Hillview Ave.
Palo Alto, CA 94304

In Re: Request for Preservation of Electronically Stored Information and Other Evidence Related to VMware Employee Raymond J. Milot’s Employment and Access to VMware, Inc. Facilities, Equipment and Networks

Ladies and Gentlemen:

I write to advise you I have filed suit against your employee, Raymond J. Milot (“Milot”) which is pending in the Litchfield Judicial District of the Connecticut Superior Court. See Goodwin v. Milot et al, Superior Court, judicial district of Litchfield, Docket No. CV21-5014019-S (October 21, 2021).

Until recently, I believed that Mr. Milot’s counsel, Rebecca Mayo-Goodrich of Conti Levy Salerno & Antonio LLC, had cooperated with an attorney representing Mr. Milot’s ex-wife to ensure that Mr. Milot preserve relevant evidence; however, from a deposition taken of Mr. Milot on October 12, 2023, it appears Attorney Goodrich did not endeavor to ensure such preservation.

What I am certain of is that, despite his knowing of impending litigation, Mr. Milot sought to cause and/or caused the destruction of evidence related to my claims against him. Mr. Milot categorically denied engaging in such conduct under oath. His denials are demonstrably false.

I am informed Mr. Milot is employed by VMware as a “Healthcare Solutions Architect.” Mr. Milot works from his residence at 54 Morey Road in New Milford, Connecticut. Prior to moving to his Morey Road residence, Milot worked from home in New Milford Connecticut at 38 Sullivan Road in New Milford and 95 Indian Trail and out of an office located at 49 Old Town Park Road, also in New Milford.

Mr. Milot may have used VMware facilities, equipment, or networks to conduct or conceal evidence of his tortious conduct. Accordingly, I am requesting that VMware, Inc. preserve all documents, tangible things, and electronically stored information potentially relevant to the issues and defenses in my claims against him. You should anticipate that much of the information subject to disclosure or that may prove responsive to discovery in this case is stored on VMware’s current and former computer systems, phones, and tablets, in online repositories and within other storage media and sources (including voice- and video recording systems, Cloud services and social networking accounts) to which Mr. Milot has had access.

Electronically stored information (hereinafter “ESI”) should be afforded the broadest possible meaning and includes (by way of example and not as an exclusive list) potentially relevant information electronically, magnetically, optically, or otherwise stored as:

  • Digital communications (e.g., e-mail, voice mail, text messaging, WhatsApp, SIM cards);
  • E-Mail Servers (e.g., Microsoft 365, Gmail, and Microsoft Exchange databases);
  • Word processed documents (e.g., Microsoft Word, Apple Pages or Google Docs files and drafts);
  • Spreadsheets and tables (e.g., Microsoft Excel, Google Sheets, Apple Numbers);
  • Presentations (e.g., Microsoft PowerPoint, Apple Keynote, Prezi);
  • Social Networking Sites (e.g., Facebook, Twitter, Instagram, LinkedIn, Reddit, Slack, TikTok);
  • Online ("Cloud") Repositories (e.g., Drive, OneDrive, Box, Dropbox, AWS, Azure);
  • Online Banking, Credit Card, Retail and other Relevant Account Records;
  • Accounting Application Data (e.g., QuickBooks, NetSuite, Sage);
  • Image and Facsimile Files (e.g., .PDF, .TIFF, .PNG, .JPG, .GIF., HEIC images);
  • Sound Recordings (e.g., .WAV and .MP3 files);
  • Video and Animation (e.g., Security camera footage, .AVI, .MOV, .MP4 files);
  • Databases (e.g., Access, Oracle, SQL Server data, SAP);
  • Contact and Customer Relationship Management Data (e.g., Salesforce, Outlook, MS Dynamics);
  • Calendar, Journaling and Diary Application Data (e.g., Outlook PST, Google Calendar, blog posts);
  • Backup and Archival Files (e.g., Veritas, Zip, Acronis, Carbonite);
  • Project Management Application Data;
  • Internet of Things (IoT) Devices and Apps (e.g., Amazon Echo/Alexa, Google Home, Fitbit);
  • Computer Aided Design/Drawing Files;
  • Online Access Data (e.g., Temporary Internet Files, Web cache, Google History, Cookies); and
  • Network Access and Server Activity Logs.

ESI resides not only in areas of electronic, magnetic, and optical storage media reasonably accessible to you, but also in areas you may deem not reasonably accessible. You are obliged to preserve potentially relevant evidence from both sources of ESI, even if you do not anticipate producing such ESI or intend to claim it is confidential or privileged from disclosure.

The demand that you preserve both accessible and inaccessible ESI is reasonable and necessary. Pursuant to the rules of civil procedure, you must identify all sources of ESI you decline to produce and demonstrate to the court why such sources are not reasonably accessible. For good cause shown, the court may order production of the ESI, even if it is not reasonably accessible. Accordingly, you must preserve ESI that you deem inaccessible so as not to preempt the court's authority.

Preservation Requires Immediate Intervention

You must act immediately to preserve potentially relevant ESI, including, without limitation, information with the earlier of a Created or Last Modified date on or after December 1, 2018, through the date of this request and continuing thereafter.
Adequate preservation of ESI requires more than simply refraining from efforts to delete, or dispose of such evidence. You must intervene to prevent loss due to routine operations or active deletion by employing proper techniques and protocols to preserve ESI. Many routine activities serve to irretrievably alter evidence and constitute unlawful spoliation of evidence. Preservation requires action.

Nothing in this demand for preservation of ESI should be read to limit or diminish your concurrent common law and statutory obligations to preserve documents, tangible things and other potentially relevant evidence.

Suspension of Routine Destruction

You are directed to immediately initiate a litigation hold for potentially relevant ESI, documents and tangible things and to act diligently and in good faith to secure and audit compliance with such litigation hold. You are further directed to immediately identify and modify or suspend features of your information systems and devices that, in routine operation, operate to cause the loss of potentially relevant ESI. Examples of such features and operations may include:

  • Purging the contents of e-mail and messaging repositories by age, quota, or other criteria;
  • Using data or media wiping, disposal, erasure or encryption utilities or devices;
  • Overwriting, erasing, destroying, or discarding backup media;
  • Re-assigning, re-imaging or disposing of systems, servers, devices or media;
  • Running “cleaner” or other programs effecting wholesale metadata alteration;
  • Releasing or purging online storage repositories or non-renewal of online accounts;
  • Using metadata stripper utilities;
  • Disabling server, packet, or local instant messaging logging; and
  • Executing drive or file defragmentation, encryption, or compression programs.

Guard Against Deletion

You should anticipate the potential that your officers, employees, or others may seek to hide, destroy, or alter ESI. You must act to prevent and guard against such actions. Especially where company machines were used for Internet access or personal communications, you should anticipate that users may seek to delete or destroy information they regard as personal, confidential, incriminating, or embarrassing, and in so doing, they may also delete or destroy potentially relevant ESI. This concern is not unique to you. It’s simply conduct that occurs with such regularity that any custodian of ESI and their counsel must anticipate and guard against its occurrence.

Preservation of Backup Media

You are directed to preserve complete backup media sets (including differentials and incremental backups) that may contain unique communications and ESI.

Act to Prevent Spoliation

You should take affirmative steps to prevent anyone with access to your data, systems, accounts and archives from seeking to modify, destroy or hide potentially relevant ESI wherever it resides (such as by deleting or overwriting files, using data shredding and erasure applications, re-imaging, damaging or replacing media, encryption, compression, steganography or the like).

System Sequestration or Forensically Sound Imaging

As an appropriate and cost-effective means of preservation, you should remove from service and securely sequester the systems, media, and devices housing potentially relevant ESI of the persons identified in this letter.
In the event you deem it impractical to sequester systems, media and devices, we believe that the breadth of preservation required, coupled with the modest number of systems implicated, dictates that forensically sound imaging of the systems, media and devices of those named above is expedient and cost effective. As we anticipate the need for forensic examination of one or more of the systems and the presence of relevant evidence in forensically significant areas of the media, we demand that you employ forensically sound ESI preservation methods. Failure to use such methods poses a significant threat of spoliation and data loss.

“Forensically sound ESI preservation” means duplication of all data stored on the evidence media while employing a proper chain of custody and using tools and methods that make no changes to the evidence and support authentication of the duplicate as a true and complete bit- for-bit image of the original. The products of forensically sound duplication are called, inter alia, “bitstream images” of the evidence media. A forensically sound preservation method guards against changes to metadata evidence and preserves all parts of the electronic evidence, including deleted evidence within “unallocated clusters” and “slack space.”

Be advised that a conventional copy or backup of a hard drive does not produce a forensically sound image because it captures only active data files and fails to preserve forensically significant data existing in, e.g., unallocated clusters and slack space.

Further Preservation by Imaging

With respect to the hard drive, thumb drives, phones, tablets and storage devices of each of the persons named below and of each person acting in the capacity or holding the job title named below, demand is made that you immediately obtain, authenticate and preserve forensically sound images of the storage media in any computer system (including portable and personal computers, phones and tablets) used by the persons identified herein, as well as recording and preserving the system time and date of each such computer.
Once obtained, each such forensically sound image should be labeled to identify the date of acquisition, the person or entity acquiring the image and the system and medium from which it was obtained. Each such image should be preserved without alteration and authenticated by hash value.

Preservation in Native Forms

You should anticipate that ESI, including but not limited to e-mail, documents, spreadsheets, presentations, and databases, will be sought in the form or forms in which it is ordinarily maintained (i.e., native form). Accordingly, you should preserve ESI in such native forms, and you should not employ methods to preserve ESI that remove or degrade the ability to search the ESI by electronic means or that make it difficult or burdensome to access or use the information.

You should additionally refrain from actions that shift ESI from reasonably accessible media and forms to less accessible media and forms if the effect of such actions is to make such ESI not reasonably accessible.

Metadata

You should anticipate the need to disclose and produce system and application metadata and act to preserve it. System metadata is information describing the history and characteristics of other ESI. This information is typically associated with tracking or managing an electronic file and often includes data reflecting a file's name, size, custodian, location and dates of creation and last modification. Application metadata is information automatically included or embedded in electronic files, but which may not be apparent to a user, including deleted content, draft language, commentary, tracked changes, speaker notes, collaboration and distribution data and dates of creation and printing. For electronic mail, metadata includes all header routing data and Base 64 encoded attachment data, in addition to the To, From, Subject, Received Date, CC and BCC header fields.

Metadata may be overwritten or corrupted by careless handling or improper preservation, including by carelessly copying, forwarding, or opening files.

Servers

With respect to servers used to manage e-mail (e.g., Microsoft 365, Microsoft Exchange, Lotus Domino) and network storage (often called a “network share”), the complete contents of each relevant custodian's network share and e-mail account should be preserved. There are several cost-effective ways to preserve the contents of a server without disrupting operations. If you are uncertain whether the preservation method you plan to employ is one that we will deem sufficient, please contact the undersigned.

Home Systems, Laptops, Phones, Tablets, Online Accounts, Messaging Accounts and Other ESI Sources

Though we expect that you will act swiftly to preserve data on office workstations and servers, you should also determine if any home or portable systems or devices may contain potentially relevant data. To the extent that you have sent or received potentially relevant e-mails or created or reviewed potentially relevant documents away from the office, you must preserve the contents of systems, devices and media used for these purposes (including not only potentially relevant data from portable and home computers, but also from external storage drives, thumb drives, CD- R/DVD-R disks and the user's phone, tablet, voice mailbox or other forms of ESI storage.). Similarly, if you used online or browser-based e-mail and messaging accounts or services (such as Gmail, Yahoo Mail, Microsoft 365, Apple Messaging, WhatsApp or the like) to send or receive potentially relevant messages and attachments, the contents of these account mailboxes and messages should be preserved.

Ancillary Preservation

You must preserve documents and other tangible items that may be required to access, interpret or search potentially relevant ESI, including manuals, schema, logs, control sheets, specifications, indices, naming protocols, file lists, network diagrams, flow charts, instruction sheets, data entry forms, abbreviation keys, user ID and password rosters and the like.

You must preserve passwords, keys and other authenticators required to access encrypted files or run applications, along with the installation disks, user manuals and license keys for applications required to access the ESI.
If needed to access or interpret media on which ESI is stored, you must also preserve cabling, drivers, and hardware. This includes tape drives, readers, DBMS other legacy or proprietary devices and mechanisms.

Paper Preservation of ESI is Inadequate

As hard copies do not preserve electronic searchability or metadata, they are not an adequate substitute for, or cumulative of, electronically stored versions. If information exists in both electronic and paper forms, you should preserve both forms.

Agents, Attorneys and Third Parties

Your preservation obligation extends beyond ESI in your care, possession or custody and includes ESI in the custody of others that is subject to your direction or control. Accordingly, you must notify any current or former agent, attorney, employee, custodian and contractor in possession of potentially relevant ESI to preserve such ESI to the full extent of your obligation to do so, and you must take reasonable steps to secure their compliance.

Preservation Protocols

We are desirous of working with you to agree upon an acceptable protocol for forensically sound preservation and can supply a suitable protocol if you will furnish an inventory and description of the systems and media to be preserved. Alternatively, if you promptly disclose the preservation protocol you intend to employ, we can identify any points of disagreement and resolve them. A successful and compliant ESI preservation effort requires expertise. If you do not currently have such expertise at your disposal, we urge you to engage the services of an expert in electronic evidence and computer forensics so that our experts may work cooperatively to secure a balance between evidence preservation and burden that's fair to both sides and acceptable to the court.

Do Not Delay Preservation

I'm available to discuss reasonable preservation steps; however, you should not defer preservation steps pending such discussions if ESI may be lost or corrupted because of delay. Should your failure to preserve potentially relevant evidence result in the corruption, loss, or delay in production of evidence to which we are entitled, such failure would constitute spoliation of evidence, and we will not hesitate to seek sanctions.

Confirmation of Compliance

Please confirm by October 31, 2023, that you have taken the steps outlined in this letter to preserve ESI and tangible documents potentially relevant to this action. If you have not undertaken the steps outlined above, or have taken other actions, please describe what you have done to preserve potentially relevant evidence and what you will not do. Else we will rely upon you to complete the preservation sought herein.

Sincerely,

Jon Goodwin