IN RE: DEPARTMENT OF VETERANS AFFAIRS (VA) DATA THEFT LITIGATION - MDL 1796Memorandum in opposition to re MOTION to Strike Exhibits 1, 4, 5 and 6 to Defendants' Motion to Dismiss or, in the Alternative, For Summary JudgmentD.D.C.March 27, 2007- 1 - UNITED STATES DISTRICT COURT FOR THE DISTRICT OF COLUMBIA ____________________________________ In Re: DEPARTMENT OF VETERANS ) AFFAIRS (VA) DATA THEFT ) LITIGATION ) ____________________________________) Misc. Action No. 06-0506 (JR) ) MDL Docket No. 1796 This Document Relates To: ) ALL CASES ) ____________________________________) DEFENDANTS’ OPPOSITION TO PLAINTIFFS’ MOTION TO STRIKE STATEMENT On November 20, 2006, defendants first filed their motion to dismiss or, in the alternative, for summary judgment (“Defendants’ Dispositive Motion”), attaching 27 exhibits in support of the Motion. Per Court order, defendants refiled the Motion with the same exhibits on February 22, 2007. On March 13, 2007, plaintiffs moved to strike four of the attached exhibits, Exhibits 1, 4, 5, and 6, on the grounds that the exhibits, which they allege have not been properly authenticated, constitute impermissible hearsay. Because there is no concern over the authenticity or reliability of these documents, the Court should deny the Motion. The first three exhibits challenged by plaintiffs include a report issued by the Office of Inspector General (“OIG”) of the Department of Veterans Affairs (“VA”) and two press releases issued by the FBI. As government records and publications, all three documents are self- authenticating pursuant to Federal Rule of Evidence 902(5) and admissible within the hearsay exception for public records and reports in Federal Rule of Evidence 803(8). Plaintiffs’ central challenge to the admissibility of these documents rests in the broad assumption of bias against Case 1:06-mc-00506-JR Document 18 Filed 03/27/2007 Page 1 of 17 - 2 - any government investigator or author in a case involving another government entity—an assumption that would ultimately defeat the presumption of reliability afforded such documents by the Rule. The final exhibit plaintiffs challenge is a letter issued by ID Analytics, Inc. to the VA concerning the results of an investigation into potential misuse of data involved in the theft of computer equipment from a VA employee. Although this document also bears sufficient indicia of reliability, the government has included a declaration from Mike Cook, Vice President and Chief Operating Officer at ID Analytics, attached to this Opposition as Exhibit 1, to support the authenticity of the letter. BACKGROUND Exhibit 1 to Defendants’ Dispositive Motion is an investigative report prepared by the VA OIG entitled Review of Issues Related to the Loss of VA Information Involving the Identity of Millions of Veterans (“OIG Report”). As the introduction to the Report indicates, the OIG initiated its investigation in response to the theft of a laptop computer and an external hard drive from the home of a VA employee, which “was reported to contain personal information on approximately 26 million veterans and United States military personnel.” OIG Report at i. The purpose of the investigation was to determine “(1) whether the employee had an official need to access the data that was stolen, whether he was authorized to take it home and whether it was properly safeguarded; (2) whether proper notifications of the stolen data were made, and whether those notifications were pursued in an appropriate and timely manner; (3) whether VA had policies and procedures in place to safeguard personal and proprietary information maintained by VA; and (4) whether VA had sufficiently addressed long-standing OIG reported information Case 1:06-mc-00506-JR Document 18 Filed 03/27/2007 Page 2 of 17 - 3 - security weaknesses.” Id. The scope of the investigation was extensive, consisting of interviews of VA employees; reviews of police reports, emails, notes, memoranda, and other documentation; analysis of cyber security, information security, and other policies published by VA and its components; as well as a “forensic analysis of the contents of the compact disks (CDs) and other media the employee had at his home on the day of the burglary.” Id. at 2. At the conclusion of this broad inquiry, the OIG issued a report that was, in some ways, critical of the actions of VA officials in response to the theft and the information policies and procedures of the VA. E.g. id. at iv-vi. The report provided several recommendations in light of the theft, including taking “whatever administrative action deemed appropriate concerning the individuals involved in the inappropriate and untimely handling of the notification of stolen VA data,” “[e]stablish[ing] one clear, concise VA policy on safeguarding protected information,” and “[e]stablish[ing] VA policy and procedures that provide clear, consistent criteria for reporting, investigating, and tracking incidents of loss, theft, or potential disclosure of protected information.” Id. at vi-vii. Exhibits 4 and 5 to Defendants’ Dispositive Motion consist of two press releases issued by the Federal Bureau of Investigation that announced the recovery of the stolen electronic equipment and the results of forensic examinations of the equipment. The press releases, both of which are available on FBI Web sites, indicated that the examinations revealed that the thieves had not accessed the data on the equipment. See Ex. 4, Stolen Laptop and External Hard Drive Recovered, available at http://baltimore.fbi.gov/pressrel/2006/laptop_062906.htm; Ex. 5, FBI Forensic Examination of the Stolen VA Laptop, available at http://www.fbi.gov/pressrel/pressrel06/laptop071306.htm. Case 1:06-mc-00506-JR Document 18 Filed 03/27/2007 Page 3 of 17 - 4 - Exhibit 6 is a November 15, 2006, letter from Bruce Hansen, President and CEO of ID Analytics, Inc., to R. James Nicholson, Secretary of Veterans Affairs. The letter certifies that ID Analytics’ analysis of over 19 million veteran records found no “organized misuse” of the records as of November 9, 2006. See Ex. 6. This analysis was conducted using “the ID Network,” “a national database consisting of . . . over 500 mm applications for credit,” and it covered a time period extending from May 3, 2006, the date of the theft, to November 9, 2006. Id. ARGUMENT I. The OIG Report, Exhibit 1, Is Self-Authenticating and Trustworthy Plaintiffs move to strike the OIG Report on the grounds that (1) the Report is insufficiently authenticated and (2) the Report is inadmissible hearsay. Neither argument has merit. Plaintiffs’ first contention, that the OIG Report must be authenticated by and attached to an affidavit in order to satisfy Federal Rule of Civil Procedure 56(c), (e), is an unduly narrow reading of Rule 56. See Mem. in Supp. of Pls.’ Mot. to Strike at 3-4. Rules “56(c) and (e) are not overly restrictive and are not the only means of presenting evidence on a summary judgment motion.” Kendrick v. Sullivan, 766 F. Supp. 1180, 1192 (D. D.C. 1991). “Any material that would be admissible or usable at trial may be considered by the Court.” Id. Federal Rule of Evidence 902 lists several categories of documents for which “[e]xtrinsic evidence of authenticity as a condition precedent to admissibility is not required.” See also 11 JAMES WM. MOORE ET AL., MOORE’S FEDERAL PRACTICE, ¶ 56.14[2][c] (3d ed. 2006) (“Documents that are themselves affidavits or are authenticated by other means, sometimes referred to as ‘self-authenticating’ documents, require no additional authentication.”). Included Case 1:06-mc-00506-JR Document 18 Filed 03/27/2007 Page 4 of 17 The OIG Report is also available in the compilation of reports that is maintained on the1 OIG’s Web site, at http://www.va.gov/oig/publications/reports-list.asp. See, e.g., Colt Defense LLC v. Bushmaster Firearms, Inc., No. 04-240-P-S, *5 n.10, 2005 WL 2293909 (D. Maine Sept. 20, 2005) (unreported) (“[P]rintouts from government web sites have been held to be self-authenticating pursuant to Federal Rules of Evidence 901(a) and/or 902(5), . . . .”). - 5 - with this list are “official publications,” Fed. R. Ev. 902(5), which the Rule describes as “[b]ooks, pamphlets or other publications purporting to be issued by public authority.” As a publication of a public authority that bears that authority’s seal, the OIG Report falls within the plain language of the exception. See United States ex rel Parikh v. Premera Blue Cross, Slip1 Op. at *3, *9, 2006 WL 2841998 (W.D. Wash. Sept. 29, 2006) (“These documents are reports from HHS’s Office of the Inspector General (“OIG”) and are self-authenticating as government publications.”); see also Kendrick, 766 F. Supp. at 1193 (denying motion to strike public records on grounds of improper authentication). Accordingly, no independent affidavit is necessary for the OIG Report to be considered in conjunction with defendants’ Dispositive Motion. Plaintiffs next challenge the OIG Report as “inadmissible hearsay.” Mem. in Supp. of Pls.’ Mot. to Strike at 5. In doing so, however, plaintiffs do not dispute that the OIG Report falls within the “Public records and reports” exception to the hearsay rule, Federal Rule of Evidence 803(8). See id. at 5-6. In particular, Rule 803(8)(C) excepts “[r]ecords, reports, statements or data compilations, in any form, of public offices or agencies, setting forth . . . factual findings resulting from an investigation made pursuant to authority granted by law, unless the sources of information or other circumstances indicate lack of trustworthiness.” (emphasis added). Given the express language of Rule 803(8)(C), courts have consistently held that the Case 1:06-mc-00506-JR Document 18 Filed 03/27/2007 Page 5 of 17 As demonstrated by the Ninth Circuit’s decision in Freitag v. Ayers, 468 F.3d 5282 (2006), courts have also admitted OIG reports under Federal Rule of Evidence 803(6)—the business records exception to the hearsay rule. - 6 - reports of federal and state inspector generals are public reports within the meaning of the Rule. 2 See Czekalski v. Peters, 475 F.3d 360, 366 n.2 (D.C. Cir. 2007) (“[I]t appears that the OIG reports would be admissible as a public report under Federal Rule of Evidence 803(8). . . .”); Freitag v. Ayers, 468 F.3d 528, 541 n.5 (9th Cir. 2006) (“Under the hearsay exceptions for business records, Fed. R. Evid. 803(6), and public records, id. 803(8), the [IG’s] report was afforded a presumption of reliability and trustworthiness that the defendants failed to rebut.”); Barraza v. Housing Auth. of City of Seattle, Slip Op. at *5, 2006 WL 1663702 (W.D. Wash. June 15, 2006) (“[I]nvestigatory reports that state opinions or conclusions based on a factual investigation are admissible under FRE 803(8).”). Accordingly, as a report of an investigation by a public office that has been granted the express authority to conduct such investigations, the OIG Report is a public record excepted from the hearsay rule. See Inspector General Act, Pub. L. 95-452, 92 Stat. 1101, § 4(a) (1978) (creating OIG within VA and authorizing OIG to investigate and detect fraud or abuse in VA programs and operations). Plaintiffs’ primary argument in opposition to the admissibility of the OIG Report is that the report should be excluded as untrustworthy. See Mem. in Supp. of Pls.’ Mot. to Strike at 6-10. This is a difficult challenge to mount, as the exception for public records in 803(8) “is based upon the assumption that public officers will perform their duties, that they lack motive to falsify, and that public inspection to which many such records are subject will disclose inaccuracies.” 30B M. GRAHAM, FEDERAL PRACTICE AND PROCEDURE § 7049 (Interim Ed. 2006); see also Johnson v. City of Pleasanton, 982 F.2d 350, 352-53 (9th Cir. 1992); Bradford Case 1:06-mc-00506-JR Document 18 Filed 03/27/2007 Page 6 of 17 - 7 - Trust Co. v. Merrill Lynch, Pierce, Fenner and Smith, Inc., 805 F.2d 49, 54 (2d Cir. 1986). In accordance with this assumption, the Rule “assumes admissibility in the first instance.” Beech Aircraft Corp. v. Rainey, 488 U.S. 153, 167 (1988) (internal quotation marks omitted). “Hence, the party challenging the admissibility of a public or agency report . . . bears the burden of demonstrating that the report is not trustworthy.” Barry v. Trustees of the Int’l Ass’n Full-time Salaried Officers and Employees of Outside Local Unions and District Counsel’s (Iron Workers) Pension Plan, 467 F. Supp.2d 91, 96 (D. D.C. 2006); see also, e.g., In re Korean Air Lines Disaster of Sept. 1, 1983, 932 F.2d 1475, 1482 (D.C. Cir. 1991). Plaintiffs have failed to meet their burden to overcome the presumption of reliability afforded to the OIG Report. In Beech Aircraft, the Supreme Court identified four factors that impact the trustworthiness inquiry: (1) the timeliness of the investigation; (2) the investigator’s skill or experience; (3) whether a hearing was held; and (4) possible bias when reports are prepared with a view to possible litigation. 488 U.S. at 168 n.11. Of these four factors, plaintiffs take issue with only the fourth, alleging that the VA OIG prepared the report with an eye towards litigation and that the OIG is inherently biased as a member of the VA. The plaintiffs’ arguments, if accepted, would turn the presumption in favor of reliability on its head, resulting in the exclusion of the very types of reports that are intended to be excepted from the reach of the hearsay rule. Plaintiffs first make the bald assertion that the OIG Report was prepared “with a view towards possible litigation” because the final OIG Report was issued after the present cases were filed. See Mem. in Supp. of Pls.’ Mot. to Strike at 7. However, the date that the Report was produced does not demonstrate that the Report’s methodology was skewed by any pending Case 1:06-mc-00506-JR Document 18 Filed 03/27/2007 Page 7 of 17 Plaintiffs acknowledge that the focus of the trustworthiness inquiry is on methodology,3 but they confuse methodology with credibility. See Mem. in Supp. of Pls.’ Mot. to Strike at 9-10 (citing Barry and Moss). The Fifth Circuit’s decision in Moss, which plaintiffs cite, explains that arguments of incompleteness and bias on the part of both investigators and witnesses is properly directed toward the weight of the evidence, rather than its admissibility. See Moss, 933 F.2d at 1306-08. - 8 - litigation, and plaintiffs point to nothing about the Report itself that would place its objectivity in question. See Barry, 467 F. Supp.2d at 97 (“[C]ourts faced with a challenge to the3 trustworthiness of an evaluative public report should examine the manner in which the report was prepared, not ‘whether the court agrees with the conclusions of the report.’”) (quoting Moss v. Ole South Real Estate, 933 F.2d 1300, 1307 (5th Cir. 1991)); see also Ellis v. Int’l Playtex, Inc., 745 F.2d 292, 301 (4th Cir. 1984) (“Placing the burden on the opposing party makes considerable practical sense. Most government sponsored investigations employ well accepted methodological means of gathering and analyzing data.”). As the Report explains, the OIG initiated its review in response to the theft of the electronic equipment, and in connection with the “considerable interest” expressed by Congress in the circumstances surrounding the theft. OIG Report at i. The express purposes of the review, including whether proper notifications of the stolen data were made and whether VA had policies and procedures in place to safeguard information, were independent of the pending litigation. See id. A contrary conclusion would bar all reports prepared by an agency after litigation has commenced, despite the otherwise objective methodology employed by the report’s authors. Cf. Diaz v. United States, 655 F. Supp. 411, 416-17 (E.D. Va. 1987) (holding that possible bias resulting from preparation of report by party litigant after incident in question goes to the weight of the evidence, not to its admissibility). Case 1:06-mc-00506-JR Document 18 Filed 03/27/2007 Page 8 of 17 If the OIG Report were indeed prepared by a biased author with an eye towards this4 litigation, it is curious that the Report is, in some ways, critical of VA activities. The Summary of the Report alone includes such titles as “Processing the Notification of the Stolen Data Was Not Appropriate or Timely,” “Information Security Officials Acted with Indifference and Little Sense of Urgency,” and “Policies and Procedures Do Not Adequately Protect Personal or Proprietary Data.” OIG Report at ii-iv. Even a cursory review of the OIG Report demonstrates its objective and independent investigation into the facts and circumstances surrounding the theft - 9 - Closely related to this assertion of untrustworthiness is plaintiffs’ conclusory allegation that the OIG Report is necessarily biased because the OIG is a part of the organizational structure of the VA. Mem. in Supp. of Pls.’ Mot. to Strike at 7-8. This broad assertion of bias, one that would essentially prohibit the introduction of any OIG report of investigation concerning an agency subject to litigation, is based on plaintiffs’ misunderstanding of the nature and purpose of the OIG. The Inspector General Act of 1978 created 15 offices of inspector generals, including the VA OIG, “[i]n order to create independent and objective units . . . to conduct and supervise audits and investigations relating to programs and operations of” the agencies within which they were established. Pub. L. 95-452, 92 Stat. 1101, § 2. “In order to assure their independence, the Act provided that the inspectors general would be appointed by the President ‘solely on the basis of integrity and demonstrated ability in accounting, auditing, financial analysis, law, management analysis, public administration, or investigation’ and would report directly to the head of the agency.” 32 CHARLES ALAN WRIGHT & CHARLES H. KOCH, FEDERAL PRACTICE AND PROCEDURE § 8286 (2006) (quoting Pub. L. 95-452). Accordingly, the VA OIG was created by Congress as an independent and objective entity to monitor and investigate the VA, as well as to keep Congress informed of any fraud or abuse by the agency. Pub. L. 95-452, 92 Stat. 1101, § 4. Thus, OIG would have little motive to “exculpate” the VA in an investigation. See Mem. in4 Case 1:06-mc-00506-JR Document 18 Filed 03/27/2007 Page 9 of 17 and VA’s response. - 10 - Supp. of Pls.’ Mot. to Strike at 7. Indeed, given Congress’s express delegation of investigatory authority over VA activities to the VA OIG, OIG is uniquely qualified to report on the activities of the VA. In light of the role of the VA OIG and plaintiffs’ failure to criticize the methodology of the OIG Report, there is no specific basis upon which this Court could conclude that the Report is untrustworthy. Certainly the plaintiffs’ rampant speculation, “upon information and belief,” Mem. in Supp. of Pls.’ Mot. to Strike at 8, that the OIG Report intentionally omits pertinent information cannot be sufficient to rebut the presumption in favor of admissibility under Rule 803(8). Cf. Perrin v. Anderson, 784 F.2d 1040, 1047 (10th Cir. 1986) (“[W]e are unwilling to conclude that an internal investigation is necessarily biased, absent specific evidence. That an investigation was conducted internally should affect the weight to be given the report, not its admissibility.”). II. The Statements Within the OIG Report Do Not Demonstrate that the Report Is Untrustworthy The Supreme Court has recognized that Rule 803(8)(C) embodies a “broad approach to admissibility” that excludes from the reach of the hearsay rule “conclusions” and “opinions” of the agency in addition to factual findings. Beech Aircraft, 488 U.S. at 170. In accordance with this broad approach, “it has generally been held that the author of the report or decision is not necessarily required to have first-hand knowledge of the facts upon which his findings are based” notwithstanding the concern over “multiple hearsay.” United States v. American Telephone & Telegraph Co., 498 F. Supp. 353, 364 (D. D.C. 1980). Given the presumption of reliability Case 1:06-mc-00506-JR Document 18 Filed 03/27/2007 Page 10 of 17 - 11 - afforded reports of government investigations under the Rule, courts have admitted otherwise inadmissible hearsay when contained within a public record unless the opposing party has made a specific showing of untrustworthiness of the Report as a whole. See In re Korean Air Lines Disaster, 932 F.2d at 1482 (“Standing alone, we doubt that the Soviet report would have been admissible under Rule 803(8)(C), but its inclusion as an appendix to the ICAO Report would not automatically render the Secretary General’s otherwise admissible report objectionable.”); FAA v. Landy, 705 F.2d 624, 633 (2d Cir. 1983) (“As a statement by a foreign government to the federal government, incorporated in the FAA’s factual findings resulting from an investigation made pursuant to authority granted by law, the telex was admissible as a public record and report . . . .”); Kehm v. Proctor & Gamble Mfg. Co., 724 F.2d 613, 618 (8th Cir. 1983) (permitting admission of report under 803(8)(C) and holding that “a party which would exclude evidence falling within the apparent scope of one of the hearsay exceptions must make an affirmative showing of untrustworthiness, beyond the obvious fact that the declarant is not in court to testify”). As previously stated, plaintiffs have made the unfounded assertion that the VA OIG is inherently biased, but they have presented no specific evidence to demonstrate that the OIG’s actions in conducting its investigation and drafting the challenged report were untrustworthy. Although some courts have required multiple layers of hearsay to be justified by independent hearsay exceptions under Rule 803(8), see, e.g., Barry, 467 F. Supp.2d at 102, the better view in the present case is that the OIG Report should be considered in its entirety. The OIG’s investigation was based, in part, on interviews of employees of the VA. The information contained in these interviews are the basis for factual findings and conclusions included within the Report, and they therefore shed light on the process by which the VA reached these Case 1:06-mc-00506-JR Document 18 Filed 03/27/2007 Page 11 of 17 - 12 - conclusions. See United States v. Davis, 826 F. Supp. 617, 624 (D. R.I. 1993) (“[R]eports such as the report in the instant case do not merely repeat what was told to the investigators by witnesses, but also draw inferences as to what in fact happened. The conclusions cannot be disentangled from the facts. Absent a specific showing of untrustworthiness, such multiple layers of hearsay clearly fall within the scope of FRE 803(8)(C).”). Moreover, as revealed by plaintiffs’ red-lined version of the OIG Report, attached as Exhibit B to the Motion to Strike, the factual findings of the OIG cannot be easily divorced from the interviews from which those findings were developed. Included in the multitude of statements deleted by plaintiffs in Exhibit B are express factual findings by OIG, see, e.g., Ex. B to Pls.’ Mot. to Strike at i (“[The employee] began the project in 2003 . . . .”); ii (“[The employee’s] supervisors and managers were not aware that he was working on the project . . . .”); 4 (“In October 2004, using the NSV database provided by the contractor who conducted the survey, the employee responded to a request from VHA for information on the insurance coverage of veterans who received VA inpatient, outpatient, and emergency room care, by priority status.”), and express conclusions based on the results of the OIG investigation, see, e.g., id. at ii (“Based on all the facts gathered thus far during the investigation, as well as the results of computer forensics examinations, the FBI and OIG are highly confident that the files on the external hard drive were not compromised after the burglary.”). Given the fact that plaintiffs cannot provide a consistent distinction between acceptable and unacceptable factual findings and conclusions in the OIG Report, they have failed to demonstrate to the Court why it should exclude the portions of the Report that plaintiffs propose for deletion. Case 1:06-mc-00506-JR Document 18 Filed 03/27/2007 Page 12 of 17 - 13 - III. The FBI Press Releases, Exhibits 4 and 5, Are Self-Authenticating and Admissible as Public Records Plaintiffs next challenge the authentication and admissibility of two press releases issued by the FBI concerning the FBI’s investigation into whether the data compiled on the stolen electronic equipment had been accessed. However, as both press releases were issued by the FBI, a government authority, and are available on FBI Web sites, the “fact and content of the press releases are capable of accurate and ready determination by resort to sources whose accuracy cannot reasonably be questioned.” In re Unumprovident Corp. Securities Litigation, 396 F. Supp.2d 858, 876 (E.D. Tenn. 2005); see also Stolen Laptop and External Hard Drive Recovered, available at http://baltimore.fbi.gov/pressrel/2006/laptop_062906.htm; FBI Forensic Examination of the Stolen VA Laptop, available at http://www.fbi.gov/pressrel/pressrel06/laptop071306.htm. Accordingly, the FBI press releases are self-authenticating, obviating the need for a supporting affidavit. See FED. R. EV. 902(5); U.S. ex rel. Parikh, Slip Op. at *8, 2006 WL 2841998 (“[A] press release by HCFA (“Health Care Financing Administration”) . . . is self-authenticating as a government publication under FRE 902(5).”). Plaintiffs’ central objection to the Court’s consideration of the press releases is that they do not constitute public records as defined by Rule 803(8)(C) because they do not contain “factual findings.” Mem. in Supp. of Pls.’ Mot. to Strike at 12. However, plaintiffs again ignore the Supreme Court’s broad interpretation of the language of Rule 803(8)(C). In Beech Aircraft, the Supreme Court expressly held that the “conclusions” and “opinions” of an agency may be admitted within the concept of “factual findings.” See 488 U.S. at 170. Thus, as a report or Case 1:06-mc-00506-JR Document 18 Filed 03/27/2007 Page 13 of 17 Plaintiffs’ challenges to the reliability of the releases are wholly lacking in merit. 5 Plaintiffs cannot seriously contend that the Federal Bureau of Investigation lacks authority granted by law to investigate a criminal theft of federal data. Nor should the Court give any credence to the assertion that the FBI is “biased” because it, like the VA, is a part of the United States government. Plaintiffs essentially ask the Court to craft a blanket prohibition on the admissibility of any government record or report in a case involving another government agency, while at the same time accusing the FBI of having the motivation to cover up the impact of a crime potentially affecting millions of veterans. If there is any real concern over the FBI’s independence, that concern would go to the weight that the Court would afford to the challenged evidence. See Moss, 933 F.2d at 1307; Barry, 467 F. Supp.2d at 97. - 14 - statement resulting from an investigation conducted by a public office, the press releases are admissible pursuant to the plain language of Federal Rule of Evidence 803(8)(C). See Fed. R.5 Ev. 803(8)(C) (excepting from hearsay rule “[r]ecords, reports, statements or data compilations, in any form”); Zeigler v. Fisher-Price, Inc., 302 F. Supp.2d 999, 1021 n.10 (N.D. Iowa 2004) (“To the extent the press release can be construed as stating conclusions or opinions of the [Consumer Product Safety Commission], it also was admissible under Federal Rule of Evidence 803(8)(C).”). Moreover, “[p]ublic records and government documents are generally considered ‘not to be subject to reasonable dispute,’” including “public records and government documents available from reliable sources on the Internet.” United States ex rel. Dingle v. Bioport Corp., 270 F. Supp.2d 968, 972 (W.D. Mich. 2003). Accordingly, the Court should take judicial notice of the FBI press releases pursuant to Federal Rule of Evidence 201 even if they were not otherwise admissible. See Buckley v. Directv, Inc., 276 F. Supp.2d 1271, 1275 n.4 (N.D. Ga. 2003) (“[T]he Court takes judicial notice of a . . . press release by the Department of Justice announcing the indictment of 17 individuals throughout the country . . . .”); see also Mitchell v. Home, 377 F. Supp.2d 361, 367 n.1 (S.D. N.Y. 2005) (“[T]his Court may take judicial notice of Case 1:06-mc-00506-JR Document 18 Filed 03/27/2007 Page 14 of 17 - 15 - [a press release issued by the Office of Attorney General of the State of New York] as a matter of public record.”). IV. The ID Analytics Letter, Exhibit 6, Is an Authentic Report of the Company’s Investigation into Potential Misuse of VA Data The final document challenged by plaintiffs is a November 15, 2006, letter from ID Analytics to the VA. In the letter, ID Analytics explains that it has conducted an investigation to determine whether any of the VA records involved in the theft had been misused. Although the investigation was conducted by a non-governmental entity, courts have recognized that even commissioned investigations may fall within the hearsay exception of Rule 803(8)(C). See Davis, 826 F. Supp. at 621. Nevertheless, to assuage plaintiffs’ concern over the letter’s authenticity, defendants have attached as Exhibit 1 to this memorandum a declaration prepared by Mike Cook, the Vice President and Chief Operating Officer of ID Analytics, Inc. The declaration attests to the authenticity and accuracy of the statements contained within the November 15, 2006, letter. CONCLUSION For the foregoing reasons, plaintiffs’ motion should be denied. Respectfully submitted, JEFFREY A. TAYLOR United States Attorney PETER D. KEISLER Assistant Attorney General ELIZABETH J. SHAPIRO Assistant Branch Director Case 1:06-mc-00506-JR Document 18 Filed 03/27/2007 Page 15 of 17 - 16 - /s/ Eric R. Womack ERIC R. WOMACK, IL Bar # 6279517 HEATHER PHILIPS, CA Bar #191620 Trial Attorneys United States Department of Justice Federal Programs Branch 20 Massachusetts Ave., N.W. Washington, D.C. 20001 (202) 514-4020 eric.womack@usdoj.gov Case 1:06-mc-00506-JR Document 18 Filed 03/27/2007 Page 16 of 17 CERTIFICATE OF SERVICE I hereby certify that on March 27, 2007, I caused a true and correct copy of the foregoing Opposition and accompanying Exhibit and Proposed Order to be served on Plaintiffs’ counsel electronically by means of the Court’s ECF system. /s/ Eric R. Womack ERIC R. WOMACK Case 1:06-mc-00506-JR Document 18 Filed 03/27/2007 Page 17 of 17 UNITED STATES DISTRICT COURT FOR THE DISTRICT OF COLUMBIA In Re: DEPARTMENT OF VETERANS ) AFFAIRS (VA) DATA THEFT ) LITIGATION ) ) Misc. Action NO. 06-.0.5.Q,6...(JR). ) MDL Docket No. 1796 ......... ) This Document Relates To: ) ’ ALL CASES ) DECLARATION OF MIKE COOK I, Mike Cook, hereby declare: 1. I am of majority age and otherwise competent to testify as.to the matters herein, based on my personal knowledge and information provided to me in the course of my employment. 2. I am Vice President and Chief Operating Officer at ID Analytics. 3. ID Analytics signed a gift-agreement with the Department of Veterans Affairs in August 2006 to analyze a potential data breach of over 19 million identities for organized misuse. As specified by the agreement, if the breach analysis found organized misuse of the breach file, ID Analytics would provide a harm report to the Department. If no organized misuse was found, ID Analytics would provide a certification of its findings. 4. ID Analytics conducted a breach analysis of the file, comparing the data with pre- and post-breach activities in the ID Network. The analysis looked for suspicious changes in identity information, the commingling of unrelated identities in the breach population, and other indicators of organized misuse. EXHiBiT Case 1:06-mc-00506-JR Document 18-2 Filed 03/27/2007 Page 1 of 3 5. The November 15, 2006, letter from Bruce Hansen, President and CEO of ID Analytics, to R. James Nicholson, Secretary of Veterans Affairs, attached to this declaration as Exhibit A, is a true and accurate report of the analysis of the VA records file performed by ID Analytics. 6. As stated in the letter, theVA records file that was analyzed "contained 19,650,214 veteran/soldier records." This analysis covered "the period from May 3, 2006 to November 9, 2006." 7. As stated in the letter, "ID Analytics, through using its standard processes and analytical tools, did not find any organized misuse of the VA records file (breach date 3 May 2006) in the ID Network." 8. As explained by the letter, "[t]he ID Network is a national database consisting of applications for credit or wireless service received from consumers through our ID Network Members over the last four years. While the ID Network does not contain all applications from all U.S. credit grantors, or checking account information, it does contain over 500mm applications for credit received from top US credit card, wireless, retail card and instant lenders, and previous analysis shows that organized misuse of a file can be detected by using the ID Network and proprietary ID Analytics’ technology." I declare under the penalty of perjury that the foregoing is true and correct. DATED Mike Cook Case 1:06-mc-00506-JR Document 18-2 Filed 03/27/2007 Page 2 of 3 ~,Analytics" November 15, 2006 To; R. James Nicholson Secretary of Veterans Affairs United States Department of Veterans Affairs 810 Vermont Ave NW Washington, DC 20420 Subject: Breach Analysis Letter of Certification for November 15, 2006 Dear Secretary Nicholson, We certify that as of 9 November 2006 that ID Analytios, through using its standard processes and analytical tools, did not find any organized misuse of the VA records file (breach date 3 May 2006) In the ID Network. The VA records file we analyzed contained 19,650,214 veteran I soldier records consisting of name, Social Security Number and date of birth information relating to those veterans / soldiers. The ID Analytics analysis reviewed the period from May 3, 2006 to November 9, 2006. We can not certify against any future activity that might be associaled with the lost file. " The ID Network is a national database consisting of applications for credit or wireless service received from consumers through our ID Network Members over the last four years. While the ID Network does not conlaln all applications fromall US credit grantors, or checking account information, it doe~ntain over 500ram applications for credit received from top US credit card, wireless, retail card an, f ir~tant lenders, and previous analysis shows that organized misuse of a file can be detected by using th I/~ Network and proprietary ID Analytics’ technology, /_\ y We appreciale the opportunity to serve and help protect the identities of our veterans/soldiers. Bruce Hansen President and CEO ID Analytlcs, Inc. 15110 Avenue of Science San Diego, CA 92128 +1.858.312.6200 www.idanalytics.com Case 1:06-mc-00506-JR Document 18-2 Filed 03/27/2007 Page 3 of 3 UNITED STATES DISTRICT COURT FOR THE DISTRICT OF COLUMBIA ____________________________________ In Re: DEPARTMENT OF VETERANS ) AFFAIRS (VA) DATA THEFT ) LITIGATION ) ____________________________________) Misc. Action No. 06-0506 (JR) ) MDL Docket No. 1796 This Document Relates To: ) ALL CASES ) ____________________________________) ORDER For the reasons stated in Defendants’ Opposition, Plaintiffs’ Motion to Strike is hereby DENIED. IT IS SO ORDERED, this ______ day of _______, 2007. HON. JAMES R. ROBERTSON UNITED STATES DISTRICT JUDGE Case 1:06-mc-00506-JR Document 18-3 Filed 03/27/2007 Page 1 of 1
