D. Kan. Holds that "Locking" of Spreadsheet Cells Produced in Discovery to Prevent Alteration of Data Not Permissible; Urges Use of "Hash Marks"

Also in Williams v. Sprint/United Management Co., 230 F.R.D. 640 (D. Kan. Sep. 29, 2005) the court had the opportunity to speak on the issue of whether producing parties may lock spreadsheet cells when they produce them electronically in discovery in order to prevent the requesting party from intentionally or inadvertantly changing the data. The Court held that such unilateral action was not appropriate, given the difficulties in analysis it presented to the requesting party and given the existence of alternate means of achieving the same goals:

The Court finds that Defendant has failed to show sufficient cause for its unannounced and unilateral actions in locking certain data and cells on the Excel spreadsheets the Court ordered it to produce to Plaintiffs in the manner in which they were maintained. None of the reasons asserted by Defendant justifies its decision to lock the spreadsheet cells and data prior to producing them to Plaintiffs. While the Court's Order did not expressly state that the spreadsheets should be produced "unlocked," Defendant should have been reasonably aware that locking the spreadsheets' cells and data was not complying with the spirit of the Court's directive that the spreadsheets be produced as they are kept in the ordinary course of business. Moreover, at the June 2, 2005 discovery conference, Plaintiffs specifically detailed their difficulties with the hard copy versions of the spreadsheets produced by Defendant, including their complaints that the hard copy versions cut off the information contained in the spreadsheet columns and cells.

Defendant's concerns regarding maintaining the integrity of the spreadsheet's values and data could have been addressed by the less intrusive and more efficient use of "hash marks." For example, Defendant could have run the data through a mathematical process to generate a shorter symbolic reference to the original file, called a "hash mark" or "hash value," that is unique to that particular file. This "digital fingerprint" akin to a tamper-evident seal on a software package would have shown if the electronic spreadsheets were altered. When an electronic file is sent with a hash mark, others can read it, but the file cannot be altered without a change also occurring in the hash mark. The producing party can be certain that the file was not altered by running the creator's hash mark algorithm to verify that the original hash mark is generated. This method allows a large amount of data to be self-authenticating with a rather small hash mark, efficiently assuring that the original image has not been manipulated.