The case
In Pippins v. KPMG LLP, 279 F.R.D. 245 (S.D.N.Y. 2012), former audit associates brought a class action alleging KPMG violated the Fair Labor Standards Act. As discovery opened, plaintiffs sought a preservation order requiring KPMG to retain the individual hard drives of every former associate whose work might fall within the relevant period. The scope question reached Magistrate Judge Cott.
What the court held
Magistrate Judge Cott declined to require that level of preservation. The court held that preservation obligations must be proportional to the case's needs, the relevance of what's being preserved, and the burden on the party required to preserve it. Pippins remains a frequently cited limiting principle on sweeping hardware retention demands, standing for the proposition that courts won't impose preservation costs disproportionate to the likely evidentiary value of the material.
Where blockchain anchoring fits
The Pippins holding is practically sensible. Requiring a company to warehouse hundreds of individual hard drives from former employees, potentially for years, would impose costs that courts are right to check. But the limiting principle carries a cost of its own. When physical media isn't preserved under a proportionality ruling, what's lost isn't just the hardware. The authentication record for what was on that hardware becomes dependent on secondary evidence. And secondary evidence, in litigation where file content or timing is contested, is a harder argument than a verifiable artifact that predates the dispute.
SHA-256 hash anchoring doesn't preserve the drive. It creates a permanent, on-chain record that a specific file, with specific byte-level content, existed at a documented moment. That record goes to Polygon for near-immediate confirmation and to Bitcoin in a daily batch with merkle proofs. Both chains are public and independently verifiable at proofledger.io. The proof lives on the ledger regardless of what happens to the original hardware.
What the anchor establishes: file integrity (the content is byte-for-byte unchanged from the moment of anchoring) and a timestamp (the hash was recorded before or after a given date). What it doesn't establish: that the file still exists in its current form, or that the content is accurate. The authentication argument for a blockchain record runs under FRE 901(b)(9), which allows evidence produced by a process that generates an accurate result to be authenticated by foundation describing how that process works. The SHA-256 algorithm and the dual-chain anchoring mechanism are the process. The on-chain transaction record is the output.
For third-party verification without any platform dependency, the verify-proof Python package supports fully offline checks. It takes a local file and a proof record, computes the SHA-256 hash locally, and confirms or rejects the match against the on-chain record. Opposing counsel and auditors can run that verification independently. Nothing requires trusting a portal.
Take the Pippins scenario to its logical end. If KPMG's former associates had anchored their work files at creation, the court's proportionality ruling on hardware retention would be unchanged. What would be different: the authentication record wouldn't depend on the hardware decision. The hash anchor exists on a public blockchain. Whether the drive was preserved becomes a separate question from whether the file's content is independently verifiable.
The takeaway for practitioners
Proportional preservation doctrine protects parties from unreasonable retention burdens. But it doesn't generate the authentication record you need when the original media is gone and the content is disputed. FRE 902(14) allows authentication of electronic data identified by hash value through written certification. FRE 901(b)(9) supports the process reliability argument for blockchain records. Anchoring file hashes before any preservation duty attaches keeps practitioners out of the FRCP 37(e) sanctions analysis entirely, because the authentication record doesn't live on hardware subject to proportionality limits. It lives on a public ledger, independent of any retention decision.
References
- Pippins v. KPMG LLP, 279 F.R.D. 245 (S.D.N.Y. 2012)
- FRE 901(b)(9): authentication based on process or system producing accurate result
- FRE 902(14): self-authentication of electronic data identified by hash value
- FRCP 37(e): sanctions for failure to preserve electronically stored information