How Mobile Devices are Changing eDiscovery
The importance of mobile device data in legal discovery, investigations, and other proceedings is ubiquitous and virtually indisputable. Mobile devices such as cellphones, smartphones, e-readers, and tablets pose a significant and unique challenge to the legal industry when it comes to the collection, searching, processing and production of electronically stored information for discovery.
In the U.S., for instance, 90 percent of employees utilize their personal smartphone for work purposes, one study shows. Legal practitioners know this is a unique challenge – and they especially must placing these developments in the context of the amended Federal Rules of Civil Procedure to address proportionality issues under Rule 26 and to seek the benefits potentially conferred by Rule 37(e).
Unlike computers and servers, mobile devices can’t simply be “cracked open” and copied or forensically imaged bit-by-bit. Every model is somewhat unique. Numerous issues must be addressed, including the type of dispute or investigation, commingling of personal and business data, mobile data storage in the cloud, the manufacturer of the device and its operating system, mobile device management (MDM) software, data protection and encryption, and the type of data being sought. Further, investigative matters may also require specialized radio frequency (RF) isolation containers when collecting a device. Failure to properly shield it from RF signals such as Wi-Fi, Bluetooth and cellular service could result in a user executing a remote “wipe” or the operation of predefined retention policies.
Given this backdrop, here are four key areas for consideration when approaching mobile data collection:
Litigation, Discovery, and BYOD and COPE Devices
“Bring Your Own Device” (BYOD) is an established and growing trend in the business world due to its potential for cost savings as well as its popularity among end users seeking to carry a single device of their choosing for business and personal connectivity. This usage creates complex eDiscovery and security issues due to personal data being commingled with confidential, proprietary and/or sensitive business data. When eDiscovery obligations require collection from BYODs, sensitive issues often surface regarding custody, control, ownership, and safeguards to preclude review or disclosure of personal information. A broad collection is often necessary because of the insufficiency of technical or logical boundaries between personal and business data on the device.
As a result of these issues, businesses have recently turned to “Company Owned but Personally Enabled” (COPE) devices. COPEs are corporate/carrier-owned mobile devices used in the workplace, whereby both workplace and personal data are permitted, but both types of data are regulated by corporate policy. While COPE devices provide more control over employee devices, privacy concerns still remain.
Identifying devices that require collection may be accomplished through either a custodian interview process or by more automated approaches. In some cases, attorneys make the decision to collect all content from all mobile devices, regardless of scope. This method is not always the best approach, as the entirety of the mobile device often does not contain even potentially responsive information. Corporate email is a prime example of content on a mobile device that may not need to be collected from the device. Corporate email is almost always synchronized between the device and the corporate server, making that server the best and most complete record.
Text (“SMS”) messages are another good example of data that may exist on mobile devices, but may not be relevant to the inquiry at hand, and should not always be collected. In most cases, the data required for preservation, review and production is focused on a particular substantive topic, whereas SMS messages could be very general, broad and not relevant.
Careful consideration of the privacy, relevancy, costs and burdens involved in mobile device data collections should be observed in order to limit collections to only responsive mobile data.
Legal Implications of New Text and Chat Applications
Mobile device messaging has evolved significantly since the early days of SMS texts. Many different proprietary and third-party applications can be used to communicate and store messages in text and multimedia formats. An eDiscovery collection request simply targeting “text messages” doesn’t cut it anymore. Different collection methods and tools will vary with regard to the amount and type(s) of data they are able to collect on different devices and from third-party applications — the wrong tool or collection method can result in incomplete, missing or incorrect data — even when there is data in those applications. It is almost a full-time job to keep up with messaging platforms and services available to mobile device users today. Popular platforms such as WhatsApp, Facebook Messenger and Snapchat, to name but a few, have changed the messaging landscape with significant implications for the eDiscovery process. Geography, type of device, state of connectivity (i.e., Wi-Fi or cellular), age and demographic of user, and many more factors combine to make “messaging” an even more complex and fast-changing environment.
In addition, many of these apps are cross-platform, and can be used on Apple iOS, Android, Windows Phone and Blackberry devices.
Knowing what you are looking for and what messaging platforms are in place can help make the mobile device collection and the subsequent representations made by counsel about the completeness and correctness of the eventual production more defensible. Failure to preserve or produce responsive content can have serious consequences.
Focus on Social Media and Cloud Storage in Discovery
Social media and data stored in the cloud are typically collected using defined protocols. It is important to understand, however, that mobile devices are key access points to these services by users away from the web-based portal or installed application on a desktop or laptop computer. Social media artifacts and cloud storage evidence are resident on mobile devices and could yield important information for your case. This could include information ranging from additional user communications to evidence of cloud-based storage repositories potentially used to upload information responsive in your matter — for example, proprietary company documents and intellectual property. Important discovery considerations include the retention period in effect for subject content at various cloud providers, determinations of custody and control, and deploying the right tools at the right time to accomplish preservation and collection.
Fast-Changing Mobile Device Technology
Mobile devices are typically heavily subsidized by either the device manufacturer or the cellular carrier tying them to contract-based service agreements. This arrangement allows users to replace their devices on a regular cycle of one to two years — ensuring that the user always has the “latest and greatest” device. Software updates to those devices (both the operating system and the application resident thereon) happen much more frequently. Some are even pushed out in an automated fashion, prompting the user to update his or her device with the simple touch of a screen. There are thousands of mobile devices in circulation with software updates released on a daily basis. Forensic software is always playing catch-up to reverse-engineer data storage methods to allow collection and presentation of mobile device data.
Due to this highly dynamic technology truism, no single piece of forensic software is the answer to all mobile device collection and data extraction needs. Forensic software packages are updated as new issues are found to allow for up-to-date parsing of the content they have currently reverse-engineered. On a particular device, the forensic software update may allow SMS messages to be parsed, but require a different forensic software product for a third-party message store, therefore defining the potentially responsive information prior to the collection process is paramount and ensures preservation is complete and appropriate.
Mobile devices play an increasingly important part in both home and work life. As connected devices that capture data continue to proliferate (with forensic toolkits now supporting more than 10,000 different devices), legal practitioners will face challenges as they try to stay abreast of both the technology and the law. It is important that attorneys understand the rapidly changing landscape of mobile devices, their relative import to a matter, and the obligations, costs, burdens and benefits associated with accessing those devices in the context of litigation.
David Rohde is the senior director of consulting services for Epiq, bringing more than 19 years of experience as a courtroom litigator, legal technology project manager, and information governance expert to his role. Rohde has implemented new technologies in support of complex litigation, designed and implemented case and matter management systems, developed and implemented information governance and defensible disposition initiatives, advised on email archiving solutions, and implemented systems and processes supporting all aspects of litigation/discovery preparedness.
Jon Kessler is a senior director of forensic consulting in the Epiq legal services business unit where he is often engaged to provide formal computer forensic and eDiscovery best practice training and oversight to government agencies and Fortune 500 companies, as well as delivers consulting services for data migration, disposition, and legal hold implications. He has extensive experience in the eDiscovery industry working on complex electronic discovery matters across many diverse industries in over 35 countries.