Mobile Devices

Have you considered the implications of time zones when it comes to your litigation needs?

by: Trent Livingston, Chief Technology Officer

Most of today’s legal technology platforms require that a time zone be selected at the time of ingestion of data. Or, in the case of forensic software, the time stamp is displayed with a time zone offset based upon the device’s time zone setting. However, when conducting a review, the de facto time zone setting for your litigation is often determined ahead of time, often based upon subjective information. This is likely the region in which the primary custodian resides. Once that time zone is selected, everything is adjusted to that time zone. It is “set in stone” so to speak. In some cases, this is fine, but in others, it can complicate things, especially if you want to alter your time zone mid-review.

Let’s start by understanding time zones, which immediately begs the question, “how many time zones are there in the world?” After all, it can’t be that many, right? Well, don’t start up your time machine just yet! To summarize a Quora answer (https://www.quora.com/How-many-timezones-do-we-have-in-the-world) we arrive at the following confusing mess.

Spanning our globe, there are a total of 41 different time zones. Given the number of time zones, “shifting time” (so to speak) can be of the utmost importance when examining evidentiary data.

If everything is set to Eastern Standard Time but does not properly allocate for time zone changes, a software application could arbitrarily alter a time stamp inconsistently, and consistency is what really matters! What happens if two of the parties to a matter are in New York while two of the parties are in Arizona? Arizona does not observe Daylight Saving Time. This could result in a set of timestamps being thrown off by an hour spanning approximately five months of the data set (based upon Daylight Saving Time rules). Communication responses that may have happened within minutes now seemingly occur an hour later (or earlier depending on how to look at it). Forensic records could fall out of sync with other evidentiary data and communications or, worse yet, sworn testimony. The key is to ensure consistency to avoid confusion.

CloudNine’s ESI Analyst (ESIA) normalizes everything to Coordinated Universal Time (UTC) upon ingestion, leveraging the original time zone or offset. By doing this, ESIA can display the time zone of the project manager’s choosing (either set at the project level or by the specific user’s account time zone setting). This allows for the time stamp display of any evidence to be changed at any time to the desired time zone across an entire project, allowing for the dynamic view of time stamps. Not only can it be changed during a review, but also set at export. All original metadata is stored, and available during export so that the adjusted time stamp can be leveraged for timelines, while the original time stamp and time zone settings are preserved for evidentiary purposes.

When performing analysis of disparate data sets, this methodology allows users to adjust data to see relative time stamps to a particular party involved in that specific investigation. For example, an investigation may involve multiple parties that are all located in different time zones. Additionally, these users may be traveling to different countries. Adjusting everything to Eastern Time may show text messages arriving and being responded to in the late hours of the day not accounting for the fact that perhaps the user was abroad and was actually responding during normal business hours.

While seemingly innocuous, it can make a big difference in how a jury perceives the action of the party, depending on the nature of the investigation.

As they say… “timing is everything!” especially when it comes to digital evidence in today’s modern era.

Now, where did I leave my keys to my DeLorean?

Learn more about CloudNine ESI Analyst and its ability to deduplicate, search, filter, and adjust time zones across all data types at once here.

Generate More Revenue For Your Law Firm with Modern eDiscovery

One of the biggest challenges for any business is discovering new revenue streams once your growth reaches its zenith. For most law firms, this creates a welcome opportunity to offer new and better solutions while bringing more revenue into the organization.

As technology evolves, so does the diversity of new data types.  By expanding your firm’s ability effectively and accurately collect and analyze emerging data types, you create new opportunities to meet the changing needs of your clients.

Hit the eDiscovery Bullseye: The Latest Trends in Data Types

Electronically stored information (ESI) evolves every time new software is created. Whether it’s an updated version of current data or an entirely new data type, ESI is constantly changing.

To operate successfully, your law firm needs the ability to effectively process these modern data types. Consider the following statistics from two popular messaging applications – Microsoft Teams and Slack:

  • Teams has 145 million daily active users
  • Teams is used by more than 500,000 organizations as their default messaging platform
  • Slack has 10 million daily active users
  • Slack is used by 43% of Fortune 100 businesses

The sheer volume of modern data users creates an unmatched treasure trove of data vital to your client’s litigation. Other popular communication platforms like Google Meet, Zoom, GoToMeeting, and WhatsApp also contribute to the unparalleled growth of modern data types.

However, only recently have legal professionals begun to see the benefits of reviewing these data types since their reliance on traditional data types was easy and typically, sufficient.

Everyone in the legal profession can benefit from the ability to collect and analyze messages and metadata from communication platforms.  However, law firms and forensics companies in particular now understand the true value of other modern data like computer activity, geolocation, and financial transactions because it’s critically important to the success of their investigations.

Read a case study to learn how CloudNine is helped reconstruct conversations across multiple file types.

Why Modern Data Doesn’t Work Well with Traditional eDiscovery Platforms

Traditional data is typically straightforward in the form of Word documents, spreadsheets, and emails converted into PDF. The biggest issue with collecting and analyzing modern metadata on a traditional eDiscovery platform is compatibility.

Modern data transmitted by web clients and web servers is usually found within JavaScript Object Notation (JSON) files. JSON files are the preferred format for almost every public web service available today, including Teams and Slack.

HTML is another popular file type used by websites and social media applications like Facebook and Twitter to create individual pages.

JSON and HTML cause problems with traditional eDiscovery because traditional platforms cannot extract the content and metadata and organize it into an easy-to-review format. The result is usually very difficult to read, let alone review for eDiscovery.

Another challenge is simply the cost. In Zubulake v USB Warburg, the courts found the defendants were required to provide all relevant data files related to the case at their own expense. If your client is a large corporation, this could mean a large volume of devices to be collected for eDiscovery, which will naturally raise costs.

Tip the Scales of Justice with a Modern eDiscovery Platform

As applications like Teams and Slack make modern data more common, it has become more acceptable to be used in litigation. In the past, attorneys would argue to have modern data dismissed, and more often than not, the judge would allow it. Today’s judges have a better understanding of the value of emerging data so they require it for eDiscovery.

Modern eDiscovery platforms can collect a variety of modern data and accurately prepare it for review. Data types under this umbrella include:

  • Communication from messaging applications
  • File sharing applications
  • Metadata from video conferences
  • Mobile messaging including text, SMS, and MMS
  • Computer activity including the movement and alteration of files
  • GeoLocation
  • Social media posts
  • Financial transactions

In addition, by leveraging a modern data review platform, you can collect communication across multiple applications and devices. Based on the metadata, you can create pristine communication threads that flow from one platform to another, giving you a more complete picture and the context to understand how people were behaving and why. That simply isn’t possible in a traditional eDiscovery platform.

Stay up to date on how CloudNine is revolutionizing eDiscovery by signing up for our regular eDiscovery updates and best practices.

How Law Firms Use Modern eDiscovery to Offer Better Solutions

When you have the ability to review modern data, you can manage your case more effectively and efficiently by consolidating the workflows of multiple processes using a single SaaS platform.

  • Early Case Assessment. With CloudNine’s people and platforms, you are enabled to collect, cull, process and organize large amounts of modern data, to provide the needed insight to your case investigations to predict costs more accurately.
  • Unified Review Workflows. A simplified and consolidated workflow allows you to process, sort, review, tag, and produce traditional and modern data quickly and accurately.
  • Higher Level of Data Organization. By leveraging the metadata and conversation content, you can analyze and review all data types easier and more efficiently. This “Data NOT Documents” approach allows you to quickly narrow in on key conversations faster than traditional document review.
  • Context to Understand the Whole Story. Following digital conversations across multiple platforms along with computer activity, geolocation, social media and financial transactions, you create a more complete narrative to add the context needed to understand the whole story.

With these benefits, you can now demonstrate maximum efficiency and offer unparalleled service to your clients.

Your clients are looking to you to provide the best legal advice and management of their data, regardless of data types, modern or traditional.

By offering a solution giving them equal access to both traditional and modern data types with CloudNine eDiscovery solutions. Request a free demo and let us show you how CloudNine can help you generate more revenue while better preparing your clients for litigation.

Emerge From Data Chaos With eDiscovery Built For Today’s Data

Did you know in 2020 alone, the average person created 1.7 MB of data every second? (source).  Now consider this in the context of your latest eDiscovery case:  from cell phone forensics to computer user activity, the amount of digital documents to review is massive.  For example, here’s a glimpse of the daily counts of electronically stored information (ESI) including traditional and modern data types:

  • 4 billion emails (source)
  • 7 billion text messages (source)
  • 100 billion WhatsApp messages (source)
  • 4 billion Snapchat photo messages (source)

And, this doesn’t even include other traditional data types like documents or spreadsheets. Nor does it count modern data types like computer user activity, geolocation tracking, corporate chat applications, financial transactions, or social media posts.  While eDiscovery review platforms are designed to process traditional data types, you need a better, more efficient way to analyze the sheer volume of digital discovery types.

To provide a comprehensive view of all data types, CloudNine has introduced a modern data review experience to enable the analysis of existing and emerging data types, from a single eDiscovery solution platform.

Synergize eDiscovery of Today’s Data with CloudNine

Current eDiscovery review platforms were developed to support traditional data types like emails, Word documents, spreadsheets, and PowerPoint as evidence in litigation. The problem is they rarely provide the context needed to tell the whole story because they miss potentially relevant data found on mobile devices and corporate chat applications like Microsoft Teams or Slack. 

Without this nuanced data, you don’t have the ability to show behaviors, actions, or communication across different platforms, making it more challenging to prove your case as it’s very difficult to show context if you’re working exclusively with traditional file types.

Using Cellebrite UFED, a digital tool for extracting data from mobile devices, we can quickly collect cell phone data and inject it directly into the document review platform.

In addition, CloudNine’s modern data review platform can create timelines to organize relevant data in a linear outline to tell a story from beginning to end. Combining this with the ability to track digital conversations across multiple platforms, you’ll have better insight into:

  • How subjects were behaving
  • What they were doing
  • Where they were going
  • Who and when they were communicating with

CloudNine’s modern data solution expands your ability to understand the whole story in ways your competition can’t. The ability to collect and review this type of data allows you to better understand the facts surrounding your litigation, applying context so you’re able to tell the whole story.

Our solution for today’s data is suitable for both large and small data sets. It’s robust enough to handle the largest cases with extremely large data sets while remaining nimble to give attorneys the ability to view data quickly and easily on much smaller cases.

Regardless of the case or file types your team is reviewing, your eDiscovery team can get to the truth much faster.

Take the Rediscovery Out of Your eDiscovery: CloudNine’s ESI Analyst is the Perfect Complement to Enhance CloudNine Review

While CloudNine Review brings a fast, secure and easy-to-use platform to load and export data quickly and efficiently, the addition of a modern data solution adds a new layer of context and complexity to your litigation.

Now, when you receive your data, you can upload all the data sources into our modern data platform, perform eDiscovery and then import your modern and traditional data directly to CloudNine Review for a simplified and streamlined review.

Most legal firms and LSPs are forced to shoehorn modern data into traditional legal document review platforms. This can lead to confusion about the importance of what role specific text messages play in the story.

However, by letting you review every type of data more accurately, you get a more efficient solution that addresses both traditional and modern data, providing more insight and clarity into the factors behind the litigation.

A perfect example of this is the ability to analyze financial data and computer user activity. While collecting and reviewing financial data means you can track transactions and payments easier, tracking computer activity through registry files or event logs lets you see actions taking place on a digital level.

For example, if an employee copies a confidential document onto a thumb drive and walks out the door with it, you’ll be able to see that action in the data records.

As an organization, we are committed to evolving in the same way eDiscovery evolves. Stay up-to-date on the latest CloudNine updates by signing up to receive our latest eDiscovery news delivered to your inbox.

Don’t Fall Prey To Ingestion Congestion: The Ease of Integration and Deployment with CloudNine

Simple Deployment:  While the technical aspects of integrating CloudNine’s modern eDiscovery review platform is incredibly easy, the important thing to know is how simple it is to deploy the solution for your staff. Training for your administrators to operate the platform can be completed in an hour while training your review team for a specific case takes as little as 15-30 minutes.

Searching and Batching: By creating a series of searches based on specific keywords or phrases, you can pull data batches to assign to your team so they can review and add custom tags for relevant data. This is a valuable tool for anyone using this modern data eDiscovery solution, whether you have the resources to employ a litigation-support team or if you’re a smaller office with only one or two attorneys.

Superior Support:  If there’s any questions or problems, support is just a phone call away. If you don’t know how to use a particular feature or tool, we can schedule a quick online training session and walk you through the process. Plus, there are over a hundred resource articles in our library to help you learn how to better use CloudNine’s solution.

By offering solutions that empower you to collect, review and analyze both traditional and modern data types, you can streamline your eDiscovery process and capture information that tells the whole story through different platforms.

To complement your existing eDiscovery solution and combine both traditional and modern data types into a more complete narrative, contact CloudNine to find out how we can seamlessly fold our self-service, SaaS application designed for all data types into your eDiscovery process.

What Happens When You Don’t Have a Modern Data Solution?

Why a Modern Data Review Platform is Critical to eDiscovery

When legal professionals first incorporated electronically stored information (ESI) into their eDiscovery document review process, it opened the door for a variety of digital data types to be used in investigation and litigation. 

It didn’t take long for eDiscovery to begin taking in ESI like emails, documents, spreadsheets, databases, CAD/CAM files, digital images, and websites. These have remained the primary sources of digital discovery data used by legal professionals. 

However, as technology continues to evolve, new modern data types are becoming increasingly vital in litigation. These new modern data types fall under five primary categories, in addition to traditional eDiscovery: 

  1. Communication
  2. Computer/User Activity 
  3. Geo-location tracking (location tracking software)
  4. Financial Transactions
  5. Social Media

These modern data types have their own unique uses and their associated metadata allows you to create a chronological list of events and user activities so you can gain context where it did not exist in traditional discovery. 

Here are just a few examples of how it works:

  • By gathering data on computer activity, you’re able to see when individuals upload documents to Google Drive or download them onto thumb drives. 
  • Geolocation lets you determine where a computer activity took place so you know if they were at home, in the office, or at another location.
  • By using the metadata associated with different communication applications, you can track and document relevant dialogue between two parties as they carry their conversation from one device or application to another. 

With these additional data types, you’re able to tell a complete story through your legal review when combining traditional and modern data, in one unified eDiscovery platform

As more modern data forensic artifacts emerge, CloudNine is doing our part to help your eDiscovery team gain the context and confidence you need to solve your cases. Sign up to receive updates on our offerings here.

Reconstructing Digital Conversations To Unveil The Full Picture

In a modern data eDiscovery solution, you can do things that simply aren’t possible or are too difficult or costly to do in a traditional document review-centric platform. 

In a traditional legal document review platform, communication between two individuals would be collected and stored as individual documents. This means the context of the whole conversation including text before and after the individual messages could lose context in the conversation, leaving a void in the interpretation.

A modern data review platform allows you to collect data from multiple devices and applications including traditional ESI and loose files. By using the metadata associated with the collected data, you can select two individuals and review all communication between them in a chronological timeline. Now you have the context to perform the smartphone forensics and short message discovery you need to follow a conversation that began in Slack but transitioned to text messaging before concluding in WhatsApp.

Cell Phone Discovery: Reviewing Text Messages In a Modern Data Review Platform

Traditional legal review platforms are often inefficient when reviewing text messages. In a traditional platform, text threads are converted to PDF requiring each thread to be reviewed, text-by-text. In this case, five individuals in a group text messaging thread, means you’ll see the same message collected five times. This results in a lot of time and money wasted redacting large parts of the text thread, irrelevant to the topic. 

Smartphone data discovery allows you to filter duplicate messages, and remove 20-30% of the collected data.  With a simple click of a button, modern eDiscovery review allows you to select the text messages you want to advance and remove the irrelevant text from long or group threads.

Another challenge for traditional review platforms is the inability to maintain native formats for data. By relying on screenshots or PDFs, organizations using older platforms can fall victim to doctored images that could affect the course of the litigation. 

For example, in Rossbach v. Montefiore Medical Center, a plaintiff used screenshots of a text message to attempt to prove that her former employer had sexually harassed, then fired her. The message was allegedly sent to her iPhone 5 which cannot run an operating system beyond iOS 10. A forensics investigator examined the screenshot and discovered an emoji present in the image was a version not available until iOS 13 was released.

Modern eDiscovery review platforms capture text message formats (MMS and SMS) in their native format so there’s no risk of fraudulent or altered data in the review.  A unified eDiscovery platform will combine both traditional and modern data without creating documents from modern data sources.

Learn more about how your legal team can hit the eDiscovery bullseye with every data type with CloudNine Review here.

Why Organizations Are Hesitant to Commit to a Modern Data Review Platform

Some organizations are hesitant to adopt a modern data review platform because of their apprehension to change standard operations. They’re unwilling to change their review mentality from document-based to metadata-based or a hybrid of both.  After all, if it’s working, why change it?  

Many organizations are also forced to break-out their review processes among multiple platforms – one for traditional data like emails and Word documents and one for modern data like geolocation, social media and computer activity. 

In addition, there are some objections to native file production:

  • Retrieval of native files after initial document collection would mean additional costs.
  • Redaction is difficult or even impossible with some native file types.
  • Image-based productions are often accepted in court. 
  • Static images are equally useful for analysis and review of native files.
  • Federal Rule of Civil Procedure 34 does not specifically require native formats.

However, as modern data types become more common and important, organizations are beginning to understand that using a traditional, legacy document solution to review modern data is becoming burdensome, expensive, and slow. 

How a Modern Data Review Platform Simplifies eDiscovery

Simply put, a modern data review platform like CloudNine’s ESI Analyst organizes your data more efficiently by using metadata to sort modern data types by recipients, senders, timestamps, locations, and computer activity. 

The data is then tagged under one of the following data types:

  1. Call logs and voice mails 
  2. Chat applications (WhatsApp, Telegram, Facebook Messenger, etc.)
  3. Email
  4. Corporate chat applications (Slack, MS Teams, etc.)
  5. Text Messages (SMS, MMS)
  6. Computer activity 
  7. Geolocation
  8.  Social media
  9.  Financial transactions 

In addition, with a built-in foreign language tool, you have access to more than 80 supported languages so nothing gets lost in translation.

While legacy document review solutions are limited to reviewing documents, they miss key data points like geolocation, financial transactions, and other pertinent data that does not fit in a document-centric workflow.  The CloudNine, integrated solution allows you to filter, search, tag, and review all data in one platform.  

Let CloudNine help you integrate a modern data review platform into your eDiscovery processes. We can train your case teams quickly so they’re up and running in 15-20 minutes. To learn more about how our modern data solution can make your eDiscovery processes more efficient, drop us a line

How COVID-19 Has Reinforced the Need for Comprehensive BYOD Policies

Even before the pandemic started, working from home was on the rise. The trend allowed employees to be both productive and comfortable. Like any change, the transition to remote work was met with some skepticism. Many worried that limited in-person interaction would negatively impact work relations and company culture. Another concern was that employees wouldn’t get their work done at home. Though the research is mixed, several studies suggest that working from home greatly improves productivity. Amid the controversy, remote work skyrocketed as quarantine guidelines were set in the United States. This shift boosted the popularity of BYOD policies in the workplace. BYOD is shorthand for “bring your own device,” a practice in which businesses allow employees to conduct work activities on personal devices.

From both the employer and employee perspectives, BYOD policies come with a list of pros and cons. Employees typically enjoy the change, grateful that they don’t have to carry two phones everywhere. BYOD allows them to conveniently handle business and personal affairs from the same device. Through this system, an employee can work from anywhere at any time. From the employer’s standpoint, BYOD practices can be a money saver. Companies that supply and maintain work phones are expected to foot the bill. BYOD, however, eliminates those business expenditures.[1] In terms of ediscovery, BYOD poses significant privacy and security concerns. Now more than ever, companies should reevaluate their BYOD policies, ensuring that sensitive data is well-protected.

Questions to Consider

Before drafting or revising BYOD policies, there are several questions that a company should ask itself. Below is a list of sample questions to get the ball rolling:

BYOD Recommendations

  • Ask new employees about the BYOD policies at their former jobs. If the employee previously used their personal device for business matters, their device could still contain competitor data. Detecting and eliminating competitor data early on reduces the risk of lawsuits. [2]
  • Pay particular attention to securing data from your legal department. Legal departments, specifically, are a popular target for hackers because they manage large amounts of sensitive information.
  • Consider setting time limits on employee access to highly sensitive material.
  • Consider an employee’s position in the company before allowing them to operate through a personal device. If their position requires consistent interaction with confidential information, it’s safer to supply them with a work phone. [3]
  • Outline any software and applications that employees should not use.
  • Establish protocols for litigation holds and employee departure. [1]
References

[1] Russell Beets, “BYOD (Bring Your Own Device) Policies and Best Practices,” LitSmart E-Discovery, November 17, 2017.
[2] Will Kelly, “BYOD and the danger of litigation” TechRepublic, November 3, 2015.
[3] Frank Ready, “When Should Companies Refresh BYOD Policies? With COVID-19, It’s Now” Legaltech News, July 16, 2020.

The Risks and Benefits of Ephemeral Messages

What are Ephemeral Messages?

In the corporate world, Gmail, Microsoft Teams, and Slack are the most common forms of communication. Though these platforms are traditional and efficient, they create privacy and storage challenges. Ephemeral messages counteract these issues by disappearing shortly after the recipient has read the message. [1]

Platforms with disappearing messages:

  • Snapchat
  • Signal
  • Wickr
  • Cover Me
  • Confide
  • Telegram
  • Hash
  • WhatsApp
  • DingTalk

Court Cases Involving Ephemeral Messaging

  • Waymo, LLC v. Uber Technologies, Inc.: In this trade secrets case, Uber’s usage of Wickr and Telegram became a discovery headache. The judge granted both parties the opportunity to argue for or against the relevance of the messages. Thus, the case’s focus shifted from trade secrets to unrecoverable conversations. [2]
  • WeRide Corp v. Huang: After the defendant was accused of intellectual property theft, they took several measures to destroy communication evidence. One of those measures included communicating through DingTalk after the preliminary injunction. Since the messages were destroyed and post-injunction, terminating sanctions were issued. [3]
  • Herzig v. Arkansas Foundation for Medical Care, Inc.: In this age discrimination case, the plaintiffs started using Signal after receiving preservation orders. The judge noted that the plaintiffs manually configured the deletion settings; thus, the case was dismissed for intentional spoliation. [4]

Weighing the Risks and Benefits

Through automated deletion, ephemeral messaging apps eliminate issues concerning data volume. Smaller amounts of data provide greater security from data leaks and reductions in storage costs. Despite these benefits, ephemeral messages are a risky form of communication because they increase the likelihood of spoliation. [5] Spoliation sanctions can range from monetary payments to case dismissal. [6]

Best Practices for Preservation

  • Automated deletion settings should be shut off as soon as a complaint is filed.
  • Create comprehensive policies on managing ephemeral messages. These policies should outline legitimate reasons for the app’s usage, retention information, and destruction guidelines.
  • Train employees on ephemeral messaging etiquette in the workplace.
  • Monitor and document company usage of ephemeral messaging apps. [7]

[1] Dennis Kiker, “Now you see it, now you don’t: Ephemeral messaging may lead to sanctions,” DLA Piper, June 8, 2020, https://www.dlapiper.com/en/us/insights/publications/2020/06/now-you-see-it-now-you-dont-ephemeral-messaging-may-lead-to-sanctions/

[2] Robert M. Wilkins, “Client Litigation Risks When Using Ephemeral Messaging Apps,” Jones Foster, March 5, 2020, https://jonesfoster.com/our-perspective/pbcba-messaging-app-article

[3] Philip Favro, “INSIGHT: California Case Offers Warnings on Ephemeral Messaging,” Bloomberg Law, June 1, 2020, https://news.bloomberglaw.com/esg/insight-california-case-offers-warnings-on-ephemeral-messaging

[4] Scott Sakiyama, “This Message Will Self-Destruct in 5 Seconds,” Corporate Compliance Insights, March 26, 2020, https://www.corporatecomplianceinsights.com/self-destruct-ephemeral-messaging/

[5] Rebecca Cronin, “A Lawyer’s Guide to Ephemeral Messaging,” JD Supra, May 18, 2021, https://www.jdsupra.com/legalnews/a-lawyer-s-guide-to-ephemeral-messaging-4360652/

[6] Michael W. Mitchell and Edward Roche, “Lessons Learned: Destroying Relevant Evidence Can Be Catastrophic in Litigation,” Smith Anderson, https://www.smithlaw.com/resources-publications-1673

[7] Thomas J. Kelly, “The Rise of Ephemeral Messaging Apps in the Business Word,” National Law Review, April 23, 2019, https://www.natlawreview.com/article/rise-ephemeral-messaging-apps-business-world

Problems and Solutions for Slack Discovery

The Discoverability of Slack

As people turned to remote work in 2020, collaboration apps became a prevalent form of communication. Slack was so popular that some considered it to be the “new email.” Though some legal teams refute its discoverability, the FRCP intentionally established a broad definition of ESI to accommodate new data types. From corporate files to humorous GIFS and standard channel messages, Slack is a medium for large quantities of information. Thus, the application fits the requirements for discoverable digital evidence.[1] Accessing and producing that information, however, can present several challenges.

Production Problems

  1. Hundreds of Slack messages are sent every day.

Medium and large-scale corporations with active Slack users easily send over 100,000 Slack messages per month. Additionally, Slack generates a new file per day for each channel. Examinations of big data are slow and expensive. By proactively identifying specific channels to preserve, litigants can reduce production costs and time.[2]

  1. Slack is only one of many hosts for decentralized communications.

Nowadays, a single conversation can span multiple platforms. For example, if an employee asks their boss a question through email, they may hold a Zoom meeting to discuss it. After the Zoom meeting, they might use Slack to address any follow-up questions. Since the conversation was spread out, the snippet captured on Slack will lack the full context.

  1. Deciphering Slack exports can be difficult.

Slack messages are exported through JSON files, a format that’s a bit hard to understand. Additionally, the files don’t visually display media such as emojis and GIFS. In response to this problem, legal teams may opt to use screenshots as an alternative production method. However, the application only allows users to view and sort through the most recent 10,000 messages.[3]

Tips to Keep in Mind

  • Educate your employees or legal team about Slack’s retention policies.
  • If possible, consider upgrading to Slack’s premium version so that there is no message history limit.
  • Find an eDiscovery solution that will export Slack data in a thorough and understandable format.
  • Avoid preserving unneeded data by identifying which channels are more important than others.[4]

 

[1] Peter Callaghan, “Is Slack Content Discoverable? Yes It (Definitely) Is,” Pagefreezer, https://blog.pagefreezer.com/slack-content-is-discoverable

[2] Matthew Verga, “Discovery from Slack: It’s Complicated,” Xact Data Discovery, June 19, 2020, https://xactdatadiscovery.com/articles/discovery-from-slack-its-complicated/

[3] James Murphy, “The Shark in the Wave: Revealing the Lurking Danger of Slack Data,” Corporate Compliance Insights, June 17, 2019, https://www.corporatecomplianceinsights.com/the-shark-in-the-wave-revealing-the-lurking-danger-of-slack-data/

[4] James Murphy, “The Shark in the Wave: Revealing the Lurking Danger of Slack Data.”

Despite Estimate of 37 Years to Crack iPhone, Government Doesn’t Have to Return it – Yet: eDiscovery Case Law

Tired of stories about COVID-19?  So are we.  So, here’s an interesting case to take a look at instead.  :o)

In U.S. v. Morgan, No. 1:18-CR-00108 EAW (W.D.N.Y. March 6, 2020), New York District Judge Elizabeth A. Wolford denied the defendant’s Motion for Return of Property Under Federal Rule of Criminal Procedure 41(g), ruling that “[t]he government’s evidentiary interest in the [defendant’s] iPhone outweighs Defendant’s interest in its return, at least at this stage of the proceedings”.

Case Background

In this case involving a Superseding Indictment alleging conspiracy to commit wire fraud and bank fraud served on this defendant on May 21. 2019, a search warrant over a year earlier was issued for Morgan Management, LLC, which included search and seizure of “multiple servers, computers or storage media … including but not limited to … devices … associated with … Robert Morgan.”  Later the same month that the search warrant was issued, a 62-count indictment was returned against other defendants, but Robert Morgan was not initially named in the indictment.

Nonetheless, sometime in May of 2018, the government started to try to crack the defendant’s iPhone’s passcode, using a device called “GrayKey”, which uses “brute force” to try and access the iPhone, a process by which a computer program enters potential passcodes seriatim until the correct passcode is revealed.  A six-digit passcode yields 1,000,000 potential passcode combinations, but the iPhone’s hardware only allows two or three passcode attempts each hour.  Even though this defendant wasn’t charged until a year later, GrayKey’s “painstaking” efforts to unlock the iPhone continued, with “a mere 960,526 possible passcodes” remaining as of January 9, 2020.  As a result, on January 2, 2020, the defendant filed a Motion for Return of Property Under Federal Rule of Criminal Procedure 41(g).

While the government argued that it was the defendant’s burden to show that either the seizure was illegal or the government’s need for the device as evidence has ended, the defendant argued that regardless of the government’s stated need for the property, it was unreasonable for the government to continue its retention of the iPhone.

Judge’s Ruling

Judge Wolford noted that “Rule 41(g) allows ‘[a] person aggrieved by an unlawful search and seizure of property or by the deprivation of property [to] move for the property’s return…. If it grants the motion, the court must return the property to the movant, but may impose reasonable conditions to protect access to the property and its use in later proceedings.’”  But she also noted that “Defendant does not argue that the government’s continued possession of the iPhone and its efforts to access it constitute an untimely seizure. Instead, Defendant argues that his interest in his iPhone and the information contained therein exceeds the government’s interest in the device, and thus, the Court should order its return.”

With that in mind, after a review of the history of Rule 41(g), Judge Wolford stated: “Defendant argues that at its current pace, it may take the government 37 years to successfully unlock the iPhone. The Court agrees that anywhere close to 37 years is an unreasonable time to retain the iPhone. This does not mean, though, that the government should be compelled to return it now. The government suggests that if it is successful, the contents of the iPhone could still be used at trial, regardless of when the contents are eventually accessed. At this stage of the proceedings—with a trial not scheduled to commence until next year…the Court agrees that there is still plenty of time for the government to access the iPhone’s contents. In the context of the current motion, the Court will not resolve whether that may cease to be the case as the trial date approaches. Indeed, the question of specifically how long the government can retain the device is not before this Court. There may very well come a point where the government’s retention of the iPhone is unreasonable—and that may be a time when the government continues to maintain that it needs the iPhone as evidence—but that date has not yet occurred.”  As a result, Judge Wolford denied the defendant’s motion.

So, what do you think?  How long can the government be allowed to retain a device to attempt to crack the password in a criminal litigation case?  Please let us know if any comments you might have or if you’d like to know more about a particular topic.

Case opinion link courtesy of eDiscovery Assistant.

Here’s another interesting article about this case from David Horrigan of Relativity on Legaltech® News!

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Mobile Collection: It’s Not Just for iPhones Anymore, Part Four

Editor’s Note: Tom O’Connor is a nationally known consultant, speaker, and writer in the field of computerized litigation support systems.  He has also been a great addition to our webinar program, participating with me on several recent webinars.  Tom has also written several terrific informational overview series for CloudNine, including his most recent one, DOS and DON’TS of a 30(b)(6) Witness Deposition.  Now, Tom has written another terrific overview regarding mobile device collection titled Mobile Collection: It’s Not Just for iPhones Anymore that we’re happy to share on the eDiscovery Daily blog.  Enjoy! – Doug

Tom’s overview is split into four parts, so we’ll cover each part separately.  The first part was last Thursday, the second part was Monday and the third part was Wednesday, here’s the fourth and final part.

Conclusions

So, when you think of smart phone collection be sure to ask what OS you going to encounter.  Android phones are market leaders both here in the US and worldwide and offer corporate archiving solutions that are second to none. Your litigation opponent might actually have the droid you are looking for.

And, why is that important?  Because we’re seeing more cases where mobile device data is relevant than ever.  As I mentioned in my Millennials series last summer, Americans send about 8.5 billion texts every day!  Texts and other mobile data are routinely relevant in just about every type of litigation case.

And, we’re certainly seeing more cases where mobile device data is figuring prominently in court rulings.  Here are some cases covered by eDiscovery Daily in just the past year regarding mobile devices and (in some cases) consideration of sanctions for failing to preserve mobile device data:

The good news is that you’ve now learned about some terrific resources to preserve that mobile device data and hopefully avoid sanctions in your own cases, regardless of whether the device is Apple or Android.

So, what do you think?  Are you having to increasingly address issues associated with mobile device discovery?  As always, please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Mobile Collection: It’s Not Just for iPhones Anymore, Part Three

Editor’s Note: Tom O’Connor is a nationally known consultant, speaker, and writer in the field of computerized litigation support systems.  He has also been a great addition to our webinar program, participating with me on several recent webinars.  Tom has also written several terrific informational overview series for CloudNine, including his most recent one, DOS and DON’TS of a 30(b)(6) Witness Deposition.  Now, Tom has written another terrific overview regarding mobile device collection titled Mobile Collection: It’s Not Just for iPhones Anymore that we’re happy to share on the eDiscovery Daily blog.  Enjoy!  And, BTW, Happy Birthday to my beautiful wife Paige! – Doug

Tom’s overview is split into four parts, so we’ll cover each part separately.  The first part was last Thursday and the second part was Monday, here’s the third part.

Google Vault and the Emphasis of Android Devices

During the same time period as when Google TakeOut hit the market, Google also created Google Vault in 2012, their web tool for preservation of data in the Google Suite. It’s easy and inexpensive but only covers some email archiving, searching, and exporting capabilities for Gmail. Unlike iOS however it has 3rd party add-ons that can securely archive Gmail messages, Gmail Notes, Appointments and some Calendar Items.

A Gartner review of many of these products notes how they quickly and easily integrate with Google Apps to make up for the deficiencies in Vault and allows archived data to be stored into one unified message archive. Some of them even can search, publish, and perform eDiscovery from the archive, which is in one central location.

So perhaps not the quick and easy solution offered by iTunes or iOS backup and, like O365, based on a web archive. But still a relatively easy and to create archives and now given the arrival of Google One, a variety of methods exist for handling Android smartphone data.

Why is all this emphasis on Android phones important? As I noted in the Introduction, it’s because Android market share is now bigger than Apple everywhere in the world. Again, while Apple iOS holds a large share of the smartphone operating systems’ market within the United States, Google Android remains the market leader with a 51.8% share as of September 2019.  Worldwide, Android has a 76% market share with iOS far behind at 22%. (Source, IDC Nov 2019)  Clearly, you’re not only as likely to need to preserve Android devices as you are iPhones, you’re more likely, possibly much more likely, to need to do so.

Apple, of course, registers strongly in actual smartphone sales because they sell the phone AND the operating system unlike Android systems which are fragmented among multiple phone manufacturers. But even here, Apple is not the market leader. Although their share of smartphone users in the US has risen roughly 20% since early 2012 and stood at 42% in Q3 2019, the combination of all Android phones at that time was 47%, led by Samsung with 25%. And that Apple growth surge in the United States goes against a global trend that has seen their market share of smartphone shipments drop to around 10 percent.

Samsung, known for consumer products worldwide including mobile devices and home entertainment systems, is the global leading smartphone vendor. Since 2012, the South Korean company has held a share of 20 to 30 percent in the smartphone market. In 2018, they shipped more than 292 million smartphones worldwide and by the third quarter of 2019, Samsung’s global market share was 21.8%.

Apple is not one to take these statistics lightly and is responding with a new cheap phone. Channel manufacturers, reported to be Hon Hai Precision Industry, Pegatron Corp. and Wistron Corp, are currently preparing their production lines and planning to start mass production next month with an official release expected in March.

A cheaper offering may help Apple compete better in price-competitive phone markets such as India and China. India, in particular, presents a substantial challenge for Apple which has a high number of Android rivals coming in at prices less than $200.  Still, Apple has set a goal of shipping more than 200 million units in 2020 and recovering some of that lost market share.

We’ll publish Part 4 – Conclusions – on Friday.

So, what do you think?  Are you having to increasingly address issues associated with mobile device discovery?  As always, please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.