Mobile Devices

The Risks and Benefits of Ephemeral Messages

What are Ephemeral Messages?

In the corporate world, Gmail, Microsoft Teams, and Slack are the most common forms of communication. Though these platforms are traditional and efficient, they create privacy and storage challenges. Ephemeral messages counteract these issues by disappearing shortly after the recipient has read the message. [1]

Platforms with disappearing messages:

  • Snapchat
  • Signal
  • Wickr
  • Cover Me
  • Confide
  • Telegram
  • Hash
  • WhatsApp
  • DingTalk

Court Cases Involving Ephemeral Messaging

  • Waymo, LLC v. Uber Technologies, Inc.: In this trade secrets case, Uber’s usage of Wickr and Telegram became a discovery headache. The judge granted both parties the opportunity to argue for or against the relevance of the messages. Thus, the case’s focus shifted from trade secrets to unrecoverable conversations. [2]
  • WeRide Corp v. Huang: After the defendant was accused of intellectual property theft, they took several measures to destroy communication evidence. One of those measures included communicating through DingTalk after the preliminary injunction. Since the messages were destroyed and post-injunction, terminating sanctions were issued. [3]
  • Herzig v. Arkansas Foundation for Medical Care, Inc.: In this age discrimination case, the plaintiffs started using Signal after receiving preservation orders. The judge noted that the plaintiffs manually configured the deletion settings; thus, the case was dismissed for intentional spoliation. [4]

Weighing the Risks and Benefits

Through automated deletion, ephemeral messaging apps eliminate issues concerning data volume. Smaller amounts of data provide greater security from data leaks and reductions in storage costs. Despite these benefits, ephemeral messages are a risky form of communication because they increase the likelihood of spoliation. [5] Spoliation sanctions can range from monetary payments to case dismissal. [6]

Best Practices for Preservation

  • Automated deletion settings should be shut off as soon as a complaint is filed.
  • Create comprehensive policies on managing ephemeral messages. These policies should outline legitimate reasons for the app’s usage, retention information, and destruction guidelines.
  • Train employees on ephemeral messaging etiquette in the workplace.
  • Monitor and document company usage of ephemeral messaging apps. [7]

[1] Dennis Kiker, “Now you see it, now you don’t: Ephemeral messaging may lead to sanctions,” DLA Piper, June 8, 2020, https://www.dlapiper.com/en/us/insights/publications/2020/06/now-you-see-it-now-you-dont-ephemeral-messaging-may-lead-to-sanctions/

[2] Robert M. Wilkins, “Client Litigation Risks When Using Ephemeral Messaging Apps,” Jones Foster, March 5, 2020, https://jonesfoster.com/our-perspective/pbcba-messaging-app-article

[3] Philip Favro, “INSIGHT: California Case Offers Warnings on Ephemeral Messaging,” Bloomberg Law, June 1, 2020, https://news.bloomberglaw.com/esg/insight-california-case-offers-warnings-on-ephemeral-messaging

[4] Scott Sakiyama, “This Message Will Self-Destruct in 5 Seconds,” Corporate Compliance Insights, March 26, 2020, https://www.corporatecomplianceinsights.com/self-destruct-ephemeral-messaging/

[5] Rebecca Cronin, “A Lawyer’s Guide to Ephemeral Messaging,” JD Supra, May 18, 2021, https://www.jdsupra.com/legalnews/a-lawyer-s-guide-to-ephemeral-messaging-4360652/

[6] Michael W. Mitchell and Edward Roche, “Lessons Learned: Destroying Relevant Evidence Can Be Catastrophic in Litigation,” Smith Anderson, https://www.smithlaw.com/resources-publications-1673

[7] Thomas J. Kelly, “The Rise of Ephemeral Messaging Apps in the Business Word,” National Law Review, April 23, 2019, https://www.natlawreview.com/article/rise-ephemeral-messaging-apps-business-world

Problems and Solutions for Slack Discovery

The Discoverability of Slack

As people turned to remote work in 2020, collaboration apps became a prevalent form of communication. Slack was so popular that some considered it to be the “new email.” Though some legal teams refute its discoverability, the FRCP intentionally established a broad definition of ESI to accommodate new data types. From corporate files to humorous GIFS and standard channel messages, Slack is a medium for large quantities of information. Thus, the application fits the requirements for discoverable digital evidence.[1] Accessing and producing that information, however, can present several challenges.

Production Problems

  1. Hundreds of Slack messages are sent every day.

Medium and large-scale corporations with active Slack users easily send over 100,000 Slack messages per month. Additionally, Slack generates a new file per day for each channel. Examinations of big data are slow and expensive. By proactively identifying specific channels to preserve, litigants can reduce production costs and time.[2]

  1. Slack is only one of many hosts for decentralized communications.

Nowadays, a single conversation can span multiple platforms. For example, if an employee asks their boss a question through email, they may hold a Zoom meeting to discuss it. After the Zoom meeting, they might use Slack to address any follow-up questions. Since the conversation was spread out, the snippet captured on Slack will lack the full context.

  1. Deciphering Slack exports can be difficult.

Slack messages are exported through JSON files, a format that’s a bit hard to understand. Additionally, the files don’t visually display media such as emojis and GIFS. In response to this problem, legal teams may opt to use screenshots as an alternative production method. However, the application only allows users to view and sort through the most recent 10,000 messages.[3]

Tips to Keep in Mind

  • Educate your employees or legal team about Slack’s retention policies.
  • If possible, consider upgrading to Slack’s premium version so that there is no message history limit.
  • Find an eDiscovery solution that will export Slack data in a thorough and understandable format.
  • Avoid preserving unneeded data by identifying which channels are more important than others.[4]

 

[1] Peter Callaghan, “Is Slack Content Discoverable? Yes It (Definitely) Is,” Pagefreezer, https://blog.pagefreezer.com/slack-content-is-discoverable

[2] Matthew Verga, “Discovery from Slack: It’s Complicated,” Xact Data Discovery, June 19, 2020, https://xactdatadiscovery.com/articles/discovery-from-slack-its-complicated/

[3] James Murphy, “The Shark in the Wave: Revealing the Lurking Danger of Slack Data,” Corporate Compliance Insights, June 17, 2019, https://www.corporatecomplianceinsights.com/the-shark-in-the-wave-revealing-the-lurking-danger-of-slack-data/

[4] James Murphy, “The Shark in the Wave: Revealing the Lurking Danger of Slack Data.”

Despite Estimate of 37 Years to Crack iPhone, Government Doesn’t Have to Return it – Yet: eDiscovery Case Law

Tired of stories about COVID-19?  So are we.  So, here’s an interesting case to take a look at instead.  :o)

In U.S. v. Morgan, No. 1:18-CR-00108 EAW (W.D.N.Y. March 6, 2020), New York District Judge Elizabeth A. Wolford denied the defendant’s Motion for Return of Property Under Federal Rule of Criminal Procedure 41(g), ruling that “[t]he government’s evidentiary interest in the [defendant’s] iPhone outweighs Defendant’s interest in its return, at least at this stage of the proceedings”.

Case Background

In this case involving a Superseding Indictment alleging conspiracy to commit wire fraud and bank fraud served on this defendant on May 21. 2019, a search warrant over a year earlier was issued for Morgan Management, LLC, which included search and seizure of “multiple servers, computers or storage media … including but not limited to … devices … associated with … Robert Morgan.”  Later the same month that the search warrant was issued, a 62-count indictment was returned against other defendants, but Robert Morgan was not initially named in the indictment.

Nonetheless, sometime in May of 2018, the government started to try to crack the defendant’s iPhone’s passcode, using a device called “GrayKey”, which uses “brute force” to try and access the iPhone, a process by which a computer program enters potential passcodes seriatim until the correct passcode is revealed.  A six-digit passcode yields 1,000,000 potential passcode combinations, but the iPhone’s hardware only allows two or three passcode attempts each hour.  Even though this defendant wasn’t charged until a year later, GrayKey’s “painstaking” efforts to unlock the iPhone continued, with “a mere 960,526 possible passcodes” remaining as of January 9, 2020.  As a result, on January 2, 2020, the defendant filed a Motion for Return of Property Under Federal Rule of Criminal Procedure 41(g).

While the government argued that it was the defendant’s burden to show that either the seizure was illegal or the government’s need for the device as evidence has ended, the defendant argued that regardless of the government’s stated need for the property, it was unreasonable for the government to continue its retention of the iPhone.

Judge’s Ruling

Judge Wolford noted that “Rule 41(g) allows ‘[a] person aggrieved by an unlawful search and seizure of property or by the deprivation of property [to] move for the property’s return…. If it grants the motion, the court must return the property to the movant, but may impose reasonable conditions to protect access to the property and its use in later proceedings.’”  But she also noted that “Defendant does not argue that the government’s continued possession of the iPhone and its efforts to access it constitute an untimely seizure. Instead, Defendant argues that his interest in his iPhone and the information contained therein exceeds the government’s interest in the device, and thus, the Court should order its return.”

With that in mind, after a review of the history of Rule 41(g), Judge Wolford stated: “Defendant argues that at its current pace, it may take the government 37 years to successfully unlock the iPhone. The Court agrees that anywhere close to 37 years is an unreasonable time to retain the iPhone. This does not mean, though, that the government should be compelled to return it now. The government suggests that if it is successful, the contents of the iPhone could still be used at trial, regardless of when the contents are eventually accessed. At this stage of the proceedings—with a trial not scheduled to commence until next year…the Court agrees that there is still plenty of time for the government to access the iPhone’s contents. In the context of the current motion, the Court will not resolve whether that may cease to be the case as the trial date approaches. Indeed, the question of specifically how long the government can retain the device is not before this Court. There may very well come a point where the government’s retention of the iPhone is unreasonable—and that may be a time when the government continues to maintain that it needs the iPhone as evidence—but that date has not yet occurred.”  As a result, Judge Wolford denied the defendant’s motion.

So, what do you think?  How long can the government be allowed to retain a device to attempt to crack the password in a criminal litigation case?  Please let us know if any comments you might have or if you’d like to know more about a particular topic.

Case opinion link courtesy of eDiscovery Assistant.

Here’s another interesting article about this case from David Horrigan of Relativity on Legaltech® News!

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Mobile Collection: It’s Not Just for iPhones Anymore, Part Four

Editor’s Note: Tom O’Connor is a nationally known consultant, speaker, and writer in the field of computerized litigation support systems.  He has also been a great addition to our webinar program, participating with me on several recent webinars.  Tom has also written several terrific informational overview series for CloudNine, including his most recent one, DOS and DON’TS of a 30(b)(6) Witness Deposition.  Now, Tom has written another terrific overview regarding mobile device collection titled Mobile Collection: It’s Not Just for iPhones Anymore that we’re happy to share on the eDiscovery Daily blog.  Enjoy! – Doug

Tom’s overview is split into four parts, so we’ll cover each part separately.  The first part was last Thursday, the second part was Monday and the third part was Wednesday, here’s the fourth and final part.

Conclusions

So, when you think of smart phone collection be sure to ask what OS you going to encounter.  Android phones are market leaders both here in the US and worldwide and offer corporate archiving solutions that are second to none. Your litigation opponent might actually have the droid you are looking for.

And, why is that important?  Because we’re seeing more cases where mobile device data is relevant than ever.  As I mentioned in my Millennials series last summer, Americans send about 8.5 billion texts every day!  Texts and other mobile data are routinely relevant in just about every type of litigation case.

And, we’re certainly seeing more cases where mobile device data is figuring prominently in court rulings.  Here are some cases covered by eDiscovery Daily in just the past year regarding mobile devices and (in some cases) consideration of sanctions for failing to preserve mobile device data:

The good news is that you’ve now learned about some terrific resources to preserve that mobile device data and hopefully avoid sanctions in your own cases, regardless of whether the device is Apple or Android.

So, what do you think?  Are you having to increasingly address issues associated with mobile device discovery?  As always, please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Mobile Collection: It’s Not Just for iPhones Anymore, Part Three

Editor’s Note: Tom O’Connor is a nationally known consultant, speaker, and writer in the field of computerized litigation support systems.  He has also been a great addition to our webinar program, participating with me on several recent webinars.  Tom has also written several terrific informational overview series for CloudNine, including his most recent one, DOS and DON’TS of a 30(b)(6) Witness Deposition.  Now, Tom has written another terrific overview regarding mobile device collection titled Mobile Collection: It’s Not Just for iPhones Anymore that we’re happy to share on the eDiscovery Daily blog.  Enjoy!  And, BTW, Happy Birthday to my beautiful wife Paige! – Doug

Tom’s overview is split into four parts, so we’ll cover each part separately.  The first part was last Thursday and the second part was Monday, here’s the third part.

Google Vault and the Emphasis of Android Devices

During the same time period as when Google TakeOut hit the market, Google also created Google Vault in 2012, their web tool for preservation of data in the Google Suite. It’s easy and inexpensive but only covers some email archiving, searching, and exporting capabilities for Gmail. Unlike iOS however it has 3rd party add-ons that can securely archive Gmail messages, Gmail Notes, Appointments and some Calendar Items.

A Gartner review of many of these products notes how they quickly and easily integrate with Google Apps to make up for the deficiencies in Vault and allows archived data to be stored into one unified message archive. Some of them even can search, publish, and perform eDiscovery from the archive, which is in one central location.

So perhaps not the quick and easy solution offered by iTunes or iOS backup and, like O365, based on a web archive. But still a relatively easy and to create archives and now given the arrival of Google One, a variety of methods exist for handling Android smartphone data.

Why is all this emphasis on Android phones important? As I noted in the Introduction, it’s because Android market share is now bigger than Apple everywhere in the world. Again, while Apple iOS holds a large share of the smartphone operating systems’ market within the United States, Google Android remains the market leader with a 51.8% share as of September 2019.  Worldwide, Android has a 76% market share with iOS far behind at 22%. (Source, IDC Nov 2019)  Clearly, you’re not only as likely to need to preserve Android devices as you are iPhones, you’re more likely, possibly much more likely, to need to do so.

Apple, of course, registers strongly in actual smartphone sales because they sell the phone AND the operating system unlike Android systems which are fragmented among multiple phone manufacturers. But even here, Apple is not the market leader. Although their share of smartphone users in the US has risen roughly 20% since early 2012 and stood at 42% in Q3 2019, the combination of all Android phones at that time was 47%, led by Samsung with 25%. And that Apple growth surge in the United States goes against a global trend that has seen their market share of smartphone shipments drop to around 10 percent.

Samsung, known for consumer products worldwide including mobile devices and home entertainment systems, is the global leading smartphone vendor. Since 2012, the South Korean company has held a share of 20 to 30 percent in the smartphone market. In 2018, they shipped more than 292 million smartphones worldwide and by the third quarter of 2019, Samsung’s global market share was 21.8%.

Apple is not one to take these statistics lightly and is responding with a new cheap phone. Channel manufacturers, reported to be Hon Hai Precision Industry, Pegatron Corp. and Wistron Corp, are currently preparing their production lines and planning to start mass production next month with an official release expected in March.

A cheaper offering may help Apple compete better in price-competitive phone markets such as India and China. India, in particular, presents a substantial challenge for Apple which has a high number of Android rivals coming in at prices less than $200.  Still, Apple has set a goal of shipping more than 200 million units in 2020 and recovering some of that lost market share.

We’ll publish Part 4 – Conclusions – on Friday.

So, what do you think?  Are you having to increasingly address issues associated with mobile device discovery?  As always, please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Mobile Collection: It’s Not Just for iPhones Anymore, Part Two

Editor’s Note: Tom O’Connor is a nationally known consultant, speaker, and writer in the field of computerized litigation support systems.  He has also been a great addition to our webinar program, participating with me on several recent webinars.  Tom has also written several terrific informational overview series for CloudNine, including his most recent one, DOS and DON’TS of a 30(b)(6) Witness Deposition.  Now, Tom has written another terrific overview regarding mobile device collection titled Mobile Collection: It’s Not Just for iPhones Anymore that we’re happy to share on the eDiscovery Daily blog.  Enjoy! – Doug

Tom’s overview is split into four parts, so we’ll cover each part separately.  The first part was last Thursday, here’s the second part.

Mobile Collection and Preservation, Courtesy of Craig Ball

As I mentioned in the Introduction, Craig Ball has provided a lot of terrific information regarding preservation and collection of data from mobile devices.  These are terrific resources that everyone who deals with discovery of mobile devices should be aware of.  His original discussion about preservation of cell phone data was a 2017 article called Custodian-Directed Preservation of iPhone Content: Simple. Scalable. Proportional and, as the title denotes, dealt with iPhones. It proposed a wonderfully simple way to preserve iPhone data using iTunes. Although it did not preserve email, content from iTunes or iBooks, some data stored in iCloud and data from Apple Pay, Activity, Health or Keychain. Additionally, it offered several advantages in Craig’s mind to an iCloud backup, primarily that it took less time and you could choose not to encrypt the backup.

I disagreed with the last point but it’s a minor quibble and not worth discussing here because, well, all good things must come to an end and Apple last year decided to end iTunes. So Craig wrote another article entitled How Will We Back Up iPhones Without iTunes? in which he noted the good thing that ended had morphed into a better thing. As he explained, “In fact, preserving iPhones may be easier for Mac users as Apple is shifting the backup tool into the Finder app.  You’ll do exactly the same thing I wrote about but Mac users with Catalina won’t even need to use iTunes to preserve mobile evidence.  It’ll be built in.”

In between those two articles, Craig also wrote a piece called Mobile to the Mainstream which discussed all the various data types on a smart phone and provided a Mobile Evidence Scorecard, which rated the data types by ease of collection, ease of review, potential relevance and whether they should be part of a routine backup collection process. Everyone should have this card.  Here is a representation of it, split into a front and back section.

And, last but not least, Craig compiled all of his accumulated wisdom about mobile evidence (well, iPhone mobile evidence) into a white paper called Mobile to the Mainstream: Preservation and Extraction of iOS Content for E-Discovery. I should note that the title violated one of Craigs most often discussed issues with searching ESI.  But search is also a topic for another day.

Craig finally turned to Androids last fall. Although that was actually not his first mention of the “other” OS, that came in a 2015 paper Opportunities and Obstacles: E-Discovery from Mobile DevicesBut a column in this venue pointed out the most recent advances in Android collection.

Called Craig Ball is “That Guy” Who Keeps Us Up to Date on Mobile eDiscovery Trends: eDiscovery Best Practices, Doug Austin noted how Craig discussed Google’s recently expanded offering of “cheap-and-easy” online backup of Android phones, including SMS and MMS messaging, photos, video, contacts, documents, app data and more.  In that discussion, Craig stated: “This is a leap forward for all obliged to place a litigation hold on the contents of Android phones — a process heretofore unreasonably expensive and insufficiently scalable for e-discovery workflows.  There just weren’t good ways to facilitate defensible, custodial-directed preservation of Android phone content.  Instead, you had to take phones away from users and have a technical expert image them one-by-one.”

Now as a character in the movie Independence Day once said …. “that’s not ENTIRELY correct.” Craig was referring to Google One, the recent addition intended to improve archiving capabilities.  But as Google notes on their own website. “We’ve taken the standard Android backup (my emphasis added) that includes texts, contacts, and apps and we’re giving you even more.”

The new automatic phone backup also addresses photos, videos, and multimedia messages (MMS) and it can all be done from a Google One app.

But backups did exist before this. Craig himself mentions Google TakeOut, which has long allowed users of Google products, such as YouTube and Gmail, to export their data to a downloadable archive file. Started with some basic services in 2011, TakeOut expanded to include Gmail and Google Calendar in 2013. By 2016, Google had grown the service to include search history and Wallet details and since then, they have also added Google Hangouts to the Takeout service. In all cases, TakeOut does not delete user data automatically after exporting.

We’ll publish Part 3 – Google Vault and the Emphasis of Android Devices – on Wednesday.

So, what do you think?  Are you having to increasingly address issues associated with mobile device discovery?  As always, please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Mobile Collection: It’s Not Just for iPhones Anymore

Editor’s Note: Tom O’Connor is a nationally known consultant, speaker, and writer in the field of computerized litigation support systems.  He has also been a great addition to our webinar program, participating with me on several recent webinars.  Tom has also written several terrific informational overview series for CloudNine, including his most recent one, DOS and DON’TS of a 30(b)(6) Witness Deposition.  Now, Tom has written another terrific overview regarding mobile device collection titled Mobile Collection: It’s Not Just for iPhones Anymore that we’re happy to share on the eDiscovery Daily blog.  Enjoy! – Doug

Tom’s overview is split into four parts, so we’ll cover each part separately.  Here’s the first part.

Introduction

Most of the talk about retrieving data from mobile devices has centered on iPhones and other Apple devices.  And no small reason for that is that most of the discussion on the topic has come from Craig Ball, who is, like many attorneys, an Apple guy.

But, iPhones are not the only mobile devices for which data collection is necessary.  In fact, they’re not even the most popular devices – by far.  Android market share is now bigger than Apple everywhere in the world. Although Apple iOS holds a large share of the smartphone operating systems’ market within the United States, Google Android remains the market leader with a 51.8% share as of September 2019.  Worldwide, Android has a 76% market share with iOS far behind at 22% (Source, IDC Nov 2019)

So, you’re just as likely – even more likely – to need to collect data from Android devices than from Apple devices, especially outside the US.

With that in mind, in this paper, we will take a look at mobile device collection topics, including:

  1. Mobile Collection and Preservation, Courtesy of Craig Ball
  2. Google Vault and the Emphasis of Android Devices
  3. Conclusions

We’ll publish Part 2 – Mobile Collection and Preservation, Courtesy of Craig Ball – next Monday.

So, what do you think?  Are you having to increasingly address issues associated with mobile device discovery?  As always, please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Here’s Why Whether Apple Provides a Backdoor to iPhones May Not Matter: Data Privacy Trends

Last week, we covered the government’s latest attempt (and Apple’s resistance) to get Apple to assist in unlocking the iPhones of a mass shooter – this time, with regard to password-protected iPhones used by Mohammed Saeed Alshamrani, who is suspected of killing three people last month in a shooting at a Navy base in Pensacola, Florida.  Ultimately, however, it may not matter whether Apple helps the government or not.

According to Business Insider (The Justice Department is demanding that Apple make it easier to unlock suspects’ iPhones, but experts say it can do that without Apple’s cooperation. Here’s how., written by Aaron Holmes), according to cybersecurity experts, new technologies have made it even easier for investigators to crack locked iPhones, even without help from Apple.

Last week, Attorney General William Barr said during a press conference on Monday that Apple had not helped the FBI crack into the password-protected iPhones used by Alshamrani.

“We have asked Apple for their help in unlocking the shooter’s iPhones. So far Apple has not given us any substantive assistance,” Barr said, next to a poster with a picture of the iPhones. “This situation perfectly illustrates why it is critical that investigators be able to get access to digital evidence once they have obtained a court order based on probable cause.”

For their part, Apple disputed Barr’s assessment that it has failed to provide law enforcement with “substantive assistance” in unlocking the password-protected iPhones used by the shooting suspect at a Navy base in Pensacola, Florida, last month, but still refused his main request to provide a backdoor.  Apple stated it “produced a wide variety of information associated with the investigation” after the FBI’s initial request on Dec. 6. The company said it provided “gigabytes of information” including “iCloud backups, account information and transactional data for multiple accounts” in response to further requests that month.

“We have always maintained there is no such thing as a backdoor just for the good guys,” Apple said in a statement. “Backdoors can also be exploited by those who threaten our national security and the data security of our customers. Today, law enforcement has access to more data than ever before in history, so Americans do not have to choose between weakening encryption and solving investigations. We feel strongly encryption is vital to protecting our country and our users’ data.”

In an interview with Business Insider, Chris Howell, CTO of Wickr said he understood why Apple wouldn’t intentionally build a backdoor into the iPhone as the FBI has requested.

“As a technologist I can tell you that there is no security mechanism that can discriminate between a hacker trying to crack it and a law enforcement officer trying to do the same thing. Either we secure it or we don’t, it’s that simple.”

However, according to The Wall Street Journal, the cybersecurity company Grayshift sells an iPhone hacking device for $15,000, and Israel’s Cellebrite sells a similar device.  Tech companies are constantly trying to develop more secure devices and platforms to win costumers’ trust, and are therefore reticent to build backdoors that would easily crack encrypted services. Similarly, companies like Grayshift and Cellebrite are constantly honing methods of cracking devices, which are kept secret.

The iPhone was long seen as uncrackable, but recent advances have changed that — one county in Georgia that purchased a Grayshift device was able to crack 300 phones in one year, The Wall Street Journal reported.

One commenter to our post last week stated “if I was a terrorist I’d throw away my iPhoneX and get an iPhone 11”.  Staying ahead of crackers and hackers seems to be a continual battle that device managers and website providers face daily.  And, if we think this issue only applies to discovery of devices in cases involving mass shooters, it could easily apply to discovery in any type of case today where a custodian of a device has something to hide.  Like this Fifth Amendment case that we covered last year and will discuss in our webcast on January 29.

So, what do you think?  Should companies like Apple and Facebook provide backdoor access to their encrypted technology to investigators?  Or are there bigger privacy concerns at play here?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Apple Battling with the Government Again Over Breaking iPhone Encryption of Mass Shooters: Data Privacy Trends

Remember back in 2016 when Apple with in a court battle with the Department of Justice over giving investigators access to encrypted data on the iPhone used by one of the San Bernardino shooters?  That was back in 2016 and we covered it here, here and here – that situation was resolved when the DOJ indicated that the FBI was able to retrieve the data with help from an “unnamed third party”.  Now, Apple is in a new dispute with the government again over the same issue.

According to CNBC (Attorney General William Barr says Apple is not helping unlock iPhones used by alleged Pensacola shooter, written by Kif Leswing), Attorney General William Barr said during a press conference on Monday that Apple had not helped the FBI crack into password-protected iPhones used by Mohammed Saeed Alshamrani, who is suspected of killing three people last month in a shooting at a Navy base in Pensacola, Florida.

“We have asked Apple for their help in unlocking the shooter’s iPhones. So far Apple has not given us any substantive assistance,” Barr said, next to a poster with a picture of the iPhones. “This situation perfectly illustrates why it is critical that investigators be able to get access to digital evidence once they have obtained a court order based on probable cause.”

“We call on Apple and other technology companies to help us find a solution so that we can better protect the lives of Americans and prevent future attacks,” he said. Barr has also clashed with Facebook over encrypted messages, which he called “data-in-motion” on Monday.

The comments highlight law enforcement’s frustration with encryption technologies that protect data so that neither Apple nor law enforcement can easily read it.  They also preview future clashes between technology companies and governments over whether to build “back doors” that would allow law enforcement elevated access to private data to solve crimes like terrorism.

On Tuesday (as covered by CNBC here), Apple disputed Barr’s assessment that it has failed to provide law enforcement with “substantive assistance” in unlocking the password-protected iPhones used by the shooting suspect at a Navy base in Pensacola, Florida, last month, but still refused his main request to provide a backdoor.

Apple said it “produced a wide variety of information associated with the investigation” after the FBI’s initial request on Dec. 6. The company said it provided “gigabytes of information” including “iCloud backups, account information and transactional data for multiple accounts” in response to further requests that month.

“We have always maintained there is no such thing as a backdoor just for the good guys,” Apple said in its latest statement. “Backdoors can also be exploited by those who threaten our national security and the data security of our customers. Today, law enforcement has access to more data than ever before in history, so Americans do not have to choose between weakening encryption and solving investigations. We feel strongly encryption is vital to protecting our country and our users’ data.”

Apple made a similar point at a congressional hearing in December as senators threatened regulation if tech companies could not figure out a way to work with law enforcement to legally access encrypted devices and messages. A Facebook representative also attended the hearing, defending the company’s plans to make its entire private messaging system end-to-end encryption, which law enforcement fear will make it harder for them to track down instances of child exploitation, as they do now.

I expected we would see another dispute between Apple (or other provider) and the government, along the lines of the San Bernardino shooter case – surprised it took this long.  Maybe it’s time for the AG’s office to solicit the assistance of an “unnamed third party”… ;o)

So, what do you think?  Should companies like Apple and Facebook provide backdoor access to their encrypted technology to investigators?  Or are there bigger privacy concerns at play here?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Court Infers Bad Faith for Plaintiffs Use of Ephemeral Messaging App: eDiscovery Case Law

We’re catching up on notable cases from earlier in the year.  Here’s one that’s notable regarding the use of ephemeral messaging and spoliation sanctions.

In Herzig v. Arkansas Foundation for Medical Care, Inc., No. 2:18-CV-02101 (W.D. Ark. July 3, 2019), Arkansas District Judge P.K. Holmes, III indicated his belief that the use and “necessity of manually configuring [the messaging app] Signal to delete text communications” on the part of the plaintiffs was “intentional and done in bad faith”.  However, Judge Holmes declined to consider appropriate sanctions, ruling that “in light of the [defendant’s] motion for summary judgment, Herzig and Martin’s case can and will be dismissed on the merits.”

Case Background

In this case where the plaintiffs alleged unlawful termination due to age discrimination, the parties conferred and agreed that the defendant might request data from the plaintiffs’ mobile phones and that the parties had taken reasonable measures to preserve potentially discoverable data from alteration or destruction.  In July 2018, the defendant served requests for production on the plaintiffs and, in September 2018, Plaintiffs Brian Herzig and Neal Martin produced screenshots of parts of text message conversations from Martin’s mobile phone, including communications between Herzig and Martin, but nothing more recent than August 20, 2018, even after a motion to compel.

After the August production, Martin installed the application Signal (which allows users to send and receive encrypted text messages accessible only to sender and recipient, and to change settings to automatically delete these messages after a short period of time) on his phone.  Herzig had done so while working at the defendant.  Herzig and Martin set the application to delete their communications and, as a result, disclosed no additional text messages to the defendant, which was unaware of their continued communication using Signal until Herzig disclosed it in his deposition near the end of the discovery period.  The defendant filed a motion for dismissal or adverse inference on the basis of spoliation.

Judge’s Ruling

In assessing the defendant’s motion, Judge Holmes stated that “Herzig and Martin had numerous responsive communications with one another and with other AFMC employees prior to responding to the requests for production on August 22, 2018 and producing only some of those responsive communications on September 4, 2018. They remained reluctant to produce additional communications, doing so only after AFMC’s motion to compel. Thereafter, Herzig and Martin did not disclose that they had switched to using a communication application designed to disguise and destroy communications until discovery was nearly complete. Based on the content of Herzig and Martin’s earlier communications, which was responsive to the requests for production, and their reluctance to produce those communications, the Court infers that the content of their later communications using Signal were responsive to AFMC’s requests for production. Based on Herzig and Martin’s familiarity with information technology, their reluctance to produce responsive communications, the initial misleading response from Martin that he had no responsive communications, their knowledge that they must retain and produce discoverable evidence, and the necessity of manually configuring Signal to delete text communications, the Court believes that the decision to withhold and destroy those likely-responsive communications was intentional and done in bad faith.”

However, Judge Holmes also stated: “This intentional, bad-faith spoliation of evidence was an abuse of the judicial process and warrants a sanction. The Court need not consider whether dismissal, an adverse inference, or some lesser sanction is the appropriate one, however, because in light of the motion for summary judgment, Herzig and Martin’s case can and will be dismissed on the merits.”  As a result, the requested sanctions were denied as moot.

So, what do you think?  Should use of an ephemeral messaging app when a duty to preserve attaches lead to significant sanctions?  Please let us know if any comments you might have or if you’d like to know more about a particular topic.

Case opinion link courtesy of eDiscovery Assistant.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.