Mobile Devices

Mobile Collection: It’s Not Just for iPhones Anymore, Part Four

Editor’s Note: Tom O’Connor is a nationally known consultant, speaker, and writer in the field of computerized litigation support systems.  He has also been a great addition to our webinar program, participating with me on several recent webinars.  Tom has also written several terrific informational overview series for CloudNine, including his most recent one, DOS and DON’TS of a 30(b)(6) Witness Deposition.  Now, Tom has written another terrific overview regarding mobile device collection titled Mobile Collection: It’s Not Just for iPhones Anymore that we’re happy to share on the eDiscovery Daily blog.  Enjoy! – Doug

Tom’s overview is split into four parts, so we’ll cover each part separately.  The first part was last Thursday, the second part was Monday and the third part was Wednesday, here’s the fourth and final part.

Conclusions

So, when you think of smart phone collection be sure to ask what OS you going to encounter.  Android phones are market leaders both here in the US and worldwide and offer corporate archiving solutions that are second to none. Your litigation opponent might actually have the droid you are looking for.

And, why is that important?  Because we’re seeing more cases where mobile device data is relevant than ever.  As I mentioned in my Millennials series last summer, Americans send about 8.5 billion texts every day!  Texts and other mobile data are routinely relevant in just about every type of litigation case.

And, we’re certainly seeing more cases where mobile device data is figuring prominently in court rulings.  Here are some cases covered by eDiscovery Daily in just the past year regarding mobile devices and (in some cases) consideration of sanctions for failing to preserve mobile device data:

The good news is that you’ve now learned about some terrific resources to preserve that mobile device data and hopefully avoid sanctions in your own cases, regardless of whether the device is Apple or Android.

So, what do you think?  Are you having to increasingly address issues associated with mobile device discovery?  As always, please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Mobile Collection: It’s Not Just for iPhones Anymore, Part Three

Editor’s Note: Tom O’Connor is a nationally known consultant, speaker, and writer in the field of computerized litigation support systems.  He has also been a great addition to our webinar program, participating with me on several recent webinars.  Tom has also written several terrific informational overview series for CloudNine, including his most recent one, DOS and DON’TS of a 30(b)(6) Witness Deposition.  Now, Tom has written another terrific overview regarding mobile device collection titled Mobile Collection: It’s Not Just for iPhones Anymore that we’re happy to share on the eDiscovery Daily blog.  Enjoy!  And, BTW, Happy Birthday to my beautiful wife Paige! – Doug

Tom’s overview is split into four parts, so we’ll cover each part separately.  The first part was last Thursday and the second part was Monday, here’s the third part.

Google Vault and the Emphasis of Android Devices

During the same time period as when Google TakeOut hit the market, Google also created Google Vault in 2012, their web tool for preservation of data in the Google Suite. It’s easy and inexpensive but only covers some email archiving, searching, and exporting capabilities for Gmail. Unlike iOS however it has 3rd party add-ons that can securely archive Gmail messages, Gmail Notes, Appointments and some Calendar Items.

A Gartner review of many of these products notes how they quickly and easily integrate with Google Apps to make up for the deficiencies in Vault and allows archived data to be stored into one unified message archive. Some of them even can search, publish, and perform eDiscovery from the archive, which is in one central location.

So perhaps not the quick and easy solution offered by iTunes or iOS backup and, like O365, based on a web archive. But still a relatively easy and to create archives and now given the arrival of Google One, a variety of methods exist for handling Android smartphone data.

Why is all this emphasis on Android phones important? As I noted in the Introduction, it’s because Android market share is now bigger than Apple everywhere in the world. Again, while Apple iOS holds a large share of the smartphone operating systems’ market within the United States, Google Android remains the market leader with a 51.8% share as of September 2019.  Worldwide, Android has a 76% market share with iOS far behind at 22%. (Source, IDC Nov 2019)  Clearly, you’re not only as likely to need to preserve Android devices as you are iPhones, you’re more likely, possibly much more likely, to need to do so.

Apple, of course, registers strongly in actual smartphone sales because they sell the phone AND the operating system unlike Android systems which are fragmented among multiple phone manufacturers. But even here, Apple is not the market leader. Although their share of smartphone users in the US has risen roughly 20% since early 2012 and stood at 42% in Q3 2019, the combination of all Android phones at that time was 47%, led by Samsung with 25%. And that Apple growth surge in the United States goes against a global trend that has seen their market share of smartphone shipments drop to around 10 percent.

Samsung, known for consumer products worldwide including mobile devices and home entertainment systems, is the global leading smartphone vendor. Since 2012, the South Korean company has held a share of 20 to 30 percent in the smartphone market. In 2018, they shipped more than 292 million smartphones worldwide and by the third quarter of 2019, Samsung’s global market share was 21.8%.

Apple is not one to take these statistics lightly and is responding with a new cheap phone. Channel manufacturers, reported to be Hon Hai Precision Industry, Pegatron Corp. and Wistron Corp, are currently preparing their production lines and planning to start mass production next month with an official release expected in March.

A cheaper offering may help Apple compete better in price-competitive phone markets such as India and China. India, in particular, presents a substantial challenge for Apple which has a high number of Android rivals coming in at prices less than $200.  Still, Apple has set a goal of shipping more than 200 million units in 2020 and recovering some of that lost market share.

We’ll publish Part 4 – Conclusions – on Friday.

So, what do you think?  Are you having to increasingly address issues associated with mobile device discovery?  As always, please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Mobile Collection: It’s Not Just for iPhones Anymore, Part Two

Editor’s Note: Tom O’Connor is a nationally known consultant, speaker, and writer in the field of computerized litigation support systems.  He has also been a great addition to our webinar program, participating with me on several recent webinars.  Tom has also written several terrific informational overview series for CloudNine, including his most recent one, DOS and DON’TS of a 30(b)(6) Witness Deposition.  Now, Tom has written another terrific overview regarding mobile device collection titled Mobile Collection: It’s Not Just for iPhones Anymore that we’re happy to share on the eDiscovery Daily blog.  Enjoy! – Doug

Tom’s overview is split into four parts, so we’ll cover each part separately.  The first part was last Thursday, here’s the second part.

Mobile Collection and Preservation, Courtesy of Craig Ball

As I mentioned in the Introduction, Craig Ball has provided a lot of terrific information regarding preservation and collection of data from mobile devices.  These are terrific resources that everyone who deals with discovery of mobile devices should be aware of.  His original discussion about preservation of cell phone data was a 2017 article called Custodian-Directed Preservation of iPhone Content: Simple. Scalable. Proportional and, as the title denotes, dealt with iPhones. It proposed a wonderfully simple way to preserve iPhone data using iTunes. Although it did not preserve email, content from iTunes or iBooks, some data stored in iCloud and data from Apple Pay, Activity, Health or Keychain. Additionally, it offered several advantages in Craig’s mind to an iCloud backup, primarily that it took less time and you could choose not to encrypt the backup.

I disagreed with the last point but it’s a minor quibble and not worth discussing here because, well, all good things must come to an end and Apple last year decided to end iTunes. So Craig wrote another article entitled How Will We Back Up iPhones Without iTunes? in which he noted the good thing that ended had morphed into a better thing. As he explained, “In fact, preserving iPhones may be easier for Mac users as Apple is shifting the backup tool into the Finder app.  You’ll do exactly the same thing I wrote about but Mac users with Catalina won’t even need to use iTunes to preserve mobile evidence.  It’ll be built in.”

In between those two articles, Craig also wrote a piece called Mobile to the Mainstream which discussed all the various data types on a smart phone and provided a Mobile Evidence Scorecard, which rated the data types by ease of collection, ease of review, potential relevance and whether they should be part of a routine backup collection process. Everyone should have this card.  Here is a representation of it, split into a front and back section.

And, last but not least, Craig compiled all of his accumulated wisdom about mobile evidence (well, iPhone mobile evidence) into a white paper called Mobile to the Mainstream: Preservation and Extraction of iOS Content for E-Discovery. I should note that the title violated one of Craigs most often discussed issues with searching ESI.  But search is also a topic for another day.

Craig finally turned to Androids last fall. Although that was actually not his first mention of the “other” OS, that came in a 2015 paper Opportunities and Obstacles: E-Discovery from Mobile DevicesBut a column in this venue pointed out the most recent advances in Android collection.

Called Craig Ball is “That Guy” Who Keeps Us Up to Date on Mobile eDiscovery Trends: eDiscovery Best Practices, Doug Austin noted how Craig discussed Google’s recently expanded offering of “cheap-and-easy” online backup of Android phones, including SMS and MMS messaging, photos, video, contacts, documents, app data and more.  In that discussion, Craig stated: “This is a leap forward for all obliged to place a litigation hold on the contents of Android phones — a process heretofore unreasonably expensive and insufficiently scalable for e-discovery workflows.  There just weren’t good ways to facilitate defensible, custodial-directed preservation of Android phone content.  Instead, you had to take phones away from users and have a technical expert image them one-by-one.”

Now as a character in the movie Independence Day once said …. “that’s not ENTIRELY correct.” Craig was referring to Google One, the recent addition intended to improve archiving capabilities.  But as Google notes on their own website. “We’ve taken the standard Android backup (my emphasis added) that includes texts, contacts, and apps and we’re giving you even more.”

The new automatic phone backup also addresses photos, videos, and multimedia messages (MMS) and it can all be done from a Google One app.

But backups did exist before this. Craig himself mentions Google TakeOut, which has long allowed users of Google products, such as YouTube and Gmail, to export their data to a downloadable archive file. Started with some basic services in 2011, TakeOut expanded to include Gmail and Google Calendar in 2013. By 2016, Google had grown the service to include search history and Wallet details and since then, they have also added Google Hangouts to the Takeout service. In all cases, TakeOut does not delete user data automatically after exporting.

We’ll publish Part 3 – Google Vault and the Emphasis of Android Devices – on Wednesday.

So, what do you think?  Are you having to increasingly address issues associated with mobile device discovery?  As always, please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Mobile Collection: It’s Not Just for iPhones Anymore

Editor’s Note: Tom O’Connor is a nationally known consultant, speaker, and writer in the field of computerized litigation support systems.  He has also been a great addition to our webinar program, participating with me on several recent webinars.  Tom has also written several terrific informational overview series for CloudNine, including his most recent one, DOS and DON’TS of a 30(b)(6) Witness Deposition.  Now, Tom has written another terrific overview regarding mobile device collection titled Mobile Collection: It’s Not Just for iPhones Anymore that we’re happy to share on the eDiscovery Daily blog.  Enjoy! – Doug

Tom’s overview is split into four parts, so we’ll cover each part separately.  Here’s the first part.

Introduction

Most of the talk about retrieving data from mobile devices has centered on iPhones and other Apple devices.  And no small reason for that is that most of the discussion on the topic has come from Craig Ball, who is, like many attorneys, an Apple guy.

But, iPhones are not the only mobile devices for which data collection is necessary.  In fact, they’re not even the most popular devices – by far.  Android market share is now bigger than Apple everywhere in the world. Although Apple iOS holds a large share of the smartphone operating systems’ market within the United States, Google Android remains the market leader with a 51.8% share as of September 2019.  Worldwide, Android has a 76% market share with iOS far behind at 22% (Source, IDC Nov 2019)

So, you’re just as likely – even more likely – to need to collect data from Android devices than from Apple devices, especially outside the US.

With that in mind, in this paper, we will take a look at mobile device collection topics, including:

  1. Mobile Collection and Preservation, Courtesy of Craig Ball
  2. Google Vault and the Emphasis of Android Devices
  3. Conclusions

We’ll publish Part 2 – Mobile Collection and Preservation, Courtesy of Craig Ball – next Monday.

So, what do you think?  Are you having to increasingly address issues associated with mobile device discovery?  As always, please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Here’s Why Whether Apple Provides a Backdoor to iPhones May Not Matter: Data Privacy Trends

Last week, we covered the government’s latest attempt (and Apple’s resistance) to get Apple to assist in unlocking the iPhones of a mass shooter – this time, with regard to password-protected iPhones used by Mohammed Saeed Alshamrani, who is suspected of killing three people last month in a shooting at a Navy base in Pensacola, Florida.  Ultimately, however, it may not matter whether Apple helps the government or not.

According to Business Insider (The Justice Department is demanding that Apple make it easier to unlock suspects’ iPhones, but experts say it can do that without Apple’s cooperation. Here’s how., written by Aaron Holmes), according to cybersecurity experts, new technologies have made it even easier for investigators to crack locked iPhones, even without help from Apple.

Last week, Attorney General William Barr said during a press conference on Monday that Apple had not helped the FBI crack into the password-protected iPhones used by Alshamrani.

“We have asked Apple for their help in unlocking the shooter’s iPhones. So far Apple has not given us any substantive assistance,” Barr said, next to a poster with a picture of the iPhones. “This situation perfectly illustrates why it is critical that investigators be able to get access to digital evidence once they have obtained a court order based on probable cause.”

For their part, Apple disputed Barr’s assessment that it has failed to provide law enforcement with “substantive assistance” in unlocking the password-protected iPhones used by the shooting suspect at a Navy base in Pensacola, Florida, last month, but still refused his main request to provide a backdoor.  Apple stated it “produced a wide variety of information associated with the investigation” after the FBI’s initial request on Dec. 6. The company said it provided “gigabytes of information” including “iCloud backups, account information and transactional data for multiple accounts” in response to further requests that month.

“We have always maintained there is no such thing as a backdoor just for the good guys,” Apple said in a statement. “Backdoors can also be exploited by those who threaten our national security and the data security of our customers. Today, law enforcement has access to more data than ever before in history, so Americans do not have to choose between weakening encryption and solving investigations. We feel strongly encryption is vital to protecting our country and our users’ data.”

In an interview with Business Insider, Chris Howell, CTO of Wickr said he understood why Apple wouldn’t intentionally build a backdoor into the iPhone as the FBI has requested.

“As a technologist I can tell you that there is no security mechanism that can discriminate between a hacker trying to crack it and a law enforcement officer trying to do the same thing. Either we secure it or we don’t, it’s that simple.”

However, according to The Wall Street Journal, the cybersecurity company Grayshift sells an iPhone hacking device for $15,000, and Israel’s Cellebrite sells a similar device.  Tech companies are constantly trying to develop more secure devices and platforms to win costumers’ trust, and are therefore reticent to build backdoors that would easily crack encrypted services. Similarly, companies like Grayshift and Cellebrite are constantly honing methods of cracking devices, which are kept secret.

The iPhone was long seen as uncrackable, but recent advances have changed that — one county in Georgia that purchased a Grayshift device was able to crack 300 phones in one year, The Wall Street Journal reported.

One commenter to our post last week stated “if I was a terrorist I’d throw away my iPhoneX and get an iPhone 11”.  Staying ahead of crackers and hackers seems to be a continual battle that device managers and website providers face daily.  And, if we think this issue only applies to discovery of devices in cases involving mass shooters, it could easily apply to discovery in any type of case today where a custodian of a device has something to hide.  Like this Fifth Amendment case that we covered last year and will discuss in our webcast on January 29.

So, what do you think?  Should companies like Apple and Facebook provide backdoor access to their encrypted technology to investigators?  Or are there bigger privacy concerns at play here?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Apple Battling with the Government Again Over Breaking iPhone Encryption of Mass Shooters: Data Privacy Trends

Remember back in 2016 when Apple with in a court battle with the Department of Justice over giving investigators access to encrypted data on the iPhone used by one of the San Bernardino shooters?  That was back in 2016 and we covered it here, here and here – that situation was resolved when the DOJ indicated that the FBI was able to retrieve the data with help from an “unnamed third party”.  Now, Apple is in a new dispute with the government again over the same issue.

According to CNBC (Attorney General William Barr says Apple is not helping unlock iPhones used by alleged Pensacola shooter, written by Kif Leswing), Attorney General William Barr said during a press conference on Monday that Apple had not helped the FBI crack into password-protected iPhones used by Mohammed Saeed Alshamrani, who is suspected of killing three people last month in a shooting at a Navy base in Pensacola, Florida.

“We have asked Apple for their help in unlocking the shooter’s iPhones. So far Apple has not given us any substantive assistance,” Barr said, next to a poster with a picture of the iPhones. “This situation perfectly illustrates why it is critical that investigators be able to get access to digital evidence once they have obtained a court order based on probable cause.”

“We call on Apple and other technology companies to help us find a solution so that we can better protect the lives of Americans and prevent future attacks,” he said. Barr has also clashed with Facebook over encrypted messages, which he called “data-in-motion” on Monday.

The comments highlight law enforcement’s frustration with encryption technologies that protect data so that neither Apple nor law enforcement can easily read it.  They also preview future clashes between technology companies and governments over whether to build “back doors” that would allow law enforcement elevated access to private data to solve crimes like terrorism.

On Tuesday (as covered by CNBC here), Apple disputed Barr’s assessment that it has failed to provide law enforcement with “substantive assistance” in unlocking the password-protected iPhones used by the shooting suspect at a Navy base in Pensacola, Florida, last month, but still refused his main request to provide a backdoor.

Apple said it “produced a wide variety of information associated with the investigation” after the FBI’s initial request on Dec. 6. The company said it provided “gigabytes of information” including “iCloud backups, account information and transactional data for multiple accounts” in response to further requests that month.

“We have always maintained there is no such thing as a backdoor just for the good guys,” Apple said in its latest statement. “Backdoors can also be exploited by those who threaten our national security and the data security of our customers. Today, law enforcement has access to more data than ever before in history, so Americans do not have to choose between weakening encryption and solving investigations. We feel strongly encryption is vital to protecting our country and our users’ data.”

Apple made a similar point at a congressional hearing in December as senators threatened regulation if tech companies could not figure out a way to work with law enforcement to legally access encrypted devices and messages. A Facebook representative also attended the hearing, defending the company’s plans to make its entire private messaging system end-to-end encryption, which law enforcement fear will make it harder for them to track down instances of child exploitation, as they do now.

I expected we would see another dispute between Apple (or other provider) and the government, along the lines of the San Bernardino shooter case – surprised it took this long.  Maybe it’s time for the AG’s office to solicit the assistance of an “unnamed third party”… ;o)

So, what do you think?  Should companies like Apple and Facebook provide backdoor access to their encrypted technology to investigators?  Or are there bigger privacy concerns at play here?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Court Infers Bad Faith for Plaintiffs Use of Ephemeral Messaging App: eDiscovery Case Law

We’re catching up on notable cases from earlier in the year.  Here’s one that’s notable regarding the use of ephemeral messaging and spoliation sanctions.

In Herzig v. Arkansas Foundation for Medical Care, Inc., No. 2:18-CV-02101 (W.D. Ark. July 3, 2019), Arkansas District Judge P.K. Holmes, III indicated his belief that the use and “necessity of manually configuring [the messaging app] Signal to delete text communications” on the part of the plaintiffs was “intentional and done in bad faith”.  However, Judge Holmes declined to consider appropriate sanctions, ruling that “in light of the [defendant’s] motion for summary judgment, Herzig and Martin’s case can and will be dismissed on the merits.”

Case Background

In this case where the plaintiffs alleged unlawful termination due to age discrimination, the parties conferred and agreed that the defendant might request data from the plaintiffs’ mobile phones and that the parties had taken reasonable measures to preserve potentially discoverable data from alteration or destruction.  In July 2018, the defendant served requests for production on the plaintiffs and, in September 2018, Plaintiffs Brian Herzig and Neal Martin produced screenshots of parts of text message conversations from Martin’s mobile phone, including communications between Herzig and Martin, but nothing more recent than August 20, 2018, even after a motion to compel.

After the August production, Martin installed the application Signal (which allows users to send and receive encrypted text messages accessible only to sender and recipient, and to change settings to automatically delete these messages after a short period of time) on his phone.  Herzig had done so while working at the defendant.  Herzig and Martin set the application to delete their communications and, as a result, disclosed no additional text messages to the defendant, which was unaware of their continued communication using Signal until Herzig disclosed it in his deposition near the end of the discovery period.  The defendant filed a motion for dismissal or adverse inference on the basis of spoliation.

Judge’s Ruling

In assessing the defendant’s motion, Judge Holmes stated that “Herzig and Martin had numerous responsive communications with one another and with other AFMC employees prior to responding to the requests for production on August 22, 2018 and producing only some of those responsive communications on September 4, 2018. They remained reluctant to produce additional communications, doing so only after AFMC’s motion to compel. Thereafter, Herzig and Martin did not disclose that they had switched to using a communication application designed to disguise and destroy communications until discovery was nearly complete. Based on the content of Herzig and Martin’s earlier communications, which was responsive to the requests for production, and their reluctance to produce those communications, the Court infers that the content of their later communications using Signal were responsive to AFMC’s requests for production. Based on Herzig and Martin’s familiarity with information technology, their reluctance to produce responsive communications, the initial misleading response from Martin that he had no responsive communications, their knowledge that they must retain and produce discoverable evidence, and the necessity of manually configuring Signal to delete text communications, the Court believes that the decision to withhold and destroy those likely-responsive communications was intentional and done in bad faith.”

However, Judge Holmes also stated: “This intentional, bad-faith spoliation of evidence was an abuse of the judicial process and warrants a sanction. The Court need not consider whether dismissal, an adverse inference, or some lesser sanction is the appropriate one, however, because in light of the motion for summary judgment, Herzig and Martin’s case can and will be dismissed on the merits.”  As a result, the requested sanctions were denied as moot.

So, what do you think?  Should use of an ephemeral messaging app when a duty to preserve attaches lead to significant sanctions?  Please let us know if any comments you might have or if you’d like to know more about a particular topic.

Case opinion link courtesy of eDiscovery Assistant.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Time for Another Murder (Possibly) Witnessed by Alexa: eDiscovery Trends

It’s been a while since we covered a good murder case with Internet of Things (IoT) implications.  Here’s a new case in Florida where police have submitted a search warrant to Amazon for recordings from an Echo device in a household where a man was charged with killing his partner with a spear(!).

In People (After Fla. Woman Is Impaled by a Spear, Police Seek Clues From Amazon Alexa Recordings, written by KC Baker), the author reports that Florida police are trying to find out what – if anything – the voice-controlled Amazon Echo Dot smart speakers (commonly known as “Alexa”) heard on July 12 when a Hallandale Beach woman died during a fight with her boyfriend. The incident left her impaled by a spear and him charged with murder, the South Florida SunSentinel reports.

Silvia Galva, 32, and Adam Reechard Crespo, 43, who is reportedly either her boyfriend or husband, were allegedly fighting in their condo after a night out. Crespo told police he was trying to pull Galva off the bed when she grabbed a spear that snapped and pierced her chest as he continued to pull her up.  Crespo then told police he pulled the blade out of the victim’s chest, hoping it was “not too bad,” the Sun Sentinel reports.

The defendant’s actions, the police report goes on to say, “caused the victim to grab the spear to keep herself on the bed. The force used by the defendant to remove the victim cause the shaft to break and in an unknown way caused the blade to pierce the victim which caused the loss of life.”

Crespo was arrested and charged with murder without premeditation, the SunSentinel reports.

In August, Hallandale Beach Police obtained a search warrant for the recordings on two of the Amazon voice assistants that were in the apartment where Galva was killed, the Sun Sentinel reports.

The search warrant, later obtained by CBS Miami, says “It is believed that the evidence of crimes — audio recordings capturing the attack on victim Silvia Crespo…and any events that preceded or succeeded the attack — may be found on the server(s) maintained by or for Amazon.com for all recordings made by the aforementioned Echo smart speakers.”

Amazon turned over recordings to the authorities, who are analyzing the data, Hallandale Beach Police Department spokesman Sgt. Pedro Abut told the SunSentinel.

“It is believed that evidence of crimes, audio recordings capturing the attack on victim Silvia Crespo that occurred in the main bedroom … may be found on the server maintained by or for Amazon,” police wrote in their probable cause statement seeking the warrant, the SunSentinel reports.  Still, it’s unclear how much information the recordings will yield since the Echo supposedly only records when users utter the word “Alexa” or a “wake” word of their choice and don’t usually record entire conversations, according to an Amazon spokesperson.

Crespo’s attorney, Christopher O’Toole, told PEOPLE he feels the recordings can only bolster the case of his client, who he says is innocent.

We’ve certainly seen other murder cases that involve Amazon Echo recordings potentially having data, including this one and this one.  And, we’ve also seen murder cases involving other IoT devices as well, including these this one and this one involving Fitbit devices.  It’s tougher than ever to get away with murder these days!

So, what do you think?  Are you aware of any civil cases where IoT devices came into play?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Cell Phone Geolocation Evidence May Be Off the Mark (At Least in Denmark): eDiscovery Trends

If you watch Dateline, 20/20, 48 Hours or any other news program that covers notable crime stories, one trend has become more and more common – the use of cell phone/mobile device geolocation data to put alleged criminals at the scene of the crime (or at least very close to it).  We consider these devices – and the geolocation data obtained from them – to be highly accurate and important evidence in obtaining convictions for guilty parties or exonerating innocent ones.  Maybe we shouldn’t.

According the The Guardian (Denmark frees 32 inmates over flaws in phone geolocation evidence, written by Jon Henley), Denmark has released 32 prisoners as part of an ongoing review of 10,700 criminal cases after serious questions arose about the reliability of geolocation data obtained from mobile phone operators.

In addition, nearly 40 new cases have been postponed under a two-month moratorium on the use of mobile phone records in trials, which was imposed after police found multiple glitches in the software that converts raw data from phone masts into usable evidence.

Among the errors police have discovered is a tendency for the system to omit some data during the conversion process, meaning only selected calls are registered and the picture of the phone’s location is materially incomplete.

The system has also linked phones to the wrong masts, connected them to several towers at once, sometimes hundreds of kilometres apart, recorded the origins of text messages incorrectly and got the location of specific towers wrong.

Taken together, the problems meant not just that innocent people could potentially have been placed at crime scenes but that criminals could have been wrongly excluded from inquiries, said Jan Reckendorff, Denmark’s director of public prosecutions, who said “This is a very, very serious issue.  We simply cannot live with the idea that information that isn’t accurate could send people to prison.”  Announcing the case review and moratorium late last month, Reckendorff conceded it was a “drastic decision, but necessary in a state of law”.

There are no statistics on how many court cases in Denmark are decided on the basis of mobile phone data, but it is often used to corroborate other evidence and, although not considered as reliable as DNA, has previously been seen as highly accurate.

Isolated incidences of clearly inaccurate mobile data have occurred in the past in the US and South Africa, but this is the first time it has been questioned by a national justice system. Three years ago, a Kansas family sued a digital mapping company after being visited “countless times” by police and others.

I certainly experienced how inaccurate geolocation data tracking can be sometimes when I was in Italy the past couple of weeks.  Trying to use Google maps over there to help direct you to a location can be challenging as the application frequently reported inaccurate locations for where we were when trying to provide directions.

So, what do you think?  Are you concerned about the accuracy of geolocation data in the US?   Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Craig Ball is “That Guy” Who Keeps Us Up to Date on Mobile eDiscovery Trends: eDiscovery Best Practices

So many topics, so little time (again).  In our webcast about millennials and their impact on eDiscovery last week, Tom O’Connor and I spent a lot of time talking about how millennials are quick to embrace new technology and certainly there have been few technology areas of growth like mobile device use.  They’re everywhere and used by (seemingly) everybody and used (seemingly) all day long.  Texts are the new emails, which means they have considerable importance from an eDiscovery perspective.  So, who should you go to if you want to stay apprised of mobile eDiscovery trends?  Craig Ball is “that guy”.

In Craig’s excellent Ball in Your Court blog, his latest post from last week (Preserving Android Evidence: Return of the Clones?), discusses Google’s recently expanded offering of “cheap-and-easy” online backup of Android phones, including SMS and MMS messaging, photos, video, contacts, documents, app data and more.  In discussing this new capability, Craig states: “This is a leap forward for all obliged to place a litigation hold on the contents of Android phones — a process heretofore unreasonably expensive and insufficiently scalable for e-discovery workflows.  There just weren’t good ways to facilitate defensible, custodial-directed preservation of Android phone content.  Instead, you had to take phones away from users and have a technical expert image them one-by-one.

Now, it should be feasible to direct custodians to undertake a simple online preservation process for Android phones having many of the same advantages as the preservation methodology I described for iPhones two years ago.  Simple.  Scalable.  Inexpensive.”

Craig did acknowledge that because Android backups live in the cloud, he anticipates that, at first, there will be no means to download the complete Android backup to a PC for analysis, thus requiring restoring the data to a factory-initialized “clean” phone as a means to localize the data for collection (at least until Google hopefully provides a suitable takeout mechanism).  As a result, “examiners may revive the tried-and-true cloning of evidence to clean devices then collecting from the restored device” (just like they once did with computer drives).  “Everything old is new again.”

Whether it’s informing us of simpler, less expensive ways of preserving iPhone and Android data, or keeping us updated as Apple announces it’s doing away with iTunes, or educating us on geolocation data, or providing us an easy to understand Mobile Evidence Burden and Relevance Scorecard.  Or he’s providing us with an entire 24 page white paper on mobile device discovery titled Mobile to the Mainstream.  So, when it comes to best practices and useful tips regarding mobile device discovery, Craig Ball is “that guy” (see what I did there, Craig?).  ;o)

So, what do you think?  Are you struggling with mobile device discovery?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.