Close
Enter your
text here

Mobile Devices

Collecting Responsive ESI from Difficult Places: eDiscovery Webcasts

Happy June!  I don’t normally promote webcasts twice in one week, but this month’s webcast is a little earlier than normal.  What can I say, it’s family vacation season and my family has plans the last week of this month… :o)

Believe it or not, there was a time when collecting potentially responsive ESI from email systems for discovery was once considered overly burdensome. Now, it’s commonplace and much of it can be automated. But, that’s not where all of the responsive ESI resides today – much of it is on your mobile device, in social media platforms and even in Internet of Things (IoT) devices. Are you ignoring this potentially important data? Do you have to hire a forensics professional to collect this data or can you do much of it on your own?  We will discuss these and other questions in a webcast in a few weeks.

Wednesday, June 20th at noon CST (1:00pm EST, 10:00am PST), CloudNine will conduct the webcast Collecting Responsive ESI from Difficult Places. In this one-hour webcast that’s CLE-approved in selected states, we will discuss what lawyers need to know about the various sources of ESI today, examples of how those sources of data can be responsive to litigations and investigations, and how lawyers may be able to collect much of this data today using intuitive applications and simple approaches. Topics include:

  • Challenges from Various Sources of ESI Data
  • Ethical Duties and Rules for Understanding Technology
  • Key Case Law Related to Mobile Devices, Social Media and IoT
  • Options and Examples for Collecting from Mobile Devices
  • Options and Examples for Collecting from Social Media
  • Examples of IoT Devices and Collection Strategies
  • Recommendations for Addressing Collection Requirements
  • Resources for More Information

As always, I’ll be presenting the webcast, along with Tom O’Connor.  To register for it, click here.  Even if you can’t make it, go ahead and register to get a link to the slides and to the recording of the webcast (if you want to check it out later).  If you want to know how to collect electronically stored information from difficult places, this is the webcast for you!

So, what do you think?  Do you feel like you know when and how to collect ESI from mobile devices, social media and IoT devices?  If not, register for our webcast!  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Former Employee Sanctioned for Lying Under Oath, Destruction of ESI: eDiscovery Case Law

In Heggen v. Maxim Healthcare Servs., Inc., No. 1:16-cv-00440-TLS-SLC (N.D. Ind. April 27, 2018), Indiana Magistrate Judge Susan Collins ruled that the plaintiff’s destruction of requested cellphone recordings, as well as lying under oath, were sanctionable under FRCP Rule 37.

Case Background

The plaintiff filed the case against her former employer – a provider of temporary medical staffing, home health care, and wellness services – with claims of sexual harassment and retaliation. The plaintiff stated under oath that she chose to leave these employers “voluntarily” because the two clients with whom she worked were going into a nursing home.

However, the defendant pointed out that records show that the plaintiff was terminated after she refused to discuss a complaint that the plaintiff stole $300 from a client under her care, as well as mismanagement of the client’s financial assets. A discovery request to the Indiana Department of Workforce Development revealed that the plaintiff had worked for Interim Health Care immediately prior to joining the defendant, even though she responded to the first request for production with a different former employer, and then stated a second employer during her deposition. Based on the records from Interim, the defendant claimed that the circumstances of the plaintiff’s departure from Interim were “strikingly similar” to the plaintiff’s time at the defendant, including that a patient’s medications went missing – the plaintiff then tested positive for the missing medications on a drug test, and the plaintiff failed to return to work after the complaint.

The clearest contention that the defendant brought is that the plaintiff destroyed key evidence in at least three different ways and this, along with the other actions by the plaintiff, the defendant contended was grounds for a dismissal sanction. The plaintiff testified at her deposition that she made about seven recordings of unidentified defendant employees and said these recordings supported her claims against the defendant, she also testified that the Equal Employment Opportunity Commission (“EEOC”) had the recordings, because she deleted the recordings from her cell phone since she “didn’t want them to have [her] phone lost and have them be out there.” She claimed she had emailed the recordings to the EEOC, but couldn’t find any copy of the emails transmitting the recordings. After sending the emails, she performed a factory reset of her phone (an older Apple model) that basically had “broke[n] down,” and that she was trying to get working again. The reset deleted all of the data stored on it, including the recordings.

She felt that emailing the recordings to EEOC was a form of preservation and “thought it was okay to get rid of them[.]” Copies of three of the recordings were found, and the plaintiff submitted transcripts of these recordings with her response brief, and she also provided a copy of the recordings and transcripts to the defendant. However, there was no explanation for the other missing recordings.

The defendant had sought the recordings from the plaintiff for months through traditional discovery and because it did not have the recordings when it deposed the plaintiff, it felt that resulted in prejudice against them. They also argued that there was a significant difference between original recordings and copies of recordings. What the plaintiff submitted appeared to be at least two different layers of recorded conversations: “an ongoing face-to-face interaction between individuals who are supposedly simultaneously listening to and participating in a different interaction by telephone, all recorded on top of each other.”  Also, because they were copies, there was no way to delve into the original metadata of the recordings. Further, while the original recordings were made on an iPhone, the files produced were in 3GP format, a format generally used by Android phones, raising even more questions.

Judge’s Ruling

Judge Collins ruled that the defendant’s failure under oath to disclose Interim as a prior employer and for her destruction of the original cell phone recordings was sanctionable. But noted that a sanction for discovery abuse must be “a proportionate response to the circumstances.”

Judge Collins stated, “The draconian sanction of dismissal is not presently warranted here. Rather, the present circumstances warrant the imposition of lesser sanctions in the form of a monetary penalty—that is, ordering Heggen to pay the reasonable expenses, including attorney’s fees, that Maxim incurred in filing the motion to compel [See FRCP Rule 37]. The Court has no reason, at least at this juncture, to conclude that the imposition of this monetary penalty would be fruitless. The Court will also consider a spoliation instruction upon a pretrial motion by counsel should this case go to trial. The motion for sanctions is otherwise denied. Heggen is duly warned that any additional discovery transgressions may result in further sanctions against her, up to and including dismissal of this case.”

So, what do you think?  Was the ruling correct or was a sanction of dismissal warranted in this case?  Please share any comments you might have or if you’d like to know more about a particular topic.

Case opinion link courtesy of eDiscovery Assistant.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Law Enforcement Has Found a New Way to Put a Finger on iPhone Evidence: eDiscovery Trends

A dead finger, that is.  Believe it or not, cops are now opening iPhones with dead people’s fingerprints.

A couple of days ago Sharon Nelson (on her excellent Ride the Lightning blog) covered a Forbes article that discussed a suspect who mowed down a group of people in his car, went on a stabbing spree with a butcher’s knife and was shot dead by a police officer on the grounds of Ohio State University.  To try to access the phone to learn more about the assailant’s motives, an FBI agent applied the bloodied body’s index finger to the iPhone found on the deceased suspect.

In that case, it didn’t work as the iPhone had gone to sleep and when reopened required a passcode.  But, this technique is working in many other cases.  Separate sources close to local and federal police investigations in New York and Ohio, who asked to remain anonymous as they weren’t authorized to speak on record, said it was now relatively common for fingerprints of the deceased to be depressed on the scanner of Apple iPhones, devices which have been wrapped up in increasingly powerful encryption over recent years. For instance, the technique has been used in overdose cases, said one source. In such instances, the victim’s phone could contain information leading directly to the dealer.

Not surprisingly, there are concerns about whether a warrant should be required. Greg Nojeim, senior counsel and director of the Freedom, Security and Technology Project at the Center for Democracy & Technology, said it’s possible in many cases there would be a valid concern about law enforcement using fingerprints on smartphones without any probable cause. “That’s why the idea of requiring a warrant isn’t out of bounds,” Nojeim added.

Think having an iPhone X that replaces the fingerprint security with facial recognition technology will keep law enforcement at bay?  Think again.  It could be an easier way into iPhones than Touch ID. Marc Rogers, researcher and head of information security at Cloudflare, told Forbes he’d been looking at Face ID in recent months and had discovered it didn’t appear to require the face of a living person to work – apparently the technology can be deceived simply using photos of open eyes or even only one open eye on the suspect.  “In that sense it’s easier to unlock than Touch ID – all you need to do is show your target his or her phone and the moment they glance it unlocks,” he stated.

Or open the eyes of the dead suspect.  Dead men tell no tales?  Maybe they do after all.

So, what do you think?  Should a warrant be required to access phones with fingerprint or facial recognition technology?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

No Sanctions for Failing to Preserve Cell Phone Records and Call Logs: eDiscovery Case Law

In Dotson, et al. v. Edmonson, et. al., No. 16-15371 (E.D. La. Jan. 22, 2018), Louisiana District Judge Susie Morgan denied the plaintiff’s motion in limine seeking sanctions for spoliation of evidence, finding that the plaintiff had “not met his burden of establishing that the Trooper Defendants had a duty to preserve” cell phone records and call logs from the evening of October 7, 2015 from Louisiana State Police (LSP) issued cell phones that were used that night by LSP officers during an undercover operation, or that their destruction of the evidence was intentional.

Case Background

In this case related to a civil suit over a drug bust involving the plaintiff, the defendants provided interrogatory responses deposition testimony which indicated that LSP troopers relied on their LSP-issued (or LSP-funded) cell phones to communicate during the course of operations in general, and specifically on the night of October 7, 2015.  The plaintiff asserted that this “establishes the existence of electronically stored information such as call logs and text messages on those cell phones” and argued that, as early as October 7, 2016, when the defendants were named in an article on nola.com and the case was filed, the defendants and the LSP were on notice that litigation was pending, and thus should have known that any ESI relating to the investigatory stop and arrest of the plaintiff was required to be preserved. Nonetheless, Defendants traded in their cell phones one month after Plaintiff filed his suit.

The plaintiff issued multiple discovery requests and subpoenas, and filed several motions to compel in efforts to obtain the call logs and text messages and develop an understanding of the officers’ movements and observations on the night of the arrest to no avail and claimed the loss of these records prejudiced his case, because the movements and communications among these officers were crucial to establishing whether reasonable suspicion existed to stop the plaintiff.  In response, the defendants argued that the plaintiff’s proposed remedy unfairly targeted Defendant Bodet (one of the Trooper Defendants), “as the Fifth Circuit makes clear that sanctions for spoliation should be taken against the alleged spoliator” and argued there is no evidence to suggest that Bodet acted in bad faith, or that he should have known of a need to preserve any electronically stored information on his phone.

Judge’s Ruling

Citing Rule 37(e), Judge Morgan stated: “The Plaintiff has not met his burden of establishing that the Trooper Defendants had a duty to preserve the electronically stored information related to the cell phone records from October 7, 2015 at the time the information was destroyed or that their destruction of the evidence was intentional. The Court will not provide the requested instruction to the jury based on an adverse inference.”

However, Judge Morgan excluded the Trooper Defendants from speculating at trial that they “may have” called a particular trooper based on deposition testimony to the contrary.  She also stated that “the Court’s ruling does not preclude the Plaintiff from eliciting testimony regarding the loss of the cell phone records and text messages”, nor did it prohibit questioning “regarding the cell phone record preservation policies of the Louisiana State Police, as such testimony is relevant and its relevance is not outweighed by the risk of undue prejudice.”

So, what do you think?  Should the defendants have received some sanctions?  Please share any comments you might have or if you’d like to know more about a particular topic.

Case opinion link courtesy of eDiscovery Assistant.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Befuddled by BYOD? The Sedona Conference Has a New Set of Principles to Guide You: eDiscovery Best Practices

Many organizations are permitting (or even encouraging) their employees to use their own personal devices to access, create, and manage company related information – a practice commonly referred to as Bring Your Own Device (BYOD).  But, how can those organizations effectively manage those BYOD devices to meet their discovery obligations?  To help with that issue, The Sedona Conference® (TSC) has published an initial Public Comment Version of a Commentary to help.

In late January, TSC and its Working Group 1 on Electronic Document Retention and Production (WG1) rolled out the Public Comment version of its Commentary on BYOD: Principles and Guidance for Developing Policies and Meeting Discovery Obligations.  The Commentary is designed to help organizations develop and implement workable – and legally defensible – BYOD policies and practices. This Commentary also addresses how creating and storing an organization’s information on devices owned by employees impacts the organization’s discovery obligations.  It focuses specifically to mobile devices that employees “bring” to the workplace (not on other “BYO” type programs) and does not specifically address programs where the employer provides the mobile device.

The Commentary begins with five principles related to the use of BYOD programs and continues with commentary for each.  Here are the five principles:

  • Principle 1: Organizations should consider their business needs and objectives, their legal rights and obligations, and the rights and expectations of their employees when deciding whether to allow, or even require, BYOD.
  • Principle 2: An organization’s BYOD program should help achieve its business objectives while also protecting both business and personal information from unauthorized access, disclosure, and use.
  • Principle 3: Employee-owned devices that contain unique, relevant ESI should be considered sources for discovery.
  • Principle 4: An organization’s BYOD policy and practices should minimize the storage of––and facilitate the preservation and collection of––unique, relevant ESI from BYOD devices.
  • Principle 5: Employee-owned devices that do not contain unique, relevant ESI need not be considered sources for discovery.

The Commentary weighs in at a tidy 40 page PDF file, which includes a couple of appendices.  So, it’s a fairly light read, at least by TSC standards.  :o)

TSC is encouraging public comment on the Commentary on BYOD, which can be downloaded free from their website here (whether you’re a TSC member or not). They encourage Working Group Series members and others to spread the word and share the link (you’re welcome!) so they can get comments in before the public comment period closes on March 26. Questions and comments may be sent to comments@sedonaconference.org.  So, you have a chance to be heard!

Speaking of mobile devices, I’m excited to be speaking this year for the first time at the University of Florida Law E-Discovery Conference on March 29.  I’m on a panel discussion in a session titled Getting Critical Information From The Tough Locations – Cloud, IOT, Social Media, And Smartphones! with Craig Ball, Kelly Twigger, and with The Honorable Amanda Arnold Sansone, Magistrate Judge in Florida, moderating.  As always, the conference will be conducted in Gainesville, FL (as well as being livestreamed), with CLE-accredited sessions all day from 8am to 5:30pm ET, with an all-star collection of speakers.  I’ll have more to say about the conference as we get closer to it.  Click here to register!

So, what do you think?  Does your organization have a BYOD policy?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Wife’s Fitbit Leads to Murder Arrest for the Husband: eDiscovery Trends

At both the Master’s Conference session that I moderated in San Francisco on Tuesday and the webcast that I conducted yesterday, the topic of discovery from IoT (Internet of Things) devices came up.  This story illustrates how discovery from IoT devices is becoming more and more important, especially in criminal cases.

According to an article in Business Insider, data from a murdered woman’s Fitbit led Connecticut police to arrest her husband in connection with the death.  After more than a year of investigations, the Hartford police charged Richard Dabate with his wife’s murder, tampering with physical evidence, and making false statements to the police after her Fitbit showed she was still walking around an hour after he claimed she was murdered by an intruder.

In December 2015, Connie Dabate was shot in her home with a .357 Magnum that her husband, Richard, had bought a few months before.  Dabate stated that, after getting a house alarm notification on his phone, he got back around 9 a.m. when he spotted an intruder, he said: a 6’2” man with a stocky build wearing a “camouflaged suit with a mask.”  Dabate said that, at about that time, he heard his wife come home and yelled for her to run, but the intruder shot her to death after a short struggle.  Dabate also said that the intruder tied him to a chair and began burning him with a torch, but he struggled with the intruder, eventually getting the torch from the intruder and causing him to flee.

Cops brought in K-9’s to pick up the scent of an intruder, but they could only pick up Dabate’s scent.  With no other evidence regarding an intruder, cops eventually obtained search warrants for Connie Dabate’s Fitbit, both of their cell phones, computers and house alarm logs.

According to an article in CNN, this timeline of activities conflicted with the story that Dabate told the police:

  • At 9:01 a.m. Richard Dabate logged into Outlook from an IP address assigned to the internet at the house.
  • At 9:04 a.m., Dabate sent his supervisor an e-mail saying an alarm had gone off at his house and he’s got to go back and check on it.
  • Connie’s Fitbit registered movement at 9:23 a.m., the same time the garage door opened into the kitchen.
  • Connie Dabate was active on Facebook between 9:40 and 9:46 a.m., posting videos to her page with her iPhone. She was utilizing the IP address at their house.
  • While she was at home, her Fitbit recorded a distance of 1,217 feet between 9:18 a.m. and 10:05 a.m. when movement stops. If Richard Dabate’s claims were correct, detectives say the total distance it would take the victim to walk from her vehicle to the basement, where she died, would be no more than 125 feet.

Dabate later admitted to having an extramarital affair where he impregnated a woman.  Oh, and five days after the incident, Dabate also attempted to make a claim for his wife’s life insurance policy for $475,000, police said.  He is due to appear in court today.

It seems IoT devices are becoming more and more important to criminal investigations.  It seems like only a matter of time before that becomes the case for civil litigations as well.

So, what do you think?  Have you been involved in any cases where data from IoT devices was at issue?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Craig Ball Says That Failure to Preserve Mobile Devices in Litigation is the “M” Word: eDiscovery Best Practices

In the latest post in his excellent Ball in Your Court blog, Craig Ball has some strong words for attorneys who fail to advise clients to preserve ESI from mobile devices when under a preservation duty.

In the post titled A New Paradigm in Mobile Device Preservation, Craig discusses how prevalent the use of mobile devices have become in our society, noting that “[d]riving under the influence of phones has eclipsed driving under the influence of alcohol as the most frequent cause of motor vehicle collisions” and that “[w]alking into fixed objects while texting is reportedly the most common reason young people visit emergency rooms today”.

As someone who never goes anywhere without my iPhone and a parent of two pre-teen kids for whom we have to set limits on their devices (for fear that they will literally spend the entire day on them), I can certainly relate to our level of addiction to our mobile devices in today’s society.

Because of that change, Craig issues a very strong statement when it comes to an attorney’s duty to advise clients to preserve ESI from these devices now:

“Today, if you fail to advise clients to preserve relevant and unique mobile data when under a preservation duty, you’re committing malpractice.”

That’s the “M” word that I referred to in the title of this post and Craig says he doesn’t use it lightly.

Craig identifies the fact that data on phones and tablets is not just a copy of ESI on other sources anymore and the increasing ease to perform a backup of data on your mobile device as two paradigm shifts that impact the requirement for mobile device preservation.  Today, it’s unique data without an unusual burden required to preserve that data.

Our coverage yesterday of this case where the judge recommended dismissal of the case after the plaintiff erased and reset her iPhone – 6 hours before turning it over to her attorney to be sent for forensic examination (naturally, she claimed not to know what happened) illustrates what can happen when mobile devices aren’t preserved.  Sadly, I expect we will see more cases like this in the future.

So, what do you think?  Is failure to advise clients to preserve ESI from mobile devices malpractice?  As always, please share any comments you might have with us or let us know if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.