It's a story for a modern era. The traditional eDiscovery process may reveal nothing more than mundane business documents—but a search that indexes an employee's phone uncovers details of financial crimes. For many law firms, however, the process of getting evidence out of a mobile phone is more painful and expensive than pulling teeth.
How do you migrate the eDiscovery process from laptops, desktops, and servers to mobile phones and tablets? More importantly, when does the law allow you to do so? With employees mostly using their personal phones as business devices, the line where eDiscovery turns into invasion of privacy is increasingly blurred. Therefore, any discussion of how to perform eDiscovery processes on mobile devices must incorporate both technical and legal factors.
First, the good news: it is getting easier, from a legal standpoint, to get access to much of the information that ordinarily appears on mobile phones. According to Rule 34 of the Federal Rules of Civil Procedure, Electronically Stored Information (ESI) is discoverable no matter where it is stored. Since text messages are increasingly defined under the umbrella of ESI, law firms can now wedge their foot in the door when it comes to texts.
Both emails and voicemails are also discoverable under Rule 34 (although it can be difficult to create search terms for voicemail without sophisticated voice recognition software). Essentially, every major kind of ESI involving mobile phones can be preserved under a legal hold.
The problems, both technical and legal, arise when you consider the edge cases. What happens, for instance, when you want to look at contents of a mobile app? Is a Google Drive discoverable? What about things like Tinder messages?
The last few years have seen an absolute flourishing of messaging and storage apps that are completely separate from the default email and storage apps that come with your smartphone. Facebook Messenger, WhatsApp, Skype, Slack, Allo, Google Hangouts, WeChat, HipChat… you get the idea. If you put a hold on a person's texts without understanding what these apps are, you'll be letting evidence slip through your fingers.
Let's break this down. Most applications store their data in the cloud, as opposed to on devices. Data held in the cloud may be discoverable—in Gordon Partners v. Blumenthal, it was decided that if a company does business using data in the cloud, that data is accessible for discovery purposes. The real problem lies with the question of file formats.
Application file formats may differ between operating systems, as the same app may use different files on iOS and Android. The files on a Samsung Galaxy might be different than those on a Google Pixel. Organizations sometimes use Mobile Device Management (MDM) to encrypt parts of their users' phones in order to avoid data loss from hacked or stolen devices. Do you have a strategy for decryption? Depending on what's in use, the contents of a mobile application may resist easy processing into the file formats used to review and produce evidence.
Very few law firms possess the internal capabilities to collect, filter, and process electronic evidence; so doing so will typically require that they utilize an outside vendor. This will add time and expense to the process. Therefore, it makes sense understand the kind of files that you will be most likely to encounter on a mobile phone, and then develop a strategy to deal with them when they arise. For instance, many photos taken on mobile now have metadata that tells you the exact geographic coordinates where they were taken. Assuming that you might find this useful, do you have the expertise necessary to extract and interpret this information?
Lastly, there's the personal aspect. As of last year, 74% of companies either let their employees use personal devices for work, or plan to let them do so. If a mobile device is under legal hold, how do you prevent the capture of unrelated personal information alongside legitimate inquiries?
The answer, unfortunately, is "not easily." Luckily, the law is becoming friendlier in this respect—the judiciary is beginning to recognize that bits of information formerly thought to be extraneous should be entered into the record. This is no more fully demonstrated than in the "Silk Road" drug marketplace trial, where Judge Katherine B. Forrest ruled that even punctuation and emoji should be observed by the jury.
Here's the bottom line: Collecting ESI on mobile phones is starting to become as straightforward as collecting it from traditional devices—but it's still more difficult, more time-consuming, and more expensive. Unfamiliar messaging apps, strange file formats, and jurisdictional details regarding data in the cloud all point to the fact that law firms should develop strategies for mobile eDiscovery well in advance of actually starting the process.
On the other hand, companies themselves should be even more careful. With an expanded definition of what's discoverable under Rule 34, many companies are now unsure about what data they need to preserve. This can lead to heavy fines—as recently as 2014, a $1 million sanction was levied on Boehringer Ingelheim International GMBH for their failure to preserve text messages during a litigation hold.
Have questions? Want more information? Text us :)
If you're still reading, you might want to also check out our blog