希望访问中文页面? 请点此(简体中文版)  

Posted on: May 03, 2018

in Blog

7 Tips to Preserve and Review Mobile Device Data

According to a recent survey, there are more than 270 million mobile phone users in the United States. That number is staggering as it actually exceeds the estimated number of U.S. citizens 18 and over.

In effect, everyone has a mobile phone and as we all know, there’s more to cellphone functionality than just texting and calling. We can play games, search for soulmates, send disappearing messages (to the delight of Hillary Clinton), find a good fishing hole, and know when we need to take an umbrella to work.

What if you could take that spreadsheet and load it into your review platform, enabling you to review and produce only relevant data? Learn more about the text message integrator tool and how you can use it on your next case for a more efficient workflow.

There’s an app for just about everything. In fact, as of March 2017 there were close to 5 million appsavailable for download on the leading app stores – the vast majority available from Android (2.8 million) and Apple (2.2 million) – a 25% increase in just two years!

What if you are a litigation support professional or an attorney and you need to preserve and review ESI from one of those 5 million apps or 270 million phones? You are in luck! There’s an app for that too! Well, sure, if app is short for approach.

Here’s a list of seven things to consider and questions to ask when dealing with mobile device collections:

1. Can your vendor or internal IT department properly handle the preservation of a mobile device?

Collecting ESI from mobile devices is not rocket science, though the process has become increasingly complex in recent years. New challenges posed by a burgeoning social media environment and expanded use of ESI stored in the cloud frequently require advanced tools and training to manage complex search, collection, processing efforts – especially under the pressure of litigation. While it’s true that software, like a hammer, is a handy tool it’s important to note that in one person’s hand it can be used to build great things; in the hands of another it can cause irreparable damage.

For example, some high-tech tools allow us to bypass a mobile device’s security apparatus and gain access to its ESI. But if used incorrectly or by inadequately trained staff, these tools can result in ESI’s being completely erased, rendering it useless or even subject to court-ordered sanctions. The takeaway here is to ensure the aptitude and experience of your data preservation vendor (or inhouse IT staff) particularly with respect to mobile devices.

In cases where e-discovery vendors or inhouse staff inadvertently destroy ESI (or the physical devices that house it), many courts have applied the requirements of amended FRCP 37(e) in their rulings. That is, they have awarded the most serious sanctions only where the offending party intentionally destroyed evidence and denied sanctions where the offending party had acted reasonably despite the fact that some ESI had been lost.

For example, the court in Jackson v. Haynes & Haynes (N.D. Ala., 2017) reasoned that being  “negligent and irresponsible in maintaining the information” and “knowing of her obligation to preserve the integrity of the information” are “not sufficient to show an intent to deprive[.]” A fine line to be sure, but this and other courts have distinguished a party’s demonstrated “reasonableness” and “good faith” as the basis for denying sanctions motions. In the words of the commentators the amended Rule 37(e) creates a “safe harbor” if a party acted reasonably (albeit mistakenly) to preserve ESI.

However, no safe harbor existed for offending parties in Shawe v. Elting, 157 A.3d 142 (Del. 2017) or First Financial Security Inc., v. Lee et al. (D. Minn. 2016).

In Shawe, the court found that the plaintiff committed several bad acts, including recklessly failing to safeguard his cellphone and, thus, the text messages used to communicate with employees. The court ordered plaintiff to pay 100% of the fees defendant incurred in connection with bringing the motion for sanctions, and 33% of the fees incurred litigating the merits of the case, totaling more than $7 million.

In First Financial Security Inc., the defendants failed to comply with a discovery request to produce text messages and email in spite of a court order compelling them to produce the electronic data. The court ordered an adverse jury instruction, monetary sanctions, and defendants’ affirmative defenses. 

2. Which tool is being used?

As stated above, you need tools (software) to preserve ESI from your phone and other mobile devices. Our industry benefits from many reputable and commercially available products. Find out which one is being used on your project and then do some research. If it is one you or your colleagues have never heard of, be wary. Do your homework. Seek references.

Why?

Because the securing of electronic data can be confusing and overwhelming given the coordination required between vendors, IT professionals, and attorneys. With so much at stake, businesses and their legal counsel should select a vendor that tracks and account for all electronic evidence, from all its many sources. Locating the right vendor goes a long way toward creating defensible procedures that allow law firms and businesses peace of mind when it comes to satisfying all ESI preservation issues.

3. Ask about the types of reports that can be provided.

If your organization hasn’t been called on to produce ESI from its mobile devices yet, stay tuned.  You will. All the more reason to gather your team in advance, taking a proactive vs. reactive approach, to develop a preservation and deletion plan in the face of the inevitable. Your plan must incorporate collecting, analyzing, and examining all ESI, including from mobile devices. This, of course, implies that the tools you develop and the forensic experts you employ are fully capable of producing the information you require.

Even in the days of machine learning and artificial intelligence, today’s digital forensic tools generally remain very literal; they perform as their programmers have designed. In this “get only what you ask for” environment, the secret to generating desired forensic results is the open and regular communication among trusted partners who share common objectives. Few “out of the box” tools will deliver precisely what your project needs. Thus, it is only through this open and forthright dialogue that the team will develop a tool that examines all appropriate data sets, across recognized storage devices and media, and renders useful reports that facilitate your client’s decision making activities.

4. Review the report (assuming it contains app information) and find the list of installed apps.

Doesn’t it seem like developers are creating a new messaging app every day? While most apps are being developed for Android and Apple operating systems, don’t forget about Blackberry, Linux, Mac, and other still-active systems when considering your preservation activities.

With so many mobile device messaging apps out there, many you may be unfamiliar with, it may be time to get to work, do some research, and pull out the pan: there may be a nugget in the river bed.

WhatsApp, Viber, Signal, Google Hangouts, LinkedIn, FaceBook, Snapchat, and Twitter represent today’s top messaging apps, but many others play huge roles in mobile device messaging – especially globally! 

If you are only looking at messages from iMessage, for example, then you may be getting only a very small percent of what’s out there. And don’t limit your request or review to just the base message app regardless, and certainly don’t restrict your review only to Apple products when Android owns over 50 percent of the market!  Long gone are the days of ignoring mobile, as it is now routinely within the scope of preservation obligations.

5. Don’t rely exclusively on key terms to find what you are after.

In my opinion, this holds true for ESI no matter where it exists, but especially on phones, tablets, watches, etc. – any device that use non-textual forms of communications like emojis and emoticons. According to a survey conducted in 2015, nearly half of respondents stated they used emojis “several times per week,” and 92 percent of online users stated they have used them at some point.

In 2015, the judge in the “Silk Road” case ruled that a jury should take note of any emoticons in online messages used as evidence. (The Silk Road website, since shut down by the FBI, allowed anonymous users to buy and sell illegal drugs, weapons and other illicit items. Ross Ulbricht is the alleged mastermind of the online criminal enterprise, with the nickname “Dread Pirate Roberts” or “DPR.”) The prosecution was reading online messages and chats out loud to the jury and not properly identifying emoticons. The defense felt strongly that the jury should see the chats and emoticons rather than relying on the reading, which could “distort a writer’s meaning.” The judge agreed and told the jury that it should take note of any such symbols in messages. “That is part of the evidence of the document,” the judge told them. As they say, 70 percent of oral communication is non-verbal. In a similar way, non-textual communication forms like emojis contribute significantly to written communication.

6. Don’t expect to recover troves of deleted data.

The technical reasons are beyond the scope of this article, but deleted data may be difficult to recover, depending on where it resides, as well as a budget-busting option. There is no big red button one can hit and automatically recover all the deleted texts, emails, and photos. However, if you are going to this level of analysis make sure you find out who is doing the work. Just like finding the best lawyer or doctor for your current situation, you need to find the best mobile device forensic professional. Just because a person has the ability to run the tool to capture the data does not translate to them being the most qualified to do an in-depth forensic analysis. Ask for credentials, experience, and references! Trust, but verify.

7. Ask if you can get the data and a corresponding load file so it can be ingested into a review platform.

Data is data no matter the source, and mobile device ESI can fit nicely into today’s review tools. Once in the tool, it can be run through analytics, searched for, or placed into pivot tables to make the process of review more efficient. By creating pivot tables with the data, reviewers can quickly see the frequency or time of phone calls or messages. Reviewers can also run analytics across the data set to interpret and pivot on “tone,” determining which messages were sent and received for business, personal, and (with some enhancement) the type of conversational tone used in the message such as “aggressive” or “flirtatious.”

In summary, remember the following items when dealing with ESI preservation from mobile devices:

  • Find a digital forensic expert who possesses the necessary credentials and experience.
  • Research the tools they’ve chosen to do the work; make sure they are capable of delivering desired results.
  • Assemble a team of trusted partners willing to ask the tough questions that will deliver the information your project requires.
  • Review the reports and investigate the apps!
  • Don’t rely exclusively on search terms.
  • Don’t expect to find a lot of deleted data, but hire the right people to look.
  • Consider placing the data into a review platform to take advantage of bells and whistles.


Discover More:

Discover More Categories

D4 Weekly eDiscovery Outlook

Power your eDiscovery intellect with our weekly newsletter.