In QDiscovery’s recent webinar for ACEDS “Mobile Discovery IRL (In Real Life),” my colleague Yaniv Schiff and I reviewed the lifecycle of mobile discovery in forensic investigations and corporate eDiscovery matters. The intersection of practical and legal considerations in preserving and collecting mobile device data is an important part of every mobile discovery project. This post covers three mobile device discovery legal considerations that are significant recurring issues.
Mobile Device Discovery Legal Considerations #1: Preservation collection is recommended
The first issue is the best way to preserve mobile data. Litigation holds are effective for most data sources; however, mobile data is an exception to this general rule. A preservation collection is recommended for mobile devices because they have a high risk of inadvertent spoliation.
There are multiple reasons for inadvertent mobile spoliation:
- Limited storage capacity – Cell phones and older model smartphones and tablets have relatively limited storage capacity. When new data is created, old data may be automatically deleted to make space. For example, in some cell phone models, old text messages are automatically overwritten when new messages are received once the phone has reached its maximum SMS storage capacity. In addition, users may proactively delete data such as photos or browsing history and website data to free up storage.
- Operating system updates – Operating system updates may affect the data that is available in a forensic examination.
- Auto-delete settings – An iPhone user can set text messages to auto-delete after 30 days or a year; other phone models have similar options. Apps can also have auto-delete functions for messages. Compounding the issue, many phone users don’t know their devices have these settings, or how to change them.
- Consumer upgrades – Some people get a new smartphone every year to keep up with the latest in mobile technology. Many others upgrade on a two or three schedule. Tablets and other non-phone mobile devices are rapidly made obsolete by new products and discarded.
- Data loss from breakage – Mobile devices are easily damaged. This can cause partial or total data loss. Less severe damage like a cracked screen can prompt an upgrade to a new device.
It’s unreasonable to ask custodians to put off installing operating system updates or upgrading to a new phone for months or even years while a litigation hold is in effect. Even more significant is that some of the highest risk factors, such as automated data overwriting by older phones, are outside of the custodian’s control. For all of these reasons, best practice is to make a preservation collection.
Mobile Device Discovery Legal Considerations #2: Legal access to the device starts with the question of ownership
Mobile data is potentially relevant in any corporate civil litigation or regulatory matter. The most common type of relevant data is messages, but other data types such as pictures, documents, audio/video files or call logs may also be identified for collection. Ownership and company policies are key to an employer’s ability to access and collect data from mobile devices used by employees.
If the company owns the device, then it has the right to access and copy it. However, most companies today have moved to bring your own device (BYOD). The second avenue of access is a BYOD policy. Every company should have a BYOD policy for litigation readiness and risk management. Comprehensive BYOD policies cover device access for legal or investigatory reasons. A sample BYOD policy is available here.
Unfortunately many companies have a BYOD practice but not a BYOD policy. Companies in this situation can ask the employee for permission to make a device collection. The employee is not required to provide access. Finally, if all other avenues fail, the company can seek a subpoena. It’s far preferable, including for good employer-employee relations, to implement a BYOD policy rather than having to fall back on consent or court order.
The overwhelming majority of employees use their phones for both business and personal reasons. In all ownership situations, the employee is likely to demand assurances that personal data will be protected from disclosure. This also applies to mobile collections from friendly third parties. Your team needs to be prepared with details on how personal data is safeguarded during the discovery process.
Mobile Device Discovery Legal Considerations #3: Federal Rule of Evidence 902(14) allows authentication by written certification
The recent amendments to the Federal Rules of Evidence added ESI including mobile data to the category of self-authenticating evidence. New Rule 902(14) (effective December 1, 2017) created a procedural means to authenticate digital evidence by means of written certification instead of live testimony. My article Prepare Now for Amended Rule 902 is an in-depth look at Rule 902(14) and related subsection 902(13).
The certification must set forth information that would be sufficient to authenticate if the same information was presented as testimony under Rule 901. The certification must be by a “qualified person,” a term that is not defined in the text of the Rule or Committee Notes but presumably means someone who has the forensic expertise to defensibly collect ESI. The collection must be validated by hash value verification, the industry-standard means of validation, or “other reliable means” of digital identification. Lastly, reasonable written notice must be provided to the opposing party.
Handling authentication on the written record prior to the trial or hearing saves time and money, is more convenient for the witness and eliminates uncertainty. Rule 902(14) is likely to have its greatest immediate impact in employment cases, where mobile evidence is often both critical and contested. In addition, evidentiary issues are frequently front-loaded in employment cases, such as in TRO hearings.
In order to benefit from the new rule, the collection must be made in a defensibly sound manner by a qualified forensics provider and be thoroughly documented, including hash value verification.
Americans use their smartphones and other mobile devices to create a wealth of information. Inevitably some of that information is relevant in investigations and litigation. By including mobile data in the discovery plan, litigators can fully prepare for the unique legal challenges of mobile device discovery.
Want to go more in depth on mobile device discovery? Download our Mobile Device IRL (In Real Life) infographic or watch the recorded ACEDS webinar Mobile Discovery IRL.
Helen Geib is General Counsel and Practice Support Consultant for QDiscovery. Prior to joining QDiscovery, Helen practiced law in the intellectual property litigation department of Barnes and Thornburg’s Indianapolis office where her responsibilities included managing large scale discovery and motion practice. She brings that experience and perspective to her work as an eDiscovery consultant. She also provides trial consulting services in civil and criminal cases. Helen has published articles on topics in eDiscovery and trial technology. She is a member of the bar of the State of Indiana and the US District Court for the Southern District of Indiana and a registered patent attorney.
This post is for general informational and educational purposes only. It is not intended as legal advice or to substitute for legal counsel, and does not create an attorney-client privilege.