How to Effectively Conduct Discovery in a Mobile-First World
The Legal Intelligencer
Reprinted with permission from the February 7, 2017 issue of The Legal Intelligencer. © 2017 ALM Media Properties, LLC. Further duplication without permission is prohibited. All rights reserved.
Given how indispensable text and chat apps have become in our personal lives, it should come as no surprise that they have begun to infiltrate day-to-day communications in corporate America as well. While it is unlikely that texts will supplant email as the primary business communications vehicle in the near future, work-related texting is only going to increase, particularly among the newest entrants to the workforce, who value the immediacy and informality of the medium. For litigators, this presents a variety of e-discovery challenges, from complying with preservation obligations, to adapting search techniques to emoji- and abbreviation-laden messages, to efficiently reviewing and producing mobile content. Fortunately, in these still-early days of mobile discovery, we can begin to glean some best practices to help parties safely and effectively navigate the discovery lifecycle.
Preservation and Collection
As a threshold matter, to the extent the question was ever in doubt, judicial guidance now seems clear that—subject to proportionality considerations—relevant, non-duplicative mobile device communications, such as text messages, are subject to the common-law duty to preserve, as in, e.g., First Financial Security v. Freedom Equity Group, No. 15-cv-1893-HRL (N.D. Cal. Oct. 7, 2016), (issuing a permissive adverse inference sanction under new Federal Rule 37(e) for the defendant's intentional failure to preserve relevant text messages). Nonetheless, while most sophisticated litigants are now comfortable with the processes and technologies needed to preserve relevant email for eventual review and production, there are several reasons why the same cannot yet be said for mobile device data.
First, email had a substantial head start, having made inroads in the workplace since the early 1990s, whereas the explosion in smartphone use for business purposes is a much more recent phenomenon. Looking back, email discovery was not nearly as straightforward a proposition 15 years ago as it normally is today.
Second, unlike email, which (PST files notwithstanding) is usually maintained in a server-side, IT-managed repository, mobile device data is inherently decentralized, with relevant information often accessible only via physical access to the phone itself, which may be employee-owned and encrypted. Even companies that have heeded standard compliance recommendations by implementing strong bring your own device (BYOD) or corporate-owned, personally enabled (COPE) policies, and have paired those policies with secure mobile device management (MDM) products, can face such practical challenges, as senior executives crying foul when asked to provide their phones for imaging.
Third, there are thousands of hardware, operating system version, and app combinations that forensic tools must support to ensure a thorough collection, making it very challenging for the leading forensic tools to maintain broad, real-time compatibility with all of the device-content permutations engineers may encounter in the field. Not surprisingly, forensic experts use an array of different tools to acquire mobile data since a one-size-fits-all, unassailable solution has yet to materialize. By contrast, Microsoft and Google each provide tools to safely and easily preserve, search, and collect email on their respective platforms.
Fourth, it was long routine practice for similarly-situated litigants to agree amongst themselves that mobile device content would not be included within the scope of discovery, either because it was duplicative of server-side data or because it was simply too burdensome to sequester, collect and search. Depending on the nature of the dispute and litigants' mobile device usage practices, this could still be a viable strategy in certain cases, but the likelihood of parties reaching consensus on this point may diminish over time as mobile devices become a more pivotal repository of unique and potentially relevant electronically stored information.
In the face of these and other challenges, Deutsche Bank AG recently announced that it will be disabling certain text and chat functionality on mobile devices used by its employees "to comply with regulatory and legal requirements." Jenny Strasburg, Deutsche Bank Bans Widely Used Text-Messaging Programs for Business Use, Wall St. J. (Jan. 13, 2017). Other companies operating in highly-regulated industries with stringent records retention requirements may need to consider adopting comparable measures if they have not already done so.
Search and Review
Mobile device data challenges continue after the preservation and collection phases of e-discovery. Many of the standard search and analytics techniques used to efficiently cull and review emails, from keyword search and concept clustering, to technology-assisted review and message threading, may yield less than optimal results when unleashed on a trove of texts and chats.
As its name might suggest, keyword search, the oft-critiqued but still dominant data filtering technique, relies on the presence of words that at least roughly approximate something that could be found in a dictionary. But texts and chats often use a lexicon all their own, with abbreviations, shorthand, spelling variations, emoticons, and now emoji. A picture may be worth a thousand words, but in the case of emoji, none of those words is readily searchable, despite having the potential to convey significant meaning. More confounding is the potential for inconsistency in how a given emoji will appear from one device to another. And without a millennial to translate, composing a useful set of text/chat keywords may be an exercise in futility, even with the benefit of wildcards and fuzzy searching methods.
Concept clustering and technology-assisted review (a.k.a., predictive coding) are also liable to struggle with texts and chats, as most messages are simply too short. Unlike an email chain, which could contain hundreds or thousands of words assembled into complete sentences suitable for data mining, most forensic tools export each text or chat as an individual document, with no reliable way to demarcate where one conversation ends and another begins. It is difficult to extract meaning from such short passages, devoid of their context. Aggregating into a single document all of the texts ever exchanged between two individuals could yield the opposite problem, since invariably they will represent a litany of otherwise disconnected topics over a period of months or years. Message threading tools, a lifeline in large email reviews, likewise tend to stumble on texts and chats.
Four Tips for Successful Mobile Discovery
In spite of these challenges, all hope should not be lost. Taking these proactive steps on your next litigation will help to mitigate mobile discovery's risks and impediments.
- Reach early consensus on the parameters of mobile device discovery as part of Federal Rule 26(f) meet-and-confer negotiations (or the state equivalent). It is best to know up-front what your preservation and production obligations (if any) will be, so that you can tackle them expediently and efficiently. Also remember that mobile device discovery is a two-way street: individual plaintiffs are just as likely as corporate defendants to possess relevant mobile content, if not more so. As an aside, if you anticipate producing to the SEC, take note of the agency's detailed mobile metadata specifications. See U.S. Securities and Exchange Commission Data Delivery Standards (available at https://www.sec.gov/divisions/enforce/datadeliverystandards.pdf).
- Find out each custodian's device, app usage, and cloud-backup profile as part of your custodian interview process (or earlier if leveraging a legal hold tracking system with electronic questionnaire capabilities). Also ask custodians whether they use emoticons or emoji in their business-related mobile correspondence. Having those answers in hand can be invaluable if and when it becomes necessary to collect, search, and review the contents of their devices.
- Consider prioritizing mobile device collections to help guard against inadvertent data loss after the duty to preserve attaches, but before discovery heats up. Even with the protections afforded unintentional data loss under the December 2015 amendments to Federal Rule 37(e), explaining to a court that a critical custodian's mobile device fell victim to water damage, was lost at the airport, or was exchanged for a new model before its data was collected is an unenviable task. Note that in certain instances, it may be possible to conduct a less onerous collection from a cloud-based or local backup of the mobile device.
- Choose a service provider with demonstrated expertise in handling mobile device data throughout the e-discovery lifecycle. While most vendors have the tools needed to forensically acquire data from current smartphones, far fewer have invested in custom solutions to facilitate culling and review of mobile data. This is particularly true with regard to SMS text messages and the abbreviations, emoji, and emoticons that are pervasive in that medium. Look for providers that can apply visual communications analysis tools to texts and chats or, at a minimum, associate texts by their participants.
Given the rate of change and innovation in mobile communications trends and platforms, e-discovery tools and procedures will always be playing catch-up. But since not every court will be sympathetic to these challenges, proactive litigants may increasingly choose to turn their attention to mobile device data at the earliest stages of each matter, just as they have long done for email.
The material in this publication was created as of the date set forth above and is based on laws, court decisions, administrative rulings and congressional materials that existed at that time, and should not be construed as legal advice or legal opinions on specific facts. The information in this publication is not intended to create, and the transmission and receipt of it does not constitute, a lawyer-client relationship.