Here Today, Gone Tomorrow: Preserving Ephemeral Evidence in E-Discovery WEBINAR
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
877.557.4273
catalystsecure.com
WEBINAR
Here Today, Gone Tomorrow: Thomas Gricks
Robert D. Keeling
Preserving Ephemeral Evidence in E-Discovery
Today’s Presenters
Robert D. Keeling Tom Gricks
Partner Director, Data Analytics
Sidley Austin LLP Catalyst Cloud Services
Agenda • The characteristics of ephemeral messaging • The business benefits of ephemeral messaging • The risks of ephemeral messaging • Overview of applicable legal hold principles • Decisions and analysis
The Reality of Ephemeral Messaging
The Proliferation of Ephemeral Messaging Apps
Getting a Sense of Usage
http://www.businessofapps.com/data
/telegram-statistics/
Characteristics of Many Ephemeral Messaging Apps
• End-to-end encryption
- encrypted at rest and in transit
- encryption keys are immediately deleted
• Automatic message deletion
- can be burn-on-read (BOR)
- sender and recipient control
- deletes from sender, recipient and server
• Screenshot protection
- notification
- single line review
- blank screen
End-to-End Encryption
Encryption in transit
End-to-end encryption
End-to-end encryption (no service provider)
The Business Benefits of Ephemeral Messaging
• Confidentiality & security
- protect against cybersecurity threats
- minimize sensitive ESI (e.g., HIPAA)
• Data minimization
- data storage
- eDiscovery
• Privacy by design
- FTC; Dept. of Commerce
- GDPR
The Risks of Ephemeral Messaging
• Negative Perception
• IG recordkeeping
- SEC
- FINRA
• Regulatory scrutiny
- DOJ FCPA Corporate Enforcement Policy
• ESI preservationThe DOJ FCPA Corporate Enforcement Policy The following items will be required for a company to receive full credit for timely and appropriate remediation… • 2017 Appropriate retention of business records, and prohibiting the improper destruction or deletion of business records, including prohibiting employees from using software that generates but does not appropriately retain business records or communications • 2019 Appropriate retention of business records, and prohibiting the improper destruction or deletion of business records, including implementing appropriate guidance and controls on the use of personal communications and ephemeral messaging platforms that undermine the company’s ability to appropriately retain business records or communications or otherwise comply with the company’s document retention policies or legal obligations
Applicable Legal Hold Principles
The Genesis of Modern Legal Holds “Once a party reasonably anticipates litigation, it must suspend its routine document retention/destruction policy and put in place a ‘litigation hold’.” Zubulake v. UBS Warburg (“Zubulake IV”) 220 F.R.D. 212 (S.D.N.Y. 2003) But see, Robert Keeling, Sometimes, Old Rules Know Best: Returning to Common Law Conceptions of the Duty to Preserve in the Digital Information Age, Catholic University Law Review, (Winter 2018)
The Scope of Legal Holds – FRCP 37(e)
FAILURE TO PRESERVE ELECTRONICALLY STORED INFORMATION
If ESI that should have been preserved in the anticipation or conduct of litigation is lost
because a party failed to take reasonable steps to preserve it, and it cannot be restored
or replaced through additional discovery, the court:
(1) Upon finding prejudice, may order measures no greater than necessary to cure the
prejudice; or
(2) only upon finding that the party acted with the intent to deprive another party of the
information’s use in the litigation may:
(A) presume that the lost information was unfavorable to the party ;
(B) instruct the jury that it may or must presume the information was unfavorable to
the party; or
(C) dismiss the action or enter a default judgment.The Sedona Guidelines
• Original Guidelines issued in 2010
• Team formed to update the Guidelines
in 2017
• Commentary released for public comment
December 2018
The Sedona Conference Commentary on Legal Holds,
Second Edition: The Trigger & The Process, Public
Comment Version (Dec 2018).Guideline 7: Implementing Preservation Obligations
Factors that may be considered in determining the
scope of information that should be preserved
include the nature of the issues raised in the matter,
the accessibility of the information, the probative
value of the information, and the relative burdens
and costs of the preservation effort.Guideline 7: Ephemeral Data, Specifically
Likewise, transient or ephemeral data not kept in the ordinary course of
business and that the organization may have no means of preserving
may not need to be preserved. Absent a showing of special need, The
Sedona Principles states that a responding party should not be
required to “preserve, review, or produce deleted, shadowed,
fragmented, or residual [ESI].” Similarly, many organizations have
made a good-faith decision to not retain information such as instant
messaging, chats, or voicemail messages in the ordinary course of
business so that, absent compelling circumstance or an order of the
court, there should be no expectation of preserving and producing
information from such sources.Guideline 7: Supporting Materials
[W]hile the duty to preserve ephemeral data is very
narrow, a duty may exist where the responding party is
on notice that the ephemeral data is highly relevant and
unique, and where the burden and cost of preserving
the ephemeral data does not outweigh the value of its
preservation
Withers, Kenneth J., “Ephemeral Data” and the Duty to Preserve Discoverable
Electronically Stored Information, 37 U. Balt. Law Review, Vol. 37: Iss. 3, Article 4Guideline 2: Have a Policy
Adopting and consistently following a
policy governing an organization’s
preservation obligations are factors
that may demonstrate reasonableness
and good faith.Analysis & Considerations
Ethical Obligation of Technology Competence
• ABA Model Rule 1.1
A lawyer shall provide competent representation to a client.
Competent representation requires the legal knowledge, skill,
thoroughness and preparation reasonably necessary for the
representation
• Comment 8
To maintain the requisite knowledge and skill, a lawyer should
keep abreast of changes in the law and its practice, including the
benefits and risks associated with relevant technology, engage in
continuing study and education and comply with all continuing
legal education requirements to which the lawyer is subject
…Be aware of the use and implications of
ephemeral messaging appsThe Reality of Negative Perceptions
• The Mueller Report
Further, the Office learned that some of the individuals we
interviewed or whose conduct we investigated – including some
associated with the Trump Campaign – deleted relevant
communications or communicated during the relevant period
using applications that feature encryption or that do not provide
for long-term retention of data or communications records. In
such cases, the Office was not able to corroborate witness
statements through comparison to contemporaneous
communications or fully question witnesses about statements that
appeared inconsistent with other known facts.Potential Regulatory Implications
• Missouri Governor Eric Greitens
- Greitens and 19 staffers used Confide and Silent Phone
- Greitens was sued for violation of Sunshine Laws
• City of Long Beach Police Department
- police officers used TigerText to avoid public disclosure of
conversations regarding, inter alia, police shootings
- Through “extensive legal research,” it was concluded that
messages sent on TigerText are “transitory” and not public
records, so they are not subject to the city’s record retention
policy, nor the California Public Records Act
- Recommendation: develop policies for IM use; create a
professional standards position to update; consider whether
to archive messages or change expiration settingsWaymo v. Uber
• Suit for trade secret misappropriation
• Use of ephemeral messaging apps
- Uber instructed employees to use Wickr to discuss
its self-driving technology efforts
- Uber employees used Wickr after the trigger for a
legal hold
- Waymo argued spoliation
• Resolution
- Waymo could cite the use of Wickr as a possible
explanation for the failure to turn up more evidence
of misappropriation
- Uber was permitted to present evidence of legitimate
business usePotentially Available Data Sources
• Wickr Enterprise
- “configurable ephemerality”
- individual control of retention periods
• Metadata
- some providers maintain metadata on servers (time, date,
parties, contacts)
- metadata may be available on devices
• Screenshots/videosThe Elephant in the Room
…treating ephemeral messages as
conversationsLearn More Visit catalystsecure.com to find more resources: •Guidance on best practices •Webinars and podcasts •Case studies
You can also read
