This Message Will Self-Destruct. Or Will It?

Newsletter - TerraLex Connections
This Message Will Self-Destruct. Or Will It?

By Joy Allen Woller and Jared Sutton[*]

 

2018 was the year of data privacy.  In April, Facebook CEO Mark Zuckerberg was called to testify before Congress to answer difficult questions about Facebook’s protections for its user data.  In May, the European Union’s General Data Protection Regulation made it known to the world that the privacy of its citizens was to be taken seriously and imposed severe consequences for those who failed to comply.  Across the United States, states like California and Colorado enacted sweeping data protection laws.  The message is clear: consumers want their privacy and governments are taking steps to protect them.

 

Technology companies have also answered the privacy call and ushered in the age of the “disappearing” messaging apps.  By offering encrypted or self-destructing messages, companies like Snapchat, Confide, Threema and others entice customers with assurances that their messages are truly private.  With declarations like “privacy is a universal human right”[1] and “taking back our right to privacy”, these “ephemeral” messaging applications seem to offer communication without consequence. 

 

But what happens when an individual’s desire for privacy, even if well-intentioned, conflicts with duties a party owes to the courts?  How should courts balance the right of a party to discover evidence, and the corresponding duty of a party to preserve evidence, with the right to privacy and programs that are deliberately designed to destroy data?  Does a party have an obligation to stop using messaging applications if they are in litigation or expect to be sued?  By and large these questions remain unanswered, but the federal rules of procedure governing electronically stored information (“ESI”) provide attorneys and their clients with the tools to navigate the challenging issues.

 

Wait, I need to review my client’s Snapchat?

 

Maybe, maybe not.  The first step in civil discovery is the identification of relevant information.  Before you can evaluate the discovery of messaging applications in litigation, you must know the messages exist in the first place.  With potentially relevant information existing in so many places, it can be easy to overlook chat messages as a potential source of information.  A critical first step is to simply remember to ask your witnesses how they communicate and whether they use chat-style software applications.  Likewise, ask opposing counsel about chat messages during your initial discovery conference about ESI.  Failing to do so could mean omitting an important source of relevant information in the case.

 

When you have determined that your client (or the opposing party) uses chat messages, the next question is whether the messages being sent are actually relevant to the case.  Discovery is, of course, limited to relevant matters.  As interesting as the messages may be, you probably do not need to produce your client’s grumpy cat memes or the latest viral video.  Evaluate whether the messages are likely to be relevant to the claims and defenses in your case and to be prepared to defend your decision.

 

If relevant messages exist, do I have to produce them?

 

Maybe, maybe not.  The scope of discovery in federal courts, and many state courts, is limited by proportionality.[2]  If you determine that your witnesses have used messaging applications to communicate about relevant information, you will need to figure out whether the messages still exist and how difficult it will be to search and produce them.  In determining whether messages must be produced, consider the amount in controversy in the case, the importance of the messages in resolving the issues, and whether the burden or expense of searching and producing the messages outweighs their likely benefit.[3]

 

Do not assume all messaging applications are alike.  While some applications rest their reputation on their ability to make messages “disappear”, other chat-style applications can be preserve and produce messages with relative ease.  You will need to find out how your client’s messaging platform works.  For example, does it “journal” or save a copy of all messages that are sent and received and, if so, for how long?  Can the preservation function be turned on or off and, if so, was it functioning during the relevant time?  Finally, does your client’s software allow individual users to store their own “chat history” and if so, did they?  GSuite’s Google Hangouts, as one example, offers individual users the ability to store their personal chat history in their Gmail account but also permits GSuite administrators to turn the function off.[4]  Office 365, as another example,  claims its eDiscovery capabilities include the ability to export preserved chat messages in Excel and other formats.[5]  Without understanding how these platforms work, it may look like messages have “disappeared,” when copies are stored elsewhere.  It is therefore important to talk to the administering IT department or service provider to understand the particular program and determine whether relevant messages have been preserved.

 

A party is generally not required to produce ESI that it identifies as “not reasonably accessible” due to undue burden or cost.[6]  You may not be required to produce chat messages if you can establish that the collection and production of the messages would cause an undue burden – either because the information will have relatively little value or because collecting them would be extremely expensive, or both.  For example, messages that can only be recovered by a forensic expert (e.g., because they are “deleted” or saved only in “unallocated” space on a computer hard drive) may be too expensive to collect for a small matter.  In a corporate setting, if the messages can only be preserved on a company-wide basis, instead of user by user, you may have an objection that the expense of preserving and collecting the messages is not proportional to the needs of the case.  If the messages are expected to be of limited value to the case, or are duplicative of information more readily attainable, a court may find that the burden of producing them outweighs the benefit.

 

It is important to be prepared to articulate, with specificity, the burden you anticipate. Your argument should not simply assume all messages are always difficult to preserve and produce.  Nor should you underestimate the court’s sophistication and ability to critically evaluate undue burden arguments in this age of rapidly expanding technology and ever-increasing concerns about privacy.   

 

Is my client permitted to use messaging apps after litigation has started?

 

Maybe, maybe not.  Several messaging applications by design, do not store messages or encrypt them so they cannot be recovered.  The messaging application Telegram allows users to set a “self-destruct timer” for messages and boasts it has “disclosed 0 bytes of user data to third parties, including governments.”[7]  Often referred to as “ephemeral messaging apps” or “EMAs”, these products claim to offer encrypted, self-destructing, messages that give users absolute privacy and an opportunity to “chat off the record.”  But what happens when a litigation hold is in place or litigation is reasonably anticipated?  May an individual or company use, or continue to use, these confidential apps to discuss matters relevant to the case, knowing the messages may be lost forever?

 

Ephemeral data is defined as “data that exists for a very brief, temporary period and is transitory in nature, such as data stored in RAM.”[8]  A number of thought leaders have suggested that such data, and other types of ESI, are presumptively “not reasonably accessible” and need not be produced in litigation.[9]  The 7th Circuit’s Electronic Discovery Pilot Program, for example, lists several categories of ESI, including “ephemeral data” that are generally not discoverable in most cases.[10]  Yet, some courts have held that similar forms of automatically “deleted” data (including overwritten server logs and Random Access Memory) are not necessarily off-limits in litigation.[11]

 

These cases do not specifically address the new ephemeral messaging apps so there is an argument that the cases are distinguishable.  Ephemeral logging data in RAM, for example, is transitory because of the way computer systems are designed to operate efficiently, not because of an intentional desire to make communications difficult or impossible to recover.  Conversely, if two people send messages to one another on Threema knowing that the messages will be immediately and permanently destroyed after they are sent, is it subject to a different standard because of an intent to destroy the evidence?  Does excluding these platforms from discovery altogether invite discovery abuse? 

 

On the other hand, should these messages be treated differently than a conversation between two witnesses chatting in the office breakroom?  After all, we do not ask our clients to start recording their oral conversations after litigation has begun.  And much like a conversation, the content of ephemeral messages can be explored through proper examination of a witness.  Does the fact that the message was fixed in a tangible medium, even temporarily, make it somehow qualitatively different than a conversation and thus subject to a preservation obligation? 

 

The issue of ephemeral messaging apps in litigation made headlines in a recent case involving Uber and a subsidiary of Google’s parent company.  In Waymo LLC v. Uber Technologies, Inc.,[12] Waymo accused Uber of misappropriating trade secrets concerning self-driving vehicles.  Among several discovery disputes, Waymo claimed Uber’s use of the messaging platform Wickr while litigation was pending was spoliation of evidence.  Regrettably, the court did not answer the question of whether use of an EMA is permissible after a litigation hold is in place.  The court did, however, note that Uber’s use of ephemeral communications was relevant “as a possible explanation for why Waymo has failed to turn up more evidence of [trade secret] misappropriation” and ordered that Waymo would be permitted to present evidence and argument about Uber’s use of EMAs.  Uber would likewise be able to present evidence that use of the EMA showed no wrongdoing.  Although the court did not expressly prohibit the post-litigation use of EMAs, it certainly signaled that parties do so at their own risk.

 

Get the answers by engaging the right team.

 

As more corporations and individuals employ these platforms and collaborative tools, we will see them more often at issue in litigation.  At the same time, our clients will face increased scrutiny on their treatment of private information.  To navigate this frequently changing landscape, it will be critical to engage competent counsel and technical assistance to ensure compliance with discovery obligations.

 


 

[1] https://wickr.com/privacy/.

[2] Fed. R. Civ. P. 26(b)(1).

[3] Id.

[4] https://support.google.com/a/answer/34169?hl=en.

[5] https://docs.microsoft.com/en-us/MicrosoftTeams/security-compliance-overview#ediscovery; https://docs.microsoft.com/en-us/microsoftteams/ediscovery-investigation.

[6] Fed. R. Civ. P. 26(b)(2)(b).

[7] https://telegram.org/faq.

[8] The Sedona Conference, Sedona Conference Glossary: E-Discovery and Digital Information Management (4th Ed.) (2014) (available at https://thesedonaconference.org).

[9] Fed.R.Civ.P. 26(b)(2)(b).

[10] https://www.discoverypilot.com/.

[11] Columbia Pictures, Indus. v. Bunnell, No. CV 06-1093FMCJCX, 2007 WL 2080419 (C.D. Cal.); MAI Systems Corp. v. Peak Computer, Inc., 991 F.2d 511, 518-19 (9th Cir. 1993).

[12] No. C 17-00939 WHA, 2018 WL 646701, *21 (N.D. Cal).


 

[*] Joy Woller, Partner eDiscovery & Data Management, Intellectual Property Litigation.  As Lewis Roca Rothgerber Christie's eDiscovery Partner, Joy is an ESI specialist.  She addresses complex discovery issues and ‎counsels her clients regarding eDiscovery resources and best practices.‎ Joy represents clients in commercial disputes, intellectual property litigation, and in trademark disputes before the U.S. Patent and Trademark Office.  Jared Sutton, Associate Commercial and Appellate Litigation, eDiscovery & Data Management.  Jared is a commercial litigator in Lewis Roca Rothgerber Christie LLP’s Phoenix office.  As a member of the firm’s Litigation Support and eDiscovery Group, Jared advises firm clients, lawyers, and staff on a wide range of eDiscovery issues.

 

Thursday, January 17, 2019
Litigation (Civil, Business and Commercial), Privacy / Use of Personal Information, Cyberspace Law / E-Commerce / Internet Law