2. Everything’s on your Phone
Mobile devises are “such a pervasive and insistent
part of daily life that the proverbial visitor from
Mars might conclude that they were an important
feature of human anatomy.”
~ Chief Justice Roberts in Riley v. California
2
3. Smartphone Usage
198M people in the U.S. own smartphones
65% of all minuetes spent on digital devices are on smartphones
25% of all users only access the web thru mobile devices
Leading uses are social media and IMS.
93% of smartphone users use text messenging.
Leading Apps:
• Facebook – 81% market penetration
• Facebook Messenger – 68%
• Instagram – 50%
• Snapchat – 50%
3
4. Smartphones in Business
80% of people use texting for business
42% of financial service providers use texting for
business
83% of businesses allow employees to use their
smartphones for business purposes
A BIG CONCERN OF BUSINESSES IS THE
CONCERN THAT CORPORATE DATA IS FINDING
ITS WAY ONTO EMPLOYEE-OWNED
SMARTPHONES.
4
5. Smartphones & ESI
Because Smartphones have become ubiquitous:
- 50% of all lawsuits involved preservation or collection of
mobile device data.
- 93% of all relevant mobile devices were smartphones.
Evidence sources from smartphones were an evidence source
very frequently in 81% of cases.
Computers were sources of evidence in 52% of cases.
~ Cellbrite Report on Industry Trends for Law Enforcement
5
6. Mobile Devise Exams are Intrusive
We store everything on them including passwords, SSNs,
garage door codes, location data, financial info, and private
correspondence.
Imaging of a mobile device collects everything and pre-
filtering is not usually possible.
All filtering is done post-collection.
This is the main reason there is a fight over imaging and
analysis of mobile devices.
A well crafter protocol will help alleviate these concerns.
When a forensic exam is unavoidable, suggest a neutral third
party conduct the exam pursuant to an agreed-upon protocol
that carefully limits what is to be disclosed to the data that is
relevant and proportional to the needs of the case.
6
8. Smartphones & eDiscovery
Mobile device ESI is just another type of data.
- Emails, texts, and chats are a form of communicaiton
- ESI from mobile devices is relevant, unique and compelling.
Discoverable pursuant to FRCP 34(a)(1)(A) and ISCR 214.
Subject to litigation holds and preservation orders.
But it is subject to the proportionality limitations set forth in
Rule 26(b)(1) and ISCR 201(c)(3)
Before permitting discovery of information on cellphones and
similar devices, courts must balance privacy and confidentiality
interests as required under FRCP 34.
8
9. Smartphones & Privacy
Electronic Communications Privacy Act
(“ECPA”) makes it illegal to share digital
content under certain circumstances.
Computer Fraud and Abuse Act
(“CFAA”)keeps people from getting into
computers without authorization or consent.
• Though the law does not explicitly include cell
phones, some courts may now consider cell phones
to be computers, and therefore, protected under
the act.
Stored Communications Act (“SCA”)
addresses voluntary and compelled
disclosure of stored electronic
communication records held by ISPs. 9
10. Smartphones & Privacy
We store everything on our Smartphones which is why the
use of cell phone evidence in court obtained from a user’s
service provider raise significant privacy concerns.
The Supreme Court considered the question in the context of
a criminal case in Riley v. California (2014)
• Cell phone data could not be accessed without a warrant,
even in a search incident to an arrest.
• Citing privacy concerns, the court reasoned that, unless
the phone could be used as a weapon, the user’s privacy
outweighed the officers’ need for the evidence that might
exist within the phone.
The Supreme Court considered the issue again in Carpenter v.
United States (2018) and confirmed cell phone users’
legitimate expectation of privacy when using mobile devices.
10
11. Smartphones, Courts & Privacy
When parties cannot agree on production of
relevant data from a smartphone, courts
have the power to order a forensic
examination.
But …. courts will safeguard privacy
interests and generally require a showing
that a party has failed to produce relevant
information before ordering a forensic
examination.
The general rule is no forensic exam
absence a showing of need or failure to
produce evidence. 11
12. Smartphones & Discovery
Hespe v. City of Chicago, No. 13-C-7998
(N.D.Ill. Dec. 15, 2016)
• City wanted to search Pl’s personal mobile
devices
• Pl claimed all relevant materials were produced
• Court denied the City’s request because:
Request was not proportional to the needs of
the case
Any benefit of the inspection is “outweighed
by Pl’s privacy and confidentiality interests.”
12
13. Smartphones & Discovery
If cellphone records are relevant,
then:
•Ask for the opposing party to
sign a release and authorization
to the provider company.
•Get a court order approving the
issuance of a subpoena.
13
14. Smartphones, Privacy & FRCP 34
“Inspection or testing of certain types of electronically stored
information or of a responding party’s electronic information
system may raise issues of confidentiality or privacy.
The addition of testing and sampling to Rule 34(a) with
regard to documents and electronically stored information is
not meant to create a routine right of direct access to a
party’s electronic information system, although such access
might be justified in some circumstances.
Courts should guard against undue intrusiveness resulting
from inspecting or testing such systems.”
Fed. R. Civ. P. 34, Advisory Committee Notes to 2006 Amendments
14
15. Rules of Practice
If relevant, then preservation and production is required.
Potentially serious consequences for inadvertent loses of data
• Spoliation
Do not delay in preservation steps. DO IT ASAP!
Text messages are not available after a few days from the
service provider.
• But phone records from the wireless carrier can establish that texts were
sent.
Possession, custody and control of the devices may be a
problem with company-owned devices.
Proportionality arguments are a hinderance to getting data from
the responding party.
Smartphone data are not covered by ECPA, SCA or CFAA in
ways that prevent discovery.
15
16. Best Practices for Smartphones
If you feel that a party’s Smartphone holds critical data:
Send a preservation demand ASAP
Tailor discovery requests seeking only relevant and proportional
information that cannot be obtained elsewhere.
Propose a protocol by which relevant information can be
extracted by a neutral third party without disclosure of
confidential, personal information.
Work cooperatively with your opponent to limit discovery to
matters proportional to the needs of the case, and make clear
what you are not providing and why.
Consider alternative, less burdensome or less intrusive sources
for the information sought.
When a forensic exam is unavoidable, suggest a neutral third
party conduct the exam pursuant to an agreed-upon protocol
that carefully limits what is to be disclosed to the data that is
relevant and proportional to the needs of the case. 16
17. Your Client’s Smartphone
If you think you need the data, isolate the device.
Preserve the data as soon as possible.
• Data has a way of “disappearing”
How you collect the data depends on factors such
as make, model, operating system, carrier and
settings.
Special forensic tools are required to extract as
much data as possible.
Hire a consultant to extract the data and to give
you the requisite IRE 902(13) Affidavit.
17
18. Collection Software
Touch2 – made by Israeli company Cellebrite
Universal extraction device
Pulls data from almost any gadget
Preserves the data in a format courts accept
Cloud Analyzer
Reaches the data on Google’s servers
Tracks location points
Can pinpoint a person’s location at a specific time.
Hire a professional forensic examiner.
18
20. Smartphones & the Third Pary Doctrine
The "third party doctrine"
Individuals have a reduced expectation of privacy when it
relates to information knowingly shared with a third party,
including cell phone companies.
Therefore, such information is not protected by the
Fourth Amendment and police don't need a warrant to
legally access it.
See: Smith v. Maryland, U.S. Supreme court 1979
In Carpenter v. U.S. (Supreme Court 2018) held that
the use of cell site location info (CSLI) is not subject to
the third party doctrine.
CSLI is data generated every time your phone
connects to a nearby tower.
20
21. Authentication of Evidence
Authentication of evidence is governed by Rule of
Evidence 901”
“To satisfy the requirement of authenticating or
identifying an item of evidence, the proponent must
produce evidence sufficient to support a finding that the
item is what the proponent claims it is.”
In other words, the authentication requirement
means that there must be a showing that the
“smoking gun” email, for example:
• is not a forgery and
• was actually sent and received
21
22. Authentication of Evidence
The bar for authentication of evidence is not high.
The prima facie showing can be made using direct
evidence or circumstantial evidence.
Courts tend to conduct this analysis regarding
conventional evidence by using a “reasonable
person” standard.
The same “reasonable person” analysis seemingly is
becoming the general rule for social media evidence
authentication despite some modern complications.
22
23. Authentication of Evidence
The Sedona Conference came out with a new paper
which is required reading if you are dealing with
evidentiary issues with ESI:
“The Sedona Conference Commentary on ESI
Evidence and Admissibility, Second Edition”
Also, required reading:
Lorraine v. Markel American Insurance Company,
241 F.R.D. 534 (D.MD. 2007)
23
24. Admissibility of ESI
Lorraine v. Markel American Insurance
Company, 241 F.R.D. 534 (D.MD. 2007)
• a landmark decision about the admissibility and
authentication of digital evidence was set down in a 100-
page opinion by Magistrate Judge Paul W. Grimm
• established a detailed baseline for the use of ESI before his
court (and in courts using the FRE).
• Given the guidelines and references provided by the judge, it
now becomes difficult for counsel to argue against the
admissibility of electronic evidence.
24
25. Self-Authenticating ESI –
New Rules 902(13)
Rule 902(13) now provides that the
following are self-authenticating:
• Electronic records generated by a system that produces
an accurate result as shown by a certification of a
qualified person that complies with the certification
requirements of Rule 902(11) or (12).
• This dispenses with the business records foundation.
• The certification must “contain information that would be
sufficient to establish authenticity were the information
provided by a witness at trial.”
25
26. Self-Authenticating ESI –
Rules 902(13) Example
Websites can be authenticated by:
• Witness testifies that they logged into the
website and reviewed what was there.
• And the proferred exhibit fairly and accurately
reflects what the witness say.
• A Rule 902(13) certification that provides these
facts is a substitute for testimony and shifts the
burden to the other party to refute the
foundation.
• Court’s role is to rule if there is a sufficient basis
for the jury to determine authenticity.
• Court must still assess admissibility. 26
27. Rule 902(14) -
Authenticating Digital Copies
Rule 902(14) is aimed at digital copies, making the
following self-authenticating:
Certified Data Copied from an Electronic
Device, Storage Medium, or File.
Data copied from an electronic device, storage
medium, or file, if authenticated by a process of
digital identification, as shown by a certification
of a qualified person that complies with the
certification requirements of Rule 902(11) or
(12).
The proponent also must meet the notice
requirements of Rule 902(11). 27
28. Rule 902(14) Certification -
a Product of Technology
FRE Advisory Committee Note discusses how
to authenticate a digital copy:
Data copied from electronic devices, storage media, and
electronic files are ordinarily authenticated by the “hash
value.”
HASH VALUE is a number that is often represented as a
sequence of characters and is produced by an algorithm
based upon the digital contents of a drive, medium, or
file.... [I]dentical hash values for the original and copy
reliably attest to the fact that they are exact duplicates.
This amendment allows self-authentication by a
certification of a qualified person that she checked
the hash value of the proffered item and that it was
identical to the original. 28
29. A Word on Texts
New technology called Over-The-Top
(OTT) messaging channels using
existing internet connections.
• Google’s Business Messages - a business-focused channel
that allows consumers to directly message businesses from
Google Search or Maps
• Apple Business Chat allows customers to message
companies from Maps, Safari, or Search.
• WhatsApp Business add QR-code reading and catalogue
sharing capabilities
• Facebook Messenger for Pages offers a new, consolidated
inbox for businesses
29