mobile-device-security[1]Can anyone doubt the changes wrought by the modern “smart” cellphone?  My new home sits at the corner of one-way streets in New Orleans, my porch a few feet from motorists.  At my former NOLA home, my porch faced cars stopped for a street light.  From my vantage points, I saw drivers looking at their phones, some so engrossed they failed to move when they could.  Phones impact how traffic progresses through controlled intersections in every community.  We are slow-moving zombies in cars.

Distracted driving has eclipsed speeding and drunken driving as the leading cause of motor vehicle collisions.  Walking into fixed objects while texting is reportedly the most common reason young people visit emergency rooms today.  Instances of “distracted walking” injury have doubled every year since 2006.  Doing the math, 250 ER visits in 2006 are over half a million ER visits today, because we walk into poles, doors and parked cars while texting.

Look around you.  CAUTION: This will entail looking up from your phone.  How many are using their phones? At a concert, how many are experiencing it through the lens of their cell phone cameras?  How many selfies?  How many texts?  How many apps?

Lately I’ve begun asking CLE attendees how many are never more than an arm’s length from their phones 24/7.  A majority raise their hands.  These are tech-wary lawyers, and most are Boomers, not Millennials.

Smart phones have changed us.  Litigants are at a turning point in meeting e-discovery duties, and lawyers ignore this sea change at peril.  The “legal industry” has chosen self-deception when it comes to mobile devices. It’s a lie in line with corporate bottom lines, and it once found support in the e-discovery case law and rules of procedure.  But, no more.

Today, if you fail to advise clients to preserve relevant and unique mobile data when under a preservation duty, you’re committing malpractice. 

Yes, I used the “M” word, and not lightly.

I wouldn’t have called it malpractice a few years ago.  But two things have changed, and we can’t hide our heads in the sand.  These are paradigm shifts.

The two things are, first, the data on phones and tablets is not just a copy of information held elsewhere.  It’s unique, and often relevant, probative evidence.  Second, the locking down of phone content has driven the preservation of mobile content from the esoteric realm of computer forensics to the readily accessible world of apps and backups.  These developments mean that, notwithstanding the outdated rationales lawyers trot out for ignoring mobile, the time has come to accept that mobile is routinely within the scope of preservation obligations.

Too, lawyers need to stop treating mobile devices like biohazards and realize that there are easy, low-cost ways to preserve relevant mobile content without taking phones away from users.  Because it’s easy and cheap to preserve it, mobile content is accessible, and its preservation, when potentially relevant, is proportionate under the Rules.

That’s a strong stand, and one some will angrily reject.  I get where they’re coming from.  It was wonderful to be able to ignore mobile in e-discovery.  Mobile was a black hole.  It wasn’t just that you had to hire technical experts to use expensive tools to preserve the contents of phones, it was like pulling teeth to get users to let loose of their devices for the hours or days it took to collect them.  Even when they did hand them over, more than a few users claimed to have entered the wrong password too many times and “accidentally” wiped the contents of the phone.   “Oops. My bad.”

If that never happened to one of your clients, it may be because your client wasn’t preserving phone data, indulging in the assumption that whatever they’d glean from the phone would be collected elsewhere.  They deemed mobile redundant.

Lecturing about mobile and IoT in D.C. last year, an associate from a megafirm confided to me that his firm routinely advised all its litigation clients that they need not preserve the content of mobile devices because “all the relevant content would be duplicated on the servers.”  I asked if the firm had ever tested its advice against the relevant data to determine if there was truth in what they were telling clients.  He admitted they never had, and offered that they’d never do so.  The firm didn’t want to know the facts because the fairy tale of “replicated elsewhere” was what the client wanted to hear.

Is it a fairy tale?  I have my own views based on my own comparisons of mobile content versus other collected sources.  What I see demonstrates that the claim that what’s relevant on a phone is preserved elsewhere is a whopper.  I am routinely finding examples of relevant data stored on mobile devices that is not found among the other sources of data routinely preserved in e-discovery.  The replication fairy tale is a relic of a bygone era of Blackberry Enterprise Servers and phones with lower IQs than the brilliant devices now our constant companions and confidantes.

But, I’m not asking you (or courts) to take my word for it.  Test it yourself.

If you’re going to tell the tale, then get some metrics to make it plausible.  Use sampling.  Process the phones of a few key custodians and compare all the potentially relevant items collected from their mobile devices against the other sources collected for the sampled custodians.  What’s the differential?  Is the unique evidence from the mobile device probative and material?

I’ve done that, and so I know replication is a fairy tale.  If you want to claim it’s true for your client in your case, how about putting some facts to work?  Bear the burden of proof, or start bearing the onus of truth.  When you have the facts, you’ll have to let loose of the legend and preserve relevant mobile content.

That’s the bad news for those who would prefer to ignore mobile.  But take heart, as that will seem like great news compared to the next development.  Yet, there’s a silver lining.  Mobile preservation’s become quick, cheap and easy.

A few years ago, mobile phones shared some of the characteristics of personal computers in that they held latent data that could be recovered using specialized tools sold for princely sums by a couple of shadowy tech companies.  So, the preservation of mobile devices slipped into the shadows, too.  Phones and tablets were forensic evidence, and only forensic examiners could collect their contents.

Although users used mobile devices all day, the contents of mobile devices were dubbed “not reasonably accessible.”  It was too costly and burdensome to preserve a phone.  Good thing, because users were holding onto their phones tighter than Willie Nelson clutches a bong  Donald Trump grabs a pu LIFE ITSELF.  Users protested, “the mobile phone is the only way the kids’ school can reach me in an emergency, and I can’t use another phone because everyone texts now, and WHO REMEMBERS PHONE NUMBERS ANYMORE?”

So, the next altered paradigm: In e-discovery today, the forensic-level preservation of phones—the sort geared to deleted content and forensic artifacts—is a fool’s errand.  As the public learned from the FBI’s tussle with Apple over unlocking the iPhones of the San Bernardino terrorists, modern smart phones are locked down hard.  Content is encrypted and even the keys to access the encrypted content are themselves encrypted.  Phone forensics isn’t what it used to be.  More and more, we can’t get to that cornucopia of recoverable forensically-significant data.

At the same time, it’s quick, easy and free for a user to generate a full, unencrypted backup of a phone without surrendering possession.  The user can even place the backup in a designated location for safekeeping by counsel or IT.  Will this be a “forensic image” of the contents?  Strictly speaking, no.  But as the phone manufacturers tighten their security, “forensic imaging” becomes less and less likely to yield up content of the sort encompassed by a routine e-discovery preservation obligation.  Not every case is a job for C.S.I.—and I say that as someone who makes a living through computer forensics.

I grant that a full unencrypted backup of an iPhone isn’t going to encompass all the data that might be gleaned by a pull-out-all-stops forensic preservation of the phone.  But so what?  As my corporate colleagues love to say, “the standard for ESI preservation isn’t perfect.”  I always agree adding, “but it isn’t lousy either.”  Preserving by backup isn’t perfect; but, it isn’t lousy.  I’ve come to regard it as sufficient and proportionate.  It’s good enough, and in most cases, darn good.

I think this is important.  It’s a game changer for what most litigants are doing today.  In a view I hope will come to be shared by all who think it through—preservation of mobile device content must become a standard component of a competent preservation effort except where the mobile content can be shown to be beyond scope.  Mobile content has become so relevant and unique, and the ability to preserve it so undemanding, that the standard must be preservation.

In a future post, I’ll lay out the steps to make mobile preservation part of routine preservation workflows and facilitate custodial-initiated preservation of mobile device content.  I’ll also talk about why it’s defensible, proportionate and amenable to targeted processing when it’s time to move from preservation to production.

Always interested in your comments, too!

Advertisements