Picking up your forensic toolbox and becoming your opposition’s BYOD nightmare

There is a burgeoning market out there of tools that can uncover and preserve the data wiped from mobile devices

This is part two of a three-part series on developments in mobile device discovery and its impact on the lives of in-house counsel. The first, “Bring your own discovery nightmare: Inside counsel in the BYOD era,” was published by Inside Counsel on Sept, 6, 2013.

A recent Corporate Counsel survey of technology used in corporate legal departments pronounced that “mobile is here, and it's hot” and that “it ... may be steering law departments toward trouble." It revealed that 76 percent of respondent organizations allowed their legal staff to use their own mobile devices for work. This should not be surprising, considering that, according to anecdotal evidence easily retrieved in practically any public space anywhere, approximately everyone has a "smart" device of some sort today. What is surprising, however, is that nearly a quarter of those responding said that their legal department had no policy in place covering the use of these devices.

I ended the first article in this series by proposing that the attorney who responded appropriately to these changes in the electronic discovery landscape might actually get a good night’s sleep while her opposition tossed and turned in a nightmare of missed opportunities. This article will, hopefully, mark a clearer path to the former’s experience.

Much of the important decision-making that goes on in the legal sphere depends on determinations of reasonableness. Your duty to comply with discovery requests, for instance, often boils down to a duty to do whatever a reasonable party would do to collect and hand over relevant documents that the other party has requested. Your duty to preserve documents boils down to a duty to take reasonable measures to preserve documents. Your duty to compel the opposition (whether a former or current employee or a market challenger) to produce relevant documents also can boil down to a reasonable effort. Of course, reasonableness is just a baseline.

Why the reasonableness standard has persisted in our jurisprudence is, quite simply, that it is not a fixed standard. Reasonableness is a dynamic state dependent on the circumstances that surround it at a given time. For example, five years ago, reasonable precautions regarding either the safeguarding of an electronic repository, the transfer of an electronic document or the preservation of electronic evidence would not necessarily be found reasonable today. The digital landscape remains a frontier and the newest territory, expanding as steadily as our networks of social "connections," is the territory occupied by mobile devices.

Mobile devices and the data created by them have previously been treated as somewhat ephemeral, as if the data was somehow less real, less solid and less discoverable. There has also been a silent agreement among parties that the data is too expensive or too complicated to recover, and that, essentially, “we won’t ask for yours if you don’t ask for ours.” This unspoken agreement and reticence to approach new technology has equated to a reasonable approach, simply because it has not been challenged. A decade ago, perhaps, it was still reasonable not to ask for web-based email. But the tools have changed, and with them, the expectations.

For some time now, the wall that separated e-discovery and digital forensics has been flickering away like the mirage it has always been. Nowhere is that more evident than in the case of mobile devices. These devices move in and out of wireless networks and cellular connections and utilize a dizzying variety of "cloud" servers to store the data they create or collect. They also house somewhat predictable and imminently searchable databases — and within each of these your opponents are casually leaving the pieces of your next smoking gun. While this should strike fear into the hearts of stakeholders who have no policies or tools in place to access this data, it should also be taken as very good news for those who take the time to learn the new terrain. Why? Because those who are prepared will likely find that their opposition has left the door open for significant and revealing discovery requests.

From another angle, imagine that your own employee quits. She goes to work for a competitor who announces a new product that looks a lot like the product she developed while working for you. Meanwhile, she left your network, taking her iPhone with her. So you start asking questions. Information starts flowing in through the grapevine with specific references to work-related documents that are not readily available on your system and to text messages between employees regarding possible (likely) litigation. These documents and texts are not in your DMS or on her former hard drive; they’re on the iPhone.

But wait — remember that you read the first article in this series and, afterward, immediately implemented an air-tight BYOD policy on which all employees signed-off. The policy states that any company-issued mobile device or any personal device granted access to the company network or to documents created within the company network must be submitted for forensic imaging upon termination of employment. Of course, in the case of a personal device, the analysis of the image would be limited to the extent that data contained on the device might be relevant to any legal proceeding. Privacy rights must be maintained as to otherwise personal information, but you can get the documents and texts you need off the phone! You relax. You take a deep breath. “It's ok,” you think. “We can get the phone.”

You make a few calls and actually reach the former employee. On advice of counsel, she agrees to ship the phone and it arrives. You turn it on annnnd … it's empty. Nothing but default applications and Angry Birds. So, after all the policy-making and cooperation, you still have nothing, and your opposing party has nothing to fear.

Now, imagine this: You read the first article in this series and you learned that tools exist that that work just like your e-discovery review platform to collect and review data, but from mobile devices! Even better, imagine you purchased that tool, installed it a few weeks ago and tested out its data capture on your own phone. You found emails, text messages and other information that you previously deleted, and you found them all without even really trying. You plugged in your phone, selected “capture” from the menu, and minutes — not hours — later, you had it all. You smiled that day and moved on with your life, assured that someday soon you would need this tool and that you had it ready.

Today is that day. Your opponent’s windfall dreams have just become nightmares because you have her phone and you have a tool. You know that files have been deleted and the tool can verify that. Not only can you recover what was destroyed and preserve it in a forensically-sound format, you can also save a forensically-sound image of the phone as it was “produced” to you. You can prove that shenanigans were attempted and you also get the data. Her nightmare is your very good day as counsel, and you didn’t even have to hire a forensics expert.

There is a burgeoning market out there of tools that can uncover and preserve the data wiped from mobile devices, and judges are beginning to understand this. Soon, with the proliferation of discoverable information on mobile devices, the reasonableness standard must necessarily expand to cover mobile device forensic analysis and data recovery. As the tools continue to evolve both in power and usability, their use will evolve from recommended to mandatory.

In the recent past, perhaps, we could have left forensics to the forensics guys because we at least knew where our data lived — most of the time. It's just not the case anymore. These devices, so frequently off of our networks, still contain documents created in the course of our business, and as such, we are responsible for them. For now, acquire the tools and the training. Create or revise your policies. Educate your people.

Prepare to administer a very hard lesson to those who continue to neglect mobile security or mobile investigation. Become their BYOD nightmare.

Coming next month: What to do when the opposing party cries, “But wait, by reviewing my mobile phone you are seeing personal data, which is inextricably intertwined with my work documents, and invading my privacy!” Return to read more about the privacy implications of mobile device discovery in Part Three of our series …

Contributing Author

author image

Eric Killough

Eric Killough is product marketing manager for AccessData's complete e-Discovery solution. He provides thought leadership, product evangelism, market research and strategic messaging. Eric is also...

Bio and more articles

Join the Conversation

11

Advertisement. Closing in 15 seconds.