Loading ... A good friend shared an interesting story over the weekend about how the Michigan State Police routinely collect forensic snapshots of mobile phones during traffic stops.
Apparently the American Civil Liberties Association (ACLU) is investigating the MSP’s use of the CelleBrite UFED kit during minor traffic stops without a warrant. At first, this seems outside the arena of civil electronic discovery. However, the story headline claims that the CelleBrite UFED only takes 2 minutes to image a mobile phone. The fact that they are being used by a state patrol officer during a traffic stop certainly backs up this time frame, but I could not find any performance information on the CelleBrite site.
I see the new generation of mobile forensic technologies breaking down corporate ‘unduly burdensome’ arguments that have managed to exclude these devices from the discovery scope of many/most cases. After all, a plaintiff can now point to this article and ask, “Why can’t you use a similar device to preserve all custodian phones during your initial interviews?” Widespread use by non-geeks on roadside traffic stops certainly makes that a tough argument to fight.
So how to you keep mobile devices out of discovery scope? My best answer to corporate clients has been to use policy and technology to ensure that they content on mobile devices is duplicated within their accessible ESI sources. In plain language, any real ‘documents’ or communications must be synchronized or backed up onto the network in a way that the normal preservation and collection process can access. There IS time and location based information on many of these devices that is difficult to synchronize/replicate without a full forensic image, but almost everything else can be configured so that it is merged into the normal communication or file management systems. Worst case scenario is that you implement a process wherein custodians under legal hold are required to register passwords and back up their devices to a network location. Although I can definitely see matter scenarios where being able to reconstruct custodial physical locations on a timeline could be useful, I hope that we can limit this level of invasiveness as much as possible.
iPhone Data Collection in Minutes
Mobile Device Discovery Checklist:
- Review and update your corporate usage policies
- Review and/or implement corporate documented user training to demonstrate policy awareness and compliance
- Review and update your standardized civil disclosures to make your policies clear and start from the position that there are no corporate records or documents on user devices that are not found in other corporate repositories. In other words, declare iPhones and iPads duplicative and out of discovery scope from the start.
- Establish a process for preserving and collecting unique ESI from mobile devices in case one of those unique matters jumps up.
- Evaluate technologies such as automated back up, synchronization and policy enforcement that could ease user compliance burdens and strengthen inaccessibility arguments.
It is important to recognize that the global corporate workforce is increasingly mobile and ‘online’. You cannot stop your users from adopting these technologies without strangling your own competitive advantages. The earliest adopters of corporate iPad use were C-level executives. The first time that I saw them in heavy business use was when presenting to executive committees and making analyst briefings in Silicon Valley. They are here to stay and the Michigan State Police just proved that they are accessible.
How are you handling mobile devices? Have you already had to collect from them? We would love to hear about it.
eDIscoveryJournal Contributor – Greg Buckles
Greg, I saw this article last week as well, and it scared the heck out of me. I think there may be constitutional concerns from a legal perspective and would love to hear from some attorneys on this issue.
April 9, 2012 at 2:32 pm
Jason Velasco
Member Type: Other | Role: Consultant | Size: Small (less than 50) | Years of Experience: 15 | Certifications/Licenses: N/A
I’m actually not as worried about the actual police state implications. I think that our constitutional process will deal with this and even a conservative supreme court will step in. My issue is the ease and speed of the acquisition and analysis. This kills burden arguments.
April 9, 2012 at 2:34 pm
Greg Buckles
Member Type: Other | Role: Consultant | Size: Solo | Years of Experience: 22 | Certifications/Licenses: court certified expert witness
This certainly is a search/seizure so I am not sure it is warranted given that, generally, probably cause is required to do this (i.e. that contraband or evidence is contained in the vehicle or container). Routine capture seems to cross that line. What is the officer suspects texting/calling while driving?
As for the burden, I would completely agree that a 2 minute capture suggests this is not burdensome. Perhaps it depends on the type of phone (some are more difficult than others) and the type of information being captured from the phone?
April 9, 2012 at 5:49 pm
pstarrett
Member Type: Firm | Role: Attorney | Size: Solo | Years of Experience: 10 | Certifications/Licenses: EnCE, CFE, PI License
Knowing how these systems work, I would say that only the size of the storage would actually affect the time required to do the capture. i.e. a 32GB iPhone might take twice as long as a 16GB iPhone.
April 9, 2012 at 5:52 pm
Greg Buckles
Member Type: Other | Role: Consultant | Size: Solo | Years of Experience: 22 | Certifications/Licenses: court certified expert witness