Migrated from eDJGroupInc.com. Author: Greg Buckles. Published: 2012-04-09 14:00:30
A good friend shared an interesting story over the weekend about how the Michigan State Police routinely collect forensic snapshots of mobile phones during traffic stops.
Apparently the American Civil Liberties Association (ACLU) is investigating the MSP’s use of the CelleBrite UFED kit during minor traffic stops without a warrant. At first, this seems outside the arena of civil electronic discovery. However, the story headline claims that the CelleBrite UFED only takes 2 minutes to image a mobile phone. The fact that they are being used by a state patrol officer during a traffic stop certainly backs up this time frame, but I could not find any performance information on the CelleBrite site.
I see the new generation of mobile forensic technologies breaking down corporate ‘unduly burdensome’ arguments that have managed to exclude these devices from the discovery scope of many/most cases. After all, a plaintiff can now point to this article and ask, “Why can’t you use a similar device to preserve all custodian phones during your initial interviews?” Widespread use by non-geeks on roadside traffic stops certainly makes that a tough argument to fight.
So how to you keep mobile devices out of discovery scope? My best answer to corporate clients has been to use policy and technology to ensure that they content on mobile devices is duplicated within their accessible ESI sources. In plain language, any real ‘documents’ or communications must be synchronized or backed up onto the network in a way that the normal preservation and collection process can access. There IS time and location based information on many of these devices that is difficult to synchronize/replicate without a full forensic image, but almost everything else can be configured so that it is merged into the normal communication or file management systems. Worst case scenario is that you implement a process wherein custodians under legal hold are required to register passwords and back up their devices to a network location. Although I can definitely see matter scenarios where being able to reconstruct custodial physical locations on a timeline could be useful, I hope that we can limit this level of invasiveness as much as possible.
Mobile Device Discovery Checklist:
- Review and update your corporate usage policies
- Review and/or implement corporate documented user training to demonstrate policy awareness and compliance
- Review and update your standardized civil disclosures to make your policies clear and start from the position that there are no corporate records or documents on user devices that are not found in other corporate repositories. In other words, declare iPhones and iPads duplicative and out of discovery scope from the start.
- Establish a process for preserving and collecting unique ESI from mobile devices in case one of those unique matters jumps up.
- Evaluate technologies such as automated back up, synchronization and policy enforcement that could ease user compliance burdens and strengthen inaccessibility arguments.
It is important to recognize that the global corporate workforce is increasingly mobile and ‘online’. You cannot stop your users from adopting these technologies without strangling your own competitive advantages. The earliest adopters of corporate iPad use were C-level executives. The first time that I saw them in heavy business use was when presenting to executive committees and making analyst briefings in Silicon Valley. They are here to stay and the Michigan State Police just proved that they are accessible.
How are you handling mobile devices? Have you already had to collect from them? We would love to hear about it.
eDIscoveryJournal Contributor – Greg Buckles