Mobile Devices in E-Discovery

Texas Lawyer’s

In-house Counsel Summit

Houston, Texas

April 4, 2013

Bryan Foster

Mark Michels

Deloitte Financial Advisory Services LLP

1

Overview

The legal context

• Civil

• Criminal

3

Mobile device proliferation 17

Mobile device discovery and forensics 21

Implications for in-house counsel 27

Copyright © 2013 Deloitte Development LLC. All rights reserved.

Disclaimer

The oral presentation and this written material (collectively, the “Materials”) contain general information only and Deloitte Financial Advisory Services LLP and its affiliates, are not, by means of these Materials, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. These

Materials are not a substitute for such professional advice or services, nor should they be used as a basis for any decision or action that may affect your business.

Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor.

Deloitte Financial Advisory Services LLP and its affiliates shall not be responsible for any loss sustained by any person who relies on these Materials.

2 Copyright © 2013 Deloitte Development LLC. All rights reserved.

Mobile device discovery

The legal context*

* Deloitte Financial Advisory Services LLP does not provide any legal advice or address any questions of law.

4

Resolved: That Mobile Device

Discovery is Not Really Interesting

Pro

: Mark Michels, Deloitte Discovery

Con

: Bryan Foster, Deloitte Discovery


5

Federal Rule of Civil Procedure 26(b)(1), Discovery

Scope and Limits, Scope in General

Parties may obtain discovery regarding any nonprivileged matter that is relevant to any party's claim or defense — including the existence, description, nature, custody, condition, and location of any documents or other tangible things and the identity and location of persons who know of any discoverable matter. . . Relevant information need not be admissible at the trial if the discovery appears reasonably calculated to lead to the discovery of admissible evidence

.


6

Texas Rules of Civil Procedure, 192.3(a), Scope of

Discovery

In general, a party may obtain discovery regarding any matter that is not privileged and is relevant to the subject matter of the pending action, whether it relates to the claim or defense of the party seeking discovery or the claim or defense of any other party.

It is not a ground for objection that the information sought will be inadmissible at trial if the information sought appears reasonably calculated to lead to the discovery of admissible evidence.


7

Federal Rule of Civil Procedure 34. Producing

Documents, Electronically Stored Information, and

Tangible Things. . .

(a) In General. A party may serve on any other party a request within the scope of Rule 26(b):

(1) to produce and permit the requesting party or its representative to inspect, copy, test, or sample the following items in the responding party’s possession, custody, or control:

*******

(B) any designated tangible things;


8

FRCP 34 Advisory Committee Notes to 2006

Amendments

Rule 34(a)(1) is expansive and includes any type of information that is stored electronically. . .. The rule covers – either as documents or as electronically stored information – information

"stored in any medium," to encompass future developments in computer technology. Rule

34(a)(1) is intended to be broad enough to cover all current types of computer-based information, and flexible enough to encompass future changes and developments.


9

Texas Rules of Civil Procedure, 196.1(a), Request for

Production and Inspection to Parties

A party may serve on another party — no later than

30 days before the end of the discovery period — a request for production or for inspection, to inspect, sample, test, photograph and copy documents or tangible things within the scope of discovery.


Discovery request for mobile phones

Example Request

Please produce for inspection any and all mobile phones possessed by the Defendant from October

1, 2010 to present. (Plaintiff’s counsel will arrange for a replacement phone during the time of the inspection, not to exceed ten (10) business days from the date of production.)


Preservation requirements — one court’s take

“Generally, the duty to preserve arises when a party has notice that the evidence is relevant to litigation or . . .should have known that the evidence may be relevant to future litigation .”

Rimkus Consulting Group, Inc. v. Cammarata , 688 F. Supp. 2d 598, 612

(S.D. Tex. 2010) (citation and internal quotation marks omitted).


Sanctions for failing to preserve mobile device data

Defendant’s wiping of all emails, calendar items, text messages, and telephone records from . . .

[Defendant’s mobile devices] warranted an adverse inference jury instruction regarding defendants’ failure to preserve data . . . that would have been advantageous to plaintiffs and disadvantageous to

Defendants.

Southeastern Mechanical Services, Inc., v. Brody, et al., 657 F. Supp 2d 1293 (M.D. Fla. 2009)


Smartphone Preservation Failure Sanctions

Defendants had a duty to preserve smartphone text messages but took no steps to preserve them. Failure to preserve smartphone text messages warranted sanctions.

“[P]laintiffs will be permitted to introduce evidence at trial, if they wish. . . of defendants failure to preserve [smartphone] text messages. Plaintiffs may argue whatever inference they hope the jury will draw. Defendants may present evidence in explanation, assuming of course that the evidence is otherwise admissible, and argue that no adverse inference should be drawn.”

Christou v. Beatport , 2013 WL 248058 (D. Colo.)



Law enforcement cellphone demands

“Cellphone carriers reported that they responded to a startling 1.3 million demands for subscriber information last year from law enforcement agencies seeking text messages, caller locations and other information in the course of investigations .”

More Demands on Cell Carriers in Surveillance , New York Times, July 8, 2012 http://www.nytimes.com/2012/07/09/us/cell-carriers-see-uptick-in-requests-to-aidsurveillance.html?pagewanted=all&_r=0


DOJ pen/trap devices

Original orders

25000

20000

15000

10000

5000

0

1998 2000 2002 2004

Pen register

2006 2008

Trap and trace

2010 2012

ACLU, “New Justice Department Documents Show Huge Increase in Warrantless Electronic Surveillance, 09/27/2012” http://www.aclu.org/blog/national-security-technology-and-liberty/new-justice-department-documents-show-huge-increase



Mobile device proliferation

Mobile device proliferation

• 290+million mobile phones in the United States (ITU, 2011)

• 88% of American adults have a cell phone and 19% have a tablet computer (Pew, April 13, 2012)

• Almost half (49.7%) of U.S. mobile subscribers now own smartphones (Nielsen, February 2012)

• 4.4 billion mobile subscribers worldwide, (Ericsson Mobility

Report Interim Update February 2013)

• 53 percent of employees are using their own technology for work purposes (Forrester Research, June 2012)


27% of the U.S. population own tablets and about half

(49%) own smartphones

Among all respondents

Desktop computer

Laptop/Netbook

Multimedia smartphone

Multimedia handheld device

Tablet device

Dedicated e-reader

Flat-panel high-definition TV

Digital video recorder

Total

29%

25%

70%

50%

75%

74%

Trailing millennials

(%)

Leading millennials

(%)

49 58

Xers

(%)

79

82 85 76

46

48

19

29

62

41

65

37

28

20

69

49 50

58

33

30

28

68

Boomers

(%)

82

67

39

19

27

22

72

50

Matures

(%)

89

66

29

12

20

25

80

59

Minimum value

Midpoint value =

50 percentile

Deloitte Development, LLC “Devices, Consumption, and the Digital Landscape”, 2012

19

Maximum value


Half of tablet owners are currently employing their device in the work place, but few use it solely for work

Total tablet usage Tablets: personal/work overlap

Personal use:

93%

Personal only: 46%

Both personal and work: 47%

Work only: 7%

Work use:

54%

Q. TABLETS: Respondents using the tablet device for personal use, for work, or for both?

20

Deloitte Development, LLC “Devices, Consumption, and the Digital Landscape”, 2012



Mobile device forensics

Mobile devices and operating systems

• More than 3600 devices

• Multiple operating systems

• Often not backwards compatible


Mobile data types

• Application data

• Audio

• Bookmarks

• Calendar

• Call logs

• Chat

• Contacts

• Cookies

• Device information

• Device settings

• Device voicemail

• Email

23

• Files

• Locations

• Memory card content

• MMS

• Notes

• Pictures

• SMS

• Tasks

• Video

• Web history

• Wi-Fi history


Hierarchy of mobile forensics collections

• Physical — A physical collection of a mobile device, captures the physical device in its entirety. This is a bit for bit image of the data area of the mobile and allows the examiner to view the device’s unallocated space and recover deleted content in unallocated space

• Filesystem dump — A Filesystem Dump is a special variety of a Logical collection that captures everything on the physical device except unallocated space

• Logical — A Logical collection reads the data from the device and pulls it in to a report. The data collected will vary based on the capabilities of the device and vendor support

• Backup utility — Although using a Backup Utility such as iTunes or

Desktop Manager to collect a device is a last resort; a device backup will often produce data on par with a File system collection or at a minimum above a Logical collection


Data types from Physical, Filesystem and Logical

The ten most commonly desired data types are preserved in Physical,

Filesystem and Logical collections. This is of course dependent on the device capabilities and vendor support.

Data type

Audio

Calendar

Call logs

Contacts

Device information

Device voicemail

Email

Files

Memory card content

MMS

Notes

Pictures

Server voicemail

SIM card

SMS

Tasks

Video

P/F/L

P/F/L

P/F/L

P/F/L

P/F/L

P/F/L

N/A

F/L

P/F/L

P/F/L

P/F/L

P/F

P/F

P/F

P/F/L

P/F

P/F/L

In collection


25

Industry standard tools

• Current tools can be divided into software based tools and hardware based tools. No single tool covers all of the thousands of mobile devices. Hardware and software based solutions are needed to properly and efficiently perform collection and advanced data analysis.

• Tailor the tool to be used based on the make, model, and operating system of the mobile device being preserved.

Secondarily, the type of preservation Physical, Logical or

File System is selected based on the types of data of interest as well as the ability of the solution to extract that data.



Implications for in-house counsel

Discovery/incident response plan

• Identify device types in enterprise

• Know location of devices

• Understand mobile device back-ups


Investigations involving mobile devices

• Person to person communications (harassment)

• Personal email accounts (IP theft)

• Behavioral analysis (misuse of resources)

• Bank fraud (malware)

• VPN access to company network (hacking)

• Lost or stolen items — (PII)


Mobile device security policy

• Does your company provide clear direction to their end users on acceptable use?

• Some mobile device leading practices

– Encryption of device

– Anti-virus/malware scanning

– Backup procedures

– Acceptable usage policy


Mobile device asset tracking

• Device types

• Usage dates

• Physical location of devices

• Device usage

• Service provider account information


Q&A

About Deloitte

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu

Limited and its member firms. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting.


Member of Deloitte Touche Tohmatsu Limited

Mobile Devices in E-Discovery

Texas Lawyer’s

In-house Counsel Summit

Resolved: That Mobile Device

Discovery is Not Really Interesting

“Generally, the duty to preserve arises when a party has notice that the evidence is relevant to litigation or . . .should have known that the evidence may be relevant to future litigation .”

Related documents

Products

Support

Mobile Devices in E-Discovery

Texas Lawyer’s

In-house Counsel Summit

Resolved: That Mobile Device

Discovery is Not Really Interesting

“Generally, the duty to preserve arises when a party has notice that the evidence is relevant to litigation or . . .should have known that the evidence may be relevant to future litigation .”

Related documents

Add this document to collection(s)

Add this document to saved

Suggest us how to improve StudyLib