Smartphones and tablets have radically transformed the practice of law in recent years. People are using their mobile devices more frequently today for both business and their personal lives than ever before. However, for many litigators, mobile device discovery remains an unexplored frontier. The proliferation of smartphones and tablets has changed the face of a party’s electronic discovery obligations. Mobile device data can provide critical evidence in various practice areas.
Like any evidence, the starting point to determine whether to collect mobile device data is assessing the potential relevance of the data in light of the facts of your case. Typically, smartphones and tablets can store Short Message Service (SMS) and Multimedia Messaging Service (MMS) data, also known as text messages. The devices also store contacts/phone books, call history, memos/notes, calendars/date books, task lists, voicemail, e-mail, pictures, video and audio files, and application data. Additional data can be stored on a Secure Digital (SD) or microSD media cards. Media cards are typically used for overflow storage of photos, but can also save documents, audio/video and other types of files. The highest volume of mobile phone data collection is generated by routine corporate discovery of text messages. This is an inevitable consequence of text messaging supplanting e-mails as a primary means of business communication for many smartphone users. How a party’s employees and/or representatives use their mobile devices will determine the value of collecting that party’s mobile device data. A forensic analyst should be retained to ensure your collection of mobile device data is thorough and complete.
There are three commonly used mobile device collection programs by forensic analysts. They are Cellebrite, Mobile Phone Examiner, and Oxygen Forensic. Unfortunately, there are still technical limitations on mobile device data collection even with these programs. The forensic collection program must be able to “support” the phone or tablet it is analyzing in order to copy data from it. The data collection process can be hampered or slowed until a software manufacturer issues an update to their programs when data from newer smartphones or tablets is being collected. Most of the forensic collection programs also do not support older mobile devices since the software manufacturers determined it was not feasible or profitable to invest the time and expense to write software for what they considered to be outdated or obsolete devices. One other issue with the forensic collection programs is being able to copy some, but not all of the available data. The most significant example of this is the iPhone. The Apple iOS has a built-in file system encryption that limits what data types can be copied. Most notably, the inaccessible data on the iPhone includes e-mail and deleted photos. However, we can expect that as the mobile device technology advances, so will the forensic collection programs.
One of the unique challenges of mobile device discovery is the risk of inadvertent spoliation. Older model mobile phones have small storage capacity and as a result, data is routinely overwritten with normal usage. For example, moderate text messaging can fill up all the available SMS space in just a few weeks. Even less storage space is allocated to other types of data like call history. Once the storage space is filled, the device will automatically overwrite the space with new data. The risk of spoliation is lower with smartphones, but even the latest model smartphone has far less storage capacity than a computer.
Another challenge of mobile device discovery is the issue of ownership and control in a “bring your own device” to work world. Many companies allow employees to use their personal devices for business communications without addressing the ramifications for e-discovery in a “bring your own device” policy issued by the company. In fact, there are many companies that do not even have a “bring your own device” policy in place. Co-mingling personal and business communications obviously raises privacy issues that should be addressed in a “bring your own device” policy at work.
Data collected from smartphones and tablets is already critical in many cases, and it is only going to continue to grow in importance as more and more people use their mobile devices for both business and personal applications. Understanding the legal and technical underpinnings of mobile device discovery is vital in an e-discovery world.