The conversations we have with others over the phone, in the lunchroom or someone’s office are all considered to be ephemeral. There is typically no trace of those conversations. Someone might attest to the fact that it happened, but unless it was recorded, it is gone. Some messaging apps for mobile devices offer features similar to the transient, in-person conversation that we have among ourselves. Those messages are encrypted and last for a short period of time (hence the term “ephemeral”). In other words, the old saying has been updated to “here today, gone in 30 seconds.”
While messaging apps like Signal, Wickr, Confide and Telegram have increased in popularity due in part to offering self-deleting messages, they have also created a quagmire between lawyers and judges as to whether there is a duty to preserve these interactions. The ability to forensically retrieve these messages is virtually impossible, as the messages both disappear and were never saved on company servers. In short, it creates an information governance firestorm.
There are two prevailing arguments regarding ephemeral messaging. The first argument holds that it is data that is created in the normal course of business, and therefore, there is a duty to preserve it. The argument sounds something like this: If a conversation about the relevant matter is made in writing because the custodians chose to converse in writing, it is therefore no different than e-mail or traditional text messaging in the duty to preserve. The second argument is that ephemeral messaging is no different than a telephone conversation or a colleague stepping into your office to have a conversation. The argument goes something like this: If there is no duty to record water cooler talk, why should there be a duty to preserve ephemeral messaging?
Before assessing these conflicting arguments, it is important to explain why we need to understand what ephemeral messaging is in the first place. Next, we will review facts and trends to illustrate the importance of ephemeral messaging. Finally, we will argue salient points leveraging recent case law on the topic.
Legitimate Use and Challenges for E-discovery
Facebook CEO, Mark Zuckerberg, has cited some of the reasons why ephemeral apps are becoming increasingly popular, stating that,”[P]eople are more cautious of having a permanent record of what they’ve shared.” However, this does not always work well inside the four walls of an organization.
Many might presuppose that data that is knowingly sent by an employee of an organization in the ordinary course of business on an ephemeral app to another employee might indicate some nefarious scheme at play. However, an article by the law firm Faegre Drinker Biddle & Reath, “The Rise of Ephemeral Messaging Apps in the Business World,” states, “[T]here are many legitimate reasons for a company to allow its employees to use ephemeral messaging apps. Today’s businesses generate so much data that any effort to reduce duplicative or unnecessary data is a compelling benefit.”
Besides the fact that these apps contradict essentially all corporate data retention and destruction policies, it also raises issues tied to e-discovery. An article published in Bloomberg Law highlights these issues saying, in part that, “[T]he use of ephemeral messaging has become a battleground in e-discovery disputes because potentially key communications often disappear by design — causing some judges to conclude that companies may be using the apps to hide potentially damaging behavior or actions.”
“Relevant Technology” and Data Retention
There is an express understanding that lawyers are competent when representing their clients. It seems rather odd that the ABA Model Rules of Responsibility needed to codify such an obvious statement, but alas, it is the fundamental foundation on which on which a lawyer builds their practice. In fact, in 2012, the ABA revised Comment 8 to state that to remain competent a lawyer must understand “relevant technology.” What does that mean exactly?
The ambiguity of the phrase “relevant technology” matches its explicit intent that a lawyer shall understand everything from cybersecurity and data protection controls to technology-assisted review to the potential dangers in ephemeral messaging. In fact, under Rule 1.6, we must protect the client’s confidential information. To satisfy that duty, we must be competent in relevant technologies to understand whether or not ephemeral messaging may pose a duty that would expose a client’s data. Without having the appropriate level of knowledge as to the technology, it is difficult to comprehend the impacts.
Related Read: Lawyers’ Professional Obligations in Regard to Legal Technology
While there are some cases about ephemeral messaging, there are two that are most notable. In the first, Herzig v. Arkansas Foundation for Medical Care, Inc., 2013 WL 2870106 (W.D. Ark. July 3, 2019), the Court found that the plaintiffs were nefariously using ephemeral applications to conceal pertinent communications tied to the litigation.
In the second case, Waymo LLC v. Uber Technologies Inc., 2018 WL 646701 (N.D. Cal. Jan. 30, 2018), the Court found that there was a legitimate business use for employees leveraging ephemeral apps in the ordinary course of business. The key here was that the parties were able to show legitimate business purposes that were not malicious or nefarious. It is standard knowledge that once a party knows or reasonably should know of anticipated litigation that the duty to preserve is triggered. Even in a slip and fall case where the fact pattern typically rises to the level of any complexity, if the defendant company’s employees then move from e-mail to ephemeral messaging apps, a reasonable person could easily deduce that the justification is to avoid preservation.
However, as noted above, there may be enterprise-level ephemeral messaging apps that are looking to instill confidence in the utilization of, and the continued practice of, using ephemeral apps that increase data protection and data privacy which do not take up data storage capacity and do not increase overall costs. To ensure that there is a level of confidence as well as defensibility, repeatability and an auditable policy trail, there should be organizational compliance around these apps included within updated document retention policies. As noted in a Law360 blog, “[I]f a company is unable to capture data from a particular messaging service, the company might consider implementing a formal policy requiring individuals using that messaging service to back up their own communications.”
For more information, contact Joy Long at [email protected] or 312.670.7444. Visit ORBA.com to learn more about our Law Firms and Lawyers Group.