Endless E-Discovery & Digital Record Investigations

Electronic Data Forensics Meets Traffic Tickets


Subpoena for Cell Phone Text & Call History Records


Engadget reports that a motorist successfully stymied a drunk driving prosecution by demanding to see the source code for the breathalyzer used to determine he was drunk. This story is a specific example of a big phenomenon in our legal system, caused by technology.

Information technology begets ever-growing oceans of records (e-mail, text, SMS, cell phone, instant message, video/audio, meta data and more). Records are irresistible to a legal or automobile-insurance investigation. Any investigation naturally wants to delve into all the relevant records. The relevant records in a drunk driving case include even the source code of the breathalyzer used to determine the driver was drunk.

Click Here
In the old days the investigation of an automobile accident examined only physical and eyewitness evidence. Now, the investigation includes review of a vast new pool of evidence -- cell (mobile) phone records & call history, which may indicate whether a driver was talking, texting or web surfing on the phone at the time of the crash.

Investigations More Difficult

Net result: legal investigations and prosecutions grow ever more expensive and difficult to close. In any controversy, there are always more records to uncover, inspect and argue about. If you want to gum-up an investigation -- or legitimately shift its focus -- just subpoena or demand access to more relevant records. (But of course, any subpoena or other document demand should be rational and relevant to the investigation. A subpoena is a legal demand that someone turn over information or evidence. Commonly the laws of litigation enable a party to subpoena others for records. If a party abuses the power to subpoena, by demanding irrelevant records or by issuing a demand with no regard for the cost of compliance, a court may sanction the issuer of the subpoena.) Or employ computer forensics to search for all the deleted records or to find hidden connections among records.

Or, to further impede prosecutors, a defendant can allege that any incriminating electronic records are false because they were created by hacker or a virus. Such an allegation calls for deep forensic investigation. An Alabama CPA successfully employed the "virus defense" when tried for criminal tax evasion. Eugene Pitts persuaded a jury that the reason his tax returns were inaccurate this that a virus had infected his computer and the virus caused his tax preparation software to malfunction!

Corporate E-Discovery

In corporate lawsuits, e-mail records are so voluminous, and the e-discovery of them so expensive, that e-discovery becomes a litigation weapon in and of itself, where one party bullies another into settling just so it can avoid the costs of digging through mountains of e-mail. See, Chris Mondics, "Ediscovery profoundly changing lawyering: But some say rules for e-mail and other digital data don't serve justice," Philadelphia Inquirer, June 8, 2008.

To quote CSO Magazine: "Fraud investigators are struggling to cope with vast quantities of data sent to them by financial institutions, meaning some crimes may go uninvestigated or even unnoticed."

Update: When parents of girls with eating disorders sued a health insurer, the insurer demanded e-discovery access to the girls' massive blog, e-mail, social-networking and text message records (OMG!). The insurer said it was entitled to examine these records to ascertain whether the disorders were biological or psychological.

Please turn to my other post on e-discovery, in which I argue firms can employ technology creatively to transform e-records from a liability to an asset.

--, instructor at SANS Institute, teaching eDiscovery and eInvestigations Law.