Instant (& Text) Message e-Discovery & Record Retention


Text Message Data Forensics


Cell & Mobile Phone Text/Chat Records


Archival, Destruction & Spoliation Law


Some large corporations are coming to rely heavily on instant messaging (IM). My humble prediction is that they will eventually find themselves needing to retain IM (including video/audio) and text records the same as they do e-mail records.

Today I am not aware of a judicial decision punishing an enterprise for failing to store (or for being unable to find) IM records, but the cases will eventually come. [UPDATE: I wrote the immediately foregoing sentence in 2008.  I have now found a case on corporate text messages.] Litigants will seek access to IM records under the e-discovery provisions of the rules of civil procedure.

IM records are already being created, though corporate IT departments may not be storing them centrally. Users' PCs are creating those records. Cell phones are storing those records, and services like Apple's MobileMe are replicating them across all the user's synched-up devices (phone, desktop, laptop, iPod). And, the latest operating systems such as Vista and Apple's Leopard automatically make shadow copies of everything on a PC's hard drive, which includes IM logs. Computer forensics can recover these records, even after they have been deleted.

Central Storage

Eventually, corporations will come to believe they are wise to store all IM records centrally. (The same can be said for Twitter tweets and social networking messages, to the extent they are used to transact business.) When those records are demanded as part of e-discovery (or as part of an internal fraud investigation), an enterprise prefers to sift through centrally-managed records than to search for local records on individual PCs.

Click Here
Some will take the attitude that if IM records are discoverable, then IM should be banned from the enterprise. I disagree with that attitude. If tools like e-mail and IM are helping people be productive, then those tools should be available for use.

All digital tools (PCs, smart phones, e-mail, IM etc.) create records that are discoverable in litigation. For example, phone text messages are providing investigators a treasure trove of evidence in sex abuse cases.

Cases

In several criminal cases prosecutors have successfully subpoenaed text messages from devices like smart cell phones. "Police Blotter: Armed robbers nabbed through text messages".

In connection with lawsuits involving political protests organized by text message, the City of New York has subpoenaed the records of the MIT student who created the "TXTmob" text messaging service. The city seeks records showing message content and user identity.

The quantity of records grows much, much bigger every day. This reality is something to which any enterprise should become accustomed.

Rather than trying to prevent the creation of records, which is a futile undertaking, an enterprise is wiser to look for ways to understand and exploit its ever-growing ocean of records. In litigation (and elsewhere) voluminous records can be used to advantage.

Update 2011:  Forensics to recover texts and photos deleted from mobile devices.

--Benjamin Wright

Attorney Wright teaches the law of eDiscovery and e-record retention at the SANS Institute.

Interested in text message privacy? See my article on employer privacy disclaimers.