Legal Updates

When a Forensic Exam of a Mobile Device May Be Warranted

Forensic Exam of a Mobile Device

With the evolution of technology, electronic communications -- particularly text messages -- can often provide a treasure trove of evidence. While requests for email communications and collections from hard drives and networks are standard in today’s litigation, a party’s text messages, and collections from mobile devices are oftentimes overlooked. A narrowly tailored motion to compel forensic exam can be a valuable discovery tool to analyze the data on a party’s mobile phone.

Foundation for Motion to Compel

The procedural foundation for the motion is grounded in Federal Rules 34 and 26(b). Under Federal Rule of Civil Procedure 34:

A party may serve on any other party a request within the scope of Rule 26(b)

(1)  to produce and permit the requesting party or its representative to inspect, copy, test or sample the following items in the responding party’s possession, custody, or control:

(A)  any designated documents or electronically stored information – including writings, drawings, graphs, charts, photographs, sound recordings, images, and other data or data compilations – stored in any medium from which information can be obtained either directly or, if necessary, after translation by the responding party into a reasonably usable form[.]

Federal Rule of Civil Procedure 26(b) defines the scope of permissible discovery as follows:

...Parties may obtain discovery regarding any nonprivileged matter that is relevant to any party’s claim or defense and proportional to the needs of the case, considering the importance of the issues at stake in the action, the amount in controversy, the parties’ relative access to relevant information, the parties’ resources, the importance of the discovery in resolving the issues, and whether the burden or expense of the proposed discovery outweighs its likely benefit….

In determining whether a motion to compel a forensic exam of a party’s phone should be granted, the court will evaluate whether the exam “will reveal information that is relevant to the claims and defenses in the case and whether such an examination is proportional to the needs of the case given the cell phone owner’s compelling privacy interest in the contents of his or her cell phone.” In other words, the otherwise expansive scope of discoverable evidence is tempered by the party’s privacy interest in the device.[1] Pable v. Chicago Transit Authority, No. 19 CV 7868, 2021 WL 4789023, *2 (N.D. Ill. April 2, 2021). For that reason, “the inquiring party must present at least some reliable information that the opposing party’s representations are misleading or substantively inaccurate.” Id.       

Pable v. Chicago Transit Authority

In Pable, plaintiff, a former employee of the Chicago Transit Authority (“CTA”), and his supervisor, discovered a flaw in an application used by the CTA to provide alerts and service information to its public transit users. Id. at *1. The flaw allegedly could have allowed unauthorized users to take control of the application and post unauthorized alerts on the system. Id. After plaintiff’s supervisor attempted to hack the CTA’s application to test plaintiff’s theory, an investigation by the CTA determined that plaintiff’s actions violated the rules, policies and procedures of the CTA, forcing plaintiff to resign in lieu of termination. Id.

During discovery, the CTA requested all of plaintiff’s communications with his supervisor about the allegedly flawed application. Id. Plaintiff imaged his phone and produced what he claimed to be all of its communications. Id. After receiving plaintiff’s production, the CTA filed a motion to compel to conduct a forensic examination of plaintiff’s phone. Id. The CTA was able to cast doubt on the completeness of plaintiff’s production by demonstrating that the amount of data produced by plaintiff reflected less than 1% of the storage capacity of the phone, and that it did not contain communications exchanged on third-party applications, internet browsing and/or search histories, audio or visual files, or any data associated with 151 of the 200 applications on the phone. Id. at *3.

Plaintiff argued that forcing him to produce his phone for a second image would have been an extraordinary remedy, that he already produced all of the communications from his phone, and that the CTA had failed to show that he had withheld any communications. Id. at *1.

The court granted the CTA’s motion to compel based on the following: (1) the original imaging was undertaken without any opportunity for input from the CTA as to the protocol undertaken for the imaging process; (2) the extremely small amount of plaintiff’s production; (3) that the discovery being sought – communications between plaintiff and his supervisor about the application – went to the heart of plaintiff’s claim; and (4) that plaintiff had no basis to invoke privacy concerns after he himself had already imaged the phone.

Conclusion

While the myriad red flags of plaintiff’s original production paved the way for CTA’s motion to compel in this case, the potential value of targeted discovery from any party’s mobile phone should not be discounted. In most cases, we’ve found that a non-forensic collection of a mobile device is adequate. However, when doubts creep in about the truthfulness and completeness of a mobile device production, a forensic image may be warranted.

              

DISCLAIMER: The information contained in this blog is not intended as legal advice or as an opinion on specific facts. For more information about these issues, please contact the author(s) of this blog or your existing LitSmart contact. The invitation to contact the author is not to be construed as a solicitation for legal work. Any new attorney/client relationship will be confirmed in writing.


[1] See Advisory Notes to Rule 34, “[i]nspection or testing of certain types of electronically stored information or of a responding party’s electronic information system may raise issues of confidentiality or privacy.”

Topics: Mobile Devices E-Discovery Best Practices Spoliation Preservation Collection KT LitSmart KTLitSmart LitSmart Litigation Best Practices Data Collection Data Collection Best Practices Data Identification Data Preservation Federal Rules of Civil Procedure

Subscribe to the E-Discovery Newsletter