I just edited a student law review article about discovery of social media content in which I despaired of the author’s failure to distinguish between the right to compel one’s opponent to make discovery from social media content versus the effort to directly access an opponent’s social media content. To my mind, this is ground zero in the global conflict of social media discovery; and it’s a topic that evokes passionate–even combative–responses from people of all ages, particularly Gen-Xers and Millennials. “Don’t f**k with my FaceBook” is their rallying cry.
I’m not too exercised about discovery of social media because I think the issues are simpler than we make them out to be. When someone asks me, “Is social media discoverable?,” I answer, “Sure, in the same way potentially relevant, non-privileged and accessible ESI you store anywhere else is discoverable.” It makes little difference whether a litigant stores potentially relevant, non-privileged information on a hard drive, server, thumb drive, floppy disk, Cloud VM or social media resource–or, for that matter, on a pressed, bleached and dried glob of pulverized pine tree. The content of information is the principal determinant of its discoverability. If relevant content is (a) not privileged, (b) reasonably accessible and (c) within a responding party’s care, custody or control, it’s discoverable. There are exceptions, but they don’t make Swiss cheese of the rule.
Sorry Marshall McLuhan, it’s not the medium, it’s the message.
A demand to identify, search and produce from storage media is not the same thing as a demand for direct access to storage media. This is a distinction lost on those who demand access to opponents’ hard drives without making provision to protect against disclosure of the commingled non-responsive, confidential and privileged data that also reside on the drive. Likewise, I cringe when I hear of lawyers who demand an opponent’s Facebook log-in credentials with the blithe expectation that they will do their own inspection of the contents.
While the presence of commingled privileged content on a storage medium is sufficient justification by itself to deny direct access to the medium, the converse is not true; viz, because the contents of a storage medium aren’t privileged isn’t alone sufficient cause to grant direct access to the medium. You need more than just potential relevance of some of the contents of the container to compel direct access to an opponent’s storage media. You need malfeasance by omission or commission. That was true for desk drawers, warehouses and vaults; and it’s still true for hard drives, cloud storage and social media sites. The responsibility to identify, preserve, search and produce social media content devolves primarily and exclusively upon the producing party until it can be shown that they can’t or won’t act competently or honestly to comply.
Case in point: If I’m defending a personal injury case where the plaintiff claims she is severely disabled and that her ability to enjoy life has been destroyed, I’m entitled to discover post-injury photos of her engaging in physically demanding activities or manifesting a gleeful mien at odds with her claimed despair. That is, I can compel the plaintiff (and/or her counsel) to pore over her family albums and check her computer, external drives and digital camera media to find and produce such photos. The fact that the plaintiff stores such photos in an online repository doesn’t diminish her duty, nor is she relieved of seeking responsive photos that others have made readily available to her via a social media connection to same, such as a posting to her Facebook wall. If she can see it, she can produce it.
But as defense counsel, I don’t get to second-guess whether the plaintiff met her burden unless I can prove she didn’t. I don’t get to ogle the photos in her family albums or fish around in her computer or camera. Likewise, I don’t get to meander through the plaintiff’s online storage repositories, even if she let’s others do so. For that level of access, I must first demonstrate that the legitimate ends of discovery cannot be achieved by reliance upon the plaintiff and her counsel. I have to show the plaintiff and/or her counsel can’t or won’t meet their discovery obligations or that the plaintiff is behaving in a manner calculated to destroy or alter discoverable evidence.
When I make such a showing, the Court should nevertheless seek ways to protect the responding party’s legitimate interest in protecting commingled privileged and non-responsive content (e.g., by imposition of a sound inspection protocol, appointment of a neutral examiner or in camera inspection). Unmitigated access to an opponent’s storage media should generally be reserved to its use as a sanction, whether we are talking about hard drives, online repositories or social media sites.
Further, there is a particularly off-putting risk I see in compelling an opponent to surrender access credentials–a hazard that should trigger a “be careful what you wish for” pause. A person with log in credentials is a person who can make changes to the same extent as (and attributed to) the person whose credentials they hold. I wouldn’t want to be the lawyer accused of adding, altering or deleting something on the plaintiff’s Facebook page using her credentials. The potential for embarrassment or disqualification is huge; and even a tepid charge of tampering may derail a meritorious defense. If you want a circus, go on and stick your head in that lion’s mouth!
For those instances where direct access is granted, perhaps what’s needed is a means of temporary credentialing that affords for logged “read only” access to social networking sites without ceding any ability to effect changes. Simply “friending” an opponent is insufficient. Friends can make changes to pages (not to mention the distasteful nature of being forced to publicly identify the person who did you wrong as a “friend” to your Facebook family).
I read a recent decision out of a federal court in Nevada called Thompson v. Autoliv ASP, Inc. where Magistrate Judge Ferenbach sought to balance concerns like those I’ve touched on here. His Honor did a quite good job in uncharted territory, so I hope my picking nits doesn’t suggest otherwise. My first nit is that the Court’s order can be read to suggest that the Court granted broad access to the container, not the content. I would have preferred the Court direct that the Plaintiff or her counsel produce all discoverable contents of the Plaintiff’s social media sites; that is, those bearing on specified relevant issues, such as the plaintiff’s physical activities, educational or employment activities or sleeping habits. I wish the order had more clearly distinguished the character of the content from the medium on which it resides. Instead, the Court puts the burden on the plaintiff to exclude what’s not discoverable instead of to identify and produce what is discoverable. That seems upside-down to me (unless, of course, the Court no longer trusts the ability of the Plaintiff to identify and produce responsive content).
In its order, the Court has plaintiff “upload onto an electronic storage device, all information from her Facebook and MySpace accounts, from April 27, 2007, to the present.” The Court affords plaintiff the ability to redact content from the electronic storage device and I gather that the right to redact (which comes coupled with an obligation to furnish a log of anything redacted) extends to anything the plaintiff deems irrelevant. The order adds: “Within ten (10) days from the entry of this order, Plaintiff shall provide Defendant’s counsel with the electronic storage device, and an index of redacted social networking site communications.”
I have two more nits to pick with this. One is the practical challenge the plaintiff will face in getting all information from both accounts onto an electronic storage device. Facebook offers only a limited capability to do so, and I don’t expect that MySpace’s capabilities are any better. What will plaintiff’s counsel do? License a social networking collection tool? Grab screenshots? How will the redaction be accomplished?
The last nit is the requirement that “the” electronic storage device be handed over to the defense. Call me paranoid, but unless a sophisticated redaction technique is employed, gaining custody of the original storage media makes it possible for the defense to use computer forensics to access the redacted content. Unethical? It depends. Certainly, such an end run around the judge wouldn’t make him happy. But, I’d rather the order have made clear that a copy of the redacted contact be supplied, and not seem to require turnover of the original acquisition medium. I’m confident the Court never gave this a thought, but it’s worthy of consideration. It’s just too easy to peek, and there are lawyers out there who let their client’s ends justify almost any means (I know nothing about the defense counsel in this case and do not mean to suggest anything untoward respecting their character or ethics).
State of the Art in Social Media Collection
The Thompson case is a apt segue to discuss how to collect the contents of social media resources and to search, process and redact it as we do other content in e-discovery. This requires specialized tools purpose-built for the task. There are a few such tools in the marketplace today (e.g., X1 Social Discovery, Nextpoint Cloud Preservation and Autonomy) and many more coming as social media collection and processing capabilities become routine features in existing and emerging ESI collection and processing tools.
I’ve been thinking about the features I’d want in a tool designed to capture and preserve social media content and came up with a list of ten core features I’d hope to see. My list contemplates a world where collection of social networking content is geared to more than the occasional ad hoc collection from a handful of users. I foresee the need to collect from dozens or hundreds of users as we now must sometimes do with e-mail. Accordingly, the utility of some of the features I’d seek may not be immediately obvious; but be patient, you’ll need them soon enough:
There are other features that come and go from my wish list like visual analytics, tagging, OCR and changed content alerts; but, these ten strike me as the essential framework of an efficient and effect product.
Pingback: The Many Faces of Mike McBride » Blog Archive » Links (weekly)
Marc Yu said:
I’m uncertain having such software is legally feasible. The second the account is accessed externally, the metadata on the server which houses the user’s account information is immediately compromised. In this case, the social media entity (e.g. Facebook or whoever houses its servers) is the custodian of the evidence, not the account holder. So any evidentiary data expedition must be performed by the custodian, which the only entity able to obtain the information requested without spoiliation. Of course, I think 2 things need to happen beforehand: a court-ordered injunction barring any further modifications by the user on his/her account, and a subpoena for the user’s account records from the social media entity.
Craig Ball said:
Thank you for the comment, Mr. Yu; but, while I don’t offer legal advice here, I regret I can’t agree with yours.
The role of custodian has no precise definition in the law as I know it. Accordingly, in defining the role of custodian, I would tend to look to the Federal Rules of Civil Procedure, which (in Rule 26 et al.) speak in terms of the obligation to produce information within a party’s “possession, custody or control.” if the person bound to preserve the account contents is the account holder (or the account holder’s permissive user), then such a “custodian” has the requisite “control” to bear the obligation to preserve, legally and practically.
Courts have expressly rejected claims by account holders that they have no duty with respect to data held for them by third-parties, again on the basis that they had a de facto, practical right to control the content. As we say here in Texas, “that dog don’t hunt.”
Another practical reason why a subpoena served on FaceBook is a poor approach is the fact that Facebook generally takes no action in response to subpoenas in civil cases, relying upon the Stored Communication Act as the basis to resist same. Going the route you promote engenders expense, delay and, ultimately, frustration without benefit.
Your suggestion that any alteration of data is spoliation is simply not supported in the case law. Preservation of certain dynamic sources of evidence (e.g., cell phones, RAM, online content), may necessarily entail some incidental alteration of metadata or content. It’s little appreciated, but change occurs even when one makes a forensically-sound, write-blocked bitstream of a hard drive (because the hard drive records SMART values that may change anytime the drive spins up, even with a write blocker attached). Why do you believe that the manner in which Facebook secures the contents of a user’s account doesn’t effect incidental alteration of account metadata? Of course it does, if only in their own logs!
Alteration is not always spoliation. It’s certainly not spoliation if the change is understood, obligatory and immaterial (in the sense that it doesn’t alter the probative content or impair the integrity of the evidence).
Finally, an injunction telling a user not to log in and change an account is insufficient to forestall change in the account content. A Facebook account is a record in a dynamic database. It doesn’t exist as a page until the database is interrogated (as by a visit) and the page is assembled on-the-fly. Since Friends, Facebook (and advertisers) can change the record, the user’s restraint is only one piece of the preservation puzzle.
Thanks for the comment. It raised some interesting issues. I hope you’re not offended by my seeking to set them straight (at least as I see it).