I just edited a student law review article about discovery of social media content in which I despaired of the author’s failure to distinguish between the right to compel one’s opponent to make discovery from social media content versus the effort to directly access an opponent’s social media content.  To my mind, this is ground zero in the global conflict of social media discovery; and it’s a topic that evokes passionate–even combative–responses from people of all ages, particularly Gen-Xers and Millennials.   “Don’t f**k with my FaceBook” is their rallying cry.

I’m not too exercised about discovery of social media because I think the issues are simpler than we make them out to be.  When someone asks me, “Is social media discoverable?,” I answer, “Sure, in the same way potentially relevant, non-privileged and accessible ESI you store anywhere else is discoverable.”  It makes little difference whether a litigant stores potentially relevant, non-privileged information on a hard drive, server, thumb drive, floppy disk, Cloud VM or social media resource–or, for that matter, on a pressed, bleached and dried glob of pulverized pine tree.  The content of information is the principal determinant of its discoverability.  If relevant content is (a) not privileged, (b) reasonably accessible and (c) within a responding party’s care, custody or control, it’s discoverable.  There are exceptions,  but they don’t make Swiss cheese of the rule.

Sorry Marshall McLuhan, it’s not the medium, it’s the message.  

A demand to identify, search and produce from storage media is not the same thing as a demand for direct access to storage media.  This is a distinction lost on those who demand access to opponents’ hard drives without making provision to protect against disclosure of the commingled non-responsive, confidential and privileged data that also reside on the drive.  Likewise, I cringe when I hear of lawyers who demand an opponent’s Facebook log-in credentials with the blithe expectation that they will do their own inspection of the contents.

While the presence of commingled privileged content on a storage medium is sufficient justification by itself to deny direct access to the medium, the converse is not true; viz, because the contents of a storage medium aren’t privileged isn’t  alone sufficient cause to grant direct access to the medium.  You need more than just potential relevance of some of the contents of the container to compel direct access to an opponent’s storage media.  You need malfeasance by omission or commission.  That was true for desk drawers, warehouses and vaults; and it’s still true for hard drives, cloud storage and social media sites.  The responsibility to identify, preserve, search and produce social media content devolves primarily and exclusively upon the producing party until it can be shown that they can’t or won’t act competently or honestly to comply.

Case in point: If I’m defending a personal injury case where the plaintiff claims she is severely disabled and that her ability to enjoy life has been destroyed, I’m entitled to discover post-injury photos of her engaging in physically demanding activities or manifesting a gleeful mien at odds with her claimed despair.  That is, I can compel the plaintiff (and/or her counsel) to pore over her family albums and check her computer, external drives and digital camera media to find and produce such photos.  The fact that the plaintiff stores such photos in an online repository doesn’t diminish her duty, nor is she relieved of seeking responsive photos that others have made readily available to her via a social media connection to same, such as a posting to her Facebook wall.  If she can see it, she can produce it.

But as defense counsel, I don’t get to second-guess whether the plaintiff met her burden unless I can prove she didn’t.  I don’t get to ogle the photos in her family albums or fish around in her computer or camera.  Likewise, I don’t get to meander through the plaintiff’s online storage repositories, even if she let’s others do so.  For that level of access, I must first demonstrate that the legitimate ends of discovery cannot be achieved by reliance upon the plaintiff and her counsel.  I have to show the plaintiff and/or her counsel can’t or won’t meet their discovery obligations or that the plaintiff is behaving in a manner calculated to destroy or alter discoverable evidence.

When I make such a showing, the Court should nevertheless seek ways to protect the responding party’s legitimate interest in protecting commingled privileged and non-responsive content (e.g., by imposition of a sound inspection protocol, appointment of a neutral examiner or in camera inspection).  Unmitigated access to an opponent’s storage media should generally be reserved to its use as a sanction, whether we are talking about hard drives, online repositories or social media sites.

Further, there is a particularly off-putting risk I see in compelling an opponent to surrender access credentials–a hazard that should trigger a “be careful what you wish for” pause.  A person with log in credentials is a person who can make changes to the same extent as (and attributed to) the person whose credentials they hold.  I wouldn’t want to be the lawyer accused of adding, altering or deleting something on the plaintiff’s Facebook page using her credentials.  The potential for embarrassment or disqualification is huge; and even a tepid charge of tampering may derail a meritorious defense.  If you want a circus, go on and stick your head in that lion’s mouth!

For those instances where direct access is granted, perhaps what’s needed is a means of temporary credentialing that affords for logged “read only” access to social networking sites without ceding any ability to effect changes.  Simply “friending” an opponent is insufficient.  Friends can make changes to pages (not to mention the distasteful nature of being forced to publicly identify the person who did you wrong as a “friend” to your Facebook family).

I read a recent decision out of a federal court in Nevada called Thompson v. Autoliv ASP, Inc. where Magistrate Judge Ferenbach sought to balance concerns like those I’ve  touched on here.  His Honor did a quite good job in uncharted territory, so I hope my picking nits doesn’t suggest otherwise.  My first nit is that the Court’s order can be read to suggest that the Court granted broad access to the container, not the content.  I would have preferred the Court direct that the Plaintiff or her counsel produce all discoverable contents of the Plaintiff’s social media sites; that is, those bearing on specified relevant issues, such as the plaintiff’s physical activities, educational or employment  activities or sleeping habits.  I wish the order had more clearly distinguished the character of the content from the medium on which it resides.  Instead, the Court puts the burden on the plaintiff to exclude what’s not discoverable instead of to identify and produce what is discoverable.  That seems upside-down to me (unless, of course, the Court no longer trusts the ability of the Plaintiff to identify and produce responsive content).

In its order, the Court has plaintiff “upload onto an electronic storage device, all information from her Facebook and MySpace accounts, from April 27, 2007, to the present.”  The Court affords plaintiff the ability to redact content from the electronic storage device and I gather that the right to redact (which comes coupled with an obligation to furnish a log of anything redacted) extends to anything the plaintiff deems irrelevant.  The order adds: “Within ten (10) days from the entry of this order, Plaintiff shall provide Defendant’s counsel with the electronic storage device, and an index of redacted social networking site communications.”

I have two more nits to pick with this.  One is the practical challenge the plaintiff will face in getting all information from both accounts onto an electronic storage device.  Facebook offers only a limited capability to do so, and I don’t expect that MySpace’s capabilities are any better.  What will plaintiff’s counsel do?  License a social networking collection tool?  Grab screenshots?  How will the redaction be accomplished?

The last nit is the requirement that “the” electronic storage device be handed over to the defense.  Call me paranoid, but unless a sophisticated redaction technique is employed, gaining custody of the original storage media makes it possible for the defense to use computer forensics to access the redacted content.  Unethical?  It depends.  Certainly, such an end run around the judge wouldn’t make him happy.  But, I’d rather the order have made clear that a copy of the redacted contact be supplied, and not seem to require turnover of the original acquisition medium.  I’m confident the Court never gave this a thought, but it’s worthy of  consideration.  It’s just too easy to peek, and there are lawyers out there who let their client’s ends justify almost any means (I know nothing about the defense counsel in this case and do not mean to suggest anything untoward respecting their character or ethics).

State of the Art in Social Media Collection
The Thompson case is a apt segue to discuss how to collect the contents of social media resources and to search, process and redact it as we do other content in e-discovery.  This requires specialized tools purpose-built for the task.  There are a few such tools in the marketplace today (e.g., X1 Social Discovery, Nextpoint Cloud Preservation and Autonomy) and many more coming as social media collection and processing capabilities become routine features in existing and emerging ESI collection and processing tools.

I’ve been thinking about the features I’d want in a tool designed to capture and preserve social media content and came up with a list of ten core features I’d hope to see.  My list contemplates a world where collection of social networking content is geared to more than the occasional ad hoc collection from a handful of users.  I foresee the need to collect from dozens or hundreds of users as we now must sometimes do with e-mail.  Accordingly, the utility of some of the features I’d seek may not be immediately obvious; but be patient, you’ll need them soon enough:

1.Credentials management
This is an example of something that you won’t need for a few custodians but you’ll be happy you have if you need to collect from a hundred.  Credentials management means you can point the application to a list of custodians and credentials and it will automatically handle the log ins for all.
2. Customizable recursive collection; i.e., “spidering”
Social media sites rely heavily upon linked content, and those links lead to pages with more links.  If you followed every link to its deepest recursion, you’d end up with a copy of the Internet; so, there needs to be way to limit recursion and do so intelligently; i.e., vary recursion depth based upon customizable criteria.
3. Preserves in native forms with structure
Social media sites are not pages sitting out there in the ether.  At the risk of tiptoeing into the existential, when you don’t look at a social media site, it’s not there.  Every visit to a social media site triggers the generation of a report generated on-the-fly out of a huge database.  You see this report presented as a Facebook or Linked In page.  Without the structure imposed upon hundreds or thousands of page elements to make them look and work like a social networking site, much of the intelligibility and all of the functionality is gone.
4. Preserves application-specific metadata (API support)
Facebook data has its own unique complement of metadata that’s useful for assessing and authenticating the content.  It’s not all evidence or always evidence, but it should be preserved for those (often hard-to-anticipate) times when it is.
5. Hashes and time-stamps content
Because social networking content is so dynamic, proving that its temporal relevance and demonstrating its integrity, authenticity and completeness means bringing some of the same techniques to online content that we routinely use to authenticate data from local sources and systems.
6. Indexes, deduplicates and integrates content
Here again, think hundreds of social networking sites, not just one or two.  To facilitate cost-effective review and consistent assessment of responsiveness and privilege, we must apply the volume reduction techniques like those we use to manage e-mail and loose documents to large collections of social media content.
7.Robust, fielded searches (keywords-plus)
Remember: social media sites are databases.  Their contents are easier to work with when data is fielded (meaning not amassed as one undifferentiated text file but, instead, searchable by segments, as by poster, date of post, etc.).  As collections grow, we will want the sophistication of the search tools for social media to keep pace with those used for other forms of discoverable content.
8. Cross-custodian search and filtering, with privileges
The more users, the greater the need to customize the scope of searches to particular users, intervals, page segments, etc.  Plus, some collected information may be of a sensitive nature, requiring that only certain reviewers have access.  This concern will grow as private messaging migrates to social media  resources and supplants e-mail (already the case for younger Facebook users).
9. Great viewer (e.g., YouTube, streams, Flash)
If it can be experienced online, it’s going to embedded into the social media experience.  To see what the witnesses saw, you will need a rich media viewer capability far more robust than those currently employed in the current crop of e-discovery tools.
10. Legal export to common EDD review platforms
Social media discovery can’t live in its own bubble; it has to be part of the mainstream discovery workflow.  The ability integrate social media content into the broader collection, culling and review process will be an important consideration in the tools we select.

There are other features that come and go from my wish list like visual analytics, tagging, OCR and changed content alerts; but, these ten strike me as the essential framework of an efficient and effect product.