When a forensic examination of a mobile device may be warranted

0

With the evolution of technology, electronic communications – especially SMS – can often provide a treasure trove of evidence. While requests for email communications and collections from hard drives and networks are the norm in today’s litigation, party text messages and collections from mobile devices are often overlooked. A narrowly tailored query to compel a forensic examination can be a valuable discovery tool for analyzing data on a party’s mobile phone.

Foundation for the Motion for Restraint

The procedural basis for the motion is based on Federal Rules 34 and 26(b). Under Federal Rule of Civil Procedure 34:

A party may serve any other party with a request under Rule 26(b)

(1) to produce and permit the complaining party or its representative to inspect, copy, test or sample the following in the possession, custody or control of the defendant:

(A) any designated document or electronically stored information – including writings, drawings, charts, tables, photographs, sound recordings, images and other data or compilations of data – stored in any medium from which information can be obtained directly or , if necessary , after translation by the defendant into a reasonably usable form[.]

Federal Rule of Civil Procedure 26(b) defines the scope of authorized discovery as follows:

… The parties may obtain a discovery regarding any non-privileged matter which is relevant to any party’s claim or defense and proportionate to the needs of the case, having regard to the importance of the issues at stake in the action , the amount in dispute, the parties’ parent access to relevant information, the parties’ resources, the significance of the discovery in resolving the issues, and whether the burden or expense of the proposed discovery outweighs its likely benefits….

In determining whether a motion to compel a forensic examination of a party’s phone should be granted, the court will consider whether the examination “will reveal information relevant to the claims and defenses in the case and whether such examination is proportionate to the needs of the case given the mobile phone owner’s compelling interest in the privacy of the contents of their mobile phone. In other words, the otherwise wide scope of evidence that may be uncovered is tempered by the party’s privacy interest in the device.[1] Pable vs. Chicago Transit Authority, no. 19 CV 7868, 2021 WL 4789023, *2 (ND Ill. April 2, 2021). For this reason, “the complaining party must present at least reliable information indicating that the opposing party’s representations are misleading or materially inaccurate”. ID.

Pable vs. Chicago Transit Authority

In PicturePlaintiff, a former employee of the Chicago Transit Authority (“CTA”), and his supervisor, discovered a flaw in an application used by the CTA to provide alerts and service information to its transit users. ID. to 1. The flaw could have allowed unauthorized users to take control of the application and post unauthorized alerts on the system. ID. After Plaintiff’s supervisor attempted to hack into the CTA’s application to test Plaintiff’s theory, an investigation by the CTA determined that Plaintiff’s actions violated CTA’s rules, policies and procedures, forcing Plaintiff to resign instead of dismissal. ID.

During the discovery, the CTA requested all communications from the applicant with his supervisor regarding the allegedly defective application. Identifier. The plaintiff photographed his phone and produced what he claimed were all of his communications. ID. After receiving the plaintiff’s production, the CTA filed a motion to compel a forensic examination of the plaintiff’s phone. ID. The CTA was able to cast doubt on the completeness of the plaintiff’s production by demonstrating that the quantity of data produced by the plaintiff reflected less than 1% of the phone’s storage capacity, and that it did not contain communications exchanged on third-party applications, browsing and/or Internet search histories, audio or visual files, or any data associated with 151 of the 200 applications on the phone. ID. at 3.

The plaintiff argued that forcing him to produce his phone for a second image would have been an extraordinary remedy, that he had already produced all communications from his phone, and that the CTA had failed to demonstrate that he had withheld any communications. ID. to 1.

The court granted the OTC’s motion to compel based on the following: (1) the original imaging was undertaken without any opportunity for input from the OTC as to the protocol undertaken for the imaging process; (2) the extremely small amount of plaintiff’s production; (3) that the discovery sought – the communications between the applicant and his supervisor about the application – went to the heart of the applicant’s application; and (4) that the plaintiff had no reason to cite privacy concerns after he himself had already photographed the phone.

Conclusion

While the myriad of red flags from plaintiff’s original production paved the way for the CTA’s motion to compel in this case, the potential value of targeted discovery from any party’s mobile phone should not be ignored. In most cases, we have found that a non-forensic collection from a mobile device is adequate. However, when doubts creep in as to the veracity and completeness of a mobile device’s production, a forensic image may be warranted.

Share.

About Author

Comments are closed.