eDiscovery in SA - Is Social Media relevant to eDiscovery?

The simple answer is a resounding YES! eDiscovery does not begin and end with emails, their attachments and electronic documents - ANY form of communication is “discoverable”. Social Media platforms are precisely that - vehicles for communications between people and they are therefore discoverable - even emoji’s or emoticons. 

OK, so that question answered, is that the end of this post? It is not because the whole aspect of Social Media in terms of discovery for litigation, investigations, competition cases and, of course criminal investigations is a huge, huge topic - arguably one of the biggest in our industry at the present time. What makes it such a big topic is questions surrounding privacy and the practicalities of how Social Media communications can be collected and reviewed. Just to emphasise the point I can tell you that in the US alone there were almost 10,000 published cases concerning Social Media in 2016. There is so much written about this topic across the world by people far better qualified than I am and I encourage you to read some of the available material. My purpose here is to make lawyers, corporations and institutions in South Africa more aware of some of the issues concerning Social Media when it comes to discovery matters. 

The starting point, as I say is that such communications are discoverable and I want to keep this post to some of the practicalities of dealing with that. Because these communications are discoverable, does not in itself, mean that you can have “carte blanche” access to people’s Social Media accounts. However, what many people simply do not realise is that many of their Social Media communications are not at all private - they are in the public domain like it or not. Actions that you take on Social Media such as “friends”, tags, likes, comments, shares etc. all become part of the public domain and if you don’t believe that try examples via Google to see what individuals have been doing or saying. There are exceptions, e.g Whats App communications that are encrypted and I will come back to that later but as a lawyer or employer involved in litigation and investigations, ask yourselves if you are including Social Media communications in your quest for discovery. Remember that there is a duty to make reasonable search and if you ignore these communications then I contend that it is, at the very least, arguable that you are not fulfilling that duty. 

In previous posts I have commented that it is not sufficient simply to look at the email accounts or electronic documents stored on the PC or laptop used by a potential custodian as well as the company’s servers. What about the mobile devices the person uses? Well, your first thought may be that they are private and therefore you have no right. Is that true? We live in an age of BYOD (bring your own device), particularly common in SA, whereby an employee’s personal mobile device is used for company business with the company reimbursing simply for that business use. Does that give the employer the right to investigate the device in the event of a case? I do not believe that there is any specific legislation dealing with Social Media communications but there are numerous references to it via, inter alia, employment laws, consumer protection, and of course case law.

Let us look at the employment situation briefly: 

If an employer provides a device for company use and the employee also uses that for private communications what happens if and when the employer needs to investigate that device for an investigation or litigation? I would say that the employer “owns” all communications on that device and therefore does have the right, subject to Data Protection and Privacy laws. However, if the device belongs to the individual the subject of “ownership” of communications becomes “murky” at best. Many of these problems are solved by suitable clauses in employment contracts and employers having documented and distributed policies relating to devices, private communications and Social Media generally. If employers do not have these, then they would have to rely upon the agreement of the employee, in the event of an investigation etc. or a Court Order. Can a Court Order be easily obtained? I would say that you would have to have reasonable grounds, with supporting evidence to stand any chance at all as you cannot simply embark on a “fishing expedition”. Furthermore, it is difficult, if not impossible, to have a Court Order compelling the provider, e.g. Facebook to allow access to a person's account if that person has refused to grant access willingly. Remember also that just because a communication is made on a Social Media platform or via a personal email account does not necessarily mean that it is “private” within the meaning of Data Protection and Privacy laws.

Prevention is better than cure and therefore lawyers should be advising their corporate clients to cover all of this as I have mentioned above, as part of employment contracts and internal policies.  This would help, but not guarantee, access to devices and their contents. 

Discovery and Social Media

Given all of the outlined problems how can we deal with discovery of Social Media communications? Forensic collections of data on PC’s, laptops, iPads, and cellphones etc. will capture what exists on that device, including Social Media communications, and may even capture some deleted communications. When a Social Media communication is deleted from the device a “trace” is left behind and experts involved in cyber forensics can recover some or all of those messages you thought were deleted. It will not however, give access to that person’s Social Media account without that person’s consent and password. In other words, you would be able to see what is there but not what is on that account but may have been entered via another device e.g at an Internet cafe. This leads me to come back to my earlier comment concerning Whats App and its end to end encryption.  Whats App says that “… only you and the person you’re communicating with can read what is sent, and nobody in between, not even WhatsApp…”. Interesting move and to my cynical mind, it says “so there, no point in requesting a Court Order against us because we can’t see these communications either”.  Of course, as I have previously stated if these communications are still on the device or have been deleted then they can be found anyway. Furthermore, you should remember that if you are using Apple products then, on back up, communications are stored in your iCloud account and therefore simply deleting from the device does not mean there is no trace. 

Earlier I said that we all must remember that our Social media actions are often in the public domain and can be found with or without access to the account and the password. If we can see these communications we have to deal with their authenticity and then discover them if necessary. One way is a screen shot but that action has not found favour in some US courts as being defensible. You may be surprised to know that there are numerous software programmes or applications which can handle this. Perhaps the best known is X1 Social Discovery, which I would say is the brand leader - and they say that it is “… the industry-leading solution for anyone who needs to collect and search data from social networks and the internet….” . I have seen a demo of this product and it really is fantastic. It captures Social Media communications AND web based mail such as Gmail etc. via the Internet. It collects data in its native format, produces a workflow, is searchable and because it preserves metadata, is defensible. It is very widely used, particularly in the US by law firms and service providers alike - my information is that more than 200 law firms and 500 service providers in the US have this product in-house. As I say, it is not the only solution out there and I mention it merely as an example of what is available.

I recall being involved in an employment matter some years ago when our forensic experts discovered that an ex-employee, when emailing pricing to potential clients was including himself by way of bcc using his private email address e.g. Gmail or Hotmail or Yahoo Mail. By capturing the metadata we could see this was happening but we could not of course see what actions he was taking on his private email account (using a different device) as far as these potential clients were concerned. As it happens, what we found was sufficient for our client's purposes in an action against him but as I said this was some time ago. Nowadays we can go further than that and it is possible to investigate web based email systems as I have mentioned in the previous paragraph.

In summary:-

  1. Remember that much of what we do on Social Media is not private but public
  2. Remember that content, even deleted, may still be seen on our devices 
  3. As an employer, re-visit employment terms and Social Media policies and remember BYOD!
  4. As a lawyer advise your clients accordingly as per 3. above!
  5. In litigation, remember that it is your duty to make a reasonable search and this includes Social Media

As usual I will close by reminding all that obtaining the services of a Consultant and a good service provider at the earliest possible stage will markedly assist in this ever growing area of global communications and, by the way, this includes photos and videos!!!

Please contact me for more information or advice and assistance.