Managing and Collecting Social Media for eDiscovery
Discovery Digest – Q3 2013
By Lauren A. Allen, J.D., PMP; and Michael C. Wylie, J.D.
Understanding the fundamentals of social networking services, the tools for managing, collecting, and authenticating information they contain, and the way to scope collection efforts can help organizations avoid evidentiary and authentication pitfalls.
Social networking services (SNS) are now an entrenched form of business and personal communication that requires the attention of records and information management (RIM) professionals and attorneys.
As described by U.S. Magistrate Judge Kristin Mix (District of Colorado) in “Discovery of Social Media” in "The Federal Courts Law Review", Vol. 5, Issue 2, "social media" includes [internal citations omitted] “’web-based services that allow individuals to (1) construct a public or semi-public profile within a bounded system, (2) articulate a list of other users with whom they share a connection, and (3) view and traverse their list of connections and those made by others within the system.’”
This description includes the current array of "SNS types": blogs, micro-blogs, wikis, web, video sites and other new and evolving methods, as well as the most commonly used SNS: Twitter, Facebook, Google+, LinkedIn, Pinterest, YouTube, and Foursquare.
Ubiquity of social media
Organizations, both public and private, are embracing SNS.
In the private sector, a benchmark report from social media management company Spredfast, "Q2 2012 Social Engagement Index", indicates that companies average 29 internal users of 51 accounts across an average of three SNS.
In an example from the public sector, as listed on the U.S. Navy’s "Social Media Directory", some 672 organizations within the Navy alone have one or more SNS presence.
Numbers for SNS use by individuals are no less staggering. For example, in the October 4, 2012 online "Newsroom", Facebook founder and CEO Mark Zuckerberg headlined a posting with “One Billion People on Facebook.”
Similarly, according to Nielsen’s "State of the Media: The Social Media Report 2012" the total number of minutes spent on SNS by users on mobile and PC devices increased 21% between July 2011 and July 2012.
Legal implications of social media
With the rise in personal and professional use of SNS, RIM professionals and attorneys are increasingly required to address social media in both compliance and litigation. But, because social media evolved quickly – and to a large extent is still evolving – and because it is hosted in the amorphous cloud, these professionals are often unaware which properties of social media information are valuable as evidence.
As a result, organizations, attorneys, courts, and regulators are all grappling with the legal and practical implications of retaining, collecting, managing, and presenting social media information in a litigation context.
U.S. Courts, Agency Provide Guidance
According to a blog and its lists published on the website of X1 Discovery, an eDiscovery and enterprise search solutions provider, more than 900 court cases in the past two years addressed evidence from SNS. Cumulatively, these cases leave little doubt that the standard discovery framework - and resulting records management requirements - apply to social media in the same way they apply to myriad other electronic evidence.
Similarly, "The Sedona Conference® Primer on Social Media", published in December 2012, notes that the U.S. Financial Industry Regulatory Authority, Securities and Exchange Commission, Federal Trade Commission, and Food and Drug Administration have all issued guidance on social media use in their respective regulated industries.
Keys for managing social media
Social media, like cloud-based e-mail and network infrastructure solutions, presents unique challenges in terms of monitoring, collecting, and managing the information as it resides on third-party network infrastructure and outside an end user’s or organization’s control.
To effectively manage social media information and ensure that organizations remain in compliance with their obligations during discovery, attorneys and records managers need to:
- Understand the types of information available from social media sources and determine what information is possibly relevant for monitoring and collection
- Identify where to get the relevant information when it is necessary
- Determine how secure the relevant social media is
- Select an appropriate collection or monitoring tool based on the return on investment – i.e., balance the value of retrieving or maintaining the information with the cost of collecting or maintaining it in a particular manner.
Understand types of SNS information
The most basic requirements of RIM professionals and attorneys are to understand the information available via social media and how such information can be relevant.
The potentially discoverable data types on SNS are the same as on other web pages. Social media’s evidentiary value stems from the fact that that the data originates with users, and it is arranged based on interactions between users.
User activity on general purpose SNS, such as Facebook and Google+, falls within four categories: profile pages, posts, tags, and private messages. While many of the services use varying nomenclature for features, they have substantially similar functionality.
In her article, “Understanding and Authenticating Evidence from Social Networking Sites,” in the Winter 2012 issue of Washington Journal of Law, Technology & Arts, Heather Griffith provides a short but straightforward description of social media interaction on Facebook and MySpace. More detailed descriptions can be found in Mix’s article and in detailed help information written by individual SNS providers.
Identify where to collect social media
In a civil context, the level of information any monitoring or collection tool can reach is constrained by the type or level of access an attorney or records manager has to a target account. Therefore, the second requirement in collecting social media is determining the pathway that allows the collection of the greatest amount of information.
Because social media is hosted on geographically diverse servers and often uses cloud technology, there are effectively four potential sources for social media: the social media provider, the account holder, third-party access, and indirect access.
Most SNS providers claim they are prohibited under U.S. federal law, specifically the Stored Communications Act, from disclosing user content in response to a civil subpoena (See addendum “The U.S. Legal Framework for Social Media in Court.”) While providers are not prohibited from providing basic user information in civil litigation, the SNS providers’ claim means that options for lawyers and RIM professionals to access social media content are limited to access as an account holder, third-party access, or indirect access.
Account holder access: Access as an account holder requires that a user, adverse party, or agent accesses a social media site via the user’s profile username and password or other means of identity verification. With respect to discovery of a non-business account, there are only two ways to get direct access through the account holder in a civil case—through an agreement with an opposing party, or by court order.
Barring evidence of spoliation, a court is unlikely to order a user to hand over access information to an entire profile or account. However, by limiting the scope of the information requested and by using appropriate software or methods, attorneys may be able to convince the court or opposing counsel that the request is relevant and reasonable.
An employment relationship may create additional methods of account holder access to an account. For instance, an account may be a business account to which the employer has access through a second employee or to which an employer has direct access under terms of an employment contract.
In some states, an employer may also require social media access information as a prerequisite to employment. However, according to the National Conference of State Legislatures online posting “Employer Access to Social Media Usernames and Passwords,” six states (California, Delaware, Illinois, Maryland, Michigan, and New Jersey) have banned this practice. Note also that, as illustrated in the case of "PhoneDog v. Kravitz", 2011 U.S. Dist. LEXIS 129229 (N.D. Cal. Nov. 8, 2011), the line between employer-owned and employee-owned accounts can be extremely fine.
Third-party, indirect access: Third party-access and indirect access are less preferred methods of access because, regardless of the collection or monitoring tool used, a target user may restrict information from view through the use of security or privacy settings. Third-party access is using a third-party account to view and collect data from a target user’s profile. Note that this method raises a number of ethical concerns not addressed here.
Indirect access consists of access via a web search.
Determine security of social media
Security issues related to SNS encompass a number of factors that courts have discussed in deciding the authentication issue. Foremost among these are the availability of user-level security or privacy settings and user’s application of such settings.
Other issues discussed by courts include account password protection, multiple users’ access of a single account, past hacking events, and the security of the computer and network used to access the information.
Obviously, these factors vary by SNS and in many cases will also vary by user, but generally the more secure the information, the easier to authenticate.
Select collection or monitoring tool
Once the extent of availability of social media data is understood, RIM professionals and attorneys must assess the benefits and limitations of approaches to collecting it. Perhaps the most pressing issue in making such a decision is weighing the return on investment in terms of evidence quality and ease of authentication of using more expensive means.
When it comes to monitoring and collecting social media, organizations have multiple tools at their disposal. These solutions range from simple to complex, and costs tend to rise proportionally with the level of information the tool can deliver. Options for monitoring and collecting fall into the categories of screen capture, archiving solutions, and forensic software.
Screen capture: The lowest-tech solution for addressing social media is simple screen capture. As it sounds, this method captures text and images on a SNS and saves them in a static hard copy or electronic image format. This is an extremely low-cost method of saving information, which maintains the visual relationships between data but not hyperlinks or relational references between pages.
As indicated by "The Sedona Conference® Social Media Primer", simply printing out social media site data could result in an incomplete and inaccurate data capture that is hard to authenticate, except on the basis of the personal knowledge of a witness.
Archiving solutions: Archiving solutions are software designed to target primarily text and image data from an SNS profile. Several social media network providers offer archive functionality, which preserves some user data.
To paraphrase Wikipedia, metadata can be briefly defined as data about data, data about containers of data, and data about data content. In the social media context, metadata often includes author, recipient, date, time, and location information.
Forensic software: Currently available forensic software can be used either as a tracking tool to actively monitor a user’s activities on the site or as a forensic tool to gather a snapshot of current and past usage. In either case, forensic software is currently the only way to collect metadata on a social media site.
Forensic software can includes both static collection tools – useful for collecting a snapshot of all of the material related to a social network profile at a given point of time – and dynamic tracking tools – used to actively monitor a target user account.
Excluding law enforcement situations, these solutions are usually dependent on having an agreement with or court order involving the target account user. Note that compliance archiving tools are a subset of forensic software and are used extensively inside and outside regulated industries. Compliance archiving tends to be more costly than other methods typically used in litigation.
Avoiding evidentiary, authentication issues
With smart approaches, attorneys and RIM professionals can tackle the challenges that monitoring and collecting social media present. “The best strategy for handling difficult preservation and collection issues is to confer with opposing counsel and agree on reasonable steps,” according to The Sedona Conference® Primer on Social Media.
Narrow the scope
During litigation, the elements of a claim, public web searches, available sources of information, and the types of information available on SNS should all be used to narrow the scope of information requested in discovering social media to avoid requests being found irrelevant or overbroad.
While social media information is not self-authenticating, under Federal Rule of Evidence (FRE) 901, the SNS matrix, comprising all the information making up a profile (e.g. HTML text, images, metadata, hash tags, posted information, online relationships), provide fodder for authenticating evidence in conjunction with deposition testimony, forensic investigation of software or hardware, or subpoena to a SNS provider to confirm user identity.
In other instances, enough matrix information can also allow for authentication by distinctive characteristics. In fact, the court in Lorraine v. Markel American Ins. Co., 241 F.R.D. 534 (D. Md. 2007) applied FRE Rule 901(b)(4) by ruling that metadata-level hash values were sufficient circumstantial evidence to authenticate.
For this reason, once the scope of a collection has been set, attorneys and RIM professionals should collect broadly. Acting within the confines of any litigation agreements, the more data collected, the easier it will be to find circumstantial evidence allowing authentication of social media evidence.
Similarly, preserving metadata and maintaining a clear chain of custody can be critical to authenticating social media and other electronic evidence. If metadata - especially dates, times, GPS stamps, and computers from which posts were made - are potentially relevant, use of a forensic software tool is necessary, as forensic software is currently the only method of preserving metadata from social media sites.
In compliance monitoring, use careful scoping and technology to effectively manage social media information on an enterprise level and avoid creating over-monitoring.
Selling management on more software tools and increased staffing is never easy. However, RIM professionals can point to numerous court cases where social media has come into play as one reason to proactively tackle the issue of monitoring and collecting social media.
Prepare, don’t pry
With changes in the way that organizations are using social media, RIM professionals should expect SNS content to be relevant in litigation or a regulatory event. Failure to consider the legal and technical considerations of social media may leave organizations scrambling to comply with eDiscovery demands or facing court sanctions.
On the other hand, RIM professionals need to be careful that monitoring social media is undertaken only with respect to organizational accounts. Employer monitoring of employee social media is restricted in several states, may run afoul of anti-discrimination laws and the National Labor Relations Act, and, as noted in "The Sedona Conference® Primer on Social Media", it may open employers up to liability for actions of their employees.
Social media information is useful evidence in many types of legal claims, including employment law claims, Federal Trade Commission violations, intellectual property infringement matters, breach of contract cases, and insurance fraud. Use of social media did not change the applicable U.S. Federal Rules of Evidence (FRE) or the U.S. Federal Rules of Civil Procedure (FRCP).
According to FRCP 26(b)(1), parties may obtain discovery over any “non-privileged,” “relevant” information and discovery requests must only be “reasonably calculated to lead to the discovery of admissible evidence.” Relevance and privilege are defined by the FRE.
In Federal court, admissibility of social media evidence usually hinges on the outcome of FRE Rule 403, balancing the probative value of evidence against the danger of unfair prejudice, usually the right to privacy. Note that many state courts, including those in Pennsylvania and New York, have expressly stated that there is no expectation of privacy on SNS.
The most litigated aspect of social media is authentication. FRE Rule 901(a) governs authentication of social media evidence. The ease with which social media information can be manipulated, the manner in which social media information is created, and the way in which it is stored raise novel issues concerning its veracity.
Stored communication act
As interpreted by several SNS, the Stored Communications Act has been deemed to prohibit SNS providers from releasing anything more than basic user information pursuant to civil subpoena. However, the act does not prohibit users from providing the information themselves, and users can still be subpoenaed and compelled to release social media information in a civil suit.
September 2012 Spredfast Social Engagement Index, available at http://info.spredfast.com/Website_Benchmark.html
United States Navy, 2012. Social Media Directory. United States Navy, available at www.navy.mil/media/smd.asp, last visited January 2, 2012.
Zuckerberg, Mark, 2012. “One Billion People on Facebook,” Facebook Newsroom, October 4, 2012, available at http://newsroom.fb.com/News/457/One-Billion-People-on-Facebook.
Neilson, 2012. “State of the Media: The Social Media Report 2012.” The Neilson Company, 2012 available at www.nielsen.com/content/dam/corporate/us/en/reports-downloads/2012-Reports/The-Social-Media-Report-2012.pdf
X1 Discovery, 2012. “Published Cases Involving Social Media Evidence (First Half 2012).” Copyright 2011-2012, X1 Discovery, available at http://x1discovery.com/social_media_cases.html, last visited January 4, 2013.
X1 Discovery, “Mid-Year Report: legal Cases Involving Social Media Rapidly Increasing,” eDiscovery Law & Tech Blog. July 23, 2012, available at http://blog.x1discovery.com/2012/07/23/mid-year-report-legal-cases-involving-social-media-rapidly-increasing/, last visited January 4, 2013.
Matt Raymond, “How Tweet It Is!: Library Acquires Entire Twitter Archive,” Library of Congress Blog, April 14, 2010, available at http://blogs.loc.gov/loc/2010/04/how-tweet-it-is-library-acquires-entire-twitter-archive/, last visited October 16, 2012.
Heather Griffith, Understanding and Authenticating Evidence from Social Networking Sites, 7 Wash J.L. Tech & Arts 209 (2012).
National Conference of State Legislatures, 2012. “Employer Access to Social media Usernames and Passwords,” available at www.ncsl.org/issues-research/telecom/employer-access-to-social-media-passwords.aspx, last visited January 4, 2013. Copyright National Conference of State Legislatures, 2013.
Sedona Conference Working Group on Electronic Document Retention & Production, 2012. The Sedona Conference® Primer on Social Media. Available at https://thesedonaconference.org/publication/Primer on Social Media. Copyright 2012 The Sedona Conference.
Twitter, 2013. Types of tweets and Where they Appear, Copyright Twitter 2013. Available at http://support.twitter.com/groups/31-twitter-basics/topics/109-tweets-messages/articles/119138-types-of-tweets-and-where-they-appear, last visited January 4, 2013.
Facebook, 2013. Facebook for Business, Copyright Facebook 2013. Available at www.facebook.com/business/, last visited January 4, 2013.
Wikipedia, 2013. Metadata, Copyright Wikimedia Foundation, Inc. 2013. Available at http://en.wikipedia.org/wiki/Metadata, last visited February 17, 2013.
- Federal Rule of Civil Procedure 26(b)(1)
- Federal Rule of Civil procedure 34
- Federal Rules Evidence 901(a)
- Federal Rules Evidence 401-403
- Federal Rules Evidence 904(a)
- Federal Rules Evidence 801, 803, 804, and 807
- Federal Rules Evidence 1001-1008
- Stored Communications Act, 18 U.SC. 2701 et seq.
- Lorraine v. Markel American Ins. Co., 241 F.R.D. 534 (D. Md. 2007).
- PhoneDog v. Kravitz, 2011 U.S. Dist. LEXIS 129229 (N.D. Cal. Nov. 8, 2011).
- Kristen L. Mix, “Discoverability of Social Media,” 5 Federal Cts. L.R. 119 (2011).
- Andrew C. Payne, Twitigation: Old Rules in a New World, 49 WASHBURN L.J. 841, 845-46 (Spring 2010)
- Patricia E. Salkin, Social Networking and Land Use Planning and Regulation: Practical Benefits, Pitfalls and Ethical Considerations, 31 Pace Law Rev. 1, 33 (2011).
- Phila. Bar Ass'n Profl Guidance Comm., Op. 2009-02, at 3 (2009).
- Robert S. Kelner & Gail S. Kelner, Social Networks and Personal Injury Suits, N.Y.L.J., Sept. 24, 2009.
- Howard B. Iwrey et al., A Multidimensional Solution to the Problems of Runaway Discovery, 29 No. 6 OF COUNSEL 12 (June 2010)
- Pension Comm. of the Univ. of Montreal Pension Plan v. Bank of Am. Sec. LLC, 685 F. Supp. 2d 456, 472 (S.D.N.Y. 2010).
©2013 ARMA International, www.arma.org. Reprinted with permission.
As used in this document, “Deloitte” means Deloitte LLP and its subsidiaries. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting.
While the information in this article may deal with legal issues, it does not constitute legal advice. If you have specific questions related to information discussed in this article, you are encouraged to consult an attorney who can investigate the particular circumstances of your situation.