From Telegram to Snapchat to Signal, ephemeral messaging applications can offer increased peace of mind and security. The concept first surged in popularity as users discovered its utility for personal messaging. Recently, however, it has also become part of routine communication in workplaces across the country, raising important considerations for eDiscovery services.
In this article, we’re going to discuss how ephemeral messaging has impacted the forensic and discovery process. Let’s get started!
What is ephemeral messaging?
Ephemeral messaging is the term used to describe encrypted messages that automatically disappear from the recipient’s screen shortly (or immediately) after they are viewed. Some platforms like Snapchat and Wickr Me can send media attachments like photos, videos, and emojis. Other applications, such as CoverMe, offer additional privacy features that allow users to make phone calls from a fake (or “burner”) phone number.
How does ephemeral messaging create evidentiary issues?
Nearly all content-expiring applications take steps to ensure that the recipient of the messages cannot take screenshots or screen recordings. This poses a challenge for attorneys who must authenticate witness claims and determine whether any artifacts exist that can be used in litigation. When the original writing of the message has not been preserved, the federal Best Evidence Rule (Fed.R.Evid 1001 et seq). may allow the content of the message to be established through witness testimony.
Some data retention strategies can create similar evidentiary challenges to those of ephemeral messaging. While the data may not have originated from an application with content-expiring functionality, automated deletion will produce the same end result. For that reason, the messages are often called “quasi-ephemeral” messages.
Automated deletion policies are popular because they can help companies comply with privacy requirements and limit their exposure to data breaches. Unfortunately, if a company is facing investigation, deleted information is a significant risk for their legal defense.
Can ephemeral/quasi-ephemeral messages ever be recovered?
Digital forensics is constantly evolving, but some research has shown promising results. A recent study¹ from researchers in the UK “uncovered various artifacts from the iOS device including account information, contacts, and evidence of communication between users.” For those using Android devices, researchers “uncovered evidence of communications, and several media files assumed to be deleted within a storage cache in the Android file system.”
The ability to recover ephemeral messages is always case-dependent. After assessing your case, qualified eDiscovery providers like First Legal will use the latest technology to retrieve any remaining artifacts.
Thanks for reading! We hope these tips have given you some insight into the usage and impacts of ephemeral messaging. It is likely that content-expiring data will continue to impact investigators, attorneys, and courts in the years to come. If you enjoyed this article, check out our next blog “How Remote Working Has Changed Digital Forensics Practices”
Please don’t hesitate to contact us with any questions or concerns. At First Legal, we’re here for you from File Thru Trial™!
¹ Bin Azhar, M A Hannan, et al. “Forensic Investigations of Popular Ephemeral Messaging Applications on Android and IOS Platforms.” International Journal On Advances in Security, 30 June 2020, pp. 41–53.