Category: eDiscovery News

Kyle Rittenhouse Trial Highlights Importance of Technology Expert Witnesses

Posted by on in eDiscovery News, ForensicsLeave a comment

Earlier this week, a jury heard closing arguments in the trial of Kyle Rittenhouse. Rittenhouse rose to national prominence in August 2020 after allegedly shooting three people at a Wisconsin protest, two of whom died, the third injured. Now, he stands trial for those alleged crimes.

One unexpected curveball: whether or not the prosecution should be allowed to use an iPad to zoom in on footage that allegedly shows Rittenhouse at the scene of the crime. The defense argued that when one uses the pinch-to-zoom feature available on Apple devices, it alters the footage:

“It uses artificial intelligence, or their logarithms, to create what they believe is happening,” said defense attorney Mark Richards. “So this isn’t actually enhanced video, this is Apple’s iPad programming creating what it thinks is there, not what necessarily is there.”

NOTE: Many publications that have published this quote allege that the defense meant “algorithms” rather than “logarithms.”

Prosecution insisted such alterations don’t happen, and that zooming is no different than putting a magnifying glass over a printed photograph. Judge Bruce Schroeder initially said the prosecution would have to bring in an expert to confirm this, otherwise they’d have to use the raw footage taken from a wider angle.

James Whitehead is the Associate Director of Digital Forensics at Contact Discovery and has served as a digital forensics expert witness on forensic issues.

“I think as we see AI evolve, a new breed of validation questions may arise as the computer begins to generate life like images of events and people that do not exist,” says James Whitehead, Contact Discovery’s Associate Director of Digital Forensics, who has testified as an expert witness in other trials. “There’s an entire industry of applications… that leverage or skew the underlying digital photography [so we can] create panda face versions of ourselves.”

While the panda face apps might be an extreme example, Whitehead was also quick to clarify that the fact these apps exist doesn’t automatically mean the raw data is unreliable.

 “These apps function because the underlying digital image is trustworthy as is the underlying technology,” he said. It’s perhaps paradoxical that as technology gets better, it almost becomes harder for people to trust it.

In court, Judge Schroeder admitted to not having a very good understanding of technology. “I know less than anyone in the room here I’m sure about all this stuff,” he said.

It’s easy for people who live and breathe tech to think that pinch-to-zoom is a standard feature that everyone is familiar with, but then… should that matter? How often laypeople use certain technology isn’t necessarily a good standard for whether or not that technology should be admissible in court.

If a judge knows they don’t understand a topic as Schroeder admits he doesn’t understand pinch-to-zoom technology, it does make some sense to err on the side of caution. Once a jury has seen evidence, the judge can’t change that if they later learn that evidence was unreliable. When judges know they’re out of their depth, deferring to experts before they make a call is quite reasonable.

“The fact finders are a diverse group of individuals,” says Whitehead.  “We must remember that education of the fact finder isn’t a factor to be lightly regarded. The rules of evidence have evolved over the years as has the evidence. It’s still good practice to explain what you are leveraging and why it matters. If evidence or story is technical in nature, [it’s best to] have an expert on standby who can assist with the explanations.”

At the end of the day, criminal trials aren’t about what the Twitterverse thinks; they’re about what judges and juries think. Whether or not the prosecution should need an expert to confirm the validity of pinch-to-zoom footage is beside the point if a judge says they do.

Later in the trial, Judge Schroeder had a change of heart and said the jury could consider the enlarged footage, however he wasn’t shy about expressing his skepticism for it.

 “You’re basing this extremely important segment of the evidence on something that I’m really queasy about,” Schroeder said. “I’m not going to give an instruction on it, but I’ve made my record on the high risk that I think it presents for the case.”

So what can other legal teams learn from this ruling?

For one, that just because technology seems commonplace, that doesn’t mean a judge will understand the ins and outs of the technology well enough to confidently make a ruling on its admissibility. Whitehead says people might be surprised at how often judges expect expert testimony for technology end-users might consider commonplace.

“Technology is wasted on the young, like naps and kindergarten,” he said. “Judges are often removed from the [supposedly] commonplace setting for which our matter may hinge.”

Be ready to defend any part of your case involving technology, and yes, that may even mean expert testimony when you don’t agree expert testimony is needed. In this case, Schroeder initially put the burden of proof on the party that presents that evidence, not the party trying to disqualify evidence. Could that open the door for other teams to cast doubt on opposition’s evidence even if they don’t have their own experts? After this tech debate in such a highly publicized trial, some attorneys that would’ve otherwise thought they can’t get evidence thrown out might try anyway. Even if evidence is ultimately admitted, a drawn out debate about its reliability could still shape jurors’ perceptions of that evidence. Having expert testimony at the ready can potentially prevent such a debate.

Another thing most legal teams know, but this case reinforces: don’t be overly reliant on one “smoking gun” if you can help it. Perhaps the prosecution will be able to get a conviction based on evidence besides their pinch-to-zoom footage. Only time will tell. The one constant of the legal world is that as much as we try to predict it, it remains unpredictable. You never know which evidence could be disqualified, so finding multiple “smoking guns” makes for a stronger case.

Can eDiscovery Free Britney?

Posted by on in eDiscovery NewsLeave a comment

DISCLAIMER: This article revolves around an ongoing case where many specifics are sealed from the public. Much of it is speculation intended to educate, and should not be taken as any kind of legal advice. 

In 2008, one of the most famous people in the world was placed under a conservatorship shortly after having one of the most famous public breakdowns in the world.

That person was of course Britney Spears, and that conservatorship is still in place 13 years later. Over the last couple years, the legal arrangement has come under more public scrutiny, especially as it seems clearer and clearer that Britney herself is dissatisfied with the current arrangement. While most of the details of this court case are sealed from the public, it’s safe to assume that someone, somewhere is sifting through electronically stored information (ESI) looking for answers.

Some Quick Background

Conservatorships, or guardianships as they are referred to in some states, allow for the court to place another person in charge of a legal adult’s personal and/or financial affairs. They exist to protect those whose mental faculties may not be fit for high stakes decision making, such as elderly people with dementia or Alzheimer’s disease, or younger people with developmental disabilities.

As the self-proclaimed #FreeBritney movement has gained more traction online, more and more people are asking the question… “how can someone who spent much of the last decade putting out new music and performing regularly also be so incapacitated that she can’t be trusted to make decisions for herself?”

Different people have drawn different conclusions. Many in the #FreeBritney camp believe that Britney isn’t really sick enough to justify the conservatorship going on this long, but her father/co-conservator Jamie Spears makes too much money off the status quo to let his daughter have more autonomy.

According to a 2016 article in the New York Times, Jamie makes a yearly salary of $130,000 as conservator, and he also got to take home 1.5% of the gross revenue for her Las Vegas residency. In 2018, Billboard reported that gross revenue number was $137,695,392, which would make Jamie’s cut a little over $2 million.

On the other side of the coin, some close to Britney reject this as conspiracy theories spawned by outsiders who don’t know enough about Britney’s mental health or legal case for their claims to hold any water. They say removing the conservatorship could risk another potentially life-threatening breakdown a la 2007-2008. They point to the comparative stability since as evidence that the conservatorship is doing its job.

At the time of this writing, Britney’s team has not filed a petition to end the conservatorship altogether. However, it does seem clear that she wants her father removed from his role. Jamie Spears served as co-conservator from the beginning of the arrangement in 2008 until 2019 when his own health issues forced him to step aside. At this point, the courts appointed temporary co-conservator Jodi Montgomery, and Britney unsuccessfully tried to make this change permanent. According to Britney’s lawyer, “it’s no secret that [his] client does not want her father as co-conservator.”

So Why is The Britney Conservatorship Case So Complicated?

The conservatorship has been in place for 13 years, and technology has evolved at a rapid pace during that time. There’s also the fact that the case centers around someone who may have had varying levels of mental stability throughout those 13 years. Should Britney’s communications with other parties be taken seriously or not? It might take mental health expert witnesses to bolster either side’s case, and that’s an additional logistic concern for legal teams.

You also have to consider that (as far as the public knows) virtually everything Jamie did over these 13 years was technically legal. Britney’s team isn’t necessarily looking for evidence of a specific crime per se. Instead, they have to look for evidence that Jamie’s choices regarding Britney’s affairs were unjust enough that the courts should reconsider their previous arrangement.

Those unjust choices could take different forms. You could argue that Britney’s illness was bad enough that Jamie shouldn’t have approved the amount of work Britney did during this time frame. Since the conservatorship began, she’s put out four studio albums, done two world tours, and a Las Vegas residency consisting of 248 performances over 4 years. She was also in the process of planning and rehearsing for a second Vegas residency which was canceled in early 2019. One potential strategy is to argue that Jamie exercised poor judgement in letting someone so mentally ill take on such an ambitious workload.

You could also argue a case that directly contradicts that one: that Britney was well enough to be recording and performing regularly, but that she was so healthy in fact that the conservatorship should have been phased out long ago. Jamie shouldn’t be allowed to deprive a reasonably healthy Britney of rights that any other reasonably healthy adult is legally entitled to.

Either strategy would require a team to establish a multi-year narrative assembled from bits and pieces of data scattered across the digital landscape. The same is true if you’re on Jamie’s team. They’ll be trying to show that Britney really does still need a conservator, but that any work she did over the last 13 years posed a low enough risk to her mental health that a conservator could reasonably allow it.  

Such long-term patterns are often a far harder thing to prove than one clearly defined “crime.” That gives discovery teams far less specific parameters to guide their search for relevant data.

The Longer the Story, the Trickier Discovery Gets.

Britney Spears’s conservatorship began in 2008. Think of how we communicated back then. The first iPhone had only launched one year prior, and many people were still using flip phones. Camera phones were relatively new to the scene as well. Pictures weren’t always great quality, and phones weren’t always built with enough memory to also function as multi-year photo archives. While cloud technology had existed for decades, tech giants like Amazon, Microsoft, and Google were only just beginning to experiment with large-scale implementation.

That means that more conversations happened over regular phonecalls than text messages, and those are harder to capture. It meant people were more likely to delete messages and photos regularly since they didn’t have easy access to cheap cloud storage. It also means we didn’t have all the cloud backups that sometimes function as data safety nets in modern cases. These are all factors that any discovery team has to consider whenever a matter has gone on this long.

Alright, but what about her phone from more recent years?

Nowadays, the public has no way of knowing what kinds of electronic devices Britney has access to, or how much oversight other people have over her device usage. In 2019, TMZ claimed that Britney only had a flip phone and wasn’t allowed internet access. Whether that’s true or not, it poses some unique challenges for the discovery professionals on Britney’s case team.

Imagine collecting data from a device, but still having to wonder who really typed this message if not the primary custodian? If Britney’s phone usage really is highly regulated by her conservator, was she potentially able to communicate on other phones behind their backs? Could there be valuable ESI hiding on other devices we might not usually think to collect?

Then there’s the conversations that don’t involve Britney directly. The ones between her conservators and other members of her management team; the ones between conservators and medical personnel; the ones between her team and other relevant parties such as Caesars Entertainment, the company that signed her to the aforementioned Vegas residency.

It’s quite easy to imagine messages that are either proof Britney is a victim of conservatorship abuse or proof that Britney’s mental state is still unstable enough to justify continuing the current arrangement. It all depends on which side you’re trying to argue.

Maybe there’s a way for teams to cross-reference messages with medical reports or other custodians’ messages to give validity to Britney’s version of events. Maybe there isn’t. Either way, it’s not going to be easy. Legal teams have the difficult choice of what rabbit holes are worth their time and how far they should go before picking another strategy.

Good eDiscovery tells a complete story.

In eDiscovery, sometimes one single piece of evidence is enough to back up your side’s entire case. It’s also quite common that case teams have to build a case from the ground up. They find pieces of ESI that would never mean much individually. Sometimes these seemingly random puzzle pieces were scattered across multiple devices or were generated years apart from each other. It’s only when a skilled discovery team brings those pieces together that they have any legal significance.

This is a challenge for both sides in the Britney conservatorship debacle. Again, this case isn’t really about one isolated “crime.” That makes it really hard to imagine what a “smoking gun” would even look like.

Instead, this case is all about inner workings of both personal and business relationships over 13 years. There likely won’t be any single piece of data that can prove either Britney or Jamie’s version of events is correct, at least not by itself. Instead, teams on both sides have to string multiple data points together into a story that makes sense to a judge.

So how does an eDiscovery team come in handy?

There’s a lot of decisions to be made, and none of them have easy answers. First there’s the question of what documents you think are going to be most relevant. You oftentimes need a general idea of what your strategy is before you’ve seen all the data, that way you can convince a judge that the right documents should be included in discovery. Conversely, you might argue that certain documents that would be more helpful to your opposition than to you shouldn’t be included. 

You also have to weigh the odds that maybe you can find deleted or encrypted data that isn’t immediately obvious on the surface. Is it worth the resources to include certain devices in your search even when you know they might not give you anything useful?

There’s also the chance that as you get deeper and deeper into discovery, you may have to pivot to new strategies. Sometimes documents that you thought would be helpful aren’t. Even if everything is going according to Plan A, it takes a staggering level of precise coordination to turn a decade’s worth of communication between numerous parties into something that can be presented in court. Reviewers code documents as they go so that project managers can see trends emerge, even if those documents weren’t initially assigned to the same reviewer. 

All of these are areas where lawyers can gain valuable insight by consulting discovery experts. Service providers don’t just exist to take your data and give it back to you in a reviewable form; they can help you navigate the complex minefield of decisions that comes along with any case, and make sure your discovery strategy aligns with your larger legal strategy. They can also help you adapt as more information comes to light and the case inevitably evolves. Good service providers can keep the circus of discovery from driving you crazy before things get too toxic.

Signal vs. Cellebrite: What You Need to Know

Posted by on in eDiscovery News, ForensicsLeave a comment

If you’re part of legal investigations that involve any kind of electronic data, you need to know what’s happening between Signal and Cellebrite.

Cellebrite makes one of the industry’s most commonly used digital forensics tools, and Signal CEO Moxie Marlinspike has recently publicized alleged vulnerabilities in Cellebrite’s security measures. Continuing to use outdated versions of Cellebrite, especially without other best practices of digital forensics in place, could open the door for system hacks as well as opposing counsel questioning the integrity of your evidence.

These types of legal proceedings can cause substantial disruptions in forensic labs worldwide.  Forensic extractions and analysis would have to pause for the duration of the imaging process; forensic labs would need to relocate sensitive data to other platforms; ultimately the legal costs associated with these additional acquisitions and analysis could be significant. Luckily, there’s a few relatively simple steps you can take now to prevent the astronomical time and expense it would take to deal with any spoliation issues.

The Background

Signal and Cellebrite exist on two opposite sides of the technology spectrum: Signal is a messaging app that offers end-to-end encrypted messaging. Digital privacy is their primary selling point. Cellebrite is a digital forensics company.  When law enforcement seizes an electronic device for an investigation, there are good odds that someone, somewhere is using Cellebrite technology to unlock it and collect data. That means one of their primary selling points is the ability to circumvent privacy measures when the situation calls for it. You can understand why two such companies would end up at odds. It’s a never-ending cat and mouse game: a win in forensics is normally seen as a loss in security and vice versa.

In a blog post, Signal CEO Moxie Marlinspike made several serious allegations against Cellebrite’s security protocols:

  • That Cellebrite has not updated some of their source code files since 2012, despite hundreds of updates to these files becoming available since then.

  • That because most of the data extracted by Cellebrite comes from third-party apps rather than the device itself, it would be possible for any untrusted app developer to put files in their apps that would corrupt Cellebrite output and reporting. 

  • That if such an exploitation were to occur, not only would it undermine that particular collection, but any prior and future collections done with that same Cellebrite device.

  • That “Industry-standard exploit mitigation defenses are missing, and many opportunities for exploitation are present.”

  • That Cellebrite appeared to also include unlicensed iTunes software, opening the door for legal challenges from Apple to Cellebrite and its users.

Marlinspike’s blog post also concluded with some “completely unrelated news” about how new updates to Signal would feature files in app storage for “aesthetic purposes.”

Some have interpreted this to mean that not only is Marlinspike saying these vulnerabilities in Cellebrite exist, but that he intends to actively use his own Signal app to wreak havoc on Cellebrite investigations.

Of course, no can know for sure, but if that’s true it poses a substantial threat. Signal had over 40 million users as of January 2021, so it’s only a matter of time until law enforcement ends up investigating a phone where the app is installed.

Other Important Context

While it’s not exactly wrong to say that some of these vulnerabilities look like rookie mistakes to an outsider, it’s important to recognize that unlike the consumer-facing Signal app, Cellebrite is not intended for use by laypeople. Anyone using Cellebrite to extract data from a device is most likely an expert in digital forensics who’s taking other precautions to prevent the kind of corruption that Marlinspike describes.

Cellebrite’s original customer base consisted of government and law enforcement agencies.  Many of these organizations use forensic workstations that are isolated from internet accessible devices. They also sanitize their workspaces between cases to avoid cross-contamination between different devices’ data. Assuming these best practices are in place, the risk of rogue executables coming from mobile devices the way Signal suggests is incredibly low.  

However, as Cellebrite has grown, so has their number of private sector clients who use workstations that rely on the same networks as other company devices. That means that if someone were to exploit the vulnerabilities that Marlinspike mentions in his blog, the ramifications could be company wide, not just a matter of corrupting one device.

More remote collections in light of the pandemic also complicates things. In light of these developments, the concern of untrusted data on a mobile device corrupting an acquisition is real; unlikely, but real none the less. We also have to remember that in forensics, theoretical possibilities matter. Ideally, you do not just want to prove that no one tampered with your data, but that it was highly unlikely that anyone could have tampered with your data.

The publicization of Cellebrite’s vulnerabilities is already having real-world consequences. In Maryland, a defense attorney named Ramon Razos is asking for a re-trial because law enforcement relied heavily upon Cellebrite evidence to convict his client.

So… can I keep using Cellebrite in my investigations?

The short answer is, yes. You can keep using Cellebrite and significantly reduce your risk of data spoliation with just a few best practices of forensics. Namely, run the most recent version of Cellebrite.

According to Vice, Cellebrite issued an update less than a week after Marlinspike published his blog post. While Cellebrite did not explicitly say that these patches were meant to address Marlinspike’s grievances, the timing certainly makes it look that way. In the same Vice article, Cellebrite allegedly asserts that “Based on our reviews, we have not found any instance of this vulnerability being exploited in the real-life usage of our solutions.”

Again, those using Cellebrite should be forensic experts with other tricks up their sleeve. They’re not relying entirely on Cellebrite technology for effective preservation, but some combination of Cellebrite technology and their own failsafe measures. 

A forensic analyst should always spot check their work by manually reviewing the raw files to confirm the forensic software parsed out the intended artifacts. Spot checks of the data on the physical device can also reassure the investigative team that they have maintained data integrity.

If you’re a lawyer who’s paying someone else to handle your forensics, make sure your vendor is aware of the current Cellebrite situation and has applied the most recent patches. It’s also totally fair to ask your vendor what other non-Cellebrite measures are in place to ensure data integrity and defensibility. Are they sanitizing work stations between collections? Are they spot checking their data? You deserve to know.

While the risk of data corruption is most likely far lower than Marlinspike wants Cellebrite customers to believe, it is there, and the consequences of an exploitation are too great not to check all your bases.

If you have any other questions about digital forensics, you can reach out to Contact at info@contactdiscoveryservices.com.

Capitol Breach Investigations are Changing eDiscovery

Posted by on in eDiscovery News, Forensics, Legal Technology InnovationsLeave a comment

On January 6, supporters of then-President Donald Trump breached the U.S. Capitol in an attempt to prevent Congress from certifying Joe Biden as the winner of the 2020 presidential election. As authorities look into who is responsible and what kinds of repercussions perpetrators should face, they’ll have over 140,000 pieces of digital media to aid their efforts. Throughout the Capitol Breach investigations, officials will be reliant on something much of the world knows nothing about: eDiscovery.

eDiscovery is the art and science of sorting through digital data to find the relevant pieces needed to build a legal case. 5-10 years ago, much of this data came in the form of emails and their attachments. However, many of the arrests relating to the Capitol riots cite digital evidence uploaded to social media sites.

One Connecticut man was charged because of a YouTube video. Two Massachusetts citizens were arrested because of photos on Twitter. A New Mexico County Commissioner was connected to the riots in part because of videos he posted on a “Cowboys for Trump” Facebook page. A man from Texas was arrested in part due to his posts on Parler. One such post allegedly included a threat to return to Washington, D.C. on January 19 armed and ready for insurrection: “We will come in numbers that no standing army or police agency can match,” the post allegedly states. 

That shift away from email-exclusive discovery strategies was already happening, but the Capitol riots may expedite it. Investigators are still sorting through digital data, and we likely haven’t seen the last of arrests related to this incident. Many cases will hinge on whether or not eDiscovery professionals can connect individuals to the scene and whether or not there’s digital evidence that reveals offenders’ true intentions. Either way, the Capitol breach investigations shed a light on what kind of technology is available and how law enforcement is using it. Depending on the outcomes of these cases, we may see social media-based data integrated into discovery on a much larger scale.

The Value of Geolocation

Ordinary people probably know that investigators can find incriminating things people have published on the internet. However, they might be surprised to learn just how easy it is to figure out which electronic devices were actually at the Capitol on the day of the attack. Geolocation, or more specifically “geofencing”  involves drawing a virtual boundary around a specific location, and then using technology such as GPS or Bluetooth to find devices within that boundary.

“Right now, law enforcement can pull social media information from a geolocation at will or with relatively few roadblocks,” says James Whitehead, Contact Discovery’s Associate Director of Digital Forensics. “Law enforcement agencies can capture wireless communications and pull packets off wires. This technology/capability is expanding among law enforcement departments at a rapid pace.”

This is important because many people have said hyperbolic things on the internet, and that in and of itself isn’t a crime. One of the challenges facing investigators is separating those who simply wrote inflammatory messages from those who acted on their intent. With geolocation, investigators can prove that someone who published violent threats online was actually at the Capitol at the time of the attack.

An offender’s sentence could also vary quite a bit if prosecutors can use social media posts to prove there was prior intent to attack the Capitol. That’s a very different scenario from someone who showed up for what they thought was a peaceful protest, got caught in the moment, and then showed remorse after the fact.

Social media companies are also aiding law enforcement in matching locations to other parts of a user’s profile.

“At one point Facebook had 100+ metadata fields for its site,” Whitehead says. “This includes user names, likes, names of the likers, time of the likes and/or shares, and then most if not everything is geolocated. Often these metadata records include associations to the authoring/viewing device’s unique identifiers including IP address, which further aids in geolocating.”

In the case of Twitter, investigators can collect tweets in a geolocated fence and by hashtag.

“I could essentially drill down to the Capitol and then to hashtags of interest,” says Whitehead. “If I expanded my resources, I could cross-reference known individuals and pull all their tweets and anyone who shared or viewed them within a geofenced area.”

That combination of what people said online and their whereabouts at the time of the Capitol attacks gives investigators added insight. Suddenly they’re able to comprehend not only the “what” but the “who,” “where,” and “why” as well. Geolocation could also play an important role in providing alibis to those who published inflammatory statements, but were not physically present at the Capitol at the time of the attack.

Constructing Larger Narratives

Not only can law enforcement use social media data to pinpoint where suspects were the day of the attacks, they can also use it to show what kinds of things suspects were writing weeks before. This helps investigators tell a more complete story.

One suspect, Brendan Hunt, allegedly called for the murder of elected officials on an online video platform called BitChute. However, the charges against him also mention a Facebook post on or from approximately December 6, 2020, a whole month before the Capitol breach. According to the affidavit, this post called for “revenge on Democrats” and a “public execution” of Senator Chuck Schumer and Representatives Nancy Pelosi and Alexandria Ocasio-Cortez.

“If you [Trump] don’t do it, the citizenry will,” says Hunt’s post.

Another case revolves around a Utah man named John Earle Sullivan. Sullivan handed over 50 minutes of video footage to authorities. He’s also uploaded large amounts of video content regarding the riots to YouTube under the name JaydenX. The criminal complaint against Sullivan claims his voice can be heard on the tape saying celebratory things like “We accomplished this s**t. We did this together.”

At the time of this writing, JaydenX’s YouTube channel not only features footage of the Capitol riots on January 6, but other MAGA, Proud Boys, and Black Lives Matter protests dating back to June 1, 2020. If you’re the defense, you might argue this YouTube account proves that Sullivan is just an independent video journalist, attending and recording any protest he thinks will be of interest regardless of the cause. If you’re the prosecution, you might use it to establish that Sullivan is a dangerous agent of chaos and has been for some time. Either way, it’s hard to imagine that legal teams will look at what’s likely hundreds of hours of political protest footage from the last six months and think that only the January 6 footage is relevant.

General Awareness of ESI in Law Enforcement

Perhaps most importantly of all, the riots have made the general public more aware of how digital data can be helpful to law enforcement. Sometimes, public ignorance can aid investigators. People incriminate themselves largely because they don’t know their messages can be found later. The events at the Capitol have created large scale awareness of the role that social media posts and other electronic messages can play in investigations.  

That awareness is a double-edged sword. On the one hand, it could drive bad actors to alternative platforms where they’re harder to find. On a more optimistic note, well-intentioned people are more likely to be on the lookout for digital evidence in their day-to-day lives. Heck, one Twitter user even mentioned using dating apps as a way of getting perpetrators to volunteer evidence against themselves:

Only time will tell how this case shakes up the world of eDiscovery. What won’t change is the critical role that legal technology plays in finding the truth.

Subscribe to the Contact Blog to receive more updates on all things eDiscovery.