fbpx

Why Mobile Data eDiscovery Is Different Than Email eDiscovery

It’s 2021, which means it’s highly unlikely that this is the first blog post you’ve read saying you need a mobile data eDiscovery plan. Most of us get that by now.

However, you can’t always take the same technology and approaches you’re currently using for email and superimpose them on mobile data. It just doesn’t work that way. Unfortunately, it can be hard to wrap your head around just how different texting and email really are until you’re neck deep in a project.

Today, we wanted to walk through some of the main things you need to account for while collecting, processing, and reviewing mobile data. By understanding the differences between these channels, you can not only ensure that you’re including mobile data in your eDiscovery strategy, but that you’re doing it right.

“Texting” is actually 3 different things that LOOK like 1 thing.

Generally speaking, emails are emails. After the initial collection, it doesn’t really matter much if those emails came from Macs or PCs, or if the company ran their emails through Microsoft 365 or Google Drive. Emails can be imported into a review platform, and reviewers don’t really have to care that much about where they initially came from.

What a layperson thinks of as “texting” is actually a combination of as many as three different types of communications: SMS, MMS, or iChat. We act like they’re the same thing because generally, our phones make them look like one thing. I don’t have a separate app for sending SMS messages vs. MMS messages. My phone doesn’t yell at me when I reach the character limit for an SMS, it just automatically converts it without me having to think about it.

During data processing, these messages that seem identical on the front end often get sorted out into different buckets on the back end. That means that if custodians were iChatting, lost wifi, and then switched to SMS, that single conversation may get ripped apart and reviewers have to piece it back together.

When you’re identifying potential sources of data, it’s important not to just ask about “texts.” If possible, try to figure out how texts break down into SMS, MMS, and iChat. The best mobile data eDiscovery technology can thread these messages together, and depending on how many phones you’re collecting, it might be worth that investment. At the very least, making sure you know how texts break down into SMS, MMS, and iChats helps you better assess how long review should take.

Mobile Communication Has No “Subject Line” 

Most work emails have a subject line; generally, emails in that same conversation also have that subject line. Sure, sometimes conversations naturally flow away from that initial subject, but at least it’s a valuable starting point that helps discovery teams understand what messages belong together, and which ones might be duplicates; this is the basis of how review platforms utilize email threading.

Not only does texting lack a “subject line,” it’s also a place where users simply don’t even try to sort their conversations out into multiple threads the same way. Earlier today, I frantically texted my mother about a jacket I left at her house, and within minutes she was asking me to text her a recipe for banana cake.

Those two conversations coexisted in the same thread, with messages right on top of each other. That’s just how a lot of us text. I pity any review team that would have to go through my phone and find messages relevant to their case with so many less relevant messages randomly scattered across my conversations. (On the bright side, they might get a nice banana cake recipe out of it!)

Threading messages into conversations is one of the most important things that any good review platform does for reviewers; it’s even more important when users aren’t naturally “threading” their conversations together by default.

Mobile Communication Usually Requires More Redactions

On a related note, professional communication is more likely to co-mingle with personal communication in text messages compared to email. That’s especially true in companies where employees still use their personal device for company business. With email, we tend to have a dedicated work account apart from our personal email account. Users understand that there’s no reasonable expectation of privacy in their work emails. That’s not always true in mobile, particularly at companies that don’t issue company-owned phones or have clear Bring-Your-Own-Device (BYOD) policies.

What if that thread where two work friends texted about trade secrets also mentioned things like doctors’ appointments or included pictures of their kids? Legal teams need to be able to redact irrelevant personal information in order to protect custodians’ privacy. That irrelevant personal information rarely shows up in emails, so redacting isn’t a concern to quite the same extent.

Some review platforms support redactions more easily than others. A cumbersome redaction process might not be the end of the world when you’re primarily dealing with emails, but it can seriously hinder progress when there’s a lot of mobile communication and redactions are needed more often.


When there’s a lot of mobile data in your eDiscovery project, it’s important to consider how technology and user behavior shapes this data. This is nowhere near an exhaustive list of the reasons why texting and email are different, but we hope it’s enough to get your wheels turning. What kinds of stumbling blocks have are tripping up your mobile data investigations? Reach out today and let us know!

Curious to know more about how Contact Discovery attacks mobile data investigations? Check out MobileRev™!

Contact Discovery’s MobileRev™ solution turns text messages into near-native images for review

What Do You Do When eDiscovery Tech Support Isn’t Enough?

There’s a pressing legal matter at hand. Deadlines are fast approaching. The last thing you want is to be stuck waiting on a response from tech support. Unfortunately, this is becoming an all-to common issue with eDiscovery platforms.  

Too often, software companies overstate the simplicity of their products. While it may be perfectly true that an end user finds a program intuitive and easy to use, that doesn’t necessarily equate to easy maintenance behind the scenes. When legal teams are too quick to buy these allegedly silver bullet solutions without anticipating that extra maintenance, it can lead to friction that slows down discovery.

Naturally, legal teams look to their tech support at whatever company made the software. Oftentimes, support staff is doing the best they can, but they can only do so much. If a software company is pouring money into sales and marketing efforts, but not scaling IT support at a fast enough pace to accommodate those extra users, it usually leads to frustration all around. As more and more venture capital flows into eDiscovery from people who don’t actually have any real experience in discovery, that industry-wide growing pain is unlikely to go away anytime soon.

eDiscovery vendors have an important role to play here. By bridging the gap between end users and software companies, service providers can help alleviate some of the strain on tech support, making it more helpful to those who do need it. Meanwhile, legal teams can increase the functionality of their existing software, solving their problems for (usually) far less money than investing in new software.

But why isn’t this program as easy to use as the salesperson said it would be?

Different people mean different things when they say “easy.” A lot of the latest eDiscovery solutions are far more intuitive than ever before, which is great! That tends to be what most companies will focus on in their sales and marketing efforts.

However, ease of use doesn’t automatically translate to ease of maintenance.

For example, my brother and I own two different cars, specifically a 2007 Honda Accord (me)  and a special edition Toyota 86 (my brother). My brother’s car handles really well. He can make tight turns at high speeds in a way I can’t. He can accelerate faster. The driving experience is all-around better in his car than mine (presuming you can drive a stick shift of course).

There’s a flip side to this. My brother has to put premium gas in his car; mine takes unleaded. It’s easier for me to find mechanics who keep the parts my car needs in stock. If my brother has an issue, it’s more likely that his mechanic would have to special order the part he needs, thus keeping his car in the shop longer. So while the “user experience” in his car is better, my car is easier and cheaper to maintain. Sometimes ease of use and ease of maintenance coexist, sometimes they don’t. It’s just important to recognize that they’re not the same thing, and one does not necessitate the other.

eDiscovery is an ever-changing field, which means many software programs require regular updates. The more intricate the software is, the more intricate those updates are likely to be, and they can take a while to install. How do you get them done while still making sure a discovery environment is ready to go when reviewers need it? In some cases, the Contact team will run patches at midnight, if that’s what it takes to avoid disruptions to our clients’ regular workflows. By providing crucial, ongoing support to a discovery environment, service providers can step in and offer ease of maintenance to compliment the software’s ease of use.

Why would I need an eDiscovery vendor if I can do most discovery in-house?

We’ve found that technical maintenance of eDiscovery environments can still be a common stumbling block, even for organizations that are fairly capable of handling most other aspects of discovery. That makes sense if you think about it. Plenty of people can drive a car, but don’t know how to change their own oil.

One of the misconceptions such organizations have about “service providers” is that you only need them if you plan on significant outsourcing. A firm that has their own software license and qualified project managers doesn’t need to spend money on costly vendors unless there’s an abnormally large sum of data at hand.

However, retaining a vendor to manage a discovery environment can be far less expensive than paying a vendor to actually do your discovery work for you. It’s similar to how owning your own car still requires you to pay for gas and upkeep, but you’re not going to spend as much as you would if you took a taxi every time you had to go somewhere.

Most lawyers already know that paying for litigation costs far more than the hours it would take to review contracts and close loopholes before they’re exploited; discovery software maintenance works the same way. It’s more economical to stay on top of updates and patches than it is to put out fires as they happen.

“Tech support can be great for solving one particular problem in the here and now,” says Zack Schanz, Director of Project Management at Contact Discovery Services. “It’s not really built to maintain your environment and prevent problems before they happen. They also don’t have the same knowledge of a client’s environment that we do because we’re in that environment every day.”

“You get a lot of brains for the price of one,” says Scott Keeble, Director of eDiscovery Operations at Contact Discovery. “We have more regular communication between our team members compared to an average tech support line, where maybe Joe is handling this ticket but has no direct communication with Jane who handled your last ticket, just a brief summary in the report. We’re able to quickly reach out to each other and say ‘hey, what did you do last time?’ and get to solutions quicker.”

“Can’t I just have my regular IT team take care of this for me?”

Well, it depends. Yes, technically any IT department could learn to manage an advanced eDiscovery software environment. However, they’re also managing other IT functions too. Your company’s email system; the billing and accounting software; the contract management platform; any other databases your organization needs to function properly; the underlying hosting and internet that all those other things rely on to work.

All of those things need routine updates; All of those things can be potential sources of data breaches if you’re not on top of maintenance. All of those things can become slow and dysfunctional if they’re not supported by the right infrastructure. A good IT team can juggle all those programs and keep technology running smoothly for everyone else.

However, there’s a misconception among non-IT people that once you “work in IT” it’s easy to simply add more programs to your plate. The truth is IT is just like any other job: the longer your list of responsibilities gets, the harder it can be to do all of them well.

We recommend consulting your IT department before any major commitment to a new discovery platform (or any software solution for that matter). They’ll know what they can and can’t handle, what resources they might need for implementation, and they’ll be able to better predict how steep the learning curve will be.

If your internal IT people are already spread pretty thin, a vendor can help. A team of dedicated discovery professionals that are focused on your review software frees up your regular IT department to stay on top of all their other responsibilities. Plus, they can apply their discovery experience with other clients to your technology in a way more generalized IT personnel can’t.

Still Have Questions About How Service Providers Can Keep Your Discovery Programs Up and Running? We’re all ears.

3 Questions to Help You Get the Most Out of Your eDiscovery Vendor


Like it or not, legal tech vendors are often a necessary part of complex matters. There are different ways to go about engaging a vendor, and some approaches can prove more helpful than others. While it’s easy to get swept up in a major litigation or investigation, we like to think that in-depth conversations with vendors are never a waste of time. At least, it’s not if you’re doing them right.

There are certain topics you may have never thought to bring up with your vendor before, but you might be pleasantly surprised where you end up if only you ask the right questions. In that spirit, we’re spotlighting three questions that will help you get more out of your vendor partnerships and why we think they’re important.

1. How Have You Handled Similar Matters for Other Clients?

It’s common for clients to enter into a vendor contract with certain expectations. One of the issues with this is that a client’s idea of what a vendor should do is oftentimes heavily based on how other vendors have handled those matters in the past. That begs the question… If you were satisfied with how that other vendor did things before, why did you seek out a new vendor for this matter?

Asking your vendor “How have you handled similar matters for other clients?” is a great way to signal that you’re open to other solutions beyond the predictable ones you’re used to. A vendor rightfully won’t reveal any identifying details about those other clients, but they can usually give you a general gist of other options on the table. It also mitigates risk if you know they’ve actually implemented the proposed solution before.

Try not to approach vendors with a preconceived notion of how they should handle your project. Instead, describe the project and your goals in as much detail as possible, and ask them what they think makes the most sense. If they’re worth their salt, you’ll probably find their perspective valuable regardless of whether or not you go with their exact plan.

2. Can You Present Several Approaches to This Matter That Would Still Work?

Oftentimes, there’s no “right answer” in eDiscovery. Good vendors can offer several different plans with different pros and cons and then leave the choice up to you. Maybe Strategy 1 is a prudent strategy that conserves budget while maximizing efficiency and Strategy 2 requires a higher investment but would provide for a more thorough approach.

Sometimes vendors will pitch a discovery plan not because they think it’s the best strategy, but because they think it’s the strategy their client wants to hear. Asking for multiple plans can give your vendor the freedom to strut their stuff and come up with a more innovative,  unconventional approach without the fear of losing a more conservative client. If you let them pitch you the “safe” strategy as well as the unexpected-but-potentially-better strategy, you negate that risk for them. The ultimate choice will still be up to you.

It can also reveal a LOT about a vendor if they’re unable to come up with more than one way to approach a problem. When vendors are consistently looking to their clients for guidance, or trying to fit square peg clients into the same round holes, it calls into the question whether they’re truly “experts” in eDiscovery. On the other hand, a vendor who can give you several possible approaches probably knows how to think creatively about your case, and will be able to quickly adapt to your needs should you decide to switch up your strategy later.

3. How Will Your Plan Help Me With Future Matters?

Truly great discovery work doesn’t just leave you with a positive outcome in this specific case. It also helps you win future cases. When you know which information is most relevant and it’s stored in places where the right people can easily recall it, you don’t have to devote as many resources to discovery if a similar case comes up again.

Some vendors are content to just process your data, give it back to you, then move on to the next client. That’s not exactly wrong, they’ve done everything they agreed to do for you; however, they could’ve done even more and established a plan for the future if only you’d asked.

Some data might not be relevant for the case at hand, but might be helpful in the future. If a vendor knows that planning for future matters is a priority, they can point stuff like that out. You can keep it in a safe place in case anyone tries to bring another suit against you later. Maybe your team can look for potential vulnerabilities and recommend you close them before anyone gets the chance to litigate. All of it begins with you telling your vendor that you want a proactive approach.



What questions do you think case teams should ask their vendors? Let us know in the comments!

Signal vs. Cellebrite: What You Need to Know

If you’re part of legal investigations that involve any kind of electronic data, you need to know what’s happening between Signal and Cellebrite.

Cellebrite makes one of the industry’s most commonly used digital forensics tools, and Signal CEO Moxie Marlinspike has recently publicized alleged vulnerabilities in Cellebrite’s security measures. Continuing to use outdated versions of Cellebrite, especially without other best practices of digital forensics in place, could open the door for system hacks as well as opposing counsel questioning the integrity of your evidence.

These types of legal proceedings can cause substantial disruptions in forensic labs worldwide.  Forensic extractions and analysis would have to pause for the duration of the imaging process; forensic labs would need to relocate sensitive data to other platforms; ultimately the legal costs associated with these additional acquisitions and analysis could be significant. Luckily, there’s a few relatively simple steps you can take now to prevent the astronomical time and expense it would take to deal with any spoliation issues.

The Background

Signal and Cellebrite exist on two opposite sides of the technology spectrum: Signal is a messaging app that offers end-to-end encrypted messaging. Digital privacy is their primary selling point. Cellebrite is a digital forensics company.  When law enforcement seizes an electronic device for an investigation, there are good odds that someone, somewhere is using Cellebrite technology to unlock it and collect data. That means one of their primary selling points is the ability to circumvent privacy measures when the situation calls for it. You can understand why two such companies would end up at odds. It’s a never-ending cat and mouse game: a win in forensics is normally seen as a loss in security and vice versa.

In a blog post, Signal CEO Moxie Marlinspike made several serious allegations against Cellebrite’s security protocols:

  • That Cellebrite has not updated some of their source code files since 2012, despite hundreds of updates to these files becoming available since then.

  • That because most of the data extracted by Cellebrite comes from third-party apps rather than the device itself, it would be possible for any untrusted app developer to put files in their apps that would corrupt Cellebrite output and reporting. 

  • That if such an exploitation were to occur, not only would it undermine that particular collection, but any prior and future collections done with that same Cellebrite device.

  • That “Industry-standard exploit mitigation defenses are missing, and many opportunities for exploitation are present.”

  • That Cellebrite appeared to also include unlicensed iTunes software, opening the door for legal challenges from Apple to Cellebrite and its users.

Marlinspike’s blog post also concluded with some “completely unrelated news” about how new updates to Signal would feature files in app storage for “aesthetic purposes.”

Some have interpreted this to mean that not only is Marlinspike saying these vulnerabilities in Cellebrite exist, but that he intends to actively use his own Signal app to wreak havoc on Cellebrite investigations.

Of course, no can know for sure, but if that’s true it poses a substantial threat. Signal had over 40 million users as of January 2021, so it’s only a matter of time until law enforcement ends up investigating a phone where the app is installed.

Other Important Context

While it’s not exactly wrong to say that some of these vulnerabilities look like rookie mistakes to an outsider, it’s important to recognize that unlike the consumer-facing Signal app, Cellebrite is not intended for use by laypeople. Anyone using Cellebrite to extract data from a device is most likely an expert in digital forensics who’s taking other precautions to prevent the kind of corruption that Marlinspike describes.

Cellebrite’s original customer base consisted of government and law enforcement agencies.  Many of these organizations use forensic workstations that are isolated from internet accessible devices. They also sanitize their workspaces between cases to avoid cross-contamination between different devices’ data. Assuming these best practices are in place, the risk of rogue executables coming from mobile devices the way Signal suggests is incredibly low.  

However, as Cellebrite has grown, so has their number of private sector clients who use workstations that rely on the same networks as other company devices. That means that if someone were to exploit the vulnerabilities that Marlinspike mentions in his blog, the ramifications could be company wide, not just a matter of corrupting one device.

More remote collections in light of the pandemic also complicates things. In light of these developments, the concern of untrusted data on a mobile device corrupting an acquisition is real; unlikely, but real none the less. We also have to remember that in forensics, theoretical possibilities matter. Ideally, you do not just want to prove that no one tampered with your data, but that it was highly unlikely that anyone could have tampered with your data.

The publicization of Cellebrite’s vulnerabilities is already having real-world consequences. In Maryland, a defense attorney named Ramon Razos is asking for a re-trial because law enforcement relied heavily upon Cellebrite evidence to convict his client.

So… can I keep using Cellebrite in my investigations?

The short answer is, yes. You can keep using Cellebrite and significantly reduce your risk of data spoliation with just a few best practices of forensics. Namely, run the most recent version of Cellebrite.

According to Vice, Cellebrite issued an update less than a week after Marlinspike published his blog post. While Cellebrite did not explicitly say that these patches were meant to address Marlinspike’s grievances, the timing certainly makes it look that way. In the same Vice article, Cellebrite allegedly asserts that “Based on our reviews, we have not found any instance of this vulnerability being exploited in the real-life usage of our solutions.”

Again, those using Cellebrite should be forensic experts with other tricks up their sleeve. They’re not relying entirely on Cellebrite technology for effective preservation, but some combination of Cellebrite technology and their own failsafe measures. 

A forensic analyst should always spot check their work by manually reviewing the raw files to confirm the forensic software parsed out the intended artifacts. Spot checks of the data on the physical device can also reassure the investigative team that they have maintained data integrity.

If you’re a lawyer who’s paying someone else to handle your forensics, make sure your vendor is aware of the current Cellebrite situation and has applied the most recent patches. It’s also totally fair to ask your vendor what other non-Cellebrite measures are in place to ensure data integrity and defensibility. Are they sanitizing work stations between collections? Are they spot checking their data? You deserve to know.

While the risk of data corruption is most likely far lower than Marlinspike wants Cellebrite customers to believe, it is there, and the consequences of an exploitation are too great not to check all your bases.

If you have any other questions about digital forensics, you can reach out to Contact at info@contactdiscoveryservices.com.

7 Deadly Sins of Legal Service Providers: Part 2

Last week we shared with you the first 3 Deadly Sins of Legal Service Providers. Well, we’re back at it now with part 2! Here are two more “sins” of eDiscovery service providers.

Sin #4: Not reevaluating their own processes often enough

A man once said “I’m starting with the man in the mirror. I’m asking him to change his ways.”

eDiscovery is an ever-changing industry, and it’s easy to get so caught up in client needs that providers never turn their focus inward. However, it’s precisely because of that fast pace and constantly shifting nature of the industry that self-reflection and improvement is important. A workflow that made sense six months ago might not make sense now.  Maybe there’s new software improvements that could streamline processes you’re currently using multiple solutions for.

A good service provider has to be vigilant about their own processes as well as all the work they do for clients. At the end of the day, an eDiscovery vendor that isn’t taking care of itself will struggle to take care of you. Let me repeat that.

An eDiscovery vendor that isn’t taking care of itself will struggle to take care of you.

You probably wouldn’t hire a personal trainer that doesn’t take time for their own workouts. This is no different.

Another great perk to hiring eDiscovery providers who are routinely reevaluating their own processes and implementing their own improvements is that that they can apply that experience to their work for clients.

If a service provider has recently evaluated different technology and implemented it internally, they’re in a great spot to answer your questions about the pros and cons of those solutions. They know what curveballs you should anticipate through implementation. They can help you train your team on new platforms. Their first hand experience translates into valuable knowledge that benefits their clients.

At Contact, we recently decided to merge two departments into one. It’s not that it was bad or wrong to do things the way we were before, we just realized that advancements in technology allowed us to train employees in things they couldn’t do before. Sure, we still would’ve been a functional eDiscovery vendor if we had stuck to our status quo. However, training more employees in more disciplines and making it easier for them to communicate with each other will make us an even more well-oiled machine.

On that note….

Sin #5: Not cross-training your employees

A lot of eDiscovery marketers (myself included) love to talk about their “specialized expertise.” And why not? eDiscovery is a discipline all to itself, apart from the discipline of lawyers. More than that, eDiscovery is the intersection of several very different disciplines, notably technology, law, and business. For that reason, no one can truly be a “specialist” in every last part of the process.

People who make great data engineers are not necessarily well suited for managing document review, and vice versa. People who understand the litigation process inside and out may be completely clueless when it comes to implementing new information governance practices that are compliant and secure. Discovery takes a village.

Sometimes eDiscovery service providers are so dead set on hiring ”specialists” that they lose sight of this bigger picture. They have a lot of people who are great at one specific thing, but lack the knowledge to effectively communicate with their teammates and clients.  

At Contact, we’ve found the key lies somewhere in the middle: hire specialists, but also make sure team members have a firm grasp on each other’s specialties. Our team is able to understand our clients’ larger strategy and how their specialty fits into it. This allows for more collaboration between people of different backgrounds, which often leads to better-fitting solutions for clients’ challenges.

Service providers who use this philosophy are also usually able to deal with the regular (or not-so-regular) curveballs of business with fewer disruptions to service. In March 2020, when nearly every company on the planet had to completely rethink how they do business, we were able to shift to our new COVID-world model with zero disruptions to clients’ cases. That’s partially because so many of our team members understood work outside their specialty.


Curious to know what the final two sins of eDiscovery service providers? Follow us on social media for updates!

Why Great Legal Technology Still Needs Great People

Necessity is the mother of invention. Thus, the legal technology market is full of great inventions. There’s so many that it can be intimidating, especially when everyone seems to be making the same claims that sound too good to be true.

There’s great legal tech coming from all corners of the market. Some solutions come from established names, others from up-and-coming players within the eDiscovery space. None of it does everything for everyone, but much of it can do something for someone. At Contact, we use all sorts of different platforms depending on what a given project calls for: Relativity, Nuix, Cellebrite, OpenText, CloudNine, ReadySuite, Magnet, and Metaspike, just to name a few.

As more great tech bursts onto the scene, many imagine a future where automation has significantly lessened dependence on service providers if not eliminated them altogether. It’s great that tech is empowering people with less-specialized skillsets to do more than they could before. However, those that do have more specialized skillsets in legal technology are still a necessary part of the equation.  

More Capabilities Require More Knowledge

Technological advancements usually mean that tech can now do more things than it could before. However, increased functionality can be a blessing and a curse. Oftentimes, as the list of things that tech can do gets longer, it becomes harder and harder for the average user to navigate extensive menus and solve the specific problem at hand.

For that reason, the widely prevalent and seemingly logical notion that better tech = less need for human help is actually not true. In fact, it’s the exact opposite of true. The more technology can do for us, the more it requires advanced knowledge of its capabilities. The more it can do, the further true visionaries can push it. It’s the same way that almost anyone can hop in a canoe and row around a small pond, but if you want to get on a cruise ship and travel the world, you’re going to need a staff of people who has sailed before and already knows the ropes.

The “increased functionality” that tech companies brag about doesn’t count for much if end users don’t even know it’s there. It counts for negative points if it’s cluttering an interface and making it harder to do tasks that were quite simple back when there were five options on a menu instead of 100. 

When your review platform has so many thingamabobs but you don’t know what to do with them.

One potential workaround is to simply live without those other 95 options in favor of a simpler, streamlined, but less advanced platform. Essentially, pick the canoe in a small pond instead of the cruise ship. For some organizations, that may very well be the best option. For many more, there will come a day when they need one of those other 95 options.

Legal tech specialists who work with these advanced platforms day in and day out understand the full gamut of what they can do. They can make these platforms conform to your needs. What’s more efficient, teaching every single attorney and paralegal every capability, or letting an expert evaluate your matter and coach your team on the 1-2 functions that will be most useful?

Investing in great technology means all those extra tools are still in your toolbox when you need them. Having great people means you can actually make sense of all the whozits and whatsits galore and put them to use while ignoring the ones that don’t make sense for the matter at hand.

Both the law and technology are constantly changing. People can change with them.

Rushing to a new platform in an effort to eliminate human service providers may very well work in the short term. But what happens when states pass new laws or suddenly a platform that worked great six months ago is obsolete? Even the best technologists can still only adapt to changes in the law so fast. Trust us, we like to hire the best technologists so we know better than anyone.

Meanwhile, there are always new solutions coming out from various legal tech companies. Some of it comes from real advancements, some of it is repackaging existing technology to varying degrees. Innovation is great, but “new” doesn’t automatically equate to “innovation.”

We can’t undervalue the human element because humans need to be the ones who decide what changes are actually necessary. Humans need to be the ones who balance healthy caution with innovation. Humans can become aware of legal changes as they happen and start adapting discovery strategies when technology hasn’t caught up yet.


New technology is usually designed to solve a problem that already exists. It is not designed to solve problems that might potentially exist one day in the future if not mitigated now. Humans on the other hand can imagine various scenarios where things could go wrong in order to ensure that they don’t go wrong. They can not only find ways to give attorneys what they need right now, but help attorneys make improvements so future matters run more smoothly.

It’s easy to imagine a world where AI can scan a pile of documents and find relevant information for a particular litigation or investigation. Heck, we don’t even have to imagine it, it’s here! However, it’s a lot harder to imagine a world where AI can scan a document, see a loophole that others might potentially exploit, and close that loophole years before anyone gets the chance to litigate it. It’s equally hard to imagine a world where AI tells you how much easier the next litigation will be if you make some tweaks to current information governance policies.

Technology can be a beautiful thing. When done right, it empowers attorneys to do their jobs better without having to rely on a massive team of support staff. In the future, attorneys will be more independent thanks to solutions that are being developed now. It’s not an if, it’s a when. The important thing is forming long-lasting relationships with the right kinds of experts who are there to advise and support when you need them, but don’t view your independence as a threat.

What Are eDiscovery Managed Services and Why Would I Need Them?

If you’ve been on more than a few legal technology websites, you’ve likely come across the term “Managed Services.” Everyone seems to offer them, and they usually come with enticing, yet vague claims about “simplifying discovery” and “end-to-end solutions.” 

That’s all well and good, but how do you decide if your organization is the right candidate for a Managed Services approach towards eDiscovery? Will Managed Services actually help you run your business or law firm more efficiently, or will it result in paying for things you don’t need or already have? Those are the questions we’re here to answer.

What are eDiscovery Managed Services? 

“Managed Services” is an industry term that refers to a comprehensive eDiscovery solution provided for a flat rate. The “services” in question can vary depending on the client’s needs, but the goal remains the same: make discovery more streamlined and predictable without compromising outcomes. Oftentimes, the services are some combination of data hosting, processing, project management, forensics, and eDiscovery. The exact services and price you pay depend on the deal you negotiate with your specific provider. 

Who Needs Managed Services? 

The typical Managed Services client usually comes from a field where complex investigations and litigation are fairly common, such as corporate law, financial law, and intellectual property. If you’re only involved with cases of this scale once in a blue moon, a pay-as-you-go model might make more sense. However, if such matters are business as usual for you, Managed Services is worth considering. 

Another major factor to think about is your internal discovery capabilities. If you’re already able to handle the vast majority of your discovery internally, Managed Services might result in overspending. However, few organizations are able to achieve the same economy of scale that legal service providers do. It’s quite common for the optimal discovery program to be some mix of internal and external workflows. Sometimes, that means doing most of your discovery internally and calling in reinforcements if and when you need them. However, it could also mean a Managed Services plan where you pay for data hosting and access to advanced review software, but still rely on your internal team to manage projects.

Reasons Why Organizations Switch to Managed Services 

In addition to lower prices from bundling services together, limiting how many vendors you work with usually lets you make more use of what you are paying for. Hours spent briefing newcomers about a matter are just as billable as the hours that a longstanding partner spends actually solving problems. Even if you have a few trusted vendors who know your team fairly well, it can still be inefficient if they’re working with you for a month, then not talking to you for six months, then coming back again. A Managed Services model means your team and your service provider stay in regular contact, and when workloads suddenly grow, you don’t have to spend a lot of time (and money!) helping vendors play catch up. 

Predictability

Competitive Advantage


Oftentimes, a company’s legal spending is seen as a necessary evil, but it can also help you get an edge over your competition. In the case of a law firm, it’s easier to win new clients if you’re not passing exorbitant discovery costs on to this client. Oftentimes, firms with a Managed Services plan can price themselves lower than they would have otherwise without it affecting their bottom line.

For in-house legal teams, a Managed Services model can be the difference between winning a lawsuit, and paying out settlements just because “discovery is too expensive.” Managed Services can help you mitigate matters early for relatively low costs since you’re already paying for the help. On the other hand, a pay-as-you-go model might result in neglecting matters until they’re mission critical simply because you don’t have the internal capabilities to be proactive. If you only seek outside help when litigation is on the horizon, that vendor can exploit your lack of options and costs can spin out of control. 

Minimize Risk 

Consolidating vendors usually means minimizing risk. Every time you rope a new vendor into your network, you’re increasing the number of people who could inadvertently mishandle sensitive information. A good rule of thumb for any business or law firm is to keep information on a need-to-know basis. Organizations who are using a single provider for the bulk of their legal services are almost always going to have a shorter list of “need-to-know” people than an organization who’s sending data to new vendors every other month. 

Extra Capabilities 

If you pay for Netflix, you’ve likely watched at least one movie that you wouldn’t have cared enough to see in theaters or rent on its own. Likewise, many Managed Services models bundle the services you know you need with services you never would’ve thought to buy separately, but are still nice to have. 

For example, many clients reach out to legal technology companies because they need help hosting data. They may do this after an investigation is already underway, and it becomes clear that the volume of data is too large to handle internally. However, if they had already been paying for Managed Services the whole time, they could’ve also had help with automating legal holds and preserving that data before the investigation, all at no additional cost. 


Ultimately, Managed Services isn’t for everyone. Whether or not it’s right for you can depend on a number of variables such as the size of your organization, frequency of litigation, internal capabilities, and need for scalability.

Still have questions? We’re happy to help!

Reach out today to find out if Managed Services is right for your organization.

(If it isn’t, we’ll design a custom solution that is.)

What Contact Loves About eDiscovery

Part of why the Contact team is so good at what we do is because we’re passionate about what we do. eDiscovery has its challenges, but our team can’t help falling in love with solving them. We surveyed our team to see what they loved most about their jobs. Here’s what they said!

  • “Working from Home!” — Julie, Senior Project Manager


  • “Whether that’s troubleshooting an issue or putting the pieces together for a project, I love when it feels like we’re solving a puzzle.” — Zack, Director of Project Management


  • “I love the tough problems that need solving.” — James, Associate Director of Digital Forensics


  • “I love the challenge of new situations on a daily basis and the problem solving that comes with that. It is also nice to be in a niche industry.” — Josh, Director of Business Development


  • “Helping attorneys manage cases that make a global impact.” — Krista, Senior Director of Business Development


  • “Solving the unique challenges that come every day. I love working with structured data!” — Scott, Director of eDiscovery Operations


  • “eDiscovery was foreign to me before I joined Contact. Just getting to know about the products/services offered is really interesting to me.” — Safira, Accounting & HR Manager


  • “The freedom to accomplish the same task in a variety of different approaches!” — Justin, eDiscovery Data Engineer


  • “There’s so many things that go into a legal case that I never thought about before I had this job. We hear about complex litigation all the time in the news, movies, and tv and it’s fascinating to see what goes on behind the curtain.” — Anne, Digital Brand Specialist


  • “There’s lots of opportunity for innovation” — Sam, Senior Project Manager

  • “The complex problems with data. It’s like a puzzle.” Mike, Associate Director of Project Management


  • “The variety of information, and data processing challenges.” — Sean, Lead Software Architect


  • “Being surrounded by knowledgeable people and having multiple ways to tackle scenarios and get the same results.” — Ty, eDiscovery Data Engineer


  • “Being involved in a constantly evolving industry.” — Anthony, Lead eDiscovery Data Engineer


  • “The chaos. Weirdly enough a regular job just seems boring.” — Scott, Chief Operating Officer


  • “Feeling like you can make a difference and bring stability to an inherently challenging and stressful process.” — Dave, Chief Executive Officer


  • “The constant change and high stakes.” —Rich, Chief Business Officer

  • “Helping clients solve complex problems.” — Ashleigh, Director of Business Development


  • “Helping solve the things that keep friends of mine in the legal community up at night.” — Shayna, Director of Business Development

Capitol Breach Investigations are Changing eDiscovery

On January 6, supporters of then-President Donald Trump breached the U.S. Capitol in an attempt to prevent Congress from certifying Joe Biden as the winner of the 2020 presidential election. As authorities look into who is responsible and what kinds of repercussions perpetrators should face, they’ll have over 140,000 pieces of digital media to aid their efforts. Throughout the Capitol Breach investigations, officials will be reliant on something much of the world knows nothing about: eDiscovery.

eDiscovery is the art and science of sorting through digital data to find the relevant pieces needed to build a legal case. 5-10 years ago, much of this data came in the form of emails and their attachments. However, many of the arrests relating to the Capitol riots cite digital evidence uploaded to social media sites.

One Connecticut man was charged because of a YouTube video. Two Massachusetts citizens were arrested because of photos on Twitter. A New Mexico County Commissioner was connected to the riots in part because of videos he posted on a “Cowboys for Trump” Facebook page. A man from Texas was arrested in part due to his posts on Parler. One such post allegedly included a threat to return to Washington, D.C. on January 19 armed and ready for insurrection: “We will come in numbers that no standing army or police agency can match,” the post allegedly states. 

That shift away from email-exclusive discovery strategies was already happening, but the Capitol riots may expedite it. Investigators are still sorting through digital data, and we likely haven’t seen the last of arrests related to this incident. Many cases will hinge on whether or not eDiscovery professionals can connect individuals to the scene and whether or not there’s digital evidence that reveals offenders’ true intentions. Either way, the Capitol breach investigations shed a light on what kind of technology is available and how law enforcement is using it. Depending on the outcomes of these cases, we may see social media-based data integrated into discovery on a much larger scale.

The Value of Geolocation

Ordinary people probably know that investigators can find incriminating things people have published on the internet. However, they might be surprised to learn just how easy it is to figure out which electronic devices were actually at the Capitol on the day of the attack. Geolocation, or more specifically “geofencing”  involves drawing a virtual boundary around a specific location, and then using technology such as GPS or Bluetooth to find devices within that boundary.

“Right now, law enforcement can pull social media information from a geolocation at will or with relatively few roadblocks,” says James Whitehead, Contact Discovery’s Associate Director of Digital Forensics. “Law enforcement agencies can capture wireless communications and pull packets off wires. This technology/capability is expanding among law enforcement departments at a rapid pace.”

This is important because many people have said hyperbolic things on the internet, and that in and of itself isn’t a crime. One of the challenges facing investigators is separating those who simply wrote inflammatory messages from those who acted on their intent. With geolocation, investigators can prove that someone who published violent threats online was actually at the Capitol at the time of the attack.

An offender’s sentence could also vary quite a bit if prosecutors can use social media posts to prove there was prior intent to attack the Capitol. That’s a very different scenario from someone who showed up for what they thought was a peaceful protest, got caught in the moment, and then showed remorse after the fact.

Social media companies are also aiding law enforcement in matching locations to other parts of a user’s profile.

“At one point Facebook had 100+ metadata fields for its site,” Whitehead says. “This includes user names, likes, names of the likers, time of the likes and/or shares, and then most if not everything is geolocated. Often these metadata records include associations to the authoring/viewing device’s unique identifiers including IP address, which further aids in geolocating.”

In the case of Twitter, investigators can collect tweets in a geolocated fence and by hashtag.

“I could essentially drill down to the Capitol and then to hashtags of interest,” says Whitehead. “If I expanded my resources, I could cross-reference known individuals and pull all their tweets and anyone who shared or viewed them within a geofenced area.”

That combination of what people said online and their whereabouts at the time of the Capitol attacks gives investigators added insight. Suddenly they’re able to comprehend not only the “what” but the “who,” “where,” and “why” as well. Geolocation could also play an important role in providing alibis to those who published inflammatory statements, but were not physically present at the Capitol at the time of the attack.

Constructing Larger Narratives

Not only can law enforcement use social media data to pinpoint where suspects were the day of the attacks, they can also use it to show what kinds of things suspects were writing weeks before. This helps investigators tell a more complete story.

One suspect, Brendan Hunt, allegedly called for the murder of elected officials on an online video platform called BitChute. However, the charges against him also mention a Facebook post on or from approximately December 6, 2020, a whole month before the Capitol breach. According to the affidavit, this post called for “revenge on Democrats” and a “public execution” of Senator Chuck Schumer and Representatives Nancy Pelosi and Alexandria Ocasio-Cortez.

“If you [Trump] don’t do it, the citizenry will,” says Hunt’s post.

Another case revolves around a Utah man named John Earle Sullivan. Sullivan handed over 50 minutes of video footage to authorities. He’s also uploaded large amounts of video content regarding the riots to YouTube under the name JaydenX. The criminal complaint against Sullivan claims his voice can be heard on the tape saying celebratory things like “We accomplished this s**t. We did this together.”

At the time of this writing, JaydenX’s YouTube channel not only features footage of the Capitol riots on January 6, but other MAGA, Proud Boys, and Black Lives Matter protests dating back to June 1, 2020. If you’re the defense, you might argue this YouTube account proves that Sullivan is just an independent video journalist, attending and recording any protest he thinks will be of interest regardless of the cause. If you’re the prosecution, you might use it to establish that Sullivan is a dangerous agent of chaos and has been for some time. Either way, it’s hard to imagine that legal teams will look at what’s likely hundreds of hours of political protest footage from the last six months and think that only the January 6 footage is relevant.

General Awareness of ESI in Law Enforcement

Perhaps most importantly of all, the riots have made the general public more aware of how digital data can be helpful to law enforcement. Sometimes, public ignorance can aid investigators. People incriminate themselves largely because they don’t know their messages can be found later. The events at the Capitol have created large scale awareness of the role that social media posts and other electronic messages can play in investigations.  

That awareness is a double-edged sword. On the one hand, it could drive bad actors to alternative platforms where they’re harder to find. On a more optimistic note, well-intentioned people are more likely to be on the lookout for digital evidence in their day-to-day lives. Heck, one Twitter user even mentioned using dating apps as a way of getting perpetrators to volunteer evidence against themselves:

Only time will tell how this case shakes up the world of eDiscovery. What won’t change is the critical role that legal technology plays in finding the truth.

Subscribe to the Contact Blog to receive more updates on all things eDiscovery.


Can Legal Tech Prove Santa is Real?: A Miracle on 34th St. Case Study

It’s the most wonderful time of the year, in part because it’s the best time to watch one of the great court cases of cinematic history. I’m referring of course to Miracle on 34th Street, a film that hinges on one lawyer’s ability to prove that Santa Claus is in fact Santa Claus.  

Our story begins when Kris gets a job playing Santa Claus at the flagship Macy’s store in Times Square. When Kris insists that he is the real Santa Claus, he’s committed to a mental institution. Kris’s friend, Fred Gailey, just so happens to be a lawyer and rushes to his rescue. Fred Gailey shocks the court when he announces that his game plan is to prove Kris’s true identity as Santa Claus.  

There’s also a cute kid who wants a house in the suburbs, but she’s not as important from a litigation support perspective.  

The original film was made in 1947, with a remake made in 1994. Needless to say, our way of storing information has changed since then, and that’s reshaped the way lawyers build court cases. How would the case in Miracle on 34th Street be different if it happened today, when records are stored electronically? Would Santa use a GPS or tag his locations on Instagram? Does he have “find my iPhone” on in case he gets stuck in a chimney again? Maybe he uses Microsoft Teams and Zoom to make sure the elves are still holding down the fort at the North Pole while he’s in New York. Let’s look at some more specific examples from the movie and how this information would be managed today.  
 

Employee Records  

One of the first indications that Kris might in fact be the real Santa Claus is his employee record at Macy’s. This lists Santa’s reindeer as Kris’s next of kin and says he’s from the North Pole. 

Today, these records would live in some kind of electronic database. Legal teams not only look at these records, but also have to think critically about how they might’ve been tampered with. That’s just the nature of electronic records vs. paper records. Honestly, who wouldn’t be suspicious if they saw a record that looks like this?:  

Kris Kringle's job application in Miracle on 34th Street | Miracle on 34th  street, 34 street, Movie quotes

Who has access to those records? Who has edit permissions? Can they access those records from personal devices as well as corporate owned devices? Is there any possible way that passwords could have fallen into the wrong hands? Those are the kinds of questions that a good forensics analyst can answer.  

To verify document integrity, analysts oftentimes look at something called “metadata.” That refers to information such as “date created,” “date last modified,” and “author.” All data comes with metadata, and since it’s not as easily editable as the records themselves, it often proves crucial in digital forensics investigations.  

Analysts can look at a hard drive and figure out if data was moved to other devices, if edit histories were deleted, etc. Assuming Macy’s had good information governance practices and required everyone with edit access to use different passwords, forensics teams could also deduce which passwords were used to make any edits. In some cases, they may even testify in court to assure judges that records are what they appear to be (or maybe that they’re not what they appear).  

Letters to Santa  

The “smoking gun” of the original 1947 movie are the thousands of letters to Santa Claus delivered to the New York City courthouse. Fred Gailey argues that the post office’s decision to deliver these letters to Kris equates to government validation of his true identity: Santa Claus.   

According to the USPS, kids still send hundreds of thousands of letters to Santa every year. The USPS even has a special address they ask people to use for such letters. This system means it’s unlikely that thousands of letters would be delivered to the courthouse like in the movie, since people have been instructed to address such letters to 123 Elf Road. 

However, snail mail is just one of numerous ways to get in touch with St. Nick these days. EmailSanta.com has been on the net since 1997. However, the site’s About Us page admits that it was built not by Santa himself, but by a man named Alan Kerr. There are also numerous Santa Claus Twitter accounts, albeit none of them have a blue checkmark.  

This is perhaps where Fred Gailey would have the biggest uphill battle if he were to try this case today. The Internet has made it infinitely easier for other people to claim they are Santa. Gailey would have to prove that 1) one of the numerous online Santa platforms is the definitive way to get in touch with the real Santa and 2) That Kris was the man behind such an account.  

Let’s assume that by 2020, Santa has gotten with the times and has a proper email account for children to email him with a parent’s supervision. Gailey wants to present Kris’s emails in court. During the Meet and Confer stage of litigation, Gailey and opposing counsel would agree on a certain amount of emails to review. This way, if Kris and Fred were trying to fake letters to Santa, opposing counsel could do their own forensic analysis and figure that out.  

Of course, since Kris really is Santa, there would be a few facts on his side. The litigation support team would be able to verify that he does receive numerous letters to Santa every year. Odds are those letters would be in various languages from all over the world. Sure, that makes it harder to put together a team for review, but it also makes it virtually impossible for opposing counsel to prove that Kris is faking it.   

The best way for Gailey to build a case is similar to the way many complex litigations happen now: build a narrative from both electronically stored information and real-life events. Imagine if Gailey could prove that 1) children asked for certain gifts in emails to Kris and 2) they actually received those same gifts and 3) those gifts didn’t come from parents or other relatives “playing Santa.”  

With presumably thousands of emails to Santa to choose from, this shouldn’t be that difficult. Platforms such as Relativity help review teams search for keywords in different emails. They could search for particularly high demand toys that parents would have trouble finding on their own. After finding such emails in review, Gailey could cross-reference them with Kris’s records of which children got which gifts, because obviously Santa knows the importance of maintaining such records. Nothing gets you on the naughty list as quickly as bad information governance.  Gailey could reach out to families and get them to testify on the stand that they did not know where these gifts came from.   

Exploring these sorts of cases helps us understand how people in this space think on a day-to-day basis. Legal tech has to be about more than fast processing and aesthetically pleasing interfaces, though those certainly don’t hurt. It’s also about having the right people who understand how to build a case and know what to look for in discovery. If you were Fred Gailey, what would your discovery strategy be? How could you verify Kris’s identity and what kind of technology would make it easier? Let us know!