Why Mobile Data eDiscovery Is Different Than Email eDiscovery

It’s 2021, which means it’s highly unlikely that this is the first blog post you’ve read saying you need a mobile data eDiscovery plan. Most of us get that by now.

However, you can’t always take the same technology and approaches you’re currently using for email and superimpose them on mobile data. It just doesn’t work that way. Unfortunately, it can be hard to wrap your head around just how different texting and email really are until you’re neck deep in a project.

Today, we wanted to walk through some of the main things you need to account for while collecting, processing, and reviewing mobile data. By understanding the differences between these channels, you can not only ensure that you’re including mobile data in your eDiscovery strategy, but that you’re doing it right.

“Texting” is actually 3 different things that LOOK like 1 thing.

Generally speaking, emails are emails. After the initial collection, it doesn’t really matter much if those emails came from Macs or PCs, or if the company ran their emails through Microsoft 365 or Google Drive. Emails can be imported into a review platform, and reviewers don’t really have to care that much about where they initially came from.

What a layperson thinks of as “texting” is actually a combination of as many as three different types of communications: SMS, MMS, or iChat. We act like they’re the same thing because generally, our phones make them look like one thing. I don’t have a separate app for sending SMS messages vs. MMS messages. My phone doesn’t yell at me when I reach the character limit for an SMS, it just automatically converts it without me having to think about it.

During data processing, these messages that seem identical on the front end often get sorted out into different buckets on the back end. That means that if custodians were iChatting, lost wifi, and then switched to SMS, that single conversation may get ripped apart and reviewers have to piece it back together.

When you’re identifying potential sources of data, it’s important not to just ask about “texts.” If possible, try to figure out how texts break down into SMS, MMS, and iChat. The best mobile data eDiscovery technology can thread these messages together, and depending on how many phones you’re collecting, it might be worth that investment. At the very least, making sure you know how texts break down into SMS, MMS, and iChats helps you better assess how long review should take.

Mobile Communication Has No “Subject Line” 

Most work emails have a subject line; generally, emails in that same conversation also have that subject line. Sure, sometimes conversations naturally flow away from that initial subject, but at least it’s a valuable starting point that helps discovery teams understand what messages belong together, and which ones might be duplicates; this is the basis of how review platforms utilize email threading.

Not only does texting lack a “subject line,” it’s also a place where users simply don’t even try to sort their conversations out into multiple threads the same way. Earlier today, I frantically texted my mother about a jacket I left at her house, and within minutes she was asking me to text her a recipe for banana cake.

Those two conversations coexisted in the same thread, with messages right on top of each other. That’s just how a lot of us text. I pity any review team that would have to go through my phone and find messages relevant to their case with so many less relevant messages randomly scattered across my conversations. (On the bright side, they might get a nice banana cake recipe out of it!)

Threading messages into conversations is one of the most important things that any good review platform does for reviewers; it’s even more important when users aren’t naturally “threading” their conversations together by default.

Mobile Communication Usually Requires More Redactions

On a related note, professional communication is more likely to co-mingle with personal communication in text messages compared to email. That’s especially true in companies where employees still use their personal device for company business. With email, we tend to have a dedicated work account apart from our personal email account. Users understand that there’s no reasonable expectation of privacy in their work emails. That’s not always true in mobile, particularly at companies that don’t issue company-owned phones or have clear Bring-Your-Own-Device (BYOD) policies.

What if that thread where two work friends texted about trade secrets also mentioned things like doctors’ appointments or included pictures of their kids? Legal teams need to be able to redact irrelevant personal information in order to protect custodians’ privacy. That irrelevant personal information rarely shows up in emails, so redacting isn’t a concern to quite the same extent.

Some review platforms support redactions more easily than others. A cumbersome redaction process might not be the end of the world when you’re primarily dealing with emails, but it can seriously hinder progress when there’s a lot of mobile communication and redactions are needed more often.


When there’s a lot of mobile data in your eDiscovery project, it’s important to consider how technology and user behavior shapes this data. This is nowhere near an exhaustive list of the reasons why texting and email are different, but we hope it’s enough to get your wheels turning. What kinds of stumbling blocks have are tripping up your mobile data investigations? Reach out today and let us know!

Curious to know more about how Contact Discovery attacks mobile data investigations? Check out MobileRev™!

Contact Discovery’s MobileRev™ solution turns text messages into near-native images for review

Capitol Breach Investigations are Changing eDiscovery

On January 6, supporters of then-President Donald Trump breached the U.S. Capitol in an attempt to prevent Congress from certifying Joe Biden as the winner of the 2020 presidential election. As authorities look into who is responsible and what kinds of repercussions perpetrators should face, they’ll have over 140,000 pieces of digital media to aid their efforts. Throughout the Capitol Breach investigations, officials will be reliant on something much of the world knows nothing about: eDiscovery.

eDiscovery is the art and science of sorting through digital data to find the relevant pieces needed to build a legal case. 5-10 years ago, much of this data came in the form of emails and their attachments. However, many of the arrests relating to the Capitol riots cite digital evidence uploaded to social media sites.

One Connecticut man was charged because of a YouTube video. Two Massachusetts citizens were arrested because of photos on Twitter. A New Mexico County Commissioner was connected to the riots in part because of videos he posted on a “Cowboys for Trump” Facebook page. A man from Texas was arrested in part due to his posts on Parler. One such post allegedly included a threat to return to Washington, D.C. on January 19 armed and ready for insurrection: “We will come in numbers that no standing army or police agency can match,” the post allegedly states. 

That shift away from email-exclusive discovery strategies was already happening, but the Capitol riots may expedite it. Investigators are still sorting through digital data, and we likely haven’t seen the last of arrests related to this incident. Many cases will hinge on whether or not eDiscovery professionals can connect individuals to the scene and whether or not there’s digital evidence that reveals offenders’ true intentions. Either way, the Capitol breach investigations shed a light on what kind of technology is available and how law enforcement is using it. Depending on the outcomes of these cases, we may see social media-based data integrated into discovery on a much larger scale.

The Value of Geolocation

Ordinary people probably know that investigators can find incriminating things people have published on the internet. However, they might be surprised to learn just how easy it is to figure out which electronic devices were actually at the Capitol on the day of the attack. Geolocation, or more specifically “geofencing”  involves drawing a virtual boundary around a specific location, and then using technology such as GPS or Bluetooth to find devices within that boundary.

“Right now, law enforcement can pull social media information from a geolocation at will or with relatively few roadblocks,” says James Whitehead, Contact Discovery’s Associate Director of Digital Forensics. “Law enforcement agencies can capture wireless communications and pull packets off wires. This technology/capability is expanding among law enforcement departments at a rapid pace.”

This is important because many people have said hyperbolic things on the internet, and that in and of itself isn’t a crime. One of the challenges facing investigators is separating those who simply wrote inflammatory messages from those who acted on their intent. With geolocation, investigators can prove that someone who published violent threats online was actually at the Capitol at the time of the attack.

An offender’s sentence could also vary quite a bit if prosecutors can use social media posts to prove there was prior intent to attack the Capitol. That’s a very different scenario from someone who showed up for what they thought was a peaceful protest, got caught in the moment, and then showed remorse after the fact.

Social media companies are also aiding law enforcement in matching locations to other parts of a user’s profile.

“At one point Facebook had 100+ metadata fields for its site,” Whitehead says. “This includes user names, likes, names of the likers, time of the likes and/or shares, and then most if not everything is geolocated. Often these metadata records include associations to the authoring/viewing device’s unique identifiers including IP address, which further aids in geolocating.”

In the case of Twitter, investigators can collect tweets in a geolocated fence and by hashtag.

“I could essentially drill down to the Capitol and then to hashtags of interest,” says Whitehead. “If I expanded my resources, I could cross-reference known individuals and pull all their tweets and anyone who shared or viewed them within a geofenced area.”

That combination of what people said online and their whereabouts at the time of the Capitol attacks gives investigators added insight. Suddenly they’re able to comprehend not only the “what” but the “who,” “where,” and “why” as well. Geolocation could also play an important role in providing alibis to those who published inflammatory statements, but were not physically present at the Capitol at the time of the attack.

Constructing Larger Narratives

Not only can law enforcement use social media data to pinpoint where suspects were the day of the attacks, they can also use it to show what kinds of things suspects were writing weeks before. This helps investigators tell a more complete story.

One suspect, Brendan Hunt, allegedly called for the murder of elected officials on an online video platform called BitChute. However, the charges against him also mention a Facebook post on or from approximately December 6, 2020, a whole month before the Capitol breach. According to the affidavit, this post called for “revenge on Democrats” and a “public execution” of Senator Chuck Schumer and Representatives Nancy Pelosi and Alexandria Ocasio-Cortez.

“If you [Trump] don’t do it, the citizenry will,” says Hunt’s post.

Another case revolves around a Utah man named John Earle Sullivan. Sullivan handed over 50 minutes of video footage to authorities. He’s also uploaded large amounts of video content regarding the riots to YouTube under the name JaydenX. The criminal complaint against Sullivan claims his voice can be heard on the tape saying celebratory things like “We accomplished this s**t. We did this together.”

At the time of this writing, JaydenX’s YouTube channel not only features footage of the Capitol riots on January 6, but other MAGA, Proud Boys, and Black Lives Matter protests dating back to June 1, 2020. If you’re the defense, you might argue this YouTube account proves that Sullivan is just an independent video journalist, attending and recording any protest he thinks will be of interest regardless of the cause. If you’re the prosecution, you might use it to establish that Sullivan is a dangerous agent of chaos and has been for some time. Either way, it’s hard to imagine that legal teams will look at what’s likely hundreds of hours of political protest footage from the last six months and think that only the January 6 footage is relevant.

General Awareness of ESI in Law Enforcement

Perhaps most importantly of all, the riots have made the general public more aware of how digital data can be helpful to law enforcement. Sometimes, public ignorance can aid investigators. People incriminate themselves largely because they don’t know their messages can be found later. The events at the Capitol have created large scale awareness of the role that social media posts and other electronic messages can play in investigations.  

That awareness is a double-edged sword. On the one hand, it could drive bad actors to alternative platforms where they’re harder to find. On a more optimistic note, well-intentioned people are more likely to be on the lookout for digital evidence in their day-to-day lives. Heck, one Twitter user even mentioned using dating apps as a way of getting perpetrators to volunteer evidence against themselves:

Only time will tell how this case shakes up the world of eDiscovery. What won’t change is the critical role that legal technology plays in finding the truth.

Subscribe to the Contact Blog to receive more updates on all things eDiscovery.


The Ghosts of Discovery Past, Present, and Future

Here at Contact Discovery, we talk a lot about the importance of preparing for the future. That oftentimes involves getting a better understanding of the past. The world of legal technology moves fast, so it’s easy to lose track of just how far we’ve come. However, past challenges can inform how we tackle present and future challenges. In some cases that involve older documents, we find ourselves working the past, present, and future all at once. It is in that spirit that we take this holiday season to reflect on our industry. Specifically, the Ghosts of Discovery Past, Present, and Future.  

The Ghost of Discovery Past = Paper

Before eDiscovery, there was just Discovery, with a nifty little thing called “paper.” Companies kept paper records as far as the eye could see. Tens of thousands of documents scattered across various offices, filing cabinets, and even warehouses. 

If there was litigation on the horizon, lawyers and their associates would have to manually go through these documents and hope they found information they could use to build a case. It required a lot of people, and it was much easier to miss metaphorical smoking guns if reviewers weren’t communicating effectively.  

In the earliest days of eDiscovery, practitioners scanned these documents so reviewers could read them on computer screens. This meant that documents no longer took up as much physical space, and reviewers wouldn’t have to spend as much time on site or reviewing copies upon copies in law firm storage rooms. However, it still paled in comparison to platforms such as Relativity and others that are common in today’s Discovery landscape.  

The Ghost of eDiscovery Present = Mobile Meets Global  

While the past was largely about taking paper documents and converting them to electronic documents, today’s world is different. Now, most of our communication originates electronically. That came with new challenges. How do you find server space to store all those documents? How do you make sure the right people have access and the wrong people don’t? How do you take advantage of technology like email threading and data analytics without letting relevant documents go unnoticed?   

For the most part, legal teams have figured out systems to combat those issues. However, there’s one innovation that’s still tripping up review teams: the mobile phone. While mobile phones have been with us for decades now, mobile chats supplanting email for professional communication is a relatively recent phenomenon.  

Many professionals would’ve scoffed at the idea of texting a teammate about a work assignment even five years ago. Now, it’s quite common for co-workers to talk shop over text as well as exchange more personal messages they would never email. Many businesses also rely on collaboration platforms such Microsoft Teams, which has seen its userbase skyrocket in light of the pandemic.  

This presents new challenges to legal teams. Not only are there technical challenges involved with more messages in a wider array of file formats, there’s also the change in user behavior. Personal and professional messages are more likely to comingle in a text chat than they are in an email thread. This raises privacy concerns and can increase the need for redactions.  

Apps like WhatsApp has also made it easier to communicate across national borders. As more Americans start having more conversations with people abroad, there’s more regulations that lawyers have to tiptoe around to maintain defensibility. The EU’s General Data Protection Regulation, enacted in 2018, helps protect the privacy of people who have communicated with someone under a legal hold. Even if your business isn’t based in the EU, you need to be mindful of this if anyone stateside was communicating with someone in Europe.  

When shopping around for legal technology partner in the present, look for teams that are GDPR compliant, even if you don’t necessarily do that much business abroad. Remember, as your business scales, your legal needs will as well, and it’s best to be prepared. Also avoid companies that are designing their discovery strategies exclusively around email communication. Some companies such as Contact offer software specifically designed for mobile data review. Even if your current technology doesn’t, at least ensure that your team isn’t neglecting these communications altogether.  

Future = Artificial Intelligence and Decentralization

As technology becomes more and more advanced, sheer man power won’t be the prized commodity it once was. In the past, most businesses relied on big name law firms with recognizable brands. They knew that top attorneys flocked to these reputable firms in droves, so why go through the trouble of investigating other options? That was really the only to get an edge over opposing counsel anyway: good attorneys and lots of them.   

More and more legal technology companies are starting to integrate artificial intelligence that can search and review documents faster than any human could. AI simulates an elite crew of top notch attorneys doing ALL your review, rather than a massive army of attorneys who bring varying levels of talent and experience to the equation. This technology is still in its infancy, but if used to its fullest potential, it will eliminate that need for sheer man power. Suddenly, one attorney will do review that might take 30 attorneys now.  

“The right people with the right technology can adapt quicker than large companies can, and that leads to positive outcomes.”  

– Rich Albright, Contact Discovery CBO

As AI helps make review more user friendly, companies on both the service side and the technology side are helping corporate counsel internalize more of their discovery. In this new frontier, businesses don’t need their law firms to be a one-stop shop, but can instead seek out strategic relationships with more specialized partners. 

“Smaller firms like Contact are winning victories in huge matters that never would’ve gone to a company our size 5-10 years ago,” says Rich Albright, CBO of Contact Discovery. “People are starting to figure out that a team of the right people with the right technology can adapt quicker than large companies can, and that leads to positive outcomes. They’re choosing quality over quantity and it’s paying off.”  

As the legal technology market becomes more decentralized, you can expect to see smaller companies that specialize in different steps of the EDRM or different types of technology to gain market share. This model empowers businesses to only pay for what they can’t internalize and make sure they’re getting the absolute best version of it. The internet also makes it easier than ever for clients to seek these partners out for themselves rather than trusting a larger law firm to make all the tech decisions for them.

What challenges are you facing in the present? Where do you think the future of legal tech is going? Let us know in the comments!