Load Files and Then Some…

Special Guest Blogger Pete Coons, VP of D4.

This is part two of a discussion that attempts to explain some of the often used and often misunderstood eDiscovery terms.

Last week I discussed DeNIST’ing and now we will tackle “Load Files”.  I am also going to squeeze in “Processing”.

Load Files

The Sedona Conference Glossary (great reference document) defines a Load File as:

“Load file:  A file that relates to a set of scanned images or electronically processed files, and indicates where individual pages or files belong together as documents, to include attachments, and where each document begins and ends. A load file may also contain data relevant to the individual documents, such as metadata, coded data, text, and the like. Load files must be obtained and provided in prearranged formats to ensure transfer of accurate and usable images and data.”

That pretty much covers it.  Now let’s take a step back and attempt to break down exactly where a Load File fits into a typical eDiscovery process.

Let’s say Company XYZ is being sued by a former employee for discrimination.  Company XYZ must now identify and preserve documents that may be relevant to the claim.   Data is identified and collected by a qualified individual within the organization or by a third party eDiscovery/Forensic service provider.  Typically, the collected data is then processed (another confusing term) so it can be placed into a database for review and eventual production to the opposing party. 

Processing

The Sedona Conference Glossary defines Processing as:

“Image Processing: To capture an image or representation, usually from electronic data in native format, enter it in a computer system and process and manipulate it.”

Processing data usually involves ingesting the file or e-mail into eDiscovery software.  The software then catalogs the file and extracts all available text.  This text is usually placed into a separate text file and it’s associated with the native file or e-mail.  The processing process also extracts various metadata elements from the file and stores that information in a database. 

Let’s take a Word Document that contains the text “Hello World”.  After ingesting into the eDiscovery software a record is created in the database.  That record will contain metadata elements about the file such as: Author, Date Created, Date Modified, and Date Last Printed. 

As stated previously, the software will also create and store an accompanying text file that will have the text “Hello World” in addition to saving the original native file. 

We know that no case involves just one document so let’s pretend we have 10,000 Word documents and 10,000 e-mails.  It really doesn’t matter because the process is basically the same.  

This is a very simple explanation of the processing process and there are other steps that occur, like indexing or tiffing (imaging), but for all intents and purposes our data is now processed and it can now be prepared to be loaded into a review database.  This is where the Load File comes into play.

We have to get the data OUT so we can put it back IN somewhere.

Load files are usually simple text files (some are a bit more complex).  Meaning they can be opened and viewed with Notepad or WordPad in Windows.  To the uninitiated they may look daunting but after seeing a few they begin to look the same. 

Think of a load file as transport file that is used to facilitate the transfer of data and its associated metadata from one database to another.  We have to LOAD the data into one database from another. The load file contains information about each and every record (file) that was processed. 

That information can include the original file name, the author, date created, beginning ID number, the number of attachment that exist in an e-mail, the parent ID of the attachment, etc.  There are potentially dozens of metadata objects that can be provided in a load file (usually agreed upon by both parties prior to its creation).  The load file will also contain a link to the native file and the accompanying extracted text file. 

The load file along with the native file (or tiff) and its extracted text is the complete package for loading into another database. 

And that’s processing and load files!

The Form of Production Battle of the Bulge: Scanned PDF’s Not a Reasonably Useable Form

“In the court’s experience, scanned PDFs, as opposed to electronically-produced PDFs, are not reasonably usable.”

Magistrate Judge Paul M. Warner

In Accessdata Corp. v. Alste Techs. Gmbh, 2010 U.S. Dist. LEXIS 4566 (D. Utah Jan. 21, 2010), a United States based company that produces forensic software used in e-Discovery, entered into a contract with a German company.  Litigation ensued when a contract dispute broke out and e-Discovery turned into a war. 

The Form of Production Einwand und Angriff

The German Defendants produced electronically stored information as hard copies and converted the scanned images to PDF’s.  The Plaintiffs claimed the production was not reasonably searchable.  Accessdata Corp. at *16.

The Defendants claimed the production was in a “reasonably useable form,” because they printed all the ESI as paper and had it scanned as PDF’s.  Accessdata Corp. at *17.  Adding insult to injury, the Defendant further claimed it would be unduly burdensome and expensive to somehow “fix” the ESI so it was searchable.  Id.

The Plaintiff, perhaps feeling a little like General Patton, cited Federal Rule of Civil Procedure Rule rule 34(b)(2)(E)(ii), which states that electronically stored information should be produced “in a form or forms in which [they are] ordinarily maintained or in a reasonably useable form.” Accessdata Corp. at *17.

e-Discovery Untergang

The Court channeled General Eisenhower in its ruling. 

The Court ruled the Defendant was required to produce its electronically stored information “…in a form or forms in which it is ordinarily maintained or in a reasonably usable form.” Accessdata Corp. at *18. citing Fed. R. Civ. P. 34(b)(2)(E)(ii).

The Court stated the previously produced electronically stored information was ordinarily maintained in an electronic format.  Accessdata Corp. at *18.  Converting ESI to paper and then scanning to PDF’s destroys searchable features of the inherently searchable electronically stored information. 

The Court noted that the option to produce in a “reasonably useable form” does not give a party free rein to destroy the searchable functions of the e-Discovery.  Accessdata Corp. at *18.   If ESI is ordinarily maintained in a searchable form, the information “should not be produced in a form that removes or significantly degrades this feature.” Accessdata Corp. at *18, citing Fed. R. Civ. P. 34(b) Advisory Comm. Notes to 2006 Amendment.

As the Court concluded, “In the court’s experience, scanned PDFs, as opposed to electronically-produced PDFs, are not reasonably usable.” Accessdata Corp. at *18-19.

The Defendant was thusly ordered to re-produce electronically stored information in native file format or an electronically-generated PDF format.  Accessdata Corp. at *19.

Bow Tie Thoughts

Producing electronically stored information as scanned paper in PDF format is about as defensible as the Maginot Line (especially when your opponent makes electronic evidence software).  Parties are ill-served by playing such discovery games, unless they want to be on the losing end of a motion to compel that reads like the Treaty of Versailles.

Tweeting Contempt: Trademark Infringement on Twitter

The Plaintiff, an established 15-year-old moving company, brought a lawsuit against the Defendant for trademark violations, libel, and other unfair competition causes of action.  Tdc Int’l Corp. v. Burnham, 2010 U.S. Dist. LEXIS 4646 ( E.D. Mich. Jan. 21, 2010).

A settlement agreement was entered (after a default) requiring the Defendant to cease using the Plaintiff’s mark, including one of the Defendant’s domain names and other restrictions.  Id.

The Defendant was also required to donate money to a junior sailing program.  The settlement was codified as a court order.  Id.

None of that happened according to the agreement and order.  The Plaintiff brought a motion enforce judgment and an order to show cause for contempt. 

The Court found that the “most troubling” evidence of the Defendant’s contempt was the Defendant’s EXACT usage of the Plaintiff’s trademark on Twitter.  Tdc Int’l Corp., at *7. 

The Court’s findings included evidence from the Twitter profile, with the Plaintiff’s mark, that listed the Defendant’s domain name. Tdc Int’l Corp., at *7-8. 

The Court additionally relied on evidence from the Defendant’s Yelp.com and Squidoo.com profiles in establishing the Defendant’s contemptuous conduct.  Tdc Int’l Corp., at *7.

The evidence of contempt even included online testimonials on the Defendant’s services, including one posting made the day before the Plaintiff filed their motion.  Tdc Int’l Corp., at *8.

The Court ReTweeted the Plaintiff’s view of contempt and ordered the Defendant to appear in person to explain why he should not be held in contempt for violating the Settlement Agreement and Consent Judgment.  Tdc Int’l Corp., at *9. 

Bow Tie Thoughts

This case highlights the ease with which someone can engage in Trademark infringement on Twitter.  More importantly, it illustrates how savvy Courts are becoming with social media litigation.

Social Networking & Blogging Sneaks into a Supreme Court Opinion

The epic United States Supreme Court opinion on campaign finance reform sneaked in a passage on social networking and Free Speech.  The opinion is over 100 pages long, with Concurring and Dissenting opinions, so this is by no means a comprehensive review of Justice Kennedy’s majority opinion. 

Justice Kennedy stated:

Rapid changes in technology — and the creative dynamic inherent in the concept of free expression — counsel against upholding a law that restricts political speech in certain media or by certain speakers. See Part II-C, supra. Today, 30-second television ads may be the most effective way to convey a political message. See McConnell, supra, at 261 (opinion of SCALIA, J.). Soon, however, it may be that Internet sources, such as blogs and social networking Web sites, will provide citizens with significant information about political candidates and issues. Yet, § 441b would seem to ban a blog post expressly advocating the election or defeat of a candidate if that blog were created with corporate funds. See 2 U.S.C. § 441b(a); MCFL, supra, at 249. The First Amendment does not permit Congress to make these categorical distinctions based on the corporate identity of the speaker and the content of the political speech.

Citizens United v. Fed. Election Comm’n, 2010 U.S. LEXIS 766, at *91-92 (U.S. Jan. 21, 2010).

The United States Supreme Court went on to overrule the law, stating, “…the Government may not suppress political speech on the basis of the speaker’s corporate identity. No sufficient governmental interest justifies limits on the political speech of nonprofit or for-profit corporations.” Citizens United, at *93.

The extended passage is purely dicta in the Majority Opinion, but it highlights the fact the United States Supreme Court is keenly aware of social networking websites.  It is a matter of time before there is an opinion where a reference to Twitter or Facebook is part of a controlling opinion and not merely dicta.

To DeNIST or Not to DeNIST, that is the question!

Speical Guest Blogger Pete Coons, D4, VP

This is the first of a multipart series that will help define some of the nifty, and often made up terms, in the eDiscovery lexicon.

“Can’t you just DeNIST the data and get rid of all the junk files…?”  This is a question I am often asked.  It usually comes after an individual attends an eDiscovery conference and the magical phrase “DeNIST” was uttered at some point.    The individual is led to believe, or rather wants to believe, it’s a supernatural process that separates all the wheat from the chaff.  Well, that’s only half the story…

Before we can define DeNIST we need to define NIST.  NIST is an acronym for the National Institute of Standards and Technology. (www.nist.gov).  A direct quote from the website:

“Founded in 1901, NIST is a non-regulatory federal agency within the U.S. Department of Commerce.  NIST’s mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life.” 

Further, NIST has a sub-project called the NSRL or National Software Reference Library.  An excerpt from the website www.nsrl.nist.gov  is below:

“The National Software Reference Library (NSRL) is designed to collect software from various sources and incorporate file profiles computed from this software into a Reference Data Set (RDS) of information. The RDS can be used by law enforcement, government, and industry organizations to review files on a computer by matching file profiles in the RDS. This will help alleviate much of the effort involved in determining which files are important as evidence on computers or file systems that have been seized as part of criminal investigations.

The RDS is a collection of digital signatures of known, traceable software applications.”

A digital signature is akin to a digital fingerprint.  It is also referred to as a hash value. 

In theory, every file has a unique hash value.  If two files have the same hash value they are considered duplicates. 

It also may help to know that most software applications comprise dozens if not hundreds of files. 

When Microsoft Word is installed on a laptop there are hundreds of standard files copied to a computer’s hard drive.   All of these standard install files are the same (identical hash value) no matter what computer they reside on.  

Now imagine a typical computer with dozens of software applications.  A typical computer hard drive contains tens of thousands of files.  As you can well imagine the vast majority are not user generated and hold little to no evidentiary value for litigation purposes.

The NIST list, as it has been unofficially dubbed in the eDiscovery community, contains over 28 Million file signatures. 

It is used regularly by the FBI and other law enforcement agencies to identify files with no evidentiary value.  Best of all, the list is free. 

Many eDiscovery companies take advantage of this free list and incorporate it into their software. 

The list, along with the file signatures, can be stored in a database and used to compare file signatures of data collected (hard drive, server share, etc.) for discovery purposes. 

Any file that has a signature that matches one in the NIST list is DeNISTed (removed) from the collection and it does not move further down the eDiscovery processing chain.   

And there you have it, that’s what DeNISTing means.

Here’s the rub; the NIST list does not contain every single “junk” or system file in the known Universe. 

Many attorneys and legal review teams expect the DeNIST process to get rid of every EXE and DLL on a hard drive or data collection.  It doesn’t work that way.  That’s the left over chaff… 

So while DeNISTing is a definite time and money saver and an important part of the eDiscovery process, it’s not the “one” process that will knock out all the junk. 

Next week we will discuss “Load Files”…

Peter Coons is Vice President at D4 LLC and has over 15 years of experience in litigation and electronic discovery services.

Classy Text Messages from a Collection Agency

In Hartung v J.D. Byrider of Chandler, et al., 2009 U.S. Dist. Lexis 54415 (2009), the Plaintiff got behind on car payments.  As one would expect, a collection agency became involved. 

As one would not expect, the representative from the Collection agency called T-Mobile, claimed he was Plaintiff’s father and asked to be added to her cell phone account.

The Collection agency representative then began making harassing phone calls and texting to Plaintiff. A total of 17 text messages over 5 days that were sent, that the Court called angry, menacing & intimidating. The representative also claimed he was a lawyer and would have her arrested. 

Below are selected text messages from the Collection Agency Representative:

“[Y]ou have various bills going to crows landing. I can tell by talking to you you’re smarter than this. So [sic] I guess we’ll see.”

“you [sic] might want to tell your amigo Rudy to get a job, I just faxed maricopa [sic] paperwork to stanislaus sheriff department [sic].”

“Calling [sic] me will not help you. Park the car [sic] tell Rudy to warm up the Impala.“

“[I]t upsets me a smart girl like you is iwith [sic] a guy is [sic] doing nothing at 11:30 a.m. but when he doesn’t have a free car he’ll leave.”

“[M]ake sure and have the [sic] deputy call me, nad [sic] show him your DL too.”

“[T]he guy in [G]eorgia has been removed from the case. Now its my entire staff versus you.”

As for how the Court handled the disposition of the case, watch the summary from “Textual Relations,” presented at the Paraben Forensic Innovation Conference.

RENTOKIL or RentToUse

Guest Author for Bow Tie Law: Peter Coons, VP, D4

Rentokil, a pest control company that operates in 46 countries and has over 30,000 employees, became the largest organization to begin using Google Apps last October. 

According to Wikipedia.com, “Google Apps is a service from Google for using custom domain names with several Google products.  It features several Web applications with similar functionality to traditional office suites, including: Gmail, Google Calendar, Talk, Docs and Sites.” 

Rentokil had over 40 e-mail systems including open source solutions and Microsoft Exchange.   This caused huge problems with simple internal communication between employees.    Basically, Google Apps, considered Software as a Service (SaaS), is going to allow Rentokil, and thousands of other organizations, to streamline and normalize its applications and most likely reduce overall IT costs. 

SaaS is here and it’s not going anywhere.  In fact, it makes perfect sense.  Why would a company invest millions in infrastructure and licensing for software that it can affordably rent?  For some companies it makes sense to support and deploy licensed software.  The main one I can think of is that the software may not be offered as a Saas solution, yet (emphasis on yet).  Another objection may be security.  But as time passes that argument and others like it will become less of a concern or hurdle to organizations as they strive to cut costs. 

What does a pest control company choosing Google Apps have to do with eDiscovery? 

When I come across stories like this I think about the impact on eDiscovery, good or bad. 

SaaS is akin to any new technology or service that I come across.  As an eDiscovery practitioner I need to study it. 

I need to know how it works.  I need to know how the data is stored and where it’s stored. 

I need to know if artifacts are left on a local hard drive. 

I need to know the proper way to preserve the data. 

I need to treat it like a frog in 10^th grade Biology class. 

More importantly, I need to ask the proper questions when interviewing IT personnel or persons most knowledgeable about a company’s software use.  The first question should be – Does the company use SaaS or similar applications?  If the answer is yes, the list of questions can go on and on. 

FTP me up, Scotty!

Another trend is third party FTP services.   FTP stands for File Transfer Protocol and it is typically used by organizations to transfer large files that don’t normally fit into an e-mail.  Some services allow a user to “attach a file” to an e-mail using an Outlook plug-in and instead of the large file being sent as an attachment, a link is sent in its place.  A user can also choose to send a file using Internet Explorer or other browser.  The recipient receives an e-mail notifying them that a file is ready to be downloaded after they click on the hyperlink.  After a certain period of time, the file is purged from the site and is no longer available via a hyperlink. 

Again, this great service can pose significant challenges for anyone dealing with ESI.  What if someone sent a file that one believes is integral to the matter but it’s no longer available on the FTP site, nor can it be located on the sender’s or recipient’s computer?  After all efforts have been exhausted to find the file have come up short, is it possible to go after the SaaS provider and request backup tapes be restored?   If so, what is the cost associated with that effort?  Is an order from the court necessary?  I certainly pity the SaaS providers…

If your job requires you to deal with ESI then you need to be hip to what’s new or become fast friends with an eDiscovery aficionado. 

Trends can become the norm quickly.

As a lawyer, paralegal, eDiscovery practitioner or anyone dealing with eDiscovery, one must be aware of the trends or find oneself wearing platform shoes or worse, having a hairdo they will later regret.

Peter Coons is Vice President at D4 LLC and has over 15 years of experience in litigation and electronic discovery services.

Enforcing Injunctions Against 3rd Parties in Online Defamation

The Plaintiffs in Blockowicz v. Ramey were victims of online defamation on social networking and other websites.  The Plaintiffs were successful in getting a default judgment against the Defendants and an injunction to remove the defamatory material.  Blockowicz v. Ramey, 2009 U.S. Dist. LEXIS 118599 (N.D. Ill. Dec. 21, 2009).

The Plaintiffs’ challenge: Enforcement of the injunction on 3^rd parties who hosted the defamatory statements.

All but one 3^rd party host provider, Xcentric, assisted the Plaintiffs in removing the defamatory statements.  The Plaintiffs brought a motion to enforce the injunction against the 3^rd party. The 3rd party in turn challenged the Court’s authority under Federal Rule of Civil Procedure Rule 65 to enforce the injunction. Blockowicz, at *2-3. 

Federal Rule of Civil Procedure Rule 65: A Legal Thrill Ride

Federal Rule of Civil Procedure Rule 65(d)(2) states, in relevant part, “an injunction binds not only the parties to the injunction but also nonparties who act with the named party.” Blockowicz, at *3, citing S.E.C. v. Homa, 514 F.3d 661, 674 (7th Cir. 2008).”

This is where things get procedurally exciting.  Those who act in privity with those subject to an injunction are also subject to it. 

Courts do not want situations where a defendant does an end run around an injunction by hiding behind those who have aided them in tortuous conduct.  Blockowicz, at *3-4.

And now the big “However”:  Courts may not grant a broad injunction that binds those who are independent actors whose rights have not been adjudicated.  Blockowicz, at *4.

A Victory without a Victory

A party’s right to sue an internet host for defamatory comments is limited by the Communications Decency Act.  Blockowicz, at *5. 

The Plaintiffs avoided this legal barrier by originally suing those who made the defamatory comments.  However, the Court refused to enforce the injunction against the 3^rd party internet host provider.  Id.

The Court found the 3^rd party did not act in concert or aid in the posting of the defamatory comments.  Blockowicz, 6-9.  The Plaintiffs forcefully argued that the 3^rd party’s Terms of Service effectively made them act in concert with the Defendants. Id.

The Court did not agree.  The Court refused to ignore the 3^rd party’s Terms of Service prohibiting the publishing of defamatory statements or interpret the host provider’s actions as aiding the Defendants.  Blockowicz, at *8-9.

The scope of enforcing injunctions against 3^rd parties truly gave the Plaintiffs a victory without a legal recourse.  While the Court was highly sympathetic to their situation, the 3^rd party could not be ordered to abide by the injunction against the Defendants in this situation. Blockowicz, at *9.

Bow Tie Thoughts

Victims of online defamation might be able to recover against defendants, but getting 3^rd party providers to comply with a court order could be the larger battle.  One would hope 3^rd party providers would want to avoid the negative press that could follow from not complying with judgments for online defamation.

Texting & Device Seizure Litigation Webinar with Amber Schroader, CEO of Paraben Corporation

Text messages and cell phone photos are appearing in everything from insider trading litigation to criminal prosecutions to divorce cases.  An estimated 1 trillion text messages were sent on cell phones last year, making this ESI one of the most abundant forms of discovery next to email.  You are invited to join us on January 27, 2010 at 12:00pm Pacific/3:00pm Eastern for Texting & Device Seizure Litigation.  Registration is now open.

Please Join Amber Schroader, CEO, Paraben Corporation, and Joshua Gilliland, Esq., D4 LLC, for a discussion of the most recent cases on texting and SmartPhones.  The webinar will address issues with the preservation, collection and spoliation of electronically stored information on SmartPhones.  To register, please click here.

About the Presenters:

Amber Schroader

Amber Schroader, CEO of Paraben Corporation, has been a driving force in the field of computer forensics for the past sixteen years. During this time, she has developed and taught numerous courses for the computer forensic arena, specializing in wireless forensics as well as mobile technologies.

Ms Schroader is the leader behind many of the most innovative forensic technologies on the market today. Ms Schroader has been key in developing new and effective technology to help investigators with the extraction of digital evidence from hard drives, e-mail and, mobile devices.

Ms. Schroader has been a contributor to several books in the field of Digital Forensics including Wireless Crime and Forensic Investigation, Techno Security Guide to Managing Risks for IT Managers, Auditors and Investigators, Techno Security’s Guide to E-Discovery and Digital Forensics: A Comprehensive Handbook along with Alternate Data Storage Forensics. Ms Schroader is involved in many different computer investigation organizations including The Institute of Computer Forensic Professionals (ICFP), HTCIA, CFTT, HTCC, and FLETC.

Joshua Gilliland, Esq.

Joshua Gilliland, Esq., Professional Development Manager, D4, is a California attorney who focuses on electronic discovery issues for D4 LLC.  Josh has conducted over 100 e-Discovery seminars, covering all of North America, from St. Thomas to Anchorage, addressing the e-Discovery issues from the Federal Rules of Civil Procedure and Federal Rules of Evidence.  Josh is the blogger for the Bow Tie Law Blog, covering issues of identifying anonymous bloggers who commit defamation, ethical standards for electronic discovery, personal jurisdiction and other timely issues.   

Josh has also been an invited speaker at bar association events and trade shows, in addition to serving as a guest lecturer on e-Discovery at several law schools.  He effectively applies his real-world knowledge to show lawyers how they can increase their efficiency and master factual issues using litigation support technology.    

Follow Josh on Twitter @BowTieLaw

The Low Speed Chase that Gives Us Admissible Cell Phone Photo after a Warrantless Search

A police officer stopped a car driving with a flat tire, cracked windshield and its bright lights on.  People v. Gorostiza, 2009 Cal. App. Unpub. Lexis 9494 at *1.  

The passengers might have been hoping, “There is nothing to see here.” 

After stopping the car with the Defendant and two passengers, the Defendant drove away from the stopping officer while the police officer opened the car door.  As one can suspect, the police officer engaged in a low speed chase.

The Defendant again tried to start another low speed chase after being stopped a second time, but the car would not re-start.  One passenger escaped on foot after the car was stopped.  Gorostiza, at *2.  The owner of the car, one of the passengers but not the driver, gave consent to search the car. 

Search Incident of Arrest of Cell Phone Photos

The police found a loaded pistol-grip 12-shot gun during the search of the car.  Two cell phones were also found, one with a dead battery and the other in the driver’s area. Gorostiza, at *3.

The police officer opened the working cell phone and saw a photo that resembled the Defendant holding the shotgun found in the car.  Gorostiza, at *3. 

The police officer accessed the cell phone menu and opened the “My Albums” folder.  Id.   The police officer found two additional photos of the Defendant holding the gun.  Id.

The Defendant claimed the photos were not of him and he was being framed when questioned on the cell phone photos. Gorostiza, at *3-4.

 

Investigation and Search of the Cell Phone

Another investigating police officer sent the cell phone photos via MSS message to another investigating officer’s email.  The cell phone photos were printed and used at the criminal trial of the Defendant.  Gorostiza, at *5. 

Where the Cell Phone Photos Properly Admitted?

The Defendant tried to suppress the cell phone photos, claiming an improper search incident of arrest because the cell phone was “not a container” or part of a person.  Gorostiza, at *5.   The Defense further argued the cell phone deserved “heighten protection.”  Gorostiza, at *5.

The Court, as a preliminary matter, found the Defendant had a reasonable expectation of privacy in one of the cell phones because the police officer had knowledge the phone belonged to the Defendant.  Gorostiza, at *6-7.

The Court found the search of the car that found the shotgun was proper, because the police officer had permission to search the car by the owner. Gorostiza, at *7. 

The cell phone was found in a leather case, which at the time had unknown contents.  The image of the Defendant holding the gun was visible once removed from the leather case.  Gorostiza, at *7.

The Court held that the photo that was seen on the cell phone screen was a proper search, because it was found in a “closed container” during a valid search after the owner gave permission to search. Gorostiza, at *8.

Dodging the Bigger Issue

The bigger issue was whether the police officer conducted a proper search of the cell phone by exploring the menu items and additional photos in a sub-folder.  Did the consensual search of the car allow the police officer to search for additional photos on the phone? 

The Court dodged these issues, noting that two additional photos were very similar to the first photo found pursuant to a valid search.  The Court stated:

Because the admission of the additional photographs seized during the further search of the cell phone was not prejudicial, we need not determine additional questions raised by the defendant in his argument. For example, we need not determine if the consent extended to a search of the electronic contents of the telephone, we need not determine if cell phones are subject to heightened privacy interests, and we need not determine if Preis’s [the police officer] knowledge that the telephone belonged to defendant should have curtailed his search of the interior of the cell phone. Gorostiza, at *13.

Bow Tie Thoughts

The issue of whether a cell phone has heightened protection during a search will one day be decided.  More importantly, whether searching the menu features of a cell phone would be a valid search in similar facts.  This case may have addressed these issues if the photos had been different, such as firing the gun in a different location, or perhaps committing an act of vandalism or other crime. 

I am very glad this is an unpublished opinion because of the preservation methods used by the police. The collection was potentially problematic because the State used no forensic or defensible tools to collect the cell phone photos.  While the State’s actions were likely acceptable in sending the photos to a police officer, it carried risk. 

The collection methodology of sending a MSS message of the photo from the defendant’s phone to an investigating officer can open an ugly can of worms of destroying data, which could cause a mistrial or severely undermine a prosecutor’s case.  It could provide an entertaining cross-examination by a defense attorney on what procedures were undertaken to ensure the defensibility of the evidence, especially if the defense offered a collection expert to discuss proper procedures to preserve cell phone evidence. 

Products from Paraben Corporation are specifically designed for forensically imaging cell phone contents [Bow Tie Note: D4 is business partners with Paraben Corporation].  These products are currently being used by electronic discovery specialists, law enforcement, and even the US military in Iraq imaging the cell phones of insurgents who use cell phones to trigger road side bombs.  Other products are also on the market.  When proper tools are commercially available, why risk destroying key evidence by sending text messages from the defendant’s phone during an investigation?