eDiscovery in Today’s Security Centric World

eDiscovery. A term that 20 years ago didn’t exist but is as commonly heard in the legal industry today as terms like case law, litigation or summary judgment.

As we look back, the eDiscovery and managed review model has seen an evolution of change over the years. Twenty years ago, discovery was mostly an exchange of banker’s boxes, between parties, filled with hundreds if not thousands of pages of documents. The “review” process entailed someone, usually a paralegal, delving into the boxes, flagging important documents to be used as evidence or exhibits in the case or investigation. However, as technology advanced and paper documents turned to electronic documents, concerns began to shift.

The ability to exchange documents electronically as well as the increase in popularity of email, continued to produce more and more volume. The excessive volume of data and the need to get through it quickly eventually led to the creation of the contract attorney role, where part-time or “contract-based” attorneys were hired by the firm to assist the trial team in digging through and evaluating the large volume of documents in a timely manner. Worries about data breaches or data security wasn’t on the minds of anyone. Confidentiality was the bigger concern. The fact that 50 (sometimes hundreds) of strangers were now wandering in and out of the law firm and accessing confidential information was of great concern. Conversations around security and confidentiality began to take place. Terms like Information Security Systems, IT Infrastructure, etc. began to be at the center of these conversations.

How the industry looks today

As with the evolution from paper to electronic documents, the progression of eDiscovery has continued at a rapid pace, with probably the most significant changes occurring in the last five years. The type of data we have the ability to collect continues to evolve bringing with it more and more questions. Issues such as preservation, how to collect data, what data to collect, what custodians to collect, as well as data privacy issues, confidentiality and security are now common challenges faced by many organizations. This has forced technology companies, law firms and corporations to take new steps to ensure the protection of their data. The eDiscovery model has advanced as well. The sheer volume of the data led to a greater need to get through the data faster and more cost effectively. Again, the industry answered the call. New technologies emerged which encompass many iterations of computer assisted review such as predictive coding, de-duplication, threading, and analytics. These advancements have had an impact on costs and turn around. They can be used independently or in tandem with linear review depending on the needs of the client. When it comes to managing data, Contact is at the top of the game. Our Forensics, data, ECA, and newly launched MobileRev™ provide key solutions to managing and review volumes of data.

Making strides in security

Growth is an impetus for change. As documents moved from paper to electronic, and the data increased, the industry was forced to answer the needs of their clients. The adaptability of technology and the exchange of data across borders brought with it even more data and even more security questions. Questions about storage, access and what laws would govern the security of this data continue to come up, leading to major concerns, and the importance of having an industry standard.

Today, privacy and security are at the forefront of concern. Conversion to electronic information housed either on a server and now in a cloud-based environment, bring with it new issues. How do you protect this data? What measures is your eDiscovery vendor taking to ensure appropriate security measures are in place. The challenge to house, maintain and review the data in a secure environment is critical.

This growth of business data led to changes in IT infrastructure and security. Anyone housing data must have appropriate controls in place to protect the integrity, confidentiality and accessibility to sensitive data. The strategy is to mitigate as much risk as possible. Having a Security Information Management System (SIMS) (as Contact does) to act as a framework for your organization is essential. Conducting frequent checks on IT systems and making sure your employees understand and can recognize a threat is crucial.

When it comes to security, it is key to invest in intrusion technology, a series of hardened firewalls and multi-factor authentication processes. There are also industry certifications such as ISO 270001. ISO 27001 formally specifies a management system that is intended to bring information security under explicit management control. ISO 27001 is a formal specification which means that it mandates specific requirements and allows for formal audits. It also provides a framework to ensure fulfillment of commercial, contractual and legal responsibilities.

Contact is committed to ensuring the appropriate controls are deployed to protect the integrity, accessibility, and confidentiality of sensitive data under management, both domestically and abroad. With our own internal controls and an ISO 270001 Certification Contact is at the top of the game when it comes to security.

So, what does all this mean? What is your exposure (i.e. for not utilizing an eDiscovery vendor that isn’t ISO certified)? With ever changing technology it has never been more important to work with a company that takes security risks seriously. The implications of exposure are not worth the risk. It has never been more important to work with a technology company, such as Contact, that have these controls in place.

To learn more about our Technology, Service offerings, and Security systems please contact


Your Digital Footprint

Check your email. Today is the day.

Open your cousin’s suggested link, “Private Places near the City”, on Pinterest.

Respond through Facebook messenger with your two favorite location options.

Check your texts. Your cousin picked a place – “Peaks Edge”.

Relay the meetup point to the buyers through WhatsApp.

Airdrop the secret documents from your laptop to your phone.

Google Maps “Peaks Edge” to head to the meet.

Facetime your cousin to go over the plan and alibi one last time.

Arrive early. Drop a pin on the meeting spot.

Notice a beautiful sunset and take a picture to capture it.

Google “What to do if a deal goes bad?”.

For collateral, take photos of the buyers as the approach.

Show buyers proof of the documents. Receive payment from the buyers through PayPal.

Send the documents to the buyers via an iCloud link.

Delete the documents from your device.

Leave Peaks Edge. FaceTime your cousin to chat about how you’re going to spend your cut!

Our digital footprint; always growing and ever evolving.

Each tweet, every text message, and the numerous photos we take and share all contribute to the complex mixture of information that defines our footprint. Simultaneous communication through multiple platforms on a mobile device has become ingrained in our everyday lives. These devices being so common place has made it easy to overlook how much information we share as documentation of our everyday communication and actions.

In 2017, mobile devices accounted for ~54% of all web traffic and were responsible for ~22 billion text messages sent daily. This figure does not include app-to-app messaging.  Once app-to-app messages were accounted for, this number skyrocketed an additional 60 billion messages sent per day between Facebook and WhatsApp alone. With this vast amount of information being shared via social media platforms on mobile devices, more and more of these platforms and devices have become the target of discovery. Being the focus for years, collection and searching processes have been worked into the industry standard workflows when dealing with email and hard drives. Being relatively new to the scene, mobile devices and social media platforms have uncharted waters yet to be navigated.

Challenges with Mobile Devices in Discovery

Make & Model – Mobile devices require a different collection method than traditional imaging of a hard drive. Forensic experts must be able to identify the make and model of the mobile device with which they’re dealing. They must then use that information to decide which collection format best fits that specific device. Depending on the device, it must be determined if a logical, physical, and/or file system extraction is the proper method. In some cases, multiple acquisitions of a device may be necessary. Similarly, additional acquisitions of external storage cards may be deemed appropriate.

Operating System – A mobile device operates on one of a plethora of operating systems. Not only are there different operating systems to take in to consideration, there are also various versions of the same operating system.  The operating system and specific version directly affect how collection tools can interact with the device as well as the data that can be extracted. Operating system information, in conjunction with the type of data to be collected, greatly assists the examiner in deciding on the type of collection to perform.

Privacy Concerns – Mobile devices hold troves of personal information about us, our families, our closest friends, and more. As new apps and technology are released, what we can do with our devices expands daily. As does the information, and type of information, we input into these apps and technologies. With the continuing growth of companies employing a “bring your own device” (BYOD) policy, devices are storing progressively more privileged company information and applications. Considering that these devices are capable of holding an array of information, it is likely that information exists on a device outside of the scope of target information. Unfortunately, most collection tools do not allow for extraction of individual pieces of data. Instead, they extract the entire contents of a device. Subsequently, the examiner is responsible for filtering out the superfluous information to export. Although untargeted information is not exported in this process, a custodian can become uncomfortable that the information was collected and exists outside of their reach. Providing a custodian an environment and experience in which they feel their most personal information is safe is critical in obtaining custodial consent for collection of their data. However, creating an environment for a custodian to feel confident when giving permission to collect their data is a new challenge that examiners are facing. For an examiner, being knowledgeable about the collection tools and the workflows, in addition to being able to answer any of a custodian’s questions, can be extremely helpful in setting a custodian’s mind at ease throughout the process.

Challenges with Social Media in Discovery

Collection Methods – Social media content is becoming more and more relevant in discovery. The days of taking a screen shot of a Facebook or Instagram post to be used as discovery are slowly fading away into the past. The industry standard is moving towards collection methods that provide forensic integrity and metadata that are unavailable through a screen shot.

API Updates – One of the biggest challenges when creating a workflow to collect social media content is the constant update of the platform’s API. Updates can change accessibility to certain metadata values, which makes the ability to collect consistent metadata a struggle for most collection tools. Inconsistent metadata fields in collections make processing social media content for review a constantly evolving workflow.

Public v. Private Accounts – In situations where it is required to collect a social media source and the credentials are unavailable, there can be extreme limits to the information accessible, if any at all. This is usually determined by the platform and the user’s privacy settings.

Account Accessibility – Two-factor authentication is widely used as a second layer of security for social media platforms. Although some collection tools offer data extraction while two-factor authentication is enabled, the security protocols for this feature are regularly updated. If a platform has two-factor authentication enabled, it can become a potential obstacle for collecting data. To ensure a smooth collection of credentialed accounts, it is best practice to use app passwords or ensure this feature is disabled.

Moving Forward

In the emerging world of mobile devices and social media in discovery, there is still much to be learned. The knowledge base constantly accumulating by forensic examiners is in its rudimentary stages. From knowing and understanding the implications of the target device’s physical and logical specifications, the unstable availability of metadata on different social platforms, to understanding the impact of personal settings on each platform – examiners are becoming more and more experienced in this section of discovery with every collection performed. The challenges and techniques for collection are ever changing, requiring examiners to stay up to date on current technology and share their knowledge with one another to build a community of discovery experts. It is exciting to imagine what the future of mobile devices and social media holds and the new challenges and possibilities it will offer the eDiscovery industry. 


22 billion texts

60 Billion app-to-app messages



Contact at Relativity Fest!

We were even up for an Innovation award for MobileRev™ and had a chance to show off our new technology at the Innovation Pavilion.




Shutts & Bowen in Miami hosted us for an ILTA roadshow event.

A big thanks to the team at Shutts for being such great hosts last month! The roadshow topic was “Emerging data types in modern discovery” and it was well received. Collecting and leveraging data from mobile devices, home automation technology, and social media can be a serious strategic advantage. Embrace the future and talk to Contact about how you can better leverage these less traditional digital evidence formats.




Contact now offering Legal Hold solution for our corporate clients!

Relativity Legal Hold 9.6 is Relativity’s integrated solution for a complete legal hold management workflow application. Legal Hold helps you identify and preserve relevant data when you anticipate litigation. Better understand your organizational data structure, which gives you an advantage in preparing for a hold, responding to a regulatory agency, or negotiating with opposing counsel with Relativity Legal Hold.

Instead of sending ad hoc emails and manually tracking responses in spreadsheets to manage a legal hold, you can centralize this process by using one application. Using Legal Hold, you can:

  • Send out hold notifications by email
  • Automatically follow up with unresponsive custodians
  • Interview custodians to gather information
  • Track and analyze responses using the Relativity Pivot feature
  • Generate reports to maintain a defensibly-sound audit trail of all communications with custodians and other relevant parties