Ephemeral messaging applications are considered solutions for data protection and privacy concerns (Blink, And I’m Gone: E-Discovery Challenges and Considerations With Ephemeral Messaging). However, courts are wary of ephemeral messaging applications given they can empower a litigant to avoid discovery obligations. A recent decision from the District Court for the District of Arizona, details the consequences of using improperly ephemeral messaging applications (Fed. Trade Comm’n v Noland, 2021 WL 3857413 [D. Ariz. Aug. 30, 2021]).
Background
The Federal Trade Commission (the “FTC”) was conducting an investigation into the operations of Success By Health (“SBH”) and its principals James Noland (“Noland”), Thomas Sacca (“Sacca”), and Scott Harris (“Harris”). On May 16, 2019, Noland learned, through the inadvertent disclosure of a bank subpoena, of the FTC’s investigation. Soon thereafter, Noland, Sacca, Harris and SBH’s employees began using – at Noland’s direction – two messaging applications for the purpose of discussing important SBH business. The first application, Signal, is a mobile messaging application with automated deletion functionality; and the second application, ProtonMail, is an encrypted email service provider.
On May 29, 2019, after learning that its investigation had been disclosed, the FTC instructed SBH, Noland, Sacca and Harris to “suspend any ordinary destruction of documents, communications and records.” At the conclusion of the investigation, on January 8, 2020, the FTC filed a lawsuit against SBH, Noland, Sacca and Harris (collectively “Defendants”), alleging Defendants operated an illegal pyramid scheme and made false statements to consumers. Soon thereafter, the FTC obtained a temporary restraining order (“TRO”) and the appointment of a receiver to operate SBH. Pursuant to the TRO, Defendants were required to transfer to the receiver control of all methods for handling communications. Defendants, however, failed to disclose the existence of Signal or ProtonMail. It was not until October 2020 that the FTC learned Defendants had used Signal and ProtonMail as means to communicate.
The FTC promptly filed a motion for sanctions pursuant to FRCP 37(e)(2), arguing Defendants intentionally spoliated documents when they migrated SBH’s communication platform to Signal and ProtonMail, and did so only after the duty to preserve arose. In opposition, Defendants argued the decision was caused by security concerns presented by a former employee and his fellow saboteurs.
Analysis
As highlighted by the Court, FRCP 37(e) was “completely rewritten in 2015 to provide[] a nationally uniform standard for when courts can give an adverse inference instruction… to remedy the loss of ESI.” Specifically, a party seeking sanctions under FRCP 37(e)(2) must first show “(1) the ESI should have been preserved in the anticipation or conduct of litigation; (2) the ESI is lost because a party failed to take reasonable steps to preserve it; and (3) the ESI cannot be restored or replaced through additional discovery” (Noland, 2021 WL 3857413, at *6). If each of these elements are satisfied, courts then determine whether the nonmovant “acted with the intent to deprive another party of the information’s use in the litigation” (id.).
Here, the Court concluded that the FTC easily carried its burden in showing that “Defendants acted with the intent to deprive the FTC of the information contained in the Signal and ProtonMail messages.” According to the Court, “the most decisive factor” in reaching this conclusion was the timing of Defendants’ migration to Signal and ProtonMail. Further, the Court rejected Defendants’ argument that the use of these applications was in response to security concerns, as Defendants failed to provide any evidence that SBH was being hacked, or threatened. As a result of Defendants’ systematic efforts to destroy relevant communications through Signal and ProtonMail, the Court granted the FTC’s motion for sanctions and granted the FTC an adverse inference instruction that the deleted Signal and ProtonMail communications were relevant to the litigation and supportive of the FTC’s position.
Conclusion
While ephemeral messaging technologies may be ideal security solutions, companies must avoid implementing such technologies, if a duty to preserve has been triggered or is ongoing. Therefore, when advising a client about messaging applications, it is critical to be conversant with the client’s data retention policies and active litigation holds, if any.
Thank you to second year associate, James Maguire in the Firm’s Uniondale office, for his research assistance related to today’s blog.