Deciding whether mobile devices should be imaged can be difficult when it comes to eDiscovery. They contain a large variety of file-types and data intermingled with a lot of private information, which may be privileged. Extracting specific information can be difficult and imaging an entire device can be costly. So the question remains: To image or not to image? But not really. That’s why we have case law.
On the surface, it seems that imaging an entire device would fall beyond the usual scope of a matter as it’s defined under FRCP Rule 26. Specific relevant data would be the obvious choice over everything on a single device. Which is exactly how a magistrate judge saw it last year in Henson v. Turn (N.D. Cal. Oct. 22, 2018), when the court denied requests by the defendants to inspect personal devices of the plaintiffs, collecting web browsing history and cookies in the process, on the basis that the data sought was neither relevant nor proportional to the needs of the case.
But in a recent ruling by Special Discovery Master Hon. Rebecca Westerfield (Ret.) in the class action suit In re: Apple Inc. Device Performance Litigation (N.D. Cal. Aug. 22, 2019), the court determined that imaging a sample set of the plaintiffs’ mobile devices was proportional to the needs of the case under Rule 26. So what sets this case apart from Henson v. Turn?
In re: Apple concerns the plaintiffs’ claim that Apple used operating system updates to “throttle” and hamper device performance regarding certain of its iPhone 6 devices, allegedly impairing “the integrity, condition, quality, and usefulness of the Devices without Plaintiffs’ knowledge or consent.”
Each side brought forward forensic experts. The plaintiffs’ expert, Mary Frantz, Managing Partner of Enterprise Knowledge Partners, LLC, asserts that “Apple’s internal databases such as collected historical diagnostics, support, and potentially archived cloud of backup files would be a preferred and sufficient method to determine historical performance,” and that, “there is no difference between what would be found on any specific Devices and what could be found via iTunes and iCloud analysis (which Apple could test without a forensic inspection).”
Apple’s expert, Paul D. Martin, PhD, Computer Science—who has over a decade of experience in technology and forensics, including with performance testing and benchmarking of computer and other technological programs—explained the word “performance” can have a broad variety of meanings for a device. “To assess performance conditions,” Dr. Martin asserts that “it is important to perform tests on a device that is configured in a way that matches, as closely as possible, the configuration of the user’s device. Configuration depends both on the hardware and on what is installed on the hardware, including operating system, applications, and data.” He also adds that, “each user controls the state of his or her Device to the extent that it deviates from the basic iOS configuration,” which, along with, variations of installed software, specific device usage patterns, and network or Wi-Fi variations, will impact performance. Which is why he concluded, “the best record of what is installed on a particular Device is the Device itself.”
Special Discovery Master Westerfield ruled against the plaintiff on the issue of imaging, stating that “other types of discovery would not provide sufficient information on the issue at hand,” and that “the defendant’s privacy concerns could be addressed through a robust protective order containing the following:
- “The plaintiffs would select a neutral forensic expert to produce a mirror image of the computer’s hard drive in a timely fashion
- “That expert would execute a confidentiality agreement and also abide by the protective order in place in the action
- “Only that expert would be authorized to inspect or handle the computer or the mirror image (the plaintiffs and their counsel would not inspect or handle the mirror image
- “The expert would not examine any non-relevant files or data on the computer, or anything designated as privileged or work-product protected information
- “That expert would produce a report based upon his or her inspection that describes the files found and any relevant file-sharing information
- “And that expert would disclose his or her report only to the defendant’s counsel, who could then lodge objections to the report based on privilege.”
SDM Westerfield also cited Herskowitz/Juel v. Apple, Inc. (N.D. Cal. Feb. 12, 2014) in which the court ordered the plaintiffs to deposit computers and devices at issue with a third-party vendor for forensic inspection, because the “data contained on Plaintiffs’ computers and devices is likely to be highly relevant, and admissible evidence under Federal Rule of Civil Procedure 26(b)(1).”
The SDM noted the potential privacy intrusions in Herskowitz/Juel were not as widespread, because only a small number of devices were imaged. In response, the number of devices available for forensic inspection was limited to much less than the 115 devices Apple had requested.
Meet and Confer:
Cooperation is the name of the game when it comes to determining whether mobile devices should be imaged and other complex eDiscovery cases like this one. And the SDM drove that home by stating the importance of both parties continuing to meet and confer, ensuring the order is carried out as determined by the court.
In her ruling, SDM Westerfield writes, “Given the above direction and following Apple’s designation of specific Devices to be examined, the meet and confer process is likely to be more productive than the parties’ past efforts. In this regard, the parties and their experts are in the best position to meet and confer on a proposal that minimizes exposure of content and private information to Apple, the parties’ experts, and Apple’s outside and inside attorneys and provides an appropriate tailored approach to discovery from these Devices.”