Imagine the excitement you might feel when you hear that your company has finally decided to rid itself of a frustratingly antiquated electronic data management and storage system. Not only is the current system outdated, but it is also increasingly difficult to find anything due to the backlog of old and/or irrelevant files. The new system, your company tells you, will be more efficient and navigable than ever. Of course, it is not until the system’s rollout that you discover that this improvement includes a very distinct feature: work product “disappears” almost immediately after creation or use unless you intentionally save the files to the system. The new system incorporates technology from popular “disappearing apps.” Although workable in theory, you ask yourself, how can this not be problematic when you know the company is in the middle of multiple litigation proceedings?
As is the custom in today’s world, technology is ever-changing and advancing, and companies are constantly looking to enhance their systems with the newest, fastest and seemingly trouble-free programming tools. But sometimes, change comes with a cost. And sometimes, the cost might even be data breaches that result in the loss of sensitive information. Disappearing apps have permeated the business world as a “fix” to the risk of data breaches. But this fix brings with it an onslaught of legal issues to consider. Here, we explore potential legal ramifications for companies switching to this new style of system.
Before analyzing these compliance nightmares, it is important to understand how these types of systems operate.
I. The Evolution of the “Disappearing App”
In 2011, a newly created software application (“app”) called Snapchat took the world by storm. Teens and young adults across the world flocked to the app store on their various mobile devices to download this new, free app that allowed users to exchange messages, pictures and, eventually, videos. Unlike the simple short message service (“SMS”) or iMessage that we had all become accustomed to, Snapchat added and marketed a distinct feature that changed cyberspace forever: the messages, pictures and videos sent through the app automatically and permanently delete within seconds of being opened by the recipient. Snapchat’s rise to fame was meteoric. A mere two years after its launch, both Facebook and Google offered over $3 billion to acquire Snapchat.[1]
Snapchat and its previously unheard-of automatic deletion feature set the stage for similar apps, such as Burn Note, BeReal, Cyber Dust, Signal, WhatsApp and Wickr — all of which feature disappearing messaging capability. Messages that automatically disappear after a short period, whether by default or through settings, are known in the industry as “ephemeral messaging.” Some of these more common disappearing apps show just how prevalent ephemeral messaging is in today’s society:
- Burn Note[2] — a private messaging app originally designed for the confidential exchange of business information. The app allows users to send messages that are then immediately deleted after being read only once. Uniquely, the sender can also set a time limit for how long the recipient has to read the message before it deletes. But perhaps its most distinguishing feature is the fact that the app will only show the recipient one line of a message at a time, thereby preventing the recipient or any potential third party from taking a screenshot of its contents.
- Signal[3] — a free, privacy-focused messaging and voice talk app you can use on either mobile devices or a desktop. Its distinct feature is its end-to-end encryption, which permits only the people in the messages to see the content. The company itself cannot even see the messages.
- Wickr[4] — an instant messenger platform that ensures that nobody other than the sender and recipient accesses the exchanged messages. To prevent outside access, the application uses end-to-end encryption on all files, which safeguards against third parties accessing the data as it transfers devices. Additionally, the app allows users to set an “auto-destruct” time limit to delete the message when the selected time is up. The company even claims that the level of security is so strong that “it would take trillions of years to gain access” to a single message. Unlike other popular apps, however, Wickr has faced some controversy regarding its user base. While open to everyone, the app has become a feeding ground for drug dealers, with a fair number of users openly offering drugs for sale. Partly because of these controversies, and in the wake of Amazon WorkSpace’s purchase of Wickr in 2021, the consumer-facing version of the app will be discontinued at the end of the year.[5]
- WhatsApp[6] — a free-to-download messenger app that uses the internet to send messages, images, audio or video. The most popular of the four, WhatsApp has over one billion users worldwide. Although less of a data storage system, it allows users to enable a setting that automatically sets messages to delete as quickly as twenty-four hours after they are sent.
II. Ephemeral Messaging in the Workplace
As technology has continued to evolve since 2011, these applications have become increasingly popular among businesses not only because of their message-deleting features but also due to their ability to apply strong encryption that prevents anyone other than the sender and recipient from reading the message. Indeed, the law firm Faegre Drinker Biddle & Reath noted, “There are many legitimate reasons for a company to allow its employees to use ephemeral messaging apps. Today’s businesses generate so much data that any effort to reduce duplicative or unnecessary data is a compelling benefit.”[7] Likewise, Wickr specifically promotes itself to businesses on its website by highlighting four benefits of ephemeral messaging for professionals.[8] According to the website, Wickr offers (1) increased security, (2) reduced exposure to data breaches, (3) lower data storage costs and (4) easy compliance.
A cursory view of these benefits seems to make the choice to switch to these more technologically advanced systems simple. Cutting costs while enhancing security is oftentimes a no-brainer for companies. But is this too good to be true? One could argue yes, as evidenced by the ever-increasing number of lawsuits being filed across the country involving disappearing apps.
A. Preservation and Spoliation
Because of the novelty of these disappearing apps, judges have grappled with a plethora of issues without much precedent to guide their rulings. Courts all over the country have struggled to create a majority view for electronically stored information that is lost because of ephemeral messaging. But as litigation continues, courts have made one thing abundantly clear: failing to preserve relevant information (documents or communications) is not acceptable under any circumstances.
In a trade secret misappropriation case from California, the plaintiff accused the defendant, Uber Technologies, Inc., of spoliating relevant communications to avoid having to produce them during discovery. Per company policy, Uber used ephemeral communications for internal discussions. The District Court ruled that the plaintiff could adduce certain facts before the jury to show that “[defendant] sought information about the technical details of [plaintiff’s] self-driving technology, and that [defendant] sought to minimize its paper trail by using ephemeral communications. …”[9] In essence, the Court allowed the jury to make an adverse inference, without proof from the plaintiff, that the defendant purposefully deleted relevant information to avoid damaging revelations during the course of litigation. Allowing juries to make an adverse inference then shifts the burden to the defendant to combat the inference and convince the jury that the lost information was not the product of a deliberate act to conceal.
The language from the Court in the Northern District of California is highly pertinent for businesses. Companies often have legitimate business reasons for requiring their employees to use disappearing apps in the ordinary course of business. But when litigation arises, the legitimate business reason will be subject to scrutiny to ensure the purposes were not malicious or nefarious.[10] So, decisions on the use of ephemeral messaging should reflect careful consideration and be made with the understanding that a reasonable juror may be tasked with determining that the decision was not made to circumvent the duty to preserve. This can present a dangerous quagmire for businesses.
Similarly, two years later, the Northern District of California dealt with another case involving ephemeral messaging.[11] After a former employee was terminated, he quickly founded a competitor company. The new company began mimicking the proprietary software capabilities and hardware configurations of the plaintiff’s company. In response, the plaintiff sent cease and desist letters and then moved for a preliminary injunction to prevent the new company from using or disclosing any of the plaintiff’s confidential information. Most importantly, however, the preliminary injunction specifically prohibited the parties from “[d]estroying, concealing, disposing, deleting, removing, or altering any and all documentation of any kind” that relates to the proceeding. Despite this clear directive, the new company’s employees began communicating on an application equipped with an ephemeral messaging system. The company’s 30(b)(6) witness confirmed that the deleted messages were not recoverable. As a result, the plaintiff moved the Court to issue sanctions.
In its ruling granting spoliation sanctions, the Court found that “the amount of spoliation … is staggering.” The Court focused on the fact that the company was on notice to preserve all documentation relating to the case yet still knowingly used a message-deleting application. These deliberate actions resulted in the Court entering a default judgment against the newly founded company.
These cases exemplify the perils of using ephemeral messaging software in the workplace. Throughout the country, ephemeral messaging creates compliance issues for businesses.[12] Whether the use of disappearing technology is deliberate or unintentional, the fact remains: automatic deletion of documentation automatically creates a potential for legal implications. Disappearing apps are not disappearing from the app store anytime soon — their popularity is growing. Even so, businesses must remain cognizant of their duty to preserve all information in the face of potential litigation.
B. Lessons Learned
As should be apparent by now, the use of ephemeral messaging can prove particularly problematic for parties in litigation.[13] And while it sounds easy to stress preserving data, doing so is a bit more challenging. Throw in an ephemeral messaging application and preservation becomes nearly impossible. You now have a spoliation issue even if you never intended to delete relevant documents.
Returning to our opening scenario, there are dilemmas that companies will face when switching to or using systems that enable automatic deletion features during ongoing litigation proceedings. What may not be so evident, however, especially without clear legal precedent, is exactly how to navigate these issues and avoid adverse consequences in court.[14]
Finally, with any new app or data system, concerns always arise regarding the safety and privacy of users’ information. While the Apple Store might be top-of-mind when discussing apps like Snapchat, Microsoft Windows also offers plenty of messaging apps that are particularly popular for businesses. Windows, however, has long been a favorite for cybercriminals.[15] Such safety and privacy concerns should be especially troubling for companies, which must guarantee that their current or potential new system will function properly. These factors add yet another layer of challenges for companies wanting to implement ephemeral messaging apps. So, although the advancement of technology has produced numerous benefits for consumers and businesses all over the world, before implementing or using new technology, businesses must ensure that the advantages outweigh the risks.
[1] Awara Ra, The curious history of Snapchat and its increasing importance for businesses, Business Chief (May 19, 2020), https://businesschief.com/digital-strategy/curious-history-snapchat-and-its-increasing-importance-businesses.
[2] Hilary Smith, Should Parents Be Worried About Burn Note?, Anxious Toddlers, https://www.anxioustoddlers.com/burn-note/.
[3] Rachel Kraus and Christianna Silva, What is Signal? The basics of the most secure messaging app, Mashable (Jul. 16, 2022), https://mashable.com/article/what-is-signal-app.
[4] Luke Christou, What is Wickr, the new favourite app of dark net drug dealers?, Verdict (Jan. 30, 2018), https://www.verdict.co.uk/what-is-wickr/.
[5] Carly Page, Amazon-owned Wickr is shutting down its free encrypted messaging app, TechCrunch (Nov. 21, 2022), https://techcrunch.com/2022/11/21/amazon-wickr-app-shutting-down/.
[6] Explainer: What is WhatsApp?, WebWise, https://www.webwise.ie/parents/explainer-whatsapp/.
[7] Thomas J. Kelly, Jr., The Rise of Ephemeral Messaging in the Business World, Faegre Drinkle Biddle & Reath (Apr. 23, 2019), https://www.faegredrinker.com/en/insights/publications/2019/4/the-rise-of-ephemeral-messaging-apps-in-the-business-world.
[8] Top 4 Benefits of Ephemeral Messaging for Security Professionals, Wickr (Apr. 7, 2020), https://wickr.com/top-4-benefits-of-ephemeral-messaging-for-security-professionals/.
[9] Waymo LLC v. Uber Techs., Inc., 2018 WL 646701, at *19 (N.D. Cal. Jan. 30, 2018).
[10] See Joy A. Long, Ephemeral Messaging and E-Discovery: To Preserve or Not to Preserve?, ORBA (Feb. 11, 2022), https://www.orba.com/ephemeral-messaging-ediscovery/.
[11] WeRide Corp. v. Kun Huang, 2020 WL 1967209 (N.D. Cal. Apr. 24, 2020).
[12] See, e.g., Pable v. Chicago Trans. Auth., 2023 WL 2333414 (N.D. Ill. Mar. 2, 2023) (dismissing a lawsuit after plaintiff failed to preserve relevant text messages he sent and received on Signal); Globus Medical Inc., v. Jamison, 2023 WL 2124094 (E.D. Va. Feb. 10, 2023) (denying plaintiff’s motion to move for sanctions because plaintiff could not show that relevant communications were lost); Federal Trade Commission v. Noland, 2021 WL 3857413 (D. Ariz. Aug. 30, 2021) (imposing sanctions when the defendant switched to ephemeral messaging after being advised by the FTC to preserve relevant documents); Herzig v. Arkansas Foundation for Medical Care, Inc., 2013 WL 2870106 (W.D. Ark. Jul. 3, 2019) (holding plaintiffs were nefariously using ephemeral applications to conceal relevant communications).
[13] See The Sedona Conference, The Sedona Conference on Primer on Social Media, 20 Sedona Conf. J. 1, 90-91 (2019).
[14] See DR Distributors, LLC v. 21 Century Smoking Inc., 513 F. Supp. 3d 839, 931–33 (N.D. Ill. 2021) (“. . . parties that ignore their obligations to reasonably investigate the possibility of or disregard autodelete functions run the risk of destroying relevant evidence and visiting prejudice upon their litigation adversaries, thereby earning sanctions.”) (emphasis added).
[15] See Damir Mujezinovic, The 3 Best Secure Messaging Apps for Windows, MakeUseOf (Aug. 25, 2022), https://www.makeuseof.com/windows-secure-messaging-apps/.
Finis
