Social Media and Electronically Stored Information Legal Guide

guide to ESI law

Types of Data, Production Specifications and Formats - In Detail

Data is a set of values of quantitative or qualitative variables which represents transmittable or storable information. Generally, when we talk about data, we’re talking about some existing information or knowledge that is represented or coded in some form suitable for better usage or processing. There are a variety of types of data, and understanding these types helps inform your efficacy and strategy in discovery. 

Difference Between Raw and Processed Data

First off, raw Data is the unprocessed collection of numbers or characters before it has been “cleaned”, corrected or manipulated by researchers or data handlers. Often times, in the course of litigation, it is wise to seek this type of data instead of relying on a compilation or otherwise manipulated information. 

Processed Data is the collection and manipulation of items of data to produce meaningful information. This is often done through the use of software such as Microsoft excel, Tableau or other data manipulation software. More specific types of data are as follows:

Subscriber Information

Basic subscriber information generally includes name, physical address, email address, and telephone number and other personal identifiers indicating who is using an account.

Mail Logs

Mail logs include records of incoming and outgoing communications such as time, date, sender email addresses, and recipient email addresses.

Email Content

Email Content relates to the actual text contained in email transmissions, as well as attachments and photographs. Different companies retain different levels of information. For example, Apple does not retain deleted content once it is cleared from Apple’s servers. An understanding of the method in which email is handled is key to ascertaining it’s “shelf life”.

MAC Addresses

A Media Access Control address (MAC address), is a unique identifier assigned to network interfaces for communications on the physical network segment. Any Apple product with network interfaces will have one or more MAC addresses, such as Bluetooth, Ethernet, Wi-Fi. This can be used to show how a device is interacting with the outside world.

Metadata

Metadata is data that provides information about other data. There are three types of metadata: structural, administrative and descriptive metadata. Historically, metadata was used in card catalogs of libraries until the 1980’s. In the internet age, the usage has been adapted to digital applications. Metadata can be highly illuminating.

Location Data

Any data processed in an electronic communications network, indicating the geographic position of the terminal equipment of someone using a publicly available electronic communications service. The specificity of location depends on a number of factors including

  1. Location of device;
  2. Type of device;
  3. Strength of the service provider’s network;
  4. Proximity to wireless networks.

HTTP Cookies

Cookies are small piece of data sent from a website and stored on a user’s web browser while the user is browsing. Cookies include:

  1. Information such as items added in the shopping cart in an online store;
  2. Records of a user’s browsing activity;
  3. In some circumstances, the words that were typed in certain fields.

Obtaining Evidence: Smartphones, PCs and Tablets, Third Parties, Flash Drives and External Hard Drives, Cloud Storage

The common law duty to preserve evidence – including Electronically Stored Information (ESI) – requires a party to take reasonable and good faith actions to identify, locate, and maintain information that is likely to be relevant in reasonably anticipated, threatened, or pending litigation. In most instances the preservation obligation is communicated to potential custodians of information through a written “litigation hold” or “legal hold” notice. Such a written notice will direct persons potentially in possession of relevant information to segregate and protect from destruction documents and data that are, or arguably might be, relevant to the threatened or pending matter.

Subpoena for Devices

Federal Rule of Civil Procedure Rule 34 provides for the production of any “designated tangible thing.” This has been extrapolated to include devices, but given the sensitive nature of the information on such devices, may require in camera review or some protective order prior to disclosure. More importantly, Rule 34 requires specificity. In order to comply, a subpoena must describe with particularity each item or category of items to be inspected and may specify the form or forms in which electronically stored information is to be produced. Companies may require further specificity. For example, Apple frequently requires the following information:

  1. Model Number;
  2. Serial Number; and
  3. FCC ID

If the form is not specified, it is typical to receive a CD, a flash drive or a hard drive with a copy of the device requested. This can raise issues related to spoliation, etc. See Section J.


Remember that it is possible to obtain a device itself, but for a number of reasons, is disfavored to a copy of the content on the device. If requesting a physical device, it is important to limit the time in possession of that device so that unnecessary inconvenience to the producing party is kept to a minimum.

Cloud Storage

Smartphones, computers and other electronics typically store information in two distinct locations: internally and in “the cloud”. Remember that “Cloud”, despite the nebulous name, refers to a physical location where information party is stored with a third by virtue of transmission over the internet. Just because something is deleted from a physical device’s storage, that does not mean it was necessarily deleted from a cloud storage account. Popular cloud services include Apple iCloud, Microsoft OneDrive, Google Cloud or Dropbox. See Section F. Remember that cloud storage companies have a vested interest in protecting user privacy. One interesting case study of Dropbox entitled the 2015 Transparency Report shows how the company handles warrants, subpoenas and Court Orders – and the relative production rate for criminal and civil matters.

18 U.S.C § 2703

Otherwise known as The Stored Communication Act, this law provides governmental entities the right to require disclosure of electronic user content within 180 days if done pursuant to a warrant in a criminal case. Section F(1) states that a provider of wire or electronic communication services or a remote computing service, upon the request of a governmental entity, shall take all necessary steps to preserve records and other evidence in its possession pending the issuance of a court order or other process. Records referred to in paragraph (1) shall be retained for a period of 90 days, which shall be extended for an additional 90-day period upon a renewed request by the governmental entity.

Speak to a Trial Lawyer Today!

Unfortunately, cases taking place often involve other parts of digital evidence so speak with your trial lawyer or criminal defense attorney regarding your specific case. 

Learn More