By: Philip Favro, Presa Consulting
Consider the following scenario. You are presiding over a business litigation dispute where a representative for one of the parties regularly communicates by text message with counsel. Counsel has repeatedly advised the client representative (“client”) to stop sending messages and stick to email for written communications. The client—a younger lawyer and counsel’s primary in-house contact—is apologetic, but persists on texting counsel. One day, counsel receives a message from the client asking that they start using Signal for messaging. Counsel has heard of Signal, but is not really acquainted with its functionality. After lecturing the client again about using email, counsel relents, downloads the Signal application, and begins corresponding with the client.
After doing so, counsel notices that Signal has somewhat different features than the native messaging app on a smartphone. Signal has “end-to-end encryption,” though counsel is not entirely sure what that means. In addition, Signal offers a “disappearing messages” feature, which seems alarming. Counsel begins pondering the precise import of such a feature: “Whose messages are disappearing and how? If this feature is enabled, will our discussions vanish? Am I the only person with whom the client is communicating on Signal? What if the client is messaging witnesses in the litigation and those messages disappear?”
Reacting to these questions, counsel does a quick internet search about Signal and spends a few moments reading up on it. After learning that Signal is an “ephemeral messaging” application, counsel recalls that motions in limine and jury instructions must be filed in an unrelated matter. Sighing, counsel reassuringly observes, “I’ll get back to this, maybe in a few days or next week when things ‘calm down.’”
Ephemeral Messaging: Why Does It Matter?
Following up on the scenario above, consider taking the following self-test on your knowledge of the issues in play:
- Have you heard of Signal?
- Have you heard of ephemeral messaging or disappearing messages?
- Do you know what end-to-end encryption is?
- Do you know if corporate or individual parties use these apps?
- Do you think waiting “a few days” or a week will make much of a difference in ensuring that relevant information is preserved for a lawsuit?
If you answered “no” or “I don’t know” to any of these questions, you should keep reading this article. Even if you answered affirmatively to every question, you should also continue reading.
There is a strong likelihood that lawsuits on your docket involve parties who are using some form of ephemeral messaging and they may be deleting relevant messages right now. For those who are unaware, ephemeral messaging is a rapidly proliferating communications technology that offers its users a secure channel for exchanging confidential information. Significantly, ephemeral messaging allows users to automate the deletion of messages for both the sender and the recipient within a short period of time. This automated deletion feature presents a significant roadblock to preserving relevant information for discovery. Indeed, unless counsel and client take decisive steps to modify aspects of ephemeral messaging after a duty to preserve attaches, they may expect data loss, which could include relevant information. In like manner, courts should anticipate motion practice and a request for severe sanctions to remediate any resulting harm.
This article examines issues surrounding the preservation of relevant ephemeral messages in civil litigation. In particular, I discuss what is ephemeral messaging, why do organizations and individuals use this technology, and what are some key issues regarding the preservation of ephemeral messages of which courts should be aware.
What is Ephemeral Messaging?
Ephemeral messaging refers to messaging applications that allow users to delete message content—including text, media, and metadata—within a short period of time. While providers may offer a range of other features associated with their ephemeral messaging apps, the hallmark of ephemeral messaging is the ability to delete message content both from the sender’s and the recipient’s applications. Eliminating message content for all parties to a communication—particularly through automated means—is where ephemeral messaging differs from traditional text messaging.
Robust ephemeral messaging apps also offer their users end-to-end encryption (“E2E encryption”), which also helps prevent the distribution of message content beyond the sender and recipient. E2E Encryption (also known as endpoint encryption) safeguards message content, allowing only the sender (the initial endpoint) and the recipient (the other endpoint) to view the message. With E2E Encryption, users can more readily shield messages from third parties, including the actual provider of the ephemeral messaging service. Lesser forms of encryption such as encryption at rest and in transit may not safeguard a message from the provider, leaving content vulnerable to viewing by provider employees and misappropriation by cyber criminals.
Ephemeral messaging applications are not homogenous; they offer a variety of features that impact the effectiveness of eliminating message content and protecting user confidentiality. The following five categories delineate some of the principal features associated with these applications.
- “Always Ephemeral” Applications
Applications whose messages are always set to disappear and be protected by E2E Encryption Ωcan be categorized as “Always Ephemeral.” Users may not disable ephemerality. Nor do they have the option of communicating without encryption.
Another feature of “Always Ephemeral” applications is the automated deletion of message content. This means that once a message is sent, neither the sender nor the recipient may modify the scheduled deletion of the exchanged message. It is worth noting that external devices such as screen shots and cameras may be employed to circumvent the automated deletion feature.[i]
Examples of “Always Ephemeral” applications include Wickr and Confide.
- “Enabled Ephemerality” Applications
Another class of applications includes those whose ephemerality features may be enabled. The default feature of these applications—including Signal, WhatsApp, and Telegram—is to retain exchanged messages like a traditional messaging provider. While messages exchanged by these applications may (Signal and WhatsApp) or may not (Telegram) always have E2E encryption, those messages—once the ephemerality features are enabled—will delete just like those exchanged through “Always Ephemeral” applications.
- Applications with “After the Fact” Ephemeral Functionality
Certain messaging applications allow users to recall and delete messages after they have been sent. These applications—such as Facebook Messenger, iMessage, and WhatsApp—differ from “Always Ephemeral” and “Enabled Ephemerality” applications because they do not automate the disposition of message content at a predetermined time. Instead, senders and (in the case of WhatsApp) recipients can invoke this feature after the fact in certain circumstances by touching a smartphone screen feature.[ii]
- Applications Whose Ephemerality Features May Be Bypassed or Disabled
To a certain extent, users can circumvent any application’s ephemeral features by capturing message content through screen shots or cameras. Nevertheless, there are particular applications—Snapchat and WhatsApp, for instance—that permit users to bypass or disable ephemerality features. Users may disable ephemerality features with SnapChat by saving images and video to Snapchat’s servers.[iii] WhatsApp users may bypass ephemerality features by saving media including images and videos to their device’s photo application or backing up messages in cloud storage.
- Applications with Enterprise Grade Functionality
Ephemeral messaging applications are generally built with consumers in mind. However, certain developers—most prominently Wickr, but also other providers including Confide and Dingtalk—offer enterprise grade functionality for corporate users. With enterprise functionality, organizations can set message retention times, customize and stagger deletion periods for different groups and users, and provide legal hold functionality. All of which should enable an organization to more effectively control enterprise-sponsored uses of ephemeral message.
Who Uses Ephemeral Messaging?
Organizations have turned to ephemeral messaging given the technology’s security features. With E2E encryption and automated deletion, ephemeral messaging offers a work-sanctioned, digital environment for discussions that stand a greater chance of remaining confidential than they would over email or traditional text messaging. These features make ephemeral messaging particularly attractive to companies subject to data protection regimes requiring that employee and consumer personal information replete in communications be minimized and protected.
While organizations have good faith reasons for asking employees to use work-sanctioned ephemeral messaging applications, their employees often use unapproved consumer ephemeral messaging applications for back-channel discussions hidden from company officials. Those communications may range from innocuous exchanges about extracurricular activities and logistics to substantive work and unlawful conduct.
Beyond the workplace, individuals have turned to ephemeral messaging because they can speak in confidence about a variety of issues, from politics and romance to stock tipping and drug dealing. Indeed, ephemeral messaging is replete with users who circumvent securities laws, traffic in drugs and child pornography, and engage in domestic or international terrorism.
What are the Key Issues regarding the Preservation of Ephemeral Messages in Civil Litigation?
Getting beyond the criminal context, ephemeral messaging has obvious implications in civil litigation. While there are issues regarding the production of this data, the key issues for courts to consider in connection with ephemeral messaging focus on preservation.
Do Relevant Ephemeral Messages Need to be Preserved for Discovery?
The first issue courts must consider is whether a duty exists to preserve relevant ephemeral messages. That this is even an issue may surprise some judges. Some commentators have asserted that ephemeral messaging data should fall outside the ambit of discovery because as a practical matter, they have a short duration and are akin to in-person conversations or telephone calls.[iv] Nevertheless, ephemeral messages that are stored even temporarily fall within the “expansive” definition of “electronically stored information.”[v] When a party—be it an individual or an organization—retains a relevant ephemeral message even for a short period after a duty to preserve attaches, that message should generally be preserved for litigation.
Courts should keep in mind, however, that preservation decisions may need to be tempered by notions of reasonableness and proportionality. Courts should consider whether every relevant message should be preserved, particularly where corporate parties use ephemeral messaging to comply with data protection regimes.[vi] This issue will turn on the circumstances involved in a particular matter.
What Circumstances Impact a Court’s Analysis of Preservation Decisions regarding Relevant Ephemeral Messages?
This leads into a discussion of what are the circumstances that may affect a court’s analysis of a party’s preservation decisions regarding relevant ephemeral messages. To be sure, a court should refrain from reflexively concluding that a party spoliated relevant evidence just because it used ephemeral messaging. Instead, courts should explore when a party began using ephemeral messaging and its stated purpose for doing so. Understanding the “when” and “why” will help the court determine whether a party had a legitimate reason for adopting the technology or whether it was implemented for some nefarious purpose. For example, courts may reasonably infer culpable intent when parties allow custodians on legal hold in a lawsuit to begin using ephemeral messaging or fail to disable automated deletion or otherwise keep relevant messages for custodians on legal hold.[vii]
In contrast, a party can better justify the use of ephemeral messaging if it has deployed the application before a duty to preserve affects certain custodians of relevant information. A party can further strengthen its position if it previously implemented a use policy for the technology and formulated actionable risk mitigation measures to address issues regarding its use. All of which can help guard against the perception that ephemeral messaging was implemented for an improper purpose.
Another key inquiry on preservation issues focuses on the features the application offers. Courts should examine whether the technology at issue allows for retention of ephemeral messages once a legal hold is in place. For organizations, enterprise grade technologies will more readily enable them to meet legal hold requirements, along with data protection requirements such as data minimization. Individual parties that use “Enabled Ephemerality” applications may disable the automated deletion feature once a duty to preserve ripens so they can continue to communicate while retaining relevant messages. These respective applications stand in sharp contrast to “Always Ephemeral” consumer technologies that do not allow users to circumvent automated deletion to preserve relevant messages.
A final issue for courts to consider is the timeliness of a party’s actions in stopping the automated deletion of relevant messages. Because ephemeral messages are often dynamic—i.e., they may be quickly deleted by the technology or its users, parties should speedily disable those features that affect the retention of relevant messages. This does not mean that either individual or corporate parties must eliminate all aspects of their ephemeral messaging use. Notions of proportionality caution against overly broad preservation measures, particularly for parties who are obligated under regulatory schemes to observe data minimization principles. Nevertheless, a party’s ability to quickly stop relevant messages from disappearing will more readily be able to demonstrate that it has taken “reasonable steps to preserve” relevant information pursuant to Federal Rule of Civil Procedure 37(e).
Preservation issues surrounding ephemeral messaging will not remain static. As technology continues to develop, applications will likely offer different features that may affect the preservation of relevant content. Nor is preservation the only issue impacting the discovery of such information. Courts should also anticipate issues regarding possession, custody, or control, inaccessibility of messages, and the application of proportionality in the production context. Even as case law develops on these issues, the paramount inquiry for courts will remain focused on exploring answers to the “when,” “why,” and “what” issues set forth above. As courts carefully examine those issues, they will more readily be able to handle the complexities of ephemeral messaging preservation and their impact on discovery.
 The FMJA—Federal Magistrate Judges Association—quarterly bulletin first published this article in September 2022.
[i] See United States v. Engstrom, No. 2:15-cr-00255-JAD-PAL, 2016 WL 2904776 (D. Nev. May 16, 2016) (noting that the ephemeral messaging application’s screen protection feature in that case could be sidestepped by taking “pictures of texts with a camera to document them.”).
[ii] See Fast v. GoDaddy.com LLC, 340 F.R.D. 326 (D. Ariz. 2022) (imposing sanctions on plaintiff after finding she used Facebook Messenger’s “unsend” feature to eliminate a critical message relevant to her claims).
[iii] Doe v. Purdue Univ., No. 2:17-CV-33-JPK, 2021 WL 2767405 (S.D. Ind. July 2, 2021) (“Snapchat allows users to save content to their Memories folder in the application, and that these files are saved in both the Memories folder and on Snapchat’s servers indefinitely—unless, of course, they are otherwise deleted by the user.”).
[iv] See, e.g.,Agnieszka McPeak, Self-Destruct Apps: Spoliation by Design?, 51 Akron L. Rev. 749, 760-61 (2018).
[v] Fed. R. Civ. P. 34, committee note to 2006 amendment (“Rule 34(a)(1) is expansive and includes any type of information that is stored electronically. The rule covers . . . information ‘stored in any medium,’ to encompass future developments in computer technology”).
[vi] See The Sedona Conference, Commentary on Ephemeral Messaging, 22 Sedona Conf. J. 435, 485 (2021).
[vii] See, e.g., WeRide Corp. v. Kun Huang, No. 5:18-cv-07233, 2020 WL 1967209 (N.D. Cal. Apr. 24, 2020) (imposing terminating sanctions for defendants’ used of ephemeral messaging after the court’s issuance of a preliminary injunction). See United States v. Engstrom, No. 2:15-cr-00255-JAD-PAL, 2016 WL 2904776 (D. Nev. May 16, 2016) (noting that the ephemeral messaging application’s screen protection feature in that case could be sidestepped by taking “pictures of texts with a camera to document them.”).  See Fast v. GoDaddy.com LLC, 340 F.R.D. 326 (D. Ariz. 2022) (imposing sanctions on plaintiff after finding she used Facebook Messenger’s “unsend” feature to eliminate a critical message relevant to her claims).  Doe v. Purdue Univ., No. 2:17-CV-33-JPK, 2021 WL 2767405 (S.D. Ind. July 2, 2021) (“Snapchat allows users to save content to their Memories folder in the application, and that these files are saved in both the Memories folder and on Snapchat’s servers indefinitely—unless, of course, they are otherwise deleted by the user.”).  See, e.g.,Agnieszka McPeak, Self-Destruct Apps: Spoliation by Design?, 51 Akron L. Rev. 749, 760-61 (2018).  Fed. R. Civ. P. 34, committee note to 2006 amendment (“Rule 34(a)(1) is expansive and includes any type of information that is stored electronically. The rule covers . . . information ‘stored in any medium,’ to encompass future developments in computer technology”).  See, e.g., WeRide Corp. v. Kun Huang, No. 5:18-cv-07233, 2020 WL 1967209 (N.D. Cal. Apr. 24, 2020) (imposing terminating sanctions for defendants’ used of ephemeral messaging after the court’s issuance of a preliminary injunction).