A number of third-party digital forensics firms now engage in the collection (or imaging) of data from various PDAs (personal digital assistants, such as smartphones, iPads, etc.), mostly for litigation purposes. Once retrieved and imaged, such data is treated like any other form of discoverable information which may be turned over in litigation. When these firms perform a service (either through a court-imposed order or by agreement between attorneys), everything on that device is typically col- lected for imaging. Filtering for dates and other relevant infor- mation is done post-collection, resulting in a third party having access to all of the owner’s personal information (at least for a period of time).
Mobile devices contain what is called “electronically stored information” (ESI). ESI can include text messages, chats or oth- er forms of “communication.” If the ESI recovered from mobile devices is found to be relevant, chances are it may be turned over as part of a discovery order. Although such orders usual- ly contain confidentiality agreements and protective orders, it does not guarantee that the data, at some point, might not be disclosed. Depending on the nature of the data, this informa- tion can change the course of the litigation or place the owner of the device in a compromising position.
But where is all this data stored? Some data is truly stored on the phone (such as SMS and MMS). Sometimes a phone is just a platform to view data from the internet (some content can be “cached” and easily retrieved). Some data that is stored on the phone may not be accessible, such as WhatsApp and iOS email (Apple’s mobile operating system). As the presenter explained, “Your phone and the cloud are merging...As a general rule of thumb: If you can view the content of a mobile device when in airplane mode, it’s probably accessible.”
Once the data has been imaged (or copied), whether the data can physically be retrieved depends on a variety of factors. For
example, the make, model, operating system version, applica- tion version, carrier and phone settings will all play a factor in determining what data can be accessed and extracted in a read- able format. Special forensic tools are used to extract as much data from a device as possible, but things are changing daily. Some devices may automatically delete various messages after a certain amount of time (30 days) and overwrite information. However, just like other ESI, deleted information may be recov- ered, timelines may be generated and user activity can be re- constructed.
Moreover, in this ever-emerging field of cyberdata, the law and rules change rapidly. For example, federal discovery rules now apply to ESI. Litigation holds and preservation orders, as a matter of course, include electronically stored data. Despite common misconceptions, data cannot easily be “scrubbed” or accidentally deleted to avoid disclosure. Judges are now order- ing adverse inference sanctions for failure to preserve texts and other data. Although more modern iPhones and Androids have encryption capabilities and provide other safety precautions, forensic firms still may be able to retrieve the data.
On one hand, mobile devices help distribute knowledge and bring individuals from around world closer together with the stroke of a button or a swipe of the screen. On the other hand, the data contained on these devices, if released, can lead to a serious invasion of privacy.
As I wrote in a prior article, officers should not be using their personal cellphones while at work — even if it is strictly for personal use. Nothing contained in our collective bargaining agreement requires a Police Officer to have a personal cellphone while working. Any need to communicate for work-related busi- ness should be performed exclusively using a department-is- sued device. Avoid any potential problem. Play it safe. Just ask themayor.d
 CHICAGO LODGE 7 ■ MAY 2018 19