Back to Blog Posts

Ediscovery for Ephemeral Messaging: The Complete Guide

Emerging Data Sources
4 Min Read
By: 
Brent Westenfelt
Posted: 
August 26, 2024
social link
social link
social link

https://www.csdisco.com/blog/mastering-ephemeral-data-for-ediscovery

avatar image 3avatar image 1avatar image 2
Get the very best in litigation technology and expert partnership
Talk to sales

Increasingly, people from all walks of life are relying on self-destructing messaging applications (also known as ephemeral messaging) to communicate without leaving a digital trail. Engineering departments for billion-dollar Fortune 500 companies and protesters across the globe are communicating and coordinating via this new technology with increasing frequency. 

What does this deluge of self-destructing messaging mean for data preservation and ediscovery, and should people be wary of this too-good-to-be-true innovation? 

In this guide, we’ll explore ephemeral messaging — including apps, regulations, risks, requirements, and best practices for handling ephemeral content in ediscovery.

Understanding ephemeral messaging

Ephemeral messaging is a form of digital communication that lasts a very short time. These platforms are designed to send self-destructing messages or disappearing messages that vanish shortly after being viewed. Generally, the genre consists of applications for short-form communication on mobile devices that automatically remove content from the recipient's screen. This self-destruct function may be triggered programmatically, by specific user actions (like opening or closing a message), or after a pre-defined time frame. Deletion typically occurs simultaneously on the receiver’s device, the sender’s device, and the system servers, ensuring that no lasting records remain.Ephemeral messaging applications can further obfuscate data with functions that preclude screenshots, limit distribution, auto-encrypt, removal of messages from recipient devices, and untraceable messaging.

Popular ephemeral messaging apps

Ephemeral messaging apps have gained traction in both personal and professional contexts for their ability to facilitate short-form communication that vanishes shortly after viewing. These apps are designed to send disappearing messages or ephemeral content, making them particularly challenging in the context of ediscovery and ephemeral messaging. Below are some of the most widely used ephemeral messaging apps and how they work.

  • Snapchat: Originator of ephemeral messaging. Allows users to send encrypted messages, photos, and video that automatically disappear after viewing.
  • Signal:  Known for its security features, Signal supports self-destructing messages and end-to-end encryption. Users can set custom expiration times for chats and media, and messages are automatically deleted from all devices once expired.
  • Telegram: Telegram offers a “Secret Chat” mode with ephemeral content features, including timer-based message deletion, screenshot restrictions, and encrypted peer-to-peer messaging. Users can control how long messages remain visible.
  • Facebook - Uses Vanish Mode in its messenger application. Allows users to send texts, photos, voice messages, emoji, and stickers that disappear immediately once viewed. Replaced end-to-end encryption that could be saved locally with a function that is designed to delete anything sent forever once it’s been viewed. 
  • WhatsApp: Uses messages that self-destruct seven days after sending. Has over 2 billion users sending 100 billion messages a day, many of which are business-related especially for international users.
  • Confide: Designed for confidential communication, Confide offers end-to-end encryption, self-destructing messages, and screen shield technology to prevent screenshots. Messages disappear after being read, leaving no trail behind.

Ephemeral messaging challenges in ediscovery

While ephemeral messaging apps offer convenience and privacy, their self-deleting nature poses significant complications for ediscovery. From data preservation issues to compliance risks, legal and IT teams must navigate a range of technical and procedural hurdles to manage ephemeral data effectively during litigation.

  • Automatic deletion settings: By design, ephemeral messaging platforms use built-in timers or triggers to delete messages automatically after they’re viewed or after a set period. These self-destructing messages can disappear from both user devices and servers, making it difficult — if not impossible — to recover relevant content after the fact.
  • Lack of visibility for legal and IT teams: Because these messages often bypass standard corporate communication channels, legal and IT teams may have limited oversight. Without centralized archiving or access controls, identifying the existence, scope, or relevance of ephemeral content becomes a serious challenge in the discovery process.
  • Preservation requires custodian identification: To preserve ephemeral documents, teams must first identify the individual custodians using such apps. This adds time and complexity to ediscovery scoping, particularly when users operate across multiple devices, platforms, or jurisdictions.
  • Inability to preserve without alerting custodian: Preserving ephemeral messaging data often requires turning off deletion settings, which can alert custodians and compromise investigations. This creates a tension between the need for stealth preservation and the technical limitations of the apps themselves.
  • Risk of sanctions or spoliation: Failure to preserve disappearing messages can lead to claims of spoliation or even court-imposed sanctions. Courts have increasingly scrutinized how organizations manage ephemeral messaging when litigation is reasonably anticipated.
  • Timing of use impacts risk: The legal risk of using ephemeral apps increases significantly if they’re used after litigation becomes foreseeable. Courts view continued use — or failure to suspend auto-deletion settings — as a potential red flag for intentional evidence destruction.
  • Regulatory scrutiny: Government agencies, including the DOJ and SEC, have issued guidance warning against the improper use of ephemeral communication tools in business settings. Organizations must demonstrate appropriate controls and business justifications for their use to avoid compliance violations.
  • Transformation and usability for review: Even when ephemeral messages are successfully collected, they often arrive in fragmented or poorly structured formats. Review platforms may struggle to process these exports, making it difficult to organize or understand the content without additional transformation work.
  • Proportionality and burden concerns: Preserving and reviewing ephemeral data can be costly and technically complex. Courts expect preservation efforts to be proportional to the value and relevance of the data, requiring legal teams to make defensible, good-faith efforts without incurring unreasonable burdens.

Ephemeral messaging in litigation: risks and regulations

While there are‌ many legitimate business reasons to deploy ephemeral messaging in a business context (including lower storage costs, better compliance with data privacy regulations, and confidential and encrypted communications), the risks remain substantial. Use of the applications complicates meeting discovery and preservation obligations substantially and may open up an organization to large spoliation sanctions or, as was the case in Uber v. Waymo, the court may determine that the use of such applications alone is grounds for an adverse inference.

The context of ephemeral messaging use plays a role in whether sanctions are levied, as does timing. In the case of WeRide Corp. v. Huang, a directive by executive leadership to use ephemeral messaging following the litigation filing to mitigate discoverable data led to sanctions. 

In the case of government investigations, ‌regulators expect that data loss from ephemeral messaging is mitigated. The SEC has issued guidance “[s]pecifically prohibiting business use of apps and other technologies that can be readily misused by allowing an employee to send messages or otherwise communicate anonymously, allowing for automatic destruction of messages, or prohibiting third-party viewing or back-up." And while the DOJ has loosened their prior prohibition of ephemeral messaging slightly, the guidance remains that the agency “prohibits the improper destruction or deletion of business records, including implementing appropriate guidance and controls on the use of…ephemeral messaging platforms.” 

The DOJ offered further guidance on mitigating risk when using ephemeral messaging as an enterprise this summer in its update to Evaluation Of Corporate Compliance Programs. Specifically, if a company adopts a short retention period or adopts an ephemeral messaging tool, it should generate a thoughtful, advanced business justification statement that (1) shows how the company weighed the risks when setting its policy and (2) serves as a record that could later be used to explain why the company took this approach.

From the bench to regulators, the message is clear: employ ephemeral messaging in a business context at your own risk. And the onus is on you to demonstrate a business need, appropriate preservation protocols, and spoliation mitigation efforts — on penalty of sanctions, adverse inference, and loss of remediation credits.

Ephemeral messaging data preservation requirements

As ephemeral messaging becomes more common in business communications, legal teams must ensure these disappearing messages are preserved when litigation is anticipated. Courts and regulators now expect the same level of diligence and defensibility for ephemeral messaging data as for traditional forms of electronically stored information (ESI). The following requirements outline how to meet those obligations effectively.

Duty to preserve when litigation is anticipated

The duty to preserve relevant data, including ephemeral messaging, begins when litigation is reasonably anticipated. At that point, organizations are expected to suspend automatic deletion settings and take reasonable steps to retain potentially relevant content. Courts have increasingly emphasized this responsibility, with cases like WeRide Corp. v. Huang establishing that continued use of ephemeral messaging apps — or failure to disable self-deleting features — after a legal hold has been issued may constitute spoliation of evidence, carrying serious legal consequences.

Legal holds must include ephemeral data

Legal holds must explicitly account for all communication channels, including ephemeral messaging apps. Legal teams are responsible for identifying these platforms across the organization and issuing hold notices that require disabling auto-deletion features. If ephemeral tools cannot be configured to retain data, their use should be suspended entirely to ensure compliance with preservation obligations and avoid the risk of spoliation.

Proportionality and reasonableness (Sedona Conference)

According to The Sedona Conference Commentary on Ephemeral Messaging, preservation obligations related to ephemeral data should be guided by principles of reasonableness and proportionality. This means that organizations are expected to make good-faith efforts to preserve relevant information without striving for perfection. The focus is on ensuring that preservation efforts are commensurate with the significance of the data and the context of the litigation.

Furthermore, organizations that choose to implement ephemeral messaging tools should conduct a thorough risk-benefit analysis to justify their use. This involves documenting the business rationale behind adopting such technologies and ensuring that appropriate policies and controls are in place to manage potential risks. By doing so, organizations can demonstrate that their use of ephemeral messaging is aligned with sound information governance practices and legal obligations.

Document preservation efforts

Organizations must maintain clear documentation of all efforts to preserve ephemeral messaging data. This includes recording the steps taken to identify relevant custodians, disable auto-deletion settings, and capture or retain data from ephemeral platforms when litigation is reasonably anticipated. 

It’s equally important to create and maintain written justifications for the use of ephemeral messaging in business contexts, demonstrating that thoughtful policies and controls were in place. During discovery, transparency is key — legal teams should be prepared to disclose what data exists, what has been preserved, and what is no longer available, along with explanations that support their good-faith efforts to comply with preservation obligations.

Best practices for managing ephemeral message data for ediscovery

Billions of people are using ephemeral messaging at an increasing rate in business and personal communication. It’s important to ensure that you have a clear business justification, protocols to meet discovery obligations, and a method to extract potentially relevant ESI from whatever ephemeral application is being used in your organization. Here are some steps practitioners can take to protect themselves and their organizations:

  • Ensure your team understands the risks and limitations of each tool covered in the policy and that employees are trained on this. 
  • Construct a clear business justification for any standard policy of using ephemeral communication and short retention periods and ensure it is employed consistently.
  • Clearly outline permissible use, authorization, and communication protocols for any ephemeral application.
  • Clearly outline any legal prohibitions on using ephemeral communication.
  • Once on reasonable notice of potential litigation, disable the automatic deletion of ephemeral communications and institute a “litigation hold” to preserve relevant documents and evidence. 
  • Audit the ephemeral applications for data security and use across your organization.
  • Penalize bad actors misusing the technology.

As with all atypical data types, ensure that you are asking questions during custodial interviews and preliminary ediscovery scoping about whether and in what manner any ephemeral applications are being used, as well as what the preservation protocol is for your organization and the data retention settings on each ephemeral application. Depending on both, you may have to move preservation of ephemeral data to a top priority to avoid spoliation.

Ediscovery expanded: mastering complex data from Slack to Signal and beyond

Now that you’ve mastered ephemeral data, uncover the considerations and best practices for handling other complex data types in ediscovery, including:

And, if you’re ready to collect data from collaborative data sources with DISCO, request a demo to see what we can do for you.

Brent Westenfelt
Director, Professional Services
avatar image 3avatar image 1avatar image 2
Get the very best in litigation technology and expert partnership
Talk to sales
Case Study: Mastering Last-Minute Document Review

DISCO Review saved this firm 80% in review costs.

View more resources
0%
100%