Companies now use ephemeral messaging as an authorized communication tool to advance legitimate business objectives. With automated deletion of message content and end-to-end encryption, ephemeral messaging apps like Wickr and Signal offer a secure communication platform that may facilitate compliance with data protection and privacy laws. Nevertheless, companies must exercise caution when using ephemeral messaging, particularly when litigation is pending or reasonably anticipated. This is confirmed by Federal Trade Commission v. Noland, where the court issued an adverse inference to address defendants’ loss of relevant ESI arising from their use of Signal. As Noland makes clear, parties that use ephemeral messaging after a duty to preserve attaches may face severe sanctions for the loss of relevant information. Just as significantly, Noland implicitly provides insights on how companies can properly use ephemeral messaging to satisfy business imperatives.
Federal Trade Commission v. Noland
Noland involves claims by the Federal Trade Commission (“FTC”) against defendant Success By Media Holdings Inc. (“SBH”) and four of its principals for operating SBH as an “illegal pyramid scheme” and making false statements to consumers.
Defendants Begin Using Signal After Discovering FTC Investigation
Several months prior to litigation, the FTC’s investigation of SBH was inadvertently divulged to defendant James Noland, SBH’s president and CEO. Up until that time, Noland had regularly used WhatsApp and iMessage to communicate with SBH executives and employees regarding company business. However, upon learning of the investigation, Noland and his colleagues stopped using these apps, began using Signal, and enabled Signal’s automated deletion functionality. Finally, Noland and other SBH principals encouraged employees to use Signal, particularly to communicate regarding “sensitive” and “important” items.
Shortly after learning that its investigation had been disclosed, the FTC asked SBH and Noland to keep relevant documents by disabling “any ordinary course destruction of documents, communications, and records.” However, neither Noland nor his fellow officers stopped using Signal. Moreover, they did not discourage SBH employees from using Signal or ProtonMail, an encrypted email platform they also started using upon learning of the FTC investigation.
Defendants Continue Using Signal During Litigation
After filing its complaint, the FTC obtained a temporary restraining order and the appointment of a receiver to operate SBH. Under the TRO and subsequent preliminary injunction, the court ordered SBH to transfer the control and use of all business information and methods for handling communications to the receiver. This included, among other things, all login credentials and encryption keys for SBH’s communications systems.
In the face of those orders, Noland, along with other SBH executives and employees, failed to disclose their use of Signal to the receiver and continued conducting SBH business over Signal and ProtonMail. In addition, Noland offered evasive testimony regarding his use of these apps, testifying that he was “not sure” what encrypted messaging apps were and that SBH did not use such apps beyond WhatsApp.
Several months later, defendants were slated to turn their phones over to their counsel for forensic imaging. The day before they were to do so, defendants removed the Signal app from their respective phones, effectively deleting any communications which the app’s automated deletion feature had not already eliminated. In subsequent deposition testimony, Noland and the other defendants conceded that the decision to remove the Signal app from their phones was a “coordinated plan.”
The Court’s Rule 37(e)(2) Sanctions Order
The FTC accordingly moved for ESI spoliation sanctions under Federal Rule of Civil Procedure 37(e)(2), arguing that defendants intentionally spoliated relevant information by switching their business communications entirely to Signal after being notified of the FTC investigation, enabling Signal’s automated deletion feature, and encouraging SBH employees to do similarly. In response, defendants argued that their use of Signal was designed to address SBH security concerns over possible cyber-attacks by a former employee. In addition, Defendants asserted that the coordinated removal of Signal from their phones was ostensibly to prevent the FTC from learning the names of SBH’s donors.
The court rejected defendants’ positions as being pretextual, held that sanctions were appropriate under FRCP 37(e)(2), and issued a “general adverse inference” against the individual defendants. In particular, the court held that defendants’ duty to preserve triggered once the FTC asked Noland to suspend automated deletion features that might affect SBH’s retention of pertinent company communications. By continuing to use Signal’s automated deletion feature—in violation of the FTC’s preservation request—and then later removing the app from their phones, defendants violated both their common law preservation obligation that arose prior to litigation and their preservation duties under the TRO and the preliminary injunction.
The court also found that defendants’ collective actions demonstrated an intent to deprive the FTC of the use of their deleted communications in the lawsuit. The timing for defendants’ adoption of Signal (beyond mere coincidence), their directive that employees use Signal and ProtonMail rather than WhatsApp or iMessage for key business communications, Noland’s evasive deposition testimony, and defendants’ coordinated removal of the Signal app from their phones constituted sufficient circumstantial evidence to satisfy FRCP 37(e)(2)’s intent requirement.
Noland Signals the Need for Clear Advice on Ephemeral Messaging
Noland underscores the dangers of litigants using ephemeral messaging for communications that relate to anticipated or pending litigation. Indeed, Noland is consistent with other cases like WeRide Corp. v. Kun Huang, which have ruled that ephemeral messaging use by custodians of relevant information after a duty to preserve attaches may subject litigants to severe sanctions. It is also accords with The Sedona Conference’s Commentary on Ephemeral Messaging, which provides that “it may be appropriate for courts to infer culpable intent . . . if a litigant’s key custodians of relevant information begin to use or continue using ephemeral messaging after a duty to preserve has triggered.”
To remedy this situation, counsel should provide clients with clear advice on the use of ephemeral messaging. This includes counseling companies to consider suspending key custodians’ use of ephemeral messaging during anticipated or actual litigation.
Beyond preservation duties, Noland is instructive regarding how counsel might advise companies regarding the method and manner for adopting ephemeral messaging. It’s noteworthy that defendants in Noland failed to develop any sort of plan memorializing a business need for Signal. Instead, defendants reflexively adopted Signal at the direction of Noland and then later fabricated rationalizations for its use during motion practice.
In contrast, counsel should consider advising companies to develop a comprehensive use policy for ephemeral messaging. By engaging a team of stakeholders within the enterprise to formulate this plan, companies can better evaluate the business needs for ephemeral messaging. As part of this process, they can assess the risks associated with the technology, formulate actionable risk mitigation measures, and select a technology whose features can best satisfy these objectives. All of which can help guard against the perception that ephemeral messaging was—as in Noland—implemented for an improper purpose.
Georgetown Advanced eDiscovery Institute / Chat Storage Session
For a further discussion of the global information governance issues affecting encrypted and ephemeral messaging apps, along with workplace collaboration tools like Microsoft Teams and Slack, we invite you to attend the upcoming Advanced eDiscovery Institute program sponsored by Georgetown Law. I will moderate a session entitled ESI STORAGE MATTERS: Why I Wish We Did Not Chat Anymore: Global Compliance Challenges and Mobile Devices, which will address practical solutions concerning these issues on Friday November 19, at 10 o’clock (EST). Registration information regarding the program is here.