The Law on ESI Spoliation Sanctions
May 15, 2020
Ephemeral Messaging: Balancing the Benefits and Risks
June 8, 2020

New Terminating Sanctions Case Provides Guidance on the Use of Ephemeral Messaging

guidance on use of ephemeral messaging

Ephemeral messaging offers organizations great potential for addressing information related challenges in the areas of data protection, privacy, and information governance. When properly implemented through a comprehensive use plan and enterprise-wide controls including training, audits, and policy enforcement, ephemeral messaging provides companies with an effective method for enhancing confidentiality while eliminating data that has no value for the enterprise.

In contrast, organizations that fail to properly implement ephemeral messaging or seemingly adopt the technology to avoid compliance with discovery obligations in litigation will likely invite disaster. As discussed in an article Bloomberg Law published on June 1, 2020, the recent case of WeRide Corp. v. Kun Huang—in which the court issued terminating sanctions against defendants for (among other things) using ephemeral messaging—exemplifies the consequences for improper uses of this technology. Just as significantly, WeRide provides insights on how organizations can properly use ephemeral messaging to advance business objectives.

What is Ephemeral Messaging?

Ephemeral messaging is a form of electronic communication that appears similar to text messaging. What distinguishes ephemeral messaging from other forms of text messaging are two essential characteristics. The first is automated disposition of message content. This feature ensures that a message is automatically deleted from both the sender’s messaging application and the application of the recipient. In contrast, traditional messaging applications—like the Apple iOS native messaging application, iMessage—only automate the destruction of a message on the sender’s phone.

The second core characteristic of ephemeral messaging is endpoint encryption. Endpoint encryption shields the content of messages from third parties including the application provider and its employees, thereby enhancing message confidentiality. Messaging providers that offer lesser forms of encryption such as transport layer encryption may not safeguard message content. Transport layer encryption may leave message content vulnerable to third parties such as the providers’ employees, law enforcement, or cyber criminals that could hack into provider databases

Why use Ephemeral Messaging?

The automated disposition and encryption features of ephemeral messaging have been viewed by many—including courts, the U.S. Department of Justice, the U.S. Securities & Exchange Commission, and the public—as enabling nefarious conduct. Despite this negative perception, companies are increasingly gravitating toward the use of ephemeral messaging. This is because ephemeral messaging can help organizations satisfy data protection laws and privacy regimes that require data minimization and data pseudonymization. In addition, ephemeral messaging enables information governance objectives by seamlessly eliminating communications with no business value. Finally, ephemeral messaging provides employees and executives with a means for communicating confidential information in an age where the incidence of in-person “water cooler” discussions has decreased due to globalization, COVID-19, and a variety of other factors.

Despite the value ephemeral messaging offers, organizations should be prepared to justify the business imperatives underlying the use of this technology. This is particularly the case since courts will scrutinize uses of ephemeral messaging. At a minimum, organizations should develop a use plan that documents the business needs for ephemeral messaging and how the technology can address those needs. Companies that fail to develop such a plan or that otherwise disregard the importance of thoughtfully approaching the use of ephemeral messaging run the risk of having courts find that the technology was deployed for nefarious purposes. The WeRide Corp. case is instructive on this issue.[1]

WeRide Corp. v. Kun Huang

In WeRide, the court imposed terminating sanctions on three defendants as a result of their “massive spoliation” of relevant electronically stored information (ESI). In an effort to conceal their theft of plaintiff WeRide’s autonomous vehicle technology, defendant AllRide—together with one of its principals (Wang) and a key engineer (Huang)—destroyed and altered relevant source code, key status reports, and email communications. Most of this destruction took place after the court imposed a preliminary injunction in this trade secret litigation that included a preservation order mandating that AllRide retain such information.

While all this spoliation was troubling enough, AllRide made things worse by implementing an enterprise-grade ephemeral messaging application (Dingtalk) shortly after the court issued the preliminary injunction. AllRide did so at the behest of Wang, who felt that Dingtalk was “more secure” than other communication technologies. After observing that “DingTalk allows for ‘ephemeral messages’ that automatically delete after they have been sent and read,” the Court noted that AllRide was unable “to recover any DingTalk ephemeral messages.” Given that AllRide’s use of DingTalk likely spoliated relevant communications and because AllRide directed its employees to use “DingTalk’s ephemeral messaging feature after the preliminary injunction issued,” the Court held that such conduct, together with defendants’ other ESI spoliation, warranted terminating sanctions.

Guidance on Using Ephemeral Messaging

By implementing an ephemeral messaging application after the duty to preserve attached and after the court issued an evidence preservation order, AllRide invited judicial scrutiny and the court’s corresponding terminating sanctions order. Such a result is entirely consistent with established case law requiring litigants to preserve and not destroy relevant information once a duty to preserve attaches. Accordingly, WeRide teaches that organizations must suspend (and not adopt) ephemeral messaging technologies like DingTalk that automate the disposition of relevant content upon the triggering of a duty to preserve.

WeRide, however, also emphasizes the importance of preparing a comprehensive policy regarding corporate uses of ephemeral messaging to counteract possible misperceptions by courts. It’s noteworthy that AllRide failed to develop any sort of plan regarding the business need for ephemeral messaging within the enterprise. Instead, AllRide adopted DingTalk at the direction of Wang who—attempting to conceal evidence of wrongdoing—felt that AllRide “better try” DingTalk because it was “more secure.”

While the improper purpose of AllRide’s ephemeral messaging program seems fairly apparent, organizations can offset such negative misperceptions by developing a use policy for the technology. By engaging a team of information and risk management stakeholders within the enterprise to formulate this plan, organizations can better evaluate the business needs for ephemeral messaging. As part of this process, they can assess the risks associated with using the technology and then formulate actionable risk mitigation measures to address the issues. All of which can help guard against the perception that ephemeral messaging was—as in WeRide—implemented for an improper purpose.

To provide a greater understanding of the issues regarding ephemeral messaging, we invite you to  watch our webinar that spotlights both the benefits and the risks of ephemeral messaging. In this webinar, U.S. Magistrate Judge Patrick WalshChris Howell, CTO for Wickr, and Guillermo Christensen, Partner with Ice Miller, join me to discuss these items, along with best practices for addressing the issues.


[1] WeRide Corp. v. Kun Huang, No. 5:18-cv-07233, 2020 WL 1967209 (N.D. Cal. Apr. 24, 2020).

Philip Favro
Philip Favro
Philip Favro acts as a trusted advisor to organizations and law firms on issues surrounding discovery and information governance. Phil provides guidance on data preservation practices, litigation holds, data collection strategies, and ESI search methodologies. In addition, he offers direction to organizations on records retention policies and the need to manage dynamic sources of information found on smartphones, cloud applications, and social networks. Phil is available to serve as a special master on issues related to electronic discovery. Phil is a nationally recognized thought leader and legal scholar on issues relating to the discovery process. His articles have been published in leading industry publications and academic journals and he is frequently in demand as a speaker for eDiscovery education programs. Phil is a member of the Utah and California bars. He actively contributes to Working Group 1 of The Sedona Conference where he leads drafting teams and serves as the Steering Committee project manager. Prior to joining Driven, Phil practiced law in Northern California where he advised a variety of clients regarding business disputes and complex discovery issues. He also served as a Judge Pro Tempore for the Santa Clara County Superior Court based in Santa Clara, California.
X