Kurt Petro, GCFA, MCSE
Senior Digital Forensics Examiner

The back and forth between Elon Musk and Twitter, as Mr. Musk contemplates a purchase of the worldwide social media platform, has been at the forefront of the news cycle for some time now. When Mr. Musk balked at following through with the purchase, Twitter, Inc. filed a lawsuit seeking to enforce the previous bid.  As pretrial discovery ensued, text and other messaging data on Mr. Musk’s smartphone were requested.  Partial productions were made, but Twitter took issue with what it viewed as deficiencies and gaps in what should have been produced from Mr. Musk’s smartphone.

Recently, Twitter filed a motion for sanctions over the allegedly deficient production of text and Signal messages, during a specified time frame and related to the subject sale transaction. As you may know, Signal is a third-party messaging application that is designed and marketed around privacy and security.  As such, it uses end-to-end encryption to transfer messages, does not maintain message content on their servers, and supports the ability to auto-delete messages that they call ‘disappearing messages’ (which can of course cause problems if the device’s owner/custodian is under a legal hold obligation).  Signal is not alone, other third-party messaging applications have similar functionality and features, such as Telegram, Wickr, and Threema.

In Twitter v. Musk, No. 2022-0613-KSJM (Del. Ch. Oct. 5, 2022), the court examined the alleged production deficiencies but stopped short of ordering the sought-after sanctions.  The crux of the alleged discovery failures centered on incomplete call logs, texts not produced by Mr. Musk that nonetheless appeared in communications produced by third parties, and gaps in the texts that Mr. Musk did produce during allegedly key time periods.

Targeting the third issue, the court found it plausible that Mr. Musk may have communicated during the subject time frame through channels other than text messages. As such, while the court reserved ruling on Twitter’s sanctions request, it ordered Mr. Musk to produce responsive iMessages and non-SMS instant messages during the relevant timeframe, along with messages outside the time frame that were necessary to provide sufficient context to the conversations.

The court also focused on Signal messages produced by two third parties, but not by Mr. Musk.  Because that application can be set to autodelete messages, and the conversations at issue were very close in time to when Mr. Musk was sued by Twitter, the court recognized the likelihood that custodians such as Mr. Musk permitted the automatic deletion of messages, and that said information was irretrievably lost.  The court reserved ruling on the sanctions request because it was not yet clear whether a preservation obligation had arisen at the time of the subject deletions, and deferred until the record was more complete.

What are some key takeaways that attorneys (and organizations) can glean from this opinion?

  1. Immediate preservation is key: at the first reasonable anticipation of litigation, ensure that your subject devices and accounts are preserved.
  2. Know the communication tools used by your organization: does your client/organization use communication tools that can be set to autodelete? Can the tools be customized regarding how long communications are retained? Be sure to get ahead of this issue by knowing what devices and accounts are being used for company communications.  This knowledge can help foster compliance with legal hold obligations and mitigation spoliation arguments and claims.
  3. Communications are a two-way street: Even if, without ill intent, relevant communications no longer reside on your corporate devices or in corporate accounts, be aware of the broad scope of discovery and the possibility that third parties may produce information that was, at one time, maintained by your organization’s custodians.  And, because devices/application retention settings can often be customized, one should not assume that a message missing from one custodian’s device is lost forever.
  4. Can your organization’s employees use security-focused messaging applications? If so, keep in mind: unlike traditional text messages, messages generated from privacy-focused messaging applications (and their associated attachments, like pictures, videos, documents) are encrypted and do not typically get extracted from smartphones using traditional collection processes. Other (possibly inefficient) extraction methods, such as taking digital photos of the device screen to manually document the messages or other data of interest, may be available.