Skip to main content
logikcull in-house blog

4 Tips for Collecting and Preserving Social Media Evidence

May 14, 2019  |  5 min read

Social Media

Insurance fraud, intellectual property infringement, harassment, international terrorism, and even securities violations—in more and more cases, across more and more practice areas, social media evidence is playing a critical role. As a result, an increasing number of lawyers are finding themselves looking to social media for pertinent photos, videos, posts, and messages. With more than 150 social networking sites and at least 26 live messaging apps to investigate, legal professionals face not only a wide variety of different collection policies, but also an equally diverse amount of hurdles to account for when accessing and preserving this data.

While many of the same admissibility considerations that apply to other forms of evidence also apply to social media data, attorneys will need to factor in additional steps given how fragile social media ESI can be and how difficult it can be to obtain comprehensive social media data.

That’s why the best way to collect evidence today will ultimately depend on what kind of evidence you’re collecting and the platforms you’re planning to target. Thankfully, the Sedona Conference’s Working Group on Electronic Document Retention and Production’s newly updated Primer on Social Media offers some helpful tips you can apply when conducting discovery into social media data.

1. Make Your Social Media Evidence “WARC” For You

Take, for example, screenshot evidence. While the average screenshot will capture a still image of what you’d see when visiting a website or on a messaging app, it won’t cover the types of information hidden under the surface. This is because the screenshot your device captured is static, and therefore doesn’t capture information such as videos, dynamic website content, metadata, and hash authentication—information that could be both revealing and necessary to authenticate data.

One way to get around this problem, according to the Sedona Conference, is to save websites and website pages in WebARChive (WARC) format.

WARC files, which display website or web page mockups created by prior-saved web crawls, can accurately capture how a website or page looked at a point in time—with working links, video, and dynamic elements all included. 

2. Ease Your Collection Process with APIs

In addition, the working group also recommends collecting evidence through programs that leverage a social media provider’s application programming interface, or API. APIs allow one application to access the data and features of another. With the proper tools working with social media APIs, parties can access specific social media platforms and messaging apps to pull ESI content for later review.

As a result, users can not only pull post and video metadata from user profiles, but they can generate hash reports that can be used to satisfy the Federal Rules of Evidence’s new ESI self-authentication options in FRE 902 (13-14). These allow records generated through an electronic process or system or data copied from electronic storage to be considered self-authenticated if accompanied by expert certifications.

As the Sedona Conference working group observes, this collection method isn’t perfect since it alters the original format and may display information differently than how it appeared online. Still, API-driven collections are considered defensible, and most of the major platforms, including YouTube, Facebook, Slack, and Twitter, support API collections.

3. Manage Evidence from Messaging Apps & Wearables

In addition to traditional social network sites, attorneys will also have to contend with evidence on messaging apps. These apps include not only Facebook Messenger and Twitter DMs, but also standalone, over-the-top and enterprise-level apps such as WhatsApp, Viber, Slack, and HipChat.

Attorneys, however, can face unique collection issues depending on the apps they’re targeting. Some, including Blind and Whisper, anonymize message participants, while ephemeral apps such as Dust and Wickr delete messages within set time periods.

Lawyers looking to collect evidence from these apps will need to confirm whether the app developer maintains user access and IP logs, and then subpoena these logs to see if they contain useful information to identify conversation participants. They may also want to seek app data from users’ smartphones, tablets, and computers depending on what types of information those apps store locally on those devices.

Then there are wearables, technology that, as the name implies, you wear. Since smartwatches and other wearables often relay information from messaging apps on other smart devices, accessing this information presents the same challenges one would face when accessing messaging and other social media apps on traditional computers and smart devices.

4. Be Careful When Requesting Direct Access to Social Media Profiles

Attorneys can still seek downloadable archived social media profiles or login credentials directly from the parties themselves or by filing an order to compel. Requesting a user’s login credentials, however, isn’t simple. Attempts to access accounts directly could be thwarted by multifactor authentication, create security issues for other user accounts using the same password, open the door to spoliation by the requesting party, and potentially create the inaccurate presumption that the user’s entire profile is subject to discovery.

On top of this, archived profile downloads—if offered by the social media provider—are usually not reliable since you cannot restrict the types of information you download, control how the information is presented, or prevent any unilateral changes and updates the provider may make to the profile data.

All these factors can lead to preservation issues for your ESI evidence. One workaround for this is for attorneys to either request or submit a WARC version of the user’s profile page, which allows other parties to access the user profile without surrendering any login credentials. Alternatively, parties can request a third-party vendor to access the profile via the platform’s API, run searches based on a list of mutually-agreed-to keywords, and extract relevant data for all parties to review.

As social media and messaging platforms continue to evolve, it’s only a matter of time before new eDiscovery tactics and strategies become necessary. Until then, it’s critical to tailor your collection strategies and preservation strategies around the platforms you’re targeting—and to get experienced outside help where necessary.