Geotracking and e-Discovery

So why do companies collect geotracking data? Plain and simple: this information is valuable, really valuable. Below are three components of geotracking data systems and how they are seemingly harmless on the surface, but combined create a formidable discovery weapon. There are other components and moving parts, but essentially these three are the core sources of geotracking information.

GPS

If you have a smartphone, it is likely you've used it to map your current location or possibly get directions by leveraging it as a GPS. You've done this with the intent to avoid getting lost. Harmless, right? The same mapping mechanism is
also logging your every move and tagging the location of the photos you've been taking as well. Still harmless? After all, what can a company learn about us from just an address or two? Likely, not that much.

There are several mobile operating systems that are deployed by companies like Google, Apple, Microsoft, and Research in Motion. According to a recent article in CNN Money, the GPS data gathered is cached and leveraged only to help speed the process of finding you when you make a location request (see, “Why Apple and Google Need to Stalk You,” http://cnnmon.ie/kHtPEX). Initially it was thought that these big bad corporations were using this tracking information for nefarious means. However, via pressure from the public, they've revealed that their core reason is to make things faster for you on your mobile device. Okay, we can deal with this so far. What's the key thing to remember here, though? While the companies claim they are doing this to help you, some phones may store this data infinitely, or at least for months at a time.

Smartphone Apps

Now we introduce the smartphone app market, which is somewhat of a Wild West shoot out right now, with very few rules and little to no regulation. Guidelines are just now being suggested for mobile app rating systems for parents (see, “Mobile App Rating System Introduced,” Digital Life, http://bit.ly/tKNLJl), while the FDA just proposed a set of regulations surrounding healthcare and medical apps within the past four months (see, “Digital Pharma: Mobile App Regulation,” InPharm, http://bit.ly/qLm6nK). The laws cannot keep up with the new apps landing on the market.

Let's count them for a minute. At last estimate, there are 500,000 apps available to Apple store users, and according to a statistical report from MobiThinking, the other mobile app makers combined offer approximately 250,000 additional apps (see, http://bit.ly/pDYsbH). Allowing for variables and the past few minutes it may have taken you to settle in to read this article, we can round to almost one million apps on the market today.

In a nutshell, just about anyone can write and release a mobile app. Apple has established its own guidelines for acceptable development and prevents certain apps from ever entering its marketplace. But that doesn't stop you from purchasing said app from another source and placing it on your phone. And recent Android headlines have highlighted the infiltration of malware into the mobile market (see, “Google Pulls More Malware from Android Market,” Computerworld, http://bit.ly/iEFBmL).

What does this have to do with geotracking? Well, many of these apps ask you for your location information. Additionally, they may have terms of service that you will likely agree to if you want to use the app. Harmless on the surface, but how much data are they actually accessing on your phone? What information are they gathering about you? Likely, the information from the GPS may be one of their favorite pieces of data, to which you've just provided unfettered access.

Regardless, you install the app and brush it aside as you did with the address you shared with Google as you tried to find your best buddy's new house last week. And really, what's the harm in buying a cup of coffee at your favorite Starbucks with your phone? Do you think Starbucks wants to know what location you frequent the most? How can that be valuable to identifying the best store locations?

Social Media

Now we have a smartphone and our favorite mobile apps in hand. Smiling ear-to-ear, we show off the shiny screens of our handy devices to our friends. “Check this out, I say this to my phone and voila!” Oh how we love our technology! So much now that we share most of our daily lives with our friends via social networks. Everything from checking in on Facebook to our most recent political views, even the last few songs we listened to on Spotify!

Mobile sharing is becoming the status quo. According to Facebook's press page, there are 800 million active users and more than half of those users log on to Facebook any given day of the week (see, http://on.fb.me/bsoxWp). What is more impressive is that each of these users interact with 900 million objects (what Facebook calls pages, groups, events or their own trademark apps), and upload close to 250 million pictures per day.

Putting It Together

All harmless, all in good fun, and all in the name of great technology. Wait! Let's step back for a moment and put the moving parts of these components together:

• Phone stores information about locations visited, entered and movement.
• Apps grab information about users' likes, check-ins, purchases, photos and more.
• Social media logs personal opinions, messages, events, appointments, and other personally identifiable information such as your hometown, education, kids' names and relatives (the list is almost endless).
• Over a million apps released with little to no regulation surrounding access and use of information stored locally on the phone.

Did a bell just ding? Each of these parts ' while separate and seemingly harmless on the surface ' access, use, compile and log geotracking information, which is to say your device tracks your every move: the address of the Starbucks where you purchased your coffee, the longitude and latitude information where the last photo was snapped with your mobile phone, and don't forget about the information you voluntarily gave up by checking in with Facebook.

So now that you've waived your right to privacy as an individual, how does this impact electronic discovery for corporations that support these devices or employee individuals who own these devices? Does this make the electronic discovery of information about an individual's actions easier? It depends on which side of the discovery request you sit.

From the requester's point of view this data exists, is stored electronically and is accessible. Simply grab the custodian's smartphone, preserve the data and produce that which is relevant. Oh yeah, don't forget about her social media content (this becomes its own article) as well. Social media sites are after all the de facto records management systems for much of the geotracking data.

From the responder's perspective, the complexities are real and plentiful. It's hard enough to manage the employee devices the corporation supports, what about those smartphones, tablets and other mobile devices owned by individuals? Is the time and location of a delivery truck that caused the pileup on I-95 any less relevant if the information is stored on your son's iPad? How do we access the discreet log files on these devices? How do we reconstruct behavior and analyze the meaning? Where do we start and where does it end?

Conclusion

The advent of so much user data becomes a plethora of information that can be leveraged in discovery. Mobile phones, which are actually high-powered computers, can be used to basically reconstruct information down to the exact location of when and where an individual may have accessed a particular app, walked into a specific location, and/or made a purchase. All that has to be done now is put the smoking gun ' er ' smartphone in their hand. Case closed ' or is it? How should this type of discovery be approached?

As is the case with traditional discovery of e-mail and office docs as well as the emerging best practices of social media discovery, the technology exists to preserve and capture this information. It's knowing how to preserve and capture, when to analyze and what to do with the information. That's right, it's all about defining a process and selecting the appropriate technology to support it. Corporations don't need to script every move for every device the moment it comes on the market. But they do need to acknowledge the source, evaluate their potential obligations, document use policies and develop a discovery plan. As individuals, don't throw your phone in the river after rear-ending the pizza delivery guy. These things have recoverable black boxes you know.

Neal Lawson is the president and co-founder of Intelligent Discovery Solutions, Inc. He can be reached at [email protected] or 202-249-7860 and followed on Twitter @IDSNeal. Trent Livingston is the founder and principal at the Geekly Group, LLC. He can be reached at 253-987-5387 or [email protected] and followed on Twitter @geeklygroup.

For Twitter, LinkedIn, Facebook and Google+ followers, click here to subscribe to LJN's Legal Tech Newsletter at a special introductory rate of $309. This offer is valid for new subscribers only.

Do you consider yourself stealth-like? Hard to predict? An international person of mystery? Many of us would like to believe we are not creatures of habit, and that we can avoid the prying eyes of the world. However, technology is making our moves more apparent to those around us. Today's technology business is all about gathering information about the end-user. What are your habits? What things do you like? What places do you frequent?

At this very moment, someone is “checking in” on Facebook, telling all her friends where to find her. Someone else is using his iPhone as a GPS to navigate to an unknown location, perhaps leveraging Google maps, which now exposes specific office, store or restroom locations inside of buildings (see, www.wired.com/gadgetlab/tag/indoor-mapping). All of this geotracking information is being stored ' in an easily accessible format, no less ' and is available long after it disappears from a user's screen. This article explores the ways in which geotracking data can be created, potential issues associated with this information, and how it might all relate to e-discovery, including how long the information is stored, whether it is discoverable and how or whether it can be used in a case.

Data Collection

So why do companies collect geotracking data? Plain and simple: this information is valuable, really valuable. Below are three components of geotracking data systems and how they are seemingly harmless on the surface, but combined create a formidable discovery weapon. There are other components and moving parts, but essentially these three are the core sources of geotracking information.

GPS

If you have a smartphone, it is likely you've used it to map your current location or possibly get directions by leveraging it as a GPS. You've done this with the intent to avoid getting lost. Harmless, right? The same mapping mechanism is
also logging your every move and tagging the location of the photos you've been taking as well. Still harmless? After all, what can a company learn about us from just an address or two? Likely, not that much.

There are several mobile operating systems that are deployed by companies like Google, Apple, Microsoft, and Research in Motion. According to a recent article in CNN Money, the GPS data gathered is cached and leveraged only to help speed the process of finding you when you make a location request (see, “Why Apple and Google Need to Stalk You,” http://cnnmon.ie/kHtPEX). Initially it was thought that these big bad corporations were using this tracking information for nefarious means. However, via pressure from the public, they've revealed that their core reason is to make things faster for you on your mobile device. Okay, we can deal with this so far. What's the key thing to remember here, though? While the companies claim they are doing this to help you, some phones may store this data infinitely, or at least for months at a time.

Smartphone Apps

Now we introduce the smartphone app market, which is somewhat of a Wild West shoot out right now, with very few rules and little to no regulation. Guidelines are just now being suggested for mobile app rating systems for parents (see, “Mobile App Rating System Introduced,” Digital Life, http://bit.ly/tKNLJl), while the FDA just proposed a set of regulations surrounding healthcare and medical apps within the past four months (see, “Digital Pharma: Mobile App Regulation,” InPharm, http://bit.ly/qLm6nK). The laws cannot keep up with the new apps landing on the market.

Let's count them for a minute. At last estimate, there are 500,000 apps available to Apple store users, and according to a statistical report from MobiThinking, the other mobile app makers combined offer approximately 250,000 additional apps (see, http://bit.ly/pDYsbH). Allowing for variables and the past few minutes it may have taken you to settle in to read this article, we can round to almost one million apps on the market today.

In a nutshell, just about anyone can write and release a mobile app. Apple has established its own guidelines for acceptable development and prevents certain apps from ever entering its marketplace. But that doesn't stop you from purchasing said app from another source and placing it on your phone. And recent Android headlines have highlighted the infiltration of malware into the mobile market (see, “Google Pulls More Malware from Android Market,” Computerworld, http://bit.ly/iEFBmL).

What does this have to do with geotracking? Well, many of these apps ask you for your location information. Additionally, they may have terms of service that you will likely agree to if you want to use the app. Harmless on the surface, but how much data are they actually accessing on your phone? What information are they gathering about you? Likely, the information from the GPS may be one of their favorite pieces of data, to which you've just provided unfettered access.

Regardless, you install the app and brush it aside as you did with the address you shared with Google as you tried to find your best buddy's new house last week. And really, what's the harm in buying a cup of coffee at your favorite Starbucks with your phone? Do you think Starbucks wants to know what location you frequent the most? How can that be valuable to identifying the best store locations?

Social Media

Now we have a smartphone and our favorite mobile apps in hand. Smiling ear-to-ear, we show off the shiny screens of our handy devices to our friends. “Check this out, I say this to my phone and voila!” Oh how we love our technology! So much now that we share most of our daily lives with our friends via social networks. Everything from checking in on Facebook to our most recent political views, even the last few songs we listened to on Spotify!

Mobile sharing is becoming the status quo. According to Facebook's press page, there are 800 million active users and more than half of those users log on to Facebook any given day of the week (see, http://on.fb.me/bsoxWp). What is more impressive is that each of these users interact with 900 million objects (what Facebook calls pages, groups, events or their own trademark apps), and upload close to 250 million pictures per day.

Putting It Together

All harmless, all in good fun, and all in the name of great technology. Wait! Let's step back for a moment and put the moving parts of these components together:

• Phone stores information about locations visited, entered and movement.
• Apps grab information about users' likes, check-ins, purchases, photos and more.
• Social media logs personal opinions, messages, events, appointments, and other personally identifiable information such as your hometown, education, kids' names and relatives (the list is almost endless).
• Over a million apps released with little to no regulation surrounding access and use of information stored locally on the phone.

Did a bell just ding? Each of these parts ' while separate and seemingly harmless on the surface ' access, use, compile and log geotracking information, which is to say your device tracks your every move: the address of the Starbucks where you purchased your coffee, the longitude and latitude information where the last photo was snapped with your mobile phone, and don't forget about the information you voluntarily gave up by checking in with Facebook.

So now that you've waived your right to privacy as an individual, how does this impact electronic discovery for corporations that support these devices or employee individuals who own these devices? Does this make the electronic discovery of information about an individual's actions easier? It depends on which side of the discovery request you sit.

From the requester's point of view this data exists, is stored electronically and is accessible. Simply grab the custodian's smartphone, preserve the data and produce that which is relevant. Oh yeah, don't forget about her social media content (this becomes its own article) as well. Social media sites are after all the de facto records management systems for much of the geotracking data.

From the responder's perspective, the complexities are real and plentiful. It's hard enough to manage the employee devices the corporation supports, what about those smartphones, tablets and other mobile devices owned by individuals? Is the time and location of a delivery truck that caused the pileup on I-95 any less relevant if the information is stored on your son's iPad? How do we access the discreet log files on these devices? How do we reconstruct behavior and analyze the meaning? Where do we start and where does it end?

Conclusion

The advent of so much user data becomes a plethora of information that can be leveraged in discovery. Mobile phones, which are actually high-powered computers, can be used to basically reconstruct information down to the exact location of when and where an individual may have accessed a particular app, walked into a specific location, and/or made a purchase. All that has to be done now is put the smoking gun ' er ' smartphone in their hand. Case closed ' or is it? How should this type of discovery be approached?

As is the case with traditional discovery of e-mail and office docs as well as the emerging best practices of social media discovery, the technology exists to preserve and capture this information. It's knowing how to preserve and capture, when to analyze and what to do with the information. That's right, it's all about defining a process and selecting the appropriate technology to support it. Corporations don't need to script every move for every device the moment it comes on the market. But they do need to acknowledge the source, evaluate their potential obligations, document use policies and develop a discovery plan. As individuals, don't throw your phone in the river after rear-ending the pizza delivery guy. These things have recoverable black boxes you know.

Neal Lawson is the president and co-founder of Intelligent Discovery Solutions, Inc. He can be reached at [email protected] or 202-249-7860 and followed on Twitter @IDSNeal. Trent Livingston is the founder and principal at the Geekly Group, LLC. He can be reached at 253-987-5387 or [email protected] and followed on Twitter @geeklygroup.

For Twitter, LinkedIn, Facebook and Google+ followers, click here to subscribe to LJN's Legal Tech Newsletter at a special introductory rate of $309. This offer is valid for new subscribers only.