| |||||||||||||||
 |
|
| |||||||||||||
|
|
 Synopsis In this article, litigation forensics experts Deborah Juhnke and David Stenhouse discuss the origins of Instant Messaging (IM) and the issues involved with its use in the corporate world. Deborah and David assert that the time has come for lawyers to consider including questions about IM use during discovery. This article contains words. TechnoLawyer.com: Instant Messaging: What You Can't See Can Hurt You (In Court) By Deborah H. Juhnke & David P. Stenhouse (This article is a TechnoLawyer exclusive.) INTRODUCTION Efficient communication is a critical component of modern day business. For the last few years, standard email has made communication between friends, co-workers, and family so easy. The ability to send long messages without needing pen, paper, envelopes, and the U.S. Postal Service has increased the number of communications between individuals exponentially. However, email (like letters) does not allow for immediate feedback. When you send an email, you may not know when the recipient will next be online to check their mail, and a number of steps are required to send and receive messages. Even with handheld devices, such as Blackberries, the ability to communicate in real time is limited. As time goes by and as technology becomes more sophisticated, people demand faster ways of doing things. BACKGROUND In recognition of this demand, in 1996 four Israeli programmers saw the need for quicker transmission of textual conversations — like those found in chat rooms — and developed a virtual meeting room designed for users who knew each other. The programmers formed a company known as Mirabilis and created a software gem known as "ICQ", or "I Seek You." This software allows users to see when their friends are online, and then create a connection between the user's computers, so that messages can be sent quickly and easily. The user just types in a message and hits 'Enter' to send message directly to the other online user. That user sees the message, types in their reply and hits 'Enter,' sending their reply back. There is no need to check an email inbox as the speeds of the transmissions make a user feel as if they are having a real-time conversation with the other user. America Online (AOL) has since purchased Mirabilis, and ICQ currently boasts a whopping 175 million users worldwide. Because these 175 million users are not limited to kids and home computers, however, attorneys now have an entirely new, more elusive, source of evidence to consider. There are many public software programs that allow this type of textual conversation. The most widely used are ICQ, MSN Messenger, and AOL Instant Messenger. Although the three programs perform the same general function, they have different features. HOW DOES IT WORK? An instant messaging program works like this: A user contacts the instant messaging program's Web site and downloads the "client" software. The user is requested to provide some identifying information and a username, or "screen name," and a login password. Users of these instant messaging programs can provide fictitious information to set up accounts for use. They can also create lists of users with whom they want to communicate online. In most cases, these users also have to be using the same instant messaging software client. Once the user's client software has been successfully installed, execution of the software and successful login notifies the instant messaging server that they are online. The server then checks the user's list of friends against others who are currently online. If one of the user's friends is online, the server will notify the user and the friend both that each is online and logged into the instant messaging server. The server will also gather the number of the computer's port that the client software is using. If either of the users initiates a conversation, and the other user accepts, the server then connects the two computers in a direct link via the computer ports. This takes the instant messaging server out of the transmission of text. Conversations will then take place without logging by the instant messenger server. WHY DO WE CARE? First, because the instant message server does not log instant messages, there is no external record of the conversation as there is with both corporate email and even ISP email such as Yahoo. Second, the default settings for some of the IM programs are not to log the content of conversations. Consequently, IM becomes as close to a phone conversation as one can get without picking up the phone. Messages are ephemeral. In regulated industries, particularly those dealing with securities matters, this ability to circumvent record keeping is dangerous. Instant messaging has also created a number of problems for corporate IT personnel whose job it is to keep the network running efficiently, but also the task of protecting the intellectual property of the corporation itself. The architecture of instant messaging programs allow the textual conversations to go "under the radar" through the corporate servers if steps are not taken to track such conversations and transfer of data. Without proper knowledge of how instant messaging programs function, a corporate IT department may be setting itself up for a disastrous situation in which proprietary information leaves the network unnoticed. It is well known in the corporate setting that corporate workers are increasingly using public instant messaging programs to skirt the corporate email system and the policies regulating email use. For the litigator, instant messaging opens up a new world of textual conversations that are likely to be discoverable. The discovery of standard electronic mail may not be enough, as more corporations are adopting private instant messaging programs to securely move data throughout their workforce. How each message is stored will depend on what instant messaging software is used and how the corporation itself views its messaging system and the policies/procedures given to employees for rules of use. A good electronic discovery practice would be to include questions about instant messaging software, policies, and subsequent use during a 30(b)(6) deposition. CAN WE FIND IM LATER? Forensic analysis of computers using instant messaging programs may or may not recover user conversations, depending on the software used. Logging of conversations is available on the three above-described platforms, however the user may decide not to log this information. ICQ, by default, will log conversations in a .DAT file located in the ICQ directory. This information can be recovered and read using third party applications in conjunction with forensic software. Other ICQ conversations may be recovered in hidden areas of the hard drive, such as unallocated clusters or the system's virtual memory. MSN Messenger and AOL Instant Messenger by default will not log conversations, however, the user does have the option to store the conversations in a location of their choice in the computer's directory. CONCLUSION Instant messaging introduces new challenges for IT personnel and attorneys. Although the ease of use that instant messaging brings to the user is desirable, the amount of data that can be transferred between individuals without being recorded by corporate network systems may be a liability to the corporation itself, and require IT policies to be altered. For the litigator, instant messaging adds to the list of sources that must be considered when conducting data discovery. ABOUT THE AUTHORS As Vice President of CFI, Deborah H. Juhnke assists clients with the development of electronic discovery plans, conducts forensic examinations, and oversees the work of other members of CFI's forensic team. Deborah is also responsible for strategic planning and national marketing efforts. Deborah is a frequent speaker for legal and business associations on the topics of computer-based discovery and related litigation support issues. She has also authored numerous articles in legal and trade publications on computer-based discovery, litigation support, and technical issues. You can contact Deborah via email. As Vice President-Director of Operations for CFI, David P. Stenhouse is responsible for the management of CFI's forensic specialists, technicians, and case managers. David is himself a forensic examiner, and is also responsible for obtaining and analyzing electronic evidence in civil litigation. David is a former Special Agent in the United States Secret Service, assigned to the Electronic Crimes Special Agent Program (ECSAP) where he conducted investigations involving the use of electronic data in crimes. David has extensive experience in the criminal and civil court process and evidentiary chain-of-custody issues. You can contact David via email. |
|
| |||||||||||
|
|
| |||||||||||||
| |||||||||||||||
