Ironically, Disappearing Message Apps are Here to Stay
Ephemeral communications apps, platforms that enable users to send encrypted messages that are deleted automatically, are on the rise in the workplace. Almost three years ago the U.S. Department of Justice cautioned companies that they must prohibit the use of ephemeral communication software that does not properly retain business records if they were to receive credit for cooperation under the Foreign Corrupt Practices Act enforcement policy. At that time courts had not yet come to grips with how the use of ephemeral messaging software might impact legal preservation obligations, but developments in the ongoing dispute between Uber and Waymo highlighted the court’s concern that Uber may have intentionally destroyed evidence by using such software. Below we review the DOJ’s refinement of its stance on the use of ephemeral communication software, the results of challenges to governmental use, and some of the first decisions from courts evaluating its impact on potential spoliation of evidence and offer best practices. While the landscape has not yet been fully defined, it is clear that ephemeral communications are here to stay and that current authority counsels a strategic approach guided by policies and audited by compliance personnel.
While its initial policy set forth a blanket prohibition on the use of ephemeral messaging software, DOJ announced changes to its FCPA Corporate Enforcement Policy on March 8, 2019 to address issues that it had identified since its implementation. The revised policy makes clear that appropriate retention of business records, including prohibition of improper deletion, can be accomplished by “appropriate guidance and controls on the use of personal communications and ephemeral messaging platforms that undermine the company’s ability to appropriately retain business records or communications . . .” Similarly, in its June 2020 update to its Evaluation of Corporate Compliance Programs, DOJ highlighted the need for compliance and control personnel to have “sufficient direct or indirect access to relevant sources of data to allow for timely and effective monitoring and/or testing of policies, controls and transaction.”
To date private challenges to governmental entities’ use of ephemeral messaging have met little success. In Citizens for Responsibility and Ethics in Washington (CREW) v. Trump, several organizations sued President Trump and his executive office, alleging their use of ephemeral communication apps, such as Signal and Confide, violated the Presidential Records Act. CREW sought a declaratory judgment that using the apps violated the Act, which obligates the president to classify and take steps to maintain presidential records. The court granted the DOJ’s motion to dismiss, holding that the plaintiffs failed to “identify a valid cause of action to enable their case to proceed to the merits,” that the law provided no private cause of action.
In December 2017, the Sunshine Project sued then Missouri Governor Eric Greitens, alleging violations of the Missouri Open Records and Open Meetings Law because he and his staff used Confide, an “ephemeral” messaging app that automatically deletes text messages after they have been viewed. After motions, discovery and hearings directed at determining the extent of the use of the app and whether the “records” existed or could be retrieved at that point, in July 2019, the court dismissed the lawsuit, determining that the Confide application does not create government records that can be retained. Rather, the court likened Confide to sending a voicemail message, or by talking by phone, where no record is retained. As in CREW, the court also ruled that as a private citizen, Sansone could not sue Greitens over alleged Sunshine Law violations.
Plaintiffs in WeRide Corp. v. Kun Huang alleged that Haung, their former head of hardware technology, misappropriated trade secrets relating to its autonomous car software, interfered with potential investors and solicited WeRide employees to join competing firm AllRide. The court granted plaintiffs’ motion for a preliminary injunction that enjoined AllRide from using or disclosing WeRide’s alleged trade secrets or confidential information, and specifically prohibited the destruction of any relevant evidence. Despite that injunction, however, plaintiffs complained that AllRide engaged in extensive spoliation by failing to change the setting in their Microsoft email account that deleted emails older than 90 days, as well deleting six email accounts belonging to Huang and his wife, the owner of AllRide. The parties also disputed whether AllRide had preserved the source code at issue, with plaintiffs arguing that the code ultimately produced was fake. Finally, after the litigation had commenced, Wang, who later became CEO of AllRide, directed the company to use the application DingTalk to correspond internally because it allowed for ephemeral messages that are deleted automatically once read.
The court evaluated plaintiffs’ motion for terminating sanctions under both Fed.R.Civ.P. 37(b) for violation of the preliminary injunction, and 37(e) for failure to preserve ESI. Finding the amount of spoliation by AllRide “staggering,” the court found that AllRide met the applicable criteria for terminating sanctions set forth by the Ninth Circuit in Leon v. ID Sys. Corp.Not only did AllRide fail to suspend the 90 day email deletion after the preliminary injunction was entered, it deleted email accounts and directed its employees to use Ding Talk after the injunction issued. The case against AllRide was “even more damning under Rule 37(e)” given the record of intentional spoliation.
While there was certainly more than enough discovery misconduct to support terminating sanctions, even without the use of the ephemeral messaging software, the court clearly found its use, and post-litigation implementation, significant when reaching the conclusion that AllRide’s conduct was intentional and in bad faith.
Similarly, the court in Hertzig v. Ark. Found. for Med. Care, Inc.,evaluated claims of spoliation in the context of an age discrimination suit. Plaintiff Hertzig did not disclose that he had switched to using Signal, an ephemeral app designed to disguise and destroy communications, until discovery was almost complete. Based upon the content of Hertzig’s earlier communications, the court inferred that the later communications using Signal were responsive and that Hertzig’s decision to withhold and destroy those communications was intentional and done in bad-faith. The court found that such intentional bad-faith spoliation was an abuse of the judicial process that warranted a sanction. The court did not need to consider whether some lesser sanction would be appropriate, however, because it dismissed the case on the merits.
Again, while not the determinative factor that ended the case, the use of ephemeral communications was deemed to have been done in bad-faith and intentionally to deprive others of the use of that information.
Given the popularity of ephemeral messaging software, one of the few examples where the amount of discoverable data generated might actually be reduced, courts and regulators will undoubtedly continue to refine their approaches to its use when spoliation is alleged or cooperation is under review. More importantly, there are a number of best practices that can be extracted from the discussion above:
Companies should create and implement policies that clearly address the use of ephemeral communications software, making clear what is, and is not, permitted.
Companies should periodically audit compliance with such policies if they intend to rely upon them in litigation or investigations.
Acceptable use policies should include explicit exceptions in the event of legal hold obligations and companies must ensure that their compliance personnel have sufficient access to ensure that relevant information is preserved.
Data from platforms no longer used should be retained if subject to legal hold, and new platforms should be added to policies and holds if they are used.
Litigants should be transparent about their use of ephemeral communications software when responding to discovery.
 Waymo LLC v. Uber Techs., Inc., 2018 U.S. Dist. LEXIS 16020 (N.D. Ca.) (“Uber's use of ephemeral communications is also relevant as a possible explanation for why Waymo has failed to turn up more evidence of misappropriation in this case. Waymo will therefore also be permitted to present evidence and argument on this subject at trial, provided that it can do so through qualified witnesses and evidence.”).
 March 8, 2019, DOJ Press Release, Assistant Attorney General Brian A. Benczkowski Delivers Remarks at the 33rd Annual ABA National Institute on White Collar Crime Conference.
 See here.
 See here.
 Citizens for Responsibility & Ethics in Wash. v. Trump, 302 F. Supp. 3d 1127, (D.D.C. March 20, 2018).
 Id. at 1129.
 Sansone v. Greitens, No. 17AC-CC00635 (Circuit Court Cole County, MO).
 See here.
 2020 U.S. Dist. LEXIS 72738 (N.D. Ca.).
 464 F.3d 951, 958 (9th Cir. 2006) (District Courts should consider (1) the public's interest in expeditious resolution of litigation; (2) the court's need to manage its dockets; (3) the risk of prejudice to the party seeking sanctions; (4) the public policy favoring disposition of cases on their merits; and (5) the availability of less drastic sanctions."
 2019 U.S. Dist. LEXIS 111296 (W.D. Ark. 2019).