When a WOTUS is not Water: Winning the War with TRIAL DIRECTOR



Courtroom technology is a boon for attorneys conducting courtroom presentations. Perhaps its greatest advantage is that the technology allows you to present your theory of the case in a visual way. Research and experience show us that having relevant graphics is more persuasive than words alone.[1] A principal challenge for the defense in criminal cases is that we are reactive to the government. We have to adjust to how the prosecution builds its case in chief when putting on our defense. Trial Director’s[2] greatest benefit for defense practitioners is that it allows them to add a visual component to their cross examination on the fly. This feature is critical, as more often than not we will be unsure how a witnesses’ testimony will come in on direct, and what we may need to focus on during cross-examination. To illustrate how Trial Director can be a useful tool for CJA panel attorneys and Federal Defenders, we will review a real case I worked on, United States v. Lucero, No. 19-10074 (9th Cir. 2021). This trial involved explaining complex scientific and regulatory information to a jury. Let me give you an example of how we used Trial Director and visuals to assist with the cross-examination of witnesses – and then tied it together in closing. I served as the “hot seat” operator, pulling up and annotating exhibits under the attorneys’ direction, as I describe in detail below.

Dumping Debris into a WOTUS

Our client, a dirt broker, was charged with illegally dumping debris onto federally protected wetlands on an undeveloped, privately owned property in Newark, California. This area covers about 400 acres located south of San Francisco near Mowry Slough. It is next to the Don Edwards San Francisco Bay National Wildlife Refuge. At the time of the charged offense, a consortium of developers was in the process of planning a master-planned golf course community on the site.[3] The case was brought under the Clean Water Act, 33 U.S.C. § 1251 et seq. (“CWA”) which made it a crime to discharge pollutants onto wetlands, regulatorily defined as traditional navigable waters, without a permit. At trial, we conceded that our client dumped debris without a permit. The judge denied our requested knowledge instruction, so the government did not have to prove Lucero’s knowledge of the wetland issue. Multiple government experts testified that the dump sites qualified under the regulatory definition as “wetlands.” However, the sites did not appear wet at the time of our client’s conduct, because the dumping occurred during the summer and after several years of drought.

As we shall show below, we were able to set up the issue of knowledge at trial, and eventually won on appeal. Below are a series of brief examples designed to illustrate how we used TRIAL DIRECTOR during the cross-examination of witnesses.

Educating the Jury

The map at Figure 1 was one of the exhibits we used during the cross-examination of a government expert. Initially, this expert was hired by the developers to conduct an environmental analysis of the area. During direct examination, the government showed the expert a series of maps to elicit testimony designed to illustrate precisely where, on the property designated as wetlands, our client dumped debris. These two regions in the map below demarcated with red boundaries were where he dumped debris using dump trucks over a period of several months.

Figure 1
Figure 1

This map included a key indicating which parts of the area were designated as wetland (Figure 2).

Figure 2
Figure 2

During cross-examination of the expert, we used what Trial Director describes as a “callout.” The attorney directed me to zoom in on the portion of the exhibit that had the map key. Using the software program, I drew a box around the map key. The software program pulled out that portion of the exhibit, making it larger, while adding a 3-D fade-black effect on it with projection lines. NOTE: I could adjust the size and shape of the “callout” on the fly, and even scroll within it as needed. The attorney then elicited testimony about how, for example, there were significant segments of the area in question that were not designated as wetland, to support our lack-of-knowledge argument.

Tributaries, Culverts, and Navigable Waters

Figure 3 is another map of the same region, again with red demarcations showing that the area where our client dumped debris was protected wetland, but with additional details such as references to tributaries and culverts.

Figure 3
Figure 3

The map at Figure 4 is a screenshot of what I did live in front of the jury pursuant to the attorney’s instructions. This process was dynamic. The attorney asked me to do a callout, and instructed me to draw arrows to show the areas where our client was accused of dumping debris, within the “South Fill Area and the North Fill Area”.

Figure 4
Figure 4

The crucial fact in dispute was whether this area was considered a WOTUS, and that determination involved the question of whether the TNW had a “tributary;” that is, whether it showed physical features of flowing water. One of the areas of “flowing water” was this culvert. Live, in front of the jury, the attorney instructed me to use the “Zoom Region” tool in Trial Director to allow the jury a closer view of the map detail (Figure 5).

Figure 5
Figure 5

The Presentation screen is a feature of Trial Director that can be used to display multiple pieces of evidence simultaneously.  It is divided into nine zones – Zone 1 is the left side of the screen, Zone 2 is the right side of the screen, Zone 5 is to the top left quadrant, and so forth. We used this feature to address the question of whether the culvert was a WOTUS during cross-examination of a witness. Figure 6 shows the aerial map of the area with the culvert in Zone 1, shown side by side with a video of the general area of the culvert Zone 2, paused to show the culvert in the foreground. The attorney then instructed me to use the annotation tools to add arrows and ellipses to indicate where the video footage of the culvert was in relation to what was shown in the aerial map. (Figure 6).

Figure 6
Figure 6

Figure 7 (below) is an iteration of Figure 6, with the aerial map still on the left side of the presentation screen (Zone 1) while on the right side of the screen (Zone 2) the attorney instructed me to again pull up the same video exhibit. However, instead of the same frame of the clip shown in Figure 6, the attorney instructed me to play the video and then pause it at a point showing a close-up of the water flowing through the culvert. The attorney also instructed me to use the annotation tools to add arrows and ellipses to indicate where the video frame of the culvert was in relation to what was shown on the aerial ma. One related and exciting feature of Trial Director is its ability to do a callout of a portion of a video while it plays. You can zoom in on a specific area of the video, do a callout, and let it continue running to show the zoomed area in detail as it plays. This feature can be particularly useful when playing surveillance or body cam videos.

Figure 7
Figure 7

A Close Reading of Topographical Maps  

One of the government’s witnesses in the Lucero case was a civil engineer who had been involved in conducting a land survey of this area – again, the issue was whether the geological and ecological features of the area met the criteria for it to be considered a WOTUS. We conducted an extensive cross-examination of the civil engineer, during which we closely reviewed a series of topographical maps, such as the one shown in the video below (Figure 8). To effectively pull off this cross-examination, the testimony was tied to a close reading of the topographical maps, focusing on the significance of the gradients indicated by the contours. The ability to dynamically pivot on the fly, depending on how the witness testified, was critical.

Closing Argument

When using courtroom technology, most people will use PowerPoint for opening statements and closing arguments. However, Trial Director can be used for openings and closings as well. Many experienced practitioners will use PowerPoint as their primary tool during a closing, but then switch over to Trial Director to show an exhibit, so as to respond to a point made during the government’s closing, and then switch back to PowerPoint to continue. One of the themes we focused on during closing argument was the government’s experts’ re-writing of history. Reports prepared between 2007 and 2016 by environmental consultants hired by the developers, and by the US Army Corps of Engineers, differed in key aspects with the reports developed by the witness the government hired. For example, the 2007 reports did not find that there were any tributaries, while the government’s expert report determined that the ditches in the South Fill Area were in fact ”tributaries.” (Figures 9 & 10)[4]

Figure 9
Figure 9
Figure 10
Figure 10

Furthermore, between 2012 and 2016, California experienced the most severe drought in a millennium, and the bulk of the pictures introduced by the government at trial were from the 2007 reports and January 2017. We argued these photos of ponding, or water, did not prove water in the summer of 2014, when the charged conduct occurred (Figure 11).

Figure 11
Figure 11

Dumping Debris into “Water”

Our defense hinged on educating the jury about technical issues related to wetlands and the complex regulatory definition of WOTUS. The government had a much easier job, namely, to focus on the seemingly unambiguous visual impact of debris dumped onto this area. Our client was found guilty. (Figure 12.)

Figure 12
Figure 12

On appeal, the United States Court of Appeals for the Ninth Circuit reversed our client’s conviction and vacated his 30-month sentence. It held that the district court erred by not instructing the jury, as the defense had requested, that the government had to prove the defendant’s knowledge that the sites where he dumped debris were “water.” (Figure 13).

Figure 13

The Lucero trial provided an example of how using Trial Director played out in a real case and establishing a factual record for appeal. We were able to demonstrate on appeal with evidence from the record that the knowledge issue was important given how the site appeared dry at the time of the offense. The visuals provided the backdrop for our expert’s declaration, which we submitted as an offer of proof. The appellate court relied on this record to reverse on the knowledge issue.

If the government had opted to retry the case, it would have had to prove that our client knew he was dumping debris into “water” in the generally understood sense of the term, rather than into an area defined as “a water of the United States” within the meaning of the CWA. Ultimately, the government opted not to re-try the case. On October 20, 2021, our client, who had remained out of custody while the case was pending, pled to one CWA count and an agreed-upon sentence of one year probation.

The chart below sets forth practical considerations for using the software in the courtroom (Figure 14).

Figure 14
Figure 14

This blog post was designed to provide an overview of how you can utilize Trial Director. If you would like to take a deeper dive with a hands-on, one-on-one training, please contact Kelly Scribner or Joe Wanzala.

[1] “People learn more deeply from words and graphics than from words alone. This assertion can be called the multimedia principle, and it forms the basis for using multimedia instruction – that is, instruction containing words (such as spoken or printed text) and graphics (such as illustrations, charts, photos, animation, or video) that is intended to foster learning.” (Mayer, 2021, in press-a). See https://www.researchgate.net/publication/369588588_Learning_by_Teaching.

[2] As of July 2023, IPRO has renamed TrialDirector 360 to TRIAL DIRECTOR. It has also been called Trial Director and TrialDirector (one word) in the past. For the purposes of this post, we will use the term “TRIAL DIRECTOR” and “Trial Director” interchangeably to describe the software program.

[3] https://www.santacruzsentinel.com/2016/03/22/carmel-man-charged-with-illegal-dumping-in-newark-wetlands.

[4] In April 2020, the Environmental Protection Agency promulgated a new WOTUS rule which narrowed the definition of ‘waters of the United States’ and found that ditches would not be considered to be “tributaries.” The most current version of the WOTUS rule took effect March 2023, but then there was a subsequent Supreme Court decision limiting/revising the meaning of WOTUS. see, https://www.epa.gov/wotus/current-implementation-waters-united-states

U.S. v. Morgan, et al: Know What You Don’t Have

[Editor’s Note: Tom O’Connor is an attorney, educator, and well respected e-discovery and legal technology thought leader. A frequent lecturer on the subject of legal technology, Tom has been on the faculty of numerous national CLE providers and has taught college level courses on legal technology. He has also written three books on legal technology and worked as a consultant or expert on computer forensics and electronic discovery in some of the most challenging, front page cases in the U.S. Tom is the Director of the Gulf Coast Legal Technology Center in New Orleans, LA ]

If you were practicing in federal court before email, ECF filing, and in the days when Joe Montana threw to Jerry Rice then you probably remember discovery productions were typically hardcopy documents you picked up at the US Attorney’s Office. The volume was so small it easily fit into your briefcase. Those were the days when everyone complained about not getting enough discovery. The challenge was moving to compel for more discovery when you didn’t know what you didn’t have.

Joe Montana and Jerry Rice

Fast forward to the present. Tom Brady is throwing to Rob Gronkowski (again but in a different city) and discovery is typically so voluminous it cannot be provided in hardcopy form. Productions can be hundreds of gigabytes and sometimes dozens of terabytes full of investigative reports, search warrant pleadings, surveillance audio and video, cell phone data, cell tower material, years of bank records, GPS data, social media materials, and forensic images of servers, desktop computers, and mobile devices. Common are duplicate folders of discovery produced “in the abundance of caution” to protect the Government against Brady violations. Despite the volume, the same issue exists: How do you know what you don’t have?

Tom Brady and Rob Gronkowski

US v Morgan (Western District of New York, 1:18-CR-00108 EAW, decided Oct 8, 2020) is an example of diligent defense counsel challenging the government on how it produced terabytes of data.

Defendants Robert Morgan, Frank Giacobbe, Todd Morgan, and Michael Tremiti were accused by way of a 114-count Superseding Indictment of running an illegal financial scheme spanning over a decade. The government alleged they defrauded financial institutions and government sponsored enterprises Freddie Mac and Fannie Mae in connection with the financing of multi-family residential apartment properties that they owned or managed. There were also allegations of related insurance fraud schemes against several of the defendants.

The government made several productions which the defense contended were deficient (including the lack of metadata on numerous documents) and, in several cases, omitted key pieces of evidence. The defense enlisted the help of e-Discovery experts, who stated the government failed to properly process and load evidence into their database for production to defense counsel.

The issue was brought before the court in defense motions to compel and dismiss. First to the magistrate judge then to the district court judge, which resulted in a critical analysis of the way the government handled the discovery.


The original status conference in the case was held on May 29, 2019. For the next year, a series of motions and hearings proceeded with regards to delays and failures on the part of the government to meet discovery deadlines imposed by the court.

An evidentiary hearing was finally held before district court Judge Elizabeth A. Wolford on July 14, 2020, continuing through the remainder of that week until July 17, 2020, and then resumed and concluded on July 22, 2020. There were multiple expert witnesses, and the review of that testimony is over 7 pages in the Opinion.

On September 10, 2020, oral argument on the motions to compel and dismiss was heard before Judge Wolford. The Court entered its Decision and Order on October 8, 2020.

There was no dispute that the discovery in this matter was not handled properly. In the second paragraph of the above cited Decision and Order, Judge Elizabeth A. Wolford states,

“The Court recognizes at the outset that the government has mishandled discovery in this case—that fact is self-evident and cannot be reasonably disputed. It is not clear whether the government’s missteps are due to insufficient resources dedicated to the case, a lack of experience or expertise, an apathetic approach to the prosecution of this case, or perhaps a combination of all of the above.”

Specifically, the government somehow failed to process and/or produce ESI from several devices seized pursuant to a search warrant executed in May 2018 and in one case, a cell phone, seems to have actually been lost. The court ultimately dismissed the case without prejudice. This gave the parties time to resolve the discovery issues. On March 4, 2021, a grand jury returned a new 104 count indictment.

More important for our purposes are the discussions regarding the ESI and production issues. They are outlined below.


The Court wasted no time in saying “It is evident that the government has demonstrated a disturbing inability to manage the massive discovery in this case, and despite repeated admonitions from both this Court and the Magistrate Judge, the government’s lackadaisical approach has manifested itself in repeated missed deadlines.”

And later, “To be clear, the Court does not believe the record supports a finding that any party acted in bad faith. Rather, the discovery in this case was significant, and the government failed to effectively manage that discovery. In the end, because of its own negligence, the government did not meet the discovery deadline set by the Magistrate Judge.”


Judge Wolford made several references to the “massive discovery.” In an attempt to manage that data, the Magistrate Judge had initially directed the parties to draw up a document entitled “Data Delivery Standards” (hereinafter referred to as “the DPP”) which would control how documents were exchanged. It failed to do so for several reasons.

First was the large amount of data. Testimony by a defense expert witness at the evidentiary hearing of July 14, 2020, stated that “… the government’s Initial Production consisted of 1,450,837 documents, reflecting 882,841 emails and 567,996 other documents. Of those documents, 860,522 were missing DATE metadata, with over 430,000 documents reflecting no change in the DATE metadata field formatting after the DPP was agreed-upon. Once overlays were provided by the government, the DATE metadata field was corrected for almost one-third of the documents (primarily emails), but 590,448 documents still were missing DATE metadata, including 294,818 emails. Of those 294,818 emails, 169,287 had a misformatted DATE value and 125,531 had no DATE value. The Initial Production also contained missing values for the metadata fields of FILE EXTENSION, MD5 HASH, PATH, CUSTODIAN, MIME TYPE, and FILE SIZE— and the government overlays did not change the status of the information in any of those fields.”

Additionally, the USAO-WDNY’s processing tool was Nuix while another entity—the Litigation Technology Support Center in Columbia, South Carolina – processed some of the hard drives using a different processing tool called Venio. Additionally, the Federal Housing Finance Agency (“FHFA”) processed the Laptop Production using a “much more robust” version of Nuix than the system possessed by the USAO-WDNY.

These differing versions led to different productions which had different values for the metadata fields. Standardization on one tool could have prevented much of this. But the Court also noted that “… the quality review conducted by the government was insufficient to catch these errors.”

Inconsistent directions were an ongoing issue. For example, the Court found that “… the government prosecutors expressly instructed Mr. Bowman not to produce CUSTODIAN information for the Laptop Production, even though the government had provided similar information previously.”

Other government errors included:

  1. It applied different processing software inconsistently to the PST or OST files, thereby missing some metadata and producing varying results.
  2. It misformatted the DATE metadata caused by failing to catch the errors while conducting a quality review.
  3. It failed to produce native files in “the format in which they are ordinarily used and maintained during the normal course of business[.]” It produced near native or derivative native files from the OST or PST files without corresponding metadata.
  4. In many instances, load files necessary to install the document productions in the defense review software platform were missing.
  5. There were ongoing errors with respect to CUSTODIAN metadata, which were the result of human error on the part of the government.


With regards to what specific steps can be used to take control of cases with large amounts of ESI, the Court mentioned several.

  1. Use an exchange protocol. In civil cases, this document would arise from FRCP Rule 26(f), which mandates a “Meet & Confer” conference of the parties so that they might plan for discovery through the presentation of a specific plan to the Court. 

    In Morgan, this was the document entitled the DPP. In criminal cases going forward, the new Federal Rule of Criminal Procedure 16.1 will address some of these concerns. Drawn up specifically as a response to deal with the manner and timing of the production of voluminous Electronically Stored Information (ESI) in complex cases, Subsection (a) requires the prosecution and defense counsel to confer “[n]o later than 14 days after the arraignment…to try to agree on a timetable and procedures for pretrial disclosure under Rule 16.1.” Subsection (b) authorizes the parties, separately or together, to “ask the court to determine or modify the time, place, manner or other aspects of disclosure to facilitate preparation for trial.”

  2. Standardize the use of technology. As Judge Wolford said, “In sum, the Court believes that it would have been much more prudent if the government, after reaching agreement with the defense about the DPP, had utilized a competent vendor to process the ESI (and all the previously produced ESI) in the same manner with the same settings and utilizing the same tools.”

  3. Get a data manager. A common saying in IT circles is that “someone needs to own the data.” In this case, where the Government used multiple parties who employed different tools to work with the data, nobody owned the data. This lack of a central manager “… led to electronic productions being produced in an inconsistent manner and, in some instances, in violation of the DPP.”

  4. Get an expert. After hearing multiple experts testify for several days on what had transpired with the ESI, the Court noted, “… electronic discovery is a complicated and very technical subject. As a result, facts can be easily spun in a light most favorable to one party’s position or the other. That occurred here on behalf of all parties.”

    Nonetheless, the experts were able to bring clarification to the issues of “missing” metadata and divergent processing results that had beleaguered the parties and the Court. This field, especially with large amounts of ESI, is a classic example of the old maxim, “do not try this at home.” Get an expert.

  5. Use a review tool. ESI in these large amounts are simply not able to be reviewed manually. Both parties here recognized that fact and, as the Court noted several times, most of the errors in the case were not due to software but what we nerds call the “loose nut on the keyboard” syndrome.

    Get review software. Get trained on it. Use it. One admonition I always make which could have avoided many delays in this matter is do not try to load everything at once into your review platform. Start with a small amount of sample data to be sure you are getting what you need. Which leads to our last takeaway.

  6. Talk with the government. Judge Wolford specifically noted that the “… the Court also concludes that Defendants and the government were not always communicating effectively regarding electronic discovery.” For example, none of the parties could recall “… any discussions during those negotiations about the processing tools that would be utilized or the type of native file that would be analyzed for purposes of creating a load file.”


The Morgan case illustrates there are ways to learn about what you don’t have so you can bring it to the government’s attention and if need be, to the Court. It is also example of a Court being knowledgeable about ESI productions. The Court noted often and in different ways that “… electronic discovery is challenging even under the best of circumstances. In other words, the facts and circumstances cannot be appropriately evaluated without considering the volume of discovery and the enormous efforts needed to manage an electronic production of this nature.”

Find an expert who understands your needs and has effective communication skills to convey to you, the government, and Court complex technical issues. For many years, Magistrate Judge Andrew Peck (SDNY, Retired) advocated “Bring-Your-Geek-To-Court Day,” in which parties bring an outside consultant or an in-house IT person to address disputes. If you were to remember only one thing form this case, it should be: Go get a geek.

Tom O’Connor
Gulf Coast Legal Tech Center
Blog: https://technogumbo.wordpress.com/
Twitter: @gulfltc

Ephemeral Messaging Apps

[Editor’s Note: John C. Ellis, Jr. is a National Coordinating Discovery Attorney for the Administrative Office of the U.S. Courts, Defender Services Office. In this capacity, he provides litigation support and e-discovery assistance on complex criminal cases to defense teams around the country. Before entering private practice, Mr. Ellis spent 13 years as a trial attorney and supervisory attorney with Federal Defenders of San Diego, Inc. He also serves as a digital forensic consultant and expert.]

Ephemeral Messaging Apps are a popular form of communication. With privacy a concern for everyone, using a self-destructing message that works like disappearing ink for text and photos has a certain allure. All messages are purposely short-lived, with the message deleting on the receiver’s device, the sender’s device, and on the system’s servers seconds or minutes after the message is read. Although these apps were initially only used by teenagers, they are now a ubiquitous part of corporate culture.

According to the 6th Annual Federal Judges Survey, put together by Exterro, Georgetown Law CLE, and EDRM, 20 Federal Judges were asked “[w]hat new data type should legal teams be most worried about in the 5 years?”[1]  The overwhelming response was “Ephemeral Apps (Snapchat, Instagram, etc.).” Id.  In fact, 68% of those surveyed believed ephemeral messaging apps where the most worrisome new data type, whereas only 16% responded that biometric data (including facial recognition and fingerprinting) were the greatest risk. Only 5% were concerned with Text Messages and Mobile, and 0% were concerned with the traditional social media such as Facebook and Twitter.  Id.

Even now, Courts are attempting to sort out the evidentiary issues cause by ephemeral messaging apps, see e.g., Waymo LLC v. Uber Technologies, Inc. 17cv0939-WHA (NDCA).  This article discusses popular ephemeral messaging apps and discusses guidelines for addressing potential evidentiary issues.

Short technical background:

There are several background definitions relevant to this discussion:

  1. Text Messages – otherwise known as SMS (“Short Message Service”) messages, text messages allow mobile device users to send and receive messages of up to 160 characters. These messages are sent using the mobile phone carriers’ network. Twenty-three billion text messages are sent worldwide each day.  Generally, mobile carriers do not retain the contents of SMS messages, so the records will only show the phone number that sent or received the messages and the time it was sent or received.
  2. Messaging Apps – allow users to send messages not tethered to a mobile device (e., a phone number). With some apps, a user may send messages from multiple devices. These apps include iMessage, WhatsApp, and Facebook Messenger. Messaging Apps are generally free. Unlike text messages, these apps rarely have monthly billing records or records showing when messages were sent or received.
  3. Ephemeral Messaging Apps – are a subset of Messaging Apps that allow users to cause messages (words or media) to disappear on the recipient’s device after a short duration. The duration of the message’s existence is set by the sender. Messages can last for seconds or days, unless the receiver of the message takes a “screenshot” of the message before its disappearance.
  4. End-to-End Encryption – also known as E2EE, this is a type of encryption where only the communicating parties can decipher the messages, which prevents eavesdroppers from reading them in transit.

Common Disappearing Messaging Apps:

Messaging apps, like all apps, are changing.  The following is a list and description of several popular ephemeral messaging apps.

Snapchat – both a messaging platform and a social network. The app allows users to send messages and media (including words and emojis appearing on the media) that disappear after a set period of time. Photos and videos created on Snapchat are called “snaps.” Approximately 1 million snaps are sent per day.

Signal – an encrypted communications app that uses the Internet to send one-to-one and group messages which can include files, voice notes, images and videos, which can be set to disappear after a set period of time. According to Wired, Signal is the one messaging app everyone should be using.

Wickr Me – a messaging app that allows users to exchange end-to-end encrypted and content-expiring messages, including photos, videos, and file attachments.

Telegram – cloud-based instant messaging app with end-to-end encryption that allows users to send messages, photos, videos, audio messages and files. It has a feature where messages and attachments can disappear after a set period of time.

CoverMe – a private messaging app that allows users to exchange messages, files, photographs, and phone calls from a fake (or “burner”) phone number. It also allows for private internet browsing, and allows users to hide messages and files.

Confide – a messaging app that allows users to send end-to-end encrypted messages.  The user can also send self-destructing messages purportedly screenshot-proof.

Evidentiary Issues:

Messaging app data, like other forms of evidence, must, amongst other criteria, be relevant (Fed.R.Evid. 401); authenticated (Fed.R.Evid. 901 et seq); and comply with the best evidence rule (Fed.R.Evid 1001 et seq).

As for the Best Evidence Rule, based on the nature of disappearing messaging apps, the original writing of the message is not preserved for litigation. See Fed.R.Evid. 1004(a) (finding that the original is not required if “all the originals are lost or destroyed, and not by the proponent acting in bad faith.”) Sometimes, the contents of the message may be established by the testimony of a witness. In other cases, the contents of the message may be based on a screen shot of the message.

Authenticating messages from apps, regardless of their ephemeral nature, is often difficult—text messages can be easily faked. When it comes ephemeral messages, we often must rely upon a screenshot or testimony regarding the alleged contents of the message.  In such circumstances, the following factors—repurposed from Best Practices for Authenticating Digital Evidence—are useful[2]:

  • testimony from a witness who identifies the account as that of the alleged author, on the basis that the witness on other occasions communicated with the account holder;
  • testimony from a participant in the conversation based on firsthand knowledge that the screen shot fairly and accurately captures the conversation;
  • evidence that the purported author used the same messaging app and associated screen name on other occasions;
  • evidence that the purported author acted in accordance with the message (e.g., when a meeting with that person was arranged in a message, he or she attended);
  • evidence that the purported author identified himself or herself as the individual sending the message;
  • use in the conversation of the customary nickname, avatar, or emoticon associated with the purported author;
  • disclosure in the message of particularized information either unique to the purported author or known only to a small group of individuals including the purported author;
  • evidence that the purported author had in his or her possession information given to the person using messaging app;
  • evidence that the messaging app was downloaded on the purported author’s digital device; and evidence that the purported author elsewhere discussed the same subject.


Ephemeral messaging app data will continue to impact investigators, attorneys, and the Court. Defense teams should be prepared for the challenges ephemeral messages cause from investigations to evidentiary issues.

[1]Available at https://www.exterro.com/2020-judges-survey-ediscovery.

[2] Hon. Grimm, Capra, and Joseph, Best Practices for Authenticating Digital Evidence (West Academic Publishing 2016), pp. 11-12.


Important 11th Circuit decision regarding compelling of unencrypted data

Editor’s Note: Justin Murphy is a counsel at Crowell & Moring’s Washington, D.C. office, where he practices in the White Collar & Regulatory Enforcement Group and E-Discovery and Information Management Group. Justin’s practice focuses on SEC enforcement, white collar criminal matters, e-discovery matters relating to internal and government investigations, and related civil litigation. He has represented clients in both federal and state criminal proceedings, including state trial panel work in Maryland. Justin has a wealth of expertise in electronic discovery issues in government investigations and criminal litigation, having both written and presented on the subject. In this blog entry, Justin discusses United States v. Doe, a big win for AFPD Chet Kaufman of the Florida Northern Federal Public Defender Office.

Appeals Court Finds Encrypted Data Beyond Reach of Government Investigators

by: Justin P. Murphy, Counsel, Crowell & Moring LLP

In an important decision that could have significant implications for government enforcement, the Eleventh Circuit ruled that a suspect could not be required to decrypt his computer hard drives because it would implicate his Fifth Amendment privilege and amount to the suspect’s testifying against himself.

In United States v. Doe, the government seized hard drives that it believed contained child pornography.  Some of the hard drives were encrypted, and the suspect refused to decrypt the devices, invoking his Fifth Amendment right against self-incrimination.  The Eleventh Circuit held that compelling the suspect to decrypt and produce the drives’ contents “would be tantamount to testimony by Doe of his knowledge of the existence and location of potentially incriminating files; of his possession, control, and access to the encrypted portions of the drives; and of his capability to decrypt the files.”  Moreover, the government could not force a suspect to decrypt and produce the information where it could not identify with “reasonable particularity” the existence of certain files, noting that an “act of production can be testimonial when that act conveys some explicit or implicit statement of fact that certain materials exist, are in the subpoenaed individual’s possession or control, or are authentic.”  The court also rejected the government’s attempt to immunize production of the drives’ contents because the government acknowledged that “it would use the contents of the unencrypted drives against” the suspect. 

This decision appears to limit government investigators’ ability to compel an individual to reveal the contents of devices encrypted with passwords or codes in a criminal investigation based only on government speculation as to what data may be contained in certain files.  Although a corporation or partnership does not enjoy Fifth Amendment protection, individuals and sole proprietorships do, and this decision could have a significant impact on small businesses and individuals who work in highly regulated industries including health care, government contracting, energy, chemicals, and others that may face government scrutiny. 

For a copy of the decision, please click here.