It is well-known that vast, diverse quantities of information that are available from social media sources like Facebook, and that they include both the materials users have posted and also information gathered about users from their use (e.g., people, places, and devices). Facebook, for example, allows sharing of photos and videos, status updates, public posts, private messages, live chats, and more.
Each social media account for each individual user can contain hundreds or thousands of pages of materials in a mishmash of formats. For example, in one highly publicized case (related to the end of the US-EU Safe Harbor program), a law student requested all of Facebook’s retained data on him and received 1,222 pages that included: posts, messages, and chat logs; log-on and posting times; records of his friends and connections; GPS data from photographs; some deleted materials, etc.
Beyond all of the user-created and user-shared materials, and beyond all of the metadata associated with those materials, most social media services also generate their own records of and about user activity, such as IP address logs. Facebook’s gathering and handling of information about its users came under scrutiny in 2018 after revelations about political uses of that data, which led some users to dig into what Facebook knows about them. They discovered that it was gathering more than they realized from their Android smartphones.
Finding Out What Facebook Knows
Facebook offers a self-export mechanism that allows users to download an aggregated copy of materials associated with their account – including some of the data Facebook has recorded about them and their use. This feature dates back to 2010 and is called “Download Your Information.”
In 2018, a user utilizing this feature discovered that Facebook had been keeping records of activity on his Android smartphone, including every call made or received over the past two years, when, for how long, and with whom, as well as similar records for every text message (SMS) and multimedia message (MMS) from the same time period. After sharing his discovery publicly, other individuals and reporters using Android devices checked as well and found the same thing in Facebook’s data about them. Facebook insists this data was collected with permission, though disagreement about that point remains.
Relevance to eDiscovery
Facebook material is discoverable, if relevant and proportional, just like material from any other ESI source, and failure to preserve it has led to spoliation sanctions in numerous cases.
In most cases it will be the content of posts, communications, and images that is relevant, but in some situations, these records of phone calls and messages might be. Although the Facebook logs do not contain the content of the phone calls, SMS messages, or MMS messages, they could still establish communication with particular individuals at particular times, which could be useful – particularly in situations where that data is not available that far back on the smartphone itself.
Thus, for parties or custodians with a Facebook account accessed from an Android device, this is a kind of data to keep in mind as potentially available and relevant. And, given the reach of Android and Facebook, this is likely to be applicable to many people: Android has over 2.8 billion monthly active users and Facebook has nearly 3 billion monthly active users, more than 80% of whom have accessed the service from an Android device.