Mobile Device Forensics Uncovers 513 Deleted Messages Related to Gulf Spill


“I would have presented those to the Grand Jury”
       -FBI Special Agent Kelly Bryson on the deleted text messages




The Background
The grainy black and white images of the oil spewing from the fractured valve at the bottom of the Gulf of Mexico were dramatic and painful to watch.  Millions of barrels of oil were flowing into the pristine Gulf, and no one seemed able to stop it.  Not to mention the 11 lives lost and the billions of dollars of impact to the Gulf states’ economy.  This was, of course, just some of the fallout from the historic BP oil rig blowout in 2010.

The Investigation
In the months that followed, the Department of Justice, regulators, insurance companies, and yes, attorneys were digging deep into the root cause of the tragic event.  One man, Kurt Mix, a former BP engineer, was responsible for calibrating and reporting the oil flow rates to public sources and internally to BP management, and these flow rate numbers were absolutely critical to the investigation.  What did Mix do when the FBI requested his mobile phone for forensic examination?  He deleted 513 relevant text messages, according to Kelly Bryson, who served on the DOJ task force.  The messages, sent by Mix to his supervisor and to a BP contractor, would have made a material difference in the investigation, Bryson said.

The Outcome
The mix was charged with obstruction of justice for destroying evidence, and last week he was finally convicted of those charges.

The Take-Aways
1.  Do your homework.  Take seriously your duty to investigate.  Remember that deleted text messages, emails, photos, and other ESI collected from a smartphone can be the best evidence available to support your case.  Recovered deleted text messages, in particular, can be extremely compelling.

2.  Don’t let privacy objections get in the way.  When seeking ESI on personal mobile devices from your adversary, have a thoughtful imaging and analysis protocol in your pocket that proactively addresses your opponent’s likely privacy concerns.  The protocol should address non-disclosure issues, data security, as well as a reasonable process for examining the ESI and enabling your opponent to conduct a privilege review.  This protocol can take the wind out of your opponent’s sails, and it will impress the judge.

3.  Case Law is Emerging.  Some recent rulings are validating the relevance of ESI residing on mobile devices.  In the Honeybaked Ham case, [1] for example, class action members were ordered to turn over their mobile phones for forensic analysis by a neutral third party when it was demonstrated that those devices likely contained relevant evidence.

4.  Mobile Device ESI is relevant in a wide array of cases.  It’s not just about deleted text messages.  What emails were sent/received?  Did the subject log into particular bank accounts?  Was the owner of the phone present at a certain location at a certain time (GPS history)?  Is there social media chatter that can support your assertions?  What websites is the individual visiting?   These and other questions can be answered with a forensic examination of a mobile device.