Skip to main content
A Better Partnership


Jan 2019
January 24, 2019

Hot Topic: The Internet of Things and eDiscovery

Even when you don’t know it, you’re creating data — data that is stored somewhere for some indeterminate period of time. When you use your smartphone, one or more cell towers record and store your phone’s unique identifier. If your phone’s Wi-Fi is turned on, it’s continually sending out a low power signal looking for available Wi-Fi networks. When it “pings” one, the Wi-Fi network also records your phone’s unique identifier. A Fitbit records the user’s heart rate, steps taken, calories burned, and stores that data in “the cloud.” Newer cars have a “black box” similar to that in an airplane. In the event of a collision, the data can be used to show speed at impact, whether seats belts  were in use, and whether the brakes were applied. Many other “smart” devices, from thermostats to refrigerators to home security systems, record and store data with little, if any, user interaction. Welcome to the Internet of Things (“IoT”).

What is the IoT? Very simply, it’s the connection of non-traditional computing devices to the Internet. The process started with our cell phones, but has branched out to our vehicles, our watches, our appliances, our home security systems, etc. Gartner estimates that in 2016 the number of Internet-connected “things” was at 6.4 billion and predicts the number will grow to 20.8 billion by 2020. All of these billions of devices create and store data, at least temporarily. It is discoverable, like all electronic data. In fact, IoT data has already played a role in some interesting cases.
  • In Ohio, a man was charged with arson when the data from his pacemaker did not correspond to his reported activities at the time of the fire.
  • In Connecticut, a husband was charged with the murder of his wife when the data from her Fitbit conflicted with the husband’s account of the crime.
  • In Arkansas, the audio recordings from a murder suspect’s Amazon Alexa were subpoenaed for whatever evidence they might provide about what transpired inside the house on the night of the murder.
  • In Illinois, Google’s creation of “facial maps” from photographs automatically uploaded from Google Droid devices to the Google Cloud led to legal challenges under the Illinois Biometric Information Privacy Act.

While several of these cases concern criminal prosecutions, they still illustrate the pivotal role IoT data could play in litigation. Indeed, civil litigation, such as wrongful death or insurance fraud, could result from these highlighted cases. If we’ve learned anything, it’s that electronic data, regardless of source, is treated like any other discoverable information. “Rule 34(a) is amended to confirm that discovery of electronically stored information stands on equal footing with discovery of paper documents.” Committee Notes, 2006 Amendments, Fed. R. Civ. P. Rule 34(a). This means we need to take the same steps with IoT data as with any other physical or electronic data.

We are entering an era when the interconnectedness of things with the Internet will further complicate the discovery process by vastly expanding the number of electronic data sources and further exploding the volume of electronic data. The lack of IoT data standards regarding data format and storage exacerbate these complexities. In the meantime, all we can do is apply the lessons we’ve learned to date on handling electronic data in civil litigation.
  • Pay special attention to whether litigation has been filed or is “reasonably foreseeable,” triggering your duty to preserve evidence.
  • Determine if IoT data exists and is potentially relevant to the claims or defenses in the litigation.
  • If potentially relevant, determine if the IoT data is within your “possession, custody or control.”
  • If so, determine if and how the IoT data can be preserved. Take reasonable steps to preserve the data and include it in your litigation hold.
  • Determine if the IoT data is “readily accessible” and can be collected, reviewed and produced.
  • Document all steps taken to identify, preserve and collect IoT data.
  • Raise any issues regarding the above as early as possible with your opponent and/or the court

Learn more by visiting our Data Analytics + eDiscovery Practice Group page.

NOTICE. Although we would like to hear from you, we cannot represent you until we know that doing so will not create a conflict of interest. Also, we cannot treat unsolicited information as confidential. Accordingly, please do not send us any information about any matter that may involve you until you receive a written statement from us that we represent you.

By clicking the ‘ACCEPT’ button, you agree that we may review any information you transmit to us. You recognize that our review of your information, even if you submitted it in a good faith effort to retain us, and even if you consider it confidential, does not preclude us from representing another client directly adverse to you, even in a matter where that information could and will be used against you.

Please click the ‘ACCEPT’ button if you understand and accept the foregoing statement and wish to proceed.



+ -