In October 2010, Facebook provided a “Download Your Information” (“DYI”) feature to provide a means for a user to download to their computer data they have posted to their own accounts, including messages to and from friends. It is built on top of Facebook’s Graph application programming interface and creates a compressed ZIP file. “You really will have a copy of all your information in one place,” said David Recordon, Facebook’s senior open programs manager upon the announcement of the feature. “We built this product as something that’s useful for people, not for other developers.” But is DYI useful or defensible for eDiscovery?
In making that assessment it is important to understand that the following key information is not included in Facebook’s DYI:
- Certain contributed content to other friend’s accounts. If an account owner/custodian were to post a picture to a friend’s wall, that post and associated comments would not be collected by DYI.
- Photos of the custodian posted to other users’ wall. Facebook allows a feature for users to tag photos to identify their friends who appear in a picture they are posting. Unless that picture also appears on the custodian’s wall, it will not be collected by DYI, even though such photos are available to the custodian in the “photos of you” feature.
- Most Metadata Fields. Facebook contains over 20 unique metadata fields, all of which can be very important as substantive evidence or as information that helps establish an evidentiary foundation, which is particularly important for social media evidence. DYI items include 2 metadata fields displayed in plain text.
As Facebook DYI is not designed to be an eDiscovery tool, it will not generate hash values of the information or provide a defensible chain of custody. KPMG, a leading eDiscovery service provider recently published a blog post constituting negative peer review of Facebook DYI, noting that Facebook DYI “was not conceived to be a forensic collection tool. The only original timestamps that it preserves are in the HTML files which can be easily modified.”
As always, legal and eDiscovery professionals should test and validate their methodologies they employ to preserve and collect evidence and be aware of the emergence of best practices technologies in the industry that are subject to positive peer review.