cellphone with messaging app Photo: Shutterstock

With the rise of ephemeral messaging, self-erasing communications have gone from spy movie lore to everyday consumer technology (minus, of course, the tiny denotations). But while embraced by privacy advocates, such technology isn't always readily welcomed from those tasked with compliance efforts and investigations.

Time-limited messaging, after all, can stifle the best laid e-discovery plans or the most thoroughly conducted investigation. And they're not going away anytime soon. Once only the focus of a handful of messaging apps, ephemeral messages are now being offered by widely used services like Gmail and Facebook.

From a corporate perspective, it can seem that ephemeral messaging is a headache best left outside office doors. But the opposite is happening, with the likes of Uber and Waymo allowing such self-erasing communication in-house. And there are even signs government officials and attorneys are potentially using the technology as well, given that such tools hindered special counsel Robert Mueller's investigation into Russia's interference in the 2016 presidential election.

So what gives?

For many enterprises, there can be a legitimate business purpose for allowing the use of ephemeral messaging in-house, which, due in part to efforts by the app developers themselves, can now be tightly controlled and monitored. What's more, the use of such messaging is also becoming less of a red flag than it once was in the eyes of courts and regulators.

All of this makes for a particularly good situation for ephemeral messaging developers looking to expand their client base. Chris Howell, co-founder and CTO of private messaging app Wickr, noted that the company's business teams and enterprise platform, specifically designed for corporate users, is being adopted much faster than its consumer platform. “It's a much greater expansion around the use of ephemeral tools, [especially] the one we're bringing to market in the business space. Granted, it's newer in the business space than it is in the consumer space.”

While the reasons behind such adoption can vary, Gareth Evans, e-discovery expert and partner at Redgrave, noted that one of the most fundamental uses for ephemeral messaging is to help organizations more easily delete data they shouldn't be keeping in the first place.

“Simply, if there is no business purpose or business need for retaining the messaging, if there is no legal requirement to keep it, that in itself is a good reason not to be keeping it. And by keeping communications [you don't need], you run certain risks.”

Evans added that such a function can be particularly useful for sales teams, who often do business via text, to make sure that they are not storing or passing on “confidential and proprietary information they wouldn't want to be disclosed further.”

Of course, how widely ephemeral messaging is used plays a big role in whether it helps or hurts an enterprise's compliance operations. But Kermit Wallace, chief information officer at Day Pitney, noted that companies that implement mobile device management controls can limit and monitor what data ephemeral messaging mobile apps access. The same controls, he adds, can also be put in place for desktop apps that have self-deleting functions.

To be sure, ephemeral messaging providers are also lending a helping hand, offering their own tools to help clients better limit unintended data loss with their apps.

Wickr's Howell notes that many “ephemeral massing platforms are growing up, they are giving companies options that didn't exist two years ago.” He specifically pointed to the option to integrate such platforms into a company's data archiving system, meaning while a message may be deleted on an end user's device, it is still captured and saved by a company server for compliance purposes. The ephemeral nature of the message then is essentially limited.

Of course, any enterprise can potentially use its own management tools to completely restrict the use of ephemeral messaging apps internally. But while an option, it may be not be necessary given how legal and regulatory attitudes toward such technology are evolving.

In April 2019, for example, the Department of Justice (DOJ) rescinded a policy requiring companies to restrict their employees' use of ephemeral messaging apps if they wanted credit for cooperating with DOJ enforcement actions under the Foreign Corrupt Practices Act. The new DOJ policy now only requires companies to implement “appropriate guidance and controls on the use of personal communications and ephemeral messaging platforms.”

What's more, the highly publicized trade secrets case Waymo v. Ubersettled in February 2018, highlighted how courts are moving to accept legitimate uses for ephemeral messaging. During pretrial discovery, Uber wasn't sanctioned for using Wickr to erase data Waymo sought. Instead, the judge overseeing the matter ruled Waymo could inform the jury of the situation and have them reach their own conclusions. To be sure, Waymo also disclosed it used ephemeral messaging apps in-house as well.

Evans said the case is an example of a broader shift in how courts approach potential evidence destruction by ephemeral messaging. “You've seen courts increasingly, rather than imposing sanctions, they'll allow the issue to be presented to a jury.”

Wallace added that courts and the DOJ's move to affirm the legitimate business purpose of ephemeral messages within companies represent a sea change from how the technology has been perceived in the not-too-distant past.

He explained that oftentimes, “use of ephemeral messaging apps colored the perception that there was something nefarious going on.” But now, “I think that perception is changing,” he said, adding that given the rise of privacy and data breach concerns, self-deleting apps are now met with less such skepticism.