More Pressure on Messaging Apps

U.S. antitrust regulators are reminding companies of their duty to preserve employee communications, including those from “ephemeral messaging” apps such as Slack or WhatsApp — with a warning that “failure to produce such documents may result in obstruction of justice charges.”

So say the Antitrust Division of Justice Department and Federal Trade Commission, who issued their rather ominous warning Friday afternoon. This is the first time we’ve seen the antitrust crowd wade into the fray over ephemeral messaging apps, and the first time anyone has used up the word “obstruction” while doing so.

“Companies and individuals have a legal responsibility to preserve documents when involved in government investigations or litigation in order to promote efficient and effective enforcement that protects the American public,” Henry Liu, director of the FTC’s Bureau of Competition, said in a statement. “Today’s update reinforces that this preservation responsibility applies to new methods of collaboration and information sharing tools, even including tools that allow for messages to disappear via ephemeral messaging capabilities.”

Manish Kumar, deputy assistant attorney general at the Antitrust Division, was even more direct: “The Antitrust Division and the Federal Trade Commission expect that opposing counsel will preserve and produce any and all responsive documents, including data from ephemeral messaging applications designed to hide evidence. Failure to produce such documents may result in obstruction of justice charges.”

Their new language on ephemeral messaging will now be included in standard preservation letters that the FTC and Antitrust Division send to investigation targets, as well as in grand jury subpoenas, voluntary access letters, and other correspondence you’re likely to get when under antitrust investigation.

What does this mean on a practical level? That takes some unpacking.

Broader Messages on Messaging

First, this latest directive about messaging should not be confused with enforcement actions taken by the Securities and Exchange Commission against broker-dealer firms. Those firms must comply with SEC rules that require broker-dealers to preserve “all communications and copies of all communications sent … relating to its business as such” for periods ranging from two to six years. 

The mere failure to preserve those communications — including those from ephemeral messaging apps — is a compliance violation unto itself, and the legal basis for SEC enforcement. Those broker-dealer rules do not apply to other companies outside the financial services sector. 

messagingSecond, we should be clear that this new posture on messaging only comes from the FTC and the Antitrust Division of the Justice Department — not the Criminal Division, which handles a much wider range of corporate misconduct cases. 

Even then, however, the FTC and Antitrust Division were careful to say that companies should preserve communications “when involved in government investigations or litigation,” to use Liu’s exact words. So what responsibilities does a company have to preserve those communications generated on messaging apps before an investigation exists, or when no investigation exists at all? 

This is where we enter a gray area. For example, SEC rules meant to enforce the Foreign Corrupt Practices Act specify that “no person shall directly or indirectly, falsify or cause to be falsified, any book, record or account subject.” OK, but let’s be clear that those provisions forbid executives (and by extension, employees) from falsifying business records. 

So if employees are using Snap, WhatsApp, or other messaging apps that don’t preserve a record of those communications, but the employees are not using those apps to foist some deception on investors — is that a compliance violation unto itself? Doesn’t seem like one to me.

What About the Compliance Guidelines?

We still have the Justice Department’s guidelines on effective compliance programs, which added a new section in 2023 to address messaging apps. Here is what seems to be the most relevant part:

Policies governing such applications should be tailored to the corporation’s risk profile and specific business needs and ensure that, as appropriate and to the greatest extent possible, business-related electronic data and communications are accessible and amenable to preservation by the company. Prosecutors should consider how the policies and procedures have been communicated to employees, and whether the corporation has enforced the policies and procedures on a regular and consistent basis in practice.

The above words are not a blanket ban on using ephemeral messaging apps. Honestly I’m not sure what they are, other than the usual Justice Department imprecision to give prosecutors as much leeway to exercise subjective judgment as possible. Clearly companies must give at least some consideration to the compliance risks you face, and the ways that employees might use ephemeral messaging apps to engage in compliance violations — but how much consideration, exactly? 

The Justice Department guidance offers a few other clues, in the form of questions prosecutors should consider:

  • What mechanisms has the company put in place to manage and preserve information contained within each of the electronic communication channels? 
  • What preservation or deletion settings are available to each employee under each communication channel, and what do the company’s policies require with respect to each?
  • What is the rationale for the company’s approach to determining which communication channels and settings are permitted?

All good stuff. All intended to make executive management think about messaging apps, and devise a policy with some sort of logic to it, backed up by technical controls to put that policy into practice. 

It’s still not the same as saying, “Don’t use these apps.” It’s not the same as threatening an obstruction charge if you do use the apps and they destroy evidence related to an investigation. But now that the antitrust regulators have started using such language, I wonder whether the Criminal Division and other civil regulators will follow suit. 

Leave a Comment

You must be logged in to post a comment.