The Disappearing Evidence Crisis: How Ephemeral Messaging Is Rewriting the Rules of eDiscovery

From Google's sanctioned chat deletions to $2.8 billion in SEC fines for off-channel communications, ephemeral messaging has become litigation's most dangerous blind spot. Here's what every litigation team needs to know about preserving evidence that's designed to vanish.

By Sid Newby | April 2026

In twenty-plus years of building litigation technology, I've seen evidence challenges evolve from overflowing file rooms to overflowing email servers. But nothing in my career has prepared me for the challenge we're facing now: critical business communications that are engineered to destroy themselves. Ephemeral messaging -- Signal, WhatsApp disappearing messages, Google Chat with "history off," Snapchat, Telegram's secret chats -- has gone from a niche privacy tool to the default communication channel for entire organizations. And the legal system is only now waking up to the catastrophic implications for discovery, preservation, and the fundamental integrity of the litigation process. The numbers are staggering, the case law is escalating, and the regulatory response is unprecedented. If your litigation team doesn't have an ephemeral messaging strategy, you're already behind.

The scale of the problem: business communication has gone ephemeral

A decade ago, the eDiscovery universe was dominated by email. Microsoft Exchange and Outlook were the primary vehicles for business communication, and while the volume was challenging, the data was at least persistent -- messages sat on servers, backed up nightly, and could be collected with well-understood tools and workflows. That world is gone.

In 2026, the average enterprise uses three to five messaging platforms alongside email: Microsoft Teams, Slack, WhatsApp, Signal, and an assortment of industry-specific tools.^[1] Many of these platforms offer disappearing message features -- and employees are using them. A 2025 survey by Global Relay found that over 70% of financial services firms reported employees using personal or ephemeral messaging apps for business communications, despite explicit policies prohibiting the practice.^[2]

The shift isn't just about platform proliferation. It's about a fundamental change in how people communicate at work. Slack messages are terser and more frequent than emails. WhatsApp groups replace conference calls. Signal threads replace hallway conversations. And increasingly, the most candid -- and legally relevant -- communications happen in channels that are designed to leave no trace.

For eDiscovery practitioners, this creates a preservation and collection challenge that is qualitatively different from anything we've faced before. You can't collect what no longer exists. You can't review what was never preserved. And you can't produce what you didn't know needed to be held.

Figure 1: The proliferation of messaging platforms with auto-delete features has fundamentally changed the eDiscovery landscape.

The regulatory reckoning: $2.8 billion in fines and counting

The most aggressive response to the ephemeral messaging crisis has come not from courts but from regulators -- specifically the Securities and Exchange Commission (SEC) and the Commodity Futures Trading Commission (CFTC), which have imposed historic penalties for recordkeeping failures tied to off-channel communications.

The enforcement wave began in December 2021, when JPMorgan Chase agreed to pay $200 million in combined SEC and CFTC penalties after admitting that employees at all levels -- from junior analysts to managing directors -- had routinely used WhatsApp, personal text messages, and other unapproved channels for business communications, in violation of federal recordkeeping requirements.^[3]

What followed was an industry-wide reckoning. In September 2022, the SEC announced a single sweep of $1.1 billion in penalties against 15 financial institutions for identical failures.^[3] The firms included Goldman Sachs, Morgan Stanley, Bank of America, Citigroup, and Barclays -- a who's who of Wall Street. In each case, the violations were the same: employees used personal devices and ephemeral messaging apps for business discussions, and the firms failed to preserve or monitor those communications as required by the Securities Exchange Act.

The enforcement hasn't slowed. In 2024 and 2025, the SEC imposed additional rounds of penalties, bringing the cumulative total to approximately $2.8 billion in fines related to off-channel communication failures.^[4] Individual fine amounts have ranged from $7 million to $125 million, with the variance driven largely by cooperation: firms that self-reported, remediated, and cooperated with investigators received penalties on the lower end, while those that stonewalled or failed to act were hit with the largest fines.^[4]

Year	Notable Enforcement Actions	Approximate Penalties
2021	JPMorgan Chase settlement	$200M
2022	15 financial institutions (single sweep)	$1.1B
2023-2024	Additional rounds across banking and advisory	$800M+
2025	12 financial services firms (early 2025)	$63M
Total	Cumulative off-channel fines	~$2.8B

Table 1: SEC and CFTC enforcement actions for off-channel communication recordkeeping failures. Sources: SEC enforcement releases, Holland & Knight advisory.[^3][^4]

The message from regulators is unmistakable: the era of treating ephemeral messaging as an informal, unmonitored communication channel is over. And while these enforcement actions have been concentrated in financial services -- where recordkeeping obligations are explicit and well-established -- the implications extend to every industry that faces litigation.

The DOJ and FTC weigh in: new preservation standards

The Department of Justice and Federal Trade Commission have taken a parallel but distinct approach, focusing on preservation obligations in the context of investigations and litigation rather than industry-specific recordkeeping rules.

In January 2024, the DOJ Antitrust Division and FTC issued a joint announcement that they were revising the language in their standard preservation letters, grand jury subpoenas, and compulsory legal processes to specifically address ephemeral messaging.^[5] The updated language makes explicit what was previously implied: companies receiving preservation obligations must preserve communications from all platforms, including those with auto-delete features. As the DOJ put it, companies can no longer "feign ignorance" about their obligation to preserve ephemeral messages.^[5]

This guidance built on remarks by Deputy Attorney General Lisa Monaco in September 2022, who directed DOJ prosecutors to evaluate whether corporations have "effective policies and procedures governing the use of personal devices and third-party messaging platforms" when assessing corporate compliance programs.^[6] The implication was clear: companies that allow unmonitored ephemeral messaging are demonstrating a compliance failure that will be held against them.

The DOJ has also created a powerful incentive structure for self-reporting. Companies that identify ephemeral messaging compliance failures, self-report, and demonstrate credible remediation can receive cooperation credit of up to 50% reduction in penalties, avoidance of a compliance monitor, and shorter terms for deferred prosecution agreements.^[4] The flip side is equally clear: companies that fail to preserve ephemeral messages and are caught face the full weight of prosecution.

The Amazon and Google cases

Two landmark cases illustrate the DOJ/FTC's escalating approach to ephemeral messaging in antitrust enforcement.

In the FTC's monopolization case against Amazon (2024), investigators discovered that senior executives had used Signal with disappearing messages enabled despite knowing they were subject to document retention obligations. The FTC sought spoliation remedies, arguing that the use of auto-delete features in the face of preservation obligations was tantamount to intentional destruction of evidence.^[7]

In the DOJ's search monopolization case against Google, prosecutors presented evidence that the company had made "history off" the default setting for Google Chat, effectively ensuring that internal communications would be automatically deleted. The DOJ argued that Google had "trained staff on using message deletion features" and sought sanctions for what it characterized as systematic evidence destruction.^[7]

These cases signal a paradigm shift: regulators are no longer treating ephemeral messaging as a technical oversight. They're treating it as potential obstruction.

The courts respond: from comity to sanctions

While regulators have led the enforcement charge, courts are developing their own increasingly aggressive approach to ephemeral messaging spoliation.

Epic Games v. Google: the landmark spoliation ruling

The most consequential judicial response to ephemeral messaging came in Epic Games, Inc. v. Google LLC (In re Google Play Store Antitrust Litigation), where Judge James Donato of the Northern District of California sanctioned Google for its systematic failure to preserve Google Chat communications.^[8]

The facts were damning. Despite issuing litigation holds, Google left employees "largely on their own to determine what Chat communications might be relevant" and did "nothing in the way of auditing or monitoring Chat preservation."^[8] The court found that Google had "falsely assured the Court in a case management statement" that it had "taken appropriate steps to preserve all evidence relevant to the issues reasonably evident in this action, without saying a word about Chats."^[9]

The sanction was severe: Judge Donato issued an adverse inference instruction, telling the jury to assume that the deleted communications would not have been favorable to Google.^[9] In a trial where Google ultimately lost -- with the jury finding that the company had maintained an illegal monopoly over the Android app distribution market -- the adverse inference instruction on destroyed chat evidence was a significant factor. The Ninth Circuit upheld the verdict in August 2025.^[9]

Soqui v. England Logistics: context matters

A more recent case illustrates a different dimension of the messaging challenge. In Soqui v. England Logistics, Inc. (D. Utah, November 2025), the court addressed not the destruction of messages but their decontextualized production. The defendant had produced individual Microsoft Teams messages in isolation, stripped of their surrounding conversational context. Magistrate Judge Daphne Oberg ruled that producing isolated messages without context was inadequate, ordering production of full conversation threads or at least 10 messages before and after each responsive message.^[10]

The ruling underscores a principle that eDiscovery practitioners have long understood but that courts are now formalizing: messaging data is fundamentally different from email. A single Teams or Slack message, divorced from its thread, is often meaningless. The medium demands contextual collection and production -- a requirement that adds significant complexity to already challenging workflows.

The preservation duty trigger

Courts continue to refine the threshold at which the duty to preserve ephemeral messages attaches. The established standard -- that preservation obligations are triggered when litigation is "reasonably anticipated" -- applies with full force to ephemeral communications.^[11] But the practical challenge is acute: by the time litigation is anticipated, ephemeral messages may already be gone.

In PharmacyChecker.com v. National Association of Boards of Pharmacy (S.D.N.Y., September 2025), the court imposed sanctions where a party failed to preserve granular data before a third-party platform shutdown, emphasizing that "preservation duties require attorney-coordinated action once data destruction is foreseeable."^[10] The principle applies directly to ephemeral messaging: counsel cannot wait for a formal litigation hold to address auto-deleting communications. By then, the evidence has already vanished.

The technical challenge: collecting what's designed to disappear

Even when organizations recognize their preservation obligations, the technical mechanics of collecting ephemeral messaging data present formidable challenges that traditional eDiscovery tools were not designed to handle.

The collection gap

Traditional eDiscovery collection relies on accessing centralized data stores: email servers, file shares, cloud storage. Ephemeral messaging inverts this model. Messages may exist only on individual devices, may be encrypted end-to-end (making server-side collection impossible), and may be subject to auto-delete timers that destroy evidence before collection can occur.^[1]

The specific challenges vary by platform:

Signal: End-to-end encrypted with no server-side message storage. Collection requires physical access to the device, and disappearing messages (if enabled) are irrecoverable once deleted.
WhatsApp: End-to-end encrypted. Messages can be backed up to cloud services (Google Drive or iCloud), but disappearing messages are excluded from backups once the timer expires.
Google Chat (history off): Messages are stored on Google servers but are not retained beyond the active session when history is disabled. Organizations using Google Workspace can enforce retention policies through admin controls -- but many don't.
Microsoft Teams: Messages are stored in Exchange Online and can be subject to retention policies and legal holds through the Microsoft Purview compliance center. However, private chats, guest access conversations, and third-party app integrations present collection gaps.
Slack: Enterprise Grid customers can configure message retention policies and legal holds. However, free and standard plans have limited retention, and direct messages may not be covered by organizational holds.

Emerging solutions

The technology industry is responding to the collection challenge, though solutions remain imperfect. Modern approaches include:^[1]

API-based collection: Tools that connect directly to messaging platforms through APIs, capturing data in native format with preserved metadata and timestamps.
Mobile device management (MDM) integration: Enterprise MDM solutions that enforce messaging policies, disable auto-delete features, and enable remote collection.
Archiving middleware: Third-party services (Global Relay, Smarsh, Theta Lake) that intercept and archive messaging data in real time, before auto-delete features can activate.
Forensic device imaging: When all else fails, forensic imaging of physical devices can sometimes recover deleted messages -- though success depends on the platform, encryption, and time elapsed.

The gap between what's technically possible and what most organizations actually do remains enormous. A 2025 study found that while 87% of organizations acknowledged using ephemeral messaging platforms, only 34% had implemented comprehensive archiving solutions for those platforms.^[2]

Figure 2: The gap between messaging platform adoption and archiving capability creates a widening preservation risk for litigation teams.

Building an ephemeral messaging strategy: a practical framework

For litigation teams, the question is no longer whether to address ephemeral messaging but how. Based on the enforcement trends, case law, and technical realities outlined above, here is a practical framework for managing the risk.

1. Know your messaging landscape

You cannot preserve what you don't know exists. The first step is a comprehensive audit of every messaging platform in use across the organization -- not just those officially sanctioned by IT, but the shadow platforms that employees use on personal devices. This audit should cover:

All enterprise-deployed messaging tools (Teams, Slack, Google Chat)
Personal messaging apps used for business purposes (WhatsApp, Signal, Telegram)
Industry-specific platforms (Bloomberg Terminal chat for financial services, Doximity for healthcare)
Auto-delete settings and retention configurations for each platform

2. Implement proactive retention and archiving

Waiting for litigation to impose a hold on ephemeral messages is waiting too long. Organizations should implement proactive retention policies that ensure business communications are archived regardless of platform:

Configure enterprise messaging platforms to enforce minimum retention periods
Deploy archiving middleware for platforms that don't support organizational retention controls
Disable auto-delete features where possible, or set minimum retention windows that exceed the organization's average time-to-litigation

3. Update litigation hold procedures

Traditional litigation hold notices that instruct employees to "preserve all relevant documents" are insufficient for ephemeral messaging. Updated holds should:

Specifically name every messaging platform in use
Provide platform-specific preservation instructions (e.g., "Disable disappearing messages in Signal," "Set Google Chat history to 'on'")
Require affirmative acknowledgment that auto-delete features have been disabled
Implement verification mechanisms -- don't rely on employee self-certification alone

4. Monitor and enforce

The Google Chat disaster in Epic Games v. Google illustrates what happens when organizations issue holds but don't enforce them. Effective preservation requires:

Automated monitoring to verify that retention policies are active
Periodic audits of messaging platform configurations
Escalation procedures when non-compliance is detected
Documentation of all preservation efforts (critical for defending against spoliation claims)

5. Prepare for the forensic fallback

Despite best efforts, there will be situations where ephemeral messages are lost. Organizations should be prepared to:

Engage forensic specialists who can attempt recovery from devices
Document the technical limitations that prevented preservation
Demonstrate good faith efforts to preserve (the reasonableness of preservation efforts is a key factor in Rule 37(e) sanctions analysis)^[11]

The access to justice dimension

There's a dimension of the ephemeral messaging crisis that doesn't get enough attention: its asymmetric impact on parties with fewer resources.

Large corporations can afford enterprise archiving solutions, dedicated compliance teams, and forensic specialists. A small business or individual plaintiff facing a well-resourced defendant that has systematically destroyed ephemeral communications has limited recourse. The adverse inference instruction in Epic Games v. Google was a powerful remedy -- but it required years of litigation, extensive forensic investigation, and the resources of Epic Games (itself a multi-billion-dollar company) to obtain.

For smaller parties, the practical reality is grimmer. Proving spoliation of ephemeral messages requires demonstrating that the messages existed, that they were relevant, and that they were intentionally or negligently destroyed -- a burden that is extraordinarily difficult to meet when the evidence of the evidence's existence has itself been destroyed.

This is an area where the legal system needs to evolve. Courts should consider:

Shifting the burden of proof when a party is shown to have used auto-delete features during the preservation period
Presumptive adverse inferences when a party fails to produce ephemeral messaging data from platforms known to be in use
Cost-shifting to require the spoliating party to fund the opposing party's forensic investigation efforts

The integrity of the discovery process depends on evidence being available to both sides. When one party can make evidence vanish by default -- and the other party bears the burden of proving it existed -- the playing field isn't level.

Looking ahead: the next 18 months

The ephemeral messaging challenge is not going to get simpler. Several developments on the horizon will intensify the pressure:

Regulatory expansion beyond financial services: The SEC's enforcement model is being studied by regulators in healthcare, energy, and government contracting. Industry-specific recordkeeping requirements that mirror the securities laws' off-channel communication provisions are likely within the next two years.

AI-generated message reconstruction: Emerging AI tools claim the ability to reconstruct the substance of deleted communications based on metadata patterns, remaining fragments, and contextual analysis from preserved messages. While the forensic reliability and admissibility of such reconstructions remain untested, they represent a potential game-changer for spoliation remediation.

Platform design changes: Under regulatory pressure, messaging platforms are beginning to build enterprise-friendly retention features. Signal introduced "linked device backup" capabilities in late 2025, and WhatsApp Business now supports compliance archiving in select markets. The gap between consumer-grade ephemeral features and enterprise retention needs is slowly closing -- but slowly is the operative word.

International divergence: The tension between data privacy regimes (which favor minimal data retention) and discovery obligations (which favor maximum preservation) will continue to intensify, particularly as EU regulators push back against U.S.-style broad discovery that conflicts with GDPR's data minimization principles.

For litigation teams, the message is clear: ephemeral messaging is not a future problem. It is the present crisis. Every day that passes without a comprehensive preservation strategy is a day that potentially critical evidence is being destroyed -- automatically, silently, and by design.

The organizations that act now -- implementing archiving, updating holds, monitoring compliance, and preparing for forensic contingencies -- will be positioned to meet their discovery obligations and protect their litigation interests. Those that don't will find themselves where Google found itself in the Epic Games trial: explaining to a jury why their most important communications no longer exist.

[1]DISCO, "Mastering Ephemeral Data for eDiscovery," DISCO Blog

[2]Global Relay, "Overcoming Compliance Risks of Ephemeral Messages," Global Relay

[3]Holland & Knight, "Do Not Delete: SEC and DOJ Send Serious Messages on Preserving Ephemeral Communications," Holland & Knight

[4]NYU Compliance & Enforcement, "Personal and Ephemeral Messaging Platforms: A Priority Target for Enforcement and Regulators," NYU Law

[5]Sidley Austin, "Disappearing Messages Are Here to Stay: U.S. FTC and DOJ Announce New Guidance on Obligations to Preserve Ephemeral Messages," Sidley Austin

[6]EY, "Updated DOJ and FTC Guidance on Third-Party and Ephemeral Messaging," EY Advisory

[7]Cooley, "Ephemeral Messaging Isn't a Fleeting Interest for Regulators," Cooley Investigations & Enforcement Watch

[8]CNBC, "Google's failure to preserve employee messages in Epic antitrust case merits sanctions, judge says," CNBC

[9]American Bar Association, "Epic Games v. Google: Spoliation Lessons Learned," ABA Antitrust Law

[10]Sidley Austin, "Notable Cases and Events in eDiscovery," Sidley Austin

[11]Everlaw, "What to Know About Ephemeral Messaging in Litigation," Everlaw Blog