Sansone v. Governor of Mo., WD84426

CourtCourt of Appeal of Missouri (US)
Writing for the CourtLISA WHITE HARDWICK, JUDGE
PartiesBEN SANSONE, Appellant, v. GOVERNOR OF MISSOURI, et al., Respondents.
Docket NumberWD84426
Decision Date07 June 2022

BEN SANSONE, Appellant,
v.

GOVERNOR OF MISSOURI, et al., Respondents.

No. WD84426

Court of Appeals of Missouri, Western District, First Division

June 7, 2022


APPEAL FROM THE CIRCUIT COURT OF COLE COUNTY The Honorable Jon E. Beetem, Judge

Before: Lisa White Hardwick, Presiding Judge, Alok Ahuja, and Mark D. Pfeiffer, Judges

LISA WHITE HARDWICK, JUDGE

Ben Sansone, on behalf of The Sunshine Project ("Sansone"), appeals the circuit court's entry of summary judgment against him and in favor of the Governor of Missouri[1] and the custodian of records for the governor's office, Michelle Hallford (collectively, "the Governor's Office"), on Sansone's petition alleging that the former governor, Eric Greitens, Hallford, and other Governor's Office employees violated the Sunshine Law.[2] Sansone contends the court

1

misinterpreted and misapplied the law in several respects and abused its discretion in staying discovery related to six of his claims. For reasons explained herein, we affirm.

Factual and Procedural History

On December 20, 2017, Sarah Madden, special counsel for the Governor's Office under Greitens, received an email on behalf of Sansone requesting that Hallford provide records under the Sunshine Law. The email included these five requests:

1. Documents or phone records, including logs, that show the date that the governor or anyone employed by the governor's office downloaded the phone application Confide on any [of] their mobile phones
2. Documents or phone logs that show the date that the governor and anyone employed by the governor's office downloaded any mobile phone and/or computer application which purpose of the application is to automatically destroy text messages and/or other forms of communication after the communication is sent or received
3. Documents or phone records that show the mobile phone numbers used by the governor.
4. A copy of all SMS messages, text messages, and/or communications sent and/or received by the Governor using the mobile phone application Confide.
5. A copy of all SMS messages, text messages, and/or communications sent and/or received by anyone employed by the governor's office using the mobile phone application Confide.[3]
2

Madden responded to the email within three business days. In her response, she stated that the Governor's Office was reviewing the request and anticipated being able to provide a response or a time and cost estimate, if applicable, for the requested records in no more than twenty business days. After receiving this response, Sansone filed a petition against the Governor's Office seeking an immediate injunction prohibiting the governor and all Governor's Office employees from using Confide or any other automatic communication destruction software and alleging violations of the Sunshine Law and the State and Local Records Law.

Madden sent a follow-up letter to Sansone on January 25, 2018. In this letter, Madden stated that the Governor's Office did not have any records to provide in response to his request for the date that Greitens or anyone employed in the Governor's Office downloaded the Confide application and for the Confide messages sent or received by Greitens or anyone employed in the Governor's Office. As for the remaining requests, Madden stated that any records in response to Sansone's request for the date that Greitens and anyone employed by the Governor's Office downloaded any cell phone and/or computer application whose purpose is to automatically destroy text messages and/or other forms of communication after the communication is sent or received would be considered

3

closed pursuant to Sections 610.021(21) and 610.021(18). She explained that the disclosure of such information would impair the ability of the Governor's Office's Security Division to protect Greitens and his staff and asserted that the interest in non-disclosure outweighed the public interest in disclosure. Lastly, with respect to Sansone's request for Greitens's cell phone numbers, Madden stated that such records were considered closed under Sections 610.021(14) and 407.1500.

In May 2018, Sansone filed a second amended petition. In his second amended petition, Sansone again sought injunctive relief prohibiting the Governor and all Governor's Office employees from using Confide or any other automatic message destruction software (Count I). Sansone alleged seven counts of Sunshine Law violations: the Governor's Office failed to provide access to the records within three days, in violation of Section 610.023.3 (Count II); the Governor's Office failed to provide a detailed and reasonable explanation of the cause of the delay in producing the record within three days, in violation of Section 610.023.3 (Count III); the Governor's Office failed to produce records showing the date that Greitens and anyone employed in the Governor's Office downloaded Confide on their cell phones, in violation of Section 610.023.3 and .4 (Count IV); the Governor's Office deliberately misapplied Section 610.021(21)'s "terrorism exception" and Section 610.021(18)'s "hacker exception" in refusing to produce records of the date that Greitens and anyone employed in the Governor's Office downloaded any automatic message destruction software (Count V); the Governor's Office deliberately misapplied Section 407.1500 in refusing to produce

4

records showing Greitens's cell phone numbers (Count VI); the Governor's Office violated Section 610.023.2 when it failed to collect, maintain, and produce messages sent or received by the office using Confide (Count VII); and there was a civil conspiracy between all defendants to violate the Sunshine Law by using automatic message destruction software (Count VIII).[4]

The court entered an order stating that discovery should proceed sequentially to determine whether any messages sent or received over the Confide application could be recovered, either through Confide, Inc., Confide-affiliated third-party servers, or on cell phones that send or receive messages using Confide. The court ordered Sansone to serve a subpoena on Confide, Inc. The court further ordered the Governor's Office to produce and pay for a forensic expert to conduct a forensic examination, using exemplar cell phones, to determine whether any messages sent or received using Confide could be recovered on those phones after those messages are sent or received. The order provided that, after Sansone received the report from this expert, he could depose the expert and, at his discretion and cost, put forth his own expert to conduct his or her own review. The court stayed all other pending discovery until it could determine whether or not messages sent or received using Confide could be recovered, which the court stated "may have a bearing on what records are at issue." The court reiterated that, at that point in the process, it needed "to

5

ascertain exactly what type of evidence is likely to exist as well as the exact nature of the operation of the Confide application."

In response to Sansone's subpoena, Confide, Inc.'s co-founder and president, Jon Brod, sent a letter stating:

As an end-to-end encrypted and ephemeral messenger, all Confide messages and substantially all data disappear after a message is read. The data we retain and are able to provide is principally around account creation - user name, email address and/or phone number used to sign up for the account, and when the account was created. We do not have any data on deleted accounts, including whether or not the account ever existed.

The Governor's Office hired forensic expert John Mallery to determine what artifacts, if any, could be recovered from an iPhone that is using the Confide application. According to Mallery, the difference between an ordinary messaging application and an ephemeral messaging application such as Confide is that, in an ephemeral messaging application, once the messages are sent, they are automatically deleted from the phone that sent them, and once the messages are read, they are automatically deleted from the phone that received them. In contrast, standard messaging applications require user interaction to delete sent and received messages.

Mallery analyzed an Apple iPhone 6s, which he set up as a new phone, and downloaded and installed the Confide application. Mallery then sent and received messages using Confide. After the messages had been sent from and received by the test phone, Mallery processed and analyzed the test phone using industry

6

standard forensic analysis tools from MSAB, Cellebrite, and XRY. Mallery chose Cellebrite because it has been in the mobile device industry for a very long time and the FBI uses it. XRY is used by police, law enforcement, military, government intelligence agencies, and forensic laboratories in over 100 countries. According to Mallery, he performed all possible extractions of data on the test phone. After performing the extractions, he analyzed the extracted data using non-case sensitive keyword searches, including terms, phrases, and phone numbers, and he performed a manual review of the data.

Mallery was able to verify that Confide does not allow the recipient to retain opened messages; sent messages are deleted from the sender's phone upon the opening of a new message; and the last unopened sent message is no longer on the sender's phone after 48 hours. Mallery assumed the recipient of an unopened message would not have access to the message after 48 hours. In Mallery's opinion, text messages sent and received using Confide cannot be recovered using forensic methodology, and he was "fairly certain" that fragments from messages sent and received using Confide on an iPhone cannot be recovered. Mallery believed there was "zero chance" of using forensic methods to reconstruct messages sent or received via Confide.

Mallery opined that he would have...

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT