Monday, December 29, 2008
BKForensics Reveals the Secrets of the Cell Phone
True story: The Orlando (Fla.) Police Department is taking a homicide suspect to trial. The bad guy’s cell phone is being held as evidence. Apply sophisticated software to reconstruct deleted files and — what have we here? We see the defendant dressed in the clothes that witnesses described. Plus, there are pictures of the murder weapon. Score one for the white hats.
Thursday, December 11, 2008
Ineffective Law Enforcement, Bad Economy Fueling Cybercrime
Cybercriminals operating worldwide are benefitting from ineffective law enforcement and a growing economic recession that could make jittery people more susceptible to cybercrime scams.
So concludes security firm McAfee in its new report, "Virtual Criminology Report—Cybercrime vs. Cyberlaw." published Tuesday. The report pulls together the opinions of about two dozen legal experts, academic researchers and security-response professionals working as far afield as Britain, continental Europe, the Baltic countries, Brazil, India, Japan, Australia, New Zealand and North America.
So concludes security firm McAfee in its new report, "Virtual Criminology Report—Cybercrime vs. Cyberlaw." published Tuesday. The report pulls together the opinions of about two dozen legal experts, academic researchers and security-response professionals working as far afield as Britain, continental Europe, the Baltic countries, Brazil, India, Japan, Australia, New Zealand and North America.
Monday, November 24, 2008
Psystar Case Reveals Apple's Weak E-Discovery Practices
Apple has sold enterprise-class storage hardware and software for years, but the company has yet to embrace systematic e-mail and document retention policies that are common among publicly traded companies.
According to a recent legal filing (page 7) in the Psystar vs Apple antitrust case, Apple employees are responsible for maintaining their own documents such as e-mails, memos, and voicemails. In other words, there is no company-wide policy for archiving, saving, or deleting these documents.
According to a recent legal filing (page 7) in the Psystar vs Apple antitrust case, Apple employees are responsible for maintaining their own documents such as e-mails, memos, and voicemails. In other words, there is no company-wide policy for archiving, saving, or deleting these documents.
Wednesday, November 19, 2008
E-Discovery Requests Loom for Financial Services Firms
As regulators delve into firms' archives to try to pin down responsibility for the current financial meltdown, experts anticipate that litigation will rise sharply. The FBI already announced that it is investigating Freddie Mac, AIG and Lehman, and it is expected that countless other firms will be asked to produce data to support other investigations.
Vivian Tero, program manager for compliance infrastructure at research firm IDC, says e-discovery already has risen on Wall Street's priority list. "The selling cycle [for e-discovery products and services] has become shorter. The need is immediate -- firms have regulators breathing down their backs," she explains. "Many companies are very worried and concerned, and want systems to respond [to potential e-discovery requests]."
Vivian Tero, program manager for compliance infrastructure at research firm IDC, says e-discovery already has risen on Wall Street's priority list. "The selling cycle [for e-discovery products and services] has become shorter. The need is immediate -- firms have regulators breathing down their backs," she explains. "Many companies are very worried and concerned, and want systems to respond [to potential e-discovery requests]."
Friday, November 7, 2008
UAB Students Uncover "Obama Speech" Virus
Computer science and criminal justice students at the University of Alabama at Birmingham have uncovered a series of fraudulent e-mails that claim to link to video of Sen. Barack Obama's acceptance speech, but could put a visitor's personal information in the hands of criminals.
According to Gary Warner, UAB's director of research in computer forensics, the spam links to Web sites registered Tuesday in China.
Visiting the Web site requires the user to install an "Adobe Flash Player" to watch the speech. Installing it will cause all user IDs and passwords, whether for online banking, online stores, e-mail, or even chat programs, to be sent to the criminal's computer.
Wednesday, November 5, 2008
RNC Lined Up Computer Forensics Companies for Potential Electronic Voter Fraud Suits
Forensicon, Inc., a Chicago-based computer forensics company, was contacted last Thursday by a security firm lining up vendors to assist the Republican National Committee with consulting related to potential allegations of computerized voter fraud. It has been widely reported that electronic voting machines in many states are vulnerable to hacking by anyone with the right equipment and a few minutes' access to the voting machine.
Yesterday, noted Chicago resident Oprah Winfrey attempted to cast her vote for her candidate, but the vote failed to register correctly.
Yesterday, noted Chicago resident Oprah Winfrey attempted to cast her vote for her candidate, but the vote failed to register correctly.
Monday, November 3, 2008
Computer Investigators Trace Digital Fingerprints
A wall of Erin Nealy Cox's office is covered with framed milestones: her law degree from Southern Methodist University, a seal from the U.S. attorney's office in the Northern District of Texas autographed by former colleagues. There are plaques from the Internal Revenue Service, the U.S. Postal Service and the FBI thanking her for helping convict bad guys in big cases.
"I jokingly call it the 'I love me wall,' " says Ms. Nealy Cox, who spent 10 years as a federal prosecutor.
The former assistant U.S. attorney was so adept at computer hacking and intellectual property that the feds chose her for a nationwide SWAT team that hunts down and prosecutes cyber-criminals.
Now, as managing director of Stroz Friedberg LLC's new Dallas office, the 38-year-old hopes to do for the for-profit world what she did for the public good: recover information thought to be lost to delete keys or hidden in cyberspace.
Think of it as CSI: Corporate America, and Ms. Nealy Cox as chief investigator Horatio Caine.
"I jokingly call it the 'I love me wall,' " says Ms. Nealy Cox, who spent 10 years as a federal prosecutor.
The former assistant U.S. attorney was so adept at computer hacking and intellectual property that the feds chose her for a nationwide SWAT team that hunts down and prosecutes cyber-criminals.
Now, as managing director of Stroz Friedberg LLC's new Dallas office, the 38-year-old hopes to do for the for-profit world what she did for the public good: recover information thought to be lost to delete keys or hidden in cyberspace.
Think of it as CSI: Corporate America, and Ms. Nealy Cox as chief investigator Horatio Caine.
Monday, October 27, 2008
BrightTALK Hosts Digital Investigation Summit
At this online summit, experts will share information on trends in digital investigation, answer questions, and offer strategies and tips to professionals in e-discovery and computer forensics. BrightTALK hosts livewebcast summits each week around themes that matter to businessprofessionals.
WHEN: Tuesday, October 28, 2008, 9:00 a.m. - 3:00 p.m. Pacific Time
WHO: Presenters at the Digital Investigation Summit include:
Carrie Whitcomb, director of the National Center for Forensic Science
Dave Kleiman, board member of the National Center for Forensic Science
Jeffrey Ritter, CEO of Waters Edge
Patrick Eitenbichler, director of product marketing for HP InformationManagement
Paul Luehr, managing director and deputy general counsel, Stroz Friedberg,LLC
Sean Regan, product marketing manager for Symantec Enterprise Vault
Steven Burgess, founder of Burgess Forensics
WHEN: Tuesday, October 28, 2008, 9:00 a.m. - 3:00 p.m. Pacific Time
WHO: Presenters at the Digital Investigation Summit include:
Carrie Whitcomb, director of the National Center for Forensic Science
Dave Kleiman, board member of the National Center for Forensic Science
Jeffrey Ritter, CEO of Waters Edge
Patrick Eitenbichler, director of product marketing for HP InformationManagement
Paul Luehr, managing director and deputy general counsel, Stroz Friedberg,LLC
Sean Regan, product marketing manager for Symantec Enterprise Vault
Steven Burgess, founder of Burgess Forensics
Thursday, October 23, 2008
iPods Helping Criminal Investigations
Some months ago we reported on the use of iPods as an educational tool, and provided information on schools and universities that have incorporated this technology for the benefit of their students. Our report today involves a more complex use of iPods; iPods used by investigators to collect evidence and by defense attorneys. iPods' storage capability and functionality makes them a perfect device for defense attorneys and criminal investigators. They are inexpensive technology to record or format lengthy information. Maybe its creators did not envisage iPods for purposes other than entertainment but, as my grandmother said, a chair can help reach higher places.
In 2006, a U.S. District Court judge in Toledo, Ohio, approved the purchase of six iPods and power adaptor to be used by defendants in a multi-count drug conspiracy case. The goal was to provide the iPods to six defendants so they could listen to the FBI's wiretaps of their conversations before the case went to trial. Defendants were to listen to these wiretaps either at the U.S. Marshal's office -those detained- or at their defense attorney's office. Formatting the wiretaps into CDs cost the tax payers between $80,000 and $100,000 while the iPods and power adaptors cost less than $2,000 (about $330 per iPod). Content from 13 CDs were inexpensively downloaded in each iPod. One of the defense attorneys in that case said "the iPods are easy to use, save a lot of money, and control access to the information pursuant to the orders of the court. This is a promising solution to a real practical problem." Most of the defendants in this case were convicted; and, as for the iPods, it is not reported but our guess is that the court kept them; not the defendants.
Criminal investigators are also using iPods to record conversations; video-tape certain scenes; and take handy photographs; all these with an innocent-looking device. iPods can store movies, encrypted files, contacts, calendar information, etc., and this data can be later downloaded in a PC. Forensic experts have revealed that iPods have some special features that allow certain content to be hidden so secret information is not noticeable. Experts from Kroll Ontrack, a computer forensic company, state that iPods can serve as external hard drive to a host computer so files can be transferred through programs such as Windows Explorer, instead of iTunes. Kroll Ontrack has conducted forensic examinations on iPods and recommends considering the following issues when an iPod forensic investigation is conducted,
In 2006, a U.S. District Court judge in Toledo, Ohio, approved the purchase of six iPods and power adaptor to be used by defendants in a multi-count drug conspiracy case. The goal was to provide the iPods to six defendants so they could listen to the FBI's wiretaps of their conversations before the case went to trial. Defendants were to listen to these wiretaps either at the U.S. Marshal's office -those detained- or at their defense attorney's office. Formatting the wiretaps into CDs cost the tax payers between $80,000 and $100,000 while the iPods and power adaptors cost less than $2,000 (about $330 per iPod). Content from 13 CDs were inexpensively downloaded in each iPod. One of the defense attorneys in that case said "the iPods are easy to use, save a lot of money, and control access to the information pursuant to the orders of the court. This is a promising solution to a real practical problem." Most of the defendants in this case were convicted; and, as for the iPods, it is not reported but our guess is that the court kept them; not the defendants.
Criminal investigators are also using iPods to record conversations; video-tape certain scenes; and take handy photographs; all these with an innocent-looking device. iPods can store movies, encrypted files, contacts, calendar information, etc., and this data can be later downloaded in a PC. Forensic experts have revealed that iPods have some special features that allow certain content to be hidden so secret information is not noticeable. Experts from Kroll Ontrack, a computer forensic company, state that iPods can serve as external hard drive to a host computer so files can be transferred through programs such as Windows Explorer, instead of iTunes. Kroll Ontrack has conducted forensic examinations on iPods and recommends considering the following issues when an iPod forensic investigation is conducted,
Monday, October 13, 2008
Lawsuit Tsunami: Good for E-Discovery?
Lawsuits driven by the financial crisis may be good news for companies that sell electronic discovery software and services.
As InformationWeek reported yesterday, the tech sector hasn't been immune to the stock market slide. But one segment may find its fortunes bolstered by the turmoil. E-discovery vendors stand to benefit as a tsunami of lawsuits washes over the financial services market.
An Associated Press story reported yesterday that state governments are suing or considering lawsuits against various actors in the financial crisis, including investment banks, bond ratings agencies, and agencies such as Fannie Mae and Freddie Mac.
As InformationWeek reported yesterday, the tech sector hasn't been immune to the stock market slide. But one segment may find its fortunes bolstered by the turmoil. E-discovery vendors stand to benefit as a tsunami of lawsuits washes over the financial services market.
An Associated Press story reported yesterday that state governments are suing or considering lawsuits against various actors in the financial crisis, including investment banks, bond ratings agencies, and agencies such as Fannie Mae and Freddie Mac.
Thursday, October 2, 2008
Why Records Management?
Recent events are changing the corporate e-discovery climate, causing some business leaders to question the effectiveness of an ad-hoc, “on-the-fly” approach. As high profile cases, including Qualcomm (“Qualcomm and Attorneys Sanctioned for ‘Monumental’ E-Discovery Violations,” Findlaw, 2008 ) and Morgan Stanley (“Morgan Stanley to Pay Millions for E-Mail Mismanagement,” E-Discovery Law, September 2007), have highlighted, waiting until the subpoena arrives and assuming that IT can quickly and easily make the requested materials available--and have the ability to preserve them--is an increasingly tricky bet.
IT analysts, such as Gartner, have long advocated the cost and risk savings available by taking a proactive approach to e-discovery and using an archive with solid records management policies. However, despite numerous cost justification case studies, the adoption rate of this technology has been relatively slow. But this might change in short order, as recent e-mail and IT-related fiascos, including Bear Stearns (“Two former Bear Stearns hedge fund managers indicted,” Los Angeles Times, June 20, 2008) and the White House (“Where Are the White House E-Mails?” Time, Jan. 23, 2008), have left corporations scrambling. It seems that nothing speeds corporate action faster than legal challenges with major cost and negative publicity implications.
Will the “summer of shame” (sub-prime fallout and the continued government e-mail scandal) finally turn the procrastinators into proactive managers of electronic records? Or will we continue to see corporations wait for the inevitable subpoena to happen before taking action and pay the price? Only time will tell, but one fact is clear: In today’s corporate climate, electronic records management solutions have never been more in demand.
IT analysts, such as Gartner, have long advocated the cost and risk savings available by taking a proactive approach to e-discovery and using an archive with solid records management policies. However, despite numerous cost justification case studies, the adoption rate of this technology has been relatively slow. But this might change in short order, as recent e-mail and IT-related fiascos, including Bear Stearns (“Two former Bear Stearns hedge fund managers indicted,” Los Angeles Times, June 20, 2008) and the White House (“Where Are the White House E-Mails?” Time, Jan. 23, 2008), have left corporations scrambling. It seems that nothing speeds corporate action faster than legal challenges with major cost and negative publicity implications.
Will the “summer of shame” (sub-prime fallout and the continued government e-mail scandal) finally turn the procrastinators into proactive managers of electronic records? Or will we continue to see corporations wait for the inevitable subpoena to happen before taking action and pay the price? Only time will tell, but one fact is clear: In today’s corporate climate, electronic records management solutions have never been more in demand.
Tuesday, September 30, 2008
FORENSICS SOFTWARE A VITAL TOOL IN FIGHT AGAINST COMPUTER CRIME
South African companies that want to protect their businesses against computer-related crimes such as fraud and data theft should invest in enterprise forensic software tools that allow them to investigate security breaches and acquire evidence against wrongdoers that will stand up in court.
That's the word from Derek Street, product manager at SecureData Security. He says companies face a range of business risks around their data and IT infrastructure, including theft of intellectual property, white-collar crimes such as fraud, human resources violations, and employees using enterprise computers for illegal or immoral activities.
One of the enterprise's most effective tools against the risks of employees abusing corporate data and computers is offer them the certainty that they will be caught and punished for their actions. Companies therefore need to be able to uncover who was responsible for criminal acts or transgressions against corporate policy and provide solid evidence that can be used to prosecute them or dismiss them.
To address these challenges, companies should look for network-based forensics solutions that provide complete network visibility, and comprehensive, forensic-level analysis of servers and workstations anywhere on a network, Street adds. Such a solution should be able to securely investigate/analyse many machines simultaneously over the LAN/WAN at the disk and memory level without disrupting operations, causing downtime, or alerting the target that he or she is under investigation.
It should also as far as possible, automate time-consuming investigative processes, incident response and eDiscovery. These tools can provide detailed information across the lifecycle of a document, such as who accessed, created or edited a document, whether it was printed or emailed (and by who), and much more, often even if the user has deleted information in a bid to cover his or tracks.
One of the important things to look for in a forensics tool is a track record with courts and law enforcers around the world, proving its ability to acquire data in a forensically sound manner, says Street.
That's the word from Derek Street, product manager at SecureData Security. He says companies face a range of business risks around their data and IT infrastructure, including theft of intellectual property, white-collar crimes such as fraud, human resources violations, and employees using enterprise computers for illegal or immoral activities.
One of the enterprise's most effective tools against the risks of employees abusing corporate data and computers is offer them the certainty that they will be caught and punished for their actions. Companies therefore need to be able to uncover who was responsible for criminal acts or transgressions against corporate policy and provide solid evidence that can be used to prosecute them or dismiss them.
To address these challenges, companies should look for network-based forensics solutions that provide complete network visibility, and comprehensive, forensic-level analysis of servers and workstations anywhere on a network, Street adds. Such a solution should be able to securely investigate/analyse many machines simultaneously over the LAN/WAN at the disk and memory level without disrupting operations, causing downtime, or alerting the target that he or she is under investigation.
It should also as far as possible, automate time-consuming investigative processes, incident response and eDiscovery. These tools can provide detailed information across the lifecycle of a document, such as who accessed, created or edited a document, whether it was printed or emailed (and by who), and much more, often even if the user has deleted information in a bid to cover his or tracks.
One of the important things to look for in a forensics tool is a track record with courts and law enforcers around the world, proving its ability to acquire data in a forensically sound manner, says Street.
Wednesday, September 24, 2008
E-Discovery Response Requires Navigation
A company that responded to a discovery request by turning over more than 400,000 pages of undifferentiated documents in an electronic format must provide a "modicum" of guidance about how the material was gathered and organized, a federal magistrate judge has ruled.
Magistrate Judge David E. Peebles ruled that Pass & Seymour, a Syracuse, N.Y., business, failed to either categorize the information under the document headings requested by Hubbell Incorporated, the defendant in Pass & Seymour's copyright infringement action, or to organize the data in an intelligible way.
Hubbell asked for information in what Magistrate Judge Peebles called 72 "wide-ranging and broadly worded" categories. In response, Pass & Seymour delivered the documents in 220 unlabeled computer folders -- the way the company said they were kept in "the ordinary course of business."
Peebles said that was akin to receiving 405,367 pages of documents stuffed into more than 80 bankers' boxes. As such, the response did not meet the company's obligation under the recently amended Rule 34(b)(2) of the Federal Rules of Civil Procedure.
"A party who in response to a discovery demand has chosen to produce documents as they are ordinarily maintained must do just that - produce the documents organized as they are maintained in the ordinary course of producing party's business, with at least some modicum of information regarding how they are ordinarily kept in order to allow the requesting party to make meaningful use of the documents," the magistrate judge wrote in Pass & Seymour v. Hubbell Incorporated, 5:07-cv-00945.
To make information meaningful, parties have to provide their adversaries with some context to help them navigate their way through it, according to the magistrate judge.
Magistrate Judge David E. Peebles ruled that Pass & Seymour, a Syracuse, N.Y., business, failed to either categorize the information under the document headings requested by Hubbell Incorporated, the defendant in Pass & Seymour's copyright infringement action, or to organize the data in an intelligible way.
Hubbell asked for information in what Magistrate Judge Peebles called 72 "wide-ranging and broadly worded" categories. In response, Pass & Seymour delivered the documents in 220 unlabeled computer folders -- the way the company said they were kept in "the ordinary course of business."
Peebles said that was akin to receiving 405,367 pages of documents stuffed into more than 80 bankers' boxes. As such, the response did not meet the company's obligation under the recently amended Rule 34(b)(2) of the Federal Rules of Civil Procedure.
"A party who in response to a discovery demand has chosen to produce documents as they are ordinarily maintained must do just that - produce the documents organized as they are maintained in the ordinary course of producing party's business, with at least some modicum of information regarding how they are ordinarily kept in order to allow the requesting party to make meaningful use of the documents," the magistrate judge wrote in Pass & Seymour v. Hubbell Incorporated, 5:07-cv-00945.
To make information meaningful, parties have to provide their adversaries with some context to help them navigate their way through it, according to the magistrate judge.
Thursday, September 18, 2008
Ohio Supreme Court to Hear Digital Public Records Case
The Ohio Supreme Court on Tuesday grappled with the realities of the computer age as it weighed the question of when a “deleted” public record becomes a “destroyed” public record.
At issue is a lawsuit by The Blade seeking to force the Seneca County commissioners to hire a forensic computer expert at county expense to recover deleted e-mails from an 18-month period, some of which the newspaper contends may contain illegal private communications related to the proposed razing of the county’s historic courthouse.
“We’re talking about a very finite amount of time here, and we’re talking about e-mails from two or three people to one another,” said Justice Maureen O’Connor. “It just doesn’t seem to me to be that overwhelmingly burdensome or such a huge task here for the county to not even attempt to comply.”
Fritz Byers, The Blade’s attorney, told the court that the newspaper made a request under the Ohio Public Records Law seeking all e-mails sent, received, or deleted for an 18-month period beginning Jan. 1, 2006. The county provided a “smattering” of e-mails initially, he said, but then, after the paper sued, the county produced 700-plus pages of additional e-mails.
He noted that the commissioners have admitted that some records were deleted.
“If the court doesn’t rule fully in our favor, then it will mean that any official will be able to legally cover his tracks and misdeeds by a simple click on the computer's delete button,” said John Robinson Block, The Blade’s co-publisher and editor-in-chief.
At issue is a lawsuit by The Blade seeking to force the Seneca County commissioners to hire a forensic computer expert at county expense to recover deleted e-mails from an 18-month period, some of which the newspaper contends may contain illegal private communications related to the proposed razing of the county’s historic courthouse.
“We’re talking about a very finite amount of time here, and we’re talking about e-mails from two or three people to one another,” said Justice Maureen O’Connor. “It just doesn’t seem to me to be that overwhelmingly burdensome or such a huge task here for the county to not even attempt to comply.”
Fritz Byers, The Blade’s attorney, told the court that the newspaper made a request under the Ohio Public Records Law seeking all e-mails sent, received, or deleted for an 18-month period beginning Jan. 1, 2006. The county provided a “smattering” of e-mails initially, he said, but then, after the paper sued, the county produced 700-plus pages of additional e-mails.
He noted that the commissioners have admitted that some records were deleted.
“If the court doesn’t rule fully in our favor, then it will mean that any official will be able to legally cover his tracks and misdeeds by a simple click on the computer's delete button,” said John Robinson Block, The Blade’s co-publisher and editor-in-chief.
Securing the World Against Terrorists, Scammers, and Thugs
An information technology employee for one of the world's top stock brokerages is let go, but before he leaves, he plants a logic bomb that knocks 3,000 of the firm's workstations offline.
The internal network of a federal agency is penetrated by a drug cartel and used to obscure international communications among various members.
A law firm discovers that an impostor has been using a caller ID generator to call members of the public and pose as one of its attorneys.
These are some of the emergencies today's cyber investigators are expected to respond to, the head of forensics for Chevron told attendees of a security conference Wednesday. Given the ongoing spike in computer-based crime, and new laws requiring firms to store ever more amounts of digital data, the workload will only increase.
"This is a field that is in its infancy," Robert Schperberg, forensics lead for Chevron, said at the MIS Training Institute's IT Security World conference in San Francisco. "In today's environment, it's more needed than ever, especially in the states - if you've heard of the new rules of federal civil procedures."
The rules mandate how businesses must store, gather and safeguard information that's admitted into evidence in federal cases.
Rather than focus on such banal parts of the job, however, Schperberg talked about the ongoing fight he and his counterparts engage in to keep their networks free of scammers, organized crime gangs and even terrorists.
The internal network of a federal agency is penetrated by a drug cartel and used to obscure international communications among various members.
A law firm discovers that an impostor has been using a caller ID generator to call members of the public and pose as one of its attorneys.
These are some of the emergencies today's cyber investigators are expected to respond to, the head of forensics for Chevron told attendees of a security conference Wednesday. Given the ongoing spike in computer-based crime, and new laws requiring firms to store ever more amounts of digital data, the workload will only increase.
"This is a field that is in its infancy," Robert Schperberg, forensics lead for Chevron, said at the MIS Training Institute's IT Security World conference in San Francisco. "In today's environment, it's more needed than ever, especially in the states - if you've heard of the new rules of federal civil procedures."
The rules mandate how businesses must store, gather and safeguard information that's admitted into evidence in federal cases.
Rather than focus on such banal parts of the job, however, Schperberg talked about the ongoing fight he and his counterparts engage in to keep their networks free of scammers, organized crime gangs and even terrorists.
Controversial Forensic Expert Arrested on Child Porn Charge
Early last Thursday, police in Market Harborough and Rugby arrested two forensics experts, Jim Bates and Chris Magee, on charges of "conspiracy to possess indecent images of children". Jim Bates has frequently given testimony in computer forensic and child pornography cases, and had been working on a case along with Magee, who is a director of Cyber Forensics.
The arresting officers also seized large quantities of material, both hard copy and digital, from the two men. This included material that is claimed to be "privileged" within the meaning of the Police and Criminal Evidence Act.
Jim Bates is controversial. He has testified extensively and often in criminal cases, but is best known for his role in defending individuals accused of downloading child porn, and for his criticism of Operation Ore, which resulted in thousands of child pornography arrests in the UK.
Talking to The Register he made it clear that he sees the official investigation of many such cases as systematically flawed. He is scathing of police "experts" in this area, arguing that most lack the expertise to carry out all but the most basic of analyses. According to Bates: “Computer Forensics is not about proving innocence or guilt, but about finding facts and providing them to the court".
Clearly, he is a thorn in the side of authority, but he hasn't exactly helped his cause by misrepresenting his own background. Until recently, he was claiming a BSc in Engineering which he was subsequently shown not to have.
In a hearing at Crown Court earlier this year, Bates was found guilty of perjury for having misrepresented his qualifications. But in closing remarks, Judge Hammond observed that he was "not a charlatan", and further that he had "a real expertise", and had "just embellished his status".
Since being convicted of perjury, Bates has effectively been barred from acting as an expert witness. But he still provides advice on cases, and it was in this capacity that he and Chris Magee visited a Bristol Police station in June of this year.
They went there to clone a hard drive which was central to an ongoing case. According to Bates, this was a procedure he had carried out many times before in similar cases, and there was no hint of any difference in this one.
They examined the machine in situ, carried out tests for presence of malware, and took a video of the proceedings. When they left, they took with them a copy of the original hard drive.
The arresting officers also seized large quantities of material, both hard copy and digital, from the two men. This included material that is claimed to be "privileged" within the meaning of the Police and Criminal Evidence Act.
Jim Bates is controversial. He has testified extensively and often in criminal cases, but is best known for his role in defending individuals accused of downloading child porn, and for his criticism of Operation Ore, which resulted in thousands of child pornography arrests in the UK.
Talking to The Register he made it clear that he sees the official investigation of many such cases as systematically flawed. He is scathing of police "experts" in this area, arguing that most lack the expertise to carry out all but the most basic of analyses. According to Bates: “Computer Forensics is not about proving innocence or guilt, but about finding facts and providing them to the court".
Clearly, he is a thorn in the side of authority, but he hasn't exactly helped his cause by misrepresenting his own background. Until recently, he was claiming a BSc in Engineering which he was subsequently shown not to have.
In a hearing at Crown Court earlier this year, Bates was found guilty of perjury for having misrepresented his qualifications. But in closing remarks, Judge Hammond observed that he was "not a charlatan", and further that he had "a real expertise", and had "just embellished his status".
Since being convicted of perjury, Bates has effectively been barred from acting as an expert witness. But he still provides advice on cases, and it was in this capacity that he and Chris Magee visited a Bristol Police station in June of this year.
They went there to clone a hard drive which was central to an ongoing case. According to Bates, this was a procedure he had carried out many times before in similar cases, and there was no hint of any difference in this one.
They examined the machine in situ, carried out tests for presence of malware, and took a video of the proceedings. When they left, they took with them a copy of the original hard drive.
Friday, September 12, 2008
e-DISCOVERY DRIVES LEGAL COSTS UP
As it turns out, companies don’t usually understand the importance of knowledge and document management, until they are legally required to find and hand over all documents. The process of ediscovery is usually complicated by the fact that companies don’t know where their information lives.
Or so says a recent study by the American College of Trial Lawyers and the Institute for the Advancement of the American Legal System.
Turns out, many companies are still not in the habit of retaining and organizing their documents in a logical structure. In fact, it’s so hard to uncover materials related to the legal cases that costs are rising as a result. Out of the 1,400 lawyers surveyed, 87% said that electronic discovery is too costly and driving up the price of litigation.
This is not due to their lack of concern for the nature of the marketplace; it is more from a reactionary model as opposed to a proactive one. In most cases, online documents, emails, policies, procedures don’t often live in a well-laid out, easy-to-find format.
Companies are simply not prepared, when it comes to organizing and storing documents.
The study also says that “without a proactive approach to retaining and organizing their electronic documentation, the company has just grown that litigation cost exponentially”.
Such a proactive approach involves the following:
Or so says a recent study by the American College of Trial Lawyers and the Institute for the Advancement of the American Legal System.
Turns out, many companies are still not in the habit of retaining and organizing their documents in a logical structure. In fact, it’s so hard to uncover materials related to the legal cases that costs are rising as a result. Out of the 1,400 lawyers surveyed, 87% said that electronic discovery is too costly and driving up the price of litigation.
This is not due to their lack of concern for the nature of the marketplace; it is more from a reactionary model as opposed to a proactive one. In most cases, online documents, emails, policies, procedures don’t often live in a well-laid out, easy-to-find format.
Companies are simply not prepared, when it comes to organizing and storing documents.
The study also says that “without a proactive approach to retaining and organizing their electronic documentation, the company has just grown that litigation cost exponentially”.
Such a proactive approach involves the following:
Storage structure: Implement a formal and stringent document control system, so that costs to litigate can be diminished.- Searchability: Now that information has been organized sufficiently, make it searchable. Often determining your search terms can help with the organization of documents. Create an organized electronic database or a document retention platform with the ability to quickly search for items. Allowing lawyers to perform a detailed search using document criteria, metadata and content simply saves both parties money.
- Retainability: Have a retention policy in place, which immediately executes “save everything”. Once a company has been served, it must retain all documents related to the litigation. When considering an electronic document management system, one that meets your retention criteria is the best.
These proactive initiatives will save you money should legal issues arise. They will also keep you and your company organized and up-to-date on policies and procedures. Good knowledge management has a funny way of keeping out of trouble.
DOMINO'S SAYS CUSTOMER DATABASE TOO PRIVATE TO SHARE
Having an enormous database of customers, cell phone numbers and addresses from around the country, Domino's Pizza LLC is subject to speculation about abuse of that personal information.
One such article was in a CNET news article, The Internet, a Private Eye's Best Friend. A Brooklyn private investigator, Steven Rambam, observes in the article that the Internet is a goldmine for getting personal information. The article elaborates, "Rambam also gets information from marketing databases that gather information on people's buying habits and preferences from frequent-customer cards, surveys, product registrations, actual transactions, and other activities." It then quotes Rambam, saying, "Domino's has built the biggest consumer database in America, and the U.S. Marshals Service, the New York Police Department and collection agencies are using it to track people down."
Responding to a phone call from Blue MauMau and a follow-up email, Mr. Tim McIntyre, Vice President of Communications at Domino's, issued this statement a few minutes ago that such claims are simply not true.
"We do not sell or give away our customer lists to anyone, despite what this individual claims. He's grossly misinformed. Our customer lists are too important to us, and the trust we have with our customers is too valuable to break. There is no upside for us at all in sharing the information.
There have been a few instances in which our legal department has received subpoenas from law enforcement agencies who want to tie a specific address to a cell phone number. In those cases, we only provide that information - we do not share entire lists. Any business receiving a subpoena from a law enforcement agency is going to cooperate, of course. In the cases in which we have cooperated, the information has led to the arrest of drug dealers and murderers.For that, we will not apologize.
As for the accusation that we share information with collection agencies: again, false. Do we use this information to collect money owed to us? Yes, occasionally. That is the only time we would use that kind of information. We do not sell or share it with others.
One such article was in a CNET news article, The Internet, a Private Eye's Best Friend. A Brooklyn private investigator, Steven Rambam, observes in the article that the Internet is a goldmine for getting personal information. The article elaborates, "Rambam also gets information from marketing databases that gather information on people's buying habits and preferences from frequent-customer cards, surveys, product registrations, actual transactions, and other activities." It then quotes Rambam, saying, "Domino's has built the biggest consumer database in America, and the U.S. Marshals Service, the New York Police Department and collection agencies are using it to track people down."
Responding to a phone call from Blue MauMau and a follow-up email, Mr. Tim McIntyre, Vice President of Communications at Domino's, issued this statement a few minutes ago that such claims are simply not true.
"We do not sell or give away our customer lists to anyone, despite what this individual claims. He's grossly misinformed. Our customer lists are too important to us, and the trust we have with our customers is too valuable to break. There is no upside for us at all in sharing the information.
There have been a few instances in which our legal department has received subpoenas from law enforcement agencies who want to tie a specific address to a cell phone number. In those cases, we only provide that information - we do not share entire lists. Any business receiving a subpoena from a law enforcement agency is going to cooperate, of course. In the cases in which we have cooperated, the information has led to the arrest of drug dealers and murderers.For that, we will not apologize.
As for the accusation that we share information with collection agencies: again, false. Do we use this information to collect money owed to us? Yes, occasionally. That is the only time we would use that kind of information. We do not sell or share it with others.
Wednesday, September 10, 2008
PREPARE FOR e-DISCOVERY REQUESTS TO AVOID DISASTROUS LEGAL SANCTIONS AND FINES
If your company was hit with a lawsuit, would you be prepared for an e-discovery request? For instance, does your company have formal e-discovery policies? Do you know what data to store and how long to store it? Does your company provide employees with e-discovery training?
When we surveyed 711 TechRepublic members about e-discovery, we found that many of their companies were ill prepared for e-discovery requests.
Without policies and procedures in place, you could be setting your company up for huge fines and sanctions.
Here’s an excerpt from the E-discovery Special Report, which demonstrates why IT leaders should know the ins and outs about e-discovery:
“…recent decisions in Federal courts, as well as changes to the Federal Rules of Civil Procedure, reflect a shift toward holding respondents — the providers of information requested during discovery –responsible to pay for producing ESI. This responsibility is based on the assumption that a reasonable IT manager understands the need for knowing where his or her organization’s information is kept, whether it should be accessible during discovery, how to provide an environment in which documents and other information can be easily placed and kept on ‘legal hold,’ and the how to implement and use the tools necessary to provide them on demand.”
When we surveyed 711 TechRepublic members about e-discovery, we found that many of their companies were ill prepared for e-discovery requests.
Without policies and procedures in place, you could be setting your company up for huge fines and sanctions.
Here’s an excerpt from the E-discovery Special Report, which demonstrates why IT leaders should know the ins and outs about e-discovery:
“…recent decisions in Federal courts, as well as changes to the Federal Rules of Civil Procedure, reflect a shift toward holding respondents — the providers of information requested during discovery –responsible to pay for producing ESI. This responsibility is based on the assumption that a reasonable IT manager understands the need for knowing where his or her organization’s information is kept, whether it should be accessible during discovery, how to provide an environment in which documents and other information can be easily placed and kept on ‘legal hold,’ and the how to implement and use the tools necessary to provide them on demand.”
Monday, September 8, 2008
THE BIG DATA DUMP
Dawn Beye’s teenage daughter suffers from anorexia nervosa and had to be treated in hospital at a cost of about $1,000 a day. Horizon Blue Cross Blue Shield of New Jersey, the Beyes’ insurance company, covered one month of the bills but then balked, demanding evidence that the affliction was ‘biologically based’ rather than psychological. So Beye got together with parents of other anorexic and bulimic teenagers and sued. Horizon immediately asked to see practically everything the teenagers had said on their Facebook and MySpace profiles, in instant-messaging threads, text messages, emails, blog posts and whatever else the girls might have done online.
The Beyes’ lawyer, David Mazie at Mazie, Slater, Katz & Freeman, objected on the grounds that Horizon’s demands violated the girls’ privacy. He lost. So harddisks and webpages are being scoured in order for the case to proceed. Gathering and then sifting through all the electronic information that a few teenage girls have generated is excessive and daunting, says Mazie.
And yet almost all information today is electronic, and there is ever more of it. “Things that we would never have put in writing are now in electronic form,” says Rebecca Love Kourlis, formerly a justice on Colorado’s Supreme Court and now the director of an institute at the University of Denver dedicated to rescuing America’s civil-justice system.
This system, she says, was already a ‘sick patient’—with crowded dockets and understaffed courts—but electronic discovery now threatens a lethal ‘spike in fever’. She has seen ordinary landlord-tenant disputes take three years, and divorce cases that might have been merely bitter, but are now digital wars of attrition. She sees cases that are settled only because one party cannot afford the costs of e-discovery: whereas in the past 5% of cases went to trial, now only 2% do. She knows plaintiffs who cannot afford to sue at all, for fear of the e-discovery costs.
For large companies, these costs now run into many millions. Patrick Oot, a lawyer for Verizon, an American telecoms giant that gets sued a lot, says that at the beginning of this decade e-discovery presented “a one-big-case, once-a-year problem”. In most cases, information was still on paper, and its volume thus limited. In the rare event that electronic evidence was requested, 100 gigabytes (GB) was considered a large amount.
Today, says Oot, almost every case involves e-discovery and spits out ‘terabytes’ of information—the equivalent of millions of pages. In an...
The Beyes’ lawyer, David Mazie at Mazie, Slater, Katz & Freeman, objected on the grounds that Horizon’s demands violated the girls’ privacy. He lost. So harddisks and webpages are being scoured in order for the case to proceed. Gathering and then sifting through all the electronic information that a few teenage girls have generated is excessive and daunting, says Mazie.
And yet almost all information today is electronic, and there is ever more of it. “Things that we would never have put in writing are now in electronic form,” says Rebecca Love Kourlis, formerly a justice on Colorado’s Supreme Court and now the director of an institute at the University of Denver dedicated to rescuing America’s civil-justice system.
This system, she says, was already a ‘sick patient’—with crowded dockets and understaffed courts—but electronic discovery now threatens a lethal ‘spike in fever’. She has seen ordinary landlord-tenant disputes take three years, and divorce cases that might have been merely bitter, but are now digital wars of attrition. She sees cases that are settled only because one party cannot afford the costs of e-discovery: whereas in the past 5% of cases went to trial, now only 2% do. She knows plaintiffs who cannot afford to sue at all, for fear of the e-discovery costs.
For large companies, these costs now run into many millions. Patrick Oot, a lawyer for Verizon, an American telecoms giant that gets sued a lot, says that at the beginning of this decade e-discovery presented “a one-big-case, once-a-year problem”. In most cases, information was still on paper, and its volume thus limited. In the rare event that electronic evidence was requested, 100 gigabytes (GB) was considered a large amount.
Today, says Oot, almost every case involves e-discovery and spits out ‘terabytes’ of information—the equivalent of millions of pages. In an...
Tuesday, September 2, 2008
Computer Forensics Experts Use Personal GPS to Solve Crimes
Like millions of motorists, Eric Hanson used a Global Positioning System device in his Chevrolet TrailBlazer to find his way around. He probably did not expect that prosecutors would use it, too — to help convict him of killing four family members.
Prosecutors in suburban Chicago analyzed data from the Garmin G.P.S. device to pinpoint where Mr. Hanson had been on the morning after his parents were fatally shot and his sister and brother-in-law bludgeoned to death in 2005. He was convicted of the killings this year and sentenced to death.
Mr. Hanson’s trial was among recent criminal cases in which the authorities used such navigation devices to help establish a defendant’s whereabouts. Experts say such evidence will almost certainly become more common in court as the systems become more affordable and show up in more vehicles.
“There’s no real doubt,” said Alan Brill, a computer forensics expert in Minnesota who has worked with the Federal Bureau of Investigation and the Secret Service. “This follows every other technology that turns out to have information of forensic value. I think what we’re seeing is evolutionary.”
Prosecutors in suburban Chicago analyzed data from the Garmin G.P.S. device to pinpoint where Mr. Hanson had been on the morning after his parents were fatally shot and his sister and brother-in-law bludgeoned to death in 2005. He was convicted of the killings this year and sentenced to death.
Mr. Hanson’s trial was among recent criminal cases in which the authorities used such navigation devices to help establish a defendant’s whereabouts. Experts say such evidence will almost certainly become more common in court as the systems become more affordable and show up in more vehicles.
“There’s no real doubt,” said Alan Brill, a computer forensics expert in Minnesota who has worked with the Federal Bureau of Investigation and the Secret Service. “This follows every other technology that turns out to have information of forensic value. I think what we’re seeing is evolutionary.”
Companies Keep Watch, Covertly
A blend of advanced technology, increased litigation and rising fears about trade secret theft and financial fraud is driving law firms and corporate counsel to the doors of former FBI agents and ex-prosecutors with a knack for solving crimes.
These private investigators report that calls for help from law firms and corporate general counsel have increased substantially in recent years.
Attorneys are looking for assistance on a wide range of problems, including: corporate espionage, intellectual property theft and workplace discrimination claims.
At the core of many of these problems, lawyers note, is a mountain of computer evidence too technical and too overwhelming for attorneys to dissect on their own.
"Most lawyers do not have the technological experience or the accounting expertise to do almost any of the stuff that these guys do," said attorney Alan Brudner, head of litigation and investigations of the U.S. division of UBS Securities LLC, an international financial services firm.
Brudner said that his reliance on former federal agents has grown in recent years. In his 13 years with UBS, he's gone from calling on private investigators only rarely to calling them once a month. He said that's largely the result of increased government regulation, investigations and inquiries into the banking industry.
"They're credible," he said of the hired help. "They've got experience. They know their way around the courthouse and understand how evidence is used and presented in court. There's always a value in talking to these guys."
These private investigators report that calls for help from law firms and corporate general counsel have increased substantially in recent years.
Attorneys are looking for assistance on a wide range of problems, including: corporate espionage, intellectual property theft and workplace discrimination claims.
At the core of many of these problems, lawyers note, is a mountain of computer evidence too technical and too overwhelming for attorneys to dissect on their own.
"Most lawyers do not have the technological experience or the accounting expertise to do almost any of the stuff that these guys do," said attorney Alan Brudner, head of litigation and investigations of the U.S. division of UBS Securities LLC, an international financial services firm.
Brudner said that his reliance on former federal agents has grown in recent years. In his 13 years with UBS, he's gone from calling on private investigators only rarely to calling them once a month. He said that's largely the result of increased government regulation, investigations and inquiries into the banking industry.
"They're credible," he said of the hired help. "They've got experience. They know their way around the courthouse and understand how evidence is used and presented in court. There's always a value in talking to these guys."
Friday, August 29, 2008
Managing E-Discovery Consultants and Vendors Wisely
Some sources estimate that the e-discovery consultant market is presently $3 billion and growing.
Close attorney supervision, good communication and strategic foresight remain necessary, however, to a successful relationship among the litigant, counsel and the e-vendor. Litigants and counsel must also certify the results of a vendor's work, and responsibilities under the procedural rules cannot simply be delegated away.
Vendors serve important functions: identifying available electronically stored information; translating information to a form that may be read or understood without actually changing the data; transferring information to an appropriate medium for production during the litigation process; and assisting with forensic analysis if necessary.
"Electronically stored information" under Fed. R. Civ. P. 26 and 34, and similar state rules, is broadly defined.
E-discovery vendors are able to provide expertise in identifying information, using sophisticated software to winnow duplicative or irrelevant information, to access it, and to translate it to a communicable form without changing delicate metadata or other information.
A vendor is able to canvass key employees in a streamlined manner and can efficiently identify relevant data-mines and the information needed for preservation.
Close attorney supervision, good communication and strategic foresight remain necessary, however, to a successful relationship among the litigant, counsel and the e-vendor. Litigants and counsel must also certify the results of a vendor's work, and responsibilities under the procedural rules cannot simply be delegated away.
Vendors serve important functions: identifying available electronically stored information; translating information to a form that may be read or understood without actually changing the data; transferring information to an appropriate medium for production during the litigation process; and assisting with forensic analysis if necessary.
"Electronically stored information" under Fed. R. Civ. P. 26 and 34, and similar state rules, is broadly defined.
E-discovery vendors are able to provide expertise in identifying information, using sophisticated software to winnow duplicative or irrelevant information, to access it, and to translate it to a communicable form without changing delicate metadata or other information.
A vendor is able to canvass key employees in a streamlined manner and can efficiently identify relevant data-mines and the information needed for preservation.
Thursday, August 28, 2008
KAZEON UPGRADES eDISCOVERY
Kazeon has extended its Information Server eDiscovery application, announcing improved collection, procession and analysis with legal hold from laptops and desktops.
The company says that version 3.1 of Information Server IS1200-ECS introduces a new in-place legal hold, KazHold, and a new agent-less product for in-place analysis of and collection from laptops/desktops.
It says that these new products and functionality are key enhancements which will help organisations streamline collection, analysis and processing for proactive and reactive eDiscovery processes, ensuring that all relevant and necessary information for any litigation related activity is discovered, and that no data is spoiled
The company says that version 3.1 of Information Server IS1200-ECS introduces a new in-place legal hold, KazHold, and a new agent-less product for in-place analysis of and collection from laptops/desktops.
It says that these new products and functionality are key enhancements which will help organisations streamline collection, analysis and processing for proactive and reactive eDiscovery processes, ensuring that all relevant and necessary information for any litigation related activity is discovered, and that no data is spoiled
Wednesday, August 27, 2008
Do Computer Snoops Need PI Licenses?
By now, we all know how the Recording Industry Association of America nabs alleged file sharers, more than 20,000 lawsuits and counting: Hired snoops from MediaSentry -- aka SafeNet -- log onto Kazaa, Limewire or other file sharing programs, peer into open share folders, take screen shots, download a few files and obtain the offending IP addresses.
But in a few states – Michigan, Texas, Florida, New York, Massachusetts, Oregon and Arizona -- the RIAA's investigators have come under attack by state governments or RIAA defendants. Reason: they are not licensed private investigators in their respective states. Michigan recently told (.pdf) MediaSentry it needed a license to continue practicing.
But demanding a private investigator's license doesn't make such sense for computer forensic work, according to the American Bar Association. In a recent report, the country's largest legal lobbying group urges the states to jettison the idea of, or licensing requirement for computer forensic specialists, especially since most state licensing boards don't demand education in such work
But in a few states – Michigan, Texas, Florida, New York, Massachusetts, Oregon and Arizona -- the RIAA's investigators have come under attack by state governments or RIAA defendants. Reason: they are not licensed private investigators in their respective states. Michigan recently told (.pdf) MediaSentry it needed a license to continue practicing.
But demanding a private investigator's license doesn't make such sense for computer forensic work, according to the American Bar Association. In a recent report, the country's largest legal lobbying group urges the states to jettison the idea of, or licensing requirement for computer forensic specialists, especially since most state licensing boards don't demand education in such work
Tuesday, August 26, 2008
E-Discovery: Managing the Unmanageable
The e-mail or voice-mail message has a familiar and ominous tone: "This is (insert name of in-house counsel here) from the law department. It looks like there may be some litigation involving (insert product name). We don't have a copy of the complaint (or subpoena) yet, but we know we are going to have a pretty tight deadline for responding, and we will need to coordinate with your IT department. You may receive a call from (insert name of law firm you have never heard of before) in the next couple of days to discuss what we need to do in terms of data preservation and our response. If you have any questions, please call or shoot me an e-mail. Thanks very much and have a good day."
And so it begins. It will not be a good day. This message may be the call to arms in an electronic discovery battle that may materially affect your IT plans, projects, personnel and budget.
The critical qualifier is "may." The legal press is chock-full of articles, written by lawyers for lawyers, about how to manage e-discovery. Missing has been straightforward guidance for CIOs about their e-discovery management role. I hope to fill this gap by providing concrete and common-sense steps that you and your IT team can take to effectively manage the size and cost of e-discovery. The first step in this process is to understand some of the e-discovery rules of engagement.
And so it begins. It will not be a good day. This message may be the call to arms in an electronic discovery battle that may materially affect your IT plans, projects, personnel and budget.
The critical qualifier is "may." The legal press is chock-full of articles, written by lawyers for lawyers, about how to manage e-discovery. Missing has been straightforward guidance for CIOs about their e-discovery management role. I hope to fill this gap by providing concrete and common-sense steps that you and your IT team can take to effectively manage the size and cost of e-discovery. The first step in this process is to understand some of the e-discovery rules of engagement.
Monday, August 25, 2008
Recent Cases Teach Valuable Lessons in E-Discovery
Managing discovery of electronically stored information (ESI) is a challenging task. Companies often generate and store huge volumes of data across multiple sources, employees and locations. Further, many discovery requests that seek ESI disregard the costs or burdens imposed on the responding party. As exemplified in the highly publicized Qualcomm case, moreover, failing to collect and produce relevant information can be costly, and courts have severely punished the failure to produce e-mails or documents. Qualcomm, for example, recently paid more than $8.5 million in attorney fees in a patent infringement case for failing to produce numerous e-mails during discovery. Similarly, in a shareholder case, DaimlerChrysler was ordered to pay $556,061 in sanctions after certain documents were not produced until trial.
Cases involving million-dollar meltdowns, however, should remain the rare exception. Trial attorneys are becoming more adept at conducting e-discovery and can learn helpful lessons from recent cases. Recent e-discovery cases teach three important lessons: (1) properly plan for e-discovery; (2) cooperate with opposing counsel; and (3) correct any mistakes early in the case.
Cases involving million-dollar meltdowns, however, should remain the rare exception. Trial attorneys are becoming more adept at conducting e-discovery and can learn helpful lessons from recent cases. Recent e-discovery cases teach three important lessons: (1) properly plan for e-discovery; (2) cooperate with opposing counsel; and (3) correct any mistakes early in the case.
Friday, August 22, 2008
White House Lacks Comprehensive E-Mail Archive
For years, the Bush administration has relied on an inadequate archiving system for storing the millions of e-mails sent through White House servers, despite court orders and statutes requiring the preservation of such records, according to documents and technical experts.
President Bush's White House early on scrapped a custom archiving system that the Clinton administration had adopted under a federal court order. From 2001 to 2003, the Bush White House also recorded over computer backup tapes that provided a last line of defense for preserving e-mails, even though a similar practice landed the Clinton administration in legal trouble.
As a result, several years' worth of electronic communication may have been lost, potentially including e-mails documenting administration actions in the run-up to the Iraq war.
White House officials said last week that they have "no reason to believe" that any e-mails were deliberately destroyed or are missing. But over the past year, they have acknowledged problems with archiving, saving and finding e-mails dating from early in the administration until at least 2005.
President Bush's White House early on scrapped a custom archiving system that the Clinton administration had adopted under a federal court order. From 2001 to 2003, the Bush White House also recorded over computer backup tapes that provided a last line of defense for preserving e-mails, even though a similar practice landed the Clinton administration in legal trouble.
As a result, several years' worth of electronic communication may have been lost, potentially including e-mails documenting administration actions in the run-up to the Iraq war.
White House officials said last week that they have "no reason to believe" that any e-mails were deliberately destroyed or are missing. But over the past year, they have acknowledged problems with archiving, saving and finding e-mails dating from early in the administration until at least 2005.
Wednesday, August 20, 2008
Women in E-Discovery Announce First Career and Technology Expo
Women in eDiscovery, a non-profit organization committed to providing information and education as a public service to the legal community, today announce their first Career and Technology Expo (CTE) will take place September 18th, 2008 in Washington, D.C. The expo will be held at Document Technologies, Inc. corporate office in the Ronald Reagan Center.
The Career and Technology Expo will feature 29 vendor booths and a demonstration room where a number of products and solutions by vendors, such as Catalyst, Clearwell, Stratify, IPRO and others, will be presented for 30 minutes each. In addition, there will be a resume preparation room and an interview room where recruiters and consulting companies will impart interview and resume tips on a one-on-one basis.
“We are very excited to be bringing both men and women in the legal industry together to educate, support and network with one another,” stated Parvaneh Daneshman, Co-chair of the event and Senior Project Manager at ONSITE3. “The e-discovery industry is growing so rapidly and is changing very quickly. It is great to get a group of leaders and innovators together to discuss hot topics and issues facing them and the rest of the market every day. We expect this to be a great forum for sharing ideas and expertise.”
The Career and Technology Expo will feature 29 vendor booths and a demonstration room where a number of products and solutions by vendors, such as Catalyst, Clearwell, Stratify, IPRO and others, will be presented for 30 minutes each. In addition, there will be a resume preparation room and an interview room where recruiters and consulting companies will impart interview and resume tips on a one-on-one basis.
“We are very excited to be bringing both men and women in the legal industry together to educate, support and network with one another,” stated Parvaneh Daneshman, Co-chair of the event and Senior Project Manager at ONSITE3. “The e-discovery industry is growing so rapidly and is changing very quickly. It is great to get a group of leaders and innovators together to discuss hot topics and issues facing them and the rest of the market every day. We expect this to be a great forum for sharing ideas and expertise.”
Black Hat 2008 Aftermath
As always, the 2008 Black Hat security conference in Las Vegas, N.V., was full of cutting-edge computer security research, the latest in computer security vulnerabilities, and more than a little controversy.
The most popular presentation at Black Hat 2008 was on the Internetwide DNS vulnerability discovered by Dan Kaminsky, director of penetration testing for IOActive. Over 2,000 attendees packed into an 800-person capacity room to hear Mr. Kaminsky tell the intriguing story of how he had been working on a nonsecurity related, Web-caching project for a friend at Wikipedia.
DNS cache poisoning is a technique that allows a hacker to introduce forged DNS information into other DNS servers. The result of a DNS cache poisoning attack allows the hacker to take control of portions of the Internet or redirect all users of a search engine to malicious content.
Everyone knows that e-mail spam is a huge problem that all of us are subjected to on almost a daily basis. What you may not know is how e-mail spam is directly linked to phishing and botnets. Phishing e-mails attempt to steal personally identifiable information from unsuspecting computers by getting them to open a "Trojaned" attachment or follow a link to a malicious Web site. Botnets are a collection of hacked computers remotely controlled by individuals for nefarious purposes.
Typically the hacker or "bot herder" will use the computer under their control for denial-of-service attacks often associated with extortion or massive spamming as part of a phishing effort. There were a number of different presentations addressing how phishing and botnets, in conjunction with e-mail spam, are used by hackers.
Black Hat also covered the latest trends and security implications of server virtualization and introduced visual forensic analysis in a session entitled: "Visual Computer Forensic Analysis," by Greg Conti and Erik Dean. In upcoming articles we will look more at this cutting-edge technique and the tools being developed around, it as well as delve into the dangers of social networking sites, phishing and botnet schemes, and SSL VPN security.
The most popular presentation at Black Hat 2008 was on the Internetwide DNS vulnerability discovered by Dan Kaminsky, director of penetration testing for IOActive. Over 2,000 attendees packed into an 800-person capacity room to hear Mr. Kaminsky tell the intriguing story of how he had been working on a nonsecurity related, Web-caching project for a friend at Wikipedia.
DNS cache poisoning is a technique that allows a hacker to introduce forged DNS information into other DNS servers. The result of a DNS cache poisoning attack allows the hacker to take control of portions of the Internet or redirect all users of a search engine to malicious content.
Everyone knows that e-mail spam is a huge problem that all of us are subjected to on almost a daily basis. What you may not know is how e-mail spam is directly linked to phishing and botnets. Phishing e-mails attempt to steal personally identifiable information from unsuspecting computers by getting them to open a "Trojaned" attachment or follow a link to a malicious Web site. Botnets are a collection of hacked computers remotely controlled by individuals for nefarious purposes.
Typically the hacker or "bot herder" will use the computer under their control for denial-of-service attacks often associated with extortion or massive spamming as part of a phishing effort. There were a number of different presentations addressing how phishing and botnets, in conjunction with e-mail spam, are used by hackers.
Black Hat also covered the latest trends and security implications of server virtualization and introduced visual forensic analysis in a session entitled: "Visual Computer Forensic Analysis," by Greg Conti and Erik Dean. In upcoming articles we will look more at this cutting-edge technique and the tools being developed around, it as well as delve into the dangers of social networking sites, phishing and botnet schemes, and SSL VPN security.
Thursday, August 14, 2008
Poll: Execs Believe E-Data Becoming Unmanageable
Results of a recent online poll of executives conducted by Deloitte Financial Advisory Services portray the growing volume of electronic data in corporations as a virtual litigation disaster waiting to happen.
"Discovery is a very serious issue to business today," Bruce Hartley, a director in the Analytic and Forensic Technology practice of Deloitte FAS, said. "There are real stakes and real penalties associated with poorly handled discovery. In the past few years, we have seen cases where defendants have faced jail time and millions of dollars in sanctions or penalties."
"Strategic steps should be taken so that electronic discovery can be handled correctly," he said.
Deloitte recommends that companies create an e-discovery program and communicate it to all departments. That would include records management policies and document retention schedules. The firm also recommends that companies map their data systems and data sources.
"Discovery is a very serious issue to business today," Bruce Hartley, a director in the Analytic and Forensic Technology practice of Deloitte FAS, said. "There are real stakes and real penalties associated with poorly handled discovery. In the past few years, we have seen cases where defendants have faced jail time and millions of dollars in sanctions or penalties."
"Strategic steps should be taken so that electronic discovery can be handled correctly," he said.
Deloitte recommends that companies create an e-discovery program and communicate it to all departments. That would include records management policies and document retention schedules. The firm also recommends that companies map their data systems and data sources.
Reduce litigation risk, cut costs with proactive eDiscovery
Getting a Handle on eDiscovery“Discovery” is the legal process that all companies facing lawsuits are required to go through in order to produce relevant documents for the court to consider. Generally, any company with $1B in revenue faces multiple legal matters. They may be spurious, or legitimate—but for good-sized companies, they’re inevitable. What’s notable is that those companies spend between $2.5 million and $4 million a year on legal discovery of electronic files alone.
What’s driving those costs? Part of it is an increase in the number of lawsuits. Part of it are the new regulations that enterprises have to comply with in the wake of Enron, WorldCom, and Tyco. But probably the most important factor driving the increase in legal discovery costs is the rapid growth of electronic data that is generated and stored by companies as part of their ongoing business operations. While technology has made our lives at work easier and more productive, it has also contributed to the proliferation of electronically stored information (ESI). To make things more complicated, as much as 90% of all that information is unstructured and unmanaged. Most companies do not have well defined information management policies in place to manage the explosive growth of this data. This is a recipe that can lead to huge litigation costs later for companies when they have to reactively dig through mountains of information to provide timely responses for eDiscovery requests.
What’s driving those costs? Part of it is an increase in the number of lawsuits. Part of it are the new regulations that enterprises have to comply with in the wake of Enron, WorldCom, and Tyco. But probably the most important factor driving the increase in legal discovery costs is the rapid growth of electronic data that is generated and stored by companies as part of their ongoing business operations. While technology has made our lives at work easier and more productive, it has also contributed to the proliferation of electronically stored information (ESI). To make things more complicated, as much as 90% of all that information is unstructured and unmanaged. Most companies do not have well defined information management policies in place to manage the explosive growth of this data. This is a recipe that can lead to huge litigation costs later for companies when they have to reactively dig through mountains of information to provide timely responses for eDiscovery requests.
Monday, August 4, 2008
E-Discovery Faces a Language Barrier
John Tredennick is a lawyer and technologist, but lately he's been worrying about some odd things. Like the fact that Japanese is written with a combination of three different types of scripts, or that many languages run their words together without breaks between them. Trivia like this is usually of interest to linguists, but it has become a serious issue and nuisance for lawyers like Tredennick. That's because litigation is increasingly taking on international components, and legal technologists are struggling to incorporate foreign language documents into litigation.
Legal technology experts say that discovery in languages other than English have only recently begun to flood the system. "It's a trend that's simply exploded. Two years ago, if you'd asked me about foreign language electronic evidence, I would've said, 'yep, it's coming,'" says Tredennick, CEO of Catalyst Repository Systems, an e-discovery vendor. "But since then it's swelled to a flood. Back then I would've said the volume of such evidence was about zero terabytes. Now we see tens of terabytes of documents in languages other than English."
Friday, July 25, 2008
A Proposed "American Rule" for E-Discovery
The Court of Appeals recognized in the famous Mighty Midgets case that in contrast with the legal system of Great Britain, the "American Rule" is that each litigant generally pays their own way. They will not recover as damages the amount expended in the successful prosecution or defense of their rights, including attorney's fees.
The American Rule has some notable exceptions, but the full expenses of litigation generally are not recoverable because of "a fundamental legislative policy decision." The idea is to not "discourage submission of grievances to judicial determination" and to encourage free and equal access to the courts, without fear of penalties apart from the merits. Such a system, the Court of Appeals has recognized, "promotes democratic and libertarian principles."
Under the logic of the American Rule, a corollary might be that neither party shall be enabled to shift their discovery expenses to the other side, or cause the other side to incur expenses beyond those that are "normal" for the case. This begs a bunch of questions in the context of electronic discovery, because of the new opportunities to create or impose litigation costs.
The American Rule has some notable exceptions, but the full expenses of litigation generally are not recoverable because of "a fundamental legislative policy decision." The idea is to not "discourage submission of grievances to judicial determination" and to encourage free and equal access to the courts, without fear of penalties apart from the merits. Such a system, the Court of Appeals has recognized, "promotes democratic and libertarian principles."
Under the logic of the American Rule, a corollary might be that neither party shall be enabled to shift their discovery expenses to the other side, or cause the other side to incur expenses beyond those that are "normal" for the case. This begs a bunch of questions in the context of electronic discovery, because of the new opportunities to create or impose litigation costs.
Tuesday, July 22, 2008
Understanding E-Discovery
More than 99% of the world’s information is currently created electronically, and nearly every piece of electronically stored information (ESI) is potentially discoverable in a civil lawsuit. In an average case today, the process of exchanging ESI with an opposing party (known generally as electronic discovery or “e-discovery”) can mean processing, reviewing and producing potentially millions of pages of electronic documents. According to one estimate, a “midsize” lawsuit is now expected to generate between $2.5 and $3.5 million in e-discovery costs alone. E-discovery, according to one commentator, “represents the greatest sea change in the practice of law in recent memory.
Monday, July 14, 2008
Minimizing the Risk That E-Discovery Failures Will Create Corporate LIability
E-discovery practice in civil cases and government investigations has rapidly evolved since the onset of federal rules governing electronic discovery a little over a year ago. During its infancy, e-discovery was viewed as a costly but powerful tool that could generate "smoking gun" emails that would alter the outcome of cases. Just a few years ago, litigants were infrequently sanctioned for e-discovery failures, in part, because many judges gave litigants who botched e-discovery the benefit of the doubt and chalked up e-discovery mishaps to "the learning curve." Those days are over.
Judicial tolerance for shortcomings in e-discovery is on the decline, and litigants, their counsel and e-discovery vendors are facing direct liability for such failures. As a result, sensibly managing e-discovery is critical not only to success in the underlying litigation but to minimizing the possibility that e-discovery failures will become a source of liability in and of themselves. Before reviewing some ways to minimize the risk that e-discovery failures will create liability, this article draws upon two recent and notable e-discovery disputes to show how liability can arise.
Friday, June 27, 2008
E-Discovery: When Legal Trouble Hits, the Delete Button Will Not Protect You
Many businesses hardly give a second thought to old e-mails, digital documents, and instant messages. But, if you don't know how long employees are keeping these documents, you may very well have some legal time bombs sitting on your company's network or employee hard drives.
Recent headlines serve as a chilling reminder that the e-discovery process can unearth damaging data that sinks careers and company reputations.
Recent headlines serve as a chilling reminder that the e-discovery process can unearth damaging data that sinks careers and company reputations.
E-Discovery: IT Execs Overconfident and Underprepared
Almost 98% of IT executives rate their ability to respond to litigation as above average or very well prepared, according to a new survey from IDC. But according to analysts, they are vastly overrating themselves.
Adam Bendell, senior managing director at FTI Consulting, which commissioned the study, says there is a big disconnect between perceived and actual litigation readiness.
IT executives' perceived ability to respond to e-discovery requests "doesn't jive with the reality that other people involved in the survey or delivering [e-discovery] services see," he says.
Adam Bendell, senior managing director at FTI Consulting, which commissioned the study, says there is a big disconnect between perceived and actual litigation readiness.
IT executives' perceived ability to respond to e-discovery requests "doesn't jive with the reality that other people involved in the survey or delivering [e-discovery] services see," he says.
Review E-Discovery to Reduce Spoliation Risks
Have you ever been lucky enough to experience the feeling that comes over you when you learn that your client did not retain e-mails that are pertinent to litigation, whether it be that the e-mails were simply deleted or that your client's computer crashed three years ago and sent potentially relevant e-mails straight into Dante's eighth circle of hell? Quite an unsettling feeling. Despite counsel's best efforts, preservation of electronic information seems to be a constant sore spot in complex litigation.
In a post-Zubulake and Morgan Stanley world, where the amendments to the Federal Rules of Civil Procedure went into effect well over a year ago, the struggle with how to best manage electronic data discovery continues. See Zubulake v. UBS Warburg, 229 F.R.D 422 (S.D.N.Y. 2004); see Coleman Holdings v. Morgan Stanley, 2005 WL 679071 (Fla.Cir.Ct. March 1, 2005).
In a post-Zubulake and Morgan Stanley world, where the amendments to the Federal Rules of Civil Procedure went into effect well over a year ago, the struggle with how to best manage electronic data discovery continues. See Zubulake v. UBS Warburg, 229 F.R.D 422 (S.D.N.Y. 2004); see Coleman Holdings v. Morgan Stanley, 2005 WL 679071 (Fla.Cir.Ct. March 1, 2005).
Tuesday, June 3, 2008
Web 2.0 Collides With E-Discovery
You have received a document request from opposing counsel. Among the various items of calendar entries and e-mails requested is a request for "Any and all social networking or business networking information related to the key player(s)."
This raises questions of what is in scope, where is it, how much is enough, and who is responsible for producing it? Welcome to the collision between Web 2.0 and electronic data discovery.
This raises questions of what is in scope, where is it, how much is enough, and who is responsible for producing it? Welcome to the collision between Web 2.0 and electronic data discovery.
Why Your Business May Be At Risk . . .
Nearly all of the information now being created and stored by businesses is being created and stored electronically. Paper files and multiple versions of hard copy are becoming a thing of the past. It is no wonder that federal and state courts have amended procedural rules to recognize this trend, and included new obligations on lawyers and businesses (no matter how big or small) regarding electronically stored information ("ESI").
The impact of these new court rules goes far beyond those lawyers and businesses actively involved in a lawsuit; yet businesses continue to remain unprepared to manage these new ESI obligations. In fact, a recent survey of 200 United States commercial businesses conducted by Canvasse Opinion found that almost half of the companies do not have a strategy or policy in place on how to deal with ESI in litigation or in internal investigations.
The impact of these new court rules goes far beyond those lawyers and businesses actively involved in a lawsuit; yet businesses continue to remain unprepared to manage these new ESI obligations. In fact, a recent survey of 200 United States commercial businesses conducted by Canvasse Opinion found that almost half of the companies do not have a strategy or policy in place on how to deal with ESI in litigation or in internal investigations.
Unified Communications Bring E-discovery Headache
To its advocates, unified communications is considered the answer to a number of business communication issues. The integration of all communications, including voice and data, over the Internet is gaining wider adoption as organizations pursue it for cost savings, businesses process transformation, enhanced collaboration, and even “green” benefits.
In business, IP telephony has reached about 25 percent of the global market, and many organizations are considering wider deployment, according to Technology Futures, Inc. However, an e-discovery concern that still is somewhat under the radar could slow adoption as companies learn that the move away from traditional phone service includes the conversion of voice mails into e-mail in the form of wave (audio) files.
In business, IP telephony has reached about 25 percent of the global market, and many organizations are considering wider deployment, according to Technology Futures, Inc. However, an e-discovery concern that still is somewhat under the radar could slow adoption as companies learn that the move away from traditional phone service includes the conversion of voice mails into e-mail in the form of wave (audio) files.
Tuesday, May 20, 2008
But the eDiscovery Costs!
As a records manager, I have no problem with keeping email with valuable content as long as it is useful, but way keep a decade plus of all that other "stuff" that has no value? When litigation comes (and it will come) someone will have to sort through all of it when and search tools are only of limited use. Besides, while storage itself may be "cheap" (debatable), the cost of supporting that storage is not. At 25+ terabytes and counting, I know that many of my legal department colleagues and I are looking forward to some serious deletion.
The IT Manager as Pack Rat: E-Discovery Advice
Symantec Corp. hosted a virtual round table Friday that touched on some of the e-discovery issues troubling IT managers today, including the challenge of knowing what to chuck and what to keep.
Gregg Davis, CIO and senior vice-president of the San Mateo, Calif.-based construction company Webcor Builders said, "There are some challenges around information management--you can really upset the records management people. A lot of people don't bother to classify information. But IT has to stipulate that if it exists, it exists."
Gregg Davis, CIO and senior vice-president of the San Mateo, Calif.-based construction company Webcor Builders said, "There are some challenges around information management--you can really upset the records management people. A lot of people don't bother to classify information. But IT has to stipulate that if it exists, it exists."
New Amendments to Federal Rules of Civil Procedures Force Companies to Find New Email Management Systems
New amendments to the Federal Rules of Civil Procedures (court procedures for civil suits) are leading more companies to reevaluate their current email management and archiving systems and find e-discovery software that allows for quick searching and retrieval of electronically stored information (ESI) in response to litigation and discovery requests.
The new amendments to the Federal Rules of Civil Procedures, as well as other regulations such as Sarbanes-Oxley, require companies to have an understanding of the breadth and depth of their information stores and establish preservation policies, archive locations, search methods and deletion procedures to properly manage the life cycle of information in the eyes of the government and courts.
The new amendments to the Federal Rules of Civil Procedures, as well as other regulations such as Sarbanes-Oxley, require companies to have an understanding of the breadth and depth of their information stores and establish preservation policies, archive locations, search methods and deletion procedures to properly manage the life cycle of information in the eyes of the government and courts.
Thursday, April 24, 2008
Forensic Accounting: Finding the Smoking E-mail
Think you have a lot of e-mails? Those who work within the e-discovery process — the handling of electronic information and documents for litigation purposes — most likely have more.
“Many of the smoking guns in a lot of these cases reside in e-mail,” said Catherine Parente, CPA, ABV, CVA and partner-in-charge of the consulting services department at CPA and business advisory firm Carlin, Charron & Rosen LLP. She added that one of the cases she’s currently working on includes four boxes of records, two of which contain printed out e-mails.
“Many of the smoking guns in a lot of these cases reside in e-mail,” said Catherine Parente, CPA, ABV, CVA and partner-in-charge of the consulting services department at CPA and business advisory firm Carlin, Charron & Rosen LLP. She added that one of the cases she’s currently working on includes four boxes of records, two of which contain printed out e-mails.
Will Keeping Old E-mail Put You at Risk?
There is a mindset among many that retaining old e-mails will put a company at risk. Many reason that e-mails handed over to an adversary during e-discovery, for example, will contain a "smoking gun" that could result in embarrassment or the loss of a legal judgment.
In some cases, this mindset has been proven correct. We’ve seen examples in high profile cases over the years of CEOs and others who have said things in e-mail that they wish had not been available for presentation at trial or during pre-trial motions.
In some cases, this mindset has been proven correct. We’ve seen examples in high profile cases over the years of CEOs and others who have said things in e-mail that they wish had not been available for presentation at trial or during pre-trial motions.
In Search of Better E-Discovery Methods
As the burdens of e-discovery continue to mount, the search for a technological solution has only intensified. The holy grail here is a search methodology that will enable litigants to identify potentially relevant electronic documents reliably and efficiently.
In an effort to achieve these often competing objectives, litigants most commonly search repositories of electronic data for documents containing any number of defined search terms (keyword searches) or search terms appearing in a specified relation to one another (Boolean searches). These search technologies have been in use for years, both in litigation and elsewhere, and accordingly are well understood and widely accepted by courts and practitioners.
In an effort to achieve these often competing objectives, litigants most commonly search repositories of electronic data for documents containing any number of defined search terms (keyword searches) or search terms appearing in a specified relation to one another (Boolean searches). These search technologies have been in use for years, both in litigation and elsewhere, and accordingly are well understood and widely accepted by courts and practitioners.
Friday, April 11, 2008
Practical Tips On The Discovery Of Electronically Stored Information And Privilege And Confidentiality Problems
Case law continues to evolve on amendments to the Federal Rules of Civil Procedure that became effective in December of 2006. These amendments stated that parties are required to place a litigation hold on all documents and records relevant to a dispute, including electronically stored information, upon a reasonable expectation that a formal lawsuit will follow. With careful planning, parties can effectively address a number of recurring issues that have resulted from these amendments.
Thursday, March 27, 2008
Qualcomm Repute Had Been Violated By Legal Losses
Qualcomm was drowned by the issue of e-discovery misbehavior which had an impact on client, though it is a base line to E-discovery. The U.S district court of California issued a warning to the entire corporate litigant’s regarding the electronically stored documents and E-mails in the recent issues of Qualcomm faulty.
Subscribe to:
Posts (Atom)