E-Discovery: How do Litigation Hold, BYOD,
and Privacy affect you?
By Amelia Phillips, PhD
Chair, Pure & Applied Science D...
Agenda
• Define E-Discovery
• The challenge ahead
• Who does this affect?
• Privacy or corporate security
• Current tools
...
Defining E-Discovery
• “gathering electronically stored information (ESI) for
use in litigation”
• Discovery happens daily...
Whose Perspective?
Who needs to know about e-discovery?
Information Governance
Reference Model
© edrm.net
Potential Students / Target Audience
• IT / CIS Students
• MIS Students
• Paralegals
• Business Managers
• Production Mana...
Litigation Hold – what does that mean?
• If a litigation hold is in place
– Backups cannot be over written or deleted
– Ph...
Tools of the Trade
• Concordance
• Discovery Assistant by IMAGEMaker
• @LegalDiscovery
• Catalyst CR
• AD Summation iBlaze
• Nextpoint Discov...
Discovery Attender
Finding email
Choose Search Criteria
Search Results
Reverse Funnel Method
De-Duping
Email, Social media and Privacy
• Clandestine affair
• Sharing a login on Gmail but never
transmitting
• Cyberstalking and threats
HICSS44
Why action was ...
• 2 Generals implicated
• Over 30,000 documents most of which was email
examined
• Exposed that Google had responded to ov...
• Requests from governments
– 2009 - ~ 12,000
– 2012 – over 21,000
• U.S. certainly highest
• India
• U.K.
Google Transpar...
What ever happened to the
4th Amendment?
• Electronic Communications Privacy Act
• Created in 1986
• PCs were in their infancy
– Hard drives were 10 to 20 MB
– Eas...
• Accessing a computer or network without authorization
or by exceeding authorization
• Accessing a computer or network to...
• Transmitting programs, information, codes, or
commands to intentionally cause harm or damage to
networks or computers
• ...
• Stored Communications Act
• Supplement ECPA
• Offense.— Except as provided in subsection (c) of this section whoever—
• ...
• Existing Law:
• 180 days old – considered abandoned
No warrant!
The Catch
• Gmail
• Yahoo mail
• Dropbox
• SkyDrive
• Google docs
• Google+
Online email and storage
• Facebook
• MySpace
• Twitter
• What laws apply here?
Social Media
• ArchiveSocial – compliant with
– FINRA – Financial Industry Regulatory Authority
– SEC – Securities and Exchange Commiss...
BYOD, BYOA – whose line is it anyway?
• Interconnected far beyond imagined
• Business owner
– Cell phone
– Business computer
• One device compromised
– Have eve...
• Someone logs in at a coffee shop
– Shows up on their Facebook
– Shows up on their Twitter
• U.S. based companies spend o...
• 24 yr old Austrian law student
– Asked for his Facebook history
– Over 1200 pages long!
– Included items he
• Never post...
• The term Bring Your Own Device (BYOD) has become
common in the language today.
• Includes cell phones, smart phones, Bla...
• Issued by and paid for by the company
• Purchased and paid for by the employee
• Purchased and paid for by visitors
• Pu...
• The voicemail is stored on the servers of the provider
• Text messages are saved on the device
• Voicemail can be stored...
• Computers as closed containers
• U.S. v. Reyes in New York 1996
– Privacy of data on a pager
• United States v. Knotts a...
• Ohio State Supreme Court
– 2009
– Warrant needed to search a cell phone
• Oregon State Supreme Court
– Schlossberg v. So...
HICSS44
Search
incident to
Arrest
• Online Communications and Geolocation Protection Act
(OCGPA)
• Before the House in March 2013
• GPS
• Warrant for all el...
HICSS44
IRS Facebook
• Lady boasted on her Facebook about her and her
partner’s tax fraud
• Pictures of how much money they had made
• 57 count...
• Can a company require that you make them a friend
before they hire you?
• Can a company force you to give them your user...
New Technology
Forensic Linguistics
• International Association of Forensic Linguists
• Look for variations in the way things are phrased...
Dealing with Multinational Corporations
• Every country must deal with email, mobile
business and devices, data, ecommerce...
• Unique law enforcement concerns regarding the location of
potential digital evidence, its preservation, and its subseque...
• Since the data can be stored anywhere in the world, its
dispersal could be to a location or country where
privacy laws a...
• There are also potential forensic issues when the
customer or user exits a cloud application.
• Items subject to forensi...
• Over time, it's expected that clouds will contain more and
more evidence of criminal activity.
• The NIJ, recently revea...
• The demands of cloud forensics could prove costly as
lawsuits and investigations become more complex.
• A 2009 study by ...
• The U.S. government has also attempted to expand the scope
of data that can be lawfully requested without a warrant
thro...
• "Cloud forensics is difficult because there are
challenges with multi-tenant hosting,
synchronization problems and techn...
Privacy Laws
• USA citizens take the expectation of privacy for granted
• Privilege “according to UK common law … allows a...
Objectives of any Investigation
• That evidence obtained can hold up in court
• That the examiner can hold up under scruti...
The Expert
• What qualifies a person as a digital forensic expert?
• The qualifications of the person examining the eviden...
The Expert (cont’d)
• “Is it a state or federal matter to qualify digital
investigators?”
• The global economy and interna...
• ISO 27037:2012
• October 2012
• Digital Evidence First Responder (DEFR) as the one
who collects the evidence, chain of c...
Technology and E-evidence
• Email investigations
– Whose server are things located on?
– How was it transmitted?
– When is...
• Cloud-based electronic discovery tools might help to keep
these costs down.
• Companies including Orange, Autonomy, Clea...
What laws affect what you do?
DEMO of Law database
• E-discovery is here to stay
• New challenges
• Affects legal, business, and IT students /
professionals alike
• Needs to...
Questions?
E-Discovery: How do Litigation Hold, BYOD, and Privacy Affect You? - Course Technology Computing Conference
E-Discovery: How do Litigation Hold, BYOD, and Privacy Affect You? - Course Technology Computing Conference
Upcoming SlideShare
Loading in...5
×

E-Discovery: How do Litigation Hold, BYOD, and Privacy Affect You? - Course Technology Computing Conference

558

Published on

E-Discovery: How do Litigation Hold, BYOD, and Privacy Affect You? - Course Technology Computing Conference

Presenter: Amelia Phillips, Highline Community College

E-discovery is defined as “gathering electronically stored information (ESI) for use in litigation”. At first glance, this appears to be a straightforward statement, but upon further examination one finds that it encompasses a broad range of items. Over 90% of documents produced by companies now are electronic. Older paper files have been converted to microfiche or PDF files. Add to this email, text messages, social media (yes, even the IRS has a Facebook page) and you have an idea of the amount of information that becomes this new term called “Big Data”. Terabytes of data will soon become petabytes of data. Are we ready? Are our students prepared for this new era? E-Discovery is a field that affects not only the lawyers, but the IT support staff, and how companies do business. In this talk you will be introduced to some of the new technology in the field such as predictive coding, forensic linguistics, and social media archiving. You will also be shown some of the new tools on the market that you can use in your classrooms to prepare your students and yourself for this fast evolving arena. What does a company need to do when a litigation hold is in place? What response needs to come from the legal staff, the IT support staff, the managers, and the average employee? How does this affect the BYOD (Bring Your Own Device) policies? Which comes first - employee privacy, freedom of information or corporate security? You will walk away from this talk with a methodology to incorporate this new topic into your curriculum. You will also be given ideas of how to make this affordable for your labs, what foundations your students need, and how to deliver this in a way that appeals to the business, IT or legal oriented student. This topic affects them all. Come and find out why this is something they need to be successful in tomorrow's market.

Published in: Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
558
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
8
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

E-Discovery: How do Litigation Hold, BYOD, and Privacy Affect You? - Course Technology Computing Conference

  1. 1. E-Discovery: How do Litigation Hold, BYOD, and Privacy affect you? By Amelia Phillips, PhD Chair, Pure & Applied Science Division CIS and Computer Science Departments Regional Director PRCCDC Highline Community College Seattle WA
  2. 2. Agenda • Define E-Discovery • The challenge ahead • Who does this affect? • Privacy or corporate security • Current tools • New technology
  3. 3. Defining E-Discovery • “gathering electronically stored information (ESI) for use in litigation” • Discovery happens daily and is the compulsary disclosure of data, facts and documents in civil and criminal cases. • Legal council generally exists on both sides from the beginning
  4. 4. Whose Perspective?
  5. 5. Who needs to know about e-discovery? Information Governance Reference Model © edrm.net
  6. 6. Potential Students / Target Audience • IT / CIS Students • MIS Students • Paralegals • Business Managers • Production Managers
  7. 7. Litigation Hold – what does that mean? • If a litigation hold is in place – Backups cannot be over written or deleted – Physical files cannot be shredded – Files cannot be deleted – What happens to the BYODs? • Corporate policies need to be in place – Educate the employees
  8. 8. Tools of the Trade
  9. 9. • Concordance • Discovery Assistant by IMAGEMaker • @LegalDiscovery • Catalyst CR • AD Summation iBlaze • Nextpoint Discovery Cloud • Sherpa Software Discovery Attender • And more E-Discovery Tools
  10. 10. Discovery Attender
  11. 11. Finding email
  12. 12. Choose Search Criteria
  13. 13. Search Results
  14. 14. Reverse Funnel Method
  15. 15. De-Duping
  16. 16. Email, Social media and Privacy
  17. 17. • Clandestine affair • Sharing a login on Gmail but never transmitting • Cyberstalking and threats HICSS44 Why action was needed NOW
  18. 18. • 2 Generals implicated • Over 30,000 documents most of which was email examined • Exposed that Google had responded to over 7,000 requests from the US government from January to June 2012 Resulted in the following:
  19. 19. • Requests from governments – 2009 - ~ 12,000 – 2012 – over 21,000 • U.S. certainly highest • India • U.K. Google Transparency Report
  20. 20. What ever happened to the 4th Amendment?
  21. 21. • Electronic Communications Privacy Act • Created in 1986 • PCs were in their infancy – Hard drives were 10 to 20 MB – Easy drive at 60 MB was the largest in 1988 – Files were 10 to 20 kb – Email was at a premium ECPA
  22. 22. • Accessing a computer or network without authorization or by exceeding authorization • Accessing a computer or network to collect financial information, credit information, or other information from a government computer or any protected computer • Making a computer or network unavailable for its intended use by a department of the U.S. government or another entity ECPA lists as violations:
  23. 23. • Transmitting programs, information, codes, or commands to intentionally cause harm or damage to networks or computers • Accessing information on a computer or network to commit fraud or cause damage, whether intentionally or as a result of reckless actions • Intentionally obtaining and trafficking in passwords • Threatening harm to a computer or network for use in extortion or a similar practice ECPA (more violations)
  24. 24. • Stored Communications Act • Supplement ECPA • Offense.— Except as provided in subsection (c) of this section whoever— • (1) intentionally accesses without authorization a facility through which an electronic communication service is provided; or • (2) intentionally exceeds an authorization to access that facility; and thereby obtains, alters, or prevents authorized access to a wire or electronic communication while it is in electronic storage in such system shall be punished as provided in subsection (b) of this section. SCA
  25. 25. • Existing Law: • 180 days old – considered abandoned No warrant! The Catch
  26. 26. • Gmail • Yahoo mail • Dropbox • SkyDrive • Google docs • Google+ Online email and storage
  27. 27. • Facebook • MySpace • Twitter • What laws apply here? Social Media
  28. 28. • ArchiveSocial – compliant with – FINRA – Financial Industry Regulatory Authority – SEC – Securities and Exchange Commission – FOIA – Freedom of Information Act – FRCP – Federal Rules of Civil Procedure – SOX – Sarbanes-Oxley • Other software – Actiance – X1 Discovery – Patrina Corporation – Reed Archives Social Media Archiving
  29. 29. BYOD, BYOA – whose line is it anyway?
  30. 30. • Interconnected far beyond imagined • Business owner – Cell phone – Business computer • One device compromised – Have everything Mobile Devices
  31. 31. • Someone logs in at a coffee shop – Shows up on their Facebook – Shows up on their Twitter • U.S. based companies spend over $2 billion annually for such demographics • What are your rights? Who knows where you are?
  32. 32. • 24 yr old Austrian law student – Asked for his Facebook history – Over 1200 pages long! – Included items he • Never posted • Had deleted • “Europe has come to the conclusion that none of the companies can be trusted,” said Simon Davies, the director of the London- based nonprofit Privacy International. “The European Commission is responding to public demand. There is a growing mood of despondency about the privacy issue.” (Semgupta, 2012) EU Privacy Laws
  33. 33. • The term Bring Your Own Device (BYOD) has become common in the language today. • Includes cell phones, smart phones, Blackberry devices, palmtops, laptops, iPhones, iPads and items that are still be invented. • Are they part of a litigation hold? • Does the employee have the right to delete their personal information? BYOD
  34. 34. • Issued by and paid for by the company • Purchased and paid for by the employee • Purchased and paid for by visitors • Purchased and paid for by patients • And where is the information stored? BYOD (cont’d)
  35. 35. • The voicemail is stored on the servers of the provider • Text messages are saved on the device • Voicemail can be stored on some smart phones • Email is stored with the email server whether it be Yahoo, Gmail, or corporate server • File attachments could be located on the corporate servers, on the cloud or home machine. BYOD (part 3)
  36. 36. • Computers as closed containers • U.S. v. Reyes in New York 1996 – Privacy of data on a pager • United States v. Knotts and United States v. Karo – U.S. Supreme Court – Tracking devices – On public street or in private dwelling Mobile devices and the Law
  37. 37. • Ohio State Supreme Court – 2009 – Warrant needed to search a cell phone • Oregon State Supreme Court – Schlossberg v. Solesbee – 2012 – Search incident to arrest Case Law on cell phones
  38. 38. HICSS44 Search incident to Arrest
  39. 39. • Online Communications and Geolocation Protection Act (OCGPA) • Before the House in March 2013 • GPS • Warrant for all electronic messages regardless of age • Just approved this week in the Senate Subcommittee HICSS44 New Proposed Law
  40. 40. HICSS44 IRS Facebook
  41. 41. • Lady boasted on her Facebook about her and her partner’s tax fraud • Pictures of how much money they had made • 57 counts of tax fraud HICSS44 Tax Fraud Pioneer
  42. 42. • Can a company require that you make them a friend before they hire you? • Can a company force you to give them your username and password on Facebook or MySpace to get a rating? • Can conversations on social media be used against you? • Can such exchanges hold up in court? HICSS44 Social Media and Investigations
  43. 43. New Technology
  44. 44. Forensic Linguistics • International Association of Forensic Linguists • Look for variations in the way things are phrased, cadence, etc. • Very effective in spotting fraudulent documents
  45. 45. Dealing with Multinational Corporations • Every country must deal with email, mobile business and devices, data, ecommerce, Black Berries, and PDAS • Privacy laws vary from country to country. • Chain of custody • Qualifications of examiners • Process and procedure HCSS44
  46. 46. • Unique law enforcement concerns regarding the location of potential digital evidence, its preservation, and its subsequent forensic analysis. • For instance, if a customer or business becomes the target of a criminal investigation, they could migrate their working environment to a cloud environment. • This would provide a means for the business to continue its routine operations while the migrated environment is forensically analyzed.4 • However, this is not without risk. The migrated data only represents a “snapshot” of when it was sent to the cloud. Case proposed by John Barbara
  47. 47. • Since the data can be stored anywhere in the world, its dispersal could be to a location or country where privacy laws are not readily enforced or non-existent. • Establishing a chain of custody for the data would become difficult or impossible if its integrity and authenticity cannot be fully determined (where was it stored, who had access to view it, was there data leakage, commingling of data, etc.). JJ Barbara (slide 2)
  48. 48. • There are also potential forensic issues when the customer or user exits a cloud application. • Items subject to forensic analysis, such as registry entries, temporary files, and other artifacts (which are stored in the virtual environment) are lost - making malicious activity difficult to substantiate: JJ Barbara (slide 3)
  49. 49. • Over time, it's expected that clouds will contain more and more evidence of criminal activity. • The NIJ, recently revealed plans to fund research into improved electronic forensics in several areas, including the cloud. • Cloud providers and customers need to set up their infrastructures to meet these lawful requests or face fines and other legal repercussions. – do so without violating local privacy laws or accidentally giving away competitive secrets. George Lawton’s Opinion
  50. 50. • The demands of cloud forensics could prove costly as lawsuits and investigations become more complex. • A 2009 study by McKinsey & Company – electronic discovery requests were growing by 50% annually. – Growth in e-discovery spending from $2.7 billion in 2007 to $4.6 billion in 2010, according to a Socha Consulting LLC survey. Lawton (slide 2)
  51. 51. • The U.S. government has also attempted to expand the scope of data that can be lawfully requested without a warrant through a National Security Letter (NSL). • In August, the Obama administration requested to add "electronic communication transaction records" to the data included in an NSL, – Require providers to include the addresses a user has emailed, the times and dates of transactions, and possibly a user's browser history. – Have to ensure that the provider's infrastructure can deliver on these requests in a timely manner. Lawton (slide 3)
  52. 52. • "Cloud forensics is difficult because there are challenges with multi-tenant hosting, synchronization problems and techniques for segregating the data in the logs," • "Right now, most of the cloud service providers are not open to talking about this because they don't know the issue ." Lawton (slide 4)
  53. 53. Privacy Laws • USA citizens take the expectation of privacy for granted • Privilege “according to UK common law … allows a person to refuse to testify on a matter or to withhold information” – Includes self incrimination – Legal counsel privilege – Statements made without prejudice • China and Japan (and other non-English speaking nations) have laws that are significantly different HICSS44
  54. 54. Objectives of any Investigation • That evidence obtained can hold up in court • That the examiner can hold up under scrutiny HICSS44
  55. 55. The Expert • What qualifies a person as a digital forensic expert? • The qualifications of the person examining the evidence should be easily identifiable in all parts of the world • On the international front, many use vendor certifications. • In the US, several states - against the resolution of the American Bar Association (ABA) - instituted requirements that all computer forensics investigators be licensed private investigators. HICSS44
  56. 56. The Expert (cont’d) • “Is it a state or federal matter to qualify digital investigators?” • The global economy and international crime require an international standard that is beyond the boundaries of vendor certification • The ISFCE has created certifications which are accepted in many countries. • SANS has created a body of knowledge that constitutes what is needed for a person qualified in the field. HICSS44
  57. 57. • ISO 27037:2012 • October 2012 • Digital Evidence First Responder (DEFR) as the one who collects the evidence, chain of custody, and storage of digital evidence • Gives guidelines for transmission of ESI New ISO standard
  58. 58. Technology and E-evidence • Email investigations – Whose server are things located on? – How was it transmitted? – When is a wiretap law needed? – When are you dealing with stored messages? – How to put laws in place that addresses these issues is another challenge. HICSS44
  59. 59. • Cloud-based electronic discovery tools might help to keep these costs down. • Companies including Orange, Autonomy, Clearwell and Kazeon have launched hosted services for collecting, preserving and analyzing digital evidence. • Gartner research director Debra Logan said she expects that many corporations will start investing in e-discovery infrastructure and that, by 2012, companies without this infrastructure will spend 33% more to meet these requests. Technology and E-Evidence
  60. 60. What laws affect what you do?
  61. 61. DEMO of Law database
  62. 62. • E-discovery is here to stay • New challenges • Affects legal, business, and IT students / professionals alike • Needs to become part of the curriculum • Global issue Summary
  63. 63. Questions?
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×