ACI’s lauded Cyber & Data Risk Insurance conference is the highest-level event that provides maximum opportunities to learn from and network with underwriters, brokers, claims managers and industry leaders, and helps you keep pace with the ever-changing cyber insurance market. It’s also the only conference that brings you regulatory and enforcement priorities straight from the federal and state government themselves.
Workplace Privacy and Employee Monitoring: Laws and Methodscmilliken09
As a final business project we were instructed to develop a business document with research and documentation on a subject dealing with business law. I chose to create a document about workplace privacy because it was an interesting topic to me. Understanding these laws and methods after writing this paper allowed me to fully understand the rights and actions that an employee/employer is liable for.
Open Source Insight: Hospital, Medical Devices, Banking, and Automotive Cyber...Black Duck by Synopsys
A wide spectrum of cybersecurity and open source security news in this week’s Open Source Insight, including the need for hospitals to ramp up their cybersecurity efforts; the need to include open source security in any plan to secure medical devices; a major data breach at Italian bank Unicredit; two Black Duck executives share their views on open source security in video interviews; and why the automotive industry many be close to an iPhone moment.
ACI’s lauded Cyber & Data Risk Insurance conference is the highest-level event that provides maximum opportunities to learn from and network with underwriters, brokers, claims managers and industry leaders, and helps you keep pace with the ever-changing cyber insurance market. It’s also the only conference that brings you regulatory and enforcement priorities straight from the federal and state government themselves.
Workplace Privacy and Employee Monitoring: Laws and Methodscmilliken09
As a final business project we were instructed to develop a business document with research and documentation on a subject dealing with business law. I chose to create a document about workplace privacy because it was an interesting topic to me. Understanding these laws and methods after writing this paper allowed me to fully understand the rights and actions that an employee/employer is liable for.
Open Source Insight: Hospital, Medical Devices, Banking, and Automotive Cyber...Black Duck by Synopsys
A wide spectrum of cybersecurity and open source security news in this week’s Open Source Insight, including the need for hospitals to ramp up their cybersecurity efforts; the need to include open source security in any plan to secure medical devices; a major data breach at Italian bank Unicredit; two Black Duck executives share their views on open source security in video interviews; and why the automotive industry many be close to an iPhone moment.
Open Source Insight: HBO, Voting Machines & Car Washes Hacked & Black Hat /...Black Duck by Synopsys
While there’s been plenty of attention focused on possible hacks with vehicles, a group of security researchers recently found vulnerabilities in internet-connected, drive-through car washes. Voting machines are hacked in less than 90 minutes at DEFCON. Is Shodan the world’s scariest search engine? How did HBO get hacked? And Black Duck reports record revenue and record revenue growth for the first half of 2017.
Legal vectors - Survey of Law, Regulation and Technology RiskWilliam Gamble
Survey of law, regulation and technology risk including new cyber security regulations, HIPAA, European Privacy GDPR, Internet of Things Liability, State Law
William Gamble
Presented by The National Underwriter Company, and brought to you by FC&S Legal:
Insurance coverage experts Anjali C. Das and Jerold Oshinsky provide a timely presentation on cyber liability insurance--offering practical tools and guidance on key insurance coverage issues.
Also included: The latest cyber policies—including a discussion of key policy provisions and leading cases that have interpreted the new policies.
Viewers will also find vital information on:
• Examples of the kinds of claims asserted for data breach and privacy
• Coverage under traditional policies: ISO Pre-2001 CGL; ISO Post-2001 CGL
• The evolution of case law for coverage under traditional policies
• Why corporate boards should pay attention to cyber risk, including statistics, D&O Exposure, and D&O Policies
As mobile devices become more commonplace, communication and information sharing will increasingly be done via an iPhone, tablet, or potentially eyewear.
How will this change the legal industry and client and practice management?
Learn more from Jeff Richardson, the blogger behind iPhone J.D. and Joshua Lenon, Clio’s Director of Communications, as they discuss how lawyers are using their mobile devices and apps when practicing law.
This webinar will cover:
- Best practices for securing your mobile device
- What legal activities are best suited for mobile practice
- A review of apps that lawyers are using today
Open Source Insight: HBO, Voting Machines & Car Washes Hacked & Black Hat /...Black Duck by Synopsys
While there’s been plenty of attention focused on possible hacks with vehicles, a group of security researchers recently found vulnerabilities in internet-connected, drive-through car washes. Voting machines are hacked in less than 90 minutes at DEFCON. Is Shodan the world’s scariest search engine? How did HBO get hacked? And Black Duck reports record revenue and record revenue growth for the first half of 2017.
Legal vectors - Survey of Law, Regulation and Technology RiskWilliam Gamble
Survey of law, regulation and technology risk including new cyber security regulations, HIPAA, European Privacy GDPR, Internet of Things Liability, State Law
William Gamble
Presented by The National Underwriter Company, and brought to you by FC&S Legal:
Insurance coverage experts Anjali C. Das and Jerold Oshinsky provide a timely presentation on cyber liability insurance--offering practical tools and guidance on key insurance coverage issues.
Also included: The latest cyber policies—including a discussion of key policy provisions and leading cases that have interpreted the new policies.
Viewers will also find vital information on:
• Examples of the kinds of claims asserted for data breach and privacy
• Coverage under traditional policies: ISO Pre-2001 CGL; ISO Post-2001 CGL
• The evolution of case law for coverage under traditional policies
• Why corporate boards should pay attention to cyber risk, including statistics, D&O Exposure, and D&O Policies
As mobile devices become more commonplace, communication and information sharing will increasingly be done via an iPhone, tablet, or potentially eyewear.
How will this change the legal industry and client and practice management?
Learn more from Jeff Richardson, the blogger behind iPhone J.D. and Joshua Lenon, Clio’s Director of Communications, as they discuss how lawyers are using their mobile devices and apps when practicing law.
This webinar will cover:
- Best practices for securing your mobile device
- What legal activities are best suited for mobile practice
- A review of apps that lawyers are using today
Advanced PII / PI data discovery and data protectionUlf Mattsson
We will discuss using Advanced PII/PI Discovery to Find & Inventory All Personal Data at an Enterprise Scale.
Learn about new machine learning & identity intelligence technology.
You will learn how to:
• Identify all PII across structured, unstructured, cloud & Big Data.
• Inventory PII by data subject & residency for GDPR.
• Measure data re-identifiability for pseudonymization.
• Uncover dark or uncatalogued data.
• Fix data quality, visualize PII data relationships
• Apply data protection to discovered sensitive data.
As our digital records are likely to be cyber-breached several times and/or we all have to deal with legal proceedings, learn how to use digital forensics experts efficiently.
Protecting Data Privacy in Analytics and Machine LearningUlf Mattsson
In this session, we will discuss a range of new emerging technologies for privacy and confidentiality in machine learning and data analytics. We will discuss how to use open source tools to put these technologies to work for databases and other data sources.
When we think about developing AI responsibly, there’s many different activities that we need to think about. In this session, we will discuss technologies that help protect people, preserve privacy, and enable you to do machine learning confidentially.
This session discusses industry standards and emerging privacy-enhanced computation techniques, secure multiparty computation, and trusted execution environments. We will discuss Zero Trust philosophy fundamentally changes the way we approach security since trust is a vulnerability that can be exploited particularly when working remotely and increasingly using cloud models. We will also discuss the “why, what, and how” of techniques for privacy preserving computing.
We will review how different industries are taking opportunity of these privacy preserving techniques. A retail company used secure multi-party computation to be able to respect user privacy and specific regulations and allow the retailer to gain insights while protecting the organization’s IP. Secure data-sharing is used by a healthcare organization to protect the privacy of individuals and they also store and search on encrypted medical data in cloud.
We will also review the benefits of secure data-sharing for financial institutions including a large bank that wanted to broaden access to its data lake without compromising data privacy but preserving the data’s analytical quality for machine learning purposes.
https://digitalguardian.com/blog/social-engineering-attacks-common-techniques-how-prevent-attack
Statement of Michelle Richardson, Director, Privacy & Data
Center for Democracy & Technology
before the
United States Senate Committee on the Judiciary
GDPR & CCPA: Opt-ins, Consumer Control, and the Impact on Competition and Innovation
March 12, 2019
On behalf of the Center for Democracy & Technology (CDT), thank you for the
opportunity to testify about the importance of crafting a federal consumer privacy law that
provides meaningful protections for Americans and clarity for entities of all sizes and sectors.
CDT is a nonpartisan, nonprofit 501(c)(3) charitable organization dedicated to advancing the
rights of the individual in the digital world. CDT is committed to protecting privacy as a
fundamental human and civil right and as a necessity for securing other rights such as access to
justice, equal protection, and freedom of expression. CDT has offices in Washington, D.C., and
Brussels, and has a diverse funding portfolio from foundation grants, corporate donations, and
individual donations.1
The United States should be leading the way in protecting digital civil rights. This hearing
is an opportunity to learn how Congress can improve upon the privacy frameworks offered in
the European Union via the General Data Protection Regulation (GDPR) and the California
Consumer Privacy Act (CCPA) to craft a comprehensive privacy law that works for the U.S. Our
digital future should be one in which technology supports human rights and human dignity. This
future cannot be realized if people are forced to choose between protecting their personal
information and using the technologies and services that enhance our lives. This future depends
on clear and meaningful rules governing data processing; rules that do not simply provide
1 All donations over $1,000 are disclosed in our annual report and are available online at:
https://cdt.org/financials/.
2
people with notices and check boxes but actually protect them from privacy and security
abuses and data-driven discrimination; protections that cannot be signed away.
Congress should resist the narratives that innovative technologies and strong privacy
protections are fundamentally at odds, and that a privacy law would necessarily cement the
market dominance of a few large companies. Clear and focused privacy rules can help
companies of all sizes gain certainty with respect to appropriate and inappropriate uses of data.
Clear rules will also empower engineers and product managers to design for privacy on the
front end, rather than having to wait for a public privacy scandal to force the rollback of a
product or data practice.
We understand that drafting comprehensive privacy legislation is a complex endeavor.
Over the past year we have worked with partners in civil societ.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
20 Comprehensive Checklist of Designing and Developing a WebsitePixlogix Infotech
Dive into the world of Website Designing and Developing with Pixlogix! Looking to create a stunning online presence? Look no further! Our comprehensive checklist covers everything you need to know to craft a website that stands out. From user-friendly design to seamless functionality, we've got you covered. Don't miss out on this invaluable resource! Check out our checklist now at Pixlogix and start your journey towards a captivating online presence today.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Building RAG with self-deployed Milvus vector database and Snowpark Container...Zilliz
This talk will give hands-on advice on building RAG applications with an open-source Milvus database deployed as a docker container. We will also introduce the integration of Milvus with Snowpark Container Services.
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIVladimir Iglovikov, Ph.D.
Presented by Vladimir Iglovikov:
- https://www.linkedin.com/in/iglovikov/
- https://x.com/viglovikov
- https://www.instagram.com/ternaus/
This presentation delves into the journey of Albumentations.ai, a highly successful open-source library for data augmentation.
Created out of a necessity for superior performance in Kaggle competitions, Albumentations has grown to become a widely used tool among data scientists and machine learning practitioners.
This case study covers various aspects, including:
People: The contributors and community that have supported Albumentations.
Metrics: The success indicators such as downloads, daily active users, GitHub stars, and financial contributions.
Challenges: The hurdles in monetizing open-source projects and measuring user engagement.
Development Practices: Best practices for creating, maintaining, and scaling open-source libraries, including code hygiene, CI/CD, and fast iteration.
Community Building: Strategies for making adoption easy, iterating quickly, and fostering a vibrant, engaged community.
Marketing: Both online and offline marketing tactics, focusing on real, impactful interactions and collaborations.
Mental Health: Maintaining balance and not feeling pressured by user demands.
Key insights include the importance of automation, making the adoption process seamless, and leveraging offline interactions for marketing. The presentation also emphasizes the need for continuous small improvements and building a friendly, inclusive community that contributes to the project's growth.
Vladimir Iglovikov brings his extensive experience as a Kaggle Grandmaster, ex-Staff ML Engineer at Lyft, sharing valuable lessons and practical advice for anyone looking to enhance the adoption of their open-source projects.
Explore more about Albumentations and join the community at:
GitHub: https://github.com/albumentations-team/albumentations
Website: https://albumentations.ai/
LinkedIn: https://www.linkedin.com/company/100504475
Twitter: https://x.com/albumentations
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfMalak Abu Hammad
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
2. Everything’s on your Phone
Mobile devises are “such a pervasive and insistent
part of daily life that the proverbial visitor from
Mars might conclude that they were an important
feature of human anatomy.”
~ Chief Justice Roberts in Riley v. California
2
3. Smartphone Usage
198M people in the U.S. own smartphones
65% of all minuetes spent on digital devices are on smartphones
25% of all users only access the web thru mobile devices
Leading uses are social media and IMS.
93% of smartphone users use text messenging.
Leading Apps:
• Facebook – 81% market penetration
• Facebook Messenger – 68%
• Instagram – 50%
• Snapchat – 50%
3
4. Smartphones in Business
80% of people use texting for business
42% of financial service providers use texting for
business
83% of businesses allow employees to use their
smartphones for business purposes
A BIG CONCERN OF BUSINESSES IS THE
CONCERN THAT CORPORATE DATA IS FINDING
ITS WAY ONTO EMPLOYEE-OWNED
SMARTPHONES.
4
5. Smartphones & ESI
Because Smartphones have become ubiquitous:
- 50% of all lawsuits involved preservation or collection of
mobile device data.
- 93% of all relevant mobile devices were smartphones.
Evidence sources from smartphones were an evidence source
very frequently in 81% of cases.
Computers were sources of evidence in 52% of cases.
~ Cellbrite Report on Industry Trends for Law Enforcement
5
6. Mobile Devise Exams are Intrusive
We store everything on them including passwords, SSNs,
garage door codes, location data, financial info, and private
correspondence.
Imaging of a mobile device collects everything and pre-
filtering is not usually possible.
All filtering is done post-collection.
This is the main reason there is a fight over imaging and
analysis of mobile devices.
A well crafter protocol will help alleviate these concerns.
When a forensic exam is unavoidable, suggest a neutral third
party conduct the exam pursuant to an agreed-upon protocol
that carefully limits what is to be disclosed to the data that is
relevant and proportional to the needs of the case.
6
8. Smartphones & eDiscovery
Mobile device ESI is just another type of data.
- Emails, texts, and chats are a form of communicaiton
- ESI from mobile devices is relevant, unique and compelling.
Discoverable pursuant to FRCP 34(a)(1)(A) and ISCR 214.
Subject to litigation holds and preservation orders.
But it is subject to the proportionality limitations set forth in
Rule 26(b)(1) and ISCR 201(c)(3)
Before permitting discovery of information on cellphones and
similar devices, courts must balance privacy and confidentiality
interests as required under FRCP 34.
8
9. Smartphones & Privacy
Electronic Communications Privacy Act
(“ECPA”) makes it illegal to share digital
content under certain circumstances.
Computer Fraud and Abuse Act
(“CFAA”)keeps people from getting into
computers without authorization or consent.
• Though the law does not explicitly include cell
phones, some courts may now consider cell phones
to be computers, and therefore, protected under
the act.
Stored Communications Act (“SCA”)
addresses voluntary and compelled
disclosure of stored electronic
communication records held by ISPs. 9
10. Smartphones & Privacy
We store everything on our Smartphones which is why the
use of cell phone evidence in court obtained from a user’s
service provider raise significant privacy concerns.
The Supreme Court considered the question in the context of
a criminal case in Riley v. California (2014)
• Cell phone data could not be accessed without a warrant,
even in a search incident to an arrest.
• Citing privacy concerns, the court reasoned that, unless
the phone could be used as a weapon, the user’s privacy
outweighed the officers’ need for the evidence that might
exist within the phone.
The Supreme Court considered the issue again in Carpenter v.
United States (2018) and confirmed cell phone users’
legitimate expectation of privacy when using mobile devices.
10
11. Smartphones, Courts & Privacy
When parties cannot agree on production of
relevant data from a smartphone, courts
have the power to order a forensic
examination.
But …. courts will safeguard privacy
interests and generally require a showing
that a party has failed to produce relevant
information before ordering a forensic
examination.
The general rule is no forensic exam
absence a showing of need or failure to
produce evidence. 11
12. Smartphones & Discovery
Hespe v. City of Chicago, No. 13-C-7998
(N.D.Ill. Dec. 15, 2016)
• City wanted to search Pl’s personal mobile
devices
• Pl claimed all relevant materials were produced
• Court denied the City’s request because:
Request was not proportional to the needs of
the case
Any benefit of the inspection is “outweighed
by Pl’s privacy and confidentiality interests.”
12
13. Smartphones & Discovery
If cellphone records are relevant,
then:
•Ask for the opposing party to
sign a release and authorization
to the provider company.
•Get a court order approving the
issuance of a subpoena.
13
14. Smartphones, Privacy & FRCP 34
“Inspection or testing of certain types of electronically stored
information or of a responding party’s electronic information
system may raise issues of confidentiality or privacy.
The addition of testing and sampling to Rule 34(a) with
regard to documents and electronically stored information is
not meant to create a routine right of direct access to a
party’s electronic information system, although such access
might be justified in some circumstances.
Courts should guard against undue intrusiveness resulting
from inspecting or testing such systems.”
Fed. R. Civ. P. 34, Advisory Committee Notes to 2006 Amendments
14
15. Rules of Practice
If relevant, then preservation and production is required.
Potentially serious consequences for inadvertent loses of data
• Spoliation
Do not delay in preservation steps. DO IT ASAP!
Text messages are not available after a few days from the
service provider.
• But phone records from the wireless carrier can establish that texts were
sent.
Possession, custody and control of the devices may be a
problem with company-owned devices.
Proportionality arguments are a hinderance to getting data from
the responding party.
Smartphone data are not covered by ECPA, SCA or CFAA in
ways that prevent discovery.
15
16. Best Practices for Smartphones
If you feel that a party’s Smartphone holds critical data:
Send a preservation demand ASAP
Tailor discovery requests seeking only relevant and proportional
information that cannot be obtained elsewhere.
Propose a protocol by which relevant information can be
extracted by a neutral third party without disclosure of
confidential, personal information.
Work cooperatively with your opponent to limit discovery to
matters proportional to the needs of the case, and make clear
what you are not providing and why.
Consider alternative, less burdensome or less intrusive sources
for the information sought.
When a forensic exam is unavoidable, suggest a neutral third
party conduct the exam pursuant to an agreed-upon protocol
that carefully limits what is to be disclosed to the data that is
relevant and proportional to the needs of the case. 16
17. Your Client’s Smartphone
If you think you need the data, isolate the device.
Preserve the data as soon as possible.
• Data has a way of “disappearing”
How you collect the data depends on factors such
as make, model, operating system, carrier and
settings.
Special forensic tools are required to extract as
much data as possible.
Hire a consultant to extract the data and to give
you the requisite IRE 902(13) Affidavit.
17
18. Collection Software
Touch2 – made by Israeli company Cellebrite
Universal extraction device
Pulls data from almost any gadget
Preserves the data in a format courts accept
Cloud Analyzer
Reaches the data on Google’s servers
Tracks location points
Can pinpoint a person’s location at a specific time.
Hire a professional forensic examiner.
18
20. Smartphones & the Third Pary Doctrine
The "third party doctrine"
Individuals have a reduced expectation of privacy when it
relates to information knowingly shared with a third party,
including cell phone companies.
Therefore, such information is not protected by the
Fourth Amendment and police don't need a warrant to
legally access it.
See: Smith v. Maryland, U.S. Supreme court 1979
In Carpenter v. U.S. (Supreme Court 2018) held that
the use of cell site location info (CSLI) is not subject to
the third party doctrine.
CSLI is data generated every time your phone
connects to a nearby tower.
20
21. Authentication of Evidence
Authentication of evidence is governed by Rule of
Evidence 901”
“To satisfy the requirement of authenticating or
identifying an item of evidence, the proponent must
produce evidence sufficient to support a finding that the
item is what the proponent claims it is.”
In other words, the authentication requirement
means that there must be a showing that the
“smoking gun” email, for example:
• is not a forgery and
• was actually sent and received
21
22. Authentication of Evidence
The bar for authentication of evidence is not high.
The prima facie showing can be made using direct
evidence or circumstantial evidence.
Courts tend to conduct this analysis regarding
conventional evidence by using a “reasonable
person” standard.
The same “reasonable person” analysis seemingly is
becoming the general rule for social media evidence
authentication despite some modern complications.
22
23. Authentication of Evidence
The Sedona Conference came out with a new paper
which is required reading if you are dealing with
evidentiary issues with ESI:
“The Sedona Conference Commentary on ESI
Evidence and Admissibility, Second Edition”
Also, required reading:
Lorraine v. Markel American Insurance Company,
241 F.R.D. 534 (D.MD. 2007)
23
24. Admissibility of ESI
Lorraine v. Markel American Insurance
Company, 241 F.R.D. 534 (D.MD. 2007)
• a landmark decision about the admissibility and
authentication of digital evidence was set down in a 100-
page opinion by Magistrate Judge Paul W. Grimm
• established a detailed baseline for the use of ESI before his
court (and in courts using the FRE).
• Given the guidelines and references provided by the judge, it
now becomes difficult for counsel to argue against the
admissibility of electronic evidence.
24
25. Self-Authenticating ESI –
New Rules 902(13)
Rule 902(13) now provides that the
following are self-authenticating:
• Electronic records generated by a system that produces
an accurate result as shown by a certification of a
qualified person that complies with the certification
requirements of Rule 902(11) or (12).
• This dispenses with the business records foundation.
• The certification must “contain information that would be
sufficient to establish authenticity were the information
provided by a witness at trial.”
25
26. Self-Authenticating ESI –
Rules 902(13) Example
Websites can be authenticated by:
• Witness testifies that they logged into the
website and reviewed what was there.
• And the proferred exhibit fairly and accurately
reflects what the witness say.
• A Rule 902(13) certification that provides these
facts is a substitute for testimony and shifts the
burden to the other party to refute the
foundation.
• Court’s role is to rule if there is a sufficient basis
for the jury to determine authenticity.
• Court must still assess admissibility. 26
27. Rule 902(14) -
Authenticating Digital Copies
Rule 902(14) is aimed at digital copies, making the
following self-authenticating:
Certified Data Copied from an Electronic
Device, Storage Medium, or File.
Data copied from an electronic device, storage
medium, or file, if authenticated by a process of
digital identification, as shown by a certification
of a qualified person that complies with the
certification requirements of Rule 902(11) or
(12).
The proponent also must meet the notice
requirements of Rule 902(11). 27
28. Rule 902(14) Certification -
a Product of Technology
FRE Advisory Committee Note discusses how
to authenticate a digital copy:
Data copied from electronic devices, storage media, and
electronic files are ordinarily authenticated by the “hash
value.”
HASH VALUE is a number that is often represented as a
sequence of characters and is produced by an algorithm
based upon the digital contents of a drive, medium, or
file.... [I]dentical hash values for the original and copy
reliably attest to the fact that they are exact duplicates.
This amendment allows self-authentication by a
certification of a qualified person that she checked
the hash value of the proffered item and that it was
identical to the original. 28
29. A Word on Texts
New technology called Over-The-Top
(OTT) messaging channels using
existing internet connections.
• Google’s Business Messages - a business-focused channel
that allows consumers to directly message businesses from
Google Search or Maps
• Apple Business Chat allows customers to message
companies from Maps, Safari, or Search.
• WhatsApp Business add QR-code reading and catalogue
sharing capabilities
• Facebook Messenger for Pages offers a new, consolidated
inbox for businesses
29