E-Discovery: How do Litigation Hold, BYOD, and Privacy Affect You? - Course Technology Computing Conference

E-Discovery: How do Litigation Hold, BYOD,
and Privacy affect you?
By Amelia Phillips, PhD
Chair, Pure & Applied Science Division
CIS and Computer Science Departments
Regional Director PRCCDC
Highline Community College
Seattle WA

Agenda
• Define E-Discovery
• The challenge ahead
• Who does this affect?
• Privacy or corporate security
• Current tools
• New technology

Defining E-Discovery
• “gathering electronically stored information (ESI) for
use in litigation”
• Discovery happens daily and is the compulsary disclosure of
data, facts and documents in civil and criminal cases.
• Legal council generally exists on both sides from the
beginning

Who needs to know about e-discovery?
Information Governance
Reference Model
© edrm.net

Potential Students / Target Audience
• IT / CIS Students
• MIS Students
• Paralegals
• Business Managers
• Production Managers

Litigation Hold – what does that mean?
• If a litigation hold is in place
– Backups cannot be over written or deleted
– Physical files cannot be shredded
– Files cannot be deleted
– What happens to the BYODs?
• Corporate policies need to be in place
– Educate the employees

• Concordance
• Discovery Assistant by IMAGEMaker
• @LegalDiscovery
• Catalyst CR
• AD Summation iBlaze
• Nextpoint Discovery Cloud
• Sherpa Software Discovery Attender
• And more
E-Discovery Tools

Email, Social media and Privacy

• Clandestine affair
• Sharing a login on Gmail but never
transmitting
• Cyberstalking and threats
HICSS44
Why action was needed NOW

• 2 Generals implicated
• Over 30,000 documents most of which was email
examined
• Exposed that Google had responded to over 7,000
requests from the US government from January to
June 2012
Resulted in the following:

• Requests from governments
– 2009 - ~ 12,000
– 2012 – over 21,000
• U.S. certainly highest
• India
• U.K.
Google Transparency Report

What ever happened to the
4th Amendment?

• Electronic Communications Privacy Act
• Created in 1986
• PCs were in their infancy
– Hard drives were 10 to 20 MB
– Easy drive at 60 MB was the largest in 1988
– Files were 10 to 20 kb
– Email was at a premium
ECPA

• Accessing a computer or network without authorization
or by exceeding authorization
• Accessing a computer or network to collect financial
information, credit information, or other information
from a government computer or any protected
computer
• Making a computer or network unavailable for its
intended use by a department of the U.S. government
or another entity
ECPA lists as violations:

• Transmitting programs, information, codes, or
commands to intentionally cause harm or damage to
networks or computers
• Accessing information on a computer or network to
commit fraud or cause damage, whether intentionally
or as a result of reckless actions
• Intentionally obtaining and trafficking in passwords
• Threatening harm to a computer or network for use in
extortion or a similar practice
ECPA (more violations)

• Stored Communications Act
• Supplement ECPA
• Offense.— Except as provided in subsection (c) of this section whoever—
• (1) intentionally accesses without authorization a facility through which an
electronic communication service is provided; or
• (2) intentionally exceeds an authorization to access that facility;
and thereby obtains, alters, or prevents authorized access to a wire or
electronic communication while it is in electronic storage in such system shall
be punished as provided in subsection (b) of this section.
SCA

• Existing Law:
• 180 days old – considered abandoned
No warrant!
The Catch

• Gmail
• Yahoo mail
• Dropbox
• SkyDrive
• Google docs
• Google+
Online email and storage

• Facebook
• MySpace
• Twitter
• What laws apply here?
Social Media

• ArchiveSocial – compliant with
– FINRA – Financial Industry Regulatory Authority
– SEC – Securities and Exchange Commission
– FOIA – Freedom of Information Act
– FRCP – Federal Rules of Civil Procedure
– SOX – Sarbanes-Oxley
• Other software
– Actiance
– X1 Discovery
– Patrina Corporation
– Reed Archives
Social Media Archiving

BYOD, BYOA – whose line is it anyway?

• Interconnected far beyond imagined
• Business owner
– Cell phone
– Business computer
• One device compromised
– Have everything
Mobile Devices

• Someone logs in at a coffee shop
– Shows up on their Facebook
– Shows up on their Twitter
• U.S. based companies spend over $2 billion annually
for such demographics
• What are your rights?
Who knows where you are?

• 24 yr old Austrian law student
– Asked for his Facebook history
– Over 1200 pages long!
– Included items he
• Never posted
• Had deleted
• “Europe has come to the conclusion that none of the companies
can be trusted,” said Simon Davies, the director of the London-
based nonprofit Privacy International. “The European Commission
is responding to public demand. There is a growing mood of
despondency about the privacy issue.” (Semgupta, 2012)
EU Privacy Laws

• The term Bring Your Own Device (BYOD) has become
common in the language today.
• Includes cell phones, smart phones, Blackberry devices,
palmtops, laptops, iPhones, iPads and items that are
still be invented.
• Are they part of a litigation hold?
• Does the employee have the right to delete their
personal information?
BYOD

• Issued by and paid for by the company
• Purchased and paid for by the employee
• Purchased and paid for by visitors
• Purchased and paid for by patients
• And where is the information stored?
BYOD (cont’d)

• The voicemail is stored on the servers of the provider
• Text messages are saved on the device
• Voicemail can be stored on some smart phones
• Email is stored with the email server whether it be
Yahoo, Gmail, or corporate server
• File attachments could be located on the corporate
servers, on the cloud or home machine.
BYOD (part 3)

• Computers as closed containers
• U.S. v. Reyes in New York 1996
– Privacy of data on a pager
• United States v. Knotts and United States v. Karo
– U.S. Supreme Court
– Tracking devices
– On public street or in private dwelling
Mobile devices and the Law

• Ohio State Supreme Court
– 2009
– Warrant needed to search a cell phone
• Oregon State Supreme Court
– Schlossberg v. Solesbee
– 2012
– Search incident to arrest
Case Law on cell phones

HICSS44
Search
incident to
Arrest

• Online Communications and Geolocation Protection Act
(OCGPA)
• Before the House in March 2013
• GPS
• Warrant for all electronic messages regardless of age
• Just approved this week in the Senate Subcommittee
HICSS44
New Proposed Law

• Lady boasted on her Facebook about her and her
partner’s tax fraud
• Pictures of how much money they had made
• 57 counts of tax fraud
HICSS44
Tax Fraud Pioneer

• Can a company require that you make them a friend
before they hire you?
• Can a company force you to give them your username
and password on Facebook or MySpace to get a rating?
• Can conversations on social media be used against you?
• Can such exchanges hold up in court?
HICSS44
Social Media and Investigations

Forensic Linguistics
• International Association of Forensic Linguists
• Look for variations in the way things are phrased,
cadence, etc.
• Very effective in spotting fraudulent documents

Dealing with Multinational Corporations
• Every country must deal with email, mobile
business and devices, data, ecommerce, Black
Berries, and PDAS
• Privacy laws vary from country to country.
• Chain of custody
• Qualifications of examiners
• Process and procedure
HCSS44

• Unique law enforcement concerns regarding the location of
potential digital evidence, its preservation, and its subsequent
forensic analysis.
• For instance, if a customer or business becomes the target of a
criminal investigation, they could migrate their working
environment to a cloud environment.
• This would provide a means for the business to continue its
routine operations while the migrated environment is forensically
analyzed.4
• However, this is not without risk. The migrated data only
represents a “snapshot” of when it was sent to the cloud.
Case proposed by John Barbara

• Since the data can be stored anywhere in the world, its
dispersal could be to a location or country where
privacy laws are not readily enforced or non-existent.
• Establishing a chain of custody for the data would
become difficult or impossible if its integrity and
authenticity cannot be fully determined (where was it
stored, who had access to view it, was there data
leakage, commingling of data, etc.).
JJ Barbara (slide 2)

• There are also potential forensic issues when the
customer or user exits a cloud application.
• Items subject to forensic analysis, such as registry
entries, temporary files, and other artifacts (which
are stored in the virtual environment) are lost -
making malicious activity difficult to substantiate:
JJ Barbara (slide 3)

• Over time, it's expected that clouds will contain more and
more evidence of criminal activity.
• The NIJ, recently revealed plans to fund research into
improved electronic forensics in several areas, including the
cloud.
• Cloud providers and customers need to set up their
infrastructures to meet these lawful requests or face fines
and other legal repercussions.
– do so without violating local privacy laws or accidentally giving
away competitive secrets.
George Lawton’s Opinion

• The demands of cloud forensics could prove costly as
lawsuits and investigations become more complex.
• A 2009 study by McKinsey & Company
– electronic discovery requests were growing by 50% annually.
– Growth in e-discovery spending from $2.7 billion in 2007 to
$4.6 billion in 2010, according to a Socha Consulting LLC
survey.
Lawton (slide 2)

• The U.S. government has also attempted to expand the scope
of data that can be lawfully requested without a warrant
through a National Security Letter (NSL).
• In August, the Obama administration requested to add
"electronic communication transaction records" to the data
included in an NSL,
– Require providers to include the addresses a user has emailed, the
times and dates of transactions, and possibly a user's browser
history.
– Have to ensure that the provider's infrastructure can deliver on
these requests in a timely manner.
Lawton (slide 3)

• "Cloud forensics is difficult because there are
challenges with multi-tenant hosting,
synchronization problems and techniques for
segregating the data in the logs,"
• "Right now, most of the cloud service providers are
not open to talking about this because they don't
know the issue ."
Lawton (slide 4)

Privacy Laws
• USA citizens take the expectation of privacy for granted
• Privilege “according to UK common law … allows a
person to refuse to testify on a matter or to withhold
information”
– Includes self incrimination
– Legal counsel privilege
– Statements made without prejudice
• China and Japan (and other non-English speaking
nations) have laws that are significantly different
HICSS44

Objectives of any Investigation
• That evidence obtained can hold up in court
• That the examiner can hold up under scrutiny
HICSS44

The Expert
• What qualifies a person as a digital forensic expert?
• The qualifications of the person examining the evidence
should be easily identifiable in all parts of the world
• On the international front, many use vendor
certifications.
• In the US, several states - against the resolution of the
American Bar Association (ABA) - instituted
requirements that all computer forensics investigators
be licensed private investigators.
HICSS44

The Expert (cont’d)
• “Is it a state or federal matter to qualify digital
investigators?”
• The global economy and international crime require an
international standard that is beyond the boundaries of
vendor certification
• The ISFCE has created certifications which are accepted
in many countries.
• SANS has created a body of knowledge that constitutes
what is needed for a person qualified in the field.
HICSS44

• ISO 27037:2012
• October 2012
• Digital Evidence First Responder (DEFR) as the one
who collects the evidence, chain of custody, and
storage of digital evidence
• Gives guidelines for transmission of ESI
New ISO standard

Technology and E-evidence
• Email investigations
– Whose server are things located on?
– How was it transmitted?
– When is a wiretap law needed?
– When are you dealing with stored messages?
– How to put laws in place that addresses these issues is
another challenge.
HICSS44

• Cloud-based electronic discovery tools might help to keep
these costs down.
• Companies including Orange, Autonomy, Clearwell and
Kazeon have launched hosted services for
collecting, preserving and analyzing digital evidence.
• Gartner research director Debra Logan said she expects that
many corporations will start investing in e-discovery
infrastructure and that, by 2012, companies without this
infrastructure will spend 33% more to meet these requests.
Technology and E-Evidence

E-Discovery: How do Litigation Hold, BYOD, and Privacy Affect You? - Course Technology Computing Conference

• E-discovery is here to stay
• New challenges
• Affects legal, business, and IT students /
professionals alike
• Needs to become part of the curriculum
• Global issue
Summary

E-Discovery: How do Litigation Hold, BYOD, and Privacy Affect You? - Course Technology Computing Conference

More Related Content

What's hot (20)

Viewers also liked (9)

Similar to E-Discovery: How do Litigation Hold, BYOD, and Privacy Affect You? - Course Technology Computing Conference (20)

More from Cengage Learning (20)

Recently uploaded (20)

E-Discovery: How do Litigation Hold, BYOD, and Privacy Affect You? - Course Technology Computing Conference