E-Discovery: How do Litigation Hold, BYOD, and Privacy Affect You? - Course Technology Computing Conference
Presenter: Amelia Phillips, Highline Community College
E-discovery is defined as “gathering electronically stored information (ESI) for use in litigation”. At first glance, this appears to be a straightforward statement, but upon further examination one finds that it encompasses a broad range of items. Over 90% of documents produced by companies now are electronic. Older paper files have been converted to microfiche or PDF files. Add to this email, text messages, social media (yes, even the IRS has a Facebook page) and you have an idea of the amount of information that becomes this new term called “Big Data”. Terabytes of data will soon become petabytes of data. Are we ready? Are our students prepared for this new era? E-Discovery is a field that affects not only the lawyers, but the IT support staff, and how companies do business. In this talk you will be introduced to some of the new technology in the field such as predictive coding, forensic linguistics, and social media archiving. You will also be shown some of the new tools on the market that you can use in your classrooms to prepare your students and yourself for this fast evolving arena. What does a company need to do when a litigation hold is in place? What response needs to come from the legal staff, the IT support staff, the managers, and the average employee? How does this affect the BYOD (Bring Your Own Device) policies? Which comes first - employee privacy, freedom of information or corporate security? You will walk away from this talk with a methodology to incorporate this new topic into your curriculum. You will also be given ideas of how to make this affordable for your labs, what foundations your students need, and how to deliver this in a way that appeals to the business, IT or legal oriented student. This topic affects them all. Come and find out why this is something they need to be successful in tomorrow's market.
On National Teacher Day, meet the 2024-25 Kenan Fellows
E-Discovery: How do Litigation Hold, BYOD, and Privacy Affect You? - Course Technology Computing Conference
1. E-Discovery: How do Litigation Hold, BYOD,
and Privacy affect you?
By Amelia Phillips, PhD
Chair, Pure & Applied Science Division
CIS and Computer Science Departments
Regional Director PRCCDC
Highline Community College
Seattle WA
2. Agenda
• Define E-Discovery
• The challenge ahead
• Who does this affect?
• Privacy or corporate security
• Current tools
• New technology
3. Defining E-Discovery
• “gathering electronically stored information (ESI) for
use in litigation”
• Discovery happens daily and is the compulsary disclosure of
data, facts and documents in civil and criminal cases.
• Legal council generally exists on both sides from the
beginning
6. Potential Students / Target Audience
• IT / CIS Students
• MIS Students
• Paralegals
• Business Managers
• Production Managers
7. Litigation Hold – what does that mean?
• If a litigation hold is in place
– Backups cannot be over written or deleted
– Physical files cannot be shredded
– Files cannot be deleted
– What happens to the BYODs?
• Corporate policies need to be in place
– Educate the employees
17. • Clandestine affair
• Sharing a login on Gmail but never
transmitting
• Cyberstalking and threats
HICSS44
Why action was needed NOW
18. • 2 Generals implicated
• Over 30,000 documents most of which was email
examined
• Exposed that Google had responded to over 7,000
requests from the US government from January to
June 2012
Resulted in the following:
19. • Requests from governments
– 2009 - ~ 12,000
– 2012 – over 21,000
• U.S. certainly highest
• India
• U.K.
Google Transparency Report
21. • Electronic Communications Privacy Act
• Created in 1986
• PCs were in their infancy
– Hard drives were 10 to 20 MB
– Easy drive at 60 MB was the largest in 1988
– Files were 10 to 20 kb
– Email was at a premium
ECPA
22. • Accessing a computer or network without authorization
or by exceeding authorization
• Accessing a computer or network to collect financial
information, credit information, or other information
from a government computer or any protected
computer
• Making a computer or network unavailable for its
intended use by a department of the U.S. government
or another entity
ECPA lists as violations:
23. • Transmitting programs, information, codes, or
commands to intentionally cause harm or damage to
networks or computers
• Accessing information on a computer or network to
commit fraud or cause damage, whether intentionally
or as a result of reckless actions
• Intentionally obtaining and trafficking in passwords
• Threatening harm to a computer or network for use in
extortion or a similar practice
ECPA (more violations)
24. • Stored Communications Act
• Supplement ECPA
• Offense.— Except as provided in subsection (c) of this section whoever—
• (1) intentionally accesses without authorization a facility through which an
electronic communication service is provided; or
• (2) intentionally exceeds an authorization to access that facility;
and thereby obtains, alters, or prevents authorized access to a wire or
electronic communication while it is in electronic storage in such system shall
be punished as provided in subsection (b) of this section.
SCA
25. • Existing Law:
• 180 days old – considered abandoned
No warrant!
The Catch
26. • Gmail
• Yahoo mail
• Dropbox
• SkyDrive
• Google docs
• Google+
Online email and storage
30. • Interconnected far beyond imagined
• Business owner
– Cell phone
– Business computer
• One device compromised
– Have everything
Mobile Devices
31. • Someone logs in at a coffee shop
– Shows up on their Facebook
– Shows up on their Twitter
• U.S. based companies spend over $2 billion annually
for such demographics
• What are your rights?
Who knows where you are?
32. • 24 yr old Austrian law student
– Asked for his Facebook history
– Over 1200 pages long!
– Included items he
• Never posted
• Had deleted
• “Europe has come to the conclusion that none of the companies
can be trusted,” said Simon Davies, the director of the London-
based nonprofit Privacy International. “The European Commission
is responding to public demand. There is a growing mood of
despondency about the privacy issue.” (Semgupta, 2012)
EU Privacy Laws
33. • The term Bring Your Own Device (BYOD) has become
common in the language today.
• Includes cell phones, smart phones, Blackberry devices,
palmtops, laptops, iPhones, iPads and items that are
still be invented.
• Are they part of a litigation hold?
• Does the employee have the right to delete their
personal information?
BYOD
34. • Issued by and paid for by the company
• Purchased and paid for by the employee
• Purchased and paid for by visitors
• Purchased and paid for by patients
• And where is the information stored?
BYOD (cont’d)
35. • The voicemail is stored on the servers of the provider
• Text messages are saved on the device
• Voicemail can be stored on some smart phones
• Email is stored with the email server whether it be
Yahoo, Gmail, or corporate server
• File attachments could be located on the corporate
servers, on the cloud or home machine.
BYOD (part 3)
36. • Computers as closed containers
• U.S. v. Reyes in New York 1996
– Privacy of data on a pager
• United States v. Knotts and United States v. Karo
– U.S. Supreme Court
– Tracking devices
– On public street or in private dwelling
Mobile devices and the Law
37. • Ohio State Supreme Court
– 2009
– Warrant needed to search a cell phone
• Oregon State Supreme Court
– Schlossberg v. Solesbee
– 2012
– Search incident to arrest
Case Law on cell phones
39. • Online Communications and Geolocation Protection Act
(OCGPA)
• Before the House in March 2013
• GPS
• Warrant for all electronic messages regardless of age
• Just approved this week in the Senate Subcommittee
HICSS44
New Proposed Law
41. • Lady boasted on her Facebook about her and her
partner’s tax fraud
• Pictures of how much money they had made
• 57 counts of tax fraud
HICSS44
Tax Fraud Pioneer
42. • Can a company require that you make them a friend
before they hire you?
• Can a company force you to give them your username
and password on Facebook or MySpace to get a rating?
• Can conversations on social media be used against you?
• Can such exchanges hold up in court?
HICSS44
Social Media and Investigations
44. Forensic Linguistics
• International Association of Forensic Linguists
• Look for variations in the way things are phrased,
cadence, etc.
• Very effective in spotting fraudulent documents
45. Dealing with Multinational Corporations
• Every country must deal with email, mobile
business and devices, data, ecommerce, Black
Berries, and PDAS
• Privacy laws vary from country to country.
• Chain of custody
• Qualifications of examiners
• Process and procedure
HCSS44
46. • Unique law enforcement concerns regarding the location of
potential digital evidence, its preservation, and its subsequent
forensic analysis.
• For instance, if a customer or business becomes the target of a
criminal investigation, they could migrate their working
environment to a cloud environment.
• This would provide a means for the business to continue its
routine operations while the migrated environment is forensically
analyzed.4
• However, this is not without risk. The migrated data only
represents a “snapshot” of when it was sent to the cloud.
Case proposed by John Barbara
47. • Since the data can be stored anywhere in the world, its
dispersal could be to a location or country where
privacy laws are not readily enforced or non-existent.
• Establishing a chain of custody for the data would
become difficult or impossible if its integrity and
authenticity cannot be fully determined (where was it
stored, who had access to view it, was there data
leakage, commingling of data, etc.).
JJ Barbara (slide 2)
48. • There are also potential forensic issues when the
customer or user exits a cloud application.
• Items subject to forensic analysis, such as registry
entries, temporary files, and other artifacts (which
are stored in the virtual environment) are lost -
making malicious activity difficult to substantiate:
JJ Barbara (slide 3)
49. • Over time, it's expected that clouds will contain more and
more evidence of criminal activity.
• The NIJ, recently revealed plans to fund research into
improved electronic forensics in several areas, including the
cloud.
• Cloud providers and customers need to set up their
infrastructures to meet these lawful requests or face fines
and other legal repercussions.
– do so without violating local privacy laws or accidentally giving
away competitive secrets.
George Lawton’s Opinion
50. • The demands of cloud forensics could prove costly as
lawsuits and investigations become more complex.
• A 2009 study by McKinsey & Company
– electronic discovery requests were growing by 50% annually.
– Growth in e-discovery spending from $2.7 billion in 2007 to
$4.6 billion in 2010, according to a Socha Consulting LLC
survey.
Lawton (slide 2)
51. • The U.S. government has also attempted to expand the scope
of data that can be lawfully requested without a warrant
through a National Security Letter (NSL).
• In August, the Obama administration requested to add
"electronic communication transaction records" to the data
included in an NSL,
– Require providers to include the addresses a user has emailed, the
times and dates of transactions, and possibly a user's browser
history.
– Have to ensure that the provider's infrastructure can deliver on
these requests in a timely manner.
Lawton (slide 3)
52. • "Cloud forensics is difficult because there are
challenges with multi-tenant hosting,
synchronization problems and techniques for
segregating the data in the logs,"
• "Right now, most of the cloud service providers are
not open to talking about this because they don't
know the issue ."
Lawton (slide 4)
53. Privacy Laws
• USA citizens take the expectation of privacy for granted
• Privilege “according to UK common law … allows a
person to refuse to testify on a matter or to withhold
information”
– Includes self incrimination
– Legal counsel privilege
– Statements made without prejudice
• China and Japan (and other non-English speaking
nations) have laws that are significantly different
HICSS44
54. Objectives of any Investigation
• That evidence obtained can hold up in court
• That the examiner can hold up under scrutiny
HICSS44
55. The Expert
• What qualifies a person as a digital forensic expert?
• The qualifications of the person examining the evidence
should be easily identifiable in all parts of the world
• On the international front, many use vendor
certifications.
• In the US, several states - against the resolution of the
American Bar Association (ABA) - instituted
requirements that all computer forensics investigators
be licensed private investigators.
HICSS44
56. The Expert (cont’d)
• “Is it a state or federal matter to qualify digital
investigators?”
• The global economy and international crime require an
international standard that is beyond the boundaries of
vendor certification
• The ISFCE has created certifications which are accepted
in many countries.
• SANS has created a body of knowledge that constitutes
what is needed for a person qualified in the field.
HICSS44
57. • ISO 27037:2012
• October 2012
• Digital Evidence First Responder (DEFR) as the one
who collects the evidence, chain of custody, and
storage of digital evidence
• Gives guidelines for transmission of ESI
New ISO standard
58. Technology and E-evidence
• Email investigations
– Whose server are things located on?
– How was it transmitted?
– When is a wiretap law needed?
– When are you dealing with stored messages?
– How to put laws in place that addresses these issues is
another challenge.
HICSS44
59. • Cloud-based electronic discovery tools might help to keep
these costs down.
• Companies including Orange, Autonomy, Clearwell and
Kazeon have launched hosted services for
collecting, preserving and analyzing digital evidence.
• Gartner research director Debra Logan said she expects that
many corporations will start investing in e-discovery
infrastructure and that, by 2012, companies without this
infrastructure will spend 33% more to meet these requests.
Technology and E-Evidence
63. • E-discovery is here to stay
• New challenges
• Affects legal, business, and IT students /
professionals alike
• Needs to become part of the curriculum
• Global issue
Summary