Interesting article in the Wall Street Journal about criminals hacking corporate employees. Because companies are getting better at hardening the perimeters of their networks, the biggest security gap is now the end user.  

Hackers are aggressively exploiting well intentioned employees through so called spear phishing tactics. We have all experienced general phishing attacks in the form of the infamous Nigerian e-mail scams.

Spear phishing is a targeted and sophisticated form of phishing because the bad guy uses social engineering via social media information to manipulate specific corporate employees into divulging confidential information or gaining access to corporate networks.

LinkedIn, Facebook, and Tweeter are used by criminals every day to harvest personal and corporate information that is then used to design and initiate a spear phishing attack against corporate employees. 

I was Skyping the other day with Jeff Johnson of Quantum eDiscovery (he’s also a blogger at www.DatabaseDiscovery.com) and he raised an interesting point about the use of text search software to collect documents for discovery where the software being used doesn't OCR bitmap or raster-type images, e.g., scanned .tif or PDF image-only files. As ought to be obvious, text search engines won't find files that don't contain "words" or text, and image-only documents can be essentially invisible to such search engines.

It’s not too difficult to imagine a scenario where this is fairly significant, e.g., a contract dispute where a draft or a final version of the contract at issue is scanned and e-mailed to someone with a generally uninformative cover e-mail that says, “See attached” — not too likely to be located by full text search.

More advanced e-discovery search tools will attempt to OCR non-text files they encounter and/or will list non-OCR-able files as exceptions. That’s not to say that general purpose search engines should never be used to identify responsive or privileged documents. Given the needs of specific litigation, the amount in controversy and the representations made about the type of searches being conducted, they can be a fast, highly cost-effective way to gather highly relevant information. For example, if the relevant custodians never exchange bit-image-only files, the whole question is really a non-issue just like not being able to index Swahili or Japanese is not an issue if there are no Swahili or Japanese documents.

Ron Friedmann is leaving his job at Integreon, which sells e-discovery services and software. Friedmann's role was senior vice president of consulting, he assumed that post in September, 2007. In an e-mail to friends and colleagues, which he allowed to be excerpted here, he wrote:

October 7th will be my last day at Integreon. In July, Integreon appointed a new CEO, who has re-aligned the management organization and has appointed some new executive team members. Please be assured that I am leaving on good terms and I have excellent references from the company.

My goal is to find a full-time position; in the interim, I am available for consulting projects, and I likely will consult part-time for Integreon until I find a permanent position.

Janet Taylor-Hall, Integreon's senior vice president of transition and transformation consulting, issued this statement:

Apple is throwing its weight into the Digital Due Process coalition. The Cupertino, Calif.-based company announced it joined the group calling for modernization of the Electronic Communications Privacy Act. Other members include Amazon, AT&T, Google, Intel and Microsoft.

The ECPA was enacted in 1986 and is little changed in the years since. Privacy advocates argue that because the ECPA does not address such issues as cloud computing, social networks and other current technologies, police agencies have been able to gather data users reasonably expected to remain private.

Apple and the other members of the DDP are calling for Congress to amend the ECPA to add safeguards for individual and corporate data in today's technology environment.

CNET's coverage here.

Image: Clipart.com

John Patzakis, CEO of X1 Discovery and former president and CEO of Guidance Software, just announced the release of X1 Social Discovery. The software will collect, authenticate, search, review and produce data from popular social media sites, such as Facebook, Twitter and Linkedin. X1 delivers a litigation workflow from search and collection through production in searchable native format, while preserving critical metadata not possible through traditional image capture, printouts, or raw data archival of RSS feeds.

X1 Social Discovery establishes a defensible chain of custody. MD5 hash values of individual social media items are calculated upon capture and maintained through export. Automated logging and reports are generated. Key metadata unique to social media streams are captured through integration with APIs provided by the leading social media sites.

X1 also just released their whitepaper on the topic: "Overcoming Potential Legal Challenges to the Authentication of Social Media Evidence for eDiscovery."

With more than 700 million Facebook users and 200 million people with Twitter accounts, evidence from social media is quickly becoming relevant to just about every litigation dispute and investigation. This is just the beginning of a new wave of e-discovery products specifically designed to handle the challenges of  social media. 

Image: Clipart.com

Most mistakes in e-discovery are caused by a lack of situational awareness. It is a military term that describe the ability to identify, process, and comprehend the critical elements of information about what is happening with regards to a mission or project. More simply, it’s knowing what is going on around you at all times.

In e-discovery, maintenance of situational awareness occurs through effective communications and a combination of the following actions:

• Recognize and make others aware when the team deviates from standard operating procedures.
• Monitor the performance of other team members.
• Provide information in advance to the team.
• Identify potential or existing problems.
• Demonstrate awareness of task performance.
• Communicate a course of action to follow.
• Demonstrate ongoing awareness of mission status.
• Continually assess and reassess the situation in relation to the mission goal(s).
• Clarifying expectations of all team members eliminates doubt.

The bottom line, assuming everything is "under control" is a common mistake. When we lose situational awareness in eDiscovery, we increase the potential for human error and mistake. 

Image: Clipart.com

About 400 people attended last week' High Technology Crime Investigation (HTCIA) annual conference in Indian Wells, California. Nuix and AccessData were the only two e- discovery vendors making an appearance and Craig Ball was there entertaining and educating attendees with his popular computer forensic jeopardy game show.

There was a big showing of vendors offering mobile forensic products that can search and extract mobile data including geo-location data. The lectures highlighted how mobile devices are quickly becoming a security nightmare for companies as their capabilities continue to expand. Additionally, forensic companies are having a hard time keeping up with all the iPhone and Android clones coming out of China on almost a weekly basis.

Speaking of China, great lecture by Camilla Herron who runs the world wide brand protection program for Monster Cable products on "Doing business in China: Why We Don't Belong There."  China continues to lead in software piracy, censorship, IP theft, pollution, product clones, bribery, and corruption — the list goes on and on.  A good reason to support "Made in the USA" products.

The 2012 HTCIA International Training Conference and Expo will be in Hershey, Pa.

Image: Clipart.com

Back on July 22 I reported about the process and prospects for e-discovery additions to the Federal Rules of Civil Procedure. The committee was to have a Sept. 9 meeting to learn what exactly is on the minds of lawyers and judges.

That meeting happened, and was observed by Fulbright & Jaworski attorney Emily Johnston, who wrote about it on Monday.

"While the conference resulted in a very detailed discussion of the major issues involved, no resolution was reached regarding whether a rule should be implemented at all or on the approach such a rule would take if implemented. Attendees of the conference, including the judicial representatives, seemed equally divided on both issues," Johnston and her colleague David Kessler wrote.

But that's okay -- the point of the meeting was never to make any final decisions, committee officials told me for the July story, in which they also explain the next steps.

I'm glad Emily reported on the conference, and I strongly recommend reading her article if you're interested in the FRCP e-discovery rules situation.

It may be impossible to overstate the potential importance of the upcoming Supreme Court case looking at the warrantless use of GPS tracking devices by law enforcement. The case is United States v. Jones, and there is a nice collection of documents on scotusblog.

I have written some articles about this issue, as well as posting on this blog and the Stockycat blog.  For those looking for a more detailed summary of my views, you can read this law review article I wrote last fall.

(Yes, sometimes hyped cases before the Supreme Court fizzle or get decided on more narrow grounds.  So please take that into account when you continue reading.)

The significance of this case rests, in my opinion, on the fact that this is the first time the Supreme Court has been forced to address whether the aggregation of data can pose significant and unique privacy concerns. In other words, is there a difference between limited observations of people in public, and 24 hour comprehensive surveillance?  This is one of the first opportunities for the court to examine how to apply mid-20^th century legal principles to 21^st century technology.

I will be speaking on the constitutional issues surrounding social media sites at Rosemont College's Constitution Day.

Here is the description:

We the Ppl of the Internet @ge:  The intersection of the Constitution and social media.

Presented by: Joshua Engel, J.D.

Thursday, September 15th at 7:00 p.m. in Lawrence Auditorium

If you have ever tweeted, flickred, statused, tumblred, liked, poked, checked in or linked in, you'll definitely want to be at this event! How far does your freedom of speech go? What constitutes unreasonable search and seizure online? Can law enforcement officials use your e-mail or social networking sites to get information they are looking for?  Join us for a discussion about law and ethics, and learn what role they play in how the Constitution interacts with your favorite social networking and social media sites.

 If you are in the Philly area, please stop by, say hello, and join in the conversation.

Adobe Systems said it intends to patch a software bug tomorrow in Acrobat 9.4.5 that many users have said cripples the program.

The bug, which causes search results to not highlight properly, was discovered by customers of Acrobat Standard and Professional upon the 9.4.5 release in mid-June. It makes the search results appear with only a thin yellow cursor at one side, instead of highlighting the full search result inside a block, which users say makes the program tedious for tasks such as document review during e-discovery processes.

Asked if the previously stated Sept. 13 patch timeframe still stands, Adobe replied in the affirmative. "Yes, it is scheduled for Tuesday and it will fix the search bug. It will go out automatically, and also can be downloaded," spokeswoman Courtney Brigham said in an e-mailed response to Law Technology News.

The Sedona Conference recently announced new management positions and said that founder and former executive director Richard Braman is now its full-time chairman.

"Instead of one person wearing all those hats, we'll have four people. I became a victim of my own success and started working way too many hours per week," said Braman, who founded the nonprofit organization in Sedona, Ariz., in 1997.

John Rabieg, appointed as executive director on Jan. 31, will forgo that position to become director of judicial outreach. Kenneth Withers, who joined Sedona in 2006 as director of judicial education and content, is narrowing his focus to the education component. Howard Bergman joins as director of conferences and content, and will continue serving as counsel in residence at the University of Minnesota Law School. Dustin McKissen is the new director of business operations, and previously was deputy CEO of the National Association for Information Destruction. All four directors will be formally announced at a Sept. 24 dinner in Washington, D.C.

Braman also explained changes and additions to the working groups. Read the Law Technology News article for all the details.

A new article in the Northwestern Journal of Technology and Intellectual Property examines an important e-discovery issue for workers. 

The article, by professor Louise Hill, is titled "Gone but Not Forgotten: When Privacy, Policy and Privilege Collide." You can read it here.

Hill examines whether employees in a workplace can assert confidentiality over personal e-mails sent and received from workplace computers and e-mail accounts. In particular, she examines whether communications between employees and their personal attorneys are protected by the attorney-client privilege. 

A recent study from the DEFCON conference stated, “with $3,000 dollars and 10 days, we can find your password." Next year, it is predicted the time and amount needed to hack a password will drop to 30 dollars and less than 1 day. By year three, it will literally cost nothing!  

Making passwords longer and more complex has only delayed the inevitable death of the password and created headaches for users struggling to keep up with all the passwords they create. It's time for two-factor authentication - separating authentication keys into different factors so attackers must compromise multiple targets to gain access.  

Businesses have been reluctant to migrate to stronger authentication because of cost and difficulty. With hacking attacks increasing and passwords becomming easier to crack, it is negligent for businesses to wait any longer. 

The report: "Leaking Vault 2011 — Six Years of Data Breaches" analyzes 3,765 data loss incidents, with a known disclosure of 806.2 million records. The organizations listed in the report lost a staggering 388,000 records per day (15,000 records per hour) every day for the past six years! The estimated cost for these breaches totals more than $156 billion dollars.

Laptops remains the leader in incidents, but e-docs is fast growing. Documents have been trending upward for several years and is a potential contender to overtake laptops as the incident leader. I highly recommend this report to anyone interested in data loss prevention and security surrounding e-discovery.  A full copy of the report is available here. 

Michael Arkfeld, former litigator and author and speaker is offering Arkfeld's Electronic Discovery and Evidence course starting September 21. The six week curriculum will give an in-depth view of eDiscovery and information technology. This course features an online live, interactive instructional approach, on-demand instructional videos, and pre- and post- tests. I am a big fan of his publication and highly recommend the course.

For further information contact Michael Arkfeld at michael@arkfeld.com.

Image: Clipart.com

A recent article in the ALM's Connecticut Law Tribune provides a glimpse into the courts struggle with authenticating social media evidence. The Connecticut case discussed in the article was about using facebook postings to impeach the credibility of a witness. The witness claimed her account was hacked and the court accepted her theory and ruled the evidence inadmissible.

Authenticating social media evidence can be a slippery slope when lawyers bring up issues such as the security policy of the social media site, the security of the computer or device used to access the account, access controls on both ends and how the pages were collected for evidence.  For those reasons, computer forensic experts will play a role in authenticating social media evidence for the forseeable future.

The good news is that social media is just like any other form of electronically stored information - the only difference is that it is a new and unfamiliar technology to both lawyers and the courts. I expect many of the authentication challenges we are currently seeing will not be long lived as the courts become comfortable with it, social media sites strengthen there policies, and new e-discovery technology is developed to handle it. For now, fasten your seat-belts, it's could be a bumpy ride.

After attending major e-discovery events around the country for the last seven years, I have noticed a consistent trend --  most of the attendees are repeats and I am not seeing many new faces.

Are we simply preaching to the choir?  These events are great opportunities to meet thought leaders in e-discovery and learn about changing law and technology. Attendance at regional events for the most part have been flat for awhile and reviewing the various e-discovery surveys published this year reveals that we
have a long way to go in terms of education and adoption.

Image: Clipart.com

The Electronic Discovery Reference Model and ARMA International have formed an alliance to assist organizations with information governance issues.

EDRM's Information Governance Reference Model (IGRM) and ARMA's GARP (Generally Accepted Records Management Principles) provide a roadmap to help organizations work through policy and procedures toward improved information governance. Details at: http://tinyurl.com/3q4kegw.

It’s open hacking season and data breaches are on the rise with more than 300 identified breaches this year alone!  The data breaches are evenly split between hackers and malware.  Ninety percent of all breaches today are targeted at databases that contain caches of valuable data ripe for the taking.

Currently, there are hundreds of millions of sensitive corporate documents sitting on review platforms around the world with information valued in the billions of dollars. Document review platforms are a perfect target for corporate espionage, IP theft, and cyber gangs like Anonymous wanting to create mischief or embarrass a company. 

The convenience of logging into review platforms from anywhere has the potential to create serious data security risks. Anytime sensitive IP leaves the firewall of an organization, corporate legal has both an ethical and legal obligation to zealously protect client confidences and secrets.  Failure of counsel to review the security protocols of a review platform that will be used to hold sensitive documents could be considered a breach of that obligation.

Therefore, best practices requires corporate legal to always consult with a security expert when dealing with highly sensitive corporate data that will be leaving the corporate firewall to make sure the ESI remains secure during review. Unfortunately, if the information is considered a high value target, the bad guy will almost always find a way to get it and often you will not know of the data breach until long after the damage is done.

Note: Watch for my report on this topic coming soon to the LTN website. (We'll add a link!)