2010 Technology & Homeland Security Forum, Niagara Falls NY, Part 2

In October I attended the 2010 Technology & Homeland Security Forum in Niagara Falls, NY. My first blog of the event can be found here.  I saw some great technology and learned more about security.

Netstation vendor – Sun Ray client
I had one of the most powerful hands-on demos in a long while.  The Sun Ray 3 client virtual desktop was being demoed.  While other vendors at the conference had VMware and Citrix virtual desktops on display, the Sun solution effectively provides a two-stage authentication, employing a token credit card.  The demo contained two Sun Ray 3 clients, a very small 6W device which provides KVM, USB, and network.  Plugged into it was the token credit card.  Open on station A was Word, IE, Outlook.  Unplugging the token credit card closed the desktop as expected. However, when I plugged the token credit card into the station B, my desktop instantly reappeared as-was.  That was cool and I immediately realized the benefits in an environment where security and convenience are equally important and you employ a high quantity of common desktops.


I attended four presentations:

  • E-discovery  – (below)
  • Identity theft – blog
  • Computer forensics  – (blog)
  • Criminal Intrusion Trends, by the FBI  – blog


The presentation was given by a lawyer who actually had a personality.  I’ve been impacted by, and have experience with ediscovery in my previous lives, but have never heard first hand from a US lawyer the impacts.  While the presentation was long (I’m still unconsciously reciting legal Rule No.’s in my sleep), the presentation did not disappoint.  My key takeaways below, keep in mind this is US based.

Metadata is essential.  Discovery lawyers love the metadata of a document.  When was it created? Who opened it, who edited it, when was it edited last and by whom, what were the changes, to name a few.  This metadata has the potential to be used against you by the plaintiff lawyers.  For example, why was is the contract document filesystem date newer than the document’s physical signing date? Hmm.

Your home computer can be, and often is, subject to ediscovery at work.  Have you ever checked your work email from home?  Your home email from work?  Ever forwarded a file from work to your personal email or copied it to your personal thumb drive or iPod?  While your business email is common fair game to ediscovery, have you ever exchanged messages with your business associates via your personal gmail account, Twitter, LinkedIn or Facebook? These personal communication tools are also now commonly open to ediscovery rules.  Get it?  Do you want your personal email, Twitter and Facebook contents exposed?  Once you cross that business/personal line , the law does not draw a distinction between personal home technology, email, and social media and your work’s technology. All are available to ediscovery and the onerous rules about it (see below).  An interesting quote during the presentation, if a lawyer is not searching (e.g.) Facebook for entries from witnesses, employees or any litigation figures, they’re committing malpractice.

In light of this, businesses need to revisit their Computer Use policy.

85%+ of all computer records are now paper based.  If/when you suspect litigation will happen, you must  immediate start a process of preserving any and all data that may be subject to discovery.  What does that mean?  It’s a two pronged approach. 

Best quote I heard:  Start treating data as evidence.

  1. Stop destroying data.  Whether it’s auto-purging of email, voice messages, the normal rotation of tapes (resulting in tapes being overwritten), or any automated business processes of purging data, stop and stop immediately. 
  2. Start identifying then preserving all relevant files immediately.  Start. Make additional copies of any and all relevant data; hard drive images, email accounts, databases, application data, etc, etc, etc. 

Do you have data in an old format that can’t be read due to either outdated hardware technology, data format that is no longer understood, or applications that staff no longer know how to use?  Doesn’t matter.  Preserve the data, save that old 8in floppy diskette, and let the court know it’s preserved but don’t know how to read the data.  The lawyers can figure out who will pay to extract the data if it’s needed that badly for ediscovery.

Businesses have emerged to act as a container for the ediscovery data.  Access to the data is not free.  In one case according to the presentor, access to ediscovery data was $100k US/month.  One of the parties couldn’t even afford to access the data.

There are no laws/rules about preserving data prior to litigation, it’s the wild west.

Your ediscovery response processes cannot be adhoc in nature.  Apparently mistakes are not tolerated by the court.  Stating you had co-op student at the helm of your ediscovery request will not be looked up favourably by the court, to put it mildly. 

I’ve come to recognize that the process of ediscovery should be treated like Disaster Recovery or Business Continuity Planning processes.  Today nobody at any significantly sized business could look the board in the eyes after a disaster and say “we never thought we need a DR or BCP plan” and still hope to retain their job.  Any business executive will tell you it’s not a matter of if you’ll be subject to litigation, but when.  In the USA today, more that 550 HR related cases are launched daily. 

When litigation starts (and “start” does not mean you have been legally served with some legal authorative notice, but rather “start” means  you simply believe litigation will be forthcoming)  and you do not immediately commence an ediscovery data preservation process, which results in data getting purged/deleted, the Judge will give a “negative jury inference”, meaning,  he/she will instruct the jury to assume every file you deleted would have helped the opposing party.   Additionally, if the opposing party wins, the Judge will now commonly award the plaintiff court costs, something apparently not practiced the US, but common in Canada.

You should seek legal advice.

2 thoughts on “2010 Technology & Homeland Security Forum, Niagara Falls NY, Part 2

  1. Pingback: Identity Theft « Rick Stomphorst Welcomes You

  2. Pingback: Computer Forensics 101 « Rick Stomphorst Welcomes You

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s