[LINK] Shred of evidence against the law

Kim Holburn kim.holburn at gmail.com
Mon Oct 22 16:32:17 AEST 2007 

It is a good start.  There's an interesting article on this at  
groklaw on courts in the US:
<http://www.groklaw.net/article.php?story=20071020193753215>

Which says among other things:
> courts are beginning to realize that digital records can be changed  
> and that thanks to malware, they may not be reliable to begin with.

and as she comments:

> Imagine proving that a Microsoft computer is "reliable", "in  
> working order", "in a good state of repair", and that the business  
> using it has "built-in safeguards to ensure accuracy and identify  
> errors". Malware of all kinds and spoofing and root kits and  
> invasive changes to records by those unauthorized to do so would  
> all have to be addressed.


On 2007/Oct/22, at 6:18 AM, Bernard Robertson-Dunn wrote:

> Shred of evidence against the law
> Karen Dearne
> October 16, 2007
> Australian IT
> http://www.australianit.news.com.au/story/ 
> 0,24897,22590015-24169,00.html
>
> TOUGH new rules on the production of electronic records in court  
> actions aim to put a stop to e-document "shredding", says Joe  
> Fantuzzi, chief executive of rising content compliance provider  
> Workshare.
>
> "People in organisations who feel they can shred electronically  
> stored documents that may be subject to litigation are driving laws  
> like the US Federal Rules of Civil Procedure in e-discovery," he says.
>
> "It's not much different from the paper shredding that brought down  
> Enron and Arthur Andersen six years ago."
>
> Under the federal rules, if there is a "reasonable anticipation"  
> that information will be required (not just in current actions, but  
> prospective ones as well) organisations are required to preserve  
> the material for potential discovery.
>
> "This means that you cannot take files out of the archives and tidy  
> them up a bit," Fantuzzi says.
>
> "Many people are tempted to do that: let's just clean up a few  
> words in this document, alter a few words in that email, using a  
> kind of electronic whiteout.
>
> "This is just not allowed in the US now, and with the introduction  
> of new legislation in Britain and Victoria we're starting to see  
> countries take control of electronic paper shredding."
>
> Adrian Briscoe, general manager of electronic data recovery veteran  
> Kroll Ontrack, says "litigation readiness" is the buzz phrase for  
> 2007, with lawyers packing out recent forums in Melbourne and Sydney.
>
> E-discovery has moved far beyond the idea of finding a single  
> "smoking gun" document, to producing whole sets of incriminating  
> evidence for presentation to a court.
>
> "Ten years ago, computer forensics was very much a grey art, and  
> people saw it as the next big thing," Briscoe says.
>
> "That has really been superseded. Now it's all about processing  
> loads of documents in order to build a haystack of golden documents  
> for the para-legals to search, rather than a finding a single  
> golden document."
>
> The sheer volume of data is a big issue, as any one company will  
> hold hundreds of backup tapes in storage, Briscoe says.
>
> "Right now, companies are coming to us saying they have a cardboard  
> box full of tapes, and they really need to know what's on them  
> because their legal counsel are asking what people could ask them  
> to hand over.
>
> "Businesses will have to get to the point where they can understand  
> what they need to keep and how to store it. The storage medium has  
> to be accessible, and accessible quickly."
>
> Many people are building litigation databases so that documents can  
> be opened in the native file format, exposing the metadata, the  
> hidden information associated with every e-document that is not  
> visible during normal viewing or printing, he says.
>
> Metadata, usually generated automatically, includes details about  
> the document's creation, the history of edits or changes, and  
> technical information.
>
> It can also include details added by users, such as comment fields.
>
> Courts prefer documents to be provided in their native format, both  
> to ensure the material has not been tampered with and to expose  
> information contained within individual cells of an Excel  
> spreadsheet, for example.
>
> "The only true means of seeing what's in the original document is  
> to open it up in the original application," Briscoe says.
>
> Hidden data also has a flipside: authors of PDF and Microsoft Word  
> documents may unwittingly send more information than intended.
>
> Fantuzzi says the embarrassment is usually minimal - at worst you  
> could lose a customer.
>
> It's common to reuse documents - as a template for a sales pitch,  
> for example.
>
> "You might find hidden data goes out to a new customer that tells  
> them something about a previous customer, including your pricing  
> for a product or service," Fantuzzi says.
>
> "This is the time to ensure your documents are clean.
>
> "It's important to make sure you don't store information that you  
> don't have to store, so risk information is not in your vaults when  
> you come under litigation.
>
> "Privacy, data protection and intellectual property laws also have  
> to be considered in content risk management. Many laws tell you not  
> to retain information beyond a specified period. So you should keep  
> data as long as required and, if it's no longer needed, you should  
> destroy it. That's best practice."
>
> Research by Workshare suggests less than 20 per cent of companies  
> know what information they have stored, and what regulations apply  
> to that information.
>
> "That means 80 per cent don't have a means of identifying what they  
> have," Fantuzzi says.
>
> Happily, there are plenty of product vendors and service providers  
> ready to help out.
>
> Forrester Research estimates spending on e-discovery technology  
> will rise to nearly $US5 billion by 2011 "as enterprises realise  
> they have no choice" but to comply.
>
> Short-term growth for "reactive solutions" will develop into  
> broader retention management strategies that will drive market  
> growth, says Barry Murphy of Forrester.
>
> "The biggest direct spend is the processing of data, on average  
> about $US1800 per GB," Murphy says.
>
> "Therefore, tools that minimise the amount of data to be processed  
> present potentially huge savings."
>
> The largest cost involves the legal professionals who view the  
> data, so visual analytic methods will increase their efficiency in  
> determining whether data is relevant.
>
> Maintaining the chain of custody and avoiding "spoliation" is also  
> essential, so data monitoring and lockdown tools will be in demand.
>
> Murphy says the present solutions landscape is "filled with startup  
> vendors of questionable viability, software giants with  
> questionable domain experience, and no apples-to-apples comparison  
> mechanism".
>
> Oracle is one traditional player that is putting together a  
> comprehensive product, announcing just last week that it had  
> acquired LogicalApps, a leading provider of automated governance,  
> risk and compliance systems.
>
> It also released an updated version of its Universal Records  
> Management system with new features for mitigating cost and risk  
> around legal discovery.
>
> In September it bought Bridgestream, an enterprise role management  
> software developer for its compliance capabilities.
>
> Oracle Asia-Pacific content go-to-market initiatives director Rob  
> Whiter says there has been a major shift in perspective away from  
> first or second-generation records management products "which  
> assumed you would be able to put all of your records into them".
>
> "The current generation accepts the fact that records will exist  
> and continue to be maintained within a multitude of systems across  
> the enterprise," Whiter says.
>
> Problems involving mobile devices and other media not immediately  
> under corporate control have given rise, "fairly suddenly", to  
> technology for intellectual rights management.
>
> "Whereas once you emailed something from your organisation it left  
> your security behind, but now we have tools that give you some kind  
> of control as it travels through the ether and over who should see  
> the information," Whiter says.
>
> "We've also invested a lot of effort in our e-discovery toolset.  
> Rather than trying to get people to put documents and records into  
> a repository, we now have a policy engine that allows us to apply  
> holds on information in other systems."
>
> Whiter says that although e-discovery is complex because it touches  
> so many aspects in an organisation, the new products will help to  
> solve some of the present problems of security, data retention,  
> identity management and record-keeping.
>
> "We've all been aware of the laxness with which we manage our  
> electronic data for a long time, and we've all been very aware that  
> those days would have to come to a close," he says.
>
> "Through the draft overhaul of the Privacy Act and other proposed  
> data laws, small and large businesses alike are being told their  
> information is potentially public record, and they must manage it  
> in a decisive and policy-driven way, or they will find themselves  
> exposed.
>
> "The moment the impetus becomes compelling this will move very  
> quickly. The industry is responding to the speed with which this  
> will now move."
>
> -- 
>
> Regards
> brd
>
> Bernard Robertson-Dunn
> Sydney Australia
> brd at iimetro.com.au
>
> _______________________________________________
> Link mailing list
> Link at mailman.anu.edu.au
> http://mailman.anu.edu.au/mailman/listinfo/link

--
Kim Holburn
IT Network & Security Consultant
Ph: +39 06 855 4294  M: +39 3494957443
mailto:kim at holburn.net  aim://kimholburn
skype://kholburn - PGP Public Key on request

Democracy imposed from without is the severest form of tyranny.
                           -- Lloyd Biggle, Jr. Analog, Apr 1961

More information about the Link mailing list