Posted by Ken Adams on Mon, Aug 09, 2010
Some
litigation support services offer computer forensics as a service to law firms. The field of computer forensics is growing as businesses and consumers alike conduct business and personal transactions on computers, cell phones, and other electronic devices. In law cases, digital evidence is often stored on electronic devices. Sometimes the evidence is readily available to anyone who looks while other times, the evidence may be hidden or “wiped clean.” Either way, computer forensics experts can provide the litigation support that you need by going in and finding evidence.
Why Turn to Litigation Support Services to Search for Electronic Evidence? If you’re in possession of a hard drive, Flash drive, CD, DVD, digital camera, or other media device that may contain evidence, it’s important to know where to look. For example, if you’re working on a divorce case and suspect that a digital camera contains explicit photos, casually looking at the camera’s memory card may not yield results. After all, the images may have been deleted to avoid discovery. However, litigation support services offering computer forensics have the expertise and tools to “undelete” files.
Types of Electronic EvidenceElectronic evidence takes many forms including photos, videos, email messages, text messages, instant messages, word processing documents, spreadsheets, and Internet files. Using computer forensics utilities and techniques, computer experts can provide the litigation support that you need by digging in and finding the data.
Finding Hidden or Erased DataComputers readily give up secrets. Web histories, temporary Internet files, and cookies are well known for revealing a user’s Web surfing habits. Because they are well known for this, many users know how to delete their tracks. However, did you know that some operating systems have what’s known as an index.dat file that keeps track of all URLs visited, even if Web histories have been erased? Many users don’t know this, but computer forensics do. This is but one example of the many resources available to computer forensics professionals.
Another common tool used in litigation support is data recovery software. Even if a hard disc, portable storage card, or digital camera has been erased or reformatted, data recovery software makes easy work of retrieving the so-called deleted files. Many computer users are unaware of how erasing and reformatting really work. Data isn’t actually erased during deletions or formatting. Rather, the data is removed from the computer’s index and the hard drive space where the data resides considered “available.” Until new data occupies that “available” space, the original data can be recovered.
Computer Forensics CertificationsComputer forensics certification programs validate the certificate holder’s expertise at computer investigations. Many programs exist ranging from general certifications such as the Certified Computer Forensics Examiner and Certified Electronic Evidence Collection Specialist to vendor-specific certifications such as Discover-e Certification and AccessData Certified Examiner. Like other forms of evidence, chain of custody practices are as important as the evidence itself. Choosing certified computer forensics experts helps to ensure that the evidence is gathered, documented, and secured in a manner acceptable to the courts.
While litigation support services have typically focused on more traditional services, some are beginning to branch out into computer forensics. As always,
look for demonstrated expertise in the given field. In this case, certification is an excellent starting point.
Have you outsourced computer forensics? Share your experiences.
Posted by Chris MacNaughton on Wed, Mar 24, 2010
Earlier, we discussed some of the common pitfalls of outsourcing offshore transcription services and how to overcome many of the obstacles both here and abroad. If you plan on outsourcing any of your legal services, it's smart to do so with a plan. Not only should you do your homework and select a capable company, you should also have your own standard master service agreement, communicate with the decision makers throughout the negotiations, and understand your approval process.
Draft Your Own Master Service Agreements
As a legal professional, you have the skills and expertise needed to draft your own master service agreement. Doing so provides you with the terms and conditions you expect and ensures that you are not left to the mercy of "but this is how we always do it." This doesn't necessarily mean that your master service agreement is the one and only agreement, but it does provide you with a good starting point from which to build. Taking your stock agreement and the outsourcing company's agreement, you can then work together to create a document that is mutually satisfying.
Communicate with Decision Makers
What's more frustrating than getting through a difficult negotiation or meeting only to hear, "I'll see what my boss has to say and get back to you with an answer"? Realizing that this situation is completely avoidable. Long before you enter into a negotiation, find out if the person you are dealing with has any authority to make decisions and to what extent that authority extends. Ask questions such as:
• Are you the key decision maker?
• Do you have the authority to make decisions about ____?
• Who in your company must make the final decision?
• Do you need to run any decision by anyone else in your company? If so, who?
• Is a committee involved in making these types of decisions?
Once you understand who the decision makers are, try to work directly with those people. Doing so saves time and minimizes miscommunication. This isn't always possible such as when decisions must be run past an approval committee. When this is the case, you'll want to work with a senior person, preferably one who sits on the committee.
Understand Your Own Approval Process
Not only must you understand the other side's approval process and know who their decision makers are, you must also understand your own approval process. Are you the key decision maker or must you also run your decision by your boss or an approval committee. If you must obtain approval to make decisions, find out which decisions can be made without approval and which must be submitted to others. Find out acceptable ranges and understand at which point you must defer to higher ups. It's helpful to meet with internal decision makers before a negotiation to go over objectives, expectations, positions, and reserve prices. Knowing when to walk away from a negotiation or when the committee needs to be involved is crucial. Ideally, the fewer people involved in the approval process, the better. If you can limit the size of an approval committee, consider doing so.
If you are the sole decision maker, you must also understand your process. What do are your objectives? What is your bottom line? When should you walk away? What are you willing to accept? What are you willing to give up? Take time beforehand for planning.
Starting with your own master service agreement, meeting with decision makers, and understanding your approval process are three smart steps you can take to ensure outsourcing legal services success.
Posted by Chris MacNaughton on Wed, Mar 17, 2010
Cell phones, when turned on, regularly communicate with cell phone towers, establishing a record of the phone's - and by extension, the user's - whereabouts. The process of communicating with cell phone towers ensures that the cell phone connects to a nearby tower capable of delivering the strongest signal. As the cell phone moves along a route, it is constantly searching for stronger signals and switching as necessary, creating a path that is easily tracked by cell phone companies. Techniques such as triangulation can pinpoint a standard cell phone's location down to as close to a few hundred yards. The location of GPS-equipped phones can be tracked even more precisely.
Lawyers, privacy rights advocates, and cell phone users are anxiously awaiting the outcome of arguments presented to the U.S. 3rd Circuit Court of Appeals last week. The court is hearing an appeal of an opinion issued in February 2008 by U.S. Magistrate Judge Lisa Pupo Lenihan. The 52-page opinion concludes that:
". . . the Government does not have a statutory entitlement to an electronic communication service provider's covert disclosure of cell-phone-derived
movement/location information, the Government's application(s) for such information, absent a showing of probable cause under Fed. R. Civ. P. 41, must be denied."
So, what's the big deal about letting a law enforcement agency look at cell phone location without probable cause? After all, wouldn't it be helpful to know that a suspect was within a few hundred yards of a crime scene at the time of the crime? Privacy advocates are concerned that without standards, agencies or the government could track a person's activities including attendance at political events, religious services, or even strip clubs. At issue isn't the law enforcement agency's right to cell phone location data, but rather the standard that must be adhered to in order to obtain a warrant requiring access to the cell phone location data.
While the case focuses on cell phone location data, it could extend to other GPS-enabled devices. For example, many new cars come equipped with onboard GPS systems such as Microsoft Sync or GM's OnStar system. Portable GPS devices have become increasingly popular, providing users with turn-by-turn directions and pinpointing their exact locations via global positioning satellites. Many businesses equip their fleets with transmitters that constantly monitor each vehicle's location, speed, and mileage. Other vehicle tracking technology, such as LoJack, is used for pinpointing a vehicle's location after a theft. Other current technologies that may be leaving a traceable location trail include portable computers, netbooks, music players, and PDAs. Even wireless devices such as the Kindle eReader may reveal the user's whereabouts based on which Wi-Fi connection was used to access an online account.
Judge Lenihan wrote:
"The movement/location information at issue here. . . is the subject of express Congressional protection. Indeed, Congress has reiterated throughout the legislative history of its electronic communications legislation, and reflected in the provisions of its enactments, its recognition of an individual expectation of privacy in "location information" and desire to protect this privacy right from unwarranted or unreasonable encroachment."
Do you think the 3rd Circuit will agree? Disagree? Share your insights with us.
Posted by Chris MacNaughton on Wed, Mar 03, 2010
Anyone who runs a blog is likely aware of the user comments feature. When enabled, other users can comment on your blog posts. Allowing other users to comment on your blog has its pros and cons. For example, a blog post with lots of user comments and interaction is engaging and interactive. On the other hand, comment spam is problematic. Plus, what if a user says something controversial - or worse libelous? Who's responsible for libelous user comments on blogs and Web sites?
The obvious and common sense answer is "when in doubt, cut it out." However, if your blog's user comment settings are not moderated, or even if they are, you may not have noticed a libelous comment. Because the comment is posted on your blog, are you accountable?
In general, the federal Communications Decency Act protects sites and blogs from being held responsible for libelous comments by users. This act prohibits a "provider or user of an interactive computer service" from responsibility "as the publisher or speaker of any information provided by another information content provider."
Recently, a car dealer took on ConsumerAffairs.com, alleging that libelous comments appeared on the ConsumerAffairs.com Web site (Nemet Chevrolet v. ConsumerAffairs.com), arguing that ConsumerAffairs.com was the information content provider and therefore liable for the libelous comments. Nemet Chevrolet alleged that ConsumerAffairs.com solicited complaints, steered the complaints in such a manner as to attract attention from class action lawyers, contacted consumers to ask questions and help draft or revise the complaints, and suggested that financial recovery options were available via class action lawsuits.
Because of these allegations, the plaintiff argued that ConsumerAffairs.com was involved in developing the substance and content of the user comments. In short, the plaintiff argued that ConsumerAffairs.com was "responsible, in whole or in part, for the creation or development" of the user comments and was therefore a non-immune information content provider.
The plaintiff also alleged that eight of the 20 defamatory posts were fabricated by ConsumerAffairs.com because it could not identify the customers making the posts based on the information provided such as first name, date, or model of car.
The case was originally dismissed by a federal court in June 2008. On December 29, 2009, the 4th US Circuit Court of Appeals upheld the US District Court's earlier decision. In its Opinion, No. 08-2097, the appellate court said that, "Nemet fails to make any cognizable argument as to how a website operator who contacts a potential user with questions thus "develops" or "creates" the website content."
What about those eight fabricated posts? The opinion of the appellate court is that "This is pure speculation and a conclusory allegation of an element of the immunity claim. . . Nemet has not pled that Consumeraffairs.com created the allegedly defamatory eight posts based on any tangible fact, but solely because it (Nemet) can't find a similar name or vehicle of the time period in Nemet's business records." The opinion goes on to say that the posts could have been made anonymously, falsified by the consumer, or overlooked by Nemet.
If you run a law blog, do you allow comments? Do you monitor comments before allowing them to be posted? What are your thoughts on libelous blog posts?
Posted by Chris MacNaughton on Wed, Feb 24, 2010
Remember when company data rarely left the corporate network? The files you created were stored on either your desktop computer's hard drive or on a server inside the building. Backups of these files were created on physical tape drives which were securely stored in fireproof boxes. Today, company data isn't neatly contained. Your firm's attorneys likely have laptops and PDAs. Your employees, especially telecommuters, may share data through online file sharing and collaboration sites like Google Documents. Employees may take files home on USB thumb drives. Your main server may backup data to an online data backup service. Technology has allowed your firm greater mobility; however, is your data safe and secure?
While corporate networks are not immune to security breaches, each piece of data that is stored outside of the company's network is vulnerable. What if an attorney's laptop is stolen? What if a telecommuter stores a file online and forgets to mark it "private"? What if an employee loses a USB thumb drive containing confidential files? What if the online storage provider's system is compromised?
Whenever you allow data outside of the corporate network, you lose control over it. This is a problem companies of all sizes and industries are grappling with. Of particular concern is data subject to confidentiality restrictions. While losing a document covering a staff meeting's agenda would be a short term problem, losing confidential data related to a pending case would be devastating. In addition, specific acts such as the Privacy Act of 1974, the Health Insurance Portability and Accountability Act (HIPAA), and the Gramm-Leach-Bliley Act, regulate how certain types of information can be transferred and stored.
Assuming that your firm's data is stored according to any applicable regulations, how safe is it? Is the data encrypted as it travels from one computer to the next? Are data backups encrypted when stored online? Is the physical building where your online data resides secure? Even with safeguards in place, online service providers can encounter problems. We've all heard of stolen laptops and major hacker attacks that have compromised credit card and social security numbers of millions of individuals. In addition, last March, Google discovered its Documents and Spreadsheets application had experienced a breach where some documents had been shared with unauthorized users.
So, what should you do? First, evaluate your firm's current data patterns. Where is data created? Where is it stored? How is it transmitted? How is it secured at all points? You may need to invest in technologies designed to secure mobile data or contract with regulation-compliant partners. If using online backup or collaboration services, you'll need to review all privacy policies to make sure that the provider has appropriate safeguards in place.
Once you have a better understanding of where your firm's data originates, how it is transmitted, and how it is stored along with a plan for securing any areas of weakness, consider creating a formal data policy. For example, is it okay for an attorney to take a USB drive home to work on files on her personal computer over the weekend? If so, is she allowed to save a local copy on her home PC? If so, what types of security measures should her personal computer have in place? As you draft your data policy, you'll run into even more questions like these, reinforcing the need for restricting and securing firm data.
Technology has made the mobile workforce a reality, bringing with it both benefits and new challenges. Recognizing that data is at risk is an important first step in ultimately securing it.
Posted by Chris MacNaughton on Wed, Feb 17, 2010
A recent Arizona Supreme Court ruling that government agencies must release an electronic document's metadata has made the news in the state and is likely to set a precedent as other states grapple with public records laws. The unanimous late-October ruling overturned an earlier Arizona Court of Appeals ruling saying that metadata is not a public record.
In the October 2009 Opinion, Justice W. Scott Bales wrote, "We today hold that if a public entity maintains a public record in an electronic format, then the electronic version, including any embedded metadata, is subject to disclosure under our public records laws."
Metadata, or "data about data," is hidden information embedded into electronic documents. One of the easiest ways to understand metadata is to open a typical Microsoft Word document. When you open the document, you see the document's text, right? Let's say that the document is a letter. You will see the date as well as the text of the letter on your computer screen. However, dates can easily be changed in a Word processor. How do you know if the date displayed is the date the letter was written? Metadata will tell you. You can check this yourself in Word 2007 by clicking on the Office button, clicking Prepare, and then clicking Properties. (In earlier versions of Word, go to File > Properties).
At first, basic metadata will appear including the author of the document and any user-generated entries such as comments, keywords, and title. Click on Document Properties > Advanced Properties and then click on the Statistics tab to view additional metadata. Now, you will see the document's creation date as well as dates when the document was modified, accessed, and printed.
In fact, the Arizona ruling stems from employment discrimination case where a demoted police officer requested public records, which happened to be his supervisor's notes, from the City of Phoenix, received paper copies of the records, and then suspected that the original notes had been backdated. The metadata of the original document could confirm or deny those suspicions, but the city denied the officer's request, citing an over 50-year-old Arizona Supreme Court ruling.
The case made its way up to the Arizona Supreme Court which finally overturned the Court of Appeals ruling that the City of Phoenix did not need to provide the electronic record's metadata.
Justice Bales wrote, "The metadata in an electronic document is part of the underlying document; it does not stand on its own. When a public officer uses a computer to make a public record, the metadata forms part of the document as much as the words on the page. . ."
The issue of electronic documents and their underlying metadata isn't unique to Arizona. Arizona's opinion that metadata is part of the underlying document certainly gives us something to think about. Your thoughts? Will this ruling influence other public record laws across the United States? Should a document's creation date, modification date, print date, and other hidden data be disclosed along with the words on the page?
Posted by Chris MacNaughton on Wed, Feb 10, 2010
Still taking notes on a legal pad? While The trusty legal pad has its place, transcribing your notes is tedious and time consuming. Digital pens are changing the way many professionals take notes. These gizmos store your written text within the pen. Simply take notes, draw diagrams, or even record audio (if equipped) and then transfer the notes to your computer. Once transferred, your notes and drawings can be stored or shared with others. Depending on the type of pen you have, you can convert your written notes to text and import the text into a word processor.
Digital pens are certainly neat, but how might you put your pen to good use in your practice? After all, you already have computers, audio recorders, and PDAs. However, it's not always practical to lug a laptop into meetings and audio recorders are often challenging to find nuggets of information. Equipped with an audio-capable digital pen such as the LiveScribe SmartPulse, you can take notes while recording audio. Once recorded, simply tap a word on the page and hear the recording at that point in time.
Digital pens are terrific for those times when a computer is either inconvenient or inappropriate. For example, when meeting with a potential client for the first time, storing your notes on a laptop puts a barrier between you and the client. Instead, imagine jotting down notes on a simple legal pad as normal. Only in this case, you'll later be able to transfer your notes to your computer and convert them to text! If your digital pen has audio, you can also record the session, marking crucial information with an audio bookmark on the page. For instance, when you ask the client, "What happened?" write down the words "What happened" on the page. When the client is discussing her medical bills, write down the words "medical bills" on the page. Later, when you need to review your notes, tap the words on the page related to what you need to review and hear the audio.
Another excellent use of digital pens is for diagramming. Imagine drawing a diagram of an accident scene and knowing that your diagram has been digitized. Later you can upload your drawing to your computer and share digital copies with your partners, client, and other parties via email.
Some digial pens allow you to write directly on computer images, working much like graphic tablets. When giving a giving a presentation, this type of digital pen allows you to draw images, write text, or otherwise emphasize key points onscreen.
While the possibilities may capture your imagination, digital pens are not created equal. Some require special paper while others work beautifully with a standard legal pad. Some come with handwriting recognition software; others do not. Some digital pens record audio; most do not. Most digital pens connect to a computer via a USB connection though Bluetooth connectivity is starting to become more readily available.
Before you purchase a digital pen, consider how you will use it in your practice. Do you want to combine text with audio recordings? Do you need handwriting recognition or are digital copies of your written notes sufficient? Do you want to be able to write on any type of paper or are you okay with purchasing specialty legal pads? If possible, demo a unit before you buy because each digital pen has its pros and cons. For example, pens that require special paper are far more accurate than those that use plain paper because the special paper uses a sophisticated grid and infrared camera to digitize your pen strokes. The plain paper pens digitize your pen strokes through the use of a transmitter and receiver. If the reciever is bumped, the electronic writing area is also bumped which can cause lines of text or graphic drawings to be distorted compared to the original.
The legal pad has gone high tech. How will you put this technology to use in your practice? Share your ideas with us!
Posted by Chris MacNaughton on Mon, Jan 11, 2010
When we send an email, whether it's to a friend, colleague, or client, we expect that the email will arrive, uncompromised, to the intended recipient. We also expect that the email will not be redistributed to others without our consent. However, once we hit the send button, the message is largely out of our control. Will it arrive as intended? Will hackers intercept the message? Will the recipient keep the message to himself? How secure are your emails? How can you be sure that your message won't be altered and recirculated? How can you maintain data integrity and confidentiality?
It's becoming increasingly common for individuals to append a confidentiality clause or disclaimer to messages. An example of such a clause is:
"Any information contained in or attached to this e-mail is intended solely for the use of the intended recipient(s) and may contain information that is confidential or legally privileged. If you are not an intended recipient of this e-mail, please notify the sender of the delivery error and then please delete and destroy all copies and attachments, and be advised that any review or dissemination of, or the taking of any action in reliance on, the information contained in or attached to this e-mail is expressly prohibited."
While it's smart to include such a disclaimer, it's even smarter to use digital signatures and digital encryption tools to protect your confidential e-mail messages. In fact, depending on the nature of the email message or regulations governing your firm, your messages may need to be encrypted in order to comply with regulations such as HIPAA, SOX, or GLBA.
Various technologies are used to encrypt email messages and digitally sign messages. Regardless of which technology your firm uses, the idea is that an encrypted message can only be viewed by those holding the "keys" to unlock it. An encrypted message is scrambled before being transmitted. Your recipient must have the "key" in order to unscramble the message. This is usually done through the use of digital IDs which verify an individual's identity through a third party vendor. Once each individual has obtained a digital ID, they send each other digitally signed messages which add the individual's digital ID to the contact's information in the email program. These digital IDs are also known as "public keys" and can be shared with the general public.
Sharing each other's "pubic keys" may not sound terribly secure. However, the public key is only half of the equation. When you want to send an encrypted email to a person with a digital ID or public key, you would use the provided digital ID or public key to encrypt it. The individual holds a second key, which is never shared, that deciphers the message. In general, the keys are set up on the individual's computer in their email programs and a pass phrase used to open the message.
Once the digital identities have been established, it becomes possible to send encrypted messages to one another. This ensures that your message is only viewable by the intended recipient. If a system administrator stumbles onto the e-mail in the system, the administrator cannot view it. If a hacker intercepts the message, he cannot open it. If a co-worker sneaks into your office, she cannot open the message unless she knows your secret pass phrase.
Adding a digital signature to your emails is also an excellent way to establish that the email is really from you and not from an imposter. For example, if you're concerned that someone might set up an email account in your name and then pose as you, start digitally signing your messages to establish which emails are definitely originating from you and which ones are questionable. Likewise, receiving digitally signed e-mail messages from your colleagues and clients ensures that what you are receiving originated with those individuals.
Encrypting and digitally signing messages is a bit clumsy to set up at first but well worth doing to ensure data integrity and confidentiality.
Posted by Chris MacNaughton on Mon, Jan 11, 2010
LinkedIn, Twitter, Facebook, blogging, and other forms of social media are extremely popular with people from all walks of life including professionals. But what about lawyers, paralegals, litigation support managers, and legal secretaries? Should you jump in? Before you start tweeting about your piles of paperwork and what you had for breakfast, consider what you can bring to social media as well as what you can get out of it.
Your Professional Persona
No matter which social media platform you choose, as a legal professional, it's crucial that you pay close attention to your professional persona. While many bloggers and tweeters may go off topic or rant and rave about something, you are not a traditional blogger or tweeter. Keep your professional persona in mind with every word you type.
Your Area of Expertise
Next, center your social media conversations on your specific area of expertise and begin building a community around your platform. For example, if you specialize in estate planning, blogging about DUI laws is outside your area of expertise. Your followers are expecting helpful estate planning tips, not news about DUI laws. Think of about three core topics within your area of expertise and rotate your content based on these areas. For an estate planning blog, you might write about wills and trusts one week, health care directives the next, and probate issues the next week before tackling another will and trust issue and repeating the cycle. Over time, you will become recognized for your expertise in your chosen area.
Your Personality
While it's not advisable to tweet about what you ate for lunch, the occasional personal blog post or tweet shows that you are a real person, not a walking law book. Use care when posting personal entries and keep your professional persona in mind when you do. For example, which of the following personal tweets would be appropriate:
"Looking forward to reading Making Your Case: The Art of Persuading Judges."
"I think Oprah should avoid wearing red and should stick to less flashy colors."
What Can Social Media Do for You?
Certainly, you have a lot to contribute to social media. However, social media isn't a one-way outlet where you broadcast information to the masses. As you get involved in social media, you'll quickly discover that social media has many advantages including:
• Networking - You will be interacting with others, many of whom may be colleagues. As you share information through your blog, Facebook page, or Twitter, you will also be gaining information from others. This exchange of information gradually builds a community of like-minded individuals.
• Improve Communications Skills - Blogging and posting comments on social media sites forces you to brush up on your writing skills. Blogs and social media sites are not the place for legalese and academic writing. Instead, you must write concise, easy-to-understand entries.
• Give Your Firm a Face - If you are blogging on behalf of your law firm, you are becoming more approachable. Your potential clients may check your Facebook profile long before they make the first call for a consultation. By being mindful of your professional persona and focusing your social media efforts on your area of expertise, you will stand out as an approachable legal professional with the expertise the client needs.
Social media is a terrific tool for professionals from all industries when used appropriately. Keep your professional persona in mind at all times and frame yourself as an approachable expert. As you build your community and interact with others, you may realize another key advantage: new clients.