Electronic Discovery: MS and Autonomy

If the rummors are true, this would be big news in the ED world,

Full Article

If Microsoft, as rumored, were to buy Autonomy, there would be a seismic ripple felt through eDiscovery-related markets.  First, Microsoft would own two of the leading search products in the market (Autonomy and FAST).  Second, Microsoft would have applications to provide value on top of a SharePoint infrastructure:

iManage document management – which has a huge law firm and corporate legal installed base
– Meridio records management – which just so happened to be developed to provide RM functionality for SharePoint environment
– Cardiff BPM – which would give Microsoft advanced process management capabilities (all the better to build out more eDiscovery workflow, for say, legal holds?? )
– ZANTAZ archiving – which will enhance the archiving that will be native to Exchange 2010; the on-premise EAS will give Microsoft its own offering for the first time and the hosted Digital Safe will add to the Frontbridge offering Microsoft already has

And – scarily enough – that is just a smattering of the value that Autonomy would bring to Microsoft.  Not hard to see why the rumor mill has Microsoft paying a 75% premium for the Cambridge, UK-based company.

To any eDiscovery vendors out there I say, “be afraid…be very afraid.”  If Microsoft moves into the market, the following players have a lot to lose:


Bloggers, Lawyers, Twitters and Court Orders

Today a right wing blogger (by his own definition), called Donal Blaney, served a court order against an individual, who was using his name. The aim of the court order is to reveal the identify of the person in charge of the twitter account.

So why is this in the news?

Donald Blaney won the order against somebody using a Twitter account, with his name blaneysblarney.

Looking at the twitter account  now (on the evening of 1st October), there are just 10 tweets, not saying much at all. In fact David Blaney only described it as “mildly offensive”, and even stated that he could have the Twitter account shut off by contacting Twitter directly.

So, why is this in the news?

Donald Blaney arranged for the court order to be served via Twitter, a first of its kind apparently (no wonder!); but it’s just a method of serving a court order. Therefore we have a minor  blogger serving a court order against an unknown person, who has written around 1400 characters (not words) that are described as mildly offensive, and could have been stopped via other cheaper, aka free, methods.

In a week where the Sun has pulled its support from Labour, the Prime Minister has had a major speech, BAe is looking at a 1 billion pound fine, a thousand dead due to earth quakes, and most critically Peter Andre is planning a trip to the West Country…. sometime next year, how did David Blaney get prime time news slots?

So, for the third time, why is this in the news?

The law firm which ran the case was, not Herbet Smith, Clifford Chance, or any other law firm giant which naturally attracts and deals with the press. The firm was Griffin Law. Griffin law is owned by …. Mr Blaney.  So on the same day that a minor blogger, won a minor court order, for an even more minor incident, Mr Blaney was all over the news.

Bravo to his PR company, they did their job well. Nearly as well as the Pigeon people

UK Supreme Court to open on Thursday – 1st October 2009

The UK Supreme Court will open on 1st October 2009:

The Outlaw Article on the subject is below:

The UK’s legal landscape will change tomorrow when the Supreme Court takes over from the House of Lords as the country’s highest court.

As part of a Government move to ensure that the highest court in the country is completely independent from those who make the law it created the Supreme Court, which will occupy its own new building and be made up of 12 judges.

Until now the most senior court was made up of the Appellate Committee of the House of Lords and the Judicial Committee of the Privy Council. The House of Lords and the Privy Council are parts of Government, but The Supreme Court will not be connected to Government at all.

The Court said that it would now be “explicitly separate from both Government and Parliament”.

Eleven of the 12 judges that form the Appellate Committee of the House of Lords will become judges at the Supreme Court. One, Lord Neuberger, is moving to the Court of Appeal, where he will be head of its civil division.

Lord Neuberger has expressed reservations about the new structure and has said that the very independence from Government that is its founding principle might lead it to assume too much power.

“The danger is that you muck around with a constitution like the British constitution at your peril because you do not know what the consequences of any change will be,” he told BBC Radio 4 earlier this month. “[There is a risk of] judges arrogating to themselves greater power than they have at the moment.”

Read More ……..

Electronic Discovery: Early Case Assessment v Review Platforms

Early Case Assessment: Why not just use a linear review platform?

Early case assessment is the new buzzword in town. Last year it was concept searching, previously it has been near de-duping, long before that it was simply de-duplication.

A variety of tools are on the market, Recommind, Clearwell, Nuix, offer Early Case Assessment features. These are good tools, with lots of R&D and a growing market share, but does this mean that linear review platforms, the RingTails, the iConnencts, the Relativities, are of a thing of the past?

No, and for two reasons.

Firstly the Early Case Assessment tools are often not geared up for the highly detailed linear review, which will be required once the bulk of the documents have been culled.  RingTail, for example, has an incredibly granular capability, from using multiple highlighting colors to rotating individual pages in a document that have not been scanned correctly.  Most people who are producing early case assessment tools recognize this and currently recommend that their tool is used for a first review (hence the name), and the detail work is done in more of the heavy weight linear review tools. This alone means that the linear review platforms are here for a while yet; of course those building the ECA platforms are no doubt working on producing a more detailed review platform, introducing tiffing, redaction, etc. The ECA camp are, almost certainly, going to move into the linear review market space sooner rather than later.

Secondly, the reverse is also true. Some “linear” review platforms have moved into the market space of the ECA tools. The linear review platforms that have not moved on, the Summations and Concordances are certainly a thing of the past, but some review platforms that have evolved. Relativity and IConect probably have a strong future ahead of them, as they have moved with the technology. Internal tools such as Documatrix, and KrollOntrack InView have also evolved and developed along the same lines, but are not available for purchase so are not discussed here.

Relativity has taken an approach, much like iPhone has with Apps, to allow third part vendors make software for their product. ContentAnalyst and Equivio are the two big ones. This means that Relativity leverage the knowledge and experience of other companies, rather than having to build everything themselves. RingTail is building a similar package to link it to Attenex.

The net result is that a Relativity can allow for a linear review, a non linear review, or an early case assessment  in a single platform. This means that once data has been loaded into a review platform it can be culled, clustered, de-duped, near de-duped, and generally treated as an early case assessment tool.

Data can be loaded into Relativity and culled down using the methods of an ECA platform.  Then once the set of data has been chosen for review this can simply be released/tagged or otherwise identified for a full scale/detailed linear review. This can be done either by the vendor or the reviewers.

The beauty of this type of solution is that if there is an error in the culling process, either too much or too little data has been identified for linear review, then it can easily be untagged or re-tagged and moved between the ECA and Linear review phase.  The data is not moving between platforms, its not moving from a Nuix to a Ringtail, or a Recommind to an Introspect, but staying inside Relativity, this is very cheap and almost instant to do. The data is moving between phases, not platforms.

So, why the big issue about Early Case Assessment?

If linear review platforms can also conduct non-linear review, why the big buzz about early case assessment?

There are probably several reasons for this.

  • The Megan Fox effect. Megan Fox is a good looking woman, no doubt, and that may influence our opinion of her as an actress and the quality of her films. Is it any wonder advertisers use good looking men and women to sell products? We associate beauty with quality. Early Case Assessment tools generally look brilliant, with clean simple interfaces, easy to use, intuitive, etc. The new breed of linear review platforms with concept searching may have all the functionality of an ECA tool, but it’s not immediately obvious, those skills are hidden.
  • Pricing: Traditionally the linear review tools have had a high price and been seen to be expensive to review in time and money for lawyers. Early Case Assessment tools have a different pricing model, and their aim is not to make a lawyer review everything, but just an initial look. This is not necessarily cheaper than processing all of the data, putting it into a review platform and then seamlessly moving between linear and non-linear review as needed, but on first look it does appear cheaper.
  • Processing Myth: Processing is hard work, period! Even processing 1,000 files will generate numerous errors. Then there is the loading of the data into a review platform, e.g. moving from Discovery Cracker to RingTail, or LAW to iConnect.  This also causes a degree of effort, time, pain, and therefore costs. Early Case Assessment tools offer a simple solution; you just load the data into the ECA tool/platform and then review it, and then “process” it later, but only process the data you need to review in detail. Voila, there is a cost and time saving already, quick get a an ECA….err….not quite. If data can be searched, filtering, clustered, etc – then it has been processed. The ECA tool has processed the data, in almost the same way the traditional processing tools have – extracted the metadata and text, for searching and filtering. The ECA tools tend not to show the errors as much, they make it simpler to use, it’s more of a black box. The value of that versus the risk, will depend on the client, vendor, and case.  The lack of processing appears to be a clever branding/pricing trick.  The main exception to this is Nuix which has managed to process files in a slightly different manner, making it genuinely faster than other processing tools on the market, but that is the exception rather than the rule.

In short, what can be achieved through an Early Case Assessment tool can be achieved through a good quality review platform, assuming it has all the bells and whistles and those using it know how to use, and how it needs to be used for specific case.

This does not mean that dedicated early case assessment tools do not have a place in the market; they will no doubt grow particularly well in internal market, for corporate, where they are trying to get a hand and what they have and what they need.

It’s quite probable that review platforms and ECA platforms will merge into each others’ market space, with ECA tools adding complete linear review capability and review platforms adding complete processing capability.

The vendors will, of course, need a new name for these tools, as well as new look, and new pricing structure.

Electronic Discovery: E-Disclosure Qualification

Guidance Software, the forensics giant which produces EnCase has announced the release of its e-disclosure qualification “EnCase Certified eDiscovery Practitioner” – EnCEP.

The value of the EnCEP certification will have to be seen, but there are already obvious pros and cons for it.

The Pros

The employers of staff using the EnCase E-Discovery tools and bring their staff to a common standard, and employees and staff can work to a common standard and demonstrate to future employers/clients, their competance levels.

The Cons

E-Discovery is a huge area, collosal. Concept searching, near de-duping, review platforms, data recovery, backup tapes, project management, consultancy, etc. The certification currently being offered is for a very narrow part of electronic discovery, on a single tool, being taught to follow a methodology that is based on the use of the Guidance Software products.

This in itself is not a problem as long as people are aware of what the qualification actually means, but the concern is that the huge PR machine of Guidance can push forward the certification as a requirement, as a standard in the industry, as EnCE is becoming.

Increasingly it is not unusual for clients to ask staff to be EnCE certified. While there are many good people who are EnCE certified, there are those who are not, whose knowledge of forensics is very limited. On the flip side of that there are people who are not EnCE certified and who are fantastically smart, a look at the SANS website and blog will demonstate this.This site has numerous postings by  people who have an incredible technical knowledge, far far above that for the EnCE exam, but their own qualificiaiton may not be accepted by certain employers/clients. Equally there are people with no certifications who are not much use.

So where does this leave us? Currently certification does not prove or disprove a skill set that a client would need, not least because clients needs are generally so varied and vast, even on a single project. The idea of certification, is a good one, but there is a long way to go before the industry has a reliable standard.

The press release by Guidance Software, is below:

The EnCase Certified eDiscovery Practitioner program was created by industry experts to meet the needs of our EnCase eDiscovery users who are handling electronic evidence in both routine and some of the largest and most complex litigations of our day,” said Al Hobbs, Vice President, Professional Development & Training Operations for Guidance Software. “Candidates who complete the EnCEP program, and earn the designation, will have demonstrated their expertise in the leading edge EnCase technology and methodology for the collection and processing of electronically stored information.” “Successful litigation depends on good legal scholarship as well as the appropriate technology infrastructure to support e-discovery. We recommend that legal professionals are screened on their understanding of technology and enterprise computing, as well as their comprehension of how technology is deployed,” said John Bace, a research vice president at Gartner, graduate of the John Marshall Law School in Chicago, and Advisory Board member for the Center for Information Technology & Privacy Law at the School. “Certification programs such as these are a step in the right direction toward ensuring that IT professionals are proficient in eDiscovery.” Over the past eight years, Guidance Software has certified more than 2,100 computer investigative professionals with the globally recognized EnCase(R) Certified Examiner (EnCE(R)) designation. The new EnCEP program will similarly enable eDiscovery practitioners to demonstrate their skills, training and experience in the proper handling of ESI for legal purposes. Information on the requirements for EnCEP candidates, the testing program and certification renewal can be found at http://www.guidancesoftware.com/computer-forensics-training-certifications.htm.

Data Theft and the Legal System

Recently more news has come to light about data theft: More people are implicated, more data has been misused, and the fines seem to be poor. This all raises more questions than it answers.

A few days ago Mathew Single was sentenced for publishing the BNP membership details, which he took from the BNP. i.e. data theft. The ramifications of publishing the data were a series of vigilante acts against the members. Regardless of your views about the BNP they are a legal party, membership of the BNP  is legal, and they have even won an election. However, vigilante acts and data theft are not legal.

Despite this the fine for publishing the data, for breaking the law, was just £200. Even the judge complained about the level of the fine.

In addition to this more and more details of data theft  are gradually leaking out. There have been allegations of Prince William and Prince Harry’s phones being accessed. Also, the previous Head of the Professional Footballers’ Association, Gordon Taylor, had his phone hacked by the News of the World. The News of the World paid £700,000 in damages, following a court case, “but on condition that details of the case were not made public”. How can such a major media outlet go to court, lose, and still manage to keep the details of such an important case secret for so long. The key word in that sentence is probably “major”.

The ICO has recently stated that they have been let down by the press, politicians, and the court systems; in the failure to create strong enough laws, or the courts to enforce the laws they have effectively.

Recently Steve Whittamore, a former police officer, turned private detective turned crook has come back into the news. He worked for a company called JJ limited and during his time there uncovered 17,500 pieces of personal information, for over 400 journalists (from a variety of papers). The data he and his colleagues obtained varied from banking and telephone information to DVLA and PNC records.

In February 2004, Steve Whittamore, and three others were all convicted of the offences they were charged with and received …… a conditional discharge. A conditional discharge, for those not familiar with the legal system means nothing.

It means they went to court, go told they were bad people who had done a very bad thing, and then walked out, without so much as a peak at a prison. To criminals a conditional discharge is about as effective as sending a sex addict to a lap dancing bar. It just encourages them.

So, the laws are all a bit rubbish, the courts are useless, and the CPS could not organise a pissup in a brewery. But who is buying all of the this data (other than journalists).

So, Who buys Stolen Data?

[The article below has been re-published from July 2008 due to the current relevance]

A lot of the market for personal data theft is in the “gray/black” market.

Some companies specialize in the selling of personal information, anything from just the name and address (phone book/electoral role), upto bank details, phone records etc. The reported costs of this data vary from $100 to $500. These companies who sell the data to lawyers and businesses, may not “acquire” the information themselves, rather sub contract it out, keeping the “dirty end” of the business very much at arm’s length.  This means that the person who users the data, apparently legitimately, is removed by at least two steps from the actual “data theft”.

One such example involves Mischon de Reya, a famous UK law firm and Carratou an investigation agency were involved in the purchasing of stolen information.

In this case Mischon wanted find information about Mr Hughes, the former chairman of the now collapsed Allsports. Based on this Mischon instructed Carratou to track down Mr Hughes. Carratou then instructed Sharon and Stephen Anderson, who are independent contractors. Sharon and Stephen then sourced a variety of information about Mr Hughes, including details of his 11 of his bank accounts. They charged around £150 for each piece of financial data. They gained access to this information this through phone calls (impersonating Mr Hughes), false letters, etc, etc.

Once the Anderson’s had “stolen his identify” and got the relevant information, this information was then passed from the Andersons to Carratou then from Carratou to Mischon and then to Mischon’s client. The whole incident only came to light when Mr. Hughes took Carratou to court to find out how they had accessed his bank accounts.

It has since been revealed that Sharon and Stephen Anderson made around £140,000 a year doing this, which equates to nearly 4 pieces of financial information every work day. This means that they are supplying a lot of data to a lot of companies.

Articles in the Guardian and Computer Active and ICO

Other cases of people obtaining and selling data:

Man Convicted of selling personal data

ICO Publishes list of Media Buying Data

So, who buys the stolen data?

The Media (who are always reporting on the data theft), people in the investigation industy, (who are there to protect the public and businesses), and business (who are the victims of hackers and data theft)

Who suffers most? The public.

RIPA: Passwords

RIPA: Demanding passwords for encrypted data

RIPA has been complained about by many commentators (this site included), mainly because the powers under RIPA have been repeatedly misused.

But the compaints are not just the liberals and the bloggers. Conservatives have complained, former spooks have complained, and there was an announcement that RIPA powers were to be reviewed by the government.

While complaints about the idiots in councils have been going for years, other parts of RIPA, Section 49, have been enacted, deployed, and people arrested and convicted.

Section 49 of RIPA allows police/law enforcement agencies/security services/military to demand access to encrypted data.  Section 53 allows people to be convicted if they  fail to disclose this information.

Because of the far reaching powers the laws have been considered a threat to civil liberties. While this site normally rallies against such abuses, sadly in this case, the goverment may have a point.

Encryption is easy to do. The phenonmenal tool TrueCrypt provides amazing security, with many major firms using it. The security itself is effectively impenatrable (by currently acknolwedged computering capabilities) but this does not mean that the data cannot be accessed by other methods, e.g. guessing the password, obtaining the password, etc.

In fact this tool is so easy to use that if you can’t use it you probably can’t use a computer and so don’t have anything on a computer to protect.

The security of tools like TrueCrypt, are not like the EFS, in Windows,  which is easily defeated. If the password and keys for TrueCrypt are secure then the data is protected from all eyse, the police included. Hence the invention of Section 49.

If a suspected criminal has encrypted data, and does not provide the password, then what should the police do.

Does this secenario require RIPA? (Much of the information below is based on a real case).

Two men moved into an area, where police intelligence showed that they were linked to a peadophile network. They had previous convictions for sexual assualt, ABH, GBH, and arson. One of the men’s fingerprints was found on a horrific child abuse video, recovered elsewhere.  There was nothing to show he owned it and the defence was they he could have handled it but not known what it was, e.g. at a car boot sale, in passing, at another persons house, etc.

The men were very survelliance aware. Their windows were all covered up, with paper or curtains, and had  good security systems installed. They changed their cars regulary, almost monthly. If anybody they did not know was seen in their street they would challenge them, and ask who they were. And they had toys. Lots of toys. Toys in the garden. Toys in the house. They had no children. They also met  and associated with convicted peadophiles

These men are nasty people, there convictions alone show this. But they are not, technically, doing anything wrong at the moment.

Should they be put under survellience, to see what else goes on, if anything? Should the police be pro-active or wait until there is a claim of rape by a child? The former would seem the most prudent, and this is what RIPA is for.

What if the police receive more  intelligence, prior to an actual assault, strong enough to allow a warrant on the house and the sieze a computer. While searching the computer they find the following:

  • Fragments of data showing searches relating to child abuse images
  • Use of data wiping tools
  • Fragments file names that imply child abuse images
  • A true crypt volume
  • No actual images of child abuse

At this point the police have no evidence to convict, nothing that can be used. But, if they could access the Truecrypt volume, they may have so much more.

This case is relativel clear cut, but still has moral delimas for some. They have not done anything, so why should they have to hand over information. There is an ingrained right to slience. There is a right to not self convict.  If they have to give up their rights to silence, we all have to.

The problem is that the police and councils, have individuals who chose to bend the laws, and push them to extremes, for their own agenda, and not what they were intended for.

The use of RIPA, and section 49, is not going to be wrong in all cases, but unfortunately too often it has been misused by too many people, that there is now a lack of faith in the law(s) and the government.