November 26, 2008 by powerofproof
Wall Street and Technology, November 18, 2008
The financial crisis had to fall on somebody’s shoulders and regulators are left with trying to find out who’s to blame. Nobody would’ve ever paid attention to Freddie Mac, AIG and Lehman, if it weren’t for the coupling of two words: “bailout” and “taxpayer”. These three companies are just a few of the “countless” financial firms that under the FBI’s microscope. Each company is being asked to provide data in support of their investigation—and it’s only natural that a rise in litigation and e-discovery requests has been felt.
According to Rob Brunner, senior managing director in the technology practice at FTI Consulting, it’s the firms that will be folded into other companies or who are doing the acquiring that will be hit the hardest.
“When Bear Stearns and WaMu were acquired by J.P. Morgan, or Merrill Lynch by Bank of America, each transaction happened within two short weeks. Often that speed means assets have changed hands so rapidly that there may be some residual company that has to produce e-mail for discovery that doesn’t yet own the systems to do it,” Brunner says. “If I sold part of my operational arm to another entity and I’m facing an [e-discovery] request from an oversight committee, I might not yet own the systems to produce the e-mail.”
While some companies were featured as vendors monopolizing the e-discovery rush in the financial services sector—one technology solution not mentioned was entrusting digital timestamps to authenticate documents. As more and more companies move from a paperless environment to electronic records, there’s no question of the inherit risks associated with intellectual property ownership. Businesses must have the power to prove that their electronic records have never been manipulated, in order to protect trade secrets and other intellectual property—from the moment they were generated to the time they are challenged.
And just like Michael Mills, the director of professional services and systems at the law firm Davis Polk Wardwell said “If you’re using today the same software tools you used two or three years ago…you’re not keeping up.”
Tags: AIG, Bank of America, Bear Stearns, Davis Polk Wardwell, FBI, Freddie Mac, FTI Consulting, J.P. Morgan, Lehman, Merrill Lynch, Michael Mills, Rob Brunner, Wall Street and Technology, WaMu
Posted in eDiscovery | No Comments »
November 26, 2008 by powerofproof
IT Business Edge, November 21, 2008
Once President-elect Barack Obama takes office, the National Archives will be tasked with preserving all the records from the previous administration. According to Computerworld, that amounts to 140 terabytes of data, with roughly 20TB of that total in e-mail.
So who’s not happy? Not the director of the Archive’s Electronic Records Archives Program, Ken Thibodeau, who says that the Bush Administration “has been slow to provide information about the types and volume of data to be archived and only began to actively work with the Archive last summer.”
Due to the “whopper of a job” a new archiving system is being built to prevent this from happening again, and will be completed by 2011. In the meantime, the question remains: Can the National Archives handle the job by itself? We’ll have to wait and see.
Tags: Barack Obama, Ken Thibodeau, National Archives, President Bush, President-elect Barack Obama
Posted in Content Management, IP Protection | No Comments »
November 26, 2008 by powerofproof
The Industry Standard, November 19, 2008
Though a leader in sold enterprise-class storage hardware and software, Apple has caught a wave of criticism for its failure to incorporate systematic e-mail and document retention policies that are common among publicly traded companies.
The recent Psystar vs Apple antitrust case (skip on to read page 7, according to this article) made it publicly aware that all Apple employees are responsible for archiving e-mails, memos and voicemails. Many have been pondering the what if’s, as in what if an employee tampered or destroyed his or her own e-mails or documents? Or in the event of a lawsuit, what if the company was unable to produce old e-mails as a means for evidence? Sounds like a case of e-discovery gone bad, if you ask us.
One e-discovery lawyer, who asked to remain anonymous, criticized Apple. “”An employee retention program with no organization or coordination is effectively incapable of compliance,” he said, “…barring an act of God, or luck akin to picking every game right in an NCAA pool. Apple’s retention policy is negligent.”
Could Apple’s weak e-discovery practices come back to haunt them?
Tags: Apple, NCAA, Psystar, The Industry Standard
Posted in IP Protection, Legal Cases, eDiscovery | No Comments »
November 19, 2008 by powerofproof
Preserving Chain of Custody in E-Discovery
The Solo Accountant Reporter, November 14, 2008
E-discovery has come a long way since amendments were made to the Federal Rules of Civil Procedure in December 2006, however as this blog points out, its success depends on the actions taken prior to going to court.
A chain of custody log, which proves the integrity of documents from storage to retrieval, can make or break a legal case. Without proper historical records, evidence can be deemed inadmissible in court since details of its existence are factually unknown.
“Chain of custody logs document how the data was gathered, analyzed, and preserved for production. This information is important, as electronic data can be easily altered if proper precautions are not taken. A chain of custody log for electronic data must demonstrate the following: the data has been properly copied, transported, and stored; the information has not been altered in any way; and all media has been secured throughout the process.”
Considering each touch made to evidence needs to be recorded with careful detail, it’s critical that business and IT leaders understand the important role chain of custody logs play in e-discovery. Take a look at this post for a detailed explanation of what a chain of custody log should include. The preservation and authentication of electronic records and their associated metadata is by no means an easy task. Of course, we would be remiss if we did not point out that many organizations are now cost-effectively automating this very process with AbsoluteProof and ensuring the litigation-readiness of all of their organization’s electronic records in the process.
Tags: Federal Rules of Civil Procedure, The Solo Accountant Reporter
Posted in eDiscovery | No Comments »
November 19, 2008 by powerofproof
Why Selling Records Management is Hard
Bookish Disposition, November 13, 2008
Across industries, the importance of understanding your target audience is critical when trying to make a sale. The same principle applies to “internal sales” (convincing internal stakeholders and users of the benefits of a particular project or new idea) as well.
For anybody involved in records management, the Bookish Disposition blog offers a great list of questions records managers should ask the “managers and users to whom [they] try to “sell” records management.” According to Bookish Disposition, “understanding our customers and the way they think, work, and handle information is just as important to our success (and theirs) as understanding their records.” If you are trying to make the “sell”, this list might prove valuable to you.
1. How difficult is it to get permission to talk to our existing customers? What is your role in your organization? How is that role perceived? Know your audience and your role.
2. How difficult is it to get them to introduce us to their friends, colleagues and competitors? Don’t forget about internal advocates. As you get your records management initiatives off the ground, think about success stories and recruit a small group of internal evangelists to spread the records management gospel. Ultimately, you want as many people in your organization as possible to be advocates for the value of records management in your organization.
3. What’s the worldview of this audience? Do they trust us? Are they looking for new solutions? Instead of approaching internal departments and teams with your recommended records management solutions, first take the time to understand their perspective and specific issues. Taking a listen first, sell later approach will help establish a level of trust you and the solutions you recommend.
4. Will this audience go out of their way to avoid us? Have your internal audiences had ‘bad’ records management experiences in the past? Depending on their pre-existing perceptions of record managers, your clients may consider you a bad guy. Diminish these stereotypes from the get-go and “show them that records management is all about protecting them, helping them achieve their goals, and making their lives better.”
5. Is there a problem that they know they have? If not, then we have to not only sell the solution, we need to sell the problem too. Take the time to listen to their current struggles and make it a priority to address them early on in the relationship.
Tags: Bookish Disposition
Posted in Content Management, Uncategorized | No Comments »
November 18, 2008 by powerofproof
Microsoft SharePoint security concerns surface
vnunet.com, November 13, 2008
According to new research conducted by Courion, many business managers believe that using Microsoft SharePoint for collaboration could be placing their information at risk of data security violations. The research found that 86 percent of respondents are worried that data is finding its way onto SharePoint sites without proper safety measures. Considering this research also found one third of firms don’t have use policies in place for SharePoint and another 63 percent don’t have the means to monitor usage, it’s not surprising to see where the worry stems from.
“What people are really concerned about is sensitive information being pushed onto these SharePoint sites and shared with people that should not have access to that information,” said Stuart Hodkinson, Courion UK general manager. “A huge proportion of organizations recognize that they just don’t know what’s being pushed out on these sites, or even how many sites they’ve got, which is perhaps even more worrying.”
So what gives? If IT and company executives are worried about securing their sensitive information, taking action to secure the data stored in SharePoint should be a top priority. Organizations should identify best practice guidelines for users, monitor SharePoint usage and by all means…adopt some security and data integrity measures! Stay tuned for our own forthcoming survey results on SharePoint security. The results will add some new perspective to the conversation.
Tags: Courion, Microsoft, Microsoft SharePoint
Posted in Content Management, IP Protection, Uncategorized | No Comments »
November 17, 2008 by powerofproof
Survey Says: Compliance Drives E-Mail Archiving
InformationWeek, November 13, 2008
According to 200 IT Professionals who participated in a new Barracuda survey, 29 percent archive email messages for the simple sake of compliance. This isn’t surprising considering a previous InformationWeek survey that found those who were using, deploying, or planning to deploy an archive, did so in order to “To improve [their] ability to find e-mail for litigation or compliance/audit issues”.
While compliance continues to be a top IT driver, the relatively even distribution of survey responses indicates that there are a number of reasons organizations are pursuing email archiving. Barracuda found that 21 percent of respondents archive email in order to provide users with access to such documents, and 15 percent reasoned that retention is a best practice and that archiving allows users to dig up old data for quota reasons.
Whatever the reason for archiving, we are pleased to see an increased focus on the retention of electronic records. Archives can save organizations significant costs and hassle in the future and help ease any complications that may arise in court. Sound archiving capabilities represent an important first step in the push to retain secure and authentic electronic records.
Does your organization archive email? If so, what are the biggest reasons for this initiative? Compliance? Litigation-readiness? Other?
Tags: Barracuda, InformationWeek
Posted in Email & IM Security, Uncategorized | No Comments »
November 17, 2008 by powerofproof
For anyone who follows developments in cryptography, the major news that hit in late October was that The National Institute of Standards and Technology (NIST) hash algorithm competition entered into its truly competitive stage. According to the organizers, 64 entries were submitted by the Oct. 31 deadline.
This is a major milestone in the long process initiated by NIST in November 2005, soon after researchers published new cryptanalysis results on SHA-1.. While NIST recommends transitioning from SHA-1 to the SHA-2 family of algorithms, it also wants to future-proof the hash algorithm selection by inviting new designs from the crypto community. The NIST hash algorithm competition is expected to produce the SHA-3 family of algorithms.
As an aside, Surety replaced SHA-1 with SHA-256 in all AbsoluteProof Service releases starting in December 2005, and follows closely all developments related to hash algorithms. The AbsoluteProof Service is designed so that it can easily support new stronger hash algorithms as they are introduced. When it becomes necessary to upgrade hash algorithms, customers have the option to renew existing seals (timestamp tokens) using the new, stronger hash algorithms. This extends the life of any preexisting timestamp token (seal) beyond the life of the original hash algorithm that was used to generate it. A renewal consists of a second seal computed over the original document and the original seal, and the renewed seal will remain valid even if the original hash algorithm is subsequently broken. In this process, the second seal serves to prove that the original seal already existed at renewal time, that is, at a time when the original hash algorithm was still in good standing (not broken).
While there is no official list of all entries to the NIST hash competition available yet, a partial list is available through cryptography related forums. Many of the most prominent names in cryptography are participating in the competition, along with newcomers and hobbyists. Early disclosure provides an opportunity for experts to start cryptanalysis work on the proposed algorithms, and some of the entries have already been broken!
NIST is expected to organize a first round candidate conference in mid-2009, and successive rounds will whittle down the candidates, until the winners are selected by the year 2012.
Good luck to all, and may the best one win.
- Dimitri Andivahis
Editor’s Note: Dimitri Andivahis is Surety’s Chief Scientist, and has been active in cryptography for 10 years. You can reach Dimitri at {encode=”dimitri@surety.com” title=”dimitri@surety.com”}.
Tags: Dimitri Andivahis, National Institute of Standards and Technology, NIST, SHA-1, SHA-2, SHA3
Posted in Trusted Timestamp, Uncategorized | No Comments »
November 13, 2008 by powerofproof
Managing the Social-Networking Data Sieve
Network World, November 5, 2008
Move over desk phones and email…social networking tools are stepping in as the new, innovative way to stay connected. Between websites such as LinkedIn, FaceBook and Twitter, it’s likely that all of us use one in some shape or form. They provide convenient, quick ways for people to collaborate on projects and stay connected. In a business environment, however, where exactly is the line drawn? When collaborating on social platforms, how do you keep your intellectual property safe?
We found these thoughts from Tom Mighell, a lawyer and senior manager at Fios, an electronic-discovery consulting firm, on how employers can take the reins and manage the world of social networking worthwhile for sharing here.
1. Accept and train: Social networking is a part of most of our everyday lives, so there’s no use in trying to stop employees from engaging in it while on the clock. Instead, embrace the business opportunities it presents, while teaching them the right and wrong ways of engaging. After all, one misinterpreted sentence about a client could lead to nasty legal trouble down the road.
2. Influence the socializing: Support the idea of using social networking tools to improve work performance. However, be sure to express this opportunity with caution – you wouldn’t want employees to develop lazy techniques by allowing them to rely on these tools to get their work done.
3. Consider the complexities: Make it known that your employees’ personal information (such as usernames and passwords) may be asked for if a relevant lawsuit presented itself in the future. If relevant information is requested in a discovery process, any and all communication may be subject to disclosure.
4. Monitor: Be sure your legal and/or IT departments are reading what your employees are saying through these sites. Develop detailed rulebook and enforce it routinely - the last thing you would want is for a conversation to spin out of control and land your company in court.
Many of Tom’s thoughts reminded us of this article by Surety advisor Timothy Carroll (Carroll is also an attorney in Vedder Price’s records management and e-discovery practice group) – “IMs As ESI: When To Save Instant Messages And How To Properly Authenticate Retained IMs.” Given this quickly evolving space, Tim’s article is well worth the read.
Posted in Uncategorized | No Comments »
November 12, 2008 by powerofproof
Zim: Zanu PF accused of altering document
Africa News, November 4, 2008
We’ve been blogging about data tampering for a while now, and we often discuss the potential consequences. From lost intellectual property rights and non-compliance with regulatory mandates to e-discovery nightmares, we’ve just about covered it all. This article, however, highlights new potential consequences of electronic records tampering – severe political power and economic ramifications.
This story comes from Zimbabwe, where the chief negotiator for the Zimbabwe African National Union – Patriotic Front (ZANU-PF), Patrick Chinamasa, admitted he changed a signed power agreement and “accidentally” deleted various clauses of the power sharing deal, which was designed to cease economic and political strife in the country. According to the article, the document that had been agreed upon was altered prior to the signing ceremony, blindly tricking the authorities to approve something otherwise unauthorized.
Another article from The Zimbabwe Times provides insight from Welshman Ncube, another Zimbabwean politician, on the clauses of the agreement that were altered:
The first clause that was altered by Chinamasa was on the issue of senate seats. Ncube said Zanu-PF already had five non-constituency seats. So it had been agreed that an additional six senators would be appointed. Out of the six, four would be from the mainstream MDC of Tsvangirai while two would come from the Mutambara faction. However that paragraph had been completely changed and Chinamasa had inserted a clause saying there would be nine new senate seats, to be shared equally between the three contesting parties.
Ncube said Chinamasa had admitted that he was the one who had inserted that particular clause, claiming he had been told by his principal, Mugabe, that all three leaders had agreed to this. But Ncube said his own principal, Mutambara, had denied ever agreeing to increasing the senate seats to nine. It is not clear what action, if any, Mutambara and Ncube took to counter this development.
The second alteration was a paragraph that was completely missing from the final document. The missing paragraph says anyone appointed to the position of Deputy Prime Minister and Vice President would automatically be a Member of Parliament. If that person was already an MP his/her party will appoint a non-constituency MP.
Ncube says Chinamasa claims the missing paragraph was “deleted by accident”.
The third alteration was in the form of another missing paragraph in the final document. It was stated in the missing paragraph that the Prime Minister and Deputy Prime Minister as well as the President and his Vice Presidents would sit together to make appointments of senior government employees like Ambassadors and Permanent Secretaries.
Ncube says the former Justice Minister had claimed the paragraph had been accidentally deleted. Again the Mutambara camp had apparently decided to let sleeping dogs lie - that was until yesterday when Ncube was linked to the fraud by The Zimbabwe Times.
Ultimately, Chinamasa’s confession to altering one of the clauses and deleting the other two may have saved this country from a troubled future. His actions highlight not only the value of the information we store in electronic records, but also the potential consequences their alteration might have. Electronic records of all kinds can be altered if not properly managed or protected – from emails, PDFs and memos to power agreements – and one small change can impact countless number of people (or, in this case a country full of people). The citizens of Zimbabwe should be thankful that the truth prevailed without more severe consequences.
Posted in Uncategorized | No Comments »
