Electronic Discovery and Evidence

(5-17-04) How to sell - The danger within. While most IT managers concentrate on protecting the network from outside viruses and hackers, the biggest threat most organisations face is often found just down the corridor . . . The DTI Information Security Breaches Survey 2004 found that 74 per cent of all businesses (94 per cent of large firms) have had a security incident in the past year. Malicious incidents, such as viruses, unauthorised access, misuse of systems, fraud and theft, rose dramatically with 68 per cent of firms (91 per cent of large ones) suffering at least one such incident in the past year. This is a rise of 44 per cent compared with 2002."

Comment: Advise your clients as to the risk of breach of internal computer security and the taking of trade secrets, etc.

Cyber sleuths in action

"ARMED with a torchlight, a camera and a Pentium 4 computer, Mr Daniel Chong enters an office stealthily at night to try and dig out secrets from a computer. From furtive e-mail to financial statements which don't quite add up - Mr Chong can dust your tracks and find these digital 'footprints' of your corporate misdeeds.

In search of digital footprints are cyber-sleuth Daniel Chong and colleague Sam Vijaya.
He is an IT forensic specialist, cyberspace's answer to the forensic experts you see in a series like Crime Scene Investigation (CSI)."

Comment: Sometimes electronic evidence on rogue employees is gathered to determine if there are corporate misdeeds.

Is Your E-mail Safe?

"After a substandard performance review, an employee was asked to take an alternate position within the firm at a lower pay rate. The employee decides to contest the forced demotion and manages to obtain copies of e-mail messages about him that were sent between his boss and his boss'smanager.

The question is: Is the employee's action in obtaining co-worker e-mails inappropriate?

While this situation involves a number of human resource complexities, the issues relating to workplace e-mail are:

Has the employee broken the law?

Has the employee violated a corporate code of conduct?

Is this act considered grounds for dismissal and/or legal action?

First, we need to know how the employee obtained the e-mails. . ."

Comment: Document retention and office security policies (as well as electronic discovery) must consider the impact of stored electronic data that may be available to disgruntled employees.

Logon legacy: People die, but their passwords live on and on
"As an ambulance whisked Jon Hansen to the hospital last year, he held tightly to his wife's hand and told her things she needed to know if he were to die.

"Write down this password," he told her. "Oh, you'll need this one, too. And you don't have this one, either."

The Orem, Utah, software salesman managed to recover from that near-fatal bout with encephalitis. But the ambulance ride taught him a valuable lesson.

"One of the first things I did was write down all my passwords and put them in the safe," he said. "I should have done that a long time ago."

Comment: For electronic discovery and electronic evidence purposes locating passwords of retired, dismissed or injured employees can pose a problem for uncovering electronic data.

Ghosts in Our Machines:
Background and Policy Proposals on the “Spyware” Problem
November, 2003
Overview
"Over the last several years, a loosely defined collection of computer software known as “spyware” has become the subject of growing public alarm. Computer users are increasingly finding programs on their computers that they did not know were installed and that they cannot uninstall, that create privacy problems and open security holes, that can hurt the performance and stability of their systems, and that can lead them to mistakenly believe that these problems are the fault of another application or their
Internet provider.

The term “spyware” has been applied to everything from keystroke loggers, to advertising applications that track users’ web browsing, to web cookies, to programs designed to help provide security patches directly to users. More recently, there has been particular attention paid to a variety of applications that piggyback on peer-to-peer file-sharing software and other free downloads as a way to gain access to people’s
computers. This report focuses primarily on these so-called “adware” and other similar applications, which have increasingly been the focus of legislative and regulatory proposals."
http://www.cdt.org/privacy/031100spyware.pdf

November 4, 2003 Dow Jones WebReprint Service®

Big Employer Is Watching
Companies Monitor Workers With New Tracking Systems

By KRIS MAHER
Staff Reporter of THE WALL STREET JOURNAL

"It's 9 a.m. Do you know where your workers are?

Increasingly, companies do. In their drive to squeeze greater efficiency from staffers, a growing number of employers are embracing sophisticated electronic tracking systems to ensure their workers are at their desks and work stations when they are supposed to be. And while many blue-collar workers are used to punching a time clock, many of the new tracking systems are trained on white-collar, salaried employees.

At New York law firm Akin & Smith LLC, paralegals, receptionists and clerks clock in by placing a finger on a sensor kept at a secretary's desk. "It keeps everyone honest," says Derek T. Smith, a managing partner at the firm. "I like to see how long they take for lunch," he says, adding that the system so far has been "very successful" in boosting productivity.

For Wanda Ortiz, a 24-year-old paralegal, the firm's biometric system was a bit of a shock at first. "I never saw anything like this" at three previous law-firm jobs, she says. But she says placing her thumb on the sensor whenever she enters or leaves the office has made her more conscious about getting back to work on time after breaks. "I do rush at lunchtime if I go out," Ms. Ortiz says." http://webreprints.djreprints.com/861950252181.html