IN OUR EXPERTS' OPINIONS

In Our Experts' Opinions: The Altep Blog

With more than 20 years' success in complex eDiscovery management, data forensics, compliance, and investigations, and a team of more than 200 experts throughout the US and in Europe, Altep offers a uniquely valuable perspective. Each month, our blog features a different expert, and offers analysis and commentary on a broad spectrum of topics from data management to cyber security. We hope you find our posts informative; if you'd like to submit a guest post, please feel free to contact us!

Why Mobile Chats Are My First Source of Information for Investigations

MobileInvestigations_cover

Not so long ago, it was considered unduly burdensome or somehow disproportionate to look at text messages on mobile phones during disclosure or eDiscovery. Data forensic examiners have been querying these types of data with specialised tools for nearly a decade – though that may be a bit of a generous estimate. The overall cost of technology to effectively extract data from mobile devices has come down, but the large rise in requests to perform these operations in eDiscovery, where it was once considered a bit exhaustive, has meant data forensic examiners can perform these extractions and analysis more justifiably.

Continue reading
72 Hits

FCA US LLC v. Cummings - It's Not Perfect, but It Does Need to be Better

HiRes-cover

TAR eDiscovery orders and opinions have made some pretty big splashes in the last five years, and the recent FCA US LLC v. Cummings, Inc., order, despite being brief, was no exception. The court took up the question of whether keyword search culling of a data set prior to the application of Technology Assisted Review (i.e., TAR or Predictive Coding) is the preferred method. The answer, in the court’s opinion, was simple but powerful: it is not.

Continue reading
548 Hits

InfoSec Checkup: Do These Three Things

infosecCover

In my work as an Information Security Engineer, I am regularly asked to assess the practices and technologies corporations use. In the performance of Altep’s Risk Assessment service, my colleagues and I examine a broad variety of factors ranging from account credential management to network device configuration to audit policies. To date, we’ve provided these services for dozens of companies in the healthcare, retail, and legal industries, as well as for a number of public sector organizations. Often, we perform network, wi-fi, and web application penetration testing as a complementary effort, and assist the organization in identifying the most effective and affordable approaches to remediation of identified vulnerabilities and issues.

In the course of these engagements, I’ve seen a broad variety of problems and vulnerabilities, many of which are easy to correct. Straightforward changes in the configuration of a network appliance, for example, can prevent unwanted and potentially dangerous traffic, and implementing a yearly training and awareness program can help insure that employees don’t inadvertently contribute to cyber risks. Out-of-the-box programs are readily available and affordable – “Securing the Human,” from the SANS Institute, is a good one – so there’s no reason to leave this important area of risk unaddressed.

Continue reading
407 Hits

Difficult Data

difficultData

In my most recent piece, “Difficult Devices,” I discussed some of the ways in which hardware sometimes presents physical challenges for examiners and other forensic practitioners. However, in some situations, it’s not the device that poses the problem; instead, the data is what hampers the ediscovery effort or investigation.

Continue reading
510 Hits

Difficult Devices - Part I

Difficult Devices - Part I

Forensic matters pose a variety of challenges. Sometimes potentially important data has been deleted; sometimes the cost of labour is restrictive, and all too often, the deadline by which processing and analysis must be completed is extremely tight. There are a myriad of solutions for these issues, but what do you do when the device itself is the thing that’s making the case so difficult?

Continue reading
668 Hits

Naughty v. Nice: Santa Adopts Trending Tech - Part 2

Naughty v. Nice: Santa Adopts Trending Tech - Part 2

Just when we thought we’d hammered out a practical and scalable approach, an Elf named Sugar Toes raised a thorny problem: namely, the fakers. You know the ones: those kids who act nice, especially when adults are watching, but who actually are not nice at all while interacting with others on social media. It seems that Sugar Toes had done a spot check of the Nice List, cross-referencing the children’s Twitter and Facebook accounts, and what he’d uncovered was concerning. The Nice List was full of cyber bullies, haters, and internet trolls (not to be confused with Christmas trolls, who steal candy). There were even instances in which children had posted bathroom selfies.

Continue reading
453 Hits

Naughty v. Nice: Santa Adopts Trending Tech

Naughty v. Nice: Santa Adopts Trending Tech

It’s that time of year again - the time when girls and boys all over the world start to behave a little better in hopes of getting on the list.  They go to bed on time, eat their vegetables without being told to, finish all their homework, and even treat their siblings nicely for a change. Not so long ago, these efforts would have done the trick, but this year, Santa is introducing a game changer, and naughty boys and girls had best be prepared.

Continue reading
944 Hits

Altep San Francisco

Altep San Francisco

With offices throughout the United States and Europe, Altep staffs experts in a wide variety of fields, including litigation and law enforcement, information security, compliance, and ediscovery/edisclosure.

Each location brings its own unique experiences and specialties to the table; we talked to Eamonn Markham, Alteps' Regional Account Executive in San Francisco, to understand what makes the San Francisco office special.

Continue reading
926 Hits

Next Generation Malware Demands Next Generation Endpoint Security

Next Generation Malware Demands Next Generation Endpoint Security

2015 was a watershed year for malware development. Not only did we see more unique malware than in any other year, we also witnessed a very clear shift in malware behavior: namely, a trend toward polymorphism.

Continue reading
1185 Hits

The eDiscovery Obstacle Course: A Survival Guide

The eDiscovery Obstacle Course: A Survival Guide

By Hunter McMahon and Sara Skeens

Surviving eDiscovery can be just like conquering an obstacle course race (OCR). It takes the right gear, experience, training, and attitude. As obstacle course enthusiasts and eDiscovery strategists alike will tell you, you don’t get to choose the course or the obstacles—they are given to you “as is.” Therefore, preparation and agility are key characteristics of a true OCRer.

Continue reading
1009 Hits

What is Continuous Active Learning (CAL), Really? – Part One

What is Continuous Active Learning (CAL), Really? – Part One

Ever since the March 2, 2015 Rio Tinto opinion and order, there has been a lot of buzz in eDiscovery around the phrase “Continuous Active Learning” (CAL). Judge Peck briefly mentioned CAL while summarizing the available case law around seed-set sharing and transparency. For the sake of clarity, the term seed-set in this post refers to the initial group of training documents used to kick off a Technology Assisted Review (TAR) project. We refer to the review sets that follow as training sets. The point of Judge Peck’s mention of CAL, as I understood it, was to alert readers to the possibility that seed-set selection and disclosure disputes may become much less necessary as TAR tools and protocols continue to evolve.

Continue reading
1888 Hits

Surviving Setbacks

Surviving Setbacks

I recently started getting back into training mode. I dusted off my road bike, my swim cap, and my running shoes to attempt a personal record on a triathlon I had done a few years ago. I mapped out a plan, prepared my training tools and started to push forward. My training included many techniques to help with the efficiency of my workouts and accommodate my busy schedule. My plan was clearly defined, running smoothly, and I was getting stronger and faster each day.

Continue reading
944 Hits

Redefining Responsiveness Evaluation: Making the Case for True Unique Document Review

Redefining  Responsiveness Evaluation: Making the Case for True Unique Document Review

If you are reading this blog, you have probably heard the story many times by now. Document review is the most expensive part of eDiscovery. Like many, I find myself asking the same question again and again. How can we do it better? One obvious answer is by defensibly reviewing less. The not so obvious part of that answer is the available methods for doing so.

Continue reading
1697 Hits

Having a Game Plan

Having a Game Plan

Earlier this month I ran in the Spartan Super race in Asheville, NC (Black Mountain). After more than 2,000 feet in elevation gain and a rapid descent, spanning over 10 miles, overcoming 26 obstacles, pushing through 155 burpees…I was DONE! It was by far the hardest competition I’ve completed.

Continue reading
901 Hits

Health Care Entities are the Hacker’s Gold Mine

Health Care Entities are the Hacker’s Gold Mine

There are many kinds of data that hackers find profitable, and any number of different targets, from retailers to universities, where that data can be found. However, one group of victims is by far the most popular among data thieves, not because they are necessarily the easiest to breach, but because the data they hold is more valuable.

Continue reading
716 Hits

PCI vs. HIPAA: Comparing Standards and Penalties in the Wake of Recent Breaches

PCI vs. HIPAA: Comparing Standards and Penalties in the Wake of Recent Breaches

What has more value to you: your medical records or your financial data? At first glance, it would seem that an x-ray wouldn’t be worth as much as a debit card number – after all, one is just an image of the skeleton, but the other can be used to purchase practically anything, in person or online. However, the truth is that medical records often contain a great wealth of Personal Identifiable Information (PII) and Protected Health Information (PHI), including your first and last name, date of birth, physical address and - most importantly - your Social Security Number.

Continue reading
1237 Hits

You've Been Breached

You've Been Breached

You’ve Been Breached. Pay the sum of 950,50 Bitcoins, or else...

Has it happened to you yet? Take notice of the not-so-subtle “yet”. I’ve been fortunate to work with some of the best and brightest InfoSec people, as well as my own data forensics group, on incident response engagements (IR). It’s dizzying and quite chaotic until the teams are plugged in and making hurried sense of complex events. Who got in? How many times? What was the point of ingress? Bad firewall rules? Weak VPN passwords? Third-party software vulnerability?

Continue reading
958 Hits

My Top Five Takeaways from The U.S. Tax Court’s Emphatic Affirmation of Predictive Coding

My Top Five Takeaways from The U.S. Tax Court’s Emphatic Affirmation of Predictive Coding

Dynamo Holdings Limited Partnership v. Commissioner

In an order dated July 13, 2016, the U.S. Tax Court once again strongly supported the use of Predictive Coding. The case had already featured some notable opinions and orders on the topic. This recent order is a fun read for analytics nerds and newcomers alike, as the Court did a great job of laying out the associated facts and addressing the typical arguments for and against use of the technology. Here are a few items that caught my attention as I read it.

Continue reading
1525 Hits

To SME or Not to SME (in TAR)… That is the Question

To SME or Not to SME (in TAR)… That is the Question

This article assumes that Technology Assisted Review is being deployed in a production review setting where the user seeks to identify potentially relevant documents from among a larger corpus, and to subject those documents to full manual review.  The use of TAR as an investigative or fact finding tool is a more financially flexible proposition, and the efficiency of that approach should be evaluated via separate standards.

There has been some debate in the past few years about the proper role of the Subject Matter Expert (SME) in technology assisted review (TAR) – a discussion which has understandably resulted in plenty of disagreement. There was a time when most blog posts and white papers swore that SME training was the only path to success, but that position looks to have softened some.

Continue reading
1462 Hits

Your Data is Everywhere - Deal With It

Your Data is Everywhere - Deal With It

I say this to colleagues all of the time: “People will trade privacy for convenience every step of the way.” My contemporaries nod reassuringly, perhaps in an attempt to hush my banter, though maybe they actually represent a large contingency of informed people who agree.

Continue reading
1005 Hits

Creative Analytics - Part 3: The Toolbox

Creative Analytics - Part 3: The Toolbox
This post is Part 3 of a series - you can also watch a video of the related webinar.
 
By Sara Skeens and Josh Tolles
Welcome to part three of our Creative Analytics series. Part one provided a suggested roadmap for getting more comfortable with analytics tools, and exploring more creative uses. In part two, we discussed some of the challenges common to the presentation phase of the EDRM, which require us to look for creative solutions. This brings us to part three – the solutions. In this post we will provide more detail on a few key tools and techniques that we deploy to overcome those common challenges. This final installment is intended to serve as the closing primer for our co-hosted webinar with kCura that will be taking place tomorrow, Wednesday July 13th - Leveraging Analytics for Depo & Trial Prep. Please tune in then where we will put things into a more visual, workflow-based perspective. 
 

 

Continue reading
1150 Hits

Creative Analytics - Part 2: The Presentation Phase

Creative Analytics - Part 2: The Presentation Phase

This post is Part 2 of a series - you can also watch a video of the related webinar, or read Part 1, on the kCura Blog.

 

By Joshua Tolles and  Sara Skeens

Solving Challenges in the Presentation Phase 

In our last post, we discussed the value of looking at analytics in e-Discovery with a creative mindset, and a few steps that you can take to expand your problem solving horizons. As we noted there, analytics is most commonly thought of as a tool to be applied during the review phase of the EDRM to control data sizes; however, we'd like to change that. At Altep, we frequently use analytics to solve many more problems than just those found in the production review arena. With a firm grasp on the technology, plenty of curiosity, and a healthy passion for "building a better mouse trap," we have found quite a few areas where analytics can help turn the eDiscovery rat race into a more methodical and scalable process. 

Continue reading
1555 Hits

Data with Purpose

​This past Spring I splurged and bought the Garmin Fenix 3. The thought was that if I better understood how I was training, I could elevate my efforts and become more effective in planning my workouts. I may not be a professional athlete like Hunter McIntyre or Ryan Atkins, but with limited hours in the day I need to make sure my time is spent as efficiently as possible. So of course, I needed more data. 

These days data is one of the most valuable commodities in the ever-growing global market. Companies are collecting data on users, site visitors, patrons, etc. through a myriad of methods. Data generation and retention has grown exponentially along with the value of data, as the cost of storing it has declined. There are two very clear results of this trend (among many). 

First, there is an assumption that it is easy to understand data. The benefit of data is that "it is what it is;" however, without context it is often hard to understand data. For example, the number "53" means nothing in and of itself. Associating it with me personally, still not much. Tied to me as my resting heart rate…now you've got data with purpose. Unfortunately, today's disparate data sources do little to simplify this problem, despite the advancement of technology. Data is becoming more complex and multidimensional. Ultimately, the value of data is limited to how it can be understood and applied to a given situation. Without that, having a vast amount of data is a liability. 

Second, there has been an impact on privacy. The more connected we are as a society, the more data there is available on us as individuals. Your shopping habits, web browsing habits, the route you take to your favorite coffee shop, the coffee you order, etc. – all of these data points are available for collection by anyone with the motivation to do so. Unfortunately, most consumers don't understand just how often they leave digital breadcrumbs. Potentially more concerning, some companies don't understand the ultimate impact of all the breadcrumbs they are gathering. Responsibility for failing to appreciate this impact lies with both the business and the consumer. 

As with data collected by a business, the training data I now have access to is only helpful to the degree that I can leverage it to upgrade my training plan. Fortunately for me, Garmin has developed a multitude of dashboards and insights that help consumers understand all of the data it is collecting during a workout (pace, elevation, heart rate, temperature, etc.). Garmin is very aware of the type of data they are collecting and have privacy policies and security FAQ's readily available on their website. I personally like this statement, "While Garmin partners with many third parties to provide you with a rich experience, we do not provide third parties access to your personal data without your consent." 

Of course, my success at improving my training is predicated on one very important factor – that I am willing to put forth the effort. So despite soreness from the Spartan Revolution workout this past weekend, I got out and went for a good run earlier this week and here's some of my data! Do you know what it represents?

What is your data saying? 

Mine constantly says MOVE…FASTER

@ESI_OCR


This post also appears on Hunter's LinkedIn Page


Continue reading
817 Hits

And Then There Were Twenty-Seven… Now What? Untangling Uncertainty in the UK Exit from the EU

STOP.​

The United Kingdom has not left the European Union. This endeavour will be painfully drawn out and will take anywhere from two to four years for it to be done and dusted –the exit that is. In a decent technology analogy, this will be a bit like yanking the single power lead from a tangled mess of surge protector madness beneath your feet. 

The largest areas of concern are general immigration, employment law and large regulation changes, namely the financial sector. Nothing is going to change in the interim, though preparation is definitely a huge necessity for corporate entities. I am an American by birth, but a UK Resident via the EU right to reside (read: thanks, wife). I am not sweating this aspect, however; companies ought to look at contracts and other areas to evaluate risk where it may arise. 

There needs to be a clearly articulated understanding about free movement before the highly-Googled Article 50 of The Lisbon Treaty can be invoked. This is the key step in the exit process for the UK and its subtleties will no doubt be highly contested. Notification must take place before the exit process can even begin. For instance, single terms like "shall" are being poured over by some of the world's greatest legal minds, largely in protest of Thursday's outcome I suspect. The people have spoken, albeit insanely narrowly, so MP's are likely to confirm the mathematically popular "leave" voice. Both sides of the referendum camp created a duplicitous platform that confused voters more than it aided.

I'd prefer this short piece not percolate into a hot brew of political chit-chat since speculation is not the nature of a data forensics expert. In the interest of providing an opinion however, I find it necessary to reiterate the sentiment I pushed in an earlier post prior to the historic vote, which is that the UK (or whatever is left of it following implications of a Scottish independence referendum as well as Northern Ireland) will likely adhere to a finalised version of the EU's GDPR. Even heavy hitter Brexit campaign leaders like former London Mayor Boris Johnson have expressed a great deal of interest in negotiating a single EU trade bloc deal between the Union and the UK, despite being told by German and French leaders that we in the UK would have zero preferential access to the single market, as it were. 

In areas of trade and immigration, we are likely to see changes in the UK, and in a reciprocated sense, the continental EU, since the UK is Europe's second largest economy trailing Germany. Whilst the UK appears to be moving towards a leave effort, the desire for life and commerce to remain relatively unchanged will be a priority, and as such, data privacy and transfer mechanisms will follow suit. It is early days, but we should know much more as the calendar pages flip. My colleagues and I are certainly plugged into this to ensure our clients are well informed as early as possible. 

Do not hesitate to e-mail with any enquiries, but please expect a delay. 

 


This post also appears on Tim's LinkedIn page.

Continue reading
905 Hits

Location, Location, Location

Recently relocated from Southern California to Atlanta, Georgia, I have been reminded how much climates and conditions can vary from one region to the next. In this particular instance, there was very little change in elevation, but the difference in humidity would leave most gasping for air after their first three mile trail run. Most afternoons serve as a healthy reminder that location most certainly matters! 

This past week I've had the pleasure of visiting Altep's London Office and venturing about with the Director of Altep Europe, Tim LaTulippe, and our awesome clients. Alongside good pints and proper fish 'n chips, privacy was a prime topic of discussion. Many are familiar with the differences between privacy (prih-vicy) regulation in the United States and in the European Union (among many). To put it simply, the expectation of privacy is far greater in the EU than in the U.S. Inherently, entities that have a presence in many countries may have data that crosses many borders, and must ensure its compliance with the expectations (and regulations) of data privacy. Litigation and investigations dealing with data located in many countries must also navigate those varying privacy requirements. The looming Referendum vote wherein there may be a "Brexit" (the United Kingdom would secede from EU membership) potentially adds an obstacle for entities (or data) located in the UK as well as other countries. As Tim has recently published in "No Quick 'Brexit'," there are additional considerations that will need to be given the forthcoming General Data Privacy Regulation (GDPR)

"…in the event of a Brexit, Britain will no longer be subject to its provisions. What regulations might the UK adopt instead, and how will they impact the global political and business landscape?" 


Either way, companies in, around or dealing with data in the EU will most certainly need to take steps to prepare for the new requirements that will take effect in May of 2018. 

Just as there are different environmental climates that can quickly impact your training, there are different data privacy environments that will impact your data obligations. The amount of water I may take with me on an evening run in Southern California is drastically different from the amount I'll need in a muggy summer evening in Georgia. Whether your endeavor involves ESI or OCR, understanding how to be prepared and fulfill those needs before you are out and about is critical for success (on the trail without water or transferring and processing data without permission). 


Prepare for your journey! 


This post also appears on Hunter's LinkedIn page.​

Continue reading
570 Hits