IN OUR EXPERTS' OPINIONS

In Our Experts' Opinions: The Altep Blog

With more than 20 years' success in complex eDiscovery management, data forensics, compliance, and investigations, and a team of more than 200 experts throughout the US and in Europe, Altep offers a uniquely valuable perspective. Each month, our blog features a different expert, and offers analysis and commentary on a broad spectrum of topics from data management to cyber security. We hope you find our posts informative; if you'd like to submit a guest post, please feel free to contact us!

InfoSec Checkup: Do These Three Things

infosecCover

In my work as an Information Security Engineer, I am regularly asked to assess the practices and technologies corporations use. In the performance of Altep’s Risk Assessment service, my colleagues and I examine a broad variety of factors ranging from account credential management to network device configuration to audit policies. To date, we’ve provided these services for dozens of companies in the healthcare, retail, and legal industries, as well as for a number of public sector organizations. Often, we perform network, wi-fi, and web application penetration testing as a complementary effort, and assist the organization in identifying the most effective and affordable approaches to remediation of identified vulnerabilities and issues.

In the course of these engagements, I’ve seen a broad variety of problems and vulnerabilities, many of which are easy to correct. Straightforward changes in the configuration of a network appliance, for example, can prevent unwanted and potentially dangerous traffic, and implementing a yearly training and awareness program can help insure that employees don’t inadvertently contribute to cyber risks. Out-of-the-box programs are readily available and affordable – “Securing the Human,” from the SANS Institute, is a good one – so there’s no reason to leave this important area of risk unaddressed.

Continue reading
213 Hits

Difficult Data

difficultData

In my most recent piece, “Difficult Devices,” I discussed some of the ways in which hardware sometimes presents physical challenges for examiners and other forensic practitioners. However, in some situations, it’s not the device that poses the problem; instead, the data is what hampers the ediscovery effort or investigation.

Continue reading
368 Hits

Difficult Devices - Part I

Difficult Devices - Part I

Forensic matters pose a variety of challenges. Sometimes potentially important data has been deleted; sometimes the cost of labour is restrictive, and all too often, the deadline by which processing and analysis must be completed is extremely tight. There are a myriad of solutions for these issues, but what do you do when the device itself is the thing that’s making the case so difficult?

Continue reading
556 Hits

Naughty v. Nice: Santa Adopts Trending Tech - Part 2

Naughty v. Nice: Santa Adopts Trending Tech - Part 2

Just when we thought we’d hammered out a practical and scalable approach, an Elf named Sugar Toes raised a thorny problem: namely, the fakers. You know the ones: those kids who act nice, especially when adults are watching, but who actually are not nice at all while interacting with others on social media. It seems that Sugar Toes had done a spot check of the Nice List, cross-referencing the children’s Twitter and Facebook accounts, and what he’d uncovered was concerning. The Nice List was full of cyber bullies, haters, and internet trolls (not to be confused with Christmas trolls, who steal candy). There were even instances in which children had posted bathroom selfies.

Continue reading
348 Hits

Naughty v. Nice: Santa Adopts Trending Tech

Naughty v. Nice: Santa Adopts Trending Tech

It’s that time of year again - the time when girls and boys all over the world start to behave a little better in hopes of getting on the list.  They go to bed on time, eat their vegetables without being told to, finish all their homework, and even treat their siblings nicely for a change. Not so long ago, these efforts would have done the trick, but this year, Santa is introducing a game changer, and naughty boys and girls had best be prepared.

Continue reading
812 Hits

Altep San Francisco

Altep San Francisco

With offices throughout the United States and Europe, Altep staffs experts in a wide variety of fields, including litigation and law enforcement, information security, compliance, and ediscovery/edisclosure.

Each location brings its own unique experiences and specialties to the table; we talked to Eamonn Markham, Alteps' Regional Account Executive in San Francisco, to understand what makes the San Francisco office special.

Continue reading
796 Hits

Next Generation Malware Demands Next Generation Endpoint Security

Next Generation Malware Demands Next Generation Endpoint Security

2015 was a watershed year for malware development. Not only did we see more unique malware than in any other year, we also witnessed a very clear shift in malware behavior: namely, a trend toward polymorphism.

Continue reading
1059 Hits

The eDiscovery Obstacle Course: A Survival Guide

The eDiscovery Obstacle Course: A Survival Guide

By Hunter McMahon and Sara Skeens

Surviving eDiscovery can be just like conquering an obstacle course race (OCR). It takes the right gear, experience, training, and attitude. As obstacle course enthusiasts and eDiscovery strategists alike will tell you, you don’t get to choose the course or the obstacles—they are given to you “as is.” Therefore, preparation and agility are key characteristics of a true OCRer.

Continue reading
841 Hits

What is Continuous Active Learning (CAL), Really? – Part One

What is Continuous Active Learning (CAL), Really? – Part One

Ever since the March 2, 2015 Rio Tinto opinion and order, there has been a lot of buzz in eDiscovery around the phrase “Continuous Active Learning” (CAL). Judge Peck briefly mentioned CAL while summarizing the available case law around seed-set sharing and transparency. For the sake of clarity, the term seed-set in this post refers to the initial group of training documents used to kick off a Technology Assisted Review (TAR) project. We refer to the review sets that follow as training sets. The point of Judge Peck’s mention of CAL, as I understood it, was to alert readers to the possibility that seed-set selection and disclosure disputes may become much less necessary as TAR tools and protocols continue to evolve.

Continue reading
1598 Hits

Surviving Setbacks

Surviving Setbacks

I recently started getting back into training mode. I dusted off my road bike, my swim cap, and my running shoes to attempt a personal record on a triathlon I had done a few years ago. I mapped out a plan, prepared my training tools and started to push forward. My training included many techniques to help with the efficiency of my workouts and accommodate my busy schedule. My plan was clearly defined, running smoothly, and I was getting stronger and faster each day.

Continue reading
845 Hits

Redefining Responsiveness Evaluation: Making the Case for True Unique Document Review

Redefining  Responsiveness Evaluation: Making the Case for True Unique Document Review

If you are reading this blog, you have probably heard the story many times by now. Document review is the most expensive part of eDiscovery. Like many, I find myself asking the same question again and again. How can we do it better? One obvious answer is by defensibly reviewing less. The not so obvious part of that answer is the available methods for doing so.

Continue reading
1542 Hits

Having a Game Plan

Having a Game Plan

Earlier this month I ran in the Spartan Super race in Asheville, NC (Black Mountain). After more than 2,000 feet in elevation gain and a rapid descent, spanning over 10 miles, overcoming 26 obstacles, pushing through 155 burpees…I was DONE! It was by far the hardest competition I’ve completed.

Continue reading
777 Hits

Health Care Entities are the Hacker’s Gold Mine

Health Care Entities are the Hacker’s Gold Mine

There are many kinds of data that hackers find profitable, and any number of different targets, from retailers to universities, where that data can be found. However, one group of victims is by far the most popular among data thieves, not because they are necessarily the easiest to breach, but because the data they hold is more valuable.

Continue reading
600 Hits

PCI vs. HIPAA: Comparing Standards and Penalties in the Wake of Recent Breaches

PCI vs. HIPAA: Comparing Standards and Penalties in the Wake of Recent Breaches

What has more value to you: your medical records or your financial data? At first glance, it would seem that an x-ray wouldn’t be worth as much as a debit card number – after all, one is just an image of the skeleton, but the other can be used to purchase practically anything, in person or online. However, the truth is that medical records often contain a great wealth of Personal Identifiable Information (PII) and Protected Health Information (PHI), including your first and last name, date of birth, physical address and - most importantly - your Social Security Number.

Continue reading
1066 Hits

You've Been Breached

You've Been Breached

You’ve Been Breached. Pay the sum of 950,50 Bitcoins, or else...

Has it happened to you yet? Take notice of the not-so-subtle “yet”. I’ve been fortunate to work with some of the best and brightest InfoSec people, as well as my own data forensics group, on incident response engagements (IR). It’s dizzying and quite chaotic until the teams are plugged in and making hurried sense of complex events. Who got in? How many times? What was the point of ingress? Bad firewall rules? Weak VPN passwords? Third-party software vulnerability?

Continue reading
838 Hits

My Top Five Takeaways from The U.S. Tax Court’s Emphatic Affirmation of Predictive Coding

My Top Five Takeaways from The U.S. Tax Court’s Emphatic Affirmation of Predictive Coding

Dynamo Holdings Limited Partnership v. Commissioner

In an order dated July 13, 2016, the U.S. Tax Court once again strongly supported the use of Predictive Coding. The case had already featured some notable opinions and orders on the topic. This recent order is a fun read for analytics nerds and newcomers alike, as the Court did a great job of laying out the associated facts and addressing the typical arguments for and against use of the technology. Here are a few items that caught my attention as I read it.

Continue reading
1397 Hits

To SME or Not to SME (in TAR)… That is the Question

To SME or Not to SME (in TAR)… That is the Question

This article assumes that Technology Assisted Review is being deployed in a production review setting where the user seeks to identify potentially relevant documents from among a larger corpus, and to subject those documents to full manual review.  The use of TAR as an investigative or fact finding tool is a more financially flexible proposition, and the efficiency of that approach should be evaluated via separate standards.

There has been some debate in the past few years about the proper role of the Subject Matter Expert (SME) in technology assisted review (TAR) – a discussion which has understandably resulted in plenty of disagreement. There was a time when most blog posts and white papers swore that SME training was the only path to success, but that position looks to have softened some.

Continue reading
1309 Hits

Your Data is Everywhere - Deal With It

Your Data is Everywhere - Deal With It

I say this to colleagues all of the time: “People will trade privacy for convenience every step of the way.” My contemporaries nod reassuringly, perhaps in an attempt to hush my banter, though maybe they actually represent a large contingency of informed people who agree.

Continue reading
882 Hits

Creative Analytics - Part 3: The Toolbox

Creative Analytics - Part 3: The Toolbox
This post is Part 3 of a series - you can also watch a video of the related webinar.
 
By Sara Skeens and Josh Tolles
Welcome to part three of our Creative Analytics series. Part one provided a suggested roadmap for getting more comfortable with analytics tools, and exploring more creative uses. In part two, we discussed some of the challenges common to the presentation phase of the EDRM, which require us to look for creative solutions. This brings us to part three – the solutions. In this post we will provide more detail on a few key tools and techniques that we deploy to overcome those common challenges. This final installment is intended to serve as the closing primer for our co-hosted webinar with kCura that will be taking place tomorrow, Wednesday July 13th - Leveraging Analytics for Depo & Trial Prep. Please tune in then where we will put things into a more visual, workflow-based perspective. 
 

 

Continue reading
1025 Hits

Creative Analytics - Part 2: The Presentation Phase

Creative Analytics - Part 2: The Presentation Phase

This post is Part 2 of a series - you can also watch a video of the related webinar, or read Part 1, on the kCura Blog.

 

By Joshua Tolles and  Sara Skeens

Solving Challenges in the Presentation Phase 

In our last post, we discussed the value of looking at analytics in e-Discovery with a creative mindset, and a few steps that you can take to expand your problem solving horizons. As we noted there, analytics is most commonly thought of as a tool to be applied during the review phase of the EDRM to control data sizes; however, we'd like to change that. At Altep, we frequently use analytics to solve many more problems than just those found in the production review arena. With a firm grasp on the technology, plenty of curiosity, and a healthy passion for "building a better mouse trap," we have found quite a few areas where analytics can help turn the eDiscovery rat race into a more methodical and scalable process. 

Continue reading
1422 Hits

Data with Purpose

​This past Spring I splurged and bought the Garmin Fenix 3. The thought was that if I better understood how I was training, I could elevate my efforts and become more effective in planning my workouts. I may not be a professional athlete like Hunter McIntyre or Ryan Atkins, but with limited hours in the day I need to make sure my time is spent as efficiently as possible. So of course, I needed more data. 

These days data is one of the most valuable commodities in the ever-growing global market. Companies are collecting data on users, site visitors, patrons, etc. through a myriad of methods. Data generation and retention has grown exponentially along with the value of data, as the cost of storing it has declined. There are two very clear results of this trend (among many). 

First, there is an assumption that it is easy to understand data. The benefit of data is that "it is what it is;" however, without context it is often hard to understand data. For example, the number "53" means nothing in and of itself. Associating it with me personally, still not much. Tied to me as my resting heart rate…now you've got data with purpose. Unfortunately, today's disparate data sources do little to simplify this problem, despite the advancement of technology. Data is becoming more complex and multidimensional. Ultimately, the value of data is limited to how it can be understood and applied to a given situation. Without that, having a vast amount of data is a liability. 

Second, there has been an impact on privacy. The more connected we are as a society, the more data there is available on us as individuals. Your shopping habits, web browsing habits, the route you take to your favorite coffee shop, the coffee you order, etc. – all of these data points are available for collection by anyone with the motivation to do so. Unfortunately, most consumers don't understand just how often they leave digital breadcrumbs. Potentially more concerning, some companies don't understand the ultimate impact of all the breadcrumbs they are gathering. Responsibility for failing to appreciate this impact lies with both the business and the consumer. 

As with data collected by a business, the training data I now have access to is only helpful to the degree that I can leverage it to upgrade my training plan. Fortunately for me, Garmin has developed a multitude of dashboards and insights that help consumers understand all of the data it is collecting during a workout (pace, elevation, heart rate, temperature, etc.). Garmin is very aware of the type of data they are collecting and have privacy policies and security FAQ's readily available on their website. I personally like this statement, "While Garmin partners with many third parties to provide you with a rich experience, we do not provide third parties access to your personal data without your consent." 

Of course, my success at improving my training is predicated on one very important factor – that I am willing to put forth the effort. So despite soreness from the Spartan Revolution workout this past weekend, I got out and went for a good run earlier this week and here's some of my data! Do you know what it represents?

What is your data saying? 

Mine constantly says MOVE…FASTER

@ESI_OCR


This post also appears on Hunter's LinkedIn Page


Continue reading
718 Hits

And Then There Were Twenty-Seven… Now What? Untangling Uncertainty in the UK Exit from the EU

STOP.​

The United Kingdom has not left the European Union. This endeavour will be painfully drawn out and will take anywhere from two to four years for it to be done and dusted –the exit that is. In a decent technology analogy, this will be a bit like yanking the single power lead from a tangled mess of surge protector madness beneath your feet. 

The largest areas of concern are general immigration, employment law and large regulation changes, namely the financial sector. Nothing is going to change in the interim, though preparation is definitely a huge necessity for corporate entities. I am an American by birth, but a UK Resident via the EU right to reside (read: thanks, wife). I am not sweating this aspect, however; companies ought to look at contracts and other areas to evaluate risk where it may arise. 

There needs to be a clearly articulated understanding about free movement before the highly-Googled Article 50 of The Lisbon Treaty can be invoked. This is the key step in the exit process for the UK and its subtleties will no doubt be highly contested. Notification must take place before the exit process can even begin. For instance, single terms like "shall" are being poured over by some of the world's greatest legal minds, largely in protest of Thursday's outcome I suspect. The people have spoken, albeit insanely narrowly, so MP's are likely to confirm the mathematically popular "leave" voice. Both sides of the referendum camp created a duplicitous platform that confused voters more than it aided.

I'd prefer this short piece not percolate into a hot brew of political chit-chat since speculation is not the nature of a data forensics expert. In the interest of providing an opinion however, I find it necessary to reiterate the sentiment I pushed in an earlier post prior to the historic vote, which is that the UK (or whatever is left of it following implications of a Scottish independence referendum as well as Northern Ireland) will likely adhere to a finalised version of the EU's GDPR. Even heavy hitter Brexit campaign leaders like former London Mayor Boris Johnson have expressed a great deal of interest in negotiating a single EU trade bloc deal between the Union and the UK, despite being told by German and French leaders that we in the UK would have zero preferential access to the single market, as it were. 

In areas of trade and immigration, we are likely to see changes in the UK, and in a reciprocated sense, the continental EU, since the UK is Europe's second largest economy trailing Germany. Whilst the UK appears to be moving towards a leave effort, the desire for life and commerce to remain relatively unchanged will be a priority, and as such, data privacy and transfer mechanisms will follow suit. It is early days, but we should know much more as the calendar pages flip. My colleagues and I are certainly plugged into this to ensure our clients are well informed as early as possible. 

Do not hesitate to e-mail with any enquiries, but please expect a delay. 

 


This post also appears on Tim's LinkedIn page.

Continue reading
792 Hits

Location, Location, Location

Recently relocated from Southern California to Atlanta, Georgia, I have been reminded how much climates and conditions can vary from one region to the next. In this particular instance, there was very little change in elevation, but the difference in humidity would leave most gasping for air after their first three mile trail run. Most afternoons serve as a healthy reminder that location most certainly matters! 

This past week I've had the pleasure of visiting Altep's London Office and venturing about with the Director of Altep Europe, Tim LaTulippe, and our awesome clients. Alongside good pints and proper fish 'n chips, privacy was a prime topic of discussion. Many are familiar with the differences between privacy (prih-vicy) regulation in the United States and in the European Union (among many). To put it simply, the expectation of privacy is far greater in the EU than in the U.S. Inherently, entities that have a presence in many countries may have data that crosses many borders, and must ensure its compliance with the expectations (and regulations) of data privacy. Litigation and investigations dealing with data located in many countries must also navigate those varying privacy requirements. The looming Referendum vote wherein there may be a "Brexit" (the United Kingdom would secede from EU membership) potentially adds an obstacle for entities (or data) located in the UK as well as other countries. As Tim has recently published in "No Quick 'Brexit'," there are additional considerations that will need to be given the forthcoming General Data Privacy Regulation (GDPR)

"…in the event of a Brexit, Britain will no longer be subject to its provisions. What regulations might the UK adopt instead, and how will they impact the global political and business landscape?" 


Either way, companies in, around or dealing with data in the EU will most certainly need to take steps to prepare for the new requirements that will take effect in May of 2018. 

Just as there are different environmental climates that can quickly impact your training, there are different data privacy environments that will impact your data obligations. The amount of water I may take with me on an evening run in Southern California is drastically different from the amount I'll need in a muggy summer evening in Georgia. Whether your endeavor involves ESI or OCR, understanding how to be prepared and fulfill those needs before you are out and about is critical for success (on the trail without water or transferring and processing data without permission). 


Prepare for your journey! 


This post also appears on Hunter's LinkedIn page.​

Continue reading
476 Hits

No Quick "Brexit"

In or out –that's the question facing citizens of Britain come Thursday, 23 June 2016. Britain has been a member-country (one of 28 to date) since 1973, and if they move to secede from the European Union, the economic and political fallout are likely to be significant. At present time, research groups and economic powers are releasing studies in an attempt to provide much needed insight. Among hot-button issues driving the public discourse are daunting reports of migration swells on the shores of EU nations, concomitant concerns regarding the impact of such large influxes of people, and looming fears that the insolvency of Greece and the comparative economic fragility of other nations might have (or have already had) a detrimental impact on Britain's fiscal position. Necessarily, all of these concerns and issues are being widely discussed in political circles and the media. 

A British exit, or "Brexit," as it has come to be called, will likely have a variety of anticipated and unanticipated impacts, which will be good, bad, or somewhere in between. Given the imminence of the decision, a number of questions and considerations have become pressingly urgent. Would Britain, if it were no longer part of the EU, have to adopt brand new data protection and export regulations? It is possible that the UK would ultimately adopt language very similar to that of the EU regulations, and through reform, progress to a multilateral agreement with the twenty-seven nations that remain in the Union. Notably, the UK, if removed from the EU, would quite suddenly become importers of EU data versus exporters. Given that UK data protection laws are arguably adequate compared to those of the U.S., Britain could be in good shape to move forward.

In a post published in February, I wrote about the potential effects of the forthcoming General Data Privacy Regulation (GDPR), to replace the Data Privacy Directive of 1995; therein, I discussed what the proposed changes could and will mean to overseas "importers" of EU data (read: United States). We now know that the GDPR will be enacted in May 2018, but in the event of a Brexit, Britain will no longer be subject to its provisions. What regulations might the UK adopt instead, and how will they impact the global political and business landscape? 

Data Center Journal recently wrote a piece discussing the Article 29 Working Party's largely unenthused opinions regarding Privacy Shield, the solution to Safe Harbour's collapse. The article notes that there is still "a risk of massive and indiscriminate collection of personal data for national security purposes" (Whitaker). Whilst the Working Party is not basing its recommendations on public opinion polls, their discourse and agenda largely represent the opinions of public citizens with whom I dialogue here in Europe. Plainly put, people are outraged by the fact that their personal and private information might be at risk, and that governments are so muddled and ineffective in their handling of the issue. And yet, with so much concentration on the Referendum itself, I have yet to see a group or an individual address this topic. Nevertheless, regardless of public angst, a majority vote for the exit likely will not play out with any immediate drama - at least, not where data transfer and protection are concerned. I believe the UK will adhere to standards set out and agreed to by the European Union, even if they ultimately dissolve their membership. Reinventing the wheel in this regard is unlikely, but in the event of a successful Brexit, Great Britain could ultimately impose stricter regulation on data flow from its borders than it would be able to enforce under the pending EU GDPR framework; that alone might bring peace of mind to Britons, at least in some measure.
Continue reading
1020 Hits

Focused Agility

A coach once told me that "focus is like a spotlight." You may miss what you are searching for if the beam of your spotlight is too broad, because you've reduced its effectiveness. However, by focusing the spotlight and therefore the brightness on a more refined area, you have a greater chance of seeing and finding what you are seeking. The coach was warning me of the eventual pressure to choose between one of the two sports I was playing, but his analogy is all too often true during the discovery phase of litigation.

Last month I had the privilege of moderating a live webinar discussion with Aaron Crews and Karin Jenson about the concept of CORE Discovery. A fundamental principle of CORE Discovery is that there is an early focus on the dispositive documents, or those that change the course of litigation. Then, in a progressive fashion, discovery efforts broaden to documents potentially relevant to outstanding material issues, then those marginally relevant to ancillary issues. This culminates in the ultimate goal of avoiding digital exhaust: information that parties historically spend a considerable amount of time and resources bickering about, yet often carries de minimis value. Much like the spotlight, if the focus of discovery and documents sought are too vast, both parties may struggle to find the documents that can actually help the matter reach a resolution.

A critical component of achieving this principle is the ability to remain agile throughout the process. A one track or linear mindset can often prove very costly and in some instances futile. Discovery is often most effectively achieved through an iterative process, allowing for reasonable and purposeful changes in strategy before efforts are unnecessarily expended. While the truth may not change, the known facts and issues often develop over the course of the litigation and therefore, your method of achieving the goal may have to change. Importantly, experience and preparation are essential requirements to knowing when and how to change. It is not something that is read in a book or learned from a few conference sessions or webinars, but is rather something mastered over time and with a lot of repetition. By honing your ability to focus this skill, you can be prepared for anything the course, or case, may throw at you.

The element of surprise is the hallmark of some obstacle course races such as Spartan. You know generally what kind of obstacles are out there, but the details are sparse until you are up close and personal with the obstacle itself. The ability to quickly analyze an obstacle, develop an immediate plan of attack, adapt to changing situations, all while maintaining a focus on the end goal is a must have for all obstacle course racers. One racer's goal may be to end up on top of the podium (similar to winning a trial), while others are simply crossing the finish line (or perhaps, settling for a reasonable amount). Much like the unique facts of each matter, every race that I've completed has had a unique sequence of obstacles and new terrain that has to be navigated. Success isn't about the mastery of a single obstacle or task, but rather the approach, and my ability to use a set of tools and techniques that I have mastered to overcome the series of obstacles.

When training for an OCR, many racers will focus on running, enduring strength, mobility, and agility (for example, circuit workouts that use a combination of strength, bodyweight, and cardio functions) rather than simple (albeit powerful) fixed movements, such as those performed in a couple of routines on the "home gym." This helps prepare you for the multi-discipline aspect of an OCR, and fine tunes your stability muscles so when you get knocked off balance or get thrown a curve ball, you're ready to adapt. I like combining things such as kettle bell movements; push-ups, sit-ups, and pull-ups; and TRX Suspension Training with a cardio element (stairs, sprints, etc.). Of course, you also have to include some good trail runs into your routine, like I did this past holiday weekend at Conestee Park.

This weekend, David Hyre and I will running from the Gwinnet County Sheriffs during the Jail-Break Challenge (to support their Teen Mentoring Programs).

Here's to the journey!

@ESI_OCR

This article also appears on Hunter's LinkedIn page. 

Continue reading
506 Hits