How to Record Debt Collector Web or Social Network Page

Coping with Bill Collection

Suppose you want to record your online interaction with an adversary . . . such as a collection agency.  Your goal is to capture reliable legal evidence of what you encountered when trying to access or provide information to the adversary’s web site or online app.

In effect, the video you create will record your eyewitness testimony of what you see online at a particular point in time.

You might want to do this, for example, to show that you tried to access a debt collector’s web site, but it was not available, did not work right or gave you misinformation.

Ten Steps

For making your record, here are 10 steps:

1.  Write out a step-by-step script of what you going to do and say as you make the recording.

2.  Launch your webcam so you can see yourself live on your monitor.

3.  Launch your browser or app so you can see that on your monitor at the same time you see the webcam image.

4.  Start a screencast recording program, such as screencast-o-matic (free, open-source service), to record what appears on your monitor.

5.  As the recording starts, identify yourself and explain the reason for your recording.  Explain the technical methods you are using to make the recording.  Don’t be afraid to read directly from your script.  Your purpose is to record legal evidence, not to make a television news cast.

6.  Use your browser or app and carefully explain each step you take.

7.  Describe what you see and what it means.

8.  Conclude the recording by signing and dating it with your voice.  Say words like, “I Ben Wright hereby sign and affirm this screencast as an accurate reflection of my work.”

9.  Review the video to ensure it is accurate.

10.  Soon after you create the video, store it in an online service such as Microsoft’s Skydrive, which records the date a file like the video was uploaded and last modified.

Example

Here is a hypothetical example.

This demonstration is not the only way to make records of online events.  And it does not cover all of the legal and technical issues that might apply to your particular situation.

If you need legal advice for your particular situation, you need to consult a lawyer rather than to rely on this educational blog and video.

This blog post and video intend to spark public discussion about ways to record online activities.  What do you think?

–Benjamin Wright

Attorney Wright teaches the law of data security and investigations at the SANS Institute.

Related articles:

*  Bill Collectors on Facebook
*  How to Make a Gotcha! Video
* How to video record online chat with legal adversary
* Recording Social Media Legal Evidence

Google+

Exploiting Scandalous Evidence

Political Exposé

Let’s say you possess incriminating or embarrassing evidence about someone.  Maybe it’s a spycam video catching a public official in an act of corruption or audio in which an executive admits her corporation violates the law.  Maybe it is obscure data that you find on the Deep Web (the web not indexed by popular search engines) and you uniquely know how to piece it together to tell an unexpected story.

You know this evidence is sensitive and it serves a public interest.  How do you handle it?

Here are options and issues:

1.  Ethics. Ask an independent party like an attorney to evaluate the evidence for credibility and to provide input on the ethical use of the evidence.

2.  Money.  Inquire whether you are entitled to protection and compensation under whistleblower law.  Invocation of whistleblower law may require turning the evidence over to law enforcement or filing a lawsuit.  Federal tax law provides compensation to whistleblowers who provide the IRS reliable evidence about cheating by a particular taxpayer.  The False Claims Act provides a bounty to whistleblowers who sue lawbreakers and successfully recover money on behalf of the federal government.

3.  Editing.  Should you hide or redact information from the evidence before publishing it?  Blurring faces or removing other personally identifiable information may be the prudent, responsible thing to do.  Masking of graphic details can help portray you as a conscientious citizen, not a gossip monger.

4.  Investigate.  Should a careful investigation of the facts be undertaken to determine how the evidence was gathered, what the evidence actually depicts or whether the compilation of the evidence violated any laws?  When an investigation is led by an attorney, often the methods and the outcome can often be kept confidential under something known as the attorney work-product doctrine.

5.  Third Party.  Should you use an intermediary to publish the evidence or present it to authorities, while protecting your identity?  Both attorneys and police agencies have legal power to maintain confidentiality.

6.  News Media.  Should you sell the evidence to the news media?  Sometimes they do pay for good material.

7.  Disclaimers.  Consider how to present the evidence to authorities or the public.  Does it need explanation and background?  Does it need disclaimers?

8.  Exoneration.  Should you file a lawsuit to cause a court to declare that the evidence was not stolen or created in a way that violates privacy, property or other rights?

Are you an amateur gumshoe? What is your experience dealing with evidence of a scam or hipocrisy?

–Benjamin Wright

Mr. Wright teaches the law of data security and investigations at the SANS Institute, where he teaches professionals how to use Internet media to deliver legal messages.
Google+

How to Recover Deleted Phone Text and Photos

Forensics

In a legal dispute, text, photos and other data on a smart phone or tablet can be relevant.  Can they be recovered if they have been deleted?

Cellular service carriers (Verizon, AT&T, Sprint, TMobile) keep records of text, photos and transmitted data for periods of time that vary from one provider to the next.  However, legally forcing them to turn over user data in a non-criminal case is difficult.  The carriers tend to resist subpoenas from civil lawsuits such as divorces, on the grounds that the content of user data is protected by the Electronic Communications Privacy Act.

Customer Cooperation

To a limited degree, recovery from a service provider may be possible if the customer is cooperative.  For example, Sprint records transmitted photographs on a web page protected by a customer password.  Mobile App providers may similarly keep records of messages, photos or videos on a web page protected by a customer password.  In a lawsuit, the customer may be required to cooperate in the recovery of those records under a subpoena or ediscovery demand.

(Cellular carriers have a reputation for not helping customers recover messages unless the customer has a web page for storing those messages as Sprint does for photos.)

Data Forensics

An alternative approach to recovering data is forensics.  An adversary in a civil law proceeding (divorce, child custody, bankruptcy or other lawsuit) may be able to demand through the rules of court procedure that the owner of a mobile device take two steps:

Step 1: Protect data on the device from erasure or further damage.  This demand for protection might come in the form of a data preservation letter sent by the adversary’s lawyer.

Step 2: Deliver the device to a forensics expert so he can recover data.

Forensic recovery of data from a mobile device is tricky.  Sometimes deleted data can be recovered and sometimes it can’t.  Sometimes fragments of a message can be recovered.  Recovery capabilities vary from one device to the next.  A new tool for recovering data deleted from a mobile device is MobiSec.

The records that can be recovered from a mobile device -- including erased records -- can boggle the mind!  See Lifestream Records from Smartphone.

As the applications on mobile devices grow richer, the old or deleted data that might be recovered could include:

• Mixed reality images or sound
• Virtual reality experiences
• Video game progression
• Interaction with artificial intelligence programs like Alexa or Siri
• Geolocation data

Forensics experts can even recover encrypted data from an Android device.

Documented Authority

When a forensics expert is engaged to recover data from a device, he needs to ensure he has authority from the proper person.  He is wise to get the authority in writing.

If someone who is not the owner of the device asks him to recover data, he might be violating an anti-hacking law like the Digital Millennium Copyright Act.  When a nonowner asks for data recovery, the expert is wise to ask for a court order.

–Benjamin Wright

Attorney Wright teaches the law of data security and investigations at the SANS Institute.

Update 2014: Increasingly modern phones like the HTC One allow the user to back text messages up to a cloud service or to an email account. They also allow the user to backup photos and other data on the user's PC. Furthermore, the phone may automatically back up much data to the cloud so that the phone can be "reset." Therefore, when data has been deleted from a phone (or the phone is lost or destroyed), texts, photos and videos may still be recoverable from other places.

Update:  The Internet of Things is spawning a hurricane of forensic evidence. 

How to Make a Gotcha! Video

Phone Evidence

How should a vigilante or a political activist make a video record of illegal activity?

Let’s say you catch the mayor parking her motorcycle in a no-parking zone, arrogantly thinking she won't get a ticket because she is mayor.  You pull out your smart phone and record by video.  You intend to present the video as evidence to a legal body like the city council.  Or you intend to give the video to the local TV news team.  Or, you intend to publish the video on youtube.

Here are steps to make the video more credible and worthy of attention:

1.  Narrate what you see as you record it, so that the viewer understands what is being displayed.  Narration makes video more compelling than a still photograph.

2.  Formally sign the video at the end.  Point the camera at your face and recite words like, “I Ben Wright hereby sign and affirm this video as an authentic record of what I witnessed.”  A video is more believable when an accountable witness takes full responsibility for it.  Also, the signature bolster's the video's value in case you are not available in the future to vouch for it, such as in a legal hearing.

3.  State the location, the date and the time.

4.  Promptly after creating the video upload it to an Internet service that memorializes the date of the video (including the date of any modifications).  If the date vocalized by the witness in the video matches with the date on the Internet service, then the two corroborate each other.

As a demonstration, I uploaded the video above to Microsoft’s Skydrive service.  I uploaded within minutes after I created the video.  This screenshot shows the details that Skydrive records about the video, including time of upload and identity of the user who uploaded.

Cloud Service Metadata

5.  Give the video to some friends and ask them to load it to a service like Skydrive that records date and time.

6.  Capture GPS information.  A geotag on the video corroborates the location stated by the witness in the video.

Note:  Two witnesses are better than one.

The suggestions above might also be helpful to a case in small claims court or a self-filed divorce.

–Benjamin Wright

Attorney Wright teaches the law of data security and investigations at the SANS Institute.  One topic he covers in that course is whistleblower law.

The foregoing does not address all the legal issues that might arise when you make a video recording that angers another person.  It does not for instance address laws on privacy or surveillance.

Related article:  How to Exploit a Gotcha Video.

Cyber Defense Law | Botnet | Computer Crime Lawsuit

Microsoft breaks new legal ground. From a US Federal court, Microsoft has obtained a temporary restraining order (ex parte TRO) that allows Microsoft and its white hat affiliates to take (apparently) aggressive technical measures against the Waledac botnet.http://blogs.technet.com/microsoft_blog/archive/2010/02/25/cracking-down-on-botnets.aspx


The TRO is available for download at http://blog.seattlepi.com/microsoft/archives/195793.asp. The TRO explicitly orders Verisign to lock domains at the registry level and to hold the domains in escrow.

Query whether any of these steps by Verisign would arguably qualify as "hacking" in the absence of the TRO. For discussion purposes, we can define "hacking" as entering a computer without authority -- or exceeding authority within a computer -- and causing damage. Maybe one could say Verisign is "hacking" because, as it locks domains, it:

1. enters computers that it owns or duly controls;

2. exceeds its authority in those computers because it is locks domains that putatively belong to another person; and

3. damages that other person.

Stephen Paluck of Beaverton, Oregon, complains that actions taken under the TRO interrupted service for his domain,debtbgonesite.com, and he's done nothing wrong. Wingfield & Worthen, "Microsoft Battles Cyber Criminals," Wall Street Journal, 26 Feb. 2010.

Legal and Technical Measures Invoked Against Botnet

Microsoft further says, "Microsoft has since been taking additional technical countermeasures to downgrade much of the remaining peer-to-peer command and control communication within the botnet . . ." The company does not reveal what these additional countermeasures are. Query whether any of these measures would arguably qualify as "hacking" in the absence of the TRO or other legal justification.

PCWorld sheds some light on those additional countermeasures: "Waledac distributes instructions through command-and-control servers that work with a peer-to-peer system. [According to a researcher who worked with Microsoft,] 'We disrupted the peer-to-peer layer to redirect traffic not to botmaster servers but to our servers.'" http://www.pcworld.com/businesscenter/article/190234/microsoft_recruited_top_notch_guns_for_waledac_takedown.html

In my research, I have only found one case [Cartier Int'l, B.V. v. Dipadova, CV 00-06717 (C.D. Cal.) (entered Nov. 7, 2000)] where a judge authorized technical measures -- the disabling of a web page (a legal hack) -- to combat an online threat or menace. Has anyone found any other such case?

On the issue whether any of the technical steps in this Waledac botnet case are causing "damage": Microsoft posted a $54,600 bond so that money would be available to compensate the defendants (presumably these people are mainly botnet herders) if the TRO causes damage to them without justification.

Legal Lessons from Microsoft's Team

Microsoft is teaching us how to use civil law enforcement measures -- as distinguished from criminal law enforcement -- to respond to malicious Internet behavior like phishing, hacking, cybertheft and identity theft.

Notice that Microsoft is not doing this in the dark. It is working through our open public court system, so that Microsoft is transparent and accountable and all can see what is happening and evaluate it.

–Benjamin Wright - Legal Issues Instructor at the SANS Institute, where he teaches professionals on the law of malware, e-discovery, data security, internal investigations and the Computer Fraud and Abuse Act.
[This post was originally published 2010 on Mr. Wright's Google Buzz page.]