tag:blogger.com,1999:blog-2938493123269026698.post3447249610186612480..comments2023-12-26T22:00:58.352-08:00Comments on InfoSec & Forensics Law: Nix Smoking Gun Text, E-mail, e-DiscoveryBenjamin Wrighthttp://www.blogger.com/profile/11543639411820745571noreply@blogger.comBlogger8125tag:blogger.com,1999:blog-2938493123269026698.post-43730649082647332782008-12-21T10:48:00.000-08:002008-12-21T10:48:00.000-08:00Alan: I appreciate the comment. I absolutely agr...Alan: I appreciate the comment. I absolutely agree with you that a sincere effort is necessary! The policy I suggest should not be mere lip service. Maybe the video could be improved by removing the CEO and putting in his place the firm's Inspector General. --BenBenjamin Wrighthttps://www.blogger.com/profile/11543639411820745571noreply@blogger.comtag:blogger.com,1999:blog-2938493123269026698.post-81821771728476959592008-12-21T10:43:00.000-08:002008-12-21T10:43:00.000-08:00Alan Kaplan sent me the following comment: "I don...Alan Kaplan sent me the following comment: "I don't agree. The policy, as described, is merely a self-serving artifice. Certainly employees have to be indoctrinated on both legal and company standards that are expected. However, memorializing them on video or on the Goodyear blimp does nothing to convince me that management did anything more than that necessary to try to cover their ass.<BR/><BR/>"What is necessary is a sincere effort to do the right thing. The best way to be able to defend that as company policy, is to invest in a viable, real-world inspector general type unit. That unit would report to the CEO or Chairman of the Board. The unit would be charged with investigating all violations of law or company policy.<BR/><BR/>"This structure is a lot more than paying lip service to "doing good". When that day comes this approach leaves the company and a very defensible position."Benjamin Wrighthttps://www.blogger.com/profile/11543639411820745571noreply@blogger.comtag:blogger.com,1999:blog-2938493123269026698.post-3421203205082047212008-08-27T12:59:00.000-07:002008-08-27T12:59:00.000-07:00Ben, I like your thoughts regarding the proactive ...Ben, I like your thoughts regarding the proactive use of technology to communicate corporate policy. And your comment on my blog, the Enterprise System Spectator at http://fscavo.blogspot.com. <BR/><BR/>I would love also to get your feedback on my main point--that e-discovery tools are eliminating much of low-value work that law firms typically do in manually searching paper files :-)Frank Scavohttps://www.blogger.com/profile/14240285776094232733noreply@blogger.comtag:blogger.com,1999:blog-2938493123269026698.post-66046404047124439002008-06-22T09:07:00.000-07:002008-06-22T09:07:00.000-07:00Ben, thanks for stopping by to comment. We met las...Ben, thanks for stopping by to comment. We met last fall in Folsom, CA when you came on site at my employer to give the SANS "Business Law and Computer Security" class. Glad to be acquainted with your blog. - <A HREF="http://www.stevewatson.net" REL="nofollow">Steve Watson</A>Steve Watsonhttps://www.blogger.com/profile/10058244090858461459noreply@blogger.comtag:blogger.com,1999:blog-2938493123269026698.post-61622865146171364432008-06-20T09:17:00.000-07:002008-06-20T09:17:00.000-07:00Ben,Thanks your your comment in my Death By Email ...Ben,<BR/><BR/>Thanks your your comment in my <A HREF="http://www.deathbyemail" REL="nofollow">Death By Email</A> blog.<BR/><BR/>While I agree that efforts such as these would help companies, I think that most of the companies that I speak with actually believe that your proposal would increase their risk.<BR/><BR/>When we released the <A HREF="http://www.inboxer.com" REL="nofollow">InBoxer Anti-Risk Appliance</A>, we emphasized our ability to use language technology to monitor for risks -- such as harassment and privacy violations. We developed sophisticated language models to rate messages on a scale of 0-100 and then to act in real-time based on the ranking.<BR/><BR/>Lawyer after lawyer told me that they felt that such a product would increase their risk -- unless they treated every message InBoxer identified as a complaint. If they did not, could not the claimant say that the company had the technology to handle complaints -- but did nothing.<BR/><BR/>Since complaints are time consuming and costly, they wanted nothing to do with it!<BR/><BR/>I remain shocked.Rogerhttps://www.blogger.com/profile/08506723869304100851noreply@blogger.comtag:blogger.com,1999:blog-2938493123269026698.post-86362128604038361012008-06-15T13:48:00.000-07:002008-06-15T13:48:00.000-07:00good postgood postAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-2938493123269026698.post-62731962189486497882008-06-09T08:43:00.000-07:002008-06-09T08:43:00.000-07:00Ben-I appreciate your comments on my 10 Tips for E...Ben-<BR/><BR/>I appreciate your comments on my <A HREF="http://windowsitpro.com/article/articleid/99316/10-tips-for-evaluating-ediscovery-solutions.html" REL="nofollow">10 Tips for Evaluating Ediscovery Solutions</A> blog.<BR/><BR/>You are absolutely correct that our criminal justice system provides better treatment for individuals and organizations that self-report, investigate and institute rehabilitative actions for wrongdoing.<BR/><BR/>As a Colorado licensed attorney, I've had cases where the District Attorney drops charges or substitutes suspended sentences, deferred sentences, and probation for jail time when the Defendants initiated their own remedial and rehabilitative measures.<BR/><BR/>And making public statements about intolerance of illegal activity is a good idea. However, it can be a double-edged sword. Companies must set up programs to investigate and deal with reported employee wrongdoing. Those public intolerance statements can be counter-productive if complaints are made and nothing is done about them.<BR/><BR/>In my experience, which is primarily limited to state courts, individuals and companies that make a public fanfare of what good citizens they are, and how they don't tolerate related wrongdoing, can get harsher penalties if they don't follow through.Anonymoushttps://www.blogger.com/profile/01455307835898297084noreply@blogger.comtag:blogger.com,1999:blog-2938493123269026698.post-12469478454476426422008-05-25T21:44:00.000-07:002008-05-25T21:44:00.000-07:00Ben,I feel that yes, IT can be used to reduce risk...Ben,<BR/>I feel that yes, IT can be used to reduce risk wrt e-discovery. The key word being can. Unfortunately, I see most IT departments not performing the proper vulnerability/threat assessments or putting risk mitigation plans and policies in place to keep the e-records secure. <BR/><BR/>A 2006 Ponemon Institute estimate puts 78% of all data breaches are by authorized insiders. Obviously, that definition may be a little broad, but most of that 78% will likely be administrator privileged staff with no checks and balances. These folks may <A HREF="http://blog.cippguide.org/wp-trackback.php?p=5" REL="nofollow">erase logs, adjust privileges, and bypass most security measures</A>. We're not talking email here. If lawyers are investigating some of these events, email retention is of interest, such as in the <A HREF="http://nuke.cippguide.org/modules.php?name=Forums&file=viewtopic&t=23&start=0&postdays=0&postorder=asc&highlight=" REL="nofollow">Microsoft anti-trust case</A>. Email and messaging are neat and tidy. They reside on a few central servers, and the backup, retention, and search methodologies are in place.<BR/><BR/>However, in cases where <A HREF="http://nuke.cippguide.org/modules.php?name=Forums&file=viewtopic&t=11&start=0&postdays=0&postorder=asc&highlight=" REL="nofollow">Intellectual Property theft</A>, insider trading or just general corporate malfeasance occurs, you'll also want file shares or local desktop documents. If you don't digitally shred all of those files on time, essentially breaking your retention policy, you run the risk of a judge ordering you to produce everything. Including those files scattered across the enterprise. <BR/><BR/>I do see the benefits of positive messages for offsetting negative emails. How do you offset a negatively focussed IT administrator?<BR/><BR/>- Jon-Michael C. Brook<BR/><A HREF="http://blog.cippguide.org" REL="nofollow">blog.cippguide.org</A>Unknownhttps://www.blogger.com/profile/00155482681011797527noreply@blogger.com