Tuesday, March 11, 2008

Businesses Depositing "Certified Checks" Get Burned

Canadian businesses suffered theft of more than $700,000 in electronic equipment, extensive credit card fraud, stolen vehicles and as much as $10 million in overall losses as a result of the work of one check fraud ring here, police said. Cops first became aware of the scheme last December, and they say the suspects set up a number of phony companies which appeared to be the real thing, and after gaining the trust of their "clients", would order large amounts of electronic merchandise. The purchases were paid for using certified checks which were later found to be counterfeit. But by then, the material had been delivered and the crooks who took it were long gone. As if that wasn't enough, cops say the men also rented a large number of expensive cars using the same M.O. Many were driven from the lot straight to a container, where they -- and the ill-gotten electronics -- were shipped overseas and resold.

0 Comments:

Post a Comment

Links to this post:

Create a Link

<< Home

"Positive Pay" for ACH? Complicated, Expensive... And Not Here Yet.

Mary Schaeffer over at CPA insider reports that electronic fraud covers both automatic clearinghouse (ACH) credits and debits. In fact, it's the debits that can cause the problem. She says that with the right information, it's very easy to commit electronic payment fraud. And getting that requisite information isn't difficult. "Luckily, for now, crooks have not caught on and they still focus primarily on check fraud. This is not to say that electronic payment fraud doesn't occur today. It most definitely does -- just not as frequently as check fraud," Ms Schaeffer said. Many smaller businesses don't take the appropriate steps to protect their bank accounts because they don't make electronic payments. This is a big mistake. Unfortunately, a robust "positive-pay" product for the ACH environment is not universally available today. Positive Pay is expensive, and further complicated because some banks match the identities of those attempting to debit an account with those on the list provided by the company, and customers have to review exceptions manually before payment.

0 Comments:

Post a Comment

Links to this post:

Create a Link

<< Home

New Service Enables Consumers to Deposit Paper Checks Electronically

Online banking service provider CheckFree Corp. just rolled out technology that could mean consumers will no longer have to go to a bank branch to deposit checks. Called "Remote Deposit Capture", the technology has been around for years and lets people scan checks through their home computers and deposit them electronically. Until now, it has been used mainly for businesses. "Customers want to be able to deposit checks without having to go to banks", said Rod Springhetti, CheckFree's vice president of global strategic marketing, "and banks want to be able to offer that. I think the ability to remotely capture a check will become part of the standard features and functions of online banking." No word yet on authentication safeguards planned for this service, which might become a concern (see this recent ProofSpace blog entry on check fraud).

0 Comments:

Post a Comment

Links to this post:

Create a Link

<< Home

Wednesday, February 27, 2008

Business Reaches the "Tipping Point" for Email Authentication

Ray Everett-Church at Datamation reports that we have "reached the tipping point for the adoption of email authentication techniques", according to a study released last month by a leading online trust organization. In their most recent industry-wide survey, the Authentication and Online Trust Alliance (AOTA) found that adoption of email and domain-level authentication techniques has reached the 50 percent mark, including a majority of Fortune 500 financial services firms and companies with consumer-facing brands. AOTA has issued a call for all consumer-facing e-commerce and online financial services sites to adopt one or more forms of outbound email authentication for their top-level corporate domain within the next six months.

0 Comments:

Post a Comment

Links to this post:

Create a Link

<< Home

Check Fraud on the Rise -- National Consumer Protection Week March 2-8

The U.S. Postal Service is asking consumers to be informed and use common sense in an attempt to fight growing fraud during National Consumer Protection Week March 2-8. Sarah A. "Sally" Florio, manager of consumer affairs for the Massachusetts Postal District, said the Postal Service theme this year is: Don't Fall for a Fake Check Scam. "All of them involve receipt of a check which looks genuine and will be accepted for cashing by most banks. The scammers convince the victim, that for one reason or another, all or part of the check needs to be immediately wired out of the United States. If the victim takes the bait and wires the money away, he or she will be on the hook to repay that money to the bank when the check is later found to be counterfeit," she said.

0 Comments:

Post a Comment

Links to this post:

Create a Link

<< Home

Protecting the Electronic Notary Journal from Tampering

As eNotarization becomes more common, Notaries and state officials are debating the best methods for electronic recordkeeping, including whether Notaries should keep both paper and electronic journals and how to protect an electronic one from possible tampering, the National Notary Association reports. "An electronic journal must be protected against tampering and unauthorized access. The information kept in a Notary's journal is vital as potential evidence to track fraud and to protect the Notary from accusations of negligence." An electronic journal must be protected from unauthorized access and alteration to ensure the integrity of the Notary's records. Similarly, if a Notary must make backup files of electronic journal entries, those backups must be protected against unauthorized access or copying to protect the sensitive information in the journal.

0 Comments:

Post a Comment

Links to this post:

Create a Link

<< Home

Tuesday, February 12, 2008

Widespread Use of Hashing, Key-Based Encapsulation of Data Imminent

Craig Ball at Law Technology News gazes into his crystal ball and comes back with some pretty interesting predictions for the near future of electronic data discovery (EDD). He says we will see more expert-mediated conferences as courts grapple with the technical intricacies of EDD and the inflated costs that dog inept efforts. "It just makes economic sense. In large cases, EDD expenses alone can dwarf the entire amount in controversy in smaller cases; in any size case, EDD mistakes can determine outcomes. Why wouldn't you resolve foreseeable disputes before you bet the company?" Hashing and key-based encapsulation of data are two of the more interesting prognostications he describes as coming down the eDiscovery pipe.

0 Comments:

Post a Comment

Links to this post:

Create a Link

<< Home

US Government Printing Office Authenticates Need for eDocument Integrity

Adobe has won a large contract with the US Government Printing office to deploy digital signatures, a technology closely related to ProofSpace's own Transient-Key ProofMarks™. GPO has implemented the new digital seal of authenticity for their electronic documents, including last week's release of the FY2009 budget. The GPO said, "For almost 150 years, the U.S. Government Printing Office (GPO) has been the official disseminator of Government documents and has assured users of their authenticity. In the 21st century, the increasing use of electronic documents poses special challenges in verifying authenticity, because digital technology makes such documents easy to alter or copy, leading to multiple non-identical versions that can be used in unauthorized or illegitimate ways. To help meet the challenge of the digital age, GPO has begun implementing digital signatures to certain electronic documents on GPO Access (the GPOss online portal) that not only establish GPO as the trusted information disseminator, but also provide the assurance that an electronic document has not been altered since GPO disseminated it."

0 Comments:

Post a Comment

Links to this post:

Create a Link

<< Home

IT + Legal BFF to Prevent Document Tampering

IT will have to develop processes for legal holds, in which messages or files that fall under the scope of litigation must be stored in such a way that they can't be changed, says Andrew Conry-Murray at InformationWeek. E-discovery was the word of the week at last week's LegalTech show in New York City. Vendors hawked a spectrum of products to help IT and corporate lawyers get their hands on relevant electronic documents, ensure those documents can't be tampered with, and pump them into the applications used by legal counsel. Just as important as products is close cooperation between your IT and legal departments. IT must help legal understand concepts such as metadata, archives, and tiered storage so the lawyers can more accurately describe to IT the scope of a discovery request.

0 Comments:

Post a Comment

Links to this post:

Create a Link

<< Home

Thursday, January 31, 2008

Documentation Fraud Key to FBI Investigations of Mortgage Industry (Wall Street Journal)

"The FBI's investigations represent an added dimension to the bureau's decade-long focus on mortgage fraud, which spiked during the housing boom. For years, the FBI has targeted fraud cases involving real-estate agents, appraisers and fake buyers. More recently, FBI officials and local prosecutors have set up teams to investigate mortgage fraud in several states where they have noted high fraud activity, including California, Texas, Florida and Arizona, all of which saw fast-growing rates of home-value appreciation.

Now, the FBI is taking a closer look at possible fraud in the secondary market for mortgages, which could implicate well-known financial firms. The faltering U.S. housing market and a rise in defaults and foreclosures, particularly among low-end borrowers, has whipsawed global stock and bond markets, led to the dismissal of Wall Street chiefs and resulted in losses by banks, hedge funds and securities firms."

One potential angle is whether real loans were used to create mortgage securities. Typically, a mortgage security might hold thousands of mortgages. Among other things, the Justice Department is likely to look at whether one mortgage was replicated across multiple securities as underwriters sought to meet high investor demand.

"On Jan. 17, the Florida Attorney General issued a subpoena to Countrywide. Among other things, the subpoena asks Countrywide to describe the standards it used to determine whether borrowers qualified for a prime, subprime or Alt-A mortgage and for no and low documentation loans. The subpoena -- which covers the period from Jan. 1, 2005, to the present -- also asks the company to explain how its underwriting standards may have changed over time. It also asks Countrywide for copies of "promotional advertisements, literature, booklets" and other materials aimed at subprime customers as well as for copies of any scripts or instructions given to Countrywide employees."

"The attorney general is "looking for information regarding whether or not consumers have been taken advantage of and whether or not any of these business practices may potentially violate Florida law," says a spokeswoman for Florida attorney general Bill McCollum. The attorney general is conducting "a widespread review of the mortgage industry," she says."

2 Comments:

Anonymous Anonymous said...

This is something the application of ProofSpace's technology could have prevented, or at the very least, made trivially easy to detect.

January 31, 2008 2:41 PM  
Anonymous Anonymous said...

And our own dear (Michican) governor announced in her State-of-the-State address that she is introducing new oversight of the lending industry to help protect Michigan's citizens from fraudsters. This industry is about to get a 'protological exam... and they are not going to just use a magnifying glass...they're gonna bring a telescope.

January 31, 2008 2:43 PM  

Post a Comment

Links to this post:

Create a Link

<< Home

Monday, January 28, 2008

Low-Level Société Générale Insider’s Forgeries Cost Bank $7.2 Billion

This week Economist.com reports that Jérôme Kerviel, the Société Générale employee who sparked the world's biggest-ever trading loss, was so low on the bank's totem pole that some didn't consider him a trader at all. That may have been what allowed him to pull it off. According to preliminary inquiries into the trading fraud that cost Société Générale €4.9 billion ($7.2 billion), Mr. Kerviel allegedly placed hundreds of thousands of unhedged real trades on stock-index futures markets. For months, Mr. Kerviel avoided detection because -- even as he allegedly built up massive positions -- he always managed to square his books as a low-level trader in the "Delta One" desk: never make a big profit or loss. When one trade caught the attention of a supervisor last week, and the system collapsed, myriad small losses compounded into a huge financial hole for the bank.

0 Comments:

Post a Comment

Links to this post:

Create a Link

<< Home

Thursday, January 24, 2008

Large Percentage of Emails Found Unusable in Court Cases

Janie Davies reports in last week's issue of Computing Magazine that less than one in four UK businesses are confident that they could rely on email as legal evidence in the event of a harassment or unlawful dismissal lawsuit. While 44 percent said they could not prove whether their emails had been tampered with, 35 percent could not even detect whether or not changes had been made, says a survey by research group Vanson Bourne on behalf of archiving and compliance supplier Forensic and Compliance. Financial services organizations are only slightly better prepared, with at least 45 percent still unable to prove interference with emails, compared with 58 percent of retail, distribution and transport groups.

0 Comments:

Post a Comment

Links to this post:

Create a Link

<< Home

Citigroup Pays Up, Big Time, for E-Discovery Software

Apparently, the sub-prime crisis is good news for somebody... Especially if you're a legal discovery software vendor. Autonomy recently scored a $70 million order for "Desktop Legal Hold", one of the products that came into their portfolio with last year's acquisition of e-disvovery specialist Zantaz.

The customer wasn't identified by Autonomy, but insiders say that it's the global bank Citigroup. Autonomy bought Zantaz for $375 million in July, 2007. The company makes products for archiving, compliance and e-discovery. Desktop Legal Hold (DLH) enables customers to quickly identify, set aside and organize documents and emails pertinent to lawsuits. Could it be that Citigroup bought DLH to prep for the onslaught of lawsuits it is facing from investors and others over the sub-prime mortgage lending crisis? Hmmm...

0 Comments:

Post a Comment

Links to this post:

Create a Link

<< Home

Free Download! Gartner's E-Discovery Vendor Market Analysis

Thanks to Guidance Software, who received Gartner's highest rating as a "Strong Positive", you can download Gartner's research note, "MarketScope for E-Discovery and Litigation Support Vendors, 2007", dated Dec. 14, 2007 for free. Among the very interesting findings in the report: "STRATEGIC PLANNING ASSUMPTION(S) By the end of 2008, there will be four viable categories of vendors in the e-discovery market: platform players, review and analysis platforms, collection, preservation and processing and full service outsourcers. By the end of 2008, there will be 25% fewer vendors claiming to have e-discovery functionality."

0 Comments:

Post a Comment

Links to this post:

Create a Link

<< Home

Friday, January 18, 2008

ProofSpace's Dave McClellan

ProofSpace's Dave McClellan discusses why current data integrity strategies may be inadequate and what to do about them.


Part 1



Part 2

Labels: , , , , , , , , , , , , , ,

0 Comments:

Post a Comment

Links to this post:

Create a Link

<< Home

Tuesday, January 8, 2008

Countrywide Tells Judge It 'Recreated' Letters


It's early in the year, but we agree with our friend Steve Teppler when he says this statement, from Countrywide's spokesman is an early contender for most obfuscatory spin of 2008: "A spokesman for the lender said: 'It is not Countrywide's policy to create or 'fabricate' any documents as evidence that they were sent if they had not been. We believe it will be shown in further discovery that the Countrywide bankruptcy technician who generated the documents at issue did so as an efficient way to convey the dates the escrow analyses were done and the calculations of the payments as a result of the analyses.'" English translation: It's not our custom to create or fabricate, except where we think no one will notice. In such instances, we will pile on the technical language in an attempt to blindside any inquiry. Also: "They were not generated to prove that they had been sent" Translation: They were generated to make people believe they were sent, not to prove they were sent. Jeez, can't you guys get it?

0 Comments:

Post a Comment

Links to this post:

Create a Link

<< Home

Amateur Time Hackers Play With Atomic Clocks at Home


Wired Magazine reports that with the end of the Cold War, and with telecommunications technology advancing rapidly, surplus stores and eBay have filled up with discarded precision time equipment once exclusive to government labs. Cesium clocks, rubidium clocks and even the occasional hydrogen maser can be had for less than a decent laptop. A recent search on eBay turned up an HP 5061B cesium standard for sale for $2,000, and you can get a telecom surplus rubidium standard for less than $400. Some of this equipment costs upwards of $50,000 new. Their access to once-forbidden technology lets the time hackers play in a realm of precision that underpins the modern technological world. A select few, like Tom Van Baak, have started exploring the underpinnings of the universe.

0 Comments:

Post a Comment

Links to this post:

Create a Link

<< Home

Cabinet NG Partners With ProofSpace to Authenticate Document Management


Cabinet NG, the preeminent automated document management and workflow solution for small enterprise businesses, and ProofSpace today announced an agreement to embed ProofSpace's patented ProofMark™ digital tamper-detection technology into Cabinet NG's flagship document management solution, CNG-SAFE. The ProofMark technology will be initially made available as an advanced authentication plug-in to CNG-SAFE, which consolidates all of a company's information into one organized and easy-to-use system. Targeted at Cabinet NG's financial industry customers, the ProofMark enhancement package will enable companies to better protect high-value documents and transaction records, and prove the authenticity of those records to regulators, auditors, clients and courts. You can read more about the deal right here.

0 Comments:

Post a Comment

Links to this post:

Create a Link

<< Home

Law.com Posts Great List of E-Discovery Blogs and Tools


Robert J. Ambrogi, writer for Law Technology News writes in a two-part column that no lawyer today can afford to ignore electronic data discovery. "No matter the case, digital data is likely to be implicated. That means lawyers urgently need to understand EDD and keep abreast of developments in the field." In the first column, he looks at some of the more useful Web sites for learning about and keeping current with this essential area of practice. In the second, he surveys blogs about e-discovery and look at some vendor sites that include useful resources. Both are great bookmarks for any of you out there who are trying to catch the tiger-by-its-tail that is modern E-discovery.

0 Comments:

Post a Comment

Links to this post:

Create a Link

<< Home

Tuesday, December 11, 2007

The Top Five E-Discovery Cases of 2007


As the one year anniversary of the amended Federal Rules of Civil Procedure (FRCP) approaches, our friends at Kroll Ontrack (one of the industry's largest providers of electronic discovery and forensics services) laid out a breakdown of important electronic discovery opinions from 2007, as well as a list of the year’s top five most significant discovery cases. Focusing primarily on interpreting the new FRCP, common topics reoccurring in judicial opinions issued in 2007 included: the importance of early case conferences, the accessibility of electronically stored information, and what to do when parties fail to play by the new rules. Among the five: the historic Lorraine v Markel decision, in which the Magistrate judge ruled emails inadmissable as evidence because of questions as to their authenticity. The court held there is a five-point test in determining the admissibility of electronic evidence. ESI must be 1) relevant, 2) authentic, 3) not hearsay or admissible hearsay, 4) the "best evidence", and 5) not unduly prejudicial. The court stated, "it can be expected that electronic evidence will constitute much, if not most, of the evidence used in future motions practice or at trial, [and] counsel should know how to get it right on the first try."

0 Comments:

Post a Comment

Links to this post:

Create a Link

<< Home

Establishing Authenticity: Is Hashing Enough?


ProofSpace technology wonk Jacques Francouer writes "There has been extensive discussion and use precedent in the legal and security fields around hashing, its use and its value--real and perceived. Even though its robustness and usefulness are incontrovertible in the security world, hashing's perceived value in the legal field (for the purpose of establishing the authenticity of Electronically Stored Information) could benefit from some clarification. For a hash to be secure and useful for legal applications, there must be some additional mechanism to protect and preserve the unique association between the data that is hashed, a trusted time datum, and the original hash result." Read more of his discussion right here.

0 Comments:

Post a Comment

Links to this post:

Create a Link

<< Home

Monday, November 26, 2007

Exclusive Sneak Peek! Save $300 on ProofMark Unlimited™ Bundle


ProofSpace announced availability of our new ProofMark Unlimited bundle, at special friends-and-family pricing. Until December 31st, you get the entire ProofSpace product line: ProofMail, ProofDoc and ProofMark On Demand for only $200 for a one-year subscription, with unlimited ProofMarking and validations. That's $300 off the retail price! Each of the new products offers a unique way to use the patented ProofMark technology to protect your most important documents and emails. With ProofMark On Demand, you can ProofMark virtually any file over the web, even when you're away from your primary computer. With ProofDoc, you get your own personal ProofMark engine, right on your PC desktop or shared server. And ProofMail makes it incredibly easy to digitally seal incoming or outgoing email. Claim your $300 discount now.

0 Comments:

Post a Comment

Links to this post:

Create a Link

<< Home

CERN Research Paper Urges "Checksums Everywhere"


Error levels in modern magnetic storage are very, very low. Unfortunately, personal hard drives are now very, very big--and that means you're virtually guaranteed to have multiple corrupted files on your disk, just by virtue of its sheer size. That according to a recent study out of CERN/IT, the IT group at the world's largest particle physics laboratory. According to the executive summary, "We have established that low level data corruptions exist and that they have several origins. The error rates are at the 10Exp-7 level, but with complicated patterns. To cope with the problem one has to implement a variety of measures on the IT part and also on the experiment side. Checksum mechanisms have to implemented and deployed everywhere."

0 Comments:

Post a Comment

Links to this post:

Create a Link

<< Home

ProofSpace Announces E-Discovery Framework


The worlds of Information Security and e-Discovery are coming together in a structured framework to encourage discussion among legal, security and records management professionals. Last week ProofSpace introduced the Information Security e-Discovery Framework (ISEF), a unique framework for discussing the specific role of information security before, during and after e-Discovery. The objective--bridge the gap between legal and security stakeholders. The result--a more effective response and successful outcome to an e-Discovery process. Soon a discussion white paper will be released, explaining how the ISEF was created and how it can be used. This release will also initiate a comment and review period on the ISEF. View the announcement PDF here.

0 Comments:

Post a Comment

Links to this post:

Create a Link

<< Home

The Next Big E-Discovery Challenge: Authenticity


Up until now, most of eDiscovery has been basic "blocking & tackling". That meant a lot of cataloging and indexing of data, records retention work, legal holds, destruction policy establishment, and deploying "vaulting" technologies. But the future costs and benefits of eDiscovery will likely pivot on something much different: how you handle authenticity challenges used as a negotiating tactic in a lawsuit.

1 Comments:

Anonymous Jacques Francoeur said...

In order for an organization to maximize the business value from its investment in the creation of corporate information (e.g., creation of IP or proprietary data) it must “unleash” its data to make it available to the right people at the right time anywhere.
A strategy to “lock” up its information in an attempt to preserve its authenticity is just a bad strategy against the best interest of the company. There are “content-level” protections (rights management for confidentiality and control and digital seals for authenticity) that enable the “free” movement of data while effectively mitigating the risks.

November 27, 2007 2:08 PM  

Post a Comment

Links to this post:

Create a Link

<< Home

Thursday, November 15, 2007

Publicity-shy Sedona "Working Group One" Meets in Hilton Head


Mark Reichenbach writes in his blog about the very quiet star chamber gathering last week at Hilton Head, South Carolina for the Sedona Conference Working Group One annual meeting. He writes, "Before you ask, there will be no blogging from Sedona, er, Hilton Head. It doesn't work that way." Earlier in his post, he reports "Analogous to the Paris Air Show and its relation to the spy community, Sedona's annual meeting brings together a special combination of the brightest and best in the e-discovery legal community... make no mistake, there will be new work product teed-up for discussion, and you should understand that even though the dialog 'stays in Sedona' the fruits of the group's collective effort don't." Past publications from the influential group can be found here.

2 Comments:

Anonymous Anonymous said...

Joel, I can appreciate the "link love" between blogs, and thank you for linking on my blog entry re: Sedona meeting in Hilton Head.
I am not sure if I'd ever say Sedona was "Publicity-shy" - more I'd say it's about encouraging dialogue, "unvarnished" if you will, in order to bring about the best dialogue will offer. "Star Chamber" is also not a quote that should be attributed to me.

Best regards and good luck with your blog. - On the Mark
http://www.metalincs.com/onthemark

November 20, 2007 4:58 AM  
Blogger joel said...

Thanks Mark, I made the correction re: Star Chamber.

Your blog has been a source of great information, I'm sure there will be much more "link loving" in the future.

November 20, 2007 3:27 PM  

Post a Comment

Links to this post:

Create a Link

<< Home

Cargoes Stolen with Counterfeit Electronic Release Documents


The International Transport Intermediaries Club (ITIC) warned members that misreleases of valuable container-ship cargos are becoming a major factor in claims by principals against their agents, and claimed that carelessness in dealing with telex releases has contributed to these losses. "Telex release" is the industry term for the release of cargo at one port when the original bill of lading has been surrendered at another. Today, despite its name, the telex release is almost always made by email. There have been multiple accounts of telex releases (emails) received by discharge port agents which have been manipulated to appear as though they have originated from the load port agent, and authorizing the release of cargoes and confirming that freight has been received, when it has not. ITIC is now recommending that agents verify the authenticity of messages before releasing cargo.

1 Comments:

Blogger Jacques Francoeur, ProofSpace said...

Hi Joel, What a story! Fraud will always exist simply - where the money is.

As a prudent and responsible organization required to exercise a minimum level of due care, you would think this kind of problem would be quickly mitigated given the mature content assurance technologies available to effectively solve the problem (i.e., Digital Signatures and Digital Seals of Authenticity).

Is it considered forgetful, careless or negligent not to deploy readily available technologies and best practices that are already well embodied in standards?

They are now fully aware of the problem.

Jacques

November 15, 2007 6:11 PM  

Post a Comment

Links to this post:

Create a Link

<< Home

Iron Mountain Buys e-Discovery Software Provider Stratify


Byte and Switch reported last week that Iron Mountain will shell out $158 million in cash to buy e-discovery vendor Stratify Inc. "Customers have been asking us for this... It's a white-hot market, by all accounts a billion-dollar market... We're seeing estimates between $4 billion and $12 billion in the next few years," said Iron Mountain president and COO Bob Brennan during last week's earnings conference call. Stratify's applications sift and search email, scanned documents, and electronic files for specific items, and they also map out relationships among threads and document groups, which attorneys can review when preparing for litigation. Iron Mountain will probably also attempt to leverage Stratify's Digital Repository to enhance its information retrieval services.

0 Comments:

Post a Comment

Links to this post:

Create a Link

<< Home

Universal Data Retention Specification Demoed... without Data Integrity Safeguards?


Computerworld reported last week on a new "universal" data retention spec that "divorces data from the applications that created it". While the article doesn't really offer much detail on how the technology actually works, the really interesting omission is any mention of security or control mechanisms in the proposed protocol. Brings to mind an early large-scale XML implementation at a large financial services firm that a ProofSpace staffer worked on in a previous life, where nobody gave access control a moment's thought... and the systems ended up being wide open to anyone who got their hands on the data definitions.

Vendors such as EMC Corp., Hewlett-Packard Co., Sun Microsystems Inc. and Vignette Corp. demoed their software interfaces for the new specification that offers a universal way for users to store and access unchanging or fixed data regardless of the application that created it. The specification, eXtensible Access Method (XAM), was demonstrated at Storage Networking World last week for the first time. The specification was announced last spring and is expected to be presented to the American National Standards Institute for review as a standard early next year.

1 Comments:

Anonymous Jacques Francoeur said...

Finally a move in the right direction! At this time the “system is smart” and the “data is dumb.” When the data leaves the system or it is used by another application it loses much of its context or utility. Now if the “data was smart” and the “system was dumb,” data could travel across systems and applications and still preserve its value. A step in the right direction indeed. Will vendors embrace this direction remains to be seen.

November 27, 2007 2:17 PM  

Post a Comment

Links to this post:

Create a Link

<< Home

Chain-of-Custody... Or Chain-Saw?


"Exploring the issues surrounding chain of custody for electronic evidence may sound like a great cure for insomnia... But a string of recent judicial sanctions over chain of custody for electronic evidence has made the dry issue a hot topic: One that can make or break your case." In other words, unless you can prove chain-of-custody and data integrity for any electronic documents that your lawyers are trying to submit into evidence, you're going to find yourself up a legal creek without a paddle. That's what Christy Burke writes in this month's Law.com Legal Technology column. "...in the next two to four years, most or all states will be creating legislation with real teeth when it comes to keeping scrupulous security measures to secure digital evidence and ensure a proper chain of custody."

1 Comments:

Blogger Jacques Francoeur, ProofSpace said...

The role (or impact) of Information Security in the e-Discovery process seems to be a very unknown at this time. When I speak to CISOs about their role in e-Discovery their response ranges from “what,” “nothing at all” to “I do not even know who is my GC/LC.” That is, there seems to be no bridge between Legal and Security or understanding of how one can help (or hinder) the other.
Your article was helpful in identifying some of the roles of security during the discovery process. However, I would make the assertion that security considerations and measure should start way ahead of the notice of litigation. For example, at time of creation, time of corporate record declaration, and time of contract execution. In fact, no matter how secure you make a record from the time it is identified in the e-Discovery process, if falsification or manipulation occurred before this point you have just secured an unauthentic record giving it the “appearance” of integrity.
Necessary but insufficient!

November 27, 2007 2:45 PM  

Post a Comment

Links to this post:

Create a Link

<< Home

Storage on Trial


What is a good data-retrieval plan worth to a company caught up in litigation? For Morgan Stanley, $15 million. The average Fortune 500 company has over 150 lawsuits in active litigation at any given time. As document retrieval requests from the legal department start piling up, IT departments are just starting to realize how big and scary the eDiscovery monster really is, with retrieval eating up increasing amounts of IT time and budget.

In 2006, Morgan agreed to pay the hefty $15M fine to resolve an investigation by U.S. regulators into its failure to retain e-mail messages. E-mail played a central role in the (later overturned) $1.58 billion judgment in favor of Ronald Perelman in the case of MorganStanley v. Coleman. Perelman is a billionaire investor who said he was defrauded by the firm over the sale of a business. The judge, frustrated by Morgan Stanley’s inability to produce e-mails demanded by Perelman’s lawyers (the firm said backup tapes had been overwritten), took the unusual step of shifting the burden of proof to Morgan Stanley, so that the firm had to prove its innocence.

0 Comments:

Post a Comment

Links to this post:

Create a Link

<< Home