10 Bonehead Mistakes That Can Kill an EDD Search

In e-discovery, failing to understand data and how to apply tools can leave you vulnerable to poor results.

Spoiled by Google and legal research, lawyers are woefully unprepared for the difficulty of search in electronic data discovery. Search fails us in two, non-exclusive ways: Our query will not retrieve the information we seek, and our query will retrieve information we didn't seek.

Obviously, we want what we're looking for (high recall) and only what we are looking for (high precision). Recall and Precision aren't friends. Every time Recall has a tea party, Precision crashes with his biker buddies and breaks the dishes. It's easy to achieve a high recall of responsive electronically stored information. You simply grab it all: 100% of the data = 100% recall. The challenge is achieving precision. If one out of every hundred items returned is what you seek, 99 items are duds — 1% precision stinks.

Keyword search followed by human review is called "linear search," and for now, it's standard operating procedure in EDD — in part because linear search is mistakenly considered the safest course lest a party fail to produce something responsive, or turn over something that should have been withheld.

Linear search is time-consuming, so it's expensive. Worse, it doesn't work well. People make search and assessment errors, and making lots of searches and assessments, they make lots of errors. Mistakes can be subtle and hyper-technical, but most are not. If we eliminate bonehead errors, we improve the quality of e-discovery, and markedly trim its cost. Search will ever be a battle between Recall and Precision, but avoiding bonehead mistakes limits casualties.

To Continue Reading: Click Here

------------------------------------------------------

Source: law.com

By: Craig Ball

Megaupload wants U.S. court to dismiss indictment, cites jurisdiction

Megaupload has not been served with a summons, according to a filing

Megaupload cannot be brought within the jurisdiction of a federal court in Virginia for criminal proceedings without its consent, as federal rules do not contemplate service of a criminal summons on a wholly foreign corporation without an agent or offices in the U.S., its lawyers said in a filing on Wednesday.

The move to get the court to dismiss the criminal case against the Hong Kong based file-sharing site comes a day after a court in Auckland ruled that Megaupload founder, Kim Dotcom, should be allowed access to documents that contain evidence against him, held by prosecutors in the U.S. and New Zealand.

Dotcom and colleagues, and two companies including Megaupload, were indicted by a grand jury in the Eastern District of Virginia on Jan. 5, and charged with engaging in a racketeering conspiracy, conspiring to commit copyright infringement and money laundering, and two substantive counts of criminal copyright infringement, according to the U.S. Department of Justice. Dotcom and colleagues Finn Batato, Mathias Ortmann and Bram van der Kolk were arrested in Auckland by New Zealand authorities, who executed provisional arrest warrants requested by the U.S.

To Continue Reading: Click Here

------------------------------------------------------

Source: computerworld.com

By: John Ribeiro

How Hard is Authenticating Social Media?

In the world of eDiscovery, it seems that there’s no end to alarmist editorializing about the next looming problem law firms and corporations have to grapple over. Authenticating social media is clearly one of those topics, seen here, here, and here. Of course, social media is a real and emerging complication to the eDiscovery landscape, but alarmism is not warranted.

Authenticating social media does present special challenges in litigation. Hacking and spoofing is a real phenomenon in social media platforms. But authenticating social media evidence involves the same common sense approach that serves in any other form of digital evidence authentication. Courts have continually ruled that evidence is authenticated by “appearance, contents, substance, internal patterns, or other distinctive characteristics, taken in conjunction with circumstances.”

Proving who wrote a message will always be a foundational issue for evidentiary hearings. For example, in State v. Eleck, (Conn. App. Ct. Aug. 9, 2011) the court ruled that just because a message came from particular Facebook account, there is no foundational proof of authorship. Or in Commonwealth v. Purdy, 459 Mass. 442, 450-51, 945 N.E.2d 372 (2011), an e-mail sent from Facebook account bearing defendant’s name was not proof of authorship without additional “confirming circumstances.”

But the bar for authentication of evidence is actually not particularly high, and in fact only needs to be corroborated with circumstantial evidence. In the digital world, there is no handwriting or fingerprinting expert as courts often used to prove authorship of a letter. However, courts do consider evidence like commonly used phrases found in a message, or activity and actions that may indicate who was responsible for creating a message as legitimate forms of identification.

To Continue Reading: Click Here

------------------------------------------------------

Source: Nextpoint Blog - Frank

By: Jason Krause

Who Owns Your Data and What Can They Do With It? Understanding Data Privacy and Information Security in the Cloud

With the recent introduction of Google Drive, cloud computing services are garnering increased attention from entities looking to more efficiently store data. Specifically, using the “cloud” is attractive due to its reduced cost, ease of use, mobility and flexibility, each of which can offer tremendous competitive benefits to businesses. Cloud computing refers to the practice of storing data on remote servers, as opposed to on local computers, and is used for everything from personal webmail to hosted solutions where all of a company’s files and other resources are stored remotely. As convenient as cloud computing is, it is important to remember that these benefits may come with significant legal risk, given the privacy and data protection issues inherent in the use of cloud computing. Accordingly, it is important to check your cloud computing contracts carefully to ensure that your legal exposure is minimized in the event of a data breach or other security incident.

Cloud computing allows companies convenient, remote access to their networks, servers and other technology resources, regardless of location, thereby creating “virtual offices” which allow employees remote access to their files and data which is identical in scope the access which they have in the office. The cloud offers companies flexibility and scalability, enabling them to pool and allocate information technology resources as needed, by using the minimum amount of physical IT resources necessary to service demand. These hosted solutions enable users to easily add or remove additional storage or processing capacity as needed to accommodate fluctuating business needs. By utilizing only the resources necessary at any given point, cloud computing can provide significant cost savings, which makes the model especially attractive to small and medium-sized businesses. However, the rush to use cloud computing services due to its various efficiencies often comes at the expense of data privacy and security concerns.

To Continue Reading: Click Here

------------------------------------------------------

Source: virtual-strategy.com

Megaupload User Asks Court To Order Return Of His Data

Months after the Megaupload raids and arrests, the fate of the data stored on the site’s 1,103 seized servers is still unclear. Many Megaupload users want their accounts returned because they contain irreplaceable information, but they have been waiting in vain. Today the EFF has filed a motion on behalf of Megaupload user Kyle Goodwin, which demands that the court finally comes up with a solution.

In the wake of the January shutdown of Megaupload, many of the site’s legitimate users complained that their personal files had been lost.

Behind the scenes Megaupload negotiated with the Department of Justice and other parties to allow these users to temporarily access their files. When these negotiations failed last month the court was asked to provide a solution, but in response it instructed the parties to reach an agreement on their own.

However, a month has passed and absolutely no progress has been made on the issue according to a document filed today by the EFF.

Representing Kyle Goodwin, a sports reporter who used Megaupload to store work-related files, the EFF has filed a motion in which it demands that the court finds a workable solution for the return of his data. Goodwin already requested the court to assist in a document filed early April, but he is tired of waiting.

To Continue Reading: Click Here

------------------------------------------------------

Source: torrentfreak.com

By: Ernesto

Cloud contracts – the Devil is in the detail

Cloud computing today is no longer a buzzword associated with universities or advanced technology organisations at the bleeding edge of innovation. It is now a mainstream sourcing model that most organisations are looking to as part of their broader IT strategy.

The shift away from building customised systems specifically for organisational requirements is fast approaching. Global financial scenarios are presenting a funding challenge for IT innovation initiatives, transformation projects and ongoing support services.

One of the greatest shifts was demonstrated and highlighted by a US Government White House Paper titled: “25 Point Implementation Plan to Reform Federal Information Technology Management”, in December 2009, and included support for a “Shift to Cloud First Policy”. An important point to note is the term “Stand-Up Contract Vehicles” was used for both secure infrastructure-as-a-service (IaaS) and commodity services. Supporting actions were required, alongside the endorsement of the strategy and the guiding “Cloud First” policy.

In all cloud discussions to date, major emphasis is placed on the service types of cloud—Software-as-a-Service (SaaS), Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), or cloud models such as Public Cloud, Private Cloud, Hybrid Cloud and Community Cloud. Very little emphasis or discussion is undertaken about the major vehicle through which these models and services will be utilised and consumed—cloud contracts.

To Continue Reading: Click Here

------------------------------------------------------

Source: cso.com.au

By: Puneet Kukreja

Cloud providers cave into more flexible contracts

Contract terms can be a source of competitive advantage

Combined legal and market factors may force cloud providers to offer more flexible contract terms, suggests new research from Queen Mary, University of London.

The research examines how and why cloud providers have begun to negotiate standard contract terms to better meet cloud users’ needs, minimise operating risks and address legal compliance obligations.

The research, by the Cloud Legal Project at the Centre for Commercial Law Studies at Queen Mary, is primarily based on in-depth interviews with global and UK cloud providers, cloud users, law firms and other market players.

The report found that the top six types of cloud contract terms most negotiated were provider liability, service level agreements, data protection and security, termination rights and lock-ins/exits, unilateral amendments to service features, and intellectual property rights.

“These are the key contractual issues of concern to users in the cloud market at this relatively immature stage of cloud adoption,” said professor Christopher Millard, lead academic on the Cloud Legal Project (CLP).

He said standard "one-size-fits-all" terms are often weighted in favour of the provider, and many are potentially non-compliant, invalid or unenforceable in some countries.

To Continue Reading: Click Here

------------------------------------------------------

Source: computerworlduk.com

By: Antony Savvas

10 Steps for Responding to a Corporate Data Security Breach

Data security breaches can have significant reputational, business, and legal costs for companies. Depending on the nature and severity of the incident, a data security breach can result in the loss of key business assets, cause public embarrassment, diminish customer goodwill, result in costly response and remedial requirements (including legal obligations), create contractual liability risks, attract regulatory scrutiny at the federal and state levels, and result in litigation.

While companies can reduce the likelihood of a breach by maintaining robust data security practices and procedures, the reality is that there is no such thing as perfect security. In other words, when it comes to data breaches, the question for most businesses will be not "if," but "when." Thus, to manage risk around data breaches, businesses must also have in place procedures to guide a quick and effective response.

Although every incident is unique, these procedures generally should include the following steps:

1. Develop your plan before the incident.

Develop a written incident response plan before an incident occurs, and then create a hypothetical scenario to test the plan. Such a plan ultimately will not be a precise script for when an incident occurs, but it will help ensure preparedness -- and that the right team and procedures have been identified in advance of the incident. This is important not only to help expedite a response, but also to address regulatory risks. If a breach becomes subject to regulatory scrutiny, the company will need to demonstrate that it had a reasonable plan in place to address incidents and made a good faith effort to follow that plan.

To Continue Reading: Click Here

------------------------------------------------------

Source: law.com

By: David Fagan and Stephen Satterfield

Shining a Light into the Black Box of E-discovery Predictive Coding

For years, litigators cited a lack of judicial guidance as their primary objection to using predictive coding technology. The objection is based on the notion that even though predictive coding technology promises to significantly reduce the time, cost, and error rate of pure human document review during discovery, few attorneys want to be the first to defend the use of technology they don’t understand. It is this fear of what some characterize as “black box technology” that has led many outside counsel to caution corporate clients to take a “wait and see” approach, in spite of continued pressure from those same clients to decrease document review costs.

In 2012, the wait for judicial guidance ended abruptly when not one, but three new predictive coding cases surfaced: Da Silva Moore v. Publicis Groupe; Kleen Products, LLC v. Packaging Corporation of America; and Global Aerospace Inc., v. Landow Aviation, LLP. In Da Silva Moore, Judge Andrew Peck even approved the use of predictive coding technology in “appropriate cases,” leaving some to believe the courthouse doors had been thrown open to unbridled use of the technology. Somehow, within weeks of the decision, the wheels of the predictive coding freight train locked up, leaving many wondering whether or not these new predictive coding cases provided clarity or merely added more confusion.

This article explains how predictive coding technology works, explores recent predictive coding cases, and provides a roadmap for understanding what must happen for predictive coding to regain momentum and become mainstream in the legal field.

To Continue Reading: Click Here

------------------------------------------------------

Source: law.com

By: Matthew Nelson

5 things CIOs should know about big data

These five tips set the foundation for any CIO's big data plans

No. 1: You will need to think about big data

Big data analysis got its start from the large Web service providers such as Google, Yahoo, and Twitter, which all needed to make the most of their user-generated data. But enterprises will big data analysis to stay competitive and relevant.

You could be a really small company and have a lot of data. A small hedge fund may have terabytes of data, said Jo Maitland, GigaOm research director for big data. In the next couple of years, a wide number of industries -- including health care, public sector, retail, and manufacturing -- will all financially benefit by analyzing more of their data, consulting firm McKinsey and Company anticipated in a recent report.

There is an air of inevitability with Hadoop and big data implementations, said Eric Baldeschwieler, chief technology officer of Hortonworks, a Yahoo spinoff company that offers a Hadoop distribution. It's applicable to a huge variety of customers. Collecting and analyzing transactional data will give organizations more insight into their customers' preferences. It can be used to better inform the creation of new products and services, and allow organizations to remedy emerging problems more quickly.

No. 2: Useful data can come from anywhere (and everywhere)

You may not think you have petabytes of data worth analyzing, but you will, if you don't already. Big data is collected data that used to be "dropped on the floor," Baldeschwieler said.

To Continue Reading: Click Here

------------------------------------------------------

Source: InfoWorld

By: Joab Jackson

Confidential data: Delete it or eat it, say security experts

Hoarding sensitive information is easy and inexpensive, but as the collected information grows, so do the risks

The only way for companies to guarantee their confidential data can't be stolen is to delete it. But few companies are making use of that guarantee, say security experts.

"They can't steal it if you don't have it," Alan Brill, senior managing director of Kroll Advisory Solutions, said in a recent interview with Dark Reading.

Unfortunately, there isn't an app for that -- at least not a simple one. And unfortunately not many enterprises are doing much about it.

Chester Wisniewski, a senior security adviser at Sophos, said he considers this a major problem. "In the digital age many organizations are collecting massive amounts of information on their users/customers and stashing it away in case it may be useful in the future," he said. "This has resulted in many data breaches disclosing far more than necessary, simply because organizations are hoarding information."

Wisniewski said getting rid of confidential data ought to be a routine, "trivial action." But, it becomes more difficult "if it wasn't factored into the original design of the data structures."

Part of the problem is that it is so easy and inexpensive to hoard information. In digital form, it's not like you're going to run out of file cabinets. "People think of it as this gold mine of data that they may want to mine later," Wisniewski said. "And it's not like a storage locker.."

To Continue Reading: Click Here

------------------------------------------------------

Source: csoonline.com

By: Taylor Armerding

New regulations usher in the era of data governance

With President Obama’s announcement a few months ago of a renewed focus on data privacy in the “Data Privacy Bill of Rights,” the European Union’s sweeping data protection legislation last year and increasing fines for non-compliant organizations, some as much as 5 percent of global revenue -- it is safe to say the era of global data governance has officially arrived.

When these various global regulations are combined with the rapid growth in organizational data, 50 percent year-over-year, many organizations are not only struggling to comply with data laws, but also to prevent the loss of critical IP and customer data. In 2011 alone, more than 23 million records containing personally identifiable information (PII) were leaked.

Research from IDC and other analyst firms show that more than three quarters of data in large enterprises is unstructured, is overly accessible, lacks access auditing and lacks automated analysis of authorizations and use.

In many cases the biggest risk surrounding data does not come from hackers directly compromising customer and employee files, but from employees and contractors with overly permissive access, lack of access auditing, lack of context and lack of automation for the volumes of unstructured data that exist in company archives.

To Continue Reading: Click Here

------------------------------------------------------

Source: gsnmagazine.com

By: David Gibson

Customizable Cloud SLAs on the Way, Researchers Predict

Service-level agreements and legal standards for cloud offerings will become more customized to individual customers and vertical industries as the cloud market continues to mature and providers look for ways to differentiate their offerings, researchers at the University of London predict.

Providers today are in many cases looking to push "one-size-fits-all" contracts on customers that favor the provider, the researchers found, but they don't always meet the needs of customers. For example, some vertical industries, such as healthcare, government and finance, each have compliance requirements that need to be addressed before they can more fully embrace a cloud strategy. Providers are only beginning to offer these types of services, and it's a trend researchers expect will pick up steam.

"To remain competitive, providers may have to be more aware of user concerns, more flexible in negotiations, and more willing to demonstrate the security and robustness of their services," says Christopher Millard, lead academic on the Cloud Legal Project at Queen Mary, University of London

To Continue Reading: Click Here

------------------------------------------------------

Source: CIO

By: Brandon Butler

7 Ways to Build Credibility During Government FCPA Investigations

Good communication is key to any relationship—particularly when that relationship is with the U.S. government, and they’re inquiring about a possible violation by your company of the Foreign Corrupt Practices Act. How corporate counsel respond to the government’s electronic discovery requests can determine whether or not that relationship stays on track.

What could go wrong? Plenty, says Avi Gesser, counsel to the chief of the fraud section in the criminal division at the U.S. Department of Justice. “There is a lot of potential for mutual benefit,” he says, “and a lot of room for misunderstanding.”

Gesser addressed attendees at an event hosted by legal-technology company UBIC North America this week in New York City. He was not speaking on behalf of the Justice Department, nor iterating department policy, he said, though the former Davis Polk & Wardwell partner did offer pointers based on observations he has “collected over time.”

Most importantly, when facing an FCPA inquiry, “it’s a very good idea to engage the government early,” Gesser says. “You can create a set of expectations that both sides understand . . . in a way that will be very beneficial to you in the course of an investigation.”

To Continue Reading: Click Here

------------------------------------------------------

Source: Corporate Counsel

By: Catherine Dunn

E-discovery costs: Pay now or pay later

Latent information risk lurks in uncontrolled data stores

Those old enough to have watched TV in the early ’80s will undoubtedly remember the FRAM oil commercial in which the mechanic utters his iconic catchphrase: "You can pay me now, or pay me later." The gist of the vintage ad was that the customer could either pay a small sum now to replace his oil filter, or a far greater sum later to replace the car’s entire engine.

This “pay me now/pay me later” scenario perplexes many of today’s organizations as they try to effectively govern (understand, discover and retain) electronically stored information (ESI). The challenge is similar to the oil filter conundrum, in that companies can make rather modest upfront retention/deletion decisions in order to prevent monumental, downstream e-discovery charges.

Fortunately, savvy organizations are starting to realize that the cost of storage shouldn’t be the main factor in determining if data is ever deleted. Given the nearly unlimited storage reality that the cloud is promulgating, the question shouldn’t be, “What does it cost to keep data indefinitely?” Instead, the more germane question is, “How much will it cost to search through endless terabytes/petabytes of data when there’s a governmental inquiry, e-discovery event or internal investigation?”

To Continue Reading: Click Here

------------------------------------------------------

Source: InsideCounsel

By: Dean Gonsowski

Kim Dotcom Using Passwords As Bargaining Chips

He hopes to get some hard drives and computers back 

It’s been relatively quiet on the MegaUpload front recently. After a U.S. judge said that the trial may not even happen, it seemed that all the parties seemed to have just given up. It appears that is not the case as Kim Dotcom is now fighting for the return of his computers and hard drives.

TorrentFreak is reporting that Dotcom has requested a judicial review of the search warrants that were used against him back in January. The legality of the search warrant was already brought into question before, but the police filed the proper warrant. The result was that Dotcom got back some of his money, but he’s now fighting to get back something more important – evidence.

Dotcom’s defense argued that the hard drives and computers are needed to mount a proper defense against the forces that seek to extradite him to the U.S. He also wants to use the information to prove that the police used excessive force against him in the raid that he claimed left him with a bleeding hand from a ruptured fingernail.

To Continue Reading: Click Here

------------------------------------------------------

Source: webpronews.com

By: Zach Walton

7th Circuit eDiscovery Pilot Program Tackles Technology Assisted Review With Mock Arguments

The 7th Circuit eDiscovery Pilot Program’s Mock Argument is the first of its kind and is slated for June 14, 2012. It is not surprising that the Seventh Circuit’s eDiscovery Pilot Program would be the first to host an event like this on predictive coding, as the program has been a progressive model across the country for eDiscovery protocols since 2009. The predictive coding event is open to the public (registration required) and showcases the expertise of leading litigators, technologists and experts from all over the United States. Speakers include: Jason R. Baron, Director of Litigation at the National Archives and Records Administration; Maura R. Grossman, Counsel at Wachtell, Lipton, Rosen & Katz; Dr. David Lewis, Technology Expert; Matt Nelson, eDiscovery Counsel at Symantec; and Jeff Sharer, Partner at Sidley Austin.

The eDiscovery 2.0 blog has extensively covered the three recent predictive coding cases currently being litigated, and while real court cases are paramount to the direction of predictive coding, the 7th Circuit program will proactively address a scenario that has not yet been considered by a court. In Da Silva Moore, the parties agreed to the use of predictive coding, but couldn’t subsequently agree on the protocol. In Kleen, plaintiffs want defendants to redo their review process using predictive coding even though the production is 99% complete. And, in Global Aerospace the defendant proactively petitioned to use predictive coding over plaintiff’s objections. By contrast, in the 7th Circuit’s hypothetical, the mock argument predicts another likely predictive coding scenario; the instance where a defendant has a deployed in-house solution in place and argues against the use of predictive coding before discovery has begun.

To Continue Reading: Click Here

------------------------------------------------------

Source:  eDiscovery 2.0

By: Allison Walton

Florida Jurors Banned From Using Social Media to Discuss Criminal Cases

The Florida Supreme Court banned jurors from using electronic devices or social media to talk about their cases Thursday.

The detailed opinion adopts the work of the court’s Committee on Standard Jury Instructions in Criminal Cases, which builds on more broad-ranged 2010 juror instructions prohibiting the use of social media, the Daily Business Review reports. The opinion comes at a time when courts are increasingly aware of the challenges social media and electronic devices present in the courtroom.

To Continue Reading: Click Here

------------------------------------------------------

Source:  ABA Journal

By: Rachel M. Zahorsky

Should tech 'jailbreaking' be legal?

Yesterday US copyright regulators opened up the floodgates for a public hearing (PDF) of proposals to change copyright law, including authorizing the cracking of tablets, DVDs, gaming consoles and mobile phones.

Every three years, the US Copyright Office mulls over requests to create temporary loopholes in the law that forbids circumventing encryption in the things we buy.

Changes to those loopholes have the potential to mean a lot to George Hotz.

Hotz is a hardware hacker known online as Geohot who owns a box full of Sony products. Per court order, they've been tucked away where he can't tinker with them.

As Wired's David Kravets writes, Sony last year dropped a PlayStation 3 jailbreaking lawsuit against Hotz in return for his promise to never again hack his game console or any other Sony product.

He told Wired that he hasn't touched the components since the settlement.

Before the settlement of the civil suit, he was busy figuring out how to play homemade games on the Sony console, in violation of a law that forbids cracking encryption in hardware or software, even for legal purposes.

This will be the fifth time the office has heard requests to modify the law—the Digital Millennium Copyright Act (PDF)—since it was passed in 1998.

 

To Continue Reading: Click Here

------------------------------------------------------
Source:  technologyspectator.com.au

By: Lisa Vaas - Sophos