Author Archives: craigball

Don’t Try This at Home, Revisited

16 Friday Jan 2015

Posted by in Computer Forensics, E-Discovery

4 Comments

mcluhanThis is the fifth in a series revisiting Ball in Your Court columns and posts from the primordial past of e-discovery–updating and critiquing in places, and hopefully restarting a few conversations.  As always, your comments are gratefully solicited.

Don’t Try This at Home

[Originally published in Law Technology News, August 2005]

The legal assistant on the phone asked, “Can you send us copies of their hard drives?”

As court-appointed Special Master, I’d imaged the contents of the defendant’s computers and served as custodian of the data for several months.  The plaintiff’s lawyer had been wise to lock down the data before it disappeared, but like the dog that caught the car, he didn’t know what to do next.  Now, with trial a month away, it was time to start looking at the evidence.

“Not unless the judge orders me to give them to you,” I replied. Continue reading

Give Away your Computer, Revisited

14 Wednesday Jan 2015

Posted by in Computer Forensics, E-Discovery, General Technology Posts

3 Comments

give awayThis is the fourth in a series revisiting Ball in Your Court columns and posts from the primordial past of e-discovery–updating and critiquing in places, and hopefully restarting a few conversations.  As always, your comments are gratefully solicited.

Give Away Your Computer 

[Originally published in Law Technology News, July 2005]

With the price of powerful computer systems at historic lows, who isn’t tempted to upgrade?  But, what do you do with a system you’ve been using if it’s less than four or five-years old and still has some life left in it?  Pass it on to a friend or family member or donate it to a school or civic organization and you’re ethically obliged to safeguard client data on the hard drive. Plus, you’ll want to protect your personal data from identity thieves and snoopers.  Hopefully you already know that deleting confidential files and even formatting the drive does little to erase your private information—it’s like tearing out the table of contents but leaving the rest of the book.  How do you be a Good Samaritan without jeopardizing client confidences and personal privacy?

Options
One answer: replace the hard drive with a new one before you donate the old machine.  Hard drives have never been cheaper, and adding the old hard drive as extra storage in your new machine ensures easy access to your legacy data.  But, it also means going out-of-pocket and some surgery inside both machines—not everyone’s cup of tea.

Alternatively, you could remove or destroy the old hard drive, but those accepting older computers rarely have the budget to buy hard drives, let alone the technician time to get donated machines running.  Donated systems need to be largely complete and ready to roll.

Probably the best compromise is to wipe the hard drive completely and donate the system recovery disk along with the system.  Notwithstanding some largely theoretical notions, once you overwrite every sector of your hard drive with zeros or random characters, your data is gone forever.  The Department of Defense recommends several passes of different characters, but just a single pass of zeros is enough to frustrate all computer forensic data recovery techniques in common use. Continue reading

Destined to Fail: Armstrong Pump, Inc. v. Hartman

13 Tuesday Jan 2015

Posted by in Computer Forensics, E-Discovery

3 Comments

Thomas-Alva-EdisonBeing a judge looks easy, and most trial lawyers secretly believe they could do the judge’s job as well as His Honor.  But, being a good judge is harder than it looks. Trial judges must be gifted generalists.  They handle disputes in contract law, tort, patent, trademark and copyright law, eminent domain, employment law, criminal law, domestic relations, administrative law, environmental law—you name it.   Judges have to understand procedure and the process of protecting (or muddying) a record better than the average practitioner.  Judges manage bigger dockets than most lawyers with less help.  Trust me: that bozo on the bench is a lot smarter than he looks, and few imagine how much he has to endure from the advocates that come before him.  Sometimes, district court is just traffic court with better shoes.

I offer all that as preface for judging a judge who was just trying to make justice work with precious little help from the lawyers.  I speak of the judge in Armstrong Pump, Inc. v. Hartman, 2014 WL 6908867, No. 10-cv-446S (W.D.N.Y. Dec. 9, 2014).  I’ve never met U.S. Magistrate Judge Hugh B. Scott, but I know that he has twenty years of distinguished service on the federal bench in Buffalo; so, you can be confident he has a well-honed judicial demeanor and has seen it all before.  But, he may suffer from the same debilitating condition that afflicts me:  He was born at an early age and grew up before computers ruled our lives.  He likely learned discovery when everything was paper, and while he may have evolved into judex electronicus (the wired judge), few of his generation of judges have.  It’s asking a lot of judges to keep up with all they must do and become well-schooled in electronic search and retrieval.  That may explain why his order for relief in Armstrong Pump seems destined to fail.  Unhappily so, because when he cries, “Enough” in the opinion, I am with him wholeheartedly. Continue reading

Cowboys and Cannibals, Revisited

12 Monday Jan 2015

Posted by in E-Discovery

Comments Off on Cowboys and Cannibals, Revisited

cowboys and cannibalsThis is the third in a series revisiting Ball in Your Court columns and posts from the primordial past of e-discovery–updating and critiquing in places, and hopefully restarting a few conversations.  As always, your comments are gratefully solicited.

Cowboys and Cannibals

[Originally published in Law Technology News, June 2005]

With its quick-draw replies, flame wars, porn and spam, e-mail is the Wild West boom town on the frontier of electronic discovery–all barroom brawls, shoot-outs, bawdy houses and snake oil salesman.  It’s a lawless, anyone-can-strike-it-rich sort of place, but it’s taking more-and-more digging and panning to get to the gold.

Folks, we need a new sheriff in town.

A Modest Proposal
E-mail distills most of the ills of e-discovery, among them massive unstructured volume, mixing of personal and business usage, wide-ranging attachment formats and commingled privileged and proprietary content.  E-mail epitomizes “everywhere” evidence.  It’s on the desktop hard drive, the server, backup tapes, home computer, laptop on the road, Internet service provider, cell phone and personal digital assistant.  Stampede!

There’s more to electronic data discovery than e-mail, but were we to figure out how to simply and cost-effectively round up, review and produce all that maverick e-mail, wouldn’t we lick EDD’s biggest problem?  Continue reading

Unclear on the Concept, Revisited

09 Friday Jan 2015

Posted by in E-Discovery

3 Comments

unclear on the conceptThis is the second in a series revisiting Ball in Your Court columns and posts from the primordial past of e-discovery–updating and critiquing in places, and hopefully restarting a few conversations.  As always, your comments are gratefully solicited.

Unclear on the Concept

 [Originally published in Law Technology News, May 2005]

A colleague buttonholed me at the American Bar Association’s recent TechShow and asked if I’d visit with a company selling concept search software to electronic discovery vendors.  Concept searching allows electronic documents to be found based on the ideas they contain instead of particular words. A concept search for “exploding gas tank” should also flag documents that address fuel-fed fires, defective filler tubes and the Ford Pinto. An effective concept search engine “learns” from the data it analyzes and applies its own language intelligence, allowing it to, e.g., recognize misspelled words and explore synonymous keywords.

I said, “Sure,” and was delivered into the hands of an earnest salesperson who explained that she was having trouble persuading courts and litigators that the company’s concept search engine worked. How could they reach them and establish credibility?  She extolled the virtues of their better mousetrap, including its ability to catch common errors, like typing “manger” when you mean “manager.”

But when we tested the product against its own 100,000 document demo dataset, it didn’t catch misspelled terms or search for synonyms. It couldn’t tell “manger” from “manager.” Phrases were hopeless. Worse, it didn’t reveal its befuddlement. The program neither solicited clarification of the query nor offered any feedback revealing that it was clueless on the concept. Continue reading

Starting Over

08 Thursday Jan 2015

Posted by in E-Discovery

3 Comments

DNA of DataOne of the conceits of writing is the perception that when you’ve written on something, it’s behind you.  Not that nothing else need be said on the topic, but only that it need not be said by you.  That’s silly for a host of reasons.  I started writing the print version of Ball in Your Court ten years ago–before the 2006 Federal Rules amendments and before the EDRM.  Half my readers weren’t in the field then, and veteran readers surely missed a few missives. Plus, if the point was worth making, perhaps it bears repeating. So, I now revisit columns and posts from the primordial past of e-discovery–starting over as it were, updating and critiquing in places, and hopefully restarting a few conversations. As always, your comments are gratefully solicited.

The DNA of Data

[2005: the very first Ball in Your Court]

Discovery of electronic data compilations has been part of American litigation for two generations, during which time we’ve seen nearly all forms of information migrate to the digital realm.  Statisticians posit that only five to seven percent of all information is “born” outside of a computer, and very little of the digitized information ever finds its way to paper.  Yet, despite the central role of electronic information in our lives, electronic data discovery (EDD) efforts are either overlooked altogether or pursued in such epic proportions that discovery dethrones the merits as the focal point of the case.  At each extreme, lawyers must bear some responsibility for the failure.  Few of us have devoted sufficient effort to learning the technology, instead deluding ourselves that we can serve our clients by continuing to focus on the smallest, stalest fraction of the evidence: paper documents.  When we do garner a little knowledge, we abuse it like the Sorcerer’s Apprentice, by demanding production of “any and all” electronic data and insisting on preservation efforts sustainable only through operational paralysis.  We didn’t know how good we had it when discovery meant only paper. Continue reading

A Simple Breach

23 Tuesday Dec 2014

Posted by in Computer Forensics, General Technology Posts

6 Comments

dbpix-hack-blog480[1]My son’s second floor apartment in Chicago was ransacked while he was in Austin for the holidays.  Thieves climbed up and kicked in the patio door.  It’s a grim reminder of the disconnect between our sense of security and its fragile reality.  A locked door is nothing to a determined intruder, and who among us is protected by more than a thin pane of glass?  Our optimistic efforts at security merely serve to stave off opportunistic threats of the sort that move on to easier pickings when a door is locked or the lights on.  The rest is mostly luck.

In the context of data breach, I laugh when companies attribute data breaches to “ultra-sophisticated attacks.”  In truth, most intrusions stem from simple vulnerabilities like compromised passwords and unpatched exploits.  The victims left the doors unlocked and packages on the porch.  Corporations–particularly banks and brokerage houses–aren’t going to admit their systems are so vulnerable that any determined burglar can jimmy the locks.  Loathe to confess they fell prey to the bungling burglars from “Home Alone,” companies blame Lex Luthor.

But here’s a refreshing exception to the Lex Luthor Lie:  Last night, the New York Times reported that, “The computer breach at JPMorgan Chase this summer—the largest intrusion of an American bank to date—might have been thwarted if the bank had installed a simple security fix to an overlooked server.”

Left shorthanded by a spate of employee departures, JPMorgan Chase’s security team reportedly failed to upgrade a segment of the network to dual-factor authentication–meaning any web surfer with a password could get in and roam around.  And roam they did, gaining high-level access to more than 90 of the giant bank’s servers.

Fast forward to the headline-making Sony Pictures hack—what some appallingly call “Hollywood’s 9/11.”  Sure, it’s attributed to North Korean hackers; but, it wasn’t necessarily the work of sophisticated North Korean hackers.  One recent report makes the case that the Sony hack was anything but the “unique”, “unprecedented” and “undetectable” event Sony’s CEO suggests.  If there’s truth to the claim that the intruders spirited off some 100 terabytes of data, that staggering haul suggests weeks or months of unbridled access.  The Sony burglars didn’t just kick in the door; they set up housekeeping and hung curtains!

Next time you hear a data breach was the work of “sophisticated hackers availing themselves of zero-day exploits,” take it with a grain of salt.  The likelihood is that they entered using a default password or an insecure authenticator like “sonyml3,” the password revealed as that of Sony CEO, Michael Lynton (ml).

Hmmm.  Maybe the North Koreans could have spared us “The Green Hornet,” if they’d  had “sonyml1” or “sonyml2.”  Kimchi for thought.

Houston: Free Screening of the Decade of Discovery; 12/2/2014

27 Thursday Nov 2014

Posted by in E-Discovery

4 Comments

no judgesOn Monday, I screened Joe Looby’s film, The Decade of Discovery, for my University of Texas Law School e-discovery class.  It was a last-minute change prompted by our scheduled speaker falling ill; but, it proved a most effective way to coalesce the information covered in class.  It was also fun to know all of the “actors” and to have lately been with most of them in New Orleans for The Sedona Conference All Voices meeting and in D.C. for the Georgetown Advanced E-Discovery Institute and John Facciola Appreciation Dinner.  It was all I could do to not shout, “Hey, I know her, and him, and that guy, too!”

Afterward, we debated whether it would be better for e-discovery students to see the film at the start of a semester or at the close.  The consensus was that it might have scared students away if they’d seen it too soon.  I think it would be worthwhile to screen it at both the start and end of the semester, if only to make students appreciate how conversant they’ve become in the esoteric subject matter in three months.  Either way, it’s an entertaining hour for bored, stressed  law students.

Likewise, it’s will be a entertaining and FREE evening for anyone who can be in Houston on Tuesday, December 2, 2014 and wishes to attend the complimentary screening of The Decade of Discovery at the Majestic Metro Theatre (911 Preston Street in downtown Houston).  Sponsored by Bloomberg BNA, the evening starts with a networking reception from 6:30-7:30 pm followed by opening remarks from the director at 7:30pm. The screening runs from 7:45-8:45 pm and concludes with a spirited panel discussion.  I am one of the panelists, along with Jason Baron (a/k/a The Sultan of Search), who stars in the film.

To recap, it’s fun, it’s free and the festivities start at 6:30 pm on Tuesday, December 2, 2014 at the Majestic Metro Theatre.  Click here to register to attend.

Because most of you will already be dressed like the actors, feel free to treat this like a midnight screening of Rocky Horror Picture Show and say (or sing) along.  And if you fear it might not be exciting to hear people talk about the tribulations of keyword search for an hour, I assure you that (spoiler alert) there are at least two dramatic car crashes depicted in the film, and there are no purely gratuitous sex scenes.

Location. Location. Location.

26 Wednesday Nov 2014

Posted by in Computer Forensics, E-Discovery, General Technology Posts

3 Comments

Gladys_KravitzI’m peripatetic.  My stuff lives in Austin; but, I’m in a different city every few days.  Lately looking for a new place for my stuff to await my return, I’m reminded of the first three rules of real estate investing: 1. Location; 2. Location and 3. Location.

Location has long been crucial in trial, too: “So, you claim you were at home alone on the night of November 25, 2014 when this heinous crime was committed!  Is that what you expect this jury to believe?”  If you can pinpoint people’s locations at particular times, you can solve crimes.  If you have precise geolocation data, you can calculate speed, turn up trysts, prove impairment, demonstrate collusion and even show who had the green light. Location and time are powerful tools to implicate and exonerate.

A judge called today to inquire about ways in which cell phones track and store geolocation data.  He wanted to know what information is recoverable from a seized phone.  I answered that, depending upon the model and its usage, a great deal of geolocation data may emerge, most of it not tied to making phone calls.  Tons of geolocation data persist both within and without phones.

Cell phones have always been trackable by virtue of their essential communication with cell tower sites.  Moreover, and by law, any phone sold in the U.S. must be capable of precise GPS-style geolocation in order to support 9-1-1 emergency response services. Your phone broadcasts its location all the time with a precision better than ten meters. Phones are also pinging for Internet service by polling nearby routers for open IP connections and identifying themselves and the routers.  You can forget about turning off all this profligate pinging and polling.  Anytime your phone is capable of communicating by voice, text or data, you are generating and collecting geolocation data.  Anytime. Every time.  And when you interrupt that capability, that also leaves a telling record.

Continue reading

Bennat C. Mullen: A Simple Treasure Goes Home

09 Sunday Nov 2014

Posted by in Personal

9 Comments

Bennat C. MullenMy father-in-law, Bennat Mullen, died unexpectedly on Saturday.  He was the sweetest, gentlest and most considerate man I’ve ever known.  He could devour a challenging book or just listen to the wind in the trees with the same simple joy, wonder and engagement he brought to everything.  Bennat was that rare sort who would ask what you thought about something and then attend carefully to your answer.  He didn’t look for his next chance to speak.  He sought his next chance to listen and learn.  Bennat met all with the conviction that he could learn something from them, and like Chaucer’s Clerk from Oxford, “gladly would he learn and gladly teach.”

Education was Bennat’s lifelong passion and key to his achievements.  He came from nothing.  “Dirt poor” aptly describes his early family life.  No one before him had finished school.  Even the odd spelling of “Bennat” is legacy to his parents’ near-illiteracy.  But, thanks to the Air Force and the miracle of the G.I. Bill, Bennat Mullen rose from the hardscrabble, attended college, became a school principal, earned a Ph.D. and emerged an esteemed Professor of Education.  He made the world a better place by teaching teachers.  Who among us is not indebted for that? Continue reading