Category Archives: General Technology Posts

Cloud Takeouts: Can I Get That to Go?

07 Wednesday Nov 2018

Posted by in Computer Forensics, E-Discovery, General Technology Posts, Uncategorized

5 Comments

Apple take outTwo-and-a-half years ago, I concluded a post with this bluster:

“Listen, Amazon, Apple, Microsoft and all the other companies collecting vast volumes of our data through intelligent agents, apps and social networking sites, you must afford us a ready means to see and repatriate our data.  It’s not enough to let us grab snatches via an unwieldy item-by-item interface.  We have legal duties to meet, and if you wish to be partners in our digital lives, you must afford us reasonable means by which we can comply with the law when we anticipate litigation or respond to discovery. You owe us that.  Alexa, are you listening?”

Amazon hasn’t listened; but, Apple lately gave users the ability to download our data.  Credit for this awakening goes to the European Union’s Global Data Protection Regulation (GDPR) that went into effect on May 25.

Data takeout capabilities are essential to protecting civil liberties and meeting legal duties.  Google’s given users a simple, effective means to repatriate data (including Gmail and calendar data) for five years, although search histories have only been supplied for two.  Twitter’s supported robust data takeout for five years; and eight years ago, Facebook became the first big social media site to offer its users the ability to download contributed content.

Apple is late to the party but it didn’t come empty-handed.  The Apple takeout is extensive and can be huge.  My download comprised 63GB in 26 compressed Zip archive files.  It took Apple five days to assemble the data and make it available for download; then, I had to download each file, one-by-one.  There’s no way to download them all, leaving the distinct impression that Apple doesn’t want takeout to be too easy.  In fairness, had I opted to have Apple deliver my data in 25GB chunks (the largest chunk option) instead of the 5GB file limit I specified, it would have been easier.

In my case, almost all the volume were photos replicated in iCloud.  Notably absent was my messaging, which Apple can’t archive and thus can only be obtained from the iPhone or a backup of same (see my post Mobile to the Mainstream). Continue reading

Mobile to the Mainstream

17 Wednesday Oct 2018

Posted by in Computer Forensics, E-Discovery, General Technology Posts, Uncategorized

11 Comments

Mobile data burden and relevance scorecard

Click f/ PDF

Once you’ve preserved the contents of a mobile device, how do you extract responsive content in forms that are searchable and amenable to review?  Most information items on mobile devices aren’t “documents” that can be printed to a static format for review.  Instead, much mobile content is fielded data that must retain a measure of structural integrity for intelligibility.  This article looks at simple, low-cost approaches to getting relevant and responsive mobile data into a standard e-discovery review workflow, and offers a Mobile Evidence Scorecard designed to start a dialogue leading to a consensus about what forms of mobile content should be routinely collected and reviewed in e-discovery, without the need for digital  forensic examination. Continue reading

On the Road Again: PREX and FEST

24 Monday Sep 2018

Posted by in Computer Forensics, E-Discovery, General Technology Posts, Personal, Uncategorized

Leave a comment

PREXFEST_SMThe Texan in me can’t hear the phrase “on the road again” without also hearing Willie Nelson’s nasal voice singing it.  But, the life I love IS making music with my friends, if by “music” we mean bringing “aha” moments to lawyers and others interested in e-discovery and forensic technology.

Today, I head to Portland, for the 2018 Preservation Excellence or PREX Conference put on annually by the good folks at Zapproved.  It’s a splendid faculty congregated in an always-lovely venue and punctuated by good conversation, fine food and the splendor that is Oregon in September.  PREX is always worth the trip; so, if you have the chance to go, by all means, attend.

This year I have a lot to do at PREX.  I have the privilege to host a keynote discussion with CNN and The New Yorker magazine legal commentator, Jeffrey Toobin.  You can be sure that the U.S. Supreme Court, the Mueller investigation and Brett Kavanaugh’s confirmation hearing will all come up.  Toobin is a bestselling author of seven books, including several on the Supreme Court and on the O.J. Simpson murder case and kidnapped heiress Patty Hearst.  Talking with Toobin rounds out my opportunity to do Charlie Rose-style conversations with Doris Kearns Goodwin and Nina Totenberg at earlier Zapproved events.

I’ll also moderate a “People’s Court” debate between Brett Tarr and Dan Nichols.  Brett is Chief Counsel for E-Discovery and Information Governance at gaming conglomerate Caesars Entertainment, and Dan is a partner with Redgrave LLP, the far-flung corporate e-discovery consultancy.  These two really despise each other, so there’s sure to be a lot of eye-gouging and attacks on legitimate parentage.  (That’s my story, and I’m sticking to it).

Finally on Wednesday, I’ll be doing a little speaking of my own in a lonely breakout session where we will talk about preserving and discovering evidence on mobile phones.  They’ve titled it, OMG, SMS & ESI: Preserving & Collecting from Mobile Devices.  The session description reads:

How does one craft a discovery request for text messages? What are the different techniques for preservation, collection and review of mobile data? When does it make sense to complete a full forensic collection on a mobile device? This session will deliver foundational information and practical examples of process and policy management for mobile devices in ediscovery.

if you haven’t yet come to grips with mainstreaming mobile devices into day-to-day e-discovery, know you’re not alone–everyone is struggling, or more likely closing their eyes, hoping mobile will go away.  Perhaps we can make some progress together.

PREX  September 25 – 27, 2018  |  Portland, OR

Then, no-rest-for-the-dreary, I wing to the Windy City of Chicago (so-called NOT due to weather, but for the propensity of its politicians to pontificate at length).  I’m heading to the annual Relativity Fest, a stupendous amalgamation of e-discovery education and evangelical tent meeting cum rock concert.  If there were the slightest doubt that Relativity dominates the e-discovery review space (and is hungry to gobble up the rest of the EDRM), such foolish doubt will be crushed by the power of Fest.

I enjoy Fest for many reasons, not the least of which is the chance to work with the always-engaging David Horrigan, Relativity’s discovery counsel and legal content director.  David is a fine writer, insightful commentator and skilled teacher.  Eclipsing that is his distinction as a great guy, someone always fun to be around and adept at eliciting the best from those he hosts.

At Fest, David will moderate a panel I’m on called The Internet of Things from a Legal, Regulatory, and Technical Perspective.  I’m fortunate to join Gail Gottehrer, Partner and Co-Chair of the Privacy, Cybersecurity, and Emerging Technology Practice at Akerman, who will give the regulatory perspective, and Ed McAndrew, Partner at Ballard Spahr and former DOJ cybercrime coordinator, who’s charged with the legal point of view.  I guess that leaves the technical stuff to me, which is where I’m happiest anyway.

Relativity Fest  Sep. 30 – Oct. 3, 2018 | Hilton Chicago

I hope to see you at one or both of these exciting confabs, enjoying two fine faculties in wonderful venues.  The joy and value of these events isn’t just what’s planned, but the interactions around and outside of the sessions, too.

Preserving Alexa History: Ugly-but-Easy

24 Saturday Mar 2018

Posted by in Computer Forensics, E-Discovery, General Technology Posts, Uncategorized

7 Comments

amazon-alexa-history-angleTwo years ago, I blogged about the challenge of seeking to preserve records of interactions with the Amazon Echo/Alexa family of devices and applications.  I concluded:

“Listen, Amazon, Apple, Microsoft and all the other companies collecting vast volumes of our data through intelligent agents, apps and social networking sites, you must afford us a ready means to see and repatriate our data.  It’s not enough to let us grab snatches via an unwieldy item-by-item interface.  We have legal duties to meet, and if you wish to be partners in our digital lives, you must afford us reasonable means by which we can comply with the law when we anticipate litigation or respond to discovery. “

In a testament to my thought leadership, nothing whatsoever has happened since my call-to-arms in terms of the ability to preserve Alexa app history data.  It’s as bad as it was two years ago and arguably worse because Echo products have grown so popular and the Alexa interface has been integrated into so many devices that the problem is bigger now by leaps and bounds.

Don’t get me wrong, I am Alexa’s biggest fan (and adore her sisters, “Amazon” and “Computer,” so-called for the alternate “wake words” I use to trigger voice communication to Amazon’s servers from other Echo devices).  If anything, Craig the Consumer is happier now with the Echo ecosystem than two years ago.  Wearing my user hat, Alexa’s a peach (and, yes, I am perfectly comfortable with her from a privacy point of view).  Wearing my e-discovery propeller beanie, Alexa is a pain in the butt.  She’s a data gold digger who cooks the books to make it supremely difficult to account for what she’s taken. Continue reading

Docendo Discimus: Q & A

07 Wednesday Mar 2018

Posted by in Computer Forensics, E-Discovery, General Technology Posts, Uncategorized

7 Comments

teach-learn

The Latin maxim Docendo Discimus means “by teaching, we learn.”  So true, because absent my need to stay up-to-date to teach, it’s easy to fall behind.  I teach various places, but of longest standing at the University of Texas School of Law, my alma mater.  My subject is E-Discovery and Digital Evidence, a three-credit, 14-week course.  In my course, information technology enjoys equal status with case law and procedure.  Half the semester is dedicated to mastering the “e” in e-discovery: the foundations of modern information storage and retrieval.  That balance is unique among law school courses.  I don’t elevate information technology because I happen to know how to teach it; I do it because I think it’s what the students need most and don’t get.  It’s certainly what lawyers need most and don’t get.

Why?

Surprisingly, that’s a contentious question.  The arguments against teaching the technology side of e-discovery and digital evidence range from “it’s not law” to “lawyers hire people for the tech stuff, so why bother?”

I think the explanation for the marginalization of information technology in e-discovery classes is simpler: lawyers teaching law school classes have a limited ability to teach technology.  My guess is that if the teachers knew the technology as well as they know the law, there would be more balance in the curriculum.

The limits of instructors hobbles the curriculum of e-discovery, which should spring from the needs of the students.  We should gear our syllabi to what must be learned rather than what can be taught.  First, let’s teach the teachers.

That won’t be easy.  The level of interest is low, and who wants to draw the circle of competence to leave themselves outside the circle?  Too, there are virtually no instructional channels or materials.  No formal incentives.  No funding.  Many invested in the status quo ante.  And all that aside, there’s a dearth of experienced instructors.  We are fuc… challenged.

Continue reading

Houston: We’ve Got a Problem

30 Wednesday Aug 2017

Posted by in Computer Forensics, E-Discovery, General Technology Posts, Personal, Uncategorized

7 Comments

19-hurricane-harveyHouston is my hometown.  I wasn’t born there (though both my children were); but, I got there as quickly as I could, at age 17 to study at Rice University.  I practiced law in Houston and kept a home in the Houston area for 38 years, longer by far than anywhere else.  I have deep Texas roots, proud Houston roots.  So, it pains me to see what’s happening in Harris County, and as a past President of the Houston Trial Lawyers Asociation, I’m thinking of all my colleagues whose offices are submerged or inaccessible and whose practices will be devastated and disrupted by Hurricane Harvey.

Right now, the needs are basic: shelter, food, clothing, medical care and such.  Soon, however, we must restore the legal and business infrastructure.  Though Houston is home to several megafirms, the majority of Houston lawyers–the best lawyers in the world–are small firm- and solo practitioners.  It’s these lawyers who will help people pick up the pieces of their lives by prosecuting claims for storm damage when insurers decline to pay what’s owed.  In Texas, the need is dire as the toadying Texas Legislature serves at the pleasure of big national insurance carriers, a fact borne out by legislation that, even before Harvey’s waters recede, will operate to deprive Texas insureds of substantial rights to recover for storm losses, effective September 1.  Ironic.  Tragic. Despicable.

So, we must pull together to help Gulf Coast lawyers recover from the storm. My friend, Tom O’Connor, unselfishly organized a relief effort for Louisiana lawyers when Katrina crippled New Orleans and environs.  I’m proud to have contributed in a small way to that effort, financially and by speaking in New Orleans about tech tools to help lawyers cope. I look forward to the chance to work with Tom and with The Computer and Technology Section of the State Bar of Texas to do the same for Gulf Coast lawyers.

There is so much to do, and we must each do what we can according to our particular ways and means. Helping Texas lawyers harness technology to weather the storm is something I can do, and I know it’s within the capability of many of my readers. Houston needs help, and Houston deserves it.  After Hurricane Katrina, Houston took in a quarter of a million evacuees, some forty thousand of them stayed.  When I was at Rice, Houston welcomed 200,000 Vietnamese refugees.  No city is more diverse.  None more self-reliant and can-do.  No city has a bigger heart.

There are a lot of sodden computers and hard drives in Houston and all along the Gulf Coast.  Where once we grabbed the family photo album in an evacuation, today, cherished photos (and crucial client data) is all digital.  To that end, I offer this link to a post I wrote after Katrina addressing data recovery.  We have come a long way since since August 2005.  The Cloud and mobile devices play a big role in data storage, and many hard drives are now solid state; still, the majority of computers rely on mechanical hard drives for long term storage, and water plays havoc with mechanical hard drives. What you do with a damaged device in the aftermath makes a huge difference in whether the data they contain can be resurrected.

Please help Houston, and Houston lawyers, get back on their feet.  Believe me, Houstonians would be there for you.  They’ve proved it many times before.

 

Custodian-Directed Preservation of iPhone Content: Simple. Scalable. Proportional.

26 Wednesday Jul 2017

Posted by in Computer Forensics, E-Discovery, General Technology Posts, Uncategorized

26 Comments

charge sync2This article makes the case for routine, scalable preservation of potentially-relevant iPhone and iPad data by requiring custodians back up their devices using iTunes (a free Apple program that runs on PCs and Macs), then compress the backup for in situ preservation or collection.

The Need
Most of you will read this on your cell phone.  If not, it’s a virtual certainty that your cell phone is nearby. Few of us separate from our mobile devices for more than minutes a day.   On average, cell users spend four hours a day looking at that little screen.  On average.  If your usage is much less, someone else’s is much more.

It took 30 years for e-mail to displace paper as our primary target in discovery.  It’s taken barely 10 for mobile data, especially texts, to unseat e-mail as the Holy Grail of probative electronic evidence.  Mobile is where evidence lives now; yet in most cases, mobile data remains “off the table” in discovery. It’s infrequently preserved, searched or produced.

No one can say that mobile data isn’t likely to be relevant, unique and material.  Today, the most candid communications aren’t e-mail, they’re text messages.  Mobile devices are our principal conduit to online information, eclipsing use of laptops and desktops.  Texts and app data reside primarily and exclusively on mobile devices.

No one can say that mobile data isn’t reasonably accessible.  We use phones continuously, for everything from games to gossip to geolocation.  Texts are durable (the default setting on an iPhone is to keep texts “Forever”).  Mobile content easily replicates as data backed up and synched to laptops, desktops and online repositories like iCloud.  The mobile preservation burden pales compared to that we take for granted in the preservation of potentially-relevant ESI on servers and personal computers.

Modest Burden.  That’s what this article is about.  My goal is to demonstrate that the preservation burden is minimal when it comes to preserving the most common and relevant mobile data.  I’ll go so far as to say that the burden of preserving mobile device content, even at an enterprise scale, is less than that of preserving a comparable volume of data on laptop or desktop computers.  Too, the workflows are as defensible and auditable as any we accept as reasonable in meeting other ESI preservation duties. Continue reading

Cybersecurity’s a Pain Point for Plaintiffs

31 Wednesday May 2017

Posted by in E-Discovery, General Technology Posts, Uncategorized

7 Comments

law-firm-breachCybersecurity and personal privacy are real and compelling concerns.  Whether we know it or not, virtually everyone has been victimized by data breach. Lawyers are tempting targets to hackers because, lawyers and law firms hold petabytes of sensitive and confidential data.  Lawyers bear this heady responsibility despite being far behind the curve of information technology and arrogant in dismissing their need to be more technically astute.  Cloaked in privilege and the arcana of law, litigators have proven obstinate when it comes to adapting discovery practice to changing times and threats, rendering them easy prey for hackers and data thieves.

Corporate clients better appreciate the operational, regulatory and reputational risks posed by lackluster cybersecurity.  Big companies have been burned to the point that, when we hear names like Sony, Target or Anthem, we may think “data breach” before “electronics,” “retail” or “health care.”  The largest corporations operate worldwide, so are subject to stricter data privacy laws.  In the United States, we assume if a company owns the system, it owns the data.  Not so abroad, where people have a right to dictate how and when their personal information is shared.

Headlines have forced corporate clients to clean up their acts respecting data protection, and they’ve begun dragging their lawyers along, demanding that outside counsel do more than pay lip service to protecting, e.g., personally-identifiable information (PII), protected health information (PHI), privileged information and, above all, information lending support to those who would sue the company for malfeasance or regulators who would impose fines or penalties.

Corporate clients are making outside counsel undergo security audits and requiring their lawyers institute operational and technical measures to protect company confidential information.  These measures include encryption in transit, encryption at rest, access controls, extensive physical security, incident response capabilities, cyber liability insurance, industry (i.e., ISO) certifications and compulsory breach reporting.  For examples of emerging ‘standards,’ look at the Model Information Protection and Security Controls for Outside Counsel Possessing Company Confidential Information lately promulgated by the Association of Corporate Counsel.

Forcing outside counsel to harden their data bulwarks is important and overdue; but, it’s also disruptive and costly.  Many small firms will find it more difficult to compete with legal behemoths.  Savvier small firms, nimbler in their ability to embrace cybersecurity, will frame it as a market differentiator.  At the end of the day, firms big and small must up their game in terms of protecting sensitive data.

Enhanced cybersecurity is a rising tide that floats all boats.

Well, maybe not all boats.  Let me share who’s likely to get swamped by this rising tide: requesting parties (or, as corporations call them “plaintiffs’ lawyers”), and their experts and litigation support providers.  Requesting parties and others in the same boat will find themselves grossly unprepared to supply the rigorous cybersecurity and privacy protection made a condition of e-discovery. Continue reading

A Dozen E-Discovery Strategies for Requesting and Producing Parties

30 Monday Jan 2017

Posted by in Computer Forensics, E-Discovery, General Technology Posts, Uncategorized

6 Comments

competency-and-strategy_ballTwo characteristics that distinguish successful trial lawyers are preparation and strategy.

Strategy is more than simply doing what the rules require and the law allows.  Strategy requires we explore our opponent’s fears, goals and pain points … and our own.  Is it just about the money?  Can we deflect, distract or, deplete the other side’s attention, energy or resources?  How can they save face while we get what we want?

In a world where less than one-in-one-hundred cases are tried, discovery strategy, particularly e-discovery strategy, is more often vital than trial strategy.  Yet, strategic use of e-discovery garners little attention, perhaps because the fundamentals demand so much focus, there’s little room for flourishes.  As lawyers, we tend to cleave to one way of approaching e-discovery and distrust any way not our own.  If you only know one way of doing things, how do act strategically?

Strategic discovery is the domain of those who’ve mastered the tools, techniques and nuances of efficient, effective discovery.  That level of engagement, facility and flexibility is rare; but, you can be still be more strategic in e-discovery even if you’ve got a lot to learn.

Recently, I had to dash off a dozen e-discovery strategies for requesting and producing parties.  I’m not completely happy with my lists, but I think I nailed a few of the essentials for each side.

A Dozen E-Discovery Strategies for Requesting and Producing Parties

(from Ball, Competency and Strategy in E-Discovery (2017))

Continue reading

Tech Tip: Get your iPhone Back

08 Thursday Dec 2016

Posted by in General Technology Posts

6 Comments

lock-screen“Will the person who left their cell phone at the security checkpoint please retrieve it?”  People constantly leave their phones behind at security checkpoints, washrooms, checkout counters and charge stations.  Too, the little buggers slip out of pockets and purses.  More than three million phones are lost in the U.S. every year, and less than one-in-ten lost phones finds its way home.  Saturday night, I found an iPhone on the floor at a big party in the Faubourg Marigny in New Orleans.  I located the owner by asking everyone in sight if they’d lost a phone, and when I found her, the owner didn’t know she’d dropped it.

There are high tech tools to find lost phones like the Find My iPhone app or Tile locators; but, these only work for owners and require a second connected device.  What do the persons who find your phone or the Lost & Found staff do to quickly locate you, often before you realize your phone’s gone?  You don’t have an ID tag with contact data on your phone, right?

I do something that’s so darn simple, it’s a wonder it’s not already an option on every iPhone: I embed my name and email address in the lock screen photo (i.e., the wallpaper image that appears when you press the sleep/wake button, even when the phone is locked).  Now, any announcement over the P.A. includes my name, and I’ve furnished a secure way for good samaritans to contact me to arrange return.  It’s also an easy means to supply emergency contact information, should the good samaritan find you dropped alongside your phone.

There are plenty of ways to add text to your lock screen image–I’ve used the drawing tools in PowerPoint–but the simplest is to use the image editing tools right on your iPhone.  Here’s how (in iOS 10.1.1):

  1. Select an image to serve as your lockscreen wallpaper.  Use one with not-too-busy space for text (like the clouds in mine).  The text location shouldn’t conflict with the date and time text.  You may prefer to use a picture of yourself to make it easier to find you and prove it’s your phone.
  2. Duplicate the image so as not to alter your original.  Do this by selecting Share (box with the up arrow) and Duplicate.
  3. Working with the duplicate image, choose Edit from the toolbar (abacus-like slider), then choose More (circle with three dots).  Select Markup (toolbox icon) and finally choose the Text option (uppercase “T” in a box).
  4. A text box will appear in the center of your image.  You can resize it by dragging the blue dots or reposition it by dragging the box.  You can change the font face, font size, text color and alignment from the menu bar.
  5. Type your information.  Be sensible, e.g., don’t include your home address, and don’t use your mobile number (duh). Click Done (upper right corner).
  6. To make the edited image your lockscreen wallpaper, go to Settings>Wallpaper>Choose a New Wallpaper.  In All Photos, navigate to the annotated image you just created and select it (tap). Move and scale the image as suits you, then select Set from the menu and choose Set Lock Screen.  You’re done!