2007-12-23 Digital Darwinism
The New York Times article linked below discusses the problems and costs of maintaining digital works of art (cinema) over a long period of time. What this article helps expose is the fundamental problem facing all digital information generating entities: long term preservation and accessibility. What is subsumed within this question is how to ensure long term data provenance, or provably persistent data integrity.
This article actually sounds a clarion call for those who choose to archive anything digital. It also exposes issues not typically addressed by those selling recordable media or long-term storage or archive solutions.
First, "life-long storage" does not mean "long-life storage" --- the difference is crucial, and I believe generally ignored. Life-long storage of degrading media is really storage of media only, and not of the information contained therein. The "lifetime" of most media is described in terms providing no meaningful guidance (such as "mean time between failure" for hard drives). CD, DVD's do not typically advertise or disclose their stated "shelf-life." I remember purchasing some "gold" CD's that were hawked as "long life" only to see the glitter of gold dust exfoliated by these CD's with 5 years of their purchase. Others appeared intact, but became latter-day coasters. Newer storage media: I understand that "flash drives" just wear out over time. What that portends for the SD, Memory Sticks, thumb drives, and pc-memory storage components containing important information (oops, you store your key recovery data on that USB drive...") is not good. Nano-technology? No word yet as to longevity.
Ok, so that means that the 2007 Quadrennial 5-DVD Digitally Re-mastered Dolby 11.1 Enhanced Autographed, Numbered and Limited Edition Blue Ray/HDNA Directors' (and all other) Cut of "Blade Runner" for which I shell out 100 bucks may, or may not be playable five years after I take the DVD's out of the climate controlled, UV free dark room. I'll take my chances, but if they "decompose" I'll be sad. My sadness will be limited, however, only to the extent of my loss of a favorite flick (plus 100 bucks). Not so with enterprise or government information intended to last anywhere between a long time and in perpetuity.
What this means is that entities facing lengthy retention periods had better start considering developing and deploying methods for periodic and orderly migration to "fresher" media, or risk losing data. Including those redundant backups. This brings up the question of whether such entities are required to acknowledge and take steps now, or if these entities will be given a "pass" because they merely did what at the time appeared to provide compliance.
So, it appears that we may be leaving the survival of our most important information (digitally sourced) to "Digital Darwinism," in which information contained in only the "strongest" or most robustly maintained (and migrated) media, survive.
The other issue, in which I profess a biased interest, is how to ascertain and prove, through time, the integrity of such digital data that survives.
Maybe we should worry about that issue in 10 years. It looks as if we'll have a hard enough time proving provenance even for relatively short-lived data.
The link to the New York Time article entitled "The Afterlife Is Expensive for Digital Movies":
http://www.nytimes.com/2007/12/23/business/media/23steal.html?ref=business
Sunday, December 23, 2007
Tuesday, December 18, 2007
2007-12-18 Ohio Electronic Voting Machine Test Results - Not Good
The Register.com (why do we hear this type of information first from the UK?) reports that the Ohio Secretary of State has just released a federally funded report on electronic voting machines used in Ohio, and has found that they contain critical failures that could affect the integrity of state elections.
Excerpted from the Ohio Secretary of State's report (link below):
The voting systems uniformly “failed to adequately address important threats against election data and processes,” including a“failure to adequately defend an election from insiders, to prevent virally infected software . . . and to ensure cast votes are appropriately protected and accurately counted. (Id.)"
"• Security Technology: The voting systems allow the “pervasive mis-application of security technology,” including failure to follow “standard and well-known practices for the use of cryptography, key and password management, and security hardware.” (Id.)
• Auditing: The voting systems exhibit “a visible lack of trustworthy auditing capability,” resulting in difficulty discovering when a security attack occurs or how to isolate or recover from an attack when detected. (Id.)
• Software Maintenance: The voting systems’ software maintenance practices are 'deeply flawed,' leading to 'fragile software in which exploitable crashes,lockups, and failures are common in normal use. (Id.)'"
Register.com also reports an executive for eVoting solution vendor Premier Election Solutions as cautioning people not to read too much into the report. That executive was quoted in the article as stating:
"'It is important to note that there has not been a single documented case of a successful attack against an electronic voting system, in Ohio or anywhere in the United States," an executive for Premier said in response to the report. "Even as we continue to strengthen the security features of our voting systems, that reality should not be lost in the discussion." He went on to say the report failed to take into account security improvements made since the study began.'"
Here's the man behind the curtain (sections of the report) we're asked to ignore:
"Specific Results: Source Code Analysis and Red Team (Penetration) Testing
ES&S
Failure to Protect Election Data and Software Failure to Effectively Control Access to Election Operations
Failure to Correctly Implement Security Mechanisms
Failure to Follow Standard Software and Security Engineering Practices
Premier
Failure To Effectively Protect Vote Integrity and Privacy
Failure to Protect Elections From Malicious Insiders
Failure to Validate and Protect Software
Failure to Follow Standard Software and Security Engineering Practices
Failure to Provide Trustworthy Auditing
Hart
Failure To Effectively Protect Election Data Integrity
Failure To Eliminate Or Document Unsafe Functionality
Failure To Protect Election From “Malicious Insiders”
Failure To Provide Trustworthy Auditing
Lessee: Failure to protect against insiders. Failure to follow "standard and well known practices" for crypto, key management and security hardware. Failure to provide a trustworthy auditing capability, making it "difficult" to discover when an attack occurs. Deeply flawed software maintenance practices resulting in "fragile software."
Hmm. Let's build a house with twelve doors and eleven locks. Certify it as safe because there has been no 'documented" case of a successful attack?
Article link:
http://www.theregister.co.uk/2007/12/17/ohio_voting_machines_study/
Report Link:
http://www.sos.state.oh.us/sos/info/EVEREST/00-SecretarysEVERESTExecutiveReport.pdf
The Register.com (why do we hear this type of information first from the UK?) reports that the Ohio Secretary of State has just released a federally funded report on electronic voting machines used in Ohio, and has found that they contain critical failures that could affect the integrity of state elections.
Excerpted from the Ohio Secretary of State's report (link below):
The voting systems uniformly “failed to adequately address important threats against election data and processes,” including a“failure to adequately defend an election from insiders, to prevent virally infected software . . . and to ensure cast votes are appropriately protected and accurately counted. (Id.)"
"• Security Technology: The voting systems allow the “pervasive mis-application of security technology,” including failure to follow “standard and well-known practices for the use of cryptography, key and password management, and security hardware.” (Id.)
• Auditing: The voting systems exhibit “a visible lack of trustworthy auditing capability,” resulting in difficulty discovering when a security attack occurs or how to isolate or recover from an attack when detected. (Id.)
• Software Maintenance: The voting systems’ software maintenance practices are 'deeply flawed,' leading to 'fragile software in which exploitable crashes,lockups, and failures are common in normal use. (Id.)'"
Register.com also reports an executive for eVoting solution vendor Premier Election Solutions as cautioning people not to read too much into the report. That executive was quoted in the article as stating:
"'It is important to note that there has not been a single documented case of a successful attack against an electronic voting system, in Ohio or anywhere in the United States," an executive for Premier said in response to the report. "Even as we continue to strengthen the security features of our voting systems, that reality should not be lost in the discussion." He went on to say the report failed to take into account security improvements made since the study began.'"
Here's the man behind the curtain (sections of the report) we're asked to ignore:
"Specific Results: Source Code Analysis and Red Team (Penetration) Testing
ES&S
Failure to Protect Election Data and Software Failure to Effectively Control Access to Election Operations
Failure to Correctly Implement Security Mechanisms
Failure to Follow Standard Software and Security Engineering Practices
Premier
Failure To Effectively Protect Vote Integrity and Privacy
Failure to Protect Elections From Malicious Insiders
Failure to Validate and Protect Software
Failure to Follow Standard Software and Security Engineering Practices
Failure to Provide Trustworthy Auditing
Hart
Failure To Effectively Protect Election Data Integrity
Failure To Eliminate Or Document Unsafe Functionality
Failure To Protect Election From “Malicious Insiders”
Failure To Provide Trustworthy Auditing
Lessee: Failure to protect against insiders. Failure to follow "standard and well known practices" for crypto, key management and security hardware. Failure to provide a trustworthy auditing capability, making it "difficult" to discover when an attack occurs. Deeply flawed software maintenance practices resulting in "fragile software."
Hmm. Let's build a house with twelve doors and eleven locks. Certify it as safe because there has been no 'documented" case of a successful attack?
Article link:
http://www.theregister.co.uk/2007/12/17/ohio_voting_machines_study/
Report Link:
http://www.sos.state.oh.us/sos/info/EVEREST/00-SecretarysEVERESTExecutiveReport.pdf
Saturday, December 08, 2007
2007-12-08 Metadata Revisited - What's In That JPG? --- Relevant Evidence.
For those in the "most metadata is irrelevant" camp, I offer this argument in support of my position that metadata is critical to electronic evidence authentication: The metadata contained in most digital photographs can reveal camera ID, camera type, shutter speed, or aperture setting together with the more visible time and date notations. If someone accuses someone as having taken a certain photograph, it might be helpful to ascertain this information *(through discovery, of course) and then argue that the accused:
1. Owned or did not own the type of camera used to take the photo
2. The camera had or lacked the capability to take photos at the listed aperture, shutter or ISO setting
3. The camera had or lacked the capability to take photos at the claimed resolution.
The underlying metadata reliability argument quite readily exposes the gaping holes in the "most metadata is irrelevant" argument, as one might argue that the metadata showing these attributes (including the time and date source, and time and date notation) was unprotected, and subject to the same type of manipulation as is all other unprotected digital data, and is therefore unreliable. One might also present (and this is really the more difficult argument) that the metadata was generated and maintained in such a fashion as to be authentic and reliable. In other words, the metadata, like the photo itself, is what it purports to be at the time relevance attached to it.
For those in the "most metadata is irrelevant" camp, I offer this argument in support of my position that metadata is critical to electronic evidence authentication: The metadata contained in most digital photographs can reveal camera ID, camera type, shutter speed, or aperture setting together with the more visible time and date notations. If someone accuses someone as having taken a certain photograph, it might be helpful to ascertain this information *(through discovery, of course) and then argue that the accused:
1. Owned or did not own the type of camera used to take the photo
2. The camera had or lacked the capability to take photos at the listed aperture, shutter or ISO setting
3. The camera had or lacked the capability to take photos at the claimed resolution.
The underlying metadata reliability argument quite readily exposes the gaping holes in the "most metadata is irrelevant" argument, as one might argue that the metadata showing these attributes (including the time and date source, and time and date notation) was unprotected, and subject to the same type of manipulation as is all other unprotected digital data, and is therefore unreliable. One might also present (and this is really the more difficult argument) that the metadata was generated and maintained in such a fashion as to be authentic and reliable. In other words, the metadata, like the photo itself, is what it purports to be at the time relevance attached to it.
2007-12-08 eDiscovery Question - Do You Know the Way to ADS (Alternate Data Streams)?
Engineered into Windows since NT 3.1 (circa 1993) Alternate Data Streams was developed by Microsoft to allow for better compatibility with HFS (Mac) file systems. When creating any NTFS file or folder, a separate data stream (sometimes known as a "fork") can be also created for that file or folder. Data stored in an NTFS stream becomes invisible to Windows Explorer, text searches, and most other Windows' routine file apps. One may then store a 5Gb .zip file inside the streamed 20k text file. Windows Explorer and most other apps will then only detect the 20k text file, and not the 5GB streamed .zip file. So, one can use ADS to hide data within other data or folders.
Interestingly enough, ADS will be stripped from a file if the file is emailed as an attachment, or if it is copied to a FAT 32 drive (such as a thumb or flash drive), a CD/RW or other non-NTFS file, the ADS will be stripped from the copy.
There are numerous detection, and some removal tools available. ADS Spy is an exampled of a freeware detection and removal tool: http://www.bleepingcomputer.com/files/adsspy.php Good forensics tools such as enCase, SleuthKit, SMART, and others provide capability to detect ADS where a the forensically extracted copy is also an NTFS based filed.
Keep in mind:
1. Search for ADS.
2. ADS may contain discoverable information.
3. ADS may bear obscure non-relevant seeming names.
4. ADS may be encrypted.
5. ADS will be stripped when file is converted/copied to non-NTFS.
6. Ask for presence of and/or have examiner search for common ADS removal tools
7. Vista has a native ADS detection tool. From command prompt, type "dir /r"
Engineered into Windows since NT 3.1 (circa 1993) Alternate Data Streams was developed by Microsoft to allow for better compatibility with HFS (Mac) file systems. When creating any NTFS file or folder, a separate data stream (sometimes known as a "fork") can be also created for that file or folder. Data stored in an NTFS stream becomes invisible to Windows Explorer, text searches, and most other Windows' routine file apps. One may then store a 5Gb .zip file inside the streamed 20k text file. Windows Explorer and most other apps will then only detect the 20k text file, and not the 5GB streamed .zip file. So, one can use ADS to hide data within other data or folders.
Interestingly enough, ADS will be stripped from a file if the file is emailed as an attachment, or if it is copied to a FAT 32 drive (such as a thumb or flash drive), a CD/RW or other non-NTFS file, the ADS will be stripped from the copy.
There are numerous detection, and some removal tools available. ADS Spy is an exampled of a freeware detection and removal tool: http://www.bleepingcomputer.com/files/adsspy.php Good forensics tools such as enCase, SleuthKit, SMART, and others provide capability to detect ADS where a the forensically extracted copy is also an NTFS based filed.
Keep in mind:
1. Search for ADS.
2. ADS may contain discoverable information.
3. ADS may bear obscure non-relevant seeming names.
4. ADS may be encrypted.
5. ADS will be stripped when file is converted/copied to non-NTFS.
6. Ask for presence of and/or have examiner search for common ADS removal tools
7. Vista has a native ADS detection tool. From command prompt, type "dir /r"
Friday, December 07, 2007
2007-12-07 Printout of Metadata Held Sufficient for Discovery Purposes
The Sedona Principles' blanket approach to most metadata as "irrelevant" was adopted in Williams v. Sprint/United Management Co., 230 F.R.D. 640, 646 (D.Kan.2005). The Sprint court embraced the Sedona argument that "[I]n most cases and for most documents, metadata does not provide relevant information." Williams v. Sprint, 230 F.R.D. at 651. The Sprint court also noted that "[e]merging standards of electronic discovery appear to articulate a general presumption against the production of metadata[.]"
The recent decision in Michigan First Credit Union v. Cumis Ins. Society, Inc., Slip Copy, 2007 WL 4098213 (E.D.Mich. 2007) follows the Sprint approach and represents yet another example of how the Sedona Conference's blanket pronouncement is susceptible to misinterpretation. Here, the Court found that a printout of email metadata was sufficient and denied a motion to compel production of native, or source data. Curiously, even though the data and time information contained in the metadata was considered relevant, the "unique identifier" data was not, and since all was "printed out" in a pdf, the Court ruled that no further relevant information could be gleaned from the native, or source data:
"This includes the date and time of the creation of the message file, as well as a long string of characters that serves as a unique identifier for each message." She further states that she has reviewed the screen-shots of the email message produced for Plaintiff, and that "[a]ll metadata pertaining to the individual messages, except for the unique identifier referred to in the above paragraph is visible on these printouts." Hence, except for an "identifier" that would have no evidentiary value, the relevant metadata (such as date and time of creation) appears in the PDF copy. Were this not the case, there would be value in producing the metadata. However, since the PDF copies contain all the relevant information that Plaintiff would otherwise glean from the metadata, I agree with Defendant that producing the metadata for the emails would be unduly burdensome." Ibid, at *2.
Of course, no challenge to the metadata itself was apparently made. Imo, this is a clarion call not only to have the Sedona Principles properly reflect digital litigation reality, but also for counsel to bring themselves up to speed, and understand what it is they must challenge, or defend. Knowing what to ask for, and why, is a good start. The flip side is that being uninformed or misinformed as to the importance of metadata will at this time be more likely to result in this type of "gotcha."
The Sedona Principles' blanket approach to most metadata as "irrelevant" was adopted in Williams v. Sprint/United Management Co., 230 F.R.D. 640, 646 (D.Kan.2005). The Sprint court embraced the Sedona argument that "[I]n most cases and for most documents, metadata does not provide relevant information." Williams v. Sprint, 230 F.R.D. at 651. The Sprint court also noted that "[e]merging standards of electronic discovery appear to articulate a general presumption against the production of metadata[.]"
The recent decision in Michigan First Credit Union v. Cumis Ins. Society, Inc., Slip Copy, 2007 WL 4098213 (E.D.Mich. 2007) follows the Sprint approach and represents yet another example of how the Sedona Conference's blanket pronouncement is susceptible to misinterpretation. Here, the Court found that a printout of email metadata was sufficient and denied a motion to compel production of native, or source data. Curiously, even though the data and time information contained in the metadata was considered relevant, the "unique identifier" data was not, and since all was "printed out" in a pdf, the Court ruled that no further relevant information could be gleaned from the native, or source data:
"This includes the date and time of the creation of the message file, as well as a long string of characters that serves as a unique identifier for each message." She further states that she has reviewed the screen-shots of the email message produced for Plaintiff, and that "[a]ll metadata pertaining to the individual messages, except for the unique identifier referred to in the above paragraph is visible on these printouts." Hence, except for an "identifier" that would have no evidentiary value, the relevant metadata (such as date and time of creation) appears in the PDF copy. Were this not the case, there would be value in producing the metadata. However, since the PDF copies contain all the relevant information that Plaintiff would otherwise glean from the metadata, I agree with Defendant that producing the metadata for the emails would be unduly burdensome." Ibid, at *2.
Of course, no challenge to the metadata itself was apparently made. Imo, this is a clarion call not only to have the Sedona Principles properly reflect digital litigation reality, but also for counsel to bring themselves up to speed, and understand what it is they must challenge, or defend. Knowing what to ask for, and why, is a good start. The flip side is that being uninformed or misinformed as to the importance of metadata will at this time be more likely to result in this type of "gotcha."
2007-12-07 Options Backdating Update - Former United Health CEO Returns 418 Million
The New York Time and the Wall Street Journal report today that William W. McGuire has settled with the SEC and agreed to return an estimated 400 million dollars in connection with the options backdating civil action pending against him. According to one account, the total returned by McGuire will exceed 600 million dollars. Options backdating involves altering the date of an option grant, typically to increase it's value at the date of granting. The option grant's strike price is typically (and some argue should only) be the date on which the grant is made. This grant date also typically coincides with the commencement of a new position, or a bonus.
The grant date maneuverability necessarily involves some time based computer data manipulation, as I highly doubt that any of these time-shifted options grants were accomplished by the efforts Aunt Tillie typing on her Selectric, bottle of White-Out by her side, in the typing pool.
The malleability of computer data (and the difficulties involved in challenging and detecting same) are well set forth in In re Texlon Corporation Securities Litigation 2004 WL 3192729 (WD Ohio 2004). The Texlon court roundly excoriated the defendant's auditor PriceWaterhouseCoopers for violating its duty of preservation. The court noted that auditing documents were altered "well after the close of the [relevant auditing period] and that [PWC should have been on notice to preserve these documents..." The Texlon court further noted that expert testimony discovered that the metadata of certain documents had been altered or deleted, specifically that data had been time-and-date shifted.
What is perhaps most important is that the Texlon court also implicitly recognizes the issue of time based data manipulation, as it also took notice of expert testimony that "it is possible to alter any document in the database, and if the date on the computer used to alter the document is reset, the incorrect date will be incorporated in the metadata fields as the date of modification." Texlon, 2004 WL 319729 at *19. It should be noted that the matter ended prior to the judge's action on the reports and recommendations of the magistrate.
Perhaps in the future the time and date malleability of computer generated information will become the focus of more intense scrutiny by counsel as well as the Courts.
The New York Time and the Wall Street Journal report today that William W. McGuire has settled with the SEC and agreed to return an estimated 400 million dollars in connection with the options backdating civil action pending against him. According to one account, the total returned by McGuire will exceed 600 million dollars. Options backdating involves altering the date of an option grant, typically to increase it's value at the date of granting. The option grant's strike price is typically (and some argue should only) be the date on which the grant is made. This grant date also typically coincides with the commencement of a new position, or a bonus.
The grant date maneuverability necessarily involves some time based computer data manipulation, as I highly doubt that any of these time-shifted options grants were accomplished by the efforts Aunt Tillie typing on her Selectric, bottle of White-Out by her side, in the typing pool.
The malleability of computer data (and the difficulties involved in challenging and detecting same) are well set forth in In re Texlon Corporation Securities Litigation 2004 WL 3192729 (WD Ohio 2004). The Texlon court roundly excoriated the defendant's auditor PriceWaterhouseCoopers for violating its duty of preservation. The court noted that auditing documents were altered "well after the close of the [relevant auditing period] and that [PWC should have been on notice to preserve these documents..." The Texlon court further noted that expert testimony discovered that the metadata of certain documents had been altered or deleted, specifically that data had been time-and-date shifted.
What is perhaps most important is that the Texlon court also implicitly recognizes the issue of time based data manipulation, as it also took notice of expert testimony that "it is possible to alter any document in the database, and if the date on the computer used to alter the document is reset, the incorrect date will be incorporated in the metadata fields as the date of modification." Texlon, 2004 WL 319729 at *19. It should be noted that the matter ended prior to the judge's action on the reports and recommendations of the magistrate.
Perhaps in the future the time and date malleability of computer generated information will become the focus of more intense scrutiny by counsel as well as the Courts.
Thursday, November 22, 2007
2007-11-22 ES&S Voting Machine Fracas: Exactly the Same (but with minor differences)
Calif. claims that "certification" sticker were repeatedly placed on appliances that had not been certified in violation of California law.
In keeping with the nature of this dispute, someone might also be comfortable in stating the two positions stated below are identical, and with only minor differences.
ES&S: The updated machines contain the "exact same hardware configuration and firmware version
Calif: The A200 uses version 1.1.2258 of the system firmware, while the earlier machine uses version 1.0.
I find the "exactly the same, but with minor differences" argument intriguing.
The link to the Register.com article:
http://www.theregister.co.uk/2007/11/21/e_voting_vendor_sued/print.html
Calif. claims that "certification" sticker were repeatedly placed on appliances that had not been certified in violation of California law.
In keeping with the nature of this dispute, someone might also be comfortable in stating the two positions stated below are identical, and with only minor differences.
ES&S: The updated machines contain the "exact same hardware configuration and firmware version
Calif: The A200 uses version 1.1.2258 of the system firmware, while the earlier machine uses version 1.0.
I find the "exactly the same, but with minor differences" argument intriguing.
The link to the Register.com article:
http://www.theregister.co.uk/2007/11/21/e_voting_vendor_sued/print.html
Wednesday, November 21, 2007
2007-11-21 New Discovery Venue: Apple Reported to Track iPhone Online Usage
Two things to keep in mind, depending upon circumstances. First, this capability, if true, could provide a rich discovery source, but although one might "request" the information generated by an iPhone, one might be well advised to incorporate specific language directed toward this captured information. Second, be aware of the type of information divulged-by-agreement when you, or your client sign up for the pretty bauble.
The link:
http://www.pocket-lint.co.uk/news/news.phtml/11368/12392/apple-tracking-iphone-usage-reports.phtml
Two things to keep in mind, depending upon circumstances. First, this capability, if true, could provide a rich discovery source, but although one might "request" the information generated by an iPhone, one might be well advised to incorporate specific language directed toward this captured information. Second, be aware of the type of information divulged-by-agreement when you, or your client sign up for the pretty bauble.
The link:
http://www.pocket-lint.co.uk/news/news.phtml/11368/12392/apple-tracking-iphone-usage-reports.phtml
Wednesday, November 14, 2007
2007-11-14 Data in Transit --- Just Not in the Enterprise Document Policy; Defecting Employees Steal Reported 1.8 Billion Worth of Data from Company.
Darkreading.com (link below) reports that two top officials (including an incumbent president and an executive director) of a "major Korean electric power business" stole, er, liberated, more than 1.8 billion in trade secrets when they teamed up with a rival earlier in the year.
The escaped data made its way out of the enterprise, apparently through a USB port and into some storage device connected thereto.
http://www.darkreading.com/document.asp?doc_id=139010&print=true
Darkreading.com (link below) reports that two top officials (including an incumbent president and an executive director) of a "major Korean electric power business" stole, er, liberated, more than 1.8 billion in trade secrets when they teamed up with a rival earlier in the year.
The escaped data made its way out of the enterprise, apparently through a USB port and into some storage device connected thereto.
http://www.darkreading.com/document.asp?doc_id=139010&print=true
Thursday, November 08, 2007
2007-11-08 eDiscovery: Hand me the Keys: The Downside to Hosted Encryption Services
The link from Wired:
http://blog.wired.com/27bstroke6/2007/11/encrypted-e-mai.html
Wired.com reports today that Hushmail, which, ahem, "dominate[s] a unique market niche fo highly secure webmail with its innovative, client side encryption engine" bows to court order to provide client's email encryption keys. Link below.
How, you might inquire, do they obtain access to a *client* private key? In an effort to make the email process seamless, Hushmail offers a thin client, and runs the encryption engine on their side. As succinctly put in the Wired Article: "...this means that an attacker with access to Hushmail's servers can get at the passphrase and thus all of the messages."
Let's do this in a step-by-step analysis.
1. Hushmail has control over its environmental variables.
2. Hushmail has control over its servers providing encryption services.
3. Hushmail encryption processes occur at Hushmail servers, not at the client.
4. Information (including key information) is transmitted between Hushmail server and client by SSL connection.
5. Key information is provided to Hushmail encryption engine in cleartext at Hushmail server.
6. Hushmail has access to the private key for some period of time.
7. Hushmail's keys can be compelled to be disclosed in court.
Client email not so Hush.
Third party custody of your encryption key, while a nifty idea for redundancy and data loss (meaning risk of non-decryption) might place that third party in a rather difficult position. Perhaps creating and enforcing a policy where private keys used for certain information are never sent in cleartext to a third party might be a good idea. Ya think?
In any event, creation of and adherence of a document retention policy to apply to 3rd party key custodian activities (and the keys held by them) in an auditable fashion, may be worth a thought.
The link from Wired:
http://blog.wired.com/27bstroke6/2007/11/encrypted-e-mai.html
Thursday, October 25, 2007
2007-10-26 Another Discovery Category - Greynets
The Register.com posted an article today on the existence of illicit "conduits for malware" or
greynets" that proliferate through most enterprises today. These are technically (and typically) described as peer-to-peer applications, downloaded apps that connect direct to other users to exchange messages and/or data, (aka Instant Messaging, VoIP and filesharing applications) but greynet appears to be the emerging term de jure, and provides another wide-ranging category request type to be used in discovery.
The Register.com posted an article today on the existence of illicit "conduits for malware" or
greynets" that proliferate through most enterprises today. These are technically (and typically) described as peer-to-peer applications, downloaded apps that connect direct to other users to exchange messages and/or data, (aka Instant Messaging, VoIP and filesharing applications) but greynet appears to be the emerging term de jure, and provides another wide-ranging category request type to be used in discovery.
Saturday, October 13, 2007
2007-10-13 CFAA and Employment Agreements
In light of recent divergent decisional authority interpreting jurisdictional thresholds for Computer Fraud and Abuse Act ("CFAA" actions), it may be a good idea to add language to new and existing contracts of employment (and employee handbooks, where employment is "at will") to expressly articulate that any appropriation, access or use of employer information *during employment* is unauthorized and further that any such appropriation, access or use shall be deemed to cause damage in excess of $5000 (the CFAA jurisdictional amount). Upon-termination authority revocation and damages provisions should always be part and parcel of any such agreement. For existing employees, it's also a good idea to have executed a similar agreement supplement or handbook update.
In light of recent divergent decisional authority interpreting jurisdictional thresholds for Computer Fraud and Abuse Act ("CFAA" actions), it may be a good idea to add language to new and existing contracts of employment (and employee handbooks, where employment is "at will") to expressly articulate that any appropriation, access or use of employer information *during employment* is unauthorized and further that any such appropriation, access or use shall be deemed to cause damage in excess of $5000 (the CFAA jurisdictional amount). Upon-termination authority revocation and damages provisions should always be part and parcel of any such agreement. For existing employees, it's also a good idea to have executed a similar agreement supplement or handbook update.
Sunday, October 07, 2007
2007-10-07 New Addresses on eDiscovery Avenue
In an article entitled "Securing Very Important Data - Your Own" appearing in the October 7, 2007 online edition of New York Times, the author gushes that users are "loving" to send out (the term "relinguishing" used in the article is telling) their personal, financial, credit card, telephone, social security, and other identity-specific data to service providers in exchange for financial management services. Notably, an offering called "Basecamp," described as a "powerful project management and collaboration tool" to store including "performance targets, to-do lists, files, collaborative documents, and messages" is alleged to claim more than one million users. Mint.com is another offering, described as having a "Swiss Army knife approach to personal financial management." In exchange for offering what appears to be every last drop of user information it can extract, Mint will offer users "specialized services" --- that will, on a nightly basis, connect to and update bank accounts, balance checkbooks, and even "shop" for better offering terms and rates on credit cards and other financial accounts.
Maybe these services are good, maybe not. Perhaps they are secure. Perhaps not. What they represent is a treasure trove of discoverable information.
Securing your very own data? Perhaps not.
In an article entitled "Securing Very Important Data - Your Own" appearing in the October 7, 2007 online edition of New York Times, the author gushes that users are "loving" to send out (the term "relinguishing" used in the article is telling) their personal, financial, credit card, telephone, social security, and other identity-specific data to service providers in exchange for financial management services. Notably, an offering called "Basecamp," described as a "powerful project management and collaboration tool" to store including "performance targets, to-do lists, files, collaborative documents, and messages" is alleged to claim more than one million users. Mint.com is another offering, described as having a "Swiss Army knife approach to personal financial management." In exchange for offering what appears to be every last drop of user information it can extract, Mint will offer users "specialized services" --- that will, on a nightly basis, connect to and update bank accounts, balance checkbooks, and even "shop" for better offering terms and rates on credit cards and other financial accounts.
Maybe these services are good, maybe not. Perhaps they are secure. Perhaps not. What they represent is a treasure trove of discoverable information.
Securing your very own data? Perhaps not.
Saturday, October 06, 2007
2007-10-06 Conversion of Software is Actionable Under NY Law --- The tort of conversion of electronic information is actionable in New York.
"The Hand of History Lies Heavy Upon the Tort of Conversion"
In Thyroff v Nationwide Mutual Insurance Co., 493 F. 3d 109 (2d Cir. 2007) the U.S. Court of Appeals for the Second Circuit reversed its earlier decision affirming a dismissal (and also certifying a question to the New York Court of Appeals. Excerpt from the opinion (including the certified question, which the Court of Appeals Answers in the affirmative:
"Is a claim for the conversion of electronic data cognizable under New York law?" Thyroff, 460 F.3d at 408. On March 22, 2007, the New York Court of Appeals answered the certified question in the affirmative. See Thyroff, 8 N.Y.3d at 293, 832 N.Y.S.2d 873, 864 N.E.2d 1272. As we explained in our prior decision, "if a conversion claim may extend to electronic data, Thyroff has stated a claim sufficient to survive Nationwide's motion to dismiss for both his personal and business data." Thyroff, 460 F.3d at 405. Accordingly, based on the response from the New York Court of Appeals that electronic data may be the subject of a conversion claim under New York law, we vacate the district court's dismissal of Thyroff's conversion claim and remand for further proceedings." Thryroff, supra at 493 F. 3d at p. 109.
In New York, at least for the moment, a civil action for conversion of electronic data may be commenced. Under New York law, and unlike the CFAA, there is no jurisdictional damage minimum, and punitive damages may be sought by the aggrieved party. What remains unclear is whether, using the same analysis as in Thyroff, a criminal action for conversion may now be brought
The response by the New York State Court of Appeals to the question certified to it by the Second Circuit contains a short analysis of the history and evolution of conversion, trover and trespass to chattel, together with some impressive prose. Here, an extended excerpt:
"“The hand of history lies heavy upon the tort of conversion” (Prosser, The Nature of Conversion, 42 Cornell LQ 168, 169 [1957] ). The “ancient doctrine” has gone **1274 ***875 through a great deal of evolution over time (Franks, Analyzing the Urge to Merge: Conversion of Intangible Property and the Merger Doctrine in the Wake of Kremen v. Cohen, 42 Hous. L. Rev. 489, 495 and n. 32 [Summer 2005] ), dating back to the Norman Conquest of England in 1066 ( see Ames, The History of Trover, 11 Harv. L. Rev. 277, 278 [1897] [hereinafter Ames] ).Before the English royal government undertook the prosecution of crime, redress for the tortious or criminal misappropriation of chattels was limited to private actions, such as “the recuperatory appeals of robbery or larceny” available to persons whose property had been stolen ( id. at 278).FN3 In general, these appeals took two forms. If a thief was immediately apprehended while in possession of the stolen goods, the wrongdoer “was straightaway put to death [by the court], without a hearing, and the [victim] recovered his goods” ( id.). In other cases, rightful ownership of the property was usually determined by a “wager of battle”-a physical altercation or duel between the victim and the thief ( see Black's Law Dictionary 1544 [8th ed. 2004] ), with the victor taking title to the goods ( see Ames, 11 Harv. L. Rev. at 279). Because this “remedy” could lead to a thief killing or maiming the chattel's owner and taking legal ownership of the stolen property, it was “widely detested” by the populace (Black's Law Dictionary 1544).
FN3. There were also “punitory appeals,” which, as the name connotes, were utilized solely for punishing thieves in situations where property stolen was of a certain value and could not be recovered (Ames, 11 Harv. L. Rev. at 278).Over time, the practice of trial by jury was instituted and wager of battle steadily lost favor ( see Ames, *287 11 Harv. L. Rev. at 279-280). FN4 Contributing to its demise at the end of the 12th century was the advent of criminal prosecutions by the Crown. But successful prosecution by the government could result in forfeiture of the stolen chattels to the King rather than the return of property to its rightful owner-an unwelcome prospect for the victim of a theft.
FN4. Wager of battle was not formally abolished in England until 1818 ( see Black's Law Dictionary 1544).The appeals of robbery and larceny also failed to provide an adequate remedy because a victim could not seek monetary damages from the thief-the only remedy was return of the stolen property. By 1252, a new cause of action- trespass de bonis asportatis FN5-was introduced. It allowed a plaintiff to obtain pecuniary damages for certain misappropriations of property and, following a favorable jury verdict, the sale of the defendant's property to pay a plaintiff the value of the stolen goods.FN6 If, however, the defendant offered to return the property to its rightful owner, the owner had to accept it and “recovery was limited to the damages he had sustained through his loss of possession, or through harm to the chattel, which were usually considerably less than its value” (Prosser, The Nature of Conversion, 42 Cornell LQ at 170).
FN5. A Latin phrase meaning “trespass for carrying goods away” (Black's Law Dictionary 1542).
FN6. “Detinue,” a related cause of action, provided a similar remedy for the improper detention (as opposed to taking) of property ( see Ames, 11 Harv. L. Rev. at 375).In the late 15th century, the common law was extended to “fill the gap left by the action of trespass” (Prosser and Keeton, Torts § 15, at 89 [5th ed.] ) by providing a more comprehensive remedy in cases where a defendant's interference with property rights was so serious that it went **1275 ***876 beyond mere trespass to a conversion of the property ( see Prosser, 42 Cornell LQ at 169). Known as “trover,” this cause of action was aimed at a person who had found goods and refused to return them to the title owner, and was premised on the theory that:“the defendant, by ‘converting’ the chattel to his own use, had appropriated the plaintiff's rights, for which he was required to make compensation. The plaintiff was therefore not required to accept the chattel when it was tendered back to him; and he recovered as his damages the full value of the chattel at the time and place of the conversion.... The *288 effect was that the defendant was compelled, because of his wrongful appropriation, to buy the chattel at a forced sale, of which the action of trover was the judicial instrument” ( id. at 170).An action for trover originally could not be invoked by a person who did not lose personal property or have a right to immediate possession of the property ( see Restatement [Second] of Torts § 222A, Comments a, b; Ames, 11 Harv. L. Rev. at 277). Because of the advantages that trover afforded over older forms of relief, its use was stretched to cover additional misappropriations, including thefts ( see Prosser, 42 Cornell LQ at 169; Restatement [Second] of Torts § 222A, Comment a ).Trover gave way slowly to the tort of conversion, which was created to address “some interferences with chattels for which the action of trover would not lie,” such as a claim dealing with a right of future possession (Restatement [Second] of Torts § 222A, Comment b ). The technical differences between trover and conversion eventually disappeared. The Restatement (Second) of Torts now defines conversion as an intentional act of “dominion or control over a chattel which so seriously interferes with the right of another to control it that the actor may justly be required to pay the other the full value of the chattel” ( id. § 222A [1] ).
IIIAs history reveals, the common law has evolved to broaden the remedies available for the misappropriation of personal property. As the concept of summary execution and wager of battle became incompatible with emerging societal values, the law changed. Similarly, the courts became willing to consider new species of personal property eligible for conversion actions.Conversion and its common-law antecedents were directed against interferences with or misappropriation of “goods” that were tangible, personal property. This was consistent with the original notions associated with the appeals of robbery and larceny, trespass and trover because tangible property could be lost or stolen ( see Prosser and Keeton, Torts § 15, at 90). By contrast, real property and all manner of intangible rights could not be “lost or found” in the eyes of the law and were not therefore subject to an action for trover or conversion ( see id. at 91).Under this traditional construct, conversion was viewed as “the ‘unauthorized assumption and exercise of the right of *289 ownership over goods belonging to another to the exclusion of the owner's rights' ” ( State of New York v. Seventh Regiment Fund, 98 N.Y.2d 249, 259, 746 N.Y.S.2d 637, 774 N.E.2d 702 [2002], quoting Vigilant Ins. Co. of Am. v. Housing Auth. of City of El Paso, Tex., 87 N.Y.2d 36, 44, 637 N.Y.S.2d 342, 660 N.E.2d 1121 [1995]; see e.g. Colavito v. New York Organ Donor Network, Inc., 8 N.Y.3d 43, 49-50, 827 N.Y.S.2d 96, 860 N.E.2d 713 [2006]; Industrial & Gen. Trust, Ltd. v. Tod, 170 N.Y. 233, 245, 63 N.E. 285 [1902] ). Thus, the general rule was that “an action for conversion will not normally lie, when it **1276 ***877 involves intangible property” because there is no physical item that can be misappropriated ( Sporn v. MCA Records, 58 N.Y.2d 482, 489, 462 N.Y.S.2d 413, 448 N.E.2d 1324 [1983] ).Despite this long-standing reluctance to expand conversion beyond the realm of tangible property, some courts determined that there was “no good reason for keeping up a distinction that arose wholly from that original peculiarity of the action” of trover (that an item had to be capable of being lost and found) and substituted a theory of conversion that covered “things represented by valuable papers, such as certificates of stock, promissory notes, and other papers of value” ( Ayres v. French, 41 Conn. 142, 150, 151 [1874] ). This, in turn, led to the recognition that an intangible property right can be united with a tangible object for conversion purposes ( see Agar v. Orda, 264 N.Y. 248, 251, 190 N.E. 479 [1934]; Iglesias v. United States, 848 F.2d 362, 364 [2d Cir.1988] ).In Agar, which involved the conversion of intangible shares of stock, this Court applied the so-called “merger” doctrine because:“for practical purposes [the shares] are merged in stock certificates which are instrumentalities of trade and commerce.... Such certificates ‘are treated by business men as property for all practical purposes.’ ... Indeed, this court has held that the shares of stock are so completely merged in the certificate that conversion of the certificate may be treated as a conversion of the shares of stock represented by the certificate” (264 N.Y. at 251, 190 N.E. 479; see also Pierpoint v. Hoyt, 260 N.Y. 26, 28-29, 182 N.E. 235 [1932] ).More recently, we concluded that a plaintiff could maintain a cause of action for conversion where the defendant infringed on the plaintiff's intangible property right to a musical performance by misappropriating a master recording-a tangible item *290 of property capable of being physically taken ( see Sporn v. MCA Records, 58 N.Y.2d at 489, 462 N.Y.S.2d 413, 448 N.E.2d 1324).FN7
FN7. The Restatement (Second) of Torts reflects the “merger” theory as follows:“(1) Where there is conversion of a document in which intangible rights are merged, the damages include the value of such rights.“(2) One who effectively prevents the exercise of intangible rights of the kind customarily merged in a document is subject to a liability similar to that for conversion, even though the document is not itself converted” (Restatement [Second] of Torts § 242).
IVWe have not previously had occasion to consider whether the common law should permit conversion for intangible property interests that do not strictly satisfy the merger test. Although some courts have adhered to the traditional rules of conversion ( see e.g. Allied Inv. Corp. v. Jasen, 354 Md. 547, 562, 731 A.2d 957, 965 [1999] [interests in partnership and corporation]; Northeast Coating Tech., Inc. v. Vacuum Metallurgical Co., Ltd., 684 A.2d 1322, 1324 [Me.1996] [interest in information contained in prospectus]; Montecalvo v. Mandarelli, 682 A.2d 918, 929 [R.I.1996] [partnership interest] ), others have taken a more flexible view of conversion and held that the cause of action can embrace intangible property ( see e.g. Kremen v. Cohen, 337 F.3d 1024, 1033-1034 [9th Cir.2003] [Internet domain name; applying California law]; Shmueli v. Corcoran Group, 9 Misc.3d 589, 594, 802 N.Y.S.2d 871 [Sup.Ct., N.Y. County 2005] [computerized client/investor list]; see generally **1277 ***878 Town & Country Props., Inc. v. Riggins, 249 Va. 387, 396-397, 457 S.E.2d 356, 363-364 [1995] [person's name] ).FN8
FN8. At least one court has approved of the use of conversion by referencing the merger doctrine ( see e.g. Astroworks, Inc. v. Astroexhibit, Inc., 257 F.Supp.2d 609, 618 [S.D.N.Y.2003] [conversion of idea that was represented by an Internet Web site] ). Conversion claims have also been approved without consideration of the historical limits of the cause of action ( see e.g. Cole v. Control Data Corp., 947 F.2d 313, 318 [8th Cir.1991] [computer software program]; Quincy Cablesystems, Inc. v. Sully's Bar, Inc., 650 F.Supp. 838, 848 [D.Mass.1986] [satellite cable signals]; Charter Hosp. of Mobile, Inc. v. Weinberg, 558 So.2d 909, 912 [Ala.1990] [addiction treatment program]; National Sur. Corp. v. Applied Sys., Inc., 418 So.2d 847, 850 [Ala.1982] [computer program]; Mundy v. Decker, 1999 WL 14479, *4, 1999 Neb App LEXIS 3, *10-12 [Ct.App.1999] [WordPerfect documents] ).A variety of arguments have been made in support of expanding the scope of conversion. Some courts have decided that a theft of intangible property is a violation of the criminal law and should be civilly remediable ( see *291 National Sur. Corp. v. Applied Sys., Inc., 418 So.2d at 850); that virtual documents can be made tangible “by the mere expedient of a printing key function” ( Shmueli v. Corcoran Group, 9 Misc.3d at 592, 802 N.Y.S.2d 871); that a writing is a document whether it is read on the computer or printed on paper ( see Kremen v. Cohen, 325 F.3d 1035, 1048 [9th Cir.2003, Kozinski, J., dissenting from certification] ); and that the expense of creating intangible, computerized information should be counterbalanced by the protection of an effective civil action ( see National Sur. Corp. v. Applied Sys., Inc., 418 So.2d at 850).On the other hand, the primary argument for retaining the traditional boundaries of the tort is that it “seem[s] preferable to fashion other remedies, such as unfair competition, to protect people from having intangible values used and appropriated in unfair ways” (Prosser and Keeton, Torts § 15, at 92). Nonetheless, advocates of this view readily concede that “[t]here is perhaps no very valid and essential reason why there might not be conversion of” intangible property ( id. at 92) and that there is “very little practical importance whether the tort is called conversion, or a similar tort with another name” because “[i]n either case the recovery is for the full value of the intangible right so appropriated” (Restatement [Second] of Torts § 242, Comment e ). The lack of a compelling reason to prohibit conversion for redress of a misappropriation of intangible property underscores the need for reevaluating the appropriate application of conversion.
'V“[I]t is the strength of the common law to respond, albeit cautiously and intelligently, to the demands of commonsense justice in an evolving society” ( Madden v. Creative Servs., 84 N.Y.2d 738, 744, 622 N.Y.S.2d 478, 646 N.E.2d 780 [1995]; see Hymowitz v. Eli Lilly & Co., 73 N.Y.2d 487, 507, 541 N.Y.S.2d 941, 539 N.E.2d 1069 [1989], cert. denied 493 U.S. 944, 110 S.Ct. 350, 107 L.Ed.2d 338 [1989] ). That time has arrived. The reasons for creating the merger doctrine and departing from the strict common-law limitation of conversion inform our analysis. The expansion of conversion to encompass a different class of property, such as shares of stock, was motivated by “society's growing dependence on intangibles” (Franks, Analyzing the Urge to Merge: Conversion of Intangible Property and the Merger Doctrine in the Wake of Kremen v. Cohen, 42 Hous. L. Rev. at 498). It cannot be seriously disputed that society's reliance on computers and electronic data is substantial, if not essential. Computers and digital information are *292 ubiquitous and pervade**1278 ***879 all aspects of business, financial and personal communication activities. Indeed, this opinion was drafted in electronic form, stored in a computer's memory and disseminated to the Judges of this Court via e-mail. We cannot conceive of any reason in law or logic why this process of virtual creation should be treated any differently from production by pen on paper or quill on parchment. A document stored on a computer hard drive has the same value as a paper document kept in a file cabinet.The merger rule reflected the concept that intangible property interests could be converted only by exercising dominion over the paper document that represented that interest ( see Pierpoint v. Hoyt, 260 N.Y. at 29, 182 N.E. 235). Now, however, it is customary that stock ownership exclusively exists in electronic format. Because shares of stock can be transferred by mere computer entries, a thief can use a computer to access a person's financial accounts and transfer the shares to an account controlled by the thief. Similarly, electronic documents and records stored on a computer can also be converted by simply pressing the delete button ( cf. Kremen v. Cohen, 337 F.3d at 1034 [“It would be a curious jurisprudence that turned on the existence of a paper document rather than an electronic one. Torching a company's file room would then be conversion while hacking into its mainframe and deleting its data would not” (emphasis omitted) ] ).Furthermore, it generally is not the physical nature of a document that determines its worth, it is the information memorialized in the document that has intrinsic value. A manuscript of a novel has the same value whether it is saved in a computer's memory or printed on paper. So too, the information that Thyroff allegedly stored on his leased computers in the form of electronic records of customer contacts and related data has value to him regardless of whether the format in which the information was stored was tangible or intangible. In the absence of a significant difference in the value of the information, the protections of the law should apply equally to both forms-physical and virtual.In light of these considerations, we believe that the tort of conversion must keep pace with the contemporary realities of widespread computer use. We therefore answer the certified question in the affirmative and hold that the type of data that Nationwide allegedly took possession of-electronic records that were stored on a computer and were indistinguishable from *293 printed documents-is subject to a claim of conversion in New York. Because this is the only type of intangible property at issue in this case, we do not consider whether any of the myriad other forms of virtual information should be protected by the tort.Accordingly, the certified question should be answered in the affirmative." Thyroff v Nationwide Mutual Ins. Co., 8 N.Y.3d 283, 864 N.E.2d 1272 (N.Y. 2007).
A good analysis of this decision (and a comparison with CFAA) appears in the October 1, 2007 edition of the National Law Journal.
"The Hand of History Lies Heavy Upon the Tort of Conversion"
In Thyroff v Nationwide Mutual Insurance Co., 493 F. 3d 109 (2d Cir. 2007) the U.S. Court of Appeals for the Second Circuit reversed its earlier decision affirming a dismissal (and also certifying a question to the New York Court of Appeals. Excerpt from the opinion (including the certified question, which the Court of Appeals Answers in the affirmative:
"Is a claim for the conversion of electronic data cognizable under New York law?" Thyroff, 460 F.3d at 408. On March 22, 2007, the New York Court of Appeals answered the certified question in the affirmative. See Thyroff, 8 N.Y.3d at 293, 832 N.Y.S.2d 873, 864 N.E.2d 1272. As we explained in our prior decision, "if a conversion claim may extend to electronic data, Thyroff has stated a claim sufficient to survive Nationwide's motion to dismiss for both his personal and business data." Thyroff, 460 F.3d at 405. Accordingly, based on the response from the New York Court of Appeals that electronic data may be the subject of a conversion claim under New York law, we vacate the district court's dismissal of Thyroff's conversion claim and remand for further proceedings." Thryroff, supra at 493 F. 3d at p. 109.
In New York, at least for the moment, a civil action for conversion of electronic data may be commenced. Under New York law, and unlike the CFAA, there is no jurisdictional damage minimum, and punitive damages may be sought by the aggrieved party. What remains unclear is whether, using the same analysis as in Thyroff, a criminal action for conversion may now be brought
The response by the New York State Court of Appeals to the question certified to it by the Second Circuit contains a short analysis of the history and evolution of conversion, trover and trespass to chattel, together with some impressive prose. Here, an extended excerpt:
"“The hand of history lies heavy upon the tort of conversion” (Prosser, The Nature of Conversion, 42 Cornell LQ 168, 169 [1957] ). The “ancient doctrine” has gone **1274 ***875 through a great deal of evolution over time (Franks, Analyzing the Urge to Merge: Conversion of Intangible Property and the Merger Doctrine in the Wake of Kremen v. Cohen, 42 Hous. L. Rev. 489, 495 and n. 32 [Summer 2005] ), dating back to the Norman Conquest of England in 1066 ( see Ames, The History of Trover, 11 Harv. L. Rev. 277, 278 [1897] [hereinafter Ames] ).Before the English royal government undertook the prosecution of crime, redress for the tortious or criminal misappropriation of chattels was limited to private actions, such as “the recuperatory appeals of robbery or larceny” available to persons whose property had been stolen ( id. at 278).FN3 In general, these appeals took two forms. If a thief was immediately apprehended while in possession of the stolen goods, the wrongdoer “was straightaway put to death [by the court], without a hearing, and the [victim] recovered his goods” ( id.). In other cases, rightful ownership of the property was usually determined by a “wager of battle”-a physical altercation or duel between the victim and the thief ( see Black's Law Dictionary 1544 [8th ed. 2004] ), with the victor taking title to the goods ( see Ames, 11 Harv. L. Rev. at 279). Because this “remedy” could lead to a thief killing or maiming the chattel's owner and taking legal ownership of the stolen property, it was “widely detested” by the populace (Black's Law Dictionary 1544).
FN3. There were also “punitory appeals,” which, as the name connotes, were utilized solely for punishing thieves in situations where property stolen was of a certain value and could not be recovered (Ames, 11 Harv. L. Rev. at 278).Over time, the practice of trial by jury was instituted and wager of battle steadily lost favor ( see Ames, *287 11 Harv. L. Rev. at 279-280). FN4 Contributing to its demise at the end of the 12th century was the advent of criminal prosecutions by the Crown. But successful prosecution by the government could result in forfeiture of the stolen chattels to the King rather than the return of property to its rightful owner-an unwelcome prospect for the victim of a theft.
FN4. Wager of battle was not formally abolished in England until 1818 ( see Black's Law Dictionary 1544).The appeals of robbery and larceny also failed to provide an adequate remedy because a victim could not seek monetary damages from the thief-the only remedy was return of the stolen property. By 1252, a new cause of action- trespass de bonis asportatis FN5-was introduced. It allowed a plaintiff to obtain pecuniary damages for certain misappropriations of property and, following a favorable jury verdict, the sale of the defendant's property to pay a plaintiff the value of the stolen goods.FN6 If, however, the defendant offered to return the property to its rightful owner, the owner had to accept it and “recovery was limited to the damages he had sustained through his loss of possession, or through harm to the chattel, which were usually considerably less than its value” (Prosser, The Nature of Conversion, 42 Cornell LQ at 170).
FN5. A Latin phrase meaning “trespass for carrying goods away” (Black's Law Dictionary 1542).
FN6. “Detinue,” a related cause of action, provided a similar remedy for the improper detention (as opposed to taking) of property ( see Ames, 11 Harv. L. Rev. at 375).In the late 15th century, the common law was extended to “fill the gap left by the action of trespass” (Prosser and Keeton, Torts § 15, at 89 [5th ed.] ) by providing a more comprehensive remedy in cases where a defendant's interference with property rights was so serious that it went **1275 ***876 beyond mere trespass to a conversion of the property ( see Prosser, 42 Cornell LQ at 169). Known as “trover,” this cause of action was aimed at a person who had found goods and refused to return them to the title owner, and was premised on the theory that:“the defendant, by ‘converting’ the chattel to his own use, had appropriated the plaintiff's rights, for which he was required to make compensation. The plaintiff was therefore not required to accept the chattel when it was tendered back to him; and he recovered as his damages the full value of the chattel at the time and place of the conversion.... The *288 effect was that the defendant was compelled, because of his wrongful appropriation, to buy the chattel at a forced sale, of which the action of trover was the judicial instrument” ( id. at 170).An action for trover originally could not be invoked by a person who did not lose personal property or have a right to immediate possession of the property ( see Restatement [Second] of Torts § 222A, Comments a, b; Ames, 11 Harv. L. Rev. at 277). Because of the advantages that trover afforded over older forms of relief, its use was stretched to cover additional misappropriations, including thefts ( see Prosser, 42 Cornell LQ at 169; Restatement [Second] of Torts § 222A, Comment a ).Trover gave way slowly to the tort of conversion, which was created to address “some interferences with chattels for which the action of trover would not lie,” such as a claim dealing with a right of future possession (Restatement [Second] of Torts § 222A, Comment b ). The technical differences between trover and conversion eventually disappeared. The Restatement (Second) of Torts now defines conversion as an intentional act of “dominion or control over a chattel which so seriously interferes with the right of another to control it that the actor may justly be required to pay the other the full value of the chattel” ( id. § 222A [1] ).
IIIAs history reveals, the common law has evolved to broaden the remedies available for the misappropriation of personal property. As the concept of summary execution and wager of battle became incompatible with emerging societal values, the law changed. Similarly, the courts became willing to consider new species of personal property eligible for conversion actions.Conversion and its common-law antecedents were directed against interferences with or misappropriation of “goods” that were tangible, personal property. This was consistent with the original notions associated with the appeals of robbery and larceny, trespass and trover because tangible property could be lost or stolen ( see Prosser and Keeton, Torts § 15, at 90). By contrast, real property and all manner of intangible rights could not be “lost or found” in the eyes of the law and were not therefore subject to an action for trover or conversion ( see id. at 91).Under this traditional construct, conversion was viewed as “the ‘unauthorized assumption and exercise of the right of *289 ownership over goods belonging to another to the exclusion of the owner's rights' ” ( State of New York v. Seventh Regiment Fund, 98 N.Y.2d 249, 259, 746 N.Y.S.2d 637, 774 N.E.2d 702 [2002], quoting Vigilant Ins. Co. of Am. v. Housing Auth. of City of El Paso, Tex., 87 N.Y.2d 36, 44, 637 N.Y.S.2d 342, 660 N.E.2d 1121 [1995]; see e.g. Colavito v. New York Organ Donor Network, Inc., 8 N.Y.3d 43, 49-50, 827 N.Y.S.2d 96, 860 N.E.2d 713 [2006]; Industrial & Gen. Trust, Ltd. v. Tod, 170 N.Y. 233, 245, 63 N.E. 285 [1902] ). Thus, the general rule was that “an action for conversion will not normally lie, when it **1276 ***877 involves intangible property” because there is no physical item that can be misappropriated ( Sporn v. MCA Records, 58 N.Y.2d 482, 489, 462 N.Y.S.2d 413, 448 N.E.2d 1324 [1983] ).Despite this long-standing reluctance to expand conversion beyond the realm of tangible property, some courts determined that there was “no good reason for keeping up a distinction that arose wholly from that original peculiarity of the action” of trover (that an item had to be capable of being lost and found) and substituted a theory of conversion that covered “things represented by valuable papers, such as certificates of stock, promissory notes, and other papers of value” ( Ayres v. French, 41 Conn. 142, 150, 151 [1874] ). This, in turn, led to the recognition that an intangible property right can be united with a tangible object for conversion purposes ( see Agar v. Orda, 264 N.Y. 248, 251, 190 N.E. 479 [1934]; Iglesias v. United States, 848 F.2d 362, 364 [2d Cir.1988] ).In Agar, which involved the conversion of intangible shares of stock, this Court applied the so-called “merger” doctrine because:“for practical purposes [the shares] are merged in stock certificates which are instrumentalities of trade and commerce.... Such certificates ‘are treated by business men as property for all practical purposes.’ ... Indeed, this court has held that the shares of stock are so completely merged in the certificate that conversion of the certificate may be treated as a conversion of the shares of stock represented by the certificate” (264 N.Y. at 251, 190 N.E. 479; see also Pierpoint v. Hoyt, 260 N.Y. 26, 28-29, 182 N.E. 235 [1932] ).More recently, we concluded that a plaintiff could maintain a cause of action for conversion where the defendant infringed on the plaintiff's intangible property right to a musical performance by misappropriating a master recording-a tangible item *290 of property capable of being physically taken ( see Sporn v. MCA Records, 58 N.Y.2d at 489, 462 N.Y.S.2d 413, 448 N.E.2d 1324).FN7
FN7. The Restatement (Second) of Torts reflects the “merger” theory as follows:“(1) Where there is conversion of a document in which intangible rights are merged, the damages include the value of such rights.“(2) One who effectively prevents the exercise of intangible rights of the kind customarily merged in a document is subject to a liability similar to that for conversion, even though the document is not itself converted” (Restatement [Second] of Torts § 242).
IVWe have not previously had occasion to consider whether the common law should permit conversion for intangible property interests that do not strictly satisfy the merger test. Although some courts have adhered to the traditional rules of conversion ( see e.g. Allied Inv. Corp. v. Jasen, 354 Md. 547, 562, 731 A.2d 957, 965 [1999] [interests in partnership and corporation]; Northeast Coating Tech., Inc. v. Vacuum Metallurgical Co., Ltd., 684 A.2d 1322, 1324 [Me.1996] [interest in information contained in prospectus]; Montecalvo v. Mandarelli, 682 A.2d 918, 929 [R.I.1996] [partnership interest] ), others have taken a more flexible view of conversion and held that the cause of action can embrace intangible property ( see e.g. Kremen v. Cohen, 337 F.3d 1024, 1033-1034 [9th Cir.2003] [Internet domain name; applying California law]; Shmueli v. Corcoran Group, 9 Misc.3d 589, 594, 802 N.Y.S.2d 871 [Sup.Ct., N.Y. County 2005] [computerized client/investor list]; see generally **1277 ***878 Town & Country Props., Inc. v. Riggins, 249 Va. 387, 396-397, 457 S.E.2d 356, 363-364 [1995] [person's name] ).FN8
FN8. At least one court has approved of the use of conversion by referencing the merger doctrine ( see e.g. Astroworks, Inc. v. Astroexhibit, Inc., 257 F.Supp.2d 609, 618 [S.D.N.Y.2003] [conversion of idea that was represented by an Internet Web site] ). Conversion claims have also been approved without consideration of the historical limits of the cause of action ( see e.g. Cole v. Control Data Corp., 947 F.2d 313, 318 [8th Cir.1991] [computer software program]; Quincy Cablesystems, Inc. v. Sully's Bar, Inc., 650 F.Supp. 838, 848 [D.Mass.1986] [satellite cable signals]; Charter Hosp. of Mobile, Inc. v. Weinberg, 558 So.2d 909, 912 [Ala.1990] [addiction treatment program]; National Sur. Corp. v. Applied Sys., Inc., 418 So.2d 847, 850 [Ala.1982] [computer program]; Mundy v. Decker, 1999 WL 14479, *4, 1999 Neb App LEXIS 3, *10-12 [Ct.App.1999] [WordPerfect documents] ).A variety of arguments have been made in support of expanding the scope of conversion. Some courts have decided that a theft of intangible property is a violation of the criminal law and should be civilly remediable ( see *291 National Sur. Corp. v. Applied Sys., Inc., 418 So.2d at 850); that virtual documents can be made tangible “by the mere expedient of a printing key function” ( Shmueli v. Corcoran Group, 9 Misc.3d at 592, 802 N.Y.S.2d 871); that a writing is a document whether it is read on the computer or printed on paper ( see Kremen v. Cohen, 325 F.3d 1035, 1048 [9th Cir.2003, Kozinski, J., dissenting from certification] ); and that the expense of creating intangible, computerized information should be counterbalanced by the protection of an effective civil action ( see National Sur. Corp. v. Applied Sys., Inc., 418 So.2d at 850).On the other hand, the primary argument for retaining the traditional boundaries of the tort is that it “seem[s] preferable to fashion other remedies, such as unfair competition, to protect people from having intangible values used and appropriated in unfair ways” (Prosser and Keeton, Torts § 15, at 92). Nonetheless, advocates of this view readily concede that “[t]here is perhaps no very valid and essential reason why there might not be conversion of” intangible property ( id. at 92) and that there is “very little practical importance whether the tort is called conversion, or a similar tort with another name” because “[i]n either case the recovery is for the full value of the intangible right so appropriated” (Restatement [Second] of Torts § 242, Comment e ). The lack of a compelling reason to prohibit conversion for redress of a misappropriation of intangible property underscores the need for reevaluating the appropriate application of conversion.
'V“[I]t is the strength of the common law to respond, albeit cautiously and intelligently, to the demands of commonsense justice in an evolving society” ( Madden v. Creative Servs., 84 N.Y.2d 738, 744, 622 N.Y.S.2d 478, 646 N.E.2d 780 [1995]; see Hymowitz v. Eli Lilly & Co., 73 N.Y.2d 487, 507, 541 N.Y.S.2d 941, 539 N.E.2d 1069 [1989], cert. denied 493 U.S. 944, 110 S.Ct. 350, 107 L.Ed.2d 338 [1989] ). That time has arrived. The reasons for creating the merger doctrine and departing from the strict common-law limitation of conversion inform our analysis. The expansion of conversion to encompass a different class of property, such as shares of stock, was motivated by “society's growing dependence on intangibles” (Franks, Analyzing the Urge to Merge: Conversion of Intangible Property and the Merger Doctrine in the Wake of Kremen v. Cohen, 42 Hous. L. Rev. at 498). It cannot be seriously disputed that society's reliance on computers and electronic data is substantial, if not essential. Computers and digital information are *292 ubiquitous and pervade**1278 ***879 all aspects of business, financial and personal communication activities. Indeed, this opinion was drafted in electronic form, stored in a computer's memory and disseminated to the Judges of this Court via e-mail. We cannot conceive of any reason in law or logic why this process of virtual creation should be treated any differently from production by pen on paper or quill on parchment. A document stored on a computer hard drive has the same value as a paper document kept in a file cabinet.The merger rule reflected the concept that intangible property interests could be converted only by exercising dominion over the paper document that represented that interest ( see Pierpoint v. Hoyt, 260 N.Y. at 29, 182 N.E. 235). Now, however, it is customary that stock ownership exclusively exists in electronic format. Because shares of stock can be transferred by mere computer entries, a thief can use a computer to access a person's financial accounts and transfer the shares to an account controlled by the thief. Similarly, electronic documents and records stored on a computer can also be converted by simply pressing the delete button ( cf. Kremen v. Cohen, 337 F.3d at 1034 [“It would be a curious jurisprudence that turned on the existence of a paper document rather than an electronic one. Torching a company's file room would then be conversion while hacking into its mainframe and deleting its data would not” (emphasis omitted) ] ).Furthermore, it generally is not the physical nature of a document that determines its worth, it is the information memorialized in the document that has intrinsic value. A manuscript of a novel has the same value whether it is saved in a computer's memory or printed on paper. So too, the information that Thyroff allegedly stored on his leased computers in the form of electronic records of customer contacts and related data has value to him regardless of whether the format in which the information was stored was tangible or intangible. In the absence of a significant difference in the value of the information, the protections of the law should apply equally to both forms-physical and virtual.In light of these considerations, we believe that the tort of conversion must keep pace with the contemporary realities of widespread computer use. We therefore answer the certified question in the affirmative and hold that the type of data that Nationwide allegedly took possession of-electronic records that were stored on a computer and were indistinguishable from *293 printed documents-is subject to a claim of conversion in New York. Because this is the only type of intangible property at issue in this case, we do not consider whether any of the myriad other forms of virtual information should be protected by the tort.Accordingly, the certified question should be answered in the affirmative." Thyroff v Nationwide Mutual Ins. Co., 8 N.Y.3d 283, 864 N.E.2d 1272 (N.Y. 2007).
A good analysis of this decision (and a comparison with CFAA) appears in the October 1, 2007 edition of the National Law Journal.
Friday, September 21, 2007
2007-09-21 DC Bar Publishes Metadata Ethics Opinion - Sending and Mining Issues Addressed
The District of Columbia Bar recently issued an opinion on a lawyer's ethical obligations and responsibilities in connection with the sending or receipt of electronic data in a non-discovery context, that might contain confidential information.
The DC Bar approach takes a somewhat less balanced approach than does Florida, and permits greater leeway to a receiving party. To that end, the DC Bar opinion places upon the sending attorney a reasonable duty not to send electronic information containing confidence-laden metadata, but places an "actual knowledge" (rather than Florida's more stringent negligence-based "know or should know" standard) that a received document contains metadata.
In actuality the "actual knowledge" element might well prove be difficult to establish, as one might presume that the "actual knowledge" might be acted upon by as recipient in such as way as to *not* give rise to any suspicion of metadata mining. For instance, an attorney might have "actual knowledge" but unless that attorney acted in some way in furtherance upon that "actual knowledge" (such as claiming a fact found only in such metadata, or writing a brief setting forth such confidences, both of which seem fairly unlikely), an allegation of actual knowledge would probably fail.
Excerpt from DC Ethics Opinion 341:
Electronic Documents Provided Outside of Discovery
1. The Sending Lawyer:
Lawyers sending electronic documents outside of the context of responding to discovery or subpoenas have an obligation under Rule 1.6 to take reasonable steps to maintain the confidentiality of documents in their possession. This includes taking care to avoid providing electronic documents that inadvertently contain accessible information that is either a confidence or a secret and to employ reasonably available technical means to remove such metadata before sending the document. See N.Y. State Bar Ass'n Committee Op. 782. Accordingly, lawyers must either acquire sufficient understanding of the software that they use or ensure that their office employs safeguards to minimize the risk of inadvertent disclosures.
2. The Receiving Lawyer:
More often than not, the exchange of metadata between lawyers is either mutually helpful or otherwise harmless. Lawyers routinely exchange contracts, stipulations, and other documents that include “track changes” or other software features which highlight suggested modifications. Similarly, spreadsheets include necessary metadata such as formulas for the columns and rows, thereby providing a useful understanding of the calculations made. But when a receiving lawyer has actual knowledge that the sender inadvertently included metadata in an electronic document, we believe that the principles stated in Opinion Nos. 256 and 318 relating to inadvertent production of privileged material should be used in determining the receiving lawyer’s obligations. In Opinion No. 256, we stated that, where a lawyer knows that a privileged document was inadvertently sent, it is a dishonest act under D.C. Rule 8.4(c) for the lawyer to review and use it without consulting with the sender. We reached a similar conclusion in Opinion No. 318, regarding the receipt of documents from third parties. However, we noted in Opinion 318 that, where the privileged nature of the document is not apparent on its face, there is no obligation to refrain from reviewing it, and the duty of diligent representation under D.C. Rule 1.3 may trump confidentiality concerns.
http://www.dcbar.org/for_lawyers/ethics/legal_ethics/opinions/opinion341.cfm
The District of Columbia Bar recently issued an opinion on a lawyer's ethical obligations and responsibilities in connection with the sending or receipt of electronic data in a non-discovery context, that might contain confidential information.
The DC Bar approach takes a somewhat less balanced approach than does Florida, and permits greater leeway to a receiving party. To that end, the DC Bar opinion places upon the sending attorney a reasonable duty not to send electronic information containing confidence-laden metadata, but places an "actual knowledge" (rather than Florida's more stringent negligence-based "know or should know" standard) that a received document contains metadata.
In actuality the "actual knowledge" element might well prove be difficult to establish, as one might presume that the "actual knowledge" might be acted upon by as recipient in such as way as to *not* give rise to any suspicion of metadata mining. For instance, an attorney might have "actual knowledge" but unless that attorney acted in some way in furtherance upon that "actual knowledge" (such as claiming a fact found only in such metadata, or writing a brief setting forth such confidences, both of which seem fairly unlikely), an allegation of actual knowledge would probably fail.
Excerpt from DC Ethics Opinion 341:
Electronic Documents Provided Outside of Discovery
1. The Sending Lawyer:
Lawyers sending electronic documents outside of the context of responding to discovery or subpoenas have an obligation under Rule 1.6 to take reasonable steps to maintain the confidentiality of documents in their possession. This includes taking care to avoid providing electronic documents that inadvertently contain accessible information that is either a confidence or a secret and to employ reasonably available technical means to remove such metadata before sending the document. See N.Y. State Bar Ass'n Committee Op. 782. Accordingly, lawyers must either acquire sufficient understanding of the software that they use or ensure that their office employs safeguards to minimize the risk of inadvertent disclosures.
2. The Receiving Lawyer:
More often than not, the exchange of metadata between lawyers is either mutually helpful or otherwise harmless. Lawyers routinely exchange contracts, stipulations, and other documents that include “track changes” or other software features which highlight suggested modifications. Similarly, spreadsheets include necessary metadata such as formulas for the columns and rows, thereby providing a useful understanding of the calculations made. But when a receiving lawyer has actual knowledge that the sender inadvertently included metadata in an electronic document, we believe that the principles stated in Opinion Nos. 256 and 318 relating to inadvertent production of privileged material should be used in determining the receiving lawyer’s obligations. In Opinion No. 256, we stated that, where a lawyer knows that a privileged document was inadvertently sent, it is a dishonest act under D.C. Rule 8.4(c) for the lawyer to review and use it without consulting with the sender. We reached a similar conclusion in Opinion No. 318, regarding the receipt of documents from third parties. However, we noted in Opinion 318 that, where the privileged nature of the document is not apparent on its face, there is no obligation to refrain from reviewing it, and the duty of diligent representation under D.C. Rule 1.3 may trump confidentiality concerns.
http://www.dcbar.org/for_lawyers/ethics/legal_ethics/opinions/opinion341.cfm
Saturday, September 08, 2007
2007-09-08 Source Code for Breath Alcohol Device Revealed --- With Scathing Expert Analysis and a pre-4th Circ. Crawford v. Washington Testimonial Hearsay Argument - State v. Chun (N.J. Supreme Court, Docket No 58,879)
More proof that "code speaks" after all, and a good reference tool for those who make the argument that examining the source code comprising in a computing environment is essential in making arguments either in support or challenging computer generated evidence.
A breakthrough has occurred during the pendency of an appeal of a DUI conviction involving breath alcohol device in the New Jersey Supreme Court. The manufacturer of the device, the "Draeger Alco-Test 7110 Mk III" voluntarily provided the source code in advance of a decision by the Supreme Court of New Jersey. A source code examination was performed by software house "Base One."
"1. The Alcotest Software Would Not Pass U.S. Industry Standards for Software Development and Testing: The program presented shows ample evidence of incomplete design, incomplete verification of design, and incomplete “white box” and “black box” testing. Therefore the software has to be considered unreliable and untested, and in several cases it does not meet stated requirements. The planning and documentation of the design is haphazard. Sections of the original code and modified code show evidence of using an experimental approach to coding, or use what is best described as the “trial and error” method. Several sections are marked as “temporary, for now”. Other sections were added to existing modules or inserted in a code stream, leading to a patchwork design and coding style. The software development life-cycle concept is governed by one of the nationally and internationally recognized development standards to prevent defects from entering the software during the design process, and to find and eliminate more defects as the software is coded, tested, and released to the field. This concept of software development using standards requires extensive and meticulous supporting data, and notations in source files, and a configuration management system. None of this methodology is evident in the Alcotest code. Further, the decision method of how to allocate the architecture and assignment of tasks does not match any of the software standards. This further substantiates that software development standards were not used to verify or test the software, including the ISO 9000 family of standards. It is clear that, as submitted, the Alcotest software would not pass development standards and testing for the U.S. Government or Military. It would fail software standards for the Federal Aviation Administration (FAA) and Federal Drug Administration (FDA), as well as commercial standards used in devices for public safety. This means the Alcotest would not be considered for military applications such as analyzing breath alcohol for fighter pilots. If the FAA imposed mandatory alcohol testing for all commercial pilots, the Alcotest would be rejected based upon the FAA safety and software standards.
2. Readings are Not Averaged Correctly: When the software takes a series of readings, it first averages the first two readings. Then, it averages the third reading with the average just computed. Then the fourth reading is averaged with the new average, and so on. There is no comment or note detailing a reason for this calculation, which would cause the first reading to have more weight than successive readings. Nonetheless, the comments say that the values should be averaged, and they are not.
3. Results Limited to Small, Discrete Values: The A/D converters measuring the IR readings and the fuel cell readings can produce values between 0 and 4095. However, the software divides the final average(s) by 256, meaning the final result can only have 16 values to represent the five-volt range (or less), or, represent the range of alcohol readings possible. This is a loss of precision in the data; of a possible twelve bits of information, only four bits are used. Further, because of an attribute in the IR calculations, the result value is further divided in half. This means that only 8 values are possible for the IR detection, and this is compared against the 16 values of the fuel cell.
4. Catastrophic Error Detection Is Disabled: An interrupt that detects that the microprocessor is trying to execute an illegal instruction is disabled, meaning that the Alcotest software could appear to run correctly while executing wild branches or invalid code for a period of time. Other interrupts ignored are the Computer Operating Property (a watchdog timer), and the Software Interrupt.
5. Implemented Design Lacks Positive Feedback: The software controls electrical lines, which switch devices on and off, such as an air pump, infrared source, etc. The design does not provide a monitoring sensory line (loop back) for the software to detect that the device state actually changed. This means that the software assumes the change in state is always correct, but it cannot verify the action.
6. Diagnostics Adjust/Substitute Data Readings: The diagnostic routines for the Analog to Digital (A/D) Converters will substitute arbitrary, favorable readings for the measured device if the measurement is out of range, either too high or too low. The values will be forced to a high or low limit, respectively. This error condition is suppressed unless it occurs frequently enough.
7. Flow Measurements Adjusted/Substituted: The software takes an airflow measurement at power-up, and presumes this value is the “zero line” or baseline measurement for subsequent calculations. No quality check or reasonableness test is done on this measurement. Subsequent calculations are compared against this baseline measurement, and the difference is the change in airflow. If the airflow is slower than the baseline, this would result in a negative flow measurement, so the software simply adjusts the negative reading to a positive value.If the measurement of a later baseline is taken, and the measurement is declared in error by the software, the software simply uses the last “good” baseline, and continues to read flow values from a declared erroneous measurement device.
8. Range Limits Are Substituted for Incorrect Average Measurements: In a manner similar to the diagnostics, voltage values are read and averaged into a value. If the resulting average is a value out of range, the averaged value is changed to the low or high limit value. If the value is out of range after averaging, this should indicate a serious problem, such as a failed A/D converter.
9. Code Does Not Detect Data Variations
10. Error Detection Logic: The software design detects measurement errors, but ignores these errors unless they occur a consecutive total number of times. For example, in the airflow measuring logic, if a flow measurement is above the prescribed maximum value, it is called an error, but this error must occur 32 consecutive times for the error to be handled and displayed. This means that the error could occur 31 times, then appear within range once, then appear 31 times, etc., and never be reported. The software uses different criteria values (e.g. 10 instead of 32) for the measurements of the various Alcotest components, but the error detection logic is the same as described.
11. Timing Problems: The design of the code is to run in timed units of 8.192 milliseconds, by means of an interrupt signal to a handler, which then signals the main program control that it can continue to the next segment. The interrupt goes off every 8.192 ms, not 8.192 ms from my latest request for a time delay. The more often the code calls a single 8.192 ms interrupt, the more inaccurate the software timing can be, because the requests from the mainline software instructions are out of phase with the continuously operating timer interrupt routine.
12. Defects In Three Out Of Five Lines Of Code: A universal tool in the opensource community, called Lint, was used to analyze the source code written in C. This program uncovers a range of problems from minor to serious problems that can halt or cripple the program operation. This Lint program has been used for many years. It uncovered that there are 3 error lines for every 5 lines of source code in C. While Draeger's counsel claims that the "The Alcotest [7110] is the single best microprocessor-driven evidential breath tester on the market", Draeger has already replaced the antiquated 7110 with a newer Windows® based version, the 9510. The computer code in the 7110 is written on an Atari®-styled chip, utilizing fifteen to twenty year old technology in 1970s coding style."
The link to the Overview: http://www.dwi-nj.com/pdf/DRAEGERALCOTEST7110MKIII-C.pdf
The result of the Base One examination provides additional support for the proposition that the "statements" of the computer programmers in fashioning a series of "if-then" statements, particularly when taken together with the remarks that may be recorded as part of uncompiled source code used to create a software and hardware environment for a breath-alcohol testing device (or any computer, for that matter) are the "statements" of a human declarant made out of court. This critical issue has been misaddressed, or because of semantic confusion, misinterpreted by the 4th and the 10th Circuit in their view that the computer code used to produce (and I am careful not to limit the code process to "calculate" results) is a not a "statement" made by a "person" --- and therefore also not hearsay which might be subject the code to the 6th Amendment scrutiny afforded such testimony by the Supreme Court in Crawford.
More proof that "code speaks" after all, and a good reference tool for those who make the argument that examining the source code comprising in a computing environment is essential in making arguments either in support or challenging computer generated evidence.
A breakthrough has occurred during the pendency of an appeal of a DUI conviction involving breath alcohol device in the New Jersey Supreme Court. The manufacturer of the device, the "Draeger Alco-Test 7110 Mk III" voluntarily provided the source code in advance of a decision by the Supreme Court of New Jersey. A source code examination was performed by software house "Base One."
Overview of Expert Findings - (Which identified more than 19,400 potential errors in the code):
"1. The Alcotest Software Would Not Pass U.S. Industry Standards for Software Development and Testing: The program presented shows ample evidence of incomplete design, incomplete verification of design, and incomplete “white box” and “black box” testing. Therefore the software has to be considered unreliable and untested, and in several cases it does not meet stated requirements. The planning and documentation of the design is haphazard. Sections of the original code and modified code show evidence of using an experimental approach to coding, or use what is best described as the “trial and error” method. Several sections are marked as “temporary, for now”. Other sections were added to existing modules or inserted in a code stream, leading to a patchwork design and coding style. The software development life-cycle concept is governed by one of the nationally and internationally recognized development standards to prevent defects from entering the software during the design process, and to find and eliminate more defects as the software is coded, tested, and released to the field. This concept of software development using standards requires extensive and meticulous supporting data, and notations in source files, and a configuration management system. None of this methodology is evident in the Alcotest code. Further, the decision method of how to allocate the architecture and assignment of tasks does not match any of the software standards. This further substantiates that software development standards were not used to verify or test the software, including the ISO 9000 family of standards. It is clear that, as submitted, the Alcotest software would not pass development standards and testing for the U.S. Government or Military. It would fail software standards for the Federal Aviation Administration (FAA) and Federal Drug Administration (FDA), as well as commercial standards used in devices for public safety. This means the Alcotest would not be considered for military applications such as analyzing breath alcohol for fighter pilots. If the FAA imposed mandatory alcohol testing for all commercial pilots, the Alcotest would be rejected based upon the FAA safety and software standards.
2. Readings are Not Averaged Correctly: When the software takes a series of readings, it first averages the first two readings. Then, it averages the third reading with the average just computed. Then the fourth reading is averaged with the new average, and so on. There is no comment or note detailing a reason for this calculation, which would cause the first reading to have more weight than successive readings. Nonetheless, the comments say that the values should be averaged, and they are not.
3. Results Limited to Small, Discrete Values: The A/D converters measuring the IR readings and the fuel cell readings can produce values between 0 and 4095. However, the software divides the final average(s) by 256, meaning the final result can only have 16 values to represent the five-volt range (or less), or, represent the range of alcohol readings possible. This is a loss of precision in the data; of a possible twelve bits of information, only four bits are used. Further, because of an attribute in the IR calculations, the result value is further divided in half. This means that only 8 values are possible for the IR detection, and this is compared against the 16 values of the fuel cell.
4. Catastrophic Error Detection Is Disabled: An interrupt that detects that the microprocessor is trying to execute an illegal instruction is disabled, meaning that the Alcotest software could appear to run correctly while executing wild branches or invalid code for a period of time. Other interrupts ignored are the Computer Operating Property (a watchdog timer), and the Software Interrupt.
5. Implemented Design Lacks Positive Feedback: The software controls electrical lines, which switch devices on and off, such as an air pump, infrared source, etc. The design does not provide a monitoring sensory line (loop back) for the software to detect that the device state actually changed. This means that the software assumes the change in state is always correct, but it cannot verify the action.
6. Diagnostics Adjust/Substitute Data Readings: The diagnostic routines for the Analog to Digital (A/D) Converters will substitute arbitrary, favorable readings for the measured device if the measurement is out of range, either too high or too low. The values will be forced to a high or low limit, respectively. This error condition is suppressed unless it occurs frequently enough.
7. Flow Measurements Adjusted/Substituted: The software takes an airflow measurement at power-up, and presumes this value is the “zero line” or baseline measurement for subsequent calculations. No quality check or reasonableness test is done on this measurement. Subsequent calculations are compared against this baseline measurement, and the difference is the change in airflow. If the airflow is slower than the baseline, this would result in a negative flow measurement, so the software simply adjusts the negative reading to a positive value.If the measurement of a later baseline is taken, and the measurement is declared in error by the software, the software simply uses the last “good” baseline, and continues to read flow values from a declared erroneous measurement device.
8. Range Limits Are Substituted for Incorrect Average Measurements: In a manner similar to the diagnostics, voltage values are read and averaged into a value. If the resulting average is a value out of range, the averaged value is changed to the low or high limit value. If the value is out of range after averaging, this should indicate a serious problem, such as a failed A/D converter.
9. Code Does Not Detect Data Variations
10. Error Detection Logic: The software design detects measurement errors, but ignores these errors unless they occur a consecutive total number of times. For example, in the airflow measuring logic, if a flow measurement is above the prescribed maximum value, it is called an error, but this error must occur 32 consecutive times for the error to be handled and displayed. This means that the error could occur 31 times, then appear within range once, then appear 31 times, etc., and never be reported. The software uses different criteria values (e.g. 10 instead of 32) for the measurements of the various Alcotest components, but the error detection logic is the same as described.
11. Timing Problems: The design of the code is to run in timed units of 8.192 milliseconds, by means of an interrupt signal to a handler, which then signals the main program control that it can continue to the next segment. The interrupt goes off every 8.192 ms, not 8.192 ms from my latest request for a time delay. The more often the code calls a single 8.192 ms interrupt, the more inaccurate the software timing can be, because the requests from the mainline software instructions are out of phase with the continuously operating timer interrupt routine.
12. Defects In Three Out Of Five Lines Of Code: A universal tool in the opensource community, called Lint, was used to analyze the source code written in C. This program uncovers a range of problems from minor to serious problems that can halt or cripple the program operation. This Lint program has been used for many years. It uncovered that there are 3 error lines for every 5 lines of source code in C. While Draeger's counsel claims that the "The Alcotest [7110] is the single best microprocessor-driven evidential breath tester on the market", Draeger has already replaced the antiquated 7110 with a newer Windows® based version, the 9510. The computer code in the 7110 is written on an Atari®-styled chip, utilizing fifteen to twenty year old technology in 1970s coding style."
The link to the Overview: http://www.dwi-nj.com/pdf/DRAEGERALCOTEST7110MKIII-C.pdf
The link to the complete Base One Expert Report: http://www.dwi-nj.com/pdf/AlcoTestReportBaseOne82707v2.pdf
Crawford v Washington Argument re: Testimonial Hearsay: As for the application of Crawford v. Washington to computer generated information used to accuse (and convict), appellant's counsel Evan Levow argues in Appellant's Brief that ""[T]he Framers would be astounded to learn that ex parte testimony could be admitted against a criminal defendant because it was elicited” not “by ‘neutral’ government officers,”178 but by a machine." Mr. Levow's argument is on point, but his brief concludes that the computer code is testimonial hearsay, without addressing whether there is a human "declarant" uttering the out of court statement. Here, the link to Appellant's Brief: http://www.dwi-nj.com/pdf/Chun-Defense-Brief.pdf. He does not address the definitional issue elevating the source code from non-hearsay to hearsay status.
The result of the Base One examination provides additional support for the proposition that the "statements" of the computer programmers in fashioning a series of "if-then" statements, particularly when taken together with the remarks that may be recorded as part of uncompiled source code used to create a software and hardware environment for a breath-alcohol testing device (or any computer, for that matter) are the "statements" of a human declarant made out of court. This critical issue has been misaddressed, or because of semantic confusion, misinterpreted by the 4th and the 10th Circuit in their view that the computer code used to produce (and I am careful not to limit the code process to "calculate" results) is a not a "statement" made by a "person" --- and therefore also not hearsay which might be subject the code to the 6th Amendment scrutiny afforded such testimony by the Supreme Court in Crawford.
Monday, August 27, 2007
2007-08-27 Peskoff v Faber, Round 2 - Refinements to Accessibility, Duty to Preserve and Litigation Holds
Judge Facciola issued a second decision involving what appears to be a rather ugly dispute between the parties. (See in particular, Footnote 7 to the opinion). The Court provides additional guidance in connection with the duty to preserve and for litigation holds as they relate to a party's discontinuation of "automatic deletion features" in a data generating system.
The Court first revisits and again endorses its interpretation of the advisory committee comments to Fed. R. Civ. P. Rule 37(f) that any automatic deletion feature should be turned off and a litigation hold imposed once litigation can be reasonably anticipated:
Disability Rights Council v. Washington Metro. Transit Auth., 242 F.R.D. 139, 146 (D.D.C. 2007)."
Legitimate Exercise of Discretion to Act, Including Sanction: The Court then affirms the approach set out in Peskoff v Faber I: "Thus, as to the most recent time period at issue, Faber’s not turning the automatic deletion feature off once informed of pending litigation may serve as a premise for additional judicial action, including a sanction, without offending amended Rule 37(f). It is a legitimate exercise of discretion to require Faber to participate in a process to ascertain whether a forensic examination can yield emails that were deleted after February 6, 2004, because at that time Faber could reasonably anticipate that Peskoff would sue him."
The Court notes that, for the period prior to a party's having notice of pending litigation, Fed. R. Civ. P. 37(f) imposes no obligation for a party to suspend automatic deletion operations that are conducted in good faith and in a routine fashion.
"[Rule 37(f)] acts as "no impediment whatsoever to Faber and NextPoint continuing to operate the email system and its automatic deletion features as the system had operated before."
The Court then finds support for this approach in the words of the rule themselves: "[T]o the precise contrary, amended Rule 37(f) indicates that “[a]bsent exceptional circumstances, a court may not impose sanctions under these rules on a party for failing to provide electronically stored nformation lost as a result of the routine, good faith operation of an electronic information system.” I find no exceptional circumstances here and the automatic deletion features of the email system cannot be the basis for any sanctions in that period of time. "
Ah, but then, you know, we operate in a world of rules, subject to exception, which are in turn subject to other conditions...and here, "balancing factors"
The Fed. Rule Civ.P. 26(b) Balancing of Factors Test Exception to Rule 37(f)'s "Good Faith" and "Routine Operation" Safe Harbor Provisions: The Court then interprets Fed. R. Civ. P. Rule 26(b)(2)(C) to reads an exception into Rule 37(f)'s "good faith" and "routine activity" safe harbor provision:
"Nonetheless, Rule 37(f) must be read in conjunction with the discovery guidelines of Rule 26(b). In doing so, as discussed above, I find that balancing the factors in Rule 26(b)(2)(C) authorizes me to require Faber to participate in a process designed to ascertain whether a forensic examination is justified because the emails are relevant, the results of the search that was conducted are incomprehensible, and there is no other way to try to find the emails."
It therefore appears that some fairness and/or hardship showing may be used by counsel to overcome Rule 37(f)'s safe harbor provisions for automatic deletion operations even for "pre" notice of litigation periods.
The Court also supports its decision to bypass the safe harbor provisions of Rule 37(f) by noting that the party from whom such information was requested never objected to the document production request. Discovery fans will recognize that the rules provide that the failure to object to a discovery request can be deemed a waiver of objection. The Court points out that:
"First, I can begin with the premise that Faber never made any objection to Peskoff’s document request and, as I have noted, it is common ground that the emails sought are relevant... Courts have found that failure to state any objections to the production of documents in a timely manner constitutes a waiver of any objections, similar to Rule 33, even though Rule 34 does not contain an automatic waiver provision. Myrdal v. District of Columbia, Civ. A. No. 05-2351, 2007 WL 1655875 (D.D.C. June 7, 2007); Fonville v. District of Columbia, 230 F.R.D. 38, 42 (D.D.C. 2005) (finding that failure to object to document production in a timely manner, like the failure to object to an interrogatory, constitutes an automatic waiver of any objections). Thus, any objection Faber has to the document request at this late date on the grounds that the request should have issued separately to NextPoint under Rule 45 is waived. See Fed. R. Civ. P. 34(b)."
Accessibility Standard Redux
Judge Facciola issued a second decision involving what appears to be a rather ugly dispute between the parties. (See in particular, Footnote 7 to the opinion). The Court provides additional guidance in connection with the duty to preserve and for litigation holds as they relate to a party's discontinuation of "automatic deletion features" in a data generating system.
Anticipation of Litigation: Applicable Standard
The Court first revisits and again endorses its interpretation of the advisory committee comments to Fed. R. Civ. P. Rule 37(f) that any automatic deletion feature should be turned off and a litigation hold imposed once litigation can be reasonably anticipated:
"While the new amendment to Rule 37 of the Federal Rules of Civil Procedure indicates that, absent exceptional circumstances, a court may not impose sanctions on a party for “failing to provide electronically stored information lost as a result of the routine,good-faith operation of an electronic information system,” it is clear that this Rule does not exempt a party who fails to stop the operation of a system that is obliterating information that may be discoverable in litigation. . . . [T]he advisory committee note to that Rule states: [the Rule] applies to information lost due to the routine operation of an information system only if the operation was in good faith. Good faith in the routine operation of an information system may involve a party’s intervention to modify or suspend certain features of that routine operation to prevent the loss of information, if that information is subject to a preservation obligation. A preservation obligation may arise from many sources, including common law, statutes, regulations, or a court order in the case. The good faith requirement of [the Rule] means that a party is not permitted to exploit the routine operation of an information system to thwart discovery obligations by allowing that operation to continue in order to destroy specific stored information that it is required to preserve. When a party is under a duty to preserve information because of pending or reasonably anticipated litigation, intervention in the routine operation of an information system is one aspect of what is often called a“litigation hold.”"
Disability Rights Council v. Washington Metro. Transit Auth., 242 F.R.D. 139, 146 (D.D.C. 2007)."
Legitimate Exercise of Discretion to Act, Including Sanction: The Court then affirms the approach set out in Peskoff v Faber I: "Thus, as to the most recent time period at issue, Faber’s not turning the automatic deletion feature off once informed of pending litigation may serve as a premise for additional judicial action, including a sanction, without offending amended Rule 37(f). It is a legitimate exercise of discretion to require Faber to participate in a process to ascertain whether a forensic examination can yield emails that were deleted after February 6, 2004, because at that time Faber could reasonably anticipate that Peskoff would sue him."
Period Prior to Notice of Litigation: Applicable Standard
The Court notes that, for the period prior to a party's having notice of pending litigation, Fed. R. Civ. P. 37(f) imposes no obligation for a party to suspend automatic deletion operations that are conducted in good faith and in a routine fashion.
"[Rule 37(f)] acts as "no impediment whatsoever to Faber and NextPoint continuing to operate the email system and its automatic deletion features as the system had operated before."
The Court then finds support for this approach in the words of the rule themselves: "[T]o the precise contrary, amended Rule 37(f) indicates that “[a]bsent exceptional circumstances, a court may not impose sanctions under these rules on a party for failing to provide electronically stored nformation lost as a result of the routine, good faith operation of an electronic information system.” I find no exceptional circumstances here and the automatic deletion features of the email system cannot be the basis for any sanctions in that period of time. "
Ah, but then, you know, we operate in a world of rules, subject to exception, which are in turn subject to other conditions...and here, "balancing factors"
The Fed. Rule Civ.P. 26(b) Balancing of Factors Test Exception to Rule 37(f)'s "Good Faith" and "Routine Operation" Safe Harbor Provisions: The Court then interprets Fed. R. Civ. P. Rule 26(b)(2)(C) to reads an exception into Rule 37(f)'s "good faith" and "routine activity" safe harbor provision:
"Nonetheless, Rule 37(f) must be read in conjunction with the discovery guidelines of Rule 26(b). In doing so, as discussed above, I find that balancing the factors in Rule 26(b)(2)(C) authorizes me to require Faber to participate in a process designed to ascertain whether a forensic examination is justified because the emails are relevant, the results of the search that was conducted are incomprehensible, and there is no other way to try to find the emails."
It therefore appears that some fairness and/or hardship showing may be used by counsel to overcome Rule 37(f)'s safe harbor provisions for automatic deletion operations even for "pre" notice of litigation periods.
The Court also supports its decision to bypass the safe harbor provisions of Rule 37(f) by noting that the party from whom such information was requested never objected to the document production request. Discovery fans will recognize that the rules provide that the failure to object to a discovery request can be deemed a waiver of objection. The Court points out that:
"First, I can begin with the premise that Faber never made any objection to Peskoff’s document request and, as I have noted, it is common ground that the emails sought are relevant... Courts have found that failure to state any objections to the production of documents in a timely manner constitutes a waiver of any objections, similar to Rule 33, even though Rule 34 does not contain an automatic waiver provision. Myrdal v. District of Columbia, Civ. A. No. 05-2351, 2007 WL 1655875 (D.D.C. June 7, 2007); Fonville v. District of Columbia, 230 F.R.D. 38, 42 (D.D.C. 2005) (finding that failure to object to document production in a timely manner, like the failure to object to an interrogatory, constitutes an automatic waiver of any objections). Thus, any objection Faber has to the document request at this late date on the grounds that the request should have issued separately to NextPoint under Rule 45 is waived. See Fed. R. Civ. P. 34(b)."
Accessibility Standard Redux
Judge Facciola first reflects upon comments upon a New York Law Journal article from June 2007 that describes the approach taken in Peskoff v Faber I: to include "a per se rule that a party must search accessible data, irrespective of whether the cost of the search is justified by the relevance of what may be found, and to have “rejected Faber’s cost-shifting request.” The Court corrects this mis-impression by pointing out that: "...Faber has never made any “cost-shifting request” under Rule 26(b)(2)(B), nor has he ever contested the relevancy of the emails that Peskoff seeks. See Peskoff, 2006 WL 1933483 at *4"
Judge Facciola then drives the point home: "I readily concede that when the argument is made, the search for data, even if accessible, must be justified under the relevancy standard of Rule 26(b)(1).By performing the analysis under Rule 26(b)(2)(C), which assumes the relevancy standard under Rule 26(b)(1) is met, I do not mean to suggest the contrary. The point is that that balancing under Rule 26(b)(2)(C) was not invoked here to oppose the search,and I cannot accept the proposition that Faber may be relieved of searching accessible data when he does not argue that the search is not justified by the potential relevancy of what may be found." [Emphasis Added]
So?
Make the Argument or Waive the Argument
The upshot here is a party must object to the necessity (and relevancy) for a requested electronic systems discovery search in order to have a court invoke the balancing test required by Fed. R. Civ. P. Rule 26(b)(2)(C). If no objection is made, a court will not invoke a utility against cost balancing test sua sponte:
"I persist in my view that a party must search available electronic systems to answer any discovery request not objected to, see McPeek v. Ashcroft, 202 F.R.D. 31, 32 (D.D.C. 2001), and since Faber has never argued that the search is unnecessary or irrelevant but only that Peskoff should pay for it, I am hard pressed to understand why I am required to, sua sponte, balance utility against cost and relieve Faber of searching accessible, relevant data any more than I would have to do the same balancing before I required him to look through the file cabinet outside his office for a paper file."
Words to the wise..
S
Subscribe to:
Posts (Atom)
