E-Discovery Legal Issues for IT

Lawyers are often labeled as “luddites” and their lack of understanding of technology is legendary.

In an era, where almost all business records are in the form of electronically stored information, it has become essential for lawyers to become more technologically savvy.

On the other hand, it is just as important for IT to understand legal and its requests.

Ediscovery is one area, where this has become an absolute necessity.

But how well do IT professionals understand the legal aspects of their work? Most probably, not very well.

Are you an IT professional?

Do you believe that all your company’s data should be deleted as quick as possible? Do you believe that none of your company’s data should ever be deleted?

Have you ever received an instruction from the legal department that sounded like: “Save all responsive documents” and scratched your head as to what documents legal was referring to?

Is your company moving its database to the cloud? Are you involved in acquiring new hardware or software for your company?

If you answered yes to any of the above questions, the newly published e-book “E-Discovery Legal Issues Guidebook” is for you. It was published on September 7, 2012, by PenTest Magazine, the “only magazine devoted exclusively to penetration testing”.

This seventy page e-book is specifically aimed at IT professionals who deal with ediscovery. With its collection of eleven articles, written by thought leaders in the  field of ediscovery, it aims to inform IT professionals of the basic legal issues surrounding ediscovery.

In it, you will find analyses of the major ediscovery cases, from the seminal Zubulake case to the more recent Apple v. Samsung case. Basic legal ediscovery principles, such as the duty to preserve and spoliation are explained without the usual legal jargon. More advanced topics, such as ediscovery of data stored in the cloud and ediscovery of personal data in the EU are covered as well.

This publication recognizes the essential part IT professionals play in the process of ediscovery, and aims to foster co-operation between the legal and IT departments.

Disclosure: This blogger has contributed to the publication with a chapter on international ediscovery and EU data protection.

The Thief, The Programmer,The Hacker and The Data Protection Authority: How ILITA Cracked The Case

At the 33rd International Conference of Data Protection and Privacy Commissioners, (CDPP), held in Mexico City on November 2 and 3, Yoram Hacohen, Head of Israeli Law, Information and Technology Authority (ILITA) and Ariel Shoham, Deputy Head of the Enforcement Department of ILITA, held a private briefing, where they explained how they cracked the biggest privacy breach case that ever occurred in Israel.

Just a week earlier,on Monday, October 24, ILITA (The Istraeli Law, Information and Technology Authority in the Israeli Ministry of Justice), Israel’s Data Protection Authority, had made the following announcement on its website::

“ILITA (The Israeli Law, Information and Technology Authority in the Israeli Ministry of Justice), Israel’s Data Protection Authority, has cracked the case involving the theft of Israel’s Population Registry, the development of bespoke search and navigation software, and their dissemination online.

 ILITA’s investigation revealed that in 2006, an individual outsourcing service provider to the Ministry of Welfare and Social Services downloaded and stored at his home a complete electronic copy of Israel’s Population Registry, which contains numerous data fields such as full name, identification number, address, date of birth, date of death, date of immigration to Israel, family ties etc. for more than 9 million Israeli citizens, including minors and the deceased.

The suspect disseminated to a third party a copy of the database, which subsequently reached a software developer who developed a program called “Agron 2006” to enable users to run complex searches and queries on the data, including navigating among family ties of the entire Israeli population. The “Agron” software was then cracked and eventually uploaded by a hacker to online peer to peer networks and disseminated worldwide. The hacker went further to create a website promoting the download and use of “Agron”, while implementing sophisticated means, such as proxy servers and purging of traces on his computer, to conceal his identity and try to evade Israeli jurisdiction .”

In this video, filmed by this author during the briefing at the CDPP Conference ,Yoram Hacohen, Head of ILITA and Ariel Shoham, Deputy Head of the Enforcement Department of ILITA, explain how they cracked the biggest ever Israeli privacy breach case.

They started by mapping the entire information infrastructure of the Ministry of Interior, where the breach had occurred, to understand the information flow. ILITA’s forensic lab then retrieved sixty five terabytes of information from diverse sources, most of which were obtained with court orders. Over 135,000 phone calls, 111 external hard drives, 3,232 CD’s, 25 desktops, 13 laptops, 15 USB drives, 45 internal HDs and 25 mobile phones were analyzed.

Watch this fascinating briefing to find out how the investigation led to the unmasking and arrest of six suspects and how one fatal “mistake” by the hacker who published the registry online led to his discovery.