Embed Size (px)
Citation preview
1
Data Management to Data Management to EvidenceEvidence
William F. HamiltonTampa, Florida
2
“Documents” Are Now Electronic
““Documents” are Documents” are now electronically now electronically created and storedcreated and stored
== New legal issuesNew legal issues
== New paradigmNew paradigm
3
There is More Data Than What You See!
4
Source Code for Same Page
5
“Metadata” lurks everywhere
6
The Digital World is a New Game
• Volatile and easily Volatile and easily alterablealterable
• Voluminous and Voluminous and variegatedvariegated
• Dispersed and co-Dispersed and co-locatedlocated
7
• Emails Emails • Web pagesWeb pages• Text messagesText messages• Digital voice recordingsDigital voice recordings• Data base compilationsData base compilations• Digital photographsDigital photographs• Computer logsComputer logs
Data Comes in Numerous Flavors
8
The Stages of E-Discovery
9
Preservation: Stop the Deletion
• Assemble the Assemble the TeamTeam
• Assess the caseAssess the case
• Litigation HoldLitigation Hold
10
Gather the Data
11
Shrink the Data
• Key wordsKey words
• TaxonomyTaxonomy
• ClusteringClustering
• ConceptualConceptual
12
Review the Data
• First Cut for First Cut for RelevanceRelevance
• Second Cut for Second Cut for Privilege and Privilege and CodingCoding
13
The Costs Keep Mounting
Total Cost Estimate $7,796,741 $1,397,995 $277,251Large Medium Small
E-File Collection Scenario 1 Senario 2 Scenario 3Key Custodians 10 5 2GB/Key Custodian 10 5 2Tier 2 Custodians 25 10 3GB/Tier 2 Custodians 7.5 2 1GB Shared Server Data 15 7.5 2Estimated GB Collected 302.5 52.5 9Estimated Pages/GB 75,000 75,000 75,000Page equivalent 22,687,500 3,937,500 675,000Yield after Pre-Processing as % 0.3 0.3 0.3Yield after Pre-Processing GB 90.75 15.75 2.7Estimated # pages 6,806,250 1,181,250 202,500Box Equivalent (2,500pp/box) 2,723 473 81Estimated % Responsive 0.25 0.25 0.25Estimated # Responsive Pages 1,701,563 295,313 50,625
Collection CostsCollection Costs (1 hour/custodian @ $300/hr) $10,500 $4,500 $1,500DeDup and Cull Cost/GB 1250 1250 1250Estimate GB Collected 302.5 52.5 9
Total Collection, DeDup and Cull Costs $388,625 $70,125 $12,750EDD Processing CostsEDD Processing Cost/GB $1,750 $1,750 $1,750Total GB to be Processed 90.75 15.75 2.7
Total EDD Processing Costs $158,813 $27,563 $4,725Paper Collection and ProcessingPages/Key Custodians (Assume 5000 pages/custodian) 50,000 25,000 10,000Pages Tier 2 Custodians (Assume 2500 pages/custodian) 62,500 25,000 7,500Total Pages 112,500 50,000 17,500Scan/OCR/page 0.2 0.2 0.2Processing costs $22,500 $10,000 $3,500Vendor Load Fee/page 0 0 0Load Fees $5,625 $2,500 $875
Total Paper Processing Costs $28,125 $12,500 $4,375Total Pre-Review Costs $575,563 $110,188 $21,850Phase 1 ReviewGB to be reviewed 90.75 15.75 2.7Pages to be reviewed 6,806,250 1,181,250 202,500Attorney review rate (pp/hour) 175 175 175Attorney hours needed to complete review 38893 6750 1157Cost per hour of attorney review $65 $65 $65Review attorney cost of Phase 1 review $2,528,036 $438,750 $75,214Supervisory billable time for training, project management, etc. (~10% Rev Atty Cost)$252,804 $43,875 $7,521
Total Cost of Phase 1 Review $2,780,839 $482,625 $82,736Phase 2 ReviewYield from Phase 1 Review 0.4 0.4 0.4Pages to be Reviewed in Phase 2 2,722,500 472,500 81,000Attorney review rate (pp/hr) 200 200 200Attorney hours needed to complete review 13,613 2,363 405Cost per hour of attorney review $250 $250 $250Review attorney cost of Phase 2 review $3,403,125 $590,625 $101,250Supervisory billable time for training, project management, etc. (~10% Rev Atty Cost)$340,313 $59,063 $10,125
Total Cost of Phase 2 Review $3,743,438 $649,688 $111,375Review of Materials Received from OppositionAssume Equal Amount of Data Received as Produced 0 0 0Attorney review rate (pp/hr) 200 200 200Attorney hours needed to complete review 0 0 0Cost per hour of attorney review $250 $250 $250
Document Review Budget EstimateMatter Name:
Date:
Courtesy of Browning Marean, DLA Piper
14
Keys to Cost Reduction
The Big Squeeze:The Big Squeeze:
• Data VolumeData Volume• Data LocationData Location• Data IdentityData Identity
Not Attorneys!Not Attorneys!
15
Data Map or Audit
16
Kick it to the Curb!
Data ManagementData ManagementData ManagementData ManagementData ManagementData ManagementData ManagementData ManagementData ManagementData ManagementData ManagementData ManagementData ManagementData ManagementData ManagementData ManagementData ManagementData ManagementData ManagementData Management
17
Back to the Future: Information Management
18
The Final Frontier: Admissibility
Here come da Here come da Judge!Judge!
19
Data Authenticity
Cannot touch, feel, see, or handle data…Cannot touch, feel, see, or handle data…
20
Data is Easy to Alter!
BASICS
Stretching the Truth Just Became Easier (and Cheaper)
Digital pictures can be stretched without distorting a subject's face. Above, an altered photo.
By PETER WAYNER Published: January 31, 2008
WHEN Carlo Baldassi came home from vacation and looked at a picture he took of his
girlfriend on the Charles Bridge in Prague, he was torn. She looked beautiful, but the
proportions of the picture were all wrong. It seemed tight and constrained, and it would
not fill his widescreen monitor.
An artist is never satisfied.
Mr. Baldassi may not have an official title of an artist
— he studies computational neuroscience at the
Institute for Scientific Interchange Foundation in Turin,
Italy. But he could fix the problem with some automatic
The original photo of a dog photo-editing software he was writing with several swimming in a lake. Friends. With one click, the tool stretched the
uninteresting parts of the landscape – the water and the
hills – while leaving the face of his girlfriend just as it
was. The result was, he thought, more open and
panoramic.
21
Data Changes are hard to detect
Phishing attack plunders Monster.com By Brian Bergstein, Associated Press
BOSTON — A recently disclosed fraud involving hundreds of thousands of people on the Monster.com jobs website reveals the perils of leaving detailed personal information online, security analysts say.
Before the scheme was uncovered last week by researchers at Symantec, con artists had filched legitimate user names and passwords from recruiters who search for job candidates on Monster. Then with access into the Monster system, the hackers grabbed resumes and used information on those documents to craft personalized "phishing" e-mails to job seekers.
"What phishers are trying to do these days is make them as realistic as possible, by adding specific information," said Patrick Martin, a Symantec product manager. "If they know you've submitted a resume to Monster, that makes it (seem) a little more legitimate."
If the recipients took the bait, they had spyware or other malicious programs secretly installed on their computers. But even if the phishing attempt wasn't successful, the names, addresses and other details on the resumes can themselves be lucrative.
A server in the Ukraine used in the scheme held 1.6 million entries. Because of duplications, Symantec said those files actually held personal information for "several hundred thousand" job seekers. Another anti-virus firm, Authentium Inc., said it parsed the same data and counted 1.2 million people.
Symantec said it relayed details to Monster.com so it could disable the compromised recruiter accounts. But the security company also advised Web users to limit their exposure to such frauds by reducing the amount of personal information they post on the Internet………….
22
Are Our Data Bases Secure?DAILY NEXUS UNIVERSITY OF CALIFORNIA, SANTA BARBARA Altered Grades Lead to Student’s Arrest Campus Computer Experts Say Security Measures Detected Unauthorized Access BY JASON LA, STAFF WRITER
Published Wednesday, March 30, 2005
Issue 94 / Volume 85
A UCSB student is being charged with four felonies after she
allegedly stole the identity of two professors and used the
information to change her own and several other students’
grades, police said.
UC Police Dept. arrested Nancy Ramirez, 21, on March 28 and
charged her with two felony counts of illegal access into a
computer system and two felony counts of identity theft, said
Stg. Mark Signa, UCPD public information officer. Ramirez, a
native of Los Angeles, was booked into the Santa Barbara
County Jail where her bail was set at $25,000, Signa said. She is
currently out on bail, and her roommate, whose name has not
been released by police, is currently considered an additional
suspect in the case, Signa said.
23
Where Did the Data Come From?
24
Where Did the “Original” Go?
25
Data is a Perpetual Flow and Change
26
What it Takes in Court • The business uses a computer and the computer is The business uses a computer and the computer is reliablereliable
• The business has developed a The business has developed a procedureprocedure for inserting data for inserting data into the computerinto the computer
• The procedure has The procedure has built-in safeguardsbuilt-in safeguards to ensure accuracy to ensure accuracy and identify errorsand identify errors
• The business keeps the computer in a The business keeps the computer in a good state of repairgood state of repair
• The The witness witness had the computer readout certain datahad the computer readout certain data
• The witness used the The witness used the proper procedureproper procedure to obtained the to obtained the readoutreadout
• The witness explains how he or she recognizes the The witness explains how he or she recognizes the readoutreadout
• If the readout contains strange symbols or terms, the witness If the readout contains strange symbols or terms, the witness explains the meaningexplains the meaning
• Imwinkelried, Evidentiary Foundations, at 4.03[2]
27
New Authentication Tools
• HashHash
• EncryptionEncryption
• Time StampsTime Stamps
28
Authentication: Hash IT!
29
Encryption
30
Single Code: One Key
31
Public Key-Private Key Systems
Public KeyPublic Key
Known by Known by
AllAll
32
Private Key
Only works for Only works for me!me!
33
Time Stamps
34
Certification by a Trusted Source
35
How to Make Your Lawyers Happy
• Close Databases to multiple usersClose Databases to multiple users• Use and change password protectionUse and change password protection• Employ encryption for key dataEmploy encryption for key data• Lock databases “read only”Lock databases “read only”• Hash early and oftenHash early and often• Utilize public-key private key securityUtilize public-key private key security• Employ time stampsEmploy time stamps• Check, re-check and test your applications and Check, re-check and test your applications and
systems, especially custom work systems, especially custom work
36
The new Digital Copernican Revolution
37
Go Rays……
