From the time we brush the cookie crumbs away as Mom walks into the kitchen until the US Attorney issues a subpoena for the evidence of fraud, it is human instinct to try to cover up what we have done wrong.  When a company is facing legal risk, the circumstances that give rise to the problems are events, actions, communications or records which employees have created, reviewed or retained. 
It is inevitable, in the 21st century, that the most likely evidence of guilt will be digital.  It is also inevitable that the creators and custodians of that evidence are very likely to try and modify, alter or delete the evidence if they are given the opportunity.  And, unfortunately, most litigation hold programs allow that risk to persist!  Oh, the opportunities adverse counsel can exploit!
A company acquires a duty to preserve relevant information when it has notice of a specific litigation, or reasonably should know that litigation is foreseeable.  At that point, most companies already are too late in protecting the records.  There are few circumstances in which a lawsuit arises in which a company has no prior knowledge of the risk of its conduct—a train wreck is a train wreck and, in this era, litigation is relied upon to economically balance the outcomes of the damage done.  
Yet, the most frequent course of action when a company has knowledge of a duty to preserve relevant information is to tell all of the employees most likely involved with the surrounding facts that the company (or adverse counsel, or forensic investigators) are going to come looking for the evidence.  Few people can resist the instinct to consider:  “What did I say?  When did I say it? Can I delete whatever I said?”   
Amazingly, most companies continue to execute their duty of preservation by instructing their employees to review their files, identify relevant materials and, in case after case, move the materials into a designated folder on a server or on their desktop for later collection.  So, like chasing after the tell-all crumbs, employees open their e-mails, and in so doing, often alter the relevant metadata that is stored with the historical record.  Of course, many still try to use the delete button, but doing so is almost always detected in the forensic analysis that follows—the consequences can be enormously adverse since the digital record clearly tells a story of cover-up and potential spoliation. 
What is needed for any company is a process that protects their electronic mail records from alteration, modification or deletion by their employees that are most likely to do so.  
Defending Electronic Mail as Evidence—the Critical E-Discovery Questions allows you—and your litigation hold program—to confront a hostile deposition without having to first swear to tell the truth.   You learn the tough questions that await—and the consequences of having inadequate answers.
Monday, February 2, 2009
Monday, January 26, 2009
Can you explain how your records management program matches up to ISO 15489?
One of the critical “safe harbors” available to organizations navigating the perils of electronic discovery is reached by demonstrating a “routine, good faith operation of an electronic information system”.  These are the words used in Rule 37(e) of the Federal Rules of Civil Procedure.  If such operations can be shown to exist, then Rule 37(e) generally protects an organization from sanctions that may otherwise be imposed for being unable to produce electronically stored information (ESI) which has been “lost”.
But one of the gaping idiosyncrasies of applying that Rule is that no guidance is provided to judges on how to measure the operations of an electronic information system in order to determine if the systems have been operated routinely and in good faith. For that reason, standards become a vital source of knowledge, something judges are allowed to consider under the Rules of Evidence.
ISO 15489-1:2001 is formally titled “Information and Documentation—Records Management—Part I: General”. It is paired with a second standard, ISO 15489-2:2001, titled “Information and Documentation—Records Management—Part 2: Guidelines”. Together, these represent the recognized international standard against which to evaluate existing records management programs, design new or improved programs, and manage those programs forward with a focus on continuous improvement.
ISO 15489 informs adverse counsel what to look for in requesting records management policies, procedures and operating records. The standards emphasize the importance of strong programs for collecting and maintaining business records with legal value. The program elements and controls proposed by these standards apply expressly to both paper and digital records and information.
While many records professionals acknowledge awareness of ISO 15489, very few have actually committed to develop their programs pursuant to its terms. While I have hear many “reasons”, most of the explanations cover for the absence of senior management leadership, insufficient funding, inadequate professional skills, or similar factors. In relying on ISO 15489 as the basis to explore whether electronic information systems are being operated routinely and in good faith, adverse counsel has a compelling foundation from which to expose systematic gaps, underfunding and policy enforcement laggards.
So, even if you don’t operate pursuant to ISO 15489, be prepared to answer the questions based on the standard’s terms and provisions. Indeed, an inability to be prepared will seriously undermine any claim that the existing systems have been operated in good faith.
Defending Electronic Mail as Evidence—The Critical E-Discovery Questions includes a detailed model deposition and QUEENs Map that are heavily informed by the ISO 15489 terms.
But one of the gaping idiosyncrasies of applying that Rule is that no guidance is provided to judges on how to measure the operations of an electronic information system in order to determine if the systems have been operated routinely and in good faith. For that reason, standards become a vital source of knowledge, something judges are allowed to consider under the Rules of Evidence.
ISO 15489-1:2001 is formally titled “Information and Documentation—Records Management—Part I: General”. It is paired with a second standard, ISO 15489-2:2001, titled “Information and Documentation—Records Management—Part 2: Guidelines”. Together, these represent the recognized international standard against which to evaluate existing records management programs, design new or improved programs, and manage those programs forward with a focus on continuous improvement.
ISO 15489 informs adverse counsel what to look for in requesting records management policies, procedures and operating records. The standards emphasize the importance of strong programs for collecting and maintaining business records with legal value. The program elements and controls proposed by these standards apply expressly to both paper and digital records and information.
While many records professionals acknowledge awareness of ISO 15489, very few have actually committed to develop their programs pursuant to its terms. While I have hear many “reasons”, most of the explanations cover for the absence of senior management leadership, insufficient funding, inadequate professional skills, or similar factors. In relying on ISO 15489 as the basis to explore whether electronic information systems are being operated routinely and in good faith, adverse counsel has a compelling foundation from which to expose systematic gaps, underfunding and policy enforcement laggards.
So, even if you don’t operate pursuant to ISO 15489, be prepared to answer the questions based on the standard’s terms and provisions. Indeed, an inability to be prepared will seriously undermine any claim that the existing systems have been operated in good faith.
Defending Electronic Mail as Evidence—The Critical E-Discovery Questions includes a detailed model deposition and QUEENs Map that are heavily informed by the ISO 15489 terms.
Saturday, January 17, 2009
Why We Map
By Jeffrey Ritter
The first time someone sees a CastleQuest Discovery Map, they are intrigued, curious and often a bit perplexed. What, they ask, are you trying to accomplish? For lawyers, the first look at one of our Maps can often be more confrontational. For most of them, the law is organized in a linear, text-based structure, capable of being stored in books or their digital equivalents. Creating and unfolding visual complexity as a representation of “the law” subtly challenges their sense of order, and organization.
But, as I will explain in these next paragraphs, the use of maps as the primary means of expressing and displaying the knowledgebase represented by Waters Edge is entirely intentional. For all of us, the journey toward learning how we will trust digital information, and acquiring the tools for doing so, is itself a process of discovery. Maps are themselves tools of discovery, but they also are expressions of relationships, explorations, and continued evolution as we attempt to portray the world around us.
In cyberspace, we struggle immensely to grasp the complexity of the space we have built and continue to build and expand. Cyberspace is a space which evolves, expands and continues to disclose new senses of its perimeters, and its lack of boundaries. It is not difficult to draw a comparison between cyberspace and the universe—each began small, there was a Big Bang, and now each continues to expand, inexorably. It is part of our human instincts to pursue and record an understanding of the spaces in which we live—and maps are an inherent tool for expressing the consequences of our investigations and discovery.
But, unlike so many targets of mapping, we cannot easily reduce cyberspace into a defined plane, or create a two-dimensional imagery. Instead, we confront a nearly infinite space, in which the infrastructure is dynamic, the aggregation of mass (in the form of information) is volatile, and the quality of the mass is constantly being judged and valued. False information, manipulated data, fictional identities, digital assets that are merely fool’s gold—across cyberspace, we also find many of these artifacts.
How do we begin to record and map the dimensions, features and contours of cyberspace? How do we account for the destinations that are valued, and those that are merely shadows or fictions, undeserving of our attention? How do we document where to begin, where to end, and where to steer clear of the unknown spaces (where ancient cartographers would illustrate with “Here be Dragons”)?
In 2009, we are barely fifteen years past the days when the www opened its doors. Yet, the complexity is staggering. Unlike, in nature, where certain natural laws define and govern relationships, space and the physical order of things, it seems the borders, topography and spaces that emerge in cyberspace are defined differently. Cyberspace is defined by human rules, rules that we articulate and express into the physical assets with which cyberspace is created and sustained. The rules are expressed to the electrons passing across the grid, electrons which bind to the data and transport 1’s and 0’s toward becoming information. Information is what we seek, and what cyberspace requires as the fuel for its being.
As humans, there would be no cyberspace if all was useless data. Instead, we seek information—data that is useful, knowledge that enriches, enables and advances the human experience. Within cyberspace, as in any journey toward a destination, we must navigate, caress, exploit, overcome and often be defeated by the obstacles we confront. Maps provide us a resource, invaluable and essential, for improving the odds of finding what we seek—information that can be trusted, information which fuels the reasoning of the human mind.
So, there is an ongoing confrontation that challenges us. As the 21st century gains full stride, enormous tangible complexity grows and accelerates—the networks expand and re-generate, devices become more diverse, and the intimacy of human existence invites even more monitoring and surveillance. This complexity is itself creating a profusion of data, masses of artifacts and byproducts of computing across the Net that endangers our ability to manage it—the infrastructure of cyberspace is generating more data than we can, as humans, absorb and understand. The logical outcome seems inevitable that, at some point, we will stop growing the infrastructure because we cannot manage the data we create. Yet that is not occurring. Why?
I believe the reason we have not seen cyberspace—and our human reliance on the information within its vast operation—collapse, is the emergence of a very human instinct to create and enforce rules which bring order to the chaos, which structure the complexity and, in the end, orient cyberspace to the order and discipline demanded by the social order of man. Society is social because of our rules, and our enforcement of those rules is essential to the human social compact. Cyberspace functions for the same reason—it is governed by rules that provide functional order. Only now are we beginning to truly understand that those rules must be accounted for, and enforced.
When we examine the job an information security professional endeavors to accomplish, we see activities that are rule-intensive. Security can be expressed differently—it is a battle between rule-making and the enforcement of those rules against those who exploit the lack of rules in order to gain, gather and create control over the digital assets we produce—information, money, property. The lack of security is a lack of rules; nearly every security incident is an exploitation of either the absence of rules, or the absence of effective enforcement of those rules.
So, cyberspace itself is ever expanding, and ever creating more data from which information must be extracted to justify cyberspace’s continued existence. To navigate, and to find the information which we pursue, we must have a way of visualizing our beginning point, our destination and the hazards along the way. Those paths, and the topography of cyberspace, are defined by the rules—the rules that exist, the rules that have yet to exist, the rules that are effective, the rules that are ineffective, the rules that are enforced, and the rules which do not get enforced.
Mapping of rules—creating visual structures through which the rules can be identified, ordered, and enforced—gives us insight into how we govern data and distinguish the flotsam from the information of value. But to do so, the complexity of the rules within cyberspace requires us to imaginatively abandon all of our traditional mechanism for bringing order to our rules—indexed codes, non-integrated classification schemes, non-social expressions of the rules. For now, the Babel is overwhelming us, and no publisher of rules has been effective at producing a unified, coherent inventory.
As a result, bad actors are finding continued opportunities for exploitation. What is a breach of privacy, but the exploitation of the fact no rules exist to protect personal information, or an absence of enforcement of those rules, allowing the bad actor to proceed without sanction? What is a hacker’s exploitation of a buffer overflow, but the failure of design rules to be articulated proscribing buffer overflow coding errors, or the failure to test the resulting code to assure those rules, if they existed, were properly executed? What is the refusal of a company to produce the digital information from its systems that demonstrates its culpability for misconduct, but a failure to have rules in place that impose consequences on those who neglect their social responsibility to maintain and preserve the digital artifacts of their operations?
So, my decision to map is a radical effort to move differently. The first cartographers maintained small offices in the ports of call. As mariners returned, they interviewed and took notes, trying to record the contours of the shores, the obstacles to safe passage, and the destinations of consequence. In developing maps, I am proposing that we can act in their tradition. We must begin to map cyberspace and its dimensions by mapping the rules by which we govern that space. Our maps provide a visual context for the navigation, and a means to measure the value of the information found in our travels.
We have done so with the physical infrastructure of the Net—virtually any physical asset or connecting network can be visually displayed. Cell phones can be located both in the context of their proximity to other devices, such as cell phone towers, and physical ground attributes. We know where the infrastructure assets are! But as data is created and moved within the space defined by the devices, we often lose our way. By mapping the rules--by creating different structured means of looking at how those rules—we begin to provide the grid against which we can understand the value of the data that moves across, under, over and within the space that cyberspace represents.
The first maps were, by today’s cartographic measure, immensely crude—lacking scale and accurate perspective. Indeed, the measure of latitude on the face of the Earth (an accurate expression of the distance between two points moving east to west, or west to east) was not reliably achieved until the early 16th century. Yet, even with their inaccuracies, maps were still valued for the guidance they provided into the unknown.
In hindsight, like the early maps of the earth’s features, the maps we produce today may be viewed as archaic or even drawn in error. But in mapping the rules, we are able to begin to portray the risks. In mapping where losses are realized, we can begin to illuminate where new rules are needed, or new controls needed to effectively enforce the rules. And in portraying the rules, and the risks, we provide a context by which to ask the questions with which to more safely navigate cyberspace. Our failures that history may illuminate do not diminish the need to try.
As we map, we are creating tools which enable all of us to consider the complexity and vastness of cyberspace from a different viewpoint. By proposing relationships, structures, icons, proportionality and perspective, we introduce into the global dialogue on how to govern the human dimension of a wired world a capacity to perhaps transcend our own Babel and enable data, as digital assemblies of electrons, to yield information that can be valued and trusted.
And, as we create the icons, the structures, the syntax, the representational portrayals of space, devices, information and the rules, we will again proceed in the very human process that mapping enables. We will begin to overcome our fear of the unknown, our hesitancy to navigate beyond the terrain we can see, and our concerns that we can return safely to our beginning. In doing so, as mapping has done throughout human experience, we unleash for succeeding generations a clarity of understanding of the world in which we live, including the cyberspace we have created. And, with that understanding, creativity, imagination and the human instinct to explore is again fueled, to once again move to discover new frontiers.
And so, I map.
The first time someone sees a CastleQuest Discovery Map, they are intrigued, curious and often a bit perplexed. What, they ask, are you trying to accomplish? For lawyers, the first look at one of our Maps can often be more confrontational. For most of them, the law is organized in a linear, text-based structure, capable of being stored in books or their digital equivalents. Creating and unfolding visual complexity as a representation of “the law” subtly challenges their sense of order, and organization.
But, as I will explain in these next paragraphs, the use of maps as the primary means of expressing and displaying the knowledgebase represented by Waters Edge is entirely intentional. For all of us, the journey toward learning how we will trust digital information, and acquiring the tools for doing so, is itself a process of discovery. Maps are themselves tools of discovery, but they also are expressions of relationships, explorations, and continued evolution as we attempt to portray the world around us.
In cyberspace, we struggle immensely to grasp the complexity of the space we have built and continue to build and expand. Cyberspace is a space which evolves, expands and continues to disclose new senses of its perimeters, and its lack of boundaries. It is not difficult to draw a comparison between cyberspace and the universe—each began small, there was a Big Bang, and now each continues to expand, inexorably. It is part of our human instincts to pursue and record an understanding of the spaces in which we live—and maps are an inherent tool for expressing the consequences of our investigations and discovery.
But, unlike so many targets of mapping, we cannot easily reduce cyberspace into a defined plane, or create a two-dimensional imagery. Instead, we confront a nearly infinite space, in which the infrastructure is dynamic, the aggregation of mass (in the form of information) is volatile, and the quality of the mass is constantly being judged and valued. False information, manipulated data, fictional identities, digital assets that are merely fool’s gold—across cyberspace, we also find many of these artifacts.
How do we begin to record and map the dimensions, features and contours of cyberspace? How do we account for the destinations that are valued, and those that are merely shadows or fictions, undeserving of our attention? How do we document where to begin, where to end, and where to steer clear of the unknown spaces (where ancient cartographers would illustrate with “Here be Dragons”)?
In 2009, we are barely fifteen years past the days when the www opened its doors. Yet, the complexity is staggering. Unlike, in nature, where certain natural laws define and govern relationships, space and the physical order of things, it seems the borders, topography and spaces that emerge in cyberspace are defined differently. Cyberspace is defined by human rules, rules that we articulate and express into the physical assets with which cyberspace is created and sustained. The rules are expressed to the electrons passing across the grid, electrons which bind to the data and transport 1’s and 0’s toward becoming information. Information is what we seek, and what cyberspace requires as the fuel for its being.
As humans, there would be no cyberspace if all was useless data. Instead, we seek information—data that is useful, knowledge that enriches, enables and advances the human experience. Within cyberspace, as in any journey toward a destination, we must navigate, caress, exploit, overcome and often be defeated by the obstacles we confront. Maps provide us a resource, invaluable and essential, for improving the odds of finding what we seek—information that can be trusted, information which fuels the reasoning of the human mind.
So, there is an ongoing confrontation that challenges us. As the 21st century gains full stride, enormous tangible complexity grows and accelerates—the networks expand and re-generate, devices become more diverse, and the intimacy of human existence invites even more monitoring and surveillance. This complexity is itself creating a profusion of data, masses of artifacts and byproducts of computing across the Net that endangers our ability to manage it—the infrastructure of cyberspace is generating more data than we can, as humans, absorb and understand. The logical outcome seems inevitable that, at some point, we will stop growing the infrastructure because we cannot manage the data we create. Yet that is not occurring. Why?
I believe the reason we have not seen cyberspace—and our human reliance on the information within its vast operation—collapse, is the emergence of a very human instinct to create and enforce rules which bring order to the chaos, which structure the complexity and, in the end, orient cyberspace to the order and discipline demanded by the social order of man. Society is social because of our rules, and our enforcement of those rules is essential to the human social compact. Cyberspace functions for the same reason—it is governed by rules that provide functional order. Only now are we beginning to truly understand that those rules must be accounted for, and enforced.
When we examine the job an information security professional endeavors to accomplish, we see activities that are rule-intensive. Security can be expressed differently—it is a battle between rule-making and the enforcement of those rules against those who exploit the lack of rules in order to gain, gather and create control over the digital assets we produce—information, money, property. The lack of security is a lack of rules; nearly every security incident is an exploitation of either the absence of rules, or the absence of effective enforcement of those rules.
So, cyberspace itself is ever expanding, and ever creating more data from which information must be extracted to justify cyberspace’s continued existence. To navigate, and to find the information which we pursue, we must have a way of visualizing our beginning point, our destination and the hazards along the way. Those paths, and the topography of cyberspace, are defined by the rules—the rules that exist, the rules that have yet to exist, the rules that are effective, the rules that are ineffective, the rules that are enforced, and the rules which do not get enforced.
Mapping of rules—creating visual structures through which the rules can be identified, ordered, and enforced—gives us insight into how we govern data and distinguish the flotsam from the information of value. But to do so, the complexity of the rules within cyberspace requires us to imaginatively abandon all of our traditional mechanism for bringing order to our rules—indexed codes, non-integrated classification schemes, non-social expressions of the rules. For now, the Babel is overwhelming us, and no publisher of rules has been effective at producing a unified, coherent inventory.
As a result, bad actors are finding continued opportunities for exploitation. What is a breach of privacy, but the exploitation of the fact no rules exist to protect personal information, or an absence of enforcement of those rules, allowing the bad actor to proceed without sanction? What is a hacker’s exploitation of a buffer overflow, but the failure of design rules to be articulated proscribing buffer overflow coding errors, or the failure to test the resulting code to assure those rules, if they existed, were properly executed? What is the refusal of a company to produce the digital information from its systems that demonstrates its culpability for misconduct, but a failure to have rules in place that impose consequences on those who neglect their social responsibility to maintain and preserve the digital artifacts of their operations?
So, my decision to map is a radical effort to move differently. The first cartographers maintained small offices in the ports of call. As mariners returned, they interviewed and took notes, trying to record the contours of the shores, the obstacles to safe passage, and the destinations of consequence. In developing maps, I am proposing that we can act in their tradition. We must begin to map cyberspace and its dimensions by mapping the rules by which we govern that space. Our maps provide a visual context for the navigation, and a means to measure the value of the information found in our travels.
We have done so with the physical infrastructure of the Net—virtually any physical asset or connecting network can be visually displayed. Cell phones can be located both in the context of their proximity to other devices, such as cell phone towers, and physical ground attributes. We know where the infrastructure assets are! But as data is created and moved within the space defined by the devices, we often lose our way. By mapping the rules--by creating different structured means of looking at how those rules—we begin to provide the grid against which we can understand the value of the data that moves across, under, over and within the space that cyberspace represents.
The first maps were, by today’s cartographic measure, immensely crude—lacking scale and accurate perspective. Indeed, the measure of latitude on the face of the Earth (an accurate expression of the distance between two points moving east to west, or west to east) was not reliably achieved until the early 16th century. Yet, even with their inaccuracies, maps were still valued for the guidance they provided into the unknown.
In hindsight, like the early maps of the earth’s features, the maps we produce today may be viewed as archaic or even drawn in error. But in mapping the rules, we are able to begin to portray the risks. In mapping where losses are realized, we can begin to illuminate where new rules are needed, or new controls needed to effectively enforce the rules. And in portraying the rules, and the risks, we provide a context by which to ask the questions with which to more safely navigate cyberspace. Our failures that history may illuminate do not diminish the need to try.
As we map, we are creating tools which enable all of us to consider the complexity and vastness of cyberspace from a different viewpoint. By proposing relationships, structures, icons, proportionality and perspective, we introduce into the global dialogue on how to govern the human dimension of a wired world a capacity to perhaps transcend our own Babel and enable data, as digital assemblies of electrons, to yield information that can be valued and trusted.
And, as we create the icons, the structures, the syntax, the representational portrayals of space, devices, information and the rules, we will again proceed in the very human process that mapping enables. We will begin to overcome our fear of the unknown, our hesitancy to navigate beyond the terrain we can see, and our concerns that we can return safely to our beginning. In doing so, as mapping has done throughout human experience, we unleash for succeeding generations a clarity of understanding of the world in which we live, including the cyberspace we have created. And, with that understanding, creativity, imagination and the human instinct to explore is again fueled, to once again move to discover new frontiers.
And so, I map.
Labels:
discovery,
exploration,
maps,
trusted information
Subscribe to:
Comments (Atom)
