IG3 West was held at the Pelican Hill Resort in Newport Coast, California. It consisted of one day of product demos followed by one day of talks. The talks were divided into two simultaneous sessions throughout the day, so I could only attend half of them. My notes below provide some highlights from the talks I attended. You can find my full set of photos here.
Technology Solution Update from Corporate, Law Firm and Service Provider Perspective
How do we get the data out of the free version of Slack? It is hard to get the data out of Office 365. Employees are bringing in technologies such as Slack without going through the normal decision making process. IT and legal don’t talk to each other enough. When doing a pilot of legal hold software, don’t use it on a custodian that is on actual hold because something might go wrong. Remember that others know much less than you, so explain things as if you were talking to a third grader. Old infrastructure is a big problem. Many systems haven’t really been tested since Y2K. Business continuity should be a top priority.
Staying on Pointe: The Striking Similarities Between Ballet and eDiscovery
I wasn’t able to attend this one.
Specialized eDiscovery: Rethinking the Notion of Relevancy
Does traditional ediscovery still work? The traditional ways of communicating and creating data are shrinking. WeChat and WhatsApp are now popular. Prepare the client for litigation by helping the client find all sources of data and format the exotic data. Requesting party may want native format (instead of PDF) to get the meta data, but keep in mind that you may have to pay for software to examine data that is in exotic formats. Slack meta data is probably useless (there is no tool to analyze it). Be careful about Ring doorbells and home security systems recording audio (e.g., recording a contractor working in your home) — recording audio is illegal in some areas if you haven’t provided notification to the person being recorded. Chat, voice, and video are known problems. Emoji’s with skins and legacy data are less-known problems. Before you end up in litigation, make sure IT people are trained on where data is and how to produce it. If you are going to delete data (e.g., to reduce risk of high ediscovery costs in the future), make sure you are consistent about it (e.g., delete all emails after 3 months unless they are on hold). Haphazard deletion is going to raise questions. Even if you are consistent about deletion, you may still encounter a judge who questions why you didn’t just save everything because doing so is easier. Currently, people don’t often go after text messages, but it depends on the situation. Some people only text (no emails). Oddest sources of data seen: a Venmo comment field indicating why a payment was made, and chat from an online game.
SaaS or Vendor – An eDiscovery Conversation
I wasn’t able to attend this one.
Ick, Math! Ensuring Production Quality
I moderated this panel, so I didn’t take notes. You can find the slides here.
Still Looking for the Data
I wasn’t able to attend this one.
Data Breach: Incident Response Notification
I wasn’t able to attend this one.
“Small” Data in the Era of “Big” Data
Data minimization reduces the data that can be misused or leaked by deleting it or moving it to more secure storage when it is no longer needed. People need quick access to the insights from the data, not the raw data itself. Most people no longer see storage cost as a driver for data minimization, though some do (can be annoying to add storage when maintaining your own secure infrastructure). A survey by CTRL found that most people say IT should be responsible for the data minimization program. Legal/compliance should have a role, too. When a hacker gets into your system, he/she is there for over 200 days on average — lots of time to learn about your data. Structured data is usually well managed/mapped (85%), but unstructured is not (15%). Ephemeral technology solves the deletion problem by never storing the data. Social engineering is one of the biggest ways that data gets out.
Mobile Device Forensics 2020: An FAQ Session Regarding eDiscovery and Data Privacy Considerations for the Coming Year
It is now possible that visiting the wrong website with your phone can result in it being jailbroken and having malware installed. iOS sync can spread your data to other devices, so you may have text messages on your computer. A woman found out about her husband’s affair from his FitBit by noticing his heart rate increased at 4:30am. Time of death can also be found from a FitBit by when the heart stopped. No increase in heart rate before a murder sugggests the victim knew the murderer. Wage and hour litigation uses location tracking. Collecting app data from a phone may not give you everything you want since the app may store some data on the server. Collection software may only handle certain versions of an app. Use two collection tools and see if the results match. Someone had 1.3 million WeChat chats on one phone. iTunes is going away — you will be forced to use iCloud instead. iTunes backup gives more data than iCloud (e.g., deleted messages). Some of the email might be on the phone, while some might be on the server. Who owns the data in the cloud? Jailbreaking is possible again, which gives real access to the data. When there is a litigation hold and you have the device, use a forensic tool on it. When you don’t have the device, use the backups. Backups may be incomplete — the users chooses what to back up (e.g., may not back up photos). If malware gets onto the device, how do you know if the user really sent the text message? Text message slang the kids use: “kk” = okay (kk instead of k because k will auto-correct to I), and “k.” = whatever (angry). The chat in Clash of Clans and other games has been used by ISIS and criminals to communicate. Google’s Project Zero found that China was using an iOS bug to attack people from a particular religious group.
The Human Mind in the Age of Intelligent Machines
I wasn’t able to attend this one.