Category: Computers

Audio ForensicsComputer ForensicsCrisis ManagementOnline Reputation ManagementSocial Media

Deepfake: Its Role in Law, Perception, and Crisis Management (Part 2)

on April 14, 2021

Welcome to Part 2 of Experts.com’s Deepfake Blog Series! In case you missed it, check out Part 1. The focus for Part 2 is to delve into the legal ramifications and perceptive dangers of deepfake videos, along with solutions for individuals and organizations who have been negatively affected by deceptive content. Continued insight from Audio, Video, and Photo Clarification and Tampering Expert, Bryan Neumeister, and new knowledge from fellow Experts.com Member and Online Reputation Management Expert, Shannon Wilkinson, will be included in this post.

Due to the relatively new concept and technology of deepfake content, the legal ramifications are not concrete. In fact, admitting deepfake content as evidence in some criminal and civil court cases can be a precarious endeavor because of metadata. According to the Oxford Dictionary, metadata is “information that describes other information.” Think of metadata as information found on a book. Listed is the author’s name, summary of the author, synopsis of the book, the name and location of the publishing company, etc. Metadata answers the same inquiries about videos and photographs on the internet. It has even been used to solve crimes. For example, in 2012, law enforcement found John McAfee, a man who ran from criminal prosecution for the alleged murder of his neighbor, using the metadata from a photo VICE Media, LLC released in an interview with the suspect (NPR). “The problem with metadata is when you upload any video to YouTube or Facebook, the metadata is washed because the user gives up the right to the video,” a statement by Bryan Neumeister. Reasons vary as to why metadata is removed. Some platforms have policies to disregard metadata to expedite the download time for such images and videos. However, it raises concern for those interested in preserving intellectual property (Network World). In addition to the numerous reposts a photo or video acquires, finding the original author of a post on major social media platforms poses a problem for litigants.

Entering evidence into court becomes a Chain of Custody issue (702, 902) through the Daubert Standard, which is a set of criteria used to determine the admissibility of expert witness testimony. Part of Mr. Neumeister’s expertise is to sift through the components (time stamp, camera, exposure, type of lens, etc.) of digital evidence via computer software systems to determine its authenticity or modification. One of the many techniques he uses is to look at the hash value of digital evidence. According to Mr. Neumeister, “Hash values are referred to in Daubert 702 as a way to authenticate. Think about a hash value as a digital fingerprint.” Without this set of numerical data, the most vital piece of proof needed to discern an original from a fake photograph or video, the digital evidence should be ruled as inadmissible by Daubert standards, as there is no chain of custody to a foundational original. Because deepfakes are difficult to track, and perpetrators are mainly anonymous underground individuals with limited assets, prosecuting these cases is a long-term investment without the return. From a moral perspective, justice should be served. With little or no recourse, the frustration is overwhelming for people whose character and financial future have been put in jeopardy.

Deepfakes may be complicated in the legal arena, but in the world of public perception, its role is much more forthright. In recent years, perception has become reality, and this notion rings resoundingly true regarding deepfake content. People who create and publish deceitful content have three main goals: to tarnish a person or company’s reputation, change a narrative, and ultimately influence the public. “Deepfakes are not usually done by big corporations. There is too much at stake. They are usually done by groups that have an intent to cause misdirection,” a direct quote by Mr. Neumeister. The truth about events regarding politicians, or any other public figure, has now become subjective. Like most viral posts, once a deepfake video is released, unless a user participates in research and finds other sources that confirms or denies deceptive material, people will believe what is shown on social media. There are two reasons for this: 1) it confirms an already ingrained bias, and 2) some people would rather trust the information instead of actively looking for sources that contradict the deepfake due to lack of will or information overload. Studies have shown it takes just a few seconds to convince people who are leaning the way a deepfake video is portraying a situation to believe the content. Even if there is a source that has been fact-checked and proves the contrary, the damage to a public figure’s perception has already been done.

For instance, one of the most popular types of deepfakes are centered around pornography. As discussed in Part 1, the General Adversarial Network (GANs) generated deepfake videos have a specific algorithmic structure that accumulates multitudes of any footage and mimics the desired output data. However, its blatantly realistic and high-quality footage is too exaggerated to be an authentic video. To further augment the illusion, people use techniques such as adding background noise, changing the frame rate, and editing footage out of context to make the video more “realistic.” According to Mr. Neumeister, “The more you dirty it up, the harder it is to tell … and then you’ve got enough to make something convincing that a lot of people won’t fact check.” This unfortunate reality, the emergence of different types of deepfake content can ruin the reputations of individuals and businesses across the board. Fortunately, there are methods to managing public perception.

A positive public image is one of the driving forces for success, trust, revenue, and a growing client base. For this reason, malicious and manipulative material found on the internet is threatening. The internet allows everyone to become an author, which gives users the power to post a variety of content ranging from true stories to false narratives. When businesses and organizations find themselves in a fraudulent crisis, “it can impact shareholder value, damage an organization’s reputation and credibility in the eye of consumers and customers, and result in the dismissal or stepping down of a CEO, board members, and/or other key leaders,” stated by Shannon Wilkinson, an Online Reputation Management Expert. Individuals who have less of a digital presence than organizations are more at risk for facing defamatory content. It begs the question, what types of crisis management strategies can business and individuals use to defend themselves against deepfake content?

One of the reasons why crisis emerges for organizations and public figures is due to the lack of proactiveness. Luckily, Ms. Wilkinson has provided numerous tips on how to prioritize reputation management and crisis response to build a “powerful digital firewall.” For reputation management, Ms. Wilkinson recommends:

  • Understanding how one’s business and brand appears to the world.
    • “Each Google page has 10 entries, discounting ads…The fewer you ‘own’ – meaning ones you publish… – the less control you have over your online image,” according to Ms. Wilkinson.
  • Customizing LinkedIn and Twitter profiles.
  • Publishing substantive and high-quality content related to one’s field of expertise or organizations (white papers, blogs, articles, etc.).
  • Scheduling a professional photography session.
  • Creating a personal branding website (ex: http://www.yourname.com).

As for crisis response options, there are two key components businesses and individuals must consider before crafting a recovery plan:

  • Possessing an online monitoring system alerting when one’s brand is trending on social media (ex: Google Alerts and Meltwater)
  • Seeing conversations in real time to augment one’s social presence within those digital spaces.

Below are the recommendations regarding the actual response to a crisis:

  • Social media platforms like Facebook and Twitter seem to be the more popular spaces to respond to deepfake content.
  • Updating current and existing information is a vital strategy to counter attacks.
  • Avoid engaging with anonymous commentors and trolls.
  • “Video is an excellent tool for responding to situations that result in televised content. A well-crafted video response posted on YouTube will often be included in that coverage. This strategy is often used by major companies,” a direct quote from Ms. Wilkinson.

The why behind creating, manipulating, and posting deepfakes for the world to see seems to be a moral dilemma. The motives behind uploading such misleading content are different for those who participate but nefarious, nonetheless. Legally, it remains an area of law where justice is not always served. Thanks to our Experts.com Members, Bryan Neumeister and Shannon Wilkinson, the what, when, how, and where aspects of deepfake content have been explained by people who are well-versed in their respective fields. In the height of modern technology and the rampant spread of misinformation, our Experts advise all online users, entrepreneurs, public figures, and anyone with access to the internet adequately fact-check sources encountered on the web. Those associated with businesses or happen to be public figures should prioritize developing crisis management precautions. In Mr. Neumeister’s own words, “People can destroy a city with a bomb, but they can take down a country with a computer.”

Audio ForensicsComputer ForensicsExpert WitnessSocial Media

Deepfake: An Introduction (Part 1)

on March 17, 2021

Computer technology is one of the most pivotal inventions in modern history. Artificial Intelligence, smartphones, social media, and all related apparatus have significantly enhanced living conditions in an unprecedented manner and connected the world with a click of a button. It is used in various occupations: from business related fields to more creative professions. To say modern technology has been advantageous in recent decades is an understatement. However, every creation has its flaws. This multi-part blog series is intended to reveal one of those flaws, and a dangerous one at that, deepfake videos. This first post includes an introduction to deepfake videos, and the steps taken by federal and state governments to identify such duplicitous content. Special insight on the subject is provided by our Experts.com Member and Audio, Video, and Photo Clarification and Tampering Expert, Bryan Neumeister.

Editing footage and photos is normal practice in our selfie-addicted new normal, but creating distorted content is a whole new ballgame. According to CNBC, deepfakes are “falsified videos made by means of deep learning.” These videos, images, audios, or other digital forms of content are manipulated such that counterfeits pass as the real thing. What makes matters worse is the internet allows anyone and everyone to create, edit, and post deceptive content. It is one of many threats to cybersecurity strategists, police departments, politicians, and industries alike because the purpose of making them is to spread misinformation, tarnish reputation’s, exploit evidence, and to ultimately deceive an audience. The unfortunate reality is deepfake videos which display pornographic scenarios and manipulated political moment are the most common. For instance, a notable deepfake video was posted by Buzzfeed in 2018 depicting former United States president, Barack Obama, slandering another former United States president, Donald Trump. However, the voice behind Obama is none other than Jordan Peele. The video was intended as a moral lesson to explain how important it is to verify online sources, and to highlight the dangerous problem of trusting every post uploaded to the internet.

According to Mr. Neumeister, who specializes in this area of expertise, there are two types of artificial intelligence programs used to create deepfake videos: GANs and FUDs. He states, “GANs (Generative Adversarial Networks) are used by professionals, and FUDs (Fear, Uncertainty, and Doubt) are the homemade ones.” Although FUD videos garner more attention among internet users, the real menace to society are the videos made from GANs.

Videos made from Generative Adversarial Networks have an algorithmic framework designed to acquire input data and mimic the desired output data. One can visualize how GANs work through the viral Tom Cruise TikTok deepfake. According to NPR, the creator of the deepfake, Chris Ume, used a machine-learning algorithm to insert an accumulation of Tom Cruise footage. This allowed him to give a digital face transplant to the Tom Cruise lookalike actor he hired for the video. Ume input a plethora of videos to create a desired output of a realistic face swap. Neumeister also adds that the most realistic deepfakes correlate to the amount of footage a person can acquire. Specifically, “the more bits of video clip you have to put together, the more accurate you can make facial movements, ticks, etc.” From this logic, it can be inferred that Ume’s Tom Cruise deepfake looks more realistic than those that lack algorithmic programs.

Because viewers typically see deepfakes in politics and pornography, federal and state governments have recently implemented laws to counteract deepfake content creation and distribution. President Trump signed the first deepfake federal law near the end of 2019. This legislation is included in the National Defense Authorization Act for Fiscal Year 2020 (NDAA), which is a $738 billion defense policy bill passed by both Senate (86-8) and the House (377-48). The two provisions in the NDAA requires:
“(1) a comprehensive report on the foreign weaponization of deepfakes; (2) requires the government to notify Congress of foreign deepfake-disinformation activities targeting US elections,” (JD Supra). The NDAA also implemented a “Deepfakes Prize” competition to promote the investigation of deepfake-detection technologies. On a state level, there have been laws passed by multiple states that criminalize specific deepfake videos (JD Supra):

  • Virginia: first state to establish criminal penalties on the spread of nonconsensual deepfake pornography.
  • Texas: first state to ban creation and dissemination of deepfake videos aimed to alter elections or harm candidates for public office.
  • California: victims of nonconsensual deepfake pornography can sue for damages; candidates for public office can sue organizations and individuals that maliciously spread election-related deepfakes without warning labels near Election Day.

Although the Trump administration and various states established policies against deepfakes, it remains ubiquitous on almost all online platforms. How can users at home distinguish authentic content from deepfakes?

Mr. Neumeister provides a few tips and tricks for detecting a deepfake. One giveaway mentioned is mouth movement, otherwise known as phonemes and visemes. Mouths move a certain way when people speak. For instance, words like mama, baba, and papa start with a closed mouth. Words like father, and violin start with the front teeth pushing against the bottom lip. To add, consonants and vowels also sound a certain way when pronounced correctly. “Words with t, f, n, o, and wh, are pretty good for tells,” adds Mr. Neumeister. When analyzing video, the frames in which a person is speaking are broken down into approximately six to ten frames to determine if the way someone talks in other videos is the same as the video being analyzed. Another tip Mr. Neumeister suggests is to watch videos with context in mind. Viewers should pay attention to background noise, crowd ambiance, and the cadence in a speaker’s sentences. Authentic and original content would have, by nature, realistic frames. Users can detect a deepfake by sensing dissonance in, for instance, a speaker’s proximity to the microphone or a size of a room. For users at home or on-the-go, these tips are crucial for distinguishing verified sources from manipulated misinformation.

The emergence of deepfake content, its continuously improving technology, and the spread of disinformation is a multifaceted and complex problem. This blog post has only scratched the surface, so stay tuned for part 2 for a more in-depth read.

BlockchainComputer SecurityCryptocurrency

Bitcoin: The Currency of the Future

on January 6, 2021

The news of Bitcoin’s recent and successful market performance is spreading like wildfire. In the eleven years since its inception, it has surpassed the market value of companies such as Visa, Mastercard, and Walmart (CNN Business). As of the date of this publication, one Bitcoin is being traded for $34,306.17. This incredible feat has made Bitcoin quite popular for investors and people interested in financial markets. However, some critics have raised concerns about Bitcoin and cryptocurrency in general. Defining Bitcoin, explaining its functions, and addressing the advantages and disadvantages to cryptocurrency will be the subject of this week’s blog post. 

Although the algorithms for the modern-day cryptocurrency have existed since the 1980s, the emergence of Bitcoin has changed the future of financial transactions. Bitcoin’s founding in 2009 is shrouded in mystery. The housing market crash of the same year was the catalyst for its emergence. By whom is the enigma. The founder of Bitcoin is known by the pseudonym Satoshi Nakamoto. The true identity of the person or persons is still unknown.  

Bitcoin is a form of decentralized cryptocurrency. Because its design is public, all transactions are managed by “peer-to-peer” technology instead of banks. Cryptocurrencies are often compared to an online version of dollar bills and can be used to buy and sell services and products. To obtain Bitcoins, people can buy it using “real” money, have people pay for a product using Bitcoin, or “computer-mining,” like searching for gold. Because Bitcoin is essentially a computer file, consumers can store them on a digital wallet, accessed by any smartphone or computer, and even send them to other people. Now that Bitcoin has been defined, it is important to know how it works. 

Bitcoin Mining Is Now More Competitive Than Ever, New Data Shows

When a beginner uses Bitcoin, it generates a Bitcoin address. You can create more than one address and share the addresses with friends and family so transactions can ensue. These addresses can only be used once. Bitcoin has three main functions (Bitcoin):  

  • Function 1: Blockchain – a shared public ledger which all consumers within the Bitcoin network depend on. It includes and verifies all transactions and spendable balances to ensure both are owned by the spender.  
  • Function 2: Transaction – an exchange of value between Bitcoin wallets. Although transactions are included in the blockchain, Bitcoin wallets keep a “private key.” Private keys prove the owners of the transaction. Bitcoin also uses “signatures” to ensure the lack of alterations to the transactions. 
  •  Function 3: Mining – a process which confirms and places the transactions in the blockchain in chronological order. It also bears the responsibility of protecting the neutrality of the Bitcoin network. Transactions are only confirmed when they are compiled in a “block” which includes rigid cryptographic rules approved by the Bitcoin network so previous blocks are not modified. Mining also prohibits individuals from controlling, replacing, or adding blocks and parts of the block chain. In other words, it prohibits theft. 

After defining and explaining Bitcoin’s functions, and as the number of people investing in Bitcoin increases, addressing the benefits and drawbacks of this cryptocurrency are crucial. 

Pros & Cons of Trading Bitcoin & Cryptocurrencies | Paxful Blog

There are plenty of advantages and disadvantages to investing in Bitcoin (Money Crashers). Let’s first discuss its benefits. As previously mentioned, Bitcoin is not controlled by any political or financial institution. These parties can only confiscate or suspend cryptocurrency either for retribution for political acts or for a criminal investigation.  

Bitcoin also has greater liquidity compared to its competitors like Ethereum, IOTA, and Dogecoin. This permits users to keep much of its value when switching to fiat currencies like the U.S. dollar bill. Essentially, out of all the cryptocurrencies, Bitcoin is most like a fiat currency.  

Bitcoin has become widely recognized as a payment method, partially because of their built-in privacy protections. It allows users to distance the account itself from the public persona. Unlike using cash or PayPal transactions where protections are scarce, Bitcoin tracks transactions between users but it is difficult to discover who the users are. Individuals or groups who want to mitigate the use of fiat currency should invest in cryptocurrency, since a plethora of sellers accept Bitcoin payments (Microsoft, Overstock, Etsy, AT&T, Shopify). Even though Bitcoin has inexpensive transaction fees, it also eases the process of international transactions because, like credit card payments and ATM cash withdrawals, it does not require international transaction fees. 

Finally, Bitcoin’s built-in scarcity component inculcates the currency with inherent value like gold and other metals. This supports its lasting value against fiat currencies and non-scarce cryptocurrencies. 

Purchasing Anything on the Black Market With Any Currency Is a Good Thing´ | Op-Ed Bitcoin News

A major inconvenience to using Bitcoin is the lack of policy regarding refunds and chargebacks. Because of its decentralized design, it is extremely difficult for users to dispute transactions. Even though miners are responsible for recording the transactions, it cannot prove the legitimacy of those transactions. 

Bitcoin’s reputation as the world’s most popular cryptocurrency precedes itself, so much so that it becomes vulnerable to fraud cases. Examples include the small-scale Ponzi scheme with Bitcoin Savings & Trust to grand-scale hacks such as the infiltrations of Sheep Marketplace and Mt. Gox, which were bilked of hundreds of thousands of Bitcoins. To add, Bitcoin attracts groups and individuals involved with the black market due to its inherent anonymity protections. Ultimately, Bitcoin’s competitors do not acquire nearly the number of users to engender maliciously profitable activity for criminals. If fiat currency were used, such crimes would be prosecuted by law enforcement (see Member Dr. Stephen Castell’s recent article on the subject).  

There is the exception of people who are converting to newer cryptocurrencies. Depending on the type of cryptocurrency, these services either eliminate third-party involvement in transactions or use “smart contracts.” These contracts hold the cryptocurrency providers liable for their offerings. If the number of people leaving Bitcoin for another service increases, then its value would certainly decrease.   

As previously mentioned, an advantage to Bitcoin is its liquidity and ability to be easily exchanged. However, it becomes susceptible to unpredictable price swings within small time intervals. For instance, after the FBI announced the legitimacy of Bitcoin as a financial service, its value skyrocketed in late 2017 and yet halved at the start of 2018 due to the Mt. Gox hack. These decimated billions of dollars of the market value instantly. 

Lastly, Bitcoin mining weakens the environment because it exhausts large quantities of electricity. The source of power for Bitcoin stems from coal plants. When mining occurs, the amount of electricity used directly correlates to the vast amounts of air pollutants released into the atmosphere, creating difficulty for surrounding citizens to breathe.  

As the world transitions into a virtual age, and the value of fiat currency remains in flux, people face the crucial decision to either invest in cryptocurrency or continue with their current monetary choices. For those looking to invest in Bitcoin or cryptocurrency, hopefully this blog post provides general insight and clarity for future financial endeavors.  

Sources: 

https://bitcoin.org/en/how-it-works

https://www.moneycrashers.com/bitcoin-history-how-it-works-pros-cons/

ComputersEmploymentHuman ResourcesOrganizational Development

The Future of the Office in a Post-Pandemic World

on December 10, 2020

As we endure almost ten months of living through a pandemic, we can all agree COVID-19 has brought about various changes and challenges. The pandemic has affected every aspect of daily life. Worrying when items will be restocked in local grocery stores, wondering when the next stimulus check will arrive in the mail, and keeping ourselves and families safe from the virus have been at the forefront of everyone’s minds. Although millions of jobs have been lost this year, people who are lucky enough to either have found or kept his/her job now deal with working-from-home. Because the workforce is now conducting a 180 towards online practices, the future of offices in a post-pandemic world is pending. 

According to Nicholas Bloom, a Stanford Economist, “we’re in the middle of a structural, seismic shift,” in the workplace. Working-from-home is not a new concept, there are jobs that are designed specifically for remote locations and travel. The problem is millions of people are now forced to adapt to new working conditions in order to slow the spread of the virus, putting the world’s technological advancements to the test. To ensure productivity through a tumultuous time, businesses are instantly tasked with reimagining the role of work and creating a positive environment for their employees. Both individuals and organizations face benefits and drawbacks from this uncontrollable shift.  

Some employees love the working-from-home lifestyle. For busy individuals or employees who have families, working-from-home creates flexibility in his/her work schedule, allowing time to complete daily errands and appointments. A surprising “36% (of employees) would choose it (remote work) over a pay raise,” a statistic from Global Workplace Analytics. Working-from-home also allows people to save money on clothesgas, and food costs that they would otherwise need for the workplace. Lastly, working remotely does not necessarily mean people are tethered to their homes. Computers and smartphones allow people to work from any location, including coffee shops, parks, and even planes. Having the choice of when and where you work is the appealing aspect of working remotely.  

While working from home has been successful for some people, it has caused great strife for others. Merging the personal and professional components of life is not an easy feat. This sudden disruption of daily routines adds physical, mental, and emotional anxiety. For those with families, balancing the work load may be difficult with children under foot. To add, the lack of in-person communication creates a sense of isolation and loneliness, which could decrease productivity. To combat these hardships, employees and employers who work-from-home must dedicate some time to maintain his/her health and wellness by exercising, connecting with family and friends, and finding activities that bring happiness to the day.  

Although companies who adopt the work-from-home method implement different policies, the general pros and cons seem to be consistent for most businesses. According to Global Workplace Analytics, “A number of states, including Virginia, Georgia, and Oregon offer financial incentives for businesses to adopt telework.” The benefits are not limited to financial incentives. States such as Arizona and Connecticut offer free training to businesses willing to convert to remote work. Also, working from home is environmentally friendly. The rate of office equipment energy consumption is twice that of energy consumption from a person’s home. Businesses save money by participating in the work-from-home method and improving the conditions of the planet one step at a time. Finally, remote work is slowly increasing the hiring pool because it provides geographic diversity that would not have been possible pre-pandemic. 

For CEOs, managers, and other team leaders within an organization, being unable to convene at an office can be difficult. The absence of a physical space forces people on all levels of the organizational hierarchy to interact through digital means. Face-to-face communication has been limited to video conferences on sites such as Zoom, Skype and Google Hangouts. Projects, presentations, sales pitches, settlements, and other types of meetings are conducted through a computer or phone, which increases the chance of miscommunication and technological difficulties. This quick transition to telework also increases management mistrust.  As many as “75% of managers say they trust their employee, but a third say they’d like to be able to see them, just to be sure,” stated by Global Workplace Analytics. Working from home provides a flexible schedule for employees, but it is also their responsibility to accomplish the required tasks and not abuse the time allotted to do so. Companies must make strides to embrace remote work as part of the new norm by setting and measuring goals for employees.  

Ultimately, there are advantages and disadvantages to working from home and the office. Many companies adopt the hybrid model where employees do both, and this is most likely what the future holds in store for the modern-day workforce. For both businesses and employees, the balance between work and personal life has become a priority during the height of the pandemic. The work-from-home model not only relieves some of the stress imposed by the pandemic but allows people who work in non-online industries, such as healthcare and construction, to safely tend to their job. Whether businesses go back to the office or not, it has been reassuring to know that many industries and individuals have the technological capability and resources to work from home during a global pandemic. 

TikTok Logo
Computer SecurityComputersInformation & Communication TechnologySocial Media

TikTok: Is It The Next Cyber-Security Threat?

on September 21, 2020

TikTok has been the most downloaded app globally in 2020. Although it has existed since 2018, TikTok surpassed 2 billion downloads back in April, during the apex of the new socially-distanced reality engendered by the pandemic. The ability to share and create content such as comedy skits, dance challenges, and lip-syncing clips, has appealed to various age groups around the world, especially teenagers. However, TikTok has been at the center of controversy for raising cyber security concerns not just here in the United States, but around the world. 

The problem with TikTok is twofold. The first issue is the app is owned by a Chinese company called ByteDance. Because ByteDance is not American-based, it does not follow U.S. federal and state consumer privacy laws. TikTok announced the data collected by American users is backed-up in Singapore, which is not subject to Chinese law. Though true, it is possible the Chinese government could pressure ByteDance to relinquish its user information. 

Second, TikTok has a large accumulation of data related to the types of videos Americans watch and post. Because it has turned into an important platform for political activism, people are worried the Chinese government could influence public opinion and control speech. For instance, according to both The Guardian and The Intercept, last year, TikTok company officials told their employees to censor content considered sensitive to Beijing. TikTok claimed their policies were outdated when the reports were released. As a result of this incident, they established a “transparency center” so security and technology experts from around the world can observe their policies. 

Despite TikTok’s official statement, President Donald Trump issued an Executive Order in August declaring the prohibition of all business with ByteDance. Unless ByteDance announces a plan to sell TikTok, the app will be banned on September 29th, 2020. Several American agencies and companies, such as the U.S. Army and Wells Fargo, have been proactive, requiring servicemen and employees to uninstall the app in response to these security concerns. Other countries, like India, have followed suit, banning the app altogether. 

Many people, including computer security experts, believe banning the app in the United States would be an extreme course of action. Not only would it invite questions about censorship in a free country right before an election, but it would affect various companies here in the U.S. who use the platform for marketing purposes. A solution technology experts have mentioned is to implement policies for protecting consumer privacy and measures to minimize data misuse from companies around the world. Currently, with the exception of a few state laws, the responsibility of American privacy and data sharing belongs to companies such as TikTok, Facebook, and Twitter. 

On September 14th, 2020, ByteDance accepted Oracle’s proposal to be their new technology provider. This means Oracle would be held accountable for protecting all user information collected through TikTok. Although this deal is pending approval by the U.S. government, this would keep businesses invested in TikTok afloat and allow up to 100 million users to continue posting creative content. Tresury Secretary, Steve Mnuchin, told CNBC that the government will be reviewing the proposal this week, as their top priority is to keep American user data from the Chinese Communist Party.   

Four days later, the U.S. government announced the removal of TikTok and fellow Chinese app, WeChat, from American app stores supplied by Apple and Google. Distribution, updates, and maintenance will be expelled for purchase unless the Trump administration, TikTok, and Oracle can close a deal by September 20th. Commerce Secretary, Wilbur Ross, told Bloomberg WeChat would be shut down for practical purposes, but Americans could still use the app for payments in China and talk to loved ones overseas. He added TikTok’s official shut down is scheduled after November 12th if the deal with Oracle falls through.  

On Monday, September 21st, 2020, President Trump announced his approval of the deal between Oracle and TikTok. As a result of the ongoing proposal, Oracle and Walmart will share a 20% stake in TikTok Global, a new company headquartered in the United States. ByteDance will own 80% of TikTok Global and allow Oracle to review its source code. Ceding algorithms and other technologies was not included in the deal. Allowing Oracle to review the source code is still not fool-proof as ByteDance could easily instruct the code to send data back to China in secret. Trump’s approval has postponed the ban for now, but the removal of TikTok through American app stores is still in effect. As relations between the United States and China remain tumultuous, the final outcome of the TikTok debate remains to be seen. 

Computer SecurityExpert WitnessInformation & Communication TechnologySecurity

Is New Hampshire the Next Iowa Voting Disaster? Information Technology Expert Analysis

on February 7, 2020

A hastily-developed app and combined with a lack of user testing caused a ruckus in Iowa Caucus voting this week. What’s in store for New Hampshire, Super Tuesday, and beyond?

It has been an exciting week in US politics. We had a State of the Union address and an impeachment vote. A whirlwind week by any standard! Before we could even get to those two events, we started the week with an outrageous technology failure in the Iowa Democratic Caucus. For purposes of this blog post, I’m not going into the differences between a caucus and a primary. Let’s just assume they accomplish the same result: selecting a candidate for political office.

For the Iowa Democratic Party, Monday night was a disaster and then it continued into Tuesday, Wednesday… you get the idea. As I write this blog post on Friday morning, I’m not even sure if they have an official determination of who won. The news stories seem to be conflicting.

So here is what we know about the app (IowaRecorder) failure based on available reports. The Iowa Democratic Party hired a marketing technology company to build an app which would be used, statewide, to report results of local caucus votes (I’m simplifying for purposes of brevity). The app was going to be used to submit voting results. Nobody was actually voting through the app.

This first really good article I read that outlined the technology implementation failure, came from Slate. Here was a good summary from a couple of days ago:

“It’s still unclear what exactly went wrong with the app, but all of these issues appear to have something in common: The Iowa Democratic Party clearly wasn’t prepared for any possible issues with the app and a more involved method of vote reporting introduced this year—and sure enough, it reportedly turns out that the app was never tested on a statewide scale. Shadow, which is run by alumni of the Barack Obama and Hillary Clinton campaigns as well as Google, was paid $60,000 to develop the app, but it had just two months after party officials decided to abandon plans to report results over the phone.”

There’s some updated information on the failure from Motherboard, which was released yesterday (along with the app code). Below, you’ll see that they released an app that was still in beta format:

“And Instead of going through proper app store review processes conducted by Apple and Google, Shadow used beta testing platforms like Apple’s TestFlight to distribute the software so it could meet the Monday deadline. So when it came time for the app to do its most critical role — letting Democratic precinct leaders report results from Iowa on Monday — it failed in every way imaginable.”

Expert Analysis:

As I do when these major stories break, I turn to Experts.com members to get insights. You may recall Dr. Stephen Castell. Dr. Castell, Chartered Information Systems Practitioner and Member of the Expert Witness Institute, is Chairman of CASTELL Consulting. He is an internationally acknowledged Independent Computer Expert who has been involved in a wide range of computer litigation over many years.

Dr. Castell and I wrote a blog post back in 2018, regarding West Virginia’s Blockchain voting program. They are actually expanding this plan, which may necessitate a separate blog post.

Below, please find my questions and Dr. Castell’s answers (Disclaimer: these questions and answers provided on February 5th, 2020):

Nick: From available reporting, it appears the Iowa Democratic Party failed to do a statewide testing of this vote reporting application. What type of tests would have been necessary to identify errors in the system before statewide roll-out?

Dr. Castell: As other ICT professionals comment in the reports, there should be thorough systems testing and QA procedures, including User Acceptance Testing and Pilot Trials, plus scaled-up ‘soak testing’, before contemplating any real-world launch, such as this statewide roll-out. You expect to get errors in systems testing – its main purpose is to identify faults and fix them. Sadly, software systems and Apps these days do seem often to be launched publicly without adequate systems testing, let alone with adequate prior User Testing and Pilot Trials. If such standard professional QA processes were omitted, or truncated, for something as high-profile and important as an App to collect and relay voter data in the Iowa Caucus, that does appear rather astonishing.

Nick: It doesn’t appear that all of the fault lies with the app developer. It seems the Iowa Democratic Party only gave the app developer 2 months to develop and deploy this application. What sort of time-frame would you anticipate to develop, test, and implement a software of this scale?

Dr. Castell: That is difficult to estimate without more knowledge of the actual detailed Customer Requirements Specification that the developer’s App was contracted to meet. On the face of it, an App simply to in-gather voting data, aggregate and transfer it, sounds in principle like fairly straightforward functionality to code, test (at scale) and implement, and 2 months may not have been an unrealistic timescale for development, testing and deployment.

Nick: Would you expect there to be a certain level of user sophistication for those using the app on this scale? Should there have been company representatives available at caucus sites?

Dr. Castell: Reports suggest that there was little prior familiarity, let alone ‘training’, or ‘user sophistication’, with the App on the part of those expected to employ it for real, in the high-pressure, real-time Iowa Caucus conditions. Whatever the state of compliance of the App with its contractual specification – perhaps reasonably well delivered to time, budget, specification, and of suitable quality, ‘fit for purpose’ – if there was no program for adequate user familiarity and training, plus some sort of support and trouble-shooting team from the developer company at caucus sites, that alone could account for the problems encountered in statewide roll-out operation.

Nick: From what I’ve read, it looks like the company was paid $60,000 to build this application. Is there any way to gauge whether this is too little or too much for this type of application development?

Dr. Castell: Again, that is difficult to gauge without more knowledge of the actual detailed Customer Requirements Specification, and thus the likely complexity of the functionality needed, and its associated software design and coding; also, there may have been a tight budget to which the developer company was obliged to work. It is not unusual for software developers to invest in a ‘plum’ assignment such as this high-profile Iowa Caucus project, for the promotional and marketing impact that gives them in securing hopefully more lucrative and profitable development jobs later. In this case, the $60,000 could have been much less than the true cost to the developer company of the analyst, designer, coder, tester, deployer and trainer man-days expended in building and launching the App with a statewide roll-out, against a tough deadline.

Nick: What sort of testing, trials, and quality assurance requirements would you have employed prior to such an implementation?

Dr. Castell: There should ideally have been thorough systems testing and QA procedures, including User Acceptance Testing and Pilot Trials, plus scaled-up ‘soak testing’, well understood by ICT professionals, before the real-world launch of this statewide roll-out. Relevantly, I teach a Course Avoiding IT Disasters – the Expert Way, the principles of which are also covered in my seminal paper “Forensic Systems Analysis: A Methodology for Assessment and Avoidance of IT Disasters and Disputes”, issued as a Cutter Consortium Executive Report, Enterprise Risk Management & Governance Advisory Service series (Vol. 3, No. 2, March 8, 2006).

 

We cannot say that New Hampshire is next. All available information tells us that New Hampshire is not using the same company/app used in the Iowa Caucuses. Furthermore, there was talk of Nevada using the app, but they have claimed they will not move forward with the application.

That’s the end of this particular blog post. Though, we’re already in talks about another post related to voting systems.

Computer ForensicsDemonstrative EvidenceEvidenceSexual AbuseUncategorized

The Jeffrey Epstein Trial: Expert Witness Commentary on eDiscovery and Forensics

on August 7, 2019

Last week, The Daily Beast reported the Jeffrey Epstein criminal trial will have a million pages of evidence, which will include materials seized from several devices.

A million pages of evidence makes for a great headline. It feels overwhelming! However, after reading the article from The Daily Beast, I began to wonder if a million pages of evidence is a lot or a little? How many files are stored on a standard laptop or cell phone? How will the prosecution and defense identify those files admitted into evidence? These questions, obviously, got me thinking about digital forensics and eDiscovery issues present in the Epstein sex abuse trial.

Now, if you read the blog post from last week, you’re probably wondering if I’m going to constantly write about sex abuse issues. The answer is, no. However, when these topics fill our news and I have the ability to reach out to qualified expert witnesses to provide insights on issues of public import, I’m going to do so.

As of this writing, the Florida Governor has ordered a state criminal probe into the handling of the 2008 Jeffrey Epstein investigation. This new probe was reported by The Miami Herald, yesterday afternoon. Some credit for Epstein’s current predicament, is due to the “Perversion of Justice” exposé series, from Miami Herald reporter Julie K. Brown. She detailed the 2008 sex trafficking investigation and settlement. The series is worth a read!

Now, back to the million documents of evidence. I’ve been working with digital and ediscovery experts for nearly 10 years. That said, I’m a novice on their areas of expertise. I’m able to issue spot when an attorney needs a particular type of expert. With that said, I posed some foundational questions to one of our members.

Questions & Answers for expert witness C. Matthew Curtin, CISSP:

C. Matthew Curtin, CISSP, founder and CEO of Interhack Corp., is a Certified Information Systems Security Professional. An expert in computers and information technology, Mr. Curtin and his team at Interhack help attorneys and executives use data and computer technology in high-stakes situations.

NR: According to The Daily Beast article, the Epstein trial will have more than 1 million pages of evidence, found on multiple devices. How will the prosecution and defense retrieve all of these documents and collate them into usable evidence?

CMC: One million pages of computer evidence is no big deal. Consider that in a typical computer system you’re looking at anywhere from 100,000-500,000 files, including all of the software, operating system, and user data. By the time you get through to the things being used by the prosecution and defense as evidence, the vast majority has been thrown out, but if you’ve got a phone or two, a couple of computers, and a few online services, it’s pretty easy to get into those numbers. Ultimately it depends on how they’re counting, of course: Are these bates numbered pages for presentation, or are they the raw input? If these are the results that are turned into exhibits and so on, that’s pretty big but not huge.

NR: What is the process for identifying the usable documents from those that are unrelated to a litigation?

CMC: Finding relevant documents and conducting a forensic examination are two fundamentally different processes. Finding relevant documents is typically a matter of “indexing” (reading the files for their contents) and then making “queries” of the “index” to return the documents and pages that are responsive to the search. Typically an attorney will then look at the responses and make a decision as to whether something is material. It’s basic data processing: data in, data out for a lawyer to use.

In the case of a forensic examination, the raw data will be subjected to various tests and analysis, ultimately resulting in reports that will be submitted as evidence. For a phone, a complete “extraction report” can easily produce a 5,000 page PDF document, and many get much, much larger. In any case, all of these things will wind up going into some kind of expert report that will outline opinions and findings that might be challenged and should be subjected to scrutiny. This is expert data analysis, where the data processing is performed to be consumed by an expert to form a technical opinion or finding.

NR: How much time would it take a forensics expert to comb through multiple devices to determine which documents are appropriate for discovery and evidentiary purposes?

CMC: Methodology and the size of the source matter for how long it takes. Generally speaking, I tell people to figure that to run through a forensic image of a raw computer hard drive and prepare it for human review, you’re looking at three days if you want to recover deleted files, compute the mathematical “hash” values that allow us to distinguish among files, and so on. A human will then need to go through the results and that can take anywhere from another day to another week or more, depending on what’s found, and how much work needs to be done without automated tools to manage the process. In some cases, no one cares about deleted files. In other cases, they’re critical. The only rule of thumb that applies generally is that the time it takes to do the job is between two and eight times what a lawyer thinks it should take.

NR: Is a million documents a lot of digital documents for a trial? Or is that common when dealing with digital files?

CMC: I addressed this a bit in my first answer, but one million computer files isn’t a big deal.

NR: I’m sure many of my questions are rudimentary, please feel free to provide any additional information you think the public should know about digital forensics and e-discovery in this type of matter…

CMC: Something to add: when conducting forensic examination, we often see a law-enforcement view put forth: Suspect that X happened, so go search for evidence of X. Fail to find X, and you add “tampering” to the list of charges. The reality is, though, that it isn’t sound scientific process to go in search of confirmation of what you think is already happening. Various cognitive biases interplay to create serious problems with the results extracted this way. Far better to construct tests to look for the “null hypotheses,” the things that would disprove what you think is happening. At the very least, alternate theories of the case deserve exploration and there are plenty of cases that would not take the time and money put into them if they were given greater scrutiny.

For example, if someone is suspected of having illegal pornography on a computer—that is, possessing the material, knowing the character of its content—law enforcement will typically reconstruct deleted files, look at thumbnail image databases, and loose files found in caches and elsewhere on the disk managed by the computer operating system rather than the user directly. If they find material that looks like what they thought was there, in many places a prosecutor will go forward with charges. On the other hand, what if someone did get the files and not mean to have them? What other course would there be but to delete the material? If the material has been deleted, why would it be brought up in a prosecution? There are cases where it can be relevant to a legitimate legal question but we’re only in the last few years starting to see some sophistication in consuming these results and moving forward sensibly with discretion informed by understanding.

A huge thanks to C. Matthew Curtin for taking time to provide us with these excellent answers. Please check out his company at http://web.interhack.com/.

BlockchainComputer SecurityExpert Witnesslegaltech

Blockchain Voting Election 2018: Expert Analysis of West Virginia’s Plan

on August 14, 2018

This November, West Virginians deployed overseas will have the opportunity to vote via smart phone through a Blockchain-based application. Given the existing concerns of election integrity, I couldn’t help but reach out for expert analysis.

Hey, did you know that election integrity is kind of big deal? Have you been watching any number of news stations in the last few years? Our country has not stopped talking about election meddling, voter fraud, electronic voting, and wide variety of related topics, for two or more years, give or take.

If you are not aware of these concerns, you must be living under a rock. Please make room under the rock as I’d like to join you. I do my best to ignore the talking heads because I’ve found they add no value to my life (anyone else feel that way about the twenty-four hour television news cycle?).

Before I digress entirely, my point is election integrity and vote verification are legitimate concerns and imperative for the success of our democracy. As such, broadcast news covers the subject extensively.

Rarely, however, do these broadcasters address the micro-issues. This is why I choose to get my news from a variety of different publications, most of which I read online. That’s how I found this article: Experts Criticize West Virginia’s Plan for Smartphone Voting, from Ars Technica. Many of my regular readers know I appreciate the legal and policy analysis from Ars Technica. Routinely, I use it as a jumping off point for further research. The publication often acts as a catalyst for blog posts. In this case, I’d been waiting for the opportunity to discuss the Blockchain topic and get insights from expert witnesses on the subject.

The issue of a Blockchain-based application being used, to allow soldiers stationed abroad, the opportunity to vote through their smart phone was the perfect topic. Bitcoin (a Blockchain-based crytocurrency) is already being written and discussed extensively. Voting, through a Blockchain application, is getting less coverage and is therefore more interesting to me.

Much of what I’ve read about the Blockchain is hyperbolic. I’ve read on more than one occasion that “the Blockchain cannot be hacked.” On its face, that statement appears illegitimate. There is no such thing as 100% secure. So, how do we plan on safely using a smart phone app to conduct one of our country’s most sensitive civic processes?

According to the Ars Technica article, West Virginia did a limited run of the system (Voatz is the name of the app) for the primary election in May. The article further provided, “West Virginia’s secretary of state told CNN that the pilot worked well and that the system passed four audits of various parts of the system. So this November, the state is planning to offer the system more broadly to West Virginians deployed overseas.”

Naturally, I have a lot of questions about the security and reliability of the voting application offered by Voatz. So I reached out to one of our computer science experts who has studied the Blockchain and recently published articles on the topic.

Computer Science and Systems Expert Witness – Dr. Stephen Castell

Dr. Stephen Castell is a computer science and systems expert witness with over 30 years of experience. As an expert witness, Dr. Castell has acted in over 100 major cases including the largest and longest computer software actions to have come to trial in the English High Court. Most recently, Dr. Castell contributed to the 200th issue of Computer Law and Security Review (CLSR), with his paper titled, “The Future Decisions of RoboJudge HHJ Arthur Ian Blockchain: Dread, Delight or Derision?Find out more about Dr. Castell by visiting his website: www.castellconsulting.com.

I’ve been working with Dr. Castell for more than eight years. We always have delightful conversations and “geek out” together over emerging technologies. Our recent conversations have, of course, covered the rapidly changing legal technology space.

Here are the questions I posed and the answers provided by Dr. Castell:

Nick: Can you describe Blockchain technology for the lay reader?

Dr. Castell: In its elemental form, a Blockchain is simply a decentralized database system – digital ledgers that store transaction data, distributed across many nodes.  It has a linked list data structure, with each block (an aggregated set of data) containing a ‘hash’ of the previous block.  Each block is formed by a ‘proof-of-work algorithm’, through which consensus of this distributed system is obtained via the longest possible chain.  A ‘traded’ cryptocurrency Blockchain (e.g. Bitcoin) is a shared public chain: in principle everyone has access to the chain, not only to read the information on the chain, but also to append new blocks on the chain.  This is known as an unpermissioned chain.  The West Virginia voting application is likely to be a permissioned chain, where, through public key cryptography, access control can be implemented during setting up of the chain so that differentiated access can apply – both voters and those managing and controlling the voting process can differentially record, and/or interrogate, votes and voting data added to its Blockchain.

Nick: Is a Blockchain-based voting system secure?

Dr. Castell: The Blockchain in and of itself provides strong cryptographic security.  However, ICT expert professionals bear in mind that not only are there no finalised international standards for Blockchain (eight  standards are in development under ISO/TC 307), but also there is far more to specifying, designing, developing, testing, deploying and maintaining an appropriate complete QA’d application than just the Blockchain element.  The security of the complete system needs to be addressed and designed-in from the start, irrespective of the use case for the Blockchain.  And whether to use a Blockchain as a component at all for a given business requirement such as public elections is a critical initial feasibility exercise that the expert knows is essential, as much from a security perspective as any other.

Nick: We know that electronic voting systems are vulnerable to hacking. Can Blockchain-based voting systems also be hacked?

Dr. Castell: Anything can be hacked, and electronic voting systems are no different.  Back in the late 1980s, I carried out a major definitive study, commissioned by the British H M Treasury, on the admissibility of computer evidence in court and the legal reliability/security of IT systems (The APPEAL Report, 1990, May, Eclipse Publications, ISBN 1-870771-03-6).  This concluded with what became known as my ‘First Dictum’:  “You cannot secure an ontologically unreliable technology by use of an ontologically unreliable technology”.  Nothing has changed.  Commercial computer hardware and operating systems, including smartphones, remain essentially ‘open’, and ontologically unreliable.

Nick: Is it the Blockchain that could be compromised or is it more likely a voter’s smartphone would be compromised by a hacker?

Dr. Castell: A well-engineered and implemented Blockchain distributed voting ledger should itself be as immune to compromise as its cryptography can provide.  But the voter’s smart phone security, and the overall voting application, are only as sound as whatever has been designed-in to the whole system – and we know that smartphones have for sure in the past been hacked.  It is not clear that the proposed West Virginia smartphone application would be any more (or less) hackable than anything else hitherto.

Nick: What sort of checks and balances would you expect for a Blockchain-based voting system before implementation?

Dr. Castell: It would seem an obvious (constitutional?) requirement that votes must always be manually-countable in any US election, in the event of suspected error or lack of trust in the reported result, whether through suspected deliberate tampering or compromise, accident or incident, random system malfunction, or whatever else, and particularly if the result is legally challenged in court.  Any smart phone app voting system must therefore always be designed so that its operation, and the voting data recorded, are auditable for integrity, accuracy and reliability ‘by hand’ – that is surely the most basic check and balance.

Lawyer Jonathan Bolls is a Magistrate, and Chief Election Officer, in Fairfax County, Virginia, who had personal experience of the consequences of unreliable computer systems, as a past victim of technical problems saving Bar Exam essays using suspect software provided by the Virginia Board of Bar Examiners (I provided expert opinion on his behalf – see http://jonathanbolls.blogspot.com/).  He notes that US citizens are passionate about the integrity of elections:  “For Blockchain technology, where someone is voting on their phone from overseas, they would want to consider that in doing so they potentially waive their rights to have their vote counted should a re-count be necessary.  We have actually gone the other way: removed our high-tech touchscreen voting systems and returned to the paper ballot.  If ever we need to check voting numbers we hand count”.

Aside from manual auditability, before implementation it is vital that ‘Proof of Concept’ projects be thoroughly executed, carefully trialing any proposed smartphone public voting system, prior to actual ‘go live’ for real.  Such Pilot Trials or Proving Systems are essential, with their scale, planning, operation, data and results, and assessment thereof, monitored and carried out by independent experts.

Nick: In your expert opinion, would you trust a Blockchain-based voting system to accurately register votes?

Dr. Castell: Deliberate hacking or compromise apart, there is no reason why a well-engineered and implemented Blockchain-based voting system, with careful professional expert involvement in its design and trialing before go-live, should not accurately register votes.  However, I do not consider that a so-called ‘trustless’ Blockchain-based voting system removes the need for a Trusted Third Party legally responsible for its operation and security.  ‘Who you gonna sue when it goes wrong?’ is still an essential consideration, and the Blockchain itself, nothing magical, ‘just another computer system’, cannot be sued.

See:

  • https://authors.elsevier.com/a/1XSpq_654J6Hkp  ‘The future decisions of RoboJudge HHJ Arthur Ian Blockchain: Dread, delight or derision?’, Stephen Castell, Computer Law & Security Review, Volume 34, Issue 4, August 2018, Pages 739-753.
  • Commission of the European Community. Green paper on the security of information systems, ver. 4.2.1, 1994.
  • S. Castell, Code of practice and management guidelines for trusted third party services, INFOSEC Project Report S2101/02, 1993.

Conclusion:

What are your thoughts? Would you trust a smart phone, Blockchain-based voting application? Please share your comments below!

UPDATE (08/16/2018):

Our friends over at the Robinette Legal Group, located in Morgantown, West Virginia, wrote a complementary piece to this blog. The author of the piece, Terri Robinette, did an exceptional job elaborating on prior “uses” of Blockchain in Sierra Leone and describing how West Virginia is legitimately the first to truly test this technology. She further described election security and fraud in West Virginia. Take a look at her article below:

Smartphone Voting App for Deployed West Virginia Military

Computer ForensicsComputer SecuritySecurity

Tesla Trade Secrets Lawsuit: Investigators & Expert Witnesses

on June 26, 2018

Did you hear about Tesla suing a former employer for stealing trade secrets?

Early last week, Tesla CEO Elon Musk emailed Tesla employees reporting another employee had done some pretty significant sabotage to the company’s manufacturing operations. According to one Ars Technica article, “In the all-hands email to Tesla staff, Musk wrote that the employee had made ‘direct code changes’ to the company’s production systems, as well as exporting ‘large amounts’ of Tesla’s data to unknown third parties.”

In the same article, Ars Technica quotes Musk’s email further, “the alleged saboteur could have been working with short sellers, oil and gas companies—whom he described as ‘sometimes not super nice’—or ‘the multitude of big gas/diesel car company competitors.’ Of this last group, Musk reminded his employees that, since the traditional OEMs have been known to cheat emissions tests, ‘maybe they’re willing to cheat in other ways.'”

Mr. Musk is not subtle in his indication that he believes the saboteur may have been working with others in a coordinated effort of corporate espionage and theft of trade secrets.

Later in the week, Tesla filed suit against a now-former-employee, Martin Tripp. We can only assume this is the employee to whom Mr. Musk referred in the earlier email, given the civil complaint allegations against Mr. Tripp. The civil complaint link is courtesy of Cyrus Farivar of Ars Technica.

The civil complaint alleges Mr. Tripp violated the Defend Trade Secrets Act and the Nevada Uniform Trade Secrets Act. Further, Tesla alleges of breach of contract, breach of fiduciary duty of loyalty, and violating the Nevada Computer Crimes Law.

To me, the interesting part was the “prayer for relief” (an absurdly arcane way of saying “this is what we want!”).  Here’s the summary. Take note of the first item:

tesla-prayer-for-relief

Section A goes hand in hand with Elon Musk’s comments indicating the saboteur may have been acting with unknown third parties. The legal action seems intended to prohibit the use of any stolen trade secrets and preventing any potential financial or competitive damage resulting from corporate espionage.

What experts played a role or may play a role?

The case being brand new (complaint filed last week), I don’t expect we’ll hear about expert witness involvement for some time. However, I do imagine some experts (working for Tesla) were involved in uncovering the alleged sabotage.

Digital Forensics, Computer Security, Corporate Security, Software, Human Resources…

We know from the complaint there are allegations that Mr. Tripp stole trade secrets from Tesla. According to the complaint, Mr. Tripp “has thus far admitted to writing software that hacked Tesla’s manufacturing operating system (MOS) and to transferring several gigabytes of Tesla data to outside entities.” To someone like me, with fairly basic coding experience, it appears Mr. Tripp was quite advanced. He was able to bypass Tesla’s internal security to install hacking software.

Mr. Tripp has not admitted, but Tesla further alleges, “he also wrote computer code to periodically export Tesla’s data off it’s network and into the hands of third parties.” This sentence alone makes me wonder why Tesla did not add potential JOHN DOES to the complaint. Nevertheless, the complaint continues, “his hacking software was operating on three separate computer systems of other individuals at Tesla so that the data would be exported even after he left the company and so that those individuals would be falsely implicated as guilty parties.” Again, I mention this is a pretty advanced thought process because Mr. Tripp had plans to cover his tracks.

Given this information, I presume Tesla’s corporate security in conjunction with their legal department had to investigate Mr. Tripp’s actions for some time before terminating his employment and filing suit.

This investigation was likely to include those with knowledge and experience in digital forensics, computer security, and hacking software. Since the investigation involved an employee, I suppose there’s a chance human resources was included in the investigation as well.

Why was the investigation likely to include this variety of individuals? Tesla had to identify the breach using digital forensics and computer security experts. After recognizing the hacking software in their system, it’s possible they would have reviewed the code to see how it breached their computer security and I assume they would be able to identify the terminals on which the code resided. Since Mr. Tripp had taken precautions to misdirect Tesla, they may have identified the three other employees as responsible parties early in the investigation, causing them to monitor those employees.

Having watched enough spy movies to pretend I know what I’m talking about, I have to imagine Tesla would want to identify the third party entities mentioned in the complaint. So, they probably allowed some data to be exported while they were monitoring the situation in an effort to identify those who may have conspired with Mr. Tripp. With my spy movie knowledge, prognostications, and five bucks, you can get a cup of coffee.

Of this, I am certain. Tesla had to use investigators familiar with protection of intellectual property and digital evidence collection. Experts listed above would have the appropriate specialization to conduct this investigation in preparation for the recent litigation.

So as the litigation develops and if it goes to trial, I will expect to see software, digital forensics, computer security, corporate security, and human resources experts and consultants assisting in discovery and preparing for trial.

 

 

 

 

 

Computer ForensicsComputer SecurityComputersConsultantsExpert Witness

Google Antitrust Investigations: FTC, EU, state attorneys general… More to come?

on November 17, 2017

The ABA Journal reported this week that Google was subpoenaed by the Missouri attorney general (Josh Hawley) for antitrust and consumer protection violations. Google has been placed on notice and the investigation is ongoing. Earlier this year, the Mississippi attorney general sued Google for similar violations and the European Union fined the company $2.7 billion for consumer protection violations. Are you seeing a pattern? Antitrust litigation against Google seems to be full speed ahead.

According to the article, the Federal Trade Commission (FTC) completed an investigation against Google in 2013. The FTC concluded, “We have not found sufficient evidence that Google manipulates its search algorithms to unfairly disadvantage vertical websites that compete with Google-owned vertical properties.” Evidently, Mr. Hawley does not agree with the FTC finding so he decided to investigate on his own.

When investigating and prosecuting cases involving sophisticated technology and antitrust issues, attorneys depend on experts to perform complex investigations and unravel complex issues. Who will the attorneys general and defense counsel turn to in support of these involved matters? Let’s take a look at the issues:

Antitrust / Consumer Protection:

To understand more about the laws governing antitrust issues in the US please visit the FTC for a brief summary.

Essentially, United States antitrust law is a collection of federal and state laws regulating the conduct and organization of businesses, generally to promote fair competition for the benefit of consumers.  As the FTC page indicates, there are three main laws covering antitrust behavior: the Sherman Act 1890, the Clayton Act 1914 and the Federal Trade Commission Act 1914. For more than 100 years, “The antitrust laws have had the same basic objective: to protect the process of competition for the benefit of consumers, making sure there are strong incentives for businesses to operate efficiently, keep prices down, and keep quality up.” The laws also basically prevent collusion or cartel-like practices and monopolies.

The Missouri attorney general has said, “There is strong reason to believe that Google has not been acting with the best interest of Missourians in mind.” It appears the Mr. Hawley believes Google is doing things which are not promoting, and possibly impeding, fair competition. Further, their algorithms may be directing users to Google-owned properties rather than websites offering services which compete with those Google-owned properties. As Google is the 800 pound gorilla when it comes to Internet searching, any tactics directing users to their own goods or services could be considered a restraint of trade.

In order to prove Google manipulates algorithms for their own benefit, the Missouri attorney general is probably going to have to employ some expert consultants who may later testify as expert witnesses. Google’s defense counsel will probably have to do the same. I assume Google will have many of the pre-litigation consultants in-house.

During the investigation, Mr. Hawley will likely need to consult with antitrust and antitrust economics experts to determine if actions by Google are negatively impacting consumers or restraining trade. Furthermore, he may need to employ consultants to conduct market research to have statistical evidence of the impact on consumers.

Algorithms:

Most of us (is this too presumptive?) have some sort of rough idea about search algorithms and what they accomplish. We understand it to be a mathematical equation used to search data and deliver a result based on the search terms we utilized.

After reading my last paragraph, I have to say there are probably far more accurate and simplistic descriptions of an algorithm. I may not have properly described how they work. That’s because I’m not a computer scientist. Luckily, neither the prosecution nor defense will be calling Nick Rishwain as an expert witness in Missouri v. Google.

The legal representatives from both sides are going to need assistance in understanding search algorithms and how algorithms might be manipulated by Google. They are going to need to know this quite early in the case in order to request and deliver the proper documentation during the investigation and discovery stages should Missouri file a lawsuit.

Both sides will likely need the assistance of information and Internet technology consultants. More specifically, I can see the need for information science & architecture experts as well as search engine optimization experts.

As the ABA Journal article made abundantly clear: Google has faced many legal actions related to antitrust and it appears even more legal actions lie ahead. It should be noted that Google is not alone in this area. There appears to be increased chatter about antitrust actions against Amazon as well. If the US Department of Justice and the Federal Trade Commission avoid taking action, we may see more attorneys general choosing to investigate and possibly prosecute the corporate giants for dominating the market.

For more information, check out the Experts.com Antitrust Articles section.

Updated: 07/24/2019:

Well, as we noted when we last wrote about the Google antitrust matter, more was likely to come. Yesterday, we learned the Department of Justice (DOJ) has opened an antitrust investigation into some of the world’s largest tech companies, although they did not mention the companies by name.

According to Ars Technica, the DOJ’s Antitrust Division opened an investigation which would “consider the widespread concerns that consumers, businesses, and entrepreneurs have expressed about search, social media, and some retail services online.”

From this, we can only take a guess that they mean they’ll be investigating Google, Facebook, Amazon, and some others. Other pundits assume Apple will also be investigated. If the investigation is a broad as reports are indicating, we can assume others will find themselves in the cross hairs at some point in the future.

1 2