Category: Computer Forensics

Audio ForensicsComputer ForensicsCrisis ManagementOnline Reputation ManagementSocial Media

Deepfake: Its Role in Law, Perception, and Crisis Management (Part 2)

on April 14, 2021

Welcome to Part 2 of Experts.com’s Deepfake Blog Series! In case you missed it, check out Part 1. The focus for Part 2 is to delve into the legal ramifications and perceptive dangers of deepfake videos, along with solutions for individuals and organizations who have been negatively affected by deceptive content. Continued insight from Audio, Video, and Photo Clarification and Tampering Expert, Bryan Neumeister, and new knowledge from fellow Experts.com Member and Online Reputation Management Expert, Shannon Wilkinson, will be included in this post.

Due to the relatively new concept and technology of deepfake content, the legal ramifications are not concrete. In fact, admitting deepfake content as evidence in some criminal and civil court cases can be a precarious endeavor because of metadata. According to the Oxford Dictionary, metadata is “information that describes other information.” Think of metadata as information found on a book. Listed is the author’s name, summary of the author, synopsis of the book, the name and location of the publishing company, etc. Metadata answers the same inquiries about videos and photographs on the internet. It has even been used to solve crimes. For example, in 2012, law enforcement found John McAfee, a man who ran from criminal prosecution for the alleged murder of his neighbor, using the metadata from a photo VICE Media, LLC released in an interview with the suspect (NPR). “The problem with metadata is when you upload any video to YouTube or Facebook, the metadata is washed because the user gives up the right to the video,” a statement by Bryan Neumeister. Reasons vary as to why metadata is removed. Some platforms have policies to disregard metadata to expedite the download time for such images and videos. However, it raises concern for those interested in preserving intellectual property (Network World). In addition to the numerous reposts a photo or video acquires, finding the original author of a post on major social media platforms poses a problem for litigants.

Entering evidence into court becomes a Chain of Custody issue (702, 902) through the Daubert Standard, which is a set of criteria used to determine the admissibility of expert witness testimony. Part of Mr. Neumeister’s expertise is to sift through the components (time stamp, camera, exposure, type of lens, etc.) of digital evidence via computer software systems to determine its authenticity or modification. One of the many techniques he uses is to look at the hash value of digital evidence. According to Mr. Neumeister, “Hash values are referred to in Daubert 702 as a way to authenticate. Think about a hash value as a digital fingerprint.” Without this set of numerical data, the most vital piece of proof needed to discern an original from a fake photograph or video, the digital evidence should be ruled as inadmissible by Daubert standards, as there is no chain of custody to a foundational original. Because deepfakes are difficult to track, and perpetrators are mainly anonymous underground individuals with limited assets, prosecuting these cases is a long-term investment without the return. From a moral perspective, justice should be served. With little or no recourse, the frustration is overwhelming for people whose character and financial future have been put in jeopardy.

Deepfakes may be complicated in the legal arena, but in the world of public perception, its role is much more forthright. In recent years, perception has become reality, and this notion rings resoundingly true regarding deepfake content. People who create and publish deceitful content have three main goals: to tarnish a person or company’s reputation, change a narrative, and ultimately influence the public. “Deepfakes are not usually done by big corporations. There is too much at stake. They are usually done by groups that have an intent to cause misdirection,” a direct quote by Mr. Neumeister. The truth about events regarding politicians, or any other public figure, has now become subjective. Like most viral posts, once a deepfake video is released, unless a user participates in research and finds other sources that confirms or denies deceptive material, people will believe what is shown on social media. There are two reasons for this: 1) it confirms an already ingrained bias, and 2) some people would rather trust the information instead of actively looking for sources that contradict the deepfake due to lack of will or information overload. Studies have shown it takes just a few seconds to convince people who are leaning the way a deepfake video is portraying a situation to believe the content. Even if there is a source that has been fact-checked and proves the contrary, the damage to a public figure’s perception has already been done.

For instance, one of the most popular types of deepfakes are centered around pornography. As discussed in Part 1, the General Adversarial Network (GANs) generated deepfake videos have a specific algorithmic structure that accumulates multitudes of any footage and mimics the desired output data. However, its blatantly realistic and high-quality footage is too exaggerated to be an authentic video. To further augment the illusion, people use techniques such as adding background noise, changing the frame rate, and editing footage out of context to make the video more “realistic.” According to Mr. Neumeister, “The more you dirty it up, the harder it is to tell … and then you’ve got enough to make something convincing that a lot of people won’t fact check.” This unfortunate reality, the emergence of different types of deepfake content can ruin the reputations of individuals and businesses across the board. Fortunately, there are methods to managing public perception.

A positive public image is one of the driving forces for success, trust, revenue, and a growing client base. For this reason, malicious and manipulative material found on the internet is threatening. The internet allows everyone to become an author, which gives users the power to post a variety of content ranging from true stories to false narratives. When businesses and organizations find themselves in a fraudulent crisis, “it can impact shareholder value, damage an organization’s reputation and credibility in the eye of consumers and customers, and result in the dismissal or stepping down of a CEO, board members, and/or other key leaders,” stated by Shannon Wilkinson, an Online Reputation Management Expert. Individuals who have less of a digital presence than organizations are more at risk for facing defamatory content. It begs the question, what types of crisis management strategies can business and individuals use to defend themselves against deepfake content?

One of the reasons why crisis emerges for organizations and public figures is due to the lack of proactiveness. Luckily, Ms. Wilkinson has provided numerous tips on how to prioritize reputation management and crisis response to build a “powerful digital firewall.” For reputation management, Ms. Wilkinson recommends:

  • Understanding how one’s business and brand appears to the world.
    • “Each Google page has 10 entries, discounting ads…The fewer you ‘own’ – meaning ones you publish… – the less control you have over your online image,” according to Ms. Wilkinson.
  • Customizing LinkedIn and Twitter profiles.
  • Publishing substantive and high-quality content related to one’s field of expertise or organizations (white papers, blogs, articles, etc.).
  • Scheduling a professional photography session.
  • Creating a personal branding website (ex: http://www.yourname.com).

As for crisis response options, there are two key components businesses and individuals must consider before crafting a recovery plan:

  • Possessing an online monitoring system alerting when one’s brand is trending on social media (ex: Google Alerts and Meltwater)
  • Seeing conversations in real time to augment one’s social presence within those digital spaces.

Below are the recommendations regarding the actual response to a crisis:

  • Social media platforms like Facebook and Twitter seem to be the more popular spaces to respond to deepfake content.
  • Updating current and existing information is a vital strategy to counter attacks.
  • Avoid engaging with anonymous commentors and trolls.
  • “Video is an excellent tool for responding to situations that result in televised content. A well-crafted video response posted on YouTube will often be included in that coverage. This strategy is often used by major companies,” a direct quote from Ms. Wilkinson.

The why behind creating, manipulating, and posting deepfakes for the world to see seems to be a moral dilemma. The motives behind uploading such misleading content are different for those who participate but nefarious, nonetheless. Legally, it remains an area of law where justice is not always served. Thanks to our Experts.com Members, Bryan Neumeister and Shannon Wilkinson, the what, when, how, and where aspects of deepfake content have been explained by people who are well-versed in their respective fields. In the height of modern technology and the rampant spread of misinformation, our Experts advise all online users, entrepreneurs, public figures, and anyone with access to the internet adequately fact-check sources encountered on the web. Those associated with businesses or happen to be public figures should prioritize developing crisis management precautions. In Mr. Neumeister’s own words, “People can destroy a city with a bomb, but they can take down a country with a computer.”

Audio ForensicsComputer ForensicsExpert WitnessSocial Media

Deepfake: An Introduction (Part 1)

on March 17, 2021

Computer technology is one of the most pivotal inventions in modern history. Artificial Intelligence, smartphones, social media, and all related apparatus have significantly enhanced living conditions in an unprecedented manner and connected the world with a click of a button. It is used in various occupations: from business related fields to more creative professions. To say modern technology has been advantageous in recent decades is an understatement. However, every creation has its flaws. This multi-part blog series is intended to reveal one of those flaws, and a dangerous one at that, deepfake videos. This first post includes an introduction to deepfake videos, and the steps taken by federal and state governments to identify such duplicitous content. Special insight on the subject is provided by our Experts.com Member and Audio, Video, and Photo Clarification and Tampering Expert, Bryan Neumeister.

Editing footage and photos is normal practice in our selfie-addicted new normal, but creating distorted content is a whole new ballgame. According to CNBC, deepfakes are “falsified videos made by means of deep learning.” These videos, images, audios, or other digital forms of content are manipulated such that counterfeits pass as the real thing. What makes matters worse is the internet allows anyone and everyone to create, edit, and post deceptive content. It is one of many threats to cybersecurity strategists, police departments, politicians, and industries alike because the purpose of making them is to spread misinformation, tarnish reputation’s, exploit evidence, and to ultimately deceive an audience. The unfortunate reality is deepfake videos which display pornographic scenarios and manipulated political moment are the most common. For instance, a notable deepfake video was posted by Buzzfeed in 2018 depicting former United States president, Barack Obama, slandering another former United States president, Donald Trump. However, the voice behind Obama is none other than Jordan Peele. The video was intended as a moral lesson to explain how important it is to verify online sources, and to highlight the dangerous problem of trusting every post uploaded to the internet.

According to Mr. Neumeister, who specializes in this area of expertise, there are two types of artificial intelligence programs used to create deepfake videos: GANs and FUDs. He states, “GANs (Generative Adversarial Networks) are used by professionals, and FUDs (Fear, Uncertainty, and Doubt) are the homemade ones.” Although FUD videos garner more attention among internet users, the real menace to society are the videos made from GANs.

Videos made from Generative Adversarial Networks have an algorithmic framework designed to acquire input data and mimic the desired output data. One can visualize how GANs work through the viral Tom Cruise TikTok deepfake. According to NPR, the creator of the deepfake, Chris Ume, used a machine-learning algorithm to insert an accumulation of Tom Cruise footage. This allowed him to give a digital face transplant to the Tom Cruise lookalike actor he hired for the video. Ume input a plethora of videos to create a desired output of a realistic face swap. Neumeister also adds that the most realistic deepfakes correlate to the amount of footage a person can acquire. Specifically, “the more bits of video clip you have to put together, the more accurate you can make facial movements, ticks, etc.” From this logic, it can be inferred that Ume’s Tom Cruise deepfake looks more realistic than those that lack algorithmic programs.

Because viewers typically see deepfakes in politics and pornography, federal and state governments have recently implemented laws to counteract deepfake content creation and distribution. President Trump signed the first deepfake federal law near the end of 2019. This legislation is included in the National Defense Authorization Act for Fiscal Year 2020 (NDAA), which is a $738 billion defense policy bill passed by both Senate (86-8) and the House (377-48). The two provisions in the NDAA requires:
“(1) a comprehensive report on the foreign weaponization of deepfakes; (2) requires the government to notify Congress of foreign deepfake-disinformation activities targeting US elections,” (JD Supra). The NDAA also implemented a “Deepfakes Prize” competition to promote the investigation of deepfake-detection technologies. On a state level, there have been laws passed by multiple states that criminalize specific deepfake videos (JD Supra):

  • Virginia: first state to establish criminal penalties on the spread of nonconsensual deepfake pornography.
  • Texas: first state to ban creation and dissemination of deepfake videos aimed to alter elections or harm candidates for public office.
  • California: victims of nonconsensual deepfake pornography can sue for damages; candidates for public office can sue organizations and individuals that maliciously spread election-related deepfakes without warning labels near Election Day.

Although the Trump administration and various states established policies against deepfakes, it remains ubiquitous on almost all online platforms. How can users at home distinguish authentic content from deepfakes?

Mr. Neumeister provides a few tips and tricks for detecting a deepfake. One giveaway mentioned is mouth movement, otherwise known as phonemes and visemes. Mouths move a certain way when people speak. For instance, words like mama, baba, and papa start with a closed mouth. Words like father, and violin start with the front teeth pushing against the bottom lip. To add, consonants and vowels also sound a certain way when pronounced correctly. “Words with t, f, n, o, and wh, are pretty good for tells,” adds Mr. Neumeister. When analyzing video, the frames in which a person is speaking are broken down into approximately six to ten frames to determine if the way someone talks in other videos is the same as the video being analyzed. Another tip Mr. Neumeister suggests is to watch videos with context in mind. Viewers should pay attention to background noise, crowd ambiance, and the cadence in a speaker’s sentences. Authentic and original content would have, by nature, realistic frames. Users can detect a deepfake by sensing dissonance in, for instance, a speaker’s proximity to the microphone or a size of a room. For users at home or on-the-go, these tips are crucial for distinguishing verified sources from manipulated misinformation.

The emergence of deepfake content, its continuously improving technology, and the spread of disinformation is a multifaceted and complex problem. This blog post has only scratched the surface, so stay tuned for part 2 for a more in-depth read.

Computer ForensicsDemonstrative EvidenceEvidenceSexual AbuseUncategorized

The Jeffrey Epstein Trial: Expert Witness Commentary on eDiscovery and Forensics

on August 7, 2019

Last week, The Daily Beast reported the Jeffrey Epstein criminal trial will have a million pages of evidence, which will include materials seized from several devices.

A million pages of evidence makes for a great headline. It feels overwhelming! However, after reading the article from The Daily Beast, I began to wonder if a million pages of evidence is a lot or a little? How many files are stored on a standard laptop or cell phone? How will the prosecution and defense identify those files admitted into evidence? These questions, obviously, got me thinking about digital forensics and eDiscovery issues present in the Epstein sex abuse trial.

Now, if you read the blog post from last week, you’re probably wondering if I’m going to constantly write about sex abuse issues. The answer is, no. However, when these topics fill our news and I have the ability to reach out to qualified expert witnesses to provide insights on issues of public import, I’m going to do so.

As of this writing, the Florida Governor has ordered a state criminal probe into the handling of the 2008 Jeffrey Epstein investigation. This new probe was reported by The Miami Herald, yesterday afternoon. Some credit for Epstein’s current predicament, is due to the “Perversion of Justice” exposé series, from Miami Herald reporter Julie K. Brown. She detailed the 2008 sex trafficking investigation and settlement. The series is worth a read!

Now, back to the million documents of evidence. I’ve been working with digital and ediscovery experts for nearly 10 years. That said, I’m a novice on their areas of expertise. I’m able to issue spot when an attorney needs a particular type of expert. With that said, I posed some foundational questions to one of our members.

Questions & Answers for expert witness C. Matthew Curtin, CISSP:

C. Matthew Curtin, CISSP, founder and CEO of Interhack Corp., is a Certified Information Systems Security Professional. An expert in computers and information technology, Mr. Curtin and his team at Interhack help attorneys and executives use data and computer technology in high-stakes situations.

NR: According to The Daily Beast article, the Epstein trial will have more than 1 million pages of evidence, found on multiple devices. How will the prosecution and defense retrieve all of these documents and collate them into usable evidence?

CMC: One million pages of computer evidence is no big deal. Consider that in a typical computer system you’re looking at anywhere from 100,000-500,000 files, including all of the software, operating system, and user data. By the time you get through to the things being used by the prosecution and defense as evidence, the vast majority has been thrown out, but if you’ve got a phone or two, a couple of computers, and a few online services, it’s pretty easy to get into those numbers. Ultimately it depends on how they’re counting, of course: Are these bates numbered pages for presentation, or are they the raw input? If these are the results that are turned into exhibits and so on, that’s pretty big but not huge.

NR: What is the process for identifying the usable documents from those that are unrelated to a litigation?

CMC: Finding relevant documents and conducting a forensic examination are two fundamentally different processes. Finding relevant documents is typically a matter of “indexing” (reading the files for their contents) and then making “queries” of the “index” to return the documents and pages that are responsive to the search. Typically an attorney will then look at the responses and make a decision as to whether something is material. It’s basic data processing: data in, data out for a lawyer to use.

In the case of a forensic examination, the raw data will be subjected to various tests and analysis, ultimately resulting in reports that will be submitted as evidence. For a phone, a complete “extraction report” can easily produce a 5,000 page PDF document, and many get much, much larger. In any case, all of these things will wind up going into some kind of expert report that will outline opinions and findings that might be challenged and should be subjected to scrutiny. This is expert data analysis, where the data processing is performed to be consumed by an expert to form a technical opinion or finding.

NR: How much time would it take a forensics expert to comb through multiple devices to determine which documents are appropriate for discovery and evidentiary purposes?

CMC: Methodology and the size of the source matter for how long it takes. Generally speaking, I tell people to figure that to run through a forensic image of a raw computer hard drive and prepare it for human review, you’re looking at three days if you want to recover deleted files, compute the mathematical “hash” values that allow us to distinguish among files, and so on. A human will then need to go through the results and that can take anywhere from another day to another week or more, depending on what’s found, and how much work needs to be done without automated tools to manage the process. In some cases, no one cares about deleted files. In other cases, they’re critical. The only rule of thumb that applies generally is that the time it takes to do the job is between two and eight times what a lawyer thinks it should take.

NR: Is a million documents a lot of digital documents for a trial? Or is that common when dealing with digital files?

CMC: I addressed this a bit in my first answer, but one million computer files isn’t a big deal.

NR: I’m sure many of my questions are rudimentary, please feel free to provide any additional information you think the public should know about digital forensics and e-discovery in this type of matter…

CMC: Something to add: when conducting forensic examination, we often see a law-enforcement view put forth: Suspect that X happened, so go search for evidence of X. Fail to find X, and you add “tampering” to the list of charges. The reality is, though, that it isn’t sound scientific process to go in search of confirmation of what you think is already happening. Various cognitive biases interplay to create serious problems with the results extracted this way. Far better to construct tests to look for the “null hypotheses,” the things that would disprove what you think is happening. At the very least, alternate theories of the case deserve exploration and there are plenty of cases that would not take the time and money put into them if they were given greater scrutiny.

For example, if someone is suspected of having illegal pornography on a computer—that is, possessing the material, knowing the character of its content—law enforcement will typically reconstruct deleted files, look at thumbnail image databases, and loose files found in caches and elsewhere on the disk managed by the computer operating system rather than the user directly. If they find material that looks like what they thought was there, in many places a prosecutor will go forward with charges. On the other hand, what if someone did get the files and not mean to have them? What other course would there be but to delete the material? If the material has been deleted, why would it be brought up in a prosecution? There are cases where it can be relevant to a legitimate legal question but we’re only in the last few years starting to see some sophistication in consuming these results and moving forward sensibly with discretion informed by understanding.

A huge thanks to C. Matthew Curtin for taking time to provide us with these excellent answers. Please check out his company at http://web.interhack.com/.

Computer ForensicsComputer SecuritySecurity

Tesla Trade Secrets Lawsuit: Investigators & Expert Witnesses

on June 26, 2018

Did you hear about Tesla suing a former employer for stealing trade secrets?

Early last week, Tesla CEO Elon Musk emailed Tesla employees reporting another employee had done some pretty significant sabotage to the company’s manufacturing operations. According to one Ars Technica article, “In the all-hands email to Tesla staff, Musk wrote that the employee had made ‘direct code changes’ to the company’s production systems, as well as exporting ‘large amounts’ of Tesla’s data to unknown third parties.”

In the same article, Ars Technica quotes Musk’s email further, “the alleged saboteur could have been working with short sellers, oil and gas companies—whom he described as ‘sometimes not super nice’—or ‘the multitude of big gas/diesel car company competitors.’ Of this last group, Musk reminded his employees that, since the traditional OEMs have been known to cheat emissions tests, ‘maybe they’re willing to cheat in other ways.'”

Mr. Musk is not subtle in his indication that he believes the saboteur may have been working with others in a coordinated effort of corporate espionage and theft of trade secrets.

Later in the week, Tesla filed suit against a now-former-employee, Martin Tripp. We can only assume this is the employee to whom Mr. Musk referred in the earlier email, given the civil complaint allegations against Mr. Tripp. The civil complaint link is courtesy of Cyrus Farivar of Ars Technica.

The civil complaint alleges Mr. Tripp violated the Defend Trade Secrets Act and the Nevada Uniform Trade Secrets Act. Further, Tesla alleges of breach of contract, breach of fiduciary duty of loyalty, and violating the Nevada Computer Crimes Law.

To me, the interesting part was the “prayer for relief” (an absurdly arcane way of saying “this is what we want!”).  Here’s the summary. Take note of the first item:

tesla-prayer-for-relief

Section A goes hand in hand with Elon Musk’s comments indicating the saboteur may have been acting with unknown third parties. The legal action seems intended to prohibit the use of any stolen trade secrets and preventing any potential financial or competitive damage resulting from corporate espionage.

What experts played a role or may play a role?

The case being brand new (complaint filed last week), I don’t expect we’ll hear about expert witness involvement for some time. However, I do imagine some experts (working for Tesla) were involved in uncovering the alleged sabotage.

Digital Forensics, Computer Security, Corporate Security, Software, Human Resources…

We know from the complaint there are allegations that Mr. Tripp stole trade secrets from Tesla. According to the complaint, Mr. Tripp “has thus far admitted to writing software that hacked Tesla’s manufacturing operating system (MOS) and to transferring several gigabytes of Tesla data to outside entities.” To someone like me, with fairly basic coding experience, it appears Mr. Tripp was quite advanced. He was able to bypass Tesla’s internal security to install hacking software.

Mr. Tripp has not admitted, but Tesla further alleges, “he also wrote computer code to periodically export Tesla’s data off it’s network and into the hands of third parties.” This sentence alone makes me wonder why Tesla did not add potential JOHN DOES to the complaint. Nevertheless, the complaint continues, “his hacking software was operating on three separate computer systems of other individuals at Tesla so that the data would be exported even after he left the company and so that those individuals would be falsely implicated as guilty parties.” Again, I mention this is a pretty advanced thought process because Mr. Tripp had plans to cover his tracks.

Given this information, I presume Tesla’s corporate security in conjunction with their legal department had to investigate Mr. Tripp’s actions for some time before terminating his employment and filing suit.

This investigation was likely to include those with knowledge and experience in digital forensics, computer security, and hacking software. Since the investigation involved an employee, I suppose there’s a chance human resources was included in the investigation as well.

Why was the investigation likely to include this variety of individuals? Tesla had to identify the breach using digital forensics and computer security experts. After recognizing the hacking software in their system, it’s possible they would have reviewed the code to see how it breached their computer security and I assume they would be able to identify the terminals on which the code resided. Since Mr. Tripp had taken precautions to misdirect Tesla, they may have identified the three other employees as responsible parties early in the investigation, causing them to monitor those employees.

Having watched enough spy movies to pretend I know what I’m talking about, I have to imagine Tesla would want to identify the third party entities mentioned in the complaint. So, they probably allowed some data to be exported while they were monitoring the situation in an effort to identify those who may have conspired with Mr. Tripp. With my spy movie knowledge, prognostications, and five bucks, you can get a cup of coffee.

Of this, I am certain. Tesla had to use investigators familiar with protection of intellectual property and digital evidence collection. Experts listed above would have the appropriate specialization to conduct this investigation in preparation for the recent litigation.

So as the litigation develops and if it goes to trial, I will expect to see software, digital forensics, computer security, corporate security, and human resources experts and consultants assisting in discovery and preparing for trial.

 

 

 

 

 

Computer ForensicsComputer SecurityComputersConsultantsExpert Witness

Google Antitrust Investigations: FTC, EU, state attorneys general… More to come?

on November 17, 2017

The ABA Journal reported this week that Google was subpoenaed by the Missouri attorney general (Josh Hawley) for antitrust and consumer protection violations. Google has been placed on notice and the investigation is ongoing. Earlier this year, the Mississippi attorney general sued Google for similar violations and the European Union fined the company $2.7 billion for consumer protection violations. Are you seeing a pattern? Antitrust litigation against Google seems to be full speed ahead.

According to the article, the Federal Trade Commission (FTC) completed an investigation against Google in 2013. The FTC concluded, “We have not found sufficient evidence that Google manipulates its search algorithms to unfairly disadvantage vertical websites that compete with Google-owned vertical properties.” Evidently, Mr. Hawley does not agree with the FTC finding so he decided to investigate on his own.

When investigating and prosecuting cases involving sophisticated technology and antitrust issues, attorneys depend on experts to perform complex investigations and unravel complex issues. Who will the attorneys general and defense counsel turn to in support of these involved matters? Let’s take a look at the issues:

Antitrust / Consumer Protection:

To understand more about the laws governing antitrust issues in the US please visit the FTC for a brief summary.

Essentially, United States antitrust law is a collection of federal and state laws regulating the conduct and organization of businesses, generally to promote fair competition for the benefit of consumers.  As the FTC page indicates, there are three main laws covering antitrust behavior: the Sherman Act 1890, the Clayton Act 1914 and the Federal Trade Commission Act 1914. For more than 100 years, “The antitrust laws have had the same basic objective: to protect the process of competition for the benefit of consumers, making sure there are strong incentives for businesses to operate efficiently, keep prices down, and keep quality up.” The laws also basically prevent collusion or cartel-like practices and monopolies.

The Missouri attorney general has said, “There is strong reason to believe that Google has not been acting with the best interest of Missourians in mind.” It appears the Mr. Hawley believes Google is doing things which are not promoting, and possibly impeding, fair competition. Further, their algorithms may be directing users to Google-owned properties rather than websites offering services which compete with those Google-owned properties. As Google is the 800 pound gorilla when it comes to Internet searching, any tactics directing users to their own goods or services could be considered a restraint of trade.

In order to prove Google manipulates algorithms for their own benefit, the Missouri attorney general is probably going to have to employ some expert consultants who may later testify as expert witnesses. Google’s defense counsel will probably have to do the same. I assume Google will have many of the pre-litigation consultants in-house.

During the investigation, Mr. Hawley will likely need to consult with antitrust and antitrust economics experts to determine if actions by Google are negatively impacting consumers or restraining trade. Furthermore, he may need to employ consultants to conduct market research to have statistical evidence of the impact on consumers.

Algorithms:

Most of us (is this too presumptive?) have some sort of rough idea about search algorithms and what they accomplish. We understand it to be a mathematical equation used to search data and deliver a result based on the search terms we utilized.

After reading my last paragraph, I have to say there are probably far more accurate and simplistic descriptions of an algorithm. I may not have properly described how they work. That’s because I’m not a computer scientist. Luckily, neither the prosecution nor defense will be calling Nick Rishwain as an expert witness in Missouri v. Google.

The legal representatives from both sides are going to need assistance in understanding search algorithms and how algorithms might be manipulated by Google. They are going to need to know this quite early in the case in order to request and deliver the proper documentation during the investigation and discovery stages should Missouri file a lawsuit.

Both sides will likely need the assistance of information and Internet technology consultants. More specifically, I can see the need for information science & architecture experts as well as search engine optimization experts.

As the ABA Journal article made abundantly clear: Google has faced many legal actions related to antitrust and it appears even more legal actions lie ahead. It should be noted that Google is not alone in this area. There appears to be increased chatter about antitrust actions against Amazon as well. If the US Department of Justice and the Federal Trade Commission avoid taking action, we may see more attorneys general choosing to investigate and possibly prosecute the corporate giants for dominating the market.

For more information, check out the Experts.com Antitrust Articles section.

Updated: 07/24/2019:

Well, as we noted when we last wrote about the Google antitrust matter, more was likely to come. Yesterday, we learned the Department of Justice (DOJ) has opened an antitrust investigation into some of the world’s largest tech companies, although they did not mention the companies by name.

According to Ars Technica, the DOJ’s Antitrust Division opened an investigation which would “consider the widespread concerns that consumers, businesses, and entrepreneurs have expressed about search, social media, and some retail services online.”

From this, we can only take a guess that they mean they’ll be investigating Google, Facebook, Amazon, and some others. Other pundits assume Apple will also be investigated. If the investigation is a broad as reports are indicating, we can assume others will find themselves in the cross hairs at some point in the future.

AccountingComputer ForensicsExpert WitnessExpert Witness TestimonyForensic Accounting

Paul Manafort Indicted: What expert witnesses can we expect to see from defense and prosecution?

on October 30, 2017

Robert Mueller’s investigation into Russian interference in the US Presidential Election has resulted in the indictment of Paul Manafort and one of his business associates, Rick Gates. It has been reported that a third individual, George Papadopolous, has pleaded guilty for making false statements to the FBI.

None of this is particularly surprising. On Friday we learned the first indictments would be handed down as early as today, and that is exactly what happened. As of this writing, Paul Manafort has turned himself into the FBI’s Washington Field Office.

ABC News reported the list of charges against Mr. Manafort and Mr. Gates. The 12 counts include: “conspiracy against the United States, conspiracy to launder money, serving as an unregistered agent of a foreign principal, false and misleading Foreign Agents Registration Act statements, false statements, and seven counts of failure to file reports of foreign bank and financial accounts.”

We are not writing to take any political side and it should be noted that an indictment does not mean the defendants are guilty of the charges. In fact, they are innocent until proven guilty. Rather, we wanted to discuss the expertise which may come into play in this matter.

What types of expert witnesses can you expect to see?

Forensic Accountants:

Based on the counts enumerated above, it appears the FBI has followed the money. As such, we expect the forthcoming prosecution will hinge on financial transactions and accounting related issues. As stated above, Manafort and Gates were charged with seven counts of failure to file reports of foreign bank and financial accounts in addition to conspiracy to launder money. If money is flowing in and out of multiple bank accounts forensic accountants are going to be needed to analyze the transactions and explain those transactions to the trier of fact.

Money Laundering / Anti-Money Laundering Experts:

Are you surprised to hear this type of expertise exists? Money laundering experts may have a background in forensic accounting, financial fraud, banking, and banking compliance. Again, there was a charge of failure to file reports of foreign bank and financial accounts. Failure to report these accounts might be a compliance issue. The prosecution could argue such a failure was purposeful and intended to evade reporting. Whereas, the defense may contend failure to report was accidental or negligent. We expect to see both sides presenting expert evidence on financial transactions and reporting.

Computer/ Digital Forensics:

Nothing in the counts of the indictment specify a digital forensics expert will be necessary. We are assuming that many of the financial transactions were done electronically and therefore attributing the transactions to the defendants may require electronic discovery and other digital forensic investigation / analysis.

This list should not be viewed as exhaustive. Looking at the counts in the indictment, it appears the upcoming case will be heavily litigated on financial matters. Going forward, we will look for news items related to forensic accounting and inform our readers as we know more.

Computer ForensicsComputer SecurityComputers

Computer Safety and Security Articles

on September 15, 2010

CYBER ABUSE, CYBER CRIME

By: Richard Albee
DataChasers, Inc.
Tel: 877-DataExam (877-328-2392)
Website: www.DATACHASERS.COM

The Internet is a vast universe of discovery, with items of interest for everyone–regardless of your particular curiosity. Unfortunately, this availability often leads to abuse, and sometimes to crime. But, not unlike adolescent discovery, the steps to cybercrime are achieved in stages.

The first stage is availability

Without access to the Internet the potential for abuse becomes a moot point. It was common, several years ago, to simply advise employers against allowing employees access to the Internet; this is no longer practical. Internet access is an integral part of many businesses, and certainly a part of everyday life…
Read the Entire Article

DataChasers, Inc., is a select, exclusive computer forensics and e-discovery company. Our examiners find the evidence, interpret it, evaluate its importance, and articulate those facts to a jury. Computer forensics and e-discovery is our only business, and we welcome your inquiries about the process, or our procedures.

____________________________________________________________________________________________

CSI COMPUTER FORENSICS – Real Cases From Burgess Forensics #9 – The Case of the Teacher and the Trickster

By: Steven G. Burgess
Tel: (866) 345-3345
Website: www.BurgessForensics.com

The stories are true; the names and places have been changed to protect the potentially guilty.

It was a grey October day, the kind of day when a guy likes to cozy up next to a bank of servers to keep warm, when the Teacher first called me. “They think I’m nuts” were the words emanating from the phone. Well, just because you’re paranoid doesn’t mean they’re not out to get you. I sat up and went to my desk, away from the noisy fans cooling off all those Gigahertzes. “What’s the problem, Miss?”

The young woman explained that she was a not-yet-tenured teacher in a New England (greyer there than here) high school with a problem. Seems that a student in one of her classes was repeating things in the classroom that she had uttered only the night before in the apparently illusory privacy of her own living room…
Read the Entire Article

Steve Burgess is a freelance technology writer, a practicing computer forensics specialist as the principal of Burgess Forensics, and a contributor to the just released Scientific Evidence in Civil and Criminal Cases, 5th Edition by Moenssens, et al.

Read More Articles on Computer Forensics