Category: Security

Conflict between Ukraine and Russia, male fists - governments conflict concept
EconomicsExpert WitnessInternational TradeSecurity

Experts Weigh In on Crushing Russian Trade Sanctions

on March 22, 2022

After nearly a decade of deep-seated tension between Russia and Ukraine, Russia commenced its invasion on February 24th, 2022. According to the Wall Street Journal, the attack is “President Vladimir Putin’s most aggressive move yet to redraw the boundaries of the former Soviet Union since the end of the Cold War more than 30 years ago.” During the last two weeks, Russia has strategically strengthened its forces in four major Ukrainian cities: Kharkiv, Mariupol, Kherson, and the capital of Kyiv. Putin has also threatened Volodymyr Zelensky, Ukraine’s President, with annexation. Due to the bombings, air raids, and the Russian army pillaging the country, Ukrainian citizens are fleeing their homes seeking refuge in Poland, Hungary, Slovakia, Romania, and Moldova. NATO members have responded to this unjustified attack by imposing financial and trade sanctions against Russia. This blog post will delve into the purpose, logistics, and violation penalties of trade sanctions. Insight has been provided by Experts.com Members and International Trade Experts, Jo-Anne Daniels and Rosemary Coates.

When warfare is mentioned, people tend to imagine soldiers fighting on the battlefield or the vast array of weaponry used to defeat enemies. As the world continues to develop, the modern concept of warfare seems to become more complex and multifaceted than in previous years. Rather than physically attacking countries, world leaders can choose to affect their enemy’s economy and trade deals through sanctions. Regarding the United States, Ms. Coates notes, “Sanctions are often used when America chooses to protect sensitive technology or punish a country for violating certain laws… When sanctions are applied, licenses for export are denied to the sanctioned country and the goods may not be shipped there.” In this case, Russia’s attack on Ukraine has prompted President Biden and other international officials to order trade sanctions to denounce Putin and cripple his economy to such an extent he can no longer continue his attack.

A couple reasons explain why various NATO members like the United States, Germany, and the United Kingdom have imposed sanctions rather than use military force, even to their own disadvantage. The first reason is Russia’s influence on European trade. A statistic from the European Commission states, “The EU is Russia’s biggest trade partner, accounting for 37.3% of the country’s total trade in goods with the world in 2020.” To add, Russia accounts for 26% of the EU’s oil imports and 40% of the EU’s gas imports. A physically combative response to the invasion would be potentially disastrous considering Russia’s nuclear capacity. Sanctions are the lesser of two evils because Europe relies on Russia’s export of oil and gas. They have chosen to endure financial damage over a possible bloody war. Although the United States is not heavily reliant on Russia for trade, it has followed suit by implementing trade sanctions. Ms. Coates stated, “all trade with Russia (except food and medical supplies) is now stopped.”

Another explanation centers around Ukraine’s relationship with NATO. The North Atlantic Council acknowledged Ukraine as an Enhanced Opportunities Partner on June 12th, 2020 (NATO). Since Ukraine is a partner and not an actual member, NATO’s Collective Defense pledge, specifically Article 5 of the Washington Treaty stating “an attack against one Ally is considered an attack against all Allies,” is an inapplicable solution to the country’s plight (Washington Post). Given the Russian government’s unpredictable nature, the possibility of Article 5 being invoked will not be discounted since multiple NATO allies border both Russia and Ukraine (ABC News).

The repercussions of the Kremlin’s actions have significantly impacted the country’s economy and lifestyle to their detriment, alluding to these sanctions’ effectiveness. These sanctions catalyzed a mass exodus of multi-billion-dollar companies from Russia. These corporations include but are certainly not limited to American Airlines, General Motors, L’Oréal, Shell, John Deere, Goldman Sachs, McDonald’s, Starbucks, PepsiCo, Airbnb, Marriott International, DHL, Netflix, The Walt Disney Co., Mastercard, Pfizer, Deloitte, Amazon, Apple, and even Google (NBC News). Russian athletes are also affected by Putin’s decision to invade Ukraine. Professional tennis player, Daniil Medvedev, currently ranked No. 2 by the Association of Tennis Professionals (ATP), may have to condemn President Putin if he wants to participate in Wimbledon (CNN). Another example is Nikita Mazepin’s firing from the Formula 1 racing lineup due to his father’s connections to the Russian government (Washington Post). Various outlets have reported Russia’s occurring financial losses will take decades to recover. “It’s pretty clear that Russia will become poorer and more technologically backward, the choices for its citizens will be radically diminished and for many, many years to come,” a quote from The Hill. The Russian citizens suffer different consequences because of Putin’s actions. The hope is that they put pressure on Putin, so he decides to halt his malicious efforts to usurp Ukraine. However, that is not an easy feat in a totalitarian society. Al Jazeera confirmed Putin had arrested more than 4,300 people at Russia-wide anti-war protests. For now, sanctions will continue to be issued by the international community.

Two government agencies are responsible for establishing sanctions in the United States. The first is the Office of Foreign Assets Control of the U.S. Department of the Treasury (OFAC). OFAC deals with the authorization of economic and trade sanctions related to national security and foreign policy. The agency mainly targets any entity with a motive to antagonize the United States. OFAC releases an account of Specially Designated Nationals (SDNs) when a sanction is issued. Ms. Daniels explains SDNs are “companies owned or controlled by, or acting for or on behalf of, targeted countries.” Non-country-specific parties like narcotic traffickers and terrorists are also included in the report. For example, since Biden ordered sanctions against Russian banks and oligarchs on February 23rd, 2022, the assets of said banks and oligarchs are blocked. Any U.S. company that willingly or inadvertently conducts business with sanctioned entities will receive penalties, which will be explained in detail later in the post.

The second agency is the U.S. Department of Commerce & Bureau of Industry and Security (BIS). BIS manages U.S. export control policies for three categories: software, technology, and dual-use commodities (i.e., global positioning satellites, missiles, thermal imaging, etc.). According to Ms. Coates, “the export of technology or military items require more formal individual licenses.” As an agency also allowed to administer sanctions, BIS also releases a Consolidated Screening List (CSL) compiled of parties. The U.S. Government holds restrictions on specific exports, re-exports, and transmission of items. Ms. Daniels mentioned the BIS simultaneously issued sanctions against Russia and Belarus, allied with Russia, under the Export Administration Regulations (EAR) and licensing policies to defend U.S. national security. “Furthermore, the new BIS policy regarding the export, re-export, or transfer (in-country) of items that require a license for Russia or Belarus is under a policy of denial with certain limited exceptions. This means that if the export license is denied, the company must cease exporting its products to those countries,” Ms. Daniels stated. Although there are two agencies responsible for establishing sanctions, a third party wields this same power.

As previously mentioned, the President of the United States can also order sanctions against threatening companies, individuals, and countries. If sanctions are summoned through Executive Orders, they are established immediately. Otherwise, there will be a pause. For example, an Executive Order was made on March 8th, 2020, which banned both imports and investments with Russia. Because it continued to sabotage Ukraine’s sovereignty, the United States prohibited products such as “crude oil, petroleum fuels, oils, and products of their distillation, liquified natural gas, coal, and coal product of Russian Federation origin,” said Ms. Daniels. She adds that any written contract or agreements submitted before March 8th, 2022, will be authorized through 12:01 A.M. Eastern Daylight Time on April 22nd, 2022. According to Ms. Daniels, “The General License is available up to April 22nd, 2022, and then the Executive Order issued March 8th, 2022, takes full effect.” With the continuing invasion, NATO countries will issue sanctions to limit Putin’s efforts in undermining Ukraine’s independence.

Companies that violate OFAC and BIS regulations can be subject to civil and criminal punishment. These penalties range from paying hefty fines to serving jail time. Ms. Daniels provided examples of two different companies that have broken regulation policies for both agencies:

  • OFAC: Pennsylvania-based software company, SAP, paid $2,132,174 as a settlement for potential civil liability for 190 OFAC violations. The company was exporting software to Iran, a U.S.-sanctioned country.
  • BIS: In 2014, the Virginia-based business, Patriot 3 Inc., traded maritime jet-boots to the Russian Government Federal Guard Service without an export license. Last year, BIS charged the company for violating this rule of the Export Administration Regulations (EAR). Patriot 3 Inc. agreed to pay $200,000 as a penalty. If Patriot 3 Inc. is untimely with its settlement, the BIS will invalidate its export privileges for two years.

To avoid unintentionally breaking the law, both agencies implore businesses to be vigilant of export regulations, entities classified as SDNs, and parties on the CSL.

The full extent of economic and trade sanctions against Russia are yet to be seen. However devasting they may be, for Russia and its population, does not compare with the death and destruction that has already occurred in Ukraine. A special thank you to International Trade Experts, Jo-Anne Daniels, and Rosemary Coates for their contribution to Experts.com’s latest blog post.

Emergency ResponseExpert WitnessSecurity

Astroworld Festival: Major Event Security & Law Enforcement Expert Provides Insights

on November 16, 2021

How did the Astroworld Festival go from lively and jubilant to mass casualty event? We reached out to a security expert witness to help us understand security issues for concerts and other major events.

Last week, I began preparing to write this post involving nine individuals who attended the Astroworld Festival and lost their lives in the crush of a surging wave of festival-goers. It is not an easy topic to write about, as I want to be cognizant of the loss of life and resulting trauma experienced by family and friends. Sadly, this morning, we learned of a tenth death related to the disaster. CNN reports that a 9 year old boy, who suffered injuries at the festival, passed away in the hospital yesterday.

In writing about a tragedy of this magnitude, I have to clarify that I only do so with publicly available information that has been reported in the news. The facts may change as more information becomes available. To that end, those to whom I conduct a question and answer style blog post are also limited to publicly reported information.

Astroworld Festival Background:

According to Wikipedia, the Astroworld Festival “is an annual music festival run by American rapper Travis Scott, held in Houston, Texas, at NRG Park, near the former site of Six Flags AstroWorld. The festival was first held in November 2018.”

The festival this year was held on Friday, November 5th, 2021, at NRG Park in Houston, Texas. It has been alleged that approximately 50,000 people attended the event on November 5th, though there may have been more as the venue, NRG Park, is said to be able to house up to 200,000 attendees according to Vulture, who has done a really good job of explaining how the event unfolded.

There were indications the crowd was going to be problematic from early in the day. One ABC reporter, Mycah Hatfield, said that there was a stampede of people who burst through the gates and trampled the VIP entrance at 2:00pm.

Once Travis Scott took the stage, as Vulture describes, “all hell broke loose.” One attendee was quoted saying, “All of what is to be 50,000 people ran to the front, compressing everyone together with the little air available.” This is what I understand to be a crowd surge.

The crowd surge, compression of individuals, and trampling, all appear to have led to the result of dozens injured and now ten people deceased. As this is going to result in significant litigation, with some lawsuits already filed, I decided to get some insights on how a concert could go awry by reach out to one of our law enforcement and security experts with experience and knowledge in major event security.

Law Enforcement, Security & Premises Liability Expert Witness:

Joseph “Paul” Manley, WVTS, CCIS, Principal at Risk Mitigation Technologies, LLC, is Board Certified Workplace Violence & Threat Specialist (WVTS), a Certified Crisis Intervention Specialist (CCIS), and a Board Certified Homeland Protection Professional (CHPP).

Prior to forming Risk Mitigation Technologies, LLC, Mr. Manley served a distinguished career in law enforcement and public safety. He has over 30 years of experience in Security Management and Law Enforcement and Security consulting, including physical security, security operations, regulatory compliance, and security training. He is currently a retired Lieutenant and Executive Officer for a Massachusetts Police Department. You can learn more about his practice at: riskmitigationtechnologiesllc.com.

I asked some questions and Paul Manley provided some excellent and thorough answers to these questions. Please see our conversation below.

Nick Rishwain: We understand, from reporting, that the Astroworld investigation is highly active. How does law enforcement investigate a mass casualty event? Can you tell us a little about the processes involved in such an investigation?

Paul Manley: In an initial response to a mass casualty incident (MCI) where no criminal involvement is present, the Fire Department will have the initial Incident Command responsibility. The local fire departments are very proficient in the handling of Mass Casualty Incidents. Most fire departments hold continuous MCI drills and have extensive equipment and supplies to manage mass casualties.

There are four specific things that Law Enforcement can do to assist the fire department in their management of an MCI. These jobs in the MCI Protocol for Law Enforcement are:

  1. Crowd control
  2. Traffic control
  3. Contact coroner
  4. Criminal investigation

The initial critical decisions for the first responding law enforcement personnel at an MCI will be is this a criminal event? And are suspects still on scene?

Regardless of your first impressions of how the MCI was caused, officers should immediately begin a basic preliminary investigation during the first few minutes of the law-enforcement response.

Also, a law enforcement officer will immediately go to the Fire Command Post and accept law enforcement command duties in the Unified Command structure until relieved. This will ensure that the law enforcement Incident Commander is completely up to speed on the event if we later find out a criminal act has occurred.

The reality is mass casualty events pose unique challenges to law enforcement agencies such as securing the scene, investigating the crime, working with the media on a local and or national level, helping the victims and their families, responding to elected officials, securing critical infrastructure, and providing support to both their officers and to community members as they address the aftermath of a tragic event.

Nick Rishwain: On the security side, there appears to be an issue of the crowd surging towards the stage and trampling attendees. Is this a common concern for security at an event where there are tens of thousands of people?

Paul Manley: Crowd surges are common at large events, such as concerts or festivals. However, deadly crowd surges are not common.

Nick Rishwain: How does major event security prepare for and prevent crowd surges?

Paul Manley: Event security starts with a comprehensive threat assessment, analyzing the overall threat environments associated with the event, such as its host(s), the venue/environment, known or expected attendees, sponsors, historical events and political agendas.

Crowd surges are preventable, even at large events. It is about planning, managing, and separating the crowd, so it does not become too packed. That is what should have happened at Astroworld.

Crowd separation is crucial in preventing surges and crowd crush. Use barriers to create a channel that funnels fans smoothly into your check-in point. Place visible staff members at the start of your lines to yell directions to the crowd and ask them to have their tickets and identification ready. Venues must be organized in such a way as to prevent too many people from converging in one place. The bigger the crowd, the more likely it is that something can go wrong. Your staff needs to be comfortable with managing large groups and exerting authority when needed.

There must be enough security officers to manage the event. If it could be as simple as applying a city ordinance, state law or a defined security standard out of the ASIS Protection of Assets Manual, or even a retail crowd safety guideline from OSHA, this question would hardly be as popular of an issue. Presently there are no security standards defining the ratio of patrons to security staff. In most cases, while always blending security and safety, we should not exceed the crowd manager responsibility as per The National Fire Protection Association (NFPA 101), but should we assign 1-to-10 or 1-to-100? As with most security functions, an appropriate risk assessment is the most valid solution. The big-ticket items to consider are Crowd Control & Critical Coverage.

From news reports, we understand there were 1,283 security officers for a crowd of 50,000 people at the 2021 Astroworld Festival. They were overwhelmed at entrances earlier in the day according to the Vulture article you shared, and they were overwhelmed again when Travis Scott took the stage at around 9 p.m. The combination of overcrowding, lack of crowd separation, and not enough security officers (allegedly) had deadly consequences.

Also, crowd observers should be positioned around the perimeter of the crowd, high enough that they can spot surges or crush points. When a problem is identified, the observer alerts the performer. The performer should then pause the show until the situation is under control. The power and influence of a performer at a large venue cannot be ignored. They can help security and emergency personnel do their jobs by bringing awareness to the problem.

From a mitigation point of view, to lower the consequences of a crowd surge/rush, venue design measures could be implemented, such as the removal of obstacle and bottlenecks in crowd’s movements, which could give rise to slips, trips, and falls and, in the worst case, trampling or crowd collapses in an event space. Signage should be well visible, specifying emergency exits and general wayfinding within the event location. Also, event staff and law enforcement personnel should be highly visible to ensure they can be easily seen when giving instructions in crowed areas. Enhanced security and crowd management training should ensure staff is aware of directing spectators safely during an evacuation. (“Patron Management – Event Safety and Security Risk Update …”)

Nick Rishwain: According to this article from Vulture, it is claimed that a “mass-casualty incident” was initiated but it took 40 minutes to cancel the concert. How do security and law enforcement decide to cancel an event? Then what is the process?

Paul Manley: If a crowd is in distress, then there should be a procedure in place to immediately stop that event, at least temporarily. You should have a knowledgeable team of experts who know exactly what they are doing and can identify a crowd in distress. These stop teams are well trained, are in direct communication with the performer’s representative, lighting designer and the sound engineer who understand their role and responsibility in the event of an incident.

Nick Rishwain: We know there is an ongoing criminal investigation and lawsuits have been filed. On the civil side, is this a premises liability matter at its core?

Paul Manley: Sadly, yes, tragedies like this one do not just happen; They are preventable; they are often caused by negligence and poor planning.

Again, it has been alleged that rapper Travis Scott & Astroworld organizers ignored red flags. We also understand this is not the first time tragedy has struck an Astroworld event, nor is it the first time that Travis Scott has been involved in a performance or event that ended in violence.

From what we’ve read, this concert continued as people screamed for help. It appears some patrons even begged camera operators and security guards to stop the music to no avail. As reported, the police proclaimed a mass casualty event at 9:38 p.m. local time, just over 30 minutes after Scott started his set, but the performance did not stop until 10:15 p.m., nearly 40 minutes later. The situation appears to have gotten worse by the lack of preparation by the concert organizers. For example, allegedly there were a limited number of water stations, staggering overcrowding issues in the general admission areas, as well as the understaffed and under-resourced medical team.

If the reporting is accurate, these red flags and others that materialized earlier in the day as people stormed the security gates at the beginning of the festival, should have been enough of a warning sign that the venue either needed to improve their security coverage and response or have been canceled. However, these concerns, just like the pleas to stop the show as people were dying, appear to have been ignored.

With all of this said, I reserve the right to change my answers and analysis as more information about the tragedy is released. Also, I should say that I have not analyzed the police reports or any factual analysis on the ground which could also alter my analysis.

We thank Paul Manley for his analysis based on the publicly available information related to the Astroworld Festival. We may venture back into this matter at a later date as more of the facts are solidified and because there are such a large number of parties involved, we may require analysis from additional areas of expertise.

Computer SecurityExpert WitnessInformation & Communication TechnologySecurity

Is New Hampshire the Next Iowa Voting Disaster? Information Technology Expert Analysis

on February 7, 2020

A hastily-developed app and combined with a lack of user testing caused a ruckus in Iowa Caucus voting this week. What’s in store for New Hampshire, Super Tuesday, and beyond?

It has been an exciting week in US politics. We had a State of the Union address and an impeachment vote. A whirlwind week by any standard! Before we could even get to those two events, we started the week with an outrageous technology failure in the Iowa Democratic Caucus. For purposes of this blog post, I’m not going into the differences between a caucus and a primary. Let’s just assume they accomplish the same result: selecting a candidate for political office.

For the Iowa Democratic Party, Monday night was a disaster and then it continued into Tuesday, Wednesday… you get the idea. As I write this blog post on Friday morning, I’m not even sure if they have an official determination of who won. The news stories seem to be conflicting.

So here is what we know about the app (IowaRecorder) failure based on available reports. The Iowa Democratic Party hired a marketing technology company to build an app which would be used, statewide, to report results of local caucus votes (I’m simplifying for purposes of brevity). The app was going to be used to submit voting results. Nobody was actually voting through the app.

This first really good article I read that outlined the technology implementation failure, came from Slate. Here was a good summary from a couple of days ago:

“It’s still unclear what exactly went wrong with the app, but all of these issues appear to have something in common: The Iowa Democratic Party clearly wasn’t prepared for any possible issues with the app and a more involved method of vote reporting introduced this year—and sure enough, it reportedly turns out that the app was never tested on a statewide scale. Shadow, which is run by alumni of the Barack Obama and Hillary Clinton campaigns as well as Google, was paid $60,000 to develop the app, but it had just two months after party officials decided to abandon plans to report results over the phone.”

There’s some updated information on the failure from Motherboard, which was released yesterday (along with the app code). Below, you’ll see that they released an app that was still in beta format:

“And Instead of going through proper app store review processes conducted by Apple and Google, Shadow used beta testing platforms like Apple’s TestFlight to distribute the software so it could meet the Monday deadline. So when it came time for the app to do its most critical role — letting Democratic precinct leaders report results from Iowa on Monday — it failed in every way imaginable.”

Expert Analysis:

As I do when these major stories break, I turn to Experts.com members to get insights. You may recall Dr. Stephen Castell. Dr. Castell, Chartered Information Systems Practitioner and Member of the Expert Witness Institute, is Chairman of CASTELL Consulting. He is an internationally acknowledged Independent Computer Expert who has been involved in a wide range of computer litigation over many years.

Dr. Castell and I wrote a blog post back in 2018, regarding West Virginia’s Blockchain voting program. They are actually expanding this plan, which may necessitate a separate blog post.

Below, please find my questions and Dr. Castell’s answers (Disclaimer: these questions and answers provided on February 5th, 2020):

Nick: From available reporting, it appears the Iowa Democratic Party failed to do a statewide testing of this vote reporting application. What type of tests would have been necessary to identify errors in the system before statewide roll-out?

Dr. Castell: As other ICT professionals comment in the reports, there should be thorough systems testing and QA procedures, including User Acceptance Testing and Pilot Trials, plus scaled-up ‘soak testing’, before contemplating any real-world launch, such as this statewide roll-out. You expect to get errors in systems testing – its main purpose is to identify faults and fix them. Sadly, software systems and Apps these days do seem often to be launched publicly without adequate systems testing, let alone with adequate prior User Testing and Pilot Trials. If such standard professional QA processes were omitted, or truncated, for something as high-profile and important as an App to collect and relay voter data in the Iowa Caucus, that does appear rather astonishing.

Nick: It doesn’t appear that all of the fault lies with the app developer. It seems the Iowa Democratic Party only gave the app developer 2 months to develop and deploy this application. What sort of time-frame would you anticipate to develop, test, and implement a software of this scale?

Dr. Castell: That is difficult to estimate without more knowledge of the actual detailed Customer Requirements Specification that the developer’s App was contracted to meet. On the face of it, an App simply to in-gather voting data, aggregate and transfer it, sounds in principle like fairly straightforward functionality to code, test (at scale) and implement, and 2 months may not have been an unrealistic timescale for development, testing and deployment.

Nick: Would you expect there to be a certain level of user sophistication for those using the app on this scale? Should there have been company representatives available at caucus sites?

Dr. Castell: Reports suggest that there was little prior familiarity, let alone ‘training’, or ‘user sophistication’, with the App on the part of those expected to employ it for real, in the high-pressure, real-time Iowa Caucus conditions. Whatever the state of compliance of the App with its contractual specification – perhaps reasonably well delivered to time, budget, specification, and of suitable quality, ‘fit for purpose’ – if there was no program for adequate user familiarity and training, plus some sort of support and trouble-shooting team from the developer company at caucus sites, that alone could account for the problems encountered in statewide roll-out operation.

Nick: From what I’ve read, it looks like the company was paid $60,000 to build this application. Is there any way to gauge whether this is too little or too much for this type of application development?

Dr. Castell: Again, that is difficult to gauge without more knowledge of the actual detailed Customer Requirements Specification, and thus the likely complexity of the functionality needed, and its associated software design and coding; also, there may have been a tight budget to which the developer company was obliged to work. It is not unusual for software developers to invest in a ‘plum’ assignment such as this high-profile Iowa Caucus project, for the promotional and marketing impact that gives them in securing hopefully more lucrative and profitable development jobs later. In this case, the $60,000 could have been much less than the true cost to the developer company of the analyst, designer, coder, tester, deployer and trainer man-days expended in building and launching the App with a statewide roll-out, against a tough deadline.

Nick: What sort of testing, trials, and quality assurance requirements would you have employed prior to such an implementation?

Dr. Castell: There should ideally have been thorough systems testing and QA procedures, including User Acceptance Testing and Pilot Trials, plus scaled-up ‘soak testing’, well understood by ICT professionals, before the real-world launch of this statewide roll-out. Relevantly, I teach a Course Avoiding IT Disasters – the Expert Way, the principles of which are also covered in my seminal paper “Forensic Systems Analysis: A Methodology for Assessment and Avoidance of IT Disasters and Disputes”, issued as a Cutter Consortium Executive Report, Enterprise Risk Management & Governance Advisory Service series (Vol. 3, No. 2, March 8, 2006).

 

We cannot say that New Hampshire is next. All available information tells us that New Hampshire is not using the same company/app used in the Iowa Caucuses. Furthermore, there was talk of Nevada using the app, but they have claimed they will not move forward with the application.

That’s the end of this particular blog post. Though, we’re already in talks about another post related to voting systems.

Computer ForensicsComputer SecuritySecurity

Tesla Trade Secrets Lawsuit: Investigators & Expert Witnesses

on June 26, 2018

Did you hear about Tesla suing a former employer for stealing trade secrets?

Early last week, Tesla CEO Elon Musk emailed Tesla employees reporting another employee had done some pretty significant sabotage to the company’s manufacturing operations. According to one Ars Technica article, “In the all-hands email to Tesla staff, Musk wrote that the employee had made ‘direct code changes’ to the company’s production systems, as well as exporting ‘large amounts’ of Tesla’s data to unknown third parties.”

In the same article, Ars Technica quotes Musk’s email further, “the alleged saboteur could have been working with short sellers, oil and gas companies—whom he described as ‘sometimes not super nice’—or ‘the multitude of big gas/diesel car company competitors.’ Of this last group, Musk reminded his employees that, since the traditional OEMs have been known to cheat emissions tests, ‘maybe they’re willing to cheat in other ways.'”

Mr. Musk is not subtle in his indication that he believes the saboteur may have been working with others in a coordinated effort of corporate espionage and theft of trade secrets.

Later in the week, Tesla filed suit against a now-former-employee, Martin Tripp. We can only assume this is the employee to whom Mr. Musk referred in the earlier email, given the civil complaint allegations against Mr. Tripp. The civil complaint link is courtesy of Cyrus Farivar of Ars Technica.

The civil complaint alleges Mr. Tripp violated the Defend Trade Secrets Act and the Nevada Uniform Trade Secrets Act. Further, Tesla alleges of breach of contract, breach of fiduciary duty of loyalty, and violating the Nevada Computer Crimes Law.

To me, the interesting part was the “prayer for relief” (an absurdly arcane way of saying “this is what we want!”).  Here’s the summary. Take note of the first item:

tesla-prayer-for-relief

Section A goes hand in hand with Elon Musk’s comments indicating the saboteur may have been acting with unknown third parties. The legal action seems intended to prohibit the use of any stolen trade secrets and preventing any potential financial or competitive damage resulting from corporate espionage.

What experts played a role or may play a role?

The case being brand new (complaint filed last week), I don’t expect we’ll hear about expert witness involvement for some time. However, I do imagine some experts (working for Tesla) were involved in uncovering the alleged sabotage.

Digital Forensics, Computer Security, Corporate Security, Software, Human Resources…

We know from the complaint there are allegations that Mr. Tripp stole trade secrets from Tesla. According to the complaint, Mr. Tripp “has thus far admitted to writing software that hacked Tesla’s manufacturing operating system (MOS) and to transferring several gigabytes of Tesla data to outside entities.” To someone like me, with fairly basic coding experience, it appears Mr. Tripp was quite advanced. He was able to bypass Tesla’s internal security to install hacking software.

Mr. Tripp has not admitted, but Tesla further alleges, “he also wrote computer code to periodically export Tesla’s data off it’s network and into the hands of third parties.” This sentence alone makes me wonder why Tesla did not add potential JOHN DOES to the complaint. Nevertheless, the complaint continues, “his hacking software was operating on three separate computer systems of other individuals at Tesla so that the data would be exported even after he left the company and so that those individuals would be falsely implicated as guilty parties.” Again, I mention this is a pretty advanced thought process because Mr. Tripp had plans to cover his tracks.

Given this information, I presume Tesla’s corporate security in conjunction with their legal department had to investigate Mr. Tripp’s actions for some time before terminating his employment and filing suit.

This investigation was likely to include those with knowledge and experience in digital forensics, computer security, and hacking software. Since the investigation involved an employee, I suppose there’s a chance human resources was included in the investigation as well.

Why was the investigation likely to include this variety of individuals? Tesla had to identify the breach using digital forensics and computer security experts. After recognizing the hacking software in their system, it’s possible they would have reviewed the code to see how it breached their computer security and I assume they would be able to identify the terminals on which the code resided. Since Mr. Tripp had taken precautions to misdirect Tesla, they may have identified the three other employees as responsible parties early in the investigation, causing them to monitor those employees.

Having watched enough spy movies to pretend I know what I’m talking about, I have to imagine Tesla would want to identify the third party entities mentioned in the complaint. So, they probably allowed some data to be exported while they were monitoring the situation in an effort to identify those who may have conspired with Mr. Tripp. With my spy movie knowledge, prognostications, and five bucks, you can get a cup of coffee.

Of this, I am certain. Tesla had to use investigators familiar with protection of intellectual property and digital evidence collection. Experts listed above would have the appropriate specialization to conduct this investigation in preparation for the recent litigation.

So as the litigation develops and if it goes to trial, I will expect to see software, digital forensics, computer security, corporate security, and human resources experts and consultants assisting in discovery and preparing for trial.