cyberforensic policy drivers how public policy drivers converge through deployment of cyber...
TRANSCRIPT
CyberForensic Policy DriversCyberForensic Policy Drivers
How Public Policy Drivers How Public Policy Drivers Converge through Deployment of Converge through Deployment of
Cyber Forensics to Balance Cyber Forensics to Balance Privacy and SecurityPrivacy and Security
John W. BagbyJohn W. Bagby
College of ISTCollege of IST
Penn StatePenn State
CyberForensic Policy ConvergenceCyberForensic Policy Convergence
Problem Statements & Policy Problem Statements & Policy QuestionsQuestions
Security & Privacy Decreasingly Security & Privacy Decreasingly Addressed Exclusively through Addressed Exclusively through Technical SolutionsTechnical Solutions• Increasingly Resolved thru Public Policy Increasingly Resolved thru Public Policy
Is Security vs. Privacy a traditional Is Security vs. Privacy a traditional trade-off/conundrum or Complement? trade-off/conundrum or Complement? • It Depends!It Depends!
What Role Does CyberForensics Play What Role Does CyberForensics Play to Resolve these Questions?to Resolve these Questions?
CyberForensic Policy ConvergenceCyberForensic Policy Convergence
Conundrum: Privacy vs. SecurityConundrum: Privacy vs. Security
Irreconcilable, Zero-Sum Tradeoff Irreconcilable, Zero-Sum Tradeoff Strong privacy rights externalities Strong privacy rights externalities
• Privacy compromises security Privacy compromises security • Intruders/terrorists enjoy Intruders/terrorists enjoy
excessive anonymity excessive anonymity Strong security requires limited Strong security requires limited
privacy privacy Intrusion/attack deterred by ltd. Intrusion/attack deterred by ltd.
privacy privacy Security enhanced with liberty Security enhanced with liberty
limitationslimitations
CyberForensic Policy ConvergenceCyberForensic Policy Convergence
Complement: Privacy w/ SecurityComplement: Privacy w/ Security
Privacy-security conundrum too simplistic Privacy-security conundrum too simplistic • Elevates law enforcement over liberty Elevates law enforcement over liberty
Liberty enables security (flight averts Liberty enables security (flight averts injury)injury)
Isolation protects prey Isolation protects prey • self-imposed seclusion & anonymity self-imposed seclusion & anonymity
Privacy diminished w/ insecure PII Privacy diminished w/ insecure PII • History of predator misuse of public databasesHistory of predator misuse of public databases• Social Engineering, e.g., pretexting, Social Engineering, e.g., pretexting,
impersonation, impersonation,
CyberForensic Policy ConvergenceCyberForensic Policy Convergence
Hand/Posner/Bagby ModelHand/Posner/Bagby Model
Is their a trade offbetween
Privacy & Security?
Privacy
Security
CyberForensic Policy ConvergenceCyberForensic Policy Convergence
Hand/Posner/Bagby ModelHand/Posner/Bagby Model
Is their a trade offbetween
Privacy & Security?
Privacy
Security
CyberForensic Policy ConvergenceCyberForensic Policy Convergence
Law & Economics of Intrusions into Law & Economics of Intrusions into Personally Identifiable Info (PII)Personally Identifiable Info (PII)
Prof. (Judge) Posner’s model would protect Prof. (Judge) Posner’s model would protect privacy or permit intrusion for search & privacy or permit intrusion for search & seizure depending on a seizure depending on a balancingbalancing of: of:
1.1. UsefulnessUsefulness to society of PII acquired from the to society of PII acquired from the intrusion intrusion
2.2. RepugnanceRepugnance of the intrusion of the intrusion
Applied to Judge Hand’s formula: Applied to Judge Hand’s formula: Protect Privacy if Protect Privacy if B>P*LB>P*L Intrude on Privacy if Intrude on Privacy if B<P*LB<P*L
B=intrusion costs; P=probability of discovering B=intrusion costs; P=probability of discovering useful info; L=societal losses useful info; L=societal losses
CyberForensic Policy ConvergenceCyberForensic Policy Convergence
Regulation of Private Data Regulation of Private Data Management Management
Fundamental Architecture & Fundamental Architecture & Mechanics of Private Data Activities Mechanics of Private Data Activities
PII Distribution Chain of Custody & PII Distribution Chain of Custody & Data Management Sequence: Data Management Sequence:
1.1. Data AcquisitionData Acquisition
2.2. Information Analysis Information Analysis
3.3. Use of Knowledge Use of Knowledge
CyberForensic Policy ConvergenceCyberForensic Policy Convergence
PII Supply Chain: Custody & PII Supply Chain: Custody & Data ManagementData Management
Activity Occurs & Subject Individual is Identifiable
Data Collection: Sensing, Observation Capture
Data Storage: Made Available
Data Analysis Association Aggregation Organization Interpretation
Direct Use: by Data Manager
Secondary Use: PII Sold or Shared with 3d Party
CyberForensic Policy ConvergenceCyberForensic Policy Convergence
Fair Information Practice PrinciplesFair Information Practice Principles Origin: 1973 HEW Advisory Com. Rpt.Origin: 1973 HEW Advisory Com. Rpt.1.1. Notice and/or Awareness Notice and/or Awareness 2.2. Choice and/or Consent Choice and/or Consent 3.3. Access and/or Participation Access and/or Participation 4.4. Integrity and/or Security Integrity and/or Security 5.5. Enforcement and/or Redress Enforcement and/or Redress Spreading throughout government Spreading throughout government
regulations and into self-regulation regulations and into self-regulation • Actively opposed by most of data industry, Actively opposed by most of data industry,
much of law enforcement, many in counter-much of law enforcement, many in counter-terrorism/security because …terrorism/security because …
Underlies the EU Private Data Directive Underlies the EU Private Data Directive
CyberForensic Policy ConvergenceCyberForensic Policy Convergence
Integrity and/or SecurityIntegrity and/or Security
Collector/Archiver/CustodiansCollector/Archiver/Custodians• Reasonable steps to assure accuracy of PII Reasonable steps to assure accuracy of PII • Administrative & technical security Administrative & technical security
measures measures Standards: Standards:
• Prevent unauthorized access Prevent unauthorized access • Prevent unauthorized disclosurePrevent unauthorized disclosure• Prevent destruction Prevent destruction • Prevent misuse Prevent misuse
Relationship to Internal Control as Relationship to Internal Control as Component of Data Security/IAComponent of Data Security/IA
CyberForensic Policy ConvergenceCyberForensic Policy Convergence
Enforcement and/or RedressEnforcement and/or Redress
Mechanism(s) of Privacy Practices Mechanism(s) of Privacy Practices EnforcementEnforcement
Self-regulationSelf-regulation StandardsStandards Private rights of action Private rights of action Regulatory enforcement Regulatory enforcement Criminal SanctionsCriminal Sanctions Market DisciplineMarket Discipline
CyberForensic Policy ConvergenceCyberForensic Policy Convergence
Sources of Privacy Law Sources of Privacy Law Constitutional Rights Constitutional Rights
• 11stst, 3, 3rdrd, 4, 4thth, 5, 5thth, 6, 6thth, 9, 9thth, 10, 10thth, 14, 14thth Amendments Amendments TortsTorts
• Appropriation, private facts, intrusion, false lightAppropriation, private facts, intrusion, false light Property Rights Property Rights
• Information is property Information is property Protective Regulations Protective Regulations
• Children, Financial, Workplace, Health, TeleCom Children, Financial, Workplace, Health, TeleCom Contract Contract
• NDAs, website policies, privileges NDAs, website policies, privileges Criminal Procedure Criminal Procedure Intelligence Reform & National SecurityIntelligence Reform & National Security International Law (e.g., EU) International Law (e.g., EU)
CyberForensic Policy ConvergenceCyberForensic Policy Convergence
US Privacy Law is SectoralUS Privacy Law is Sectoral
US is US is sectoralsectoral: : narrowly drawn to particular narrowly drawn to particular
government methods & industry sectorsgovernment methods & industry sectors
• Enacted following experience with activities that the Enacted following experience with activities that the
public finds abusivepublic finds abusive
• Financial services further sectioned by G/L/B FFRFinancial services further sectioned by G/L/B FFR
EU is EU is omnibusomnibus: comprehensive & uniform : comprehensive & uniform
covering most industries & governments, strong covering most industries & governments, strong
privacy rightsprivacy rights
• Sets fundamental policy for individuals Sets fundamental policy for individuals
CyberForensic Policy ConvergenceCyberForensic Policy Convergence
Multiple Internal Control Multiple Internal Control Imperatives Imperatives
Government & Market Pressures for Government & Market Pressures for Information Assurance (IA) Controls are Information Assurance (IA) Controls are Generally ConsistentGenerally Consistent• Reinforcing - Not ConflictingReinforcing - Not Conflicting• Considerable Persistent Unawareness Considerable Persistent Unawareness
Opposition to Control Confluence & Opposition to Control Confluence & Harmonization Harmonization • Results are Wasteful Duplications, Results are Wasteful Duplications,
Unfortunate Opportunity Costs & Advocacy Unfortunate Opportunity Costs & Advocacy Harmful to Sound PolicyHarmful to Sound Policy
CyberForensic Policy ConvergenceCyberForensic Policy Convergence
Four Drivers of Internal ControlFour Drivers of Internal Control
1.1. Sarbanes-Oxley Internal Control RegimeSarbanes-Oxley Internal Control Regime• Particularly SOX §302 & §404 Particularly SOX §302 & §404
2.2. Data Security Requirements under Data Security Requirements under Various Privacy Laws Various Privacy Laws
3.3. Trade Secrecy Trade Secrecy 4.4. National Security, Cyber-Terrorism & National Security, Cyber-Terrorism &
Counter-Terrorism Duties Counter-Terrorism Duties Others: sectoral regulations, fiduciary duties, Others: sectoral regulations, fiduciary duties,
contractual requirements, standards …contractual requirements, standards …
CyberForensic Policy ConvergenceCyberForensic Policy Convergence
•CPA•FAS
InternalControls
•Books•Record-keeping
•Financials•Market Integrity
Investors
USA Patriot
SecurityInfra-
structureNat’l
SecurityPeople
Institutions
GLB, HIPPAState laws, etc.
Security PII Privacy Subject Individuals
•Rest & UTSA•Caselaw
•EEA
Reasonable Secrecy
IPTradeSecrets SH
Impetus Control device
Objects Underlying (In)tangible
Protected Beneficiary
Comparison Framework: Internal ControlComparison Framework: Internal Control
CyberForensic Policy ConvergenceCyberForensic Policy Convergence
SOX Externalities: SOX Externalities: Other Impacted EntitiesOther Impacted Entities
Publicly-Traded Companies in 3 tiers: Publicly-Traded Companies in 3 tiers: • Accelerated ($75 mil float), non-accelerated, foreign cos Accelerated ($75 mil float), non-accelerated, foreign cos
Closely-Held Companies Closely-Held Companies Government Agencies Government Agencies Educational InstitutionsEducational Institutions Nor-for-Profits, SROs, NGOs Nor-for-Profits, SROs, NGOs
• Critical Infrastructure AuthoritiesCritical Infrastructure Authorities And of nearly all of these entities: And of nearly all of these entities:
• Suppliers, ASPs, Software Vendors, Network Providers, Suppliers, ASPs, Software Vendors, Network Providers, Consultants, Auditors, Employees, CIOs, CFOs, CSOs … Consultants, Auditors, Employees, CIOs, CFOs, CSOs …
• SAS 70: Service Organizations (Outsourcing, Offshoring)SAS 70: Service Organizations (Outsourcing, Offshoring)
CyberForensic Policy ConvergenceCyberForensic Policy Convergence
Externalizing SOX’s Impact Externalizing SOX’s Impact Apply Audit-firm Specific Practices to allApply Audit-firm Specific Practices to all IT & Service Provider General Practices IT & Service Provider General Practices Directors Bring form other BoardsDirectors Bring form other Boards D&O Insurance best practicesD&O Insurance best practices Suppliers/Customers- SAS 70 Suppliers/Customers- SAS 70 CxO’s- information sharing, professionalismCxO’s- information sharing, professionalism New Laws Forthcoming New Laws Forthcoming
• EX: Not-for-profits EX: Not-for-profits • Sectoral control standards resembling SOXSectoral control standards resembling SOX
CyberForensic Policy ConvergenceCyberForensic Policy Convergence
Internal Control RegimeInternal Control Regime
Pre-FCPA Pre-FCPA • Reasonable prudence to safeguard assetsReasonable prudence to safeguard assets• Accounting & Auditing StandardsAccounting & Auditing Standards
Foreign Corrupt Practices Act (FCPA)Foreign Corrupt Practices Act (FCPA)• §13(b)(2)(B) §13(b)(2)(B)
Treadway Commission (COSO)Treadway Commission (COSO)• Management ReportManagement Report
Sarbanes-Oxley (SOX, SourBox) Sarbanes-Oxley (SOX, SourBox) • §§302, 404§§302, 404
CyberForensic Policy ConvergenceCyberForensic Policy Convergence
Privacy Security DutiesPrivacy Security Duties
GLBGLB HIPAAHIPAA State LawsState Laws
• CA’s S.1386CA’s S.1386 International LawInternational Law
• EU Data Protection DirectiveEU Data Protection Directive
CyberForensic Policy ConvergenceCyberForensic Policy Convergence
Trade SecrecyTrade Secrecy Valuable Intellectual Property under Valuable Intellectual Property under
laws:laws:• Common Law & Rest. of Torts §757 & Common Law & Rest. of Torts §757 &
§758§758• Uniform Trade Secrets ActUniform Trade Secrets Act• Economic Espionage Act 1996Economic Espionage Act 1996
Generally Requires:Generally Requires:• InformationInformation• Reasonable Secrecy EffortsReasonable Secrecy Efforts• Independent Economical ValueIndependent Economical Value
CyberForensic Policy ConvergenceCyberForensic Policy Convergence
Internal Control Valuation MethodsInternal Control Valuation Methods
Discounted Cash FlowDiscounted Cash Flow Options ValuationOptions Valuation Money Damages: Money Damages:
• Economic vs. non-economic; compensatory; Economic vs. non-economic; compensatory; special/consequential; lost profits; punitives special/consequential; lost profits; punitives
Scoring Methods, ordinal rankings …Scoring Methods, ordinal rankings … Actuarial, Stochastic, EmpiricalActuarial, Stochastic, Empirical Decision AnalysisDecision Analysis Game TheoreticGame Theoretic
CyberForensic Policy ConvergenceCyberForensic Policy Convergence
Internal Control Valuation MethodsInternal Control Valuation Methods
Heurestic TechniquesHeurestic Techniques Best Practices &/or Professional Duties, Best Practices &/or Professional Duties,
Reasonably Prudent Functional Reasonably Prudent Functional ManagementManagement
Market Impact: event study, security Market Impact: event study, security pricesprices
Information Markets: personal stakes Information Markets: personal stakes consensus estimation pools – the “G”-wordconsensus estimation pools – the “G”-word
SimulationSimulation MaterialityMateriality
CyberForensic Policy ConvergenceCyberForensic Policy Convergence
Links Among SOX, T/S, Privacy, Links Among SOX, T/S, Privacy, National SecurityNational Security
Legal duties for securing financial Legal duties for securing financial information are fragmentedinformation are fragmented• Would be less costly if harmonizedWould be less costly if harmonized
PIFI links to various financial accountsPIFI links to various financial accounts• ReceivablesReceivables• Banking-customer transaction “experience” Banking-customer transaction “experience”
infoinfo• Payables & LiabilitiesPayables & Liabilities• Consumer creditConsumer credit• Wholesale EFTWholesale EFT
CyberForensic Policy ConvergenceCyberForensic Policy Convergence
Links Among SOX, T/S, Privacy, Links Among SOX, T/S, Privacy, National SecurityNational Security
ID Theft ID Theft • Costs: $800 avg. to cleanse, opportunityCosts: $800 avg. to cleanse, opportunity• SSN conversion costsSSN conversion costs• Quick financing requires robust PIFI Indus.Quick financing requires robust PIFI Indus.• Financial mgmt methods are T/S (BMP)Financial mgmt methods are T/S (BMP)
Vulnerabilities to terrorist financingVulnerabilities to terrorist financing Financial System is THE Key infrastructureFinancial System is THE Key infrastructure
• Maintains national economic securityMaintains national economic security• WTC attack was symbolic, physical target of WTC attack was symbolic, physical target of
financial systemfinancial system
CyberForensic Policy ConvergenceCyberForensic Policy Convergence
Links Among SOX, T/S, Privacy, Links Among SOX, T/S, Privacy, National SecurityNational Security
Trade secrets include: Trade secrets include: • Customer lists, Market opportunities, Customer lists, Market opportunities,
Financial event history, Data broker PIFI Financial event history, Data broker PIFI datadata
HIPPAHIPPA• PIFI links to healthcare payment, PIFI links to healthcare payment,
billings, PII, credit cards, ssn, Insurance: billings, PII, credit cards, ssn, Insurance: private & Medicare/Medicaid, ER write-private & Medicare/Medicaid, ER write-offs/overhead & grants offs/overhead & grants
CyberForensic Policy ConvergenceCyberForensic Policy Convergence
U.S. v. GibsonU.S. v. Gibson (W.D.Wa.8.19.04) (W.D.Wa.8.19.04) NO. CR04-0374RSM, 2004 U.S. Dist. LEXIS 20445NO. CR04-0374RSM, 2004 U.S. Dist. LEXIS 20445
ID Theft by technician of leukemia patient ID Theft by technician of leukemia patient during 1during 1stst bone marrow transplant @ bone marrow transplant @ Seattle Cancer Care Alliance 9.03Seattle Cancer Care Alliance 9.03
11stst HIPAA Conviction, plea bargain: HIPAA Conviction, plea bargain: • 16 mos prison & $15,000 restitution16 mos prison & $15,000 restitution
Despite U.S. Sectoral Approach, Privacy Despite U.S. Sectoral Approach, Privacy Sectors Frequently LinkedSectors Frequently Linked• Healthcare workers enabled to ID & abuse Healthcare workers enabled to ID & abuse
vulnerability, Health Ins primary payor of vulnerability, Health Ins primary payor of healthcare expensehealthcare expense
CyberForensic Policy ConvergenceCyberForensic Policy Convergence
Links Among SOX, T/S, Privacy, Links Among SOX, T/S, Privacy, National SecurityNational Security
Money Laundering Duties & ControlsMoney Laundering Duties & Controls• Protects financial services, national Protects financial services, national
security, anti-smuggling goals, terrorist security, anti-smuggling goals, terrorist financingfinancing
Private Standards for ePmts Private Standards for ePmts • VISA’s revised 6.30.05 compliance VISA’s revised 6.30.05 compliance
deadline deadline But NOT …But NOT …
EX: Coke formula on paper has weak Nat’l EX: Coke formula on paper has weak Nat’l Security link Security link
CyberForensic Policy ConvergenceCyberForensic Policy Convergence
Impact of the Reconcilation Impact of the Reconcilation
There are Synergies in Control InvestmentThere are Synergies in Control Investment SourBox benefits are long termSourBox benefits are long term Some Argue:Some Argue:
• Most low hanging (efficiency) fruit already Most low hanging (efficiency) fruit already pickedpicked
EX: JIT, supply chain, IT efficiency, outsource, finance, EX: JIT, supply chain, IT efficiency, outsource, finance, QC QC
• Now Internal Control is in the Limelight Now Internal Control is in the Limelight Lobbying to Weaken SourBox is Highly Lobbying to Weaken SourBox is Highly
Counter-productive to Privacy, Nat’l Counter-productive to Privacy, Nat’l Security & IP Security & IP
CyberForensic Policy ConvergenceCyberForensic Policy Convergence
CyberForensics is Battleground for CyberForensics is Battleground for Resolution of Privacy vs. Security ConundrumResolution of Privacy vs. Security Conundrum
Must Supply eData in Most LitigationMust Supply eData in Most Litigation Non-Responsiveness is PunishedNon-Responsiveness is Punished Ignoring “Smoking Gun” is FailureIgnoring “Smoking Gun” is Failure Venue (tribunal) often DeterminativeVenue (tribunal) often Determinative
• Criminal prosecutions, civil suits, ADR, Criminal prosecutions, civil suits, ADR, regulatory investigation/hearing, internal regulatory investigation/hearing, internal investigation, 3d party sleuthsinvestigation, 3d party sleuths
Evidence Gathering ConstraintsEvidence Gathering Constraints• Litigation hold, chain of custody, Litigation hold, chain of custody,
authentication, foundation, spoliation, authentication, foundation, spoliation, obstruction, cost balancing (obstruction, cost balancing (ZubulakeZubulake), ), adverse inference adverse inference
CyberForensic Policy ConvergenceCyberForensic Policy Convergence
Litigators’ Vision of EDDLitigators’ Vision of EDD
““As a litigator, I will tell you documents are just As a litigator, I will tell you documents are just the bane of our existence. the bane of our existence. • Never write when you can speak… Never write when you can speak… • Never speak when you can wink.”Never speak when you can wink.”† †
Could update to:Could update to:• Never email when you can writeNever email when you can write• never write when you can phonenever write when you can phone• never phone when you can meet face to facenever phone when you can meet face to face• Never speak when you can whisperNever speak when you can whisper• Never wink when its understoodNever wink when its understood
† † Statement of Jordan Eth, Statement of Jordan Eth, Sarbanes-Oxley: The Good, The Sarbanes-Oxley: The Good, The Bad, The UglyBad, The Ugly, Nov.10, 2005 panelist, hosted by the , Nov.10, 2005 panelist, hosted by the National Law Journal and Stanford Law School’s Center National Law Journal and Stanford Law School’s Center on Ethics, on Ethics, reprinted in reprinted in Nat.L.J. at p.18 (Dec.12, 2005)Nat.L.J. at p.18 (Dec.12, 2005)
CyberForensic Policy ConvergenceCyberForensic Policy Convergence
Incentives to Conceal EvidenceIncentives to Conceal Evidence Incentives of Litigating Parties to Produce Docs Incentives of Litigating Parties to Produce Docs
• All parties have a disincentive to produce incriminating All parties have a disincentive to produce incriminating documents or reveal proprietary info or strategydocuments or reveal proprietary info or strategy
• Conflicting email incentives: Conflicting email incentives: Erase if sensitive, erase to lower archiving costs, erase to Erase if sensitive, erase to lower archiving costs, erase to
avoid embarrassment, erase with higher archival costs avoid embarrassment, erase with higher archival costs Save if exculpatory, save if potentially useful against Save if exculpatory, save if potentially useful against
others, save if legitimate business purpose to use later, others, save if legitimate business purpose to use later, save if easier than implementing regular & pervasive save if easier than implementing regular & pervasive review for erasure policy under doc retention program; review for erasure policy under doc retention program; save with lower archival costs save with lower archival costs
Justice system effectiveness & fairness increases Justice system effectiveness & fairness increases with access to all facts with access to all facts • Expansive discovery arguably inefficient Expansive discovery arguably inefficient • Litigation rules, spoliation sanctions & criminal Litigation rules, spoliation sanctions & criminal
obstruction penalty risks realign incentives to retain & obstruction penalty risks realign incentives to retain & produce docsproduce docs
CyberForensic Policy ConvergenceCyberForensic Policy Convergence
The Cost of EDD in US Court Cases The Cost of EDD in US Court Cases
0
50
100
150
200
250
300
1999 2000 2001 2002
EDD
US Millions
CyberForensic Policy ConvergenceCyberForensic Policy Convergence
Consider HP’s Current DifficultiesConsider HP’s Current Difficulties
Board or other leaks framed as security leaksBoard or other leaks framed as security leaks• Unlawful security leak of truthful, exculpatory, whistle-Unlawful security leak of truthful, exculpatory, whistle-
blowing, reveal fraud or wrongdoing?blowing, reveal fraud or wrongdoing?• ““Security” excessively vague: interpret more narrowlySecurity” excessively vague: interpret more narrowly
Illegal or unethical investigatory meansIllegal or unethical investigatory means• Pretexting under G/L/B vs. telecom privacy lawsPretexting under G/L/B vs. telecom privacy laws• Internal Investigations ProliferatingInternal Investigations Proliferating• Third Party Service ProvidersThird Party Service Providers
Will their methods be imputed to principal?Will their methods be imputed to principal?
CyberForensic Policy ConvergenceCyberForensic Policy Convergence
Obstruction of Justice EX: NixonObstruction of Justice EX: Nixon Nixon investigated for Nixon investigated for
obstruction obstruction • Alleged role in cover-up of Alleged role in cover-up of
Watergate hotel break-Watergate hotel break-in,1972 re-election in,1972 re-election
• It appears he was aware It appears he was aware after the fact & planned after the fact & planned to pay hush money to pay hush money
Woods goes down in Woods goes down in history as responsible for history as responsible for erasure of 18 1/2 minutes erasure of 18 1/2 minutes of crucial evidence before of crucial evidence before transmitted to Watergate transmitted to Watergate investigators of Nixon investigators of Nixon impeachment effort impeachment effort
CyberForensic Policy ConvergenceCyberForensic Policy Convergence
Obstruction of Justice: AA/EnronObstruction of Justice: AA/Enron AA was indicted, tried, convicted for obstruction when, as AA was indicted, tried, convicted for obstruction when, as
Enron collapsed, AA re-distributed document policy & Enron collapsed, AA re-distributed document policy & employees proceeded to shred two tons of documents but employees proceeded to shred two tons of documents but conviction reversed, 9-0, but too lateconviction reversed, 9-0, but too late
“‘“‘Document retention policies,’ which are created in part to Document retention policies,’ which are created in part to keep certain information from getting into the hands of keep certain information from getting into the hands of others, including the Government, are common in business. others, including the Government, are common in business. It is, of course, not wrongful for a manager to instruct his It is, of course, not wrongful for a manager to instruct his employees to comply with a valid document retention employees to comply with a valid document retention policy under ordinary circumstances.” policy under ordinary circumstances.” Arthur Andersen LLP Arthur Andersen LLP v. USv. US, 125 S. Ct. 2129, 2135 (2005) (Rehnquist, C.J.), 125 S. Ct. 2129, 2135 (2005) (Rehnquist, C.J.)• Its OK to trigger shredding through a reminder enforcing Its OK to trigger shredding through a reminder enforcing
document retention policydocument retention policy• Not “corrupt” w/in Fed obstruction if doc destruction pursuant Not “corrupt” w/in Fed obstruction if doc destruction pursuant
valid document retention policy.valid document retention policy.
CyberForensic Policy ConvergenceCyberForensic Policy Convergence
Obstruction of Justice: Obstruction of Justice: Martha Martha
6 mos in W Va but not for insider trading6 mos in W Va but not for insider trading Instead: obstruction of justice:Instead: obstruction of justice:
• Falsifying trading & phone records Falsifying trading & phone records • Heard from friend Sam Waksal, CEO of ImcloneHeard from friend Sam Waksal, CEO of Imclone• Martha allegedly sold Imclone stock on tipMartha allegedly sold Imclone stock on tip• Falsification of documents was intended Falsification of documents was intended
merely to create an explanation for what was a merely to create an explanation for what was a suspicious tradesuspicious trade
• Martha’s actions made it more difficult to prove Martha’s actions made it more difficult to prove Waksal had also sold his stock in anticipation Waksal had also sold his stock in anticipation of negative news of the lack of FDA approval of negative news of the lack of FDA approval for Imclone's product.for Imclone's product.