The public and private sectors are equally struggling with cyber security issues. Despite the development of innovative problem-solving technologies and systems, many small, medium, and large companies are still at great risk of a cyber attack. The government cannot regulate these attacks without proper access to business information and the private sector needs government aggregation of widespread data. What is the true value of information sharing and how can cyber insurance greatly assist in this process of creating better cyber security?
In this episode of In-House Legal, Randy Milch interviews Peter Beshar, executive vice president and general counsel of Marsh & McLennan, about his path to becoming general counsel and how businesses should approach the issue of cyber security. Beshar started at Marsh & McLennan immediately after a civil action was filed against them by Attorney General Eliot Spitzer in 2004. He discusses how he dealt with being a new general counsel at a business in crisis. With stocks down, ratings down, and clients, banks, and employees upset, he learned to be relentlessly positive and to make strong decisions. General counsel and in-house lawyers alike can benefit from his knowledge and experience.
After the break, Beshar discusses cyber security risks and how they affect the private and public sectors. He explains Enterprise Risk Management (ERM): technological innovations coupled with cyber insurance which drives and modifies people’s behavior. Additionally, he says, the government should interact with private businesses to share cyber threat indicators and provide widespread information about preventing cyber attacks. The issue of cyber risks is incredibly prevalent in businesses of any size today, and it is important that we create long-lasting systems for preventative measures.
Peter Beshar is the executive vice president and general counsel of Marsh & McLennan Companies, Inc. He has a wealth of experience as a public servant, as a prominent big law firm litigator, and as general counsel for a global enterprise. Beshar is widely known for his experience with cyber risk insurance.
Joe Looby recently released his documentary The Decade of Discovery about the United States versus Philip Morris tobacco lawsuit in the early 2000s and email e-discovery issues. The film also discusses the emergence of the Sedona Conference as a think tank and forum for discussion about cooperation in e-discovery. Many prominent federal judges were interviewed about the issues with open government and record keeping. Also in the documentary, Jason R. Baron, Esq. talks about open government, record keeping at the White House, and how the e-discovery issues played out in the lawsuit. We are beginning to wonder, in this world of big data, how are we dealing with information governance, specifically within issues of open government and data security?
In this episode of Digital Detectives, Sharon Nelson and John Simek interview Jason Baron about information governance, dark data, open government, and his role in The Decade of Discovery. Baron talks about the increasing amount of electronic data affecting the Freedom of Information Act (FOIA) and the discussion e-discovery experts need to have about providing public access to government records. There is a mandate, he explains, that after 2019, all federal agencies must provide all of their permanent records to the archives in electronic or digital form. Because of this, systems and sophisticated softwares will be required to properly filter and provide access to the data. Baron also discusses information governance as a whole, including privacy, security, discovery, and management, and the need for a Chief Information Governance Officer (CIGO) going into the future. He concludes by praising Richard Braman, a leader in the e-discovery industry, for founding the Sedona Conference and creating the Cooperation Proclamation.
Jason R. Baron, Esq. serves as Of Counsel at Drinker Biddle Reath LLP in their Information Governance and eDiscovery Group in Washington DC. He is Co-Chair of the Information Governance Initiative, is currently Chair-elect of the DC Bar Litigation Section E-Discovery Committee, and is an adjunct faculty member at the University of Maryland. His 34 years of public service include serving as a trial lawyer and senior counsel at the US Department of Justice and as the first Director of Litigation at the US National Archives and Records Administration. An internationally recognized speaker and writer on the subject of electronic records, Mr. Baron has been recognized by The American Lawyer magazine as a “trailblazer” in e-discovery in its August 2013 issue of “The Top 50 Big Law Innovators of the Past 50 Years.” He was the 2013 recipient of the Federal Bar Association’s Justice Tom C. Clark Outstanding Government Lawyer award.
In November of 2014, hackers infiltrated Sony’s computer network lifting terabytes of corporate data, human resources information, internal intel, films, corporate emails, and other valuable information. This led the corporate world to question how protected we really are from cyber attacks. In the 1990’s, the only computer issue was viruses, but the attack vectors have since changed. Companies and individuals are now subject to spear phishing, spyware attacks, malware, drive-by downloads, and browsers. What steps are now necessary to keep hackers from accessing your valuable data? And on a separate but equally interesting subject for lawyers, who really was behind the Sony attack?
In this episode of Digital Detectives, hosts Sharon Nelson and John Simek analyze the progression of data security over time, look into data loss prevention steps, and consider each potential suspect of the Sony hack. Nelson describes the internet security suites that have been developed to include protection from all different types of attacks. However, she explains, these security systems are unlikely to keep out a sophisticated and determined hacker who is specifically targeting a corporation, law firm, or individual. The newer systems simply try to detect the infiltration and respond to it, observing what data is compromised and trying to identify the hacker. Simek explains several systems that are being used for security including data loss prevention, intrusion detection, and Security Information and Event Management (SIEM) products which correlate data to figure out what’s normal.
Nelson and Simek then go on to analyze why Sony was attacked and who may have done it. The hosts explain security blogger Bruce Schneier’s theories on the suspects ranging from an official North Korean military operation to a disgruntled ex-employee. Listen to the podcast to hear the hosts’ strong case for who they think the hacker was. Nelson also reviews Sony’s reaction to the security attack. Stay tuned until the end for the NSA’s rumored ability to create a cyber defense system and the international implications of an automated cyber attack response.
On the coattails of presidential support and possible regulations from the Federal Communications Commission, Net Neutrality makes its way back into public debate. Proponents claim it will keep the internet a level playing field while opponents believe the opposite. One side worries about oppressive corporations while the other is concerned about oppressive government. Not surprisingly, opinions for or against tend to follow political party lines. On this episode of Lawyer 2 Lawyer, host J. Craig Williams interviews Chris Fedeli from Judicial Watch and Professor Jonathan Askin from Brooklyn Law School. Together they discuss the meaning of net neutrality, the pros and cons of regulating, and what it takes to keep the internet innovative. Tune in to hear about free market principles, consumer protection, and data packet discrimination.
Chris Fedeli is a senior attorney with Judicial Watch where he has litigated multiple cases in state and federal courts concerning election integrity, ballot initiatives and referendums, and government transparency. Prior to joining Judicial Watch, Fedeli was a senior associate at Davis Wright Tremaine in Washington D.C., where he represented clients in communications law litigation and regulatory proceedings. In 2009, the ABA’s Communications Lawyer published Fedeli’s article criticizing the FCC for its net neutrality regulations, which have since been overturned twice by the DC Circuit.
Professor Jonathan Askin is a professor at Brooklyn Law School where he teaches technology, telecommunications, and entrepreneurial law and policy. He is also the Founder of the Brooklyn Law Incubator & Policy Clinic, which represents internet, new media, communications and other tech entrepreneurs on business development, policy advocacy, and law reform. During the 2008 Presidential Election, Askin chaired the Internet Governance Working Group for the 2008 Obama Presidential Campaign.
When an organization or business suddenly finds itself in the middle of a civil litigation case, it is often overwhelmed with discovery requests. Most companies don’t have the tools or processes in place to deal with collection and data preservation and encounter expensive and time-consuming issues when responding to requests for information. What is a legal hold, would your organization be able to initiate a defensible legal hold, and when can data be confidently deleted again? It is very important to understand the discovery process and implement and enforce effective systems for data preservation now in order to reduce future costs of potential litigation.
In this episode of ESI Report, Michelle Lang interviews experienced e-discovery expert Cathleen Peterson about why data preservation is crucial to the discovery process, how to create a defensible legal hold, how to take account for emerging technologies, and when it is ok to delete data. Peterson explains that the fundamental challenge of data preservation is balancing the burden and the benefit. Failure to preserve means trying to recreate access to the data, an incredibly expensive and time-consuming process that raises questions about the effectiveness of the council or credibility of the client. Alternatively, well-preserved data can facilitate a well-managed litigation, control costs, result in an outcome that serves the client, and create the least disruptive litigation flow. A legal hold, Peterson explains, involves giving all potential parties who may have relevant evidence notice that litigation is in existence or anticipated. This includes employees, third parties, the IT department, or any person who may have accessed the information. She discusses how organizations need to implement a data governance system, enforce it across the organization, and update it yearly to account for changes in technology. Once the case is dismissed, the legal hold should be formally lifted and the data deleted so that future cases are not complicated by old data.
Peterson is a senior vice president at Kroll Ontrack, where she leads the consulting and advanced review services teams. She was the Legal Director at Orrick, Herrington & Sutcliffe and councel at WilmerHale. Cathleen has deep experience in all-things ediscovery, including records management, collection and preservation strategies, technology assisted review, and regulatory compliance.
“A cyber attack on the World Trade Center would be 10 times more financially damaging than the 2001 attack.” Data breaches like the ones at Target, JP Morgan, and Home Depot have recently been all over the news and are usually organized by hackers working towards financial gain. But there is cyber war happening with military and political objectives with potentially far more damaging results. Cyber terrorists and militaries have already developed technologies that are able to hack into important data systems, destroy critical infrastructure, and take down crucial things like power grids and financial systems. If this does not scare you, you should know that there are almost no direct laws that deal with the ramifications of cyber attacks, the contractors who built the failing technology, or innocent bystanders.
On this episode of Digital Detectives, Sharon Nelson and John Simek interview cybersecurity expert David Bodenheimer about the effects of cyber attacks, whether they are likely to proliferate, the connection between the private sector and government defense, and the legal risks to contractors and bystanders. Bodenheimer first explains how economic cyber crimes are different than cyber war, and gives some examples like the US cyber security threat in 2009, the 2007 cyberattacks on Estonia, and Stuxnet, a computer worm that destroyed many control systems in Iranian nuclear plants. He explains that there is a global cyber race and, in a few years, no self-respecting military will be without cyber attack capabilities. Unfortunately, there are no international treaties or laws that directly govern cyber weapons and war. Bodenheimer also discusses US laws that federal agencies and contractors could face to account for damages. These could include the DHS SAFETY Act, Public Law 85-804, and various legislative proposals, but there is no clean fit.
David Bodenheimer is a Government Contracts partner and litigator heading Crowell & Moring’s Homeland Security practice. David has 32 years of experience in doing business with the government. He has represented Fortune 500 companies in cyber disputes with federal agencies, advised on security compliance and cloud standards, and handled a broad spectrum of cybersecurity and privacy issues in the public sector.
Discovery, as all lawyers know, is the process of collecting and exchanging information about the court case to prepare for the trial. Traditionally, this was done by many lawyers over countless billable hours in which every page of potential evidence was examined for important information. Because of this, the more information existed in reference to a case, the more expensive the case was. As technology developed, law firms began using computers to do keyword searches and conceptual searches. Unfortunately, there were problems including picking the right keywords or concepts, misspelled words, how to structure the items, and that these searches only yielded 20% of important data. Recently, technology has advanced to predictive coding, or teaching a computer program to think like a lawyer would. But how cost effective and practical is predictive coding, and how well does it actually work?
In this episode of The Digital Detectives, Sharon Nelson and John Simekdiscuss the evolution of technology and case discovery, how predictive coding works and is priced, and examples of cases that have involved predictive coding. Simek first explains the importance of culling, or filtering out unimportant data sets through DeNISTing, deduping, or filtering by dates. He then explains predictive coding in its simplicity: to feed a computer program information based on discovery attorneys have already done until the computer can accurately predict which information is important. Simek and Nelson then go on to examine the prices vendors charge for the predictive coding process and in which cases it might be profitable for the law firm or client. There is a steep, expensive learning curve involved; many mid-sized law firms probably will not profit and even very large cases only save an average of 15% using predictive coding. However, Nelson explains, predictive coding is the future of discovery, so it is important for lawyers to pay attention to when the benefits outweigh the costs.
Nelson concludes the podcast by giving examples of when predictive coding has already appeared in court cases. The landmark case was Da Silva Moore v. Publicis Groupe, in which Magistrate Judge Andrew Peck allowed predictive coding to be used as long as the defense and prosecution agree to its use, there are a large volume of documents, it is the superior technology, it is more cost effective, and it is transparent and defensible. Inevitably, the conclusion is that it is not for the judge to micromanage the discovery process.
There has recently been an increase in virtualization of law practices and the rate at which firms are beginning to adopt internet-based technology solutions. There are significant advantages attached to those programs including mobility, flexibility, ease of installation and management, and decreased setup cost. But most lawyers don’t know what a virtual office entails, are wary of trusting a remote server, or worry about the security of working through a browser. What is virtualization, how does it apply to law firms, and why should lawyers be adopting this new technology now?
On this episode of The Legal Toolkit, Jared Correia interviews AbacusLaw CEO Alessandra Lezama about cloud-based case management systems and why lawyers should virtualize their firms. Lezama explains the difference between desktop as a service (DaaS) and software as a service (SaaS), the benefits of virtualization, and how to choose a company to help with this process. The encrypted remote servers should have geographic redundancy, regular and thorough security audits, and have local data centers. Lezama points out that lawyers are hesitant towards virtualization due to anxiety of the unknown or lack of time, resources, or knowledge but they must adopt new technology as a matter of ethical compliance. Because there are so many intricacies to this process, many lawyers do not know where to start. Lezama encourages attorneys to invest time, perform due diligence, and seek a good partner to help guide the process. In the long run, the relief of IT burden will more than pay off.
Alessandra Lezama is the chief executive officer of Abacus, a legal technology solution company that designs, installs, and manages virtual practice systems. Before joining Abacus, she was chairman of the board and chief executive officer of two Blackthorn Investment Fund companies, chief operating officer and CEO at American Internet Services, and has held key leadership roles in sales, marketing, and operations for Comsat International.
Despite all the attention that e-discovery has received over the last decade, it is still a relatively new part of the litigation process. For those lawyers who were never exposed to e-discovery in law school or their formative years of practice, the systems and products involving data collection and analysis can be overwhelming and complex. How much do lawyers need to know about information governance, data collection, data analysis, managed document review, and electronically stored information (ESI)? Alternately, for those practitioners who are already intricately involved in the culling and analysis, how is the technology and process changing?
In this episode of Digital Detectives, Sharon Nelson and John Simek interview e-discovery solutions expert Aaron Lawlor about what is involved with ESI and data collection, current trends in data analysis, and future advances in technology and process. Lawlor urges every litigator to become experienced with the state and federal rules involving e-discovery in order to better serve their clients. He explains the process of researching key players in the case and then collecting, analyzing, and refining their relevant data. In order to facilitate this process, lawyers and data collectors narrow the data set early by a process of visualizing connections and communication mapping. It is important, Lawlor says, for every lawyer to become familiar with e-discovery and data reduction strategies, since they are such significant drivers of litigation costs and outcomes.
Aaron Lawlor is the senior director of Global Legal Solutions at UnitedLex Corporation. He has spent the past decade addressing his clients’ e-discovery needs, first as an attorney at an Am Law 100 firm, then as the cofounder of a boutique consulting and managed document review company. His company was acquired by UnitedLex in 2013 and, in his current role, he partners with in-house and outside counsel to implement value-driven e-discovery solutions.
While preparing for a trial, gathering documents for a transaction, or simply running errands, most lawyers face each day with an overwhelming number of things to get done. From simply remembering them all to putting the list into proper priorities, every legal professional could use some help. How can technology play a role in bringing the list of to-dos under control? What are some questions lawyers should ask when choosing a to-do task management tool?
In this episode of the Kennedy-Mighell Report, Dennis Kennedy and Tom Mighell discuss taming the to-do list, their own approaches to using technology to help with task management, and questions every lawyer should ask when looking for a management tool to suit their needs. Kennedy shapes his list management around David Allen’s “Getting Things Done,” a system which allows him to see his weekly calendar as a big picture and sort priorities to avoid being overwhelmed by the enormous list of projects. Mighell says lawyers should watch for eight essential functions when looking for the right task manager:
Available on Multiple Platforms
Ease of Entry
Assign Priority Levels
Notes and Attachments
Ability to Share Task Lists
He recommends every lawyer weigh the importance of each of these before choosing a task management tool. Both @DennisKennedy and @TomMighell stress that this is a personal choice and ask the listeners for feedback on the to-do technologies they like best. After the break, Kennedy and Mighell discuss the recent tech news story about Russian cybercriminals accumulating a hoard of more than a billion user passwords. They examine whether lawyers should be worried about this data breach, and what they should do to protect their online accounts. As always, stay tuned for Parting Shots, that one tip, website, or observation that you can use the second the podcast ends.