Electronic Discovery

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
9 hours 59 minutes
Difficulty
Intermediate
CEU/CPE
10
Video Transcription
00:00
>> In this video, we're going to
00:00
finish off our discussion of
00:00
Domain 3 and talk about electronic discovery.
00:00
In particular, we'll cover the basics
00:00
of discovery as well as
00:00
electronic discovery and then
00:00
examine a real-world case ripped from the headlines.
00:00
Discovery is the compulsory disclosure of
00:00
relevant documents between
00:00
opposing parties in litigation.
00:00
It's time to go to court.
00:00
Both parties, the plaintiff and the defendant,
00:00
need to exchange certain materials.
00:00
This is the official way to go about doing it.
00:00
If you personally or your company,
00:00
it was ever active in litigation or reasonably
00:00
foresee and anticipates litigation is going to happen,
00:00
you don't want to destroy the materials.
00:00
This is a very bad thing.
00:00
In fact, when this happens,
00:00
the jury will be instructed to assume that
00:00
the destroyed evidence contains
00:00
the worst possible information against you,
00:00
the most damning information there.
00:00
It's not a good practice to
00:00
do this and it is very much illegal,
00:00
and it can end up putting you in a very bad situation,
00:00
even worse so than if you had
00:00
just let the information remain and
00:00
handed it over in accordance with
00:00
the standard process of discovery.
00:00
To that end, if you can obtain the information,
00:00
you must provide the information.
00:00
Just because your data is
00:00
physically managed by a third party,
00:00
a Cloud provider, that doesn't
00:00
remove it from scope of discovery.
00:00
When that information is requested,
00:00
you are expected to provide it.
00:00
We're talking about electronic discovery
00:00
and you're expected to provide it in standard format,
00:00
like a PDF or CSV or plain text file formats.
00:00
In the legal sense,
00:00
authentic has a very special word.
00:00
Data must be authentic to be admissible in court.
00:00
That means that it has to pass through a certain chain of
00:00
custody and in the case
00:00
that data cannot be authenticated,
00:00
it can't be considered admissible
00:00
evidence in the court of law.
00:00
If you've ever watched crime shows,
00:00
they talk about the physical evidence
00:00
that was collected at the scene of the crime
00:00
and there are certain procedures
00:00
that need to take place to
00:00
inventory the evidence at the scene of the crime,
00:00
pass it through and into the evidence room,
00:00
check it into the evidence locker
00:00
of the police department.
00:00
It's similar in the electronic discovery sense
00:00
, but Cloud, it does make an effect
00:00
and an impact on that chain of custody.
00:00
Take for example, a Cloud provider
00:00
may allow you to export certain data,
00:00
say, a large scale data dump to CSV format.
00:00
But there could be certain metadata that
00:00
gets stripped as part of that process.
00:00
For example, IP logging.
00:00
Not just who updated the record,
00:00
but what was the IP address
00:00
that this individual was coming from?
00:00
That's important because that metadata that
00:00
isn't included in the standard export process,
00:00
that may be required to really validate that the data is
00:00
indeed genuine and therefore
00:00
admissible into court of law.
00:00
Again, your data in the Cloud is
00:00
subject to discovery and your contract should
00:00
have terms that require that
00:00
the Cloud provider themselves send you notice.
00:00
Something that lets you know
00:00
this third party has issued them discovery,
00:00
and that gives you a moment to really
00:00
ensure is this discovery valid.
00:00
Don't forget, there's a lot of
00:00
smart bad guys out there could
00:00
currently have anti-competitive behavior and
00:00
they're forging documents and sending it to
00:00
Cloud providers so that they can get copy
00:00
and access to a lot of key and important information
00:00
for your company and really do some nasty things.
00:00
It's very important that the Cloud provider give you
00:00
that opportunity and send you that notice,
00:00
so this, you can make sure this is legitimate.
00:00
It's definitely not on the owners of
00:00
the Cloud provider themselves
00:00
to ensure this is legitimate.
00:00
Let's talk about the United States CLOUD Act,
00:00
Clarifying Lawful Overseas Use Of Data.
00:00
It was introduced in 2018,
00:00
and it empowers US and foreign police to
00:00
take certain actions against US based providers.
00:00
Or conversely, it requires that US based providers
00:00
be very cooperative with certain US and foreign police.
00:00
It minimizes the notice and
00:00
procedural requirements for US
00:00
and foreign police to seize data
00:00
from US based Cloud providers.
00:00
When I say US based,
00:00
I mean their headquarters are in the United States,
00:00
but their data centers could be anywhere in the world.
00:00
In fact, Microsoft,
00:00
went toe to toe against the United States,
00:00
starting in early 2013,
00:00
the FBI had a warrant to access
00:00
data that was in one of Microsoft's data centers,
00:00
but resided in Ireland,
00:00
which clearly outside the United States
00:00
and Microsoft said no.
00:00
In fact, the whole procedure
00:00
escalated to the Supreme Court in
00:00
2016 and then while
00:00
undergoing review during the Supreme Court,
00:00
the CLOUD Act was passed.
00:00
Ultimately, the FBI issued a new warrant under
00:00
the CLOUD Act and then the ongoing case between Microsoft
00:00
and the United States about
00:00
that 2013 warrant was dismissed because the new warrant
00:00
compelled Microsoft to provide FBI with
00:00
the information that they wanted to
00:00
access located in that data center.
00:00
Earlier in this module,
00:00
we talked about the effects of
00:00
the Cloud providers headquarter location,
00:00
and that has impacts on data privacy laws.
00:00
This is a great and clear example
00:00
where the fact that you have a Cloud provider in the US,
00:00
regardless of where the actual data is,
00:00
their location and their headquarters
00:00
and it has an impact on
00:00
how US based Cloud providers SAS,
00:00
Pass, IS, what have you,
00:00
have to cooperate with US authorities
00:00
regardless of which country the data centers are located,
00:00
and regardless of what information
00:00
they have about what citizens from where in the world.
00:00
The CLOUD Act is probably not
00:00
going to be on the CCSK exam.
00:00
But I do think it is a great example to look at and
00:00
really understand and bring things
00:00
full circle into a real-world perspective,
00:00
why you want to take into
00:00
account all these different things when you're
00:00
evaluating not
00:00
just the data privacy regulations applicable to you,
00:00
but the Cloud provider and
00:00
what's that going to do in terms of
00:00
your company and the risks it may set you up for.
00:00
In closing, we covered the basics of discovery,
00:00
we talked about the nuances of electronic discovery and
00:00
then we examined the real-world case of
00:00
Microsoft versus the United States,
00:00
and we took into account
00:00
the more recently passed CLOUD Act,
00:00
which provides the US authorities
00:00
with the ability to reach
00:00
across international boundaries to
00:00
seize data from US based Cloud providers.
Up Next