In This Issue:

	From the Bench: Judges Evaluate Hard Drive Imaging
	The Brill Files: Caution -- Avoid Credit Card Scam Known as "Vishing"
	Technology You Should Know: Carrying a Cellular Phone May Make One More Accessible Than Intended
	News & Events

From the Bench: Judges Evaluate Hard Drive Imaging

Court Allows Imaging of Employee’s Laptop Hard Drive
Sims v. Lakeside School, 2007 WL 2745367 (W.D.Wash. Sept. 20, 2007). In this discovery dispute, the defendant made an image of the plaintiff’s employer-owned laptop with no objection from the plaintiff. Shortly thereafter, the plaintiff objected, prompting the defendant to file this motion to compel review of the hard drive. The court found the plaintiff had no reasonable expectation of privacy since the laptop was furnished by his employer and clearly articulated in the employee manual. The court granted the defendant’s request to review the contents of the plaintiff’s hard drive excluding web-based generated e-mails, communications between the plaintiff and his spouse (marital communications privilege) and communications between the plaintiff and his attorney (attorney client privilege). Agreeing with the defendant’s proposal as to how the hard drive should be imaged, the court ordered the defendant to provide, at its expense, the parties with a list of files from the plaintiff’s computer, allowing the plaintiff a chance to review for any privileged files.

Court Denies Request for Mirror Imaging of Seized Hard Drive
United States v. Flinn, 2007 WL 3034932 (E.D.Cal. Oct.16, 2007). In this suit charging the defendant with possession of child pornography, the defendant filed a motion seeking to have a mirror image of his seized hard drive and thumb drive removed from government facilities for expert examination purposes. The defendant challenged the constitutionality of an act requiring the government to main control of seized material constituting child pornography. The defendant claimed that no defendant in a child pornography case would have an “ample opportunity” to inspect the contraband unless the expert is free to take the contraband to an expert’s facilities for use with the expert’s own devices/software. No pertinent appellate court cases existed and several district court cases determined that the act was consistent with due process. Additionally, the court determined that the defendant and the expert made no attempt to differentiate his case from the “ordinary” child pornography case. Therefore, the court found the government facilities offering an “ample opportunity” to perform at least the initial examination of the seized materials.

Court Denies Plaintiff’s Request for Unlimited Access to Defendants’ Hard Drives
Verigy US, Inc. v. Mayder, 2007 WL 3144577 (N.D.Cal. Oct. 24, 2007). In this trade secret misappropriation case, the plaintiff sought an expedited motion to compel the defendants to produce mirror images of all hard drives. The issue at question was whether the defendants should be permitted an opportunity to review and object to any potential third party expert searches deemed necessary by the plaintiff. The court held that the defendants’ review of the search terms was entirely reasonable, comporting with the normal conduct of discovery. The court approved the defendants’ proposed protocol which allowed for 1) discovery in areas the defendants deemed presumptively relevant and 2) other searches at the plaintiff’s request, subject to the defendants’ opportunity to review and object.

Court Orders Plaintiff to Produce Personal Hard Drive for Limited Inspection
Benton v. Dlorah, Inc., 2007 WL 3231431 (D.Kan. Oct. 30, 2007). In this employment discrimination suit, the defendants moved to compel the plaintiff to produce documents responsive to their requests for production and the hard drive of the plaintiff’s personal computer. The defendants also sought sanctions for the plaintiff’s failure to provide complete responses and alleged destruction of evidence. The defendants argued that the plaintiff admittedly deleted and failed to produce relevant e-mail communications with her husband and students. Further, the plaintiff used her personal computer to send and delete hundreds of responsive e-mails, therefore, entitling the defendants to the plaintiff’s personal computer hard drive for retrieval of the deleted e-mails. The plaintiff objected, claiming the hard drive contained personal, privileged information beyond the scope of discovery. The court ordered the plaintiff to produce her personal computer for inspection by a forensic specialist, limited in scope to topics responsive to the production requests, and ordered the plaintiff to pay $1,000 in sanctions to reimburse the defendants for costs associated with filing of this motion.

The Brill Files: Avoid Credit Card Scam Known as "Vishing"

The other day I received an e-mail stating that my credit card had been disabled as a security measure due to a purchase outside my normal charge area. The e-mail went on to say that to reactivate my account I must call an 800 number, (a number that looked fairly similar to the number on the back of my card) enter my account and social security number, and that my card would be reactivated. Being my normal curious self, before calling this 800 number, I decided to call the number on my card first. It was a good thing I did.

My bank told me they had nothing to do with this mysterious e-mail, as I had suspected. This incident piqued my curiosity so I began investigating this e-mail.

Vishing – short for voice phishing – is the newest trend scamming consumers. It seeks to acquire confidential financial information from consumers, such as social security numbers, bank account numbers and credit card details. The older method of trickery was known as phishing, a method whereby a wrong-doer sends an e-mail to a victim directing them to respond or visit a bogus Web site to supply confidential information. However, phishing has received widespread media attention thereby forcing criminals to become more creative.

The most common way scammers reach consumers in this method of vishing is through fraudulent e-mail. This e-mail claims that the consumer’s bank account has been frozen, deactivated or breached and instructs the consumer to contact the financial institution by calling the number provided (most often an 800 number). After the consumer calls the number and enters in requested information, the phone call may either be dropped, or the scammer will connect the consumer to an actual customer service representative from the consumer’s financial institution. In either scenario, the consumer is essentially in the dark about the stolen information. It appears that consumers are more willing to give confidential information over the phone than over the Internet, making this method of deceit fairly successful.

I also learned that criminals may try to contact the consumer through a telephone call. In this method, the criminal utilizes VoIP - Voice over Internet Protocol - to contact potential victims, enabling them to infiltrate caller-id systems, misrepresent the number, and display a number belonging to a legitimate financial institution. Additionally, scammers can call from almost anywhere in the world and use a correct regional area code, raising fewer red flags for potential victims. Once the consumer answers, either a live person or an automated system will instruct the consumer to enter confidential information.

Any consumer who has experienced suspected vishing should contact the Internet Crime Complaint Center – organized by the FBI and the National White Collar Crime Center. As with traditional e-mail scams, consumers should be wary of any phone call that directs them to enter confidential information. Rather than entering any information, call the number of your financial institution that appears on your credit card statement or the back of your credit card. This will allow you to verify the authenticity of the contact and report any fraudulent calls. My advice is to be a smart consumer. Anytime a person contacts you requesting confidential information, take a message and verify the authenticity of the request before blindly handing over your confidential information.

If you would like to explore the opportunity of Alan Brill speaking at a conference you are supporting or organizing, please contact Kristin Husom at 952 516 3781 or at khusom@krollontrack.com.

Technology You Should Know: Carrying a Cellular Phone May Make One More Accessible Than Intended

The cell phone is a seemingly simple device; however, the way a cell phone operates is more complicated than one might think. Cell phones work by sending a signal to a cell tower receiver. The cell tower then transmits the signal to a receiving device, often another phone. Immediate connectivity occurs in areas in close proximity to cell towers because the phone is continually sending signals to the nearest tower. While this process makes using a cell phone quite convenient, it also implies that cell phones can operate as tracking devices. Because the location of the phone is detectable, the person using the phone is detectable, as well.

The first request for this tracking function came from police officers and their need to establish the location of origin for emergency phone calls. A cell phone, unlike a land-line phone, did not provide the location of the caller absent a request from the police department. In instances where a person was unable to speak, the tracking ability of the land-line phone was crucial to emergency personnel trying to respond to the incident.

Cellular phone companies became aware and started offering this as a service to individuals and governments alike. For example, cellular companies marketed the service to concerned parents worried about the whereabouts of their children. This technology has also been deployed by safety officials looking for missing people and government representatives wanting to know the whereabouts of criminals. This potentially invasive technology may raise concerns not only for a criminal suspect, but for the privacy rights of the average citizen.

A request for tracking information from a cell phone generally requires a warrant based on probable cause that a crime is taking place or that such information will establish evidence of a crime. However, some prosecutors are seeking warrants based on the Stored Communications Act and the Pen Register Statute which merely requires the requesting individual to establish specific and attributable facts showing a reasonable ground to believe that the information is relevant to an ongoing criminal investigation. This lower threshold may allow the government to monitor the whereabouts of law abiding citizens, thereby arguably invading one’s right to privacy.

NEWS & EVENTS

Kroll Ontrack Issues Another “ESI Report” on the Legal Talk Network

Meet our representatives at the following events:

Visit www.krollontrack.com/upcomingevents for more information on these events and others.

Back To Top

We Request Your Input

Our legal consultants, project managers, and technology experts strive to stay on top of e-discovery law. If you are aware of any additional local court rules or new cases in this area of the law, please contact us by writing to jshogren@krollontrack.com.

This newsletter is written by Joni Shogren, a Kroll Ontrack staff attorney with assistance from Gina Jytyla, also a Kroll Ontrack staff attorney. Ms. Shogren can be contacted by writing to jshogren@krollontrack.com.

For more information about e-discovery and computer forensics services, contact Kroll Ontrack at 800 347 6105 or www.krollontrack.com.