In This Issue:

	From the Bench: Entering a Password on a Locked Computer Considered Testimonial
	The Brill Files: The Case of the Phantom Photograph
	Technology You Should Know: Happy Holidays? A Heartfelt Greeting from the ”Storm Worm”
	News & Events

From the Bench: Entering a Password on a Locked Computer Considered Testimonial

Relying on the Fifth Amendment, Court Refuses to Order Defendant to Enter Password to Unlock Incriminating Files on Computer
In re Boucher, 2007 WL 4246473 (D.Vt. Nov. 29, 2007). In this criminal case, the defendant was stopped at the customs and border station while entering Vermont from Canada. Agents searched his laptop and found what appeared to be images of child pornography. The defendant was arrested and charged with transportation of child pornography. After imagining the defendant’s hard drive, agents learned they were unable to further access the files on the drive because the files were encrypted, password protected and inaccessible. Thereafter, the government subpoenaed the defendant and directed him to provide all documents that reflected the password. The defendant moved to quash the subpoena, claiming compliance would violate his Fifth Amendment right against self incrimination. The court reiterated the requirements for Fifth Amendment protection as: a compelled, testimonial communication that is incriminating in nature. The court determined that a subpoena constitutes compulsion because it requires compliance and as the files sought allegedly contained child pornography, entry of the password would therefore be incriminating. As such, the contentious issue was whether entry of the password constituted a testimonial communication. The court held that entering a password into a computer communicates facts that convey the contents of one’s mind, and therefore found the act of entering this password to be testimonial, implicitly demonstrating that the defendant knew the password and had access to the files. The court therefore granted the defendant’s motion to quash the subpoena.

The Brill Files: The Case of the Phantom Photograph

The life of a computer forensic examiner can be summed up into one word – enthralling. The situations I find myself in and the work I am a part of vary dramatically and keep me on my toes. A recent case I worked on with some of my forensic colleagues provides a perfect example. Here is the story of the case of the phantom photograph.

My colleagues and I were approached by a client looking for a smoking gun photograph that was the basis for the termination of a prior employee. This disgruntled employee filed a lawsuit asserting wrongful termination but the employer claimed the termination was due to the employee’s harassment of another employee. Unfortunately, the employer failed to maintain a copy of the photograph but hoped that it remained on the plaintiff’s personal home computer.

The plaintiff claimed the photograph never existed and had no intention of handing over his personal computer to his prior employer. Fortunately, for our client, the judge required the plaintiff to hand over his personal computer. Our experts imaged the drive and began searching for the “smoking gun.”

After handing over the computer, the plaintiff continued to claim that the picture was a figment of the employer’s imagination and that he was owed reinstatement and monetary damages due to his wrongful termination. The parties entered into negotiations, attempting to resolve the dispute without litigation. Over the next few weeks and several failed negotiations, our forensic experts searched through the machine. We uncovered one wrinkle that complicated the investigation; a wiping hardware had been installed on the day the plaintiff was ordered to produce the hard drive. Fortunately, the wiping hardware did not have enough time to complete its tasks and we were able to locate the photograph. Needless to say, the plaintiff dropped his claim upon being confronted with the photo. Another enthralling example of the age-old tenet: delete does not necessarily mean delete.

If you would like to explore the opportunity of Alan Brill speaking at a conference you are supporting or organizing, please contact Kristin Husom at 952 516 3781 or at khusom@krollontrack.com.

Technology You Should Know: Happy Holidays? A Heartfelt Greeting from the "Storm Worm"

Shortly before and after Christmas, “Storm Worm”, a malicious software code, sent holiday and “Happy New Year 2008” e-mail spam to millions of computer users and accounts across the globe. These e-mails contained links and attachments connected to infected Web sites that install malware on the user’s computer. The Storm Worm is capable of recording keystrokes, potentially leading to stolen credit card or other personal information.

This particular virus originated in January 2007. During that time, devastating weather was sweeping across Europe, claiming lives and causing massive destruction. Hackers capitalized on people’s curiosity, sending e-mails promising video footage of the storms. Once the recipient clicked on the fake video link, the user’s computer became infected with the virus – dubbed the Storm Worm. The creators used botnets to implement a complicated hacking scheme that avoids spam and virus protections via e-mail. The Storm Worm has shifted throughout the past year from current events e-mails to holiday related content and even traditional e-greeting cards have become susceptible.

The Storm Worm wreaks havoc online by capitalizing on trusting people. Some of the most current subject lines include:

• Happy 2008 to you!
• A fresh new year
• Happy New Year To You!
• New Year Ecard
• Feel the Holiday Spirit
• I love this Carol!
• Merry Christmas From your Secret Santa

The malicious code has been distributed through various domains that are not recommended for visitation. These domains include, but are not limited to:

• hxxp://merrychristmasdude.com
• hxxp://uhavepostcard.com
• hxxp://happycards2008.com

There are several measures computer users can take to avoid falling prey to the Storm Worm. Filtering spam and installing anti-virus software are important first steps but it is important to remember that hackers are finding ways around filters and anti-virus software. One best practice is to never click on a link in an e-mail – especially one that is unsolicited – because the Storm Worm requires some form of proactive computer action in order to infect a machine. If in doubt, contact the sender before clicking on any attachment or link. With the growing prevalence of malicious innovations, 2008 promises to be a year in which caution should be emphasized.

Back To Top

NEWS & EVENTS

Kroll Ontrack Issues Another “ESI Report” on the Legal Talk Network
Recently, Kroll Ontrack partnered with the Legal Talk Network to discuss cutting-edge issues and judicial opinions relating to electronically stored information. Michele Lange, Director of the Legal Technologies product line for Kroll Ontrack, hosts the radio show entitled “The ESI Report.” The show is split into three segments: the Spotlight, the Buzz and Bits and Bytes Legal Analysis. The Spotlight and Buzz sections concentrate on hot topics in the area of electronic discovery and give listeners a snapshot into important issues facing practitioners. Former guests include Ken Withers, Ralph Losey, Judge James Francis and others discussing data accessibility, the revised Sedona principles and a law school course focused on teaching electronic discovery to future lawyers. The Bits and Bytes Legal Analysis segment focuses on late-breaking cases, including Columbia Pictures v. Bunnell, Qualcomm v. Broadcom, and the Citizens for Responsibility and Ethics in Washington v. The Executive Office of the President. With thousands of listeners to date, be sure to listen and stay up to date by visiting: http://legaltalknetwork.com/modules.php?name=News&new_topic=17

Meet our representatives at the following events:

Visit www.krollontrack.com/upcomingevents for more information on these events and others.

Back To Top

We Request Your Input

Our legal consultants, project managers, and technology experts strive to stay on top of e-discovery law. If you are aware of any additional local court rules or new cases in this area of the law, please contact us by writing to jshogren@krollontrack.com.

This newsletter is written by Joni Shogren, a Kroll Ontrack staff attorney with assistance from Gina Jytyla, also a Kroll Ontrack staff attorney. Ms. Shogren can be contacted by writing to jshogren@krollontrack.com.

For more information about e-discovery and computer forensics services, contact Kroll Ontrack at 800 347 6105 or www.krollontrack.com.