380 likes | 514 Views
Introducing Anthony Drake/Mike Spence Workplace CSI. Workplace CSI: what to do when your data walks out the door. Anthony Drake, Bell Gully Mike Spence, deCipher Ltd. A real NZ scenario. A trusted employee gives notice
E N D
Introducing Anthony Drake/Mike Spence Workplace CSI
Workplace CSI:what to do when your data walks out the door Anthony Drake, Bell Gully Mike Spence, deCipher Ltd WWW.BELLGULLY.COM | IFLR NZ LAW FIRM OF THE YEAR
A real NZ scenario • A trusted employee gives notice • Two days before resigning he remotely accesses the company’s computer network • He spends five hours downloading company information: product, price and client lists, strategic plans, forms etc WWW.BELLGULLY.COM | IFLR NZ LAW FIRM OF THE YEAR
He applies to use up his annual leave during the notice period • He hands in his work laptop computer and other property • His manager asks: where are you going? what are you going to do? • Met with reticence, reluctance to reply WWW.BELLGULLY.COM | IFLR NZ LAW FIRM OF THE YEAR
The manager suspects that the employee is off to a possible new competitor • A “reminder” letter about confidentiality is sent and undertakings sought • The response is unacceptable WWW.BELLGULLY.COM | IFLR NZ LAW FIRM OF THE YEAR
Enter the forensics expert Computer forensics is:using computer investigation and analysis techniques in the interests of determining potential legal evidence WWW.BELLGULLY.COM | IFLR NZ LAW FIRM OF THE YEAR
Steps in a computer forensic examination: • Acquire evidence • Analyse evidence • Produce report Provide ‘expert’ consultation and testimony WWW.BELLGULLY.COM | IFLR NZ LAW FIRM OF THE YEAR
Acquisition • Search warrant and Anton Piller orders • Delivered to the Lab • On site • Overt and covert WWW.BELLGULLY.COM | IFLR NZ LAW FIRM OF THE YEAR
Forensics explained Computer hard drive WWW.BELLGULLY.COM | IFLR NZ LAW FIRM OF THE YEAR
Used Space Used Space Used Space Unused Space Unused Space A copy and a clone Computer Hard Drive A Copy A Clone 11 WWW.BELLGULLY.COM | IFLR NZ LAW FIRM OF THE YEAR
A clone and a copy • A forensic clone has embedded digital signatures • Can be used in court as ‘best’ digital evidence WWW.BELLGULLY.COM | IFLR NZ LAW FIRM OF THE YEAR
A matter of scale Average 80Gb Computer drive Printed A4 and stacked 4 Giga Bytes Printed A4 and stacked 13 WWW.BELLGULLY.COM | IFLR NZ LAW FIRM OF THE YEAR
TODAY’S BIGGEST THREATTO INFORMATION SECURITY WWW.BELLGULLY.COM | IFLR NZ LAW FIRM OF THE YEAR
The USB key Today’s biggest threat to information security WWW.BELLGULLY.COM | IFLR NZ LAW FIRM OF THE YEAR
This case • Laptop sent to forensics expert for examination WWW.BELLGULLY.COM | IFLR NZ LAW FIRM OF THE YEAR
Forensics report: 1 Laptop computer • On day before leaves company, accesses several thousand documents on company server over 5 hours, 12 minutes, 26 secs • Has USB device connected to laptop (Oti USB device) • Has previously connected laptop to printer(Brother MFC printer) Sample of files accessed provided including marketing planning, sales profile documents WWW.BELLGULLY.COM | IFLR NZ LAW FIRM OF THE YEAR
Demand for return of USB key made; not returned • Urgent application made to Employment Authority seeking return of all company information, USB key and preservation order for these • Authority convenes urgent hearing and issues orders • USB key is returned WWW.BELLGULLY.COM | IFLR NZ LAW FIRM OF THE YEAR
Forensics report: 2 USB memory sticks • One company USB used to back up files • Personal USB empty and formatted – forensic software reveals 8434 deleted files • Search reveals company name appears 26,764 times in files • Evidence of yet another computer found WWW.BELLGULLY.COM | IFLR NZ LAW FIRM OF THE YEAR
But wait there’s more • Another application made to the Authority seeking access to all and any personal computers • Orders granted • Home computer surrendered WWW.BELLGULLY.COM | IFLR NZ LAW FIRM OF THE YEAR
Forensic reports: 3-5 Home computer • Correspondence with Australian competitor company • Emails show man’s wife purchases laptop and printer (type previously discovered) • Company spreadsheets • Folder called “Work” deleted with contents, several days before clone made Forensic report 6 - laptop of another previous employee working for competitor: nothing found WWW.BELLGULLY.COM | IFLR NZ LAW FIRM OF THE YEAR
Another application to the Authority seeking access to wife’s laptop and USB key • Wife defends application, saying husband never had access to her laptop and it contained no company information • Authority order surrender of laptop and USB for examination WWW.BELLGULLY.COM | IFLR NZ LAW FIRM OF THE YEAR
Forensics report: seven Wife’s laptop and USB memory stick • Personal undertaking to ERA on scope and confidentiality of search • Company name mention found 19,129 times • Competitor company name found 835 times • Laptop used by man to correspond with competitor company while his home PC removed WWW.BELLGULLY.COM | IFLR NZ LAW FIRM OF THE YEAR
Final orders • Application for consent orders for restraint of trade for six months • Employee prevented from working for competitor company for that period • Employee ordered to pay company’s costs WWW.BELLGULLY.COM | IFLR NZ LAW FIRM OF THE YEAR
Key legal principles • Common law duty not to use or disclose confidential information • English Court of Appeal: Faccenda Chicken v Fowler (1985) • express/implied duties of confidentiality • good faith and fidelity • post employment limits on information use • type and nature of information is relevant WWW.BELLGULLY.COM | IFLR NZ LAW FIRM OF THE YEAR
Legal rights of employers • Issue a cease-and-desist letter and demand return of information • Seek a search and seizure order (Anton Piller) from the High Court • Apply to the Employment Relations Authority seeking directions: preservation, surrender, and examination WWW.BELLGULLY.COM | IFLR NZ LAW FIRM OF THE YEAR
Legal rights of employers Complaint to Police • Crimes Act (2003 amendment) • taking, obtaining or copying trade secrets (section 230) – five years’ imprisonment • accessing computer systems for dishonest purposes (section 249) – seven years’ prison • damaging or interfering with computer systems (section 250) – seven years’ prison WWW.BELLGULLY.COM | IFLR NZ LAW FIRM OF THE YEAR
Putting protections in place Consider • Placing limitations on how much information an employee can download without first having to seek approval • Disabling laptop ports • Carrying out an exit audit WWW.BELLGULLY.COM | IFLR NZ LAW FIRM OF THE YEAR
Putting protections in place Act quickly • Confidential information issues naturally require immediate cooperation by employee; when cooperation is unlikely, compulsion by law to stop improper use of confidential and valuable company information WWW.BELLGULLY.COM | IFLR NZ LAW FIRM OF THE YEAR
QUESTIONS? Anthony Drake, Bell Gully Mike Spence, deCipher Ltd WWW.BELLGULLY.COM | IFLR NZ LAW FIRM OF THE YEAR
ANTHONY DRAKE SENIOR ASSOCIATE DDI 64 9 916 8875 MOB 021 970 140 anthony.drake@bellgully.com Contact details MIKE SPENCE deCipher Ltd PH 64 9 445 3843 MOB 021 446 229 enquiries@decipher.co.nz WWW.BELLGULLY.COM | IFLR NZ LAW FIRM OF THE YEAR