Apr 29, 2014

Relationships In The Internet Age
The Secrets Inside Social Media Data: Why 2014 Is Not 1989
The Right To Privacy
One Person’s Social Media Timeline Is Another Person’s Treasure Trove Of Evidence
Be Careful What You Post
What Will Come In 25 Years?
Remembering Life Before Social Media

The following is based on true cases, but all the names and places and certain relevant details have been changed to preserve privacy.

Dan Kearney was checking Facebook in the teachers’ lounge when he noticed a surprising friend request. Wow. Katie Ayers? Really?

A rush of memories came back. It was 1989. He was a first-time teacher, barely older than the kids in his class. Katie asked him about poetry, and he bought her a few books. Flirting after class turned into him reading to her down by the lake… and a relationship that was completely inappropriate. She had sent him some perfumed letters and some sexy Polaroids of herself in a bikini, but no other evidence of that relationship existed anywhere. As a parent himself now, Dan thought to himself “it seemed pretty innocent at the time, but in hindsight…”

Just then, Walker Baley burst into the teachers’ lounge. “Dan, are we alone?” Dan closed the laptop and nodded. “Dan, the Principal took my laptop and smart phone. I was able to run to the library to deactivate my Facebook and Twitter accounts. I’ll be OK, right?”

Dan grinned at Walker and said I hope so. The second Walker left the room, Dan deleted his Facebook account as well. Better safe than sorry.

Relationships In The Internet Age

Walker Baley was a lot like Dan had been back in 1989. He was a fresh-faced young teacher with the sun-bronzed good looks and teasing humor of the surfer he was on the weekend.

More than a few girls had a crush on him, and competed openly for his attention. “If you need an A”, the joke at school went, “flirt with Walker B.”

The Principal cautioned him on more than one occasion about interacting with students off-campus. Absolutely, Walker thought to himself. That’s why we stick to public places.

That weekend, student Sarah Kozelka posted a message to Walker’s Facebook wall saying “Fun bumping into you at the beach today Mr. B! So handsome in your board shorts.”  Walker “liked” her comment.

Sarah’s ex-boyfriend Matt didn’t “like” that exchange one bit. He emailed the photo to Sarah’s Dad with a message that said “I thought you might like to see who Sarah’s spending time with since she dumped me.” The attachment was a photo “selfie” of Sarah and Walker Baley, from her Facebook page.

Mr. Kozelka called the local school board. What exactly did they know about Walker Baley?

The Secrets Inside Social Media Data: Why 2014 Is Not 1989.

The school board had a responsibility to follow up, so they quickly engaged Capsicum to investigate.

The “selfie” with Sarah that her ex-boyfriend showed Sarah’s Dad was completely innocent. The EXIF data (Exchangeable Image File) encoded in the image revealed that the time the photo had been taken was during Mr. Baley’s class, and the location information placed the photo on-campus.

But other evidence was far more troubling. Sarah and Walker checked into the same beach restaurant using Foursquare at the same time for several weeks in a row. Multiple party photos of Walker on Instagram showed Sarah on his arm or in the background, and the EXIF data placed them far off campus on several Saturday nights.

Walker Baley had deactivated his Facebook and Twitter accounts. But, the school board and local authorities pressed Walker Baley to bring his Facebook page up again. Even if he had deleted the account, it would still have been recoverable for up to two weeks afterward.

The Right To Privacy

At first, Baley refused. He had a right, his lawyers claimed, to his privacy.

But, as we’ve seen in similar cases, such as 2013 Ehling v. Monmouth-Ocean Hospital Service Corp, there is no guarantee that your information will remain private.

Moreover, as the decision in the 2010 Romano vs. Steelcase case states, “if the publically available portion of an individual’s social media makes it reasonably likely that the individual’s private posts contain relevant information, the party must produce even the private portions requested.”

Capsicum moved forward and forensically imaged the suspect computer and smartphone to search for web related artifacts, including images, chat logs, keywords, etc. Facebook evidence was found that supported the suspected relationship as well as temporary internet files indicating visits to pornographic websites on the laptop lent to Walker Baley by the school.

Capsicum testified at the hearing as to our findings. Walker Baley was fired for actions “unbecoming of a teacher”.

Sarah unfriended her ex-boyfriend Matt and blocked him on every social media site she could. But it was all too late.

One Person’s Social Media Timeline Is Another Person’s Treasure Trove Of Evidence.

As a former Deputy District Attorney for Los Angeles County recently said,

“As a prosecutor, the first thing I do when I get a case is to Google the victim, the suspect, and all the material witnesses. I run them through Facebook, MySpace, Twitter, YouTube and see what I might get. I also do a Google image search and see what pops up. Sometimes there’s nothing but other times I get the goods – pictures, status updates, and better yet, blogs and articles they’ve written.”

All of these are potentially rich sources of evidence and can help pinpoint a person’s location at a given time, their friends and “social footprint”, conversations, photos and videos, what applications they were using at a given time, and more. All of these sources hold legal value such as party admissions, state of mind, witness credibility, and witness character.

Inappropriate relationships are just one example of what we have been asked to investigate on the Internet. Capsicum has worked on cases related to slander, cyber-attacks, corporate espionage, FTC investigations, and matters where social media platforms were hacked and users’ profiles were tampered with.

Be Careful What You Post

Company laptops, tablets and smartphones blur the lines between professional and private lives. Educating employees and your family about how each site works in social media and what to expect before joining is of utmost importance. Remember that privacy rules and settings change often – and not always with the effect of enhancing privacy.

And just like real-life society, people aren’t always nice. Bullying, harassment, sexual predators, uncontrollable spread of information, loss of privacy, inaccuracies and slander, viruses and malware, all exist online – and the power of the network can amplify the worst behaviors.

Regulatory agencies are taking charge. The SEC's recently issued a Risk Alert regarding its ongoing initiative to assess cybersecurity preparedness. The alert focuses on:

  • An entity's cybersecurity governance;
  • Identification of cybersecurity risks;
  • Networks protections;
  • Customer access and funds transfer controls;
  • Vendors and third party risks; and
  • Detection and remediation of threats.

The United States Department of Health and Human Services (HHS) now offers an electronic checklist (on-line tool) to assist certain organizations in the self-evaluation of HIPAA security rules. HHS along with the FTC is taking a stronger position in enforcement by filing more and more complaints.

The FTC has and is going after companies that are negligent with their security and privacy practices. Industries such as healthcare, travel, finance, entertainment, and technology have been targeted. While the FTC’s authority to bring such claims has been questioned, its right to protect consumers is winning the day.

The best advice for you and your company: keep private information private. A good rule of thumb is to not post anything online anywhere that you wouldn’t want the entire world to see. If you wouldn’t put it on a billboard in Times Square, don’t post it on the web. Once the information is out there, you can’t get it back.

What Will Come In 25 Years?

The rise of “the Internet of things” – devices with embedded sensors like the Nest home thermostat, for example – likely means the amount of daily data about everyone’s lives will increase radically. If someone’s alibi is that they were at home when an event happened on the coldest day of the year, will their Nest thermostat data be discoverable? As more and more driverless cars hit the roads, will data from those cars be used to determine whether a defendant’s car was on the road at the same time?

Already, triangulation – the use of three cell phone towers to approximate the location of a cell phone – has been used in criminal cases. What’s more, as The Richmond Journal of Law and Technology notes, “Historical cell site data records the information a cellular company keeps on a phone and may show a history of prior location.” What can we expect as drones and robots take a greater role in commerce?

If the next 25 years of the Web grow anything like the first 25 years did, the future promises to be very interesting indeed. And as forensics investigators we will have our work cut out for us.

Remembering Life Before Social Media

There was a time not too long ago, when…
A tweet was something a bird did.
Friending didn’t require a mouse.
Your profile was the side of your face.
Nobody counted how many “likes” they got.
The wall wasn’t on Facebook. It was a Pink Floyd album.
Post was what they called the mail in the United Kingdom.
A feed was usually accompanied by a knife and fork.
Tagging was something kids did at a playground.
If you had a lot of followers you were either the Pied Piper, or you were leading a cult.