Nov 01, 2011

Welcome Message from Samuel (Sandy) Goldstein
A Perfect Storm -- The Rise In White Collar Investigations and The Proliferation of Electronic Information
Lessons Learned
Meet Capsicum Executive - Brian Halpin
Defending Corporations & Individuals In Government Investigations Book Review

Welcome to Our Newsletter

by Samuel (Sandy) Goldstein -
President & Founder of Capsicum Group, LLC

The proliferation of Ponzi schemes, privacy thefts, hackings, intellectual property thefts and embezzlements, along with failures to implement the most basic security controls, compromise not only corporate governance, but also undermine profitability and reputation. It is therefore imperative for legal professionals to prepare for and stay ahead of these wide reaching malfeasances.

In this first installment of Capsicum's newsletter, The Legal Investigator, our goal is to introduce readers to the industry’s best practices and courses of action when faced with investigations and litigations.

Since its founding over ten years ago, Capsicum Group LLC has been dedicated to assisting its clients in preparing for and responding to requests related to investigations, security breaches, legal technologies, compliance and electronic evidence. We hope the lessons learned by our contributors and staff will help our readers understand the most effective methods for internal and external electronic investigations.

Through the insight we provide, readers will better understand how to mitigate the outcomes of investigations and learn about cost effective and practical solutions for mining and producing electronically stored information.

As president of Capsicum Group, I invite you to explore the content in this newsletter and sign up to receive future issues, which will include discussions on electronic fraud and employee malfeasance. We hope that you find this information both useful and insightful.

Back to Top

A Perfect Storm
The Rise In White Collar Investigations
And The Proliferation of Electronic Information

By Daniel J. Fetterman

We have reached a "high water mark for governmental investigations in which the risk of becoming swept up in such an investigation is greater than ever before." Defending Corporations and Individuals in Government Investigations, West (2011). This increase in enforcement comes at a time when there also has been a "proliferation of cheap wireless and web-enabled smartphones and 'the cloud' - those enormous server farms that hold and constantly update thousands of software applications." Friedman, "One Country, Two Revolutions," The New York Times, Oct. 23, 2011. In the brave new era of Dodd-Frank whistleblowers and aggressive enforcement by regulators, among other developments, companies face greater burdens than ever before when responding to subpoenas or other government requests for information. The sheer complexity and cost of responding to such requests given the deluge of potentially responsive data created by innumerable electronic devices can be overwhelming. There are a few practical steps that companies can take to limit their potential exposure and reduce the burdens and costs of responding to a government investigation.

Preparing for the Storm

To prepare for and deal with a potential regulatory investigation, companies should ensure they have the following basics in place: (i) a robust compliance program, (ii) effective IT policies, (iii) experienced white collar counsel and (iv) qualified electronic data consultants.

Compliance Programs

Much has been written about the need for and the best ways to implement an effective compliance program. Every company should have a comprehensive program of policies, procedures and monitoring that actually deters, detects and corrects illegal conduct within the organization. Suffice it to say that in today's treacherous white collar environment, having a robust, risk-based compliance program in place is a necessity for every company. The legal or compliance department should assess the company's need for and develop compliance programs tailored to its greatest risks, including but not limited to FCPA, antitrust, trade secrets, fraud, accounting malfeasance and the like.

Effective IT Policies and Accurate Electronic Data Inventories

The area that often surprises companies when responding to a government subpoena or information request is the volume and complexity of the electronic data that they have to manage. With more open and flexible information technologies and custodians using multiple devices to conduct their business, including very often an office computer, a home computer, an iPad, a blackberry or iPhone, as well as the breadth of data often requested, including emails, texts, shared server documents, instant messages and accounting data, it very often is a daunting project to identify, locate, catalog and preserve that much data.

A good start is to ensure that your organization has clear IT policies, including limits on the type and number of devices where company data can reside as well as the volume and duration of data storage and retention. Every business should designate one person or department that is responsible for maintaining an accurate and up-to-date inventory of custodians and the devices they use. That person or department also should be responsible for the company's retention and back-up policies and procedures. The business must maintain an accurate, up-to-date list of back-up tapes and deletion or overwriting schedules. By working with the IT department to tightly monitor and inventory devices on which the company's data resides, a company can guard against the inadvertent loss or destruction of responsive data when responding to a government subpoena or information request – a circumstance that can create profoundly difficult problems during an investigation.

Experienced White Collar Counsel

Of equal importance are the quality and experience of the electronic data consultants working with the company's counsel. Outside counsel very often must rely on the knowledge and expertise of these data consultants to identify relevant and potentially responsive data and to appropriately capture that data. This often has to be done in a complex, dynamic environment in which data is being used and potentially modified every day and in which multiple systems have different operating platforms, backup protocols and the like. Consequently, outside counsel often must rely on the knowledge and experience of its electronic data consultants working with the company's IT department to quickly and effectively identify where and how to preserve potentially responsive electronic data and how to manage large amounts of data so that counsel can begin reviewing and analyzing that information.

Qualified Electronic Data Consultants

Very often, in a government investigation, the pace of an electronic data collection is much quicker and broader in scope than in civil litigation. Every company generally wants to be timely and thorough in responding to government requests while also being efficient and cost-sensitive. These goals sometimes conflict, but in the context of a government investigation the risks of not properly identifying and preserving responsive information, or of antagonizing the government lawyers who may ultimately decide a company's fate, are often too great to risk. Thus, one of the most important factors for a positive outcome in responding to a government investigation is the quality and experience of the attorneys and data consultants who work on the matter. Very often, when investigations progress poorly and the government becomes frustrated with the company, it is the result of inexperienced counsel or electronic data consultants who either have not managed the government's expectations appropriately or who have not properly identified, preserved, analyzed and produced responsive and relevant data. Clear and effective communication with government lawyers therefore is essential during an investigation. The dialogue with the government generally is most successful when the attorneys representing a company have the experience to make realistic commitments on the company's behalf that maintain the company's credibility and good will with the government.

Given the importance of electronic data consultants, company counsel should carefully consider which one to use. Good electronic data consulting firms share some common characteristics. They have consultants who used to work in law enforcement and who know how to forensically preserve data in a manner that makes government agencies comfortable that important data will not be lost in the collection process. They also have substantial field experience; that is, they have worked on internal and government investigations of varying sizes and complexity assisting counsel in preserving data, filtering the data and making it available on a platform that lawyers can access. Counsel should only work with electronic data consultants who have the necessary expertise, professionalism and project management skills to get the job done well.

Action Plan

By having robust, risk-based compliance programs in place, strict and well enforced IT policies, up-to-date inventories of custodians, devices and backup tapes, and by retaining experienced white collar counsel and electronic data consultants, companies will go a long way toward reducing the costs and burdens associated with responding to a government investigation should the need arise.

Back to Top

Lessons Learned

1. A senior IT executive with a week’s work of Encase training sent out to image an employee’s computer hard drive mistakenly imaged her OWN hard drive, where pornography was found.

Lesson learned: Law Enforcement 1, Employee 0

2. While trying to read an ancient Iomega drive without a power supply, a highly motivated business professional with an engineering background started plugging in various power devices and eventually found one that worked. It not only worked in powering up the device but also worked to create smoke and a fire!

Lesson learned: Manufacturers spend a lot of time blowing things up so you don't!

3. A less than diligent human resources recruiter had been spending an inordinate amount of time on his computer. As opposed to doing his job, it turns out that he was viewing inappropriate pictures on his computer. And how do we know this? He mistakenly shared his favorites with the entire office by sending them to several shared printers.

Lesson learned: Heed George Orwell's book Nineteen Eighty-Four

4. A client’s data center cooling system was on the fritz during a court ordered investigation. A HVAC repairman called in to fix the problem set off the sprinkler system in the server room, delaying the recovery of data and causing the recovery costs to eclipse the cost of the entire investigation.

Lesson learned: Setting off the sprinkler system in the high school cafeteria is WAY more funny than when done in the work place.

5. At Capsicum we have a “test” for new interns to find out how resourceful and knowledgeable they are by sending them out to the store to purchase a Flux Capacitor (fictional device from movie, Back to the Future)

  • If they run out and come back and tell you they could not find one or its out of stock…keep a watchful eye on that employee as their knowledge or honesty should be taken into question.
  • If they refuse to go to the store and tell you that someone is pulling a prank…give them a bonus.

Lesson learned: At least interns don’t cost a lot of money.

Back to Top

Meet Capsicum Executive Brian Halpin

How did you land at Capsicum Group?

The truth of the matter is that I randomly came across Capsicum Group while reading the real estate section (something I never did) of the Philadelphia Inquirer one Sunday morning and learned that they were moving to the Cira Centre in Center City, Philadelphia. The article also described Capsicum as a technology company that did computer forensics. I was excited to hear about such a company being local to Philadelphia, where I attended law school. As it now turns out, we have a national footprint.

Prior to joining Capsicum we heard that you were an FBI Agent. How rigorous was the application process for the FBI?

The FBI has an exhaustive interview process that took about eight months. After completing a 13 page background application, a three panel interview, a drug test and a formal background check, the next step was the polygraph examination.

I was quiet nervous (believe me, I had nothing to hide!) about the polygraph exam even after the agent administering the polygraph shared the exact questions prior to the examination. You hear all kinds of stories about people taking polygraph exams and failing even though they tell the truth. I felt my heart beating the entire time. When the examination was complete, I remarked to the examiner that I was glad that it was over with as I was nervous. He looked at me and said, "You should have told me that!" I walked out of there thinking that even though I told the truth, I could have failed. I remained uncertain until I received the official – favorable – results.

How did you become involved with computer forensics?

After completing FBI training at Quantico, I was assigned to an international terrorism squad at the Washington Field Office. One of my first assignments was surveillance. As part of the training, I spent a week in California learning to ride a motorcycle with the California Highway Patrol (CHIPs). I was doing pretty well until day four when I accelerated out of control up a dirt hill and landed head-first in a mound of dirt. My knee went through the gas tank – destroying it! Fortunately the only injury I suffered was being totally embarrassed. They gave me the destroyed gas tank as a souvenir, and that was the end of my motorcycle career. From that point on I figured computers would be a safer route.

What was your experience like with the FBI’s Computer Analysis Response Team (CART)?

As part of the 9/11 investigation, I was on a team of agents that responded to the Pentagon attack. I was searching through debris that resulted from the plane that struck the Pentagon looking for hard drives from computers that may have been brought onto the airplane by the terrorists. I searched wearing a white disposable coverall splash contamination suit, which at the end of the day had to be hosed down prior to my removal of it. The search was complicated by the fact that the Pentagon offices, its employees and visitors, as well as the other passengers of the airplane had computers as well. It was a surreal scene; we would see twisted metal and debris and yet I would see a family photo album perfectly intact sitting next to the charred rubble. We actually did recover a number of drives that we brought back to our lab for forensics analysis.

What case do you remember most at Capsicum?

A case that stands out is an engagement that involved theft of intellectual property. The case had dual jurisdiction (US and Ireland) and the trial was held in Ireland. I was asked to testify in court about my findings from the computer forensics examinations performed on multiple computers. I flew over to Ireland to meet with Irish counsel and was immediately struck by how fast they spoke. I was having trouble with their brogue accent despite the fact that my own father was born and raised in Ireland. Upon entering the court to testify the decorum was strikingly different from the United States. For example, counsel for both parties wore black robes and the judge wore a white wig.

The good news is that I was able to completely understand all those that questioned me during the trial. The technical aspects of the case were difficult for the attorneys and it caused them to slow their speech as they tried to articulate their questions. This trip was particularly memorable to me as I was able to visit my father’s brother who still lives in the very house my dad was born in!

What do you enjoy most about working at Capsicum?

Every client poses a unique set of circumstances and we are continuously challenged to think “outside of the box” using technology to find solutions to satisfy our client’s specific needs. What I find rewarding is being able to meet and at times even exceed our client’s expectations so they can accomplish their ultimate goal – winning cases. Capsicum is able to approach all our engagements with personnel that have either a strong technology background or law enforcement background.

Back to Top

Defending Corporations & Individuals In Government Investigations Book Review

After reading Dan Fetterman’s book, Defending Corporations and Individuals in Government Investigations, I truly believe this is the book that every white-collar lawyer should own. It captures each element of the practice in a comprehensive and accessible way. Additionally, this book may be the only resource that not only explains the nuts and bolts of defending white collar cases, but also emphasizes the importance of the lawyer’s judgment at every turn, explaining when and why choices must be made and the effects of those choices. This book is a major contribution to the field and is sure to become a staple of the profession.

~Dan Gitner, former federal prosecutor and white collar criminal defense lawyer

“This timely compilation of guidance from highly experienced and talented practitioners is an invaluable resource that will serve the white-collar bar and others well in preparing their clients . . . . “

~New York Law Journal, Oct. 12, 2011.

Back to Top