VideoVermont Microsystems was a comer in the software business. It made a hot add-on to a popular computer-aided design (CAD) program. But after one of its key employees left to join the maker of the CAD software, it found its fortunes sinking. Many of the performance improvements its product added to the CAD program suddenly appeared in new versions of the competitor's software.
The officers at the Winooski, Vermont company began to suspect the former employee was also a cad.
The question was, how to prove it? Before he left the company, the employee had "wiped" the files on his hard disk. That is, he had destroyed certain proprietary information he'd had access to while at the company.
But the worker forgot one thing. Although he deleted all the data in the files, he left behind traces of the directory structure--the names of the files and other structural information about them. By comparing the directory structures from the former employee's old computers with the directories on his computer at his new job (via a court order), Vermont Microsystems obtained weighty evidence that the person had stolen proprietary information. "That was a key factor in convincing the trial court that he had taken our stuff," says company president Peter Reed.
The detective work done at Vermont Microsystems is characteristic of a new discipline called computer forensics--a discipline that's fast becoming a cottage industry. Since Vermont Microsystems knew a thing or two about computers, it did most of the forensic work on its own. But to date, more than a dozen computer forensic specialists have set up shop across the country (see sidebar, page 88). Equipped with just a description of the hardware and software in use, these cybersnoops can help a client determine whether certain information exists, and, if it does, where it might be located. Not surprisingly, such data detectives are fast becoming the new best friends of litigants looking for evidence in cases ranging from theft of trade secrets to software piracy to discrimination based on age, sex, or race.
"Computer data provides a strategic weapon for litigators that they never had before," says Tom Galligan, president of two-year-old Electronic Evidence Recovery, in Middletown, Rhode Island, who has seen revenues jump 300 percent in the past year.
Before the lawyers are called in, however, a computer forensics expert can be a company's greatest ally--by ensuring that its information house is in order. "Each disaster awaiting corporations unprepared to deal with electronic data discovery is an opportunity for those who do prepare themselves," write John H. Jessen and Kenneth R. Shear, both of Seattle-based Electronic Evidence Discovery, in a recent article for the American Corporate Counsel Association. "Given current trends, it is only a matter of time until the discovery of electronic data in litigation becomes the primary type of discovery. In the transition period, those who are ahead of the game will reap substantial benefits; those who are unprepared will pay. And pay. And pay."
OUT OF CONTROL
The need for data recovery expertise, contends Galligan, is a direct result of a growing loss of control over business information. Sensitive data that was once kept secure in fortress mainframes is now on hard disks and tapes in every far-flung corner of an organization. Companies, he adds, often don't know what information is accessible for viewing and by whom. "When I go onsite to retrieve data, I have a field day," he says. "Companies are astonished when they appear in court and see what I've recovered."
No one is more surprised than the company leadership, agrees Joan Feldman, president of Computer Forensics Inc., a provider of electronic discovery and risk control, in Seattle. "[Company executives] are usually at arm's length from their own data--it's on an administrative assistant's machine or down the hall in data services," she says. They are even more surprised to find that "just as Oliver North discovered, when you hit the delete button on your computer, it doesn't really delete the data on it," says Peter Lacouture, a partner with the law firm of Peabody & Brown, in Providence.
The problem has only been exacerbated by the rise of virtual offices and telecommuting. All types of information, including illegal courses of action, have been uncovered on laptops and home computers, says Feldman. "We usually ask to see those computers, too," she explains. "They're generally full of information because most executives don't take the time to prune those systems."
In addition, the explosive growth of E-mail has provided fertile ground for data detectives. "E-mail is very important in litigation cases," Lacouture says, "because people have a tendency to put things in E-mail that they would not write in a memo on their company letterhead." E-mail, he says, is particularly important in discrimination and sexual harassment cases. "People think they can use E-mail and no one will ever see it. That's not true."
PREVENTIVE MEASURES
Guarding against the abuse of sensitive information, say experts, requires the development of an electronic evidence management plan that will prepare companies for reviewing, evaluating, and retrieving electronic data. And the core of any data management plan is a data retention policy.
Reader Comments» Post a comment