MARCHMADNESS:EMERGINGLEGALISSUESANDTRENDS

Session 3: 11:40-12:40 Presented by FTI Consulting

Title:

Data Theft: Do's and Don'ts

Speakers: Jason Ray

Managing Director - Technology Solutions FTI Consulting

March Madness 2018

DataTheft“DosandDon’ts”

1

Jason Ray, Managing Director

Introductions

2

FTIConsulting§  4,000+professionalsaroundtheworldandover400eDiscovery

&ComputerForensicsprofessionals§  FTI’sTechnologySegmentfocusesoneDiscovery&Computer

Forensics§  PubliclytradedontheNYSE:FCN

JasonRay§  ManagingDirectorofFTI’sWestCoastTechnologyPractice§  11yearswithFTIand36yearsinDiscoveryServices

The Difference between Theory and Practice

3

In theory, there is no difference between

theory and practice.

In practice, there IS.

4

TopicsCoveredToday

DefiningTradeSecrets1

Lawsgoverningtheftoftradesecrets2

Do’sandDon’ts3

ProactiveandReactiveOptions4

ECONOMIC ESPIONAGE ACT

The Economic Espionage Act defines a “trade secret” as having the following elements:

1.  It must be information;

2.  That is not generally known;

3.  From which the owner derives economic value from its secrecy; and

4.  Where the owner made reasonable efforts to maintain its secrecy.

18 U.S.C. § 1839.

DefinitionofaTradeSecret

UNIVERSAL TRADE SECRET ACT "Trade secret" means information, including a formula, pattern, compilation, program, device, method, technique, or process, that: (i)  derives independent economic value,

actual or potential, from not being generally known to, and not being readily ascertainable by proper means by, other persons who can obtain economic value from its disclosure or use, and

(ii)  is the subject of efforts that are reasonable under the circumstances to maintain its secrecy.

6

CivilTradeSecretTheftLaws

§  UntilMay2016,tradesecrettheftwashandledprimarilybystatelawso  MostadoptedsomeversionoftheUniformTradeSecretsAct

§  DefendTradeSecretsActof2016wassignedonMay11o  Federalandstatelawswillco-existlikeanti-discriminationlaws

o  Claimscannowbefiledinfederalcourtandseekremediessuchasaseizureordertorecoverstolentradesecrets(alsodamagesasaresultofwrongfulseizure)

o  Damagesforactuallossanddamagesforunjustenrichment

o  Insteadofdamages,areasonableroyaltyfortheunauthorizeduseordisclosure

o  Exemplarydamagesforwillfulormaliciousmisappropriation

o  SimilartotheUTSA,attorneys’feesforbadfaithmisappropriations

o  Injunctiverelief,orwhereaninjunctionwouldbeinequitable,paymentofareasonableroyalty.

§  TheDOJprincipallyrelieson2criminalstatutesininvestigatingandprosecutingtheftoftradesecretso  EconomicEspionageAct(EEA)-18USC§§1831-39

o  ComputerFraudandAbuseAct(CFAA)–18USC§1030

7

CriminalTradeSecretTheftLaws

TheDOJprincipallyrelieson2criminalstatutesininvestigatingandprosecutingtheftoftradesecrets:

§  EconomicEspionageAct(EEA)-18USC§§1831-39

§  ComputerFraudandAbuseAct(CFAA)–18USC§1030

§  Whoeverintentionallyaccessesacomputerwithoutauthorizationorexceedsauthorizedaccess,andtherebyobtains—

§  (A)informationcontainedinafinancialrecordofafinancialinstitution,orofacardissuerasdefinedinsection1602(n)oftitle15,orcontainedinafileofaconsumerreportingagencyonaconsumer,assuchtermsaredefinedintheFairCreditReportingAct;

§  (B)informationfromanydepartmentoragencyoftheUnitedStates;or

§  (C)informationfromanyprotectedcomputer;

8

IssuesforCorporations&LawFirms

Non-networkbreach

Whatistheleadingcauseofdatabreaches?

IssuesforCorporations&LawFirms

9

NetworkHacking/MaliciousBreachOR

Non-NetworkBreach?

69%

31%NetworkHackingorMaliciousBreach

•  TradesecrettheftscostU.S.businessesmorethan$250billionperyear

•  60percentofcompaniespolledreportedtheyhadexperiencedattemptstostealtheirproprietaryinformation.

•  Thenumberoftheftsisincreasinggeometrically–projectedtobeup5,000%withinthenextdecade.

•  Employeestakethedatatheyknow,workwithandoftenfeelentitledtoit.75%ofinternaltheftsareofmaterialtheywereauthorizedtoaccess.

•  65%oftheseemployeeshadalreadyacceptedpositionswithacompetingcompanyorstartedtheirowncompanyatthetimeofthetheft.

•  IPstolenbyinsidersincludes:

•  52%tradesecrets•  36%proprietarybusinessinformation(billing,plans,pricelists,etc..)•  34%%sourcecodeorproprietarysoftware•  12%customerinformation

Statistics

How people “took data” then …

11

… and now

12

… anywhere and everywhere

13

14

ChangesintheDataLandscape

15

HowIPcanslipthroughthecracks

§  Tremendousamountofinformationcanslipthroughverysmallcracks(e.g.MicroSDcardsthesizeofafingernail)

§  MicroSDcardscanhold512GBofdatainthesizeofafingernail.

–  That’sequivalentto6.6billionpagesofpaperorover80,000treesworthofpaper.

-  Cardscanbefoundinphones,tablets,cameras,etc..

16

HowIPcanslipthroughthecracks

WorldWideWeb§  Email§  FTP§  CloudStorage§  Apps§  Copy&Paste

Hackers Lost/StolenLaptops,Tablets,orPhones

Vendors

TheDumpster

Do’sandDon’ts

17

18

Do’sandDon’ts

§  Tradesecretscanbestolenthroughanyofthedeviceswehavediscussed–andmore.

§  Thatdoesn’tmeanweshouldn’tembracetechnologyinourjobs.

§  HowcanweprotectourIPwhileenablingemployeestowork?

19

Do’sandDon’tsDo Don’t Give employees the tools they need to do their jobs

Tell them they can’t use a particular type of technology without providing an alternative

Opt for corporate versions of technology (e.g. Box for business, encrypted thumb drives)

Allow unfettered access to file sharing tools

Provide hardware to facilitate work and track it/get it back when an employee leaves

Let an employee walk off with your hardware when they are terminated

Consider secure options of common technology (e.g. encryption on photocopiers and external devices, instant messaging, mobile device communication, etc..)

Let employees pick their own security settings on devices

Let employees know that you monitor activity and DO SO

Buy expensive monitoring technology and then not review the reports

20

Theimportanceofpoliciesandmonitoring

§  OneclientallowsBYODbutemployeesmustsignawaiverfirstthatallowsthecompanyaccesstothedeviceatanytimetocomplywithlegalandregulatoryrequest

§  AnotherclientmonitorsUSBdeviceactivityviaDLP(DataLossPrevention)software

§  Inoneinstance,aclientinstalledsoftwaretotakescreenshotsofcertainactionsonacomputer

ProactiveandReactiveOptions

21

22

ProactiveActions

23

ProtectingCriticalIP…

Fromemployees

§  DisablingUSB,DVD,anduncontrolledcloudstorage.

§  Monitoringemployeeactions

§  ImplementingeffectiveITpoliciesandenforcingthem

§  Informingemployeesofpoliciesandprocedures

§  EmployeeMonitoringsystems

24

ProtectingCriticalIP…

Fromoutsiders

§  Firewalls/proxies

§  Encryption/Goodinformationgovernancepolicies

§  MDM/DLP/MonitoringTechnology

§  Penetrationtesting

§  RegularImplementationofsecuritypatchesandupdates

§  Developaproactiveplan/responseteam

ProactiveToolstoConsider

MDM DLP Monitoring

26

ReactiveInvestigations–KeyPoints

§  Preservequickly–andcompletely

§  Everydetailwillbeexamined

§  Everydiscrepancywillbeattacked

§  Thingschangeconstantlyasnewknowledgeisgained

§  PlansmustincludeinvestigationANDremediation

§  Timelinesareextremelyaggressive

§  Carefullyconsiderlawenforcementinvolvement

27

CommonArtifacts–PersonalComputers

§  Devicesconnected–USBandRemovable

§  Linkfiles–filesaccessed§  Jumplists–recentfilesshownwhenrightclickingappsinWindows7andbeyond

§  MRU–Mostlyrecentlyused

§  Systemregistry

§  Unallocatedspace

28

CommonArtifacts–InternetHistory

§  Reportonwebsitesvisitedo URLo Dateo Namesofpage

§  Visualrepresentationofwhatwebsitelookedlike§  Cachedwebmail(fragmentsorSQLitedatabase)

§  GoogleMapsearches

§  Cloudstorageusage§  Dating/Gaming/Pornography

29

CommonArtifacts–MobileDevices

§  Email/Webmail

§  IM/Skypelogs/GChatfragments

§  BackupsofcellphonesonharddrivesandiCloudcontaintextmessages

§  Textmessages,iChat,Skype,WhatsApp,Kik,etc..

§  Recordsfromcarrierinlieuofphoneitself

§  SocialMediaApplications

30

TheValueofanInvestigativeTeam

Computer forensics • Who did what when on a computer • Massive source of information

Human intelligence • Invaluable when your most sensitive information is missing

Web investigations • Tracing IP addresses • Social Media

Background investigations • Fills in the gaps between computer forensics and human intelligence • E.G. what kind of car does the subject drive

Questions

31

§  JasonRay,ManagingDirectorjason.ray@fticonsulting.com971.563.4196

ContactInformation

32

NOTES

________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________