As a result of the vulnerabilities posed by computer security breaches that can compromise entire systems at a large company or law firm, more private investigators have established an expertise in that area.
In many cases that end up in court, private investigators also serve as expert witnesses given their growing reputations in the field.
Expertise in cyber attacks has also become a focus at many large accounting firms in order to assist their clients with the preservation of financial information that could be subject to an attack. Many hacking cases result in malware that releases a virus throughout the computer system that can destroy all information once the perpetrators have found what they were looking for.
Over the past year, several law firms in the province have been subjected to cyber attacks, a situation that has prompted lawyers who practise in the field of Internet law to compile a list of leading computer private investigation specialists in the event they have a client who has been a victim of hacking.
Stuart Svonkin, a partner at Torys LLP in Toronto who practises corporate and commercial law with a focus on Internet and e-commerce issues, has seen computer forensic issues arise in various ways in his work.
Some of the cases he’s aware of involve alleged theft or misuse of electronic information. In those types of cases, private investigators or others with forensic computing expertise often testify as expert witnesses.
“There are other cases in which the dispute is not about computers or electronic information but where you need to understand what happened with an e-mail or some other information on a party’s computer system,” he says. “In those types of cases, you may need a computer forensic expert to help you and the client understand the evidence and what it means.”
The increased need for expertise is simply a reflection of today’s business realities. “Given the proliferation of computers in all aspects of life, many cases involve electronic information,” says Svonkin. “In those cases, that information may need to be analyzed or interpreted by an expert who can assist both the lawyers and the court in understanding that information.”
Svonkin has represented businesses in court cases where former employees have taken and misused information from the company. “Usually, it’s fair to say that both sides have evidence but it’s critical that the evidence comes from those who are the experts in the field of computers with credentials in their particular expertise and [with details of] how they can be of assistance to lawyers when they need to understand what the evidence is and what it means,” he says.
Jerrard Gaertner of the accounting firm Soberman LLP agrees that cyber crime is becoming more frequent as the world becomes more interconnected. He has worked with law firms to assist with computer security reviews and has many corporate clients as well.
“Industrial espionage and computer fraud represent greater revenue for organized crime,” says Gaertner, who also heads Soberman’s technology assurance wing. “That’s why it’s necessary that companies have proper governance and procedures to deal with ways to identify information on their systems that need to be protected.”
He emphasizes that controls and an advanced security system need to be put in place at all commercial workplaces to protect data stored on the computers from any type of breach, both in-house and from outside, and there should be regular briefings to all employees about how to ensure an e-mail containing an attachment is safe to open.
“This year has seen the highest number of breaches on record, so this certainly should be a lesson for everyone who could be vulnerable to an attack on their computer system,” Gaertner says.
According to Ainsley Vaculik, a private investigator with Froese Forensic Partners Ltd., more private investigation companies have established computer expertise due to clients’ growing needs.
At the same time, firms don’t want to have to outsource their investigative work for commercial clients to a computer specialist due to privacy concerns.
“Some PI firms have established expertise in computer forensics so they can provide a thorough investigation in-house where all of the information they come across is protected,” Vaculik says. “We can retrieve a hard drive and determine whether it has been compromised and, if so, how so and to what extent any information has been affected.”
Vaculik adds it’s particularly useful to have one expert source in the event a case goes to court. “It’s important to have continuity of evidence if a case goes to court [with an investigator] who can explain what happened,” she says. “Then, there will be a positive outcome for the party that has experienced a breach and [they’ll] have the case resolved.”
Also key to the process of dealing with digital information is the collection and preservation of the evidence, says Francis Graf, director of digital forensic services at ESI Specialists Inc. That’s because the temptation in many cases, especially at the beginning of the electronic discovery process, is to simply drag and drop the relevant files and save them onto a CD without considering how doing so could affect things like the last-access or creation dates.
“You may have altered them by virtue of the way you’ve collected them,” says Graf.
As a result, the information may not be usable in court. “It’s kind of the foundation that everything else is built on,” he says of the collection and preservation aspects.
At the same time, while private investigation firms are doing more work in this area, Graf notes many matters often don’t end up going to court or even involve police in the first place.
While companies facing a data breach may have to inform their customers as well as the relevant regulator, many of them prefer to handle the issues internally without taking the added step of going to court, he says.
— With files from Glenn Kauth