Big Data, Cyber, Security, Intelligence, Analytics and eDiscovery at Guidance Software’s CEIC

If my article’s title looks like a general counsel’s master to-do list, that is no accident. The key topics at Guidance Software’s CEIC 2013 (Computer and Enterprise Investigations Conference) were exactly those which sit – or which should sit – at the top of the list of any IT-aware general counsel in the world. And the world came – 1500 delegates from 44 countries came to Orlando in May for four days of wide-ranging education, training and information exchange.  CEIC attracted 51 sponsors and offered 2000 seat / hours of sessions ranging from hands-on EnCase certification to broader topics which transcend national boundaries.  Canada, the UK and the Netherlands all sent strong contingents;  perhaps the most interesting straw in the wind was the number of delegates from South American countries.

CEIC2The shared problem is what CEO Victor Limongelli called in his keynote speech the “grotesque amount of data” faced by companies everywhere.  If half the problem lies in giving discovery of it, the other half lives in preventing intruders from discovering it for themselves. If this seemed a big problem in May, what does it look like in the light of the revelations about data security and intrusion which have broken surface since then?

You see what I did there? I have justified being six weeks late in writing about an important conference by reference to events in the interim which emphasise the significance of the conference’s subject matter.  In fact, as always, I disdain such justification, particularly at a time of year when I spend more time in hotels and aeroplanes than I do at my desk.  Conferences provide my input, and the output can wait – the subjects do not diminish with time.

I did a brief introductory post on my arrival at the venue. Its title, Every angle covered at CEIC 2013 in Orlando anticipated that CEIC would provide a comprehensive survey of the key topics.  CEIC felt cramped at its past home in Orlando; it will take a while before it outgrows the Rosen Shingle Creek – it felt like a substantial commute from my room to the conference area.

EnCase Analytics

We got some idea of the scale at Victor Limongelli’s opening keynote speech – the scale of the data problems, that is, as well as the scale of the venue. We are used to the expression “Big Data” being applied to the information which a company accumulates and must manage. The expression “Big Data” implies velocity and variety as well as mere volume and nothing moves faster or comes in more various forms than cyber threats; we have now reached a point where Big Data solutions are needed for identifying and dealing with intrusions and other attacks from outside the enterprise.  Guidance Software’s solution is EnCase Analytics, used to acquire information from enterprise-wide endpoints by the use of Big Data analytics.  EnCase Analytics is described in detail here.

ceic01

eDiscovery – Technology-Assisted Review

The focus on cybersecurity did not diminish the attention paid to eDiscovery – or, at least, there was enough about eDiscovery for me. The session which I found most interesting was one on predictive coding / technology-assisted review given by David Cohen of Reed Smith and David Horrigan of 451 Research, and introduced by Bryant Bell of Guidance Software.  They began by looking at some predictive coding myths. Myth 1 was the idea that technology-assisted review means the end of lawyers; all systems, David Cohen said, need some kind of input from lawyers who, if the system is working well, can get through many more documents  and use their time for more productive things than document review. Myth 2 was that predictive coding is “too expensive”, an assertion which usually seems to ignore the lawyer hours which can be saved by the substantial reductions in volumes which predictive coding can give. David Cohen gave us some numbers based on his firm’s use of Equivio Relevance – $.03 per document compared with the $1 or more which many firms charge. One can see, perhaps, why firms less confident than Reed Smith might close their eyes to the advantages of using this kind of technology and, at the same time, see why so many companies are instructing Reed Smith for eDiscovery.

It is, of course, important to know what the cost per document comes out at because, as David Cohen put it, “if you are not saving money, it is not worth doing”. As England and Wales adjusts to the idea of costs estimates and budgets for eDisclosure, lawyers are going to have to get used to making calculations like this.

ceic4David Cohen, David Horrigan, Bryant Bell

David Horrigan took us on a brief canter through the cases and through the arguments which have emerged for and against the use of predictive coding. If I were to extract one line from my copious notes, it would be the one which  emphasises that nearly all RFPs include the question whether the provider offers predictive coding. One senses (this is my conclusion rather than David Horrigan’s) firstly that more use is being made of computer-assisted technology than anyone is admitting and secondly that there is a dam about to burst as clients and courts, if not necessarily the law firm, see the potential for enormous costs savings.

Judicial Panel

There was, as always at CEIC, a judicial panel. This year’s participants were Judges Vanessa D. Gilmore, (U.S. District Court, S.D. Tex. – Houston Division), David Waxse (U.S. District Court, Kansas), and Karla Spaulding (U.S. District Court, M.D. Fla.).

If I was sorry in advance to have to miss this, I was even more so when I heard how good it had been.  I will save my time and yours by referring you to an article called Leading Judges Speak on TAR and Digital Information in Criminal Prosecutions by Daniel Lim of Guidance Software, who moderated the panel, and one called Judicial Perspectives on E-Discovery at CEIC by Sean Doherty of Law Technology News, both of whose reports are succinct enough to need no summary from me.

Cross-Border eDiscovery

I took part in two panels. The first was on cross-border discovery, in the company of Patrick Burke, formerly Assistant General Counsel at Guidance Software and now at Reed Smith, and Dominic Jaar of KPMG Canada.  We have been doing this panel at CEIC for several years now and seen audiences move on from the blank incomprehension (not to say disbelief) which we used to see at the idea that other countries might scorn the order of an American court on grounds of its unqualified breadth even before one gets to questions of privacy and data protection.

ceic5Chris Dale, Patrick Burke, Dominic Jaar

It is difficult to know where to pitch these cross-border sessions – I did one late last year in the US at which we elected to aim high and assume a certain level of  audience knowledge – an assumption which was quickly confounded by audience questions which showed that there is still much to convey about basic things. The CEIC audience, many of whom are repeat visitors to this panel, have moved beyond this, and we will perhaps take a higher starting point next year. By then we will know the fate of the proposed new EU Data Privacy Regulation which is presently mired in disputes between the EU Commission and Parliament, between different interest groups, and between nations.

The NSA and PRISM revelations were yet to burst upon us, something which has impact on cross-border discovery as well as on CEIC’s dominant cyber security theme. As I write this, we are learning that France and Germany, those staunch defenders of the rights to privacy, are covertly running their own equivalents of PRISM, something which undermines the moral, if not the legal, justification for whining too much about US incursions.

Information Management and eDiscovery Process

My other panel, whose theme was Effective Information Management and eDiscovery Process, was done in tandem with the authoritative Scott Carlson of Seyfarth Shaw (yes, I am extremely lucky in my co-panellists at these events) and moderated by Chad McManamy, Assistant General Counsel at Guidance Software. There is risk, as well as value, in the vast amounts of data created and kept by companies, and this risk goes beyond the extravagant costs of managing it all for eDiscovery purposes. Legal and IT have different priorities, but records management, privacy, security and eDiscovery implications should be the concern of both of them. Many companies see these simply as problems to be dealt with as they arise. It makes much more sense, in terms of risk as well as cost, to take the problem back to its source, devising (and acting on) policies which address the issues which every company, of whatever size, is going to face.

Conclusion

ceic3As always at CEIC, there was something for everyone. It is always an extremely social event  with parties, dinners and endless opportunities for random meetings in amongst the hard work. I came away, as I always do, better informed not only about the problems but about the solutions which companies like Guidance Software are constantly developing to meet those problems.

I must record my thanks to Guidance Software for the invitation, the opportunities to speak and for the generous hospitality.

There are some photographs of CEIC and of some of the people and panels mentioned above here.

Home

About Chris Dale

I have been an English solicitor since 1980. I run the e-Disclosure Information Project which collects and comments on information about electronic disclosure / eDiscovery and related subjects in the UK, the US, AsiaPac and elsewhere
This entry was posted in Discovery, eDisclosure, eDiscovery, Electronic disclosure, Guidance Software and tagged , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s