A false positive is a result which appears to show that a particular condition or attribute is present when it is not. We have just passed the anniversary of what was potentially the worst false positive in history when, on 26 September 1983, the Soviet Union’s nuclear early-warning radar appeared to show five missiles being launched from the US. Stanislav Petrov of the Soviet Air Defence Forces suspected that the alarms were false, and waited for corroboration from other sources. His caution probably averted all-out nuclear war.
Nothing can match that as a warning that one should be cautious about acting on apparently positive results. The downsides to false positives are obvious – the report may be true after all, the opportunity to counter it may be lost, and much time and money is spent ploughing through the false information in order to focus on the things which actually matter.
In the “old” days, the purpose of discovery tools was to find relevant material retrospectively, often years after the event. Even then (and even before technology waded into the fight), there was a serious difficulty with false positives – material which might be relevant but which, on inspection, was found to have no bearing on the issues. That inspection was always time-consuming – necessary in order to show that you had done your job properly, but a waste of resources in retrospect. The implications may not be as serious as those facing Petrov, but they are vital to organisations whose obligations require a focus on what actually matters.
Relativity Trace is Relativity’s communication monitoring software, designed to identify insider trading, collusion, and similar behaviour, and allow organisations to act on it before it is too late. “too late”in this context has many implications: the organisation may be put in breach of some regulatory requirement; it may risk criminal punishment; cybersecurity attacks must be identified and dealt with now; organisations might face contractual or other civil difficulties; there may be internal problems such as employees behaving badly to each other. It is not just a matter of catching bad conduct – the absence of a system for identifying wrongdoing may itself open the door to claims against the organisation. The days are gone when one could handle these things at relative leisure in retrospect.
Surveillance tools like Relativity Trace must accelerate the long-developed processes for identifying false positives. There is no time to review irrelevant alerts when bad actors, within or outside an organisation, are moving now. There is no time to flag them for further review in due course, as was the standard discovery practice in the leisurely days (as they now appear) of the past.
Jordan Domash, General Manager of Relativity Trace, puts it like this:
Surveillance teams are overwhelmed by the number of false positives that their legacy surveillance system generates. “This leads to hours of time stripped away from pinpointing risk and misconduct that actually matter because time is allocated to reviewing content that should never have been alerted on in the first place.
The process is called “data cleansing” and has two main elements. One is the identification of duplicates, including old email content which is repeated in later messages. This itself is not new – Relativity has been managing this for ten years, and most modern systems have some means of ensuring that duplicated content is not reviewed twice. The enhancement lies in the fact that Relativity Trace does it while it is current data, minimising the alerts triggered by content which has already been already been dealt with.
The other element involves speedy reduction of email material by identifying content which was not written by the sender, such as email headers, signatures and those tiresome disclaimers which are now part of almost every email. Between them, these functions fulfil the need identified by Jordan Domash to allow focus only on the content which might trigger relevant alerts, and to do so quickly.