Cyber Security Industry Alliance Newsletter •  Volume 2, Number 10  • June 2006

CSIA Member Spotlight

About Surety, LLC

Name:  Surety, LLC

President & CEO: Tom Klaff

Headquarters: Herndon, Virginia

Ownership: Privately held

About Surety, LLC:  Surety is an IT security software and services company founded in 1994 by two prominent Bellcore scientists who pioneered the concept of trusted digital time-stamping. Today, Surety is recognized as a global leader in the Trusted Time-stamp industry. The Company’s flagship product, AbsoluteProof® enables businesses and government agencies to mitigate their legal and regulatory risk when managing electronic records by providing verifiable evidence of data integrity and authenticity.

Surety’s AbsoluteProof service is already being leveraged by Electronic Content Management (ECM) and Electronic Lab Notebook (ELN) market leaders such as OpenText, FileNet, Symyx, KineMatik and ECM to ensure that electronic records produced by their customers remain authentic and legally verifiable; NTT Data one of Japan’s largest companies has integrated AbsoluteProof into its suite of services to round out its security offerings for its customers; and AbsoluteProof helps Surety’s client organizations realize the efficiencies of completely digitizing their business process, and it gives their managers the peace-of-mind they need to confidentially attest to the content and time integrity of their electronic records – independent of their own people, processes and systems.

For more information, please visit www.surety.com/.

 

An Ounce of Proof is Worth a Pound of Discovery: Are You Litigation Ready

On July 24, 2003, Vee Vinhnee, a California entrepreneur filed for chapter 7 bankruptcy in the U.S. Bankruptcy Court in Central California. He owed American Express over $40,000 on his two credit cards: one, an American Express Gold card issued in 1989; and the other, an American Express Platinum card issued in February of 2003. Subsequently, American Express sued Mr. Vinhnee to get him to pay the balances owed on the cards. In American Express Travel Related Services Company, Inc. vs. Vinhnee, Vee Vinhnee won his case without even attending the trial.

  

The court refused to admit [electronic] evidence because American Express failed to defend the processes, people and technology used to preserve and authenticate the electronic bills in question, nor could it adequately disprove that its business records could have been altered from the time they were generated until the time of the trial…

The court stipulated that regardless of whether Mr. Vinhnee attended the trial, the burden of proof remained with American Express to adduce evidence to prove its case. American Express’ sole evidentiary records, supporting its case, were the electronic monthly statements it issued to the debtor.

The court refused to admit this evidence because American Express failed to defend the processes, people and technology used to preserve and authenticate the electronic bills in question, nor could it adequately disprove that its business records could have been altered from the time they were generated until the time of the trial.

As referenced in the court order of this case, "this ever-expanding complexity of the cyberworld has prompted the authors of the current version of the Manual for Complex Litigation to note that a judge should 'consider the accuracy and reliability of computerized evidence' and that a 'proponent of computerized evidence has the burden of laying a proper foundation by establishing its accuracy'".

What is the lesson here? Well, in the face of a legal dispute, your business records are the first things subpoenaed by opposing counsel, and the burden of proof is on you to prove that they are legally credible. Under the Federal Rules of Evidence, your electronic business records are equally admissible and may have the same weight and credibility as your paper records, in the eyes of the justice system.

Can you withstand a data integrity challenge? Are you "litigation ready?" If you are, then you:

  1. Have the right people in place to manage your electronic record management systems;

  2. Have conceived, implemented and documented the right processes to ensure that your electronic records are classified, managed and preserved properly with the highest levels of security; and

  3. Have adopted the right technology and systems to capture, secure, manage and archive your electronic records.

Practicing litigation readiness will enable you to defend a seemingly innocuous record generated today, like an email or a CAD drawing, that at some point in the future, may be your last, and only, line of defense to preserve your company’s shareholder value in the throes of a legal dispute.

Litigation readiness could be your only line of defense in a legal dispute…

  

The key to rolling out a litigation readiness initiative is to make a full commitment to the process. I remember back in the "dot-com" days when brick-and-mortar companies would invest huge sums of money to develop the glitziest websites, only to have their electronic customer inquiries sent into huge "black holes". The commitment to adopt new technology and innovative marketing practices, though noble, was woefully inadequate without staffing the right people and installing the right processes to respond to the eventual floodgate of customer inquiries. The end result was a tarnished reputation for customer service even though the opposite may be true in the brick-and-mortar environment.

Fear, uncertainty and doubt prompt paralytic thinking and stifle innovation needlessly, especially if there are readily available safeguards. Without them, yes, of course, we all could be the next American Express… with far more to lose than just a $40,000 IOU. The investment costs in both electronic record management and litigation readiness are rounding errors compared to staying with paper…or sticking your big toe in the water.