Ross Graber Consulting

There’s an emerging debate between computer forensic technicians and private investigators.

The question is what constitutes an expert witness, and what evidence is admissible in court. State PI associations are lobbying to require a PI license to perform computer forensics for hire, and thus to present in court. Others argue that a forensic technician is no different than a forensic accountant, or forensic anthropologist; they are lab technicians and do not lead the investigation.

Legislation has been floated in South Carolina and other states.

Who owns the data associated with a user’s account within an online service?

The answer isn’t simple. For example, email has a different status than an address book. In the case of a social network derived from an address book, the social graph is viewed by the business as a compilation of data with a unique arrangement, and therefore copyrightable.

However, many consumers don’t understand or fully agree with this data grab. Facebook was at the center of a recent scandal. A user wrote a script to pull our his social graph information. A FB script noticed the TOS violation and banned him. However, consumer groups are forming lobbying groups to advocate for more user rights in “data portability“.

There are startups developing “Social Network Aggregators”, and those were recently proposed as the 2008 killer app. The Open vs Closed debate will continue moving to center stage this year.

The spammers come to Facebook; there’s a highly viral applet that utilizes social engineering to spread spyware. My 2008 prediction: 20+ hot girls a day asking to be our “friend” on FB as with MySpace (to spread spam). A new social network emerges with a limited audience and the trendsetters start to abandon FB. Wash, Rinse, Repeat.

This post is an ongoing collection of articles, surveys, and research about computer forensics.

Surveys & Research:

• The US Secret Service published a best practice guide on seizing electronic evidence.

This post is an ongoing collection of articles, surveys, and research about data governance and privacy.

General references:

• The EFF has a page that gives a status update on pending legislation and court cases related to privacy rights.

Specific references:

• Privacy Rights Clearinghouse has a chronology that documents data breaches since 2005. The grand total - 216 Million records in the USA from 2005 to present. A number of these are organizations that sell information security products and/or services and have failed to “eat their own dog-food”.
• MySpace suffered a security breach recently that allowed hackers to download a massive amount of private photos. Those have recently showed up on BitTorrent.

This post is an ongoing collection of articles, surveys, and research about electronic voting.

General, non-partisan references:

• The National Campaign for Fair Elections also covers the electronic voting issue.
• The EFF has a great page dedicated to the subject.
• The New York Times Magazine has a great summary article.

General, partisan references:

• Bev Harris of Blackboxvoting.org is the authority on the challenges surrounding electronic voting.

Specific references by recognized, non-partisan experts:

• The Ohio Secretary of State recently issued the EVEREST report which also found numerous critical flaws in electronic voting systems.
• The California Secretary of State sponsored a “top to bottom” review of electronic voting and decided to decertify several models.
• The Colorado Secretary of state followed suit and decertified the voting machines on 12/18/07.
• One of the most respected security experts, Bruce Schneier, posted an insightful article about electronic voting.
• An AP article documenting the conviction of election workers for rigging the 2004 Ohio recount.

Specific, partisan references:

I don’t endorse the conclusions reached by the materials below, though I do find the information to be thought provoking. While the impact of the systematic weaknesses in voting systems is hotly debated and quickly devolves into conspiracy theories, the fact that they are inexcusably weak is not contested.

• Youtube has a controversial video of a programmer giving testimony that he designed a program to “fix” elections.
• The Washington Post summarized a controversial book by Professor Steve Freeman that compares the security and regulation over slot machines to electronic voting systems.
• Rolling Stone Magazine published two articles by Robert F. Kennedy Jr. about electronic voting.

This post is an ongoing collection of articles, surveys, and research about IT General Controls.

• The Royal Bank of Canada suffered major downtime due to a failed upgrade of their computer systems in 2004.

This post is an ongoing collection of articles, surveys, and research about mortgage fraud and the credit bubble.

General References:

• Rachel Dollar’s and the Prieston Group’s blogs focus on mortgage fraud.
• John Maudlin publishes my favorite investing and economic analysis newsletter. He’s had some great discussion of the credit bubble, sub-prime crisis, and mortgage fraud.
• Efinancedirectory.com has a great segment on the housing bubble. I’ve been reading them for several years. They liberally quote from credible sources such as Credit-Suisse.
• Patrick.net is a great resource for housing information specific to the Bay Area, CA.

Specific References:

• Read about mortgage fraud in Miami condos.
• The BBC has a great article with graphical explanations of the subprime mess.
• The FBI’s most recent mortgage fraud report was issued in 2006. There’s a shorter article specific to mortgage fraud updated on 5/2007.
• Countrywide underwriters sued by NY pension funds for mortage fraud.
• FBI opens investigation into 14 banks related to possible mortgage and securities fraud.

This post is an ongoing collection of articles, surveys, and research about the cybercrime economy.

Surveys & Research:

• The FBI’s most recent cybercrime report was issued in 2006.
• The US Secret Service published two reports on cybercrime.

Articles:

• ZDnet UK has a survey article on the state of the “cybercrime economy”.
• Niall Kennedy’s blog has a lengthy case study of the how and why behind link baiting.
• Washington Post covers online money laundering.

This post is an ongoing collection of articles about identity theft.

General References:

• Privacy Rights Clearinghouse has an identity theft page with lots of content.

Specific References:

• FaceBook source code was leaked during summer 07.
• A judge was defamed by a fake MySpace profile.
• According to this MSNBC article, 3% of US households suffer identity theft.
• Identity theft is often close to home.
• The FBI’s most recent identity theft report was issued in 2006.
• Fly by night trend followers are piling into the identity theft protection market. They are making bold claims that don’t live up to scrutiny. Eat your own dogfood?
• Top Gear host ridicules the identity theft threat and gets stung.