Post Process

Everything to do with E-discovery & ESI

Archive for June 18th, 2008

Computer Forensics Vindicates Man Fired for Possessing Child Pornography

Posted by rjbiii on June 18, 2008

A distasteful case appears in the on-line version of the Boston Herald. Michael Fiola was suddenly fired from his job at a state agency and accused of possessing child pornography:

Months later, DIA information technology officials noted that the data usage on Fiola’s Verizon wireless bill was 4 times greater than his colleagues’. After discovering the child porn , Commissioner Paul Buckley fired him on March 14, 2007.

DIA turned the matter over to state police who, after confirming “an overwhelming amount of images of prepubescent children engaged in pornographic poses” were stored on the laptop, persuaded Boston Municipal Court to issue a criminal complaint against Fiola in August 2007.

Now, I’ve seen Dateline, and I know that there are people (a lot of people, evidently) who simply can’t resist the impulse to engage in this kind of behavior. In fact, if you work anywhere near a computer forensics lab (and I do), you find out how incredibly common this kind of activity is. That said, there’s still a little issue of due process. It seems that the data wasn’t downloaded by Mr. Fiola, or anyone he knows, after all:

[Computer Examiner Tami] Loehrs, who spent a month dissecting the computer for the defense, explained in a 30-page report that the laptop was running corrupted virus-protection software, and Fiola was hit by spammers and crackers bombarding its memory with images of incest and pre-teen porn not visible to the naked eye.

The DA’s office concurs. So, Mr. Fiola went back to work, right? Wrong. Apparently the Massachusetts Department of Industrial Accidents, who had employed Fiola, who had in fact given him a laptop with defective protection, states that it “stands by [its] decision” to terminate him. Fiola’s attorney, Timothy Bradl, doesn’t get it:

“Imagine this scenario: Your employer gives you a ticking time bomb full of child porn, and then you get fired, and then you get prosecuted as some kind of freak,” he railed.

I don’t get it either, and in this day and age, these types of situations are going to continue to occur; so we should all be very wary.

Posted in Articles, Computer Forensics | Tagged: , , | Leave a Comment »

Trend in Licensing for Computer Forensics Continues with New Michigan Law

Posted by rjbiii on June 18, 2008

Post Process has already remarked on a Texas law that implies that computer forensics experts must have a private investigator’s license. Now it’s Michigan’s turn.

Joe Howrie has written an article on a new Michigan law that requires people engaging in “computer forensics” to acquire a license as a private investigator:

“According to the state of Michigan Web site, Michigan House Bill 5274, “the professional investigator licensure act,” was signed into law by Gov. Jennifer Granholm on May 28.

According to the terms of the act, it becomes effective immediately (Sec. 29) and it is now a felony punishable by up to a four-year prison term and a $25,000 fine for a person to engage in computer forensics in Michigan unless that person is licensed under the act or falls within one of its exemptions (Sec. 3(3)).”

The exemptions mentions attorneys, but not staff working under a lawyer’s supervision, although Howrie feels that staff would be exempted:

Presumably, the attorney exemption extends to staff employed to assist an attorney as attorneys have historically used support personnel for litigation. If the legislature had intended that lawyers could only use support staff with whom the lawyers had employer-employee relationships, the employer-employee language from 4(e) would also appear in the 4(a) lawyer exemption section.

This particular law, driven evidently from privacy concerns, seems broader and harsher than others we’ve seen recently, including the Texas law. Questions abound: if I am in Houston, and I use an application to pull data from a server in Michigan, for the purposes of preparing some of that data for submission to a court as evidence, am I in violation of the statute? If I merely hold myself out as a computer forensics professional, do no business in Michigan directly, but engage in “forensics” elsewhere, are there any consequences (minimum contacts and the web?).

While protecting the public and privacy is important…is a Private Investigator’s license really the best vehicle for this sort of regulation? Stay tuned…

Posted in Articles, Data Collection, Forensics, Laws, Legislation, Privacy, Trends, Uncategorized | Tagged: , , | 1 Comment »