Upon receiving a new WC assignment investigators should discuss with the adjuster the specific red flags that were observed.  Being aware of the particular red flags that led an adjuster to consider fraud as a possibility will help investigators conduct a more cost-effective and successful investigation.  For example, if the adjuster states that the claimant’s home address on file appears to be a family or friends address the investigator will know that the first step will be to research and locate the claimant’s current residence.

Let’s take a look at the top 40 most common red flags associated with WC claims.  We will consider what these red flags mean and what adjusters and investigators can do about them.

1. There are no witnesses to the injury or the only witnesses are the claimant’s “close” co-workers Yet another reason to advise employers to install security cameras in the workplace.  John J. Fay in The Encyclopedia of Security Management states that cameras can be used to “…identify unsafe practices…” and “…to prevent accidents…”  In fact, the installation of cameras can decrease the number of fraudulent WC claims.
2. The claimant and witness statements offer conflicting information Do the statements seem rehearsed or even identical?  Do they both contain the same misspelled words?  Perhaps it’s not a coincidence.
3. The report of the injury is not timely Both adjusters and investigators should advise employers to have clear and specific guidelines for reporting work-related injuries.  Supervisors should be trained to bring accidents to the attention of management immediately.
4. The accident report, statements and other documents contain numerous cross-outs, white out, erasures or are incomplete
5. The claimant cannot recall specific details about the accident Along with a selective memory loss many claimants change details of their statement after inconsistencies have been pointed out.  Employers and adjusters should continue to question them on specifics to arrive at what actually happened.
6. The injured worker is a new employee David Wylie with Texas Mutual Insurance Company stated in Fraud No Small Matter for Small Business, “Statistically the newer the employee is, the more likely the claim  is fraudulent, especially if other red flags appear.”
7. The claimant has a poor attendance record at work Poor attendance records have a funny way of becoming WC claims.  Advise employers to have a clear and specific attendance policy.
8. The claimant has a history of discipline issues Along with poor attendance, employees who have discipline problems can become disgruntled employees.  A disgruntled employee, as Wylie pointed out “…has a motive to fabricate the claim.”
9. The accident occurs immediately before or after a vacation Employees can become disgruntled when their request for vacation is denied.  Many claimants view time off for a WC injury as a “vacation.”
10. The accident occurs immediately prior to an employee’s retirement Often the employee will take an early retirement and may even be moving out of the city or state.  If the employer or adjuster knows the claimant is moving this information should be relayed to the investigator immediately.  I recently had a similar case.  The claimant took an early retirement but not before filing a WC claim.  Of course I was there the day the moving truck arrived.  Although the claimant had hired professional movers I was able to videotape him loading his own truck with personal belongings.  Needless to say, his physical activities that day were well outside the scope of his alleged injury.
11. The employee is injured prior to a strike, company layoff, termination or the employer closing or relocating the business
12. The employee is injured after giving notice Nothing says thank you more than an employee who leaves the job and is “injured” during his last few days.  This often happens with employees performing seasonal or temporary work.
13. The employee is injured after receiving a disciplinary action, demotion, being passed over for promotion or being placed on probation The common denominator is that the claimant is disgruntled.  Again, disgruntled employees are more likely to file fraudulent WC claims.
14. The claimant has problems with workplace relationships
15. The claimant leaves the country for medical treatment I once had a clinic in Nuevo Laredo, Mexico billing an adjuster for medical treatment the claimant was supposedly undergoing.  I was able to provide evidence that the claimant was shopping and running errands in Laredo at the same time the clinic says he was being treated in Mexico.
16. The claimant has a history of reporting subjective claims or has more than one claim at a time
17. The claimant’s job history reflects a series of jobs held for relatively short periods of time This alone, should alert employers to potential problems.  Advise employers to put an end to fraudulent WC claims before they get a chance to start through careful hiring practices.  Investigators can conduct background investigations and verify references and help employers avoid costly hiring mistakes.
18. The claimant’s alleged injury relates to a pre-existing health problem
19. The claimant is involved in hobbies or sports Claimants injured playing sports over the weekend often attempt to blame it on a work-related injury early Monday morning.  When adjusters have claimants that are active in sports this information should be passed on to the investigator.
20. The claimant is involved in home improvement or auto repair activities
21. The claimant has a part-time job that is labor intensive, i.e. building outdoor decks, installing tile, etc. Many claimants view WC as a vacation of sorts and an opportunity to get some real work accomplished.
22. The injury occurs on a Friday but is not reported until the following Monday, or the injury happens early Monday morning or at the beginning of a weekly shift Probably one of the most common red flags.  This could indicate the claimant was injured over the weekend.
23. The incident report and the medical evaluation offer conflicting information
24. The claimant refuses or delays treatment to diagnose the injury
25. The claimant won’t come to the telephone, is sleeping and can’t be disturbed or is never home Again, one of the most common red flags.  Begin surveillance early at this claimant’s address.  More than likely he is very active.
26. The claimant misses physical therapy, occupational therapy or other medical appointments
27. The claimant provides a telephone number but doesn’t live at the address associated with it A variation of this is the “message phone,” where the message taker is evasive or ambiguous when asked about the claimant.  Investigators should ask adjusters for every telephone number associated with the claimant.  Reverse the telephone numbers for the actual addresses.
28. The claimant provides his friends, parents or other family members address or a hotel or post office box In other words the claimant is hiding.  Check proprietary databases and follow him from an appointment or when he picks up his WC check from his employer.
29. The claimant’s family doesn’t know anything about the claim or they are extremely helpful to the point of the information sounding rehearsed
30. The claimant is going through a divorce
31. The claimant is going through a child custody battle
32. The claimant is having financial difficulties A fraudulent WC claim may be the least of  your worries.  This type of claimant is prone to stealing from his employer.
33. Tips or anonymous information from co-workers, relatives or neighbors suggest that the claimant’s injuries are exaggerated or not legitimate Yet another reason to suggest to clients that the investigator perform an activity check or neighborhood canvass or survey.  I once had a liability case where the claimants (a mother and daughter) had been involved in an automobile accident with a truck from a large utility company.  In discussing the accident with a neighbor the mother remarked that she was going to take the utility company for every penny.  Unbeknownst to the mother, the neighbor did not care much for her or her daughter.  The neighbor telephoned the utility company and advised them that the daughter was on her high school volleyball team and that her mother was her biggest fan.  At the next game I sat in the bleachers and videotaped the daughter’s very physical volleyball game and her mother jumping up and down and cheering from the opposite bleacher.
34. The claimant’s lifestyle is incompatible with his known income These types of claimants have their fingers in all kinds of pies and are usually very active.  Surveillance is a must.
35. The claimant’s family members are on workers’ comp or have a history of claims or lawsuits A family that “claims” together stays together.  Use discretion when conducting surveillance and especially when making neighborhood inquiries.
36. The claimant’s injuries are subjective This involves soft-tissue injuries, phantom pain, emotional injuries, etc.  This is very common and difficult to prove otherwise.  The best course of action is surveillance of an active claimant over several days.
37. The claimant changes physicians frequently This occurs when the physician releases the claimant to return to work or when his diagnoses is at odds with the claimant’s assertions.
38. The claimant is healthy, tanned or sunburned The claimant is obviously involved in outside activities.  People are creatures of habit.  Men begin shaving on the same side of their face every morning.  Regardless of how careful claimants with exaggerated or fraudulent claims are, they eventually will go back to their routines.
39. The claimant and other workers from the same employer use the same attorney, doctor, chiropractor or clinic I once had a case where 10 claimants from the same company were all being treated by the same clinic.  This is a definite red flag.  Many of these clinics are set up to do nothing more than make money.  I cannot tell you how many times I have conducted surveillance on different claimants for different clients and found them all going to the same doctor or the same chiropractor.  Use caution when conducting surveillance at these locations.  These people do not want anything disrupting their cash cow.
40. The claimant is familiar with claims-handling procedures or workers’ comp rules. At the very least this could indicate that the claimant has filed a previous claim.  It also means the claimant may be expecting surveillance.  Use discretion and be careful.

When it comes to fraudulent WC claims, claimants use a myriad of methods to exaggerate and file false claims.  These claims end up costing money and a loss of productivity for the employer which, unfortunately is passed on to the consumer.  When it comes to WC fraud, everyone pays.  Investigators, adjusters and employers working together can not only recognize and react to the red flags that point to fraudulent WC claims but also conduct comprehensive investigations that reduce the number of false or exaggerated claims.

Scott B. Fulmer, Security and Investigation Professional, President and CEO
Scott B. Fulmer Investigations, Texas License #A13390
8111 Mainland Drive, Suite 104
San Antonio, Texas  78240  USA
Tel  210.317.9288
scott@scottbfulmerinvestigations.com
www.scottbfulmerinvestigations.com

Scott B. Fulmer is an experienced and results-oriented security and investigations professional, state licensed private investigator, certified Texas process server and president and CEO at Scott B. Fulmer Investigations based in San Antonio, TX. He has over 20 years experience in handling complex investigations at the state and federal level, and public sector including workers’ compensation and insurance liability fraud, covert video surveillance and national security background investigations. A combat veteran of the Persian Gulf War and an exciting and lively public speaker and presenter available to speak to your group or organization.  He resides in the Texas Hill Country with his wife and three children.

Works Cited:

• Ball, Jody, The Bible on Worker’s Comp Investigations. 1997, Thomas Investigative Publications, Austin.
• Fay, John J., Encyclopedia of Security Management. 1993, Butterworth-Heinemannn, Boston.
• Wylie, David.  Fraud No Small Matter For Small Business. 2010 http://sbinformation.about.com

The very idea of trying to market something called a Reputational Due Diligence Model to clients is preposterous, and, I believe, even redundant. In the context of business intelligence, a background investigation should be included in the due diligence process.

[FIND] Lexicon

due diligence – noun 1 : the care that a reasonable person exercises under the circumstances to avoid harm to other persons or their property; 2 : research and analysis of a company or organization done in preparation for a business transaction (as a corporate merger or purchase of securities)

Now that we have the phrase defined, let’s break it down. Note the words I’ve highlighted: first, we’re defining the term based on what a “reasonable person” would do under “…the circumstances.” Second is the “research and analysis” component — not just a gathering of facts, but analysis of the information.

My problem with simple due diligence as defined here is the idea that we have to limit ourselves to the research and analysis and level of care that a reasonable person would exercise. I, personally, like the idea of research and analysis being conducted by an unreasonably anal person who pays attention to detail in approximately the same infuriating manner that my tenth-grade English teacher graded my essays. A background investigation should be at least thorough, if not exhaustive. That said, common sense must be employed. You don’t want to spend valuable time chasing down obviously erroneous tangents.

Many investigators think a background investigation is simply a reporting of facts, when it should always include thorough and thoughtful analysis of the information. Granted, any licensed professional investigator with a basic level of competency can query the various databases available to him or her and get a quick list of criminal, civil, and other publically available records. But a worthy investigator should always dig deeper.

Deep Research
One standard we that must employ as a matter of practice is Deep Research. The objective of deep research is discerning observation and smart analysis. Discernment in observation calls to mind the notion of not just sensitivity, but also intelligent, wise, and judicious thought. Smart connotes sharp, shrewd, and clever, with a touch of brash and sass for good measure. The entire premise of this method is based on investigators being astute, which comes from the Latin astus, which has both the positive sense of adroitness or dexterity and the… more ambiguous, shall we say, concept of craft or cunning.

Once the initial database inquiries have been made, the basic information is compiled for further study. At this point, look to some proprietary data services that offer more information. Sources like LexusNexis and Westlaw allow natural language and Boolean queries and gather more data from a broader set of sources. This is the second phase of deep research and it involves discernment. Again don’t waste valuable investigative time chasing useless tangents.

Once the basic information and more extensive details available through various data providers are compiled, it’s time to be astute: adroit, dexterous. A dose of cunning is often useful as well. Now we’re down to…craft, or as it’s known in our circles, tradecraft.

Initial Probe
An investigator places a call, either direct or under pretext, to all references. Verify as much information as possible from the subject’s own character witnesses. Confirm all employment, education, and associations. Any claims of advanced degrees, professional designations, and awards should be authenticated. Create a synopsis of the universities attended, professional organizations, and sources of awards. If the subject attended Phoenix University and earned that MBA via the post office, let the client know. If the Association of Bank Managers is made up of four guys and a poker table, the association is most likely of no real value. If the Frank Stevens Award for Legal Letters was conferred by the next-door neighbor, your subject has been creating fiction. Investigate the veracity of all claims.

Digging Deeper
A thorough and exhaustive background investigation should include, but should not be limited to, on-site courthouse research, visits to colleges, interviews with professors, chats with neighbors and old friends, and other methods of tradecraft. The last two methods of gathering primary reference materials are straight out of the world of spycraft and almost always yield valuable insights.

It is almost always useful to place the subject under surveillance for a period of time. Get an idea of lifestyle, character, and habits. This is a chance to expand the list of associates and friends. Often an investigator can identify the subject’s true associates and check this list against the references listed. Actual physical surveillance affords the investigator a chance to get to know the subject, to study his daily routines. With physical surveillance, the investigator can develop a more intimate and realistic picture of the subject’s lifestyle.

The last piece of tradecraft discussed is arguably one of the most underhanded methods available to the field operative. Trash Cover, refuse audit, pulling trash, dumpster diving…whatever an investigator chooses to call it, it’s a messy job, but almost always produces results. The legality of this method is fairly well established. In most states, once a person has placed their rubbish in the bin and rolled it to a publically accessible place, the trash is fair game. One month of garbage usually generates a clear profile of the subject. Groceries, prescriptions, movie/theater tickets, alcohol, illicit drugs, porn, letters to girlfriends, notes to boyfriends, retail receipts, credit card statements, and on, and on, and on…To muster this information into a cohesive portrait of the subject simply takes time, rubber gloves, evidence sleeves, a few notebooks, and meticulous organizational skills.

Summary
A background investigation for due diligence should be a thorough exploration of the facts and a thoughtful rendering of those facts into a portrait of the subject. The subject provides a head shot, their best side in the nicest possible light. Our objective should not be to destroy that ideal, but to augment it with a serious dose of reality. Many investigators approach this type of work with a broad-brush methodology. They simply gather computer-generated information and report that under their letterhead with no verification or support. (Actually, a lot of investigators will just copy and paste the database information into their report.) A worthy investigator will dig deeper. They will corroborate their initial research with several sources. They will contact the original source of information and verify in person or via telephone the virtue of all claims. The true professional will take it even further. He will conduct primary research in the form of observation and evidence gathering.

The “reputational due diligence model” sounds a bit pedantic and purposefully overwrought. A quality background investigation should be thorough and thoughtful and doesn’t need a long meaningless name. Spies have been doing this work for ages. I think they simply call it a dossier.

Editor’s Note: The above piece was provided courtesy of Thomas H. Humphrey via his [FIND] Investigations blog at http://findinvestigations.blogspot.com This is a GREAT blog and certainly worthy of adding it to your RSS feeds or favorites list.  I never fail to find fascinating and fun nuggets of information posted there. Check it out!

Thomas H. Humphreys lives in Nashville, TN where he shares a house, an office, and a life with his wife and partner Kim Green. Mr. Humphreys is an award winning journalist and has contributed to international travel publications, regional magazines and news papers, as well as various public radio outlets. Mr. Humphreys owns [FIND] Investigations, a full service private investigations company.

[FIND] Investigations Website
[FIND] Investigations Blog
Email Thomas

Last year’s conference was a huge success and we started working on the 2010 conference right after the holidays in an effort to make this conference even better, if possible. This year we have lined a stellar group of speakers for the conference. By popular demand from past attendees we have made arrangements to have a number of the most popular pieces of covert surveillance equipment available for both show and tell demonstrations as well as for sale.

2010 MLPIA Annual Seminar
September 17th & 18th

Location:
Season’s Grille & Convention Center
155 Riverside Street Portland, Maine
(207) 775-6538

Speakers include:

• ISPLA’s Ernie Barth – Techno Testimony
• IRB’s Rebecca Roberts – Running & understanding databases
• Unum SIU Director Jeff Huston & SIU Lead Investigator Mark Walsh
• Maine AG’s office Sr. Investigator Brian McMaster
• Michelle McGrath – Corporate & Executive Protection
• MLPIA’s Joe Thornton, Atty. Dan Lilley, former Prosecutor Thomas Goodwin & Atty. Mary Davis –“Battered Woman’s Syndrome” as a Defense to Homicide: A Case Study
• NALI’s Nicole Bocra & MLPIA’s Alan Tate – Using Social Networking Sites in Investigations
• NALI National Director Paul Jaeb – Minnesota Bridge Collapse Investigation
• Covert Surveillance Equipment- Types & Uses
• NALI’s – Reginald Montgomery- Investigator Liability

Below you will find links to both the Agenda and a Registration form. We have also made arrangements to be able to take credit cards for the conference registration fee, if you want. Again this year we have made the conference both educational and financially affordable for all to attend. A conference rate has also been obtained for the hotel, the info is on the attached form. We are very pleased to have not only IRB and Varney Insurance as sponsors but we have also added the NALI & their National Director as a sponsor. There are also vendor and sponsor opportunities available if anybody is interested, please contact me.

Thanks and we hope to see you in September,

Ed Spicer & Alan Goodman

2010 Conference Sign Up Form *  2010 MLPIA Conference Agenda

“The right of one charged with crime to counsel may not be deemed fundamental and essential to fair trials in some countries, but it is in ours.” – Gideon v. Wainwright (1963)

This is an ISPLA update on part of our work the past year with Equal Justice, Sixth Amendment, Wrongly Accused, Innocence, and Indigent Defense projects which have requested our lobbying assistance.  A significant number of our members are engaged in criminal defense investigations and in the pursuit of justice.  We often have to work together with a wide range of groups and associations to address legislative issues, some of which seek to close our access to various sources of information.  At times such groups have even included the ACLU and media organizations.

ISPLA’s Executive Committee Chairman, Peter Psarouthakis, recently attended the Michigan Supreme Court oral arguments in Christopher Lee Duncan et al v. State of Michigan and thought the court might rule to reverse its previous decision, so as to not make the court look like law makers.  It turns out he was correct.  In a stunning defeat for right to counsel advocates, the Michigan Supreme Court reversed its unanimous, 2-month old decision in this ACLU class action lawsuit upon reconsideration.  “Is it all about the financial costs of fixing one of the nation’s most deficient indigent defense systems?” asks the National Legal Aid and Defender Association.

The July 16 order reversing decision and entering summary judgment in favor of the defendants, State of Michigan and Governor of Michigan, ended any opportunity for the plaintiffs to prove they are being denied the effective right to counsel as a result of Michigan’s inadequate and ineffective system of public defense.  Three of Michigan’s Supreme Court judges dissented stating: “Today’s order slams the courthouse door in plaintiffs’ face for no good reason.”  Instead, they are relegated to being represented in their pending cases by lawyers who lack the time, tools, training and resources to provide them with the assistance of counsel that our American system of justice promises to all.  ISPLA would add: “Not having access to qualified and fairly paid defense investigators and forensic experts denies them equal justice as well.”

In Michigan, as in most states throughout the country, the state Supreme Court has final responsibility for overseeing the justice system and ensuring that the rights guaranteed to everyone are applied in that system.  It is the courts that one goes to when a person believes they are being wronged in some way and it is the courts that provide one a remedy for that wrong.   However, now the Michigan courts are washing their hands of any responsibility for overseeing the public defense system and ruling that instead “the executive and legislative branches can and should address such matters.”

Who in Michigan is responsible for making the public defense system work?  The courts say that it is up to the legislative and executive branches of government.  Both branches are well informed on the systemic deficiencies.  On behalf of the Michigan Legislature under concurrent resolution of both chambers and under the guidance of the State Bar of Michigan, NLADA undertook a year-long study of indigent defense representation in ten sample counties.  To ensure that a representative sample of counties was chosen to be studied — and to avoid criticism that either the best or worst systems were cherry-picked to skew the results — NLADA requested that an advisory group be convened to choose the sample counties.  Created by Michigan State Senator Alan Cropsey, the advisory group was composed of representatives from the State Court Administrator’s Office, the Prosecuting Attorneys Association of Michigan, the Michigan Association of Counties, the State Bar of Michigan, the State Appellate Defender Office, the Criminal Defense Attorneys of Michigan, the Supreme Court, and trial-level judges.  The advisory group ensured that the county sample reflected geographic, population, economic, and defense delivery model diversity. ISPLA representatives met with the above associations, the Michigan Campaign for Justice, Michigan law makers, testified at state and federal hearings on related subject matter, and also met with many of the same groups a second time in Washington at the U.S. Department of Justice National Symposium on Indigent Defense.

Rather than just posting this on listservs and Twitter, it is presented by ISPLA as a loss which exemplifies the fact that we know the costs of defeat in lobbying in a proactive manner, but view such as just a temporary setback which will only strengthen our resolve.  The ACLU has vowed to keep up their fight: “Our fight to fix the indigent defense system is far from over and we are currently weighing our legal options.”

The court case by the ACLU may have failed, but the ability to preserve the Sixth Amendment right to effective counsel will still exist through effective lobbying by Equal Justice groups and like-minded stakeholders, such as ISPLA.  Please read the NLADA message below. This court decision is a significant loss to the “Gideon” advocates, which to a degree are also a portion of ISPLA’s constituents.  When the indigent defense system is broken, everyone suffers.  The innocent end up in prison, while the perpetrators are left to remain free —- free on the street to commit more crime.

Investigative professionals who support ISPLA’s initiative in support of the Sixth Amendment, Indigent Defense and Equal Justice issues are invited to join us in our efforts.  We will also be assisting some state investigative professional associations to address specific problems presently existing regarding the appointment of defense investigators to represent indigent defendants.

Go to www.ISPLA.org

Bruce Hulme
ISPLA Director of Government Affairs

The NLADA report, A Race to the Bottom, opens with a re-telling of the first right to counsel case in America – the case of the Scottsboro Boys in 1932 Alabama (Powell v. Alabama) – to show that many of the systemic deficiencies identified in the Scottsboro Boys’ story permeate the criminal courts of Michigan today: judges hand-picking defense attorneys; lawyers appointed to cases for which they are unqualified; defenders meeting clients on the eve of trial and holding non-confidential discussions in public courtroom corridors; attorneys failing to identify obvious conflicts of interest; failure of defenders to properly prepare for trial and meet their ethical canons to zealously advocate for clients; inadequate compensation for those appointed to defend the accused; and, a lack of sufficient time, training, and resources to properly prepare a case in the face of the state court’s emphasis on disposing of cases as quickly as possible.

One wonders how much the financial impact of moving an early 20th century public defense model into the new millennium in one of the most economically depressed states in the country had on the decision.  The concurring opinion reasoned that the probable financial impact of the case could be substantial, stating the Court’s original decision was “an open invitation to the trial court to assume ongoing operational control over systems for providing defense counsel to indigent criminal defendants.  . . .  And with that invitation comes a blank check on the part of the judiciary to force sufficient state level legislative appropriations and executive branch acquiescence in assuming similar control over the systems in every county in this state, while nullifying the provisions of the criminal defense act and superintending authority of the Supreme Court and the State Court Administrator.”   We remind the Court’s majority that our Constitutional rights extend to all of our citizens, not merely those of sufficient means.  Though we understand that policymakers must balance other important demands on their resources, the Constitution does not allow for justice to be rationed to the poor due to insufficient funds.

PALI’s Annual Investigators Conference is designed to provide an opportunity for educational excellence. It is estimated that between 100 and 175 investigators, law enforcement personnel and security professionals from across the Mid-Atlantic Region will be in attendance. National and local exhibitors and many well-known educational speakers will be there as well.

Speakers currently include:

• Randal S. Doaty, Private Investigator – Real Estate Investigations
• Paul Herman, Private Investigator – Computer Evidence Discovery
• Eileen Law, Private Detective – “TNT ~ Dynamite Tools, Notions & Tricks of the Trade”
• Laura O’Kane, Marketing Communications at IRBsearch, LLC – Gramm Leach Bliley Act
• Peter Psarouthakis, Professional Investigator & ISPLA President – “Educate to Legislate”
• Richard D. Walter, Forensic Psychologist – Sex Crimes
• Ed Spicer, Private Investigator – “Surveillance techniques, issues and successful surveillance operations”
• Nicole Bocra, Private Investigator – Financial Investigations
• and others!

In addition to the informative and educational speakers who will address topics specific to you and your investigative needs, the seminar also provides a networking platform during social and business events, rekindling old friendships and making new ones while networking with professionals from several other disciplines.  This is an exciting opportunity to network with those who are dedicated to the advancement of investigative and security services!

For more information about the conference and registration & hotel accommodations please visit http://www.pali-investigator-conference.com

Now in his ninth term in the U.S. House of Representatives, Congressman King has been a leader in the ongoing effort to base Homeland Security funding on threat analysis and is a strong supporter of the war against international terrorism, both at home and abroad. While chairman of the Homeland Security Committee in 2005-06, he brought about vital legislation regarding port security and chemical plant security and led the effort to restore funding to the Secure the Cities Program to protect the New York-Long Island region.

Prior to serving in Congress, Rep. King was elected to three terms as the Comptroller of Nassau County and has extensive experience as a practicing attorney and civic leader. He began his political career in November 1977 by winning election to the Hempstead Town Council.

He is a graduate of St. Francis College, Brooklyn, and the University of Notre Dame Law School and a lifelong resident of New York, living in Nassau County for more than 40 years. Rep. King and his wife, Rosemary, reside in Seaford. They have two adult children and two grandchildren.

Tickets for the event are $150.00 per person or $1,500.00 for a table of 10. For more information on sponsorship and advertising opportunities, please contact David E. Zeldin, ALDONYS 2010 Dinner Chairman at ALDONYSDINNER@gmail.com or 516-442-3164 x 11.

The August 2010 podcast of The American Private Investigator features Mike McIntee with the API News Update and a state of the P. I. industry roundtable with Peter Psarouthakis of ISPLA, Alan Goodman of Lawyers Investigating, Inc., and your host, Paul Jaeb.

Tune in to hear about recent trends and challenges affecting legislative action, service of process, privacy, public records, information access changes, and unlicensed investigators.

Learn about the niches that have experienced growth or a tough time during the economic downturn, and what the successful firms have done to adapt and even boost their business via planning and decisive action.

Hear Peter, Alan, and Paul discuss the opportunities ahead for the industry with regards to changes in state and federal leadership/involvement, technology, licensing, and communication, and the professionalism, ethics, experience, and thirst for knowledge of today’s community of licensed private investigators.

Click here to listen to the American Private Investigator Podcast right now.

Guests on the August 2010 podcast are:

• Mike McIntee, Timescape Media: 1907 Covington Lane, Eagan, MN 55122, T: (651) 452-0530, michael@timescapemedia.com, www.timescapemedia.com.
• Peter Psarouthakis, Investigative & Security Professionals for Legislative Action (ISPLA): 235 N. Pine Street, Lansing, Michigan 48933, T: 734-428-9663, isplavoice@gmail.com, http://ispla.org.
• Alan Goodman, Lawyers Investigating Service, Inc.: P.O. Box 8479, Portland, ME 04104, Maine: 207-775-5685, 800-244-5685, Nationwide: 888-244-5685, F: 207-893-1475, aeglis@aol.com, www.lawyersinvestigatingservice.com.

See The American Private Investigator resources and events pages for organizations and upcoming events mentioned in this podcast.

Editor’s note: This article was originally written for attorneys concerning questions that often arise out of family law disputes but as private investigators are often called on to investigate matters involving divorce, infidelity and child custody matters we are often asked about the application of technology to develop evidence and information. The topics discussed in the article are all very applicable to anyone who handles these types of assignments.

Electronic evidence in family law cases cuts a wide swath these days. It consists of e-mails, text messages, instant messages, word processing documents, GPS data -and who knows what the next generation of mischief will bring? But let us begin with the diva of evidence in family law cases – spyware.

Spyware has made the notion of peeping through keyholes wonderfully quaint.

How much simpler it is to record your spouse/lover/significant other’s every keystroke and know for sure what they are up to without ever leaving the comfort of your computer station. Adultery is as old as time, but who would ever guess that cyber-adultery would be a commonplace phenomenon, and often the genesis of divorce?

Who would ever imagine that the authors would be interviewed by NBC, ABC, CBS, USA Network, NPR and Oprah’s “O” magazine, each interview focusing on the obviously sexy topic of spyware and divorce?

The legality of spyware used to be murky, at best. The courts have spoken of it only infrequently, so there is precious little guidance. How does a lawyer appropriately advise the client who wants to employ spyware, or who already has? How does a lawyer appropriately advise the client who believes that someone has used spyware to conduct surveillance on their computer usage? It is a dicey business, and fraught with risk for lawyer and client alike.

Before plunging into the legality of spyware, let us attempt to set the stage.

First and foremost, what constitutes spyware?

No one quite agrees, but generally speaking, it is software installed on a computer without the target user’s knowledge and meant to monitor the user’s conduct. Most of the time, in domestic practice, the target is e-mail and chat rooms, but the software will record everything the user does, including financial record keeping, the preparation in a word processing program of letters to counsel, or the keeping of business records. Some spyware is used to gather personally identifiable information like passwords, credit card numbers and Social Security numbers, all useful for those interested in fraud and identify theft. Some spyware programs will hijack your web browser, reset your home page, add toolbars, alter search results or send popup ads that cannot be closed, all intended to hawk some vendor’s products.

Spyware has become insidiously clever recently – many programs come with a persistent reinstaller – as soon as you attempt to remove it, it reloads itself. Many forms of spyware hide in Windows system files and even mimic the file names so the average user would have no idea that the files are in fact shielding spyware. The latest wrinkle with spyware is that it can turn the infected machine into a spam zombie. This means that your computer is being used as a relay point to send spam messages without your knowledge.

What are some of the spyware programs commonly in use?

These days, there are so many spyware manufacturers that it is well nigh impossible to list them all. They have such names as eBlaster, IamBigBrother, SpyAgent, Spy Buddy, Spector Pro, Keylogger Pro, Invisible Keylogger and 007 Spy Software. They have different features and have slightly different operating characteristics but they are all intended to spy on someone else’s computer use – stealthily. There are also hardware keystroke loggers such as KeyKatcher, a small, dongle-like device that fits in between the keyboard and the PC. It’s a modern day “bug” with a memory capacity of 64K, 128K, 256K and 4MB, able to store several weeks’ worth of typing, after which it can be removed and all the text downloaded onto another machine. The major advantage of the KeyKatcher is that no software will be able to detect its presence. The drawback, obviously, is that this requires that the person placing the KeyKatcher have continuing physical access to the machine. KeyKatcher is therefore primarily used by husbands and wives residing together. It is certainly cheap, beginning at $32.99.  But in point of fact, having analyzed hundreds of computers in divorce cases, 100% of the time, a software spyware application was used instead of a hardware logging device.

How much does software spyware cost? Not much – $30-$100 is a common range, a cheap price for a heinous invasion of privacy. Two of the most devious spyware applications, eBlaster and Spector Pro, cost $99.95.

Will the user know that spyware has been installed?

No – these applications are exceedingly clever. They change their install dates, don’t show up as a running program, don’t show up in your list of programs, don’t show up in the “Add/Remove” function, and change their names to something that sounds like a benign – and boring – system file. Who would ever give the file name windowstht.dll another thought?

So how does spyware get installed? Clearly, if the spouses reside together, it is easy for one party or the other to install spyware. However, if the parties live apart and the spouse wishing to install spyware doesn’t have physical access to the other party’s machine, then there are methods of remotely installing spyware. As a for instance, the husband might send an electronic greeting card to the wife saying how sorry he is for the pain he’s caused, etc., etc. He sends the card as an attachment with a cover e-mail that says, “Honey, I’m so sorry for all the pain I’ve caused – the attached card helps me to express my real feelings.” Whether she loves him or hates him, she’s going to want to see the card so she opens the attachment. And bada-bing, the spyware downloads (invisibly) right along with the greeting card. In the same mode, perhaps he sends some cute photos of the kids when he took them to the beach. Irresistible to the wife – she opens them and the spyware, piggybacked on the photos, covertly installs itself and begins monitoring her online activities.

Fortunately, spyware programs cannot hide from skilled forensics examiners who know where these stalkers hide. This is one of the most difficult parts of computer forensics because you are specifically looking for something which intends to be invisible. In the vast majority of cases, the authors have found that significant amounts of data can often be uncovered, most notably the e-mail address to which the reports were sent. Once an attorney has that, if there is not currently a divorce proceeding on file, the attorney can file a John Doe suit and serve a subpoena on the Internet Service Provider to learn the identity of the account holder.

What is the status of laws explicitly dealing with spyware?

As of October, 2008, there is no federal anti-spyware law. The House of Representatives has passed (again) two bills designed to punish those who install spyware on people’s computers without their knowledge. This charade has gone on for at least five years, with the bills stalling when they get to the Senate, reputedly due to the lobbying efforts of the Direct Marketing Association. All such bills say they will pre-empt state law, so it will be fascinating to see what Congress agrees to, assuming it ever agrees.

Many states currently have legislation which is intended to prevent some kinds of spyware. Sometimes the laws are anti-spyware specific, sometimes they are computer trespass, unauthorized computer access or privacy laws and sometimes they are wiretap statutes which apply to electronic communications. According to the National Conference of State Legislatures, as of March 24, 2008, there were 14 states with specific anti-spyware statutes: Alaska, Arizona, Arkansas, California, Georgia, Indiana, Iowa, Louisiana, Nevada, New Hampshire, Rhode Island, Texas, Utah and Washington.

Note that Virginia is not mentioned, which makes us nervous about the accuracy of the NCSL’s information. Below is an excerpt from Virginia’s Computer Trespass law, which clearly includes the use of spyware in paragraph eight (but note the possible exception for a machine which is marital property). Also note that it was clear under the previous spyware law that interspousal interception was prohibited – however, the 2007 changes to the law added the “computer owner’s authorization” language.

§ 18.2-152.4. Computer trespass; penalty.

A. It shall be unlawful for any person, with malicious intent, to:

8. Install or cause to be installed, or collect information through, computer software that records all or a majority of the keystrokes made on the computer of another without the computer owner’s authorization

How about other laws, not specific to spyware?

Aha, an excellent question. Herein lays many a trap in which a lawyer might unwittingly step. First, let us consider the federal laws:

• The Electronic Communications Privacy Act of 1986 prohibits the interception and disclosure of wire and electronic communications. It also applies to those who use information they know or have reason to know was intercepted. Distinctly not a good thing if your client has violated this Act.

• The Computer Fraud and Abuse Act prohibits a person from accessing a computer without authorization or from exceeding authorized access and thereby obtaining certain governmental, financial or consumer information. Clearly, spyware is often used for these purposes.

Because this area is indeed a sand trap, there are also a number of state laws that may apply. Some examples include:

• Computer privacy laws
• Wiretap laws
• Computer trespass laws
• Fraud laws
• Harassment laws
• Stalking laws
• Voyeur laws

Not only may spyware violate a myriad of laws, some laws do and some don’t carry with them a clause excluding the admission of illegally obtained evidence. And where they don’t contain such a clause, especially at the state level, it is generally held to be at the discretion of the trial court whether or not to admit the evidence. If admitted, the illegality goes toward weight.

What are the leading cases in this area?

An oldie but a goodie, White v. White (N.J., 2001), in which a wife accessed the husband’s e-mails which were stored in an America Online file cabinet on the marital computer. No password was required to get to the e-mails, though the husband was unaware of that. The court held that the wife had violated no laws in getting to those e-mail messages.

In O’Brien v. O’Brien (Florida, 2005), the wife installed spyware to monitor her husband’s conduct. He had begun playing dominos with a woman he met through Yahoo, and then began playing, well, something more than dominos. Under the Florida Wiretap Act, the data gleaned from the spyware was not required to be excluded; however, the trial court had chosen to exclude it. The appellate court found that the exclusion of the data was within the trial court’s discretion and it therefore declined to disturb the lower court’s decision.

The case of Potter v. Havlicek (S.D. Ohio, 2007) involved the question of whether evidence obtained via monitoring software on a family computer could be introduced even though the act of obtaining the evidence may have violated the Electronic Communications Privacy Act. The court noted that the ECPA applies only to “oral and wire communications” and not electronic. Judge Rose noted that several courts, including the Sixth Circuit, have concluded the Congress intentionally omitted illegally intercepted electronic communications from the category of cases in which the remedy of suppression is available. He also noted that “this is not to imply, however, that disclosure of the information in state court by {the husband} or his attorney might not be actionable civilly or criminally under 18 U.S.C. Sec. 2511.” With respect to the husband’s argument that the e-mail were not intercepted in transit by the monitoring software, Rose discerned “some merit in the position of Judge Reinhardt who opposes a hyper-technical application of the contemporaneous requirement emasculating the ECPA” (referring to Konop v. Hawaiin Airlines, Inc. (9th Cir. 2002). The same position was adopted by the First Circuit in U.S. v. Councilman (Fla. Dist. Ct. App. 2005), applying a law similar to the ECPA. Rose further noted that there is no interspousal exception to the ECPA.

For the record, the authors believe that Judge Rose articulates the correct view of the law, and one which we believe is beginning to prevail across the nation.

What are your clients up to?

Attorneys who do domestic relations work can answer this question easily. If you want to check out what your clients are reading online, just type “cheating spouse” in Google and prepare yourself for a slime bath. One typical site is http://www.chatcheaters.com/, which contains real life stories, ads for keystroke loggers, advice on how to catch cheaters, and even a PI and lawyer directory. Most of the time, clients will have surfed all over the Net on this subject and purchased/installed/used spyware before they ever consult an attorney. They will arrive in your office with printouts of e-mails that scorch your eyebrows as you read them. They are generally quite pleased with their resourcefulness and blissfully unaware that they may have broken a law or multiple laws. The common belief is that “the computer belongs to both of us so I can do anything I want.” When told they may have broken a law, they become ashen-faced, and are stunned to think that the “guilty” party now may have a cause of action against the “victim.”

But what about monitoring kids?

You do have the right to monitor your minor children. However, you absolutely may not use the software installed to monitor your children as an excuse to ALSO monitor your spouse, ex-spouse, etc. To the extent that there are communications, for instance, between an ex-spouse and a child that show up in the child’s e-mail, you are (so far as current cases are concerned) ok in having those communications. However, the point must not be to spy on the spouse – there should be a concern involving the child which motivates the usage of the monitoring software.

What should you advise a client who thinks there may be spyware on his/her computer?

If it sounds to you like the facts warrant it, you’ll want to have a forensic technologist find and document the spyware’s existence. This software is so squirrelly that the evidence a lay person can get, if any, is so fragmentary as to be worthless in court. Far better to let an expert find and document the spyware. In any event, you don’t want someone trampling all over the evidence, changing access dates, etc. Sometimes, the expert’s advice will be to let the spyware continue operating briefly while a sniffer is employed to determine precisely where the information is going once it leaves the target network. The data contents of the transmission may be unreadable as more and more software packages are encrypting the communications prior to sending the information.

Clearly, an attorney cannot threaten a criminal charge. However, we’ve seen the use of spyware used as a trump card time and again. Once the use of the spyware is proven, all the attorney needs to do is communicate that fact to the other side’s counsel for the implications to be clear. Sometimes, this is done in the course of a deposition where the deponent will deny under oath having used spyware, only to have the evidence shown to them. Likewise, if they take the Fifth, but the evidence is extant, it is clear to all what the risks are. To put it bluntly, cases in which the use of spyware can be proven tend to settle quickly.

If your objective, particularly in a case of modest assets, is to simply get the spyware off, you can have the client try running a reputable anti-spyware program, such as Webroot’s SpySweeper or Sunbelt’s CounterSpy. They may not find ALL spyware, but they will find most of it. Beware, however, because the installation of these programs will be detected by the spyware, thereby alerting anyone monitoring computer activity that you are “on to them.” At that point, they may well use remote technology to instruct the software to remove itself and delete all traces of its existence.

If your choice is to simply find and eradicate the software, just be mindful that you will have no evidence of the computer spying to use in the future. Also, you must stress to your client that they should never again open an attachment from anyone likely to be interested in remotely installing spyware.  A caveat: Some people are convinced that there is spyware on their computer when there is not. If you have a competent computer forensics expert and they say there is no spyware, the client is probably the one mistaken. One frequent explanation – the spouse has guessed or cracked a password – which is also illegal – so make sure you consider all the alternatives!

What should you advise a client who is using spyware to monitor someone else’s computer activity?

Get it off. Now. No excuses. It certainly violates federal law, and possibly Virginia state law as well, depending on the facts.

It is important to explain to anyone who has used spyware that they may be compelled to take the Fifth in depositions or in court.

It is a fact of life that many clients seem unable to “pull the plug” on their spying. Remarkably enough, the spying itself often becomes an addiction and the perpetrator is unwilling or unable to break the addiction. It may be necessary to be quite forceful, stating unequivocally that you will have to withdraw from the case if possible criminal conduct continues.

What do I advise a client who is fairly certain there is significant evidence on a marital computer?

No spyware. Wrong solution and it will likely end up getting the client in trouble rather than the spouse who is actually engaging in bad conduct. The first thing you’ll want to do is have a forensic image made of the computer. This can be done without the spouse knowing while he/she is at work or away on a business trip. Generally, if a computer is received in the morning, a forensic technologist can make and verify the image, returning the computer in the afternoon. At this point, at least you have a record. You will not want to authorize the technologist to analyze the image until a court order has been received, which will protect both attorney and client against any civil or criminal claim of computer trespass or invasion of computer privacy. If the court order is not a current possibility, and perhaps no divorce action is underway as yet, you still have a forensic image to examine when the time is right and you have the court’s imprimatur.

What about cell phones?

What if a spouse brings us a cell phone that is marital property? If there is no PIN required to access the phone, what law prevents her from authorizing the accessing of the phone’s data, assuming it is marital property? We can’t think of one. With the PIN of course, the phone owner has established an expectation of privacy – with that being the case, we will “freeze” the data by imaging it if possible (some phones will not allow for data extraction while a PIN is active), but we will not analyze it without a court order.

Can you go to the cell phone provider for text messages? Not usually. AT&T says it stores the actual text of cell phone messages only for 48 hours. Verizon has recently said it will hold the text message for two weeks. There is no blanket statement to make here: the carriers all have different rules and change them constantly.

And about that GPS

Perhaps the hottest surveillance device of the last year has been the GPS, which many a spouse or lover has resorted to in order to track the location of the spouse or lover suspected of wanderlust. In Virginia, it is illegal to place a GPS tracking device on a vehicle in which you do not have an ownership interest. In the average family law case, the cars are marital property, but there are a significant number of cases in which the car is titled in only one name, or the car is leased. If you own the car, you can track it. If you don’t own the car, you can’t.  Need the law to prove it?

See Virginia Sec. 46.2-1088.6, which says that recorded data may only be accessed by the motor vehicle owner or with the consent of the motor vehicle owner or the owner’s agent or legal representative; except for 1) a contracted service such as LoJack 2) service of vehicle or 3) access by an emergency responder service. If both parties own a vehicle, you’re probably fine, but our observation has been that these devices are being used willy-nilly without respect to ownership.

It has been our experience that private investigators use these devices regularly, remaining blissfully unaware of the law. In fact, many a lawyer has disputed our assertion that Virginia has such a law until we produce the actual statute! It is very much a case of “say it ain’t so!” But wishing it were otherwise doesn’t change the law.   Note that cell phone monitoring chips are frequently intended to monitor the use of children, a very legitimate purpose. But there is nothing to keep them from being used as a device to monitor a spouse’s location.

What about filming bad behavior?

Out of luck there, if the law violates Sec. 18.2-386.1. Unlawful filming, videotaping or photographing of another; penalty. A portion of that law is excerpted here:

It shall be unlawful for any person to knowingly and intentionally videotape, photograph, or film any nonconsenting person or create any videographic or still image record by any means whatsoever of the nonconsenting person if (i) that person is totally nude, clad in undergarments, or in a state of undress so as to expose the genitals, pubic area, buttocks or female breast in a restroom, dressing room, locker room, hotel room, motel room, tanning bed, tanning booth, bedroom or other location; or (ii) the videotape, photograph, film or videographic or still image record is created by placing the lens or image-gathering component of the recording device in a position directly beneath or between a person’s legs for the purpose of capturing an image of the person’s intimate parts or undergarments covering those intimate parts when the intimate parts or undergarments would not otherwise be visible to the general public; and when the circumstances set forth in clause (i) or (ii) are otherwise such that the person being videotaped, photographed, filmed or otherwise recorded would have a reasonable expectation of privacy.

Nowhere do we see an interspousal exception. So a webcam in the bedroom, which is frequently suggested by surveillance sites, does not seem like a stellar idea.

How about obtaining phone records via pretexting?

You could do it once, but no more. Check out The Virginia Code § 18.2-152.17, Fraudulent procurement, sale, or receipt of telephone records. If telephone records have been obtained under false pretenses, a lawyer dare not even accept the proffered documents without violating the law. Though this law was enacted in 2006, a good many Virginia lawyers remain blissfully unaware of it. The federal government passed the Telephone Records and Privacy Protection Act of 2006, which was signed into law in January of 2007, also outlawing pretexting. Like the state law, the act of receiving the documents may also constitute a crime. The days of private investigators routinely obtaining phone records for lawyers via pretexting are officially, and probably forever, over.

Final words

As excruciatingly slow as Congress is, the outcry over spyware will probably lead to the passage of a federal law explicitly outlawing spyware, probably when the economy has, if indeed it will, settle down. As for state law regarding spyware and other forms of surveillance, you can probably anticipate a lot of tinkering. One of the problems with the new technology and the consequent new laws is that we have so little case law to guide us. The vast majority of these cases settle. Added to that, no sooner has the law caught up to technology than technology leapfrogs the law, which again limps gamely behind it, playing a never-ending game of catch-up.

Sharon D. Nelson and John W. Simek are the President and Vice President of Sensei Enterprises, Inc., a legal technology and computer forensics firm based in Fairfax, VA. 703-359-0700  www.senseient.com

Technology makes everything easier and faster. In fact, it makes it possible to commit malpractice at warp speed. We can fail to represent diligently, lose our clients data, perform incompetently, and violate the rules regarding attorney advertising—all in sixty seconds or less.

There are so many ways to potentially commit malpractice with technology that it is impossible to list them all. Still, let us make a credible stab at some of the more common missteps.

50 Ways to Get in Ethical Trouble with Technology

1. Use illegal software. You know who you are. You buy academic versions of software and use them in your law office. You buy a single license for an application and install it on three computers, contrary to the license agreement. You find a neat piece of software that is free for personal use, and you use it on your law office computer. “Naughty, naughty” is all we’ll say, but the Business Software Alliance (BSA) will say far more.

Potential liability for EACH copyright violation: $150,000. Average out-of-court settlement: $80,000. Have they been in our area? Yes, at least six times that we know of. Yes, they’ve come to law firms. They come with a U.S. Marshal and immediate ex parte authority to inspect your computers. If you are in violation of the copyright law at the time of inspection, you are toast. Intent is irrelevant. The moral? Make sure that you are properly licensed – and if you have a reasonable size firm, conduct an annual software audit. For heaven’s sake, have all the licenses in a single file.

2. Give legal advice in your blog. Blogs are not the place to give legal advice. Moreover, if someone in your firm has a blog, you need to be very sure that it conforms to insurance industry requirements. A great many insurers will not insure a law firm if anyone in the firm blogs and more and more are beginning to offer specific statements as to the kind of blogs they will – and will not – cover.

3. Spam to market. It is very tempting to market using some sort of bulk e-mail, but it simply is not legal to bulk market to folks who have no pre-existing business relationship with you. The (U.S) CAN-SPAM act has done little to control spam, but for a law firm, both real spam and the appearance of spamming can be deadly. This is a sure fire way to get your domain name blacklisted. This has happened to multiple law firms in our area – and to courts!

4. Get involved with a client via e-mail and give advice prior to the proper formation of a contract. This is all too easy to do, especially since many lawyers now have their e-mail addresses up on the Web. It is important to get the retainer agreement signed before the advice is the given, lest complications arise. Remember that your e-mail will leave a trail, so exercise extreme caution with anything that remotely seems like legal advice.

5. Get in trouble with your law society and decide to create your own defense by falsifying a document. Lest you think this far-fetched, a Fairfax County, Virginia attorney did exactly this. After a complaint was filed for failure to take any action in a case and letting the statute of limitations lapse, the attorney created a back-dated letter, purporting to show that he wrote the client closing the case, supposedly upon her specific instruction. The metadata that accompanied the document proved that the letter had been created two days before his response to the disciplinary board was due. He is no longer practicing law in Virginia.

6. Keep slipshod trust account records. The rules here are no different than they were in the paper world. Electronic records speak eloquently when attorneys fail to reconcile them, or dip into them when fees have not been earned. Worst of all are the many cases where attorneys put monies in the operational account, when they clearly should have been escrowed. If the firm uses a good accounting package, such as Quickbooks, any attempt to “fiddle the books” will be logged. Honesty remains the best policy.

7. Send a document to a client to sign and don’t PDF and lock it. All too commonly, clients take it into their heads to alter a document sent to them by their lawyer. THEN they sign and send it back. Be careful – PDF and lock down all important documents – the exception is when you are working on drafts of a document, when it is easier to use Word and the “Track Changes” feature. However, once done, PDF and lock the document before it is sent around for signature!

8. Miss a court date because the e-mail notice was trapped by your spam filter. Don’t laugh – this just happened to a respected firm in Colorado. The court was not amused by counsel’s failure to show up and assessed sanctions against the firm, requiring it to pay for the opposing counsel’s time. For heaven’s sake, whitelist the domain of the court – and important client domains at well. Remember that you cannot shift the blame to a third party service provider, however much you might like to. Why? Because court rules say you can’t.

9. Don’t proofread. The difference between “I will consider a $100,000 settlement” and “I will not consider a $100,000 settlement” is vast. This is but one of many examples of how attorneys get in trouble by not proofreading. At the very least, they often sound like hapless sixth graders who haven’t got a grip on the simple declarative sentence, much less the spelling of fairly complicated words. You wouldn’t send out a real letter that way – don’t send out an e-mail that way. This is especially true if you use voice recognition software. Although the programs are good at what they do, they are not perfect, by a long stretch – in fact, many judges cite the failure to adequately proof documents generated by voice-recognition software as a chief peeve.

10. Open an attachment from someone you don’t know or from someone you do know but where the circumstances are suspicious. Dumb, even if you DO have a good antivirus program. Just because you have good, even great protection doesn’t mean you can’t be the first kid on your block to get a virus for which there is not (yet) an anti-virus signature to defeat it. E-mail addresses can be spoofed – easily. Therefore, if you get an e-mail from a client that contains an attachment and you were not expecting it – and there is no explanation in the text of the message that makes sense, don’t open it. Call the client and verify that they sent you something.

11. Go to a place on the Internet you wouldn’t like mom (or the senior partner) to know about. This is precisely how spyware gets on your machines. Adult sites are particularly notorious for doing this, but many sites (even those with screensavers, computer utilities, recipes, etc.) do this to make extra money. Even a judge once called us after opening a “farm girls and their animals” e-mail attachment. He found himself trapped in an endless barrage of pop-up porn which refused to go away. Understandably, he was somewhat reluctant to call the courthouse IT staff. Enough said?

12. Use the Auto-Complete function with abandon. This feature is so helpful and so potentially deadly. It is incredibly easy to let this function go and send an e-mail to someone other than the intended recipient. At best, the result is embarrassing. At worst, it is a genuine problem where you have perhaps sent confidential data to an unrelated third party or, the nightmare of nightmares, to opposing counsel.

13. Use weak or non-existent passwords. Passwords are critical defenses, so do not use your pet’s name, your child’s name or the name of your favorite sports team. Make your password complex, including numeric characters. A good tip is to do a short sentence that you won’t forget.

14. Write in anger. An old chestnut, and still one to bear in mind. The unfortunate part of electronic communications is that when someone writes us something idiotic, we can immediately reply and point out the complete lunacy of what has just been transmitted. This is particularly tempting when a lawyer is under attack. Don’t do it! Cool off. Go take a walk. Do anything other than reply immediately with words that cannot be recalled and may live forever and come back to haunt you! Remember, there is no “do over” key for e-mail.

15. Hit the “Send” button quickly. We’re all so busy that hitting the send button promptly after composing an e-mail seems so natural. ‘Done with this, on to the next thing’. There is an inherent danger here. Look at the message one more time – is it going to the right people? Have you proofread? Is there anything wrong with the tone or substance? Just pause a minute. Remember – each time you send an e-mail, you must see it on the front page of the Globe & Mail, on a billboard on the highway, and in front of your mom’s face. If it can be in all three places without causing embarrassment or a problem, you’re probably ready to hit “Send.” Did we mention a warning about the lack of a “do over” key?

16. Make it impossible to find your own files. Files should be named appropriately, including the client name and the kind of document, perhaps the date. Having a good, descriptive name, you must now create a structure (one of your own or through a case management system) that makes it easy to find what you are looking for. If you do not have a case management or document management system, make sure that you have electronic files named by client, with descriptive titles for each file, including the client name in case you mistakenly move the file to another folder.

17. Rely completely on your computer calendar. So what happens when your Internet goes down or your server crashes? The authors are devoted adherents of the tech world, but it is always prudent to have a secondary calendar that can provide a fallback measure.

18. Leave your computers on at night. Are you nuts? Do you personally know each member of the cleaning crew? Can you vouch for each of them? Robbers who broke into an entertainment complex in Colorado recently found themselves unable to open the safe even though they had the code. Perplexed, they looked around and found a computer that was on and Googled information about the safe. Moments later, the safe was open and they left with $12,000 – so you see, it is very helpful to have computers on at night – helpful for all the wrong sorts of people.

19. Don’t change the defaults. Every script kiddy and macho hacker knows the defaults of all common computer-related devices. In fact, they are posted on the Internet. If you don’t want a burglar in your house, you always, at a minimum, lock the door. Changing the defaults is locking the door.

20. Don’t secure your wireless network at home or at work. Wherever you work, your wireless network should be secure. This means that you must change such things as the SSID and the default admin password. Disable the advertisement of the wireless network and enable some sort of encryption for the cloud. Create MAC filtering rules to limit connections to those that are predefined. After all, you shouldn’t be in the business of creating the neighborhood hotspot.

21. Don’t have adequate anti-virus and anti-spyware software. This is “bare bones” protection these days. You should have one good anti-virus solution and preferably two anti-spyware solutions these days. If you have a subscription, don’t let it lapse.

22. Don’t backup – and almost as bad – don’t do “test restores” of the backups. Most lawyers should be doing incremental (or differential) backups daily and full backups at least weekly. If you’re doing less, think again about the potential danger. Also, backup media fails over time, so don’t assume that you have a good backup without doing periodic test restores. In case after case, we’ve seen lawyers rely on backup tapes only to find that they were corrupted when disaster struck and those tapes held the only backup of the law firm data. External hard drives increase reliability, but should also be changed in rotation just like tapes.

23. Use an online backup system. This one is controversial. There is nothing inherently wrong with an online backup system from a technical standpoint. WE hasten to add that we have seen several total failures when it comes to restoring backup from online backup providers. Even in the best scenario, someone else is holding your data. What will you do if they belly up? What if they have a disgruntled employee who sells your data? What kind of REAL recourse is there in a situation like that? At the very least, encrypt the data before you send it offsite!

24. Don’t have a disaster recovery plan. Do you think the lawyers caught in Katrina ever imagined that they would face a disaster that was so large it would involve both their home and office? Many of them had backup media at home and lost that media as well as the computers/server at work. This was compounded by not having power or cell phone towers. The communication breakdown was further aggravated by food and water shortages, office buildings being declared closed by authorities, etc., etc. In our world, where natural disasters present plenty of hazards, the ante has been upped by our realization that no one – anywhere – is safe from acts of terrorism as well. Many of the Katrina lawyers lost their practices forever because they were not sufficiently prepared. When it comes to disasters, an ounce of prevention is indeed worth a pound of cure.

25.  Fail to have an employee termination policy or fail to follow it. Our cynicism comes from the number of ex-employees who have caused technological havoc by accessing the law firm network once their authority to do so has expired. When you are ready to terminate someone, never let them have access to their computer post-termination. Immediately cut all access to your systems from the outside and forward all of their business e-mail to someone else. Collect all their keys. Change the security codes if necessary.

26. Have a laptop without a power-on password, encryption, or biometric access. In a world where laptops are the #1 stolen item at airports (and they rank in the top five at hotels, from cars, etc.), you must take precautions. The new “finger-swipe” biometrically accessed laptops are no longer out of anyone’s price range. Encryption of data is no longer difficult. At the very least, make sure no one can get on your laptop at all without that power-on password. It is surely malpractice not to take this most elementary of precautions.

27. Put client data on an unencrypted thumb drive. Look at the size of a thumb drive. Smaller even than our now very small cell phones. How often do we lose cell phones? About 50 per cent of us have lost one at one time or another. Here we have an even smaller device. It is critical that data on a thumb drive be protected either by requiring a password or by encrypting a portion of the drive which carries client data.

28. Have client data on a cell phone that doesn’t require a password. As our business frequently forensically images cell phones, it always strikes us as remarkable how few cell phones we see that require a password. It may well be that we are simply the “hurry up” generation that doesn’t have time for that extra step, but if there is client data on the phone, it certainly seems like we MUST take the time to ensure that client data cannot be accessed if we accidentally lose our phones in a cab!

29. Don’t scrub the metadata. It is impossible to overstate the importance of this. Court briefs have actually been filed with metadata intact. In one memorable comment, an attorney asked if anyone thought that the “yo-yo brain judge” would understand what was being argued. As you can imagine, the judge was not amused as he viewed the comment in the electronic document. Our favorite metadata scrubber is Metadata Assistant, by Payne Consulting (about $80 per seat) www.payneconsulting.com. Already own Adobe Acrobat? Convert your document to PDF and that will strip out almost all the metadata, usually everything you’d care about.

30. Redact PDF with black boxes. Even the U.S. government has pulled this gaffe, thus exposing the placement of troops in Iraq. More notable to the legal community, a law firm involved in the infamous suit against AT&T for intercepting citizen e-mails and sharing them with the government made the same error in one of its briefs. Ordered by the court to release some documents but with certain sensitive information redacted, the firm clumsily used black bars to do so. Journalists promptly pounced on the black boxes and stripped them out, revealing incredibly sensitive data which seemed to confirm the allegations of the Electronic Freedom Foundation. If you are going to redact information, use professional software such Redax or upgrade to Acrobat 8.0, which includes redaction and Bates stamping ability.

31. Donate your old computers to charity (or otherwise dispose of them) without wiping the hard drives. As much as you’d think this was obvious, every time a college student does a new study with hard drives purchased on eBay, they find law firm data. If you have someone who is IT competent, it is a simple matter to wipe the drives effectively. If you do not, it might cost you $100 per drive to have it professionally wiped. A small price to avoid a big security hole.

32. Be a “chatty Kathy” online. We have become a society of online chipmunks, happily chattering away in chat rooms, on blogs, on listservs, and via IMs and e-mails. You should assume, at all times, that whatever you transmit electronically will live forever. Remember, deleted isn’t deleted and the power of computer forensics to recover deleted data is fearsome. If you don’t want to answer for what you’ve written three years later, don’t send it!

33. Don’t have an Internet and e-mail usage policy for your office. Are you daft? Do you know what these people do, especially when you are not in the office? All of the things we tell you not to do in these tips are exactly what they will do. They will check what’s going on in their soap operas, visit the celebrity gossip columns, etc. Not to mention the temptation to post things on a listserv (with your law firm signature attached of course) that may not be precisely the representation of your firm that you would choose. Make a policy and then enforce it.

34. Don’t have a policy about what data may and may not leave on removable media (thumb drives, iPods, phones, PDAs, etc. This is precisely how much of your confidential data leaves the office. If they don’t e-mail it, they download it. So have a policy – there are even utilities to help you monitor anything being downloaded via USB drives.

35. Don’t train your employees about computer security. There are few ways to get more “bang for the buck” than by training those who work for you. Most of them don’t know how to spot a phishing attack or how to recognize social engineering over the phone that might persuade them to give up a password. Give them the benefit of safe computing training and policy training and you will have built a worthy moat around the castle which contains your client information.

36. Hesitate to terminate a disgruntled employee that you’re thinking about firing. This is a common scenario – you know you have someone who is angry or disgruntled. Perhaps you didn’t give them a raise, perhaps they don’t like your demeanor – the reason doesn’t matter. Once you are aware of a potential problem, the likelihood of misconduct increases exponentially. As soon as you have your “employment law ducks” in order, let them go. If they do any work on your network whatsoever, this is an especially firm rule. As one law firm system administrator boasted, “I can bring this firm to its knees anytime I want.” Believe him, for he speaks the truth!

37. Fail to encrypt your e-mail. OK, this is a red herring. No one requires encryption. Very few lawyers use it. It isn’t hard, but it takes a little extra time. Still, the real message here is that important things (such as proprietary data) should not be transmitted electronically without being encrypted. Think before you use e-mail!

38. Converse via e-mail with your client using the client’s work e-mail. This is always a troublesome area, since it is not yet fully clear whether the attorney-client privilege will apply to e-mail sent from a work machine, whether via a work e-mail address or a personal e-mail address. In at least one case in Virginia, the judge found that there was no privilege between attorney and client for anything sent from a work computer. Period. As experts, we believe that decision was wrong, but that doesn’t change the current practical implications for lawyers. Better reasoned decisions from other states have indicated that the privilege would not be lost if the client took reasonable measures to protect the privilege (e.g., not using the work e-mail address, keeping attorney-client e-mails segregated on the hard drive in an appropriately named folder).

39. Fail to address e-mail correspondence in your retainer. Given the paragraph above, the perils of e-mail correspondence should be evident. Many lawyers believe, and we agree, that there should be a separate paragraph in your retainer pertaining to e-mail, in which the client specifically agrees that e-mail communication is acceptable or not acceptable. It should discourage the client from communicating from work and also stress the importance of not divulging sensitive data in e-mail. Many lawyers, including one of the authors, will ensure that this paragraph is separately initialed so that it is abundantly clear that the client understood potential risks before using e-mail as a vehicle of communication.

40. Have a file sharing program on your computer or network. C’mon, fork over the money for the new Elton John CD or for the new Harry Potter movie. File sharing of protected works not only constitutes copyright infringement, but it leaves your computer/network wide open to the Internet. If you have kids at home, and work from home, you may not even be aware that your kids have installed file sharing programs. We have six kids, and yes, it happened to us. Forewarned is forearmed!

41. Enable file sharing between the workstations at your office. This is a tough one. Microsoft allowed peer-to-peer file sharing among Windows computers. Disable this feature if you have a server. Small offices will use file sharing to keep costs down and still allow access to client data from multiple computers. If you must use file sharing, limit and restrict the access. Require user IDs and passwords to get to the data. Don’t configure unrestricted access to your data since that’s what the hackers love.

42. Use copyrighted images on your website without a license. This is done all the time. It is incredibly simple to get royalty-free clip art or photos on the Internet. If you want something classier, the prices to get a license are generally quite modest. Folks are searching for infringing materials on the Internet all the time these days and there are sophisticated tools to help them. Don’t help the infringement bounty hunters!

43. Call yourself a specialist or an expert on your website. Play it safe—check your jurisdiction’s advertising rules.

44. Appear to promise results on your website. See number 43 above. If you even describe results of cases, you must explain that results are dependent on individual fact scenarios and state that case results do not guarantee or offer a prediction of the same result in another case. It should do this in bold type, in caps, and in a font size as large as the largest size font used to describe the case results.

45. Don’t have a disclaimer statement in your e-mail. This entry is here under protest. It is probably a good idea to have one, but most experts agree that disclaimers are pretty worthless and provide almost no protection. However, it is nice to put in the tagline that tells people what to do if they receive an e-mail message in error. Remarkably enough, most folks actually want to do the right thing and will tell you that they received your message in error. All things considered, it is better to know than not to know!

46. Decide you don’t need to know about electronic evidence. Sorry, but this is no longer possible. You can no longer make a deal with the opposing counsel that “I won’t go there if you won’t.”  In a world where 95 per cent of data is created electronically and only a fraction of it is ever reduced to paper, you have no choice but to consider whether ESI (electronically stored information) may be a part of your case.

47. Mishandle or spoliate electronically stored information. Until recently, lawyers were getting away with this on a regular basis, but no longer. Judges have had enough, and are beginning to hand out sanctions like penny candy, mostly against clients, but now and again against the law firm as well. You must understand your client’s technology well enough to avoid spoliation and to determine where relevant evidence may be in order to preserve or produce it. If you are not up to speed, it is time to get there.

48. Violate password protected data. Outside of the workplace (where employers have the right to monitor what transpires on their networks), passwords create a right of privacy. It doesn’t matter who owns the computer. The right of privacy applies between spouses as well. Why? Because the law says so. If we had a one dollar for every time a spouse argued that they had the right to search their partner’s e-mails, we would be rich.

49. Accept or use telephone records obtained by pretexting. According to Wikipedia, “pretexting is the act of pretending to be someone who you are not by telling an untruth, or creating deception. The practice of pretexting typically involves tricking a telecom carrier into disclosing personal information of a customer, with the scammer pretending to be the customer.” This is against the law in some jurisdictions, if you know the records have been obtained by pretexting when they slide those records across the desk and you nonetheless take them.

50. Counsel your client to put a GPS tracking device on someone’s car without fully knowing the facts. These gadgets provide great evidence, but in many jurisdictions, it is illegal to put a GPS tracker on a vehicle unless you are that vehicle’s owner. There are no reported cases thus far, so we cannot tell you whether it is OK to put a GPS tracker on a car which both parties have purchased but which is still owned by the bank because there is a car loan. These are not dice we wish to roll.

This list could go on and on and on, but hopefully it is clear that there are significant dangers in the electronic world, waiting to trap the unwary lawyer. Here, at least, is a good starting point for making sure you’ve covered as many ethical bases as you can.

Sharon D. Nelson and John W. Simek are the President and Vice President of Sensei Enterprises, Inc., a legal technology and computer forensics firm based in Fairfax, VA. 703-359-0700  www.senseient.com

Cut-Tex™ PRO is a groundbreaking combination of high-tenacity, high-modulus polyethylene fibres – combined with several other “technical fibres” – weaved by special high-density knitting machines, resulting in an outstanding cut and slash resistant clothing and fabric.

For additional information, please see this important documentation and video by clicking here.

PPSS Body Armour, the company which produces UK Home Office certified body armour and stab vests for clients around the globe, says its Cut-Tex™ PRO could be the world’s best, which is reinforced by passing the stringent British and European blade cut resistant standard 388 6.2 Level 5 – the highest level possible for textiles or protective gloves.

The CEO of PPSS Robert Kaiser said: “The potential applications for our world-beating knife, bite and slash resistant clothing is endless. Already there has been a huge amount of interest in Cut-Tex™ PRO from countries all over the World, especially those countries experiencing extremely hot summer months.

“PPSS Body Armour specialises in developing unique, bespoke knife protective clothing for local government, law enforcement, emergency services, prison service, hospital staff, schools and private security companies around the world.

“With Cut-Tex™ PRO, we now have a slash and cut resistant textile that is incredibly lightweight and breathable, and we have already been able to manufacture a number of bespoke slash resistant items, all using this great new fabric as inner or outer layer:

• Slash resistant sweatshirts for prison officers, security professionals and factory workers for one of the world’s leading metal pressing companies.
• Slash resistant sleeves for professional working within the field of ‘challenging behaviour’ or ‘special needs’.
• Slash resistant boiler suits for high security mental health hospitals and prison’s ‘first response units’.
• Slash-resistant work trousers for refuse collectors
• Slash resistant gloves for security professionals, law enforcement and emergency services.

“BS EN 388:2003 Level 5 is the highest level you can achieve for testing knife, bite and slash resistant clothing or cut resistant gloves and our high performance fabric Cut-Tex™ PRO has passed this protection level with flying colours. This is why we believe it is only a matter of time before our Cut-Tex™ PRO slash resistant clothing saves a human life.

“‘Prevention is better than cure’ and ‘better safe than sorry’ are two sayings which make more sense within personal safety than anywhere else.

“Issuing knife and slash resistant clothing can mean preventing potentially fatal injuries.”

Please call PPSS Body Armour in the UK on +44 (0) 845 5193 953, email info@ppss-group.com or visit www.ppss-group.com