The amount of technology at our fingertips is greater than ever. It’s also a higher risk for potential fraud and subsequent legal activity.
Recent technological trends like wearable technology or mobile applications are just as susceptible to being hacked as a standard desktop or laptop. Learning how these continually evolving technologies are used to not only track our information but also aid in litigation through computer forensic and eDiscovery situations is an ongoing process.
Electronically stored information from technology applications can make your court case.
The Risks of Wearable Devices
Wearable devices are part of an overall category of electronics termed “The Internet of Things.” This category includes items connected online through Bluetooth, Wi-Fi and cellular data, etc. Like all devices that are constantly connected to the internet, they can be discovered and exploited.
Many employers use information from wearable devices such as fitness trackers to provide deductibles and benefits to their employees. Each connection to the wearable is a link that must be vetted for security. And one of the major problems is that this data is stored outside of your own internal network of devices. The issue becomes especially serious with smaller companies. Security of these devices is not a new issue, but it is an expensive one. Even for the most successful companies, it takes a conscious effort to maintain a secure environment for the data.
So why exactly are these wearables so vulnerable?
- There’s no encryption on the stored data.
It’s hard to believe but even now, there’s still unencrypted information stored in our most personal devices. Whether it’s on the device or in transit to the cloud, the streams of data are capable of being read in clear text without protections in place. - There’s no way to monitor usage.
Unlike a traditional instance of a computer hacking where logs and user activity would be used to determine a breach, wearable devices have no way of determining if they have been compromised. There is no way to do this until it has either invaded another system or your information is found to have been used. The device could be compromised for weeks without your knowledge unless blatant activity such as credit card use or malfunctions of the software make themselves known. - They’re closely tied to other devices.
Think for a moment about which other devices you tie to your wearable to feed to view its information. Our wearables are purposely designed to communicate and share information with other devices to provide us a seamless experience, unfortunately the same can be said for poor experiences of malware. - Unsecured Bluetooth/Wi-Fi connections are open to vulnerabilities.
Most of these wearable devices can connect to a network or other device using Bluetooth or wireless communication. It’s how they’re supposed to operate, by speaking across devices to give you the information you want. However, the securities typically employed by device authentication during communications across channels do not apply to these wearables.
Typically, there are firewalls, anti-virus programs and other security measures, such as passwords to connect to a wireless network, that are in place to verify communications are secure. When pairing wearables with Bluetooth connections, the options for security measures are little to none. They rely on the security of the wireless and Bluetooth connection. However, there are no authentication measures in place for your Bluetooth device being paired—not even a PIN code or password to pair it with another device. - They have simplistic or nonexistent internal security.
The main security features these devices have are the updates pushed to patch them. But how often do we honestly update these devices? Even then, the updates are usually for software user interface experiences, not security, because there is no built-in security. The software used to construct these devices in simplistic so they’re compatible with a multitude of devices and the source code for many of them is publicly available for exploitation. In the end, the security is left up to either the consumer or a third-party software developer (of the operating system).
Legal Considerations of Wearable Technology
Wearable technology collects an impressive amount of information about us: our emails and texts, our locations, our overall health and more. With this level of knowledge about our daily lives, wearable technologies are creating new questions surround their use:
- Who owns this data?
- How is it being protected?
- How can this data be used in a court of law?
All this data is also transmitted up to a cloud storage service that is hosted by a company and transmitted to be shown to you on a website or device owned by possibly another company altogether, on channels that are also owned by companies—and each of these paths create giant vulnerabilities to this data.
How do you track down the electronically stored information you need for your case?
Using this personal information, there will always be issues of privacy concerns. Differentiating between public, discoverable information, what is private and what requires authorization to disclose will be a matter of debate.
- Who is it that can authorize this information to be released?
- Where exactly is the information stored?
- How do I ask my expert to retrieve this data?
- Can the device company permit the information to be released without the owners consenting approval?
- Did they already sign this consent away through the terms of use?
- Is there a login component to the device that further clarifies the owner of the data?
There’s no doubt that wearable technology can contain electronically stored information such as text messages, email and other information to corroborate that of the synced host device, but the relevance of this information will be up to the attorney of the matter.
The Risks of Financial Management Applications
Bank-specific apps allow you to quickly access your personal information and transfer funds, as well as take the information from your accounts and aggregate it for easy analysis of your spending habits.
These apps are a convenient way to manage and keep track of finances, or to quickly transfer money. But any time finances are concerned, security should be a top priority. When considering the full risk of using financial management apps, it’s important to understand the dangers and legal ramifications, as well as how you can minimize your risk.
How do you figure out which apps are legitimate?
- Carefully read all information listed about the app, and check to be sure that the application and developer names are consistent with what you are searching for.
- Examine the reviews on the application in question. If there are too few reviews, that should be an immediate warning sign, as these handful of comments could be paid off or placed by the scammer. Additionally, even if there are a decent number of reviews, always check both the 5-star and 1-star reviews. If the 5-star reviews seem too good to be true, they probably are. Most 1-star reviews will give you plenty of opinions on whether the application functions as intended or has ripped people off by being a scam.
- Watch for the advertised logo. Subtle changes in a logo, like a tight cropping or a logo that is blurry or out of focus could fool many customers, especially if every other factor of the application seems legitimate. Small font changes in the letters or even slight color changes to the logo could be a sign of a false application.
For money management applications specifically, it is important to be aware of whether you are creating an account with that service itself or simply plugging in your account information. The level of risk completely depends on the type of application, as well as your assurance that it is legitimate and your willingness to provide your personal information.
Other ways to stay secure include:
- Activate fraud and activity alerts on the accounts you connect with the app. This way, you can be aware of strange activity and correlate them between your applications.
- Utilize a separate generic email to any application with sensitive data.
- Emphasize the security of dual-authentication on your email and, if possible, your financial app. This will help in the event that your phone or credentials are stolen; if you have two-factor authentication enabled, you should have the ability to access your account on a completely separate device and deny access or change your password to remove the intruder.
- Consider the ability to shut-down your phone remotely and utilize backups to restore it to a newly acquired phone.
Other Areas of Technology to Consider
There are other areas of technology that can cause potential risk and possible litigation, including:
Social Media
Social media sites and applications contain sensitive data that have the potential to be used in a court case. Forensic experts can preserve items like Facebook chats, posts or a page, YouTube videos and their associated metadata and Twitter and Instagram posts. LinkedIn, in particular, is filled with valuable information that can be used in employment law, litigation, patent or intellectual property law.
Mobile Devices
The data on your phone can be critical in several types of court cases. This can include pictures, videos, deleted text messages and so on. Knowing how to extract it, included deleted files, in a court permissible way is essential.
The Role of Forensics in Technology
Technology has made a huge impact in our lives. It has also produced substantial data that can be used to uncover sensitive details of a court case. The information these technologies provide to cyber forensic and eDiscovery investigators is invaluable in helping uncover the facts for your client.
How can you use data from these technologies in court?
Stay current on your favorite topics
Applicable Offerings
Take a deeper dive into this Insight’s subject matter.
Digital Forensics eDiscovery Management Fraud & Forensic Advisory Litigation & Dispute Advisory
