Cyber Security

High Tech Experts juggle Privacy Issues,

Special to the Star business

Susan Barnaby knew exactly who to call when her husband told her he was leaving her. Not her retinue of girlfriends, either, but the name on a business card she had tucked in her jewellery box for just such an occasion: Jason Conley, Computer Forensics.

Barnaby had been down this road ten years before, when her husband’s desire to leave -- and emphatic denials of infidelity – aroused her suspicions. This time she was prepared, not to save a marriage obviously on the rocks, but to discover the truth and put the matter finally to rest.

Although the initial shock sent her reeling – several affairs including one with a school yard mom – Barnaby is grateful to Conley, a forensics geek with a 15-year security history, who says he investigates cases like Barnaby’s all the time.

He considers forensics a “vocation, especially when it’s in service to expose deceitful people who play with the lives and hearts of those that love them the most.”

It’s not only hearts that are toyed with – he often finds evidence of stashed finances.

For Barnaby, Conley cloned the computer’s hard drive by copying the hard drive sector by sector using an ImageMaster Forensic Solo III. It took a couple of hours to complete due to the larger drive size, but when the hard drive is smaller, and the bit rate of the device being used is fast, the process can often be finished in about a half hour, he says. Once the cloning is complete, the info on the second drive is taken to a lab where it’s processed using either FTK (forensic toolkit) or EnCE (Encase) software programs.

While Conley relishes these domestic cases for the “feel good” factor, his bread and butter comes from corporations. And it’s where he has the most experience. Starting at age 18, he rose quickly from entry-level security guard to assistant security director for a Fortune 100 corporation. When his boss asked him in 2002 to search the computer of a former employee suspected of taking brand secrets to a competitor, and he found the evidence -- copied proprietary data – a new career was launched.

At the time, though, computer forensics was still new, and he didn’t feel confident about his abilities. So he took the Encase training – 64 hours that’s offered both online and in the classroom – providing him with certificates in examining computer operating systems, digital devices, internet and email investigations.

While forensic technology is something Conley loves and regards as “doing good,” it’s got others reaching for their ethics and legal textbooks.

Gil Zvulony, a Toronto lawyer who specializes in privacy laws, says the two main issues are how the info is gathered and why.

If a couple is separated, for example, neither has the right to enter the other’s home to search regardless of who owns the computer. But the computer is fair game if you’re not separated.

“If what you find is true, and is obtained through the proper channels, it can be used for evidence,” he says.

Ditto for the workplace – when an employee quits, the employer has the right to clone a computer hard drive belonging to them, and use any incriminating material in court.

But you also need to be careful how you gather the information. In one case, where one partner accused the other of appropriating intellectual property, the judge threw the case out because he considered installing spyware an “unauthorized use of an invasive self-help remedy.”

The bottom line, Zvulony says, is “whether the person being spied on has a reasonable expectation of privacy.”

Problems arise, he adds, “when that public-private line is crossed. And that line is sometimes difficult to define … especially with technology outpacing the law. We’re going to start seeing way more of these cases, because they are so ethically and legally murky.”

Ron Deibert, director of Citizen Lab at the University of Toronto's Munk Centre, is widely considered an expert in cyber ethics. “Cyber crime has opened up a whole new world of possibilities in the realm of ethics and the principles governing investigative techniques are immature and undeveloped.”

For example, something that’s never talked about, he says, “is corporations that hire people to go out and hack back. Within the intell world, and the military, that’s standard operational doctrine. [The TV series] 24 is not far from the truth.” While Deibert and his students regularly operate at this level of international intrigue, he says ethics is still ethics. A good guiding principle is to “do no harm,” though the field is fraught with the dilemma of weighing the right to privacy against the potential to do others harm.

Especially innocent others like children.

“You can’t imagine what I’ve seen,” says Tom Warren, former Peel Region special constable. “Every dark and evil thought is now available online, in our homes, and at work – most companies have some kind of porn on their computers. But the stuff involving kids – some as young as a year old – is the absolute worst.”

Internet crime units didn’t exist in police departments in those days, he says. That’s why he quit to start his own business helping police track pedophiles. First he entered a hacking tournament in California – and won two awards – then took further training in North Carolina. “Forensics training didn’t exist then in Canada and I was the first to do all three info security disciplines: forensics, investigations and security.”

In the 13 years since, he’s built a client base that includes FBI, Saudi royalty, and high profile cabinet ministers. His services range from setting up hack-proof systems for corporate clients and catching “bad guys” who steal industrial secrets, to teaching information security at Kitchener’s Conestoga College and internet safety at local elementary schools.

Like Conley, he’s motivated for the good: “I believe if someone’s been wronged, they have right to know what went down.”

One job Warren did was for a major bank which was being “ripped off by a company doing fraudulent invoicing. Thanks to the forensics and investigative talens within a high tech field, we were able to prove and seize all company assets, the owner’s home, Ferrari and ranch. And bring a bad guy to justice.”

Feeling good aside, Warren also makes a nice salary -- with a billable rate of $150 an hour, he can net $3000 or more for domestic cases, and much more in corporate scenarios.

Operating costs can be high. There’s the training – courses through Guidance, the manufacturer of the forensic software, run from $2000 to $3500, and you need two to be certified. You also need a souped-up computer, with huge RAM. The software costs $3000 for the basic Encase program, and the deluxe Encase Enterprise, which permits network searches from a single laptop, is a whopping $38,000.

Considering the alternative, it’s money well spent. For the PI, there’s no more sitting in vans all night, “peeing in bottles,” says Conley. And for the client, no more “cameras stuck in motel windows. By the time they come to me, they’ve got $3,000 worth of useless photos.”

Barnaby had no interest in pictures, especially since infidelity gets you nothing in Canada except a faster divorce. What she wanted was peace of mind by filling the gaping holes of marital history. “I am relieved to know I wasn’t crazy or paranoid, and happy that I no longer have to look over my shoulder wondering who he’s hustling now. I can get on with my life. Believe it or not, that’s what Jason gave me back.”