<b>Online Exclusive:</b> Q&A with Guidance Software: Enhancing Data Tracking Capability Without Compromising Privacy

When London security officials cracked the airline terrorism case in August, they cited their ability to track online messages with forensic software as a critical component of the investigation. Forensic software, for many years a mainstay of law enforcement, is now finding wider application in electronic discovery and data protection for corporations and government agencies. In this Q&A with Guidance Software Vice Chairman and former CEO, John Patzakis, we explore the varied uses of forensic software and its implications for privacy.

Privacy Reporter: The firm got its start in law enforcement. But you've moved beyond that to a more corporate marketplace. Tell us about those services.

Patzakis: Our solution, EnCase Forensic' Edition, collects and targets pieces of media for law enforcement to investigate. We have over 22,000 users worldwide. Over 90% of law enforcement agencies in the U.S. and around the world that practice computer forensics rely on EnCase to collect, preserve, and present digital evidence in court.

In 2002, we launched EnCase Enterprise'. This has more functionality than EnCase Forensic, and it is network-enabled. Users can investigate without disrupting their business or interfering with their network. Today, over 350 sites have been installed.

Privacy Reporter: What does EnCase Enterprise do?

Patzakis: It has three major applications. First, it is used for internal investigations by government agencies and corporations ' human resources, fraud, Sarbanes-Oxley compliance, intellectual property theft, and so on. Second, it supports rapid response to a computer security incident, such as a worm. With EnCase Enterprise, you get your eyes on the target intrusion right away. And third ' and this currently is a major growth area ' is in litigation support, e-discovery. EnCase Enterprise provides a much easier and less expensive way to collect and process e-mails and other electronic data across an entire network.

Privacy Reporter: E-discovery is certainly on our readers' minds.

Patzakis: The e-discovery capabilities of EnCase Enterprise are compelling, because it addresses the current broken e-discovery process. We enable clients to handle their e-discovery with in-house technical staff, instead of by consultants. Currently, most companies handle e-discovery on an ad hoc, outsourcing basis. But that is disruptive and expensive. For senior IT management, this is an outstanding opportunity to partner with senior legal and other key executives as they can demonstrate dramatic cost savings for their company when they internalize their e-discovery process.

Privacy Reporter: The system's capabilities sound impressive, but they potentially raise privacy concerns. If operators can access everything on the network so easily, how do you assure that usage is proper?

Patzakis: There's no question that the computer investigation capability we offer at first blush can affect privacy. But we developed built-in security protocols, which we call 'The SAFE,' or Secure Authentication for EnCase. This authentication service ensures the examiner can only access information that is appropriate to the roles and privileges of the user ' The use of the software and access to the network is controlled, logged, and provides rule-based security at the granular level. This allows the user to perform only the specifically required task, and only after authenticating his identity.

We can also segment the system for a large multinational company so that, for example, European examiners have one level of access, but American examiners have another. This would enable both to comply with laws in their countries.

Privacy Reporter: How are companies and government agencies using the software in ways that impact privacy?

Patzakis: Government agencies are adopting the technology to track when classified data are moved to non-classified sites. This is a significant problem ' whether it is intentional or accidental. The system can track keywords set up by the operator and detect these breaches. For companies and government, we are seeing that the greatest threats to security are internal, and we believe that internal investigations are central to any security process. So we tell companies that they should use our software as the basis for developing their security and privacy process; installing our software will facilitate a process development ' questions like, 'We have a breach alert. How do we respond to it on an enterprise-wide basis?'

Understand that the EnCase Enterprise software is used to actually protect privacy as it deters and identifies unauthorized access to and helps prevent wrongful distribution of privacy information. The response and investigation aspect should be a key part of a corporation's overall information security process.

Privacy Reporter: What's next for the company?

Patzakis: In the next month, we are releasing a new version of our EnCase Enterprise eDiscovery Suite, which will provide not only our core capability for effective collection but also integrated e-discovery processing for direct import into attorney review platforms. This capability empowers internal IT professionals to address the bulk of the e-discovery process in a much more rapid, defensible, and cost-effective manner.

When London security officials cracked the airline terrorism case in August, they cited their ability to track online messages with forensic software as a critical component of the investigation. Forensic software, for many years a mainstay of law enforcement, is now finding wider application in electronic discovery and data protection for corporations and government agencies. In this Q&A with Guidance Software Vice Chairman and former CEO, John Patzakis, we explore the varied uses of forensic software and its implications for privacy.

Privacy Reporter: The firm got its start in law enforcement. But you've moved beyond that to a more corporate marketplace. Tell us about those services.

Patzakis: Our solution, EnCase Forensic' Edition, collects and targets pieces of media for law enforcement to investigate. We have over 22,000 users worldwide. Over 90% of law enforcement agencies in the U.S. and around the world that practice computer forensics rely on EnCase to collect, preserve, and present digital evidence in court.

In 2002, we launched EnCase Enterprise'. This has more functionality than EnCase Forensic, and it is network-enabled. Users can investigate without disrupting their business or interfering with their network. Today, over 350 sites have been installed.

Privacy Reporter: What does EnCase Enterprise do?

Patzakis: It has three major applications. First, it is used for internal investigations by government agencies and corporations ' human resources, fraud, Sarbanes-Oxley compliance, intellectual property theft, and so on. Second, it supports rapid response to a computer security incident, such as a worm. With EnCase Enterprise, you get your eyes on the target intrusion right away. And third ' and this currently is a major growth area ' is in litigation support, e-discovery. EnCase Enterprise provides a much easier and less expensive way to collect and process e-mails and other electronic data across an entire network.

Privacy Reporter: E-discovery is certainly on our readers' minds.

Patzakis: The e-discovery capabilities of EnCase Enterprise are compelling, because it addresses the current broken e-discovery process. We enable clients to handle their e-discovery with in-house technical staff, instead of by consultants. Currently, most companies handle e-discovery on an ad hoc, outsourcing basis. But that is disruptive and expensive. For senior IT management, this is an outstanding opportunity to partner with senior legal and other key executives as they can demonstrate dramatic cost savings for their company when they internalize their e-discovery process.

Privacy Reporter: The system's capabilities sound impressive, but they potentially raise privacy concerns. If operators can access everything on the network so easily, how do you assure that usage is proper?

Patzakis: There's no question that the computer investigation capability we offer at first blush can affect privacy. But we developed built-in security protocols, which we call 'The SAFE,' or Secure Authentication for EnCase. This authentication service ensures the examiner can only access information that is appropriate to the roles and privileges of the user ' The use of the software and access to the network is controlled, logged, and provides rule-based security at the granular level. This allows the user to perform only the specifically required task, and only after authenticating his identity.

We can also segment the system for a large multinational company so that, for example, European examiners have one level of access, but American examiners have another. This would enable both to comply with laws in their countries.

Privacy Reporter: How are companies and government agencies using the software in ways that impact privacy?

Patzakis: Government agencies are adopting the technology to track when classified data are moved to non-classified sites. This is a significant problem ' whether it is intentional or accidental. The system can track keywords set up by the operator and detect these breaches. For companies and government, we are seeing that the greatest threats to security are internal, and we believe that internal investigations are central to any security process. So we tell companies that they should use our software as the basis for developing their security and privacy process; installing our software will facilitate a process development ' questions like, 'We have a breach alert. How do we respond to it on an enterprise-wide basis?'

Understand that the EnCase Enterprise software is used to actually protect privacy as it deters and identifies unauthorized access to and helps prevent wrongful distribution of privacy information. The response and investigation aspect should be a key part of a corporation's overall information security process.

Privacy Reporter: What's next for the company?

Patzakis: In the next month, we are releasing a new version of our EnCase Enterprise eDiscovery Suite, which will provide not only our core capability for effective collection but also integrated e-discovery processing for direct import into attorney review platforms. This capability empowers internal IT professionals to address the bulk of the e-discovery process in a much more rapid, defensible, and cost-effective manner.