Ep 44: Are Secret Apps Really Secret with Daniel Libby

May 21, 2014

Nasir and Matt welcome security guru Daniel Libby to discuss the issues involved with the secrecy of whistleblower apps, and answer the question, “We had an issue with some customer info that was compromised. Should we tell our customers, and if so, how?”

Full Podcast Transcript

NASIR: Welcome to Legally Sound Smart Business.
This is Nasir Pasha.

MATT: And this is Matt Staub.

NASIR: And welcome to our podcast where we cover business in the news and add our legal twist and also answer some of your business legal questions at ask@legallysoundsmartbusiness.com. That was a pretty good intro.

MATT: Yeah.

NASIR: That was nice and clean.

MATT: Yeah, not too bad.

NASIR: If I may say so myself.

MATT: Yeah, it was good until you brought up the fact that it was nice and clean and good.

NASIR: I know. I can’t not comment on the intro. It sticks with me.

MATT: That’s fine.

NASIR: So, what do we have up today?

MATT: Well, this is a pretty interesting story. I was unaware of this before coming across this story but there’s a few apps out there – and the ones they mention are Whisper and Secret so you can probably figure out what these are – but it’s a way to communicate anonymously. I’ve checked them out and I still don’t fully understand the purpose of them but it’s basically a way to say what you have to say and do it was anonymity. The only problem is, you know, these apps have their own privacy policies in place. It basically allows them to take the information that’s communicated over these apps and give them to necessary people. It says, you know, law enforcement, subpoena for a civil lawsuit, or simply any accusation of wrongdoing on the service.

NASIR: That’s general.

MATT: Yeah, we touched on this last week with the Snapchat thing with information not disappearing. It’s another app that defeats its own purpose.

NASIR: Except Snapchat was violating their policy, right?

MATT: Yeah.

NASIR: It was a little bit different with them. They actually had a privacy policy that protected it. This is like the complete opposite. But, you’re right, I don’t really get the point of it all either. But I thought we would bring Daniel Libby from Digital Forensics on. He’s what I call an IT technology security guru who also does some digital forensics.
Daniel, welcome to the program.
DANIEL: Good morning, gentlemen!
I appreciate it very much. Thank you.

NASIR: Absolutely.
I’m curious whether you’ve even heard about these apps or not. I just wonder, the fact that you may have employees that are using this to whistleblow or to share company secrets is a little scary. I don’t know.
DANIEL: It really is and I think it’s a group of folks that are building some apps that basically take advantage of a current trend as so many do. I was surprised by the amount of venture capital that was put into an app like this because there are several others that do basically the same thing.
I would like to comment just real quick on your issue of Snapchat. The funny thing in the computer forensics world is we knew that Snapchat didn’t delete those photos and everything else right from the outset. It took the rest of the country maybe 18 or 24 months to figure it out, but we knew it right from the outset – that it didn’t do what it reported to do.

MATT: That’s good.

NASIR: Well, I think you can speak very well to even things that are deleted aren’t exactly deleted, right?
DANIEL: You can take it exactly out of that, depending on the operating system. Apple does a better job – and I don’t know how much time I have but a really quick way that I explain it to a jury is you walk into a library and a file system on a Windows computer is basically a library. It gives you an address on where the book is on a shelf. You can go there, check out the book, not a problem.
If you don’t want someone else to have the book, all you do is remove that reference from the card catalog. Now, the book is still on the shelf but no one else knows it’s there. That’s how Windows works with respect to deletes from the outset – that reference to where that data is and opens up a spot on the hard drive for another book to be written. You’re right. Nothing is truly ever deleted. You get the in privacy browsing issues that truly aren’t privacy protected. We can exploit those forensically. There’s a lot of things that are touted to provide additional security to users that really aren’t, if you read the fine print, just like the apps that you did on your intro that you were discussing. If you read the fine print…

NASIR: For their purpose which is kind of funny, it kind of defeats the whole purpose.
Well, here are some lessons from this, I think, from a small business perspective.
The reason why this company is hard to protect their information is because, if they get subpoenaed for a customer or one of their employees that violates an NDA, for example – a nondisclosure agreement – and they want to try to find out, “Okay, who is this person that divulged this information?” They’re going to have to comply with the subpoena or somehow fight it. But the fact that they’re not putting up any kind of resources to fight that is kind of strange in my mind.
DANIEL: Yeah, especially when they tout themselves as secret and protecting protecting and then you read the fine print and find out it’s absolutely not true. Yeah, the poor business then outside or the business owner is being literally attacked on so many levels. Employees no longer have the allegiance to an employer that they once had. Employers no longer necessarily have allegiance to employees in the last twenty, twenty-five years. A lot of that trust has eroded in with the technology and the ease of which stealing of data, transferring of data, intellectual property theft, all those kind of things, you can truly hurt your employer in a really big way really quick, just ask and I refuse to use the individual’s name because I worked for the organization for twenty-five years, but I will use the name Snowden. See how quick you can really truly – right, wrong, or indifferent – what he did. I won’t give you my opinion on that but how he changed things – and I don’t personally think for the better. If you’ll indulge me just for a second, we’re seeing new cryptographic protection on Al Qaeda right now. Al Qaeda is reacting too in their communications between their element to information that was leaked by Snowden.

NASIR: What’s interesting too is that these whistleblowers, you mentioned Snowden and so forth, there’s actually a lot of laws, I don’t know about Snowden but a lot of laws that protect whistleblowers – both state and federal. I believe there’s items regarding any kind of – if you’re working for a federal government too and you basically are whistleblowing some kind of mishandling of funds, et cetera – there are some protections for those individuals and beyond that, if it’s for example you have an employee that is complaining about some kind of labor law violation, having repercussions whether you’re terminating them or whatever or even kind of punishing them somehow is also against the law as well.
DANIEL: And there are avenues for addressing those issues. You know, I just attended a labor law conference last week where this was brought up about how to address employee grievances and things like that and making sure that they have a method that the company supports to air grievances or their concerns and their issues or potential violations of the law, you know, law and policy issues and things like that. I think a lot of folks use the whistleblower as a vindictive venue and sometimes it’s absolutely necessary. There is an organization that is absolutely doing something wrong – you know, one of the biggest ones is in law enforcement. You don’t want to necessarily be the one that is ratting out all your fellow coworkers but, if there’s something that’s wrong, there needs to be a venue where that is communicated anonymously.

NASIR: Hey, you can use Whisper.

MATT: Exactly.
[MUSIC]

MATT: All right, we’re going to get into the question of the day. Daniel, hopefully you’ll want to stick around here. We’ll want to get your perspective, too.
“We had an issue with some customer info that was compromised. Should we tell our customers? If so, how?”
This comes from a surf shop in San Diego.
I think, from the legal perspective, this seems like a pretty obvious answer.
I would say, yes, you probably want to tell your customers about this.

NASIR: Yeah. Actually, there’s a requirement. California passed a law I think in 2003. I think there’s also, even for publicly traded companies, they also have a requirement for certain information now. I think the SEC released that. And so, any time when you have data that you’re supposed to be holding privately and it gets leaked somehow, you have to have that disclosure. I know it kind of sucks but that’s kind of the nature of it. You’ve been entrusted with this information. If you lose it, then you’re going to have to do something about it.
Daniel, what do you think? Do you have any experience with these kind of data breaches?
DANIEL: Unfortunately, a lot more than a lot of folks would like to admit. That’s true. The reason for the law – and that’s a good law – is because what used to happen in the past was it was an embarrassment and a potential hit on your corporate bottom-line if you had to acknowledge the big end, let’s take a surf shop at the low end. Usually, what the common denominator is in something like that is either an individual taking your private information from your client and that may include financial information and things like that – credit card numbers and all of that. Or it was a breach of one of your servers or something like that – processes to your credit cards. Now, you have a requirement and the credit card companies are going to come down very, very expensive to do a thorough investigation which is what the credit card companies require or they will terminate your contract.

NASIR: Very good. Well, obviously, Daniel pretty much knows everything about technology and forensics but why don’t you tell us a little bit about what your company does because I know you don’t do everything. You do have some niches there.
DANIEL: Well, thank you and I appreciate the opportunity.
We’re kind of a unique firm in that being a staunch constitutionalist, I don’t make value judgments. What’s nice about digital evidence from the forensic perspective is it’s either there or it’s not. If it’s not, why? If it’s there, what does it mean? It’s not like a soft science. When we go into court to testify, rarely do we disagree with the opposing expert. We may differentiate on how something got there or something of that nature, but the bottom-line is, you know, we bring facts to a court or to a hearing or whatever. We do the litigation side of the world. We examine everything from cellphones to servers, video systems, audio systems.
The big thing for us and I just invested very heavily in this is, you know, mobile devices and things like that. We’re the only firm in the country – and I’m the only examiner in the country – that is trusted and respected to do criminal on both sides of the aisle. I do prosecutorial and defense work. Normally, I do one or the other but not both, and we do civil. We do a fair amount of employment law related violations. We do incident response from the perspective of not that “I have been hacked” but incident response from the perspective of I had an employee and “I think they’ve gone bad on me, I think they’ve taken all of my intellectual property, what do I do?”

NASIR: Yeah, that’s very common.
DANIEL: I just worked a case, 225 hours and 16 days in order to get a TRO, a temporary restraining order, so that the individual who illegally took that information from his company could not then use it. It was very, very specific information and, had it gone anywhere else, the industry that he came from would have known that.

NASIR: That’s crazy.
DANIEL: It’s everything – cellphones to servers, video systems, audio systems. We work in the background, usually. A lot of folks don’t know who we are. We don’t advertise – as a general rule. Everything is word of mouth. There’s no signs on the door of our laboratory. That’s who we are in a nutshell.

NASIR: Yeah, I appreciate you coming on the show and we’ll definitely put your website and information on our show notes, of course. That’s Daniel Libby from Digital Forensics Incorporated. I think that’s our show, right, Matt?

MATT: Yeah, that’s it. Thanks, Daniel!
DANIEL: Thank you, gentlemen. I appreciate it.

NASIR: Very good.

MATT: All right, keep it sound and keep it smart.

Legally Sound | Smart Business

By

The Podcast Where Nasir Pasha and Matt Staub cover business in the news with their legal twist and answer business legal questions that you the listener can send it to info@legallysoundsmartbusiness.com.

Get Business Legal Updates

Please provide your full name.
Please provide a valid email address.
We respect your privacy, and we will never share your information. Unsubscribe at any time.
Legally Sound Smart Business cover art

Legally Sound Smart Business

A business podcast with a legal twist

Legally Sound Smart Business is a podcast by Pasha Law PC covering different topics in business advice and news with a legal twist with attorneys Nasir Pasha and Matt Staub.
Apple Podcast badge
Google Podcast badge
Spotify Podcast badge

Latest Episodes

July 14, 2021

Through a five-round championship bout, Matt travels to Texas from California to determine which state is better for business. Will it be a knockout with a clear winner or will it go to the scorecards?

June 16, 2021

Covered in this episode of Legally Sound Smart Business are some typical business mistakes blunders small businesses often make and how to avoid them. Blunder #1: Copying and pasting agreements It may sound like a good idea at the time, but this blunder comes with hidden pitfalls. Having an attorney draft terms that are specific…

February 4, 2021

How you terminate an employee can make the difference between a graceful transition to avoidable negative outcomes like a dramatic exit or even a lawsuit. We gathered a panel of experts and asked them – is there a “right way” to fire an employee? We would like to thank our guests for this episode: Amr…

December 2, 2020

The COVID-19 pandemic has turned nearly every aspect of life on its head, and that certainly holds true for the business world. In this episode, Matt and Nasir explain how the early days of the pandemic felt like the Wild West and how the shifting legal playing field left a lot open to interpretation and…

November 16, 2020

After plenty of ups and downs, our buyer has finally closed on the purchase of their business. While we’re marking this down in the ‘wins’ column, it never hurts to review the game tape. In this final episode, our hosts, Matt Staub and Nasir Pasha, return to the deal almost a year later to reflect…

September 15, 2020

The ink is drying on the signature line and things are looking great for our buyer. After so much hard work, the finish line is in sight and the cheering within ear shot.   Though the landlord is still serving friction, things seem safe to move forward and for now, our buyer will be keeping…

July 31, 2020

Though things are coming along well, the journey would not be interesting if it was purely smooth sailing. After our buyer opens escrow, they are forced to push the closing date back when suddenly a letter from an attorney was received claiming the business, we are buying has a trade mark on the name!  Now…

June 12, 2020

With frustration at an all-time high and professionalism at an all-time low, our friend the Buyer has “had it” with the Seller and quite frankly their lack of knowledge. At present our Buyer is rightfully concerned that the latest misstep from our loose-lipped Seller will threaten not only the entire operation of the businesses but…

May 11, 2020

As we go deeper into the buying process, we start to uncover more challenges from our seller and encounter some of the wrenches they are tossing our way. When we last left off in episode three our team was knee deep in due diligence for our buyer, had already penned and signed the Letter of…

April 4, 2020

One word–interloper! When a new mysterious broker enters the transaction and starts to kick up dust, Nasir and Matt take the reins. The seller signed off on the letter of intent (see episode 2), yet this “business broker” serves only friction and challenges by refusing to send financials, whilst demanding more of a firm commitment…

April 4, 2020

Just as most stories and deals start out, everyone is optimistic, idealistic and full of hope for clear skies. It’s a perfect outlook with a perfect setup for the ups and downs yet to come. Peek further behind the curtain and into the first steps of buying a business: the letter of intent. After the…

April 4, 2020

When a savvy buyer hears opportunity knocking to purchase a prime positioned business, she decides not to go it alone and taps in the professionals to help navigate what could potentially be a fruitful acquisition. “Behind the Buy” is a truly rare and exclusive peak into the actual process, dangers, pitfalls and achievements, that can…

August 7, 2019

GrubHub is subject to two “matters of controversy” that have likely become common knowledge to business owners: “fake” orders and unfriendly microsites.

May 28, 2019

In this podcast episode, Matt and Nasir breakdown the legal issues of the subscription industry’s business on the internet. Resources A good 50-state survey for data breach notifications as of July 2018. California Auto-Renewal Law (July 2018) Privacy Policies Law by State Why Users of Ashley Madison May Not Sue for Data Breach [e210] Ultimate…

March 12, 2019

In recording this episode’s topic on the business buying process, Matt’s metaphor, in comparing the process to getting married probably went too far, but they do resemble one another. Listen to the episode for legal advice on buying a business.

December 3, 2018

Nasir and Matt return to discuss the different options available to companies looking to raise funds through general solicitation and crowdfunding. They discuss the rules associated with the various offerings under SEC regulations and state laws, as well as more informal arrangements. The two also discuss the intriguing story about a couple who raised over…

July 24, 2018

Flight Sim Labs, a software add-on creator for flight simulators, stepped into a PR disaster and possibly some substantial legal issues when it allegedly included a Trojan horse of sorts as malware to combat pirating of its $100 Airbus A320 software. The hidden test.exe file triggered anti-virus software for good reason as it was actually…

April 17, 2018

Attorneys Matt Staub and Nasir Pasha examine Mark Zuckerberg’s congressional hearings about the state of Facebook. The two also discuss Cambridge Analytica and the series of events that led to the congressional hearings, the former and current versions of Facebook’s Terms of Service, and how businesses should be handling data privacy. Full Podcast Transcript NASIR:…

March 10, 2018

The Trump presidency has led to a major increase in ICE immigration enforcement. It’s critical for business owners to both comply with and know their rights when it comes to an ICE audit or raid. Nasir, Matt, and Pasha Law attorney Karen McConville discuss how businesses can prepare for potential ICE action and how to…

February 5, 2018

New years always bring new laws. Effective January 1, 2018, California has made general contractors jointly liable for the unpaid wages, fringe benefits, and other benefit payments of a subcontractor. Nasir and Matt discuss who the new law applies to and how this affects all tiers in the general contractor-subcontractor relationship. Click here to learn…

January 2, 2018

With a seemingly endless amount of new mattress options becoming available, it is unsurprising that the market has become increasingly aggressive. As companies invest in more innovative solutions to get in front of customers, review sites, blogs and YouTube videos have moved to the forefront of how customers are deciding on their mattresses and how…

December 7, 2017

In recent months explosive amounts of high profile allegations of sexual harassment, assault, and varying acts of inappropriate behavior have transcended every sector of our professional world. With a deluge from Hollywood and politics, and the private workforce, accusations have inundated our feeds and mass media. This harassment watershed has not only been felt within…

November 16, 2017

If you are not familiar with the EB-5 program started in 1990 to give green cards to certain qualified investors in the United States, then you may not have been alone a few years ago. Currently, the EB-5 program has since exploded since its inception and now hits its quotas consistently each year. The program…

October 10, 2017

Government requests come in multiple forms. They can come in as requests for client information or even in the form of investigating your company or your employees. Requests for Client Information General Rule to Follow Without understanding the nuances of criminal and constitutional law and having to cite Supreme Court cases, any government requests for…

August 24, 2017

Nasir and Matt suit up to talk about everything pertaining to employee dress codes. They discuss the Federal laws that govern many rules for employers, as well as state specific nuances in California and other states. The two also emphasize the difficulty in identifyingreligious expression in dress and appearance, how gender-related dress codes have evolved…

June 28, 2017

Nasir and Matt discuss the life cycle of a negative online review. They talk about how businesses should properly respond, how to determine if the review is defamatory, the options available to seek removal of the review, how to identify anonymous reviewers, whether businesses can require clients to agree not to write negative reviews, and…

June 7, 2017

On this episode of the Ultimate Legal Breakdown, Nasir and Mattbreak down social media marketing withguests Tyler Sickmeyer and Kyle Weberof Fidelitas Development. They first discuss contests and promotionsand talk about where social media promotions can go wrong,when businesses are actually running an illegal lottery, and the importance of a soundterms and conditions. Next, they…

April 3, 2017

On this episode of the Ultimate Legal Breakdown, Nasir and Matt go in depth with the subscription box business. They discuss where subscription box companies have gone wrong(4:30), the importance of a specifically tailored terms and conditions(6:30), how to structure return policies (11:45), product liability concerns (14:45),the offensive and defensive side of intellectual property (19:00),…

February 1, 2017

Nasir and Matt discuss the suit against Apple that resultedfrom a car crashed caused by the use of FaceTime while driving. They also discuss howforeseeable use of apps can increase liability for companies. Full Podcast Transcript NASIR: Hi and welcome to Legally Sound Smart Business! I’m Nasir Pasha. MATT: And I’m Matt Staub. Two attorneys…

January 5, 2017

The guys kick in the new year by first discussing Cinnabon’s portrayal of Carrie Fisher as Princess Leia soon after her death, as well as other gaffes involving Prince and David Bowie. They alsotalk about right of publicity claims companies could be held liable for based on using someone’s name or likeness for commercial gain.

December 22, 2016

Nasir and Matt discuss the recent incidentat a Victoria’s Secret store where the store manager kicked out all black women after one black woman was caught shoplifting. They then each present dueling steps businesses should take when employees are accused of harassment.

December 8, 2016

Nasir and Matt return to talk about the different types of clients that may have outstanding invoices and how businesses can convert unpaid bills to getting paid.

November 10, 2016

After a long break, Nasir and Matt are back to discuss a Milwaukee frozen custard stand that is now revising it’s English only policy for employees. The guys also discuss how similar policies could be grounds for discrimination and what employers can do to revise their policies.

October 6, 2016

The guys discuss the new California law that allows actors to request the removal of their date of birth and birthdays on their IMDB page and why they think the law won’t last. They also discuss how age discrimination claims arise for business owner.

September 29, 2016

Nasir and Matt discuss the racial discrimination claims surroundingAirbnb and how it’s handled the situation. They also discuss some practical tips for businesses experiencing similar issues.

September 8, 2016

Nasir and Matt discuss whyAmazon seller accounts are getting suspended and banned without notice and how business owners can rectify this situation through a Corrective Action Plan.

August 25, 2016

Nasir and Matt talk about the accusations surroundingfashion giant Zararipping off the designs of independent artists like Tuesday Bassen and howsmaller companies can battle the industry giants.

August 18, 2016

Nasir and Matt discuss Brave Software’s ad replacing technology that has caught the eye of almost every national newspaper and has a potential copyright infringement claim looming. They also welcome digital marketing expert Matt Michaelree to speak on the specifics of what Brave is attempting to do and whether it has the answers moving forward.

July 28, 2016

Nasir and Matt discuss the sexual harassment lawsuit filed by Gretchen Carlson against Fox CEO Roger Ailes. They also talk aboutthe importance of sexual harassment training and properly handling such allegations in the office.

July 15, 2016

Nasir and Matt talk about the changes at Starbucks that have led to many disgruntled employees and customers.

June 23, 2016

Nasir and Matt discuss the criminal charges facing FedExinvolving the alleged transportation of illegal drugs. They also talk about how business owners should address working with customers that may be breaking the law.

June 15, 2016

The guys return after a long break to discuss why Yahoo is auctioning off over 3,000 patents and how this decision will affect the longevity of the company.

May 25, 2016

Nasir and Matt discuss the increase in the salary thresholdfor exempt employees and how employerscan try to avoid paying overtime as a result.

May 18, 2016

Nasir and Matt discuss the Baltimore law that makes it very difficult to operate food trucks in the city. They also discuss all the legal restrictions tohaving a food truck.

May 11, 2016

Matt listens to Nasir recap the developing battle in his hometown of Vandalia, Ohio over whether a Dunkin Donuts can move into a location in close proximity to a local favorite donut shop. They then discusswhether the issue is more legal or personal.

May 9, 2016

The guys kick off the week by discussing a Nevada employee who is claiming she was fired for not supporting the Scientology beliefs of her employer.

April 27, 2016

The guys discuss the massive floods in Houston,how employers responded, and why one meteorologist became a local hero. They also discuss the steps businesses should take in preparing for storms outside the workplace.

April 20, 2016

The guys discuss the boycott of Amazon over the products of an unnamed presidential candidate. They also talkabout how a business should handle a boycott and whether it’s possible to exit one unscathed.

April 13, 2016

Click here to read HubSpot’s response on this topic. Nasir and Matt discuss the trend in startups to compensate programmers and other early employees with stock options and how the company culture at HubSpot isn’t what it seems.

April 6, 2016

Nasir and Matt discuss various lawsuits against social media platforms in which users are accused of artificially inflating their social currency.

We represent businesses.
That’s all we do.

Oh, and we love it.

We love our work. We love reviewing that lease for your new location. We thrive on closing that acquisition that nearly fell through. We’re fulfilled when we structure a business to grow, raise capital, and be legally protected.

We focus on developing close relationships with our clients by being like business partners. A partner who provides essential, personalized, proactive legal support.

We do all of this without utilizing the traditional billable hour model. You pay for the value we bring, not the time spent on calls, emails, and meetings.

Our team is made up of attorneys and staff that share these values and we are retained by clients who want the same.

Pasha Law PC operates in the states of California, Illinois, New York, and Texas.

Meet Our Team

Fractional General Counsel Services

Pasha Law Select offers the expertise of a high-end general counsel legal team for every aspect of your business at a fixed monthly rate. Pasha Law Select is deliberately designed to allow our legal team to be proactive, to anticipate, and to be comprehensive in serving our clients. To be great lawyers, we need to know our clients. We can’t know our clients unless we represent a select number of clients in the long-term. This is Pasha Law Select.

Learn More