03/11/2009

the Fortis commission is nothing worth that name

As we have said before the Fortis commission in the Belgian parliament won't find anything because they didn't and don't look for logs and proof to confront their witnesses with. It is clear that this is not serious and they will never find anything that is "the truth and only the truth" as in said during their oath.

Professor DeRuyver has the same opinion.

Permalink | |  Print |  Facebook | | | | Pin it! |

02/24/2009

stupid anti-forensics on Belgian television

It has maybe something to do with my profession but watching the news just makes me laugh (so my wife calls me a cynic)

* first there was the arrival in Britain of the British terrorism suspect who was liberated from Guantanamo. All good and well. But on one television the police and intelligence officers around him on the tarmac were blurred, while on the other news program you could see them clearly without any protection. Maybe they should wear masks in future and not trust the tv-station to protect securityofficers

* secondly there were parts of a body that were found next to a highway in Belgium. The pressofficers of the justice officials that are responsable for the file said that the murderer was very well informed about the way identification was done because the head, hands and feet were absent. So now even the most stupid possible murderer knows....

It is just a result of a total lack of thinking about the consequences of the information that you are giving and if you wouldn't better just shut up or not show those pictures at all. What is the risk factor of the information you are publishing ? Not that you have to censor, but sometimes it is better to shut up or not give all the information.

This is the same in IT.

Permalink | |  Print |  Facebook | | | | Pin it! |

02/20/2009

Fortis, parliamentary commissions and forensics

It is only now that some people are realising that the parliamentary commission about what happened at and with Fortis will be to no use if the forensics is not done as it should be and that should have been done from the first moment the state took control of the bank (more or less). It should have taken at that time the necessary measures to be sure that all the information and communication logs that are necessary to understand what has happened and who is responsable was to be copied and contained in a safe place.

Crying now that all the communication logs of the Fortis saga have to be contained is like crying wolf when half of your sheep have already been slaughtered.

But what do you expect from a country where there is no law about forensics and not one technical norm about how to make and safeguard your logs ?

The smart people around here just copy the US Norms from the NIST and do not lose time waiting for something that will need months of deliberations while the only thing to do is to translate and adapt a little the norms that already exist and are used by thousands of network operators oversees.

 

Permalink | |  Print |  Facebook | | | | Pin it! |

01/02/2009

ex-Minister Dewael and e-discovery and archiving

In Belgium there are no standards for logging or e-discovery. It is even not clear what you have to archive as electronic material. The chaos is even greater because the national archiving laws are in total contradiction with the 'public disclosure' laws (if we can call them like that because the level of public disclosure in Belgium is very very limited, especially if you compare it to the level of public access to governmental or administrative documents in the US for example). 

The national archiving laws oblige to keep anything in any format that is important to understand the decisions that are taken. The public disclosure law only obliges you to show the final documents with the final decisions. You can say that this is not a contradiction, but it gives way to totally different interpretations in the reality of every day functioning. If documents that are being used to prepare a decisions are legally not important and will never be made public - according to present laws (and laws can't go backwards normally) than why should you keep them or try to restore them if you lose them or check that all these documents were saved in a proper manner and are still usable after so many months or years.

The biggest effect of this chaos is on email, as the last months have shown. There is no legal obligation to keep emails that install no legal rights. If you send an email telling someone that he or she will get a subsidy than it should be kept, if you send an email saying that the question is being investigated, than you shouldn't (except if it is being seen as the only legal declaration of reception of your demand). The effect is that the archiving of emails is different according to the local network reglementation and installation. (advice ; just archive anything and filter your email against films and music and flash)

So why is this now so important for Mr Dewael. He is no longer minister of the interior but president of the Chamber of parliament, but if he will be able to hold on to that position is another matter. It was clear that he had to leave his post as minister because there was no external person had any clear idea about which documents would be turned up next about some nominations in the management functions of the national police force. When some files were published in which his advisors warned him for the dubious nature of some of these nominations, he said that he couldn't have given those to the parliament that was investigating these allegations because the files had been archived and he couldn't access them. This is very hard to believe for an outsider (and so the press and the political opponents).

It should now be clear for the political world that not only do we need more public access, but that we also need to set up clear rules for administrations, political institutions and enterprises about what they should keep whatever the format it is available in. The advantage is that the decisions will become more transparent and that when there is an investigation, all that should be found will be found immediately (and not in bits and pieces during months).

This can also be a good basis for some written agreements between the police and justice departments at one side and the administrations and enterprises at the other about how they will announce and set up the e-discovery forensic process.

Permalink | |  Print |  Facebook | | | | Pin it! |