lystn

Nasir and Matt welcome security guru Daniel Libby to discuss the issues involved with the secrecy of whistleblower apps, and answer the question, "We had an issue with some customer info that was compromised. Should we tell our customers, and if so, how?" Full Podcast Transcript NASIR: Welcome to Legally Sound Smart Business. This is Nasir Pasha. MATT: And this is Matt Staub. NASIR: And welcome to our podcast where we cover business in the news and add our legal twist and also answer some of your business legal questions at ask@legallysoundsmartbusiness.com. That was a pretty good intro. MATT: Yeah. NASIR: That was nice and clean. MATT: Yeah, not too bad. NASIR: If I may say so myself. MATT: Yeah, it was good until you brought up the fact that it was nice and clean and good. NASIR: I know. I can’t not comment on the intro. It sticks with me. MATT: That’s fine. NASIR: So, what do we have up today? MATT: Well, this is a pretty interesting story. I was unaware of this before coming across this story but there’s a few apps out there – and the ones they mention are Whisper and Secret so you can probably figure out what these are – but it’s a way to communicate anonymously. I’ve checked them out and I still don’t fully understand the purpose of them but it’s basically a way to say what you have to say and do it was anonymity. The only problem is, you know, these apps have their own privacy policies in place. It basically allows them to take the information that’s communicated over these apps and give them to necessary people. It says, you know, law enforcement, subpoena for a civil lawsuit, or simply any accusation of wrongdoing on the service. NASIR: That’s general. MATT: Yeah, we touched on this last week with the Snapchat thing with information not disappearing. It’s another app that defeats its own purpose. NASIR: Except Snapchat was violating their policy, right? MATT: Yeah. NASIR: It was a little bit different with them. They actually had a privacy policy that protected it. This is like the complete opposite. But, you’re right, I don’t really get the point of it all either. But I thought we would bring Daniel Libby from Digital Forensics on. He’s what I call an IT technology security guru who also does some digital forensics. Daniel, welcome to the program. DANIEL: Good morning, gentlemen! I appreciate it very much. Thank you. NASIR: Absolutely. I’m curious whether you’ve even heard about these apps or not. I just wonder, the fact that you may have employees that are using this to whistleblow or to share company secrets is a little scary. I don’t know. DANIEL: It really is and I think it’s a group of folks that are building some apps that basically take advantage of a current trend as so many do. I was surprised by the amount of venture capital that was put into an app like this because there are several others that do basically the same thing. I would like to comment just real quick on your issue of Snapchat. The funny thing in the computer forensics world is we knew that Snapchat didn’t delete those photos and everything else right from the outset. It took the rest of the country maybe 18 or 24 months to figure it out, but we knew it right from the outset – that it didn’t do what it reported to do. MATT: That’s good. NASIR: Well, I think you can speak very well to even things that are deleted aren’t exactly deleted, right? DANIEL: You can take it exactly out of that, depending on the operating system. Apple does a better job – and I don’t know how much time I have but a really quick way that I explain it to a jury is you walk into a library and a file system on a Windows computer is basically a library. It gives you an address on where the book is on a shelf. You can go there, check out the book, not a problem. If you don’t want someone else to have the book, all you do is remove that reference from the card catalog. Now, the book is still on the shelf but no one else knows it’s there.