Raj Goel on CyberHood Watch
Radio With Dave & Bill
A contributing guest of CHWRadio is Raj Goel, and he never ceases to provide great insight for our guests and their well-being for a safe digital experience. The Internet is becoming more complicated, not necessarily in its use, but in its regulations and the unforeseen pitfalls that lay before our children, families, and businesses.
It seems anything and everything developed for the digital world carries a doubled edged sword that cuts both ways. I have mentioned this before regarding my initial experience with the Internet, and chatting on the early Bulletin Boards and the sound of your modem dialing in…The Innocent Internet Days.
Today’s Internet is no longer innocent and much less forgiving if you are careless. One such recent issue that Raj talked about is what you should do if you find child porn on your PC. Not me, you might be thinking. I do not visit those kinds of sites. Unfortunately, you do not need to visit adult sites, and would never entertain the idea of searching for a child pornography site. However, have you ever heard of file sharing sites like Bit Torrent, LimeWire, P2P, Napster, etc., most likely your kids have?
One aspect of file sharing programs; they are used to circumvent payment for music, games, and/or software. Moreover, in addition to potential malware added to the unauthorized downloads of the digital products are pornography and specifically child pornography without your knowledge. Do not attempt to erase anything, follow the advice of Raj, which you can find in the beginning of the show. Even attorneys are under the wrong impression as to the correct actions to take when it comes to child pornography.
Think about sexting…
Think about a disgruntled employee…
What do you do if someone has sent your child an inappropriate picture of someone under the age of eighteen? Raj says, if you think it is child porn (under the age of 18) pull the plug – turn it off. Then fast forward to the eighteenth minute of the show and listen to what Raj has to say.
Small business owners at the very minimal should include in the company handbook these concepts as a base line:
Anything you do on company property; computers, laptops, cell phones, company networks, etc., is subject to eDiscovery and forensics…there is no privacy in the workplace.
If you access your personal email, Facebook, social media accounts through company computers on company time they may be subject to search and seizure or litigation.
Do not permit your employees to use their own equipment.
Terms of Service (TOS) is not an enjoyable read and more than not is filled with “legalese” making it difficult to understand. However, take the time. The next time you update one of your apps read the TOS. Did you realize that your smartphone can be turned on and listening to your personal conversation with out your knowledge. Or your camera can take a picture without your notification…read your terms of service or privacy policy, you’ll be surprised.
A final note that I urge everyone to listen to is time stamp 00:44:00 when Raj talks about ISP – SOPA – PIPA and what the music industry is desperately striving to pull-off at a great cost to the Internet and our personal privacy. According to the music industry one song that is pirated and downloaded is valued at $150,000.00 – you read that right – just one song!
You have to stop and ask yourself, who is delusional about the $150,000.00 price tag of a single pirated song and what are they trying to pull-off…Internet control?
Raj: Well, guys, it’s my pleasure to be here. I don’t know what your research found, so I’m really curious to see what you found and what your questions are. I like to know what’s more of interest to you.
Bill: Well, absolutely. We’re excited to have you on. I know Dave has got some questions prepared, so I’m going to have him jump into that.
Dave: We were talking earlier, and I think we should give away one of Stewart Hughes’ iPads, don’t you, Bill? Before we started the show, Raj kind of alluded to it. Do you have one yet, Raj?
Raj: What’s the question?
Dave: I was just making reference to the $8 million iPod.
Raj: I’m not that rich. My iPod is only worth about $2 billion.
Dave: That was funny because when you mentioned that, I quickly ran to the Internet and saw it. I went, “Who the heck would want an $8 million iPad?” But it’s out there now. And if anyone wants one, it’s solid gold and encrusted the Apple emblem with perfect diamonds. Hey, that one person in the world that wants it, you got it. So let’s kind of switch here and let’s talk about the case of Leo Thomas Flint. Why don’t you talk about that and how that’s going to affect maybe all of us in some way when it deals with child porn? And if you ever find yourself in an unfortunate position that somehow you’ve maybe downloaded something off the Internet or one of your kids went online and got bit torrent and tried to download something maybe you weren’t supposed to in the sense that it was a game. But along with that game came some files that were child pornography. And now you’re in a position where you have more than 3 pieces of child pornography on your computer, and you’re in big trouble. Are you there? Did I lose you, Raj?
Raj: Can you hear me?
Dave: Yeah, yeah. I can hear you now.
Raj: Okay, so when we talk about Leo Flint, he’s a criminal attorney out of the Dakotas, I believe. And so he represents a lot of criminal defenses. He’s a criminal defense attorney. And in this particular case, under a state law as an attorney, he could do research on child porn in preparation for defense and go look at sites and stuff in preparation for his case. Under his state law, that’s allowed. And in a couple of states, attorneys can look at child porn legally without getting in trouble with the state law or the state courts. Under federal law, however, any human being in the United States who had more than 3 pieces of what the feds determined to be child porn is guilty of possession of child pornography, which is a federal offense. And under federal law, if you get 3 or more pieces of child porn, what you suspect as child porn or what they suspect is child porn, you are supposed to stop everything, notify your local DA’s office, let them come in to seize the computer, smart phones, whatever, and deal with it. And the reason I came across that research is about a month ago, I was seeing a lunch presentation with a bunch of very smart attorneys and accountants in Napa County, New York. And their question was, “If I do forensics engagement for them, and I’m doing cyber forensics in a criminal case for one of their clients and I find child porn, what am I going to do?” The correct legal answer is: I’m going to stop everything, and I’m going to call the cops. That’s what I’m obligated to do under federal law, or I’m going to jail. And the attorneys are like, “No, you’re going to blow off my case. I’m not going to hire you.” “Fine don’t hire me.” But they were under the impression that as attorneys, this is covered under attorney client privilege. In most cases, you hired an attorney and you tell them, “You know what? I killed somebody yesterday. I robbed somebody last week.” And what you say to your attorney is legally protected speech. The attorney cannot morally or legally tell anybody else about what you did. So the law and attorneys are under a false belief that child porn, if you give them a hard drive full of child porn, or they do forensics analysis, that the crime occurred in the past. The legal doctrine in the United States is: if a crime occurred in the past, you tell your attorney, your attorney can’t tell that to anybody else. However, if you tell your attorney, “I’m going to kill somebody tomorrow,” then the attorney is under legal obligation to notify law enforcement about a future crime or a pending crime. A lot of attorneys think that because you don’t have the stuff on your computer last week, last year, whatever, it’s a crime in the past. If you know what songs that RA doesn’t want you to download, that’s a crime in the past. However, under federal law, if you download child porn and you have it in your possession on your hard drive, in a forensics image, in an email, that is a current and active case of possession and distribution. So I basically wrote an article. I did my research, checked with a bunch of attorneys, and I wrote an article which is being published next month in the New York County Lawyers Newspaper titled: “What Do Attorneys Need to Know About Cyber Forensics?” Because most attorneys don’t know the first thing about cyber forensics, and this is one area where we see a lot of businesses and families get into trouble. You know, in a lot of family cases, here’s where it comes back and bites you. So let’s say you’ve got a couple of kids who are dating and either the boy or girl sends topless or naked picture of himself or herself to their partner. They have a falling out. Usually, the girl sends the photos, they have a falling out, and the guy will send the photo to all of his buddies in school. Yes, it’s harmful, it’s degrading, it’s embarrassing to the girl. It’s also a federal felony because every child who got that SMS message or email with the girl’s photos…if any person is under the age of 18, every person who got those message or emails or instant messengers is now guilty of possession of child porn. So you’ll see a lot of cases in a lot of businesses around the country. If the schools even suspect one child of passing around or sexting, they will notify all the parents and contact law enforcement because if your kid comes home with a smartphone, their Blackberry, their iPhone with these images, and you look at it and it’s got more than one photo, technically you’re guilty of child porn possession. And the kids that don’t report it can be charged with child porn possession and be labeled a sexual predator. So can kids who report it. So my advice to most parents and business owners is: if you suspect child porn, step 1: find a good criminal defense attorney who knows how to deal with this kind of an out, evidence, or data. Then have them contact law enforcement. Calling the cops by yourself could get you in more trouble than it’s worth. And you can’t delete the files or not report it. If you delete those files on your kids’ smartphones or their laptop, and it comes out later that you deleted the files, now you’re guilty of not only possession of child porn but also deletion of evidence, which is another crime at a federal level.
Dave: It’s just kind of is mindboggling sometimes to think about who would ever have suspected the complications that have ever came with these mobile phones or mobile devices. It’s almost like sometimes you want to throw your hands up, turn them off, and not have them.
Raj: In a corporate environment, let’s say at work, you fire an employee for whatever: being rude, being nasty, losing a customer. Then you go look through his hard drive and you find stuff, let’s say it’s child porn because the person usually had some kind of pedophilia or something else going on. If you then email those files to your attorney for review, you’re now guilty under federal law of distribution of child pornography. And this is where a lot of corporate attorneys get into trouble and business owners get into trouble. You think you’re doing the right thing by talking to your attorney and showing them what you found, but you just ended up getting yourself and your attorney into trouble. This is one of those areas of federal law, which most people don’t know about, most people don’t want to think about. Most attorneys don’t know about it, and this is where what you don’t know can hurt you really, really badly. In Leo Flint’s case, under his state law, he was allowed to do what he was doing. Under federal law, he wasn’t. And for 3 years, the secret service and the US government dragged him through Hell and high water, and he won his case on a very narrow technicality. Had he lost, a very well respected attorney and expert on criminal defense would’ve been in jail for following state law, which is in conflict with federal law.
Dave: Wow. So in your opinion, what is the resolution to this? When you talk about the consumer or the small business owner or someone who’s a parent, they’re not going to have the money to call that forensic specialist or are they?
Raj: Great question. I get this a lot and honestly, I don’t have a good answer. I’m not saying everybody should keep me on speed dial. There aren’t too many of us in the country who are good at forensic analysis in the first place. There are very few guys who do what I do and work in the private sector. Most of my peers are employed by large banks and government and large institutions for this purpose. 2) There’s a lot of burnout because once you’ve seen this stuff for a while, it kind of haunts you. I don’t work in child porn cases specifically. I work in a lot of matrimonial stuff. And let me tell you, I’ve seen some stuff on couples’ hard drives that I cannot unsee. It is truly disturbing what people do and what they keep images of on their computers. But this is a case of damned if you do and damned if you don’t. If you try to bury the evidence, you put your head in the sand, you try to ignore it…when it hits the media circus or goes to trial, everybody involved is going to get nailed. Or at least get mud thrown on them and whether you win or lose, every trial is an exhausting, expensive experience. And I hope people never have to hire me for forensics work because it’s dirty, nasty, expensive, and usually not a pleasant experience for anybody involved. But the downside is if you don’t know already who a good forensic examiner is and who a good criminal defense attorney is…if you get arrested and you call somebody out of the phonebook or worse somebody you found on a Google search, you’re going to get somebody completely incompetent and make your case even worse. The only thing worse than not having an attorney is having a bad attorney.
Dave: Exactly. So let’s just back up here a second and give some good advice. I know you kind of alluded to it. Say my child comes home and somebody has sent an inappropriate picture and it’s considered child pornography because they’re underage. What are the steps that a parent needs to take to kind of eliminate a lot of problems and handle it the most efficient way and financially efficient way?
Raj: Okay, 3 separate questions: efficient, appropriate, and financially appropriate. I’m not even going to touch right now because each family is different. First thing first is: if they come home and you’re kind of suspecting because they’re laughing and giggling. There’s something going on and you see something on their smartphone. A) Don’t email it to your attorney or anybody else. Don’t go, “Oh, my God!” If you think it’s child porn, first things first, pull the plug. If it’s a phone, take out the battery. If it’s a laptop or desktop, take it off the Internet, shut it down, do not email these pictures to anybody else. Secondly, contact a good attorney that you know and that you trust. Hopefully, when you talk to them ask them, “Are you a criminal defense attorney? Have you worked with child porn and sexual predator issues?” If they’re a good attorney they’ll say if they have or if they haven’t, “But here’s a good friend of mine you may want to talk to.” Basically, hiring an attorney is like hiring any other professional. Interview the hell out of them. Just because they have an esquire after their name does not mean they’re qualified to represent you in this particular matter, and you may have to go through a couple of people until you find somebody that is appropriate for you. They speak at your level, they understand where you’re coming from, they fit your budget, they fit your needs, and they fit your worldview. There are some great attorneys I know of who I wouldn’t work with professionally because their thinking leaves me confused or leaves me frightened. They don’t think the way I think. They don’t understand half of what I understand. On the other hand, there are attorneys who I absolutely adore because I don’t understand all the laws they do. But when we have a conversation, they don’t strike me as people who are insane. The attorneys I like may not be the ones I like. It’s like hiring any other professional, whether it’s a doctor, realtor, attorney, or an IT guy. It’s got to be someone who understands where you’re coming from. It could be part of your culture, could be part of your networking group, could be part of your masons group or lodge. Go talk to the people in your community and get some good references. And when you get a good attorney or you find somebody, ask them for reference. Ask them, “Tell me what you’ve done.” Put them on trial before they put you on trial.
Dave: That’s an interesting concept because I don’t think a lot of people think that way. They go in thinking that they’re going to be taken care of because this attorney is the professional, and they don’t think about questioning them.
Raj: The attorneys are professionals. There’s no doubt about it. Great attorneys are all good professionals. That doesn’t mean they’re right for you. We spend more time interviewing the waiter with what we have for lunch at a restaurant than we do picking the tires on our doctors or our lawyers or our other professionals. So don’t b afraid to pick tires on the vendors because at the end of the day, it’s a business relationship. You are going to write a check. Pick someone who you can get along with. The only thing worse than having a bad attorney is an attorney you have to fire because you just don’t get along with the attorney. That’s painful.
Dave: Yeah, and they could be a good attorney but they just don’t get along and communicate properly. What if someone doesn’t have the money, they don’t have the money to cover the wherewithal of these expenses? Are there organizations that will help? Or is it sometimes better maybe to contact a person like yourself first and do the forensic and then the attorney?
Raj: No, if somebody contacts me directly, my first course of action is, “Who’s your attorney? If you don’t have an attorney, I can’t talk to you because anything I say is not protected.” So if you tell your attorney that you found this on our kid’s home and we think it’s child porn. If you tell that to me, I can’t keep it a secret if I’m under oath. I have to tell them what I heard or what was told to me. I am not an attorney. You don’t get attorney client privilege working with me directly. When I work for your attorney, then you benefit from at least some portion of the attorney client umbrella. If you don’t have the money, police in a lot of major cities…there are a lot of nonprofit legal societies that will work with you. And secondly, if you’re part of the community, make friends with local DA’s office, local cops long before you need to. If they know you, you’re a good person, they’re not going to treat you as a suspect or as badly as they would if you were Joe Random walking off the street. Be a good citizen, know your local law enforcement folks. Know our local DA’s office, local detectives, make friends with them anyway.
Bill: Boy, that’s good advice. Good advice, Raj. I had never thought about what you had said there about interviewing lawyers until you kind of mentioned that. I thought that I definitely did that when I went to get my annual tests. My wife had been on me to get a new doctor, someone that she wanted me to check out and recommended. And so going through that process, I find it interesting now that you mentioned that kind of along with an attorney. What I did was exactly what I was supposed to do. I had some real health issues and so we went through them. He was just super nice and went through the process and didn’t adjust or do my medicine right off the back. We did some minor changes and now 3 or 4 years later, I’m getting my test results back and my health is up. The things I were dealing with are down. And so it really makes perfect sense. Before the show, we were talking and this is what I wanted to talk a little bit about was this attorney meeting that you’ve gone to. But you’ve covered pretty much everything in there that I found interesting as far as child pornography is concerned and how parents really have to be aware of this. It’s something we can’t just overlook. And so if in Dave’s scenario, what if you are a business person and you do have employees? It sounds like to me that with that kind of scenario rather than a family scenario, you need to take the right steps right from the get-go because from a federal point of view, they’re just looking at it that the child porn exists and something as simple as sending it to your attorney for review…you’re heard accountable for that?
Raj: You and your attorney will both be held accountable for it for possession and distribution. Some federal prosecutors are irrational and some have a career to make.
Bill: So in those kinds of instances, do you recommend basically the same process in either instance, whether it’s just family related or business related? Or do you take different steps in a business situation? Because obviously, you’d lose your freedom in a personal situation, but in a business situation, you could lose your whole company and your reputation right along with it.
Raj: Right, the fence poles are exactly the same as a business owner. Yes, you have a contract so your regular in-house attorney. You’re going to use them for day-to-day work, whether it’s your sister, your cousin, your neighbor, whoever. But just because they’re a good contract attorney or tax attorney does not make them a good criminal defense attorney. Make friends with a bunch of attorneys. Know who that person is. It doesn’t have to be child porn. What if your employee is accused of selling stolen merchandise through your company website? What if your employee is accused of running a brothel or an escort service through your company resources. Reality is at some point in your life, as a business owner, you’re going to get sued by an employee, or a customer, or a competitor, or the federal government. It’s just like getting mugged. If you’re in New York City, at least once in your life you’re going to get mugged. It’s a cost of living here. It doesn’t matter who you are. You’re going to get mugged. If you’re driving in this country, at least once in your life you’re going to be in an accident, either one you caused or one you were the victim of. If you get behind the wheel, chances are you’re going to get hit or you’re going to hit somebody. That’s just what’s going to happen at least once in your life. So long before that happens, know a couple of good criminal defense attorneys. Make friends with them and know what their skillsets are. If you find you are dealing with someone doing something illegal but not child porn, a good criminal defense attorney. Having a good employee handbook upfront with good employee employer contracts is great. You know, having your employee handbook, what the rules of the road are, what the policies are, advise your employees that everything in the company belongs to the company: the smartphones, the desktops, the laptops. Anything on there can be subjected to surveillance and acquisition. And if you get into a situation like this, make sure your criminal defense attorneys know some good forensics investigators and they know some really good cops, either FBI, or DEA, or local cops, depending on jurisdiction, who know how to deal with this kind of stuff and who are willing to give you advice. I do a lot of public speaking for free or at low cost to attorney groups, accounting groups, and small business associations and do interviews like this precisely because of that. Because if you come hire me privately, I charge a lot. But if you’re sitting in the audience and you ask me questions, you can pick my brain for free for a couple of hours at the expense of buying me some bad coffee or something. So go network like any other resource. A good criminal defense attorney and a good forensics investigator and a good cop and a good federal agent are people you hope you never need, but you should know them long before you need them. A common mistake a lot of business owners make is if they find something or their IT guy finds something or they suspect something, they’ll have their IT guy, their neighbor, their ne[hew, the regular tech go look at the computers, try to find stuff, or delete stuff. That actually makes the problem a lot worse. You as a business owner, and it doesn’t matter what business you’re in. You could be a florist, a banker, a realtor, an attorney, you should know what the federal and state laws are about cyber evidence, about what can and can’t be done with a hard drive and who to call when you need to call them.
Dave: That’s some great information. You talked upon something earlier, and it was kind of a question I wanted to ask. What should be included…when you were talking about having a manual and what employees should be aware of… what should be included in those privacy policies, and what should you as an individual be aware of?
Raj: So there’s privacy policy, which is a subcomponent of your overall security policy. Depending what line of business you’re in. If you’re an attorney or account then you have to be able not only with common sense but also guidelines for your local BAR association, your state BAR or your state accounting board. Also the privacy breach laws and the federal red flag and privacy breach laws. If you’re in healthcare, HIPAA is yours. HIPAA has some great guidance around it. But regardless of what business you’re in, at minimum, your employee handbook and your security policies should state the following as a minimum baseline: “1. Anything you do on the company property; could be company computers, company cellphones, company laptops, company networks… are subject to forensics. There is no privacy in the workplace. 2. If you access your personal, Gmail account, whatever accounts through company computers or on company time, they may be subject to search and seizure or litigation if you ever get sued or sue somebody.” When employees learn, “Oh, my God. I’m checking my Gmail from work and if my employer gets sued, I may lose control of that account until after the litigation hold,” they stop doing a lot of personal stuff with company property. If they have their own personal phone they do it on, that’s a separate issue. But if they’re using a company smartphone or company laptop or company desktop computer, it is subject to search and seizure by the employer or by law enforcement. We also recommend strongly, if you’re a business owner, don’t let your employees work on their own equipment. If you’ve got a temporary contract, that’s separate. But with your full-time employees, you give them the laptop give them the smartphone because that way anything you do, it’s your property. If they use their own equipment, then you’ve opened a big can of worms about issues. I don’t let my employees work from home on their own systems. I don’t let me contractor do that if I can avoid it. I say, “Here’s a laptop, here’s a cellphone. You’re working with me on my projects. Here’s what you’re using.” That way my information security policies apply. I can’t have policies on your personal equipment. I can suggest it but I can’t enforce it.
Dave: That’s interesting because there’s a lot of controversy and talk about consumerization of ITs and the fact that they allow them to come in with their own personal devices and use them in the workplace. So you’re saying just the opposite. If they work for you, that’s not going to happen. They’re going to use your equipment.
Raj: My doctor uses his own equipment because my doctor’s not my employee. He’s my vendor and a contractor. My vendors can use whatever they want, but if they’re legally seen as my employee because I’m giving them a 1099 or a W-2, it’s in my legal interest to have them use my equipment more often than not. I have more legal control of it. I have more legal rights on it. And given the research I have done, the US is starting to talk about consumerization of IT in 2011, 2012. Japan has been doing it for 30 years. They’ve had some horrific, horrific problems in Japan with employers and police forces and the military getting big political egg on their faces are losing the active trials because of consumerization of IT. In Japan, the culture is employers don’t give you anything except for a job and a paycheck. You bring your own laptop. You bring your own cellphone. So they do it as a cultural practice. And a couple of years ago, they had a really nasty case of a peer to peer infection. They used something called Winny, which is like Limewire or Kazaa or Napster. Everybody in Japan uses it culturally. There was a flaw in the Winny protocols, and somebody managed to get data on active investigations by Tokyo police. They found secret war-game exercises. They found all this stuff. All the stuff the police were investigating was leaked. The case had to be thrown out. When the war-game exercise files were leaked, the Japanese foreign minister had got on CNN International to apologize to North Koreans because in their top secret classified war-game exercise, they had called North Koreans a nasty name. A lot of business things were leaked. The reports of every airport in Japan were leaked. So whether you talk about consumerization of IT or clouding of IT, the only people telling you ‘bring your devices to work’ are the young brats or CFOs looking to cut costs and they’re cutting costs in the wrong area. A new laptop is a couple hundred bucks, maybe $1000. A new cellphone is $200, $300, $400, $600 for an iPhone. These capital costs are relatively low. Your operational costs are going to be there no matter who pays for the capital. But your litigation costs can triple or quadruple or increase tenfold because now the ownership of the device and ownership of data is completely polluted. Most CFOs, especially small business owners, don’t look at litigation costs when laying out their budgets and strategies. As someone who works with a lot of litigators, litigation hold is not fun. It’s never cheap and never, ever fun with anybody involved. And the only thing worse than not having cyber forensics done is having it done incorrectly and giving so much stuff to wave through that you end up spending hundreds of thousands of dollars for your attorney to look at incorrect or wrong data.
Dave: That’s an interesting point of view because I hadn’t really thought about that. What I was hearing earlier was more along the line that it was more beneficial for the company to have the employees bring in the stuff. But looking at it from your perspective, it makes a lot of sense. Sometimes many consumers and a lot of people, they overlook. They don’t look at it in the sense that something’s going to go wrong. But when it does go wrong, it’ll wipe you out. Most small businesses will get wiped out with the litigation and all the legal costs. So there’s some real value there to owning your own I see now. But let’s kind of change a little bit and talk about terms of service and privacy issues. Some of the areas of concern for consumers and one of the areas I happen to see was the Lenddo. They’re lending to consumers or small businesses with the caveat that ‘you give us the right to a lot of your social media information’.
Raj: Lenddo is a new brand in Hong Kong. They’re targeting the young, hip crowd. And their pitch is ‘you open an account with us, you give us your social media profile, your account name, your Facebook, your Twitter, your log ins, whatever, and we’ll invite your friends on your behalf. We’ll post messages on your wall about what a great customer you are. And if your friends sign up through us, you get badges, you get money, referrals.’ It’s what people have been doing for hundreds of years. First a customer will give you a toaster or $100 or whatever. These guys’ pitch is, “We will automate the marketing to your friends for you.” And it sounds great. “Ooh, I just give you my Facebook name and you can post stuff on my wall? And if my friends sign up, I can get a free $100? Awesome.” And buried in the terms of service is the dark side. And that is, if you don’t give them your social media credentials, they won’t give you a loan. But if you give them your social media credentials and you’re late on your payments or you’re a deadbeat, then they will use your accounts to tell the world what a lousy creditor you are, what a deadbeat you are. Lenddo started doing those last year. I just saw an ad last week from a City Bank Singapore. Not exactly a small brand, but City Bank is a brand-new ad for a credit card for young, hip Singaporeans or whatever you call them. You become the social media A-lister. You go to different fashion shows. You go to different vendors. You use something like foursquare or these geolocation things to check in. The bank knows what you are and what you places you’ve checked in at, and whoever gets the most points get a $5000 party paid for by the bank. They’re targeting the 20-year-olds and the 24-year-olds, the 18 to 20 crowd, and it’s a really bad commercial. The really frightening part of it is they’re training a whole new generation of customers to not only friend their bank on social media but to let the bank know in real-time ‘I went to this retail store. I went to that coffee shop. I went to this bar.’ And they’re not really understanding, the consumers are not understanding that what’s harmless and fun and a gouge on Facebook today will be used against you when you get a loan 5 year from now.
Dave: Yeah, that goes to show you. On Facebook, you’re not the customer. You are the product. Kind of all this brings about…talk a little bit about the American ISPs to launch a mass copyright spying scheme coming this July 12.
Raj: Ah, yes. The son of SOPA, PIPA, and ACTA. So Congress is currently passing the law. By the way, I don’t think a law is passed until it is actually enforced in the field. But right now, in theory, every ISP is going to be a copyright monitor for the record industry. The RIAA and the US and the MPAA, the movie guys. Because these are the same geniuses who have said in more than one Congressional briefing that the value of some 13-year-old kid’s downloading a song illegally..it’s $150,000 per song…there’s a great talk on TED that was given last week, I believe, by a really brilliant guy. He used to work at creative when he build the [something at 41:45] project. He talks about the $8 billion iPod. Billion with a ‘b’. An iPod can hold 40,000 songs. If you believe RIAA MPAA, according to their map, each song is wroth $150,000. Not 99 cents on iTunes, not $16.95 for a CD for 10 or 12 tracks, but $150,000 per track. Therefore, if you’ve got 40,000 tracks on your iPod, it is now worth $8 billion in recording industry matter. This new ISP spying legislation… the RIAA, the MPAA, and their brethren around the world have spent hundreds and millions of dollars buying politicians across the world: USA, Canada, UK, Australia, you name it to try to protect a dying business and a flawed business model. The only people pushing this are the record companies. The artists aren’t pushing for it. Consumers aren’t pushing for it. Most artists make their money, not from the record contract, but from tour sales. Rolling Stones made more money in a single tour 2 years ago than they have in their entire career selling records. Artists love doing tours. It’s where they make the money. Most artists of any integrity say, “Go and download my song.” They don’t make even a penny or two or most tracks that they make that they have produced. Then again, Hollywood is the only industry that I know of where a movie like Harry Potter or Star Wars can be [something at 43:21]. Did you know Harry Potter never made a single dime in its entire run of 8 movies?
Dave: No, I didn’t know that.
Raj: Did you know that Star Wars is a money loser?
Dave: It’s the cottage industries and the after market that is making the money then?
Raj: Yeah, the way the studios work. They charge everything against the contract so the advertising, the coffee, lunch party. They will charge everything against the movie or the album. The actual creators get nothing or next to nothing. The biggest pirates in the world are not teenagers downloading music. It’s the record company executives. Ask any musician with a contract. They’ll tell you, “Kids stealing music are fans. Record companies are thieves.” And this new law is bought by the record industry of America.
Dave: Okay, so then you’re saying the real interest behind SOPA, PIPA, and the others and this ISP and the copyright issues, the spying, is really supported by the record industry. That’s really the interest behind all this. And because of that, we stand to lose a lot of our privacy, don’t we?
Raj: Yes, we do. The record company paid to have the law written. They paid for the law to be a rightful law. They paid for the politicians to present it. Politicians are bought and sold like baseball cards, and the record industry has some of the best collections in the world of politicians. You know, a very good senator, [Christian Daud], I believe used to be a really good senator when he represented Connecticut. His job right now is being either the public mouthpiece for the record and movie industry. And there’s an article… I forget. I can send you guys a link. But a fact-finding organization did a study of the last 40 years of what happens to politicians when they become lobbyists and they go work for private industry. Politicians and senators make a couple hundred thousands dollars a year as a senator. They day they quit their job working for the US Congress and they start working for private industry, they get multimillion dollar paychecks overnight. This is not news. Through out history, politicians have been bought and sold. The record industry has had the most experience in buying and selling Congress.
Dave: Okay, let’s take it then from SOPA and PIPA and the record industries and the ISPs and copyright and privacy issues. Let’s take it over to the Patriot Act. Talk about the surveillance engine and the weigh back machine. And something like a comparison between Julian Assange Vs. Mark Zuckerman.
Raj: I found a great image, I think on reddit or somewhere on the Internet a couple months ago. And it was ‘What’s the difference between Julian Assange and Mark Zuckerberg? Julian Assange is currently under house arrest for leaking government secrets. Zuckerberg is a billionaire for leaking your secrets.” It’s a great punch line. It’s dark humor, but it’s also appropriate. But going back to the Patriot Act and what’s going on, I don’t know if you guys caught the news stories yesterday. Last week, the NSA broke ground on the largest data center that they’re building. While the NSA’s mandate needed to spy on your behalf and my behalf and protect our country from foreign interests, they’re actually wanting this data center to spy on everybody. Americans, non-Americans, local, domestic. Full NSA employees are quoted as saying, “The NSA doesn’t care about civil liberties or the Constitution.” The desire to gather information is so high and they’ve gotten so much free reign, post Patriot Act. Obama, Bush Jr., no difference. The NSA’s building the world’s largest data center for surveillance. It’s being built in Utah. Orrin Hatch, the senator for Utah, was at the groundbreaking. Just last month, the FBI put out an RFP. They want a private corporation to build a surveillance system that will track every Facebook, Twitter, Gmail, every public posting on the planet in multiple languages. In theory, the FBI’s mandate stops at our borders. They are not supposed to go beyond the 50 states and our territories. In practice, I really can’t tell the difference between the FBI and CIA any more. They’re both global in nature. They’re both exceeding the Constitutional and legal mandates. I think the war on drugs and the war on terror is really the war against the American people. It’s war against civil liberties. In the government’s perspective, we are the targets.
Dave: Let me correct myself. I don’t know why I had said ‘Zuckerman’. I have to look that up and see what made me think it was Zuckerman instead of Zuckerberg. Why do you think then the war on drugs? Is it just a means to spy on us then?
Raj: The war on drugs has always been a war against the lower income part of society. It’s really the war against blacks. Black men rather. We incarcerate more people, more percentage of population, than South Africa or China.
Dave: Yeah, that’s amazing.
Raj: It’s economic warfare. And the war on drugs. Isn’t it funny that we have this great war on drugs that started with Nixon Rockefeller, and yet we are the biggest market in the world for drugs? The drug that kills more Americans and more human beings than any other drug is perfectly legal. It’s called alcohol. What’s the difference between alcohol and marijuana?
Dave: 90% of those in prison are related to drug and alcohol.
Raj: You have marijuana, you get to go to jail. You still 50 billion in the financial markets, you get a new beach house. Show me one person who has gone to jail for rigging the markets in the mortgage default crisis. Show me one banker who has gone to jail or been prosecuted for rigging the markets for the last 5 years.
Dave: Yeah. That’s a tragedy in itself. You’re right. And at the end of prison, coming out, they become criminalized when they come back out.
Raj: Yeah, the war on drugs is racism disguised as law enforcement. In World War II, hemp was a product the US was proud of. We won World War II based on hemp. Hemp was used for rope, for clothing. Hemp is a wonderful, wonderful plant fiber. It’s only after World War II that they renamed hemp to marijuana to give it a sinister, Hispanic, Mexican-sounding name to illegalize and demonize the product.
Dave: And that was to bring in plastics.
Raj: That was to bring in plastics paid for by Dow and by US chemical manufacturers.
Dave: Exactly.
Raj: For 100 years, this country illegalized absinthe because in the 1950’s and 60’s, a lot of people were going mad drinking cheap absinthe. Essentially we were told because chemicals in absinthe make you hallucinate. In reality, people were hallucinating because of bad alcohol, just like moonshine of really nasty vodka at $2 a gallon. But the US and lobby paid the US government to make absinthe illegal for over 100 years. The rest of the world drank it perfectly fine. We’ve been told for the last 2, 3 decades, “Drugs are bad, drugs are bad, and illegalize them.” Portugal hasn’t had a problem. Canada hasn’t had a problem with legalizing marijuana. In Amsterdam’s case, they illegalized hard drugs. Their society hasn’t fallen down overnight. People do drugs because we’re biologically wired to do them. Will people do stupid stuff while on drugs? Absolutely. People will do stupid stuff no matter what laws you have in place. But we have not had a rational policy because it’s not in the interests in the large interest holders to have a rational policy on anything.
Dave: Let me kind of switch over here to the 4th and 5th amendments and how cyber security is affecting those 2 amendments.
Raj: Okay. So I missed the question. What’s the question?
Dave: How cyber security is affecting the 4th and the 5th amendments.
Raj: Yeah, great question. So the 5th amendment is the right to not self incriminate. Cyber security isn’t affecting it, but cyber insecurity is. In a case in point, last week, last Friday, Dylan Robbie was found guilty on 15 counts of intimidation, harassing his roommate and so on. And all the evidence against him was completely digital. No smoking guns, no bloody fingerprints. It was emails, webcam logs, Twitter posts, Facebook posts, and so on. Every tool you buy today: smartphone, email account, social media accounts, GPS units, easy passes, cars… most of your devices collect data on you without your knowledge, usually without your permission. Companies are collecting data because they can. In some cases, they want to improve their product. In most cases, it’s being found by attorneys or by prosecutors and being used against the consumer. A lot of divorces have taken place and one side or the other has won based on easy pass tag data. When easy passes were invented, they were sold to us as a way of cutting through the pole lines. Never ever said or thought, “Hey, we could use this in court in a divorce case or criminal investigation.” What does Facebook tell you? “We value your privacy. Connect with your friends.” They don’t tell you that nothing on Facebook is private. Under British law, Australian law, and court cases in the United States have already ruled that nothing on Facebook is private. So you put stuff online, your friends put up stuff online, they tag you in photos, it can be used to send you to jail. It can be used in hundreds of cases where people were tagged in photos without their knowledge or with their consent. And they were caught doing something that broke the law somewhere.
Dave: Yeah, and then unreasonable search and seizures is the 4th amendment. How is that being affected by cyber security?
Dave: Well, government form day 1 has always had problem with the 4th amendment. An unreasonable search and seizure. New technology makes it much, much easier for governments and other actors to collect data on us, so under federal law, if your car is parked in your driveway, it’s private property. If it’s parked in the streets, it’s public property, or rather it’s on public property, therefore it’s searchable by law enforcement. And the FBI put 3,000 GPS trackers on people, either without warrants or without court consent, because they thought they might be terrorists. The FBI lost a case last month, and they have to turn off 3,000 GPS trackers. And then they couldn’t find them again. So law enforcement will always try to get as much data as they can. Garmins will try to get as much data as they can. Where the 4th amendment comes into play is a lot of things that you and I might think are rational or logical or common sensical are actually the opposite of what’s being done because technology or other actors let the government do this. You go to Facebook, you mark something private because Facebook tells you it’s private, you don’t know it’s not private unless you listen to your other security professionals. And even then, kids believe Facebook when it says things are private. When the evidence shows up in court, then they learn, “Oh, nothing on the Internet is ever private.”
Dave: Yeah, that’s something we’ve just got to get across to kids and to adults, to all of us. There is nothing that is private, period.
Raj: If it’s on Facebook or Gmail or Twitter, if it’s on the Internet, it’s never going to get deleted, it’s never going to be private, and even a harmless joke in the wrong context will be seen in the worst light possible There’s a guy in Florida, a retired military person, who sent a Twitter post regarding Occupy Wall Street. I don’t support his statement that nothing will change if we kill a cop. I don’t believe we should kill cops. He said it. I don’t agree with the statement, but like Patrick Henry, I will defend his right to say it. It’s free speech. If he takes a gun and kills somebody, that’s murder, send him to jail. But he can say it. That’s our first amendment right. But because he used Twitter to say it versus an open microphone, NYPD and law enforcement are now subpoenaing Twitter to find out who said this in Florida.
Dave: Wow.
Raj: And speech laws are really treading the line between 1st and 4th amendment issues. Where do you draw the line between hateful speech and intimidation? It’s a very interesting question for which I don’t think anybody has a good answer.
Dave: Yeah, and I agree. My point is: it’s hard to even, when you’re in your home. Most people will not read the terms of service or the privacy issues when they agree to use an app or some other maybe mobile device. In those terms, you may sitting having a private conversation in your bedroom or in your living room, and most people will have their mobile device within 3 feet of themselves or in their pocket or by their side. And these terms of service you agree to with some of these apps are just phenomenal. Ones that I’ve read allow to record at will when they want to or they will take pictures without you knowing that the camera is taking the pictures. So where is your privacy any more? I mean, there’s got to be some place that you can be private.
Raj: If you find that place, send me an email. I’d love to know where it is. On the one hand, I’m a privacy zealot. On the other hand, I’m equally guilty of never being 2 feet away from my cellphone except when I force myself on weekends to leave it in a different room. And even then, it’s never more than a room away. There’s nothing wrong with the tools. Facebook isn’t a bad technology or Gmail or Twitter except other current laws. So either we have to kill the technology or, better yet, upgrade the laws to take into account that what’s in my smartphone should count as private property that can’t be used by cops because it’s in my purse or sitting in my car. They should be a subpoena to be able to image my phone. Currently, law doesn’t say they have to have one, so they’re erring on the fight of, “The law doesn’t say that I can’t, so I will.” We need to have laws that take into account that we’re not living in the 1770’s or the 1970’s anymore.
Dave: Yes, that’s right. We’re at the top of the hour. What I’d like to do is ask you a 2-part question. The first part: let’s say you’re talking to consumers, small business owners, and there may be parents in the audience. What is, typically, the most frequently asked question you’ll get from this group and the answer that you’ll give them? And the second part is the should have asked question that if they lose some of the things that you knew, their questions would’ve been a should’ve asked question. And then what’s the answer to that?
Raj: After these conversations and presentations, the most commonly asked question usually is, “Can you approve my Facebook profile? Can you help me get better results on Google? Can you help me get more business?” And my usual answer is, “I’m not the social media guy. Get somebody else who does this kind of stuff.” People have this wonderful, schizophrenic approach to, “Yeah, yeah. Security, privacy. I care about my kids, but can you help me get a new client?” And the question that should be asked but almost never is is, “What can I, as an American citizen, do to safeguard the rights I have and to protect them for my children and my grandchildren?” The lack of civic discourse is what I find troubling.
Dave: Good thought. Well, what do you think, Bill?
Bill. I think it was a terrific show. I think that every time Raj comes on, we learn something new and definitely current. We appreciate your time today. It’s amazing how fast. We say that all the time, but it just flew by today. One of the things I want to mention is you got some spots coming up in April that you’re going to be talking. So make sure you let everyone on the radio show know where you’re going to be locally and what you’re going to be talking about when you do that. And also, just make sure folks know your domain, where you house your blogs and things that you do. There’s so much great information on there, Raj, I go there often and check things out, see what you’re doing because it helps us. We found that out before the show went live. You’re so on the current bubble that we’ve got to keep up. I was a little behind on what was going on, so I’ll do a little better job of that next time. We’re looking forward to you coming back. I’m not sure if it’s before your April dates, but if it is, we’ll try and gear our show around a little bit about what you’re talking about. Or if it’s after, we’ll do the same. Again, thank you for your time. This is so important that people know what their privacy issues and laws are, and they need to know what’s going on really at your level. If it happens, you need to know and have attorneys in place. It is going to happen. You need to be prepared before that, and I think that’s just being a good, savvy person in this digital world we live in.
Raj: Guys, thank you for the opportunity. I love being on your show, and yes it’s amazing how quickly an hour flies. You can find me at RajGoel.com. If you forget how to spell my name, I’m the 1st, 2nd, and 4th on Google. I have been for 5 years. In April, I’m doing a couple presentations, mostly in New York. I’m doing a CLE for attorneys on what attorneys need to know about cyber forensics and digital evidence handling. I’ve got an article coming out in the [something at 1:05:10] around the same topic. And my first book is now in publication. It’ll be out hopefully by the middle of the month, and you’ll find links to it on our website. It’ll be available through Amazon, and I’m really excited to have my first book published. It should be on Amazon in 2 to 3 weeks.
Dave: Oh, great.
Raj: I’ll send you guys the link, and I’ll be happy to donate a couple copies for you guys to raffle off or give away to your listeners.
Dave: Signed, of course.
Raj: There you go. Signed but not in my name. I’ll use your name instead.
Bill: Well, that’s awesome. Well, thanks, Raj, again. We’ll look forward to the next time, and it looks like we’ll have a lot to talk about when you do.
Raj: Absolutely.
Bill: Have a great day, and we’ll talk to you later. Bye bye, everyone.
Dave: Bye, everyone. Thanks, Raj.