RSA 2011 Guest Post: Whose Fault is it that I Did Not Know it Was Not You? A Mock Hearing Panel

Written on February 11, 2011 – 1:28 am | by Jasmine Haller

In 48-hour period in November, 2009, PlainsCapital Bank transferred over $800,000 from the account of Hillary Machinery to a number of international and U.S. accounts. The problem was that Hillary had not initiated those transfers.

In December of that year the bank sued Hillary. That’s definitely a huh? moment.

The bank sought a judicial declaratory judgment that its security procedures were commercially reasonable and that it had not breached its obligations. In essence, Hillary had demanded that the bank cover the lost funds, claiming that the bank’s security was not commercially reasonable, and the bank preemptively sued to get a judicial authority to rule that its procedures were reasonable, thereby forestalling any legal action by Hillary.

On February 16, there will be a session at the RSA Conference titled Whose Fault Is It That I Didn’t Know It Wasn’t you. This will be a mock hearing on a claim that bad authentication practices led to an unauthorized transfer of deposited funds. A follow-on panel will discuss associated topics, including processes that could be put in place to mitigate these attacks.

This mock hearing will be heard by the Honorable John Facciola, Magistrate Judge in the U.S. District Court for the District of Columbia. Two practicing attorneys, Joseph Burton, of Duane Morris and Steven Teppler of Edelson McGuire, will represent the parties. Jim Woodhill of Authentify and I, Hoyt Kesterson of Terra Verde Services, will play the roles of testifying experts. The Honorable Andrew Peck, Magistrate Judge in the U.S. District Court for the Southern District of New York, will act at the Greek Chorus, narrating the background and introducing the players.

The RSA 2011 Conference Website describes this session as a panel. It is not. It is a one-act play in which the attorneys will examine and cross examine the experts on the facts of the hypothetical—a hypothetical in which Forty-Second Fifth bank has transferred the funds of Clacks Incorporated to some bad guys. The attorneys will then make their arguments to the judge. If Magistrate Judge Facciola holds to the routine he has established in the mock hearings conducted at previous RSA conferences, he will ask the audience to act as his law clerks and volunteer their opinions on how he might rule in the case. He will then rule, giving his reasons for his decision. Then he and the other actors in our little play will answer questions from the audience.

This is the latest in a series of mock sessions that are part of the set of sessions in the Law and Policy track developed by the Electronic Discovery and Digital Evidence and the Information Security Committees of the American Bar Association’s Section of Science & Technology Law in partnership with the RSA Conference. Attorneys attending these sessions will earn Continuing Legal Education credits.

In previous conferences we held a mock hearing arguing the validity of a digital signature on a will, a mock spoliation hearing on missing ESI (electronically stored information), and a mock FRCP 26(f) meet & confer in which the plaintiff’s request for a database extraction to produce the identities of people who were taking a specific medicine was viewed by the defendant as a request for a production that could put the defendant in violation of HIPAA. The latter two mock sessions are being reprised at the Second ABA E-Discovery and Digital Evidence Practitioners’ Workshop. This workshop is being held immediately after the RSA Conference and many of the participants in the RSA sessions will be part of the faculty.

If any of you reading this post attend the conference, be sure to come up and say hello. For those of you who cannot be there, after the conference I will post a description of the outcome of the mock session, hopefully with comments from some of the other members of our merry band.

Check out an RSA podcast here with more information on this panel.

About the Author: Hoyt L Kesterson II is a consultant with Terra Verde Services in Arizona. He has more than 40 years of experience in information security and related technologies. For 21 years he chaired the international standards group that created the X.509 certificate, a fundamental component in digital signature and securing web transactions, He is the vice-chair of the ABA’s eDiscovery and Digital Evidence Committee. A testifying expert, he has given many CLE-accredited talks to lawyers and to technologists. He is an acknowledged contributor to a book on e-discovery and a book on digital data and the rules of evidence, both published by the ABA.

Identity Theft Protection Services