Each week on eDiscovery Leaders Live, I chat with a leader in eDiscovery or related areas. Our guest on February 12 was Brad Wilson, Director at Berkeley Research Group (BRG).
Brad and I covered three broad areas in our discussion: eDiscovery, cybersecurity, and data privacy. We started with the impact the COVID-19 has had on eDiscovery, both negative and positive. From there we moved to the challenges posed by short messages, a renewed pandemic-inspired in tech in the law, particularly AI, as well as the expanding eDiscovery challenges that increased in the use of tools such as Zoom are posing. Brad discussed cyber threats and their interrelationship with eDiscovery, talked about the Solarium Commission and its recommendations, looked at issues posed by business email compromise scams, and closed out the cyber discussion with thoughts about detecting problematic behaviors with AI models. With respect to data privacy, Brad emphasized the intertwined nature of privacy, cyber, and discovery, and talked as well about the use of AI to address privacy challenges. We finished the discussion with Brad’s musings on his ideal eDiscovery and investigations platform.
Recorded live on February 12, 2021 | Transcription below
Note: This content has been edited and condensed for clarity.
George Socha:
Welcome to eDiscovery Leaders Live, hosted by ACEDS, and sponsored by Reveal. I am George Socha, Senior Vice President of Brand Awareness at Reveal. Each Friday morning at 11 am Eastern, I host an episode of eDiscovery Leaders Live where I get a chance to chat with luminaries in eDiscovery and related areas.
Past episodes are available on the Reveal website, go to revealdata.com, select “Resources” and then select “eDiscovery Leaders Live Cast”.
Our guest this week is Brad Wilson. Brad is a director at BRG, or Berkeley Research Group. He joined them in 2020. He, as I said, is a director at BRG, in their Global Investigations and Strategic Intelligence practice, specializing in forensic technology, eDiscovery and cyber security. Prior to joining BRG, he spent about 14 years at PWC, starting as an intern and then working both in their DC and Chicago offices. Brad has a BS from Penn State University. Brad, welcome.
Brad Wilson:
Thank you so much. Thanks so much for having me today, George. I'm very excited to be here today from sunny Chicago. You know when we see the sun here in February, as you can appreciate in the Midwest region, it's a big deal. Also, special thanks to ACEDS and Reveal for sponsoring this event today. I look forward to the dialogue.
George Socha:
Great, we are glad to have you here. As is the case with everyone who shows up here, of course we've chatted a bit at the head of time to see some of the things you might be interested in talking about. One of the things I'd like to touch on based on that, is to talk about the pandemic and what you're seeing it's impact to be in the world of eDiscovery and forensic technology and cybersecurity.
Brad Wilson:
As I know we can all appreciate, the pandemic has definitely changed our lives both from a technology use perspective, but also from the way that we interact with each other through Zoom calls, Teams and other collaboration platforms. It's really brought the CIO and technology leads to the forefront of discussions on operational spend and enhancements. I was looking at an article the other day, just looking at the market, and from an investment standpoint there was a large increase in spending on start-ups selling cloud based software tools and services for AI including cyber security. E-commerce providers in the 4th quarter of 2020 had spent $15.3 billion in funding on more than 600 deals. When I read that, that's a big number, but how does that compare historically? If you look at that in comparison to Q4 in 2020, that was up more than 50 percent from the same period in Q4 of 2019, which was the highest quarterly funding for the technology sector since 2011. In the context of the pandemic, I found this to be very encouraging, especially for our line of work.
George Socha:
Take a look at the tea leaves in the bottom of the glass, then. What do you think brought that about?
Brad Wilson:
I think executives want to know not only how to improve the technology they use but also better ways to automate workflows effectively and effectively use their employees in light of tighter budgets and work life balance as we're juggling everything remotely. I think even just being in front of a laptop day in and day out with a camera on, you're talking to folks, technology is front of mind. Obviously we were using it previously, but I think it's more so just the fact that we're interacting with it for every meeting we do and every interaction. I think it's really changed the thought process. I think it would anticipate the adoption and continue to accelerate the use of AI through investigations and litigation, identifying findings faster, decreasing the spend of human review, going back to the budgetary constraints that companies are facing. I also think it's important to keep in mind how the practical day-to-day business that we're conducting will also change the way that we treat data discovery.
With work-from-home considerations, where do you store files, how are you interacting with systems, did you have to purchase your own personal laptop to conduct business, do a BYOD set up, which I've heard some companies have had to do. And then, even what we're doing right now, video transcription, all of these recordings with Zoom, and different depositions and things are likely to be discoverable now. Having that transcription ability is going to be huge.
And then I think it's also the ever increasing use of mobile apps and ephemeral messaging. We saw this before the pandemic, where mobile devices for the past 10+ years have been a focal point of investigations, but I think more so now, the fact that we're using technology for every form of communication. It's a challenge, even today with all the great technologies we have, even the collection process of that can span from cloud to backups to the device itself and then you layer in the user consent and credentials on top of that and it's definitely a complex situation to deal with.
George Socha:
As a services provider in this space, you've always had to deal with the unpredictable. And it sounds like the unpredictable has become even more of a challenge now. How do you go about dealing with this growing number of data sources, growing number of formats, growing number of places that you're going to need to go to look to find data?
Brad Wilson:
I think it's really important when you're facing a new enterprise environment with a company. It's going through the typical questionnaire of where you store information, but then it's also in the context of how the business operates. Its understanding and keeping yourself informed on all the different technologies that are out there and the ways that you can communicate.
It's going to vary by business. I was working on a matter within the past couple of years where Salesforce Chatter was at the forefront, but not every company uses Salesforce either. It's understanding what the technologies are that are out there and then it’s understanding what are the ways that folks could be communicating using that. It's also through the custodian interviews and things like that that are helping with that.
George Socha:
Short messages seem to be a particularly vexing problem these days, not just with the collection of the data, but working with that data once you're trying to go through it and make sense of it. Have you had any particular success dealing with that type of content?
Brad Wilson:
It definitely brings its challenges. At times you want to see everything sequentially, you want to see the entire conversation thread, maybe within a day or two of each other. But as you said then, maybe other times, you want to see it individually for production purposes or for other needs. The sheer vast number of messaging platforms out there, and there's all these different formats of export to keep that information out, it's definitely a complex thing. That's why I think layering in data analytics skill sets into everything we do makes a lot of sense. You're going to need that to normalize the information, to cut the information as you need to. Using great technologies like Reveal, NexLP and Brainspace to help you present that and make sense of it, is why I think it's really important.
George Socha:
One of the comments I heard from folks on a weekly call last fall, goes back to an earlier comment you made in this discussion. That person's impression is that executives in particular are now having to work from home or have had to work from home and had to sit down with the technology they've maybe never dealt with before and figure out how to get things done and done in ways they've never have done before. As a result of all of that, they are more open to approaching things such as eDiscovery, cybersecurity, data privacy, in ways that they hadn't before and in particular are much more open to the use of artificial intelligence to help make sense of that content. Has that been your experience?
Brad Wilson:
It has. From my experience and then taking the pulse of the market, reading, hearing from clients, I think it's the human element factor. Like you said, maybe executives 90 percent of the time were meeting face to face with folks. I think back even personally, being a younger professional, you think through how often that I actually use live streaming to do meetings and whatnot. It just didn't happen; if we're for being real with ourselves. Either the technology didn't work or we didn't want to see other folks' faces and it was awkward. Even at the start of the pandemic, I think a lot of people felt like this interaction that we're doing right now, it's just awkward, it's different, but I think over time we’re adapting to it as humans. I think you're right, having folks that wouldn’t actually use this technology every second of the day now using it, it does come front of mind then: “Hey, what else can we do? This is working really well. We’ve saved money on different areas budgetarily; how else can we use technology?”
George Socha:
I suspect we've adapted more than we even realize. I was on an actual conference call, not a video call, just an audio conference call, a couple of weeks ago with a law firm. The folks on the law firm said they were very pleased not to have the video turned on, not to have to have people be able to see them. I felt, however, as if a major component had been taken away. The conversation was much more awkward. No one know when to start talking, people would all start at once, talk over each other. We didn’t have the visual cues we even get with this here. Of course, with that said, now we've got content that's being recorded, video content that's being recorded. And one of the challenges for us moving forward is going to be to figure out how to get those video cues into systems that allow us to work with that when we're not dealing with one video, but 10,000 videos. We have some challenges ahead as well.
Brad Wilson:
I completely agree, You think about the storage size of these videos too, that's astronomical, and you think about the fact that historically, were conference calls often recorded. It wasn't really a thing and now that you have the ability to quickly and seamlessly record things, I think folks are doing that a bit more for record keeping and what not and you are right, that becomes discoverable potentially, changes the game.
This is where technology is really interesting. There's a lot of companies now focused on facial recognition, what's the emotion of a person, not just in what they're saying, but what they're visually doing with their faces. I think that's fascinating, I think that's a really big area that maybe it was up and coming but now it's going to be accelerated within the next 5 to 10 years.
George Socha:
We've got the ability to transcribe the audio. We don’t transcribe the video, but we’ve got the ability to go in and identify and tag images to identify mold on a wall. We don't have the ability to go in and say Brad's happy here and angry there based upon how he's appearing in the video; we can do that with a text, but not that. So yes, interesting areas to try to pursue.
I would like to switch focus to a second the area of responsibility for you, which is the cyber threat side of things. What are you dealing with there, what are you seeing there, and what do you think that's all going?
Brad Wilson:
I started my career and have been definitely keeping involved in the cyber threats realm as well. I think it's really interesting, the SolarWinds breach that was just experienced. It's being quoted as one of the most significant cyber attacks in history for its impact on thousands of companies, governments, causing a lot of distress with folks, looking at their supply chains with a closer eye, looking at their third parties, “Do we really need to be sending the sensitive data to this vendor, giving them access to this?”
I think it's really disrupted, culturally, some of those relationships as well. How does that relate to eDiscovery? It does in multiple ways. Folks are now having to look at their contracts to understand, do we have the right clauses in place, rights to audit and indemnification and to go back and in case something like this happened to us or is happening to us. How do we take the right actions with our third parties to assess their security or who their vendors are.
I think it's also impacting how companies are controlling their information. At times companies in the past maybe were having the providers run some of that, and having multiple providers, and now they're going to want to take ownership of that, have some better control potentially. Having that one record of truth that they can go back to, I think is really important.
The other aspect of this and it's somewhat under the radar it's starting to pick up a lot more traction here: Within the past year they finalized it, but there's a commission called the Solarium Commission, where they put 80 recommendations in front of the US government in terms of how to improve the cyberspace, both from a private and public sector perspective. What's significant with that is, in this year's defense bill, which just was passed this past December for 2021, 25 of the 80 recommendations are in there. It focuses on better collaboration across the private and public sector. It focuses on, how do we better share intelligence, how do we better come up with best practices. And I think that it directly impacts eDiscovery, with the fact that eDiscovery involves so much sensitive information from critical infrastructure where there's a lot of focus and needs to secure that information.
One of the other compromises that interrelates with eDiscovery is the business email compromise scams, which have been around for the past decade. They've definitely evolved over time, they’ve evolved with the pandemic, going back to that topic, and telework. The FBI announced the various ways that the attackers are now gaining intel and mimicking user behavior inside of emails as they compromise those systems. It accounted for $1.7 billion in losses in 2019, which was the costliest threat actor last year.
This is directly impacting email, email systems, and it's coming out that was one of the theories or the ways that SolarWinds was initially compromised, which isn’t unusual, that's typically how most threat actors are getting in. Where this really comes into play, is around using these eDiscovery technologies now on the proactive side. Now you can do this compliance monitoring, you can be doing the same things proactively that you would have been doing on the investigative side, but starting to use these AI models and algorithms to find anomalous behavior, to find things like, “This email’s coming from one of our vendors but it's not following the right process or procedures” or the tone or language that they're using is not traditional with the way they've communicated with us for the past 10 years. There's definitely ways to proactively flag that information.
Obviously, there are security tools up there that are looking at it from that lens, but I think the concept that you have the AI technologies already being built on the investigative side, you can repurpose those for the proactive compliance monitoring side, I think is a really interesting play for companies.
George Socha:
Let's step back a little bit to that set of Solarium Commission recommendations. I’m curious, do you see those as achievable, actionable recommendations or aspirational recommendations?
Brad Wilson:
I think the ones that they’ve included in there and put in the bill are definitely achievable, because they all center around that collaboration side of things. When I first started out in my profession, I was involved in some of the ISACs, which are the information sharing centers, and specifically on the financial services side. That was about 10 years ago they were doing some of that collaboration. There's a lot of great collateral out there, a lot of great information already developed, but now I think the government's taking a more intentional step forward to say, “We can't just have these nonprofit communities. We need to be very aggressive and thoughtful about how we're interacting with businesses. It can't just be an afterthought, it has to be front of mind”. I say that it’s achievable ideally, but it's also complex because we're talking about a lot of companies are global. Are they going to need to align directly with the US if they're also doing operations in South America or Europe? Europe has their own set of similar bills that are being passed. Or China, that's a really interesting dynamic there as well.
George Socha:
To jump back to the other side of what you are talking about, it sounds as if one of the things you are doing when it comes to trying to detect behaviors that could be problematic, or patterns of activity that could be problematic. Is using the technology available to you to develop a series of baselines and then looking for deviations from those baselines. Am I understanding correctly?
Brad Wilson:
Yes. It's important when using these AI models to have that historical data. You need the historical data and the work product to create some of those models. At times it is challenging. Either you have the work product but you don't have the underlying historical data to help make that more effective. There's a lot of progress being made in those areas, where even if you are just doing a transactional investigation with a company and maybe you're not in their network constantly gathering all this intel, all this information, there are ways now to basically create these models, these portable models to be able to take some of the past work product and bring that forward. I think that's where there is a huge opportunity, when you can actually take that historical information that, maybe you weren't considering using AI at that time, but now you can still bring that forward. I think that's really important.
George Socha:
Closely related to cyber security is, of course, data privacy. Tell us a little about what you're dealing with on that front.
Brad Wilson:
You see data privacy, cyber security, discovery, constantly intertwined with each other. It's a huge topic. It's at the forefront of domestic, international, global laws. It's very complex. I think that we made some progress domestically with the California privacy rights act. I think it will continue to pave the way and to address data privacy and consumer protection in the US. But then you look globally and every country is going to be slightly different. I know we were talking earlier about Switzerland and those challenges. It's always going to be this balance of having optionality with our eDiscovery platforms and our ability to service companies. Obviously, there's a cost element to everything and obviously the cloud brings some advantages there to be able to contain that, but then you also look at, back to the cyber security side or the data privacy side, if you’re dealing with really sensitive information, there's a lot of thought that needs to be put around that because you don't want that information to get out of those areas. So, there's going to be additional security layers. Data privacy is going to be one that's going to be around here for a while.
I also want to talk about data privacy and AI. That's another complex area. You may have all that historical data and work product, but there are data privacy considerations to them bringing that forward - things like, is there sensitive information in there that we hadn't redacted at that time that would be some consideration before we bring that information forward. This is really impacting the cyber security space in a big way. The Wall Street Journal just had an article this week even, saying that there's a huge data drought when it comes to building models AI models and cyber security threat monitoring. It's because there's just not the information sharing. There's a lot of sensitive IP, there's this underlying code and sensitive information that folks just don't want to put out there for repurposing. It's making it hard to advance really some of those AI models in that space as well.
George Socha:
I’d like to close with your thoughts on an ideal eDiscovery and investigations platform. I’ve posed this question to others. The parameters are, assume no limits whatsoever; everything is possible, any technological capability you could possibly imagine is available to you; budget is no concern whatsoever. What would your ideal eDiscovery and investigation platform look like?
Brad Wilson:
Going back to the investments that the market is making in startups around AI technology, I think that you're going to see a huge influx of software and algorithms tailored for certain industries, certain business functions. I think the opportunity then for eDiscovery is how do we repurpose that, how do we bring that forward and into our investigations. That’s not an easy thing to solve, but I think that's an important one to solve because when you're talking about all the work effort that's going to be put in, and budgetary, that’s going to be put into those systems and those algorithms, it’s going to be important to how do we bring that forward. How do we bring that value forward? I think that’s one.
Then the other one is more of a fun one in a way and I also think it's also practical, but I'm a big fan of augmented reality. I've been joking with the Brainspace crew for years that they should be developing some way of interacting with information in new ways using AR. I think it would be really interesting to create more of like a Minority Report, looking to deal with dashboards and interacting with information. I think that’s one thing I'll put out there to see if we can capitalize on that.
George Socha:
So, would you want to headset you put on or when you want something to just appear in front of you?
Brad Wilson:
I'd rather just have something appear, but I think right now you probably need the headset.
George Socha:
We don't need to stick with right now. What would you like to have?
Brad Wilson:
Oh yeah. The Minority Report look and feel. Just put on the gloves, and be able to dictate what I'm seeing.
George Socha:
Well, we probably can't get that to you next week, but we can try.
Thank you, Brad. Brad is a director at BRG or Berkeley Research Group and he was very gracious to join us this week. I am George Socha, this has been eDiscovery Leaders Live, hosted by ACEDS, and sponsored by Reveal. Next week our guest will be Sam Sessler, who is with the law firm of Norton Rose Fulbright. Once again Brad, thank you very much.
Brad Wilson:
Thank you George.