I have an outstanding public records request. It is not "outstanding" in the manner that I wrote a great request, but "outstanding" in that I haven't received any public records yet from the request. I have been hired by government agencies as a consultant to help the agency find and produce response records on occasion. Mostly, I was hired because the agency did such a bad job in producing records that a court ordered the agencies to hire a third party.

In those instances, I won't talk about what the agencies specifically did wrong, but it was enough to justify a court order to do it right. The interesting thing about working on a public records engagement versus a civil litigation is that the rules are somewhat different, especially the part about a citizen's right to request public records without a need to show damage. Citizens who are curious as to what their governments are doing can simply make a request for specific records. That is pretty cool. Being in Washington (State), the MRSC website is packed with everything anyone ever needs to know about public records requests and laws.

So, back to my public records request...

Well, this request isn't part of an engagement where I have been hired as a consultant, but the subject of the request is surely important to me and should end up being important to others too. I most likely will detail the trials and tribulations of this request as soon as I am provided the start of a rolling production of records. Then I will be able to blog about records requests from the perspective of the requestor as compared to the view of the insider. One personal benefit is that I plan on learning what I can as the requestor and compare the results with what I know from being on the inside of these types of cases/records request. I am expecting that this experience will make me better when hired to search and provide records due to an entirely different perspective.

Yes, I've done public records before

I have helped clients and friends file public records requests, but that was simply helping to fill out forms, craft the request, and tips on what to look for (missing threads or attachments in emails, modified documents, withheld documents, etc...). I have testified on the search for records that were claimed to be 'too difficult', and I have gone through more than enough emails to find where an email was missing. But this time, it's actually me asking for records and me having to make sure everything is done correctly, and making sure the agency stays true to the records law for my sake.

This should be a good learning experience with a hopefully good resolution. I may make the records available online to illustrate some points if I find errors, omissions, or egregious government behavior in the records (hopefully not!).

As far as the timeline...

12/2/2019    Records requested

12/9/2019     Agency replies with no date of completion or start date to produce any records but instead gives me a date of 12/23/19 just to tell me when they can give me a date that they will start producing records.

***UPDATE***

The agency gave me a production date for the year 2040. It may be a long time before I write about this experience. Yes, it's not a typo. It is the year 2040 when this request will be completed. This agency uses the Barracuda Email Archiver, which you would assume that having pre-indexed (instant search hits!), single-instance storage (no duplicates!), simple search feature (as easy as using Google!), and quick exporting of emails would not take this long...but apparently, it does.

So now the timeline of this public records request looks like this:

2019: Requested public records

2020: Jan > Feb > Mar > Apr > May > Jun > Jul > Aug > Sep > Oct > Nov > Dec

2021: Jan > Feb > Mar > Apr > May > Jun > Jul > Aug > Sep > Oct > Nov > Dec

2022: Jan > Feb > Mar > Apr > May > Jun > Jul > Aug > Sep > Oct > Nov > Dec

2023: Jan > Feb > Mar > Apr > May > Jun > Jul > Aug > Sep > Oct > Nov > Dec

2024: Jan > Feb > Mar > Apr > May > Jun > Jul > Aug > Sep > Oct > Nov > Dec

2025: Jan > Feb > Mar > Apr > May > Jun > Jul > Aug > Sep > Oct > Nov > Dec

2026: Jan > Feb > Mar > Apr > May > Jun > Jul > Aug > Sep > Oct > Nov > Dec

2027: Jan > Feb > Mar > Apr > May > Jun > Jul > Aug > Sep > Oct > Nov > Dec

2028: Jan > Feb > Mar > Apr > May > Jun > Jul > Aug > Sep > Oct > Nov > Dec

2029: Jan > Feb > Mar > Apr > May > Jun > Jul > Aug > Sep > Oct > Nov > Dec

2030: Jan > Feb > Mar > Apr > May > Jun > Jul > Aug > Sep > Oct > Nov > Dec

2031: Jan > Feb > Mar > Apr > May > Jun > Jul > Aug > Sep > Oct > Nov > Dec

2032: Jan > Feb > Mar > Apr > May > Jun > Jul > Aug > Sep > Oct > Nov > Dec

2033: Jan > Feb > Mar > Apr > May > Jun > Jul > Aug > Sep > Oct > Nov > Dec

2034: Jan > Feb > Mar > Apr > May > Jun > Jul > Aug > Sep > Oct > Nov > Dec

2035: Jan > Feb > Mar > Apr > May > Jun > Jul > Aug > Sep > Oct > Nov > Dec

2036: Jan > Feb > Mar > Apr > May > Jun > Jul > Aug > Sep > Oct > Nov > Dec

2037: Jan > Feb > Mar > Apr > May > Jun > Jul > Aug > Sep > Oct > Nov > Dec

2038: Jan > Feb > Mar > Apr > May > Jun > Jul > Aug > Sep > Oct > Nov > Dec

2039: Jan > Feb > Mar > Apr > May > Jun > Jul > Aug > Sep > Oct > Nov > Dec

2040: Final records expected to be produced.

I have been a fan of Craig Ball ever since I met him in a forensic course years ago. I was so impressed with Craig, that I was honored that he agreed to write the foreword of a book that Eric Zimmerman and I wrote. It stands to figure that I have followed his blog for many years because I learn something every time he writes something.

Well….

His latest blog post was more than I typically expected, and I had to read it several times because Craig bared his soul with something that every single one of us would be fortunate enough to experience.  I tried to search for another way to say, “bared his soul” because that is what Craig said in his post. However, there is no other description that fits better, because that is what he did.

https://craigball.net/2019/09/09/who-am-i-if-im-not-that-guy-anymore/

I’ll let you read Craig’s blog post before reading further, and you should read it regardless of what point of your DFIR/infosec/ediscovery career point you currently sitting.  Then come back for my thoughts on the “Five Stages of Grief in a DFIR Career”.

Welcome back*

You may have already read a Swiss psychiatrist’s model detailed in a book, On Death and Dying. I’ve used that book on many occasions as a reference for teaching response to traumatic experiences to others and as a tool for coping with my own traumatic incidents. *I know you didn't read Craig's post and kept reading, but seriously, read his post.

https://www.psycom.net/depression.central.grief.html

The above visual describes the grief cycle succinctly. No need for me to add to it to describe it. But then again, I’ve done a lot of personal and professional research as well as teaching on the topic in a past career. I recommend digging further into it if this is the first time that you have seen this.

In my own life, I have gone through this grief cycle many times. Sometimes, it has taken me years to complete, and other times, seconds. Many of us are going through this now, and if not now, we will at some point in our lives. Police officers, especially those forced into deadly force incidents, will go through the entire cycle in a few seconds during an encounter and can spend years going through it after a deadly force encounter, regardless if deadly force was applied. They tend to go through this cycle a lot...same with those in combat.

Bringing this back around to you and your DFIR career

Since you read Craig’s post, you saw where it sounds that he feels his relevance has faded into a crisis of lost confidence.  If you didn’t read the post yet, do not fret; there’s a party at the end. 

This is where I see a direct resemblance to the grief cycle and a DFIR career, at least to where we will eventually feel that our relevance waned. Perhaps it will. Probably it will not.  Certainly, that which we did good, especially good for others, will never wane. The good that we did selfishly for ourselves will be forgotten faster than a long-tailed cat in a room full of rocking chairs. But the good for others is another story.

Go to work for money. Then you can do for yourself what you couldn't do before and do for others what they cannot do for themselves.

That’s what I tell my kids. Do your job, but do not be your job. The job didn’t miss you before you got there, and it won’t miss you when you are gone. But the job can help you to make this a better place by being a positive force on others.

<I’m getting to the point on the DFIR Career Grief Cycle, so bear with me>

When you create a ripple of positive change in a person’s life, you also spark a chain reaction of a tidal wave of good far past what you will ever have the fortune to see. The difference in a newcomer doing well or failing is in direct relation to your interaction with the newcomer.  Their failure or success in this field is directly tied to you. This is the point to know that the DFIR Career Grief Cycle is not a negative, but a positive in your career growth if you do it right. 

My suggestion is to push through the DFIR Career Grief Cycle as quickly as possible when it comes. Don’t be stuck at Anger, because you’ll be that ‘grumpy old person’.  And try to fly through Depression by knowing you are almost done with the cycle. Acceptance doesn’t mean the end. It means that your path has evolved, as it will for all of us, if all of us are lucky enough. The DFIR Career Grief Cycle is simply an evolution from doer to mentor or role model. Or maybe a not-so-subtle hint to move to a different job or position with a more instrumental role because your experience is incredible.

Our goal should be to be able to look back at the seeds that we planted, the good that we did, the bad that we prevented, and the positive guidance that we gave newcomers for them to grow.

We live our lives day-to-day knowing that tomorrow will never come, and that we have plenty of time to do something good for someone else tomorrow. When we accept that every new morning means that we have one less morning when we will not wake, then we can focus on what matters at home (and at work to make someone else’s life better). You have a fixed number of sunsets. A fixed number of sunrises. A fixed number of days to make a difference. Don't make the DFIR Career Cycle a Grief be one of regret, but one of satisfaction.

Craig Ball has nothing to worry about in regard to imposter syndrome, crisis of confidence, or whether or not he made a difference. I have followed his career for more than a decade. He has made a difference across the board in the forensics and electronic discovery fields as well as in the careers of many. We will all do better if we do better by others; then the grief cycle will not be feared as much as it will be welcomed.

The short story

Any person and their voice, in practically any video (past, present, or future) can have their face and voice digitally replaced with any other person face and voice. This is known as a “DeepFake” video.  Credibility of videos will no longer exist without some form of analysis, but the assumption that a DeepFake video is credible will create enough damage before being proven to be fake. The technology is not perfect (yet), but does it have to be in order to induce the intended effect?

Tip for some: You have to look up to get this. https://t.co/tfqTuToZK2

— Brett Shavers 🙄 (@Brett_Shavers) August 28, 2019

The longer version

It is difficult to find which aspect of our lives will be more in harm’s way because of DeepFake videos. With children, cyberbullying will take on an entire new life by an exponential factor.  DeepFake cyberbullying will be the nuclear bomb of child’s bullying nightmare.  The cruelness of bullies with access to make their victims appear to do anything in a video that can be instantly spread across the planet in seconds is not something to ignore.

The direction of a nation-state’s actions can potentially be moved with video evidence that was completely manufactured.

The movie industry can profit from DeepFakes by hiring B-list actors and replacing their face with A-lister faces but I don’t see an upside for the actors…

Innocent people can be made to look guilty of a crime. Today, your face can digitally replace the face of a violent criminal who was video recorded while committing the most horrid of acts, and people will believe the video..with your face on the criminal.  Criminal charges (vigilantism is a possibility!) might be filed, an arrest made, and your reputation ruined long before the video is determined to be fake.

Photoshop (and its competitors) changed the way we look at photos. Forensically, it is not entirely impossible to exam manipulated photos to find inconsistencies based on the content or layers of an image. Still, photoshopped photos are still intentionally created to damage a reputation. I’m referring to the manipulation of a photo using any photo-editing software, not just Photoshop.

But videos…this is an entirely new world of potential damage to a person’s reputation, or worse!

Stand by for a new world of fraud and information warfare campaigns.

Your online photos

The free Internet services that we have been graciously offered over the past years, in which we blissfully post photos and videos of ourselves, family and friends, is ripe for abuse. Our Internet service providers have already abused our data, selling it haphazardly to every bidder (not just the highest bidder, but practically everyone willing to pay for it). Since data can be duplicated forever, we can be abused forever as soon as we have given our data the first time to any online company.

With that, our pictures are online. We have posted the pictures of our children. Our online resumes, ie Linkedin, have a super clean portrait which is perfect for the source of a DeepFake video (all the machine learning software needs is one picture of your face…). Everyone is at risk. We already created the source material for abuse. And we did it with a smile.

My (online) photos

Working a decade in undercover narcotics turned me into an ultra-paranoid-of-cameras person. At two points in my patrol career, photos of me in uniform were posted online by my department and local news. Then I went undercover.  Always worried about someone finding those two photos of me online at the worst possible time, I avoided cameras ever since.

Even during those years, if anyone (friend or family) ever pointed a camera at me, it was like I was ducking a baseball being thrown at me.  I did the same thing working undercover to make sure my photo wasn’t part of evidence in a case that may go public. Even with that, a family member of mine kept posting my photos online, without my knowledge, even while he knew the type of work that I was doing. Good grief. Third party control of our data is never good. Never ever.

The solution

I hate to say it, but lawyers are the only solution. They also stand to be the only people that will make out like bandits in the DeepFake future with litigation. Litigation, including criminal prosecution is the only remedy for damage and hope for prevention.

Actors will need tighter contracts to protect their image and voice, otherwise Tom Cruise will be starring in new release movies well into the next century…

Victims of cyberbullying, whether it be children or adults, will have to sue for damages, but as we all know, that which goes online tends to stay online forever.

Third party curators of our data need to be held legally responsible for something or anything. If our data is being controlled by others, without any compensation other than a free email address or data storage, then this problem will only grow.

Pandora’s box is opened and the DeepFake video is here to stay. I wonder how many Pandora’s boxes exist, because it seems that every year or so, another Pandora’s box is opened and something else pops out that does 1% good and 99% bad. I’m still looking for that 1% good that DeepFakes might provide, but I’m not holding my breath.

The future

Like anything on the Internet, it is all fun and games until someone loses a job, gets sued, gets beat up or killed, or commits suicide because of doxing, harassment, and cyberbullying.

As for me, I prefer to work on things that do good.  That's why I wrote this; to remind you that this 'thing' we do, this thing we call DFIR, is for doing good.