Computer Forensic Expert Witness: Data Breach, Information Security, Cybersecurity
C. Matthew Curtin offers the following services:
Expert Consultation/Testimony — For privacy litigation and litigation resulting from data breach. Testimony for the court on technical matters.
Incident Response — Helping clients respond to data breaches and security incidents. Determining whether unauthorized access has happened, identifying affected individuals, preserving relevant data.
Information Security Program Assessment — Helping clients prevent data breaches and security incidents.
Litigation Support Services
Interhack Corporation also provides services in its Electronic Discovery, Forensic Computing practices, Preservation and Forensic Analysis of Data, Computer Crime Investigations, Data Breach Response and Incident Management and Complex Analysis of Non-Standard Data Sets.
Areas of Expertise
Preservation and Forensic Analysis of Data; Computer Crime Investigations; Data Breach Response and Incident Management; Complex Analysis of Non-Standard Data Sets; Incident Response; Security Incident; Data Breach.
C. Matthew Curtin, CISSP is the founder of Interhack Corporation, a computer expert firm based in Columbus, and Senior Lecturer in the Department of Computer Science and Engineering at The Ohio State University.
Curtin and his team help attorneys and executives understand the meaning and context of data and how they affect business, operations, or a legal case. Curtin’s vast knowledge and experience in the field of computer science and cybersecurity enables him to convey the optimal path forward and offer an opinion within a degree of scientific certainty. Curtin’s experience in the field enables him to train his team to operate in specialized task forces organized to respond to high-stakes situations such as data breaches.
Curtin's work centers on the intersection of law and technology. The U.S. Court of Appeals for the First Circuit relied on Interhack's forensic computing practice and Mr. Curtin's expert opinion when it established standards for application of Federal wiretap statutes to Web technology, In re Pharmatrak Privacy Litigation (see link above). Academic references to Interhack’s work include the Stanford Law Review and university courses throughout the world.
Curtin has held an academic post as Senior Lecturer at The Ohio State University's Department of Computer Science and Engineering and has guest lectured for a number of universities in the central Ohio area. Curtin regularly presents case studies and his general knowledge of computer science at conferences such as the Midwest Consortium for Computing Sciences in Colleges Conference, the Central Ohio Association of Criminal Defense Lawyers, and the Northern Ohio Chapter of InfraGard.
C. Matthew Curtin is available as a consulting or testifying expert in cybersecurity and other technical matters.
Interhack Corporation in the Social NetworksLinkedIn
Over decade of consulting and testifying expert witness experience. Leads technical teams that have been deployed in all of the aforementioned services, for both plaintiffs and defense.
Pharmatrak Privacy Litigation — Assessed Web traffic analysis system for civil privacy litigation and provided opinion used by the U.S. Court of Appeals for the First Circuit to establish precedent on the application of Federal wiretap statutes to Web technology, clarifying what constitutes "protected content" on the Web under the terms of the Electronic Communications Privacy Act (ECPA).
High-Profile Incident Response and Security Assessment — Led external assessment teams for a data loss incident at the Ohio Administrative Knowledge System (OAKS), a large-scale ERP system for the entire State government.
Enterprise Data Encryption — Provided technical expertise to multibillion-dollar retailer developing cryptographic controls for the protection of cardholder and other sensitive information.
Certified Information Systems Security Professional (CISSP)
Legal Experience & Services
Since inception in 2000, retained by law firms and in-house counsel for firms of all sizes, from largest multinational firms with hundreds of attorneys to several firms with solo practitioners and a small support staff.
Most consulting work is undisclosed. Some past, publicized cases include:
Pharmatrak Privacy Litigation, 2002--3 Interhack's Interhack forensic data analysis and a report and 1,500-page compendium of exhibits ultimately led to a ruling by the U.S. Court of Appeals for the First Circuit clarifying what constitutes "protected content" on the Web under the terms of the Electronic Communications Privacy Act (ECPA).
Sony “Rootkit” Digital Rights Management — Served as technical consultant to plaintiff’s counsel in civil proceedings over the 2005 DRM released on Sony Music CDs.
• Association for Computing Machinery (ACM)
• Central Ohio InfraGard Members Alliance, Coordinated by Federal Bureau of Investigation
• itWORKS.OHIO Business Advisory Network, ad hoc network to advise the Ohio Department of Education on statewide content standards for information technology education programs. Chair of committee to handle recruiting issues. Chair of 2010 futuring panel.
Seminars & Training
Interhack practitioners deliver a variety of continuing legal education courses. Contact us for rates and availability.
Using Science to Combat Data Loss: Analyzing Breaches by Type and Industry
Formal, peer-reviewed research. Presentation of taxonomy to classify data loss incidents and study identifying the relationships between data loss types and industries. Significant results found for Finance, Education, Public Administration, and Health Care.
Published in I/S: A Journal of Law and Policy for the Information Society, Volume 4, Issue 3, Winter 2008–09. It represents a one-of-a-kind partnership between one of America's leading law schools, the Moritz College of Law at The Ohio State University, and the nation's foremost public policy school focused on information technology, Carnegie Mellon University's H.J. Heinz III School of Public Policy and Management.
Incident Handling: When the Breach Occurs
Article. Reputation is made or broken not on whether an incident takes place, but how well the incident is handled. Thus every security program includes a component on incident handling. Effectively handling adverse events requires planning and practice, paving the way for sound execution. In preparation, there are four questions every CIO needs to answer.
Doyle Lowther LLP
10200 Willow Creek Rd., Suite 150
San Diego, CA 92131
+1 858 935 9960
Taft Stettinius & Hollister LLP
65 East State Street, Ste 1000
Columbus, OH 43215
+1 614 334 6159
Schottenstein Zox & Dunn Co., L.P.A.
250 West Street
Columbus, OH 43215
Tsibouris & Associates, LLC
88 East Broad Street, Suite 1560
Columbus, OH 43215
Articles Published by Interhack Corporation
E-Discovery: Small Steps That Can Yield Great Savings
Over the past few years, e-discovery has grown from a little mentioned, often avoided aspect of litigation into a core component that can make or break a case. It first gained widespread attention in the Zubulake and Morgan Stanley cases, and was thrust into the spotlight late in 2006 by changes to the Federal Rules of Civil Procedure that specifically targeted discovery of electronically stored information (ESI).Read Article
Early Engagement of a Computer Expert Maximizes the Value of Electronic Evidence
Finding answers to the questions that arise in litigation often hinges on the proper acquisition, preservation, analysis, and presentation of electronic evidence. Reliance on electronic information is sure to increase as computer systems continue to integrate into more aspects of modern life. An experienced computer expert can provide key insight into making the best use of electronic evidence in a case.Read Article
Using Electronic Stored Information
Information technology has come a long way since the time of cuneiform tablets. Today litigators are finding that their cases---whether "computer cases'' or not---are relying increasingly on electronic stored information (ESI). This article considers two issues of ESI: data formats and encoding, and why lawyers should not fear the technology.Read Article