Irish company Digiprove announces Text & Tweet Protect

Irish company Digiprove announces  Text & Tweet Protect

During the recent Presidential TV debate where information from a Tweet was used live during the debate and it was later admitted the Tweets claim was false, however the damage was done to the leading Independent candidate. Following this incident and several others where high profile individuals were misrepresented and a series of malicious Tweets issued, Digiprove looked to developing a simple, cost effective solution using its patented digital content security technology, which would enable greater trust in who is Tweeting? And what they have Tweeted?

This week they released the first in a planned series of on-line solutions for social media content provenance, integrity and authenticity protection and verification for Twitter.

Twitter offer a verification mark for high profile celebrities and individuals which has comprehensive identity verification and a blue mark is added to these user names on Twitter, however this option is not freely available to the masses.

“What is important is that the reader of a Tweet knows the Tweet is from a credible source, and what was read in the Tweet is actually what the Tweeter sent. The Digiprove text function achieves this allowing the reader of the Tweet check the digital certificate for that Tweet by following a short link inserted into the Tweet, says Digiprove CEO Cian Kinsella”

Digiprove is an Irish technology company who provide solutions for individuals and business  to protect any type of Digital content, securing its provenance, integrity and authenticity and enabling any 3^rd party verify these on-line. Users of the patented technology include individuals wishing to protect their copyright to businesses who have integrated the Digiprove process into their own software. The technology has applications in many business arenas including Regulatory compliance, Digital evidence & eDiscovery, creating trust in digital content and creating tamper evidence. Anywhere Digital information is used to make important decisions or take action either by an individual or an organisation this technology secures trust in the digital content used.

For more information visit.

http://protect.digiprove.com/reputation-protection-text-tweet

http://protect.digiprove.com/text-tweet-protect

cian.kinsella@digiprove.com

 

 

 

Digital Transaction & Process integrity (Creating certification & user confidence)

Digital Transaction & Process integrity (Creating certification & user confidence)

Personal & Business people carry out many of their daily functions on-line in this digital age, but how do suppliers of on-line information and services create greater confidence in the user so they can grow their business, create deeper engagement and increase the user confidence to carry out more critical transactions with your on-line service?  The answer is about creating more trust.

In the on-line world, how do we create this trust? The answer lies in ensuring there is a chain of authentic evidence in the process that delivers your service, and that the user of the service can independently verify this chain of evidence with an independent specialist in digital content assurance. OK so what does that mean for the user? On-line users of services are very familiar with the standard security processes and brands, e.g. passwords, user authentication emails, SSL, Norton, Secure payment systems such as Visa, Realex, etc. All these components go to building trust for the user. In addition some service providers go the extra mile and use more complex and expensive certified keys and encryption, though this often comes with an over-head for the user.

How can we improve that user trust & confidence?

There are three key areas that need to be addressed in a simple and cost effective manner:

1.       Source Identity Integrity & Authenticity

a.       Is this person, company or entity, who they represent themselves to be?

2.       Content Provenance & Integrity

a.       Is the content (Digital) the original, un-tampered and as issued?

3.       Verification of Identity & Integrity

a.       Can I confirm with one click 1 & 2 above?

For the supplier of on-line services & information whether they be process based or transaction based, the question is how can I build these characteristics into my software in a simple and cost effective manner?

For the User when using the on-line service, is it obvious and intuitive that any information and service I use on this web-site I can trust, and if I have a concern can I independently verify the provenance, Integrity & Authenticity with one click of the mouse?

How to build in trust and certification to your software?

Digiprove’s patented and certified technology is a unique way to quickly and cost effectively build in a traceable, certified and verifiable set of functionality. By use of one of the Digiprove products or quickly embedding the process using our software developers kit (SDK).

What can be achieved by embedding Digiprove in your solution?

The most important outcome is your on-line service and information is differentiated because it has independently verifiable credentials, enabled by Digiprove.

·         End user customers and embedded partners have independent verification of their identity and can use the ID-V logo on their digital certificates.

·         Each piece of digital content (Text, Image, Audio, Video, Data), can at any stage in the process be quickly certified by the Digiprove “Proof Engine” as an automated task. This creates an audit trail and independently verifiable certificate with the digital fingerprint, date, time and location which is undisputable evidence and proof of authenticity.

·         The ability for a user or receiver of the content to either on or off-line verify the provenance, integrity and authenticity of the digital content as well as the credentials of the originator.

The bottom line is by deploying Digiprove technology any Digital Asset which has a value whether financial, reputational, brand or compliance can have that value protected.

Protecting On-Line Reputation

On-Line Reputation Management

Whether you are a business, not-for profit organisation, band, or individual your reputation and brand is important to you. We often differentiate between the on-line and off-line brand and reputation but for most they are closely connected all bit it there may be some slightly different emphasis on-line.  The one common thing is that in the world of today, which is a digital world is that our reputation can be damaged in milliseconds either accidentally or maliciously. Digital technology brings huge benefits in the flexibility to create, change and mass communicate content and information, but this benefit comes with risks that have to be managed.

So what are the risks?

There are two main digital risks that expose your reputation:-

1.       Identity Fraud or Theft

2.       Message tampering

Identity Fraud relates to known or unknown persons or entities misrepresenting themselves as someone else, or some other entity (Band, Association, Company, Organisation). Having adopted a false identity they then communicate misinformation that, as a minimum may be misleading and disruptive and, at worst be libellous and cause serious if not fatal damage to a reputation. Regardless of the extent of the misrepresentation there is a cost to those that are misrepresented and many other related stakeholders.

Message Tampering is the situation where what is communicated and interpreted by the reader has been changed either accidentally or maliciously. The ability even for the amateur hacker to change digital content is strong, given the nature of digital content, and the professional hacker can make changes and leave no record or evidence.

The bottom line is it’s relatively easy to adopt a false identity and to change digital data, text and tweets as examples.

How can I protect my on-line reputation?

Identity Fraud

There are many solutions, Twitter for example provide an identity verification and mark for high profile individuals, however they choose who will get the benefit of this process and, it is only offered to a relatively small number of famous people/entities.

Digiprove have enabled their technology process in order that anyone can add a significant layer of protection to their identity. By becoming a paid user of Digiprove’s on-line digital content protection service your Identity will be verified using your credit card details and so long as you have a credit card in the same name as your account registration. Once you have Digiproved your content or issued a tweet from Digiprove we associate  your content/ tweet with your identity. Readers of your content/tweets will be able to quickly verify you have an identity verified mark on www.digiprove.com at the click of the mouse.

Content & Tweet Tampering

In addition to ensuring your personal identity remains authentic, you are also concerned that your content/tweet is received un- tampered and the reader sees it exactly as you intended. By using the Digiprove functionality all your content/messages will be certified. This means there is a digital certificate created, which includes the unique digital fingerprint of your message, the date, time and your identity at the time you create your message. Any readers of your content whether it be documents, images, web pages etc. can verify the integrity on-line and view the certificate.

Digiprove inserts a short link into your tweet that all readers can see. By clicking on that link any reader can view the certificate details and also they can cut and paste the text should they wish and have the Digiprove proof engine confirm its integrity and authenticity, any tampering will be evident.

 

 

Top 10 Pitfalls in Protecting Digital Content: The Reasons for Failure

Introduction

The need to prove the provenance, integrity and authenticity of an electronic document has become an area of increasing interest over the last few years. This includes the ability to prove times and dates of the creation and any modification of the documents. But is all this really necessary? Do businesses need to have this sort of functionality in place? Until recently, electronic records were treated much like their paper counterparts, at least in terms of their admissibility as evidence in a court of law. But this seems to be changing and quickly. In several landmark rulings, electronic business records that earlier would have been routinely admitted into evidence have been excluded because of questions as to their authenticity.

The December 2006 amendments to the Federal Rules of Civil Procedure have caused corporate IT departments to spend huge sums building systems to respond to eDiscovery requests. But if the authenticity of the documents so produced is challenged, that might be money down the drain. As a result, authenticity challenges around electronic records are emerging as a serious problem for attorneys. They can also represent an opportunity, once counsel begins to understand the new litigation tactics that can be used to win cases or drive settlements.

There are a few key areas in which a solution that performs these key authenticity functions is useful. They are:

·         Compliance

·         Copyright

·         Intellectual property protection

·         Protection of your legal position

Even from this short list it appears that there are an abundance of reasons as to why you should invest in a solution which reduces the burden of compliance, and which acts as a proof of ownership and copyright.  But what is the flipside? Are there any reasons not to introduce a solution for this purpose?

We’ve compiled a list of 10 reasons why you shouldn’t digitally fingerprint and protect your documents:

You don’t foresee an event where you will have to prove a document’s integrity.

And why would you? Nobody ever expects things like this to happen to them.

However, you may just be looking at this from the wrong perspective. For example, ask yourself this question: “Why have I got motor insurance?” Most people think that they will never have a car crash.  So why do they insure their cars? Ok we hear you, it’s the law and it could cost you a fortune not to have it in place. Proving a document’s integrity is similar however. You don’t realise you have to have a solution in place until it’s too late. Should a situation arise (e.g. a court case) where you must prove the authenticity and integrity of a particular document having a solution in place could save your organisation a fortune in legal fees, fines and compensation payments for example.

You like going to court.

Everybody likes a day off work and a trip to a courtroom can be quite fun on occasion. Whether you’re the plaintiff or the defendant, your day out of the office will be far less enjoyable if you don’t have the ability to prove the integrity of a document which is being used as evidence. If this document is the smoking gun your case is built on, you’re in serious trouble as it will probably be thrown out of court. Whether or not spoliation has occurred it is your ability to prove the document’s integrity that matters. The risk to you personally as an employee can be quite high especially if this is a document which should have been protected by you or your department (e.g. an employment contract if you are a HR manager, financial reports if you are a CFO). Not only could this potentially cost your organisation millions you are probably going to lose your job. On the bright side, a few more days off work.  But if this is not what you want, you have to ask yourself, “Have I covered all the bases?”

You enjoy falling foul of compliance regulations

It’s almost as good as being a teenager rebelling against your parents again. The only issue is that it’s a little more risky. Failing to comply with regulations such as Sarbanes-Oxley (SOX) or the Federal Rules of Civil Procedure (FRCP) can land a company in hot water leading to penalties including fines and jail time depending on the situation. There are so many different compliance regulations, across virtually every industry, that it has become extremely difficult to make sure you are compliant with them all. By being able to prove the integrity and authenticity of a document you are ensuring you are able to prove your compliance around many regulations concerned with spoliation, falsification of documents, ownership and much more.

You like to risk major financial penalties

“Our company is doing well we can afford legal fees, a few fines and compensation payments.” And maybe you can. But wouldn’t it be better to avoid the situation altogether and invest a comparatively small amount in protecting your legal position with the ability to prove the authenticity of your documents.

You don’t have the cash flow.

Ok fair enough. In the current economic climate businesses need to make savings wherever possible. But you really have to think long and hard about what you can afford not to have and what is essential. Think about our last point. Can you afford a financial penalty down the road from not being able to prove the authenticity and integrity of your document? It’s unlikely, cash is the life blood of business, without it your business could go under and even if it doesn’t your cash flow will not be in a healthy position.

You are not worried who tampers with your digital content

Do you even have a reason to worry? You probably don’t think you do. The problem with digital documents is the ease which they can be changed and the fact that these changes are often undetectable. There’s little that you can do to stop a document being altered once somebody else is in control of it. However, if you know it has been changed, as well as what has been changed and when it has been changed, it can allow you to take the appropriate action to rectify the situation. The only way to do this is introduce a solution which digitally fingerprints, time stamps, verifies and authenticates the document’s integrity highlighting when a change has occurred to your document. Whether it’s your web site content, your blog, your images or critical data your organisation and 3^rd parties like customers or regulators make decisions on you want to know its valid content.

You like other people taking credit for your work

Some people are just modest in nature. If you produce any piece of work such as website content, reports, articles, music and photos to name but a few, the last thing you want is another person to pass it off as their own original work.  You can’t stop this happening but with digital fingerprint technology you can make sure you can prove ownership and copyright of your work and get the credit and financial rewards you are entitled to or simply prevent the person or organisation for using your work without permission.

You don’t want to make financial gains from your intellectual property

There could be many people in the world like you who just are not interested in making money. But if you are sitting on a gold mine and really want to make the most of your idea or invention you need to be able to prove the copyright of your intellectual property. Although you own the copyright as soon as the idea is recorded if you cannot prove when and in what form the idea was recorded, you are leaving yourself open to the risk of somebody stealing it and using it themselves. Ever heard of Antonio Meucci? Most people haven’t. He is the man who invented the telephone. However, he was unable to pay the patent caveat for the telephone (it was $10 at the time) and a worker in the patent office decided that this telephone wasn’t such a bad idea. Of course we all know who is credited with being the “inventor” of the telephone, Alexander Graham Bell. For years, the two fought out legal battles (including some on their behalf posthumously) about who had invented the telephone, a situation that could have been avoided had the technology of digitally fingerprinting documents been around back in them days. Had this been the case Antonio Meucci and Alexander Graham Bell would have been able to comprehensively prove who had invented the telephone first.

You are not worried whether others trust you or your content

Maybe your digital content has no value in your eyes and is not intended to inform, advise, protect or cause action. But if it is, then you want the users of the content to be confident in and trust the integrity of you digital content. As digital content is so easily manipulated, often in an undetectable way, you also need to have confidence in the content you produce, knowing that you can reliably prove its provenance, authenticity and integrity.

You don’t rate your competition

If you are an SDK developer you want to have every possible advantage over your competitors. If your product is in a sphere where being able to prove the integrity, authenticity and provenance could be important, adding a function that digitally fingerprints your electronic documents could give you the competitive advantage you need. However, if you don’t rate your competitors you probably don’t have to worry, unless of course they add the function to their SDK.

Cases

Amex v. Vinhnee, December 2005

In this case, American Express claimed that Mr.Vinhnee had not paid his credit card bills, and took legal action in order to recuperate the money. However, the judge decided that American Express had failed to authenticate the electronic records being used as evidence, and that therefore Amex’s business records were inadmissible as evidence.

American Express tried to have the records admitted as evidence a second time and they were yet again told the records were inadmissible on the grounds that they failed to sufficiently establish a foundation of authenticity for the records offered into evidence. Finally, American Express appealed this judgement and lost a third time. Interestingly, the defendant didn’t show up for the court date, and wasn’t even represented by counsel.

This decision is considered significant because it said, in effect, that electronic records are not automatically presumed to be admissible (in court) unless you can prove that the electronic document submitted is identical to the original record. The decision also meant that courts and counsel would require parties submitting digital documents as evidence to show some way of testing and proving the authenticity of those electronic documents.

In this case, the judges made it clear that the digital records presented by Amex were “too vague” to be admissible as evidence, in essence, asking the court to accept so-called “inferred authenticity” which was judged to be insufficient.

The judge pointed out that, “... the focus is not on the circumstances of the creation of the record, but rather on the circumstances of the preservation of the record … so as to assure that the document being proffered is the same as the document that originally was created…. Ultimately, however, it all boils down to the same question of assurance that the record is what it purports to be.”

Lorraine v. Markel, May 2007

In this case, a couple took their insurance company to court in a dispute over the cause and amount of damage to their yacht which had been struck by lightning. Both parties petitioned the court for summary judgment, and Judge Paul Grimm dismissed both of these motions, because the digital documents at the center of the case could not be authenticate and therefore were inadmissible as evidence.

In his opinion, Judge Grimm wrote, “The primary authenticity issue in the context of business records is on what has, or may have, happened to the record in the interval between when it was placed in the files and the time of trial. In other words, the record being proffered must be shown to continue to be an accurate representation of the record that originally was created.”

There has been a major rise in the amount of federal judges that are concerned that electronic documents have been manipulated or altered before being produced for use in litigation or that the programs and procedures used to create and maintain these digital documents cannot be relied upon to protect these documents from manipulation by corporate insiders.

This ruling makes it clear that while some courts will continue to view electronic business records much as paper documents (which are rarely challenged on grounds of authenticity), attorneys should be prepared to face more frequent challenges to e-records in the coming years. Judge Grimm wrote, “Unless counsel knows what level of scrutiny will be required, it would be prudent to analyze electronic business records that are essential to his or her case by the most demanding standard. The cases further suggest that during pre-trial discovery counsel should determine whether opposing counsel will object to admissibility of critical documents.”

“The logical questions extend beyond the identification of the particular computer equipment and programs used,” the judge wrote. “The entity’s policies and procedures for the use of the equipment, database, and programs are important… how changes in the database are logged or recorded, as well as the structure and implementation of backup systems and audit procedures for assuring the continuing integrity of the database, are pertinent to the question of whether records have been changed since their creation.”

He concluded, “Further, although ‘it may be better to be lucky than good,’ as the saying goes, counsel would be wise not to test their luck unnecessarily. If it is critical to the success of your case to admit into evidence computer stored records, it would be prudent to plan to authenticate the record by the most rigorous standard that may be applied.”

About Digiprove

How it works?

Digiprove is a service that supplies independent time-stamped proof of digital content (without the need to send or store the content with us thus maintaining full confidentiality). Think of it as a Digital Notary. It automatically takes the digital fingerprint of all content submitted to it and provides certification of its existence.

It does this by encoding and time-stamping the relevant digital content and issuing a digitally signed certificate referencing this content. The service is based on a patented process and the proof is indisputable.

Auto-Protect uses the proven core technology of Digiprove and is designed to be deployed within organisations as a background process that just runs automatically without manual intervention. All you need to do is record your digital data according to the folder structure you have chosen (you are probably already doing this).

Note that although the Digiprove service itself is SaaS (Software as a Service), it co-exists with your existing office automation and business software and hardware – you do not have to discard your existing investment in software and hardware in fact you can point autoprotect to your current application data and it will also be automatically protected

The beauty about the way this has been set up is that there is the absolute minimum amount of dependence on you or your staff to run backups or do housekeeping tasks. The main task that requires manual intervention is the process of indexing all newly created or amended documents (incoming and outgoing). To make all this work, you will need to adopt a standardised folder structure and file naming conventions.

Independent Expert Opinion

The Digiprove service has been independently examined and tested by Georgia Tech who are one of the foremost world experts in digital security, and they had this to say:

“… the process described in the patent does indeed provide a tamper-proof way to show that digital data has not changed since its timestamp. The process also provides a provision to validate any alteration made after it has been time stamped… the software does faithfully implement the patented 'Digiprove' process providing an authenticated method for establishing proof of existence and possession of digital content of any kind.”

For more information

Email info@digiprove.com

Protect Digital content before Facebook, UTube and Flickr upload

Are your uploads and blogs important to you ?

Whether you are a frequent or occasional publisher of digital content to the Web , have you considered the consequences of unauthorised use of your content ? The answer we most frequently hear is either “ I never thought of that” or “How do I do that”.

Digital content whether it be text, images, photos, audio files or video files are extremely easy to copy, modify and re-use and therefore are open to abuse. The abuse can be malicious or inadvertent and cause reputational damage and/or financial loss.  Alternatively the published content may  just be personally important to you, your organisation, your family ,friends, members, customers, suppliers and colleagues.

So if you use Social Media such as Facebook, UTube, Flickr, and LinkedIn or publish to Websites, Blogs and Forums, you should consider protecting your content. You want to know if it has been accessed and interfered with and/or re used/republished.

Regardless of security systems, abuse still occurs with published and unpublished digital content. In the event your digital content has been misused you want to have evidence firstly that you own the content and also evidence that it has been tampered with. Ultimately whether it was erroneous or malicious that your important content was used you will require this evidence to persuade the party at fault to take action and correct the issue or you may need that evidence in the worst case to seek legal redress for reputational or financial damages.

Digiprove provides an effective solution to protecting your digital content before you publish

Digiprove provides the evidence to prove you own it, prove you sent it, and prove it has been tampered with in a secure and confidential manner. Digiproves patented “Proof Engine” technology is designed to create the provenance, authenticity & integrity of any type of Digital content without the need to send your content to us, so it always remains confidential to you. A unique digital fingerprint of your digital content is created, it is certified and logged as non repudiable proof of its existence and ownership at a point in time (and location on portable devises with GPS). Your content can be validated on-line or off-line at any time to confirm it provenance and integrity.

You only pay for what you need to protect through simple on-line value for money  subscriptions. But before you buy why don’t you try our free trail you will immediately gain confidence that this simple to use system protects your important digital content. You can use our Selfprotect on-line self-service to protect content and email communications, Autoprotect to automate the whole process as a background task in a matter of minutes or Webprotect if you are a user of Wordpress.

http://www.digiprove.com/

Compliance & Value of digital signatures

Under the Electronic Commerce Act 2000 of Ireland, electronic communications are equally valid with paper-based communications. Electronic signatures are valid if the receiving party consents to the use of an electronic signature.  The definition of an electronic signature in this legislation is very broad: "electronic signature, an advanced electronic signature, an electronic signature based on a qualified certificate, an electronic signature created by a secure signature creation device or other technological requirements relating to an electronic signature"

There is however one caveat - where there is a legal obligation to retain original documentation e.g. Financial Advisor needs to keep client instructions for 7 years, the electronic record can meet this requirement, provided that:

• there exists a reliable assurance as to the integrity of the information from the time when it was first generated in its final form, whether as an electronic communication or otherwise,
• where it is required or permitted that the information be presented— if the information is capable of being displayed in intelligible form to a person or public body to whom it is to be presented,
• if, at the time the information was generated in its final form, it was reasonable to expect that it would be readily accessible so as to be useable for subsequent reference,
• where the information is required or permitted to be presented to or retained for a public body or for a person acting on behalf of a public body, and the public body consents to the information being presented or retained in electronic form, whether as an electronic communication or otherwise, but requires that it be presented or retained in accordance with particular information technology and procedural requirements— if the public body's requirements have been met and those requirements have been made public and are objective, transparent, proportionate and non-discriminatory, and
• where the information is required or permitted to be presented to or retained for a person who is neither a public body nor acting on behalf of a public body— if the person to whom the information is required or permitted to be presented or for whom it is required or permitted to be retained consents to the information being presented or retained in that form.

However Digiproving does have the following real advantages:

1. When added to electronically signed document at the same time the document is signed, it meets any statutory obligation in relation to retention of original documents
2. Offers an irrefutable assurance that the document has not been altered either accidentally or deliberately since its creation
3. Offers an irrefutable timestamp certifying the time of creation of the document (And location information if it is available on the device)
4. It meets the requirements for retention of records (In digital format), thus creating less dependence on paper records.

Items 2 & 3 are important because not only do they provide comfort to the receiving party (who must after all consent to the use of e-communications) of the integrity of the document, they remove all reasonable doubt (whether in a court case or otherwise) that a document could have been altered.  Other safeguards such as archiving and time stamping logs may be circumvented by any software engineer or gifted amateur, or indeed by malicious design.

Finally the legislation describes an "advanced electronic signature based on a qualified certificate".  I am pretty certain this means what is usually referred to as a Digital Signature, based on PKI using CAs such as Verisign (such as what is implemented in Adobe and there are many examples like this I think An Post have something as well).  This has one particular legal advantage in that it is recognised as a witnessed signature, and appears to be a requirement in applying signatures to documents that require witnessing. Cryptographically it is a very secure solution.  However it comes with a major overhead - everyone who signs has to have a Digital ID (or digital certificate) from a recognised CA.  There is (as you would expect) a whole process involved in proving your identity to the CA, and of course an annual cost.  Despite massive promotion by companies like RSA and Baltimore in the late 90s this technology did not succeed.

For more information

http://www.digiprove.com/

http://www.brokerprove.com/ for financial advisors