Drug traffickers have more guarantees than me.
An organization facing a computer security incident must act according to an action plan created before any incident occurs.
In short, in the face of an event that may be a security incident, the way to proceed has already been decided and approved much earlier by the company’s management in a risk-based approach. They are elements that are not defined when faced with a possible attack.
There are two paths to follow when a security incident is detected. It must be decided whether the continuity of operations is more important than stopping operations and depending on the decision the paths to follow are different.
If the importance of the continuity of operations is the one that prevails, the treatment of the incident sacrifices the possibility of taking a legal path before the incident, since the operational continuity alters all the evidence that may exist to take criminal actions.
On the other hand, if what is sought is to take legal action in the face of the situation, sacrificing operations, all evidence of what is happening must be preserved by following reference standards in the matter.
One of my companions in prison, imprisoned for a drug-related cause, explained to me that the seized drug, like all evidence, is preserved. This person was accused of a crime associated with the drug “base paste” but the person appealed the accusation and requested a study from the forensic technical institute to confirm that what was seized was base paste. In Uruguay, there are no reagents that can differentiate cocaine alkaloid base paste, so from the drug seized, preserved and analyzed, its cause happened to be due to a cocaine issue which is much milder than “base paste” .
In my case, the evidence to preserve was the servers and all the infrastructure related to the case, which should have been seized and preserved as all my equipment and work tools were seized for two years.
Unlike the aforementioned case, I have no possibility of an analysis of what was done in the case by an independent third party, something basic for a process with due guarantees to be fair.
In my case, incredibly, I have less guarantees and transparency than a drug trafficker has.
How is it explained that the evidence has not been preserved? What were they based on to allow that to happen? It does not make sense and is scary due to the lack of guarantees that they give for “a review” of what was done to verify that what was done is what is shown in the printed papers on which no analysis can be made to verify what is reported.
At this point I reiterate, my destiny was already defined long before I was taken to court.
There are many irregularities and wrong actions, as well as unacceptable actions in the case. All digital evidence to have legal value must be signed by means of an advanced electronic signature according to law 18600. Not a single document was digitally signed.
How can someone properly and fairly defend themselves against so many errors in handling the case?
The answer is simple, one cannot have a proper defense in such a case.