Case Scenarios And Sample Claim Form Entries For Outcomes: Fill & Download for Free

AI in Law: Current Applications – Insights Up FrontBased on our assessment of the companies and offerings in the legal field, current applications of AI appear to fall in six major categories:Due diligence – Litigators perform due diligence with the help of AI tools to uncover background information. We’ve decided to include contract review, legal research and electronic discovery in this section.Prediction technology – An AI software generates results that forecast litigation outcome.Legal analytics – Lawyers can use data points from past case law, win/loss rates and a judge’s history to be used for trends and patterns.Document automation – Law firms use software templates to create filled out documents based on data input.Intellectual property – AI tools guide lawyers in analyzing large IP portfolios and drawing insights from the content.Electronic billing – Lawyers’ billable hours are computed automatically.Next, we’ll explore the major areas of current AI applications in law, individually and in-depth:(We’ve done our best to place companies into the category that best represents their product offering, but it’s important to note that there is overlap on many of the groupings we’ve chosen.)Due DiligenceOne of the primary tasks that lawyers perform on behalf of their clients the confirmation of facts and figures, and thoroughly assessing a legal situation. This due diligence process is required for intelligently advising clients on what their options are, and what actions they should take.While extensive due diligence can positively impact long-term shareholder returns (according to a study by the City University of London), the process can also be very time-consuming and tedious. Lawyers need to conduct a comprehensive investigation of meaningful results. As such, lawyers are also prone to mistakes and inaccuracy when doing spot checks.Kira SystemsNoah Waisberg, a former M&A lawyer who founded the software company Kira Systems, thinks that due diligence errors by junior lawyers often occur for a number of reasons. These include working very late at night or on the eve of a weekend, forgetting to perform due diligence before the end of the workweek, and failing to act on it when a deal structure is completely revised.He adds, “Many associates are in a certain negative mood about the efficacy of manual due diligence. Lawyers, being human, get tired and cranky, with unfortunate implications for voluminous due diligence in M&A.”Kira Systems asserts that its software is capable of performing a more accurate due diligence contract review by searching, highlighting, and extracting relevant content for analysis. Other team members who need to perform multiple reviews of the content can search for the extracted information with links to the original source using the software. The company claims that its system can complete the task up to 40 per cent faster when using it for the first time, and up to 90 per cent for those with more experience.LEVERTONLEVERTON, an offshoot of the German Institute for Artificial Intelligence, also uses AI to extract relevant data, manage documents and compile leases in real estate transactions. The cloud-based tool is said to be capable of reading contracts at high speeds in 20 languages.In 2015, IT firm Atos sought the help of real estate firm Colliers International, which used LEVERTON in performing due diligence of a company that the former was about to acquire. Through the use of LEVERSON’s AI, information such as payable rent, maintenance costs and expiration dates were extracted from thousands of documents and then organized on a spreadsheet.eBreviaHowever, lawyers can be burdened by reviewing multiple contracts and they may miss important edits that result in legal issues later on. This is the same problem that Ned Gannon and Adam Nguyen, co-founders of eBrevia, experienced when they were still working as junior associates. They built a startup in partnership with Columbia University with the intention of shortening the document review process.eBrevia claims to use natural language processing and machine learning to extract relevant textual data from legal contracts and other documents to guide lawyers in analysis, due diligence and lease abstraction. A lawyer would have to customize the type of information that needs to be extracted from scanned documents, and the software will then convert it to searchable text. The software will summarize the extracted documents into a report that can be shared and downloaded in different formats.JPMorganOther organizations such as JPMorgan in June 2016 have tapped AI by developing in-house legal technology tools. JP Morgan claims that their program, named COIN (short for Contract Intelligence), extracts 150 attributes from 12,000 commercial credit agreements and contracts in only a few seconds.This is equivalent to 36,000 hours of legal work by its lawyers and loan officers according to the company. COIN was developed after the bank noticed an annual average of 12,000 new wholesale contracts with blatant errors.ThoughtRiverOther AI industry players includeThoughtRiver, which handles contracts, portfolio reviews and investigations for improved risk management. Its Fathom Contextual Interpretation Engine was developed together with machine learning experts authorities at Cambridge University.The company states that it designed the product to automate summaries of high-volume contract reviews. While users read content extracts, they can also read the meanings of clauses provided by the AI. The system is also said to be capable of flagging risky contracts automatically. The company provides a brief tour of their product in the 3-minute video below, including a detailed look at the user interface and basic functions of the software:LawGeexLawGeex claims that its software validates contracts if they are within predefined policies. If they fail to meet the standards, then the AI provides suggestions for editing and approval. It does this by combining machine learning, text analytics, statistical benchmarks and legal knowledge by lawyers according to the company.In this video, LawGeex CEO Noory Bechor further explains how his product can cater to legal services.The company also claims that with their tool, law firms can cut costs by 90 per cent and reduce contract review and approval time by 80 per cent (though these numbers don’t seem to be coupled with any case studies). The firm lists Deloitte and Sears among some of its current customers.Legal RobotOn the other hand, Legal Robot, a San Francisco-based AI company, currently offers Contract Analytics, its answer to the growing contract review software market. Currently, in beta, the company states that its software is capable of changing legal content into numeric form and raising issues on the document through machine learning and AI.A video presenting how the software works state that it builds a legal language model from thousands of documents. This knowledge is used to score the contract based on language complexity, legal phrasing, and enforceability. With the issues flagged by the software, it then provides suggestions on improving the contract’s compliance, consistency, and readability by evaluating it on best practices, risk factors and differences in the jurisdiction.Ross IntelligenceEvery lawsuit and court case requires diligent legal research. However, the number of links to open, cases to read and information to note, can overwhelm lawyers who have limited time doing research. Lawyers can take advantage of the natural language search capability of the ROSS Intelligence software by asking questions, and receiving information such as recommended readings, related case law and secondary resources.BakerHostetler, in what seemed like a break in tradition, employed ROSS in its bankruptcy department, 100 years after the law firm’s founding. The law firm’s chairman, Steven Kestner, explained in an interview that they decided to employ the software to work on 27 terabytes of data. A Forbes report describes ROSS’ function in the law firm’s operations: “ROSS will be able to quickly respond to questions after searching through billions of documents.The company claims that lawyers can ask ROSS questions in plain English such as “what is the Freedom of Information Act?” and the software will respond with references and citations. Like most machine learning systems, ROSS purportedly improves with use.CasetextOn the other hand, Casetext’sCARA claims to allow lawyers to forecast an opposing counsel’s arguments by finding opinions that were previously used by lawyers. Users can also detect cases that have been negatively treated and flagged as something that lawyers may deem unreliable.Casetext claims large law firms such as DLA Piper and Ogletree Deakins as its clients.Other Assorted ApplicationsOther software products also combine machine learning and legal analysis to assist lawyers with legal research but with limited coverage. For example:Loom features win/loss rates and the judge ruling information but only for civil cases in select Canadian provinces. In an interview with Stanford Law School, Mona Datt (co-founder of Loom Analytics) elaborates:“Instead of performing open text searches looking for personal injury precedents, a lawyer could use Loom’s system to see all personal injury decisions that were published in a given time span and then break them down by the outcome.Instead of combing through individual decisions looking for ones written by a particular judge, Loom’s system can show all decisions authored by that particular judge and provide an at-a-glance snapshot of their ruling history. In short, we’re providing quantitative metrics on Canadian case law.”Judicata, on the other hand, only serves California state law as of this writing. Its software, Clerk, is said to be capable of reading and analyzing legal briefs. It also evaluates their pros and cons and then assigns a score for each brief based on arguments, drafting and context.The recommendations intended to reduce content mistakes are listed as part of the action items for the user. In the company’s blog, Product Manager Beth Hoover explains, “Clerk helps reduce these errors by identifying the quotations in a brief and cross-checking them against the cited case to ensure the text is identical and the page numbers are correct.”Potential Bias ConcernsIn a recent paper by Susan Nevelow Mart of the University of Colorado Law School tested if online legal case databases would return the same relevant search results. She found out that engineers who design these search algorithms for case databases such as Casetext, Fastcase, Google Scholar, Lexis Advance, Ravel, and Westlaw have biases on what would be a relevant case that their respective algorithms will show to the user.For example, newer databases such as Fastcase and Google Scholar have generated less relevant search results compared to older databases such as Westlaw and Lexis. Mart argues that search algorithms should be able to generate redundant results on whatever legal online database is used since lawyers need only the most relevant cases. However, because these engineers have biases and assumptions when developing their algorithms, users are recommended to use multiple databases in order to find out the cases that fit their needs.By no means does a single paper (or a dozen papers) imply that legal AI tools shouldn’t be used, but rather that their pros and cons are yet to be weighed out thoroughly. Bias is by no means specific to the legal field, as machine learning systems are always influenced by the data that they’re trained on.Readers with an interest in AI bias and the ethical considerations of discrimination by machines may benefit from reading our recent article in collaboration with the IEEE: Should Business Leaders Care About AI Ethics?EverlawThere has been a growth in the number of e-discovery product manufacturers that harness AI and machine learning. Everlaw uses its predictive coding feature to create prediction models based on at least 300 documents that were classified before as relevant or irrelevant by the user.The AI looks into the contents and metadata and uses such information to classify other documents. The company claims that the prediction model’s results can help users easily identify which documents are most relevant. It also recommends actions on the part of the user on how to improve the software’s predictive accuracy of the model.You can check a demonstration of Everlaw’s Prediction Technology feature in this video:DISCODISCO claims to deliver faster results using its cloud technology for document search on large data volumes. Similar to Everlaw, it also employs prediction technology to suggest which documents are most likely to be relevant or irrelevant to the user.The AI works by assigning scores on tags (on a scale of -100 to +100) in order to improve its prediction results. The software displays its search results with each document’s score and suggests which material is most likely useful for the reader. In the promotional video below, Dr Alan Lockett (DISCO’s Head of Data Science) explains the company’s technology in simple terms:CatalystDenver-based Catalyst markets its Automated Redaction product to help lawyers and legal reviewers remove sensitive and confidential information on documents. “Manual redaction”, as the company claims, is cumbersome considering the amount of time that a reviewer spends on locating content on a digital document and then applying black boxes on these statements.Their tool allows users to convert a document to digital format and then perform multiple sets of redactions for a single document by searching for a word or phrase. Users can also set patterns such as social security numbers on the software to be redacted. An overview of the Automated Redaction feature for e-Discovery introduces its uses.ExterroExterro’s WhatSun claims to combine the functions of a project management software with the capabilities of performing e-Discovery. In other words, users can perform their legal research and then collaborate with others using the software.According to one of Exterro’s law firm clients, they were able to cut down on redundant workers from 100 lawyers down to 5 when they started to employ the system. The software was able to perform the e-Discovery tasks of the lawyers at a 95 per cent cost savings according to the law firm. The company claims AOL, Microsoft, and Target among its marquee customers.Brainspace DiscoveryBrainspace Discovery clusters and sorts documents to match closely to a user’s document search. When finding documents, the AI employs concept search (searching for documents that are similar in concept but not necessarily in words or phrases), term or phrase extension (instructing the software to remove terms incorrectly associated with the results), and classification (specifying another category to refine the search). The topic of document digitization and search is explored further in our article on Document Digitization in Finance. The company claims that by combining these three features, the software can better deliver document search results closer to a user’s needs.Other AI-powered contract review platforms that cater to due diligence for legal professionals include:iManage’s RAVN whose M&A Due Diligence Robot is designed for M&A documents to automate the review process and extract data from cluster sets;LitIQ, which capitalizes on computational linguistics technology to reduce contract-related disputes (Gary Sangha, founder of LitIQ shares his thoughts on the relationship of machine learning and law in this interview);LegalSifter, which claims to cut time and financial costs through its AI software that looks for specific concepts in documents such as general terms and conditions and confidentiality agreements;Seal, whose software is used by Dropbox, PayPal and Experian, was able to reduce the time spent to 48 hours from 255 days by a utility company by searching for thousands of contracts with specific clauses according to their case study; andLuminance, which claims to be the only tool that searches and ranks unusual and anomalous documents and clauses for lawyers.While there has been a growth in the use of e-Discovery tools, its application has become a public issue in states such as California. In 2015, the State Bar released an amended Proposed Formal Opinion, requiring lawyers to have a decent knowledge on the to use the e-Discovery system or they will warrant discipline after being proven to have committed intentional or reckless acts. The State Bar also suggests that if a lawyer is incompetent on the facility, he should learn the skill, hire someone who’s knowledgeable, or just simply decline representation.Prediction TechnologyIn 2004, a group of professors from Washington University tested their algorithm’s accuracy in forecasting Supreme Court decisions on all 628 argued cases in 2002. They compared their algorithm’s results against a team of experts’ findings. The statistical model by the researchers proved to be a better predictor by correctly forecasting 75 per cent of the outcomes compared to the expert’s 59 per cent accuracy. Although in a separate industry with its own separate problems numerous additional use-cases of predictive analytics can be found in our article on Predictive Analytics in Banking. This article illuminates AI programs utilizing predictive analytics to solve real-world issues.Expanding the coverage from 1816 to 2015, Prof. Daniel Katz of Michigan State University and his two colleagues achieved a 70.2 per cent accuracy on case outcomes of the Supreme Court in their 2017 study. Similarly, Nikolaos Aletras of University College London and his team used machine learning to analyze case text of the European Court of Human Rights and reported a 79 per cent accuracy on their outcome prediction.Prof. Daniel Kantz, in his 2012 paper, stated, “Quantitative legal prediction already plays a significant role in certain practice areas and this role is likely to increase as greater access to appropriate legal data becomes available.”IntraspexionIndeed, several AI companies have ventured into this field such as Intraspexion, which has patented software systems that claim to present early warning signs to lawyers when the AI tool detects threats of litigation.The system works by searching for high-risk documents and displays them according to the level of risk that the AI has determined. When a user clicks on a document, risk terms as identified by subject matter experts through the algorithm are highlighted. According to the company, users can which documents put them at risk for litigation when they use the software.Ravel LawAnother tool, Ravel Law, is said to be able to identify outcomes based on relevant case law, judge rulings and referenced language from more than 400 courts. The product’s Judge Dashboard feature contains cases, citations, circuits and decisions of a specific judge that is said to aid lawyers in understanding how the judge is likely to rule on a case.The firm’s CEO, Daniel Lewis, affirms such claim in this interview when he explained that the Ravel Law can aid in litigation strategy by providing information on how judges make decisions.Lex MachinaLex Machina’s Legal Analytics Platform has a variety of features that are said to assist lawyers in their legal strategy. For example, the Timing Analytics feature uses AI to predict an estimated time when a case goes to trial before a specific judge.The Party Group Editor, on the other hand, allows users to select lawyers and analyze their experience before a judge or a court and the number of lawsuits they were involved in before, among others. In the video below, the product’s user interface is featured and sample analytics results are presented:PremonitionFinally, Premonition, which claims to be the world’s largest litigation database, asserts to have invented the concept of predicting a lawyer’s success by analyzing his win rate, case duration and type, and his pairing with a judge at an accuracy of 30.7 per cent average case outcome. According to the company, the product can also aid in looking at different cases and how long they’re going to take for each attorney.But similar to any analytics platform, AI tools that deal with predictive technology need a lot of data in the form of case documents to fully work according to Kantz. In an article, the model is described as “exceptionally complicated.” That’s because it needs almost 95 variables (with almost precise values up to four decimal places) supported by almost 4,000 randomized decision trees to predict a judge’s vote. Kratz admits that a database that will fully support his product is still not readily available except for a few ones that charge access fees to obtain data.Legal AnalyticsCase documents and docket entries provide supplementary insights during litigation by lawyers. Current AI tools claim that today’s software products are able to extract key data points from these documents to support arguments.Lex MachinaHogan Lovells litigation attorney Dr Chris Mammen uses Lex Machina’s Legal Analytics software to find out “who is the plaintiff, who is their counsel, who have they represented, and who else have they sued.”The software generates data that can be used to analyze an opposing counsel’s likelihood of winning or losing a case. He claims to save time through the analytics results when creating a narrative. “You send an email to the research department, get first results, iterate the process – that usually takes a day or more.”Intellectual property lawyer Huong Nguyen also used the software when she represented a generic pharma company. Using the Legal Analytics tool,, she found out that the judge’s history of ruling cases tends to favour cases like hers. Both parties settled in the end, which was a better resolution according to Nguyen.Ravel LawThe data can also be used in pitching a law firm’s services to potential clients by providing intelligence on the opposing counsel, generating values on the probability of winning the case and identifying litigation trends to use in their marketing campaigns.Apart from prediction technology, Ravel Law’s software also claims to provide lawyers with judges’ data on cases, circuits and ruling on their dashboard, which can be used in landing new clients. Currently, the company is bolstering its data minefield by working with Harvard Law School in digitizing the faculty’s US case law library to be made available on its tech platform.Settlement AnalyticsIt must be noted that legal analytics still has its limitations. Robert Parnell, CEO of SettlementAnalytics, explains in his paper that there is uncertainty in producing results with a high level of accuracy with this kind of technology. This comes in very small sample sizes after filtering, cognitive biases, the tendency to interpret random trends as valid patterns, and having a lot of data noise.Parnell opines, “Overall, the quantitative analysis of legal data is much more challenging and error-prone than is generally acknowledged. Although it is appealing to view data analytics as a simple tool, there is a danger of neglecting science in what is basically data science. The consequences of this can be harmful to decision making.”Document AutomationA McKinsey & Company report estimates that knowledge work automation will most likely be one of the top disruptors in the global economy.A screenshot from McKinsey’s report cited above. See the orange bar to the right of “2. Automation of knowledge work”Some law firms are also beginning to adopt such technology by drafting documents through automated software. Many such software companies claim that the final document, which could take days by manual human drafting, is generated in a matter of minutes. This technology is utilized in finance today; discover real-world banking-sector examples of the concepts outlined in this article.PerfectNDANeota Logic System claims that it's software PerfectNDA shortens the nondisclosure agreement (NDA) process by offering templates selected by AI according to a user’s scenario. The user answers questions and a pre-filled template is then generated. In addition, the software also features document filing and integrated e-signatures to streamline related manual processes involved in NDA drafting.Intellectual PropertySecuring patents, copyrights and trademarks is often best left to a lawyer’s expertise. However, the entire patent application process can be long and arduous. Traditional trademark and patent search, for example, involves looking into hundreds, if not thousands, of results through manual research. This takes so much time, which is ironic considering that patent applications are time-sensitive.According to US patent attorney Patrick Richards, “You only have one year from the first time the invention is publicly disclosed [i.e. sold] to file a patent application; if as a business owner you launched a product within the last year, you need to talk to a patent attorney right away to make sure it is protected.”TrademarkNowTrademarkNow is a company taking on some of the manual knowledge work of intellectual property application with AI. It uses a complex algorithm that is said to shorten weeklong searches for patents, registered products and trademark using the Trademark Clearance platform, which returns search results in less than 15 seconds according to the company’s claims.The system analyzes the results and ranks them according to relevance to the user as identified by the algorithm. As this many e-discovery applications, the solution promises efficiency of spent attention for legal teams.ANAQUA StudioThe cloud-based ANAQUA Studio, on the other hand, is specifically designed for drafting patents and prosecution. The company’s datasheet states that it’s the first patent application-drafting tool for lawyers that save four hours on provisional patent application and 20 hours and non-provisional types. The system is said to be able to detect document errors, circular claim references and formatting defects aside from automatically generating literal claims support.SmartShellSeattle-based TurboPatent released SmartShell to support paralegals performing document reviews, drafting, formatting and identifying issues on patent applications. The software uses AI and natural language processing to assist in creating legal claims.In a case study listed on TurboPatent’s website, two paralegals from the Pacific Patent Group used the software to perform document retrieval, bibliographic data research, examiner remarks review and rejection issues discovery. TurboPatent claims that Pacific’s paralegals were 500-800% more productive in their tasks when using SmartShell (thought the case study isn’t clear what exact tasks were relevant for the software, and which weren’t – we can assume that many paralegal tasks aren’t currently improvable with AI).A brief overview of how the product’s functions and value proposition can be seen in the 1-minute video below:Electronic BillingElectronic Billing platforms provide an alternative to paper-based invoicing with the goal of reducing disputes online items, more accurate client adjustments, (potentially) more accurate reporting and tracking, and reduced paper costs. Firms in the healthcare space are also utilizing AI for medical billing; this concept is further explained in our article Artificial Intelligence for Medical Billing and Coding.BrightflagBrightflag offers centralized legal pricing software that automatically adjusts line-by-line items. It also allows users to centralize the invoice review so that all documents submitted are routed directly to the correct approver. In addition, the AI provides analytics features by tracking and categorizing all pricing data to determine alternative fee arrangements (AFA) and budgets.The company claims that its average client reduces administrative costs related to payment management by 8 to 12 per cent by using the platform’s assisted review feature. The company lists telecom giant Telstra and ride-hailing company Uber among its current marquee clients.SmokeballSmokeball’s cloud-based legal practice management tool automates the recording of time and activities by law firms. One major feature of this tool is the capability to track all activities including emails that are valid for billing. It claims to have automated more than 600,000 forms and managed over 10 million documents according to its website. The video below explains Smokeball’s software:

IntroductionCybercrime is one of the major crimes that have taken the world by a storm. It is criminally influenced by the hackers who gain unauthorized access to the personal data of the people and thus, leads to online trickery. The primary cause behind cybercrimes is a dereliction of duty on the part of the people who overlook the security of their devices. The era of the internet is a new era. The cyber crimes may range from harassment, exploitation, cyber stalking and many others. As the world is getting advanced day by day, the people are getting equipped with digitalization and the people are almost getting addicted to it. Terrorism is one such mal-activity that is conducted through the internet. In a way, cybercrime is the result of cyber or internet addiction. The crimes conducted through the internet are mainly high profile in which the identity of the criminal always stays hidden from the world. In the course of time, what happens is that the personal information of the people is being misused and played with and is thereby, used for various illegal purposes. It might be used in creating fake email identities and conducting cybercrimes through that. Cyber bullying is one more kind of cybercrime which refers to the sending of threatening and intimidating messages to the people concerned. Cybercrime is expected to affect the world in a spare of $7.9 trillion approximately (Clough, 2015).As per a report established in 2014, the effect and harm that cybercrimes caused to the global economy was $500 million approximately (Lusthaus, 2016). A recent survey has revealed that approximately 27% of the people use the internet and they have been hacked once in their lives. The different types of cybercriminals include phishing scammers, cyber terrorists, and identity thieves who have specific watchwords for the online trickery. Even the antivirus software is unable to provide protection to the computers concerned and thus, they become the tool of committing crimes. Approximately 76% of companies were affected by malware worldwide in 2018. The internet protocol address should not be revealed at any cost to anyone. The cyber police and the cybercrime cells are there in order to stop the illegal activities.Federal Bureau of Investigations (FBI) and the Central Intelligence Agency (CIA) are the two government facilitated agencies that look into the matters of cyber crimes and severely penalize the offenders. The Cybercrime Prevention Act of 2012 aims at putting a stop on the crime that is conducted through the internet. Thus, it is evident that cybercrime is the world's biggest criminal entity. Hence, the essay explores certain areas, which need to be highlighted, justified and studied briefly. The essay explains the progressive view of the all time trend observed in cybercrime. Additionally, the effect of the trend on the world, solicitation of legal and legislative contemplations and the prognosis of the future happenings and implications are explained here.Evolutionary View of the TrendAccording to a report in 2014, the yearly damage of the financial condition of the world was $445 billion. In the year 2012, $1.5 billion was lost in the credit of online credit and cheat debits in the US. However, the methods of doing crimes through the medium of web are constantly changing with every passing of time. The experts who examines things in this field of web that is dark and is yet not authorized reveals that traders who are engaged in these acts has very little or eve no records of importance. Many people who are engaged in such crimes directly or indirectly to the crimes of the web are new comers. They seem most likely not to have any record of crime or even a record of doing anything wrong (Clough, 2015). A study shows that various numbers of students ranging from various campuses began to direct themselves to the dark side of the web for buying in addition, selling of drugs and narcotics, which are illegal. However, with the passing of time, the criminals of the web are changing their techniques of spoofing. They are using more technology advanced techniques that are focused to attract their victims in controlling situations or information’s that are very emotional and can be negotiated The criminals of the web do not do their crimes depending on the primary features that were easily recognizable for the social engineering (Glatfelter et al., 2019). Examples of such techniques are the URLs whose spellings are wrong. Another tactics that was generally used in the tradition method by the criminals was the method in which the Princess of the Nigeria who was keeping her heritance to us. In the recent times, the criminals now study the victim who is targeted thoroughly. They tend to use the advanced form of Malware and Trojans to gather the information is which include the facts that are sensitive like the social protective numbers, details of the insurance policies and the credentials of the bank (Gupta et al., 2018). The method of Encryption and Anonymization on the web is the recent trend. It has become very difficult for the agencies of the law to compete with the criminals of the web who uses the new and the unnamed techniques of technology. The process, which includes anonymization, is as efficient as encryption because it gives allowance to any facts that is available to become intractable to the user. In such cases, the acts of the criminals become very difficult to be recognized by the people of law who tend to detect and correct it. In the traditional time, the individuals generally did the crimes. However, the recent study states that the gangs of an organization are doing the large number of crimes. Since the last 30 years, the cybercrime is constantly changing from being in a conservative association to a more modern and disciplined style of selling. One example of this kind is the “Fraud as a Service” (FaaS). Many groups of hackers have recently become disciplined because of which they are considered equal with many states with their capability of getting or even penetrating inside one’s system (Srinivas et al., 2019). With the passing of time, the use of technology has also increased. Every one of us is connected to the internet. Therefore, everyone who is connected to a device that is associated with the web becomes the target of cybercrime. A relation between crimes and devices connected with the web can be seen in relationship to one another. For example, the attack of the IoT by Mirai Botnet, which left the entire accessibility of the Web of the East Coast of the US, can be taken here. With the increasing number of digital sphere, the chance for cyber crimes is also increasing largely. The state has developed cyber crimes, which is assumed the new strategy of the state. More than 20 countries have developed this new strategy. In the year 2014, North Korea charged the Sony Pictures Entertainment and even stole the gigabytes of May information is which they later posted it online. The recent example of this kind is “NotPetya malware” attack that is done against the Ukraine by Russia in the year 2016. With the trend of cyber proxy wars that are waged among the nations, the world or cybercrimes is also changing (Rashid et al., 2018).Implication of the Trend of the World That We Live InA study says that more than 1.5 million people becomes the victim to some kind of cyber crime every day that varies from stealing the passwords which are most simple to the excessive defraud of money matters. With a general loss of $197 per individual, this sum up to $110 billion dollars loss in regards to cyber crime every year. As the customers are getting wiser and are becoming able to understand the new techniques of the cyber attacks that belong to the earlier tradition, the criminals belonging to the cases of web are developing themselves with enhanced technology. It includes social network and the mobile devices to maintain their illegal opportunity flowing. If the focus on the cyber security is not maintained, the company leads to various kinds of losses. The economic cost of such attacks is directly connected to the business. Examples of such kinds are the stealing of the information’s of the corporate world, severance of business or even repairing the systems that are affected including that of the economical loss. Limited faith in the effects of the cyber security in the business sector, the customers will be more determined to look into matters outside. It will result in the loss of profits and sales. All the business companies must ensure that everyone who is involved in the company is in par with the latest form of security of the web (Lusthaus et al., 2016). The best way of doing this is through the daily training of all staffs as well as utilizing a structure to work forward with a goal, which aims at achieving an ideal. It will eventually assure that the danger of the data breach is to its minimum. A close related trend is that companies will no longer deal with networks that will belong to the closed space and that were first organized and managed by the administrators of the IT department. They will rather work in networks that can be used by all its employees. The requirement of being able to work anywhere according to one’s own wishes depends on how the information’s are being handles or are even accessed. The resources that are considered in the substantial are put into better safeguards of technology. It is important but as the same hand, the employees must be conscious of the dangers and risks related to it. The employees must therefore use the information’s that are provided with full of protection. In relation with the attacks of technicality, social engineering is currently the most important and influential way of using the asset of the company. Helpful, friendly and even unaware employees will continue to work in the upcoming years that are coming ahead. Proper training of the employees on various levels will therefore become most important form of security and protection for the business company’s and various organizations (Abdo et al., 2018).Application of the Legal and Legislative Considerations in Relation to the TrendCompeting with the cybercrime is a challenge in itself because with every passing of time, it is constantly developing. According to ZDNet in 2014, the groups of the cyber crime have capabilities of technology that is equal to that of the nation. These groups clearly show that they can defeat almost any kind of defense of the web. Crimes in the economical cyber space presently occur at the industrial level. The department of the homeland security moderates the National Cyber security and Communications Integration Center (NCCIC) The organization calls it the “a24*7) awareness of the cyber regarding the responses of a certain incident. It is also considered as an organization that is a worldwide circle of cyber and communications, which is in association with the Federal Government, organization of intelligence and execution of the law. The organization has four branches. However, what most interests the readers is ICS- CERT and US-CERT. One of the most important products of the US-CERT is the Cyber Security Evaluation Tool, which is software of the desktop that helps its users through minute process to avail the system of control and the network of the information technology that works against the standards of the industry. ICS-CERT has many products that can be considered as useful. One of the most important products among it is its system of Alert, which provides with information on time to the owners and moderators of very critical infrastructure. These notifications are based on warnings to the networks of the crucial infrastructures. Another important product is the Advisories that give data about the recent matters of security, exposure and matters of exploitation (Linkov et al., 2019). The ICS-CERT Monitor is the newsletter for them who are committed in the security of property of crucial framework. However, many other Reports, which include the Technical Information Papers (TIPS), Annual Reports (Year in Review) and the outcomes of the third party such as the ICS-CERT, are of the belief, which are of interest to the individuals committed in securing the control system of the industry. DHS also manages the publicity of the stop, think, and connect which focuses on spreading awareness of the people in general about protecting against the hazards of the cyber. The tool of the stop, think, connect which carries the products that are useful to everyone. It also contains a set that is specially designed for the industry only. The government has also developed an organization called the FBI. One of the most important functions of the FBI is its protection against the cyber and other crimes that are done by the use of high technology (Jazi et al., 2017). The service branch of the criminal and cyber response, which examines many types of crime and supervise the crimes that are computer orientated that is related to the terrorism, intelligence and crime threats in contrast. The joint task force of the national cyber investigation is a group of members who are from the twenty different agencies ranging from the application of the law, the organization of intelligence and even the organization of defense. The command of the cyber in the United States is a classified command, which is under the strategic command of the U.S with four important parts like the command of the army cyber, the command of the cyber fleet, the air force cyber and the warfare group of the water corps. The aim of these is to cover the three priorities according to their strategy that is to operate and even justify the information of the network of the DOD, produce impacts that are against our competitor and even design, create and deliver interspersed abilities for the fights in the future. Another organization that is created by considering the legal considerations in relation to the cyber crimes of the recent trend is the organization of the NSA. The primary mission of the national security is the intelligence of the foreign and protection of the government system of the U.S against the unwelcomed entrance, it even involves research and training and domestication and works with other organizations like the DoD and the group of intelligence. It also includes industry through a program of transferring technology. The cyber attacks have been bad to the companies, which is involving IoT’s of losses in millions of dollars. Still the governments across the globe have-not made great stamp in protecting the assets of the digitalism of their respective citizens. It seems like the security of the cyber has been the backbone by some governments while giving others more importance. Cyber security is not considered as an issue of nationality that could probably be destructive as a strategy. Apart from the world that is changing, the nature of the crime has also changed and became unacknowledged. The actions of robbery, extracting, blackmailing, trading that is illegal etc has now become hacking, ransom ware, blackmailing done through the online sources and the trading through the dark web. In the world where everything is in a state of danger done through the source of net, the best practices of the cyber security should be at the top point of importance for any individual or company to maintain the assets of the world of digitalism. Various laws known as the cyber law or the IT law is also made for this purpose. The most important function of the cyber law is that it covers all the transactions done through the internet. It even keeps an eye on all the activities processed through the web; it includes all the reactions and the actions that are in connection to that of the cyber space (Dawson et al., 2018). The purpose of such cyber laws differ greatly. Some of the laws greatly explain the limitations by which the companies and the individuals must operate and function with computer and the internet. There are many other laws, which are made to protect people from becoming a victim of the cyber crime through the illegal activities of the web. The major sectors of the law are copyright, demotion, fraud, the freedom of speech, secrets of trade, harassment, stalking, and the contracts and the laws of employment. The cyber laws are mainly meant for the customers for the protection from the fraud cases that works online. Stealing someone’s identity might often leads to severe danger. There are lawyers who work to justify and contest against the accusation that has been brought forward. The IT act also points out the important facts of security, which are very important for the success of the transactions of the electronics (Chaudhary et al., 2016). The state government has aimed at improving the cyber security by making increasing visibility of the public firms with the help of weak security. In the year 2003, California regulated the notice of the security breach act, which becomes essential for any company to reveal the details of the event. Information’s that are personal includes the security number, name, financial information, credit card number and even the driver’s license number (Ekstedt et al.,2015). May other states have just superseded the example of California and proceeded with similar security breach regulations. The US Congress has recommended many bills that grow upon the regulation of the cyber security (Chowdhury et al., 2016). The information and protection security act enables the agents of data has to ensure the exactness and confidence. Congress is also focusing on bills that criminalize the attacks of the web to improve the cyber security. On May 12, 2011, the President of US, Barack Obama addressed some reforms related to that of the cyber security to secure the cyber security of the people of the US, the federal government and the infrastructure that is considered crucial. In the year 2012, Susan Collins and Joseph Lieberman addressed the cyber security act of 2012. The bill requires establishing independent standards of practice of the best order for the security of the main structure from the attacks of the web. The federal government has tried to increase the cyber security by providing more materials ad products for examination. It is even combining with the private field to create ideal standards. In the year 2003, the president’s strategy of the national level to protect the cyberspace, made the department of homeland security responsible for the suggestions of security and for the examination of national solutions. In regards to the hacking of the website of the Indian space agency’s commercial arm in 2015, the government’s program of the digital India and the expert and the spokes person at the supreme court of India, Pavan Duggal claimed that a more focused cyber protection legislation as a opening concern for India. It is just not acceptable to put cyber protection as just a part of the IT Act (Chen et al., 2019).PredictionThe criminals who are doing crime with web are using tools that are in technologically advanced in addition, expandable tools to split the privacy. New malware samples of around four in number were created in every second (Chang et al., 2018). One of the most successful attacks of the dealer is the method of phishing, as most of its sites remain online for just four to five hours. The users are reporting report of 17% of phishing attacks by the users while it is seen as a action of low risk. At the present scenario, only 65% of the URLs are regarded as trustworthy. This establishes a constrict on both the consumer and any activity which has a presence of being online. The year 2020 will be known for advanced form of phishing attacks in regards to the number of phishing kits that are available in the recent scenario (Clough, 2015). These kits provide people with only knowledge of the basic technical level that helps in the running of the phishing attacks. With the increasing number of tools, phishing will develop into being a attack which is more dangerous and full of risks. The attacks of the remote are increasing in number. They are even becoming more disciplined and advanced. One of the major categories of attack done via the remote in 2018 was crypto jacking. It mainly aimed at the owners of the cryptocurrency. This is another kind of an attack that scared the devices of the highest perimeter. According to the facts of the threats intelligence, attacks that are accessed through the remotes are the kind of attacks that seems to target the vectors in a home, which is connected with the internet. Hackers tends to target the computers, mobile phones, internet connection, cameras and storage devices attached through the network as these devices usually have mediums that are open and attached to the network that are external or generally to the internet (Carr et al.,2019). According to Gartner, the industry in which the things utilized by the consumer, is assumed to grow to more than seven billion operating devices by the end of the year 2020. Many customers as accountable do not consider the operating devices of the IoT because a particular segment of them does not have a user conjugation. These causes can develop many problems based on knowing or understanding the kind of facts that the device accumulates or even operates. The devices operated through the IoT are not only collecting the information’s of the users, they are developing themselves as a point of entry for an attacker or even a device /tool to drive a attack of the DDoS. The devices of the Lot are not designed with full of protection because putting a aim on protection will consequently enhance the expenses of production and maintenance. According to CUJO AI facts of the intelligence threat, about 46% of the types of attack that the devices endeavors are traditional attempts of access and 39% are used for identifying the framework of behaviors. With the aggressive enhancement of devices that are connected at home, these kinds of threats are most expected to increase in number. One of the most general attack courses to the mobile devices are in relation to the method of browsing devices that are unprotected. According to RSA an account of more than 60% of net that is not from the genuine sources is taken through the frameworks of mobile and 80% of the cheating done through the mobile device is accomplished by the applications that are stored instead of the internet based browsers of the mobile. Majority of the people used their mobile devices to maintain the economical functions or even take care of the information’s that are sensitive and that lies outside the protection of one’s own network belonging to that of the home. Therefore, this becomes a major threat. One of the most common fact is that users generally tends to keep all their information’s on their mobile phones and recently these smart phones are used as the authentication done by the two factors. It is considered the most important tool of the cyber security that is being used widely (Benson et al., 2019). It increases the danger of protection if the device of operation is lost or even stolen by someone. By the year 2020, the IoT industry is assumed to be enhanced to more than seven billion devices. With the advancement of technology using the AI in the attacks of the web will eventually grow to be very dangerous and a popular kind of trend. By the year 2024, we are going to see a rise in the cyber crime of about 70 percent (Ivy et al., 2019). The main reason behind the enhancement of the crime will be the artificial intelligence. It is because not only the companies will mostly utilize the AI in the future but also because the criminals will be using the technology to set in motion the advanced form of the web attacks. However, all these are just as per our assumptions. It is simply created based on the record of the cyber threats. As the cyber attacks continue to remain active, they tend to become more advanced in their own field and knowledge (Albertson et al., 2018). The consequent result will be that they will be eventually have all the organizing control over all the facts, information’s and the whole networks in general. The situation will arise as such that it will become a impossible task to stop them. The standards of the global education will consistently be enhanced in the progressing markets. As a result, many individuals who are proficient in technology might have to turn back their talent to the community of the black hat unless the developing economical market tends to support the talent pool of technologies. In the future, the progressing countries as well as the other group of organizations will progressively see the cyber warfare as a chance to be a player globally which was not a sphere that one could sustain in the traditional time (Chen et al., 2019). The future of the cyber security will face great challenges in the upcoming future. It will face new headlines, threats and solutions. However, one of the greatest challenges that will be faced is the huge sport of catching up. As new dangers will be appearing, the companies and the organizations must therefore update their solutions so that the problem can be fixed. However, the hackers will mostly use this new technology to their preceding anyhow. Thus, the skill gap of the cyber security must decrease and people and the organizations must have huge knowledge of the process to protect and secure those (Akbari Roumani et al., 2016).ConclusionWith the advancement of technology, the world of the web is constantly developing. It is bringing many profits to business organizations as well as many benefits to individuals. People are being more dependent on the world of web as it is making things easier. It is therefore becoming the main target for the criminals to do their crimes. The personal information’s are being targeted. The criminals are constantly developing themselves with new forms of technology to seek the private information’s of individuals and companies. The awareness of how the criminals are stealing the information is becoming a matter of great importance. Anybody and everybody who uses internet can actually become a victim. Therefore, the role of cyber security is very important in solving the problems of cyber crimes. It is also meant for the protection and security of the individuals and organizations. The Government for the protection of cyber related attacks forms various rules and organizations. However, the rates of the cyber crimes are constantly progressing with every passing day. It is assumed to become unstoppable in the upcoming future. Therefore one must be aware and be protected from the attacks of such kind. Everybody must share the responsibility of securing the cyberspace. In this way, one can stay in a better world with full of benefits from the technology rather than falling a victim to it.ReferencesAbdo, H., Kaouk, M., Flaus, J.M. and Masse, F., 2018. A safety/security risk analysis approach of Industrial Control Systems: A cyber bowtie–combining new version of attack tree with bowtie analysis. Computers & Security, 72, pp.175-195.Akbari Roumani, M., Fung, C.C., Rai, S. and Xie, H., 2016. Value analysis of cyber security based on attack types. ITMSOC: Transactions on Innovation and Business Engineering, 1, pp.34-39.Albertson, J., Hildebrandt, M., Singh, H., Sankar, S., Ducott, R., Maag, P. and Kimball, M., Palantir Technologies Inc, 2018. Cyber security sharing and identification system. U.S. Patent 9,923,925.Benson, V., McAlaney, J. and Frumkin, L.A., 2019. Emerging Threats for the Human Element and Countermeasures in Current Cyber Security Landscape. In Cyber Law, Privacy, and Security: Concepts, Methodologies, Tools, and Applications (pp. 1264-1269). IGI Global.Carr, M. and Nye, J., 2019. From Nuclear Weapons to Cyber Security: Breaking Boundaries. In Technologies of International Relations (pp. 87-96). Palgrave Pivot, Cham.Chang, L.Y., Zhong, L.Y. and Grabosky, P.N., 2018. Citizen co‐production of cyber security: Self‐help, vigilantes, and cybercrime. Regulation & Governance, 12(1), pp.101-114.Chaudhary, P., Gupta, S. and Gupta, B.B., 2016. Auditing defense against XSS worms in online social network-based web applications. In Handbook of research on modern cryptographic solutions for computer and cyber security (pp. 216-245). IGI Global.Chen, M.J., LGS Innovations LLC, 2019. Methods and systems for enhancing cyber security in networks. U.S. Patent Application 10/305,935.Chen, T., Hammer, J. and Dabbish, L., 2019, April. Self-Efficacy-Based Game Design to Encourage Security Behavior Online. In Extended Abstracts of the 2019 CHI Conference on Human Factors in Computing Systems (p. LBW1610). ACM.Chowdhury, A., 2016, October. Recent cyber security attacks and their mitigation approaches–an overview. In International conference on applications and techniques in information security (pp. 54-65). Springer, Singapore.Clough, J., 2015.Principles of cybercrime. Cambridge University Press.Dawson, J. and Thomson, R., 2018. The future cybersecurity workforce: going beyond technical skills for successful cyber performance. Frontiers in psychology, 9.Ekstedt, M., Johnson, P., Lagerström, R., Gorton, D., Nydrén, J. and Shahzad, K., 2015, September. Securi cad by foreseeti: A cad tool for enterprise cyber security management. In 2015 IEEE 19th International Enterprise Distributed Object Computing Workshop (pp. 152-155). IEEE.Glatfelter, J.W., Kelsey, W.D. and Laughlin, B.D., Boeing Co, 2019. Cyber security system with adaptive machine learning features. U.S. Patent Application 10/419,468.Glatfelter, J.W., Kelsey, W.D. and Laughlin, B.D., Boeing Co, 2019. Cyber security system with adaptive machine learning features. U.S. Patent Application 15/647,173.Gupta, B.B. ed., 2018. Computer and cyber security: principles, algorithm, applications, and perspectives. CRC Press.Ivy, J., Lee, S.B., Franz, D. and Crumpton, J., 2019. Seeding Cybersecurity Workforce Pathways With Secondary Education. Computer, 52(3), pp.67-75.Jazi, H.H., Gonzalez, H., Stakhanova, N. and Ghorbani, A.A., 2017. Detecting HTTP-based application layer DoS attacks on web servers in the presence of sampling. Computer Networks, 121, pp.25-36.Linkov, V., Zámečník, P., Havlíčková, D. and Pai, C.W., 2019. Human Factors in the Cybersecurity of Autonomous Cars: Trends in Current Research. Frontiers in psychology, 10, p.995.Lusthaus, J., 2016. Cybercrime: the industry of anonymity (Doctoral dissertation, University of Oxford).Rashid, A., Danezis, G., Chivers, H., Lupu, E., Martin, A., Lewis, M. and Peersman, C., 2018. Scoping the cyber security body of knowledge. IEEE Security & Privacy, 16(3), pp.96-102.Srinivas, J., Das, A.K. and Kumar, N., 2019. Government regulations in cyber security: Framework, standards and recommendations. Future Generation Computer Systems, 92, pp.178-188.

December 2020 © 2020 OSET Institute, Inc. All rights reserved. 1Position Paper | December 2020Analysis of Recent Navid Keshavarz-Nia AffidavitA Fact Check1. ContextThis is an analysis, requested by several, of the technical veracity of Navid Keshavarz-Nia’s November 25th 2020 Michigan federal lawsuit affidavit (Civil Case No. 20-13134).1While the lawsuit seeking to overturn the state’s election results failed in a ruling2 onDecember 7th, the case could be appealed and therefore, the substance of the affidavitwill likely remain at issue—at least in the court of public opinion. Therefore, thisanalysis remains meaningful, relevant, and timely.In sum and substance, the affiant asserts his "belief" that adversaries conducted asuccessful cyber operation on at least one election office's Microsoft® Windows®personal computer system running the Election Management Software (EMS)component of a Dominion Voting System’s product, and used the resulting access to theEMS's data to modify that data, and furthermore, to do so in a way that created a falseelection result. While plenty of media has given attention to this lawsuit and itsassociated affidavits, we focus our analysis on the technical issues of the Keshavarz-Niaaffidavit, due to the affiant’s reference to comments from OSET Institute leadership insaid affidavit.Generally, the affiant’s claim is barely credible in terms of possibility; possibility is notfact; that is, that a cyber attack actually occurred, or that it succeeded in falsifyingelection results.3 Recently, fifty-nine computer scientists and engineers andcybersecurity experts wrote an open letter on these matters that our leadership fullyendorsed. An important point was made in that letter:“Anyone asserting that a U.S. election was ‘rigged’ is making an extraordinaryclaim, one that must be supported by persuasive and verifiable evidence. Merelyciting the existence of technical flaws does not establish that an attack occurred;much less that it altered an election outcome. It is simply speculation.”41 https://www.courtlistener.com/recap/gov.uscourts.mied.350905/gov.uscourts.mied.350905.1.19.pdf2 https://www.courtlistener.com/recap/gov.uscourts.mied.350905/gov.uscourts.mied.350905.62.0_3.pdf3 There are many well-known security vulnerabilities of the Microsoft Windows operating system as wellas of features of voting system products that were not designed for defense against national state adversaries.4 See: Election Security Experts Contradict Trump’s Voting ClaimsDecember 2020 © 2020 OSET Institute, Inc. All rights reserved. 2If such an "election result falsification" occurred in the manner alleged, the incidentwould not only be a major national security incident, but also an attack on the integrityof U.S. elections writ large.Determining the truth or falsehood of the claimed cyber-attack would be a complexundertaking. However, much simpler methods are available to determine whether thepublicly stated election results are true results from counting paper ballots. The ballotsthemselves can be consulted to determine the true election results, either by a risklimitingaudit with manual inspection of a statistically sound sample of the ballots, or byway of a manual inspection of all of the ballots.If such an inspection concluded that the publicly stated election results are the trueresult from the ballots, then the issue of the alleged cyber-attack becomes moot, withrespect to the integrity of the recent election's results: whether or not a cyber attackoccurred, the election results would be known to be true.In that case, the alleged cyber-attack would remain a very important allegation toinvestigate, as a matter of national security, of the cyber security of our election criticalinfrastructure, and of international policy where a true cyber-attack—regardless of thelack of practical consequences—must be understood for appropriate counter measures tobe undertaken.If the publicly stated result is found to be the true result, then investigation of the cyberattackallegations can be undertaken through normal channels, with no furtherconnection to the integrity of the elections' results.If the publicly stated result does not match the actual ballots, then investigation isrequired both on the cyber-security front and into the detailed records of the elections'operations, where erroneous results could have been created from any of several causesfrom human error, to insider abuse, to nation state adversaries' cyber operations.The main purpose of routinely performing post-election audits is to insist on evidencebasedelections. In the absence of evidence of malfeasance, we must avoid givingcredence to unproven theories that could undermine confidence in U.S. elections, to thebenefit of our adversaries who use disinformation techniques to attack our national unityand sovereignty.2. Executive SummaryThe affiant offers only opinion to support his beliefs. Several of the points simply restatepublic knowledge about voting system technology security vulnerabilities that, by theirexistence alone, do not indicate the occurrence of a successful cyber operation that a)compromised election management systems (EMS) and b) also created a false electionresult. The litany of eleven statements in point #15 incorporates a variety of claims ofDecember 2020 © 2020 OSET Institute, Inc. All rights reserved. 3misbehavior, none of which appear to involve a cyber operation against a DominionVoting Systems EMS (“Democracy Suite” or other).The affiant is mistaken on a number of matters of fact (notably on the Philadelphiaincident that did not involve Dominion products or services at all) that are restated asessential points of his conclusions. Despite his assertions of credentials and education inpoint #2, affiant also appears to lack basic understanding of:• Cryptography;• Standard IT practices in data backup, archive, and recovery;• Internet Protocol (IP) network traffic recording (logging);• Public information about the Dominion Voting Systems EMS product;• Absentee ballot validation processes and anonymity of counted ballots; and• Legal requirements on the election officials’ duties in locally administeringelections that combined local, state, and Federal contests.In addition to the basic claim of belief in a cyber operation, affiant also makes broad andunsubstantiated claims of malfeasance by election officials (point #15, item “k”), as wellas unspecific election fraud crimes in addition to the cyber-crimes of the believed cyberoperationon the Dominion Voting Systems (hereinafter “DVS”) EMS, both claimed tohave occurred in every “battleground” state, without specifying the states in which theelection fraud occurred.3. Point-by-Point AnalysisPoints 1—3. These are personal assertions about credentials and experience.The only, perhaps threshold issue here is that the affiant’s claimed credential from thecorrespondence university, CalSouthern University: a “Ph.D. in Management ofEngineering and Technology” is a degree not offered by CalSouthern University.Point 4. Reference to pre-existing unsubstantiated theories of “Hammer andScorecard” that have been repudiated by DHS CISA and debunked by several factchecking sites.This is an irrelevant point regardless of its mendacity. Whether or not “Hammer andScorecard” exists, there are other publicly attested methods to attack the Windowsoperating system on which that DVS EMS operates. Indeed, the affiant refers tonumerous of publicly attested “reference attacks” starting in point #10 and later. There isample record of attackable vulnerabilities—although not the use of them in any actualcyber operation against election systems—regardless of the existence of so-calledHammer and Scorecard tools. The affiant’s use of unsubstantiated theories, unnecessaryto support his beliefs, undermines the affiant’s credibility.December 2020 © 2020 OSET Institute, Inc. All rights reserved. 4Point 5. Personal Assertions/ClaimsPoint 6. Affiant references a “covert backdoor” that is in fact an overt feature forremote-access software support, described on page 33 of “2.02 Democracy SuiteSystem Overview, Version: 5:.11-CO::7” published for public access on the web site ofthe Colorado Secretary of State.It is well known that abuse of remote-access capability can result in unauthorized accessto the Windows OS and hence any application software (including, but not limited to,DVS EMS). “Discovery” of this documented feature is unnecessary to support a claim ofthe possibility—although not an actual cyber-operation—of remote access as a vector forcyber attack. Affiant’s claim to have “discovered” remote access, and mischaracterizing itin a way that is not required and unnecessary to support his beliefs, undermines theaffiant’s credibility.Point 6. Affiant references as a backdoor for “illicit activities” a DVS EMS feature that ispublicly documented in the document he references.Using a public document to support a claim of a cover backdoor, when the capabilitybeing described is really a product feature, undermines the affiant’s credibility.The product feature in question is described on pages 42 and 43 of “2.02 DemocracySuite System Overview, Version: 5:.11-CO::7” and is for the addition of votes—a requiredproduct feature for the data entry of votes that are counted manually, and required to beadded in order to complete the vote totals.The manual count of ballots (typically a very small portion of total ballots) is permittedin several states, and indeed required in at least one, New Hampshire, where manualcount is prescribed for the ballots of military/overseas voters (“UOCAVA voters”) usingthe Federal Write-In Absentee Ballot. The affiant’s claimed “shifting … deleting …adding votes” is required for manual data entry of votes, including editing the data entryof those (shifting, deleting) in the case of operator data entry error. In fact, it would be apoor product feature to allow the addition of manually collected votes by an operator,but not allow the operator to undo or correct erroneous data entry.The claim that such data entry “can take place through the Internet” is predictable,considering that DVS EMS runs on an ordinary Windows PC that could be connected tothe Internet and accessed via remote-access capability. Although such remote access istheoretically possible, it is also against standard election security practices, and in somestates (including California) election law forbids the connection of voting systemcomponents to a network. To point out a technical possibility—but not present anyspecific actual abuse of remote-access—without the knowledge of typical electionsecurity practices, again undermines the affiant’s credibility.December 2020 © 2020 OSET Institute, Inc. All rights reserved. 5Credibility is further undermined by the entirely counterfactual claim that Internetactivity can occur “without a trace” when in fact network monitoring tools routinelyrecord Internet Protocol data. A technology professional, with the credentials andexperience claimed in personal statements #1, #2, #3, and #5 would absolutely be awareof and understand this basic fact of IP networking, which indicates that affiant eitherlacks those claimed capabilities, or is ignorant of basic networking knowledge, or ismendaciously omitting basic facts as they negate the scenario the affiant is attempting toportray.Point 7. Affiant makes allegations about Scytl SOE and data transfers.The Scytl SOE product is not a voting system product, but an unofficial elections resultsreporting product that consumes vote-tally data from any voting system product(including but not limited to DVS) and publishes the data in human consumable form,for public online reporting of unofficial election results.There is nothing remarkable about the transfer of DVS data to an election resultreporting system, nor about the reporting system duplicating the results data in adisaster recovery center. The affiant’s belief that 2020 data was transferred to Frankfurt,is irrelevant to fact that unofficial election results reporting data backup is routine.Affiant’s unawareness of election results reporting practices, and standard data backuppractices, undermines his credibility and highlights unawareness of election operationsand IT operations, despite the capabilities made in the personal statement points #1, #2,#3, and #5.Point 8. This is a recitation of older and debunked conspiracy theories, coupled with theaddition of “intelligence reports indicate…” that is otherwise unsubstantiated.The affiant’s reference to supposed intelligence data that would be classified if it existed,suggests either that the claim is false or that affiant is disclosing classified information,again undermining his credibility. In addition, DVS has stated it has no ties to anyforeign government.Point 9. This is an inaccurate recitation of the evolving history of the corporate structureof Dominion, coupled with a belief that the corporate structure was created to impede“investigators” without stating the topic of investigation or the organization performingthe investigation.In fact, Dominion disclosed its then current corporate structure (which does not includeSmartmatic) in 2017 in response to inquiries by the Senator Wyden in a series of writtenquestion-and-answer that started on 31 October 2017.5 The affiant’s reliance on an5 https://www.wyden.senate.gov/news/press-releases/wyden-questions-voting-machinemanufacturers-on-security-measuresDecember 2020 © 2020 OSET Institute, Inc. All rights reserved. 6undisclosed source (i.e., “Reports show…”), and ignorance of public statements, furtherundermine the affiant’s credibility.Point 10. This is another statement of public fact about a certain type of voting systemvulnerability that does not indicate the actual use of the vulnerability in a cyber attack.Point 11. This is another statement of public fact about a certain voting systemvulnerability that does not indicate the actual use of the vulnerability in a cyber attack.Notably, affiant seems unaware that the systems tested at DEFCON 2019 did not includethe DVS EMS—which is the system that affiant believes was the target of a successfulcyber operation. We observe that the DEFCON test results on non-EMS systems is bothirrelevant to a recitation of DVS EMS vulnerability, and unnecessary, since the EMS runson an ordinary Windows PC with well known vulnerabilities.Point 12. This is about the Philadelphia USB memory hardware theft and misuses OSETInstitute leadership comments in an Associated Press interview.Leaving aside affiant’s speculation about the contents of the stolen equipment, affiant’sbelief (i.e., that contents facilitated EMS remote access) displays complete ignorance ofa) how EMS remote access is performed via industry standard remote-accessauthentication; and b) the fact that possession of cryptographic keys from USB devices isnot required, as affiant should know from reading the DVS documentation the hereferences. Affiant’s credibility is further undermined by these facts:• The Philadelphia incident took place in October 2020, not 2019.• The Philadelphia incident did not involve Dominion Voting Systems; it involvedES&S.• According to ES&S, the USB devices use multiple levels of encryption and are“married” to single voting machines during programming. ES&S further stated thatthey immediately cut the devices off from the vendor’s network upon learning of thetheft.• Affiant’s claims (to have analyzed the “contents” of various voting systems’cryptographic keys) indicate a basic lack of understanding of cryptography:cryptographic keys do not have “contents,” but are simply randomly generatednumbers. (This assertion alone disqualifies the credibility of the affiant writ-large.)In addition, examination of the OSET Institute’s Edward Perez’s full remarks6 indicatesthat affiant misconstrued those remarks as being connected in any way to EMS remoteaccess.6 https://apnews.com/article/voting-machines-voting-custodio-elections-philadelphiaf8a6453dc9e211ef20e9412d003511b1December 2020 © 2020 OSET Institute, Inc. All rights reserved. 7Point 13. This is another statement of public fact about voting system vulnerability thatdoes not indicate the actual use of the vulnerability in a cyber attack.Congressional members expressing concern over DEFCON testers’ finding, is both notremarkable, and in no way suggests that an actual cyber operation occurred.Point 14. Affiants’ claim to have an expert opinion about voting system technology isnot supported by a claim about “the combination of DVS, Scytl/SOE Software/eClarityand Smartmatic.”In fact, these systems are not used in combination at all in the United States. In the U.S.,Smartmatic voting system technology is used by Los Angeles County, which does not useDominion products; and SOE results reporting software is used to present the data fromvoting systems, but does not directly connect to those voting systems (Dominion orotherwise). Affiant claims to have conducted “more than a dozen experiments combinedwith analyzing the 2020 Election data sets” but offered no published results of hisfindings.Point 15. This is a remarkable conclusion that “anomalies are caused by fraudulentmanipulation of the results” rather than a statement of belief or an assertion of factsupported by evidence. Affiant clearly states that he had not been granted access toexamine any of the systems used in the 2020 Election, so how can he reliably reportthat a fraud occurred without any empirical evidence from the machines.Point 15a-c. This concerns analysis of The New York Times datasets and the publicdata on which it is based.Professional journalists, statisticians, and academics performed this analysis. Affiant’sbeliefs stated in points #15a and #15b of “unusual” or “not … normal” behavior does notappear to be based on the expertise of professional journalists, statisticians, academics,and election professionals. In addition, he offers no evidence that software developed bySmartmatic was implemented in DVS machines.Point 15d. This assertion concerns “Reported evidence” that is not cited.It is a counterfactual statement that ballots have signatures; combined by illogic to aconclusion (neither belief nor an assertion of fact supported by evidence) of malicioustampering with DVS configuration data.Point 15e. This concerns a counterfactual claim that absentee ballot verification is doneby the DVS ImageCast.In reality, it is elections office staff that verify the identity and eligibility of the voter ofeach absentee ballot, to determine whether it should be counted. Affiant’s assertioncombined by the same illogic to conclude that “the only way” that the claimed (not cited)December 2020 © 2020 OSET Institute, Inc. All rights reserved. 8malfunction could occur is via fraudulent manipulation of configuration data. In fact,November 2020 election experience includes instances (notably in Antrim County) ofaccidental use of incorrect versions of configuration data creating malfunctions thatwere detected and corrected.Point 15f. This is a repeat of affiant’s error in point #12 about the Philadelphia incident.This is a repeat of the misunderstanding of the nature of cryptographic keys, bothcoupled to a broad claim (neither a belief nor a claim supported by evidence) that thePhiladelphia ES&S (not Dominion) key data could be used for “massive attacks on allbattleground state” without any explanation of what form that attack might have taken.ES&S keys would not work in DVS devices and general practice in cryptographic systemsis to use different keys for every device used in an election.Point 15g-h. Affiant’s understanding of data variance, and opinions of “not normal” arenot matched by the scrutiny of this highly visible public data by professional journalists,statisticians, academics, and election professionals.Also note that there is no “Edison County” in Michigan or any other state in the U.S.,which completely undermines affiant’s assertions.Point 15i. This is a combination of uncontroversial facts about PC hardware supplychains, coupled with what appears to be a disclosure of intelligence informationyielding a conclusion (not belief nor claim supported by evidence) that “China’sespionage activities” were involved the cyber operation that the affiant believesoccurred.Point 15j. This is an assertion of covert operations that repeats affiant’smisunderstanding of election results reporting systems in point #7.The assertions also display a complete misunderstanding of how Man-in-the-Middle(MITM) attacks are carried out and the circumstances that must be present for theseattacks to work.Point 15k. This is a broad and unsubstantiated claim of widespread malfeasance bylocal elections officials in not performing validation and record keeping function that arelegally required of them.Overall, the several parts of point #15 (a-k) in toto, assert nothing about the affiant’sprimary claim of a cyber operation on DVS EMS systems. Rather point #15 appears to bea recitation of a variety of unrelated theories that attempt to distract from the absence ofany details whatsoever of a successful cyber operation against a DVS EMS that the affiantbelieves occurred.December 2020 © 2020 OSET Institute, Inc. All rights reserved. 9Moreover, recounts and audits have been conducted in several states that substantiatethat election officials kept adequate records and that the counts were not significantlydifferent from those reported immediately after the election.Point 16. This is a restatement of several factually incorrect assertions in earlier points.Affiant repeats:• A previous a factual error about lost cryptographic keys and their relevance; and• A repeat of the counterfactual claimed combination of DVS, Scytl, SOE, andSmartmatic.The affiant concludes that these created the conditions for fraud, without stating whocommitted what fraud. At the outset of this affidavit, affiant states a personal belief in acyber operation on the DVS EMS to alter vote totals. In this first of two concludingstatements, affiant is additionally leveling an allegation of election fraud by partiesunstated.Point 17. This is a restatement of an initial statement of belief regarding alteration ofvote totals absent sufficient specificity to establish credibility.This is a second conclusion that is simply a restatement of initial belief of alteration ofvote totals by a believed cyber operation that exploited the vulnerabilities that affiantrecited earlier; and again without any specific claim of what specific systems weretargeted “in all battleground states,” or any identification of the “operators.”In summary, points #16 and #17 appear to indicate affiant both:1. Believes that unknown or undisclosed operators successfully breached everyelection management system (EMS) in every “battleground state” by remoteaccess means across the Internet to alter vote totals and change the presidentialelection result, and2. Believes that in addition to the criminality of that cyber operation itself, peopleunknown or undisclosed committed unspecified election fraud.Further, affiant’s beliefs include states in which the EMS is not connected to the Internet,states in which manual inspection of paper ballots confirmed the machine counts, andstates in which rigorous state-level pre-certification “canvass” process exists precisely touncover: the malfeasance claimed in point #15k, election fraud broadly alleged in point#16, and voting system technology malfunction alleged in several places in this affidavit.Notwithstanding: a) rehashing old news from a prior DEFCON computer securityconference; b) similar voting system analyses done earlier, elsewhere on differentmachinery; and c) restating well-known concerns about cyber-attack potential andpotential election compromise from the same, the affiant’s claims appear entirelywithout merit.December 2020 © 2020 OSET Institute, Inc. All rights reserved. 10In summary, the claims of “Navid Keshavarz-Nia” makes in his November 25th written legal declaration (Affidavit) lack any direct evidence, are based on speculation (his “beliefs”), and demonstrate a lack of understanding of cybersecurity, cryptography, and election administration processes. This is the OSET Institute’s professional analysis based on the authors’ combined total of 96 years of direct experience in computer and network information security; election administration technology architecture, engineering and deployment; and national digital security.E. John SebesChief Technology Officer, OSET Institute, Inc.7Edward P. PerezGlobal Director, Technology & Standards, OSET Institute, Inc.8William P. CrowellStrategic Board Advisor, National Security Matters, OSET Institute, Inc.97 See: About — OSET Institute - Open Source Election Technology8 See: Eddie Perez — OSET Institute - Open Source Election Technology9 See: Bill Crowell | Alsop Louie Partners