You've learned how to stop fraudsters from hacking your smartphone. But do you know how to determine whether each mobile recording you make is legal? Here's how to gather evidence in keeping with privacy laws while turning your phone into an investigative and practice management tool.
In a pocket or on the wrist, mobile devices have become must-haves for many professionals. Make that most. In May, Google announced that for the first time it had received more search queries from smartphones and tablets than from desktops and laptops combined. What's more, mobile's dominance will only grow — given soaring demand for handhelds and
the advent of smartwatches.
Swedish telecommunications giant Ericsson, five years after the world's first smartphone appeared global sales reached one billion. In less than two years, sales doubled. By 2016, the number of smartphone subscriptions will exceed those for basic phones. And in 2020, smartphones alone will generate five times today's mobile traffic.
Among the growing number of mobile users, some savvy fraud examiners already capitalize on a holy-grail trifecta of data, connectivity and mobility. They've learned how to gather, interpret, share and apply information on the go.
But skeptics ask, "How well?" If this article's premise is valid, the answer is "Well enough to merit all practitioners' cautious attention and, perhaps, enthusiasm."
The following interviews with three experienced CFEs will help you decide whether — and, if so, exactly how — you could benefit by becoming more actively mobile. Could we also run into legal issues? You bet.
I want to be let alone
Was Greta Garbo's desire for privacy extreme? Maybe, but we all share it to some degree, and courts in most jurisdictions view privacy as a civil right.
Because it's so easy to unobtrusively make audio and video recordings with smartphones and tablets, a critical question arises: Is it legal to secretly make those recordings during interviews or on surveillance assignments?
The answer is … "It's complicated," says David Wall, J.D., CFE, CPA, PI.
Wall is a director in the forensic and litigation practice of SingerLewak LLP, a regional public accounting firm. He has more than 25 years of experience as a financial investigator, litigation consultant and testifying expert and is president of the Los Angeles ACFE chapter. (Wall's comments here, except where specified otherwise, pertain only to California law and don't apply to government agencies or anyone working for them.)
"State privacy laws comprise a jurisdiction-by-jurisdiction patchwork of sometimes conflicting rules," Wall says. "But they all agree on two key principles." The first is that private individuals — and in certain situations, public officials and celebrities — have the right to a reasonable expectation of privacy, he says. The second principle, according to Wall, is that it's illegal to intrude upon anyone's privacy without first obtaining that person's informed consent.
[To promote broader understanding, Harvard University's Digital Media Law Project
prepared a guide to federal and state wiretapping statutes. It identifies the states (California, Connecticut, Florida, Hawaii, Illinois, Maryland, Massachusetts, Montana, New Hampshire, Pennsylvania and Washington) with so-called "two-party consent" laws that prohibit recording a nonpublic conversation unless all parties grant permission.]
'Reasonable' and 'informed' defined
"Imagine two people," Wall says, "having a drink in a crowded bar, speaking loudly enough to be heard by anyone nearby. Their behavior in that setting renders unreasonable any expectation of conversational privacy they might have."
He adds that the legal context would change completely, though, if the couple left the bar and continued their conversation at a secluded table in a restaurant — now speaking so softly that they could be overheard only by eavesdropping.
"Given this second setting and their subdued behavior, it would be perfectly reasonable of them to expect privacy there," Wall says.
So if a CFE — intent on capturing the entire two-part conversation — secretly recorded it with a smartphone in each location, that CFE would be violating the couple's privacy in the restaurant but not in the bar. Any evidence contained in the bar recording, which didn't require consent, would be potentially admissible. The restaurant recording, however, would've been obtained without the necessary consent, and thus would be absolutely inadmissible.
"When an investigator records a conversation or declaration," Wall says, "he or she might lose sight of the ultimate objective." That goal, he explains, is to document oral statements that can be used as evidence in legal proceedings.
"Unless a statement is made in a public setting, you won't get a recording admitted as evidence in California — a ‘two-party' state — if you can't prove the subject understood you were taping him and voluntarily consented to it," Wall adds. "The first thing I do is state the date, time and location of the interview I'm recording, as well as the name of each person present. I then ask the person I'm interviewing to state that he understands I'm recording our conversation and that he's speaking voluntarily. In California, if a court perceives that the subject didn't agree to be recorded in a private conversation, the evidence is inadmissible, and that act of recording may be treated as a violation of criminal law."
"California and many other states draw a clear distinction between private investigators and CPAs," Wall says. "This has important ramifications for CFEs. Some, like me, are both PIs and CPAs, while most are one or the other."
To obtain a PI license in California, he explains, you have to pass certain tests. If you do, you're authorized to use investigative tools and techniques, such as recording conversations and conducting surveillance.
"In contrast," Wall says, "imagine a CPA working as a financial statement auditor. Something he comes across raises a red flag; there's a strong indication the CFO is cooking the books. Unless that CPA has a PI license, he's not authorized to stake out the CFO's home — smartphone in hand — hoping to videotape something incriminating."
But even PIs can't invade other people's privacy without their informed consent. To illustrate, Wall cites the conviction of former private investigator Anthony Pellicano, who surreptitiously recorded his surveillance targets and clients. In 2008, the Los Angeles Times reported that Pellicano drew a 15-year prison sentence for wiretapping and other offenses. (See
Private eye to the stars is guilty, by Carla Hall and Tami Abdollah, May 16, 2008.)
What kind of licensing infraction could most easily spell trouble for unwary CFEs?
"The one they don't even realize they've committed," Wall says. For example, the investigative work a non-PI CFE performs legally in his or her home state could be classified as a private investigation in a neighboring state and thus be illegal there. Wall therefore urges CFEs to research and comply with the licensing provisions of their states and any others they might do business in — on site or online. (For links to Fraud Magazine articles on this issue, see
Supplemental licensing: What you need to know in the Resources sidebar.)
Fraud fighters on the go
Brian Willingham, CFE, PI, is president of the Diligentia Group Inc. in Katonah, New York.
David Ziegler, CFE, PI, founded Ziegler and Associates in Titusville, New Jersey, after serving 28 years as a criminal investigator with the U.S. Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF).
Their firms, though unrelated, provide a similarly wide-ranging array of services, including interviews and surveillance to investigate potential insurance fraud.
Both these CFEs have studied their respective states' laws and learned how to avoid the kinds of privacy and licensing violations cited above. At the same time, they've used their smartphones to overcome many of the logistical challenges that plague fraud examiners — especially on the road. The apps they discuss below have proved useful to them. They're not necessarily the best in their respective classes but are illustrations of smartphones' power, convenience and adaptability to numerous tasks fraud examiners perform daily.
Swiss Army knife
"My smartphone is an absolutely critical tool for staying in touch with people, information and activities," Willingham says. "I have my entire office on it."
Sometimes, for example, he's out in the field and needs to take a quick picture of something, not as evidence, but just as a reminder. Instead of breaking out his 35mm camera, Willingham pulls out his smartphone. In those situations, he says, a smartphone is indispensable. Other times, the smartphone's extra value is in communicating and sharing information — anywhere.
"I'm going to a New York Mets game tonight," Willingham says. "If a client or colleague needs something quickly, he can call me at the ballpark, and I'll access it on my phone. I'm not gonna write a report at the game, but with a smartphone I can provide the necessary information on the spot."
Here are some of the smartphone applications Willingham gets good results from:
EverNote. "This app works as a memory bank of educational materials, case studies and articles I read on my smartphone and want to save before I forget, which happens if I wait until I open my laptop," Willingham says.
Google Apps for Work when collaborating with distant colleagues on documents, spreadsheets and presentations. "We can speak and work on the same documents simultaneously," he says.
Harvest, an app Willingham uses to immediately tally the minutes and hours he spends serving each of his clients. The app also prepares and emails his invoices. "It's easy to start and stop the app's timer, so I can bill in six-minute increments," he says. "If a client wants a breakdown of what I was doing on his behalf for 3.2 hours last Tuesday, I can quickly send him the details."
DropBox for cloud-based file sharing. "With Dropbox," Willingham says, "all your files reside in one massive folder for your account. But SugarSync lets you store data in the same folder structure you use on your desktop or mobile device. I find that helpful."
"You can't do everything on your smartphone, and you can't do it all from your laptop," Willingham acknowledges. "But together, they're hard to beat."
"Wherever I am, I want capabilities as close as possible to the ones I have back in the office," Ziegler says. Smartphone apps can't solve cases, he acknowledges, but he values their ability to help him get back to clients quickly. Here are some apps on which he relies:
Cam Scanner creates a PDF document you can immediately email to a client or colleague and also save for your own files.
Cam Dictionary translates any foreign-language document you photograph with your smartphone. "Say you're in the field and briefly gain access to a potentially important document. But you can't take it away and can't read it either — it's in a foreign language," Ziegler says. "This app won't provide a precise translation, but it'll give you the gist. That'll enable you to determine how important it is and whether it's worth the trouble of making further efforts to get it."
DeepWhoIs tells you who any website is registered to. This can help uncover schemes in which a dishonest employee sets up a phony vendor account payable and fraudulently bills his employer for its nonexistent products or services. If the vendor's website is registered in the employee's name or that of his relative or friend, that's a bright red flag.
DropCam is a smartphone-accessible monitoring system. If a client suspects someone in his company is accessing confidential files or stealing, a Wi-Fi-enabled DropCam can send a live video feed to your smartphone. When you're done, take the camera with you for use on other assignments.
Phone Sleuth does reverse lookups. "It's not helpful for the numbers of cells or throwaway phones," Ziegler says. "But if it's a business number or the person has a landline, you'll get a hit, and that can be very helpful.
"Clients are impressed when you use your smartphone to quickly deliver results right from an investigation scene," Ziegler says. "That's a real advantage."
With Apple's April introduction of its first smartwatch, the company caught up with its main competitors — Pebble and the makers of watches running Google's Android Wear operating system. Swatch, the other elephant in this warming market, announced in May the imminent release of its entry into a suddenly somewhat crowded field. Early reports indicate much of the interest in smartwatches is fueled by FOMO — fear of missing out. But Apple's issuance of a
software developer's kit last June could spur a tidal wave of useful new apps to augment smartwatches' existing basic but practical capabilities.
Improving through innovation
iPod inventor Tony Fadell recently gave the TED Talk,
The First Secret of Design Is … Noticing. His initial design motivation was more practical than aspirational. As a part-time DJ, he had tired of lugging around his CD collection. Hello, iPod; goodbye, CDs.
In his TED Talk, Fadell — who also developed the Nest, a Web-enabled home thermostat — pondered habituation, the tendency to accept one's environment as it is. He acknowledged that such acceptance is sometimes beneficial, but he countered that too much habituation can hinder progress.
"If it stops us from noticing and fixing problems, that's bad," he said.
Fadell refined his point by quoting Picasso: "We all saw the world more clearly … before a lifetime of habits got in the way. Our challenge is to get back there, to feel that frustration, to see those little details, to look broader, look closer.
"It's not easy," Fadell concluded. "It requires us pushing back against one of the most basic ways we make sense of the world. But … we could do some pretty amazing things."
In the same way, CFEs who question the apparent limits of their technological environment just might discover fruitful new ways to fight fraud and serve their clients.
As this article's interviews demonstrate, it wouldn't be the first time.
Robert Tie, CFE, CFP, is a New York business writer and a contributing editor for Fraud Magazine. His email address is: firstname.lastname@example.org.