#you may interpret the timestamps however you wish
Explore tagged Tumblr posts
anbaisai · 2 months ago
Text
Tumblr media Tumblr media Tumblr media
It's not even actually their birthday
(Based on a conversation I had with a friend + Jamil's 2024 birthday present to the player)
1K notes · View notes
doctorqueensanatomy · 3 years ago
Note
Hi! Saw your post regarding Oscar Isaac's english accent and I have a question.
As a non native English speaker his accent was amazing! May I ask what the accent slips were?
I'd love to know as a linguistics student.
Hope you have an amazing day!
Hiya of course I can! just as a quick disclaimer I'm not a linguistics student nor a professional, I just find accents interesting! My notes on Oscar Isaac's accent shouldn't detract from his oustanding performance and I go on to say how grateful i am for it. nonetheless here are Moon Knight's episode 1 and 2's accent slip-ups with time-stamps and a bit of explanation
disclaimer about my own accent: i'm from a borough in greater west London with working class routes, I'm gen z, and i have family from Yorkshire and Ireland, which are all factors in the way I speak. British accents are incredibly diverse depending on many circumstances. my judgement on Oscar Isaac's accent in Moon Knight shouldn't be taken as gospel as what I hear can be different from someone who has a similar background as Steven Grant in the UK. I never know what to describe my accent as apart from 'very London', so I wouldn't even begin to describe Steven's further than 'very London', which already encompasses so much i could do another post about it. but onwards and upwards.
here's what I noticed from episode 1 and 2 w/ timestamps :-)
episode one
quick Gus mention: i noticed he calls his fish Gus in an almost northern manner? I think this is a result of an American accent and London one mixing. I don't count it as a slip up as the vowel it would usually ('usually' being taken lightly) be is one i also say differently in contexts
5:14 - the way he says 'only' in "only the worthiest would be allowed" struck me as an American pronunciation. perhaps it could pass as a London one but I think only in sarcastic circumstances which wouldn't fit the context
7:17 'that' in "I only wanted to tell you that", personally, sounded more like 'thit'? if that makes sense? it sounded out of place in the otherwise perfect sentence
8:43 "why I try to stay awake at night" maybe it's because he's eating but the 'awake' has a lilt. I'm sorry I can't give more in depth things other than "it sounds like..." or "it feels..." But there are certain intonation away from vowels sounds (which he also mucked up there) that you can just hear? this is a good thing however, as in this scene Steven says "there are stranger things that people do" where Oscar has hit this up and down notion I hear all the time. it's really fun to listen to if you can spot it out. sorta like an iambic pentameter
8:49 directly following the line above he says "no?" which has this nasal quality maybe? this is the best way I can describe it with a broad American quality
21:51 I initially marked down him saying "you sleep alright?" as one but listening back i think I was wrong. I'll leave it here to see what others say...
22:22 "it was like that when I bought him" except 'baught' sounds like 'bot' which again I think is a blend of Steven's accent with Oscar's slipping in
29:22 "hello?" I've not personally heard a British person say hello like that though if any Brits wish to prove me wrong by all means
33:38 nitpicking again as listening back I'm on the fence but he says "please" and I thought I heard something but again. open to interpretation.
34:58 this one stood out like a thumb to me. "books must have left that part out" except 'that' sounds almost like 'their' in a British accent and 'that' in a southern American one? idkidk
episode two
3:07 "I should go with you" but 'with' has a lilt. Best way I can describe it. it sounds almost too delicate for the sentance considering he might lose his job.
10:35 "bit late for that" the whole sentance sounds mismatched between two contrasting accents. 'late' and 'that' stick out to me. he saves it with the "innit" though
those are all the ones I personally noted! here's a little self indulgent ramble about British accents and why I'm so grateful for this. remember I'm not a professional and these are just my obsevations
the diversity between accents in the UK are very, very vast. we say you can go down the road and someone speaks completely different but its true. accents are also very very class orientated, and we're often (subconsciously through our media and politics) what accents are "good" and what accents are "bad".
working class accents are often seen as "dirty", "uneducated" and "violent" where upper class one's are seen as "proper", "educated" and "polished". not only is it shown within our own society, but you often see it online too. when people mimicked a "British accent" they solely do 2 South-East England accents that caricature the working class and uphold the elites. I think this is why (again, personally) most British people get annoyed when people try to do a "British" accent, because they only ever do a dick van dyke esque cockney one or Queens English one. and when it comes to making fun of our accent, the only ever take the piss out of the working class one.
you mostly see in mainstream media this RP accent, with the occasional cockney or working-class coded one usually attributed to the villain or 'hard man'. a lot of British actors are from high-class families and have high-class accents (not all! there are plenty who aren't. but there is so much nepotism and elitism in the British creative industries)
so hopefully I've shown enough to give you the sense of relief I had when I heard a solid London accent, done of the actors' own volition, that is not entirely upper class and is, in fact, an accurate representation of how people talk. I shed a tear if I'm being honest. not only the accent but the mannerisms of British people: our awkwardness, humour, passive aggression. they were all taken into account and I adore that. just because I'm pointing out these minute details doesn't mean I'm nitpicking the series. I'm so thankful Oscar Isaac decided to do a British accent in this and that he cared. and as I said in my original post, this doesn't even go into detail about the representation within the series culturally and with mental health issues. I won't comment on those because I'm not educated enough nor have experience with these areas, but I am British. and I for one can say that it was fabulous.
i could go on and on about the phrases used, or his mannerisms, or the other British accents within this, but for now I hope you've found this interesting. I'll make another post for the next two or three episodes when I get to them and will ultimately make a masterpost and perhaps a youtube video but currently, it's quarter past 1 and I'm exhausted <3 have a lovely day and stay safe xx
14 notes · View notes
jcisthebestfightme · 4 years ago
Text
BJYX Song #1: If I Were A Song
BJYX Song Series List
Disclaimer: My own feelings only. Don’t take it seriously.
I decided I want to start writing about my feelings about different songs since I love analyzing lyrics so much. The first one will be “If I Were A Song” by Yoyo Sham. I feel like this song is not as talked about as others (i.e. Nan Hai, Wuji, etc.) 
This title of this song was posted in a memo by gg on 6/22/18 that he use to reply to a post from 2015/10/7 that said “Some words should just be kept in your heart”. 
Tumblr media
The memo is timestamp at 11:28 (28 = ai bo). Also, I’m guessing he wrote this at night so 11 is probably 11pm so 2328 (ai/love zhan, ai/love bo). Okay I’m going to exist out of delulu kadian land.
 We don’t know what happened that day but we do think 622 is special for ggdd because for their 2019 birthdays, both gg and dd deleted and added post, respectively so that the birthday post will be #622. 6/22 is also 4 days after 6/18, where we know gg and dd went on a date to a Japanese restaurant and dd was seen in almost the same outfit the next day at the airport (walk of shame 🤣 jkjk). No one knows what happened on 6/22 but maybe this song can give us some clue?
Tumblr media
“There is a song,
Sang into the cold and warmness of people’s heart, yet so tender and warm to all
It’s neither black nor white, no matter how things change with time or how people change
Turn around freely, still the youthful spirit, full of passion!
If I were a song...
Good night 🌙 ”
Doesn’t this memo sound like gg is describing his love to dd? He’s mentioned before that he admire dd the most because he’s always true to himself, unaffected by the industry. The “youthful spirit” that’s “full of passion” who can live “freely” sounds exactly like the person that gg thinks dd is. It also sound exactly like the person gg wants to be himself, or the person he’s on the inside that he doesn’t want to change because of reality, the cruel industry, and age. This memo also tells us that no matter what changes in the future, gg is sure of his feelings at this moment and this warmth that he feels or is willing to give will never change. The last line tell us what song he’s referring to so let’s begin.
The song is by Yoyo Sham in 2017. It’s not a super popular song that everyone will know. But the mv is simple and artist. The full translation of the lyrics can be found here. 
youtube
Overall, the song is about how one loves someone so much that they are always there for them and supporting them. I always feel like that’s the relationship gg has for dd. He show his love with caring and protecting him instead of grand romantic gesture. He’s always his #1 fan in the background, always cheering for dd when he dance. He’s always the first one to stand up for him when others talk bad about him, rebutting haters on the Internet about dd’s role as LWJ. He’s always the first one notice new scars on dd and find ways to protect his health like asking to wear knee pad, drink warm water, or take herbal medicine. You can also see that dd relies on gg. After a lot of Internet hate and not seeing each other for a long time, dd started crying when seeing gg in Thailand. Overall, the relationship is very “homey.” People even joke that it’s like a mother to a son.
如果我是一首歌 (If I were a song)
我可以帶你看看從前的自己 (I can let you see the old you)
Gg talked about how much he admire that dd stays to his true self and isn’t influence by the industry even though he’s been in the industry for four years. I think this line correspond to his love of dd’s true self.
你可以在我懷裡坦白    赤裸 (You can be in my embrace, honest and bare)
Here is the detail of the “home” that gg is providing. It’s one that allows dd to be his most genuine self, naked, bare, honest, and straightforward. We see dd as someone who’s already straightforward but here, it’s almost like gg is telling us that that’s still not exactly who dd is and part of him is still pressure to hide his true self. It’s also possible that it means that while dd is trying his best to express himself, he’s still afraid of how others see and judge him.
我們可以瘋狂    流汗    再脆弱 (We can be wild together, sweat together, and then be fragile together)
Here is a list of things they can do together. The order matters. Wild refers to their bantering and when they have fun (xxj). This also correspond to gg saying that before dating, you need to “play/have fun” with the other person first. Sweat refers to perspiration they put into their career. Both gg and dd are very diligent people that puts a lot of themselves into their work. Similar to Wangxian, I think that’s their core value that they share with each other the most. And then the last part of this line, after 1) being wild 2) working hard, we can then be 3) fragile. Why is fragile last? Because you can only be fragile in the most private moments. The first two things they do together are what others see from the outside. But the last one, being fragile, is something they can only display to each other behind closed doors. 
我是你的家    也是你的旅程 (I am your home, I am your journey)
I am your home + I am your journey = I am your everything. When you want a stable, loving base, I am there for you. But when you want to travel and explore the world, I will also go with you. The home here is not a literal place, but rather the security that gg can provide. Likewise, the journey here is the future that they must endure together. 
我們一起抽離    卻真實    又深刻 (We both depart from reality, but also authentic and profound)
I think this original line is talking about how the two people both depart from reality together and ascends into a romantic cloud, but also that their feelings are genuine (the word 真實 = 真情实感, the same word dd use to describe true feelings about The Untamed) and grounded. However, I think we can even interpret the “depart from reality” as gg and dd leaving their true selves and becoming WWX and LWJ in the drama. This line is saying that while they’re both not themselves, they feelings they share are still authentic. 
你也應該把我放開 (You should also let me go)
你知道你隨時都可以回來 (You know you can always come back)
我們因彼此而自由    而存在 (Because of each other, we’re free and we are here)
When I first heard this part, I was kinda hurt by the letting go part. But the more I think of it, the more this actually becomes my favorite part of the song. It’s saying that their love isn’t trapping or binding each other. It’s almost as if gg is saying that it’s okay if you leave me, I will still be here for you and you can come back if you choose. This part make me feel like this song is gg’s expressing his side of love. This is the part that makes me believe that this song is about how gg feels for dd but dd may not know about his feelings at this point. 
“You should also let me go�� can also be gg’s way of telling dd not to be insecure about his feelings. We can see that dd is very clingy towards gg, always trying to get his attention. I think part of that comes from dd’s insecurity when it comes to gg’s feelings since gg isn’t as straightfoward. However, here gg is saying that you should not be afraid of letting me go because I will always be here for you and we’re free because of each other because we chose to love each other. 
我是那個你不常打開的盒子 (I am that music box you rarely open)
永遠在原地等待 (Always waiting for you here)
等你回來聽我重複這旋律 (Wait for you to come back to hear me repeat this song)
就這樣    幾分鐘    一輩子 (Just like this for a couple minutes, forever)
Gg said before that he thinks “waiting” is the most romantic thing in the world. This part, similar to before, is saying that gg is willing to wait for dd if he’s willing to come back to him. The last line, “for a couple minutes, forever” means that he’s willing to wait, even if it only takes a second or even if it takes eternity. I love the extreme juxtaposition of this throughout the lyrics. It’s almost as if the singer is giving the other person the freedom to choose whether they want to be together right now or much later. It’s even more touching than just “I will be here forever.”
In summary, I think that this song express gg’d love to dd. That he will provide a safe environment for dd with his love and that he’s willing to wait for dd to give him whatever dd will want at the moment. I think at this point, dd doesn’t know about gg’d feelings because this song seems very “one-sided” (not that gg’s love isn’t get reciprocated but that it’s more about what gg can give dd). 6/22 is probably when gg became very certain of his feelings for dd and solidified it in his heart. This is the moment he decided he will wait for dd’s wishes in order to determine their future together.
This is probably the most romantic song I’ve ever heard, more than Nan Hai (sorry dd). I may do an analysis on Nan Hai later if I feel like it. Even if you don’t read this post, I highly recommend the song. 
如果    我是一首歌 (If I were a song)
我是那首很愛你的歌 (I am that song that loves you very much)
125 notes · View notes
spectre-of-communism · 4 years ago
Text
I made a way too detailed interpretation of “The Mill” from PAFL
I'm using the transcript and the doc as well as Ferry's tumblr for reference. A lot of my interpretation is based on the video as well, so best watch it alongside this post :D
This is just my personal interpretation and probably wrong ¯\_(ツ)_/¯
Okay, let's do this. I'll be numbering the with timestamps as they are in the transcript for easier reference.
0:41: " “Two do the job, the third one is witness / Don’t shoot the guards, no need for guns” " not much to analyze in Sergei's briefing
0:44: "Check this / “Don’t go across, the longer road’s safer Watch as the bolt’s trajectory wavers” " going by visuals the bolt is used to find the objective of their mission (2:36 in the video)
0:48-0:55: "Learn in by heart, now the hardest part comes when / Staggering doubt paralyzes you and then / You fall apart like a house of cards, might as Well disregard it as a / cursory mantra" Yura should push trough the anxiety of going into the zone, it will go away
Starting from this line, I think Olya is the narrator for the first part of the video.
0:56: "Ah, my head feels heavy once again" She has been in the zone before and is haunted by her experiences there
0:59: "I wish I could dissolve myself in this rusty air" The Grinder is said to dissolve flesh and people. During the Grinder incident, in which she lost her right eye, Sergei saved her instead of Nikita's brother, Kolya. She is unsure if Sergei made the right call and thinks she should be the one who died there.
1:03: "It’s getting harder to act like I don’t really care" She sees the careless way Nikita and Yura interact, and is reminded of her younger self first exploring the Zone. She is struggling to keep up the cold facade she shows most of the series.
1:07: "I’m sorry but these earnest words of yours are just too much to bear" see above
The following part was in Russian, I used the translation from the transcript
1:11: "(I see you, the haze lingers above The pink arc of breaking dawn, A light just as distant as it was when we were children) "I strongly think the haze is connected to the grinder (see 2:30, message lost and my previous posts). Combined with the image of Kolya in the background that means she is remembering the Grinder incident. They were in their early twenties when it happened, still children in her eyes. The current mission reminds her of then.
1:16: "(And dirt, black dirt is spilling from our hands)" the black dirt is related to either to the Zone in general or the Grinder in particular. Compare also message lost: "To scour the blackened, soot-covered earth"
1:19: "(Wrapped in blue cloth, her pale ghost follows me Fog on the water -)" this is the line I am most unsure of, but here is my take, far-fetched as it may be: based on the video showing a younger Olya, I think "her pale ghost" is her past self, haunting her in the form of the trauma she experienced in the Grinder, clouding her vision.
1:23: "(The dawning haze lingers Like a gray duvet, above a quiet, quiet river) " another reference to the dead Kolya. "quiet river" might a reference to the proverb "quiet rivers run deep", either referring to Kolya as a person or, more metaphorical, to them underestimating the dangers of the Grinder
1:27: "I’ll draw a circle in the sand" the "circle in the sand" metaphor escapes me, although it might mean accepting her past and moving on, or maybe it is referring to "line in the sand" which she is not willing to cross. I find the second one unlikely without further context. Lastly. it could mean the opposite: her moving in circles and clinging to the past, not willing to let go yet. In my eyes the last interpretation is the most plausible.
1:29: "Drive myself around the bend" she is driving herself crazy, depending how you interpret 1:27 either trying to accept her past and move on, or desperately clinging to that what is gone
1:31: "In a desperate attempt to hold onto your battered hand"again, depending on your interpretation of 1:27 two possibilities spring to mind: either the "battered hand" is Kolya's, and she is trying to not forget him, or it is Nikita's or Sergei's, and she is trying to be as good as them at moving on
1:35: "Rocked to sleep beneath the snow" a metaphor Ferry likes to use for death (e.g. The Faulty Feline Philosophy, Dead Hand)
1:37: "She is bathed in youthful glow " I am pretty sure "she" is Nadya (gets clearer in the following lines, her face flashes at 1:49 in the video)
1:39: " "Strong enough to let it go" he says" Nikita claims to have gotten over her death
1:41: "but, darling, I don't know" but Olya doubts it
1:43: "This isn't my first time sinking lower than the low" Olya has had mental health problems or emotional outbursts due to the loss of Kolya
1:47: "How hard can it be to never let it overflow" so she thinks it's unlikely that Nikita could be unfazed by the loss of his girlfriend, his bottled up emotions need to be released at some point
1:50: "Oh, I've gotten used to being haunted long ago"doubles up on her not being able to move on from the loss of Kolya
1:54-1:56: "All I need to hear’s a simple / "hello"  " not entirely certain what this line refers to, but she connects "hello" either with Kolya or the incident
2:05-2:27: "Maybe it's because Olga is a woman, but... / You know, she actually has no Talent. / At all. / You mean... / Wait... Then how does she... / How is she even alive? / Well... They like to call it intelligence. Careful planning. / Though, really, all of those are just pretty ways of saying... / She lucks out."
I don't think there's a lot of deeper meaning here, Nikita's resentment that Olya was the one who returned is showing, and "Maybe it's because Olga is a woman" might be a reference to his girlfriend. That is just wild guessing at this point, tho.
From here on: Nikita's PoV. This part I am not too sure on, so if you have alternative ideas, let me know
2:28-2:33: "Right through the arc of breaking dawn / Through the haze and through the maw / Of the grinder I won't find her, but I'll guide you through them all" he knows that he won't ever find Nadya again, but he is still faithful to his mision
2:36-2:38: "No more circles left to find / In the windmills of this mind" he has thought about the past so much there is nothing else to do but move on
2:40-2:41: "Rest your members / Now, remember, dear, you’ve always been too kind" as the perceived leader he tells the group to rest, not sure who "dear" is
2:44: "Oh it’s nothing new, the visionless leading the blind" he calls Sergei visionless, he has no greater goal. He calls Olya blind, both in a literal sense after her loss of an eye, as well as metaphorical, as Olya never developed the sense for the Zone that makes a good stalker.
2:48: "It’s easy to say, “why don’t you leave it all behind” " he mirrors 1:39, he thinks Olya has moved on and he is the one stuck in the past. He thinks Olya is condescending towards him
2:52: "And this moral compass is forever misaligned " his perception of Olya is forever tainted and skewed,
2:56-2:59: "All I need to hear is that you’ll be there / By my side" but he still needs her support on missions
3:01: "But you can never know that" he does not want her to know that he relies on her, though.
3:03-3:05: " “Too strong to die” / Or was that me again?" not sure on this one. One possibility is that he mocks her cold attitude. Another is that he is projecting his own emotions onto her. Take this one however you want.
3:07-3:10: "I know that / There has to be some hope that’s / Just out of sight" he is hopeful that the future will be better
From here on: Sergei's PoV.
3:17: "I won’t let myself lose it again" He feels guilty for letting Kolya die and realizes he lost control and almost died himself
3.:19: "And now my only hope is that one day you’ll understand" He decides to keep Sanya under lock to protect her
3:23-3:24: "I’ll wrap the chain / Round my heart and her hammering neck" He will keep her metaphorically chained up to protect her from danger. At the same time he realizes that this will poison their relationship with his sister. Even so, he is willing to put her safety first, even if she will hate him for that.
3:27-3:29: "And save what’s left, though I know that / One day this weight will come to break my back" he is aware that his attempts to safeguard Sanya will one day backfire
From here on: Nikita's PoV again.
3:32:  "Once again we were left in the dust " Nikita thinks Yura and him are alike
3:34: "Self-hating ones like us crack when we betray someone’s trust" they are alike, and both feel like they violated somebodies trust (Nikita: Nadya, Yura: KT) and that is something that breaks them emotionally
3:38-3:40: " So if you must / Shield your heart with these layers of rust" Yura is distancing himself emotionally from those he loves, also note the parallel to False Disposition
3:42: "The sun will rise, until then I’ll" but better time will come
3:45: "Be waiting for you on the other side" Nikita will take a sort of mentor position for Yura
After seeing Nikita, who understands him so well, get shot, Yura overreacts and shoots the guard
12 notes · View notes
taehyung-rambles · 4 years ago
Text
Best BTS Vocal Takes: Early 2021 Edition (Up to Butter)
This post is gonna look like a full ass mess, I’m gonna tell you right now.
So, I’m kind of obsessed with BTS’s vocals; I don’t know if that’s, like, an unpopular opinion or anything, but I’m here to talk about it. What I’m looking at here are BTS’s vocal takes. In this context, a vocal take is a section of a song that a member or members sing, and the ones I’m listing are the best of the best (not iconic, mind you; iconic doesn’t necessarily mean it’s the best vocal take ever. This also isn’t about how good the melody for song is; it’s about the vocal quality). This is all in my opinion, of course, so I’m just picking what stands out to me. A few things to bear in mind: 
This is based off of my personal BTS playlist, so not all of BTS’s songs are considered because I don’t listen to every single BTS song.
The links that are on the timestamps mark the beginning of the vocal take; you’ll have to note the ending time yourself and pay attention when listening to the song because Tumblr doesn’t let us embed audio into a text post. Sometimes the timestamp will start in the middle of a member’s verse and only include a small part. Don’t worry about it. I mean what I say, and the tiny parts are the parts that I want to look at sometimes. Also, the videos linked are all lyric videos, so the timestamps come from those videos specifically. Some of the videos don’t assign the lyric to the correct member (like saying Jin sung Jungkook’s part or whatever), but I’ve corrected for it in my post.
Not every song has an extraordinary vocal take. Also, some songs will list the first of many times the member sings a specific melody because all the vocal takes are the same; in that case, I’m talking about every time the member sings that part. However, sometimes the vocal takes are different despite it being the same member and the same line; in that case, I will clarify that I mean “Taehyung’s second chorus” or whatever.
I think all the members sound 110% amazing at all times, but this post is to find the times where they sound so good that it could be considered some of their best vocals ever.
This doesn’t include the live interpretations of the songs as BTS sometimes rearrange their songs for live versions. It also doesn’t include self-released songs (sorry, Sweet Night; I wish I could include you, too); it’s just including BTS songs, though that does include solo songs released under BTS.
As this is based solely on studio recordings, I still consider vocal takes that are highly edited and processed if they sound amazing. It may not be how they sound live because they don’t use the effect on their vocals live, but the way the vocal take turned out in the studio still makes it one of their best vocal takes ever.
On some of these songs, I went in. Some songs have so many vocal take examples that I should’ve just said “the whole song,” so be prepared.
Some songs are gonna have statements like “this member did the best with this melody,” and that doesn’t mean I dislike other members who sing the same part; I just think that specific member stood out to me more. I promise that, for every song I say Jimin sang the melody the best, there’s another song where I say Jin sang the melody the best.
My bias 100% does get in the way. Taehyung’s vocals always stand out to me the most, so naturally, I find more exceptional vocal takes with his solos.
That being said, all the members mean a lot to me, and they all have representation on this list because they all kill it. And, again, even though this post is for the best of the best, BTS is already the best there is.
Share your opinions with me in the replies. All of us listen to different combinations of BTS songs, and all of us like different parts of the same songs. Maybe some of your biases will get in the way of your opinions, but that’s the fun of loving BTS. Anyway, this post will look like a hot mess and be long as shit because BTS has a fat ass discography, so we’re just going to have to do our best. If you don’t want to look through this whole thing, I suggest you just skim for a specific song or member. (P.S. I’m not trying to say a whole bunch of shit about every vocal take because that’d leave me dead before we hit the Dope era, so hopefully, this’ll be shorter than you think).
Attack on Bangtan
Namjoon & Yoongi [0:08-0:15] - No shade to Hobi here, but the way Namjoon and Yoongi do the “jingyeokhae bang.tan.sonyeondancheoreom” is fire. Namjoon is all calm, and then Yoongi comes in with a really whiny, brassy version of that line, and it’s awesome.
Paldogangsan
Jimin [0:14-0:18] - Jimin doesn’t sound like Jimin in this section of Paldogangsan, but he does sound super cool. He’s got an almost speech-like tone to his voice, and it sounds really good against Namjoon’s vocal.
Hobi [1:31-1:41] - Hobi doesn’t do this often, where he intentionally highlights the over-animation, nasality, and grit in his voice, but it stood out so much in this song.
Boy in Luv
Taehyung [0:13-0:24] - He just kills this hook, doesn’t he? The growl, the grit. Iconic.
Jungkook [0:25-0:35] - I’m gonna say it: this is Jungkook’s best rap verse ever. No offense to his earlier and later work, but this slaps.
Namjoon [0:41-0:47] [2:14-2:16] - In Namjoon’s first vocal take, it’s the vocal breaks, for me--like, the little hitches in his pitch at the end of his phrases. For the second, it’s the animation. He’s so colorful in that second vocal take, and it’s some of the best stuff he’s done.
Yoongi [1:57-2:08] - Look, Yoongi’s whole verse slaps, but this last half is such a vibe. And that “ow!” at the end is ecstasy.
SPINE BREAKER
Taehyung [1:06-1:17] [1:22-1:27] - I know it’s not much, but doesn’t his voice, like, make this song? It does include the effect on his vocal, but it blends so well with the natural depth of his voice, and it sounds badass.
JUMP
Taehyung [0:59-1:16] - I mean, how could I not include “nuga naruel magado”? This is one case where iconic does equal awesome because Taehyung’s delivery of this line is such that no one could do it better.
Danger
Jungkook [1:24-1:28] - It’s literally one line, I understand, but do you hear that static he puts onto his voice when he sings the “uh”? Beacuse it’s dangerous.
Jimin [1:28-1:36] - I’m putting it down that this is one of Jimin’s best vocal takes, even to this day, periodt. His voice is deep, but he slides up into a yippy sound, and it’s 100%.
War of Hormone
Namjoon [0:20-0:40] - Can I say this is one of BTS’s best rap verses, let alone one of Namjoon’s? Did I just say that? Well, there it is.
Taehyung [1:34-1:39] - I don’t know why this one part of War of Hormone reads better than the rest of Taehyung’s parts (even though he slays in this song regardless), but I think it’s that the melody moves upward one the “choego” part, and Taehyung still growls when he does that, so it sounds really good.
Hold Me Tight
Taehyung [1:15-1:29] - You can say what you want about Taehyung’s vocal agility back then and now, but the fact of the matter is, he nailed the vocal run in this vocal take, and it sounds fire.
Jimin [3:45-3:59] - Ah, Park Jimin. Every time he comes in on a song like this with his brassy falsetto, I die. His high note in this is absolutely stunning, but so is are his vocals leading up to it.
DOPE
Jungkook [0:19-0:22] [1:36-1:38] - The first vocal take is... I don’t know; the way Jungkook delivers it is perfect. Speaking of perfect, why is specific way Jungkook sings “jjeoreo” so satisfying? Do you know?
Hobi [0:53-0:56] - This is a sound that Hobi is really brilliant at producing, and that’s what he did here. What a king.
Boyz With Fun
Yoongi [0:47-0:51] - He just sounds cute, okay? No, but this is the exact type of animation in Yoongi’s voice that always works. It’s a style he found that always produces gold, and it’s awesome in Boyz With Fun.
Taehyung [1:57-2:05] - I’m telling you, there’s something about Taehyung going up in pitch while he’s growling that makes his vocal takes slap. Also, the amount of growl in his voice for this song is extra special, you know?
RUN
Hobi [1:40-1:47] - This verse is so vibey. I don’t really like RUN that much, but Hobi sounds so good because he’s got that groovy vocal tone, you know? On top of the melody, I think this is one of Hobi’s catchier verses.
Jimin [3:04-3:07] - So, this is during Jungkook’s line, but Jimin harmonizing in the back is so pretty. It’s the exact type of piercing vocal that stands out in a good way, and Jimin does really well in that wheelhouse.
Butterfly
Taehyung [0:14-0:25] [2:34-2:47] - So, the first take here is absolutely gorgeous because Taehyung’s vocals sound really delicate, but the second take is listed because he uses his full voice. The second take is the second time he sings in the chorus, and I like it a lot better than the first because it’s more of a belt and less breathy; that specific take is beautiful to listen to.
Jungkook [0:51-0:57] - I’m not gonna lie; sometimes Jungkook’s voice is a bit too clean. Sometimes there’s not a whole lot of texture going on. However, in this vocal take, he’s adding breath, he’s adding vocal cries, he’s adding vocal cracks; it’s perfect for the song, and it sounds absolutely amazing.
Jin [2:09-2:20] - Jungkook made fun of both Jin and Taehyung in this song--which is a funny meme--but I thought both of them fit the concept of Butterfly to a T, and this specific vocal take is an example of that. Jin sounds like he’s out of breath, which would usually be bad, but it works in Butterfly, and it’s become one of the best moments in the song.
Whalien 52
Jungkook [1:06-1:15] - This is one of those songs where a really clean vocal is as close to perfect as it can get, and Jungkook’s tone sounds stunning here.
Ma City
Namjoon [0:15-0:28] - Namjoon had this melody again in Ma City, but the way he delivers it in the beginning is so fire because it’s overly animated and subdued at the same time. I don’t know if that makes sense, but Namjoon sounds super cool in this vocal take.
Jin & Jimin [1:11-1:18] - Jin just sounds good here, right? He doesn’t have vocal takes like this often because he usually gets softer parts of songs, and it’s not like this is a gritty vocal take, it’s just that Jin had a bit more bass to his voice here, you know? I stuck him and Jimin together because Jimin sings literally right after Jin, and splitting them up would’ve been dumb. Jimin singing “Ma cityro wa” is one of the vibiest things I’ve ever heard. That is all.
BAEPSAE
Namjoon [0:10-0:22] - But Namjoon sounds so cool saying “baepsae”? It’s, like, a little whispery? And he really hammers that “e” vowel? It all sounds awesome?
Taehyung [0:56-1:07] - I didn’t think I was gonna put this down--which, this serves to mark both times Taehyung sings this part--but Taehyung intentionally puts a bit of a cry into his voice to make his vocal crack, and it really works well with the beat of this song.
Jungkook [1:29-1:33] [2:41-2:52] - So, the first one is a nice, little vocal run from Jungkook, but it’s one of the most satisfying ones I’ve heard him do. The second one is a short rap verse, and it’s on of my favorite Jungkook vocal takes ever. It’s such a fun verse, and he really pushes his vocal to add as much character as possible.
Jimin [3:24-3:27] - Jimin on a high harmony like this is always awesome, but this one is particulary satisfying, to me.
FIRE
Yoongi [0:08-0:09] [0:36-0:47] - I know we all know that Yoongi’s opening line is one of most iconic things he’s ever done, but I had to list it. Now, his rap verse--and I mean this honestly--is one of my favorite BTS rap verses to this day. The sheer animation in his voice. Yoongi killed this song in more ways than one, y’all.
Hobi [0:27-0:36] - Hobi’s verse is iconic for all the same reasons Yoongi’s is. Animated vocals, amazing vocal texture, brilliant delivery; it’s all aces.
Jimin [0:56-1:05] - “Errbody say la la la la la” is catchy and all, but can we acknowledge that Jimin’s voice is actually what makes it sound so good?
Taehyung [1:13-1:17] - This is, like, the eyecatch of the whole song. Other than Yoongi’s opening line, Taehyung’s line made this song what it is. And nobody can deliver this line like Taehyung can. It’s definitely one of his most memorable vocal takes.
Namjoon & Hobi [1:35-1:44] - Namjoon’s verse is good, but it’s this specific part where he and Hobi trade off that it becomes an incredible vocal take for both of them because their vocal characteristics match up so well.
Jin [2:24-2:33] - I had to get Jin in here somewhere because he got to use a deeper part of his voice while still going up to that beautiful falsetto note, and it’s, no pun intended, fire.
EPILOGUE: Young Forever
Hobi [1:10-1:18] - Hobi’s verse in this song is great, but this ending bit is the shit that hits you really hard. The way he delivers it, and the fact that the music stops, makes it the best part of this song. Period.
GOOD DAY
Jin [1:24-1:33] [4:08-4:19] - Don’t ask me why Jin always slays Japanese songs. I don’t know, either, but his soft vocal in Good Day is perfect for the atmosphere that song is trying to produce, and because of that, it’s gotta be one of Jin’s best vocal takes.
Namjoon [2:34-2:45] - Give Namjoon more parts like this 2k21 because, I swear, y’all, when Namjoon sings, it’s always gonna be one of his best vocal takes.
Taehyung & Jungkook [3:13-3:16] [3:23-3:26] - In the first vocal take, the way their vocals blend on “’til the end of life” with the extra swell of the backing vocal? Please. I can’t tell if it’s more than just Taehyung and Jungkook, but it sounds amazing. The second vocal take is Jungkook’s high note, but Taehyung underneath him on the harmony makes it sound so warm? BigHit, where the fuck is my Taekook subunit?
Blood Sweat & Tears
Jimin [0:04-0:14] - This is meant to reference all the times Jimin sings this melody, but doesn’t his vocal type just fit this song? He sounds amazing because he got to be the vocal center of this song.
Namjoon & Jungkook [0:45-0:56] - This would qualify as one of Namjoon’s best vocal takes, even without Jungkook, but Jungkook comes in and completes it really well with his smooth vocal, so it becomes epic for both of them.
Taehyung [1:06-1:16] - Alright, I love how Taehyung sounds in this song regardless because his vocal sounds so fragile, and it’s gorgeous. However, this timestamp is for this chorus only and not his second because, when he comes down from the vocal run, he adds static on his voice, and it’s sexy, y’all.
Hobi [1:27-1:47] - We weren’t getting out of this without mentioning “wonhae manhi manhi.” No, but, it’s not because it’s iconic; it’s because Hobi sounds so damn good with the way he delivered this line.
Stigma
Taehyung [2:35-3:18] - This is our first solo song, and I’m not gonna waste time because I honestly think this entire song is some of Taehyung’s best work vocally. However, if I’m picking out a moment, it’s everything from the bridge onwards because his control of his falsetto register is beautiful, and the brassy sound he chose for the jazzy tone of this song was genius. Genuinely, this is one of the best songs on any BTS album.
Awake
Jin [2:48-3:13] [3:24-3:29] - I’m being picky here, too, so I don’t have to say “the whole song.” The first vocal take of him singing the bridge is so pretty, and the second is his high note because holy shit, the vocal tone he had on that note was stunning.
Spring Day
Namjoon [0:17-0:35] - Look, I say “fuck yeah, give Hobi more parts in Spring Day besides just singing in the background,” but it is such a shame that Namjoon doesn’t sing this part live. This is, without a doubt, in the list for Namjoon’s top three vocal tracks. He sounds phenomenal. Oh my goodness; he sounds like an absolute angel.
Jimin [0:53-1:01] - Ah! Jimin is absolute master of knowing when to add vocal cracks, and he nails it in Spring Day. Like, Namjoon’s part gets me primed to cry, and Jimin’s part is where I lose it.
Jin [2:23-2:31] [4:12-4:30] - I don’t know if you guys get what I mean, but Jin has a specific tone when he sings, so he sounds very Jin. It worked so well in these vocal takes because it was pure emotion. Jin outdid himself in Spring Day vocally.
Taehyung [2:58-3:27] - Y’all can fight me in the replies all you want, but Taehyung could be the main vocalist of BTS in songs like this. The fact that his voice is still deep on this vocal take while also being delicate, but also full, is amazing. The texture on his voice in this take is beautiful. I picked the second chorus he sang because he was more belty on it than in the first, but this whole song is a win for Taehyung. This also includes his part in the bridge, which is one of the best vocal takes in BTS by far. Vocalists and the rap line included. I mean, the vocal crack alone.
Jungkook & Jimin [3:32-3:36] - This is in the top ten best harmonies by BTS. Fight me in the replies. I mean, please; they sound absolutely angelic together.
Taehyung & Jimin [4:07-4:11] - This is, like, a money piece in this song, and Jimin’s vocal is what makes it that way. That being said, having Taehyung underneath him makes it so much better.
Not Today
Yoongi [0:17-0:27] - It’s the fact that Yoongi used his vocal tone so well, you know? I’m gonna stop here because I’ve been talking too much, but Yoongi really said, “Watch me own this song.”
Jungkook [1:07-1:09] - I know this is a tiny part, but doesn’t Jungkook do it so well? Doesn’t he sound amazing?
Namjoon [1:44-1:53] - You know, Namjoon has got a deep voice, and when he uses it on verse with so much onomatopoeia, it really sticks out. It’s almost like ASMR, the way he chose to deliver his verse here.
A Supplementary Story: You Never Walk Alone
Hobi [0:46-0:59] - Hobi sounds so pretty in this vocal take. The way he sings, it’s almost like listening to a solo in a gospel choir. It’s so soothing and emotional. Honestly, it’s probably the best part of this song.
DNA
Taehyung [0:16-0:30] [2:49-2:56] - Is this era when the widespread Taehyung bias took hold? Because I think it is. For all we talk about Taehyung’s deep vocal tone, this is one of only a handful of BTS songs where he’s actually singing in a low register since he’s normally singing in a tenor register. He sounds like honey in DNA. I always love Taehyung, but there will always be something special about him coming out in DNA and saying, “I’m a baritone, bitch, ain’t you knew?”
Hobi [0:30-0:37] [3:23-3:26] - Hobi invented the phrase “a vibe” with his verse. He’s doing animation, he’s doing stylization, he’s doing different vocal tones. And the “la la la la la la’s” at the end? Please.
Yoongi [1:32-1:39] - It’s like Yoongi using his husky voice that you hear more in darker songs or with his mixtapes in a high energy pop song is devastating, you know?
Jungkook [1:47-1:50] - Yo, Hobi is one version of vibey, but isn’t the way Jungkook does this one line hella vibey, too? I love it when Jungkook does this with his voice because it’s a type of vocal tone for pop music that he doesn’t do often, and it always sounds amazing when he does.
Best Of Me
Jin [0:17-0:24] - Jin vocal tone sounds really good on this track, and I don’t understand why it’s so different? Like, he sounds like Jin with a bit of Jungkook mixed in. It’s an incredible vocal take because of the way Jin chose to use his voice.
Taehyung [0:25-0:33] - It’s like... this is the exact vocal tone that kills in songs like this. I absolutely love when Taehyung’s voice sounds like it’s about to crack into falsetto because it makes the vocal so emotional.
Yoongi [1:19-1:28] - Y’all remember when Jungkook sang this part because Yoongi was still recovering from his shoulder surgery? I sobbed. Anyway, Yoongi sounds really soothing here. I know he makes fun of his own singing voice, but he’s able to add the same tone into his singing as he does with his rap, and it translates so well. This is one of the few times he’s done it, so I love this vocal take. It’s, hands down, the best part of Best of Me.
Dimple
Taehyung [0:08-0:13] [0:56-1:01] [2:01-2:05] [3:03-3:05] - Don’t @ me for my Taehyung bias, alright. Listen, this shit came out in 2017, but I could swear 2021 Kim Taehyung is the one singing. His tone sounds gorgeous. He’s got that low adlib at the end, too. He shared a couple lines in this with Jungkook, but I wish we’d been able to hear Taehyung more because it’s one of those genres that Taehyung just nails.
Jimin [0:30-0:34] [0:42-0:49] - This is in a lower key when compared to the rest of BTS’s stuff, right? Listen, Jimin’s lower register doesn’t go all that low, but when he sings lower in his personal range, he sounds so interesting to listen to. That’s why these two vocal takes are some of my favorites from Jimin.
Jin [1:27-1:31] [2:57-3:02] - Jin may be the king of high notes, but he usually sounds pretty thin when he goes up high. In this song, however, he sounded so full, and it was so nice. I love Jin’s tone normally, but woo, Dimple was doing things for him. That adlib at the end was one of the best vocal takes I’ve heard from Jin.
Jungkook [2:21-2:34] - Jungkook always has this nice, full-textured high notes in the studio, which is nice because he’s another one that goes really thin when he sings high notes live. The high note in Dimple is so satisfying to listen to. Beyond that, though, the way he begins this line by almost sighing out of his head voice is so pleasing.
Pied Piper
Namjoon [0:40-0:45] - He just sounds vibey; I don’t know what else to say. To say it’s one of Namjoon’s best vocal takes ever may be a stretch, but the transition between his rap tone and his singing tone is beautiful to me.
Jin [1:00-1:03] [2:44-2:54] - Jin’s got that full tone I love in this song again. These particular takes showcase how nice his vocal tone can be. Especially his breathy head voice.
Taehyung [1:04-1:07] [2:55-3:05] - So, I think the tone of Pied Piper was handcrafted for Taehyung’s voice, for real. The melody and the lyrics are begging for a sensual vocal, and because Taehyung delivered it the way he did, it came out amazingly. Even Taehyung’s head voice has a lot of depth to it on the chorus.
MIC Drop
Hobi [0:28-0:50] - If we’re gonna bring up the best BTS rap verses, this one is front and center. Hobi’s tone on this track is insanely fun to listen to because he really goes for that whiny sound that compliments the lyrics perfectly.
Yoongi [0:50-1:13] [1:44-1:46] - I mean, Yoongi’s got the best parts of MIC Drop, too; hands down, this is one of his best verses. I love when Yoongi chooses a higher-pitched tone--and he goes whiny in this song, too--to drive home sassy lyrics, and it slaps in MIC Drop. And that second take... I mean, why does Yoongi on the “bal bal joshim neone mal mal joshim” line devastate?
Jimin [1:24-1:29] [3:48-3:52] - The first take is kind of also about the effect on Jimin’s vocal, but both the first and second takes are fire for him because he adds character into his voice. It’s just short of adding grit to it, but it works so well.
Jungkook [1:18-1:23] - Okay, the reason the “how you think ‘bout that” part is here and not the “did you see my bag” part is because Jungkook yips more on the “how you think ‘bout that” line, and it’s amazing.
Namjoon [2:09-2:20] - I understand that this is about the effect on Namjoon’s voice, and I don’t care. It turned out so well on top of the slight growl in Namjoon’s vocal, and I stan this as one of his finest moments.
Taehyung [2:26-2:31] [2:43-2:48] [3:23-3:28] - I will die on the hill of Taehyung being the best vocalist in rap-heavy songs. The grit in his voice is the perfect accompaniment to offset the rappers. I really think this song was a win for him all around. Like, legit, Taehyung is sliding up into a yip all throughout this song, and yet his vocal always has bass. How in the hell? That’s the magic of his vocal in this song.
Jin [2:37-2:43] [3:17-3:23] - The second take of the first timestamp just hits different. It’s subtle, but the added umph Jin put in his voice elevated it a lot. Also, Jin’s low voice at the end is perfection.
Go Go
Jimin [0:13-0:25] [1:19-1:23] - Jimin hits different in this song. He has hella animation in Go Go. Like, he sounds like a full ass crow in that second vocal take, and it slaps? Someone explain?
Hobi [0:27-0:34] - Animation is the theme of this song--which is the product of the lyrics--and the way Hobi does it is one of the best examples of him using this tone.
Yoongi [0:52-0:56] - Yoongi sounds like a bird, too, y’all. And it’s still so pleasant to listen to. Please tell me how this is one of Yoongi’s best lines ever.
Taehyung [1:53-2:05] - Deadass, I nearly hated this verse because it’s so over the top, but fam, the animation in Taehyung’s vocal is iconic. Nobody does it like Kim Taehyung, I tell you what. He hits way different on this track. This is my favorite part of Go Go now. He stepped into the rap line in Go Go with this shit, and I want more of it. Let Taehyung sound like a whole ass cartoon character again, please.
SEA
Taehyung [4:52-5:04] - I can’t express what it is about this vocal take. I didn’t mean for it to be here, but it’s so emotional. Maybe it’s the key it’s in; maybe it’s because it’s the last line. I don’t know, but Taehyung sounds like a dream. When he goes this low, it’s stunning.
Don’t Leave Me
Jimin [0:56-1:07] [2:22-2:30] - I got mad respect for these two boys right here. I mean, they don’t sing this live, but still. This was a hella hard vocal for them to do, and even if it was just for the studio, both Jimin and Jin pulled it off. That’s enough to make this some of Jimin’s best vocal takes.
Jin [1:15-1:23] [2:02-2:13] - Jin doesn’t flip into head voice on the Eb5 like Jimin does; did you know that? That’s every level of impressive. And his vocal was open, as well, which made it sound awesome. Same thing here: Jin deserves this listing because he killed it.
Crystal Snow
Hobi [0:37-0:42] - Ah, Hobi does so well with these fluffy melodies. The way he basically whispered this line was gorgeous. I would listen to that on repeat every night.
Taehyung [1:00-1:05] [1:31-1:43] [2:47-2:58] [3:31-3:28] [4:16-4:34] - The last timestamp includes his adlib at the end, okay? This is another hill I’m gonna die on. Taehyung is unequivocally the perfect vocal for Crystal Snow. I mean, they closed the chorus with him for a reason. It’s because of the soul he’s got, you know? This song is hard for Taehyung. Going up to Bb4s that often is meant to be nearly impossible for a baritone, but not only does he pull it off, he pulls up so much depth and emotion into those high notes because his voice is naturally deep that his vocal ends up standing out the most. If I had to have a top ten list of songs that I love Taehyung in, this would be near the top.
Yoongi [2:06-2:12] - This is another one of those times where Yoongi is bringing his rap tone to his singing, except he’s also rapping a bit here, too. Either way, he sounds so soft and I adore that sound in Yoongi’s vocal.
Jin [2:16-2:20] [3:43-3:49] - How does Jin sound so delicate in that first vocal take and so epic in the second? Y’all, sometimes Jin’s high notes outdo themselves because they’re so full and open, and Crystal Snow made that happen.
Jimin [4:41-4:50] - I mean, Jimin’s sweet tone would normally be good in a song like this, but Crystal Snow really benefitted from Jimin using a sharp high note right here. Every time I hear this, I get chills.
Let Go
Jungkook [0:01-0:12] - I mean, really; how angelic can a vocal take sound? It’s, like, because Jungkook is using a breathy head voice while dipping his voice down low for just a second, you know?
Jimin [0:12-0:22] - Jimin’s doing the same thing as Jungkook, but it sounds so different with Jimin’s vocal tone. Either way, it’s beautiful. And Jimin’s vibrato at the end of this line is stunning.
Taehyung [1:07-1:18] [3:52-3:57] - I mean, this is the same thing as Taehyung in every other slow-but-kind-of-poppy Japanese song. He’s doing that thing where it feels like he could flip into head voice, but then he’s also got husk every time he drops into a fuller sound, and it’s devastating. He makes me want to cry with how gorgeous he sounds.
Jin [3:41-3:46] - I can’t tell you why this specific falsetto vocal take hits differently. It may be because of Jin’s Japanese pronunciation, but it’s a flawless vocal take.
Intro: Singularity
Taehyung [2:56-2:58] - I’m gonna keep it a buck: I’m a Taehyung stan, and I love his deep vocal, but Singularity doesn’t show off all the colors of Taehyung’s vocal that well. It is an incredible demonstration of Taehyung’s overall vocal tone and how unique it is--which is probably why it’s critically acclaimed--but there isn’t a lot of vocal variation. That being said, the adlib in the background that you’ll hear with this timestamp is one of the most beautiful things I’ve heard anywhere. It’s literally three seconds long, but it sounds like it’s a part of a gospel track--that’s how soulful it is. Kim Taehyung is the king of vibrato, for real. This tiny adlib somehow showed us an array of colors in Taehyung’s voice that we don’t get very often, so I love it.
FAKE LOVE
Taehyung [0:00-0:11] [1:33-1:39] - Look, there are certain things that just sound better with certain members. Every members has a few melodies that sound the best when they do them. These are two for Taehyung. First of all, his vocal in the intro is as good as it is in DNA--so stunning. Second, his tone on the chorus is beautiful. It fits FAKE LOVE perfectly. It’s not too clean, his vowels are on point, and he puts the little bends in his voice that Taehyung is a master of. These are definitely some of my favorite vocal takes from Taehyung.
Jin [0:31-0:36] - Jin sounds so good on the “fake love” lyric, though? It’s a C5 and it sounds effortless for him. His tone in FAKE LOVE is gorgeous, as well. Giving Jin the hook was good choice.
Jimin & Taehyung [3:31-3:43] - Listen, I would vibe so hard with a Taekook subunit, but nothing beats the 95′s harmonization for me. Actually, usually these two just sing the same melody in two different octaves because Taehyung can go really low, which is the case here--though, when they really do harmonize, it’s also gorgeous. Anyway, this line is the perfect way to call back to Taehyung’s beautiful vocal in the beginning, but with Jimin’s vocal on top blending with Taehyung’s, it sounds even better.
The Truth Untold
Taehyung [0:07-0:09] [2:06-2:22] - How do I explain this? I tried to be really picky with this song because all the members sound beautiful. The first timestamp here is the hum in Taehyung’s first part; I can’t explain why it’s one of the most satisfying vocals I’ve heard, but it is. The second is Taehyung on the chorus. Whereas the other members are singing gently, Taehyung’s vocal take makes me feel like he’s singing emotionally, and that’s why I listed it.
Jungkook [1:22-1:26] - Jungkook never gets to sound delicate like this, but he really should have the opportunity more often. His vocal didn’t crack too much, it wasn’t excessively breathy, it wasn’t quiet--I liked it a lot.
Magic Shop
Jungkook [2:23-2:35] - It’s mostly the second phrase of this vocal take that I love a lot, but the whole thing sounds gorgeous with Jungkook’s vocal on it because Magic Shop benefits from a clear vocal tone. Essentially, I love listening to Jungkook flip between his head and full voice in this vocal take.
Jin [2:35-2:48] - Everything leading up to the C#5 is stellar, but I can’t express how satisfying it is to listen to Jin hit the “Magic Shop” lyric. The fullness in his belt is so gorgeous. Jin doesn’t always sound like this when he belts, but in Magic Shop, his delivery was beautiful.
Taehyung [3:14-3:26] - Deadass--and I don’t say this lightly--if I were to make a top 20 list of BTS’s best vocal takes, this would qualify. Putting aside the fact that this is a hard vocal for a baritone, Taehyung puts texture in his voice at all the right places. He lets it be breathy at certain parts, powerful or soft at others, and it becomes a few, short seconds of some of the best vocals I’ve heard in the entirety of BTS’s discography.
Jimin [3:26-3:39] - Speaking of some of the best vocals, this is one of my all-time favorite high notes from Jimin. This applies to the whole vocal take, as well, but Jimin’s vocal tone really stands out in Magic Shop. Magic Shop is the type of song that blends best with a clear vocal tone, but sometimes, I don’t want a vocal to blend--I want it to stick out. Jimin’s does.
Anpanman
Yoongi [0:29-0:38] - This isn’t all of Yoongi’s verse, but this vocal take is what makes me hype about Anpanman. I don’t understand it, either. It’s probably because Yoongi sounds awesome, but these nine seconds are the part of Anpanman that get me emotional.
Euphoria
Jungkook [3:07-3:14] - The solo songs are so hard to talk about because there’s so much to choose from. I know I just singled out the falsetto high note, but it sounds pretty, and it was the quickest way to figure out what part of this song should make this list. Seriously though, Jungkook did well with his tone on the high note because it doesn’t sound too strained or thin. It turned out perfectly.
SERENDIPITY
Jimin [1:08-1:15] [1:23-1:30] - This is the same melody, but different lyrics, so I listed both. Look, I know everyone is head-over-heels for Jungkook’s vocal agility--which is justified--but Jimin sounds so pretty in these vocal takes. And not pretty because he’s using his sweet vocal tone; in fact, this is one of the few times after 2016 where we get to hear Jimin’s lower tone. I love it.
Trivia 轉: Seesaw
Yoongi [0:26-0:44] [1:03-1:39] [3:45-4:02] - I have no problem saying this is one of my favorite solo songs. Actually, it probably makes the list for my favorite BTS songs, in general. I’m not gonna talk about each one of these, but just know that Yoongi sounds like an angel when he sings. He did so well with this song, and I think he was able to create something that fit his vocal tone perfectly.
I’m Fine
Taehyung [3:38-3:57] - So, this could technically cover Taehyung’s first part on the chorus, too, but this last bit has a different melody since he’s ending the song; plus, he goes up on the higher note during “beonilado” in a nicer way than he did on a different lyric the first time. Anyway, Taehyung taking the last line of I’m Fine was nice because he’s the best at shifting between intense vocals and soft vocals without a noticeable change in his tone. He did that to finish off this song, and it came out sounding gorgeous.
IDOL
Namjoon [0:15-0:18] - I mean, this is an iconic line, but Namjoon just delivers it perfectly. Fight me in the replies that no one could’ve started IDOL better than Namjoon.
Yoongi [0:30-0:36] - Yoongi’s “woo” is, no joke, one of the best parts of IDOL, for me. Overly animated songs are Yoongi’s bitch, and he slapped in this song.
Taehyung [0:46-0:50] [1:54-2:02] - I’ve seen people say the second vocal take is a rap? Is that true? I don’t know, but regardless, I’m on another hill that says songs like IDOL fit Taehyung’s vocal the best. Like, his pronunciation and tone sound amazing on the first take, and the second take is rude as shit with how good it is. Taehyung’s vocal can be aggressive, and it works in IDOL.
Jungkook [1:46-1:54] - Jungkook’s tone changes by the end of this vocal take, and it’s so cool? Legit, he starts as himself, growls once, and all of a sudden, he’s Kim Taehyung. Jungkook needs more parts that let him do this because he sounded dope.
Answer: Love Myself
Jin [1:11-1:26] - Jungkook is technically within this vocal take, but I didn’t wanna split Jin’s chorus up into two timestamps. Anyway, doesn’t Jin’s falsetto blend with the melody so nicely? It’s really pleasing to listen to.
Hobi [2:06-2:14] - This vocal take is the Hobi tone I love to hear in slower songs. He puts a bit of that animation in that he would if he were rapping, but it can sound so nice when he’s singing, too.
Taehyung [2:51-3:07] [3:45-3:47] - The first timestamp is probably one that certain people wouldn’t agree with, but I love Taehyung’s brassy falsetto. The adlib he does also sounds beautiful because it’s so full. The last timestamp is also an adlib, and yes, it’s so pretty. I’m an advocate for more Taehyung adlibs because his vocal tone makes everything sound stunning.
Jimin & Taehyung [3:25-3:30] - I know this is usually said to be Jimin and Jungkook, but I don’t understand why they’d give this part to Taehyung live for every single performance if it wasn’t his part to begin with. It’s not like this is Spring Day where they gave half of Namjoon’s part to Hobi because Hobi had no lines. I only say that because Jungkook is the main vocalist, so I can’t imagine that part being switched for the live version since it’s a very technically difficult part of the song. It also sounds like Taehyung in the studio version--when you can hear the lower melody--because the lower vocal tone matches what you’d hear from Taehyung live. Whatever. Whether it’s Jungkook or Taehyung, they sound gorgeous harmonizing with Jimin.
Intro: Persona
Namjoon [2:24-2:47] - This part is so fun, though. I mean, the whole song is a vibe, but this is where it hits, you know? Namjoon did such an amazing job using his vocal texture to highlight the melody.
Boy With Luv
Jimin [0:15-0:31] - Jimin’s vocal was so pretty in Boy With Luv, for real. He outdid himself in this song because his vocal should blend really well into the song, but it sticks out instead. That’s why I had to list it.
Taehyung [0:31-0:40] [2:08-2:13] - I’ve said this before, but Taehyung’s vocal in Boy With Luv is literally what flirting would be if it were a sound. The first vocal take is the best example of that because it turns from a bubbly song to sensual so quickly. Then, the second vocal take does it again, but with Taehyung’s falsetto dropping into his chest voice rather than his deep voice. Him doing the pre-chorus is my absolute favorite part of Boy With Luv.
Jungkook [1:07-1:12] - I can’t accurately explain why this is so satisfying to listen to. I just listen to it, and go, “Yes, Jungkook.” I don’t know why. Because his vocal has texture in it? Because his vocal blends nicely? Because it’s Jungkook? It’s a mystery.
Yoongi [1:36-1:44] - Why is it that Yoongi stepped into a bubbly song with his lazy tone and turned it into one of his best vocal takes ever? I can’t explain it, but it’s gotta be Yoongi’s own brand of magic. His vocal tone fits wherever it is.
Hobi [1:51-2:08] - Hobi sounds like an instrument, and it’s so cool? But the end of this verse, where Hobi sings, sounds so nice with Hobi’s vocal tone. His vocal stands out in the same way Jimin’s does, and I feel like Hobi doesn’t always get that opportunity, so he killed it with this one.
Mikrokosmos
Namjoon [1:32-1:40] - Namjoon sounds so pretty here, doesn’t he? I keep saying that about his singing voice, but I really do love it that much. He always makes melodies better with the way he delivers them, which is what he did here.
Taehyung [1:51-1:59] [2:40-2:44] - So, Taehyung is the only one--talking about the first vocal take--that had the vocal run on the pre-chorus, and it sounds gorgeous. The second vocal take is Taehyung’s part in the bridge, and I think it’s one of the nicest examples of his head voice. The tone on it is really nice, and the texture he used was beautiful, as well.
Jin & Taehyung [2:06-2:39] - Don’t @ me for this Jikook stans, but Taehyung and Jin on the chorus kill it. Jin fits his lines perfectly because this is the exact type of song his vocal texture sounds the best on, and Taehyung adding in a fuller sound balanced it out nicely. They both sound amazing.
Jimin & Taehyung [2:55-3:01] - For the life of me, I don’t know why they didn’t give Taehyung the harmonization for the entirety of this line in studio, but you know. Regardless, these two sound stellar, as always. I don’t know how to explain it, but the type of song this is is dying for vocals like Jimin and Taehyung’s, so for them to sing together here is beautiful.
Jimin [3:01-3:08] - Though Taehyung and Jimin sound good doing this part live together, it doesn’t mean that Jimin harmonizing with himself didn’t sound absolutely perfect. The harmony itself is really pretty, but Jimin’s sharp vocal tone plus the high note send it to another level.
Make It Right
Taehyung [0:09-0:18] - Taehyung’s vocal sounds so relaxing, doesn’t it? Make It Right doesn’t have a lot of chances for the vocalists to stand out since it’s a pretty basic song, but Taehyung used his vocal tone well in this take.
Jin [0:46-0:55] - Jin sounded very delicate in this vocal take, but I still like that his falsetto had some power to it. It wasn’t very much, but it made the vocal take sound really pretty, and it’s probably one of my favorite examples of Jin’s falsetto.
Hobi [1:31-1:36] - This is, without a doubt, the most melodically and tonally interesting part of this song, for me. It’s because Hobi used his voice really well, but Hobi’s vocal tone is naturally really interesting in songs like this. This is one of Hobi’s most satisfying vocal takes to listen to.
HOME
Taehyung [0:26-0:36] [3:20-3:26] [3:45-3:49] - No, but Taehyung’s voice sounds so special in HOME? He made his tone brassier, which complimented the song really well. Actually, that’s something he does a lot in BTS’s 2019-2021 music. Not to mention the fact that he hit two C5s right after one another in the final chorus. Taehyung just sounds good. That’s my closing statement.
Dionysus
Namjoon [0:21-0:43] - This is one of the coolest rap verses BTS has ever produced, real shit. Legit, this is probably in my personal top 5 for Namjoon and the rap line in general. Namjoon made it sound so fucking amazing.
Hobi [1:03-1:05] - Don’t ask me for explanations with this one; I just really loved Hobi’s vocal leading into the chorus because of his delivery.
Taehyung [1:05-1:10] [3:25-3:27] - The first take is Taehyung on the first half of the chorus, and holy shit does his voice fit Dionysus perfectly. Not that clean tones don’t sound good, but Dionysus has a dark tone to it, so Taehyung’s vocal was it, fam. The way they mixed his vocal in the production process came out really cool, too.
Jimin [1:14-1:16] [2:22-2:27] [4:00-4:02] - I’m not going into detail on all three, but just know that Jimin’s vocal pops in Dionysus, and he slays. It’s because, while he does have a bright tone, he darkens it in a really lovely way for this song. I am gonna talk about the last one, though, because how cool was that ending adlib? What a way to end the song.
Jungkook [1:33-1:38] - Jungkook’s doing little echoes of the lyrics here, right? Even though the video says it’s Jin. I’m talking about each time he does this during Dionysus, okay? The falsetto he uses is crazy satisfying to listen to. It’s so sharp; like, you have no choice but to pay attention to it.
Yoongi [2:55-3:05] - This is another thing that has to do with the final production because they made Yoongi sound super cool. It’s got a really dark tone to it, and that’s something I’ll bring up with Yoongi again because it sounds incredible on his vocal.
Jin [3:27-3:30] - Y’all hear that high note, though? It didn’t sound human? Kim Seokjin is an alien confirmed. No, but for real, the brassiness in his tone? I want more of that shit right now.
BLACK SWAN
Yoongi [0:26-0:39] - This is that dark tone I was talking about--plus the effect on Yoongi’s vocal, too. Doesn’t it sound incredible when it’s Yoongi? I mean, what a way to start this song. It’s a somber vocal, and it’s stunning on top of the mix and paired with the lyrics.
Namjoon [0:46-0:52] - I really like the note change on “jukgessji ama,” but I really love how Namjoon delivered “but what if that moment’s right now, right now.” It’s somber, but it also feels like a propelling force into the pre-chorus.
Taehyung [0:52-0:59] [1:18-1:24] - I lose my shit every time I hear Taehyung sing the “bump bump bump”/”jump jump jump” part. He’s got such a husky vocal in BLACK SWAN, and it sounds so damn good. I mean, his tone sounds so distinctive anyway. That second vocal take is him on the chorus, and it is genuinely the only time I can hear a clear difference between the vocalists’ voices in BLACK SWAN. They put so much processing on their vocals that they all sound similar, but when Taehyung’s vocal comes in, it’s easy to tell that it’s him. I can tell when it’s Taehyung throughout the whole song, but the second vocal take is the only other take that makes this list.
Hobi [1:44-1:56] - This is almost on par with Namjoon’s verse in Dionysus, for me, and for all the same reasons. His tone, the delivery, the way he enhances the melody; Hobi slaps in BLACK SWAN.
Louder than bombs
Hobi [1:38-1:45] - While everyone sounds amazing in Louder than bombs because it’s so unique, I think Hobi is the only one with a notable vocal take because his tone sounds so different from how it normally does. Hobi always has some degree of husk in his vocal when he sings, but this vocal take is almost a whisper, and it sounds really beautiful.
ON
Taehyung [0:28-0:36] - So, Taehyung has a slightly different tone in Map of the Soul: 7 through BE and Film out, and it’s really nice. In ON, he uses really well on his verse because he adds in interesting textures throughout the entire take. For instance, at the end of it, he yips a little bit. Overall, it’s a sound that only Taehyung could pull off.
Jungkook [2:58-3:12] - This is probably the best vocal take Jungkook has up to Film out. The tone he has in studio isn’t easy to replicate live, but the way it came out in the studio version was phenomenal. Yes, the falsetto is dope, but that’s not my favorite part of this vocal take because it doesn’t have the best tonal qualities in the world, though I still listed it because it’s impressive technically. The part that drives me wild is when Jungkook comes back up in pitch on “Oh, I’m takin’ over.” It’s two D5s in a row, and Jungkook’s raspy tone sounds insane.
UGH!
Yoongi [0:23-0:24] - I wasn’t gonna add this because it’s just Yoongi saying “dungdungdung,” but the growl in his voice is sick. It’s like a freaking subwoofer. Is it bad if it’s the highlight of UGH! for me? Too bad.
00:00
Jimin [0:36-0:48] [1:50-1:56] - Doesn’t Jimin’s voice kind of sound wobbly in 00:00? I love it, though. It lends itself to the tone of the song really well, and I think it resulting in him having a unique tone that qualifies as some of his best vocals yet.
Taehyung [0:49-1:00] [2:01-2:14] - I mean, Taehyung has that gorgeous tone, he’s giving us raspy vocals when he drops his pitch, he’s belting during his lines even though they’re just verses and not a big high note in the bridge because he’s a legend and always has to sing higher than he’s comfortable; basically, he’s doing the most in 00:00 and his vocal sticks out a lot.
Jungkook [1:25-1:26] - Yes, Jimin is singing the “and you gonna be happy” part, but Jungkook singing the “ooh ooh” part is so nice. He does it every time the line is sung except for when Taehyung has the “and you gonna be happy” lyric. I think. I’m pretty sure Jungkook is doing it every time Taehyung isn’t. Anyway, Jungkook sounds so pretty. I love when he drops into his chest voice from his falsetto. Even small parts like this wow me. 
Jin [2:14-2:20] [3:37-3:40] - Jin doesn’t get a lot of chances to show off vocal agility, but the first vocal take gave him some wiggle room, and I thought it sounded beautiful. The last vocal take is his high note because how can I not, you know? Talk about beautiful.
Jin & Jimin [3:32-3:36] - No, but their harmony together sounds so pretty? Jin and Jimin’s vocal tones are incredibly different from one another, but whatever they did here was a success because it’s entrancing.
Inner Child
Taehyung [2:03-2:22] [3:05-3:19] - Taehyung sounds so different in this song. I think it’s because this is a genre he hasn’t done before, but I love it. I mean, Taehyung’s vocal tone is always consistent, but that doesn’t mean he can’t sound fresh. The first vocal take has a really pretty bend that Taehyung does with his voice that I love every time I hear it plus the second chorus, which I thought was a better take of it than the first. The second take is the bridge, which sounds so gorgeous with the harmonies and the high falsetto in the background.
Friends
Taehyung [0:09-0:14] [1:02-1:08] [1:27-1:32] [2:54-2:56] [3:14-3:16] - For all Taehyung sounds different in Inner Child, this genre of music did something for his voice; it’s almost like he sounds more grown up, if that makes sense. He has so much character in his vocal. Like, the yips, the speech-like singing, the softer parts, the belts, the pronunciation; I stan. Also, that high note he hits in the last chorus on “you are my soulmate”? Shut up, fam. It sounds so good. On top of that, the lick at the very end that ends the song is so satisfying, and I love that they chose to end Friends that way. Basically, Taehyung sounded like a new being in this song. I don’t make the rules.
Jimin & Taehyung [0:17-0:27] [0:42-0:44] [0:47-1:02] [1:14-1:27] [2:14-2:50] - I’m not gonna make you suffer through an explanation of all of these, but don’t they kill it together? These are some of the best vocal takes I’ve heard from either of them; must be because Friends is so personal, but who knows. Some of these takes are weird because it catches the end of a phrase or is Taehyung and Jimin switching back and forth between them, but I mean what I put down, my friends. Also, can we talk about their harmonized high note and all the harmonies afterward because please; how do they sound so gorgeous? Taehyung is doing nice melodies behind everything, Jimin is going up high and harmonizing with his falsetto; I mean, lovely. It’s all lovely.
Jimin [0:27-0:29] - I had to put in “hello, my alien” because Jimin makes it sound so endearing. There aren’t more Jimin timestamps beacuse all his best parts are with Taehyung, but this line had to go in.
We are Bulletproof: the Eternal
Hobi [0:40-0:42] - I think Hobi is harmonizing with himself here? I want that to happen more often because he sounds amazing.
Taehyung [1:14-1:18] - I don’t know if it’s because it’s Taehyung or because he says “bulletproof” with an “ooh” sound or because his voice sounds so full, but I love the way Taehyung sounds here.
Jungkook [1:18-1:20] - Jungkook’s falsetto on this line was the right choice. That is all.
Yoongi [1:35-1:46] - Ah. I love Yoongi’s verse. It’s the best part of We are Bulletproof: the Eternal, for me. You can hear all the texture in his voice, and the emotion just slams you in the chest.
Jimin [2:20-2:24] [2:43-2:48] [3:06-3:09] - This song was made for Park Jimin. He’s flipping from his falsetto to the fullest, most gorgeous tone ever, and it conveys all the emotion it’s supposed to. Something about Jimin’s vocal in these takes is send-shivers-up-your-spine worthy.
Stay Gold
Taehyung [0:45-0:58] - Y’all this melody sounds so pretty with Taehyung’s voice. The vocal runs he does are so gentle, and then you have him fading his voice into this light tone with his vibrato running through it; I mean, please. Beautiful.
Jungkook [3:06-3:11] - Speaking of vocal agility, Jungkook bouncing between these notes and then ending in a vocal run is so nice to listen to. His tone is gorgeous, but he uses it well, which is the important thing. I love this part a lot.
Lights
Taehyung [0:12-0:20] [0:51-1:00] [1:50-2:01] [2:30-2:40] - The second vocal take also references Taehyung’s part in the last chorus, by the way, but they had the same lyrics and sounded the same, so I just listed it once. Is this every part Taehyung has in Lights? Yes. Do you know why? Because this is his song. He owns it. Can you hear his tone when he belts? Which, by the way, happens almost every time he sings. Do you know how difficult this song is for a baritone? And Taehyung still manages to have that full, intense tone when he hits the high notes? Shut the fuck up. Hands down, this is one of the best examples of how amazing Taehyung is as a vocalist.
Jungkook [0:41-0:50] [1:41-1:49] [3:46-3:50] - Jungkook is it in Lights, my friends. After ON, I think I like Jungkook’s tone the best in this song. Don’t ask me why; I know this probably isn’t on the list for an ARMY with a Jungkook bias if you’re asking them about their favorite songs, but Jungkook doing things with his vocal that I love in Lights. It’s not too flat, not too clean; he’s adding in whispers and snapping from falsetto to full voice and belting at the end--all of it made the song come out beautifully.
Jin [1:05-1:10] - Jin like... whispers in this vocal take, and I go crazy over it. Besides that, please tell me why Jin saying “itsu datte” sounds so pretty. I don’t understand it, but he’s legendary.
Jimin [1:15-1:20] [3:27-3:36] - Jimin sounds so bright in this song, and no, that isn’t a pun. I really love how he offsets the other vocalists who are belting because Jimin is flipping into his falsetto or leaning into his sweet tone a lot, which brings a gorgeous character to the melody.
Yoongi [2:51-3:08] - Yoongi sounds like the prettiest thing in the world in Lights. I know it’s the melody, too, but Yoongi delivers it so well. This is a verse I could fall asleep to.
Your Eyes Tell
Jungkook [0:03-0:14] - Jungkook sounds different on this vocal take, and I like it a lot. Where he places his vibrato, as well as where he’s dropping into a softer voice are both lovely details that make this vocal take one of his best.
Jin [2:07-2:19] - I love that Jin’s vocal almost sounds like a cry. Not a vocal cry--as in, the vocal technique--but a real cry. It spills emotion all over the place, and I’d say it’s one of Jin’s best attempts at this type of sound.
Namjoon [2:20-2:27] - I don’t know why, but I really love Namjoon’s dark tone in Your Eyes Tell. It’s relaxing, to me. I’ve heard it before in songs like SEA, but for some reason, it reads as special in this song.
Jimin [2:45-2:51] - This song is so soft, but Jimin comes in and slaps you in the face with a super sharp high note, and I think it’s a brilliant way to add variation in the vocals. Jimin’s vocal tone made it what it was, as well.
Life Goes On
Jimin [0:23-0:35] [2:42-2:46] - This is another song that’s very suited to Jimin’s vocal tone. Jimin does have a bit of a whisper going on, but he’s also putting in vocal cracks that add a bit of intensity, and it all blends really nicely. Like, the second vocal take is his harmony in the back, and it sounds heavenly.
Taehyung [1:00-1:11] - This covers both takes of this line, but Taehyung sounds so soothing. It’s so nice to listen to because he made his vocal really smooth while his tone naturally gave it texture. I love, love, love this part.
Yoongi [1:47-1:58] - Y’all this is my favorite example of Yoongi singing. He sounds so soft. It kills me every time I hear it; I mean, who gave him the right to sound so pretty? Seriously, though, Yoongi’s vocal is also really soothing, and melodically, this is one of my favorite parts of Life Goes On thanks to Yoongi’s delivery.
Hobi & Jungkook [1:59-2:06] - Jungkook is only doing harmonization for a second during this vocal take, but it was so pretty that I had to add it in. Speaking of pretty, what the heck is Hobi doing that he sounds so lovely? The way he slides his pitch down on “mallo” is so nice. Hobi’s tone is perfect for Life Goes On.
Taehyung & Jimin [2:58-3:21] - This is perfect way to end this song. This would’ve qualified had it just been Taehyung because this is the type of song where Taehyung’s vocal really benefit the melody, but Jimin on top of him with his light tone is stunning.
FLY TO MY ROOM
Taehyung [0:09-0:17] [0:34-0:50] [1:08-1:24] [1:40-1:57] - There’s so much goodness happening in FLY TO MY ROOM with Taehyung’s vocal because he spent time developing his tone for this song since he wanted it to sound like a conversation. It ended up sounding gorgeously brassy yet soft, and the vowels he used popped a lot, as well. It’s not so much about specific moments in this song as it is that Taehyung just sounds really good. Like, his parts in the chorus--the timestamps I have are meant to account for all of Taehyung’s chorus parts, and same with Jimin, by the way--and the vocal run at the end of his part in the verse were incredible.
Jimin [0:18-0:34] [0:50-1:07] [1:28-1:40] [3:11-3:13] - FLY TO MY ROOM simultaneously fits Jimin’s voice really well and makes him sound totally new. He’s leaning into the fact that his voice has a higher pitch naturally, and it complimented the tone of the song really well. Like, listen to that high note at the end. That’s my kind of shit right there.
Yoongi [1:57-2:12] - Yoongi is a straight vibe in this song. You’ve got his lazy tone on a lower octave than the higher, brighter tone laying on top of it, and the blending of the two is just stunning.
Hobi [2:13-2:30] - Hobi sounds different here, y’all. It’s like he got dropped into a song that had the capabilities of bringing out the best in his natural vocal tone, and that’s what happened. The way he pronounces things is really interesting to listen to, as well. I can’t wait to hear this live.
Blue & Grey
Taehyung [0:14-0:30] [1:41-1:49] [3:10-3:17] [3:57-4:12] - The pun is absolutely intended, but Taehyung sounds angelic in Blue & Grey. Probably because he wrote it for himself, but holy shit. The fact that the song started and ended with Taehyung makes me so happy. He’s got the gorgeous low tone happening, his sharp and brassy falsetto, and at the end, you can hear him opening his mouth to sing “good night;” it’s like fucking ASMR. And the emotion. How is he allowed to be this amazing? Honestly, though, he outdid himself in every facet of this song: singing, writing, and producing.
Yoongi [0:47-1:18] - Ah, Yoongi is the exact rapper you want on a song like this. No shade to Hobi and Namjoon, but Yoongi’s somber vocal tone is an exact match for what Taehyung was trying to say with these lyrics. Yoongi sounds perfect.
Jimin [1:33-1:41] - I can’t explain accurately why it is that Jimin sounds so pretty here, but I think it’s just because he’s Park Jimin. His vocal tone fit on top of this melody so nicely, and it’s nicely contrasted by Taehyung having the same melody and doing so wonderfully with it later.
Jin & Jungkook [1:50-2:05] - The harmonies in this song are so pretty. Jin and Jungkook sound so good; why do we not hear this kind of thing more often? Jin’s falsetto is so light, and Jungkook underneath is singing the most beautiful harmony with his lower vocal tone that he doesn’t use nearly enough, and it’s all just... stunning.
Jimin & Taehyung [2:05-2:20] - Y’all. This is my favorite part of Blue & Grey--probably. I love Taehyung’s parts a lot. Anyway, it feels like these two are talking to me through their vocals. Jimin sounds so sharp while Taehyung sounds soft, and the whole vocal take feels warm and comforting. Honestly, this is one of my favorite bits of harmonization in any BTS song.
Telepathy
Yoongi [0:37-0:55] - Yoongi invented the word vibe, okay? Telepathy was made for Yoongi. That is true. I know the pitch was difficult for him, but you can’t even tell? The effect they put on his vocal, too, makes it sound even cooler.
Taehyung [1:15-1:23] [1:31-1:39] [2:18-2:27] - This is a song that I wouldn’t think about being a good fit for Taehyung’s vocal tone, but he proved me wrong, I tell you what. He’s doing that interesting thing with his vocal tone that he’s been doing for a year or so now, and it fits. He sounds so interesting in Telepathy, and I hope we get more of it in the future.
Dis-ease
Taehyung [0:47-0:52] [2:27-2:32] [3:15-3:19] [3:24-3:25]- Doesn’t Taehyung sound so cool? It’s that interesting tone again, but it’s even more interesting in Dis-ease somehow. Like, you head that bend in his voice in the second take on “laugh”? Doesn’t it sound awesome? I know the effect on his vocal has something to do with it, too, but it’s also just Taehyung playing with his tone and making it sound really fun and cool.
Jimin [2:17-2:22] - Jimin just sounds wavy. That’s all I have to say. Like, he sounds so nice, you know? I think it’s the vocal run and the “I hate dat,” but who’s to say?
Jungkook [3:10-3:14] - The character in Jungkook’s voice is so cool, though. He sprinkles in the tiniest bit of vocal agility and umph, and it came out so well.
Dynamite
Jungkook [0:01-0:26] [2:07-2:11] [2:40-2:44] - I mean, this was supposed to be a song for Jungkook to center in, right? I know he’s always the center, but you know what I mean. His vocal tone is super clean, which is probably why they wanted it to anchor Dynamite since it’s a standard pop song. It worked, though. Jungkook sounds super vibey. His falsetto note going into the key change is really nice, too.
Namjoon [0:26-0:34] - I love this part in Dynamite, and I don’t understand where the love for Namjoon is at. He owns this shit. 
Jimin [0:51-0:59] [1:25-1:32] [2:11-2:15] [2:24-2:31] - Yo, is it just me, or does Jimin sound super different in Dynamite? I don’t know if it’s the key it’s in or what, but he sounds really cool. He sounds brassy, almost, but also it could just be his pronunciation. I don’t know. Either way, Jimin came out swinging with Dynamite.
Taehyung [1:00-1:12] [1:42-1:50] [2:20-2:23] [3:06-3:14] - They really said, “Let’s give the baritone the hardest fucking vocals in this song.” Like, Jin is the king of high notes, and he struggles with Dynamite, and yet they gave Taehyung the same high notes as him? You wanna know what though? He murdered this song. Absolutely killed it. I cannot express enough how impossible it should be for him to his a C#5, but he fucking did it, didn’t he? Not only that, but his tone on his verse, as well as the choruses, is such a vibe. For such a basic song, Taehyung did something really special with it, and it resulting in the most impressive vocals--in terms of range--he’s had to date.
Jin [2:49-2:53] - Yes to Jin killing this high note. His tone sounds really nice, and he slapped on this line.
Jin & Jungkook [2:54-2:57] - You hear Jungkook doing the “light it up like dynamite” line in staccato behind Jin? That shit sounds so cool. It’s easily one of the most fun vocal takes BTS has ever done.
Film out
Jimin [2:39-2:46] - Jimin’s vocal tone is it for Film out, fam. You hear that high note, yo? It’s so gorgeous. Like, the impact it has on the emotion of the song. Jimin really came out and snatched this era.
Taehyung & Jimin [3:19-3:29] - This is my favorite part of Film out. Like, it would’ve been enough to have it be Taehyung, but Jimin harmonizing with him makes it so pretty. Jimin adds a lovely delicacy to the last line, and Taehyung’s vocal conveys all the somber emotion that is necessary to close out this song. And Taehyung’s vocal run at the end is so damn gorgeous. The 95′s are killing it yet again in 2021.
Butter
Taehyung [0:43-0:48] [2:06-2:14] - I’m sorry, but holy shit. I know the vocalists all had the same parts, but this is (yet another) really high-pitched song, and Taehyung singing up in that range is gorgeous. I adore his tone in Butter. And all those C5s he was hitting? Again, I’m aware that the other members are hitting those notes, as well, but--I mean, do I need to bring up the fact that he’s a baritone again? No, more than the high notes, though, I thought Taehyung’s vocal color stood out a lot in Butter, so these couple parts deserve to be on this list.
Okay, that’s really it. For now. Until we get new music. Honestly, I’m really impressed with each and every one of these members each time they release something new. It’s insane to me what they can do with their vocals and the control they have over their vocal tones. Every vocal take they have is the best of the best, but this list set out to find the gems hidden even within the diamonds of their discography. If you actually went through this list, thank you, and I’m sorry. Like I said at the start, it’s a hot mess, but I really wanted the chance to talk about specific notes or lines that blow me away every time I hear them. Share some of your favorite vocal moments in the replies, and thanks for reading.
4 notes · View notes
Text
Get Started With Spanish Transcription And Translation
Is the movie made up of raw materials or is it already done? Some ways you can use the text
To watch a video with raw material, you might read the spanish transcription . The goal is to write down the raw material and make a script out of it. The raw material could also be used so that a video editor who doesn't speak Spanish can still work on the parts of the video that are in another language. For more details all about, https:subtitles.love.
Tumblr media
A  spanish transcription can be used to make captions or subtitles, or a voice-over script can be written so that the show can be dubbed into another language. Before you start, you should think about what you want to make, how much money you have, and what you want to make. A business video, movie, or TV episode? Tell us about the type of show. On the other hand, people like us have a lot of experience in this field. We can show you how to do each step.
A one-on-one interview, a group interview, an oral presentation, or a movie in a different language are all ways to get to know someone
It is organized by the type of film that we have. We might not need to ask the questions if it's just one-on-one, but we might. If the questions aren't mic'd, it will take longer and require more work to write them down. Putting the transcript together will take longer because there may be words that can't be heard.
Do you want to know who spoke in the text and their name?
It's not always necessary to name the people who speak. There may not be enough information for each answer the interviewee gives for one-on-one Spanish interviews, and this is because there is only one person in the room.
Think about what else should or should not be in the text
Post-interview footage is often full of background noise, comments made after the interview, and an interpreter translating the questions and answers. Not at all.
We can't show you every transcript that's out there. However, we can show you some of the best formats for one-on-one and group interviews and other types of discussions.
How often should you use a timecode or timestamp?
We usually put a time code at the start of each answer and every 30 seconds after that. At the beginning of each question, we can add a time code. The questions can also be translated if you want them to be, and we can do that for you if you wish. Guess that your interviewer answers a question in 60 seconds. There would be time code indicators at the start of the answer, and then about 30 seconds after that. For Reality TV dailies, we just add a timecode mark every 30 seconds if there isn't an obvious place to put the start and end of a sound answer on the screen. Suppose a group of people are having a conversation.
Spanish transcription have timecodes about 1 to 3 seconds apart from each other. Use frame-accurate time codes when the client wants them. For example, they are used to make spot lists and continuity scripts and CCSLs and other things.
1 note · View note
segadores-y-soldados · 7 years ago
Photo
Tumblr media Tumblr media Tumblr media Tumblr media
And because tumblr is going to destroy this post: the full image Please be kind to my terrible Paint skills, I wasn’t about to bust out an old tablet to make this super fancy. Please know that this is one possible interpretation of the final year, year and a half of Overwatch given what we currently have available to us right now.
Sources and more information under the cut:
To start off with, our baseline point is Recall.
Recall is when both the game and the main plot begin - the Recall animation and Winston’s “Are You With Us” recall message are initiated, and this “coincides” with the game’s release in 2016.  To make things easier for everyone, my math here is simply to project: 2016 + 60 years forward = Recall initiated in 2076
Fairly straightforward and makes following game updates a bit easier.
From here, forward-progressing events move roughly at the same time as the game has been released.  For example:
Summer of 2016 || Summer of 2076: Ana is released || “Old Soldiers” comic occurs
November of 2016 || November of 2076: The Sombra ARG concludes || Sombra leaks LumériCo’s secrets
November of 2016 || November of 2076: “Infiltration” is released || Talon attempts to assassinate Katya Volskaya
November 2076: Volskaya asks Zarya for assistance in finding Sombra
Holidays of 2016 || Holidays of 2076: the “Reflections comic” occurs
Now we’ve entered 2017 || 2077.  Things shift slightly here.
On-going throughout 2077: Zarya searches for Sombra
Late February 2017 || Late February 2077: Interview with Efi Oladele is released
July 2017 || Late February 2077: “Masquerade” comic is released || Doomfist breaks out of prison and returns to Talon
March 2017 || March 2077: Orisa is released || Efi builds Orisa
Sometime after Orisa is built, 2077: Zarya meets Lynx in Numbani
April 2017 || April 2077: the “Uprising” event is released || files on the Strike Team’s mission against Null Sector are declassified
July 2017: Doomfist is released
August 2017 || (likely) August 2077: Junkertown map is released || Junkrat and Roadhog initiate “The Plan”
September 2017 || (likely) September 2077: “Searching” is released || Zarya finally finds Sombra
This is why the “Uprising” content all says “seven years ago” - because the game and the overall plot since Recall has moved forward one year, but the actual event of Null Sector’s Uprising did not change in time. So, with the “Recall” event and the “Uprising” information, I have two anchor points of reference for the general, final year of Overwatch: 2076 - 6 years = 2070 2077 - 7 years = 2070
Michael’s GDC talk also gives us a third anchor point: the Halloween party where Reinhardt tells the story of “Junkenstein’s Revenge.”  This is actually set during Halloween the year before, so 31st October, 2069 (nice).
I’m breaking this up by section to help make this a bit easier.
Introduction
1. “Six Years Ago:” “Fading Glory: On the Trail of Jack Morrison,” in-universe article (https://playoverwatch.com/en-us/blog/19809396/) 2. Michael Chu’s timeline: “Thinking Globally: Building the Optimistic Future of Overwatch,” a GDC talk given by Michael Chu (Timestamp: 49:12 - clip starts at discussion of materials: https://youtu.be/bj56ejM5EcU?t=2952)
Late 2069/Early 2070
1. “Halloween party:” “Junkenstein’s Revenge,” a comic in which Reinhardt narrates a “scary” story to some of the Overwatch members (https://comic.playoverwatch.com/en-us/junkrat-junkenstein).  What is important to note here is that Michael actually puts this in the “Fall of Overwatch” era of his timeline.  It is also important to note that several major Overwatch characters - Lena, Winston, and Genji - are either not yet a part of Overwatch, or were not permitted to join the “core members’” Halloween party.  I have personally chosen to interpret this as the first option.  You may view things differently.
2. Tracer disappears from the timeline (not shown): “I was missing for months” - quote from her Origin video (https://www.youtube.com/watch?v=27LPGldyY7M).  “[Tracer] reappeared months later, but her ordeal had greatly changed her: her molecules had been desynchronized from the flow of time.” - quote from her Hero profile (https://playoverwatch.com/en-us/heroes/tracer/).  “Months” here, as I understand it, probably means fewer than 12 months (a full year) but more than “a couple” (2 months).  It’s difficult to say when exactly Lena disappeared and when she returned, but we know she had returned by April of 2070 (at the very latest).
3. The Shimada brothers’ duel: alright.  Full disclosure inbound.  I got a handful of people countering me on this issue in my Moira discussion and here’s my response: we have a number of conflicting pieces of information and many of them could be possible.  I’d like to run through my reasoning for why I’m placing this event in the final year of Overwatch, as well as other possible places it could go.
3.1 “Nearly ten years ago:” a few people brought up that the 2014 Blizzcon Overwatch reveal panel described Hanzo (a then-playable character) as having left his home “nearly ten years ago.”  You can find this quote on this transcript here (http://overwatch.blizzplanet.com/blog/comments/blizzcon-2014-overwatch-unveiled-panel-transcript/3).  Reason why I disagree with this assessment: this line never made it to either of Hanzo or Genji’s final Hero profiles (Hanzo: https://playoverwatch.com/en-us/heroes/hanzo/) (Genji: https://playoverwatch.com/en-us/heroes/genji/). 
That said, this does not mean the line is incorrect, nor that it is not part of whatever internal timeline Blizzard is using.  I personally do not think it’s wise to specific details from the 2014 Blizzcon panel because of how old it is and how much changed between 2014 and the game’s release in 2016.  Remember - Blizzard was still rethinking its own plot well past the game’s release (when they canceled “First Strike”).  But in all fairness, if you want to make your own version of the timeline and use that, then feel free.
3.2 Late March/Early April: I had someone else note the fact that the “Dragons” animation shows several koinobori, or the Japanese koi windsocks traditionally flown on Children’s Day on May 5th.  There are a couple of issues with this: one, it does not particularly coincide with the blooming of the cherry blossoms in the Tokyo region (source: http://www.jnto.go.jp/sakura/eng/index.php), which is where Hanamura is “set,” and two, the idea kinda trusts that Blizzard did research on koinobori and when they are supposed to be used.  In an effort to be fair to Blizzard, technically, koinobori can begin appearing as decorations as early as April, and be flown all the way through to Children’s Day.
3.3 Genji in training: a related issue to 3.2 and the upcoming 5th event in the timeline is that Genji appears to be testing out his cyborg body in a sparring match against Lena/Tracer.  The “Art of Overwatch” book also provides a description that appears to imply that this skin is him when he is still recovering:
“Much like the Origins Edition skins, the designs released for the Uprising event offered a glimpse into a pivotal period of the characters’ lives.  One of the most extreme designs belong to Genji.  After his brother, Hanzo, nearly killed him, he was taken in by Overwatch and given a new body (below).  The experience left the hero embittered and angry, constantly at war with the cybernetics that were now a part of him.
“When designing a skin for this part of Genji’s story, the developers used his outfit to mirror his turbulent state of mind.  They made his armor feel like a mishmash of parts, symbolizing the hero’s struggle to accept what he has becomd.  The use of red throughout the skin also helped ot emphasize his uncontrollable rage.” - The Art of Overwatch, page 233
No date is given, hence why I feel the idea is only implied, but it is not stated.  Again, if you wish to create your own interpretation of this, you are free to do so.
4. Winston crash lands on Earth (no exact date given): this one is very difficult and admittedly extremely loosely incorporated into the final year of Overwatch.  You may interpret it differently.  My reasoning here is that Winston is not present in the Halloween comic, and no specific details are given in the ironically-named “New Details Emerge About Possible Fate of Horizon Lunar Colony” article (https://playoverwatch.com/en-us/blog/20812209).  However, Winston needs to be “present” and part of Overwatch when Tracer returns to the timeline from her accident, so this potentially puts Winston’s landing sometime around the Shimadas’ duel.
5. Uprising: As I described above, I’ve extrapolated that the time since release and the canon-events revealed have some parallels running between them.  Obviously, this is not set 100% in stone.  However, with Uprising, we do know a few things: 
it is Lena’s first mission, so it has to come after her return to the timeline
it features Winston, so he’s either a part of Overwatch now or taking a more active role
it features Winston testing Lena’s chronal accelerator, so it is relatively recent after her return and stabilization
it features Genji before he gets his normal cyborg “skin” 
it features Angela who appears to be testing Genji’s cybernetics
Reinhardt has not yet retired
Jesse is still present and part of Blackwatch
Ana is still present
Gabriel is still present
Overwatch is already under public scrutiny
Director Petras has already suspended Blackwatch activities
It takes place “seven years ago” from 2077.
These are a lot of constraints to place on Uprising, but they do limit us to what is likely the final year of Overwatch.  The teaser tweet for the event can be found here (https://twitter.com/playoverwatch/status/848958308643885056?lang=en) and the blog post can be found here (https://playoverwatch.com/en-us/blog/20696534).   Mid-to-Late 2070 (exact dates unknown) This is where things get very difficult to align, and the majority of events could be effectively rearranged to come before or after each other. 1. Moira recruited to Blackwatch: main source - Moira Origin Story (https://www.youtube.com/watch?v=6ETybQd4uRE)   The newest event at the time of this writing, Moira’s recruitment is constrained by two major things - it must come after Genji joins, and it must happen before Genji and Jesse leave Blackwatch.  Again, if you see Genji’s fight with Hanzo as happening a couple of years before 2070, then yes, this event could come much earlier. The second “part” of this (which I’ve placed several months after her recruitment in the timeline) is that whatever Moira does or “tests” on Gabriel must come after Ana has “died” and separated from the Overwatch team.  Hypothetically, Moira’s “tests” are likely conducted over a period of time, but no matter what, Gabriel’s “final, unmasked appearance” (whatever it is) was never seen by Ana (but hypothetically has been seen by Jack/Soldier: 76).
For the quote that I provided, you can check here (http://segadores-y-soldados.tumblr.com/post/167111711575/moira-preview-new-hero-overwatch-panel) or you can watch the source video yourself:
“Moira Reveal Panel” - quote from Michael Chu (Timestamp: 3:47 https://youtu.be/HsJU3PEk9JY?t=227)
Source for the “Soldier: 24 folder” - http://segadores-y-soldados.tumblr.com/post/167127031445/new-details-on-the-university-map-of-oasis-found
2. Doomfist’s arrest: main source - Doomfist Origin Story (https://youtu.be/vaZfZFNuOpI) Again, no exact date has been given, but there are number of constraints that put this after Uprising:
Tracer is part of the team that arrested him
Winston is part of the team that arrested him (this may come after Winston passes whatever certification test is in the photo in Recall)
Genji appears to have his new cybernetics and may have transferred to Overwatch
Other key members of Overwatch, such as Reinhardt and Torbjörn, are not present and may have retired.
This may come before Moira’s recruitment.  Talon activities at this time period are difficult to suss out correctly.  As Moira’s hero profile implies:
“After Overwatch was disbanded, O'Deorain was forced to turn to unconventional sources of funding. This time, she was invited to join the scientific collective that had founded the city of Oasis. Yet some have whispered that the shadowy Talon organization had already been supporting her for years, aiding her experiments in exchange for utilizing the results for their own purposes.” Moira may have already been working for Talon at this time.  The “organization had already been supporting her for years” overlaps with her recruitment into Blackwatch (no matter where you put it), meaning she may have entered Blackwatch and Overwatch as a Talon agent.  It is also possible that she was approached by Talon AFTER becoming a Blackwatch agent.
This is important - and unfortunately very vague - because our next two points rely on knowing when and how Talon began infiltrating Blackwatch and Overwatch. 3. Amélie’s transformation into Widowmaker (no exact date given): main sources - Widowmaker’s Hero profile (https://playoverwatch.com/en-us/heroes/widowmaker/) and “Legacy” comic (https://comic.playoverwatch.com/en-us/legacy)
The exact timeline of Amélie’s transformation is hard to pin down because so much of it is simply unknown.  We have a few constraints but don’t know the exact time or nature of them:
Her skin and heartrate have been affected by whatever chemicals Talon put in her, turning her blue/purple (and yes, that’s canon and not just “aesthetics” - “then her physiology was altered, drastically slowing her heart, which turned her skin cold and blue and numbed her ability to experience human emotion.”)
However, her Talon skin does not have the blue/purple tint yet, so it’s possible this is a representation of her shortly after she killed Gérard (I suspect Overwatch would’ve been much less casual about letting her return to her husband if she had been, well, literally blue/purple).
It is not known if this process was started before or after Moira joined Blackwatch, but it is incredibly suspicious that a “possibly Talon-affiliated” scientist with knowledge of altering genetics and physiology who is literally shown testing chemicals on her own arm which later turns blue/purple appears in the exact timeframe that Amélie’s transformation begins. The Fall of Overwatch: Late (?) 2070 1. Ana’s “death:” main sources - Ana Origin Story (https://youtu.be/yzFWIw7wV8Q) and “Legacy” comic. For my original discussion on this, check here: http://segadores-y-soldados.tumblr.com/post/159512959195/alright-so-the-subject-of-ana-being-the-source-of Ana’s death was likely a major, major turning point for both Overwatch and Talon.  Again, it’s hard to place because it appears to come after the majority of Amélie’s transformation into Widowmaker, but again, the exact date to place this is unknown.  Many fans originally believed that Ana had “died” much, much earlier in the timeline, like, several years earlier.  However, after Uprising was released and it was revealed that Ana was still present early in the final year, fan theories had to be changed.
It also makes a lot more sense if Ana’s “shoot-off” with Widowmaker occurs very close to the Fall of Overwatch - so close that she was not able to recover in time and return to the organization to help repair any rifts her “death” may have caused.  However, it also has to come before Gabriel’s final transformation or shift into “Reaper,” because Ana does not recognize “what has happened” to him.
It is also a little difficult to sort out, but a major “potential” cause for a rift between Jack and Gabriel could stem from discussions about Ana disobeying orders.  It’s a small detail to catch, but in the “Legacy” comic, Ana deliberately defies orders to evacuate and turns off her communications device, possibly leaving the Strike Team unable to find her location.  However, in the “Old Soldiers” comic, Reaper says that Overwatch “left [Ana] to die,” which seems to contradict the point that she disobeyed evac orders.  I know many fans don’t like the idea of the fallout between Gabriel/Reaper and Jack/Soldier: 76 being over a miscommunication, but it seems entirely plausible that Jack returned from the mission without Ana, claiming she had ignored his orders, and that Gabriel had accused him of abandoning her. Again, this is my interpretation of the events presented.  Reading between the lines, especially with such large gaps in the plot, is a difficult task and you may choose to interpret things differently. 2. Events with unknown dates: there are three events that have no set dates but occur near or close to the Fall of Overwatch, or at least must occur after certain other points.  These are: 2.1 Genji leaves Overwatch: this must occur after he participates in the arrest of Doomfist. 2.2 Jesse leaves Blackwatch: this must occur after Uprising and Moira’s recruitment (bare minimum), and must occur after “the infighting” within Blackwatch had begun (McCree’s Hero profile: https://playoverwatch.com/en-us/heroes/mccree/).  Direct quote: “McCree appreciated the flexibility afforded to the clandestine Blackwatch, unhindered by bureaucracy and red tape. But as Overwatch's influence waned, rogue elements within Blackwatch sought to bring down the organization and turn it to their own ends. Wanting no part of the infighting, McCree set off alone and went underground.” 2.3 The “Venice incident:” an unknown event alluded to in Moira’s Hero profile, in which her presence in Blackwatch is revealed (Moira’s Hero profile: https://playoverwatch.com/en-us/heroes/moira/).  Direct quote: “Her employment was a closely kept secret, until it was uncovered during inquiries following the Venice incident. Many high-ranking Overwatch officials disavowed all knowledge of her affiliation with them.”  This is significant because a major Talon leader - Vialli - works in Venice and appears (briefly and much later) during the events of the “Masquerade” comic.
These events have no set dates and no particular order.  Michael Chu has stated that McCree and Genji kept in touch after leaving Blackwatch separately, but no dates are given for that.   3. “What happened to you?”/“It was a conspiracy:” Main sources:
Reaper’s Hero profile: https://playoverwatch.com/en-us/heroes/reaper/
Soldier: 76′s Hero profile: https://playoverwatch.com/en-us/heroes/soldier-76/
Soldier: 76 Origin Story: https://www.youtube.com/watch?v=byhvUmpAA9c
“Fading Glory: On the Trail of Jack Morrison”: https://playoverwatch.com/en-us/blog/19809396/
Moira Origin Story: https://www.youtube.com/watch?v=6ETybQd4uRE
Nesskain’s (the artist of the Moira Origin Story video) response to how Gabriel is feeling about the shadows: https://twitter.com/nesskain/status/926674887615188992
Moira Reveal Panel at 2017 Blizzcon: https://www.youtube.com/watch?v=HsJU3PEk9JY
“Old Soldiers” comic: https://comic.playoverwatch.com/en-us/ana-old-soldiers
“Are you with us?” Recall message: https://www.youtube.com/watch?v=pwFu8kEsUW4
And now Here we are. I’ve put these two events side-by-side because it’s incredibly likely that they’re linked in some way.  The exact nature of their connections are still unknown, as are their dates. Hypothetically, by the time Genji and Jesse leave, “whatever happened” to Gabriel has not yet occurred.  That said, Michael Chu has stated that Jesse McCree has not seen Gabriel/Reaper in the current plotline, but that, if they were to meet, McCree “would known [sic] that Reaper was Reyes if he encountered him” (https://www.reddit.com/r/Overwatch/comments/6b63j3/ama_request_michael_chu/dhlepud/).  In other places, Michael has stated that the only people who recognize that Gabriel is Reaper are Jack, Ana, and Sombra (this is prior to the release of Doomfist and Moira).  Direct quote: “So far: Ana and Jack (when they encountered him in Old Soldiers) and Sombra (because she Knows Things). “Even with everything that's happened to Reyes, Ana and Jack would be able to recognize him immediately, given all their close experience serving together over the years. “(To make it extra confusing: it gets a little more complicated in-game because we chose to have some non-canon interactions because I think it's more interesting to have Reinhardt take out Reaper and say, "Traitor!" than to accurately reflect that he doesn't know Reaper's true identity. But as I've said before, events in game shouldn't be considered strictly canon.)” - Michael Chu (https://us.battle.net/forums/en/overwatch/topic/20753735625#post-13) So we’ve come to a few constraints on Gabriel’s “appearance:”
Jack/Soldier: 76 knows that Gabriel is Reaper by the time of “Old Soldiers,” if not beforehand.
Ana recognizes him by demeanor and personality, but is horrified by his appearance when she unmasks him in “Old Soldiers.”
Despite having worked with him for the same amount of time as Ana, Reinhardt canonically does not know who “Reaper” is, but would recognize him if he encountered him.
Jesse McCree canonically does not know who “Reaper” is, but would recognize him if he encountered him.
Interestingly, Widowmaker does not know who “Reaper” is.
Winston does not appear to know who “Reaper” is.
Genji may or may not know who “Reaper” is.
It is important to note that, by the time of the explosion at the Swiss Watchpoint, the majority of these characters are not present in Overwatch anymore.  Ana, Reinhardt, Jesse, Amélie (if she ever was close to the Overwatch agents), and Genji have all left.  Winston, presumably, is at Watchpoint: Gibraltar.  The locations of characters like Torbjörn, Angela, and Lena are unknown.
That leaves three possible “major characters” at the Swiss Watchpoint at the time of the explosion: Gabriel Reyes, Jack Morrison, and potentially Moira O’Deorain.  Her direct involvement in this event is unknown. According to the “Fading Glory” article, both Gabriel and Jack were seen by witnesses as being present in the Watchpoint before the explosion.  Soldier: 76 confirms this in his Origin Story.  Reaper confirms that he too was present at the base in the “Old Soldiers” comic.
What is significant is that Nesskain has confirmed that Gabriel is “scared” when what appears to be his final transformation is occurring (in the presence of Moira), yet for some reason, he specifically blames Jack and Overwatch for “what happened to him.”
Ana: “What happened to you...?”
Reaper: “He did this to me, Ana.  They left me to become this thing...”
Ana: “Gabriel...”
Reaper: “They left you to die.  They left me to suffer...”
Reaper: “...Never forget that.”
Reaper’s explanation in “Old Soldiers” is fascinating because it appears to be in direct contrast with information given to us in “Legacy” (Ana chose to turn off her comms) and the Moira Origin Story (Gabriel approached her for recruitment, Moira either created or enhanced his genetic mutations, resulting in his “Reaper” powers and/or current appearance/state of existence). It’s incredibly difficult to say how closely together Gabriel’s shift and the Swiss Watchpoint explosion occurred, or how much they are directly related, but it seems likely they are linked in some way.  At the very least, Reaper links “being left behind (to suffer)” by Jack/Soldier: 76 and Overwatch with the explanation for his current (2076) state of existence.
Again, I will leave you to formulate whatever interpretation or conclusion you want. Conclusion You don’t have to use this timeline. I’ve provided every major source that I have for this “final year of Overwatch” - watch them, read them, form your own interpretations, do whatever you want.  If your biggest issue is where I’ve placed things, go ahead and rearrange your own puzzle pieces. However, you should keep in mind an important quote from Michael Chu: “One of the things that we really like doing with Overwatch is playing with perspective.  We utilize perspective when we tell stories about what characters are thinking, what their goals are - and we have a lot of unreliable narrators.  We want people to pay careful attention to what characters think about in particular situations.  We want them to use their judgement and knowlege of a character’s thoughts to come up with their own ideas about the universe.” - Thinking Globally (Timestamp: 34:35 https://youtu.be/bj56ejM5EcU?t=2075) Not only are many of the points in the timeline effectively “freefloating” (aka, they have no exact dates, or hell, not even exact months or years), they are also complicated by the matter of unreliable narrators and biased perspectives.  The Moira Origin Story gives us a crucial clue to Gabriel/Reaper’s story, but the narration in the video is all told to us by Moira.  I am personally infinitely grateful for the Moira Reveal Panel and Nesskain’s comments on his own art because they provide us with very significant clues that are from outsiders looking in.  That is, they are not tinted with biases or unreliability.  
After going through the new clues on Oasis, as well as listening to the Moira Reveal Panel and seeing Nesskain’s comments, I have revised a lot of my initial ideas on her, Gabriel, and Jack.  At the moment, I’m waiting to see if we get any in-game interactions between her and Reaper when she is released to the PTR later. For now, this my interpretation of the Fall of Overwatch.
451 notes · View notes
bettyinsp-blog · 8 years ago
Text
Tumblr media
———   if anybody is looking to join a small group RIVERDALE roleplay, look no further ! we’re looking to have roughly ten — fifteen characters max, so if you’d like a tight-knit place to explore character and plot dynamics of CANON!RIVERDALE, then come and join us ! details under the cut.
we will be following the show ; not the comic book. however, we will be incorporating comic book influences, and we are open to any interpretation welcomed ! all plots and big decisions will be decided as a group.
at this point in time, we are picking up after the latest episode ; however, if members would like to start at another point in time, bring it up with me and i’d be happy to discuss ! it may also be fun to have several threads going from different points in time ( for ex. a thread for jug & arch during their childhood, or a future thread between cheryl & josie ) --- this world is your oyster, do with it what you wish ! just ensure to put a timestamp on your post.
activity is very lenient ! after a week of no activity, your role will be reopened. however, hiatuses are totally acceptable, so don’t worry about asking.
a discord account would be preferable so we can chat to one another as a group, but not necessary !
some basic rules ; no godmodding, keep the dash neat and tidy, stay relatively active, tag all triggering content and keep mature stuff under a cut, please don’t participate in writing smut if you are under eighteen, the usual stuff !
you can find taken characters here. acceptances are first come, first served, and we’ll open once we receive five accounts. if you’re interested, hit me up in messages, or on ask/submit, and fill out this lil’ form.
CHARACTER, character age, faceclaim. ( ooc ; alias, age, timezone. )
you have twenty-four hours to turn your account in once you’ve applied. if you have an discord account, send that in as well ! ( of course, this will not be shared with anyone except members of the group )
if you have any other queries, send an ask ! i cannot wait to roleplay with you all. any canon is on the table, including ones not yet seen on the show, such as jellybean and gladys jones. a like or reblog to spread the word would be very helpful !
1 note · View note
simonconsultancypage · 5 years ago
Text
Guest Post: Some Good News for the Cybersecurity Class Action Bar
John Reed Stark
As discussed in the following guest post from John Reed Stark, a recent development in the class action litigation arising out of the massive Marriott International data breach could have significant ramifications for other claimants asserting class action claims — including securities class action claims — based on data breaches or other cybersecurity incidents. Stark is President of John Reed Stark Consulting and former Chief of the SEC’s Office of Internet Enforcement. A version of this article originally appeared on Securities Docket. I would like to thank John for allowing me to publish his guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is John’s article.
*******************************
The cybersecurity class action bar might be celebrating the holidays a bit early this year.
The enthusiasm stems from a recent (but barely noticed) judicial letter from Judge Paul W. Grimm, of the United States Federal District Court for the District of Maryland, who oversees class action litigation arising out of last year’s data breach of Marriott’s Starwood guest reservation database. In his letter, which is essentially a judicial decree, Judge Grimm ordered Marriott to make public a crucial third-party report that will reveal key details about the data breach.
Known formally as a “Payment Card Industry Forensic Investigative Report,” or “PFI Report,” the report in question can be one of the most evidentiarily powerful documents for data breaches involving credit card information. With respect to Marriott-breach related pending multidistrict class actions filed by consumers, financial institutions and governments, the Marriott PFI Report has previously either been severely redacted or sealed off to the public entirely. But now, per Judge Grimm, the First Amendment mandates the Marriott PFI Report’s public release (perhaps lightly redacted).
On the surface, Judge Grimm’s order might look like part of one of the many inconsequential discovery-related squabbles that typically occur during class actions and other litigation. But Judge Grimm’s decision could have significant ramifications for plaintiffs filing securities-related and other class actions following data breaches at retail companies.
This article drills down into Judge Grimm’s ruling, and:
Explains, beginning with PCI-DSS compliance, why a PFI Report can be the most critical documentary evidence relating to a data breach;
Discusses the class actions related to the Marriott data breach and the ramifications of Judge Grimm’s ruling, not just for Marriot but for any company that handles credit cards; and
Offers some salient advice for retailers who wish to avoid, or at least mitigate, the potential costs and other problematic issues associated with Judge Grimm’s ruling.
Retailers and PCI-DSS Compliance
Payment Card Industry Data Security Standards (PCI-DSS) is a set of requirements created to help protect the security of electronic payment card transactions that include personal identifying information (PII) of cardholders, and operates as an industry standard for security for organizations utilizing credit card information. PCI-DSS applies to all organizations that hold, process or pass credit card holder information and imposes requirements upon those entities for security management, policies, procedures, network architecture, software design and other critical measures that help to protect customer credit and debit card account data.
The Payment Card Industry Security Standards Council (PCI SSC), an international organization founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc. in 2006, develops and manages certain credit card industry standards, including the PCI-DSS. In addition to promulgating PCI-DSS, the PCI SSC has developed a set of industry rules governing responses to payment card data breaches. These rules, known collectively as the Payment Card Industry Forensic Investigator (PFI) program, were intended to replace the programs established by the individual card brands.
In theory, PCI-DSS is good for retailers, establishing a minimum data security standard that all retailers must meet, discouraging competitors from cutting corners and allowing for some uniformity and stability. PCI-DSS not only protects the card brands but it also ensures that consumers feel safe when using credit and debit cards. However, adhering to PCI-DSS can become costly and onerous, especially for retail chains, and can subject retailers to the cybersecurity whims of the card brands, who enjoy a very strong bargaining position.
PCI-DSS and Data Breaches
When a cyber-attack targets electronically transmitted, collected or stored payment card information, whether the retailer has met PCI-DSS compliance quickly becomes an intense area of inquiry.
For instance, the card brands may levy significant fines and penalties on retailers that are not in compliance with PCI-DSS. Such penalties and fines, imposed separately by each card association, can include:
Hefty fines (in multiples of $100,000) for prohibited data retention;
Significant additional monthly fines (can be $100,000 or more per month depending on the nature of the data stored) assessed until confirmation is provided indicating that prohibited data is no longer stored;
Separate fines (in multiples of $10,000) for PCI-DSS non-compliance;
Additional monthly fines (likely $25,000 per month) assessed until confirmation from a qualified security assessor that the merchant is PCI-DSS compliant;
Payment of monitoring (can be as high as $25) and reissuing (up to $5) assessments for each card identified by the card association as potentially compromised; and
Reimbursement for any and all fraudulent activity the card association identifies as being tied to a security data breach.
The PFI Report
Once a data security incident occurs, in order to determine whether the retailer must incur any of the above penalties or pay for any system modifications required to achieve PCI-DSS compliance, the retailer is contractually obligated to hire a specially certified PCI-approved forensic investigative firm (also known as a “PFI”) from a small and exclusive list of card brand approved vendors (currently comprised of 22 companies).
The PFI team then performs a specified list of investigative work including writing a final report about the data security incident – the PFI Report — that is issued to both the retailer and the various credit card companies. The PFI Report then becomes the basis used by the card brand companies to calculate potential fines that will be levied against the acquiring banks. These fees are then passed along to the victim company in the form of indemnification.
More Art Than Science
Sometimes PFI Reports are the most thorough, comprehensive and authoritative analysis of a cyber-attack upon a retailer. But sometimes, albeit unintentionally, the PFI Report can be prejudiced, jaundiced, biased or otherwise flawed.
The findings and conclusions of PFI Reports typically derive from painstaking efforts of digital forensics and malware reverse engineering, which can consist of conjecture, hypothesizing, speculation, supposition and simple old-fashioned guesswork. In fact, both skill sets are more art than science, which can render PFI Reports overly subjective, skewed or even mistaken. Here’s why:
First off, while some data security incidents may provide key evidence early-on, most never do, or even worse, provide a series of false positives and other initial stumbling blocks. After a cyber-attack, there is rarely, if ever, a CSI-like evidentiary trail.
Indeed, digital forensic evidence of a data security incident is rarely in plain view; it can rest among disparate logs (if they even exist), volatile memory captures, server images, system registry entries, spoofed IP addresses, snarled network traffic, haphazard and uncorrelated timestamps, Internet addresses, computer tags, malicious file names, system registry data, user account names, network protocols and a range of other suspicious activity. Evidence can also become difficult to nail down — logs are destroyed or overwritten in the course of business; archives become corrupted; hardware is repurposed; and the list goes on.
Second, when a digital forensics investigator analyzes the virtual remnants, artifacts and fragments left within the attack vector of a company’s devices or systems such as “deleted recoverable files” residing in the more garbled sectors of a hard drive such as “unallocated and slack space” or the boot sector, facts and conclusions can be subject to interpretation and guided by the assumptions and experience of that investigator.
Consider for example the intricacies and complexities of malware-reverse engineering. “Malware” is oft defined as software designed to interfere with a computer’s normal functioning, such as viruses (which can wreak havoc on a system by deleting files or directory information); spyware (which can secretly gather data from a user’s system); worms (which can replicate themselves and spread to other computers); or Trojan horses (which upon execution, can cause loss or theft of data and system harm).
The definition of malware, however, is actually broader and a bit of a misnomer, and actually means any program or file used by attackers to infiltrate a computer system. Like the screwdriver that becomes harmful when a burglar uses it to gain unlawful entry into a company’s headquarters, legitimate software can actually be malware. Thus, malware reverse engineering, a crucial aspect of incident response, is also often the most challenging.
Finally, there also exists a massive cybersecurity labor shortage, with over three million cyber-related jobs remaining unfilled — which means there are quite a few inexperienced amateurs masquerading as incident response professionals, whose findings can be dubious.
This dearth of bona-fide data breach response experts should come as no surprise. The data breach response industry remains in its infancy – there are few academic degrees available in the realm of incident response and barely any incident response courses in college and graduate school curriculums. Many incident responders come from government, such as the Air Force’s Office of Special Investigations; the U.S. Computer Emergency Readiness Team (CERT) of the Department of Homeland Security; or the various cyber squads of the Federal Bureau of Investigation. Other incident response experts are simply self-taught from experience or from piecing together varying expertise of digital forensics, network engineering and security science.
The bottom line is that no matter where a data breach response worker starts out, it can take as much as a decade of apprentice work before becoming a bona-fide data breach response expert.
PFI Conflicts of Interest
Though the attacked retailer engages the PFI and is responsible for all fees and expenses associated with the PFI’s investigation, the PFI conducts the investigation on behalf of the third-party card brands and with their direct involvement. Thus, even the most trustworthy, conscientious and objective PFI team can have an inherent conflict of interest and be biased.
For instance, under PFI rules, each of the payment card brands is responsible for “Defining requirements regarding the use of PFIs and the disclosure, investigation and resolution of security issues” of the security incident. This supervisory role affords the card brands wide latitude in directing and controlling key aspects of the data breach response process.
In fact, PFI rules actually attempt to minimize involvement of the victim company in the response, stating outright that the company is not to control or direct the investigation. To ensure compromised entities fully understand this limitation, the PFI rules specifically require that the retailer acknowledge and agree in its contract with the PFI that “that the investigation is being carried out as part of the PFI Program, that all PFI Report information shall be shared with affected Participating Payment Brands throughout the investigation and that the investigation is not to be directed or controlled in any way by the Compromised Entity.”
To make matters even worse, if a retailer disagrees with any of the findings of the PFI, the retailer has limited, if any, recourse to dispute the PFI Report prior to the unfavorable facts being turned over to third parties. PFI rules require the contract to specify that the PFI has the authority to deliver all final and draft reports and PFI work papers to the card brands at the same time as the reports are sent to the victim retailer.
Retailers can comment on draft and final PFI reports but do not have “approval authority,” and any facts regarding the investigation with which the retailer fundamentally disagrees might not be part of the documentation that the PFI or the card brands provide to third parties.
Meanwhile, in stark contrast, the credit card brands enjoy unique input and control with respect to the documentation of a security incident, including approval rights over all PFI reports and the ability to reject any report that does not conform to all applicable requirements, such as templates and use of proper scoping methodology.
Dueling, Parallel Digital Forensic Investigations
Given the potential for bias, conflicts of interest and subjectivity (or even mistakes), retailers rarely stand-by quietly and simply accept the PFI’s findings on the data breach.
Instead, when hiring a PFI after a cyber-attack, most retailers engage a second “company-directed” forensic examiner to the investigation, one that is completely independent of the card brand approved PFI list. This second, company-directed forensic examiner typically reports to, and is formally engaged by, the retailer’s outside counsel or internal general counsel.
There can be tremendous advantages for a victim-retailer to engage their own forensic firm, in addition to the card brands PFI team. First, absolute technical accuracy and completeness of the report is of paramount importance given that this report may become the foundation for regulatory inquiry and litigation, and a victim company may need to challenge a PFI’s draft report’s findings.
Second, the involvement and direction of counsel in the context of the investigation will presumably apply to the work product produced by the digital forensic investigators, rendering their findings, conclusions and other communications protected by attorney-client confidentiality. The involvement of counsel also establishes a single point of coordination and a designated information collection point, enhancing visibility into the facts, improving the ability to pursue appropriate leads and, most importantly, ensuring the accuracy and completeness of information before it is communicated to external audiences.
Think of it this way: After experiencing a fire in a home, a homeowner may have concerns about the qualifications or credibility of the insurance adjuster or may believe the insurance adjuster’s report is biased or specious. So the homeowner hires their own expert to challenge the report of the insurance adjuster in order to receive a better insurance payout. The same principle holds true for PCI incident response.
However, there are also some disadvantages to this “dueling investigation” approach. Given the sanctity of the attorney-client privilege and work product doctrines, the retailer’s forensic firm and the PFI firm can rarely collaborate, or even be in the same room together, lest the retailer risk waiving attorney-client privilege.
The retailer may even go so far as to arrange for the PFI firm and the retailer’s firm to deploy different endpoint detection applications – thus paying for two almost identical software licenses. Thus, the retailer pays twice for a cyber-attack investigation and twice for each team’s expensive toolsets – which can add up to millions (or even tens of millions) of dollars. That’s like paying for an Uber car and a Lyft car to take one person home from a night out – it’s a bit maddening.
Welcome to the upside down world of data breaches: where actual perpetrators are rarely caught; where actual damages to specific customers are rarely identified; and where the retailer victimized by a cyber-attack must not only also pay the invoices of the PFI team (who reports solely to the card brands) but must also pay the invoices of the second external forensic expert (who reports solely to the retailer).
The Marriott Breach, the Resulting Class Actions and the Marriott PFI Report
Marriott International, Inc. (Marriott) is a multinational company that manages and franchises a broad portfolio of hotels and related lodging facilities around the world. On November 30, 2018, Marriott announced a data security incident involving unauthorized access to the Starwood guest reservation database containing information relating to as many as 500 million guests. Since then, Marriott claims that attackers who breached its Starwood Hotels unit’s guest reservation system stole personal data from up to 383 million guests — including more than five million unencrypted passport numbers.
Marriot also now asserts that attackers had unauthorized access to its Starwood network of reservations at W Hotels, Sheraton Hotels & Resorts and other properties dating back to 2014, prompting questions about Marriott’s cybersecurity governance and infrastructure as well as suspicion that Marriott negligently missed the breach during its due diligence process before acquiring Starwood in 2016 for $13.6 billion.
The class action frenzy since these events has been nothing short of astounding. A total of 176 plaintiffs from all 50 U.S. states have filed suit against Marriott relating to the Marriott breach. Meanwhile, consumers, financial institutions and governments in various states, such as California, Illinois, New York and Massachusetts have filed dozens more class actions, including a securities class action.
Given the vast scope and number of class actions relating to the Marriott data breach, the plaintiffs agreed to centralize the litigation at a hearing with the Judicial Panel on Multidistrict Litigation. The Judicial Panel: 1) determines whether civil actions pending in different federal districts involve one or more common questions of fact such that the actions should be transferred to one federal district for coordinated or consolidated pretrial proceedings; and 2) selects the judge or judges and court assigned to conduct such proceedings.
The Judicial Panel agreed that consolidating the class action lawsuits into multi-district litigation (MDL) was the best option, also noting that Marriott was headquartered in Maryland and most witnesses would be found in the area and ordering the MDL to reside before Judge Paul Grimm in the Federal District Court of Maryland. The Panel noted in its order:
“[W]e find that centralization…of all actions in the District of Maryland will serve the convenience of the parties and witnesses and promote the just and efficient conduct of this litigation . . . The factual overlap among these actions is substantial, as they all arise from the same data breach, and they all allege that Marriott failed to put in to place reasonable data protections. Many also allege that Marriott did not timely notify the public of the data breach.”
The Marriott Securities Class Actions
The securities class action lawsuit(s) against Marriott and certain of its senior executives assert claims under Sections 10(b) and 20(a) of the Securities Exchange Act of 1934, and SEC Rule 10b-5 promulgated thereunder, on behalf of all persons or entities who purchased or otherwise acquired Marriott common stock between November 9, 2016 through November 29, 2018.
In the first securities class action lawsuit involving Marriott, filed on December 1, 2018, less than one full day (!) after Marriott announced the data security incident, the complaint refers to statements in the company’s SEC filings about the importance of information technology security, alleging that certain statements in Marriott’s SEC filings were false and misleading because: “(1) Marriott’s and Starwood’s systems storing their customers’ personal data were not secure; (2) there had been unauthorized access on Starwood’s network since 2014; (3) consequently the personal data of approximately 500 million Starwood guests and sensitive personal information of approximately 327 million of those guests may have been exposed to unauthorized parties; and (4) as a result Marriott’s public statements were materially false and/or misleading at all relevant times.” Since its initial filing, the plaintiffs have amended their securities class action complaint, and added new and more complete allegations, with the most recent version found here.
Unlike more traditional securities class action lawsuits, the Marriott securities class action lawsuit does not involve allegations of financial or accounting misrepresentations. Instead, it involves allegations that Marriott suffered a significant reverse in its operations, alleging that the company failed to inform investors that the data security incident might occur and that if it did occur it would have a negative impact on the company.
A Brief Aside about the Disclosure of Cyber-Attacks by Public Companies
In particular, public company disclosures relating to cyber-attacks can provide ideal fodder for class action plaintiffs looking for negligent representations, insufficient assertions or misleading statements. There is confusion about not just when a public company should disclose a data security incident, but also what precisely the public company should say about the incident.
For example, per the U.S. Securities and Exchange Commission’s (SEC) February 26, 2018 interpretive guidance relating to disclosures about cybersecurity risks and incidents, when a company has learned of a cybersecurity incident or cyber-risk that is material to its investors, companies are expected to make appropriate disclosures, including filings on Form 8-K or Form 6-K as appropriate. Additionally, when a company experiences a data security incident, the 2018 SEC Guidance emphasizes the need to “refresh” previous disclosures during the process of investigating a cybersecurity incident or past events.
However, on the one hand, with respect to the actual content of a company’s data security incident’s disclosure, the 2018 SEC Guidance allows for a lack of specifics so as not to compromise a company’s security, stating:
“This guidance is not intended to suggest that a company should make detailed disclosures that could compromise its cybersecurity efforts – for example, by providing a “roadmap” for those who seek to penetrate a company’s security protections. We do not expect companies to publicly disclose specific, technical information about their cybersecurity systems, the related networks and devices, or potential system vulnerabilities in such detail as would make such systems, networks, and devices more susceptible to a cybersecurity incident.”
But on the other hand, the 2018 SEC Guidance cautions companies not to use any sort of generic “boilerplate” type of language in its disclosures, stating somewhat opaquely:
“We expect companies to provide disclosure that is tailored to their particular cybersecurity risks and incidents. As the Commission has previously stated, we ‘emphasize a company-by-company approach [to disclosure] that allows relevant and material information to be disseminated to investors without boilerplate language or static requirements while preserving completeness and comparability of information across companies.’ Companies should avoid generic cybersecurity-related disclosure and provide specific information that is useful to investors.”
Given the SEC’s schizophrenic approach to disclosing cybersecurity-related events, rather than serving as  safe harbor for public companies, the SEC’s 2018 Guidance ironically has become a beacon for class action plaintiffs.
PSLRA Discovery Stay and the Marriot Securities and Derivatives Tracks
Congress enacted The Private Securities Litigation Reform Act of 1995 (PSLRA) to address perceived abuses in securities fraud class actions. Among those concerns was that the high “cost of discovery often forces innocent parties to settle frivolous securities actions.” In addition, Congress sought to prevent private securities plaintiffs from using frivolous lawsuits as a vehicle “to conduct discovery in the hopes of finding a sustainable claim not alleged in the complaint.”
In furtherance of those goals, the PSLRA provides that “all discovery and other proceedings shall be stayed during the pendency of any motion to dismiss, unless the court finds, upon the motion of any party, that particularized discovery is necessary to preserve evidence or to prevent undue prejudice to that party.”
In the Marriot MDL, there are five case “tracks” (Government, Financial Institution, Consumer, Securities and Derivative). In accordance with the PSLRA, Judge Grimm ordered that all discovery for both the Securities and Derivative Tracks be stayed, until the resolution of Marriott’s pending motion to dismiss.
Judge Grimm also provisionally granted a motion to seal Marriott’s motion to dismiss the Government Track action, which included a copy of the Marriott PFI Report as an exhibit. Currently, redacted versions of these pleadings appear on the docket, although the Marriott PFI Report remains sealed in full.
Class Action Motions Concerning the Marriott PFI
Rather than captioned as traditional orders and motions, to keep costs down, Judge Grimm’s has implemented a case management system in the Marriott MDL, which includes a July 16, 2019 order that any party seeking to file a motion shall first submit a letter, no longer than three pages, stating the facts and bases supporting such relief. This way, the Judge might just rule on the three page letter and avoid the costs of lengthy memoranda, motions, affidavits, etc.
Once a letter is filed, Judge Grimm determines whether to schedule an expedited telephone conference to discuss the requested motion and whether the issues may be resolved or otherwise addressed without the need for formal briefing. This expedited motions procedure apparently meant that Gibson Dunn, the law firm representing Marriott in the class actions, had limited time and space to argue against the release of the Marriott PFI Report (e.g. no room for expert affidavits, documentation of particularities, witness declarations and the many other details and minutia typically presented in an important litigation motion.)
Based on the currently 438 entries in the Marriott MDL docket, the two primary letters seeking the unsealing of the Marriott PFI Report appear to be the following pleadings:
May 21, 2019 letter submitted by Silverman Thompson Slutkin and White, on behalf of the only financial institution plaintiff, the Bank of Louisiana (The Silverman Letter); and
July 24, 2019 letter submitted by Labaton Sucharow, on behalf of the lead plaintiff in the securities track and along with the plaintiffs in the derivatives track (The Labaton Sucharow Letter).
In opposition to the Silverman Letter and the Labaton Sucharow Letter, Marriott submitted the following pleadings:
July 15, 2019 motion to seal the Marriott PFI Report, submitted by BakerHostetler on behalf of Marriott alongside a July 15, 2019 motion to dismiss, also submitted by BakerHostetler on behalf of Marriott; and
August 8, 2019 letter opposing the unsealing of the Marriott PFI Report, submitted by Gibson Dunn on behalf of Marriott.
The Silverman Letter specifically seeks production of the Marriott PFI Report before the deadline for amending its complaint, stating:
“Our position on these matters is consistent with this Court’s emphasis on efficiency and avoidance of unnecessary litigation effort. Requiring production of the PFI Report and other investigative reports related to the Data Breach prior to the deadline for amending complaints will promote efficiency by ensuring that the allegations conform to the available facts, thus eliminating unnecessary discovery and motion practice over allegations based on “information and belief” that may be inconsistent with facts already developed in the PFI and other investigations . . . Early production of the PFI Report, other investigative reports, and all materials provided to government regulators investigating the Data Breach at issue by Marriott will greatly facilitate all parties’ ability to frame the issues in the case for the Court.”
The Labaton Sucharow Letter notes that Marriott had already attached a copy of the PFI Report in their July 15, 2019 motion to dismiss in the Government Track, but had placed the Marriott PFI Report under seal and also argued that the First Amendment mandates that Judge Grimm unseal the Marriott PFI Report.
“It is settled law that the First Amendment and common law protect the public’s access to judicial records . . . Merely attempting to avoid embarrassment, legal liability, or a harm to future business prospects are insufficient reasons under either standard to justify keeping information in judicial records from the public. The party seeking the sealing must overcome the interest of the general public, which includes the financial markets as Marriott is a publicly traded company . . . As an initial matter, these materials are clearly a matter of public interest to investors, consumers, and the American public. . . . Defendants have articulated why they want the materials kept under seal – (1) danger from potential hacking of their systems, (2) competitive harm, and (3) that it would undermine current investigations . . . None of these reasons satisfy the high burden Defendants must meet to rebut the presumption of access and maintain these judicial records under seal.”
The Gibson Dunn Letter reiterates the arguments of Marriott’s July 16 Motion to place the Marriott PFI Report under seal and adds an additional argument relating to the PSLRA discovery stay, stating:
“Plaintiffs’ motion is an attempted end-run around the PSLRA’s discovery stay. The PSLRA, which governs the Securities and Derivative Tracks, imposes an automatic stay on all discovery pending resolution of motions to dismiss. Plaintiffs now seek to expose confidential discovery materials in public court filings, so that they can access discovery that federal law bars them from obtaining at this juncture. [In addition], 1) Sealing the information protects it from criminals that could use it to perpetrate “future cyberattacks.” Disclosure of the sealed information could, for instance, help hackers hone their strategies . . . 2) The compelling governmental interest in shielding ongoing investigations requires keeping certain information sealed; . . . and 3) Marriott’s concern about offering “competitors insight into certain aspects of Marriott’s internal business practices”
Judge Grimm’s Decision
In an August 30, 2019 “Letter Order,” Judge Grimm sided with the plaintiffs, and ordered the unsealing of the Marriott PFI Report, while assigning a magistrate judge to determine if it should contain any “narrowly tailored” redactions (e.g. if Marriott can show with definitive particularity that publication of any portions/sentences of the Marriott PFI Report would “threaten existing operational database systems.”)
With respect to Marriott’s PSLRA arguments, because the unsealing of the Marriott PFI Report was of no monetary cost to the Marriott defendants, Judge Grimm noted that the spirit of PSLRA remained intact and respected. Moreover, because Marriott had attached the Marriott PFI Report to their earlier pleading, Marriott had rendered the Marriott PFI Report a “pleading” and not “discovery material” which did not run “afoul with the PSLRA discovery stay.”
With respect to Marriott’s other arguments, Judge Grimm found that “there is a First Amendment right to access portions of the PFI report and pleadings that cannot be shown to constitute a particularly identified, non-speculative harm.” Judge Grimm writes:
“Defendants argue (without explaining how) that the information could help hackers attack systems Defendants currently use by studying “network infrastructure for handling cardholder data, systems and strategies for securing such information and thwarting attacks, encryption and decryption processes and protocols, and activity logging.” . . . This justification for continuing to seal the entirety of the report is both speculative and generalized. Under this reasoning, none the details of how the Starwood database was compromised could ever be revealed, which would prevent the public from understanding how the data breach occurred in the first place, and it would prevent other entities from learning how to better protect their networks from similar attack. This is hardly in the public interest . . . Second, Defendants’ assertion that unsealing the pleadings and PFI report would interfere with ongoing investigations is equally conclusory and speculative. While Defendants do claim that ongoing investigations would be jeopardized, it is unclear which investigations would be compromised, or how, and therefore this argument fails . . . Lastly, Defendants offer no particularized support for the proposition that sealing the entire PFI report and portions of the Pleadings is necessary to prevent disclosure of commercially sensitive data and internal business practices.”
Judge Grimm then ordered the parties to confer expeditiously with U.S. Magistrate Judge Facciola to determine what portions of the Marriott PFI Report, if any, should be redacted, noting that he “will not wait indefinitely to implement this order [and] should the parties disagree, Judge Facciola shall make a report and recommendations to me for my ultimate determination.”
Judge Grimm Hands Over the Brass Ring
It should come as no surprise that the plaintiffs in the Marriott securities class action lawsuits asked Judge Grimm to unseal the Marriott PFI Report. For a class action plaintiff, the PFI Report is the brass ring of documentary evidence, containing detailed, well-documented and potentially inculpatory opinions and findings relating to the Marriott data breach.
Conducted without any direction, interference or influence from Marriott, and presented without any of Marriott’s objections, disagreements, opposition, etc., the Marriott PFI Report also provides a timely, unique and wholly unfettered analysis of the data breach. Moreover, obtaining a PFI Report early on in a class action can save a plaintiff millions of dollars in discovery-related expenses while also delivering a mammoth strategical advantage.
But herein lies the rub. While the credit card brands may have the very best of intentions, as set forth above, the reality is that the PFI Report is not necessarily the most reliable or even accurate set of findings. In summary:
The PFI team is owned and operated by the credit card brands, and is not only be biased but also operates under the cloud of a significant conflict of interest;
A retailer has little opportunity to object to the findings of the PFI Report, and is contractually bound not to participate in the PFI’s investigation but rather must stand-down and cooperate fully. In fact, a retailers diminished role in the PFI Report process can become an unexpected and unfair obstacle in determining the true nature and scope of the data breach;
If the retailer does disagree with any of the findings of the PFI, it has little ability to dispute the facts documented by the PFI prior to unfavorable facts being turned over to third parties, including class action plaintiffs;
The PFI Report typically contains no company addendum or other place to present any of a retailer’s objections or other opposition, even when a retailer has spent millions (or even tens of millions) by engaging their own professional forensics firm who has significant objections to the PFI Report;
The intended purpose of a PFI investigation is not necessarily to mitigate damages or help a retailer with an incident response, but rather the PFI’s goal is to minimize potential fraud losses to exposed cards and determine compliance with industry rules related to data security. In other words, the PFI team is on the hunt for negligence, carelessness, recklessness, fraud and blame — not incident remediation and future data breach defense; and
The PFI team will not only be conducting an investigation to determine the risk of payment card exposure from a cyber-attack, but also assessing the company’s compliance with the PCI-DSS, which can open up an additional can of worms, perhaps more damaging to a retailer than the data breach itself.
Going Forward
Retailers who experience data security incidents must already deal with a class action blitzkrieg, and Judge Grimm’s recent love letter to the class action bar only adds fuel to that firestorm.
On the one hand, Marriott arguably put the Marriott PFI Report in “play” by attaching it to their motion to dismiss, thereby providing Judge Grimm with a convenient rationale to rule that its release did not violate the PLSRA discovery stay. Perhaps in future securities class actions, if a defendant does not file the PFI Report as part of any pleading, the PSLRA’s statutorily required discovery stay will prohibit any plaintiff from seeing the PFI Report before an opportunity for a dispositive motion, like a motion to dismiss.
But on the other hand, for securities class actions and all other class actions, Judge Grimm’s letter validates a class action plaintiff’s “First Amendment” right to see the PFI Report, which may prompt other judges to grant class action plaintiffs immediate access to it. Such prompt and early access could curtail defendants hopes of winning early pre-trial dispositive motions, while potentially arming class action plaintiffs with an evidentiarily powerful litigation weapon.
Clearly, retailers should take heed of Judge Grimm’s Letter Order and try to prepare for its consequences. One preemptive option for retailers is to conduct “table-top” exercises of a data security incidents at their company, and engage a “mock PFI Team,” comprised of former PFI investigators, to create a “mock PFI Report.”
Reviewing a mock PFI Report could then provide a retailer with a better understanding of what to expect from a PFI Team and enable the retailer to develop the kind of corporate governance and technological infrastructure that would typically result in a more favorable PFI Report. The mock PFI investigation would also provide unique training for IT personnel and others who will have to work with PFI Teams, preparing a company’s employees for what is typically an extremely awkward experience, replete with hazards and pitfalls.
Think of it this way: When opening a new restaurant what better way to obtain an “A” health department rating than to hire a former health department inspector to conduct a mock inspection. The same goes for PCI-DSS compliance.
Table-top exercises also enable organizations to analyze potential emergency situations in an informal environment and are designed to foster constructive discussions among participants as they examine existing operational plans and determine where they can make improvements. Indeed, table-top exercises are a natural fit for information security because they provide a forum for planning, preparation and coordination of resources during any kind of attack.
Retailers should also spend more time on the due diligence of selecting a PFI from the 22 digital forensic companies currently on the PCI SSC List. Retailers should study carefully the credentials and track record of PFI team members, ensuring that their selected PFI team is experienced, fair, objective, meticulous and open to discussions and disagreement.
Not to be too cynical but it would also probably help if the law firm managing a retailer’s data breach response has prior experience with the PFI team and that the PFI team is concerned about their reputation with the law firm (i.e. that the PFI team relies on the law firm for other business). When there exist competing, outside economic interests at issue, it is only human nature for the PFI team to put their best and most fair foot forward during the course of their engagement.
Given that trying to avert a cyber-attack is like trying to prevent a kindergartener from catching a cold during the school year, retailers should anticipate a securities class action lawsuit filing within 24 hours of the announcement of their next (inevitable) data security incident — and they should take steps now to help facilitate an exculpatory PFI Report.
Otherwise, a class action liability skirmish may be over before the retailer has even had a chance to enter the battlefield.
__________________
John Reed Stark is president of John Reed Stark Consulting LLC, a data breach response and digital compliance firm. Formerly, Mr. Stark served for almost 20 years in the Enforcement Division of the U.S. Securities and Exchange Commission, the last 11 of which as Chief of its Office of Internet Enforcement. He currently teaches a cyber-law course as a Senior Lecturing Fellow at Duke Law School. Mr. Stark also worked for 15 years as an Adjunct Professor of Law at the Georgetown University Law Center, where he taught several courses on the juxtaposition of law, technology and crime, and for five years as managing director of global data breach response firm, Stroz Friedberg, including three years heading its Washington, D.C. office. Mr. Stark is the author of “The Cybersecurity Due Diligence Handbook.”
    The post Guest Post: Some Good News for the Cybersecurity Class Action Bar appeared first on The D&O Diary.
Guest Post: Some Good News for the Cybersecurity Class Action Bar published first on http://simonconsultancypage.tumblr.com/
0 notes
golicit · 5 years ago
Text
Guest Post: Some Good News for the Cybersecurity Class Action Bar
John Reed Stark
As discussed in the following guest post from John Reed Stark, a recent development in the class action litigation arising out of the massive Marriott International data breach could have significant ramifications for other claimants asserting class action claims — including securities class action claims — based on data breaches or other cybersecurity incidents. Stark is President of John Reed Stark Consulting and former Chief of the SEC’s Office of Internet Enforcement. A version of this article originally appeared on Securities Docket. I would like to thank John for allowing me to publish his guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is John’s article.
*******************************
The cybersecurity class action bar might be celebrating the holidays a bit early this year.
The enthusiasm stems from a recent (but barely noticed) judicial letter from Judge Paul W. Grimm, of the United States Federal District Court for the District of Maryland, who oversees class action litigation arising out of last year’s data breach of Marriott’s Starwood guest reservation database. In his letter, which is essentially a judicial decree, Judge Grimm ordered Marriott to make public a crucial third-party report that will reveal key details about the data breach.
Known formally as a “Payment Card Industry Forensic Investigative Report,” or “PFI Report,” the report in question can be one of the most evidentiarily powerful documents for data breaches involving credit card information. With respect to Marriott-breach related pending multidistrict class actions filed by consumers, financial institutions and governments, the Marriott PFI Report has previously either been severely redacted or sealed off to the public entirely. But now, per Judge Grimm, the First Amendment mandates the Marriott PFI Report’s public release (perhaps lightly redacted).
On the surface, Judge Grimm’s order might look like part of one of the many inconsequential discovery-related squabbles that typically occur during class actions and other litigation. But Judge Grimm’s decision could have significant ramifications for plaintiffs filing securities-related and other class actions following data breaches at retail companies.
This article drills down into Judge Grimm’s ruling, and:
Explains, beginning with PCI-DSS compliance, why a PFI Report can be the most critical documentary evidence relating to a data breach;
Discusses the class actions related to the Marriott data breach and the ramifications of Judge Grimm’s ruling, not just for Marriot but for any company that handles credit cards; and
Offers some salient advice for retailers who wish to avoid, or at least mitigate, the potential costs and other problematic issues associated with Judge Grimm’s ruling.
Retailers and PCI-DSS Compliance
Payment Card Industry Data Security Standards (PCI-DSS) is a set of requirements created to help protect the security of electronic payment card transactions that include personal identifying information (PII) of cardholders, and operates as an industry standard for security for organizations utilizing credit card information. PCI-DSS applies to all organizations that hold, process or pass credit card holder information and imposes requirements upon those entities for security management, policies, procedures, network architecture, software design and other critical measures that help to protect customer credit and debit card account data.
The Payment Card Industry Security Standards Council (PCI SSC), an international organization founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc. in 2006, develops and manages certain credit card industry standards, including the PCI-DSS. In addition to promulgating PCI-DSS, the PCI SSC has developed a set of industry rules governing responses to payment card data breaches. These rules, known collectively as the Payment Card Industry Forensic Investigator (PFI) program, were intended to replace the programs established by the individual card brands.
In theory, PCI-DSS is good for retailers, establishing a minimum data security standard that all retailers must meet, discouraging competitors from cutting corners and allowing for some uniformity and stability. PCI-DSS not only protects the card brands but it also ensures that consumers feel safe when using credit and debit cards. However, adhering to PCI-DSS can become costly and onerous, especially for retail chains, and can subject retailers to the cybersecurity whims of the card brands, who enjoy a very strong bargaining position.
PCI-DSS and Data Breaches
When a cyber-attack targets electronically transmitted, collected or stored payment card information, whether the retailer has met PCI-DSS compliance quickly becomes an intense area of inquiry.
For instance, the card brands may levy significant fines and penalties on retailers that are not in compliance with PCI-DSS. Such penalties and fines, imposed separately by each card association, can include:
Hefty fines (in multiples of $100,000) for prohibited data retention;
Significant additional monthly fines (can be $100,000 or more per month depending on the nature of the data stored) assessed until confirmation is provided indicating that prohibited data is no longer stored;
Separate fines (in multiples of $10,000) for PCI-DSS non-compliance;
Additional monthly fines (likely $25,000 per month) assessed until confirmation from a qualified security assessor that the merchant is PCI-DSS compliant;
Payment of monitoring (can be as high as $25) and reissuing (up to $5) assessments for each card identified by the card association as potentially compromised; and
Reimbursement for any and all fraudulent activity the card association identifies as being tied to a security data breach.
The PFI Report
Once a data security incident occurs, in order to determine whether the retailer must incur any of the above penalties or pay for any system modifications required to achieve PCI-DSS compliance, the retailer is contractually obligated to hire a specially certified PCI-approved forensic investigative firm (also known as a “PFI”) from a small and exclusive list of card brand approved vendors (currently comprised of 22 companies).
The PFI team then performs a specified list of investigative work including writing a final report about the data security incident – the PFI Report — that is issued to both the retailer and the various credit card companies. The PFI Report then becomes the basis used by the card brand companies to calculate potential fines that will be levied against the acquiring banks. These fees are then passed along to the victim company in the form of indemnification.
More Art Than Science
Sometimes PFI Reports are the most thorough, comprehensive and authoritative analysis of a cyber-attack upon a retailer. But sometimes, albeit unintentionally, the PFI Report can be prejudiced, jaundiced, biased or otherwise flawed.
The findings and conclusions of PFI Reports typically derive from painstaking efforts of digital forensics and malware reverse engineering, which can consist of conjecture, hypothesizing, speculation, supposition and simple old-fashioned guesswork. In fact, both skill sets are more art than science, which can render PFI Reports overly subjective, skewed or even mistaken. Here’s why:
First off, while some data security incidents may provide key evidence early-on, most never do, or even worse, provide a series of false positives and other initial stumbling blocks. After a cyber-attack, there is rarely, if ever, a CSI-like evidentiary trail.
Indeed, digital forensic evidence of a data security incident is rarely in plain view; it can rest among disparate logs (if they even exist), volatile memory captures, server images, system registry entries, spoofed IP addresses, snarled network traffic, haphazard and uncorrelated timestamps, Internet addresses, computer tags, malicious file names, system registry data, user account names, network protocols and a range of other suspicious activity. Evidence can also become difficult to nail down — logs are destroyed or overwritten in the course of business; archives become corrupted; hardware is repurposed; and the list goes on.
Second, when a digital forensics investigator analyzes the virtual remnants, artifacts and fragments left within the attack vector of a company’s devices or systems such as “deleted recoverable files” residing in the more garbled sectors of a hard drive such as “unallocated and slack space” or the boot sector, facts and conclusions can be subject to interpretation and guided by the assumptions and experience of that investigator.
Consider for example the intricacies and complexities of malware-reverse engineering. “Malware” is oft defined as software designed to interfere with a computer’s normal functioning, such as viruses (which can wreak havoc on a system by deleting files or directory information); spyware (which can secretly gather data from a user’s system); worms (which can replicate themselves and spread to other computers); or Trojan horses (which upon execution, can cause loss or theft of data and system harm).
The definition of malware, however, is actually broader and a bit of a misnomer, and actually means any program or file used by attackers to infiltrate a computer system. Like the screwdriver that becomes harmful when a burglar uses it to gain unlawful entry into a company’s headquarters, legitimate software can actually be malware. Thus, malware reverse engineering, a crucial aspect of incident response, is also often the most challenging.
Finally, there also exists a massive cybersecurity labor shortage, with over three million cyber-related jobs remaining unfilled — which means there are quite a few inexperienced amateurs masquerading as incident response professionals, whose findings can be dubious.
This dearth of bona-fide data breach response experts should come as no surprise. The data breach response industry remains in its infancy – there are few academic degrees available in the realm of incident response and barely any incident response courses in college and graduate school curriculums. Many incident responders come from government, such as the Air Force’s Office of Special Investigations; the U.S. Computer Emergency Readiness Team (CERT) of the Department of Homeland Security; or the various cyber squads of the Federal Bureau of Investigation. Other incident response experts are simply self-taught from experience or from piecing together varying expertise of digital forensics, network engineering and security science.
The bottom line is that no matter where a data breach response worker starts out, it can take as much as a decade of apprentice work before becoming a bona-fide data breach response expert.
PFI Conflicts of Interest
Though the attacked retailer engages the PFI and is responsible for all fees and expenses associated with the PFI’s investigation, the PFI conducts the investigation on behalf of the third-party card brands and with their direct involvement. Thus, even the most trustworthy, conscientious and objective PFI team can have an inherent conflict of interest and be biased.
For instance, under PFI rules, each of the payment card brands is responsible for “Defining requirements regarding the use of PFIs and the disclosure, investigation and resolution of security issues” of the security incident. This supervisory role affords the card brands wide latitude in directing and controlling key aspects of the data breach response process.
In fact, PFI rules actually attempt to minimize involvement of the victim company in the response, stating outright that the company is not to control or direct the investigation. To ensure compromised entities fully understand this limitation, the PFI rules specifically require that the retailer acknowledge and agree in its contract with the PFI that “that the investigation is being carried out as part of the PFI Program, that all PFI Report information shall be shared with affected Participating Payment Brands throughout the investigation and that the investigation is not to be directed or controlled in any way by the Compromised Entity.”
To make matters even worse, if a retailer disagrees with any of the findings of the PFI, the retailer has limited, if any, recourse to dispute the PFI Report prior to the unfavorable facts being turned over to third parties. PFI rules require the contract to specify that the PFI has the authority to deliver all final and draft reports and PFI work papers to the card brands at the same time as the reports are sent to the victim retailer.
Retailers can comment on draft and final PFI reports but do not have “approval authority,” and any facts regarding the investigation with which the retailer fundamentally disagrees might not be part of the documentation that the PFI or the card brands provide to third parties.
Meanwhile, in stark contrast, the credit card brands enjoy unique input and control with respect to the documentation of a security incident, including approval rights over all PFI reports and the ability to reject any report that does not conform to all applicable requirements, such as templates and use of proper scoping methodology.
Dueling, Parallel Digital Forensic Investigations
Given the potential for bias, conflicts of interest and subjectivity (or even mistakes), retailers rarely stand-by quietly and simply accept the PFI’s findings on the data breach.
Instead, when hiring a PFI after a cyber-attack, most retailers engage a second “company-directed” forensic examiner to the investigation, one that is completely independent of the card brand approved PFI list. This second, company-directed forensic examiner typically reports to, and is formally engaged by, the retailer’s outside counsel or internal general counsel.
There can be tremendous advantages for a victim-retailer to engage their own forensic firm, in addition to the card brands PFI team. First, absolute technical accuracy and completeness of the report is of paramount importance given that this report may become the foundation for regulatory inquiry and litigation, and a victim company may need to challenge a PFI’s draft report’s findings.
Second, the involvement and direction of counsel in the context of the investigation will presumably apply to the work product produced by the digital forensic investigators, rendering their findings, conclusions and other communications protected by attorney-client confidentiality. The involvement of counsel also establishes a single point of coordination and a designated information collection point, enhancing visibility into the facts, improving the ability to pursue appropriate leads and, most importantly, ensuring the accuracy and completeness of information before it is communicated to external audiences.
Think of it this way: After experiencing a fire in a home, a homeowner may have concerns about the qualifications or credibility of the insurance adjuster or may believe the insurance adjuster’s report is biased or specious. So the homeowner hires their own expert to challenge the report of the insurance adjuster in order to receive a better insurance payout. The same principle holds true for PCI incident response.
However, there are also some disadvantages to this “dueling investigation” approach. Given the sanctity of the attorney-client privilege and work product doctrines, the retailer’s forensic firm and the PFI firm can rarely collaborate, or even be in the same room together, lest the retailer risk waiving attorney-client privilege.
The retailer may even go so far as to arrange for the PFI firm and the retailer’s firm to deploy different endpoint detection applications – thus paying for two almost identical software licenses. Thus, the retailer pays twice for a cyber-attack investigation and twice for each team’s expensive toolsets – which can add up to millions (or even tens of millions) of dollars. That’s like paying for an Uber car and a Lyft car to take one person home from a night out – it’s a bit maddening.
Welcome to the upside down world of data breaches: where actual perpetrators are rarely caught; where actual damages to specific customers are rarely identified; and where the retailer victimized by a cyber-attack must not only also pay the invoices of the PFI team (who reports solely to the card brands) but must also pay the invoices of the second external forensic expert (who reports solely to the retailer).
The Marriott Breach, the Resulting Class Actions and the Marriott PFI Report
Marriott International, Inc. (Marriott) is a multinational company that manages and franchises a broad portfolio of hotels and related lodging facilities around the world. On November 30, 2018, Marriott announced a data security incident involving unauthorized access to the Starwood guest reservation database containing information relating to as many as 500 million guests. Since then, Marriott claims that attackers who breached its Starwood Hotels unit’s guest reservation system stole personal data from up to 383 million guests — including more than five million unencrypted passport numbers.
Marriot also now asserts that attackers had unauthorized access to its Starwood network of reservations at W Hotels, Sheraton Hotels & Resorts and other properties dating back to 2014, prompting questions about Marriott’s cybersecurity governance and infrastructure as well as suspicion that Marriott negligently missed the breach during its due diligence process before acquiring Starwood in 2016 for $13.6 billion.
The class action frenzy since these events has been nothing short of astounding. A total of 176 plaintiffs from all 50 U.S. states have filed suit against Marriott relating to the Marriott breach. Meanwhile, consumers, financial institutions and governments in various states, such as California, Illinois, New York and Massachusetts have filed dozens more class actions, including a securities class action.
Given the vast scope and number of class actions relating to the Marriott data breach, the plaintiffs agreed to centralize the litigation at a hearing with the Judicial Panel on Multidistrict Litigation. The Judicial Panel: 1) determines whether civil actions pending in different federal districts involve one or more common questions of fact such that the actions should be transferred to one federal district for coordinated or consolidated pretrial proceedings; and 2) selects the judge or judges and court assigned to conduct such proceedings.
The Judicial Panel agreed that consolidating the class action lawsuits into multi-district litigation (MDL) was the best option, also noting that Marriott was headquartered in Maryland and most witnesses would be found in the area and ordering the MDL to reside before Judge Paul Grimm in the Federal District Court of Maryland. The Panel noted in its order:
“[W]e find that centralization…of all actions in the District of Maryland will serve the convenience of the parties and witnesses and promote the just and efficient conduct of this litigation . . . The factual overlap among these actions is substantial, as they all arise from the same data breach, and they all allege that Marriott failed to put in to place reasonable data protections. Many also allege that Marriott did not timely notify the public of the data breach.”
The Marriott Securities Class Actions
The securities class action lawsuit(s) against Marriott and certain of its senior executives assert claims under Sections 10(b) and 20(a) of the Securities Exchange Act of 1934, and SEC Rule 10b-5 promulgated thereunder, on behalf of all persons or entities who purchased or otherwise acquired Marriott common stock between November 9, 2016 through November 29, 2018.
In the first securities class action lawsuit involving Marriott, filed on December 1, 2018, less than one full day (!) after Marriott announced the data security incident, the complaint refers to statements in the company’s SEC filings about the importance of information technology security, alleging that certain statements in Marriott’s SEC filings were false and misleading because: “(1) Marriott’s and Starwood’s systems storing their customers’ personal data were not secure; (2) there had been unauthorized access on Starwood’s network since 2014; (3) consequently the personal data of approximately 500 million Starwood guests and sensitive personal information of approximately 327 million of those guests may have been exposed to unauthorized parties; and (4) as a result Marriott’s public statements were materially false and/or misleading at all relevant times.” Since its initial filing, the plaintiffs have amended their securities class action complaint, and added new and more complete allegations, with the most recent version found here.
Unlike more traditional securities class action lawsuits, the Marriott securities class action lawsuit does not involve allegations of financial or accounting misrepresentations. Instead, it involves allegations that Marriott suffered a significant reverse in its operations, alleging that the company failed to inform investors that the data security incident might occur and that if it did occur it would have a negative impact on the company.
A Brief Aside about the Disclosure of Cyber-Attacks by Public Companies
In particular, public company disclosures relating to cyber-attacks can provide ideal fodder for class action plaintiffs looking for negligent representations, insufficient assertions or misleading statements. There is confusion about not just when a public company should disclose a data security incident, but also what precisely the public company should say about the incident.
For example, per the U.S. Securities and Exchange Commission’s (SEC) February 26, 2018 interpretive guidance relating to disclosures about cybersecurity risks and incidents, when a company has learned of a cybersecurity incident or cyber-risk that is material to its investors, companies are expected to make appropriate disclosures, including filings on Form 8-K or Form 6-K as appropriate. Additionally, when a company experiences a data security incident, the 2018 SEC Guidance emphasizes the need to “refresh” previous disclosures during the process of investigating a cybersecurity incident or past events.
However, on the one hand, with respect to the actual content of a company’s data security incident’s disclosure, the 2018 SEC Guidance allows for a lack of specifics so as not to compromise a company’s security, stating:
“This guidance is not intended to suggest that a company should make detailed disclosures that could compromise its cybersecurity efforts – for example, by providing a “roadmap” for those who seek to penetrate a company’s security protections. We do not expect companies to publicly disclose specific, technical information about their cybersecurity systems, the related networks and devices, or potential system vulnerabilities in such detail as would make such systems, networks, and devices more susceptible to a cybersecurity incident.”
But on the other hand, the 2018 SEC Guidance cautions companies not to use any sort of generic “boilerplate” type of language in its disclosures, stating somewhat opaquely:
“We expect companies to provide disclosure that is tailored to their particular cybersecurity risks and incidents. As the Commission has previously stated, we ‘emphasize a company-by-company approach [to disclosure] that allows relevant and material information to be disseminated to investors without boilerplate language or static requirements while preserving completeness and comparability of information across companies.’ Companies should avoid generic cybersecurity-related disclosure and provide specific information that is useful to investors.”
Given the SEC’s schizophrenic approach to disclosing cybersecurity-related events, rather than serving as  safe harbor for public companies, the SEC’s 2018 Guidance ironically has become a beacon for class action plaintiffs.
PSLRA Discovery Stay and the Marriot Securities and Derivatives Tracks
Congress enacted The Private Securities Litigation Reform Act of 1995 (PSLRA) to address perceived abuses in securities fraud class actions. Among those concerns was that the high “cost of discovery often forces innocent parties to settle frivolous securities actions.” In addition, Congress sought to prevent private securities plaintiffs from using frivolous lawsuits as a vehicle “to conduct discovery in the hopes of finding a sustainable claim not alleged in the complaint.”
In furtherance of those goals, the PSLRA provides that “all discovery and other proceedings shall be stayed during the pendency of any motion to dismiss, unless the court finds, upon the motion of any party, that particularized discovery is necessary to preserve evidence or to prevent undue prejudice to that party.”
In the Marriot MDL, there are five case “tracks” (Government, Financial Institution, Consumer, Securities and Derivative). In accordance with the PSLRA, Judge Grimm ordered that all discovery for both the Securities and Derivative Tracks be stayed, until the resolution of Marriott’s pending motion to dismiss.
Judge Grimm also provisionally granted a motion to seal Marriott’s motion to dismiss the Government Track action, which included a copy of the Marriott PFI Report as an exhibit. Currently, redacted versions of these pleadings appear on the docket, although the Marriott PFI Report remains sealed in full.
Class Action Motions Concerning the Marriott PFI
Rather than captioned as traditional orders and motions, to keep costs down, Judge Grimm’s has implemented a case management system in the Marriott MDL, which includes a July 16, 2019 order that any party seeking to file a motion shall first submit a letter, no longer than three pages, stating the facts and bases supporting such relief. This way, the Judge might just rule on the three page letter and avoid the costs of lengthy memoranda, motions, affidavits, etc.
Once a letter is filed, Judge Grimm determines whether to schedule an expedited telephone conference to discuss the requested motion and whether the issues may be resolved or otherwise addressed without the need for formal briefing. This expedited motions procedure apparently meant that Gibson Dunn, the law firm representing Marriott in the class actions, had limited time and space to argue against the release of the Marriott PFI Report (e.g. no room for expert affidavits, documentation of particularities, witness declarations and the many other details and minutia typically presented in an important litigation motion.)
Based on the currently 438 entries in the Marriott MDL docket, the two primary letters seeking the unsealing of the Marriott PFI Report appear to be the following pleadings:
May 21, 2019 letter submitted by Silverman Thompson Slutkin and White, on behalf of the only financial institution plaintiff, the Bank of Louisiana (The Silverman Letter); and
July 24, 2019 letter submitted by Labaton Sucharow, on behalf of the lead plaintiff in the securities track and along with the plaintiffs in the derivatives track (The Labaton Sucharow Letter).
In opposition to the Silverman Letter and the Labaton Sucharow Letter, Marriott submitted the following pleadings:
July 15, 2019 motion to seal the Marriott PFI Report, submitted by BakerHostetler on behalf of Marriott alongside a July 15, 2019 motion to dismiss, also submitted by BakerHostetler on behalf of Marriott; and
August 8, 2019 letter opposing the unsealing of the Marriott PFI Report, submitted by Gibson Dunn on behalf of Marriott.
The Silverman Letter specifically seeks production of the Marriott PFI Report before the deadline for amending its complaint, stating:
“Our position on these matters is consistent with this Court’s emphasis on efficiency and avoidance of unnecessary litigation effort. Requiring production of the PFI Report and other investigative reports related to the Data Breach prior to the deadline for amending complaints will promote efficiency by ensuring that the allegations conform to the available facts, thus eliminating unnecessary discovery and motion practice over allegations based on “information and belief” that may be inconsistent with facts already developed in the PFI and other investigations . . . Early production of the PFI Report, other investigative reports, and all materials provided to government regulators investigating the Data Breach at issue by Marriott will greatly facilitate all parties’ ability to frame the issues in the case for the Court.”
The Labaton Sucharow Letter notes that Marriott had already attached a copy of the PFI Report in their July 15, 2019 motion to dismiss in the Government Track, but had placed the Marriott PFI Report under seal and also argued that the First Amendment mandates that Judge Grimm unseal the Marriott PFI Report.
“It is settled law that the First Amendment and common law protect the public’s access to judicial records . . . Merely attempting to avoid embarrassment, legal liability, or a harm to future business prospects are insufficient reasons under either standard to justify keeping information in judicial records from the public. The party seeking the sealing must overcome the interest of the general public, which includes the financial markets as Marriott is a publicly traded company . . . As an initial matter, these materials are clearly a matter of public interest to investors, consumers, and the American public. . . . Defendants have articulated why they want the materials kept under seal – (1) danger from potential hacking of their systems, (2) competitive harm, and (3) that it would undermine current investigations . . . None of these reasons satisfy the high burden Defendants must meet to rebut the presumption of access and maintain these judicial records under seal.”
The Gibson Dunn Letter reiterates the arguments of Marriott’s July 16 Motion to place the Marriott PFI Report under seal and adds an additional argument relating to the PSLRA discovery stay, stating:
“Plaintiffs’ motion is an attempted end-run around the PSLRA’s discovery stay. The PSLRA, which governs the Securities and Derivative Tracks, imposes an automatic stay on all discovery pending resolution of motions to dismiss. Plaintiffs now seek to expose confidential discovery materials in public court filings, so that they can access discovery that federal law bars them from obtaining at this juncture. [In addition], 1) Sealing the information protects it from criminals that could use it to perpetrate “future cyberattacks.” Disclosure of the sealed information could, for instance, help hackers hone their strategies . . . 2) The compelling governmental interest in shielding ongoing investigations requires keeping certain information sealed; . . . and 3) Marriott’s concern about offering “competitors insight into certain aspects of Marriott’s internal business practices”
Judge Grimm’s Decision
In an August 30, 2019 “Letter Order,” Judge Grimm sided with the plaintiffs, and ordered the unsealing of the Marriott PFI Report, while assigning a magistrate judge to determine if it should contain any “narrowly tailored” redactions (e.g. if Marriott can show with definitive particularity that publication of any portions/sentences of the Marriott PFI Report would “threaten existing operational database systems.”)
With respect to Marriott’s PSLRA arguments, because the unsealing of the Marriott PFI Report was of no monetary cost to the Marriott defendants, Judge Grimm noted that the spirit of PSLRA remained intact and respected. Moreover, because Marriott had attached the Marriott PFI Report to their earlier pleading, Marriott had rendered the Marriott PFI Report a “pleading” and not “discovery material” which did not run “afoul with the PSLRA discovery stay.”
With respect to Marriott’s other arguments, Judge Grimm found that “there is a First Amendment right to access portions of the PFI report and pleadings that cannot be shown to constitute a particularly identified, non-speculative harm.” Judge Grimm writes:
“Defendants argue (without explaining how) that the information could help hackers attack systems Defendants currently use by studying “network infrastructure for handling cardholder data, systems and strategies for securing such information and thwarting attacks, encryption and decryption processes and protocols, and activity logging.” . . . This justification for continuing to seal the entirety of the report is both speculative and generalized. Under this reasoning, none the details of how the Starwood database was compromised could ever be revealed, which would prevent the public from understanding how the data breach occurred in the first place, and it would prevent other entities from learning how to better protect their networks from similar attack. This is hardly in the public interest . . . Second, Defendants’ assertion that unsealing the pleadings and PFI report would interfere with ongoing investigations is equally conclusory and speculative. While Defendants do claim that ongoing investigations would be jeopardized, it is unclear which investigations would be compromised, or how, and therefore this argument fails . . . Lastly, Defendants offer no particularized support for the proposition that sealing the entire PFI report and portions of the Pleadings is necessary to prevent disclosure of commercially sensitive data and internal business practices.”
Judge Grimm then ordered the parties to confer expeditiously with U.S. Magistrate Judge Facciola to determine what portions of the Marriott PFI Report, if any, should be redacted, noting that he “will not wait indefinitely to implement this order [and] should the parties disagree, Judge Facciola shall make a report and recommendations to me for my ultimate determination.”
Judge Grimm Hands Over the Brass Ring
It should come as no surprise that the plaintiffs in the Marriott securities class action lawsuits asked Judge Grimm to unseal the Marriott PFI Report. For a class action plaintiff, the PFI Report is the brass ring of documentary evidence, containing detailed, well-documented and potentially inculpatory opinions and findings relating to the Marriott data breach.
Conducted without any direction, interference or influence from Marriott, and presented without any of Marriott’s objections, disagreements, opposition, etc., the Marriott PFI Report also provides a timely, unique and wholly unfettered analysis of the data breach. Moreover, obtaining a PFI Report early on in a class action can save a plaintiff millions of dollars in discovery-related expenses while also delivering a mammoth strategical advantage.
But herein lies the rub. While the credit card brands may have the very best of intentions, as set forth above, the reality is that the PFI Report is not necessarily the most reliable or even accurate set of findings. In summary:
The PFI team is owned and operated by the credit card brands, and is not only be biased but also operates under the cloud of a significant conflict of interest;
A retailer has little opportunity to object to the findings of the PFI Report, and is contractually bound not to participate in the PFI’s investigation but rather must stand-down and cooperate fully. In fact, a retailers diminished role in the PFI Report process can become an unexpected and unfair obstacle in determining the true nature and scope of the data breach;
If the retailer does disagree with any of the findings of the PFI, it has little ability to dispute the facts documented by the PFI prior to unfavorable facts being turned over to third parties, including class action plaintiffs;
The PFI Report typically contains no company addendum or other place to present any of a retailer’s objections or other opposition, even when a retailer has spent millions (or even tens of millions) by engaging their own professional forensics firm who has significant objections to the PFI Report;
The intended purpose of a PFI investigation is not necessarily to mitigate damages or help a retailer with an incident response, but rather the PFI’s goal is to minimize potential fraud losses to exposed cards and determine compliance with industry rules related to data security. In other words, the PFI team is on the hunt for negligence, carelessness, recklessness, fraud and blame — not incident remediation and future data breach defense; and
The PFI team will not only be conducting an investigation to determine the risk of payment card exposure from a cyber-attack, but also assessing the company’s compliance with the PCI-DSS, which can open up an additional can of worms, perhaps more damaging to a retailer than the data breach itself.
Going Forward
Retailers who experience data security incidents must already deal with a class action blitzkrieg, and Judge Grimm’s recent love letter to the class action bar only adds fuel to that firestorm.
On the one hand, Marriott arguably put the Marriott PFI Report in “play” by attaching it to their motion to dismiss, thereby providing Judge Grimm with a convenient rationale to rule that its release did not violate the PLSRA discovery stay. Perhaps in future securities class actions, if a defendant does not file the PFI Report as part of any pleading, the PSLRA’s statutorily required discovery stay will prohibit any plaintiff from seeing the PFI Report before an opportunity for a dispositive motion, like a motion to dismiss.
But on the other hand, for securities class actions and all other class actions, Judge Grimm’s letter validates a class action plaintiff’s “First Amendment” right to see the PFI Report, which may prompt other judges to grant class action plaintiffs immediate access to it. Such prompt and early access could curtail defendants hopes of winning early pre-trial dispositive motions, while potentially arming class action plaintiffs with an evidentiarily powerful litigation weapon.
Clearly, retailers should take heed of Judge Grimm’s Letter Order and try to prepare for its consequences. One preemptive option for retailers is to conduct “table-top” exercises of a data security incidents at their company, and engage a “mock PFI Team,” comprised of former PFI investigators, to create a “mock PFI Report.”
Reviewing a mock PFI Report could then provide a retailer with a better understanding of what to expect from a PFI Team and enable the retailer to develop the kind of corporate governance and technological infrastructure that would typically result in a more favorable PFI Report. The mock PFI investigation would also provide unique training for IT personnel and others who will have to work with PFI Teams, preparing a company’s employees for what is typically an extremely awkward experience, replete with hazards and pitfalls.
Think of it this way: When opening a new restaurant what better way to obtain an “A” health department rating than to hire a former health department inspector to conduct a mock inspection. The same goes for PCI-DSS compliance.
Table-top exercises also enable organizations to analyze potential emergency situations in an informal environment and are designed to foster constructive discussions among participants as they examine existing operational plans and determine where they can make improvements. Indeed, table-top exercises are a natural fit for information security because they provide a forum for planning, preparation and coordination of resources during any kind of attack.
Retailers should also spend more time on the due diligence of selecting a PFI from the 22 digital forensic companies currently on the PCI SSC List. Retailers should study carefully the credentials and track record of PFI team members, ensuring that their selected PFI team is experienced, fair, objective, meticulous and open to discussions and disagreement.
Not to be too cynical but it would also probably help if the law firm managing a retailer’s data breach response has prior experience with the PFI team and that the PFI team is concerned about their reputation with the law firm (i.e. that the PFI team relies on the law firm for other business). When there exist competing, outside economic interests at issue, it is only human nature for the PFI team to put their best and most fair foot forward during the course of their engagement.
Given that trying to avert a cyber-attack is like trying to prevent a kindergartener from catching a cold during the school year, retailers should anticipate a securities class action lawsuit filing within 24 hours of the announcement of their next (inevitable) data security incident — and they should take steps now to help facilitate an exculpatory PFI Report.
Otherwise, a class action liability skirmish may be over before the retailer has even had a chance to enter the battlefield.
__________________
John Reed Stark is president of John Reed Stark Consulting LLC, a data breach response and digital compliance firm. Formerly, Mr. Stark served for almost 20 years in the Enforcement Division of the U.S. Securities and Exchange Commission, the last 11 of which as Chief of its Office of Internet Enforcement. He currently teaches a cyber-law course as a Senior Lecturing Fellow at Duke Law School. Mr. Stark also worked for 15 years as an Adjunct Professor of Law at the Georgetown University Law Center, where he taught several courses on the juxtaposition of law, technology and crime, and for five years as managing director of global data breach response firm, Stroz Friedberg, including three years heading its Washington, D.C. office. Mr. Stark is the author of “The Cybersecurity Due Diligence Handbook.”
    The post Guest Post: Some Good News for the Cybersecurity Class Action Bar appeared first on The D&O Diary.
Guest Post: Some Good News for the Cybersecurity Class Action Bar published first on
0 notes
lawfultruth · 5 years ago
Text
Guest Post: Some Good News for the Cybersecurity Class Action Bar
John Reed Stark
As discussed in the following guest post from John Reed Stark, a recent development in the class action litigation arising out of the massive Marriott International data breach could have significant ramifications for other claimants asserting class action claims — including securities class action claims — based on data breaches or other cybersecurity incidents. Stark is President of John Reed Stark Consulting and former Chief of the SEC’s Office of Internet Enforcement. A version of this article originally appeared on Securities Docket. I would like to thank John for allowing me to publish his guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is John’s article.
*******************************
The cybersecurity class action bar might be celebrating the holidays a bit early this year.
The enthusiasm stems from a recent (but barely noticed) judicial letter from Judge Paul W. Grimm, of the United States Federal District Court for the District of Maryland, who oversees class action litigation arising out of last year’s data breach of Marriott’s Starwood guest reservation database. In his letter, which is essentially a judicial decree, Judge Grimm ordered Marriott to make public a crucial third-party report that will reveal key details about the data breach.
Known formally as a “Payment Card Industry Forensic Investigative Report,” or “PFI Report,” the report in question can be one of the most evidentiarily powerful documents for data breaches involving credit card information. With respect to Marriott-breach related pending multidistrict class actions filed by consumers, financial institutions and governments, the Marriott PFI Report has previously either been severely redacted or sealed off to the public entirely. But now, per Judge Grimm, the First Amendment mandates the Marriott PFI Report’s public release (perhaps lightly redacted).
On the surface, Judge Grimm’s order might look like part of one of the many inconsequential discovery-related squabbles that typically occur during class actions and other litigation. But Judge Grimm’s decision could have significant ramifications for plaintiffs filing securities-related and other class actions following data breaches at retail companies.
This article drills down into Judge Grimm’s ruling, and:
Explains, beginning with PCI-DSS compliance, why a PFI Report can be the most critical documentary evidence relating to a data breach;
Discusses the class actions related to the Marriott data breach and the ramifications of Judge Grimm’s ruling, not just for Marriot but for any company that handles credit cards; and
Offers some salient advice for retailers who wish to avoid, or at least mitigate, the potential costs and other problematic issues associated with Judge Grimm’s ruling.
Retailers and PCI-DSS Compliance
Payment Card Industry Data Security Standards (PCI-DSS) is a set of requirements created to help protect the security of electronic payment card transactions that include personal identifying information (PII) of cardholders, and operates as an industry standard for security for organizations utilizing credit card information. PCI-DSS applies to all organizations that hold, process or pass credit card holder information and imposes requirements upon those entities for security management, policies, procedures, network architecture, software design and other critical measures that help to protect customer credit and debit card account data.
The Payment Card Industry Security Standards Council (PCI SSC), an international organization founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc. in 2006, develops and manages certain credit card industry standards, including the PCI-DSS. In addition to promulgating PCI-DSS, the PCI SSC has developed a set of industry rules governing responses to payment card data breaches. These rules, known collectively as the Payment Card Industry Forensic Investigator (PFI) program, were intended to replace the programs established by the individual card brands.
In theory, PCI-DSS is good for retailers, establishing a minimum data security standard that all retailers must meet, discouraging competitors from cutting corners and allowing for some uniformity and stability. PCI-DSS not only protects the card brands but it also ensures that consumers feel safe when using credit and debit cards. However, adhering to PCI-DSS can become costly and onerous, especially for retail chains, and can subject retailers to the cybersecurity whims of the card brands, who enjoy a very strong bargaining position.
PCI-DSS and Data Breaches
When a cyber-attack targets electronically transmitted, collected or stored payment card information, whether the retailer has met PCI-DSS compliance quickly becomes an intense area of inquiry.
For instance, the card brands may levy significant fines and penalties on retailers that are not in compliance with PCI-DSS. Such penalties and fines, imposed separately by each card association, can include:
Hefty fines (in multiples of $100,000) for prohibited data retention;
Significant additional monthly fines (can be $100,000 or more per month depending on the nature of the data stored) assessed until confirmation is provided indicating that prohibited data is no longer stored;
Separate fines (in multiples of $10,000) for PCI-DSS non-compliance;
Additional monthly fines (likely $25,000 per month) assessed until confirmation from a qualified security assessor that the merchant is PCI-DSS compliant;
Payment of monitoring (can be as high as $25) and reissuing (up to $5) assessments for each card identified by the card association as potentially compromised; and
Reimbursement for any and all fraudulent activity the card association identifies as being tied to a security data breach.
The PFI Report
Once a data security incident occurs, in order to determine whether the retailer must incur any of the above penalties or pay for any system modifications required to achieve PCI-DSS compliance, the retailer is contractually obligated to hire a specially certified PCI-approved forensic investigative firm (also known as a “PFI”) from a small and exclusive list of card brand approved vendors (currently comprised of 22 companies).
The PFI team then performs a specified list of investigative work including writing a final report about the data security incident – the PFI Report — that is issued to both the retailer and the various credit card companies. The PFI Report then becomes the basis used by the card brand companies to calculate potential fines that will be levied against the acquiring banks. These fees are then passed along to the victim company in the form of indemnification.
More Art Than Science
Sometimes PFI Reports are the most thorough, comprehensive and authoritative analysis of a cyber-attack upon a retailer. But sometimes, albeit unintentionally, the PFI Report can be prejudiced, jaundiced, biased or otherwise flawed.
The findings and conclusions of PFI Reports typically derive from painstaking efforts of digital forensics and malware reverse engineering, which can consist of conjecture, hypothesizing, speculation, supposition and simple old-fashioned guesswork. In fact, both skill sets are more art than science, which can render PFI Reports overly subjective, skewed or even mistaken. Here’s why:
First off, while some data security incidents may provide key evidence early-on, most never do, or even worse, provide a series of false positives and other initial stumbling blocks. After a cyber-attack, there is rarely, if ever, a CSI-like evidentiary trail.
Indeed, digital forensic evidence of a data security incident is rarely in plain view; it can rest among disparate logs (if they even exist), volatile memory captures, server images, system registry entries, spoofed IP addresses, snarled network traffic, haphazard and uncorrelated timestamps, Internet addresses, computer tags, malicious file names, system registry data, user account names, network protocols and a range of other suspicious activity. Evidence can also become difficult to nail down — logs are destroyed or overwritten in the course of business; archives become corrupted; hardware is repurposed; and the list goes on.
Second, when a digital forensics investigator analyzes the virtual remnants, artifacts and fragments left within the attack vector of a company’s devices or systems such as “deleted recoverable files” residing in the more garbled sectors of a hard drive such as “unallocated and slack space” or the boot sector, facts and conclusions can be subject to interpretation and guided by the assumptions and experience of that investigator.
Consider for example the intricacies and complexities of malware-reverse engineering. “Malware” is oft defined as software designed to interfere with a computer’s normal functioning, such as viruses (which can wreak havoc on a system by deleting files or directory information); spyware (which can secretly gather data from a user’s system); worms (which can replicate themselves and spread to other computers); or Trojan horses (which upon execution, can cause loss or theft of data and system harm).
The definition of malware, however, is actually broader and a bit of a misnomer, and actually means any program or file used by attackers to infiltrate a computer system. Like the screwdriver that becomes harmful when a burglar uses it to gain unlawful entry into a company’s headquarters, legitimate software can actually be malware. Thus, malware reverse engineering, a crucial aspect of incident response, is also often the most challenging.
Finally, there also exists a massive cybersecurity labor shortage, with over three million cyber-related jobs remaining unfilled — which means there are quite a few inexperienced amateurs masquerading as incident response professionals, whose findings can be dubious.
This dearth of bona-fide data breach response experts should come as no surprise. The data breach response industry remains in its infancy – there are few academic degrees available in the realm of incident response and barely any incident response courses in college and graduate school curriculums. Many incident responders come from government, such as the Air Force’s Office of Special Investigations; the U.S. Computer Emergency Readiness Team (CERT) of the Department of Homeland Security; or the various cyber squads of the Federal Bureau of Investigation. Other incident response experts are simply self-taught from experience or from piecing together varying expertise of digital forensics, network engineering and security science.
The bottom line is that no matter where a data breach response worker starts out, it can take as much as a decade of apprentice work before becoming a bona-fide data breach response expert.
PFI Conflicts of Interest
Though the attacked retailer engages the PFI and is responsible for all fees and expenses associated with the PFI’s investigation, the PFI conducts the investigation on behalf of the third-party card brands and with their direct involvement. Thus, even the most trustworthy, conscientious and objective PFI team can have an inherent conflict of interest and be biased.
For instance, under PFI rules, each of the payment card brands is responsible for “Defining requirements regarding the use of PFIs and the disclosure, investigation and resolution of security issues” of the security incident. This supervisory role affords the card brands wide latitude in directing and controlling key aspects of the data breach response process.
In fact, PFI rules actually attempt to minimize involvement of the victim company in the response, stating outright that the company is not to control or direct the investigation. To ensure compromised entities fully understand this limitation, the PFI rules specifically require that the retailer acknowledge and agree in its contract with the PFI that “that the investigation is being carried out as part of the PFI Program, that all PFI Report information shall be shared with affected Participating Payment Brands throughout the investigation and that the investigation is not to be directed or controlled in any way by the Compromised Entity.”
To make matters even worse, if a retailer disagrees with any of the findings of the PFI, the retailer has limited, if any, recourse to dispute the PFI Report prior to the unfavorable facts being turned over to third parties. PFI rules require the contract to specify that the PFI has the authority to deliver all final and draft reports and PFI work papers to the card brands at the same time as the reports are sent to the victim retailer.
Retailers can comment on draft and final PFI reports but do not have “approval authority,” and any facts regarding the investigation with which the retailer fundamentally disagrees might not be part of the documentation that the PFI or the card brands provide to third parties.
Meanwhile, in stark contrast, the credit card brands enjoy unique input and control with respect to the documentation of a security incident, including approval rights over all PFI reports and the ability to reject any report that does not conform to all applicable requirements, such as templates and use of proper scoping methodology.
Dueling, Parallel Digital Forensic Investigations
Given the potential for bias, conflicts of interest and subjectivity (or even mistakes), retailers rarely stand-by quietly and simply accept the PFI’s findings on the data breach.
Instead, when hiring a PFI after a cyber-attack, most retailers engage a second “company-directed” forensic examiner to the investigation, one that is completely independent of the card brand approved PFI list. This second, company-directed forensic examiner typically reports to, and is formally engaged by, the retailer’s outside counsel or internal general counsel.
There can be tremendous advantages for a victim-retailer to engage their own forensic firm, in addition to the card brands PFI team. First, absolute technical accuracy and completeness of the report is of paramount importance given that this report may become the foundation for regulatory inquiry and litigation, and a victim company may need to challenge a PFI’s draft report’s findings.
Second, the involvement and direction of counsel in the context of the investigation will presumably apply to the work product produced by the digital forensic investigators, rendering their findings, conclusions and other communications protected by attorney-client confidentiality. The involvement of counsel also establishes a single point of coordination and a designated information collection point, enhancing visibility into the facts, improving the ability to pursue appropriate leads and, most importantly, ensuring the accuracy and completeness of information before it is communicated to external audiences.
Think of it this way: After experiencing a fire in a home, a homeowner may have concerns about the qualifications or credibility of the insurance adjuster or may believe the insurance adjuster’s report is biased or specious. So the homeowner hires their own expert to challenge the report of the insurance adjuster in order to receive a better insurance payout. The same principle holds true for PCI incident response.
However, there are also some disadvantages to this “dueling investigation” approach. Given the sanctity of the attorney-client privilege and work product doctrines, the retailer’s forensic firm and the PFI firm can rarely collaborate, or even be in the same room together, lest the retailer risk waiving attorney-client privilege.
The retailer may even go so far as to arrange for the PFI firm and the retailer’s firm to deploy different endpoint detection applications – thus paying for two almost identical software licenses. Thus, the retailer pays twice for a cyber-attack investigation and twice for each team’s expensive toolsets – which can add up to millions (or even tens of millions) of dollars. That’s like paying for an Uber car and a Lyft car to take one person home from a night out – it’s a bit maddening.
Welcome to the upside down world of data breaches: where actual perpetrators are rarely caught; where actual damages to specific customers are rarely identified; and where the retailer victimized by a cyber-attack must not only also pay the invoices of the PFI team (who reports solely to the card brands) but must also pay the invoices of the second external forensic expert (who reports solely to the retailer).
The Marriott Breach, the Resulting Class Actions and the Marriott PFI Report
Marriott International, Inc. (Marriott) is a multinational company that manages and franchises a broad portfolio of hotels and related lodging facilities around the world. On November 30, 2018, Marriott announced a data security incident involving unauthorized access to the Starwood guest reservation database containing information relating to as many as 500 million guests. Since then, Marriott claims that attackers who breached its Starwood Hotels unit’s guest reservation system stole personal data from up to 383 million guests — including more than five million unencrypted passport numbers.
Marriot also now asserts that attackers had unauthorized access to its Starwood network of reservations at W Hotels, Sheraton Hotels & Resorts and other properties dating back to 2014, prompting questions about Marriott’s cybersecurity governance and infrastructure as well as suspicion that Marriott negligently missed the breach during its due diligence process before acquiring Starwood in 2016 for $13.6 billion.
The class action frenzy since these events has been nothing short of astounding. A total of 176 plaintiffs from all 50 U.S. states have filed suit against Marriott relating to the Marriott breach. Meanwhile, consumers, financial institutions and governments in various states, such as California, Illinois, New York and Massachusetts have filed dozens more class actions, including a securities class action.
Given the vast scope and number of class actions relating to the Marriott data breach, the plaintiffs agreed to centralize the litigation at a hearing with the Judicial Panel on Multidistrict Litigation. The Judicial Panel: 1) determines whether civil actions pending in different federal districts involve one or more common questions of fact such that the actions should be transferred to one federal district for coordinated or consolidated pretrial proceedings; and 2) selects the judge or judges and court assigned to conduct such proceedings.
The Judicial Panel agreed that consolidating the class action lawsuits into multi-district litigation (MDL) was the best option, also noting that Marriott was headquartered in Maryland and most witnesses would be found in the area and ordering the MDL to reside before Judge Paul Grimm in the Federal District Court of Maryland. The Panel noted in its order:
“[W]e find that centralization…of all actions in the District of Maryland will serve the convenience of the parties and witnesses and promote the just and efficient conduct of this litigation . . . The factual overlap among these actions is substantial, as they all arise from the same data breach, and they all allege that Marriott failed to put in to place reasonable data protections. Many also allege that Marriott did not timely notify the public of the data breach.”
The Marriott Securities Class Actions
The securities class action lawsuit(s) against Marriott and certain of its senior executives assert claims under Sections 10(b) and 20(a) of the Securities Exchange Act of 1934, and SEC Rule 10b-5 promulgated thereunder, on behalf of all persons or entities who purchased or otherwise acquired Marriott common stock between November 9, 2016 through November 29, 2018.
In the first securities class action lawsuit involving Marriott, filed on December 1, 2018, less than one full day (!) after Marriott announced the data security incident, the complaint refers to statements in the company’s SEC filings about the importance of information technology security, alleging that certain statements in Marriott’s SEC filings were false and misleading because: “(1) Marriott’s and Starwood’s systems storing their customers’ personal data were not secure; (2) there had been unauthorized access on Starwood’s network since 2014; (3) consequently the personal data of approximately 500 million Starwood guests and sensitive personal information of approximately 327 million of those guests may have been exposed to unauthorized parties; and (4) as a result Marriott’s public statements were materially false and/or misleading at all relevant times.” Since its initial filing, the plaintiffs have amended their securities class action complaint, and added new and more complete allegations, with the most recent version found here.
Unlike more traditional securities class action lawsuits, the Marriott securities class action lawsuit does not involve allegations of financial or accounting misrepresentations. Instead, it involves allegations that Marriott suffered a significant reverse in its operations, alleging that the company failed to inform investors that the data security incident might occur and that if it did occur it would have a negative impact on the company.
A Brief Aside about the Disclosure of Cyber-Attacks by Public Companies
In particular, public company disclosures relating to cyber-attacks can provide ideal fodder for class action plaintiffs looking for negligent representations, insufficient assertions or misleading statements. There is confusion about not just when a public company should disclose a data security incident, but also what precisely the public company should say about the incident.
For example, per the U.S. Securities and Exchange Commission’s (SEC) February 26, 2018 interpretive guidance relating to disclosures about cybersecurity risks and incidents, when a company has learned of a cybersecurity incident or cyber-risk that is material to its investors, companies are expected to make appropriate disclosures, including filings on Form 8-K or Form 6-K as appropriate. Additionally, when a company experiences a data security incident, the 2018 SEC Guidance emphasizes the need to “refresh” previous disclosures during the process of investigating a cybersecurity incident or past events.
However, on the one hand, with respect to the actual content of a company’s data security incident’s disclosure, the 2018 SEC Guidance allows for a lack of specifics so as not to compromise a company’s security, stating:
“This guidance is not intended to suggest that a company should make detailed disclosures that could compromise its cybersecurity efforts – for example, by providing a “roadmap” for those who seek to penetrate a company’s security protections. We do not expect companies to publicly disclose specific, technical information about their cybersecurity systems, the related networks and devices, or potential system vulnerabilities in such detail as would make such systems, networks, and devices more susceptible to a cybersecurity incident.”
But on the other hand, the 2018 SEC Guidance cautions companies not to use any sort of generic “boilerplate” type of language in its disclosures, stating somewhat opaquely:
“We expect companies to provide disclosure that is tailored to their particular cybersecurity risks and incidents. As the Commission has previously stated, we ‘emphasize a company-by-company approach [to disclosure] that allows relevant and material information to be disseminated to investors without boilerplate language or static requirements while preserving completeness and comparability of information across companies.’ Companies should avoid generic cybersecurity-related disclosure and provide specific information that is useful to investors.”
Given the SEC’s schizophrenic approach to disclosing cybersecurity-related events, rather than serving as  safe harbor for public companies, the SEC’s 2018 Guidance ironically has become a beacon for class action plaintiffs.
PSLRA Discovery Stay and the Marriot Securities and Derivatives Tracks
Congress enacted The Private Securities Litigation Reform Act of 1995 (PSLRA) to address perceived abuses in securities fraud class actions. Among those concerns was that the high “cost of discovery often forces innocent parties to settle frivolous securities actions.” In addition, Congress sought to prevent private securities plaintiffs from using frivolous lawsuits as a vehicle “to conduct discovery in the hopes of finding a sustainable claim not alleged in the complaint.”
In furtherance of those goals, the PSLRA provides that “all discovery and other proceedings shall be stayed during the pendency of any motion to dismiss, unless the court finds, upon the motion of any party, that particularized discovery is necessary to preserve evidence or to prevent undue prejudice to that party.”
In the Marriot MDL, there are five case “tracks” (Government, Financial Institution, Consumer, Securities and Derivative). In accordance with the PSLRA, Judge Grimm ordered that all discovery for both the Securities and Derivative Tracks be stayed, until the resolution of Marriott’s pending motion to dismiss.
Judge Grimm also provisionally granted a motion to seal Marriott’s motion to dismiss the Government Track action, which included a copy of the Marriott PFI Report as an exhibit. Currently, redacted versions of these pleadings appear on the docket, although the Marriott PFI Report remains sealed in full.
Class Action Motions Concerning the Marriott PFI
Rather than captioned as traditional orders and motions, to keep costs down, Judge Grimm’s has implemented a case management system in the Marriott MDL, which includes a July 16, 2019 order that any party seeking to file a motion shall first submit a letter, no longer than three pages, stating the facts and bases supporting such relief. This way, the Judge might just rule on the three page letter and avoid the costs of lengthy memoranda, motions, affidavits, etc.
Once a letter is filed, Judge Grimm determines whether to schedule an expedited telephone conference to discuss the requested motion and whether the issues may be resolved or otherwise addressed without the need for formal briefing. This expedited motions procedure apparently meant that Gibson Dunn, the law firm representing Marriott in the class actions, had limited time and space to argue against the release of the Marriott PFI Report (e.g. no room for expert affidavits, documentation of particularities, witness declarations and the many other details and minutia typically presented in an important litigation motion.)
Based on the currently 438 entries in the Marriott MDL docket, the two primary letters seeking the unsealing of the Marriott PFI Report appear to be the following pleadings:
May 21, 2019 letter submitted by Silverman Thompson Slutkin and White, on behalf of the only financial institution plaintiff, the Bank of Louisiana (The Silverman Letter); and
July 24, 2019 letter submitted by Labaton Sucharow, on behalf of the lead plaintiff in the securities track and along with the plaintiffs in the derivatives track (The Labaton Sucharow Letter).
In opposition to the Silverman Letter and the Labaton Sucharow Letter, Marriott submitted the following pleadings:
July 15, 2019 motion to seal the Marriott PFI Report, submitted by BakerHostetler on behalf of Marriott alongside a July 15, 2019 motion to dismiss, also submitted by BakerHostetler on behalf of Marriott; and
August 8, 2019 letter opposing the unsealing of the Marriott PFI Report, submitted by Gibson Dunn on behalf of Marriott.
The Silverman Letter specifically seeks production of the Marriott PFI Report before the deadline for amending its complaint, stating:
“Our position on these matters is consistent with this Court’s emphasis on efficiency and avoidance of unnecessary litigation effort. Requiring production of the PFI Report and other investigative reports related to the Data Breach prior to the deadline for amending complaints will promote efficiency by ensuring that the allegations conform to the available facts, thus eliminating unnecessary discovery and motion practice over allegations based on “information and belief” that may be inconsistent with facts already developed in the PFI and other investigations . . . Early production of the PFI Report, other investigative reports, and all materials provided to government regulators investigating the Data Breach at issue by Marriott will greatly facilitate all parties’ ability to frame the issues in the case for the Court.”
The Labaton Sucharow Letter notes that Marriott had already attached a copy of the PFI Report in their July 15, 2019 motion to dismiss in the Government Track, but had placed the Marriott PFI Report under seal and also argued that the First Amendment mandates that Judge Grimm unseal the Marriott PFI Report.
“It is settled law that the First Amendment and common law protect the public’s access to judicial records . . . Merely attempting to avoid embarrassment, legal liability, or a harm to future business prospects are insufficient reasons under either standard to justify keeping information in judicial records from the public. The party seeking the sealing must overcome the interest of the general public, which includes the financial markets as Marriott is a publicly traded company . . . As an initial matter, these materials are clearly a matter of public interest to investors, consumers, and the American public. . . . Defendants have articulated why they want the materials kept under seal – (1) danger from potential hacking of their systems, (2) competitive harm, and (3) that it would undermine current investigations . . . None of these reasons satisfy the high burden Defendants must meet to rebut the presumption of access and maintain these judicial records under seal.”
The Gibson Dunn Letter reiterates the arguments of Marriott’s July 16 Motion to place the Marriott PFI Report under seal and adds an additional argument relating to the PSLRA discovery stay, stating:
“Plaintiffs’ motion is an attempted end-run around the PSLRA’s discovery stay. The PSLRA, which governs the Securities and Derivative Tracks, imposes an automatic stay on all discovery pending resolution of motions to dismiss. Plaintiffs now seek to expose confidential discovery materials in public court filings, so that they can access discovery that federal law bars them from obtaining at this juncture. [In addition], 1) Sealing the information protects it from criminals that could use it to perpetrate “future cyberattacks.” Disclosure of the sealed information could, for instance, help hackers hone their strategies . . . 2) The compelling governmental interest in shielding ongoing investigations requires keeping certain information sealed; . . . and 3) Marriott’s concern about offering “competitors insight into certain aspects of Marriott’s internal business practices”
Judge Grimm’s Decision
In an August 30, 2019 “Letter Order,” Judge Grimm sided with the plaintiffs, and ordered the unsealing of the Marriott PFI Report, while assigning a magistrate judge to determine if it should contain any “narrowly tailored” redactions (e.g. if Marriott can show with definitive particularity that publication of any portions/sentences of the Marriott PFI Report would “threaten existing operational database systems.”)
With respect to Marriott’s PSLRA arguments, because the unsealing of the Marriott PFI Report was of no monetary cost to the Marriott defendants, Judge Grimm noted that the spirit of PSLRA remained intact and respected. Moreover, because Marriott had attached the Marriott PFI Report to their earlier pleading, Marriott had rendered the Marriott PFI Report a “pleading” and not “discovery material” which did not run “afoul with the PSLRA discovery stay.”
With respect to Marriott’s other arguments, Judge Grimm found that “there is a First Amendment right to access portions of the PFI report and pleadings that cannot be shown to constitute a particularly identified, non-speculative harm.” Judge Grimm writes:
“Defendants argue (without explaining how) that the information could help hackers attack systems Defendants currently use by studying “network infrastructure for handling cardholder data, systems and strategies for securing such information and thwarting attacks, encryption and decryption processes and protocols, and activity logging.” . . . This justification for continuing to seal the entirety of the report is both speculative and generalized. Under this reasoning, none the details of how the Starwood database was compromised could ever be revealed, which would prevent the public from understanding how the data breach occurred in the first place, and it would prevent other entities from learning how to better protect their networks from similar attack. This is hardly in the public interest . . . Second, Defendants’ assertion that unsealing the pleadings and PFI report would interfere with ongoing investigations is equally conclusory and speculative. While Defendants do claim that ongoing investigations would be jeopardized, it is unclear which investigations would be compromised, or how, and therefore this argument fails . . . Lastly, Defendants offer no particularized support for the proposition that sealing the entire PFI report and portions of the Pleadings is necessary to prevent disclosure of commercially sensitive data and internal business practices.”
Judge Grimm then ordered the parties to confer expeditiously with U.S. Magistrate Judge Facciola to determine what portions of the Marriott PFI Report, if any, should be redacted, noting that he “will not wait indefinitely to implement this order [and] should the parties disagree, Judge Facciola shall make a report and recommendations to me for my ultimate determination.”
Judge Grimm Hands Over the Brass Ring
It should come as no surprise that the plaintiffs in the Marriott securities class action lawsuits asked Judge Grimm to unseal the Marriott PFI Report. For a class action plaintiff, the PFI Report is the brass ring of documentary evidence, containing detailed, well-documented and potentially inculpatory opinions and findings relating to the Marriott data breach.
Conducted without any direction, interference or influence from Marriott, and presented without any of Marriott’s objections, disagreements, opposition, etc., the Marriott PFI Report also provides a timely, unique and wholly unfettered analysis of the data breach. Moreover, obtaining a PFI Report early on in a class action can save a plaintiff millions of dollars in discovery-related expenses while also delivering a mammoth strategical advantage.
But herein lies the rub. While the credit card brands may have the very best of intentions, as set forth above, the reality is that the PFI Report is not necessarily the most reliable or even accurate set of findings. In summary:
The PFI team is owned and operated by the credit card brands, and is not only be biased but also operates under the cloud of a significant conflict of interest;
A retailer has little opportunity to object to the findings of the PFI Report, and is contractually bound not to participate in the PFI’s investigation but rather must stand-down and cooperate fully. In fact, a retailers diminished role in the PFI Report process can become an unexpected and unfair obstacle in determining the true nature and scope of the data breach;
If the retailer does disagree with any of the findings of the PFI, it has little ability to dispute the facts documented by the PFI prior to unfavorable facts being turned over to third parties, including class action plaintiffs;
The PFI Report typically contains no company addendum or other place to present any of a retailer’s objections or other opposition, even when a retailer has spent millions (or even tens of millions) by engaging their own professional forensics firm who has significant objections to the PFI Report;
The intended purpose of a PFI investigation is not necessarily to mitigate damages or help a retailer with an incident response, but rather the PFI’s goal is to minimize potential fraud losses to exposed cards and determine compliance with industry rules related to data security. In other words, the PFI team is on the hunt for negligence, carelessness, recklessness, fraud and blame — not incident remediation and future data breach defense; and
The PFI team will not only be conducting an investigation to determine the risk of payment card exposure from a cyber-attack, but also assessing the company’s compliance with the PCI-DSS, which can open up an additional can of worms, perhaps more damaging to a retailer than the data breach itself.
Going Forward
Retailers who experience data security incidents must already deal with a class action blitzkrieg, and Judge Grimm’s recent love letter to the class action bar only adds fuel to that firestorm.
On the one hand, Marriott arguably put the Marriott PFI Report in “play” by attaching it to their motion to dismiss, thereby providing Judge Grimm with a convenient rationale to rule that its release did not violate the PLSRA discovery stay. Perhaps in future securities class actions, if a defendant does not file the PFI Report as part of any pleading, the PSLRA’s statutorily required discovery stay will prohibit any plaintiff from seeing the PFI Report before an opportunity for a dispositive motion, like a motion to dismiss.
But on the other hand, for securities class actions and all other class actions, Judge Grimm’s letter validates a class action plaintiff’s “First Amendment” right to see the PFI Report, which may prompt other judges to grant class action plaintiffs immediate access to it. Such prompt and early access could curtail defendants hopes of winning early pre-trial dispositive motions, while potentially arming class action plaintiffs with an evidentiarily powerful litigation weapon.
Clearly, retailers should take heed of Judge Grimm’s Letter Order and try to prepare for its consequences. One preemptive option for retailers is to conduct “table-top” exercises of a data security incidents at their company, and engage a “mock PFI Team,” comprised of former PFI investigators, to create a “mock PFI Report.”
Reviewing a mock PFI Report could then provide a retailer with a better understanding of what to expect from a PFI Team and enable the retailer to develop the kind of corporate governance and technological infrastructure that would typically result in a more favorable PFI Report. The mock PFI investigation would also provide unique training for IT personnel and others who will have to work with PFI Teams, preparing a company’s employees for what is typically an extremely awkward experience, replete with hazards and pitfalls.
Think of it this way: When opening a new restaurant what better way to obtain an “A” health department rating than to hire a former health department inspector to conduct a mock inspection. The same goes for PCI-DSS compliance.
Table-top exercises also enable organizations to analyze potential emergency situations in an informal environment and are designed to foster constructive discussions among participants as they examine existing operational plans and determine where they can make improvements. Indeed, table-top exercises are a natural fit for information security because they provide a forum for planning, preparation and coordination of resources during any kind of attack.
Retailers should also spend more time on the due diligence of selecting a PFI from the 22 digital forensic companies currently on the PCI SSC List. Retailers should study carefully the credentials and track record of PFI team members, ensuring that their selected PFI team is experienced, fair, objective, meticulous and open to discussions and disagreement.
Not to be too cynical but it would also probably help if the law firm managing a retailer’s data breach response has prior experience with the PFI team and that the PFI team is concerned about their reputation with the law firm (i.e. that the PFI team relies on the law firm for other business). When there exist competing, outside economic interests at issue, it is only human nature for the PFI team to put their best and most fair foot forward during the course of their engagement.
Given that trying to avert a cyber-attack is like trying to prevent a kindergartener from catching a cold during the school year, retailers should anticipate a securities class action lawsuit filing within 24 hours of the announcement of their next (inevitable) data security incident — and they should take steps now to help facilitate an exculpatory PFI Report.
Otherwise, a class action liability skirmish may be over before the retailer has even had a chance to enter the battlefield.
__________________
John Reed Stark is president of John Reed Stark Consulting LLC, a data breach response and digital compliance firm. Formerly, Mr. Stark served for almost 20 years in the Enforcement Division of the U.S. Securities and Exchange Commission, the last 11 of which as Chief of its Office of Internet Enforcement. He currently teaches a cyber-law course as a Senior Lecturing Fellow at Duke Law School. Mr. Stark also worked for 15 years as an Adjunct Professor of Law at the Georgetown University Law Center, where he taught several courses on the juxtaposition of law, technology and crime, and for five years as managing director of global data breach response firm, Stroz Friedberg, including three years heading its Washington, D.C. office. Mr. Stark is the author of “The Cybersecurity Due Diligence Handbook.”
    The post Guest Post: Some Good News for the Cybersecurity Class Action Bar appeared first on The D&O Diary.
Guest Post: Some Good News for the Cybersecurity Class Action Bar syndicated from https://ronenkurzfeldweb.wordpress.com/
0 notes
aazucenaa-blog1 · 7 years ago
Text
Kik Now Has Video Chatting Capabilities In Latest Replace
Thanks to free messaging apps like Kik, we are able to now chat with family and friends members free of charge - even when they are residing in another country or the continent.  Increasingly digital forensics examiners are seeing the necessity to examine Kik apk  Messenger as an important supply of proof, and the ability to recuperate data from this app is turning into critical to their investigations. Video is the function that youthful people wish to use more when chatting with their peers and expressing themselves.
youtube
You may as well rely on kik messenger spy to spy on more than one person at a time, with out being found. NOTICE: This app requires your Android machine to be atleast on Android 2.2 and up for this app to work! Kik Messenger wants a telephone that runs android or iOS but in any other case it solely requires barely any processing energy, any GPU within the previous couple of years to sort out the minimal graphical necessities, and a really small quantity of RAM.
Clicking the Obtain link will take you to a web page on the Google Play retailer, from where you may obtain and set up the app. The flexibility to get better Kik Messenger artifacts has proven helpful for IEF users. To get the total experience of FlexiSPY you should know the limits it has on the huge array of Android operating techniques in the marketplace.
The spy software program gives data on all of the latest kik messenger activities stamped with the exact date and time. Nonetheless, in the event that they lose their Kik apk messages on the identical time, you want try the second technique. NOTE: Because the software program can solely access the rooted Android system, you should make sure that your telephone has been rooted earlier than recovery.
You possibly can obtain and set up Kik messenger on your Android Cellphone from Google Play or you'll be able to Download and set up it via apk file which you'll download Kik messenger type google play straight and officially. Video chat is apparently the highest person-requested feature according to Kik, and they also finally listened and introduced it to its more than 300 million monthly energetic users.
Get a copy of Kik for COMPUTER and use the same cell messenger in your Home windows or Mac laptop. While the flexibility to join groups in line with hashtags is an fascinating concept, Kik lacks the ability to solely approve certain people, which might help hold the spam ranges down.
Tumblr media
Since customers needn't kind of their phone number, they'll permit the app entry to their contacts checklist and find associates on the community. You'll merely have to register your account utilizing a username and then you are good to go. Select a username and create a free account at Kik apk after which start chatting with your friends and family members on the fly.
AndroidTapp is the most effective Android App Reviews, Android Apps , Android Information, Android App Suggestions, and Interviews with cell app builders. As a part of Mediabistro's Media App Summit which took place final yr, we spotlight the highest free apps each week-helping our readers discover, take pleasure in and analyze successful content material.
The Kik contacts tables may also contain profile image links and timestamps, in addition to group and block lists (relying on which utility is used). Kik permits you to create groups of up to 50 members, which may both be invite only or public.
When you can change the color of your chat bubbles, there is no choice to change the background to your chats. Kik has a flexibility that gives users the power to chat with people, or quickly start a gaggle dialog. This message will be despatched to the email deal with you used whenever you created your Kik account.
It is vitally straightforward to obtain the KIK APK either from Google Play Store or App Store, however in case if you don't need to obtain the app then you possibly can go for KIK APK file from the recommended sources. After linked your Android phone, the software will quickly scan the system to seek out all the present and lost information together with your lost Kik messages and pictures.
This makes Kik a highly desirable app as we are able to play quizzes, work on sure video games and even get daily style ideas with out having to install every other application. Kik makes messaging extra of an actual-time chat experience instead of just sending a traditional textual content and ready for a response.
And the best factor is that the app is completely free to download and use and all you want is a working Web connection in your device to use the app. Andy is supplied with full Android UI and supports Windows 7/8 and Mac OSX working techniques.
Go to Settings > Tab Account > Sign in along with your Cloud account and password > Choose Backup & Restore > Choose Kik backups and click on Restore. Overall, Kik provides great function especially when in comes to actual-time dialog coupled with a simple consumer interface.
Kik is the number one approach people join in different social apps like Instagram and SocialCam. Owned by the Chinese language know-how agency Tencent Company, WeChat is a free IM service which allows you to discover new buddies with the pal radar feature. Nonetheless, you should utilize KiK Messenger on Mac iOS units by downloading BlueStacks or a dmg file of the app.
We've spent thousands of hours ensuring Kik is the simplest, most beautiful smartphone messenger around. If Kik crashes on opening or freezes once you try to send footage, attempt force closing and then re-opening Kik on your gadget. All you need to do is scan the unique code, open the chat and ship the message simply.
Founded in 2008, Kik Messenger is a chatting app that has not too long ago exploded in reputation, now holding over 200 million registered customers. Don't spill beans about your personal data equivalent to handle, telephone quantity, e mail ID, bank particulars, residence details, and so on.
In case you have created backup for Kik messages or photographs, it's also possible to select to restore lost Kik Messenger files from backups. I feel this software's important feature that places it up against Apple's iMessage and Blackberry Messenger is the attractive UI. It is extremely well designed and has a refined, minimal feel to it.
KiK Messenger for Android really does an ideal factor and allows you to chat with your mates. You'll be able to share photos, movies and gifs with family and friends utilizing Kik apk App just like WhatsApp. When your iPhone is sort of full and doesn't have sufficient accessible storage, you might experience Kik crashes on iOS 10/9/8 iPhone, or iPad.
Additionally it is value noting an attachment can embody a message; however, the messages and attachments are sent individually within the Kik database. Observe: Once you've got lost or deleted fancy Kik messages or pictures in your telephone, stop using it instantly and follow below supplied methods to get misplaced data restored.
Nonetheless, this app is accessible on Google Play Retailer or App Retailer the place you may simply download them on your device. Just log in to your online TheTruthSpy management panel and you can entry all the Kik Messenger chat details you want. The best method to recuperate Kik when crashed in your sensible phones is to delete/remove Kik and do a contemporary install.
Except I've interpreted their postings and website wrong and the BB user may also have to obtain an app to make it work. Nice designs: Using Kik is very easy because of the small amount of buttons and home windows featured on this software.
Kik Messenger has been designed on a simple interface and very nice with which you will be able to navigate simply amongst your conversations and contacts, with some options to customise your profile. WeChat is among the most safe apps as a result of is the only messenger to have been licensed by TRUSTe.
One in every of my favorite software program to spy on Kik chats is TheTruthSpy which is thought for its high quality and prime notch options. IOS and Android users can download the most recent model of Kik app from Apple App Retailer and Google Play Retailer respectively.
Kik messenger has a number of new options like video name, voice call, instantaneous messages, on the spot backup, restoring backup instantly and much more. Communicate with to download interesting and newly coming APKs to take pleasure in on your smart units without cost.
Click on the button, then use a QR code scanner to download the app directly to your Android system. You'll be able to chat together with your contacts one-by-one or create group chats, what's perfect to set the assembly with all your folks on the similar time. Identical to Fb, kik messenger additionally has an built-in internet browser which lets you to open any internet-hyperlink without leaving the app.
Then you'll restore backed up Kik Messenger recordsdata out of your Android backup. All you might want to go to your phone settings> Security> Unknown Sources and allow it. On this article I am going to clarify you how one can obtain Kik messenger in your Android Cellphone.
Sadly, there is no app accessible for the COMPUTER but by merely utilizing BlueStacks you possibly can easily achieve entry to the favored and useful Android app proper in your LAPTOP. As well as, you may install and run almost any app you want using BlueStacks so you'll be able to acquire entry to Kik and different apps on your COMPUTER.
Keeps going up larger than 500mb after every week and I solely speak to 1 particular person on it. Camera is a joke even a blind man might focus higher than the digital camera in Kik. It is possible for you to to see if your chat accomplice has received and opened the message as well as if they are at the moment typing a message on their system.
If you do not have backups for lost Kik messages or images, or when you need a quick and efficient approach to get misplaced Kik messages/photos restored on Android phone, your best shot is to apply professional Kik Messenger recovery software program.
Provided that Kik is a messaging application, it is doubtless that probably the most useful evidence can be found in the messages themselves. For those who're responsible for a kid, or handle an worker - find out the reality, spy on their telephone.
Kik Messenger for Android is a reliable cross-platform app that gives the same idea to Blackberry Messenger. For superior cellphone tracking options kik apk messenger latest like Facebook Spy, LINE spy, and Viber spy to work, the Android device have to be rooted and FlexiSPY have to be running in full mode.
Didn't open WiFi for like 4 days only and when i got back to open my WiFi and open my kik, i found that kik didn't present me any message from the chats i had already and solely sending me messages of at the moment (the day i opened the wifi at solely).
To search out your folks on Kik Messenger, simply tap the talk to icon within the high proper and kind in your mates username. If you have not used Kik before, you can be prompted to create an account with the intention to use the service. KIK has designed in a simple manner by which everyone can use it easily and in addition will enable you to to speak with your folks and be you.
By visiting the Bot Shop you can meet artificial associates to chat with when your pals aren't round. KIk messaging service additionally gives users a whole access to the huge selection of emoticons for FREE. This fashion you'll be able to simply install the KIK APK file on your system, by simply following this instruction within the above.
However, do not dismiss Kik just but as they have added new features like photograph sharing and group chat capabilities. Entry the assistance section if you have any questions, however it would take you out of the app and open your browser, which does not actually make sense, since Kik has the capability of opening webpages.
Prior to installing this software, you might want to root your Android cellphone to make sure the steps can go smoothly. But for those who wish to obtain the KIK APK file then you possibly can obtain them from the trusted website easily. Kik will auto-save” the last 600 of your messages in a conversation for at most forty eight hours and 200 of your messages that exist for greater than two days.
With the recognition of Kik Messenger, many customers have puzzled if it will be attainable to run Kik messenger on LAPTOP. Prior to now this was very tough, if not unattainable, for a lot of customers to do. Nonetheless, now it's doable just by using an Android emulator often called BlueStacks.
Many instant messaging apps are literally FREE however some apps might require a cell number upon registering your account. There are a number of parental management and nanny apps out there that you should use to watch all exercise on your teen's cellphone. It ought to work simply effective on devices running Android model 4.zero or later, making it accessible to many users.
If you already have FlexiSPY installed on an Android system operating in Full Mode, you can remotely update the FlexiSPY app out of your dashboard, just search for the flashing update icon, click it, and you will be good to go. Kik isn't working so I imagine it's due to the replace a number of days in the past i've reset kik uninstalled and reinstall nothing works.
Typically Kik crashed on Android because your Android cellphone has been updated to 7.1/7.0 or Android 6.0, while Kik has not been updated accordingly to help the new OS. Please control Kik and update it when out there. Stimulated Chats allow users to comply with and chat with different brands in music, leisure and more.
Now the applying shall be put in on the cell as the permissions in Android are changed. Kik Account Hack Device This hack software is ideal for stealing those passwords and spying on the Kik apk account. In addition, it has shortcuts to different apps and plugins you may obtain for Kik.
0 notes
dumanistframbuaz-blog · 7 years ago
Text
Kik Newest APK Free Obtain For Android
Like to Talk and want to do it more effectively in your Android Tablet!  No Phone Numbers: With Kik app for Android, you needn't enter your cellphone numbers within the app. Blue Planet Apps is working on a cross platform messenger that will will let kik apk latest download for pc you send messages to BBM telephones. Kik apk doesn't need you to offer a phone quantity, but it surely also doesn't provide safety features and might make some customers feel uncovered.
youtube
Kik is the easiest way to talk back-and-forth in realtime, and right now you may get even more personal with video. Here is our ever-rising repository of APN settings on your telephone so it will probably access the internet and ship/obtain multimedia messages.
After you have signed in for the first time, BlueStacks will act very similar to any Android mobile gadget and will even sync lots of your apps to it routinely. For those who do not know to put in an APK manually, we now have a tutorial for them on the following web page.
You may both chat via one on one or group with your folks across the globe without cost of cost. Initially, KIK was developed by a bunch of scholars finding out on the College of Waterloo in Canada within the yr 2009. I get an error message that kik does not have access to my digital camera but I can take photos and send videos to my contacts.
Briefly, whereas this can be a welcome boost to the FlexiSPY package deal, it's best to bear in mind that if you want this KiK apk Messenger spy feature to work, the telephone will should be an Android phone operating full mode on a (as much as) Android version 5.zero.2 rooted cellphone.
To put in Kik Messenger app in your Android system without cost, observe these directions. No wonder Kik is the number one means folks join in other social apps like Instagram. For both iOS and Android, most Kik artifacts related to forensic investigations are stored inside SQLite databases, equally to other cellular chat functions.
Tumblr media
You can even depend on kik messenger spy to spy on multiple person at a time, with out being discovered. BE AWARE: This app requires your Android gadget to be atleast on Android 2.2 and up for this app to work! Kik Messenger needs a telephone that runs android or iOS but otherwise it only requires barely any processing energy, any GPU within the previous few years to sort out the minimal graphical necessities, and a really small quantity of RAM.
Get a copy of Kik for COMPUTER and use the identical mobile messenger on your Home windows or Mac computer. Whereas the ability to hitch groups in accordance with hashtags is an attention-grabbing idea, Kik lacks the flexibility to only approve sure folks, which would help maintain the spam ranges down.
For that, you'll need a Apple ID. Sadly, there are no different ways to use KiK Messenger on Apple gadgets. In case you are keen to obtain the application then you possibly can go to Google Play Retailer or different app store in your cellphone and search for Kik Messenger app.
This makes Kik a extremely desirable app as we will play quizzes, work on certain video games and even get day by day vogue tips without having to put in every other utility. Kik makes messaging more of an actual-time chat experience instead of simply sending a standard textual content and waiting for a response.
PERSONAL: Your Kik username not your phone number is your Kik identification, so you'll be able to preserve full control of your privacy. The first time you try to use an app, you can be requested to signal into Google Play to be able to obtain the app. I've despatched 2 emails, every time, simply asking for an evidence or guidelines to be added to ban notifications to tell us what is and isn't acceptable.
Nonetheless, do not dismiss Kik just but as they've added new features like picture sharing and group chat capabilities. Access the help part if in case you have any questions, however it should take you out of the app and open your browser, which does not really make sense, since Kik has the capability of opening webpages.
Kik Messenger is the completely free, loopy-fast cross-platform messenger app that connects you to your pals in real-time. And evidently rather a lot Kik Messenger customers are having problems about restoring old chat history or discovering no strategy to recuperate deleted images or messages on Kik.
While it makes it much harder to seek out pals, as you can't mechanically populate your mates checklist via cellphone number, it does provide that additional layer of privacy since you do not have to provide out any private particulars.
With the help of KIK App, you may easily share; ship photos, movies and textual content messages to your friends throughout the globe free of charge of value. So, in this content material, we are going to share with you on KIK APK, its features, obtain and set up course of in your gadget.
You may update your Kik to the most recent model so you can get pleasure from video chatting with your friends now. Nevertheless, if you wish to download the newest Kik Messenger APK on your cellphone and set up it manually, then you can do so using the link given beneath.
The Kik contacts tables can also contain profile image hyperlinks and timestamps, as well as group and block lists (relying on which software is used). Kik means that you can create groups of as much as 50 members, which might either be invite only or public.
As a result of, unlike WhatsApp Messenger, for instance, you would not have to provide your telephone quantity to add a contact. Internet Proof Finder (IEF) is able to recuperate Kik contacts, messages, and attachments from iOS and Android gadgets with using our Cellular Artifacts Module.
In case you have been utilizing Kik apk on your Android mobile device, iPhone or Windows Cellphone, merely enter your username and password to achieve access to the service. Kik always making updates to make sure the new version app is running as smoothly as attainable for his or her lively customers.
You can begin a public group chat of up to 50 members or you can start a personal group chat. But since smartphones have grow to be extra like an indispensible device, there are a lot of messenger companies with better choices. Before, you'll be able to only text someone from mobile phone to another cell phone, which includes the minimal knowledge charges.
Until I've interpreted their postings and website unsuitable and the BB person may also should download an app to make it work. Great designs: Utilizing Kik may be very simple due to the small amount of buttons and home windows featured on this application.
NOTICE: Every APK file is manually reviewed by the AndroidPolice crew earlier than being posted to the site. One to at least one chat in addition to group chatting function is there that means that you can stay linked with loved ones. However it runs, the important requirement is the two.2 minimum Android version or the 6 minimum iOS version, which requires a fairly current device.
You'll be able to obtain and install Kik messenger in your Android Cellphone from Google Play or you'll be able to Download and set up it by apk file which you'll be able to obtain Kik messenger kind google play directly and formally. Video chat is seemingly the top person-requested function in keeping with Kik, and they also finally listened and introduced it to its greater than 300 million month-to-month lively customers.
Now the appliance downloaded on the desktop will be copied to the SD card in the mobile (for COMPUTER download) by way of USB cable. One of the options that make Kik Messenger distinctive is its built-in net browser. Feel free to learn extra About me, Contact me if you have to, and ask to Advertise on the positioning should you suppose you are a good match.
This free messaging app has trusted contacts feature, which lets customers mark a contact as authenticated. It gives over 99 free stickers and a private photograph stream within the form of Moments. Messages and chats made by way of Kik won't price any money so you may take pleasure in long conversations together with your loved ones on the go with out worrying about the fee.
If you don't have FlexiSPY but, then now's the proper time to buy, as the new KiK apk Messenger spy characteristic is already included within the new release. The app means that you can make free voice calls over the internet with VoIP know-how. Kik Messenger is now actually a sizzling chatting apps on Android or iOS units and this app really ranks very excessive within the favorite cellphone app list.
In case, for those who do not feel like downloading the KIK APK file in your device then you'll be able to straight download the KIK App from Google Play Retailer or you may instantly click the hyperlink beneath to download the App. You too can choose to have your app seem in Kik's media tray, which allows users to launch your app from within Kik, choose some content material in your app, and send it again to the specific dialog in Kik from which your app was opened.
0 notes