Frequently Asked Questions
 

1. Question: What is StoryCloud? 
    Answer: StoryCloud is a software solutions provider of real-time streaming video deposition services for litigation.
 

2. Question: What type of attorneys and support staff can use StoryCloud?
    Answer: StoryCloud can be used by litigators focused on civil, probate, personal injury, employment, medical malpractice, and family law as well as their support staff.
 

3. Question: What is unique about the StoryCloud service?
    Answer:  Three things make the service unique.  First, the content is saved locally to the iPad device and simultaneously streamed to the cloud in real time. This facilitates immediate access to the video. Within minutes after completion, any properly credentialed member of the legal team can login, review the material, or download the content.  Second, the cost is a few hundred dollars for an all day video deposition.* Third, StoryCloud has extensive experience with content security and provides powerful, secure, and encrypted file storage and sharing technology to ensure that the content goes to the right person, at the right time, and to the right location. The content security StoryCloud provides is an order of magnitude more secure than services provided by most court reporting companies.

*Note: Fees are approximate and may vary according to a number of factors (i.e. region and market rates for videographers).
 

4. Question: How does it work?
    Answer:  Using an iPad, the StoryCloud platform records, saves to the iPad, and streams the video deposition to the cloud. Both audio and video are encrypted “on-the-wire” meaning the moment it leaves the phone the content is secure. Immediately after the video deposition is completed, anyone with proper credentials can login from any device using two-factor authentication.  
 

5. Question: Can other participants not physically attending the deposition see the content in real time?
    Answer: Yes, anyone who is given proper credentials can view the content simultaneously including the attendees. However, there may be a slight lag depending upon available bandwidth.
 

6. Question: During a break in the deposition can an attorney or staff member review the previously recorded session?
    Answer: Yes, during a lunch break, for example, properly credentialed attorneys can login and review the session that was recorded earlier.
 

 7. Question: Does the StoryCloud video deposition solution comply with the California Code of Civil Procedure?
     Answer: Yes. The StoryCloud video deposition solution complies with the California Code of Civil Procedure. The Code does not mandate the presence of a videographer during a video deposition unless an expert or a physician is being deposed.
In particular, Section 2025.340 (b) reads as follows:

(b) The operator of the recording equipment shall be competent to set up, operate, and monitor the equipment in the manner prescribed in this section. Except as provided in subdivision (c), the operator may be an employee of the attorney taking the deposition unless the operator is also the deposition officer.

Thus, you or your paralegal can record the video deposition of a lay witness using StoryCloud without the burden and extra cost of a videographer.

As a matter of practice, you should always consult with your own counsel. 
 

8. Question: How are attorneys noticed on the use of the StoryCloud video deposition platform? 
    Answer: The notice requirements to use StoryCloud video deposition platform are the same as for regular video depositions using instant visual display as enumerated in Section 2025.220 (a)(5), 2025.330 (c), and 2025.620. Your notice must simply indicate that the deposition will be videotaped or audiotaped using instant visual display of questions and answers, and that you reserve the right to present the recording at trial.  
 

9. Question: Will the video deposition recorded with StoryCloud be admissible as evidence at trial?
      Answer: Yes. Attorneys frequently ask about the ability to admit the video deposition in court. To ensure that a StoryCloud video deposition is admissible in court, the attorney must follow the same rules of the California Code of Civil Procedure as used for admitting regular video depositions. The most common practice, and the simplest way to address all concerns is to have both parties stipulate to the use of the StoryCloud service.

For more information: California Code of Civil Procedure Section 2025.620.

In addition to the California Code of Civil Procedure, judges often have rules that specifically govern the procedure in their courtroom. Knowing the court’s rules will help you in preparing for trial as the rules will likely provide the attorney with further guidance on how a particular judge prefers to handle depositions in his or her courtroom.
 

10. Question: What is the overall framework for providing secure video depositions during and after the deposition is complete? 
     Answer: Both the audio and video streams are encrypted wire-to-wire. This means that the moment both streams hit the WiFi network, they are encrypted and stored in the cloud. Once in the cloud, they are protected by industry standard AES-256 technology.

Click here for a detailed white paper discussing StoryCloud security.
 

11. Question: How does StoryCloud’s content security compare to existing security offered by third-party legal support services?
      Answer: StoryCloud believes that its streaming audio and video service is an order of magnitude more secure than the services provided by third parties.

In most cases, videographers and stenographers from third parties store confidential information with little regard for security and business process. Depositions are emailed back and forth as an attachment without the use of any formalized process control to standardize security. Attorneys have no way of knowing when the content was created on a third party hard drive, when/who deleted the information, or if/when content was shared with anyone else. To the best of our knowledge, there are no audit reports provided to law firms concerning the disposition of the content.

To address this issue, StoryCloud provides secure file sharing so that once the content resides in the cloud, only users with proper credentials can gain access to the files. User access is logged and can be audited. In the event that files need to be transferred, StoryCloud provides powerful, secure, encrypted, and permission-based file sharing technology to ensure that the content goes to the right person, at the right time, and at the right location with the proper credentials.
 

12. Question: Are the videographers present at the deposition? 
      Answer: Yes.
 

13. Question: What video and audio standards does StoryCloud support? 
      Answer: MPEG-4 for video and AAC for audio. 
 

14. Question: What setup is required to use the StoryCloud video deposition service?
      Answer: The setup usually takes 5 minutes to complete. StoryCloud provides all of the required elements.
 

15. Question: Who performs the setup? 
      Answer: StoryCloud videographers, or any trained IT staff member, will perform the setup.
 

16. Question: Does StoryCloud use the local WiFi connection to stream the video? 
      Answer: Yes.
 

17. Question: Are there bandwidth requirements for the StoryCloud video solution? 
      Answer: Yes, there must be a minimum of 3 Mbps. 
 

18. Question: What if the office does not have 3Mbps bandwidth for an uplink WiFi connection?
      Answer: StoryCloud provides a Verizon MIFI box, which creates a local WiFi connection and a 4G link to the network at an additional cost of approximately $100/day.
 

19. Question: What if the MIFI box fails?
      Answer: StoryCloud saves the content to the local disk drive on the iPad.
 

20. Question: Is the video content streamed to the cloud?
      Answer: Yes. 
 

21. Question: What happens if the local WiFi connection fails in the middle of a deposition? 
      Answer: StoryCloud stores all of the video and audio content to the iPad tablet. Each hour of video consumes approximately 1.5GB of memory. All StoryCloud recording devices have a minimum of 128GB of storage.
 

22. Question: What is the quality of the StoryCloud video and audio recording?
      Answer: Mobile camera technology has now eclipsed many standalone video cameras. The quality of the video and audio is excellent. Neither technicians nor viewers will be able to tell the difference between a standard video deposition recording and one recorded via the StoryCloud video deposition platform. In almost all cases, the video and audio are superior.
 

23. Question: What if a law firm precludes specific matters from being seen by certain attorneys?
      Answer: Login credentials are provided at the time of noticing to all associated attorneys and their support staff.  No other attorney or person can gain access to the specific video matter, unless explicitly provided access.
 

24. Question: Can StoryCloud video and audio recording be imported into standard trial presentation software (e.g. TrialDirector®)? 
      Answer: Yes. StoryCloud video and audio recordings can be exported into standard file types that can be imported into most trial presentation software, including TrialDirector®. 
 

25. Question: How can the StoryCloud video and audio files be accessed, viewed, and saved?  
      Answer: StoryCloud can export the video and audio file as a DVD, USB thumb drive, or downloaded/viewed via the StoryCloud viewer accessible from any device with a web browser (desktop, mobile, tablet). This enables attorneys to have a local copy of the video and audio file to present at trial. 
 

26. Question: Does the StoryCloud videographer provide a signed and dated certification document? 
      Answer: Yes. StoryCloud videographers provide a certification document that states the following:

o   the accompanying video deposition is the complete original/master recording

o   the recording has not been altered in any way while in the videographer's possession

o   the recording is fair, true, accurate, and complete

o   the videographer is not an attorney to, related to, or employed by any party or any party's attorney and has no financial interest in the matter

o   the total number of media units recorded
 

27. Question: Can StoryCloud deposition services be used for anything other than depositions? 
      Answer: Yes. The StoryCloud system can be used for: 

o   Interviewing and preparing a witness

o   Reviewing witness testimony at trial

o   Exhibit and evidence authentication
 

28. Question: How much does the StoryCloud video deposition service cost?
      Answer: The costs for our services are $350 for a half-day deposition (up 3 hours) and $650 for a full day deposition (over 3 hours). We do not charge for setup and breakdown, so the time starts at the scheduled start time of the deposition and ends when you go off the record at the conclusion of the day. The $350/$650 includes an on-site certified StoryCloud videographer and a copy of the video media in either MPEG-1, MPEG-2 or MPEG-4 format delivered via secure link. The other additional charges that apply are $5 per deposition for archival (we archive our media for 7 years) and the videographer's parking, if applicable. If you would like to synch the video, the charge is $100 per deposition. Postproduction video editing charges vary and can be quoted based on need. For more information on pricing, please click here

29. Question: What is not included in the StoryCloud video deposition service?
      Answer: Post video production services for editing and synchronizing court reporter transcripts. Industry standard video viewers and editors can be used such as TrialDirector, TimeCoder, iMovie and others.


Disclaimer

The materials available at this web site are for informational purposes only and not for the purpose of providing legal advice. Because the law differs in each legal jurisdiction and may be interpreted or applied differently depending on your location or situation, you should not rely upon the materials provided in this FAQ or web site without first consulting an attorney with respect to your specific situation. Further, the use of and access to this web site or any of the e-mail links contained within the web site does not create an attorney-client relationship between you and StoryCloud.

 

StoryCloud Security

Objectives

At StoryCloud we’ve designed our platform, policies and procedures from the ground up to ensure the security of content we create, record and administer on behalf of our clients. The over-arching objectives of our information security architecture are captured succinctly by the so-called CIA triad:

Confidentiality:  ensuring that data can be accessed only by the people who have a right to do so;
Integrity:  ensuring that data is consistent, accurate and trustworthy from the moment it’s created until it’s destroyed;
Availability:  ensuring that people who have the right to access data can do so at all times.

To achieve these objectives, in the face of both explicit threats and the challenges of operating a complex technical organization, we must deploy many independent and inter-dependent controls of a technical and procedural nature at the same time. This paper gives an overview of these controls and details of some of the more important ones.

Network Architecture

StoryCloud records depositions on-site on Apple iOS® devices, using a proprietary iOS app. The app records the audio-video content directly to its own local storage first, then uploads the content — in real time if possible — directly to the Amazon Web Services (AWS) Simple Storage Service (S3), via the HTTPS internet protocol.* The app also communicates with StoryCloud application servers using a custom application programming interface (API) over HTTPS.

The StoryCloud servers, which are hosted in the AWS Elastic Compute Cloud (EC2), are responsible for managing the meta-data associated with deposition recordings, and for providing secure access over the web to this content, but not for storing the content itself: this remains on AWS S3 and is accessed directly from there when it needs to be downloaded or played.

The StoryCloud EC2 server instances are situated, behind a firewall and an application load balancer —both of which are distributed, highly available logical instances — within an AWS Virtual Private Cloud (VPC). StoryCloud also operates a separate VPC in order to perform logging and monitoring of the application servers: this operations VPC is accessible via a bastion host running a Virtual Private Network (VPN) server, but otherwise has no interfaces to the public internet.

*If the internet connection fails or the bandwidth is insufficient to keep up with the real-time upload, the app will complete the upload after the recording is over. The recorded content will be stored on the device in the mean time.

Technical Controls

Access Controls

Access to the AWS network infrastructure and the application are both restricted by strong authentication and role-based authorization controls.

All members of our operations group access AWS using individual password-protected AWS user accounts and multi-factor authentication (MFA) hardware devices. These AWS user accounts are assigned to roles that are associated with the minimum AWS access privileges needed to perform a given operations task.

At the application level, access by StoryCloud personnel and our clients to deposition data and metadata over the web is controlled by the StoryCloud servers via user accounts. The application enforces minimum password length and complexity for all user accounts, and optionally can perform multi-factor authentication at login using one-time access codes sent via SMS to the user’s registered mobile device. Users are also automatically logged out after a period of inactivity.

Within an active login session, a configurable authorization scheme restricts what a user can access. The most basic — hard-coded — control restricts a client user to viewing only material recorded for the client organization to which he or she is associated. However, even within a given organization, it’s possible to restrict the material that a given user can access, by creating groups of users and mapping them to groups of cases and/or depositions as required. At the same time, the ability to create, read, update and delete data objects can be controlled separately, so that for example one set of users may be able to view a deposition for a given case, but not set one up.

As mentioned above — assuming a user has permission to view or download a recorded deposition — the audio-video data is downloaded directly from AWS S3 by the user’s web browser. Permission to retrieve the S3-housed content is given by the StoryCloud application server, which constructs a signed URL on-demand for the active user session, providing time-limited access to the specific S3 object.

The StoryCloud API also authenticates and authorizes the iOS recording application before each recording session starts, to reduce the probability that a session or device can be spoofed.

Logging and Monitoring

Accesses or attempted accesses of recorded content and meta-data are logged, transferred to secure storage within the operations VPC, and presented for routine automated and manual analysis. This allows for proactive detection of actual unauthorized access, or issues that may lead to unauthorized access, and for estimation of the extent and risk exposed by unauthorized access after the fact.

The StoryCloud application servers record web and API requests, including information about the resources accessed and the user accessing them to local log files. These files are transferred regularly to an ELK stack (Elasticsearch/Logstash/Kibana) in the operations VPC, where the data is indexed and exposed for graphing and manual query.

All attempts to access to the deposition media stored in S3, including the access URL, are recorded by AWS and stored in a dedicated S3 bucket, from which they are regularly transferred for indexing and visualization by the ELK stack.

The application servers also have OSSEC Host Intrusion Detection System (HIDS) software installed. This software actively monitors all aspects of Unix system activity with file integrity monitoring, log monitoring, and process monitoring, and sends alerts to StoryCloud operations staff when it detects unusual activity.

Encryption

Deposition content and meta-data are encrypted on the network using the Transport Level Security (TLS) protocol, and the content is encrypted at rest with the S3 service. This prevents unauthorized people with access to the physical network or storage devices from viewing or tampering with the data.

TLS is enabled on the upload connection from the recording device to S3, on all application API and web page connections, on S3 download connections when a user views or saves recorded content, and on all upload and download connections between StoryCloud application servers and S3 needed for content reformatting.

While at rest within S3, recorded content is encrypted using the 256-bit Advanced Encryption Standard (AES-256) cipher.

As a standard policy, StoryCloud also requires all employees’ computers to have full-disk encryption enabled, and for all removable devices or media on which deposition content may be stored for transmission to clients to be encrypted at the device or file level.

Backup

Recorded content and meta-data are backed up to separate media daily, with an option to ensure that the backup media is transferred to an alternate physical site. This provides for recovery of the data if the primary storage medium or site fails, or is inadvertently deleted at the application level. Amazon S3, the primary storage for recorded content, is itself designed to provide an estimated annual object-loss rate of 0.000000001%. As a further precaution against inadvertent deletion, the S3 data is backed up to the AWS Glacier long-term storage service daily. The Glacier service redundantly stores data in multiple facilities and on multiple archive devices within each facility. Glacier also performs regular, systematic data integrity checks and is built to be automatically self-healing.

Application meta-data is stored in the AWS Relational Database Service (RDS). Daily snapshots of the database contents are recorded daily and retained within RDS for approximately 1 month. As an option, standard database backups can also be taken daily and transferred to an offsite facility via the Secure File Transfer Protocol (SFTP).

As a matter of policy, to ensure that these processes are effective, StoryCloud performs an end-to-end restore-from-backup test for both S3 and RDS data twice per year.

Administrative Controls

Hiring and Termination

StoryCloud performs background and reference checks on all potential hires, including criminal record checks where permitted. Credentials for access to internal systems, with permissions based on job role, are allocated as part of the checklist-based on-boarding process. All access credentials are disabled or removed in the first step of the termination process. Employees are also required to relinquish all company-provided equipment and media, and destroy all company-sourced data on termination.

Security Training

The company develops and maintains a written security policy, and creates security training course material based on this policy. All employees are required to receive this training within the first month of employment, as well as annually and as needed when security policies or conditions change.