Category Archives: Security

Duties, Education, Law Practice Management, Media, Privacy, Privilege, Security, Social Media, Technology

Upcoming Presentation: Calbar Solo & Small Firm Summit: “The Mobile Lawyer & Professional Responsibility: Confidentiality in the Digital Age”

00443095

I didn't intend for this blog to be a billboard for all of my 'stuff', but lacking much time these days, that's what it's been lately.  Since I'm already on a roll, I might as well tell you about a new program I'm presenting at the Calbar Solo and Small Firm Summit in Long Beach, California.  The Summit runs from June 20 – 22, 2013 and my program (#19) is entitled: 

The Mobile
Lawyer & Professional Responsibility: Confidentiality in the Digital Age

Friday, June 21, 2013 
1:15 p.m.-2:15 p.m.

Lawyers
are open for business 24-hours a day. 
They communicate via Twitter & Facebook, on smartphones, tablets
& notebooks – in coffee shops, taxicabs, airports and on airplanes.  This program reviews recent COPRAC opinions
addressing technology and provides tools to protect confidences and privacy for
both attorney and client.

Hope to see you there!

Cases of Interest, Education, Law, Law Practice Management, Metadata, Privilege, Scope, Security, Spoliation, Strategy, Technology

The Exchange – San Francisco Wrap-Up


MP900387819Today's General Counsel Institute (Formerly the Executive Counsel Institute) held the San Francisco stop of their "eDiscovery for the Corporate Market" series, nicknamed "The Exchange".  Prior to this, I'd only attended in Los Angeles – and only the first day – but I was on a couple of the panels this year, so attended the entire one-and-a-half-day event.  The moderators for this location were Browning Marean III, Robert Brownstone and David Kessler.

This format is still working for me, folks.  The roundtable approach and ability for all attendees to participate is simply a great way to info-share, and as I've mentioned in prior summaries, the vendor attendees do not overpower the conference with blatant pitches.

Most importantly, I learn something new every single time I attend; and that's the point, isn't it?  Let me share with you the sessions that were covered this year:

  • Polling the audience (Pain points, role, expected outcomes)
  • Data security, social media and the cloud (with a healthy portion of BYOD included)
  • Dealing with challenges of legal holds
  • Recognize/reconcile the ethical and contractual tensions that can arise between I/C, O/C and providers
  • Importance of day-to-day processes, management skills, swimming upstream, info management and governance
  • Effective and efficient project management
  • Recalibrating the program – unaddressed issues
  • Resources and tools
  • Search technologies and forward thinking

And most importantly, several coffee breaks…

Every flavor of eDiscovery professional is represented at these conferences, from lawyers to techies to support staff; and each brings to the (round)table their real-world perspective of what they see on a daily basis.  Practical information, not theory!

I encourage you to check it out the next time the conference is in your area.

Implementation, Miscellaneous, Security, Technology

Int-Elect Required to Defeat Cyberattacks on Voting

MP900402417Sometimes, it's not easy thinking about disaster-planning all of the time.  Not incorporating enough caution means you get it wrong and somebody will be angry with you.  Incorporate too much caution and everyone thinks you're paranoid (insert usual joke here about you all watching me…).

So, how alarmed should we be to hear about the first documented case of a cyberattack on a U.S. election?  If you're in disaster-planning, you would have been concerned about it years ago, prior to election functions like registration migrating to the 'Net and voting machines using touchscreens and tabulating via software.  And to think; recently 'they' were suggesting voting by email

I can't think of anything more critical than preserving the integrity of the electoral process, but here's some food for thought to all of the factions currently bickering over Voter-ID laws:

While you're bickering over how to guard the front-door, perhaps you should send someone 'round back

Admissibility, Criminal Liability, e-Evidence Insights, eDiscovery 101, eMail, Metadata, Privacy, Sanctions, Security, Technology

eDiscovery 101: Petraeus was Done In by Gmail Metadata – Someone Else’s!

MP900448670I’m sure you all know by now that I don’t venture into scandals, per se, on this blog; except when they involve our area of examination: Technology, privacy, evidence and eDiscovery.

That said, I’ve certainly been following the messy Patreaus developments, becoming more and more interested in the Gmail connection to all of it.  None of the initial stories answered my question; if a woman was allegedly being harassed by Paula Broadwell, why did they need to monitor her (Broadwell’s) Gmail account, since the victim would be the recipient of all of the emails, and have them in her possession?  It suggested to me – and probably to some of you – that the harassing emails were probably being sent anonymously and had to be traced back to the source to specifically identify who was behind them (Broadwell).

This morning, we received confirmation.  Naturally, the situation is going from bad to worse faster than you can say, “October surprise”, but for our purposes, the interesting link is the metadata (specifically rich location-data) gleaned from the victim’s inbox, which provided the trail back to Broadwell by linking her physical whereabouts to the devices that were the sources of the emails; which ultimately led back to Petraeus through clandestine emails in Broadwell’s – not his – inbox.

Got all that?  Good.  And what are the things that bother me (I refuse to utter the oft-annoying “raises questions”)?

  • What in the world is the Director of the CIA doing with a Gmail account?
  • If any of these messages were sent via mobile technology, why didn’t the sender disable GPS monitoring (recall my recent post about location-privacy)?
  • Apparently some of the correspondences between Broadwell and Petraeus were pretty racy.  Did they really think it would remain private?

Considering both Petraeus and Broadwell apparently set up anonymous Gmail accounts specifically to facilitate carrying on their affair, it once again calls into question the very knowledge, training – and self-awareness – of those who we charge to protect this country and its secrets.

Simply put, if even Petraeus doesn’t get it, who the he** does???

Backup & Recovery Systems, Cost, Disaster Recovery, Duties, Education, Law Practice Management, Privacy, Security, Technology

Perry Segal Discusses the Cloud, Privacy & Attorney Ethics on KUCI Irvine 88.9FM – Monday, Nov. 12th at 8:00 a.m. PST

MP900309623

I guess the headline says it all, except I'd like to add that the interview will also be available as a podcast via iTunes.  I will also post an MP3 here Monday.

Here's a few of the additional details:

Privacy Piracy (88.9FM and www.kuci.org), a half-hour public affairs show with no
commercials broadcasts from the University of California, Irvine campus on
Mondays from 8:00 a.m. – 8:30 a.m. Pacific Time.  To learn more
about the show and listen to archived interviews, please visit www.kuci.org/privacypiracy.

Cost, eDiscovery 101, eMail, Implementation, Scope, Security, Strategy, Technology

eDiscovery 101: BYOD = BYOA (ASPIRIN)

MP900438810In the upcoming Calbar book, The California Guide to Growing & Managing a Law Office, I do a side-by-side comparison between the benefits and detriments of BYOD.  I'm sure the same sort of comparison takes place in meetings at all kinds of companies.  There's no doubt that on paper, many aspects of BYOD might yield productivity gains and other benefits for the enterprise.

[Note:  In the book, I lay out information in the format of pros and cons because the goal is to inform a reader of the positives and pitfalls so they can make an informed decision.]

So, what's my opinion?  If I was the consultant, in most cases, I'd likely fall into the 'against' column.  Why?  I'll get to that in a moment.

For those of you who don't know my background, at one time or another, I pretty much did every job on the operations side of IT before I ever became a lawyer.  This allows me to look at facts through a wide-angle lens.  The way my mind works, I literally imagine an issue as a 3-D photograph.  Let's apply that to BYOD:

We start by playing 'swap' for a moment.  Imagine coming into work one morning and all of the desktops are different brands and chipsets; some of them are Windows, but a mix of XP, Vista and Seven, others are Macs with various versions of the O/S and still others are Linux boxes.  Now, you may actually see that in some concerns, for good reason.  But I'm talking about literally a different box on each desk in the office.

That would be kind of hard to manage, wouldn't it?

Maybe it wouldn't seem like it to you, but again, I'm thinking very broadly.  We're not just dealing with realities, we're dealing with expectations.  What do I mean by that?

When I read most of the articles that address BYOD, they speak in terms of locking down various functions on a device, such as email, via Exchange, for example.  But that''s not how I'm thinking; and it won't be how the employees/consultants will be thinking, either.

Nope.  If it's a device supporting their job, they expect everyone up the chain to be able to support the entire device – not just components of it.  And, the enterprise should expect this as well, since a non-functioning device will ultimately affect productivity.

It means that your help-desk, field service technicians, level II (and level III) support will have to be proficient with every make and model of Windows Phone, Blackberry, iPhone and – if you'll pardon the pun – every flavor of Android.  Oh, and did anyone give any thought as to how you're going to back them up in such a manner that the company owns/controls the data?

That's what it means, Jelly Bean.

So, if you're considering BYOD, I hope the decision-makers are taking this into account and formulating policy.  Never mind that I didn't get into the fact that, if litigation arises, staff may have to turn over their personal devices for imaging or examination.  I also didn't get into how growth highly affects BYOD.  We all know the person who runs out and purchases the brand-new, untested, unpatched version of X the moment it's on the market.  Apple Maps, anyone?

I hope you bought the 1000-count bottle…

Cost, Miscellaneous, Privacy, Security

We are Not Alone

MP900409531A lot of people may not agree with me, but I stand behind this simple advice; assume you are being watched/followed/transcribed/recorded 24 hours a day, seven days a week.

Act accordingly.  Of course, the key is in balancing confidentiality without venturing over the line into paranoia.  I can’t help you, there.  It comes down to using your best judgment.

Or, you can do what Patrick Moran, the son of Congressman Jim Moran, did

Security

No Blade of Grass

MP900403378It seems that there are a lot of naked British royals…er…popping up, lately.  First Harry, now Kate.  I say this; if they can't protect their privacy (not that Harry tried particularly hard to do so), what chance do the rest of us have?

Something to think about the next time you forget, and leave the blinds open.  Of course, those who endeavor to invade our privacy aren't necessarily peeking through the windows, are they…well, maybe not those windows…

California Lawyer, Cost, Duties, eDiscovery California, Education, Law Practice Management, Security, Strategy, Technology

eDiscovery California: Upcoming Presentations: CalBar 85th Annual Mtg

00443095

Why have I been missing in action the past couple of weeks?  Because I over-committed, that's why!  Note to self: Don't propose two presentations for the CalBar 85th Annual Meeting, thinking that only one will be selected…WRONG!!!  So, to kick-off my re-appearance on this blawg, here are my two upcoming presentations in Monterey:

eDiscovery eVolution: Crawl, Walk, then Run Your Case!  (Program 25)

Thursday, October 11, 2012  4:15 p.m.-5:15 p.m.

Strategy matters, and litigation is a term of art and a
little showmanship. Learn how to strategize during a case to get the
most out of each other for the clients' benefit.

Presenters:  Perry L. Segal, Derick Roselli

CLE: 1.0 Hour General Credit

This is going to be a good one, because I'm taking the role of attorney (type-casting) and my LPMT colleague, Derick Roselli, takes the role of technology expert; which is his true specialty at HP/Autonomy.  We're going to do a walk-through of a case from the perspective of the attorney consulting with his expert on a case, from start to finish.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

The Cloud: Secure? Yes. Ethical? Not so FAST!  (Program 50)

Friday, October 12, 2012  10:30 a.m.-12 noon

It's essential to conduct due diligence regarding a
vendor's security practices to insure the confidentiality of client
data. Even if the data is believed to be secure, it may violate an
attorney's legal/ethical obligations. Learn the next step– assuring
client communications are secure and ethical.

Presenters, Perry L. Segal, Donna Seyle

CLE: 1.5 Hours of Which 1.0 Hour Applies to Legal Ethics

Donna Seyle is another of my LPMT colleagues, and we're going to do a practical examination of attorney ethics rules – both ABA and California – as they pertain to data and social media interaction in the cloud.  Our goal is to explain to attorneys how even a secure cloud may violate ethical obligations to the client if additional precautions are not followed.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

I 'officially' assume the Chairmanship of LPMT at noon, Sunday, October 14th.  Here we go!