Category Archives: Law

eDiscovery California: Social Media Laws Take Effect Jan. 1, 2013

CTD - LaptopWelcome back, all.  I hope you had a nice holiday and are fully rested so that you may now spend the rest of the season…at the mall!  We're getting close to the New Year and as is true each time we approach January 1st, we have a bunch of new laws taking effect.  California employers and post-secondary institutions should take note of two of them; AB 1844 and SB 1349.  Both were signed into law by Gov. Jerry Brown back on September 27th, 2012.

Although the language in each bill is different, essentially, AB 1844 prevents employers (also potential employers) from demanding, using or exploiting an employee's (or potential applicant's) social media passwords and information.

SB 1349 is substantially similar, except that it applies to post-secondary institutions; both public and private.

There is speculation in the media about the necessity of these types of regulations.  Many believe that a substantial risk of invasion of privacy doesn't exist.  Maybe not; but moving forward, I believe the risk will increase exponentially.

What's next – bionic mannequins???

Attack on Mobile Location-Privacy ‘Warrants’ Review

MP900302888I always chuckle when I hear people refer to California as the 'land of fruits and nuts' and loudly proclaim that it's a 'liberal state'.  I concede, the state is blue – at least when one examines it at surface level – but when you drill down a little further, it's not quite that simple.

Example?  As far as privacy is concerned, you'd have better luck in Ohio (State v. Smith)…

Based on two events that took place this week, it's clear that California (or more accurately, the Governor of California) and the Federal government appear to be in lockstep re their attitude toward location privacy; they don't believe you're entitled to it.

Politics?  Of course, that always plays a role.  Lack of understanding of technology?  Let me put it this way; a lot of the arguments I see in support of the position against requiring a warrant go something like this:

"People are aware that their cellular devices disclose their location and, therefore, have no expectation of privacy."  Yes – in the same way that people who drive cars know how to rebuild the engines.  It's a self-serving argument, at best.  For the average Joe, a more honest side-by-side comparison is that people know how to plug in a charger about as well as they know how to insert a gas nozzle.

If you're worried about location privacy, I have two words for you – coarse location.

California AG Establishes Privacy Enforcement & Protection Unit

MP900431800The announcement of this new Unit, which is to be a part of the eCrime Unit, has drawn a lot of skepticism around the 'net.

Here's the official statement from Attorney General Kamala D. Harris' Office.

I only have one question?  Why do people always feel the need to crap on everything before they give it a chance?  Would it be better if public officials didn't at least try to address existing privacy concerns?

I suppose this is why they say, success has many parents; but failure is an orphan…

Some Solo Summit Summaries

MP900439267As I mentioned yesterday, I'd intended to write this post earlier in the week.  The Solo Summit ended this past Saturday and I wouldn't want the information to become stale; but this isn't that kind of post.  Yes, I'll tell you all about the Summit, but your takeaway should be that, if you're a solo or true small firm in California, you really should consider attending next year's Summit.  Since it began in 2009, its been growing every year – and for good reason.

Here's a sample of the education you had to choose from:  Marketing your practice, balancing your personal/professional life, avoiding discipline, mediation, setting up a litigation war room, health care, the iPad in law practice, human resources and risk management, fee arbitration, free legal resources for lawyers, emerging practice areas, client trust accounts, employment, privacy, confidentiality & security (my presentation), elimination of bias, estate planning, bankruptcy, avoiding malpractice, eDiscovery, tax, appellate practice, family law, expedited jury trials, time management and IP.

There was CLE credit available in all specialty areas.  That's a lot of bang for the buck!  Naturally, as the incoming Chair of LPMT, I was curious what attendees thought of the programs.  I have to say that virtually all of the feedback was positive.

And my program?  The room was completely full (I estimated about 75 people) and again, feedback was extremely positive (as usual, I didn't finish).  In fact, I can't recall a presentation I've done that resulted in as much follow-up by attendees as this one.  I'm not sure if it was due to the material or the type of conference.  But, I did receive many questions about cloud security and was pleased to inform those people that I – along with my LPMT colleague, Donna Seyle – will be presenting on that very subject at the State Bar's Annual Meeting in October; and it'll be 90 minutes.  Maybe we'll actually get through our entire program!

So, why do I highly recommend the Solo Summit?  We estimated attendance at about 285, and a prime benefit was the relative intimacy of the conference that allowed people to mingle and meet at breakfast & lunch (which were provided), during breaks and of course, in the evenings.  As much as I enjoy the annual meeting, it's much larger and those types of impromptu conversations are much more difficult to achieve because you're always on your way…somewhere.

What would I do differently?  Move the coffee bar next to the stage.  That way, people would never leave…

The Press: Shouting “Fire!” in an Empty Theater

MP900402060Forgive me for being missing in action the past week.  I had a rare criminal case come up at the last minute and spent the entire day in court, yesterday.  I was going to return with my summary of the Solo Summit, but due to the Supreme Court’s ruling on the Affordable Care Act this morning, I decided to lead with this post, which I’d already been working on.

First of all, fear not; this isn’t about politics.  I originally became interested in posting on this issue after the Da Silva Moore case.  For the first time, I saw our area of practice descend into the sensationalism that annoys me with news reporting in general.  Specifically, it had to do with the accusations that were flying regarding Judge Peck’s supposed conflicts-of-interest in the case.

The same thing happened this morning.  CNN reported that the individual mandate was struck down.  At that very moment, CNBC was reporting that it was upheld.  Now, anyone who has followed Supreme Court decisions knows that one cannot read a sentence or two and think they know what the ruling is without reviewing the rest of the text.

But CNN, more interested in reporting a story, rather than reporting the story, rushed out with the wrong information.  Nothing new.  But, I saw the same issues with the Peck case.  First of all, as attorneys, we hear ad nauseam that the law is a marathon, not a sprint.  Reporting on every brief filed as if, taken on its own it’s somehow relevant, is a mistake, in my opinion.

I only touched on the case briefly – after most of the dust had settled – and predicted (not exactly hard to do) that there would be appeals that would likely change the outcome.  It pretty much ended up being a tempest in a teapot.

What’s my point?  As attorneys, we should forget about being first and concentrate on being accurate.  There will always be deadlines, but I don’t want to see eDiscovery practice descend into an, ‘I’m going to post inflammatory, but incomplete information with the goal of luring your eyeballs to my blog/magazine/newspaper’ approach, especially when most of the writers were fully well aware that the rulings would likely not stand.

I don’t care if my blog remains a boutique – I’m interested in dispensing useful information, not provoking people to fight with each other.  That attitude serves no one.

How I Spent My Day at LegalTech West Coast

MP900309173Have I ever gotten a LegalTech summary posted quickly?  I don't think so.  It seems like every year, the conference falls on a busy week for me.  No exception this year; in fact, regretfully, I was only able to stay for the first day.

As always, I want to inform you that I attended as a guest of the provider, ALM.  However, nobody at ALM ever attempts to influence what I write about the conference and as you know by now (hopefully), I write what I see.  So, without further delay, here goes…

Usually, I find that the day starts out strong and ends more weakly.  You get tired drinking in all of that info, especially now that the format has changed slightly to less sessions of 90 minutes each.  This year, the converse was true.  The day seemed to start out a bit quite, but by the end of the day, there was a very noticeable pick-up in both energy and attendance.

Scheduling is still the biggest problem; the more events you attend, the more people you know, which is both a positive and a negative:

Positive:  You have a lot more to do and will end up attending more events.

Negative:  You stop every ten feet to chat with all of the people you know and end up arriving late to every session.

I started with the keynote, presented by Kevin Genirs, Global General Counsel, Investment Banking, Barclays & Former General Counsel, Investment Banking, Lehman Brothers.  The topic was, "2008 vs. 2012: Lessons from Lehman Brothers".  From an informational standpoint, it was excellent.  An insider's view of the Lehman Brothers implosion – how can that not be fascinating?  However, it really didn't have anything to do with "Legal-Tech", so to speak.  To me, that didn't matter, as listening to the information from someone who was on the front lines served to humanize the event.  It's not the same as reading the cold facts in a newspaper or online, or watching them on TV.

As far as session choices, due to having been swamped prior to arriving at the conference, I literally made my choices on the fly.  This became amusing when I attended interesting sessions, only to discover that friends and colleagues were presenting them.

Session one was, "Guarding Against the Enemy Within", which pointed out that you're more likely to experience a security breach from within an organization than from without.  It's funny, because I'm presenting a very similar talk on Friday, June 22nd at the Calbar Solo & Small Firm Summit.  They think the way I do; that people, deliberately or accidentally, are more likely to facilitate a breach than via an outside attack.  The session was high on substantive content and I got a lot out of it.

After the lunch break, I attended, "Dealing with Data Theft".  I don't think I need to elaborate on the subject matter.  As I mentioned, I was pleased to find that a colleague, Wayne Lee from Verizon, was one of the presenters.  Again, a very substantive presentation by this panel.  Along with the presentation, we were also given a copy of Verizon's 2012 Security report.  If you're not familiar with it, you should be.

To finish out the day, I switched tracks and attended, "Exploring Hot E-Discovery Trends: FRCP Amendments, Social Media, and Emerging Case Law".  Again, I was pleased to discover that my colleague, Ron S. Best, was one of the presenters.  I didn't get as much out of the session because, unfortunately, it was geared to a beginner-to-intermediate audience.  That's by no means a bad thing, based on the participation of the attendees – the room was bursting at the seams.  What's gratifying is that each year, the increase in awareness and interest in these fields is palpable.

My biggest regret was that I couldn't stay for day two, but we do what we can, right?  See you there next year!

Don’t Do the (Cyber)Crime if you Can’t Do the Time

The ABA Journal Tech Report has a comprehensive examination of cyberwarfare from their May 2012 issue.  It examines the perceived attorneys' role, Constitutional limitations and international law issues.  There are contributions from a host of experts, including some very polarizing figures, like John Yoo.

Hey, you know there can be no valuable debate unless you hear out assenting and dissenting views, right?

Be warned; this is not a light read, by any means…

Why #Smartphones & #Tablets Don’t Come with Seat Belts & Airbags

MP900308899This weekend, I was mulling over the question of how responsible we are – individually – for our online privacy.  That's not an easy question to answer on a global basis.  Coincidentally, I came across a couple of recent articles on the subject.  What makes them interesting – and perhaps a bit distinctive – is that each addresses how much fault should be apportioned to the end-user.

Information Week comes right out and says so in their article, "Google's Privacy Invasion: It's Your Fault".  The New York Times Bits Blog is more subtle in their take, "Disruptions: And the Privacy Gaps Just Keep On Coming."  At least they spread the blame around, somewhat.

I waded into the issue myself about three weeks ago with my, "Beware the Ides of Google" post, when I pointed out that these companies give us all this free stuff for a reason.

However, they don't exactly fall all over themselves to clearly explain to the general public why they give us all this free stuff, either.  I bet if I asked the average person, "How does Google (or Yahoo, or Facebook, or…) make money?", they wouldn't be able to articulate it very well (save for possibly being able to say that they make their money through 'advertising', whatever that means to them).  The better question to ponder is, how these companies use your information to make money.

Everyone's screaming for 'the government' to regulate these matters; and 'the government' has responded with clunky, well-meaning and/or self-serving attempts like SOPA.  No doubt, to a certain extent, the end-user is responsible for their own security, but I really like the way the NYT article attempts to equate the issue to how government, safety advocates (Ralph Nader, anyone?) and the general public drove (pun intended) the automobile industry toward seat belts, air bags and center tail lights.

I don't agree with it, but I really like it.

In my opinion, the reason this type of equivalency doesn't work is that the general public understood seat belts, air bags and tail lights.  They could easily envision a head-on collision (in fact, they didn't have to envision it, since car crashes are reported in gory detail nightly on the evening news).  On the other hand, they don't have a clue to life how their information is lifted from their devices and deposited in the hands of others; nor how, in a technical sense, to stop it.

In other words, the general public wants security protection, but they don't really know how to ask for it.  Even if they install software or hardware that tells them they're more secure, they have no idea how to confirm that it's true (and many times, it's not, either because the stuff just doesn't work, or through lack of understanding, they either fail to complete the set-up process or complete it incorrectly).  Ask me how many times I see unsecured wireless routers in range that are named LinkSys or Belkin.  The purchaser plugged the thing in and went on their merry way, oblivious to the fact that it must be configured.  But, they sleep better at night because they think they're secure.

To one extreme, the opinion is that the responsibility falls squarely on the end-user.  To the other, the opinion is that Google, Facebook, et al, are techno-heroin.  They hook the public, then when everyone's an addict, they siphon off private information.  When the public inevitably complains, they retort, "You don't like it?  Stop taking heroin!"

Maybe the solution is A.A. for the Internet…