Category Archives: Security

Int-Elect Required to Defeat Cyberattacks on Voting

MP900402417Sometimes, it's not easy thinking about disaster-planning all of the time.  Not incorporating enough caution means you get it wrong and somebody will be angry with you.  Incorporate too much caution and everyone thinks you're paranoid (insert usual joke here about you all watching me…).

So, how alarmed should we be to hear about the first documented case of a cyberattack on a U.S. election?  If you're in disaster-planning, you would have been concerned about it years ago, prior to election functions like registration migrating to the 'Net and voting machines using touchscreens and tabulating via software.  And to think; recently 'they' were suggesting voting by email

I can't think of anything more critical than preserving the integrity of the electoral process, but here's some food for thought to all of the factions currently bickering over Voter-ID laws:

While you're bickering over how to guard the front-door, perhaps you should send someone 'round back

Perry Segal Discusses the Cloud, Privacy & Attorney Ethics on KUCI Irvine 88.9FM – Monday, Nov. 12th at 8:00 a.m. PST

MP900309623

I guess the headline says it all, except I'd like to add that the interview will also be available as a podcast via iTunes.  I will also post an MP3 here Monday.

Here's a few of the additional details:

Privacy Piracy (88.9FM and www.kuci.org), a half-hour public affairs show with no
commercials broadcasts from the University of California, Irvine campus on
Mondays from 8:00 a.m. – 8:30 a.m. Pacific Time.  To learn more
about the show and listen to archived interviews, please visit www.kuci.org/privacypiracy.

eDiscovery 101: BYOD = BYOA (ASPIRIN)

MP900438810In the upcoming Calbar book, The California Guide to Growing & Managing a Law Office, I do a side-by-side comparison between the benefits and detriments of BYOD.  I'm sure the same sort of comparison takes place in meetings at all kinds of companies.  There's no doubt that on paper, many aspects of BYOD might yield productivity gains and other benefits for the enterprise.

[Note:  In the book, I lay out information in the format of pros and cons because the goal is to inform a reader of the positives and pitfalls so they can make an informed decision.]

So, what's my opinion?  If I was the consultant, in most cases, I'd likely fall into the 'against' column.  Why?  I'll get to that in a moment.

For those of you who don't know my background, at one time or another, I pretty much did every job on the operations side of IT before I ever became a lawyer.  This allows me to look at facts through a wide-angle lens.  The way my mind works, I literally imagine an issue as a 3-D photograph.  Let's apply that to BYOD:

We start by playing 'swap' for a moment.  Imagine coming into work one morning and all of the desktops are different brands and chipsets; some of them are Windows, but a mix of XP, Vista and Seven, others are Macs with various versions of the O/S and still others are Linux boxes.  Now, you may actually see that in some concerns, for good reason.  But I'm talking about literally a different box on each desk in the office.

That would be kind of hard to manage, wouldn't it?

Maybe it wouldn't seem like it to you, but again, I'm thinking very broadly.  We're not just dealing with realities, we're dealing with expectations.  What do I mean by that?

When I read most of the articles that address BYOD, they speak in terms of locking down various functions on a device, such as email, via Exchange, for example.  But that''s not how I'm thinking; and it won't be how the employees/consultants will be thinking, either.

Nope.  If it's a device supporting their job, they expect everyone up the chain to be able to support the entire device – not just components of it.  And, the enterprise should expect this as well, since a non-functioning device will ultimately affect productivity.

It means that your help-desk, field service technicians, level II (and level III) support will have to be proficient with every make and model of Windows Phone, Blackberry, iPhone and – if you'll pardon the pun – every flavor of Android.  Oh, and did anyone give any thought as to how you're going to back them up in such a manner that the company owns/controls the data?

That's what it means, Jelly Bean.

So, if you're considering BYOD, I hope the decision-makers are taking this into account and formulating policy.  Never mind that I didn't get into the fact that, if litigation arises, staff may have to turn over their personal devices for imaging or examination.  I also didn't get into how growth highly affects BYOD.  We all know the person who runs out and purchases the brand-new, untested, unpatched version of X the moment it's on the market.  Apple Maps, anyone?

I hope you bought the 1000-count bottle…

We are Not Alone

MP900409531A lot of people may not agree with me, but I stand behind this simple advice; assume you are being watched/followed/transcribed/recorded 24 hours a day, seven days a week.

Act accordingly.  Of course, the key is in balancing confidentiality without venturing over the line into paranoia.  I can’t help you, there.  It comes down to using your best judgment.

Or, you can do what Patrick Moran, the son of Congressman Jim Moran, did

No Blade of Grass

MP900403378It seems that there are a lot of naked British royals…er…popping up, lately.  First Harry, now Kate.  I say this; if they can't protect their privacy (not that Harry tried particularly hard to do so), what chance do the rest of us have?

Something to think about the next time you forget, and leave the blinds open.  Of course, those who endeavor to invade our privacy aren't necessarily peeking through the windows, are they…well, maybe not those windows…

eDiscovery California: Upcoming Presentations: CalBar 85th Annual Mtg

00443095

Why have I been missing in action the past couple of weeks?  Because I over-committed, that's why!  Note to self: Don't propose two presentations for the CalBar 85th Annual Meeting, thinking that only one will be selected…WRONG!!!  So, to kick-off my re-appearance on this blawg, here are my two upcoming presentations in Monterey:

eDiscovery eVolution: Crawl, Walk, then Run Your Case!  (Program 25)

Thursday, October 11, 2012  4:15 p.m.-5:15 p.m.

Strategy matters, and litigation is a term of art and a
little showmanship. Learn how to strategize during a case to get the
most out of each other for the clients' benefit.

Presenters:  Perry L. Segal, Derick Roselli

CLE: 1.0 Hour General Credit

This is going to be a good one, because I'm taking the role of attorney (type-casting) and my LPMT colleague, Derick Roselli, takes the role of technology expert; which is his true specialty at HP/Autonomy.  We're going to do a walk-through of a case from the perspective of the attorney consulting with his expert on a case, from start to finish.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

The Cloud: Secure? Yes. Ethical? Not so FAST!  (Program 50)

Friday, October 12, 2012  10:30 a.m.-12 noon

It's essential to conduct due diligence regarding a
vendor's security practices to insure the confidentiality of client
data. Even if the data is believed to be secure, it may violate an
attorney's legal/ethical obligations. Learn the next step– assuring
client communications are secure and ethical.

Presenters, Perry L. Segal, Donna Seyle

CLE: 1.5 Hours of Which 1.0 Hour Applies to Legal Ethics

Donna Seyle is another of my LPMT colleagues, and we're going to do a practical examination of attorney ethics rules – both ABA and California – as they pertain to data and social media interaction in the cloud.  Our goal is to explain to attorneys how even a secure cloud may violate ethical obligations to the client if additional precautions are not followed.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

I 'officially' assume the Chairmanship of LPMT at noon, Sunday, October 14th.  Here we go!

eDiscovery California: Proposed Formal Opinion 10-0003 (VLO) is now Formal Opinion CAL 2012-184

Attorneys, please take note: The State Bar of California Proposed Formal Opinion Interim No. 10-0003 (Virtual Law Office) has been adopted as Formal Opinion CAL 2012-184 (link opens 7-page pdf).  If you missed it the first go-round, I highly recommend that you familiarize yourselves with this opinion.

I can lead you to the water (but I can't force you to make the Kool-Aid).