Tag Archives: Google

It’s Fun, Until Someone Loses an i

MP900427743Heard any negative news coming from Apple, lately?

You've got this great, new O/S, iOS6 and you've got this great, new iPhone 5 causing excitement everywhere.  And, you just happen to be on the team that developed the new 'Maps' software – which is destined to knock Google Maps off of your devices.  Oh…one more detaiL…the thing is obviously not ready for prime time.

Imagine being in the rollout meetings.  What do you do?  Are you going to be the one to tell the boss that they should hold the release?  I wonder if anyone actually tried to do that (and kept their head).  Of course, you may also enter an alternative universe in which you:

  1. Convince yourself that, contrary to the information in front of you, your product is the "Best Maps app ever!"
  2. Convince yourself that only a few people rely on Maps and it won't be a big deal if it isn't 'perfect'
  3. Ignore the issues entirely and release it, anyway

Did Apple choose door #3?  Inertia is difficult to contravene; after all, a body in motion stays in motion.  I'm pretty sure, based on the fallout, if Apple had the opportunity for a do-over, they'd seriously consider another path.  Pretty sure…they do have a history of a, "Damn the torpedoes!" attitude; but, they're certainly not alone.

Lesson #1 – Never replace a superior product with an inferior one.  Even if your product is 'adequate', customers will already have been 'spoiled' by the previous experience and expect an equal – or greater – experience (otherwise, why switch?).  This will only serve to augment the replacement product's shortcomings, as if one trained a magnifying glass on them.

Hey, I'm not a billionaire…I'm sure Apple isn't particularly interested in my opinion.  However, I did notice how quickly the company gave out the name of the manager in charge of developing the app…

As the Beastie Boys suggest, Check Your Head.

Why #Smartphones & #Tablets Don’t Come with Seat Belts & Airbags

MP900308899This weekend, I was mulling over the question of how responsible we are – individually – for our online privacy.  That's not an easy question to answer on a global basis.  Coincidentally, I came across a couple of recent articles on the subject.  What makes them interesting – and perhaps a bit distinctive – is that each addresses how much fault should be apportioned to the end-user.

Information Week comes right out and says so in their article, "Google's Privacy Invasion: It's Your Fault".  The New York Times Bits Blog is more subtle in their take, "Disruptions: And the Privacy Gaps Just Keep On Coming."  At least they spread the blame around, somewhat.

I waded into the issue myself about three weeks ago with my, "Beware the Ides of Google" post, when I pointed out that these companies give us all this free stuff for a reason.

However, they don't exactly fall all over themselves to clearly explain to the general public why they give us all this free stuff, either.  I bet if I asked the average person, "How does Google (or Yahoo, or Facebook, or…) make money?", they wouldn't be able to articulate it very well (save for possibly being able to say that they make their money through 'advertising', whatever that means to them).  The better question to ponder is, how these companies use your information to make money.

Everyone's screaming for 'the government' to regulate these matters; and 'the government' has responded with clunky, well-meaning and/or self-serving attempts like SOPA.  No doubt, to a certain extent, the end-user is responsible for their own security, but I really like the way the NYT article attempts to equate the issue to how government, safety advocates (Ralph Nader, anyone?) and the general public drove (pun intended) the automobile industry toward seat belts, air bags and center tail lights.

I don't agree with it, but I really like it.

In my opinion, the reason this type of equivalency doesn't work is that the general public understood seat belts, air bags and tail lights.  They could easily envision a head-on collision (in fact, they didn't have to envision it, since car crashes are reported in gory detail nightly on the evening news).  On the other hand, they don't have a clue to life how their information is lifted from their devices and deposited in the hands of others; nor how, in a technical sense, to stop it.

In other words, the general public wants security protection, but they don't really know how to ask for it.  Even if they install software or hardware that tells them they're more secure, they have no idea how to confirm that it's true (and many times, it's not, either because the stuff just doesn't work, or through lack of understanding, they either fail to complete the set-up process or complete it incorrectly).  Ask me how many times I see unsecured wireless routers in range that are named LinkSys or Belkin.  The purchaser plugged the thing in and went on their merry way, oblivious to the fact that it must be configured.  But, they sleep better at night because they think they're secure.

To one extreme, the opinion is that the responsibility falls squarely on the end-user.  To the other, the opinion is that Google, Facebook, et al, are techno-heroin.  They hook the public, then when everyone's an addict, they siphon off private information.  When the public inevitably complains, they retort, "You don't like it?  Stop taking heroin!"

Maybe the solution is A.A. for the Internet…

#Security Questions that AREN’T SECURE, DAMMIT!!!


/Rant ON

Note to the people who create security questions for our online accounts; the whole point of providing this service is to let us select questions that nobody else knowsor may easily discover!!!  With this in mind, please refrain from creating questions that require as answers:

My mother’s/father’s middle names
My mother’s maiden name
Any of my grandparents’ names
The names of any of my pets
My siblings’ first names
My siblings’ middle names
The cities in which any of my family members were born
The schools I attended
My favorite sports team(s)
My favorite sports team(s) as a child
My best friend, growing up
My favorite…anything!

You’re a bank, for Pete’s sake, and you can’t figure out that most of this information may be gleaned from a simple Google search, a Twitter, Facebook, LinkedIn or other social media posting (for those of you who over-share), friends & family members and/or public records!?!?!?

Right, then. Please handle by c.o.b., Friday. Thanks for your anticipated cooperation.

/Rant OFF

Beware the Ides of #Google

MP900444301You didn’t think all that free stuff was free, did you?  Sure…multi-billion-dollar conglomerates give you all kinds of tools and want nothing in return.  No, like with most loss-leaders, they lure you through the door at a bargain, make you comfortable, then make it up elsewhere; such as by mining your data.

Beginning March 1st, 2012, Google will be using a bigger shovel.  That’s when they implement their new privacy policy.  Funny…it should probably be deemed a ‘lack-of-privacy’ policy.  Essentially it allows them to mine your data over most of their products in order to create a better profile of you; ostensibly for your benefit, but really, for theirs.

Here’s the deal.  I think most people, including me, are fine with giving up something in order to receive something.  I know that Google mines data, so I tweak my privacy settings to the maximum protection level and also bypass gmail, calendar and contacts sync for my Droid (I do the same with Yahoo and any other site that wants me to upload my contact and calendar information).  Why?  Because I know that Google, et al, wants to get their hands on it!

But, where it’s a problem is for all of the people who have absolutely no concept of what they’re actually giving up.  That means, you, attorneys!  This is the problem with the cloud.  If attorneys store their data – and that of their clients – in the cloud without understanding that its being mined, they’ve already violated their ethical duties in most jurisdictions.

We attorneys call it informed consent.  The problem is, it’s the attorneys who have to inform themselves – and their clients – before they may reasonably consent.

These free services are coming with more and more strings attached (e.g., users who are forced onto Facebook Timeline know what I’m talking about).  The benefits are gradually shifting from the end-user to the provider.  Naturally, we always have a choice; conform or be cast out (thank you, Rush…).

As many of you know, I don’t have a Facebook account.  A while back, when 200 million people were using the service, they seemed unusual.  Now that 800+ million are using it, I seem unusual!  Peer pressure is a bitch, but I was never one to run with the crowd, anyway.

Be cool or be cast out…

e-Discovery California: Proposed Formal Opinion Interim No. 10-0003 (VLO) is the Right Answer to the Wrong Question

42.  (That's for those of you who picked up on the 'Hitchhiker's Guide to the Galaxy' reference).

I usually don't feel it necessary to refer you to my disclaimer but, because this is a State Bar of California opinion – and I'm Vice-Chair of their Law Practice Management & Technology Section Executive Committee (LPMT) – I want to remind you that:

"This blog site is published by and reflects the personal views of Perry L. Segal, in his individual capacity.  Any views expressed herein have not been adopted by the California State Bar's Board of Governors or overall membership, nor are they to be construed as representing the position of the State Bar of California."

The LPMT Executive Committee may publish its own, 'official' comments, to which I may also contribute.  That being said…

Technology is an extremely logic-based discipline, in its purest form; or it should be, at least.  Indeed, like the practice of law, success or failure is predicated upon compiling and understanding a particular set of facts, then realistically acting upon those facts.  Note my emphasis on the word, 'realistically'.  If I wish to suspend disbelief and begin with a set of unrealistic criteria, I may be equally able to formulate a reasonable solution, assuming it's possible to locate someone – or something – that fits the original, unrealistic premise.

This is my assessment of Formal Opinion Interim No. 10-0003 (Virtual Law Office).  It's actually a very well-crafted opinion, but it's based on a 'Statement of Facts' that, to me, are an unrealistic portrayal of how an attorney practices – or would practice – law.

First, there's no reason for me to re-invent the wheel.  For another excellent nuts & bolts assessment of the opinion, please see Stephanie Kimbro's post on her Virtual Law Practice blog.  She's an authority on the Virtual Law Office and is also cited as a resource on page one of the opinion itself.

From a pure cloud security standpoint, this is an excellent document and a perfect complement to opinion 2010-179 on wireless networks.  In fact, I would recommend that practitioners ignore the hypotheticals for a moment (especially if they're pressed for time) and proceed to the Discussion heading, Section 1 ("Duties"), which is what I'm doing for the purposes of this post.

Section 1 examines confidentiality issues of employing a cloud-based system with a 3rd-party vendor and provides a five-point list of due diligence factors that includes, but isn't necessarily limited to:

  1. The Credentials of the Vendor
  2. Data Security (Well, that's not very helpful, but it goes on to refer the reader to California, New York and ABA opinions for guidance)
  3. Vendor's Transmission of Client Info in the Cloud Across Jurisdictional Boundaries or Other 3rd-Party Servers (You've heard – or read, I suppose – me pontificate on that one; the "digital roach motel" and "know where your data is")
  4. Attorney's Ability to Supervise the Vendor (As I've reminded you often, you may hire competence, but not delegate this duty)
  5. Terms of Service of Contract with the Vendor (This is huge where the cloud is concerned.  For example, many provider contracts contain language to the effect that, "Once you transfer it to us, it becomes our property.", a major no-no for attorneys)

It also points out the security environment must be periodically reassessed, which is terrific advice.  I usually refer to it as "fire drills".  Finally, it points out that none of this may take place without proper disclosure to the client, who may, by the way, have no idea how any of this works.

Section 2 examines competence issues as follows:

  1. Proper management of attorney's intake system to determine one of the basics; "Who is the client?"
  2. Determining whether attorney may perform the requested services
  3. Determining that the client comprehends the services being performed (This document also refers to comprehension issues due to a language barrier)
  4. Keeping the client reasonably informed
  5. Determining that the client understands technology (When I read #3 above, it immediately triggered the thought that technology is another language both attorney and client must understand…)
  6. Determining when to decline to represent a client via a VLO, and whether representation may continue through traditional means

This section also re-raises the supervisory issue, but this time it's in terms of the attorney supervising other attorneys and/or non-attorneys.

Ok, so you know what I like, now let's get into what I don't like.  The hypothetical describes the VLO as a password-protected and encrypted portal that sits on a 3rd-party cloud.  So far, so good.  But then, it goes on to say that the attorney plans not to communicate with clients by phone, email or in person, but will limit communication solely to the portal.

Yeah, that covers a lot of us, doesn't it? 

I understand that it's possible for attorneys to communicate this way, but is it probable?  Does this opinion realistically apply to most attorneys; now and even into the future?  I'm not trying to be snarky here, but you can't blame me for being a tech guy.  Immediately, my mind wanders to what would likely happen in this scenario.  A technology or communication issue arises and the frustrated attorney – or client – resorts to email or a phone call.

And what about secrecy?  No, I'm not alluding to some nefarious purpose.  There are legitimate reasons why attorney and/or client might not want to document ideas or discussions – electronically or otherwise – in the short-term (what comes to mind is a nervous potential client who has invented a new product, but doesn't want to provide a lot of written detail to attorneys, while soliciting the representation of several of them, for fear that the inventor's intellectual property will be revealed).

The second thing that bothers me is the "Issue" statement that opens the opinion.  It states, verbatim:

"May an attorney maintain a virtual law office practice ("VLO") and still comply with her ethical obligations, if the communication with the client, and storage of and access to all information about the client's matter, are all conducted solely through the internet using the secure computer servers of a third-party vendor (i.e., "cloud computing")."  [Italics/bold added.  It's posed as a question, but in the text, the paragraph ends with a period – not sure if it's a typo that will be corrected in a later version].

What's the danger here?  Hello?  Facebook is the cloud!  Google is the cloud!  Email is the cloud!  A lot of communication is taking place – right now – through means not anticipated in this opinion.  What I'm saying is, if one removes the term, "VLO", from this document, it could just as easily apply to methods attorneys use to communicate with their clients on a daily basis, while at the same time, being completely unaware that many of these products are in the cloud.

It also fails to anticipate one other factor; what will happen the day these measures apply to all cloud-based technology (that day is coming, and in some cases, is already here).  As it stands today, if most attorneys attempted to comply with these security measures, law practice as we know it would grind to a halt.

Better start preparing now…

In the #Navy…You Can Sail the Seven Sins

Ship Happens
In the navy / No, you can't put your mind at ease.

I beat (not disco, usually) the privacy drum a lot because many times, the invasion is subtle.  I experienced it again with my new Droid.  The way Google would like us to sync contacts is to – among other methods – use Google Sync, sending our private information to their cloud, then delivering it to the device.  EarthLink tried to get at my contacts in a similar manner – by claiming I had to upload my address book in order to enable their custom spam filter.

My answer to both was the same – "Ain't gonna happen".  My EarthLink issue is old news; as far as the Droid is concerned, with a little time and research, I was able to sync via USB directly from the database on my local PC.

It's all about control.

I'm quite well aware that some of you think I go overboard (no pun intended, based on today's headline), but read this story from the Washington Post about the increase in Navy commanding-officer firings – and how technology is literally destroying the ranks from the inside-out – then tell me I'm overreacting.  I'm not going to pontificate.  For those who don't read the article, I'll let the following two quotes do it for me:

From the reporter, describing part of his conversation with Admiral Gary Roughead (chief of naval operations):  "He attributed the rise in part to the revolution in communications and technology, which has made it easier for sailors and their families to snoop on one another and then instantly spread the word — even from once-isolated ships at sea." (italics/bold added)

And from Adm. Roughead, himself:  “The divide between our private and professional lives is essentially gone". (italics/bold added)

Maybe that's what they meant by "Learn science technology"…

e-Evidence Insights: From Innocuous to Probative

MP900401435 If you'll forgive me my lack of time today,  I'd like to link you to a New York Times examination of the case, Skyhook Wireless v. Google (or as I like to call it, the "Jabbar" case).  The reason I'm singling this out is, if you follow the story, you'll see a great example of how seemingly innocuous statements contained in email messages, laid end-to-end, balloon into something much bigger.

Oh, and if somebody sends you an email – and you feel it would be more appropriate to continue the discussion off-line – walk by their office (if possible) or pick up the phone.  Don't email them back, "PLEASE DO NOT! Thread-kill and talk to me off-line with any questions".

If I saw that in document review, where do you think I'd start digging?

Down Goes Frazier! Down Goes Frazier!

Tyson Microsoft.  Google.  Slugging it out over a juicy government contract for email services.  In a nutshell:

The Feds awarded the contract to Microsoft.  Google, unhappy about this, sued the Feds, claiming the fix was in (this really does sound like a boxing match).  Microsoft claims Google is lying about the claims it's making in its lawsuit.

I don't know who "Frazier" ultimately will be, I just know that in a fight between these two heavyweights, someone may be hitting the canvas very hard.

Nuthin’ but a “G” Thang

I'm probably the last to comment on the Gmail/cloud issue – and you already know my opinion of cloud computing – agnostic.

We find that almost anything in life is great…when it works. When it doesn't?

Where the mistake is usually made is in the assumption that things always work. We pick up the landline, expect the dial-tone to be there and are shocked if it's not.

If I wasn't an eDiscovery dude, I'd probably sell insurance like my grandfather. Maybe I learned something about disaster-planning by observing him.

If you're going to use the cloud, institute a backup plan and stick to it – or make sure your provider is doing so.

Oh, and don't forget to test it regularly, in order to avoid 'Chronic' problems – such as getting into a David-and-Goliath war with a 3rd-party like Google.

e-Discovery California: Don’t be EVIL, Los ANGELes…

MP900401409 Theory is usually easier than practice.  You project managers know exactly what I'm talking about.  Courses like the Project Management Body of Knowledge (PMBOK) have value, but one item tends to be underestimated; the human element.  Projects always look great on paper but unfortunately, they're not executed by robots.  They're executed by people with varying talent, ambition, health and – dare I say it – competence levels.  Add to that the other human elements; management support or lack thereof, other duties of the team (distractions), unexpected emergencies ("Hey, I need to borrow Steve for a few hours…"), predictive miscalculations and – dare I say it, part II – the competence of the project manager.

With this in mind, it comes as no surprise that Google has missed a deadline to convert the City of Los Angeles email system to the cloud due to security concerns with the L.A.P.D.'s data.  Tha-a-a-a-a-t's gonna cost 'em.  Worse, they beat out Microsoft for the contract.

Ultimately, the issue will be resolved, but it begs the question – what happens when L.A. requests to retrieve data?  Another cautionary tale about 3rd-party vendors…