Is there a topic you would like to see us cover?– send your ideas to firstname.lastname@example.org.
Is there a topic you would like to see us cover?– send your ideas to email@example.com.
For those of you who read my blog regularly, you know I’ve been anxiously awaiting the Leap Motion Controller (“Leap”). The promise of the Leap is the ability to control your computer by simply moving your hands, without touching a mouse or the screen itself– like Tom Cruise did in 2001 movie “The Minority Report.” I had visions of waving my hands in court during a presentation and making magic occur for the judge and jury– I’m still waiting.
As you will see from my video review, the Leap is in fact quite amazing. However, that does not yet translate into the Leap being a practical tool for use by lawyers in their work. For now, it is simply much more efficient to control your computer using a mouse or touch screen than using the Leap and currently available software. No doubt that will change as clever developers and the Leap Team continue to refine what is now still a beta quality device.
In an article published by Inside Counsel, I discuss generally the use of the iPad by litigators. Here is the link:
When using the iPad for presentation purposes, if appropriate, I like to walk around the room presenting my slides and any other media wirelessly using Apple TV or the Reflector App. The challenge is that the iPad takes two hands to hold and operate. One solution is my favorite presentation case. It is from New Trent and called the “Grabbit.” The price is $34.95 from Amazon, which is about 1/2 the original retail price.
I have prepared a video demonstrating the case and its functionality. The case works with iPad generations 2, 3 and 4. RECOMMENDED.
I am frequently asked how to make a wireless presentation over Wi-Fi using the iPad and the Apple TV (HDMI output), when the projector, monitor, or SmartBoard display to be used has only an “old” style VGA input:
To do this, an HDMI digital to VGA analog converter is required [just using adapters without an electronic converter will not work]. There are a number of converters available on the market. The Linksys system that I use has been discontinued.
This converter has received good reviews and is sold by Apple in its own stores for $16.00 more.
1. Plug VGA cable into projector and turn projector on.
2. Plug other end of VGA cable into Converter box. If you are going to be using audio, plug mini plug audio cable into converter and the other end into speaker input.
3. Plug HDMI Cable from converter into Apple TV. Turn on Apple TV. Connect Apple TV to Wi-Fi Network
4. Turn on iPad. Select the same Wi-Fi network as you set for Apple TV
5. Push the iPad Home button twice– slide over to volume control where you should see the ”Mirror” symbol. Turn Mirror “on” and your iPad should be Mirrored on the Projector.
If you have questions regarding using the iPad for presentations, please comment publicly below , or send me an email at firstname.lastname@example.org. If your question is of general interest I may answer in a post, or if not will try to respond individually .
Lest you think that being the Hytech Lawyer means all work and no play, here is a little window into the recreational part of my world. In this video, my “hytech” kids and I play around with the green screen functionality of a neat iPad app named VideoFX Live. Green screen technology also known as Chromakey, is how your local TV weather person appears to stand in front of a moving weather map, when in actuality, he or she is standing in front of a solid green screen. The green (and just the green) is replaced electronically with another image, such as a weather map or anything else you can imagine. When used with a good quality green screen, the VideoFX Live green screen app on the iPad gives results close to professional grade. The creative possibilities are endless and can make the production of a family video an entertaining and interactive family activity.
The green screen effects are just a few of the many available for this app. The basic App is free, but the really cool effects require an in app purchase. We spent about $12 to buy all the effects that looked interesting.
We also purchased a large green screen (10 x 7) with stands for about $ 90.00. The assembled unit is huge, but packs away nicely. Other green colored material can work, but having a good screen makes a big difference.
We would love to hear about your favorite fun apps—leave a comment below if you are so inclined.
If you have followed the second degree murder trial of George Zimmerman for killing Trayvon Martin, you may have seen the two major technological blunders made by the prosecution. These two incidents involving Twitter and Skype, are prime examples of why the ABA was correct in revising the Model Rules of Professional Conduct to require that attorneys keep current on new technology.
In the first incident, the prosecution attempted to show that it’s own witness Jenna Lauer was biased in favor of Zimmerman by trying to get Lauer to admit on the stand that she “followed” Zimmerman’s brother, Robert Zimmerman, Jr., on Twitter. [For those not familiar with Twitter, if you follow someone, you receive their messages posted on Twitter]. Lauer placed the 911 call on which screams for help could be heard. In response to the prosecutor’s questioning, Lauer claimed she did not understand how Twitter works and denied following Zimmerman– which it appears now was not true. See http://blog.x1discovery.com/2013/06/28/zimmerman-trial-counsel-botches-social-media-evidence-on-national-tv/
Viewing the prosecutor’s examination, the one thing that was abundantly clear was neither witness, nor the prosecutor had a good understanding of how Twitter works. Perhaps the witness can be excused for this ignorance, however, the prosecutor cannot. The result was this line of questioning, which had the potential to show real bias and call into question witness credibility, had to be abandoned by the prosecutor because he had not done his homework and could not conduct an effective cross-examination on a social media technology he did not understand.
The second prosecution technological fiasco was the attempt to present a witness via Skype. Skype is a video teleconference service. As reported by Vishal Persaud with Washington NBC affiliate channel 4:
“Scott Pleasants, a criminal justice professor at Seminole State College had been called to testify about Zimmerman taking an online criminal justice course in 2011. About one minute into Pleasants’ testimony, delivered from Colorado, an onslaught of incoming Skype calls began to pop-up on the television screen in the courtroom, which interfered with the testimony.
Apparently, Pleasants’ Skype username was visible on the television screen in the Sanford, Fla., courtroom, as well as to everyone watching the trial across the country, prompting the slew of prank Skype phone calls accompanied by the service’s trademark “ping” sounds.
Towards the end of the prosecutor’s examination, the calls had become so numerous that the judge had to intervene and order Pleasants to end the Skype call.” http://www.nbcwashington.com/news/national-international/Skype-George-Zimmerman-Murder-Trial-Trayvon-Martin-Juror-Jury-214187041.html
I have written about Skype for the presentation of witnesses and the problem of pop-ups. Had someone in the courtroom been familiar with Skype, the program settings could have been adjusted to prevent access by the pranksters.
See Below [limit IM messages to contacts]:
Because the prosecutor and/or his staff did not know how to properly use Skype in this situation, the impact of this witness’ testimony was diminished. The lesson— know your presentation technology and try it out before using it in a nationally televised murder trial.
Recognizing the importance of attorneys staying technologically current, in August of 2012, the ABA’s House of Delegates voted to amend the comment to Model Rule of Professional Conduct, Rule 1.1. The Rule itself remains unchanged and states: “A lawyer shall provide competent representation to a client. Competent representation requires the legal knowledge, skill, thoroughness and preparation reasonably necessary for the representation.”
The revised comments to the rule, which are to be used to interpret and provide guidance for construction of the Rule, add the following italicized language: “To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology, engage in continuing study and education and comply with all continuing legal education requirements to which the lawyer is subject.” While the ABA Model Rules are not themselves binding on lawyers, they serve as a model for ethics rules in most jurisdictions.
So the lesson here for lawyers young and not so young– take the time to familiarize yourself with the lastest technology– especially before attempting to use it at a nationally televised trial.
Keynote ($9.99 The App Store) for the iPad is a powerful presentation App created by Apple and similar to Microsoft’s PowerPoint. I use both Keynote and PowerPoint frequently for meetings and general presentations and prefer Keynote becasue of its graphic look and effects. However, many iPad Lawyer’s do not have a sufficient comfort level with Keynote to use it to create presentations and/or have extensive libraries of PowerPoint presentations that need conversion to Keynote for the iPad. In the attached video, I demonstrate how to convert a PC PowerPoint presentation to Keynote for use on the iPad, as well as how to transfer the presentation to the iPad via email, SpiderOak Hive and Dropbox. I also demonstrate the creation of basic slides, graphs and effects: VIDEO
If you have questions, please leave them as comments and we (myself and my network of experts) will do our best to answer them.
Reports that there has been yet another data breach or malicious hacking attack targeting the personal and financial information of thousands or even millions of consumers have become so common they barely constitute news. For most companies and yes, law firms, the question is not if a significant data breach or hacking attack is in their future, but instead when. Is your company or law firm ready?
In an informative article in Law Technology News entitled, What to do about high data breach costs, Judy Selby writes about the importance of being proactive to minimize the risk of a serious security breach in the first place, and to mitigate the damages if a breach should occur. Among her suggestions are an annual review by a data security and policy compliance consultant (If a recommendation is needed let me know), developing a comprehensive incident response plan, employee education and working with vendors to ensure they are complying with company data security policies and the law. This is the best practice and what we recommend to our clients; however, a recent study indicates that many companies are woefully unprepared or underprepared to respond to a significant data breach. See Is Your Company Ready for a Big Data Breach?
Assume for the sake of argument your company has not been proactive and does not have a comprehensive data breach response plan in place. Further suppose an employee [or perish the thought an attorney] leaves a laptop containing personal identifying (names, birth dates, social security numbers) and credit card information of thousands of company customers on an airplane. The computer cannot be located, and the presumption is the confidential data is in jeopardy. You are the General Counsel for the company. What now?
Upon learning of a potential breach, inside counsel in this situation should stop kicking themselves for not being proactive, take a deep breath—and then promptly make a call to retain outside counsel knowledgeable in responding to data breach emergencies. It is important the counsel (“breach counsel”) retained be able to drop everything and respond to the emergency promptly. Ideally the breach investigation will be conducted by breach counsel and subject to the attorney-client privilege. Under these circumstances, breach counsel should come into the engagement with an outline of an action plan ready to be implemented by the company, subject to adjustments based upon the actual reality on the ground. The first order of business is to close the leak and to secure any data that has not yet been compromised. Breach counsel will need to be able to “talk the talk” with IT personnel. An immediate investigation should be commenced to determine the cause and extent of the breach, the nature of the data compromised, and whether there are indications the data is likely to be used in a criminal or unauthorized manner in the short term. In many cases, computer forensics specialists should be retained to assess the damage. The complete investigation should be thoroughly documented in writing, noting the details of the breach including when it occurred, when it was discovered, etc.. Again, in our view this investigation should be conducted by breach counsel to maintain the privilege.
There are a myriad of complex legal issues that arise when a data breach has occurred. Besides the requirements of federal law if applicable, e.g., those pertaining to medical information under HIPPA and the HITECH Act, forty-six states have enacted their own data breach notification laws requiring consumer notification when there is a data breach involving personal information such as names coupled with social security numbers, birth dates, financial information, etc.. The terms of these laws vary, and are often inconsistent or even contradictory. See Interactive Map of State Data Breach Data Breach Notification Statutes, resources and related information. In many states, safeguards such as encryption and/or the partial redaction of the exposed data may limit state law statutory exposure and avoid notification requirements. Not so in other states. Since customer notification requirements vary significantly between states, most clients with a national customer base will need experienced legal assistance if they are to adequately assess and meet their compliance requirements. Failure to meet the state reporting requirements and deadlines can result not only in civil liability, but in some cases significant per record fines and assessments.
As one of the first orders of business. breach counsel is likely to advise the client to put together an emergency response team including key executive decision-makers, in-house counsel, IT/security managers, customer relations executives and potentially public relations personnel, among others. The point is to have all the key players and decisions makers involved and informed. Depending upon circumstances, law enforcement personnel may also need to be brought in, and regulators may need to be notified. All of this activity should be pursued with a sense of urgency, as many states require consumer notification in the most ”expedient time possible without unreasonable delay.” See e.g., S.C. Code Ann. § 39-1-90 (“The disclosure must be made in the most expedient time possible without unreasonable delay….”).
If counsel determines that a significant data breach requiring reporting has occurred, he or she may also recommend the engagement of one of the major credit reporting services that has extensive experience in credit report monitoring in data breach situations. Offering customers credit monitoring services is expensive, but often eliminates or significantly mitigates significantly greater liability exposure going forward. See e.g., Hammond v. The Bank of New York Mellon Corp., No. 08-Civ-6060, 2010 WL 2643307, at *7 (S.D.N.Y. June 25, 2010) (claims stemming from accidental loss of back-up computer tapes containing personal information, no allegations of loss or actual damages—two years of credit monitoring service provided by bank precluded a claim for monitoring services). These companies also typically offer notification administrative, call center and related services.
In summary, there is much to do in responding to a data breach event. The response requires quick and decisive action under pressure– not the ideal time to be learning the rules of the road or setting up a response team. As in most things in life, the more thought given to a response plan in advance the fewer mistakes will be made when the storm hits. Don’t wait until a breach occurs—prepare today!
Bill Latham a/k/a the hytech lawyer ( email@example.com )
Lawyers have an ethical obligation to take reasonable steps to protect their clients’ confidential information. This has become a significant challenge in light of daily revelations of data breaches and cyber attacks by individuals and criminal rings, hacking by foreign governments, and now news that the United States Government is collecting massive amounts of data from a wide variety of internet providers. Lawyers must be more aware than ever of the risks and of the defensive technologies available to them.
The hytech lawyer has long been a fan of the SpiderOak cloud-based back-up storage service because of its zealous emphasis on security, its “zero knowledge” encryption (see below), and its privacy favorable terms of service. Until recently SpiderOak was not as user friendly and intuitive as Dropbox, which many lawyers persist in using for transmitting and storing confidential client information despite security and terms of service concerns.
SpiderOak Hive (“Hive”) is a new Dropbox like feature offered by SpiderOak with the same “zero knowledge” encryption of the legacy SpiderOak service. Like Dropbox, Hive allows the user to transfer files from one of their computer/mobile devices to all of their other computer/mobile devices on which Hive is installed by simply dragging and dropping the file into the Hive folder on one of the devices. For example, a lawyer could have Hive installed upon their desktop PC at home, their Mac, their work PC laptop, their iPad, and their iPhone. If the lawyer moves a file, such as document, into the Hive folder on any of these devices, the file is replicated in the Hive folders on all of their devices. Hive is available for Windows, OS (Mac), iOS (iphone/ipad) and Android devices.
So why the preference for SpiderOak Hive? Most online storage systems, including Dropbox, only encrypt user data during transmission, meaning anyone with physical access to the servers the data is stored on (such as the company’s staff) could have access to it. Or, even if the data is encrypted during storage, the user’s password (or set of encryption keys) is often stored along with the data, thus making it’s easily decoded by anyone with local access to those servers.
As explained by SpiderOak:
With SpiderOak, you create your password on your own computer — not on a web form received by SpiderOak servers. Once created, a strong key derivation function is used to generate encryption keys using that password, and no trace of your original password is ever uploaded to SpiderOak with your stored data.
SpiderOak’s encryption is comprehensive — even with physical access to the storage servers, SpiderOak staff cannot know even the names of your files and folders. On the server side, all that SpiderOak staff can see, are sequentially numbered containers of encrypted data.
This means that you alone have responsibility for remembering your password or ‘Password Hint’ (which you can create to help you remember) allowing SpiderOak to create a true ‘zero-knowledge environment’ – keeping your data as safe and secure as it can possibly be.
This also means that SpiderOak cannot unencrypt the data even if ordered to do so. Therefore, if SpiderOak is ordered to produce a lawyer’s confidential client data by a secret court or even more troubling by a civil lawsuit subpoena, the data produced will be encrypted and presumably unusable. Likewise, if SpiderOak is hacked, the data stolen will be encrypted and unusable.
The Ethics Issue
When you move a file into a Dropbox or Hive folder, it is automatically uploaded via the Internet to a remote server maintained by Dropbox or SpiderOak. Copies of this data are then downloaded to any Dropbox or SpiderOak folders you may have installed on your other devices. This data resides on your individual devices and on the Dropbox/SpiderOak servers. Because the data on these servers is now in the hands of a third party (Dropbox or SpiderOak) and maintained in remote servers out of the control of the lawyer, the lawyer must have an understanding of how the cloud service provider, Dropbox or SpiderOak in this example, will treat the data entrusted to it.
Think about it in more conventional terms— would an ethically responsible lawyer send a confidential client file out to a copy service for reproduction without having in place a written confidentiality agreement with the copy service, or at the least a clear understanding that the client’s documents be safeguarded, kept confidential and reasonably protected from disclosure? Likewise, what responsible attorney would hand a confidential client file to a well dressed stranger on the street and ask them to deliver it, for free, to someone at another location without knowing something about the stranger’s background and without at least having an understanding with the stranger that the information will be maintained confidential and secure?
Compare these last two analogies with cloud service providers such as Dropbox, whose service is at its most basic level offered free and where there is no agreement between Dropbox and the attorney other than the unilaterally imposed terms of service required by Dropbox to access the service. If the attorney uses Dropbox without a commitment or agreement with Dropbox that reasonable precautions will be taken to protect the client’s data, then is the attorney acting with reasonable care? Recent ethics opinions from 15 states suggest the answer is no.
The ethics opinions addressing whether it is acceptable for an attorney to use cloud computing and online document storage for the transmission, storage or processing of client information and files have uniformly opined that an attorney must use “reasonable care” when selecting a cloud or Internet service or product. The American Bar Association has compiled a very helpful map and summary of 14 of the 15 state bar ethics opinions on the topic as of the time of publication.
The most recent cloud services opinions is Proposed Advisory Opinion 12–03, issued by the Professional Ethics Committee of the Florida Bar. The Committee opined:
This Committee agrees with the opinions issued by the states that have addressed the issue. Cloud computing is permissible as long as the lawyer adequately addresses the potential risks associated with it. As indicated by other states that have addressed the issue, lawyers must perform due diligence in researching the outside service provider(s) to ensure that adequate safeguards exist to protect information stored by the service provider(s). New York State Bar Ethics Opinion 842 suggests the following steps involve the appropriate due diligence:
Id. (emphasis added).
Citing an Iowa ethics opinion, the Florida Advisory Committee provided the following additional guidance as to what a lawyer should look for in a cloud provider:
[L]awyers must be able to access the lawyer’s own information without limit, others should not be able to access the information, but lawyers must be able to provide limited access to third parties to specific information, yet must be able to restrict their access to only that information. [The Lawyer should also consider] the reputation of the service provider to be used, its location, its user agreement and whether it chooses the law or forum in which any dispute will be decided, whether it limits the service provider’s liability, whether the service provider retains the information in the event the lawyer terminates the relationship with the service provider, what access the lawyer has to the data on termination of the relationship with the service provider, and whether the agreement creates “any proprietary or user rights’ over the data the lawyer stores with the service provider.
Given this guidance, let’s look compare the provisions of the Dropbox and SpiderOak security provisions, terms of service and privacy policies.
In a “security overview” on its website, Dropbox states it:
The terms of service contain the following pertinent provisions:
Compliance with Laws and Law Enforcement Requests; Protection of Dropbox’s Rights. We may disclose to parties outside Dropbox files stored in your Dropbox and information about you that we collect when we have a good faith belief that disclosure is reasonably necessary to (a) comply with a law, regulation or compulsory legal request; (b) protect the safety of any person from death or serious bodily injury; (c) prevent fraud or abuse of Dropbox or its users; or (d) to protect Dropbox’s property rights. If we provide your Dropbox files to a law enforcement agency as set forth above, we will remove Dropbox’s encryption from the files before providing them to law enforcement. However, Dropbox will not be able to decrypt any files that you encrypted prior to storing them on Dropbox.
The glaring absence of any commitment by Dropbox to notify the user if Dropbox needs to protect its “property rights” or if legal process is served upon it purporting to require the production of the user’s information is troubling. The absence of a policy of notification prior to disclosure is one reason I do not use Dropbox for storage or transfer of confidential documents, for fear that an errant subpoena could cause protected documents to be disclosed without the opportunity for a challenge.
Posted by Linzi Oliver at Jun 27, 2012 8:54 AM.
SAFE & SECURE
YOUR RIGHT TO PRIVACY