Google explains why it wants your data, how it protects your data, and what it does to make sure you can get your data out of Google when you want to:

Someone should tell Google CEO Eric Schmidt.

Google Renews Its Privacy Vows | TechCrunch

Google’s Privacy Promises is a post from: Lawyerist

If you have a Mac, you probably have an iPhone. With Airlock, you can use your iPhone to automatically lock and unlock your Mac when you are away.

Airlock uses Bluetooth to tell your computer when you leave the room (or other proximity; you can change the settings). When you leave, your computer is locked by Airlock. When you return, Airlock will wirelessly tell your computer you are back, and unlock your computer.

You can also program Airlock to tell your computer to run various programs upon your return. If you lose your iPhone, or the battery dies, you can still use a manual login function, so you are not left in the lurch.

Unfortunately, Airlock can cause minor problems if you use a wireless keyboard or mouse. Because of a Bluetooth firmware issue, Airlock can cause your mouth or keyboard to disconnect. Apple is apparently working on a firmware update to correct this.

There are other ways to have your computer automatically lock, such as making a hot corner that puts your computer to sleep, or setting up your screensaver to come on after five minutes of inactivity. Airlock, however, seems to be the easiest, and quickest option.

(photo: CarbonNYC)

Use Your iPhone to Secure Your Mac is a post from: Lawyerist

Gmail is my preferred email interface for lawyering, and I also use Google Apps to maximize my productivity. Although my Gmail account has never been hacked, here are some tips to keep your accounts secure, and if they do get hacked, what you need to restore security.

If you are using Gmail as your business account, take the extra 2 minutes and create a password that is more complicated than usual. Elementary advice, but still a precaution worth taking.

If your account does get hacked, having the following information is extremely helpful to regain access and control of your account:

1. Month/year you created the Google account.
2. If you were invited to Gmail by invite, the email address of the person who invited you.
3. Your top 5 most frequently contacted email addresses.
4. Names of custom labels in your Gmail account.
5. The dates of when you started using other Google services.

It might seem like a pain to keep track of this, but if you are using Google services with client information, the faster you can regain control of your account, the better.

Lessons Learned from a Hacked Google Account | Lifehacker

(photo: jasoneppink)

Protect Your Google Accounts is a post from: Lawyerist

At least one law firm has stopped using iPhones because of potential security risks.

A data forensics expert has identified two potential security risks, but both of them require the bad guy to have physical control over the iPhone. If you never lose control of your phone, then no problem.

But if you leave your phone in a cab, at a coffee shop, then what? Apparently the remote wipe feature is not as great as it seems. Your iPhone must be connected to the cellular network for it to be wiped. A clever thief can quickly disable the cellular function and go to town.

Lastly, the iPhone essentially takes screenshots of your data—enabling the neat shrinking and disappearing effect on the phone. If your device has been captured and someone has hacked your phone they can probably find whatever they want—screenshots are fairly redundant at that point—but still a security concern nonetheless.

The risks are legitimate. An iPhone is much easier to lose than an old school briefcase containing client files. Even worse, an iPhone is capable of holding much more data than a briefcase. The iPhone is also much more fun to play around with . . . and easier to misplace.

Although it seems likely other smartphones are susceptible to similar security risks, make sure you are willing to accept the consequences of a lost smartphone before you place client data on it.

Law Firm Abandons iPhone After Experts Warn of Security Issues | ABA Journal

(photo: Johnny Grim)

How Safe is Your iPhone? is a post from: Lawyerist

Google’s CEO, Eric Schmidt, just said something that makes me seriously reconsider whether I should be trusting his company with my clients’ information.

“If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.” Here is the video:

Bruce Schneier had the obvious rejoinder, and JWZ points out that Google once blacklisted CNET for publishing Eric Schmidt’s personal info. How ironic. BoingBoing has the snarky summary.

But the real question is whether lawyers should trust Google with their clients’ confidential information if this is the attitude of Google’s CEO. His muttering about the Patriot Act makes me wonder if Google is going to act like Yahoo! and Sprint and give it up to anyone with a badge, search warrant or not.

I am not jumping to move all my information just yet, but I am watching carefully to see whether and how Google responds.

Google CEO: Secrets Are for Filthy People | Valleywag

Is Google Getting Ready to Sell Lawyers Out? is a post from: Lawyerist

For 19 years, Windows’ Achilles heel has been its vulnerability to viruses. In my opinion, this vulnerability is ridiculously overstated (especially by the competition), but it is a liability. Unfortunately, most anti-virus software is either awful, expensive, or both.

With this in mind, I am astonished that it took Microsoft so long to develop its own anti-virus software to maximize the performance of Windows while still protecting users from malicious code.

As of today, Microsoft has remedied its omission, and you can download its free Security Essentials software. If you are using industrial-strength anti-virus software, you may not want to switch. But if you are still paying for MacAfee or Norton, give Security Essentials a try. I am running it on my system, and so far, so god, even with background detection running (which I did not bother with when I used AVG because of the performance hit).

Microsoft Security Essentials | Microsoft (via Lifehacker)

Anti-Virus, Now From Microsoft is a post from: Lawyerist

I predict that within approximately 2-3 years, lawyers in most jurisdictions will communicate and collaborate with their clients using some type of an encrypted network.

This will occur as a result of the enactment of laws to protect consumer data, and because of the inherent flexibility of emerging legal technologies.

New laws and regulations

A number of states, including Massachusetts and Nevada, have passed laws or regulations which require that certain types of confidential data be sent electronically only via encrypted communications. More laws of this nature will most certainly follow both at the state and federal level.

I predict that these laws, most of which currently apply primarily to financial institutions, will ultimately incorporate some of the types of client information contained in attorney-client communications, in large part because of rising concerns due to recent large-scale data disclosures.

In fact, this type of data breach is one of the primary reservations expressed by lawyers regarding cloud computing.

However, attorneys are reluctant to embrace emerging technologies and will only use encrypted communications if required to or if the incorporation of this type of communication into existing systems is easily accomplished.

New laws coupled with the inherent flexibility of cloud computing will result in the use of encrypted communications as the norm in the legal profession.

Emerging legal technologies

As aptly noted by Seth Godin in his recent blog post, desktop software is an antiquated concept, and its developers are anything but innovative. Cloud computing is the wave of the future, and all types of software, including legal platforms, will eventually be offered as an online service.

Developers for online legal platforms start from the ground up when developing their products. They have a flexibility that is unavailable to the desktop developers, who are more concerned with tweaking an existing product in a cost effective manner rather than truly innovating.

Online platforms developers have the ability to respond to the current needs and concerns of their clients in a way that desktop developers simply cannot. Online platforms can be quickly and easily modified to incorporate new features, such as encrypted communication, into the online platforms as the need arises. In fact, a number of platforms have already begun to do so.

For example, VLOTech, Clio, and NetDocuments allow for varying types of encrypted communication with clients. Another online legal platform, NKrypt, is devoted to providing a secure, encrypted email network.

Encrypted communications with clients is the wave of the future and web-based legal technology providers, many of whom already provide some form of encrypted client communication, will lead the way.

(photo: Anonymous Account)

Encrypted Client Communication May Be the Wave of the Future is a post from: Lawyerist

Cloud computing, or software as a service (SaaS), means moving your applications from your computer to the “cloud.” It is the difference between Microsoft Word (locally-hosted, since it is on your computer) and Google Docs (remotely-hosted, since it is on Google’s computers).

The most-common objection to using SaaS is the fear of waiving the attorney-client privilege, usually because “free” e-mail services like Yahoo! Mail, Gmail, and Hotmail scan users’ e-mail for keywords to target advertising. But SaaS is an attractive alternative for many lawyers, who would rather not deal with IT themselves or maintain an expensive IT consultant. As a result, many lawyers and law firms are looking at Google Apps, hosted Exchange, and Zimbra as less-expensive alternatives to having a local server.

I use Google Apps, and I am not worried about security, privacy, or waiving the attorney-client privilege. Here is why:

You and your clients are already using SaaS

If you use e-mail, you are probably using SaaS, even though you may not realize it.

First, many—perhaps most—of your clients are already using cloud services like Gmail, Yahoo! Mail, Hotmail. These are SaaS providers that scan your clients’ messages—including the ones from you—to provide relevant advertising. Whether or not you use SaaS yourself, if the attorney-client privilege was so easily waived, you would probably have waived it already for many of your communications.

Second, you are also probably using SaaS yourself. Have a Blackberry, iPhone, or any other mobile messaging device? That information is going through the servers of RIM, Apple, or whoever, where third parties have access to it. If you are like most law firms, you have a hosted e-mail provider like Comcast, A2, or GoDaddy, where third parties also have access to your e-mail. They may not scan it for advertising, but their computers store it, just like Google’s.

But don’t worry . . .

The clouds are not reading your e-mail

Read the privacy policy of any cloud-based service you do business with. If you are using a free service, their computers may scan e-mail for the purpose of inserting ads. This does not mean anyone is reading your e-mail.

Instead, you will find that most SaaS providers go to great lengths to ensure your data remains private and secure. Google’s privacy policy for Gmail is a good example.

The difference between free services and paid services is usually advertising. If you buy a premium Google Apps account or you pay for a hosted Exchange server, your provider will not scan your e-mail to insert advertising. They probably will still scan your e-mail and (calendar and other items) so you can search for things, later.

Inadvertent disclosure does not waive the attorney-client privilege

Only the client can waive the attorney-client privilege, although they can do so through carelessness. If using a cloud-based e-mail service is enough to waive the privilege, then many clients have already done so. But at least one New Jersey court did not bring up this possibility when finding that the attorney-client privilege protected a client’s Yahoo! Mail account, even when she accessed it on her employer’s computer.

It seems unlikely that a data breach at your SaaS provider would mean your attorney-client communications must be revealed to opposing counsel.

Although suspicion prevails, talk to your IT provider and your local ethics board before deciding whether or not you are comfortable using the cloud for your client-related data.

(photo: akakumo)

Can You Trust Google Apps (And Other SaaS)? is a post from: Lawyerist

Even if you have read our previous posts on data security and encryption, your computer data is probably still at risk. Scientific American recently reported on a variety of “side-channel” data vulnerabilities–threats of data theft through passive or mechanical means that bypass your software and operating system altogether.

Below are five frightening new ways to steal the data on your computer:

1. Reading data from the reflection on your eyeball

New techniques involving telescopes and cameras are now able to capture computer data from monitor reflections on eyeballs, glasses, and office picture frames.

2. Stealing data from your monitor’s radio emissions

Computer monitors radiate low-voltage signals from their power cords which allow people with sophisticated monitoring equipment to capture and reassemble the images on your monitor.

3. Capturing network data from the flashes on a router

The constantly-flashing LED lights on network routers can be recorded to capture the data bits traveling through them. These patterns can be reassembled to decipher communications going through the router.

4. Copying printer data from the sound of the printer head

Some printers — especially the old dot matrix variety — make small noises as they move across your paper. These sound frequencies are slightly unique depending on what movement the printer head is making. By recording the sound waves of a printer, special algorithms can decipher the text being printed.

5. Learning your passwords from the radio frequency of your keyboard

Similar to capturing the electronic frequencies emitted by monitors, keyboards emit unique low-voltage radio frequencies with each keystroke. Basic radio-frequency monitors can be combined with capture software to copy anything typed. Check out this video of keystroke theft in action:

Thankfully, at this point these data invasion methods are seldom-used. However, for that reason, there also are few countermeasures or security products on the market to prevent espionage through these side-channel methods. While it is unlikely most attorneys need to worry much about these vulnerabilities, anyone with especially-secure client or corporate data should at least spend a few minutes thinking about whether they could present real threats.

How Hackers Can Steal Secrets from Reflections | Scientific American

(photo: annieominous)

Five shocking ways your computer is at risk is a post from: Lawyerist

Anyone who has heard me speak at a CLE or who reads this blog even occasionally knows that I preach the mantra of backup. This is especially important for lawyers, and doubly (triply? quadruply?) important for attorneys with paperless law offices. But I also practice what I preach, and I am willing to endure the criticism of the IT folks who read this blog for the greater good.

So, for the benefit of all, here is how I back up my files.

Setup

First, a note about my setup. I have a desktop/file server that I use at work. I have an unprivileged user account for my business files, and a regular user account for myself. This computer is connected to a Maxtor OneTouch external hard drive.

I have a laptop that I use everywhere else. Everything but the /boot partition is encrypted, and to get the maximum benefit of the encryption, I shut the laptop down whenever I move locations. I keep a Western Digital Passport portable external drive at home.

I use two free, open-source software tools for backup: rsync and Unison. Both are *nix-based software, although there are versions for Windows and OS X. Rsync is great for backup because you can use it to back up only files that have changed, making it very efficient. Unison syncs two sets of files so that both are identical, sort of like a two-way version of rsync (which is basically what Unison is). Both work well for backing up files over an encrypted internet connection using SSH.

Backup

I maintain at least two backups at all times, in at least two different places. In practice, I actually have eight backups of varying ages at a time, and at least one backup (usually two) is less than a day old.

1. I back up my desktop automatically every night using rsync. This backup goes to a set of rotating backups, so there are always five days of backups available, in folders labeled for the days of the week.
2. Whenever I work on my laptop, I start by syncing my files over the internet using Unison. This way, the copies on my desktop and laptop are rarely different by more than a day.
3. I back up my laptop to my portable external hard drive about once a week using rsync after syncing the files using Unison. This is usually the most out-of-date copy, so it is a backup of last resort, if everything else fails.

I use my daily backups like an extended “undo” function, so I know they work. Since I can access those backups remotely, if necessary, I can restore files any time, anywhere. I like having five days of backups, plus the “last resort” backup, because if there is a problem and I don’t notice it right away, I can usually still find the file I need.

Upgrades

I wish I had some form of RAID on my work computer to protect against drive failure, but since there are at least four drives involved in my backup system, I am not overly worried about what I am using now.

At some point, I would like to move my business files to a standalone file server using RAID. When I do that, I will add an hourly (or more often) backup to the external drive. Then, if I did lose a drive, I would not lose more than an hour’s worth of work.

Bring on the questions and criticism!

(photo: Wikimedia Commons)

How I use backup to keep my paperless office secure is a post from: Lawyerist