Ride The Lightning

Some time back, John and I took a test drive of Reed Technology's then unweildy-sounding software for archiving social media and Internet pages, guided by Rod Wittenberg and Matt Byrd. Then came the holidays and the press of work and I never really had the chance to play with the tool, which now has a very nice - and memorable name - Web Preserver.

At $35 a month per user for 10GB of storage (hey guys, that's a great price - put it on the website!), this is quite a deal whether your interest is archiving social media pages, archiving your website, gathering evidence for a case or research. As I spend a lot of time on research for presentations and writing books/articles, I love being able to create folders for every new topic that comes up and storing my research electronically.

Confession: I've been spoiled by years of paralegals doing research and printing everything out. Not green, but it did allow me to read (not on computer screens, which i see too many of) but on paper while traveling or at home in my family room. However, searching paper is highly problematic and I've been determined to go green and become more efficient for some time.

I love that I can have scads of folders on whatever topics may come up - going paperless, apps for Androids, data breaches, machine-assisted review, etc. I can search my folders easily and refine the date range to zero in on something I know I've harvested in the last week.

So thank you Rod and Matt - great product - and if you are at LegalTech or ABATECHSHOW, you can stop by Reed Technology's booth and check this Web Preserver out. Or, of course, you can contact them via the website.

In our animated conversation as Rod and Matt kindly visited Sensei and we walked through the software, I offered many suggestions, most of them minor, to improve the user's experience and was pleased that they were quick to take notes and to say they would incorporate those suggestions.

I had only one serious concern, which may not significantly impact lawyers (or anyone else) who wants to archive or research. But if you really are collecting information for a case, lawyers are going to want encryption in transit and in storage and to create and hold the decryptiion key. Currrently, that it is not possible, but they are working on it. But other than that, I'm a big fan!

E-mail: snelson@senseient.com Phone: 703-359-0700

www.senseient.com

http://twitter.com/sharonnelsonesq

Something else to worry about, right? Apparently so, according to a Dark Reading report (hat tip to friend and colleague Dave Ries) published on January 24th.

Last October, security researcher HD Moore scanned about 3 percent of addressable Internet space looking for high-end videoconferencing systems present in many corporate and law firm conference rooms.

The scan, which took about two hours using a handful of computers, discovered a quarter of a million systems that understood the H.323 protocol, widely used by Internet protocol (IP) communication systems. Moore, the chief security officer for vulnerability-management firm Rapid7, used a module for the popular Metasploit framework to "dial" each server, connecting long enough to grab the public handshake packets, and then dropped the connection.

"Any machine that accepted a call was set to auto answer," Moore says. "It was fairly easy to figure out who was vulnerable, because if they weren't vulnerable, then they would not have picked up the call."

Using the information, Moore and Rapid7 CEO Mike Tuchen identified 5,000 videoconferencing systems that were set to automatically answer incoming calls, allowing a knowledgeable attacker to essentially gain a front-row seat inside corporate meetings. This is precisely like placing a bug and a camera in the conference room.

If the systems are set to auto-answer incoming calls, they can be activated by a hacker without anyone in the room being the wiser. Researchers found that they could listen into nearby conversations and record video of the environment -- even read e-mail from a laptop screen and passwords on a sticky note 20 feet away.

The research was especially interesting because these vulnerabilities affect targets that can afford $25,000 conferencing systems. Most of the systems were made by Polycom, a leading manufacturer of the systems that mostly ship with their auto-answering functionality enabled. Systems from other companies probably had their auto-answer feature turned on to avoid problems (thereby creating one).

Many of these systems have not yet caught the attention of the security community, but you can be sure that this report will catch the attention of the infosec communcity. Quite outside of this vulnerability, others have been discovered by researchers. These systems should be placed behind a firewall (some IT folks avoid this because the systems act unreliably), be governed by policy and scanned for vulnerabilities - tools are available, but rarely used.

E-mail: snelson@senseient.com Phone: 703-359-0700

www.senseient.com

http://twitter.com/sharonnelsonesq

The press has reported that Colorado federal judge Robert Blackburn has ordered Ramona Fricosu, who is accused of bank fraud, to release the contents of her encrypted hard drive. She had argued that doing so would would essentially mean she was testifying against herself in violation of the Fifth Amendment.

“I find and conclude that the Fifth Amendment is not implicated by requiring production of the unencrypted contents of the Toshiba Satellite M305 laptop computer,” the judge wrote in his ruling on January 23rd.

There are cases on both sides of this issue - so far, no court has required that a defendant divulge their decryption key, but that seems to be largely a distinction without a difference if the unencrypted contents of a laptop must be produced.

Thanks to Dan Fuller, Jason Foltin and Ben Kerschberg for sending me variants of this story. A Mashable video discussing this story may be found here.

-mail: snelson@senseient.com Phone: 703-359-0700

www.senseient.com

http://twitter.com/sharonnelsonesq

Not many folks expected the decision in U.S. v. Jones to be unanimous, but it was. It is now the law of the land that police must obtain a warrant before utilizing a GPS device to track criminal suspects. The installation of such a device without a warrant was held to constitute a "search" under the Fourth Amendment's protection against unreasonable searches and seizures.

The police actually had obtained a warrant to attach a GPS device to the Jeep of D.C. drug king Antoine Jones, but it had expired before they attached it. The Keystone Kops would be proud. Jones was convicted in part based on the tracking of his movements over 28 days and sentenced to life in prison.

While all the judges agreed on the narrow finding that a warrant is needed for GPS tracking, the court left for another time the broader implications of electronic surveillance on privacy rights.

This is the first time the Supreme Court has considered the constitutionality of location tracking devices - one has to wonder whether it is a harbinger for a future case considering cell phone tracking. I sure hope so.

E-mail: snelson@senseient.com Phone: 703-359-0700

www.senseient.com

http://twitter.com/sharonnelsonesq

I was so intrigued by the recent post in Lifehacker about how to use your smartphone to securely log into your Google account from an insecure computer that I blogged it - and just last week at that.

Hat tip to friend and colleague Dan Pinnington (bet it's a lot colder in Canada buddy) for letting me know that Google has pulled its Sesame app. When I verified Dan's note (and he was irked too), you get this message,

Hi there - thanks for your interest in our phone-based login experiment.

While we have concluded this particular experiment, we constantly experiment with new and more secure authentication mechanisms.

Stay tuned for something even better!

Dirk Balfanz, Google Security Team.

C'mon Dirk, bring it back - we LIKED it.

E-mail: snelson@senseient.com Phone: 703-359-0700

www.senseient.com

http://twitter.com/sharonnelsonesq

Gotta love Lifehacker. Always coming up with something new. I really loved the recent post about signing on to your Google account on a public computer securely. As you probably know, those hotel and cyber cafe computers are often rife with spyware.

But here's a great workaround. Point the insecure computer's browser at accounts.google.com/sesame. Now pull out your smartphone, open any app capable of reading QR codes (Google Goggles for example) and take a shot of the QR code that is generated at accounts.google.com/sesame. When your phone's browser (which will need to be signed into your Google account) visits the URL encoded in the QR code, that will tell Google's servers that you're at this computer, and the browser of the insecure computer will log you into your Google account without any typing on your part. Magic time.

Of course, you have to be logged into your Google account on your phone, but we hope your phone is more secure. And, as Lifehacker points out, make sure you log off!

E-mail: snelson@senseient.com Phone: 703-359-0700

www.senseient.com

http://twitter.com/sharonnelsonesq

Kudos to Google for providing assistance and technology to make it easier to report child exploitation. A recent press release from the National Center for Missing & Exploited Children (NCMEC) says the CyberTipLine, which is operated in partnership with a number of federal and state agencies, now has improved instructions and simplified steps.

Like most firms which provide computer forensics services in criminal cases, we see a dismaying amount of child porn and exploitation. It is disheartening to read the stats: An estimated 1 in 5 girls and 1 in 10 boys will be sexually victimized by the time they are 18. This is particularly meaningful to John and I as we both work as Court Appointed Special Advocates (CASA) for abused and neglected children. If you've been looking for something meaningful to do to serve your community, you might want to check CASA out. Giving these children a voice is wonderful work.

Through November of last year, the CyberTipline had received over 276,000 reports. It was interesting to read that the general public submits about 45% of such reports with electronic service providers submitting 55%.

Joe Paterno may genuinely not have known what to do beyond what he did to report the exploitation of a young boy at Penn State but I sure wish he had known about the CyberTipline. The federal authorities would not have turned a blind eye as did, apparently, Penn State officials.

E-mail: snelson@senseient.com Phone: 703-359-0700

www.senseient.com

http://twitter.com/sharonnelsonesq

Colleague Karl Schieneman wrote an interesting guest post for Forbes last week entitled Legal Hydra? Top Ten Tips to Become More Proficient with Machine-Assisted Review. As he says himself, "The somewhat controversial point of this article is that lawyers are time and time again standing in the way of technology, preventing them from making real progress in the field of electronic discovery."

I don't disagree. Lawyers are uncomfortable with this new machine-assisted review which they generally don't understand very well, if at all. They prefer to do things the way they've always done them. They speak a different language than their experts and their IT departments and the two cannot seem to communicate effectively. Very often, the in-house folks are told to simply follow orders.

It is absolutely true that some lawyers try to keep experts away from cases in the mistaken belief that they are saving money. If you get a good expert, that expert will always be focused on saving time and money while doing the best possible job.

Karl is the President and owner of Review Less, a consulting and document review company which specializes in machine-assisted review workflows, so it is logical that he is preaching the machine-assisted review gospel. I hasten to add that I do not say that in a snippy way, but one always needs to consider the source.

The source notwithstanding, Karl has penned a very thoughtful article and I largely agree with the points he makes. My caveats would be that machine-assisted review is still in its infancy, the old GIGO (Garbage In, Garbage Out) rule still applies and that the cost of machine-assisted review is currently prohibitive for small to mid-size cases.

Still, I do agree with Karl that 2012 will be a breakout year fro the use of machine-assisted review, particularly in large cases. Thanks for a fascinating read Karl.

E-mail: snelson@senseient.com Phone: 703-359-0700

www.senseient.com

http://twitter.com/sharonnelsonesq

It astonishes us that so many lawyers still think of the Meet and Confer as ONE meeting and not as a process. We were therefore pleased to see a new tool called MEETandCONFER.com and to have a tour of the product with Scott Devens. Here's a write-up I got from Scott, followed by a couple of comments from John and I.

Although following the 2006 revisions to Rule 26-f of the FRCP Meet and Confer meetings were mandated to be conducted with all litigation, to date, clear definition of the required content and process for meet and confer meetings has not been readily available. MEETandCONFER.COM was developed to fill this void.

MEETandCONFER.COM is a patent-pending e-discovery software platform that provides a programmed approach to guide attorneys, their clients, and opposing parties through the required “meet and confer” process. The use of the MEETandCONFER.COM system provides consistency, defensibility and cost-effectiveness to the handling of this crucial aspect of the e-discovery process. MEETandCONFER.COM simplifies the “meet and confer” process by defining, structuring, and confirming all of the e-discovery steps that are required to cost-effectively comply with the legal requirements mandated by Rule 26(f) of the FRCP, as well as similar state court rules.

The MEETandCONFER.COM software contains integrated video conferencing capabilities, which when combined with its proprietary negotiation system, encourages cooperation between all of the parties involved in the process. A new “Budget Projector” module is in the process of being incorporated into the MEETandCONFER.COM software and will be introduced later this month.  This Budget Projector will allow the parties to obtain a snapshot of the total costs that will be associated with their ESI requests during the meet and confer. This functionality will add an valuable component to the meet and confer process because it will allow the parties to assess the proportionality of their projected ediscovery costs with the value of the damages that are being sought. The final step of the MEETandCONFER.COM process is the automated generation of a Report to Court based upon all of the details that have been agreed to (or disagreed with) during the meet and confer process.

As is so often the case, actually doing the demo with Scott is the way to go to fully understand the product. We like the access controls, the ease of navigation and methodolgies available for effective collaboration. The only thing that bothered us about MEETandCONFER is that the data is encrypted to and from the dedicated servers, but not in storage. And you know how John and I harp over encryption.

That aside, we were very happy with the product and it has a very reasonable cost of $149 per month. The company is currently offering a free one month trial of the software - well worth taking a look.

Thanks for showing us around Scott!

E-mail: snelson@senseient.com Phone: 703-359-0700

www.senseient.com

http://twitter.com/sharonnelsonesq 

So if you're wondering how to organize and present your electronic evidence at trial, our friends at Attorney at Work had a great post about some of the top iPad and iPhone apps for lawyers. There's also a free download of even more legal-related apps.

If you're a lawyer and an iPad and or iPhone user, you don't want to miss this excellent list of well-vetted legal and productivity apps. An excellent job by our friend Joan Feldman.

While you're on the site, consider signing up for the Daily Dispatch - I get some of my best law practice management tips that way.

E-mail: snelson@senseient.com Phone: 703-359-0700

www.senseient.com

http://twitter.com/sharonnelsonesq