I Thought We Were Past This

I saw a link in the ABA Journal Law News Now this morning that simply floored me.

The Journal article states:

A federal judge’s opinion in Apple’s patent infringement suit against Samsung Electronics was formatted in a way that exposed redacted information.

The mistaken revelation in the opinion issued Friday by U.S. District Judge Lucy Koh discussed Apple studies showing its customers are unlikely to switch to Samsung’s Android devices, Reuters reports. The redacted portions also included some details on Apple’s licensing deals with Nokia and IBM.

iPad and Galaxy TabThe Reuters article includes additional details about the “redacted” information. According to the news stories, it appears that the information that was supposed to have been redacted did not contain any information that was truly secret.

Whether the information should have been redacted is an interesting question. However, it is not the issue that interests me. My interest is with the inability of people to properly use their software.

In 2009, I wrote about a redaction issue involving Facebook and ConnectU. What I said then applies equally now:

The reality is that it is not too much to ask for basic technical competence from people who are publishing allegedly redacted documents. It’s one thing to not have a full understanding of all of your computer’s programs. However, if someone is going to release allegedly redacted documents on the internet, it is not unreasonable to have that person actually ensure that the documents are redacted properly. The thing that makes this worse is that the document could have been redacted in Acrobat easily and, if done with the redaction tool, none of the confidential information would remain in the document.

The software to properly redact information is readily available and easy to use. To have an error of this type is simply inexcusable.


Do They Do This Just to Punish Attorneys?

The ABA recently reported that some federal courthouses ban smartphones because of fears that they could be used as weapons by terrorists. The story reports:

A memo issued last week by the Administrative Office of the U.S. Courts outlines the dangers, Wired’s Threat Level blog reports. “These common devices present security issues because some can be and have been converted for use as weapons, including explosives,” the report says.

The report explains other dangers: Smartphones can be used to secretly record or transmit videos of court proceedings, and they can be used by jurors to research case details on the Internet.

Further information can be found at in this story from Wired’s Threat Level as well as this report from the Administrative Office of the Courts.

I admit that smartphones and cell phones can be used as weapons by terrorists. So what? There are lots of items that can be used as weapons by terrorists. No location can ever be terrorists proof. Further, you can never have perfect security.

A courthouse that bans cell phones may seek to ensure that a cell phone is not used in a terrorist attack in the building. However, the policy does not prevent any other kind of terrorist attack.

Just a cell phone can be used as a weapon, does not mean it should be banned. If we were to follow this argument logically, we should also ban all writing instruments from use, heavy books from the library, and plastic ware from the cafeterias.

Attorneys carry smartphones to courthouses because they use them as tools in their practice. For some attorneys, their smartphones are one of the most useful tools in their practice. They use it for email, calendaring, and making telephone calls. Similarly jurors, who are giving up their time to serve the justice system use their phones to monitor their businesses or children when they are away.

Security is a legitimate concern. However, banning cell phones and smart phones from courthouses does not make us safer, it makes us more inconvenienced. It makes our jobs harder to do. It makes it more difficult to find good jurors. It makes it difficult for litigants to be involved in their cases. Quite simply, banning cell phones allows court officials to pay lip service to improving security without actually improving security.

The articles do not mention which courthouses currently ban cell phones. I would be curious if anyone is aware of the courthouses that do.

Security & Social Media

I use Twitter. However, I don’t usually post a lot of tweets. To be honest, this is mostly because I am usually doing something else and really don’t think about it. However, one of the questions I have always considered is how much information am I giving away. If I Tweet about going out of town with my family, does that mean that some burglar knows my house is a prime location to burgle?

Apparently, I am not the only person who has this concern. Recently The Reasonably Prudent Law Student noted her distrust of the application foursquare:

FourSquare is an application that works with Twitter and you log on from your phone and it posts a tweet about where you are. Like, “I’m at Meson Sabika, 400 Aurora Ave, Naperville” and a link or something. I don’t know.

All I know is that FourSquare scares me. It’s a great way of saying, Hey, I’m at this location about twenty miles away from my house. PLEASE ROB ME. NO REALLY GO AHEAD. YOU HAVE MY IMPLIED WRITTEN CONSENT.

* * *
The more I think about it, the more I’m convinced that FourSquare was released by a gang of international thieves who knew it would gain tremendous popularity on Twitter and other social media sites. They were like, Hey, sure, we’re rolling in diamonds and stolen TVs, but we could be rolling in MORE diamonds and stolen TVs.

I am pretty sure that foursquare was not invented by a gang of international thieves. However, I think it is prudent to think about what information you are releasing on your social media networks. Without a doubt, there are many times that there is nothing wrong with letting the world know your location. at other times, however, you may want to think about this a bit before revealing the information to the world.

Redaction Done Wrong. Again!

At times I am amazed at the technical incompetency of some people. Recently the AP was able to discover the confidential details of  the settlement between Facebook and ConnectU because whoever “redacted” the confidential information did not actually redact the information. Instead of properly redacting information from the document, the person simply put white boxes over the “redacted” information. Because of this, “The Associated Press was able to read the blacked-out portions by copying from an electronic version of the document and pasting the results into another document.”

Additionally, there are multiple other ways in which the information can be read in Adobe Acrobat. In fact, if you choose Document > Examine Document, in Adobe Acrobat, Acrobat will create a report that lists all of the “redacted” information.

To view the document yourself, click here.

The reality is that it is not too much to ask for basic technical competence from people who are publishing allegedly redacted documents. It’s one thing to not have a full understanding of all of your computer’s programs. However, if someone is going to release allegedly redacted documents on the internet, it is not unreasonable to have that person actually ensure that the documents are redacted properly. The thing that makes this worse is that the document could have been redacted in Acrobat easily and, if done with the redaction tool, none of the confidential information would remain in the document.

In a great coincidence I attended an Adobe webinar on redaction just days after the AP story broke. If you would like to learn more about redaction, you can check out information from that webinar here.

Hat tip to PDF for Lawyers for first linking to this story.

A Primer on Electronic Signatures

TechnoEsq has a great post in which he discusses the methods of signing electronic documents. As he explains:

Contracts are now signed electronically, emails are frequently used for communication between counsel and clients, pleadings in federal court are even electronically signed and filed. Obviously, such a paradigm shift is necessary in the modern era and makes today’s world work, from ATM and credit card purchases to purchasing automobile insurance online. From a legal perspective, however, there are many different forms of electronic signatures. The term is used interchangeably to describe three very distinct means of signing a document electronically:

1. Signature Stamp (or scanned version of a signature)

2. Electronic Signature (used in the federal court system)

3. Digital Signature (encryption used to authenticate a document).

This article explains the three forms of electronic signatures and assist in their creation.

I urge you to review this article to find out the uses for each of these three types of signatures as well as how to create and use each of them.

Keeping Your Notebook Safe

Chris Pirillo provides 10 Tips to Keep Your Notebook Safe When Traveling. My two favorites are:

    Keep It On You: It is not uncommon for someone to set their luggage down while standing in line for a muffin, or to sit down while waiting for a flight. With all luggage, it is important to keep an eye on it and ensure nobody tampers with it or steals it. Because of their size and value though, laptops make prime targets and a thief can snatch the laptop bag and keep walking while you are unaware with your back turned. You should keep the laptop bag on your shoulder or keep it in sight at all times.

    Back Up Data: Perform a backup of all critical or sensitive data before departing. Just in case your laptop does become damaged or lost, you don’t want to also lose your important files and information. You can buy a new laptop, but it is much harder to replace lost data.

      Go here to read all of the tips.

      Hat tip to Futurelawyer for pointing out this post to me.

      Safely Using Wi-Fi

      The Consumerist has a great post titled The Idiot-Proof Way to Securely Use Public Wi-Fi. The article discusses a variety of VPN solutions to protect your privacy when you are using a public wi-fi connection. I have a VPN through my work. Thus I have not tried any of the listed programs. However, because I am a fan of open source software, I was intrigued with the discussion of OpenVPN. If you want to check it out, it can be found here.

      Be Careful While Working and Talking on the Telephone

      Last week I was reviewing a tract search from a title company. When I called the title company to ask about a couple of questions that I had on the search, the person I spoke with explained that it would take her a few minutes to get the information that she needed because she was working at someone else’s desk at the moment.

      This was not a big deal from my perspective. However, I quickly realized that this woman narrated her work. It was a constant stream of consciousness narration of what programs she was selecting, what she was looking for, and where she should click her mouse. Although this was mildly annoying, I did not think much about it until the woman logged on to one of her company’s databases and proceeded to recite her password while entering it.

      Fortunately for her, I had no malicious intent or desire to use her password. However, she did not know that.

      Based upon this experience, I would suggest that if you talk to yourself, be careful and make sure that you do not say your passwords out loud. You never know who could be listening.

      Fake Fax Signatures

      Bruce Schneier has a great post on the apparent insecurity of fax signatures. Bruce is right of course in his assertion that fax signatures can be easily forged, especially if you have a copy of your signature on your computer.

      However, as Bruce points out, fax signatures are accepted because they are typically only one small part of a transaction and that there are other circumstances within a transaction that provide security that the fax signature is a valid binding signature.

      I loved his observation that:

      Signatures themselves are poorly defined. Sometimes a document is valid even if not signed: A person with both hands in a cast can still buy a house. Sometimes a document is invalid even if signed: The signer might be drunk, or have a gun pointed at his head. Or he might be a minor. Sometimes a valid signature isn’t enough; in the United States there is an entire infrastructure of “notary publics” who officially witness signed documents. When I started filing my tax returns electronically, I had to sign a document stating that I wouldn’t be signing my income tax documents. And banks don’t even bother verifying signatures on checks less than $30,000; it’s cheaper to deal with fraud after the fact than prevent it.

      Check out the entire post. It’s a great read.