Technology Practice Tips Podcasts

Practical law practice technology concepts in an accessible, conversational manner with Phil Brown and David Whelan

Social Engineering

 Permanent link
Phil and David talk about social engineering and how it can threaten your law practice.  Scams like phishing, vishing, and smishing, and criminals accessing your accounts by using personal information to bypass your account and other security, are disabling law practices all the time.  Learn about what these threats are and how you can avoid being socially engineered.
View Transcript

Speaker Key:      PB Phil Brown, DW David Whelan


PB :      Hi, it's Phil Brown and I'm here with David Whelan and today we're going to talk about social engineering.

DW :     Oh, wait I thought I we were talking about an engineering social life, so engineers getting together and stuff.

PB :      No, we're going to talk about more how this might affect lawyers and paralegals.

DW :     Okay. So, social engineering is maybe not a term you've heard of, but you will have heard of what it is. Social engineering involves people, maybe not even using technology, maybe just using telephones, to use your emotions and your normal inclinations to be helpful and share in order to pry out information from you like your credit card number, like your passwords, like information that you wouldn't otherwise divulge. And so the social part is really the human interaction that leverages that information out of you.

PB :      And it could be as simple as someone arriving at your office with a stack of 10 pizzas for your staff and saying that they're there and everyone's supposed to gather in the conference room. And they think it's a party and everyone goes into the conference room including the receptionist to get their pizza. And the person who delivered the pizzas now walks over and plugs into their server and could possibly insert some sort of Malware or Trojan or whatever through one of the USB ports and it's essentially just been a two minute interruption of service.

DW :     Yeah, it's a funny area because there's so many different things that go on and you'll have heard of phishing, you may have heard of vishing and smishing, farming, water holing. They're all sorts of interesting terms that pop up in the media. But really all of these fall under social engineering.

PB :      And it all has to do with our need to see what's in that email or our need to respond to something. Or someone has told us something's wrong with our accounts so we need to figure out what that is quickly.

DW :     And some of it's very random. Phishing for example, spelled p-h-i-s-h tends to be emails that come in but they're sent to thousands and thousands of people on the hope that someone will see "Oh my bank account has been breached and I need to click through." And when they click on that link they go to a site that either downloads malware to their computer and infects them, or they are prompted to put in information like their user name and their password for their bank but they're not actually on the bank's site.

             That is escalated with things like water-holing or spear-fishing where the email isn't sent to lots of different people it's sent to very specific people. And so, the email feels even more authentic because it's true to the sort of email that that person would expect to get.

             I know recently I've been receiving a lot of emails that have to do with court filings. And so, inside the email there's a document or it looks like it's supposed to be a document that if I clicked it, would appeal to me. So, they are varying levels of tailoring but they're all meant to have you do something to give up some piece of information.

PB :      And vishing, although we both don't like that term, has become more common because of things like VOIP, which is the voice over internet protocol system of telephony.

DW :     There have been some terrible examples this year, it's 2015, in the U.K. two lawyers have gotten in trouble and suffered discipline when they received a phone call from what they thought was their bank, they then took actions based on that phone call. Often, what would appear to be legitimate, but it ended up moving huge sums of money in their trust accounts from one place to another. And, unfortunately, the other place was controlled by the scammers. And so, they were then able to remove all of the money. So, it really is, even on phones where there's no technology involved, it's a matter of using common sense and really thinking about what kind of information am I giving up or what am I doing based on requests from someone who I actually can't see.

PB :      And I think in one of the English examples there's one with a loss of over £700,000.

DW :     Right, yeah, it was really huge numbers.

PB :      And now we need to look at it from the perspective of when you get that email and this is another thing that's common with VOIP, you might have a voicemail, but you're able to access it through your computer and click on that voicemail file that, WAV file to listen to the voicemail that's been left for you.

DW :     Right, you should really be very cautious with anything that looks like it's sending you a link that is taking somewhere else, whether to listen to a voicemail message or to fill out a form or an attachment that looks like it should be something that you should download and listen to or open.

             Go through your same process that you would normally do, even if it's a voicemail and even if you're in a hurry, rather than double clicking on that file "right click" on it and save it as an attachment to your drive and run your virus checker on it because the emails that are coming in are extremely good at - I mean we're well beyond the days when you had typos or people who are addressing you as an Nigerian Prince, although I do sometimes get requests for barristers from the U.K, which I think is quite funny. But the emails have gotten very sophisticated and again, if it's been tailored to you it's going to be something that's going to be very difficult for you to watch. So, without becoming too paranoid, you do really need to watch every email that comes in.

PB :      And you'll get a lot of phone calls now from people claiming to be - the popular one this year was the Revenue Canada call or the CRA call saying there was a warrant out for your arrest and if you paid a certain amount of money by such and such a time, which you could do immediately of course by giving up a few of your credit card numbers. And it was usually a small amount. It was a few hundred dollars or a thousand dollars and if you paid that amount immediately that would be the end of the warrant you could go on your way. I mean CRA doesn't call anyone, but, again, it's that sort of panic response you have when someone calls and says, "We are an authority and you need to deal with this now." And that's what plays into that social engineering aspect.

DW :     Another story that I heard recently is really interesting. Someone who pretends to be your tech support and just randomly calls people at the office and says you had a tech support call, I'm just returning the call and trying to help. And they'll often get someone who doesn't realize that maybe, you know, they hadn't put in a call very recently or they just had a question and so they start to talk to this person and they'll give up their username and then maybe they'll give up their password and thinking that they're dealing with a co-worker.

             And, of course, when you want to get along with your co-workers like Phil and I do, you're willing to give up information that you might not otherwise do. And if that person's now outside the organization in our modern environments where they're often employee portables that you can lock into from remotely or remote networks that you can log into remotely. A username and a password from inside a corporation can be very valuable.

PB :      And it's very easy, not to pick on VOIP, but with a modem and a magic box, very quickly - I mean I received phone calls from my own phone number while I've been on my own phone. So, it's obviously not me calling me. But they can spoof any phone number, they can spoof any organization. So, you'll get a call that purports to be from the Royal Bank, it's not necessarily from the Royal Bank and you still need to zealously guard your information and not just give it up to someone on the phone because they purport to be from a particular agency. None of these agencies and the banks, even the cable companies, none of them will call you up and start asking for your personal information.

DW :     And that's a good point. Both you, and the staff that you train, so that they are as aware as you are about how to deal with these problems should never give up something like a password over the phone or even over email. Those are just not the sorts of things anyone ever will ask for. They'll always reset it if they have a password issue so that they can go and get into your account that way.

             But that is just the sort of normal response where someone calls up and is it's a real emergency I've got to get my password or I'm calling for somebody who you know is out of the office and I need to get their password. That's the time when you slow down and you hang up the phone or delete the email and you don't send that kind of information. You find a different way to accommodate their request or to confirm really that the person who is on the other end of the phone or email is actually the legitimate person.

PB :      And another aspect of this that lawyers were seeing in a different form earlier this year and over the last couple of years have been with regard to collection. And they're getting certified cheques sent to them by someone who's paying off this collection and the instruction will be to put it through their trust account immediately and take a piece of it for their fees and so on. And this certified cheque is often stolen. But quite often the number on that cheque that the lawyer would call to confirm the account and confirm the amounts of the payor or the payee and so on, those would be added to the cheque after the cheque had been stolen.

             And you're really just calling the fraudsters to confirm that the funds are there and to confirm that everything's fine when you should be picking up the phone and looking for and looking on your computer to find out who's behind this? What's their main phone number and let me go through it that way to confirm things or deal with your local banker. You shouldn't just accept things at face value because it's printed on the cheque.

DW :     Yeah, particularly if you're talking - the case of the U.K solicitor who moved almost a million Canadian, that's the time when you're dealing with large sums that you really need to slow down and take as many precautions as you can. If you're getting emails that come in and say your account's been locked or your credit card's been denied or whatever, please click on this link and change it, then instead of clicking on that link go to your bank's website by typing it in your web browser and making sure you're going to the place you think you're going and then attempting to log in and attempting to see if that message is actually under your account. Because it's much safer and it's so easy to click on the link and go somewhere and think that you've arrived and it's just a false facsimile of the place that you thought you were.

PB :      And that's - I mean is really important I think to not click on attachments if you get attachments from someone you weren't expecting or this is different, as David said, that plea for money from a foreign country, this is they know human behaviour, they're working on that human behaviour, they expect you to click on something and if you click on something and maybe it looks like nothing happens on your computer and gee, I guess that's a bad file. But what's really happened is a Trojan or a worm has been downloaded onto your computer that will activate later and you might be sending out all your clients' information or banking information back to someone else. Or it may just be ransom and your computer will be encrypted and you'll be notified by email saying "Oh, by the way, $500 U.S and we'll decrypt your computer, otherwise we'll delete everything in a week."

DW :     So, hopefully that's made some sense to you. And if you have any additional questions, please just send four million dollars in unmarked cash to the Great Library and I will back to you as soon as I can.

PB :      And that's our look at social engineering. Thanks, David.             

DW :        Thanks, Phil.

Lawyers Working with PDFs

 Permanent link
Portable Document Format (PDF) is a default document format in the legal profession, whether you're downloading government documents, providing e-discovery, or just sharing with clients and counsel.  Phil and David talk about PDF tools, how to use mobile tools to capture documents and save them as PDF, and archival standards like PDF/A.
View Transcript

Speaker Key:      PB Phil Brown, DW David Whelan

PB :  Hi, it's Phil Brown and I'm here with David Whelan and today we're going to talk about PDFs.

DW :  PDFs are ubiquitous in the legal world, the portable document format, which is actually kind of funny because pretty much everything is portable these days. But the portable document format is the base for a lot of information sharing. Courts and governments use it on their websites to deliver information. It's a great way to take a document that you might have created in a word processor that would change if you sent it to someone else if they opened it up in their word processor. You can fix it so that it will always look the same. And both the fonts and the pictures and the lay-out, everything will stay the same. So, it's very useful.

PB :  And it makes it a little more hard to edit. So, for instance if you sent something to a client to review, and a little word of advice you should never send a client an open Word document, or anything like that because they can clip your letter head from it and your signature block and all sorts of things and use it nefariously. Because the PDF is a locked down version of that document that you've created in a word processing program, that's the one you want to send to clients.

DW :  Right, there's a great post on the site about why you should always use PDF for your final documents. And so, essentially, you can consider everything in your practice work product if it's in a Word document, not work product as evidence goes, but work product as work goes and then all your finals now are PDFs. So, when you get to the point of closing a file, you know really that you just have to go through and find all the PDFs because that's what you've been sharing with the client, that's what you've been sending to the court or to opposing counsel and now that's what you need to incorporate into your closed file.

PB :  So, it's like a snapshot, but it's not a snapshot.

DW :  Right. It can also capture a lot of information about the file so that if you put metadata into your Word documents that metadata can get transferred over into your Adobe Acrobat or your PDF files. And I just made the terrible slip that we were talking about earlier. Adobe Acrobat is almost synonymous as you can tell from the way I said it with PDF. Because Adobe developed the format and the Adobe Acrobat Reader is ubiquitous. Practically everywhere I think I've seen a reader, they use the Acrobat Reader. But they also are the creators of the Adobe Acrobat product, which is different from the reader. It costs money and allows you to edit or create PDFs. And so when you're dealing with PDFs you really have a lot of tools that you can use to work on them. And Adobe Acrobat is just one of those.

PB :  And the PDF is the cornerstone of the paperless office.

DW :  Absolutely, yes. I mean if you really want to be able to share documents, you don't have to worry about whether the person has Word or Word Perfect or what version they have and how the document will look on the other end. You can be almost 100% confident that the document they get will be something they can open.

PB :  And you mentioned metadata and metadata is created whether you want to or not with a Word document it tells when that document was created and which machine it was created on and at what time it was modified and any number of key words might be pulled from that document and incorporated in the metadata. And a lot of that is removed automatically when you convert it to PDF but you can also remove more.

DW :  Right. And so, that gives you the option then of when you create your PDFs to have as little metadata transported over from a document. So, if you're reusing a precedent you don't want to have metadata that may reflect on the other clients that you've used that precedent for. So, the PDF can help you to clear that out. And the PDF can also have information so that when you have to use it later or other people need to use it, it's easier to find it so you can add keywords or descriptions or properties in the same way you would with a Microsoft Word document.

PB :  And that is one of the beauties of the PDF is you're able to tag all sorts of unique information within it. So, if it's about forensic information, you might put in a forensic keyword or a file keyword or there's a number of things you can put in there. Maybe it's forensic and blood spatter and when you go and do your sort of global searches throughout your stored information you're going to be able to pull up these specific documents.

DW :  That's right. That's particularly useful if you have scanned in the document. And so, the document doesn't actually exist as text. You know, you have created it from a word processor, if I scan it directly in and I don't bother to do any character recognition on it, then it's really just an image. So, although I can read the words if I open up the file, the computer can't read the words because it doesn't know the words in the image mean anything. So, adding metadata particularly to scanned files that are on the images can make those PDFs very rich.

PB :  And maybe while we're talking about scanning, a number of scanners actually come with a program that's a reader or an editor as well.

DW :  Right, you can save a tonne if you find a bundle of Adobe Acrobat, the actual Acrobat editor, with a scanner you can save an awful lot on the overall licence to that software.

PB :  Now Adobe like many other companies is starting to go to a cloud model so you don't get a big box of software anymore if you were to buy the full Adobe Pro or whatever you would get a Creative Cloud license and you'd be paying by the month for that service and you get it automatic updates and things like that.

DW :  It's one of the reasons why I think the cloud's a rip-off. In the old days, you used to have a shelf full of all the old software that you either didn't implement or hadn't implemented in a long time. And now you don't get anything for your shelf.

PB :  You don't get any for your shelf, but you do get regular and automatic updates for your software, which in the old days when you paid $600 or $500 for a chunk of software, you didn't want to spend that again the next year to get your updates for the next version. And you usually didn't know what the big updates were anyway.

DW :  Right. Yeah and it's important to keep the software up to date. So, it's important to understand where you might be able to create or modify PDFs and the kinds of software that you use. Phil and I were talking about a couple of different areas and really I think it's fair to say they fall into the reader category, the writer category or the printer category, and the editor category. Do you want to talk about the reader?

PB :  Sure. So, readers, a PDF reader, there are a number of open source ones. And then of course there's the Adobe Reader and the Adobe Reader comes with just about every device out there. If you're using a laptop you probably have some version of Adobe Reader on it. Or if you're using a tablet, probably has a version of Adobe Reader. And it just enables you - a lot of browsers now come with an add-on so you can just read a PDF file or open it up on your browser and you're able to read it. You're just not able to edit any of those files necessarily with the reader versions. And as I said there's open source versions as well, not just Adobe; there's lots of other players in the game.

DW :  Yeah. Sumatra's a nice one. It's kind of ugly but it's a good open source one. I think the real benefit on the reader side because it is such a baseline, is the ability for people to be able to sign a document or PDF from within the reader. So, if you're looking at readers or whether your client has a particular reader and you're sending them a PDF to sign just be aware that in Adobe Reader you can do it, in Nitro PDF Reader there are ways to attach a digital signature, whether it's a picture of a signature or a little digital stamp or finger drawing on a tablet. That's one of the real benefits of the readers.

PB :  And the writers and editors are more robust.

DW :  Yes, the writers actually, it used to be a big deal to get a PDF writer but now it's built into the Microsoft operating system. So, that if you're ready to save your file, your PDF, and send it off to your client, you just do file save as and choose PDF format instead of .docx and it will generate a PDF file that's new and different from your .docx file, with the same contents but with all the information that you got in at that time. So, the writer really is something you can do file print as.

PB :  And they're also smaller files and take up less space.

DW :  Yes, yeah they'll be compressed over the Word doc. And they're useful too - I just misspoke, what I meant to say was file "save as" in Word. But if you have a printer installed, again I use Nitro PDF, but there are lots of them out there. Many free PDF printers when you go to a website or when you go to something else that doesn't have a "save as" capability into PDF then you just do file print and you print directly to your PDF printer and then you end up with a PDF of whatever the website is or whatever you're looking at.

PB :  And a lot of programs also have an export option as well.

DW :  Yeah.

PB :  Where you would export that document as a PDF.

DW :  Yeah, there's some really interesting tools. And we're going to talk about editors in just a second. But I think there's some other useful ones. One I wanted to mention because it's similar to, although not as powerful as the functionality in the Adobe Acrobat Editor, is something called PDF SAM. And if you Google PDF Sam, it's an open source tool that uses Java, which I'm not really thrilled about, but it allows you to split and merge, that's what the SAM is in PDF Sam. So, you can split and merge an PDF. So, if you receive a PDF you can split it into multiple pages or into parts so that if you only want to share or keep a couple of pages you can do that. Or if, for example, you're doing an expense report and you have multiple receipts from somewhere you can merge them into a single PDF. If you're closing a file, you can merge them into a single closed file for your client.

PB :  Sure. And just before you talk about editors I wanted to mention a lot of tablets and phones now you can download a program for scanning documents. And it's great for things like receipts and other documents, where you can actually just take a snapshot of it; it's immediately converted into a PDF. It's framed. Even if you did it crooked, it will be framed up nicely by the app and there's a number of apps for your phones that are a buck, two bucks, three bucks. And there's free ones as well. But you can convert something, a snapshot of something on a tablet and convert it to a PDF and export it to a client if you need to. And they can presumably sign it and send it back to you.

DW :  Yeah, it's great. I keep my office paperless that way. I use Microsoft Office Lens, which is free on Android and also Genius Scan, both of them are great. Genius Scan is actually a paid app, although I'm so cheap I think I got it free. [laughs] so, editors.

PB :  Yeah, let's talk about editors. What's the difference between an editor and a reader?

DW :  An editor will allow you to read a PDF but it will also allow you to actually make changes to it. So, say I saved a document out of Microsoft Word and I open it up in my PDF reader and I see that there's a typo, I could go back into a Microsoft Word, make the change and do the "save as" again, or now I can go into my Adobe Editor, my Adobe Acrobat Editor. And I think it's called Adobe Acrobat DC now for the latest iteration, the one that sort of quasi-cloud. And I could actually click on the word and use the tools inside it to change the letter from the typo to the correct. So, there's an awful lot of extra functionality built into it. Not just things where you're dealing with the text, but you can add forms, you can create what's called in Adobe it's, only in Adobe Acrobat, portfolios where you bring in a bunch of different PDFs or video or audio into a single PDF file. So, it allows you to do some really fantastic things within the document.

PB :  And if you're worried about a client having a PDF editor on their desktop and altering your document, you should know you can also lock down that PDF so it's a read-only version and it cannot be edited no matter what.

DW :  You can even go beyond that, you can stop cutting and pasting, you can stop printing. I will say, and I won't tell you where I heard it, but there are ways to get around those sorts of restrictions. But I don't know if there's a way to get around a password if someone has just locked down the cutting and pasting. There are ways to get around that. But it really gives you some excellent options. Another thing is the bookmarks or the index, the Table of Contents that's generated with the PDF. If you're in Microsoft Office it will often generate that for you if you're using Microsoft Office styles. But if you're in the document and say you've got 12 exhibits you've all put together into a PDF after your factum. Now you can create that Table of Contents within the PDF editor so that when someone else opens it up they have a nice Table of Contents on the side so they don't have to just page through and see what you have, they can very quickly see all if it in one little screen.

PB :  So, the last thing we can talk about is maybe a bit about archival PDFs and the differences.

DW :  Yeah, there's a long-term concern about how to hold onto these digital files. I mean we were talking on a recent podcast about the yottabyte and whether a practitioner will have all of his or her files on a single disc for his or her entire career. So, how long do you keep these files and what sort of format are you going to keep them in? If you've got old Word Perfect files you're probably already struggling to be able to open them in anything. PDFs will have a longer life and then in the PDF world there are the archivists who are worried about PDF/A and I know you're an expert on PDF/A.

PB :  Maybe not an expert. But PDF/A is something that came in, as David said, to archive documents and still be able to retrieve them a number of years later and I think the standard they were shooting for was six years. And the question is if you save something now in a particular format and you mentioned one product, WordPerfect, some of those documents you can't open now because you may have had an older version that it was created in, you don't have any version now in trying to open it in Word. You will might be able to open it but you might lose a lot of the formatting and possibly some of the content. So, the goal with PDF/A was to come up with something you could open six years from now and wouldn't lose any data. You'd still be able to read it in the form it was saved in and so on.

DW :  The funny thing is I talked to the Law Society archivist about this and he said that there's a real split of opinion over whether that's good because you do lose some of the functionality that makes the PDF useful like embedded links and things like that in order to get that longer preservation. So, even in the real nitty-gritty world they're not 100% sure about how to do it.

PB :  And that's why they've continued to work on versions, a PDF/A version 3, which has a much longer name is the latest iteration of PDF/A and you are able to embed links and things like that within it and images and all sorts of things that you weren't able to do in version one. And there was a bit of a transition through PDF/A2. And I think we'll see a fourth version and a fifth version and so on because archivists are always tweaking with the next piece. And now it's a six year standard. But more and more law firms and libraries and so on are archiving material digitally and I think you're going to look at, because of the cost of physical storage is so high now, more law firms will be struggling to convert to paperless. And they don't want their data to disappear. And they still want to be able to recover it if they have to protect themselves from a lawsuit 10 years from now.

DW :  So, if you're not using PDF, now's a great time to start using it in your practice and hopefully we'll have outlined some of the tools that you'll be able to use.

PB :  Thanks very much David.

DW :  Thanks Phil

Technology Jargon: R through Z

 Permanent link
Join Phil and David for the fourth - and final - technology jargon podcast, where we cover topics from R to Z:  two factor authentication, yottabyte, SMTP, and rooting phones.  Our other jargon podcast - A to F , G to L , and M to Q - are also worth a listen.
View Transcript


Speaker Key:       PB Phil Brown, DW David Whelan

PB :  It's Phil Brown and I'm here with David Whelan and welcome to part four of our Jargon 2015 podcasts. And I would suggest you go back and listen to the rest which would be from A to Q and now we're going embark on the letter R. David what do you have for the letter R?

 DW :  Alright Phil. We're going to get a little bit into the dark depths; we're going to talk about rooting. So you can root your phone or, in the case of Apple devices, you call it jail breaking. And what it allows you to do is to take control of the operating system. Currently, when you buy a device, an Android device or an iOS device, the operating system is actually administered by the operating system or the device. And so you can't make changes, you can't get down into the internal innards in the same way that in Windows you might open a command prompt and then be able to type commands. It limits some of the access that you have to your own device and so if you root your device or jailbreak it, you can apply additional rights, administrator rights that allow you to get access to these other things and in some cases to install additional software and that's why I do it on all of my Android devices. I will root my device and then I will apply a firewall and I'll use the firewall then to block all of the incoming and outgoing traffic that I don't want to have happen on my phone, so that I always know which apps are communicating. So, from that perspective, I like having that extra control. It will invalidate your warranty in almost every case, so I don't know that I'd recommend it for everybody, but, at least you know now that when people talk about rooting a device or jailbreak, really all they're doing is taking administrative control of their actual device.


PB :  And you're also doing the letter T after and I'm wondering if that's going to turn out to be tinfoil hat. But let's talk about the letter S, which is mine. And for the letter S, I have SMTP, which everyone uses and no one really pays much attention to its operating in the background of all of our emails and it's simple mail transfer protocol. It is not the part that actually determines how you receive emails and how they're displayed and so on, but, it really sets up the coordinates to say you know this is the email you've constructed in your computer, now sent it out this particular port, send it over the internet and this is the destination that it's headed to.


DW :  And the S really does mean simple. When I set up my first email server, it will send anything that it receives and so if you don't secure it, you can end up as a spamming source on your email server. So make sure even if it's simple it's not Simple Simon.


PB :  Right, and I think we've talked about in the past in fact we have a podcast about how email works and we've talked about things like POP and IMAP before. So if you're interested in POP and IMAP you might want to listen to our podcast on how email works because we talk a little bit more about the delivery and how you actually receive and display the emails and what happens if you delete one kind and not the other kind.


DW :  Alright so no tinfoil hats for T unfortunately. I'm going to talk a little bit about two-factor. Two-factor authentications are exploding in interests now in part because people are more fearful of people tampering with their accounts online. So we're starting to see that with our online accounts. It started with Google and with a number of the online professional services systems. Now we're seeing it on sites like Amazon. And what it allows you to do is to supplement your user name and your password on these online sites with an additional piece of information. That additional piece of information is usually a number that is texted to you or is generated in an offline app like Microsoft Azure Authenticator, or Google's Authenticator app and so if you've got your phone or your tablet with you, you just open up your device, you open up the app and it will show you the code that you then need to type in and that will assist you in logging into these sites and also slow down the ability of other people to change information about your account or to access your account merely by trying to guess your user name and password.


PB :  And I know we both use two-factor authentications. One of the things I really like about it is if you sign in to your device, or your account rather from a different device or from a different location it notifies you as well by email to say: "Hey you have a new log in from this iPhone which is never been used before into your account. Did you do that?"


DW :  Yeah, it's great to have them watching for you because again you will get surprises sometimes about which devices are accessing it and sometimes it's a kid or somebody else that you intended to get in there and sometimes it isn't. One thing to keep in mind with the apps if you use the Microsoft account app, the only way to get those account numbers is via text. One of the nice things about the Google and the Microsoft Azure Authenticator is that it's totally offline, so you don't need to be able to get a phone signal in order to be able to get your code to put it into your system.


PB :  And since this is an alphabetical jargon podcast, how's the Microsoft app spelled?


DW :  A-Z-U-R-E Authenticator.


PB :  And that's a zed for the Canadians out there listening.


DW :  Alright what do you have for U?


PB :  For U, I have URL. Everybody talks about URL's or has heard the term URL, but might not know that it stands for one of two different things. They couldn't decide. One is the Universal Resource Locator and the other is the Uniform Resource Locator and it's basically the address of the webpage. So, when you type at the top [], it actually points at a particular four component series of numbers which is the internet protocol address that is out there somewhere that connects your URL to the actual computer that you're trying to connect with.


DW :  Right, and it's uniform because if that number changes, if the Law Society got up and moved all of its servers to a different company. Say they left Bell, for example, and went to a different provider that URL would continue to work even though all those IP addresses had changed.


PB :  It's uniform and it's unique as well, although there are often sub addresses and so on. And each device you're using has a unique address as well.


DW :  Alright for V I've got VPN. The virtual private network. VPN's are great, lawyers should use them whenever they leave their offices and they are using devices that have client confidential information on them. It allows you to have a protected connection over the Internet. It's like a little encrypted pipe that only you can access and between you and wherever the VPN terminates, you can get to other places without having to worry about people eavesdropping on you. Some people will use it to get past geo blocks so that they can watch Hulu or Netflix in the US, but it's really good for making sure that when you're doing online transactions and you are in a public place, that you've got a secure connection. You might also use it, you can set up a VPN endpoint in your office so that when you're on the road, you can actually connect back to your office and have a secure connection from wherever you are back to your office and so you don't have to worry about anybody in between.


PB :  And we've talked before about clean devices and things like that and this is the perfect opportunity to use a VPN because if you are on the road quite likely you don't have anything other than a public network to use whether it's a hotel Wi-Fi connection or even a hotel wired connection, it still would be considered to be somewhat public and using that VPN within the public network will protect your data or your clients data, more accurately.


DW :  That's the most important part. Alright what about W?




PB :  And you can see a lot of that coding if you go up to the in your browser and check out the source which no one ever does, but, you can see a lot of that XML coding that's built into that webpage to see what's kind of hidden there if I can put it that way.


DW :  But why would you? What do we have for Y Phil?


PB :  Y; Yottabyte. Y-O-T-T-A-B-Y-T-E. It's unlikely you will ever run across the term Yottabyte other than it being the largest measurement possible for an amount of data which is two to the eightieth power. You may see it someday in terms of the amount of memory available, but, you know laptops have gone up more and more and more and a megabyte used to be a lot. Now it's pretty common to see five and ten terabyte drives available. And I think eventually you'll see a drive that big, one of the things to remember of course is the bigger the drive, the more information you have on it and if it fails you've lost a lot more information than you intended and I don't know if we'll ever see a Yottabyte drive.  It won't be much bigger than the terabyte drives in terms of size, but, the thing to remember is the amount of data you have on there. Especially without any partitions, if you have a drive failure, you're going to lose all of your information which could be more than you expected.


DW :  It's funny to think about too because if we think about a new call this year coming out of law school or a new paralegal coming to the profession, their entire career will be something that is stored on a hard drive where a lot of us have a good amount stored on hard drives, but not everything. So they might actually need a single yottabyte drive to last them their entire career.


PB :  And it's funny to see even if, I'm dating myself here, but, to see how much computers have changed. I know you know at one point the Macintosh classic was considered to be a portable computer. And I think they weighed about sixteen pounds, but, they did fit under an airline seat. If you zipped them in their little bag, but, just barely. And they had a floppy drive and that was pretty much it and then you know we've lost our five and a quarter inch floppies, but, even now if you look at some of the newer machines, they're getting rid of optical drives, they're getting rid of even USB ports. Apple's gone to a new proprietary port that they have on their machines that's meant to replace the USB.


DW :  It's all portable, everything.


PB :  And now you have the letter ZEE or the letter ZED; take your pick. And what does Z stand for?


DW :  Z stands for Zero-day and Zero-day is getting a lot of press in part because I think everybody's much more aware about how computers are attacked on a regular basis or under threat on a regular basis. A zero-day is short for zero-day exploit and what it means is that someone has identified a problem within a software application. Something that they can use to exploit, to attack, and nobody knows about it. And so, they will save that up. It's been documented that governments saved this up for their attacks and, of course, the criminals do it as well and then when the first attack happens, that's the zero-day, that's the announcement that oh we've got this problem and often a zero-day, the problem with a zero-day is that there isn't any patch for it, there's not fix for it. So if you like many people will use Adobe Flash which was patched on this last Tuesday, it's December 2015 and it had seventy eight patches, a lot of those were in response to exploits that they had found on their own. But, the zero-days happen outside of that world and are things that really are of a concern for all of us because it often means that even though we've patched and done everything we can to make sure our law-firm computers are up to date, that these zero-days suddenly put everything at risk.


PB :  And there's a bunch of websites that you or your tech people should be looking at all the time to figure out you know what's going on out there in the world. It's not just enough to do a virus check every day or a malware check every day. You really need to be looking at sites like Symantec, and Krebs and things like that to figure out what's going on out there.


DW :  Right. It really is, it's making using technology practice a lot more complicated.


PB :  And if you're using a computer and you're on a network, you should be doing a tech audit every year to see you know, make sure your licences are up to date; make sure your software's up to date. That you have all the patches for your browsers, your routers and you mentioned recently having your routers up to date because they do eventually become obsolete.


DW :  Yes. And if you don't want to update them then just throw them away and buy a new one, but, definitely don't hold onto the old hardware.


PB :  So that is the end of our look at our Jargon podcast for 2015 and we hope you've enjoyed them as much as we have and thanks very much, David.


DW :  Thanks, Phil.


Technology Jargon: M through Q

 Permanent link
This is our third swipe at jargon, covering M through Q:  open source, queries, and the wireless N standard, among others.  If you haven't listened to our podcasts on A to F and G to L , you can add them to your list.
View Transcript

Speaker Key:      PB Phil Brown

                                DW David Whelan


PB :  Hi, It's Phil Brown and I'm here with David Whelan and today we're going to start part three of our Jargon 2015 podcast.

DW :  Yes, if you've missed them, go back and listen to A through L on the previous two jargon podcasts and today we are going to start with M. What do you have for M?

PB :  M is for megabyte, so we all talk about a megabyte, but, very few people I think understand what the unit represents. It's just over a million bytes, the byte being the smallest unit I suppose available for memory and storage. To ball park it, one byte would be equivalent to about one typed character if we're using text. So if you're thinking about how much storage this is going to take up, you can equate it more or less depending on spacing and things like that on a one-to-one kind of ratio. So, how many pages would that be? Roughly, depending on your font and characters and whether you have any images, a megabyte would be somewhere between two hundred and fifty and five hundred pages of information. What do you have for N David?

DW :  N I have the letter N. When you buy wireless routers or get on wireless networks you used to buy wireless routers that had the letter B and that was the standard at the time so you'd get Wi-Fi 802.11b and that was where it began. And that was sort of a slow speed and then it slowly grew to 802.11a which seems a little bit backwards. And then a few years ago we went to 802.11n and that was the speed that you aimed for or the hardware that you tried to buy. And now we are going beyond N finally. N which never really stood for anything I always thought it meant new, but, it never stood for anything and it was a big leap up from the A's and the B's. And now we're going to AC, so if you're going looking for new wireless hardware, you want to make sure it's going be compatible with the AC protocol that's coming along which is promising and you know hundreds and hundreds of megabits per second throughput which is great if you are using it in your internal network inside your office.

PB :  And hopefully most of the routers and modems are backwards compatible.

DW :  Yes, I think from that perspective you should be fine. The trick or the thing to remember really with Wi-Fi hardware is even if it says you're going to get 800 megabits per second throughput, as soon as it hits your internet connection which is only 1 megabit per second, you lose 799, so it's great as far as internal use if you want to stream files from your server or if you want to stream movies from your server, it's great, but, you need to just keep that in mind that although you're getting higher, it is good, it's positive for internal use, it won't necessarily mean that your internet access gets better.

PB :  And it also just the last one last point I think is if you have a device on your network at home or on your Wi-Fi network, that is an 802.11b, even though you have an N router it's not going to go to that N protocol because it goes to the lowest common denominator on that network.

DW :  Right, yes, if you got 802.11b's or 802.11a's out there you want to make sure that you toggle them so they go to N if they can or frankly just update them because you're got that kind of old equipment you'd get a speed boost if you update it.

DW:  Okay, what's there for O?

PB :  O, I've chosen open source. It's software where the programming code is available to anyone. And you will see one of the advantages is that you're not working with proprietary software so there's no bowing down to one of the big guys if I can put it that way. And the other thing is there is sort of a lot of crowd-sourced improvements to open source software and you can either make your own improvements if that's possible, if you have the knowledge, or you can rely on others to tweak things as the software goes and there's regular updates and in theory can improve things quite a bit.

DW :  And I've heard though the flip side and the reason that law firms might not use it is "Well, I don't have anybody to call if order to get support because since it's open source in its community then I have to rely on the goodness of other people."

PB :  And that matter, I suppose, is one of the major downsides of open source is in terms of the tech support available. You're really going on you know Google searches and looking at boards and trying to find out fixes and workarounds that other people have worked out. Or you can throw your problem out there on one of these boards on the Internet and other people might be able to solve the problem for you as opposed to going through some thirty page FAQ from Microsoft or Apple or someone like that and then the little proviso at the bottom saying "Did this help you with your problem?"

DW :  I think the interesting thing about open source is how much of it we use without really realizing it and so if we use the Mozilla Firefox browser for example we're using open source software and I think we're going to see a trend. Certainly with Microsoft embracing Android and other environments Linux, we will see that they will be open sourcing more of their code as well and so that's the nice sort of sweet spot where you got an organization supporting it that's big enough to actually support it, but, it's still free to us to use or to play around with.

PB :  And I think there will be quite a bit more talk about open source software given some of the concerns people have these days with the larger companies potentially giving up encryption keys to various governments.

DW :  Right. So we'll have both free beer and free puppies.

PB :  That's right. And now the letter P. What do you have for P?

DW :  P: I like the word proxy, proxy is good, lawyers know what proxies are. In the terms of technology, a proxy really does the same thing that a proxy does in real life. It stands in the place of you. And a proxy can do some good things for you; it can allow you to route all of your network traffic through the proxy which will then protect your systems from behind that proxy by filtering out information that may be unique to those web browsers or computers. It will allow you to control how your traffic flows in and out of your environment. So it's a little bit like a security tool where you can funnel things and control what gets to the web and what doesn't. One of the benefits of using a proxy is that you can set it up so that it blocks out inappropriate sites. Web filtering is an obvious one and from a parent's perspective you might do it. But, even more importantly frankly is not the contents so much as the malware sites and bad sites like that where you just don't, you want to eliminate the ability of your staff or people in your law firm to even click out and potentially download malware and things like that. A proxy server can allow you to funnel everything through that and make sure that anything that's leaving your law firm or coming back into your law firm is coming from a place you want it to come from.

PB :  And the proxy doesn't have to be a physical server, it can be a virtual identity.

DW :  Yes. You can actually buy a computer and run all of your connections through it or you can buy a piece of hardware that acts as a proxy or you can just have this virtual identity, so it runs through it and then runs back.

PB :  Right.

DW :  All right. What's up for S? I'm sorry Q, we always forget Q.

PB :  Q is a tough one. And the best I could do was query. Queries are the sorts of things you would use to make inquiries of software for your computer to find out things like which of my ports are open? What's my IP address? Things like that.

DW :  Yeah and it's amazing really, it's one of those terms of art that I think lawyers would probably understand. It really is just asking, you're just asking things and so in Excel you may be using the Excel query language in order to ask what is in different cells and how to manipulate those? Of course, when you use a web search engine like Google you're obviously doing a query there so it's interesting really how many query languages we're surrounded by.

PB :  And that's part three of our jargon podcast. Stay tuned for part four.

DW :  Sounds good.

10 Serious E-mail Tips for Lawyers

 Permanent link
Here are ten - or maybe 11 - tips on how you can use e-mail more effectively in your law practice.  Have you listened to our other e-mailpodcasts ?  This one will take you further in, looking at disclaimers, auto-responders, and where your e-mail service is.
View Transcript


Speaker Key:    PB: Phil Brown, DW: David Whelan


PB:  Hi, it's Phil Brown and I'm here with David Whelan, and today we're going to talk about ten serious email tips.


DW: Serious, not jokey ones. We're not going to get into things like how to be appropriate on email and proper etiquette and things. We are going to talk about some things that you probably should be thinking about. The first one we are going to start off with is to get a professional email address. You do not want to have emails going out from your firm that are from "", "", "bell" or "". You want your email address to reflect your firm, and so it is a bit of branding, but it is also a bit of professionalism. So the basic way to do that is to buy a domain name, or register a domain name, and it would be something like "" and then you would use that with your email system. You may host your own email system, your own email server, or you can use a remote one, and you can use Google.


Google Apps for business will give you Google Mail and the web, but also use your domain name. Zoho ( has a free email server for up to five users, so if you have a smaller solo practice you might be able to apply your domain name to that. That way, you have to run your own email servers, but you will at least look as though you are an actual business.


PB: And I was just going to say, with those domain names, you do not have to have a website behind it.


DW: Right.


PB: So you can have "", but you do not have to have the "" website. You can just use the domain for email.


DW: It gives people a bit of a sense that you are in it for the long haul, that you have made a commitment to your business.


PB: And the other thing I would say about that is, just from the fraud perspective, and this is just a small reminder, if you are getting an email from someone purporting to be retaining you from some large business, but their email domain is "", "" or "", they are not really emailing you from that large business.


DW: That's a good tip.


PB: And it is just something to watch for. Our second tip, consider using email software.


DW: What email software do you use?


PB: I am not going to tell. I use about six different email software. I use Outlook mostly.


DW: And I guess we should probably distinguish for everybody what we mean by email software. Is that the same as logging on to Google Mail or something through your web browser?


PB: No. The web-based stuff is different and you are really, kind of, just borrowing time on a server somewhere else.


DW: Right. The most common software that you will find in law firms is Microsoft's Outlook. It used to be confused with Outlook Express but hopefully, if you have finally gotten off Windows XP, you have also gotten off Outlook Express. Windows 10 does come with a mail application - it is terrible - so you really should look at something like Outlook, which will cost you a bit of money, or you can look at some free email programs like Mozilla's Thunderbird, by the makers of Firefox. There is another good one called Inky, which requires an account with Inky, but it runs multiple email accounts all within one system. These tools come with additional productivity benefits, where you can start to really manage your folders and manage your files in different ways. Export your emails on your computer and also have some sense that if you want to, you can have all of your emails stored on your computer rather than sitting on a server somewhere else.


PB: And speaking of storing those emails, we get to tip number 3, which I suppose you could characterize as using your inbox as a file cabinet.


DW: Absolutely. Keep everything in your inbox. You know, when you hit 20,000 emails in your inbox then you know you have really been practicing for a long time. There are pros and cons and, in fact, there are a lot of cons to using your inbox for all of your emails but, in some cases, it can be done.


PB: And one of the reasons, I suppose, it could be done is because of the search tools that are available now, so that you can nuance them and find just about anything anywhere on your computer.


DW: Right. It really comes down to how you are going to manage it. If you are storing all of your emails in your inbox, and we are not kidding when we say we have heard of lawyers with more than 10,000 emails in an inbox. If you have not done anything to them and they are really just sitting there in the order that they came in, that is not an effective way to manage your information. But if you are in something like Google Mail, Thunderbird or Outlook, and you are applying labels so that you can sort and filter your emails, or do things that are "folder-ish", then that can actually be a pretty effective way to manage all of your emails. Otherwise you would need to be looking at doing searches that are specific, that will do the filtering for you, or use folders, the good old folders. Most email applications still support folders.


PB: And as I would say, from a practice management perspective and the best practices method, it is probably not a great idea to have your inbox filled with every email you have ever received because it is so easy, in that environment, to miss an email. And it might be an email that you should have dealt with, that was time-sensitive, and you skipped over it because you had another 30 emails to deal with, and when you go back it gets lost in the mix.


DW: It could be hard and, I guess, if you have something happen to you, it could be hard for people to come in and look at your inbox and figure out what is going on.


PB: Again, that is the other thing, I suppose, is if you have to go back and build a trail, or if there is some sort of a contingency plan that activates because you have been hit by a car, they may not be able to use that desktop search function that you have relied upon for all that time.


DW: Okay, tip number 4, we all love robots, so how much of my email can I automate?


PB: That is a good question, and it is probably a good idea to have an auto-response that says things like, "Thanks for your email, I have received it, I will respond to your email within 24 hours". It might not be such a good idea to have the auto address function enabled, so that as you start to type in an address to a client it automatically gets filled in.


DW: There are some really good productivity tools, and most email clients (whether you are on the web or you have software like Outlook on your computer), at any time you use automation you should really think about what they are doing. I think the one about notifying the clients makes so much sense it should almost be like a permanent "out of office", but you will not actually be out of the office permanently. Letting people know what the expectations are about communication are great, but so many people have gone awry when they have used other tools like the address functionality or other things that are auto-inserted or auto-addressed. You can even get into problems where emails come in that you auto-filter into a folder, and because they are not in your inbox you forget that they have come in and you do not go and check that folder. You could miss a deadline or something like that.


PB: Yes, the auto-address thing, for me, is something I turn off immediately because it is probably one of the biggest sources of sending emails off to people you never intended them to receive.


DW: This is an extra tip for the Outlook folks. There are two different types of auto-address features in Outlook. One is where it guesses and tries to put in the best one, based on your typing, and then there is another one where it will essentially ask you whether this is the right one. You will want to turn off the first and you can, potentially, keep the second, but you may want to think about not doing your addressing of emails until you have actually finished the email and so you can really concentrate on the name of the person who is going in that email.


PB: And I would say, for tip number 5, you should consider using encryption in your emails.


DW: Yes, that is a tricky one, isn't it, because when you are on the web, typically when you are communicating with the email site, like Google Mail, that traffic is encrypted, but when you send the email it is not encrypted after that, is it?


PB: No and one of the problems, I guess, that could come up quite frequently is that there has to be a key exchange with you and whoever you are sending that email with, so that they are able to decrypt on their end, and you will find some clients just do not want to deal with that. They do not want to take the time to secret squirrel your email when they receive it. But there are clients, on the other hand, who want to make sure everything is encrypted. Documents are encrypted and, of course, clients who will not even consider using email.


DW: Right. Is there a reason that you want to encrypt the everyday emails?


PB: I don't think so, but I think it is getting so much easier now, with emails. You used to have to cut and paste them and generate random numbers and letters, and now there are a number of different encrypted emails available. I just think that if you want to keep an eye on confidentiality, it is not a bad thing to consider. I am not suggesting it is mandatory, by any stretch, or that people should use it with all of their emails but keeping things with another layer of security is not a bad idea.


DW: Google is working on end-to-end encryption for its email and I think when it finalizes that and it comes out we will probably see encryption made available through lots of other clients who are trying to keep up with that.


PB: The use of web form emails as a point of first contact for clients.


DW: Yes, so imagine going to your law firm website and a client wants to reach out and talk to you, do you give them your email address or do you give them a form that they can fill out?


PB: The danger of having your email address on your website, for a first point of contact, is that people can send you all sorts of things and attachments and they can make attempts to create some sort of solicitor-client relationship by sending you confidential information and things like that. I think it is a good idea to have those web forms (e.g. give me your name, give me your address, or where I can contact you), but they cannot send any attachments.


DW: It is a good idea, too, when you think about our tip number 7, which is what happens when you get emails from people who you do not know or are not expecting to get emails from, that have things in them that you, perhaps, should not open or should not click on, and so we are talking about phishing.


PB: And you can receive an email from an address that you know, and it could be something simple like what looks like an email fax from that person, with their address attached, but when you scroll over that email, and I would suggest people scroll over every attachment before they open it, and be very careful and not open an attachment you were not expecting to receive, because it may end up putting something on your computer that later encrypts everything on your drive and, possibly, in the Cloud, and holds you hostage.


DW: Lawyers in particular, I think, need to be exceptionally wary of, pretty much, every email that comes in. Even if it does not look suspicious, even if it looks like it is coming from a person you know and it has a file that you were expecting, I think you should still be very wary. There was a lawyer in Pennsylvania who thought he had been emailed a voice message, by his voice message system, and when he double-clicked on it to listen to it, it did encrypt his entire computer. So when you are getting email attachments, download them and scan them before you open them. When you have links that are in the emails, do not just click on them. If someone is saying to reset a password or go somewhere, then open up your web browser and go there through the web browser, but not by clicking on the link.


PB: And I probably get three or four emails a week from organizations that I am supposedly banking with, that I am not, telling me I have to reset my password and I have to give them some personal information or I will lose my ability to use that account which, of course, I do not have in the first place.


DW: Yes, they are getting smarter and smarter.


PB: And let's talk about disclaimer. Should you be using a disclaimer?


DW: Disclaimers are funny because on the one hand, they make a lot of sense that you would want to have a disclaimer, particularly for issues related to privilege and things like that, and if you are in an area of law where there are regulatory requirements for you to have a disclaimer, obviously, you should have one. But for the most part, because of where they are placed in an email, they are pretty useless. And unless you have a particular need for them, I would not bother to put a disclaimer on your email. Similarly, here at the Law Society, we have disclaimers in both English and French, just because of the amount of text that it involves. If you are only emailing with a person who speaks English, you probably do not need to have your disclaimer in both languages. So it is really about keeping your email nice and clean, keeping out what does not need to be in there and thinking about just having the information that is really useful.


So instead of a disclaimer, think about having a really good signature block, where you have your contact information, including your email address, so that if the email, as it invariably is, is ever printed off, all of the information about how to contact you is included in that. It is not just a name, it is not just part of your contact information, it is all the stuff that someone would need to get in touch with you.


PB: Sure and I don't think you are going to find lawyers or paralegals getting away from those disclaimer block signatures at the bottom of an email. I think they are here to stay. I am not aware of all that much litigation over them, but I would also refer people to the Rules of Professional Conduct , which deal with things like inadvertent disclosure and the email that is mistakenly sent to you which contains, potentially, all sorts of privileged information.


DW: So, really, what we need is a disclaimer that comes at the beginning of the email, and that has a little "okay" button before you can actually read the email.


PB: And that might not be a bad idea in the future either. Return receipts and recalling messages.


DW: Return receipts and recalls are one of my favourite things, mostly because I block them. A return receipt is something that an email server will send. You set it up with your account, mostly with Outlook, but you can do it with others, so that if I send a message to Phil and Phil opens it, I get a message back that says that Phil has received my email. The problem with return receipts is that they can be blocked, and so having it turned on does not necessarily mean that you are going to get any information about the emails that were sent.


PB: And I think, with recalls. If you are not in the same email system that the other person is using, the fact that you are trying to recall it might not actually do any good. It is more important to think, "Do I really want to send that message?" before you send it.


DW: That's right. It is better to think about it in advance before you send that email. Google has a feature on Google Mail that does something like a five minute pause, so that after you hit send, it is still somewhere in the system so that you can get it back. But the reality is, once it is out of the barn door, it is gone. With return receipts too, from your own perspective, you are probably better off blocking them, because you do not want to be sending back information from people who are emailing you that maybe creates a paper trail that you do not want to create, about when emails are being accessed.


PB: And our tenth email tip, and I am going to add an 11, but at 10 I just want to say, once you send that email you have to be aware that you have lost control of that email.


DW: Right, so do not put anything in there that you do not want other people to see. Maybe, in some cases, you do not want to put in anything that could be confidential, because once it has gone to the other person, and hopefully it is to the right person, they can forward it, share it, and do other things with it that you may not want them to do.


PB: It might be published. It might be part of evidence later. It could be passed on to someone that has unintended consequences. Especially be careful if you are sending off an email to a list server or something like that, because you really have to consider that once you push the send button on an email, it might turn up on the front page of the Globe.


DW: Not a good place for your law firm to be.


PB: No.


DW: So what is #11?


PB: When using emails, if you are going to attach something to an email, do not ever attach just regular Word documents or anything like that in the email because not only does it contain a ton of metadata, the other problem is they can now take that document and add or subtract various things in that email and then publish it as if it were their own.


DW: Right. So formats, what are better formats?


PB: PDF being one of the big ones. Locked down and metadata removed so that it is essentially, just an image of something.


DW: Good tip.


PB: That's it for our ten serious email tips. Thanks, David.


DW: Thanks, Phil.


Technology Jargon: G through L

 Permanent link
We return to cover six more jargon topics - giga (as in gigabyte), Heartbleed, the Internet of Things, juice-jacking, kernel, and Linux - in our series of technology terms of art that lawyers may run into while practicing law.
View Transcript


Speaker Key:    PB: Phil Brown, DW: David Whelan


PB:  Hi, it is Phil Brown, and I am here with David Whelan. We are embarking on part two of our jargon podcast for 2015.


DW: Right. If you have not heard the first six letters of the alphabet, A through F, you will find them on our website. Let's start with G now, Phil. What have you got for G?


PB: G is for GIG (GB), or gigabyte, and one of the questions is how big a gigabyte is. It can be a billion bytes, but that still does not tell us much. I guess the big question is, how much information can you store in a gigabyte? It really depends on the kind of information you are storing and, for instance, different versions of Word. You can store a different number of documents. In the newest version of Word you can store about 7,000 Word files, and that is because there is quite a bit of compression that is done. Using the old "doc" version of Word, you would be able to store about 4,500 documents.


DW: Wow that is a huge difference.


PB: It is quite a difference, quite a bit of zipping going on in some of those files.


DW: So if I want to buy a new computer, how many GBs do I need in it?


PB: I think, now, a lot of the computers have gone from worrying about how much internal storage there is. They expect you to get some external storage, or to store most of your information in the Cloud. Of course, that has potential inherent risks, but I am not sure how much. I guess the amount is the amount that is going to allow you to run your operating system efficiently.


DW: It is probably one of those "more is better" things.


PB: More is always better. I guess not all memory is equal either, and some of it is going to be slower than other memory, in terms of storing and being able to access that memory later.


DW: Alright, what about H?


PB: H is for Heartbleed. Heartbleed is, sort of, a pesky little thing that has been around for quite a while, a couple of years. It is related to the Open SSL system, or secure socket layer system, and it is on about 70% of the internet. Open SSL, used with Apache servers, is really something that is used in just about everything, whether it is chat, instant message, email, or accessing web servers. The only way to guard against it is having the most up to date versions of open SSL running.


DW: Now, are most lawyers going to have SSL running on their computers?


PB: It is going to be running on most of the web that they are accessing, as opposed to their own computers, hopefully. Although, I suppose it could be running on their firm website servers.


DW: Right. I guess one thing they could do, if they have this Heartbleed vulnerability, is that they could test their SSL connections. But I guess they should also be aware of when they are connecting to a bank or something that uses SSL, they should know whether that one uses something that might have Heartbleed.


PB: Yes and then also, the banks running Windows XP and things like that. I is for the internet of things.


DW: Ooh, the internet of things, I love the internet of things.


PB: And the internet of things is going to play a bigger part in the next five to ten years, with some of the Bluetooth and Wi-Fi stuff that is out there, connecting your homes so you can initialize your coffee maker from work on your way home, or turn lights on and off and heat up and down and air-condition management, and a number of things like that. Of course, it potentially comes with a number of vulnerabilities, in terms of the security. A lot of these things really do not have the ability to update the security within them.


DW: Right and what I have heard is that a lot of these are coming with a version of Linux or a free operating system on them, because that makes the device cheaper to produce and distribute. But it makes it older software, in some cases or, as you say, software that cannot be updated. So you can potentially have a bunch of things for example, the latest one I have heard about is the toaster, an internet connected toaster. I do not know how that works if you are not there to put the bread in it though. You have all these devices that have passwords that you have to worry about, and connectivity issues that you are going to have to worry about.


PB: And I think one of these things is going to come back to managing your network. When you unwrap that network for the first time, make sure you change your administrative name and administrative passwords, and set your Mac permissions so that other devices cannot connect. Also keep an eye on your Wi-Fi and make sure it is updated often and that you have the most up to date security software that you can manage.


DW: Do you think internet of things is going to be more of an issue for lawyers in their firm or in their homes where they are doing work?


PB: I think it is more likely to be in their homes, especially where they are sharing networks and might have other less secure devices on that home network. Sort of a mishmash of bring your own device problems. So, your nanny cam, for instance, which might have been handed down from someone else, might not be very secure versus a newer version, or might be exposing a vulnerability to your home office computer, where you access your banking information.


DW: Sounds like a great time to go live in a cave.


PB: It is one of those things. Maybe you want to disconnect some of those devices that are great for convenience. Do you really need an internet enabled toaster or coffee maker in your home?


DW: I am thinking you do. What about J?


PB: J, juice jacking is just a term I am going to toss out. We have an entire podcast about it. It is really about when you go and see one of those kiosks where you can plug in your device to charge it while you are spending some spare time. Maybe you have noticed your phone is almost dead and you are running through the path or in a mall somewhere and you see one of these stands where you can just plug it in - it is brought to you by the local camera store or whoever. It may not be and you just have to be very wary that one of the things that you are potentially doing is exposing all of your information for download while you are plugging your device in to recharge.


DW: A USB port has four little pieces of metal inside, if you look inside. Two of those are for data and two of them are for power, so you should be aware that when you stick it in there, and you are getting the power over those two, you could also be receiving data over the other two.


PB: And then that is the other thing, you might be receiving a virus or something connected to a bot that is going to download your information later at some other time.


DW: But is it always safe to plug in as long as it is an actual plug and not a USB?


PB: As long as it is a plug that is physically located in the wall I suppose, but, again, there is also some potential vulnerabilities with power bars and things like that, which might not be what they seem.


DW: Yes, I love those. Okay, we were talking about the internet of things, devices that are hard to update. Why are they hard to update? I think that is our letter K.


PB: That is because of the kernel, which is not related to popcorn. It is really about the base level of your operating system. Operating systems are done in multi layers so that you have one layer that deals with your port connections, another layer that deals with how it handles visual objects, and another one that might deal with printer connections, and so on. The kernel is that base layer that, sort of, helps start up your computer and determines what memory is allocated to each little thing at that base layer. The more efficient the kernel is, the better your operating system is going to work.


DW: So Windows has a kernel and Mac OS has a kernel, and I guess that is why, with Linux, you have so many different types of Linux. They all share the Linux kernel, but then they have other stuff that is layered on top of it.


PB: Which brings us to -


DW: L.


PB: - L and Linux. Maybe you can tell us a little bit about Linux, because it is another operating system that is out there that is different. It is quite distinct from Mac OS and Windows.


DW: Linux is an operating system that was developed by a guy named, I think it is Linus, but it is definitely spelled L, I, N, U, S. Similar to the operating system, and the great idea behind that was, it was this open source operating system. Over the decades now, I guess, it has been out there, many people have adopted it, and it has become a core element of the web. It runs a lot of web servers that are out there. It runs a lot of application servers. It might even be running file servers in your law firm. The one place it has not gotten to is the desktop. So you probably have not seen it, but it has gotten a lot of press recently because it has some features that you may prefer over Windows 10, but it also has some of the same features that we are starting to see in Windows 10. It is interesting that this open source system, that has been out for so long, now has some traits that we are starting to see in the mainstream.


PB: And maybe another podcast will be devoted to talking about the differences between proprietary software and open source software, and advantages and disadvantages of each.


DW: Yes, I love Linux. I do not think it is for most lawyers, but it certainly is an option out there. I know that there are some diehards and, just like in the old WordPerfect days, they will have their Linux machines pulled from their cold dead hands.


PB: That is our look at letters 6 through 12 in the jargon podcast part two. Thanks a lot, David.


DW: Thanks, Phil.


Technology Jargon: A through F

 Permanent link
One obstacle to lawyers understanding technology is the jargon that invariably comes up when selecting hardware or software.  Phil and David take you through 6 jargon topics - API, bot, containers, DDoS, epub, and firewall - in the first of our jargon podcasts.
View Transcript


Speaker Key:    PB: Phil Brown, DW: David Whelan


PB:  Hi, it's Phil Brown, and I am here with David Whelan. Today we are going to do our jargon podcast for 2015.


DW: We thought we would take a look at the letters of the alphabet in particular because Google has just reorganized itself into The Alphabet Corporation. So, starting with A, we have the API, which is also the application programming interface, and you may have heard of APIs being tossed about and wondered what they are. There is some concern that the federal courts in the US do not really understand what they are either, because they called them software, and an API is not software. An API is a connector that allows different systems to communicate with each other. So what you might find is a company, like Dropbox, has an API, and then other developers can write software that talks to that API, to display files that are in your folders or to enable you to work on your Dropbox files without actually being in Dropbox, working through other things. It is an enabler between two different types of software systems.


PB: And you see APIs being bandied about when you go to a tech conference and you hang out with the vendors for a bit. Everyone is running around trying to figure out how they can get their software, in their packages, to run with someone else's, on their platform. So everyone is running around discussing API synergies and things like that when they are at these conferences.


DW: That's right. David Weinberger did a great book called Small Pieces Loosely Joined , and that is really where the API is. It allows you to make your program available to other things, to build it out, rather than building, as we did in the old days, monolithic programs that did everything all by themselves.


PB: And I suppose this is for another podcast topic, at some other time, but APIs could possibly create unique security situations as well.


DW: Right, absolutely.


PB: So B is for bot.


DW: B is for bot. Bots used to be nice warm fuzzy things, but bots increasingly come up in conversations about security and malware and computers that are infected. A bot is a computer that has been taken over by a remote system, and is then used for nefarious purpose, often an attack where the bot herder (as they are known) communicates to all of the bots in his herd or her herd, and tells them all to attack a particular website, or to send out a particular kind of message, or to do some sort of coordinated activity. So all the bots all respond at the same time.


PB: And bots are one of the reasons we have to type in all of that extra stuff when we are completing forms and trying to send it off. You will see that little photo of some letters, random letters and numbers that you have to fill in to show that you are a human and not a bot.


DW: Right. You want to make sure that the computers in your law firm are not part of a bot network, so make sure that you are running antivirus software and malware watching software, so that you can eliminate the ability for other people to plant software on your computer without you knowing about it.


PB: Right, containers.


DW: Yes. C is for containers, and containers are an obvious thing. If you do a Google search for a container you get a box, cardboard box, that sort of thing. This is a similar sort of thing, and it is going to become more and more popular, particularly in people who are dealing with vendors in the Cloud. You might go to a company and say that you want them to host your law firm technology in the Cloud, and how do you do that? They will say, "Well, we virtualize it", and, increasingly, the virtualization is something called containers. What happened in the bad old days of right now, is that you would virtualize a system and it would have an operating system like Windows, and it would have applications on top of that, and then your data would be on top of that, and for each customer, the Cloud provider would repeat the operating system and the applications over and over again across the entire system.


The thing with containers, and one of the leading types of container comes from a group called Docker, is that you do not have to have the operating system repeated over each virtualization anymore. In the future, if the Cloud providers use containers, there will be a single operating system across the entire platform, a single set of applications across the platform, and then the only enclosed area will be that container, which will have your stuff in it and separate from the container for, say, Phil's stuff.


PB: Right, D.


DW: D is for DDoS. You are all familiar with the old operating system DOS, MS-DOS. The DOS that we talk about these days is the denial of service, and then the more common one now is the DDoS, the distributed denial of service, and this comes into where those bots are. It is very easy to crash a website or to do an attack, by sending so many requests to it, that it can no longer respond to all the requests, and it stops doing so. That is what a denial of service is. It is the denial of the ability for that server to respond. The distributed denial service means that the attack is coming from many, thousands, in most cases, of computers at the same time, so that it is not only difficult for the server to respond, but it is difficult to figure out where the attack is coming from, and to then block it.


PB: And is there any way for the average small website owner to stop a denial of service attack?


DW: There is not. There are services you can use, like CloudFlare. has a free service, as well as a paid service, where they will intercept the DDoS attack and try to block it and filter it out, so that is one way you can do it. Most larger firms and larger corporations will have more than one connection to the internet, and so if a DDoS or a DOS attack happens on one set of addresses on the internet, it can turn those off and go to another one, so that it is still able to interact with and communicate with it, but otherwise you could see law firms going offline if their email servers or their web servers or other internet connections are being attacked.


PB: And you would have to have a somewhat sophisticated client who has you in their sites, to be a victim of this sort of thing. It is much more common for larger companies and they can have these, sort of, broad based attacks happening, and they can be shut down for a day, two days at a time.


DW: It is interesting, we may see that change. I think you are right that it is an individualized attack. They need to be aiming just for you, but we are seeing now that these bot herders are making themselves available so, for $20 or $30 and a credit card you can do a DDoS attack for an hour, and it has now become commoditized, like so many things are with technology.


PB: E.


DW: E is for EPUB. EPUB is a format that is common for eBooks. It is the most common eBook format, other than the Kindle format, which is proprietary to the Kindle platform. EPUB is interesting because it is one that you can actually open up and edit with a set of text tools that are available for free from groups like Sigil. The EPUB format is really nice. If you ever wanted to create an eBook, you could save it as an EPUB, but when people are talking about EPUB, they mean a particular type of format like Word documents and docx or doc in the old days. If they are talking about EPUBs, they are talking about eBooks.


PB: And a number of different readers can handle EPUB natively.


DW: Right. EPUB is probably the most common format, because you can read those on IOS devices, Apple devices, and Android devices. You can open them up on Windows and Mac computers and read them on your computer. It is great and they are often very flexible, and often come without DRM, the digital rights management.


PB: And our last letter for this podcast, F.


DW: F is a firewall. Firewalls are exactly what they sound like. In fact, if you come down to The Great Library, we have a physical firewall in the basement, which was meant to protect things from fire. It is a brick wall, and you can store things behind it. The firewalls that we have nowadays tend to be on our desktops and our hardware that we have attached to our networks. They are meant to prevent external people from getting in, who should not be, but also for your internal applications not to communicate outside of your firewall, without you knowing that they are doing it.


PB: And sometimes they are software firewalls, sometimes they are hardware firewalls which contain software, some of those security devices that are matched with routers and so on.


DW: Right. The Windows firewall comes with all the Windows operating systems and if you hit your Windows key and type "Windows firewall", it will pop up, and it will show you all of the rules that have been created, both the ones that block people from accessing, but also the ones that allow access. And particularly if you are on Windows 10, I would take a look at the rules that are allowing access because Microsoft has included a lot of new rules that allow all of its products to bypass the firewall and share information and things like that. You may want to disable them or delete them.


PB: And it is probably one of the most ignored security features for personal computers, the firewall. I mean, you can really tighten down the security on your computer so that things are not randomly sending cookies back and forth and checking out your computer and sniffing your ports and so on, and people just do not turn on those features.


DW: Right, you definitely want to try and have them. You can find firewalls for Android devices. I do not believe them for IOS, like iPhones and things but, in particular, if you have a home network where you are doing work or, for sure, at your firm, you should also use a hardware firewall that is at the connection between the internet and your firm network so that you are protecting not only on a machine-by-machine basis, but for every potential probe that comes in from the internet itself.


PB: Right. Thanks, David. That is the first six letters of our jargon podcast, thanks.


DW: Thanks, Phil.


Internet Service Providers

 Permanent link
Phil and David take a look at how lawyers connect to the internet.  What type of internet service provider do you use?  And what are some networking hardware and security topics you might need to know about?  We'll walk you through what a router is and why it's important in this podcast.
View Transcript


Speaker Key:    PB: Phil Brown, DW: David Whelan


PB:  Hi, it is Phil Brown and I'm here with David Whelan. Today we are going to talk about ISPs.


DW: ISPs are internet service providers. They are the people who sell you the access to the internet, that provide you with the technology that allows you to connect to your home and your law firm offices and other devices, to the internet.


PB: So not to prefer any particular companies, but we are talking about Rogers, Shaw, Bell, etc.


DW: Right. It is interesting, the types of technology that they use, and you will come across this, and I am not sure that we will ever get to the point where we can say one is better than another, but it used to be that you would get a connection called ISDN. If you wanted a nice dedicated line and dedicated throughput to the internet, but pretty much, these days, most law firms will be looking at either a cable connection or a DSL connection or, if you are big enough, what is known as a T1 or part of a T1. That is like a timeshare, a fractional T1, where you can have a certain amount of speed, but depending on what kind of wiring they are using, and what kind of system they are using, you are really talking about cable or DSL.


PB: Right. And we are not going to talk about dry loops and things like that, but there are lots of terminology out there, in terms of is "this a voice only line", "this is a voice and internet line", etc. But there are differences between DSL and cable. Some of them are shared in neighbourhood, and some of them are not. Your speeds can fluctuate, depending on what kind of line you are using, but let's talk about things like consumer versus business.


DW: Right. You will find, with most of the providers, that they will have business level speeds and services that are different from your home user. So you may have bought a package for your house and that works great for the films that you are streaming on Netflix or Show Me, and the files that your kids are downloading for their Xbox, but that may not be the sort of stability or speeds and bandwidth that you need to be providing for your law firm, especially if you are hosting your own email server inside the firm, or your own web server. All of those create traffic and you need to be thinking about paying for the additional overhead that all those things provide.


PB: That's right. Speaking of overhead, business prices tend to be quite a bit more than consumer prices and consumer systems, but you would definitely need a business enterprise system for a large office.


DW: Right, so shop around. I think you will find both from the cable providers and the DSL providers, and the real difference between those is that the cable system tends to be a shared system and the DSL is a line directly from your office or your home to the Telco, so it is a slightly different type of carrier but, at the end of the day, you will be able to get the same types of speeds, both upload and download speeds, and they are different, but can you say a word about how they are different?


PB: In terms of the speeds? Upload speed is typically much slower than download speed. A lot of the companies range (and you will get a range when you start shopping for packages) from 1 megabyte upload versus 10 or 20 megabytes download, and I am not sure why they make those distinctions, but they benchmark them and tell you if you pay $100 a month, this is what the minimums you can expect are. You really have to determine what it is you are doing. Are you uploading a lot of information, a lot of large files, or are you more likely to be downloading those files? You can shop around for an appropriate speed. The other thing is that some of them now have limited bandwidth, and you may be limited to a certain price, where you can only download 100 or 200 megabytes or 300 megabytes. You will see this with phone data plans, but now you will see it also with other packages. You might have a gigabyte of download available a month, and then you are going to start paying, on top of that, for every megabyte you use after that.


DW: It is something to be aware of. I think we are more aware of it with our phones than we are with our computers, but as these sorts of caps come into play, it may impact what you do and, certainly, there have been complaints already, for Windows 10 users, where Windows 10 is now doing automatic mandatory updates of its system, that you may have gigabyte downloads coming to all of your computers in your firm, coming over your internet connection, and then eating up some of that data cap. One of the things to look for is that some of the internet providers will have times of day, particularly between 2 a.m. and 6 a.m., where they may give you free access or free transmission times, so that if you have large downloads you can schedule them for that time of day to either upload or to download.


PB: That strikes me as the sort of thing where you will be populating those offices with students, to make sure that there is someone there at four in the morning to do those big uploads and downloads.


DW: That's right. I wanted to mention something called power line networking as well. This is sort of, an add-on. Once you have your ISP, you are connected to the internet, but then how do the devices in your office connect to the router or the modem that connects you to the internet? In many cases you will have category 5 network cable in the walls that allows you to just plug in and go. You may have wireless as well, but if you do not have one of those two, or you have computers that are in awkward places, you can use something called power line networking, to connect over the electrical wiring of your house or your office, so particularly in older buildings or in houses that where you might want to work in your basement but it has either bad wireless connectivity or no network wiring. You buy these power line adaptors. One goes next to the modem, to the internet, and one goes in the power outlet, and you just plug into that and you can get networking anywhere in your building.


PB: And this sounds very voodoo, are these things expensive?


DW: They are not expensive. You are probably looking at $30 to $40 per plug-in adapter, and many of them will have more than one plug, so you could run more than one computer off of it.


PB: And maybe we could just say a word or two about redundant connections and how many lines you need and things like that?


DW: Right. The issue of redundancy comes up. Some people believe that you should have redundant internet connections, just like you do backups and other things in your environment. That can become expensive unless you have a really good need for it, if you have problems of, for example, being attacked. If you are attacked on one of your internet addresses, if you have a redundant one you can quickly flip your firm over to the redundant one. In most cases it is not going to make sense for the solo or small firm lawyer who is out there to have more than one internet connection. It really is not going to be cost-effective to do that.


PB: Security with ISPs, is it something the average user needs to be concerned about?


DW: The ISP is really just providing you the connection to the internet, so you should be aware that they are probably not doing anything to protect you in particular, as far as people trying to get to your email server or your web server in your office. They are doing some things though. They are able to block attacks going out or coming into their network, and they may be also monitoring some of the traffic that you send out, if it is potentially going to a source of malware and things like that.


PB: And some ISPs offer additional services like email addresses and some of them offer free antivirus software and things like that, to use within your environment. That is something that you should be aware of, is if they are providing you with ten free email addresses on their servers, on their domain, that is information that might later be handed over to a lawful authority who is making a request.


DW: Yes and since it is an ISP-based email, it can be very useful. It is great for home users, but for a business user, you probably want to think about getting an email system that is intended for business users.


PB: And that is one of the things you need to look at in the beginning when you pick your ISP. What are your business needs now and what are your business needs going to be in five years? You have to figure out what it is they are selling you, and you have to ask questions.


DW: Exactly. You made a good point before we started, which is that a lot of the ISPs are actually piggybacking on other ISPs, so while I use TekSavvy myself, for DSL at home, it is actually on top of the Bell network, and so I could potentially get DSL from Bell just the same. I think you really need to shop around and see which providers will give you the speeds at the costs that you are willing to pay, and if you have done that assessment of what your business needs are, you will be better prepared when you are sitting down and trying to compare the packages that are all very similar.


PB: And I would say that if you are looking at home systems and things like a home business system, speak to your neighbours. Find out what they are using and what kind of reliable speeds they have, because I know, from my personal experience, a few different times that I have had packages sold to me, but the infrastructure would not support the speeds they were promising.


DW: And many of the ISPs will rent to you or sell you hardware, the modem and the router and other things for your network. You should cost check those against Best Buy and other technological things, because you can often get that same hardware on your own without renting it, for much less than you would pay over the life of the rental.


PB: You are going to be looking at user agreements and things like that, and I would say it is important that you read those over the same as you would any banking agreement and things like that, because there are various responsibilities and liability issues when they lose all of your information, or you drop a connection for weeks at a time, and you want to make sure you know who is liable for what.


DW: Right. ISPs are a little bit of a boring topic, but they are key and particularly as the legal profession relies so heavily on the internet, for communication and other things, you want to make a good choice


PB: Right. It is getting bigger and bigger. I mean, whole firms are moving to the Cloud and storing information in the Cloud and being reliant upon the ability to access that information at any time.


DW: And the daily show too.


PB: And the daily show as well. That's our look at ISPs. Thanks, David.


DW: Thanks, Phil.


Voice Recognition

 Permanent link
Lawyers using voice recognition can find a new way to productively create and edit documents, send messages, and more.  How do voice tools like Apple's Siri and Nuance's Dragon Dictate fit into a law practice?  Phil and David discuss voice recognition and provide tips on making it work for you.
View Transcript

Speaker Key:    PB: Phil Brown, DW: David Whelan

PB:  Hi, it's Phil Brown and I'm here with David Whelan. Today we're going to talk about voice recognition.

DW: Voice recognition has been a little bit of a holy grail, I think, for lawyers, because it offers an opportunity for them to use one of their primary tools, their voice, to record information more quickly than they can type or write it. But voice recognition has had a mixed past and I think the best news is that it is getting better and better, and almost to the point of magic it seems when you use certain devices.

PB: It is not your grandpa's voice recognition.

DW: For sure.

PB: Back in the old days, you downloaded a very large package of software onto your desktop and spent hours training that software to recognize the various nuances of your voice, and there were certain words it was never able to recognize.

DW: It was particularly difficult, I think, because it meant that you were recording it in a particular way. I did a demonstration of it after having trained it my voice, but I was a little stressed out during the presentation, so my voice actually went up and all the training was no longer any good because it had been trained for a slightly lower toned voice. And so, it was very, very finicky. But now when you open up your phone or your desktop device, as long as you have the software on there, it's really remarkable how close the technology has come to matching most of the words that we use.

PB: Since you mentioned phones, let's talk a bit about Siri, which might be what a lot of people are familiar with. Is that true voice recognition?

DW: Oh, for sure, it's definitely voice recognition and Android has some add-on apps that do a similar sort of thing. But I think it's not the voice recognition that most lawyers would think of. Siri and other voice apps tend to be good at giving you directions or responding to a particular query because that query has gone into a very large database of other people who have asked the same information or asked for the same kind of detail.

PB: And, as we found out recently, people are listening to the recordings of your voice that are made when you talk to Siri.

DW: Right, that's kind of creepy.

PB: So there's no real confidentiality there and you wouldn't necessarily want to be using Siri for anything sensitive.

DW: We have talked about it on another podcast, but there was a recent case with a television company where the television was able to pick up your voice command so that it would change channels and do other things, but all of that information was also being sent off to a third party voice recognition service. So there are these large databases now being put together, obviously to help the people who are using voice recognition so that it becomes better for all of us, but it does mean that the things that you are saying into microphones may not only be recorded by you, but being stored elsewhere.

PB: Right, so there are a couple of big players and bigger software out there, and I'm sure a lot of people have heard of Dragon Dictates, and it's available for a number of different professions. They have special packages for doctors and lawyers and so on. It has come a long way since they started.

DW: It's incredible. Nuance is really a juggernaut when it comes to voice recognition and they have absorbed a lot of the smaller players, I think, along the way and it's a very, very strong tool. Even just right out of the box, you can start to have your words translated right onto your screen, but I think that the key item, if you can find it with voice recognition and, of course, Dragon Dictates has it, is this legal dictionary, because we have lots of terms of art that don't appear properly unless you've trained your package to do that. I found this with my daughter. Her name comes out as Chilean when you record it and so, even though it is a common name, it is not in the database, and so, when you think about Latin terms and other terms of art you might have in your practice area, having those built into a dictionary where it's already available will just mean that you're up and running faster when you get started and you won't have to trip and watch as you're transcribing your voice.

PB: And it can be a very useful tool for Smart phones. I have a free version of Dragon Dictates for my iPhone and you can dictate a large amount of text and then decide which platform you want to send it out on, whether it is an email, an SMS, a text, or any different way you want to send it - you just select after you've made the recording.

DW: It's remarkable how accurate it is. I've been really impressed. Even Windows has some accessibility options, which are really not intended for the general user, but the speech recognition in Windows is very, very strong. It takes a very small amount of training and you can be up and running, again, doing basic things. One of the key things to remember with voice recognition, whether it's on your desktop or on your phone, is that you always get a word and so if you're speaking into it, it never stops and asks, "Did you mean this word or that word?", instead it interprets it as "It sounded like you said X, so I'm going to put X in there." And so you really need to go back and read what you have transcribed or recorded because it may not include the words you expected. It's a little bit like your keyboard on your phone and sometimes we get words that we don't intend.

PB: No, for sure, there has to be, if this is going to be used to document, a lot of proof-reading and it's probably a good idea to have, if you're not a particularly good proof-reader, a second set of eyes go over it to make sure you're not sending something out that had a particular value in it and it goes out under a completely different number.

DW: Yes, that million dollar contract going out as a ten dollar one would be a problem.

PB: I'm sure, and so using it for things like a settlement and things like that, I mean, no matter how many times you've done it, I think you want to carefully read it a few times to make sure that things have gone well.

DW: What you'll find with some of the paid voice recognition packages too is that you can use a digital recorder, so, say you're driving up to see a client or off to court and you're recording on your digital recorder for a different matter or whatever, you can then upload that sound file later when you get back to your office and it will go through the recognition process from that digital file. You don't actually have to be sitting in front of the computer all the time or you can send that file to someone else who can then do the recognition for you, so it doesn't necessarily have to be something that you have to do yourself and to tie yourself to new technology. You can use the tools that you're comfortable with and then just have that digital file turned into the document that you're trying to create.

PB: Sure, and you can make notes using these various voice recognition applications, to make notes for yourself, and send yourself emails. You can get a lot of work done while you're driving, for instance, if you're dictating things to yourself that become emails later or documents later. You can certainly dictate a bunch of them in one file and then split them up and send them out as a number of different emails if you wanted to, so you're not messing with it while you're in your car.

DW: Keep in mind that if you're dictating on the road or outside your office, that your voice may carry and so it's even more so than with conversations. You may be getting the benefit of voice recognition, but if other people recognize your voice as well and what you're talking about, that could lead to some uncomfortable consequences.

PB: Sure, it's not the sort of thing you want to do in a public place and, I suppose, the other thing that tends to play into voice recognition is background noise.

DW: Yes, a coffee shop for example, not only is it not a good place to dictate loudly, but the clanking of plates and other things can definitely distract the technology.

PB: Sure, so have a look at voice recognition. There are a number of options out there and it might be a time-saver for your practice.

DW: Thanks, Phil.

PB: Thanks, David.

Cloud Location

 Permanent link
You're a lawyer with obligations to protect your client's data and you're putting it in the cloud.  Do you know where your cloud servers are located?  This podcast will talk about some of the issues lawyers might face in knowing where their client confidential information is, and some things, like pre-encryption, they can do to further protect law practice information in the cloud.
View Transcript

Speaker Key:    PB: Phil Brown, DW: David Whelan

PB:  Hi, it's Phil Brown. I'm here with David Whelan and today we are going to talk about Cloud location.

DW: Location, location, location. We all know how important that is, but you may not think about it when you go to your Google website and log into your apps, or check your email, or when you go to your Microsoft One drive and upload or download a file. You may not think about where that Cloud actually is.

PB: It is not that easy, necessarily, to find out where that Cloud is. When we talk about the Cloud, we are talking about where those massive servers are kept by those thirds parties that are holding your information.

DW: The Cloud is a set of different layers and the layer that most of us interact with is called the software as a service layer, SAS, and so, in some cases, when you are dealing with Google or Microsoft or a really big company, you may be dealing with the company both at the software level and also at the platform level or the infrastructure level, which is the physical piece of the whole Cloud. If you are dealing with other smaller companies, you may actually only be dealing with the software piece of it, and so you may be dealing with, say, a Canadian company that has a software product in the Cloud who is using an Amazon or Windows as your Cloud platform that is based somewhere entirely differently in the east coast or west coast of the US or an entirely different continent.

PB: And they are often redundant as well. There may be an east coast and a west coast, and then maybe it is a server farm in Texas as well.

DW: That is a good sign, actually, because then if one of those goes down, your practice does not go down with it. But, yes, you really have no sense of knowing where those are and you can contact your vendor, Google or Microsoft, or certainly the smaller companies may be more amenable to telling you where their data centers are and how redundant they are, but it can be very tricky to know for sure. And the bigger the company, the more likely they are to say that they are really not going to disclose where their data centers are for the security of everybody.

PB: And even a company like Cleo, for instance, which does practice management software, they deal with a third party themselves: Amazon. So, somewhere there is an Amazon with Cleo information which, of course, is your information and it could be anywhere.

DW: We have sort of gotten past the point where lawyers in Canada are worried about the USA Patriot Act . They still may be worried about USA servers, US based servers, but it is not so much the Patriot Act that is the bug-a-boo. So, how much do you need to worry about where your Canadian client documents, the Canadian client confidential information, is being stored and what can you do about it?

PB: That is a good question and I think part of that goes back to your terms of use and knowing where your information is going to be stored. Some of it has to do with encryption, both on the way to your service provider and later on when it is stored.

DW: That is a good example, really, of two of the issues that you have. There are some faculty at the University of Windsor who have done a regular review of the terms of transmission that internet service providers in Canada have. You may have gone to the effort of finding a Canadian-based Cloud computing company, so that all of your information is being stored in Canada, but you may find that the transmission of your data is actually traversing into the United States and then back into Canada because most of the ISPs, internet service providers, in Canada do that. Most of them send your information across the border, even if you are going to a Canadian server.

PB: Sure, and I know I have exchanged information with the Law Society servers before and I live a few miles away or a few kilometers away, and I can track my information and know it has travelled through the US and other countries before it gets to the destination three kilometers away.

DW: It is one of the reasons you have to be really certain that you are sending your information in an encrypted format and having it stored in an encrypted format. It does not mean you actually have to apply encryption yourself, but you need to be using a web-browser and a secure connection and making sure that your Cloud provider is also secure. It does not get you away from the issue of where the location is, but at least the transmission then is being protected.

PB: And there has been some litigation already about Cloud locations.

DW: Yes, one of the interesting things that has come up, and it is interesting from a Canadian perspective, because the case does not involve Canada or the US directly. Microsoft was asked to divulge some emails of an Outlook or Hotmail user, but the user was based on Microsoft's servers in Ireland, and so Microsoft told the US government that it was not going to disclose it. You can follow the case, it is in New York and I think the latest briefs and things were filed at the Second Court of Appeals or Court of Appeals for the Second Circuit for the Federal level. But you will find that the EU data protection laws have essentially, Microsoft saying, they trump the ability of the American government to reach out to Ireland and pull that document out.

So, I think one of the interesting things is, in the past we have had the discussion with lawyers: do you place your content only in Canada or can you place it in the US or other places? And really, the other places option is becoming a viable alternative. You might find that putting your client confidential information in an EU data centre, Ireland or wherever, could be a better alternative than putting it onto an American server, and you could still use something like Microsoft's Windows or Amazon web services and the company that uses that, but use the data center in those locations. When you sign up for Office 365 from Microsoft, you can choose which data center you want too, so the location stops being a binary one of, "Do I put it in Canada or do I put it in the US?" You really can start to choose a little bit more because we are seeing more technology for lawyers being available in different jurisdictions with, in some cases, better laws.

PB:  And, you know, people get a little fussed about information being in the Cloud and that sort of seeming lack of control over that information because it is in someone else's hands, but, of course, if it is supposed to be encrypted and it is encrypted from your point to their point, it should be somewhat safe.

DW: It should be and if you are really worried, you can always do the pre-encryption to encrypted getting up. That can be a hassle when you are trying to interact with it, but again, it really is a matter of what your clients are comfortable with and what you are comfortable with. I know that I have heard from one law firm here in Ontario that said that they had a client who said if you have my data, it has to be on a server that is physically located in Canada. You will have some clients or maybe some practice areas where that becomes a mandatory step, but I think the interesting thing is that the location option, you should know where your files are as much as possible and I think that is something that is one of those easy questions to ask and hopefully is an easy one to get an answer for, at least down to the continent. But, with companies like Open Text opening a data centre in Australia, and Microsoft having data centres in the EU, I think there really are other options that you can think about where you might find better protection than just leaving it in Canada or just leaving it in the US.

PB: Sure, and there are other options as well. I mean, you mentioned pre-encryption, which would be encrypting the information yourself at your desktop or mobile device before you upload it into the Cloud, so it is encrypted by you. Then it travels through an encrypted path to get to their server and then is encrypted there as well, so it is almost a double, if not triple, protection and, I suppose, one wonders is encryption safe or do the various governments have all the keys to all the encryption and some people would say yes, they do. But at least you are making the efforts to store that data safely and you have taken steps along the way to protect your clients.

DW: Right. I was at a Montana bar session and a fellow said, "But can you protect me from the NSA?" and this was before Snowden had brought it up, and I was, like, "Well, you know what, I'm not sure that being able to outdo the NSA is really your professional obligation. You may still want to do that, but I think it's different from your professional obligation."

PB: And we did talk about this in another podcast on retainer letters. It is probably not a bad idea to discuss with your client where you are going to store their confidential information because you probably will get clients who want to opt out of storing their confidential information in the USA, perhaps, if they have business interests there or maybe in the EU because they have some issues there.

DW: If you are able to get information from your vendor about the standards that it has for security for encryption and for the location of your data, that can be really useful information to share right up front with your clients or at least have, if the question comes up later on.

PB: Absolutely, and let your clients know what steps you take to store their information, if they are interested, and what it is going to cost them to recover that information at some point if that is necessary.

DW: So, now you know all you need to know about Cloud locations.

PB: And at least that's part one. Thank you, David.

DW: Thanks, Phil.