The Cloud with a Silver Lining?

Posted on February 5, 2013 02:48 by Chad Godwin

The "cloud." It’s a term all of us have become familiar with, but also one that many of us give little thought to within the context of our law practices. That, however, is likely to change, as an increasing number of firms are going to be faced with the choice of keeping their data and/or applications local, moving them offsite, moving them to a true data cloud, or employing a combination of on and offsite strategies. What are the cost benefits associated with these choices? What are the security issues that must be addressed? These are questions that IT managers are facing on an ever increasing basis. 

The American Bar Association recently addressed this issue in the ABA Journal. The Journal referred to a survey of 438 lawyers, paralegals and technology staffers, who noted that the bar currently seems to be split down the middle, with 46% of respondents opposing a move to the cloud, 45% favoring such a move and 9% providing no opinion. Moreover, the study suggests that small and mid-size firms appear far more willing to make the move than large firms, perhaps due to the investment in locally-based IT and equipment large firms are presumed to be invested in. Somewhat surprisingly, 47% of lawyers favored the move, while only 40% opposed it. This suggests that one of the primary hurdles associated with such a move, data security, is being adequately addressed. Finally, the study noted that 81% of respondents expect the cloud overtake on-site computing within the next 10 years.

The fact that so many respondents view the move as imminent suggests that the legal industry’s primary concerns are being addressed, and that costs associated with moving to the cloud are likely to continue decreasing while security becomes less of a concern. If there’s one constant with technology, it is that it grows cheaper and more accessible with time. As cloud access continues down that path, one has to believe that it will become an increasingly attractive alternative to on-site data and program management.

If you find this content interesting, or are involved in the technological aspects of practicing law, the DRI Technology Committee would like to urge you to join.  There are currently leadership positions available within the committee, along with plenty of opportunities to obtain exposure for your practice.  If you are interested in joining the committee and getting involved, please contact the me at cgodwin@carrallison.com or our Vice Chair, Joe Cohen at JCohen@porterhedges.com for more information on these opportunities.
Bookmark and Share

 

Rent to Own Computers and the FTC

Posted on October 12, 2012 02:19 by Chad Godwin

Wired Magazine recently reported that seven rent-to-own companies and a software manufacturer are settling charges with the Federal Trade Commission.  The charges claimed that computers rented from the rent-to-own companies used pre-installed spyware to obtain a host of data from the users.  The settlement only requires the companies to stop using the spyware, known as “Detective Mode,” which has been installed on as many as 420,000 rental computers.  In addition to secretly turning on a computer’s webcam, the software was capable of logging keystrokes, and  taking screen shots of a user’s activity.  The software then transmitted the secretly gathered information to the manufacturer, DesignerWare, who forwarded the material on to the rent-to-own company, all without the user’s knowledge.  The settlement still allows the rent-to-own companies to employ the software so long as they notify the renters.  Further, the FTC lacks criminal jurisdiction, so the companies have yet to face any criminal charges.  However, the FTC acknowledged that criminal activity appears to have occurred in a nod to the potential for ongoing investigations. 

The computers at issue collected everything from addresses, photos and video of often compromising situations, to phone numbers, email and social media passwords and financial logins, begging the question of what type and how much information a user should feel comfortable entering on a computer they don’t own.  In the case of someone renting a computer, it can be easy to see how a user operates under the impression that they have unfettered access to the machine for the term of the rental.  Nonetheless, there are measures that such parties can take in an effort to secure their privacy.  There are free firewall programs, such as Zone Alarm and Windows Firewall, that allow users to designate and monitor every program that accesses and/or attempts to access outbound internet connections.  Had the renters correctly configured and employed such a program, they would have known that a program, by whatever name, was attempting to send information from the subject computer.  In the event that renters were unable to install or configure (in the case of pre-installed Windows Firewall) such programs, it should serve as a red flag to carefully consider the manner in which to employ a rental or loaner computer. 

 

 

Bookmark and Share

 

New Google Service - Creative or Creepy

Posted on July 30, 2012 01:57 by Chad Godwin

Google recently launched a new service called Google Now that is available to users of its most current mobile operating system, Android Jelly Bean.  Google Now automatically creates and presents a series of “cards” that try to organize your life by presenting information Google thinks you’ll need at a given moment.  The information presented via the cards is based on data Google collects based on how you use various Google services - such as Google searches and Gmail.  For example, a recent Tech Crunch article notes that the cards may present you with information relevant to your current location, such as nearby restaurants, weather, schedules for nearby mass transit or how long it will take you to drive home from your given location.  Similarly, the cards may present you with flight schedules and currency exchange rates if you’re in a foreign country.  The first time you click on the Google search box within Jelly Bean, Google pops up an introductory screen to provide more information about Google Now.  Users can then explore the topic further.  To use Now, users must explicitly opt in.

Once a user opts in, Google collects and aggregates even more information about you on a daily basis: accessing your email, your calendar, your contacts, your text messages, your location, your shopping habits, your payment history, as well as your choices in music, movies and books.  In other words, what Google Now does is simply take the new, unified privacy policy you had to opt into a short time ago and regurgitates that information to you in what it considers to be useful ways.  When Google first introduced its new privacy policy, at the beginning of this year, more than 30 U.S. state attorneys general protested.  Now, by opting in to this program, users are providing even more information to Google, including the GPS coordinates for their home.  Nonetheless, there has not been a great deal of attention placed on Google Now or its accompanying privacy implications. Although users may appreciate the convenience of the features that are transparent, they may not consider the significance of the information they are providing access to and what Google may elect to do with their data in the future.  A case can be made that Google essentially “forced” users into agreeing to its new privacy policy, as you could not continue to use Google services without doing so.  However, by actively “opting in” to the new Google Now program, it becomes more difficult to argue that you did not willingly provide Google with access to your data.  So for now, users need to be aware of what they are providing access to.

 

Bookmark and Share

 

As a recent post on PointofLaw.com noted, the Tenth Circuit recently affirmed the convictions of Howard O. Kieffer.  Kieffer, who for several years practiced criminal defense law, had a problem - he never went to law school and had no license to practice law.  A California resident, Kieffer held himself out as a criminal defense attorney via a domain name with a Virginia company, which also hosted the web site.  The government argued that the web site he maintained, which was accessed by two of his victims, in Colorado and Tennessee, was a “wire communication in interstate commerce” sufficient to establish jurisdiction under the federal wire fraud statute.

One aspect, in particular, of the Tenth Circuit decision raises eyebrows.  The issue is what constitutes an interstate wire for the purpose of the wire fraud statute.  The White Collar Crime Professor Blog identified this as a particularly important issue in the cyber-connected world we now live in.  This issue has been evolving for some time, as shown in United States v. Phillips, 376 F. Supp2d 6 (D. Mass. 2005).  There, the court rejected the government argument that “in order to satisfy the elements of the wire fraud offense, it was not necessary to present evidence that the pertinent wire communications themselves actually crossed state lines, as long as the communications (whether interstate or intrastate) traveled via an ‘instrument of an integrated system of interstate commerce,’ such as the interstate phone system.”  More recently, the Tenth Circuit, in United States v. Schaefer, 501 F.3d 1197 (10th Cir. 2007), held that one person’s use of the internet, “standing alone” was insufficient evidence that the item “traveled across state lines in interstate commerce.”

Therefore, it is now somewhat surprising to read in Kieffer that the Tenth Circuit changed its position.  The court noted that before the website could reach the local host server, it had been uploaded by Kieffer to the Virginia company, and then transmitted from Virginia to Colorado and Tennessee. Based on those facts, the court held that "[t]he presence of end users in different states, coupled with the very character of the internet” permitted the jury to infer transmission across state lines.  Now, under Kieffer, an allegation that a web site was used to perpetrate fraud would give rise to federal wire fraud jurisdiction in nearly every case.  Stated differently, given the “the very character of the internet,” it is unlikely that a defendant will reside in the same state as his web site host and victims. 

Now, as Paul F. Enzinna noted, unless other courts reject Kieffer, the potential exists for a surge in federal wire fraud prosecutions.  With Kieffer seemingly establishing such minimal interstate contact requirements, it would seem that virtually any viewing or use of a web site could be used to trigger federal jurisdiction.

Bookmark and Share

 

Three law firms based in Austin, Texas recently filed suit on behalf of 13 people claiming that almost 20 apps, including Facebook, Foursquare, Yelp and Twitter, violate policies put in place by distributers such as Apple’s App Store, Amazon’s App Store and Google Play.  The American Statesmen reports that the violations are a result of mobile apps “stealing” address book data, such as names, phone numbers, email addresses and even birthdays.  The lawsuit seeks to stop app developers from harvesting data without permission.  The complaint cites an industry publication that claims the information collected could be worth 60 cents to several dollars per contact. 

A New York Times article investigating contact mining recently noted that “the address book in smartphones — where some of the user’s most personal data is carried — is free for app developers to take at will, often without the phone owner’s knowledge.”  The app developers use the data in an effort to expand the number of people using their program.  Developers use email addresses to target potential new customers and to target advertisements.  Several companies, including Path, a social networking site, have issued apologies regarding “how [their] application used your phone contacts.” 

Attorney Richard Newman, an Internet law attorney and managing partner of the Hinch Newman firm, with offices in both California and New York, thinks that the lawsuits are starting to have an impact.  Mr. Newman stated “the mobile communications industry is finding that failing to properly inform consumers of what is happening to their information is increasingly grabbing the attention of regulatory authorities, including the Federal Trade Commission.”  Until a regulatory framework is hammered out to govern emerging data privacy issues, litigation may be one of the only things keeping pace with technology development.  

Bookmark and Share

 

Is Google Googling You?

Posted on March 9, 2012 01:40 by Chad Godwin

If you use the Google search engine (and I’m guessing that includes pretty much everyone) you may have noticed a text box appearing on the screen during the past couple weeks, imploring you to read Google’s new privacy disclosures, along with the caveat “this stuff matters.” That text box stopped appearing on March 1, when Google introduced its new privacy policy.  According to Reuters, at the beginning of the year, Google began reporting that it was simplifying its privacy policy, consolidating 60 guidelines into a single policy that applies to all its services, including YouTube, Gmail and the social network Google+. 

According to the title of a Washington Post article, the “New privacy policy lets Google watch you – everywhere.”  More specifically, the new policy allows Google to track users’ activities by consolidating information it gathers on them across all of the company’s platforms.  Users cannot opt out of the new policy if they want to continue using Google’s services.  A company representative, Alma Whitten, noted that until now, the company has been restricted in their ability to combine YouTube search histories, for example, with other information on a user’s account (email activity).  Although the company claims that it does not sell or trade personally identifiable user information, it now shares usage habits and historical data across all platforms and uses the information to match ads to your online behavior .  Moreover, the fact that Google is gathering so much user specific information on individuals creates the potential for additional privacy implications in the future.  

The National Association of Attorneys General sent a letter to Google signed by 36 members expressing concern about the new policy.  In part, the letter noted:

Consumers have diverse interests and concerns, and may want the information in their Web history to be kept separate from the information they exchange via Gmail. Likewise, consumers may be comfortable with Google knowing their search queries but not with it knowing their whereabouts, yet the new privacy policy appears to give them no choice in the matter, further invading their privacy.

EU Justice Commissioner Viviane Reding stated that data protection agencies in European countries have concluded that Google’s new privacy policy is in breach of European law.  Given the amount of attention the new privacy policy has generated, it appears as though it’s only a matter of time before the company faces its first significant legal challenge to the policy.  Until then, the digital footprint of all internet users will undoubtedly continue to grow.

Bookmark and Share

 

On January 16, 2012, attorneys filed a class action against Amazon.com relating to an online hacking attack that compromised the personal information of up to 24 million customers of its online shoe retailer, Zappos.com.  Data Breach Legal Watch reported that less than 24 hours after the breach occurred, the plaintiffs’ bar had already filed a Complaint claiming that the attack resulted in the exposure of the following:

Names;
Addresses;
Telephone Numbers;
Email Addresses;
Passwords (cryptographically scrambled); and
The Last 4 Digits of Credit Card Numbers

The attack did not expose the social security numbers or complete credit card numbers of customers.  Nonetheless, the Complaint claims that customers will be exposed to “phishing” attacks that are tailored to the compromised information, as well as anxiety, emotional distress and loss of privacy.  Further, similar to the Sony data breach case, the Complaint seeks compensation for the costs of identity theft insurance and credit monitoring.  
Data Breach Legal Watch notes that, aside from the Hannaford decision that the 1st Circuit recently published, courts have generally rejected fear of identity theft claims, requiring a showing of some actual harm to the individuals affected by the breach.  This breach, however, did not expose complete credit card numbers like in Hannaford or several of the hacking attacks directed at Sony.  It would seem that Zappos is unlikely to be on the hook for anything beyond being forced into providing identity protection and/or monitoring for its customers.  However, the cumulative effect of these data breaches and the class actions that inevitably follow will likely be greater data security within internet industries.
Bookmark and Share

 

Ad Age recently posted an article addressing the meteoric rise and overwhelming dominance of the smartphone.  At the end of this holiday season, over 50 percent of mobile phone users will be using a smartphone.  A year from now, that figure is projected to almost double, to 90 percent of mobile users.  Moreover, smartphone capabilities are growing almost as fast as their market saturation.  I regularly use my phone as a search tool, GPS, communications device (most of which centers on e-mail) and social hub, and I do not consider myself to be a “power user.”  Despite the amazing smartphone developments of the past 5 years, there are more on the horizon.  If the experts are right, we will soon be using our phones in place of our wallets, for identification and point of sale purchases.  Phones could be used to unlock and start our cars and to open our garage doors and set our home thermostats.  This week, conference attendees will be using the DRI smartphone App to keep track of their schedule and contact other attendees.  However, like most any “smart” device, the more we use our phones the more data we generate regarding our whereabouts, activities and lifestyles.

Attorneys used to subpoena cell phone records to see if litigants were on their phones at the time of an injury or during an auto accident.  Already, Historical Cellular Reconstruction (HCR) can be used to provide the history of a phone’s probable location, regardless of whether a user was actually on their phone.  HCR is not based on GPS data, but upon data and information maintained by the cellular provider related to a particular cell phone’s connection to a given cell tower.  Although HCR does not result in pinpoint precision, it can often place a phone within a very small vicinity.  If a user’s cell phone is turned on and the GPS is in operation, the precision increases dramatically.

Now attorneys look for information and material addressing whether a litigant was texting, surfing the web, on Facebook or taking one of virtually countless actions on their cell phones during the time of a given event, or in the hours and days leading up to a significant event.  Lawyers can use cell phone records to compare the location of a litigant to their claimed location.  This is particularly relevant where litigants, such as commercial drivers, are required to routinely log their position.  Records may indicate that an allegedly injured party went to an amusement park, or that an allegedly incapacitated person made a purchase.  The possibilities already seem endless, and as smartphone services continue to expand, so will the potential for using the resulting data in litigation.  As more and more opportunities are created by smartphone data, attorneys need to remain mindful of the fact that there may be data available that will impact their case.  

Bookmark and Share

 

E-Books v Paper Books in the Legal Community

Posted on October 3, 2011 02:28 by Chad Godwin

The legal community is beginning to take notice of the trend of moving away from paper and toward eBooks. Attorney Jean P. O'Grady recently blogged on the topic.  Ms. O’Grady concluded that the eBook model is a poor fit for the legal community.  

I am not sure that any type of legal publication needs to converted to an eBook format.  It is rare that I look to a hard copy of any legal authority.  Most law firms provide their attorneys with access to Westlaw or Lexis.  There are also a number of competitors that appear to be gaining a foothold, such as Loislaw, The National Law Library, Quicklaw America, Law.net and Versus Law. Westlaw and Lexis, along with similar on-line models, provide subscription-based services that allow users to include access to the materials that they view most frequently, with pay-per-incident access to the materials that are needed on occasion. These services provide access to virtually all mainstream legal authorities, including treatises and law review articles.  Moreover, they provide powerful search engines to access content in a quick and efficient manner.  Therefore, the majority of the legal community already has access to electronic information.  To the extent that lawyers are seeking portable access to that information, Westlaw created an application called Westlaw Next, which is available on the iPad.  Similarly, Lexis created iPad and iPhone applications that allow its users to access mobile content. It makes more sense to let internet and/or cloud-based services compile and update legal resources than to purchase separate copies that have to be stored locally. I agree with Ms. O’Grady and don’t see a big future for traditional eBooks in the legal industry.
Bookmark and Share

 

Damages Reduced Against MP3Tunes

Posted on August 30, 2011 03:26 by Chad Godwin

The American Lawyer recently reported on a decision by federal district court Judge William Pauley, III that is likely to have a lasting impact in the cloud-based storage and computing industry.  Cloud-based computing has been attracting increasing media attention this year, as Google and Amazon rolled out their cloud based music and storage services and Apple announced the availability of iCloud.  In 2007, recording giant EMI sued one of the cloud industry trailblazers, MP3tunes, for allowing users to access and store unauthorized music via its service.

The New York Times reports that MP3tunes allows users to buy songs online as well as add to the collections in their cloud based lockers by searching for songs being offered for free by unauthorized 3rd party providers.  Judge Pauley recently provided a highly anticipated summary judgment ruling noting that MP3tunes can be held liable for approximately 500 songs that EMI identified as being traded without authorization, but not for unauthorized content that users obtained outside of MP3tunes.  The Judge ruled that the Digital Copyright Millennium Act (D.M.C.A.) “does not place the burden of investigation on the Internet service provider.”  This affords the cloud-based business model protection, as “the D.M.C.A. shields online companies from copyright violations committed by their customers.”  However, MP3tunes’ went a step further by allowing its customers to use a built in search device to find and download free music from 3rd party sites, a service it calls sideload.  Judge Pauley ruled that the D.M.C.A. does not protect the company from what could be viewed as actively assisting its customers in obtaining and storing unauthorized music. The ruling should not have an impact on cloud based services that allow users to upload music and/or files that are already in their possession, such as Google Music and Amazon Cloud, or cloud services that negotiate special licenses from record companies, such as iCloud.  Notably, Google was among the companies that submitted amicus briefs in support of MP3tunes.


Bookmark and Share

Categories: Commercial Litigation | Technology

Actions: E-mail | Comments

 
 

Submit Blog

If you wish to submit a blog posting for DRI Today, send an email to today@dri.org with "Blog Post" in the subject line. Please include article title and any tags you would like to use for the post.
 
 
 

Search Blog


Recent Posts

Categories

Authors

Blogroll



Staff Login