Category: Technology

EthicsLaw Practice ManagementTechnology

Guarding against Inadvertent Disclosure: Properly Remove Metadata and Redact Before Transmitting Digital Docs.

image   by Sheila Blackford    ©2015

Guard against inadvertent disclosures by properly removing metadata and redact confidential information before transmitting those digital documents.

Some lessons are so important, they bear repeating. For years the Practice Management Advisors at the PLF and through out the USA and Canada have cautioned lawyers about scrubbing metadata from documents.

Here is a brief snippet from my May 2006 Oregon State Bar Bulletin Managing Your Practice article, Metadata: danger or delight?

“…Much hype has surrounded metadata ever since the March 4, 2004, CNET News.com disclosure that SCO Group’s lawsuit against defendant DaimlerChrysler for alleged violation of their Unix software agreement was initially prepped as a lawsuit against Bank of America for copyright infringement. You may have enjoyed the benefit of using a suite of programs like Microsoft Office, especially because it is easy to pull data from one program into another, such as copying part of an Excel worksheet into a Word document. However, if you do this from the Edit menu using the “Paste Special” feature and selecting “Microsoft Excel Worksheet Object,” you may be in for a surprise. Double-click on the Excel worksheet object in your Word document and you’ll discover that the entire worksheet document is visible, including other worksheet tabs that may contain sensitive information. The entire Excel worksheet is known as an embedded object and is metadata that travels with the Word document. Thus, the full Excel worksheet can be viewed by the receiver of the Word document, even though you didn’t intend that result. The detriment of exposing more that a select portion of an Excel spreadsheet may be exponential if the additional figures pertain to your negotiation strategy on settlement offers or disclose profit projections for complex financing plans.

In complying with discovery requests, you are required to provide only the documents and data set out in the discovery demand. Beware — if supplying electronic versions of your documents — that you are not providing more information than required by inadvertent disclosures in document metadata.”

And a year later, then OSB General Counsel now Executive Director Sylvia Stevens warned lawyers about the perils of being unaware of metadata and referenced the August 2006 ABA Formal Opinion 06-442 Review and Use of Metadata in her April 2007 OSB Bulletin Bar Counsel article, Metadata: Guarding Against the Disclosure of Embedded Information.

“The ABA opinion stands as an important reminder that it behooves lawyers to learn and understand technological advances that are integral to their practice so that they do not inadvertently send information that they might later wish they had not.”
 

And a few years ago, OSB General Counsel Helen Hierschbiel cautioned lawyers about the perils of inadvertent disclosures when sending documents electronically in the June 2012 OSB Bulletin Bar Counsel article, Revealing Bits & Bytes:
Guarding (and Exploiting) Metadata
.

“Two rules inform a lawyer’s duties when sending documents electronically. Oregon RPC 1.1 requires a lawyer to provide competent representation to a client, meaning the lawyer must possess the “legal knowledge, skill, thoroughness, and preparation reasonably necessary for the representation.” In addition, RPC 1.6(a) requires a lawyer to “not reveal information relating to the representation of a client.” “Information relating to the representation” is a defined phrase under RPC 1.0(f) and includes both information that is subject to the attorney-client privilege and other information gained during the course of the representation that the client has asked be kept secret or the disclosure of which would be embarrassing or likely to be detrimental to the client. With these two rules as a backdrop, the OSB Legal Ethics Committee concludes that competency in relation to metadata requires a lawyer who uses electronic communications to maintain at least a basic understanding of the technology and the risks of revealing metadata or to use adequate technology support. OSB Formal Op. No. 2011-187.”

To safely redact confidential and/or protected information when producing discovery or eFiling, be sure to use Adobe Acrobat XI Pro and follow the easy steps I shared in my June 2012 OSB Bulletin On Professionalism article, Easier Acrobatics: New Adobe Features Especially Appreciated by Attorneys.

“How to Remove Visible Data or Do Redaction from PDF Files in Four Easy Steps:

This can be done in Acrobat XI Pro only.

1. In Acrobat XI, choose Tools > Protection.

2. Click Mark for Redaction.

3. Go through your PDF and highlight the text or images you want to redact.

4. Click Apply Redactions. Acrobat permanently deletes the selected information from the file, replacing it with black blocks or other formatting of your choice.”

Why all the concern? Lawyers are continuing to trip when they should be treading carefully, as stressed in this Law360 post: E-Filing Error Can Destroy Trade Secret Status that you can read in its entirety with a free 7-day subscription.

 “First rule of thumb in trade secrets litigation? A trade secret must be kept secret. It is painfully obvious, but modern practitioners must not grow complacent due to the convenience of electronic filing. Although trade secrets law does not command absolute secrecy, a recent e-filing snafu in HMS Holdings Corp. v. Arendt offers a cautionary tale from New York on how one botched upload could jeopardize a client’s most prized possession.”

Make no mistake, ABA Model Rule 1.1 specifically addresses the need to be competent when using technology, see the December 2013 Your ABA article Duty of Competence in the 21st Century

Model Rule 1.1:

Client-Lawyer Relationship
Rule 1.1 Competence

“A lawyer shall provide competent representation to a client. Competent representation requires the legal knowledge, skill, thoroughness and preparation reasonably necessary for the representation.”

Comment 8:

Maintaining Competence

[8] “To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology, engage in continuing study and education and comply with all continuing legal education requirements to which the lawyer is subject.”

Be safe out there!

Law Practice ManagementTechnology

Tech When an Upgrade isn’t an Upgrade

image  by Sheila Blackford   ©2014    I recently went through tech trauma that I want to share with you so you don’t need to repeat my experience. I had an iPhone 4S. Yes, I know, old technology replaced by cool technology I wasn’t yet ready to pay for. I knew I wanted to hold out for iPhone 6 and was waiting for Verizon to make me an offer I couldn’t refuse. Meanwhile, I dutifully upgraded iOS until coming up against messages that I lacked sufficient storage size. The lure of promised “security fixes” compelled me to action. Darn! After awhile, I finally sighed and proceeded to dump apps and photos and anything that I could delete so I could download the memory-hogging upgrade. My battery life became shorter. Then my charging cord didn’t seem to work well. Tried other outlets, other charging cords. Puttered on.

Last week I flew down to see my family in California. While watching Breaking Bad on Netflix with my sister who is evidently the only one in her house who didn’t see it, I noticed my iPhone was completely out of juice. So plugged it in. Red skinny bar. Showed charging zag but obviously something wrong. Tried various charging methods. Next morning still no juice. Made trip to Verizon. Verizon let me know that the upgrade messed up my battery. Nice Apple! How about telling us that we can’t upgrade the older 4 iPhone with the newer 8.12 iOS as we take your word that we need to upgrade. But I digress.

The Verizon store could examine my phone but would need new battery to do so. $99 to look at what is wrong with phone or $199 to buy new iPhone 6. Not much of a decision dilemma! Traveling without iPhone, felt like I was near amnesiac in a foreign country! Verizon only had an iPhone 6 Plus which was ridiculous to hold for phone in my hand. Couldn’t switch to any other Droid phones because I am too locked up in Apple. So off to Apple Store.

Meanwhile, I am stressing because this has changed from a “quick errand” before heading to a comedy show with my sister to a major time consuming process as Apple Store filled with post-storm Christmas shoppers wanting to get their Apple goodies or kill time. Big problem. When I get stressed, my memory winks out. What is my password? What is my Apple ID? Everything important was saved in my eWallet app on the dead iPhone 4s. Yes, I have another eWallet on my MacBook Air and iPad which are home in Oregon. Husband at work so no one could help.

Got reunited with Apple ID. Went over to another Apple Care Station to download a restore of my old phone’s data from the iCloud. Can’t believe my luck! I will have a better phone and all my old phone stuff including that eWallet app with the keys to my digital life in there. But, the storm affected the iCloud per the Apple munchkins. So after 4 attempts they sent me off with a iPhone 6 with my phone number. The attempted restores from iCloud put older contacts and apps on phone. Good enough until I could get home to Portland to safely wipe new phone and attempt to do a full restore from the iCloud. Happy to report success! It worked and everything back. Thank you, God of Technology!

But some lessons. That eWallet app to store passwords and user names is nice BUT if it is on a phone that becomes inaccessible due to dead battery or damage or being lost or stolen, you are out-of-luck. Yes, I had it on 2 other locations – lap top and iPad–but the problem is what if you don’t have access to those other things? Or there is some urgency? My sister has all her passwords written down. A jumble. Not a good solution either in my opinion but she’s my older sister and I can’t convince her. There are other apps that include access to your passwords via the internet. Might help. But then again, might have lack of internet. So think about your own situation. Gives you a headache doesn’t it?

So the lesson I started with is that upgrade may not be an upgrade for you. Especially if you don’t have the latest device. Maybe check suitability before hitting the “Upgrade Now” button lest it be the last thing you see on your tech tool. Maybe just go have an eggnog and be glad with me that I am home with a new phone with old important stuff on it thanks to backing it up.

Happy holidays!

Law Practice ManagementTechnology

A Warning About Browser Hijackers

image  by Sheila Blackford   ©2014    This past week, I purchased software for my  laptop.  I elected to download the software instead of waiting for the program CD to be sent. But that wasn’t the problem. The problem was electing the option: Install Normal instead of Custom Install. Normally, you wouldn’t need to do a custom install. I never did and you, too, likely may not have customarily used Custom Install.

This is what happened and why I recommend you do Custom Install in the future.

My program installed nicely. WinZip Pro. It is a ‘reputable’ file compression program recommended by CNET. Should be fine, right? Well, the company decided to add some other things in the Normal Install.  I got a browser highjacker: My SearchDial Toolbar and start.mysearchdial.com.

“Hey! Where’s my homepage???”

I kept getting start.mysearchdial.com instead of the homepages I had set. I put start.mysearchdial.com into Google, and found out what it was and how to remove it. Thank you  blogger, Stelian Pilici for your June 1, 2013 blog post Remove Start.MySearchDial.com hijack (Removal Guide) on the blog Malware Tips Your Security Advisor. Mr. Pilici says:  “Start.MySearchDial.com is a browser hijacker, which is promoted via other downloads, and once installed it will add MySearchDial Toolbar, and change your browser homepage and search engine to Start.MySearchDial.com”

His instructions are straightforward and I quickly had it removed from both Internet Explorer and Chrome – it was attached into both browsers. The instructions are hyperlinked above for you.  Hopefully, companies like WinZip won’t continue this practice. And hopefully, CNET will post warnings about what is contained in the formerly innocuous, Normal Install. Do your friends, families, and colleagues a favor – pass the word.

 

GeneralTechnologyUncategorized

Rumpelstiltskin! What is the darn password again!

 

JEL23652-Blackford, Sheila P3 (2)    by Sheila Blackford  ©2013   Believe it or not, the most common password is the word password. Before feeling smug about that unique password you created, think about how many sites where you have used it. Fess up; you are not alone. The aggravation of forgetting a password has led many people to use one password everywhere. The danger is that if a hacker comes upon your password and a list of your accounts, the hacker can try to enter these other accounts with the password already known. How could this happen? I will share my own experience about when my personal gmail account was hacked.

I must fess up: I used one password on all non-financial related sites. The Gmail Hacker got into my gmail account, looked around in my in box and pulled up my Facebook account email. How did I find out? The Gmail Hacker began getting emails sent to my gmail address. Discovering what had happened, I changed my gmail password to a unique strong password then tried to deal with Facebook. I contacted Facebook to report I had been hacked and wanted to insure that the Gmail Hacker would be shut down out of my Facebook account. I also changed my Facebook password to be another unique strong password. To my aggravation, I periodically get emails from Facebook addressed to the Gmail Hacker asking to return to Facebook. I delete these emails, uttering a curse upon Facebook for ignoring my report of being hacked by this person(s). My hacker did not go by the name Gmail Hacker but I do not want to add to his/her hacking ego by repeating it.

So lesson learned. Use a strong password, strong because it’s length and complexity render it difficult to breech. Many sites now have a password strength meter to check how strong this password choice is compared to safety guidelines. Current security standards show that a safe password should be a minimum 16 characters long made up of upper and lower case letters, numbers and symbols. Your safest course of action is to use a password generator otherwise human nature resorts to a pattern that a hacker could figure out. Randomness and unpredictability are qualities that will keep your password safe(r).

Jotting your list of passwords on a post it and and sticking it on your computer monitor is not a good practice at the office or even at home. There are a number of good password keeper programs or apps that are very helpful. Be sure to create a long, complex, random and unique password to access your password keeper. Google password keeper and you’ll see there are password keeper apps for iPhones, iPads, android devices, web-based, or downloadable to your laptop or desktop. Some you might want to check out include Password Keeper (www.password-keeper.net), KeePass Password Safe (www.keepass.info.com), RoboForm (www.roboform.com), LastPass (www.lastpass.com) and eWallet (www.illiumsoftware.com/eWallet/). Whichever password keeper you use, keep it safe with its own unique password.  Now get busy changing all those unsafe passwords!