Why the Cloud is the New Electricity–and What it Means to Lawyers

ABA TECHSHOW 2020 will be held  this year in Chicago on February 26 – 29, but the show’s blog is up and running. This month it features a link to an interview with cloud expert Andy Wilson in podcast and transcript formats. The topic is “The Cloud is the New Electricity–and What it Means to Lawyers.”

Here’s Wilson’s take on the security issue:

Well, ironically, I guess that most of the cloud providers that are coming to their door are orders of magnitude more secure than the way that they are handling data. There’s been a couple of studies that have been put out around law firm cybersecurity risk and 80% of Am Law 100 law firms have already been hacked; you probably heard of some of the biggest ones, DLA Piper was shut down for an entire week.

And one in four law firms, which 80% of law firms are fewer than 10 attorneys, have been breached, but they probably don’t know it because they don’t have the technology to even detect an intrusion.

Whereas a cloud service, what a cloud is offering is trust, like hey, listen, trust us to host your data because we have a team of engineers that are monitoring for detection, we have a software enabled that’s monitoring for intrusion detection, we have encryption at rest, we have SOC 2 Type 2 certifications, we have all these things. But fundamentally what they are selling is trust, and there’s ways to verify that trust if you are a law firm.

Most of these companies are going to have a security page where they list all their certifications, you can ask for copies of their SOC 2 Type 2, which is a big difference than a Type 1 certification, not just what Amazon provides. You can’t get by with that. I wouldn’t trust that, because obviously Amazon’s data center is SOC 2 Type 2 certified, amongst other things, but maybe the vendor selling the services hasn’t actually achieved a level of SOC 2 certification on their own, which is a red flag. So you can test that.

If you want to — if you are spending a lot of money in these cloud services, you can hire 10 testers, almost like white hat hackers, where they will try and penetrate the production environment of this cloud service. I wouldn’t recommend that for anything. If you are not going to spend $100,000 or more a year in these services, you probably can’t afford that.

Training Tip 6: Lessons from Movie New Year’s Eve

New Year's Eve Poster.jpg

We begin the new year seeking inspiration from an oldie-but-goodie 2011 movie, New Year’s Eve. Despite its star-studded cast that included Robert DeNiro, Hillary Swank, Michelle Pfeiffer,  Halle Berry, Ashton Krutcher and many others, this movie met with critical disdain (including a pathetic 7% rating at Rotten Tomatoes) and limited success at the box office. A romantic comedy in the Love, Actually and Valentine’s Day mode, it was less successful than those films.

One part of the movie met with success, at least in this quarter. Near the middle of the movie, the machinery that raises and lowers the ball for the iconic Times Square ball drop turns balky. The assembled crowd is worried that their fun will be spoiled.

The character portrayed by Hillary Swank is asked to take the microphone and give the crowd an update. Everyone is expecting reassurance. The Swank character provides more: Inspiration. She goes beyond the immediate crisis to exhort the audience to approach the holiday in the right way. The audience received not just reassurance but vision:

And as you all can see, the ball has stopped half way to its perch. it’s suspended there to remind us before we pop the champagne and celebrate the new year, to stop, and reflect on the year that has gone by, to remember both our triumphs and our missteps, our promises made and broken, the times we opened ourselves up to great adventures… or closed ourselves down for fear of getting hurt, because that’s what new year’s all about , getting another chance, a chance to forgive. to do better, to do more, to give more, to love more, and to stop worrying about what if… and start embracing what will be. so when that ball drops at midnight, and it will drop, let’s remember to be nice to each other, kind to each other, and not just tonight but all year long.

IMDB.com

Let’s resolve that during the coming year, we’ll all try to give our audiences more. Let’s resolve to give students engaging material that will not just inform but inspire.

We will be doing the best we can to support you in this effort by providing useful resources through this Training Tips column.

Training Tip 5: What Not to Do (The Gettysburg Powerpoint Presentation)

Peter Norvig’s clever demonstration of how computer slideshow software would have mangled the Gettysburg Address provides more than its share of laughs, but there is also much to learn from it.

In an accompanying essay, Norvig seems to suggest that Powerpoint presentations are always bad.  Antipathy toward slide shows is understandable: A large majority of the ones I’ve seen have been poorly done. 

However, it’s important to keep things in perspective.  Slide shows are merely tools.  They can produce good results or bad results, depending on the skill of the workman. 

One of the goals of Training Tips is to help trainers make sure their presentation skills are workmanlike.  We will be devoting multiple columns toward helping you come up with high quality audiovisual aids, including slide shows. 

Off the Clock: Prospects of Trump Conviction

The conventional wisdom is that a divided Senate means impeaching Trump is next to impossible. I’m not so sure. I believe there is some risk to Trump, and that things could turn against him rapidly.

If all Democratic Senators vote for conviction, they would only need to flip 20 Republican Senators to reach the 2/3 majority needed to convict.

Most Republican Senators are sophisticated enough to recognize that Trump is a blowhard and loose cannon. They would much prefer to go into the 2020 election united by Mike Pence, someone they consider more stable and electable.

The problem is that while most Republicans Senators despise Trump, they are afraid of him, or more accurately, Trump’s base. If there were an anonymous vote, Trump would be convicted.

As noted by Politico, an anonymous vote is a possibility. A bare majority of the Senate can set the rules. If this were to happen, getting the needed 20 Republican votes begins to look very possible. As Politico explained:

[I]t’s not hard to imagine three senators supporting a secret ballot. Five sitting Republican senators have already announced their retirements; four of those are in their mid-70s or older and will never run for office again. They might well be willing to demand secrecy in order to give cover to their colleagues who would like to convict Trump but are afraid to do so because of politics in their home districts. There are also 10 Republicans senators who aren’t up for reelection until 2024 and who might figure Trumpism will be irrelevant by then. Senators Mitt Romney and Lisa Murkowski have been the most vocal Republicans in expressing concerns about Trump’s behavior toward Ukraine.

More good news for the Democrats: Monolithic support for Trump is less likely in the Senate. House district boundaries can be drawn to make seats “safe” for a Republican. Senators are more vulnerable, because it’s not possible to gerrymander a state. Senators have less reason to be afraid of Trump’s base, which remains a minority of the country as a whole.

As Politico concludes:

A secret ballot might get Trump out of office sooner than everyone expects: The sooner any three Republican senators make clear that they will support nothing short of a secret ballot, the sooner Trump realizes his best course could be to cut a deal, trading his office for a get-out-of-jail-free card—a clean slate from prosecutors—just as Vice President Spiro Agnew did. And if Trump were to leave office before the end of the year, there might even be enough time for Republicans to have a vibrant primary fight, resulting in a principled Republican as the nominee.

All in all, Trump may be more vulnerable than he initially appears.

My Shingle 17th Anniversary

Carolyn Elefant’s My Shingle is celebrating its 17th anniversary. I remember with pleasure working with her as a co-presenter at a Maryland Bar Association CLE program many years ago.

Carolyn’s blog served as an inspiration to countless lawyer blogger wannabes. It also helped her to established her as a force to be recognized in the legal world, building an versatile, enviable career, as evidenced by her LinkedIn presence.

Kevin O’Keefe, of Real Lawyers Have Blogs, would be proud of her.

 

Bob Ambrogi’s Random Tips for Writing Better Blog Posts

Veteran Net lawyer Bob Ambrogi‘s post Some Random Tips for Writing Better Blog Posts has some tips that will benefit even experienced legal bloggers. Many of Bob’s tips deal with the best way to write for a non-legal audience, but some apply just as well to writing for other lawyers. Here’s an example.

Don’t bury the lede. I often see posts that start with something like:

“On June 1, 2019, the Supreme Court decided the case of Smith v. Jones, ___ U.S. ___, on appeal from an en banc decision of the 1st Circuit Court of Appeals.”

Later – maybe in the same long paragraph or lower in the post — it goes on:
“This is the most important decision ever in the area of widget law and will require manufacturers to make major changes in their business processes.”

Why make me wade through the muck to find the flower?

Thanks, Bob. I hope I never get too old to learn, and I’ll be trying to follow your advice in this and other matters.

Off the Clock: Trump, Dingell and the Press

Nancy Pelosi’s reaction to Trump’s disrespectful comments about the late John Dingell hit exactly the right note. It was the mainstream media’s reaction that missed the mark. Once again, they let Trump play them to his advantage.

It’s not news that Trump is a jerk. The impeachment of Trump yesterday was historic news. The mainstream media let Trump distract them from what really mattered. Every minute spent talking about Trump’s crude insult of a dead man meant one less minute that should have been devoted to the real news: A President was impeached.

This is even worse because Trump’s tasteless remarks helped him with his base, who adore him precisely because they like his ability to “trigger the libs.” The mainstream media inadvertently did Trump a favor by amplifying his message.

Trump will continue to get away with murder so long as the mainstream media allow themselves let his antics distract them from what matters most.

Password Mangers: What to Look For

PC World has a review of password managers (they like Lastpass), but perhaps more important, they provide a list of reasons to adopt one of these products:

  • Password generation: You’ve been reminded ad nauseam that the strongest passwords are long, random strings of characters, and that you should use a different one for each site you access. That’s a tall order. This is what makes password generation—the ability to create complex passwords out of letters, numbers, and special characters—an indispensable feature of any good password manager. The best password managers will also be able to analyze your existing passwords for weaknesses and upgrade them with a click.
  • Autofill and auto-login: Most password managers can autofill your login credentials whenever you visit a site and even log you in automatically. Thus, the master password is the only one you ever have to enter. This is controversial, though, as browser autofill has long been a security concern, so the best managers will also let you toggle off this feature if you feel the risk outweighs the convenience.
  • Secure sharing: Sometimes you need to share a password with a family member or coworker. A password manager should let you do so without compromising your security.
  • Two-factor authentication: To an enterprising cybercriminal, your password manager’s master password is as hackable as any other password. Increasingly, password managers support multi-factor authentication—using a second method such as a PIN, a fingerprint, or another “trusted device” for additional verification—to mitigate this risk. Choose one that does.
  • Protection for other personal data: Because of how frequently we use them online, credit card and bank account numbers, our addresses, and other personal data can be securely stored in many password managers and automatically filled into web forms when we’re shopping or registering an account.

Password generation: You’ve been reminded ad nauseam that the strongest passwords are long, random strings of characters, and that you should use a different one for each site you access. That’s a tall order. This is what makes password generation—the ability to create complex passwords out of letters, numbers, and special characters—an indispensable feature of any good password manager. The best password managers will also be able to analyze your existing passwords for weaknesses and upgrade them with a click.