Negative Attitudes Toward Encryption Linger

Did the Department of Justice unwittingly cause the current pathetically weak condition of U.S. computer security weakness?

Some would say that the Department’s treatment of leading encryption advocate Phil Zimmerman in the 90s, the government created a sort of cloud around the use of this common sense security practice. Through threats to prosecute those who developed and distributed strong encryption, the government discouraged vendors from making their products secure.

The case of United States v. Boyajian, 2013 WL 4189649 (C.D. Cal. 2013) (summary) is a great example. The issue was whether use of encryption meant it was more likely that the defendant had committed criminal acts?

The court decided that the encryption evidence carried a substantial risk of unfair prejudice to the defendant because it tended to prove that his character was dishonest and he did not respect the law due to the suggestion that defendant had a character trait for secretively flouting rules and social norms.

Wow! If I put a lock on my front door, it means I don’t want people, especially malefactors, entering at will. It doesn’t mean I’m a criminal. Encrypting my computer is no different.

The ill-considered DOJ policies from the 90s have left a legacy of ugly attitudes that have facilitated the wave of computer crime that threatens to engulf us today.

When Cutting Edge Ideas Go Mainstream, Part II

When I predicted in my 1999 book, The Complete Internet Handbook for Lawyers that the Internet would make outsourcing of legal work to India popular, people thought I was nutty.

What a difference 10 years made. Now the New York Times reports:

The number of legal outsourcing companies in India has mushroomed to more than 140 at the end of 2009, from 40 in 2005, according to Valuenotes, a consulting firm in Pune, India. Revenue at India’s legal outsourcing firms is expected to grow to $440 million this year, up 38 percent from 2008, and should surpass $1 billion by 2014, Valuenotes estimates.

“This is not a blip, this is a big historical movement,” said David B. Wilkins, director of Harvard Law School’s program on the legal profession. “There is an increasing pressure by clients to reduce costs and increase efficiency,” he added, and with companies already familiar with outsourcing tasks like information technology work to India, legal services is a natural next step.

When Cutting Edge Ideas Go Mainstream, Part I

When I published Blogs as a Disruptive Technology in Law Practice magazine a decade ago, my thesis that many law firms would be better off building their websites with blog software than with conventional website design technology was considered by many to be sort of nutty.

I’m pleased to see that an article in Law Practice Today (the online version of Law Practice) shows that the idea has now become conventional wisdom:

Quickly Making a Professional-Looking Website

Future Looks Grim for Passwords as Security Mechanism

Dark Reading has a great explanation for why passwords provide less protection than they used to. Here’s an excerpt:

During the past half-decade, three factors have fueled a renaissance in password cracking. While password-recovery programs have gained immense computational power by offloading the intensive calculations of dictionary-based and brute-force guessing to off-the-shelf graphics processors, users continue to use the same mnemonics to create passwords that seem secure while being easily memorized. Yet the insecurity of websites — from LinkedIn to Stratfor and from RockYou to Sony — has given researchers real-world lists of millions of hashes from which to uncover the systems that people use to create their passwords.

The result is that, at the same time that the power of cracking programs has skyrocketed, researchers are smarter at guessing the ways that users might create passwords, whittling down the lists of possible passwords. By creating better word lists and more intelligent methods of mangling real words and phrases, hackers and researchers can make an untenable computational problem much more feasible, said Olga Koksharova, spokeswoman for password-recovery firm ElcomSoft, in an e-mail interview.

Primer on Building Professional Relationships Online

Columnists Ken Chan and David Kemp join Tim Stanley, CEO of Justia, in How to Build Great Professional Relationships Online, an introductory article for Law Practice Today about social media for lawyers. Here are the trio’s comments about Google+:

Google+ is Google’s foray into the social networking space. Like the other networks, Google+ allows you to create a public profile, post and view updates and photos, and connect with people you know. Google+ is similar to a combination of Facebook and Twitter. It is like Facebook in that you can view others’ posts as a news stream with graphics and text, and like Twitter in that people can unilaterally choose to follow the updates of others on the network (in Google+ this is called adding someone to a circle).

While Google+ does not attract as many active users as Facebook, the network offers other important benefits. Setting up a Google+ profile can impact how Google presents your Web pages or blog posts in its search results. This is a compelling reason to be on Google+.  For example, if you publish an article online with the appropriate authorship markup, Google will display your Google+ profile picture and name next to the article in its search results. Associating your Google+ profile with your blog or Website can distinguish the appearance of your content from other search results, leading to more attention and visitor traffic.

As with LinkedIn and Facebook, be sure to completely fill out your Google+ profile, and make sure that at least your name, location, work, and education can be seen by anyone by setting it to “public.” Also make sure to include links to all of your other individual online profiles, as well as other online media properties to which you contribute.

Similarly to LinkedIn, Google+ sees the highest use by employees and executives in the technology sector, and thus technology- and IP-focused law firms stand to benefit most from this network. However, attorneys in all practice areas should take advantage of Google+ for its authorship and search benefits.

Finally, Google is also integrating Google+ with Google Places and Maps. It is important that you claim and fill out your Google+ business page with information about your practice.  You should also associate your Google+ business page with your website to share “+1s” between the two.

Creating Your Own Letterhead

Lawyerist caters to our do-it-yourself impulses with an article on creating your own professional-looking letterhead:

While you may have to use a commercial printer for business cards, you do not necessarily need professionally-printed letterhead. If you already have a logo, you don’t even need professionally-designed letterhead; you can just DIY.

This is especially true when you consider that most correspondence never gets printed, and a lot of correspondence does not go out on letterhead in the first place. This makes DIY letterhead an increasingly defensible choice. Using resources like Typography for Lawyers, a few Word tips, and perhaps a bit of well-placed graphic design help, you can design your own letterhead.

via DIY Law Firm Letterhead Using Microsoft Word.

Blogs v. Social Media

My friend Kevin O’Keefe’s Real Lawyers Have Blogs is a consistent source of good ideas about lawyer use of the Internet, with a post comparing the impact of social media and blogging a recent highlight. One anecdote in particular rings true:

One law firm marketing professional told me today that when he suggests Twitter with lawyers in his firm he gets a look like he is suggesting MySpace. In a presentation yesterday I asked an audience of about fifty lawyers how many use Twitter. One sheepishly raised his hand to shoulder height.

Some might discount Kevin’s perspective because his business supports blogs for lawyers. That would be a mistake. Kevin is right on target, as usual. Social media can have a big impact, but blogs provide advantages not possible through social media alone.

[A] blog is the only way you can demonstrate your knowledge, experience, and care. A blog establishes trust based on your empathy for your audience knowing what’s of value of to them.

A blog builds your influence in niche areas. First in the way we’ve always looked at influence, in a subjective way, ie, she’s an influence lawyer in the patent litigation arena. Second, and perhaps more importantly, influence for high rankings on Google, with its Hummingbird update.

There are any number of other advantages of blogging over other social media. Where do I go to find a record of your insight over the last three years without a blog? How do you share your ‘social media’ with a client via an email? I can strategically share a blog post by email. How do others cite you without a blog? How do people share your content without a blog?

In may last two trips to New York City I am seeing a growing trend in large law to focus on blogging at the expense of other social media/networks such as Twitter, LinkedIn, Facebook, and Google+.

Firms are seeing value in blogging. Blogging makes total sense to them. Leading lawyers have always written and spoken. Blogging feels like a natural extension of this form of business development.

Other forms of social media, though very effective as an adjunct to blogging, feel a little beneath a ‘lawyer’ to many firms. Right or wrong, they don’t want to jump into other social media right now.

Social media and blogs should complement and reinforce each other, but if you could only have one, most lawyers would probably be better off with blogs.

Create a LinkedIn Action Plan

There are good reasons why LinkedIn has become the overwhelming favorite social media tool for lawyers. Nobody understands this better than Dennis Kennedy and Allison C. Shields. The first edition of their LinkedIn book by was one of the better legal technology books I’ve read in years.

The Second Edition of LinkedIn in One Hour for Lawyers promises to be even better. For a taste of the benefits, check out the Law Technology Today excerpt, Create a LinkedIn Action Plan.

Is Security A Selling Point? Ask the Post Office

Does knowing how to use encryption and digital signatures when necessary give an advantage in the marketplace? Even 15 years ago some lawyers found this to be the case. With revelations of security breaches and systematic NSA monitoring, lawyers who know how to use encryption and its cousin, digital signatures, even more of a marketing advantage.

In an attempt to adjust to this new reality, the U.S. Postal Service has trademarked multiple encryption-related trade names:

One brand name filed Sept. 6, “United States Postal Service Digital Services,” would consist of, among other things, “tamper-detection capabilities” for safeguarding electronic documents, audio and videos.

A more generic “United States Digital Services” trademark, submitted for consideration on Aug. 16, would include fax transmissions “featuring encryption and decryption.”

The name also would cover “electronic mail services in the field of financial transactions,” which presumably could generate Wall Street sales for an agency that has lost $3.9 billion so far this fiscal year.

The filing proposes verifying the identities of people transmitting information — and, vice versa, confirming intended recipients have received unadulterated information — through a practice called “security printing.” The technique codes identification information on valuable documents and products.

Much more on this important issue later.