Privacy? What Privacy?

When Phil Zimmerman first released PGP (“Pretty Good Privacy”) in 1991, he was harassed by the U.S. Government for several years, which threatened to sue him under the Espionage Act, more or less on the grounds that keeping secrets from the government could be beneficial to “the enemy” (whoever that happened to be at the time).

Government attacks on privacy were of course massively expanded after 9/11, and the Obama administration has expanded them even further. In April, the House of Representatives passed a Cyber Intelligence Sharing and Protection Act (CISPA). The Act provides legal authority for the National Security Agency and Department of Defense to obtain detailed and sensitive personal information over the Internet without first obtaining a search warrant. It also provides immunity to companies that convey such information to the Feds.

This dramatically expands the “warrentless wiretaps” already in place. In fact, the phone and cable companies have been turning a nice little profit selling kits to police agencies to make it easier for them to tap into people’s communications, web browsing habits, etc.

That this has not led to more significant objections is in part due to the “Facebook culture” which seems to be dominated by people who never had a thought they didn’t express and who don’t mind having their intimate details available to the whole world. Sexting writ large.

An additional factor is that functions of the Internet that make it easier to use (tracking, cookies, etc.) also enable the Googles of the world to track all the places you go and things you see. You can have a greater degree of privacy (anonymous web browsing, entering all your passwords every time you access a program) at the cost of greater inconvenience. That’s a tradeoff most people (myself included) are not willing to make.

If George Orwell’s Big Brother were watching, he would be on the short end of a sibling rivalry. A psychiatrist friend of mine used to tell me that his favorite patients were the paranoid ones because “they have a good grasp of reality – they think the Government is out to get them.”

Cloud Storage Is Not the Same as Backup

As cloud storage becomes more popular, I see many people referring to it as “backup” (including cloud vendors). This is somewhat misleading.

Cloud storage backs up files (which is better than nothing), it does not back up your computer. It does not back up any programs you use, configuration, etc., not to mention the basic operating system.

So when your computer dies (which it will, although if you regularly schedule upgrades at about 3-year intervals, you might get lucky), you have to set up a new computer and reinstall all your programs before you can get at your file. True, in a pinch you might be able to access them from a different computer, but you are still looking at a significant amount of work to set up a new computer.

A full system backup, on the other hand, lets you restore your entire system in an hour or two. 

I am in the process of replacing all my Windows XP machines with Windows 7, and it takes me about 2 days work to re-install and re-configure a PC. (Yes, I know there are programs that simplify the task, but I prefer doing a fresh install, eliminating old or unused version, or taking the opportunity to upgrade some software).

So in addition to cloud storage, I would strongly recommend an actual backup program such as Acronis.

The Thin Line Between Security and Stupidity

I recently decided to bite the bullet and upgrade my system to Windows 7, including replacing my peer to peer network with a real server. That way, I’ll be all set for several years and can avoid Windows 8 which promises to be more or less a disaster for people like me who work primarily at desktops or laptops (as opposed to smart phones or iPads). The most recent news being that Windows 8 will not play DVD movies without an extra expense. Also in line with the principle of avoiding every other release of Windows.

The first issue that comes up with Windows 7 is security. The general principle behind all security issues is the more secure you make a system the more of a pain it is to use. This is compounded by Microsoft’s drive to make it easier to do simple and easy things with its programs, resulting in making it more difficult to do complex things with them (look at Word 2010). Passwords are the tried and true case in point: it could be argued that a firm where all users have the identical password of “Password123" don’t really have passwords at all, although they are certainly easy to use. So requiring real passwords provides actual security despite the “inconvenience.” On the other hand, IT types who create “strong” passwords that are so complex people write them down on a piece of paper and tape it to their monitors are equally worthless (I once had a client where one user had no less than 8 passwords taped to his monitor).

The first thing I did was to disable the User Account Controls. If you never make any changes to your system, this is not annoying. But if you are frequently changing things (as I am, as a consultant), it is very annoying and can interfere with installing some programs. Get rid of it (most consultants I know disable UAC).

The second annoyance was: I create a shortcut on the desktop. Every single time I run the program it asks me if I want to run it. Yes, I want to run it, why do you think I created the shortcut?  There is supposed to be a way around this using the Policy feature, but I could never figure out how to make it work (harder to do complex things).

Some directories are not available, even if you are logged in with admin rights. What sense does that make?  A partial workaround is to right-click on any shortcut and select “run as administrator.” For example, I had to set up an IIS server and was bedeviled with repeated claims that I lacked rights, even though I was the server administrator. The whole thing was a nightmare and took over an hour when it should have taken about 15 minutes.

The Microsoft mantra sometimes seems to be: “You want secure, OK, we’ll give you secure. And then you’ll be sorry.” My wife just got a new laptop with Windows 7.  Her reaction: “Why can’t I get XP. This is so HARD.”

Lastly, any discussion of security inevitably comes around to computer “security” on airlines. The TSA requires putting laptops through separately when you pass security, but not iPads, smartphones, tablets, etc.  What sense does that make?  A recent article in the New York Times seems to hit the nail on the head. The author quoted a security expert who has worked with the Department of Homeland Security: “He said that the laptop rule is about appearances, giving people a sense that something is being done to protect them. “Security theater” he called it.” This is reinforced by recent reports that airlines are trying to get permission for pilots to use iPads instead of physical documentation in the cockpit. So iPads will be safe for Pilots to use but not safe for passengers?

Digital Assets

In my parent’s time, you put all your important papers in a bank safety deposit box and made sure somebody had the key and authorization. In a digital age, that just doesn’t cut it any more. 

A typical user will have multiple digital accounts, passwords, etc.  So just as it is imperative to leave a health care directive for use in the event you are incapacitated, a “digital will” can be critical.

Sharon Nelson provided an extremely useful outline of what digital provisions might look like in her blog Ride the Lightning. In addition, if you have a list of passwords somewhere (make sure they stay current) or a master password program, make sure your executors know where they are.

Google and Cloud Storage

There has been a bit of an uproar over Google’s Terms of Service associated with its entry into the Cloud Storage field.  Sharon Nelson argues that this is exaggerated in her blog Ride the Lightning. 

Be that as it may, it is a good thing that people are paying more attention to terms of service and the details of what is secure and what isn’t in the Cloud.

A useful summary of competing options is contained in an article by Chris Preimesberger on eweek. Most of them have free options, and cost around $5-10 per month for 50-100 GB of storage.

Schiller on Stupidity

    “Against stupidity the very gods
    Themselves contend in vain.”
               Schiller, The Maid of Orleans (1801)

Schiller and Goethe (and slightly earlier Lessing) were the greatest literary figures of the German enlightenment in the late 18th century.

"Windows Frankenstein"?

Tom Rowe posted a lengthy comment to my Windows 8 post. As the topic is ongoing, rather than bury a reply there, I thought I would continue the discussion here.

While most of the initial reviews of Windows 8 have been extremely favorable, they are all based on the assumption of tablet-based computing. Longtime Microsoft defender J. Peter Bruzzese in his InfoWorld column refers to Windows 8 as “Windows Frankenstein” and says it is “barely usable.”

Woody Leonhard, who I depend on for telling it like it is for all things Microsoft, refers to it in his review as a “Dr. Jekyll and Mr. Hyde” application — but without being certain which part is which. “In my experience, with rare exceptions, longtime Windows users don't like Windows 8" he says and adds “If you aren't planning to get a touch-enabled tablet any time soon, Windows 8 should be near the bottom of your wish list.”

Windows 8 Is Coming! Windows 8 Is Coming!

Reviews of various features of Windows 8 are starting to trickle in. It seems clear that it is consumer and tablet-oriented. The main interface is a touch screen – which will no doubt give rise to a whole new category of carpal-tunnel-like injuries as people try to reach out and touch the screen from the chair in front of their desktop PC.

But if tablet-oriented users will probably like it, chances are the desktop-oriented will hate it. The start menu is gone as is the start button, there is no multi-tasking, no start menu, can’t close apps easily. It is unclear how it will deal with multiple screens. The “legacy” Windows 7 interface isn’t even available yet. Without the Windows 7 interface, Windows 8 will be essentially unusable for all those people who currently have 30-50 icons on their desktop. Will Windows 8 be another Vista?

I thought one reviewer captured the essence:  “I hate Windows 8 a lot. For the average, somewhat proficient user, Windows 8 hides all the things that makes Windows 7 so useful. Windows 8 seems to be designed specifically for tablets, for which it will be a great OS. However, for those of us who want to use computers to make documents, presentations, spreadsheets and graphic editing, Windows 8 will annoy us to no end. ”

Windows 8 is likely to be available around the end of 2012/early 2013. So my plan is to replace all my trusty XP machines with Windows 7 this spring/summer (the support plan for them is expiring about then anyway), so that I can avoid Windows 8 as long as possible.

Keystroke Shortcuts

Keystroke Shortcuts are so called because they are “shortcuts” – they save you time. Hitting a couple of keys is much more efficient than moving the mouse around.  When I use them during demos, people are always asking:  "How did you do that?"  So here are some of the ones I use most often.

Ctrl-O        Open
Ctrl-S        Save
Ctrl-P        Print

Ctrl-F4      Close document
Alt-F4       Close program

Ctrl-C        Copy selected Text
Ctrl-X        Cut selected text
Ctrl-V        Paste copied or selected text

Ctrl-N        New document (or email)

Ctrl-F        Search (Find)

Search Strategies and Paradigms

How do you find information, documents, emails, etc. that is stored on your system?  Interestingly, although many attorneys have become proficient in using Google, LexisNexis, Westlaw and similar tools, they are at a near-total loss when it comes to finding information stored on their firm’s servers in a document management system such as Worldox. Why is this and what can you do about it?

First consider various search paradigms. If you think of your document store as a huge book, how do you find information?  You could read everything – much too slow and not practical. You could scroll through the table of contents represented by the directory structure(s) in which documents are stored. This is better, but still very slow and the structures created by different users may be wildly inconsistent. Lastly, you could use an index of your documents and the text in them. This is obviously the best approach and is the solution that document management systems provide.

Proponents of a “do it yourself” approach to document management argue that a well-defined directory structure, typically organized by client, matter and type of document, with document names starting with a date in the format 2012-02-07 can provide an adequate substitute for a “costly” document management system. Even without a conscious rationale, many users substitute for an index by creating extensive systems of directories and subdirectories. This is useful for an individual user, but may be more or less impenetrable to anyone else who needs to find a document. Further, this sort of system will not scale very well. It will rapidly become cumbersome for hundreds of clients, not to mention thousands.

A document management system such as Worldox takes the equivalent of a directory structure (client/matter/document type and sometimes other information) and organizes it into an index. When combined with the ability to full-text search documents, this provides more reliable, faster and much more powerful searching to a degree that is simply not possible when based on a directory structure. To take just a couple of examples:

• Search across all clients for pleadings containing certain words (e.g., “thumb within 10 words of amputate”)
• Search for documents done within a given time span.
• Search for all documents for a given client except for emails. In an era where emails can overwhelm people, this can be critical. For example, I have 726 documents in my system for one long-standing client. Not very useful in terms of a search. But if I search for all documents but NOT emails, I am down to 105, which is much more manageable.
• Search for all emails To John Doe containing certain terms.

The index that is provided here is in what is known as a “silo.” That is, you have to specify certain criteria before you do the search. Silos are somewhat in ill-favor by those in the “knowledge management” world. Some programs, such as Worksite, claim to offer an over-all search of all information on your system (for a fee). And it would appear that Google does the same thing – you just put in more or less free-flowing search information and get results back.

But in fact, Google constructs a personalized “silo” for each user without telling you, based on the location of your IP address, the Cookies on your computer, your past history, etc. A truly free-form search would return much too much information (like those 15,000,000 hits that pop up in Google, of which you only ever look at the first page or two). In fact, Google has publicly integrated this into its “privacy settings” so that starting March 1, it keeps all your information from all your sources – Google email and documents, Picassa, Google +, YouTube, Google Maps, etc.  and applies it to all other sources. And, unless the uproar dies down and Google retracts, there is no way to opt out. Google will control you.

In addition, Google will now sort new searches based on old searches. This strikes me as an extremely backward approach, since it will likely result in having access to an ever-more restricted set of information. You will be searching on a shrinking amount of data, not an expanding one that will find new things you had not considered before.

So most document management systems, one way or another, employ silos: you have to minimally define what it is you are looking for in order to construct a search. However, I do not see this as an issue, since most attorneys have some idea of what they are looking for – certain terms in a documents, certain types of documents, a date range when they were done, etc. 

Many users want a document management system to mimic their prior directory-based “table of contents” approach. And many DMS’s respond to this desire by mirroring it with topics such as “My Matters.”  While this can be useful in the context of an index-based search, ultimately it just builds old inefficiencies into a new system. Making optimum use of a document management system such as Worldox involves getting your head around using an index, not relying on paradigms you used before such a system existed.