Email Best Practices (and Self-Defense)

It never ceases to amaze me how careless people are with email.  I recently got an email from my financial advisor’s office which had been sent to a number of their clients. The mailing list was put in the CC: box not the BCC: (that’s BLIND carbon copy) box, so that I saw the entire list. I assume that all those other people were as unhappy that I had their information and email address as I was that they had mine.

In a similar vein, when we sold my mother’s house recently, at one point, the buyer’s agent forwarded us an email that had a long chain of back and forth emails between the buyer’s agent and the buyer. As it happened, there was nothing too earthshattering except the indication that the buyer wasn’t all that interested in getting further concessions. When you forward (or reply) to an email that has a long chain of exchanges in it, it is a good practice to scroll down and delete all those superfluous exchanges.

Then of course there is the old standby for disaster - Reply to All.  Use with extreme care.

Privacy? What Privacy?

When Phil Zimmerman first released PGP (“Pretty Good Privacy”) in 1991, he was harassed by the U.S. Government for several years, which threatened to sue him under the Espionage Act, more or less on the grounds that keeping secrets from the government could be beneficial to “the enemy” (whoever that happened to be at the time).

Government attacks on privacy were of course massively expanded after 9/11, and the Obama administration has expanded them even further. In April, the House of Representatives passed a Cyber Intelligence Sharing and Protection Act (CISPA). The Act provides legal authority for the National Security Agency and Department of Defense to obtain detailed and sensitive personal information over the Internet without first obtaining a search warrant. It also provides immunity to companies that convey such information to the Feds.

This dramatically expands the “warrentless wiretaps” already in place. In fact, the phone and cable companies have been turning a nice little profit selling kits to police agencies to make it easier for them to tap into people’s communications, web browsing habits, etc.

That this has not led to more significant objections is in part due to the “Facebook culture” which seems to be dominated by people who never had a thought they didn’t express and who don’t mind having their intimate details available to the whole world. Sexting writ large.

An additional factor is that functions of the Internet that make it easier to use (tracking, cookies, etc.) also enable the Googles of the world to track all the places you go and things you see. You can have a greater degree of privacy (anonymous web browsing, entering all your passwords every time you access a program) at the cost of greater inconvenience. That’s a tradeoff most people (myself included) are not willing to make.

If George Orwell’s Big Brother were watching, he would be on the short end of a sibling rivalry. A psychiatrist friend of mine used to tell me that his favorite patients were the paranoid ones because “they have a good grasp of reality – they think the Government is out to get them.”

Cloud Storage Is Not the Same as Backup

As cloud storage becomes more popular, I see many people referring to it as “backup” (including cloud vendors). This is somewhat misleading.

Cloud storage backs up files (which is better than nothing), it does not back up your computer. It does not back up any programs you use, configuration, etc., not to mention the basic operating system.

So when your computer dies (which it will, although if you regularly schedule upgrades at about 3-year intervals, you might get lucky), you have to set up a new computer and reinstall all your programs before you can get at your file. True, in a pinch you might be able to access them from a different computer, but you are still looking at a significant amount of work to set up a new computer.

A full system backup, on the other hand, lets you restore your entire system in an hour or two. 

I am in the process of replacing all my Windows XP machines with Windows 7, and it takes me about 2 days work to re-install and re-configure a PC. (Yes, I know there are programs that simplify the task, but I prefer doing a fresh install, eliminating old or unused version, or taking the opportunity to upgrade some software).

So in addition to cloud storage, I would strongly recommend an actual backup program such as Acronis.

Scanning and Worldox

Scanning documents to a document management system (“DMS”) such as Worldox has traditionally been a two-step process: first the user scans the document either to a network directory or as an email attachment to themselves. Then they move the document to the DMS. Most major scanner makers offer modules that integrate with Worldox and other DMS’s but they tend to be on the expensive side.

A second major issue with scanning is the time it takes to OCR PDFs so that they are text-searchable. Without this, they are just “electronic xeroxes” and much less useful. This is the most time-consuming part of scanning: figure 2-3 seconds per page for Optical Character Recognition, so that a hundred-page document will take 3-4 minutes to OCR (during which time the computer or scanner cannot do anything else). 

I have recently increasingly been recommending a program by Trumpet Inc. called Symphony which works directly with Worldox. The OCR part, Symphony OCR, works in the background (usually on the Worldox Indexer) to identify and OCR documents that have already been scanned but not OCR’d. The program runs faster or slower depending on how hard the indexer is otherwise working.

A second part of Symphony, called Profiler, is best used by firms that have a dedicated file-room type person who does scanning. This lets the end user (who knows the files and clients) make a Worldox “reservation.” They put the reservation cover sheet on top of the documents to be scanned and the file-room person simply runs them through the scanner. You can also batch documents so that several jobs are run through at the same time. Symphony separates out the scans, and based on the information in the reservation, puts them directly into Worldox. One stop, no time wasted on a second step or on OCRing.

A major test of this system was provided recently by a client who wanted to scan all their old files and to do so by sending the files to a service bureau. The client’s staff made the Worldox reservations and then sent the boxes (totaling on the order of 50,000 pages) to the service bureau. When the CDs came back, they simply copied the files to the appropriate Symphony directory and the program started churning away. Over a weekend (when firm activity was otherwise light), the program OCR’d and catalogued in Worldox over 30,000 pages. Pretty slick. And the amount of time saved adds up rapidly. For OCR’ing 100,000 pages, the firm would save on the order of 65 hours of time otherwise spent on waiting for OCRs to complete. For firms that want to do a lot of scanning, this is becoming a no-brainer.

The Thin Line Between Security and Stupidity

I recently decided to bite the bullet and upgrade my system to Windows 7, including replacing my peer to peer network with a real server. That way, I’ll be all set for several years and can avoid Windows 8 which promises to be more or less a disaster for people like me who work primarily at desktops or laptops (as opposed to smart phones or iPads). The most recent news being that Windows 8 will not play DVD movies without an extra expense. Also in line with the principle of avoiding every other release of Windows.

The first issue that comes up with Windows 7 is security. The general principle behind all security issues is the more secure you make a system the more of a pain it is to use. This is compounded by Microsoft’s drive to make it easier to do simple and easy things with its programs, resulting in making it more difficult to do complex things with them (look at Word 2010). Passwords are the tried and true case in point: it could be argued that a firm where all users have the identical password of “Password123" don’t really have passwords at all, although they are certainly easy to use. So requiring real passwords provides actual security despite the “inconvenience.” On the other hand, IT types who create “strong” passwords that are so complex people write them down on a piece of paper and tape it to their monitors are equally worthless (I once had a client where one user had no less than 8 passwords taped to his monitor).

The first thing I did was to disable the User Account Controls. If you never make any changes to your system, this is not annoying. But if you are frequently changing things (as I am, as a consultant), it is very annoying and can interfere with installing some programs. Get rid of it (most consultants I know disable UAC).

The second annoyance was: I create a shortcut on the desktop. Every single time I run the program it asks me if I want to run it. Yes, I want to run it, why do you think I created the shortcut?  There is supposed to be a way around this using the Policy feature, but I could never figure out how to make it work (harder to do complex things).

Some directories are not available, even if you are logged in with admin rights. What sense does that make?  A partial workaround is to right-click on any shortcut and select “run as administrator.” For example, I had to set up an IIS server and was bedeviled with repeated claims that I lacked rights, even though I was the server administrator. The whole thing was a nightmare and took over an hour when it should have taken about 15 minutes.

The Microsoft mantra sometimes seems to be: “You want secure, OK, we’ll give you secure. And then you’ll be sorry.” My wife just got a new laptop with Windows 7.  Her reaction: “Why can’t I get XP. This is so HARD.”

Lastly, any discussion of security inevitably comes around to computer “security” on airlines. The TSA requires putting laptops through separately when you pass security, but not iPads, smartphones, tablets, etc.  What sense does that make?  A recent article in the New York Times seems to hit the nail on the head. The author quoted a security expert who has worked with the Department of Homeland Security: “He said that the laptop rule is about appearances, giving people a sense that something is being done to protect them. “Security theater” he called it.” This is reinforced by recent reports that airlines are trying to get permission for pilots to use iPads instead of physical documentation in the cockpit. So iPads will be safe for Pilots to use but not safe for passengers?

Macs and Worldox

Potential clients occasionally want to know if Worldox supports Macs. The short answer is: no.  The longer answer is that there are a variety of ways in which this can be done, some of which can be a bit pricy.

The first option is to use Parallels or Boot Camp for the Mac, which lets you run Windows on top of the Mac.  You would then use that Windows to access the server and Worldox. People who have tried this report that you can sometimes have timeout issues. And of course there is the issue of why would you want a Mac if one of your main functions is to use it to run Windows.

A second option is to use Worldox Web/Mobile, and use the Mac to access Worldox through the Internet. This will work, but involves an download/edit/upload scenario. So this would not be appropriate heavy use.  The Web/Mobile client also allows for access via an iPad. Again, this can be very useful but is not designed for heavy duty use. One of my clients who is doing this tells me that it can be fairly slow and it is frequently preferable to download files to a hard drive the iPad has access to and work from there.

A third option is to set up a Citrix-based terminal server. Microsoft makes an RDP client for the Mac that allows it to access your Citrix box. From there, you would access Worldox normally. This will work the best of all the solutions outlined above, but of course involves the additional expense of setting up a Citrix server.

The more general question for legal specific products is “will there be a Mac version for...” I think the answer to this is generally “no.” There are two reasons for this: First, smaller independent firms (like Amicus, Tabs or Worldox) do not have the resources to develop a Mac version, even if they wanted to. The behemoths (Lexis, Westlaw) would not find a profit in it and thus have little interest. The second reason is the growth of Cloud products. Mac support in the future will, I think, go through the cloud products, not through workstation-based software.

Digital Assets

In my parent’s time, you put all your important papers in a bank safety deposit box and made sure somebody had the key and authorization. In a digital age, that just doesn’t cut it any more. 

A typical user will have multiple digital accounts, passwords, etc.  So just as it is imperative to leave a health care directive for use in the event you are incapacitated, a “digital will” can be critical.

Sharon Nelson provided an extremely useful outline of what digital provisions might look like in her blog Ride the Lightning. In addition, if you have a list of passwords somewhere (make sure they stay current) or a master password program, make sure your executors know where they are.

Google and Cloud Storage

There has been a bit of an uproar over Google’s Terms of Service associated with its entry into the Cloud Storage field.  Sharon Nelson argues that this is exaggerated in her blog Ride the Lightning. 

Be that as it may, it is a good thing that people are paying more attention to terms of service and the details of what is secure and what isn’t in the Cloud.

A useful summary of competing options is contained in an article by Chris Preimesberger on eweek. Most of them have free options, and cost around $5-10 per month for 50-100 GB of storage.