Technology Practice Tips Podcasts

Practical law practice technology concepts in an accessible, conversational manner with Phil Brown and David Whelan

10 Serious E-mail Tips for Lawyers

 Permanent link
Here are ten - or maybe 11 - tips on how you can use e-mail more effectively in your law practice.  Have you listened to our other e-mailpodcasts ?  This one will take you further in, looking at disclaimers, auto-responders, and where your e-mail service is.
View Transcript

 

Speaker Key:    PB: Phil Brown, DW: David Whelan

 

PB:  Hi, it's Phil Brown and I'm here with David Whelan, and today we're going to talk about ten serious email tips.

 

DW: Serious, not jokey ones. We're not going to get into things like how to be appropriate on email and proper etiquette and things. We are going to talk about some things that you probably should be thinking about. The first one we are going to start off with is to get a professional email address. You do not want to have emails going out from your firm that are from "gmail.com", "yahoo.com", "bell" or "rogers.com". You want your email address to reflect your firm, and so it is a bit of branding, but it is also a bit of professionalism. So the basic way to do that is to buy a domain name, or register a domain name, and it would be something like "davidandphilslawfirm.com" and then you would use that with your email system. You may host your own email system, your own email server, or you can use a remote one, and you can use Google.

 

Google Apps for business will give you Google Mail and the web, but also use your domain name. Zoho (zoho.com) has a free email server for up to five users, so if you have a smaller solo practice you might be able to apply your domain name to that. That way, you have to run your own email servers, but you will at least look as though you are an actual business.

 

PB: And I was just going to say, with those domain names, you do not have to have a website behind it.

 

DW: Right.

 

PB: So you can have "david.com", but you do not have to have the "david.com" website. You can just use the domain for email.

 

DW: It gives people a bit of a sense that you are in it for the long haul, that you have made a commitment to your business.

 

PB: And the other thing I would say about that is, just from the fraud perspective, and this is just a small reminder, if you are getting an email from someone purporting to be retaining you from some large business, but their email domain is "yahoo.com", "gmail.com" or "hotmail.com", they are not really emailing you from that large business.

 

DW: That's a good tip.

 

PB: And it is just something to watch for. Our second tip, consider using email software.

 

DW: What email software do you use?

 

PB: I am not going to tell. I use about six different email software. I use Outlook mostly.

 

DW: And I guess we should probably distinguish for everybody what we mean by email software. Is that the same as logging on to Google Mail or something through your web browser?

 

PB: No. The web-based stuff is different and you are really, kind of, just borrowing time on a server somewhere else.

 

DW: Right. The most common software that you will find in law firms is Microsoft's Outlook. It used to be confused with Outlook Express but hopefully, if you have finally gotten off Windows XP, you have also gotten off Outlook Express. Windows 10 does come with a mail application - it is terrible - so you really should look at something like Outlook, which will cost you a bit of money, or you can look at some free email programs like Mozilla's Thunderbird, by the makers of Firefox. There is another good one called Inky, which requires an account with Inky, but it runs multiple email accounts all within one system. These tools come with additional productivity benefits, where you can start to really manage your folders and manage your files in different ways. Export your emails on your computer and also have some sense that if you want to, you can have all of your emails stored on your computer rather than sitting on a server somewhere else.

 

PB: And speaking of storing those emails, we get to tip number 3, which I suppose you could characterize as using your inbox as a file cabinet.

 

DW: Absolutely. Keep everything in your inbox. You know, when you hit 20,000 emails in your inbox then you know you have really been practicing for a long time. There are pros and cons and, in fact, there are a lot of cons to using your inbox for all of your emails but, in some cases, it can be done.

 

PB: And one of the reasons, I suppose, it could be done is because of the search tools that are available now, so that you can nuance them and find just about anything anywhere on your computer.

 

DW: Right. It really comes down to how you are going to manage it. If you are storing all of your emails in your inbox, and we are not kidding when we say we have heard of lawyers with more than 10,000 emails in an inbox. If you have not done anything to them and they are really just sitting there in the order that they came in, that is not an effective way to manage your information. But if you are in something like Google Mail, Thunderbird or Outlook, and you are applying labels so that you can sort and filter your emails, or do things that are "folder-ish", then that can actually be a pretty effective way to manage all of your emails. Otherwise you would need to be looking at doing searches that are specific, that will do the filtering for you, or use folders, the good old folders. Most email applications still support folders.

 

PB: And as I would say, from a practice management perspective and the best practices method, it is probably not a great idea to have your inbox filled with every email you have ever received because it is so easy, in that environment, to miss an email. And it might be an email that you should have dealt with, that was time-sensitive, and you skipped over it because you had another 30 emails to deal with, and when you go back it gets lost in the mix.

 

DW: It could be hard and, I guess, if you have something happen to you, it could be hard for people to come in and look at your inbox and figure out what is going on.

 

PB: Again, that is the other thing, I suppose, is if you have to go back and build a trail, or if there is some sort of a contingency plan that activates because you have been hit by a car, they may not be able to use that desktop search function that you have relied upon for all that time.

 

DW: Okay, tip number 4, we all love robots, so how much of my email can I automate?

 

PB: That is a good question, and it is probably a good idea to have an auto-response that says things like, "Thanks for your email, I have received it, I will respond to your email within 24 hours". It might not be such a good idea to have the auto address function enabled, so that as you start to type in an address to a client it automatically gets filled in.

 

DW: There are some really good productivity tools, and most email clients (whether you are on the web or you have software like Outlook on your computer), at any time you use automation you should really think about what they are doing. I think the one about notifying the clients makes so much sense it should almost be like a permanent "out of office", but you will not actually be out of the office permanently. Letting people know what the expectations are about communication are great, but so many people have gone awry when they have used other tools like the address functionality or other things that are auto-inserted or auto-addressed. You can even get into problems where emails come in that you auto-filter into a folder, and because they are not in your inbox you forget that they have come in and you do not go and check that folder. You could miss a deadline or something like that.

 

PB: Yes, the auto-address thing, for me, is something I turn off immediately because it is probably one of the biggest sources of sending emails off to people you never intended them to receive.

 

DW: This is an extra tip for the Outlook folks. There are two different types of auto-address features in Outlook. One is where it guesses and tries to put in the best one, based on your typing, and then there is another one where it will essentially ask you whether this is the right one. You will want to turn off the first and you can, potentially, keep the second, but you may want to think about not doing your addressing of emails until you have actually finished the email and so you can really concentrate on the name of the person who is going in that email.

 

PB: And I would say, for tip number 5, you should consider using encryption in your emails.

 

DW: Yes, that is a tricky one, isn't it, because when you are on the web, typically when you are communicating with the email site, like Google Mail, that traffic is encrypted, but when you send the email it is not encrypted after that, is it?

 

PB: No and one of the problems, I guess, that could come up quite frequently is that there has to be a key exchange with you and whoever you are sending that email with, so that they are able to decrypt on their end, and you will find some clients just do not want to deal with that. They do not want to take the time to secret squirrel your email when they receive it. But there are clients, on the other hand, who want to make sure everything is encrypted. Documents are encrypted and, of course, clients who will not even consider using email.

 

DW: Right. Is there a reason that you want to encrypt the everyday emails?

 

PB: I don't think so, but I think it is getting so much easier now, with emails. You used to have to cut and paste them and generate random numbers and letters, and now there are a number of different encrypted emails available. I just think that if you want to keep an eye on confidentiality, it is not a bad thing to consider. I am not suggesting it is mandatory, by any stretch, or that people should use it with all of their emails but keeping things with another layer of security is not a bad idea.

 

DW: Google is working on end-to-end encryption for its email and I think when it finalizes that and it comes out we will probably see encryption made available through lots of other clients who are trying to keep up with that.

 

PB: The use of web form emails as a point of first contact for clients.

 

DW: Yes, so imagine going to your law firm website and a client wants to reach out and talk to you, do you give them your email address or do you give them a form that they can fill out?

 

PB: The danger of having your email address on your website, for a first point of contact, is that people can send you all sorts of things and attachments and they can make attempts to create some sort of solicitor-client relationship by sending you confidential information and things like that. I think it is a good idea to have those web forms (e.g. give me your name, give me your address, or where I can contact you), but they cannot send any attachments.

 

DW: It is a good idea, too, when you think about our tip number 7, which is what happens when you get emails from people who you do not know or are not expecting to get emails from, that have things in them that you, perhaps, should not open or should not click on, and so we are talking about phishing.

 

PB: And you can receive an email from an address that you know, and it could be something simple like what looks like an email fax from that person, with their address attached, but when you scroll over that email, and I would suggest people scroll over every attachment before they open it, and be very careful and not open an attachment you were not expecting to receive, because it may end up putting something on your computer that later encrypts everything on your drive and, possibly, in the Cloud, and holds you hostage.

 

DW: Lawyers in particular, I think, need to be exceptionally wary of, pretty much, every email that comes in. Even if it does not look suspicious, even if it looks like it is coming from a person you know and it has a file that you were expecting, I think you should still be very wary. There was a lawyer in Pennsylvania who thought he had been emailed a voice message, by his voice message system, and when he double-clicked on it to listen to it, it did encrypt his entire computer. So when you are getting email attachments, download them and scan them before you open them. When you have links that are in the emails, do not just click on them. If someone is saying to reset a password or go somewhere, then open up your web browser and go there through the web browser, but not by clicking on the link.

 

PB: And I probably get three or four emails a week from organizations that I am supposedly banking with, that I am not, telling me I have to reset my password and I have to give them some personal information or I will lose my ability to use that account which, of course, I do not have in the first place.

 

DW: Yes, they are getting smarter and smarter.

 

PB: And let's talk about disclaimer. Should you be using a disclaimer?

 

DW: Disclaimers are funny because on the one hand, they make a lot of sense that you would want to have a disclaimer, particularly for issues related to privilege and things like that, and if you are in an area of law where there are regulatory requirements for you to have a disclaimer, obviously, you should have one. But for the most part, because of where they are placed in an email, they are pretty useless. And unless you have a particular need for them, I would not bother to put a disclaimer on your email. Similarly, here at the Law Society, we have disclaimers in both English and French, just because of the amount of text that it involves. If you are only emailing with a person who speaks English, you probably do not need to have your disclaimer in both languages. So it is really about keeping your email nice and clean, keeping out what does not need to be in there and thinking about just having the information that is really useful.

 

So instead of a disclaimer, think about having a really good signature block, where you have your contact information, including your email address, so that if the email, as it invariably is, is ever printed off, all of the information about how to contact you is included in that. It is not just a name, it is not just part of your contact information, it is all the stuff that someone would need to get in touch with you.

 

PB: Sure and I don't think you are going to find lawyers or paralegals getting away from those disclaimer block signatures at the bottom of an email. I think they are here to stay. I am not aware of all that much litigation over them, but I would also refer people to the Rules of Professional Conduct , which deal with things like inadvertent disclosure and the email that is mistakenly sent to you which contains, potentially, all sorts of privileged information.

 

DW: So, really, what we need is a disclaimer that comes at the beginning of the email, and that has a little "okay" button before you can actually read the email.

 

PB: And that might not be a bad idea in the future either. Return receipts and recalling messages.

 

DW: Return receipts and recalls are one of my favourite things, mostly because I block them. A return receipt is something that an email server will send. You set it up with your account, mostly with Outlook, but you can do it with others, so that if I send a message to Phil and Phil opens it, I get a message back that says that Phil has received my email. The problem with return receipts is that they can be blocked, and so having it turned on does not necessarily mean that you are going to get any information about the emails that were sent.

 

PB: And I think, with recalls. If you are not in the same email system that the other person is using, the fact that you are trying to recall it might not actually do any good. It is more important to think, "Do I really want to send that message?" before you send it.

 

DW: That's right. It is better to think about it in advance before you send that email. Google has a feature on Google Mail that does something like a five minute pause, so that after you hit send, it is still somewhere in the system so that you can get it back. But the reality is, once it is out of the barn door, it is gone. With return receipts too, from your own perspective, you are probably better off blocking them, because you do not want to be sending back information from people who are emailing you that maybe creates a paper trail that you do not want to create, about when emails are being accessed.

 

PB: And our tenth email tip, and I am going to add an 11, but at 10 I just want to say, once you send that email you have to be aware that you have lost control of that email.

 

DW: Right, so do not put anything in there that you do not want other people to see. Maybe, in some cases, you do not want to put in anything that could be confidential, because once it has gone to the other person, and hopefully it is to the right person, they can forward it, share it, and do other things with it that you may not want them to do.

 

PB: It might be published. It might be part of evidence later. It could be passed on to someone that has unintended consequences. Especially be careful if you are sending off an email to a list server or something like that, because you really have to consider that once you push the send button on an email, it might turn up on the front page of the Globe.

 

DW: Not a good place for your law firm to be.

 

PB: No.

 

DW: So what is #11?

 

PB: When using emails, if you are going to attach something to an email, do not ever attach just regular Word documents or anything like that in the email because not only does it contain a ton of metadata, the other problem is they can now take that document and add or subtract various things in that email and then publish it as if it were their own.

 

DW: Right. So formats, what are better formats?

 

PB: PDF being one of the big ones. Locked down and metadata removed so that it is essentially, just an image of something.

 

DW: Good tip.

 

PB: That's it for our ten serious email tips. Thanks, David.

 

DW: Thanks, Phil.

 

Technology Jargon: G through L

 Permanent link
We return to cover six more jargon topics - giga (as in gigabyte), Heartbleed, the Internet of Things, juice-jacking, kernel, and Linux - in our series of technology terms of art that lawyers may run into while practicing law.
View Transcript

 

Speaker Key:    PB: Phil Brown, DW: David Whelan

 

PB:  Hi, it is Phil Brown, and I am here with David Whelan. We are embarking on part two of our jargon podcast for 2015.

 

DW: Right. If you have not heard the first six letters of the alphabet, A through F, you will find them on our website. Let's start with G now, Phil. What have you got for G?

 

PB: G is for GIG (GB), or gigabyte, and one of the questions is how big a gigabyte is. It can be a billion bytes, but that still does not tell us much. I guess the big question is, how much information can you store in a gigabyte? It really depends on the kind of information you are storing and, for instance, different versions of Word. You can store a different number of documents. In the newest version of Word you can store about 7,000 Word files, and that is because there is quite a bit of compression that is done. Using the old "doc" version of Word, you would be able to store about 4,500 documents.

 

DW: Wow that is a huge difference.

 

PB: It is quite a difference, quite a bit of zipping going on in some of those files.

 

DW: So if I want to buy a new computer, how many GBs do I need in it?

 

PB: I think, now, a lot of the computers have gone from worrying about how much internal storage there is. They expect you to get some external storage, or to store most of your information in the Cloud. Of course, that has potential inherent risks, but I am not sure how much. I guess the amount is the amount that is going to allow you to run your operating system efficiently.

 

DW: It is probably one of those "more is better" things.

 

PB: More is always better. I guess not all memory is equal either, and some of it is going to be slower than other memory, in terms of storing and being able to access that memory later.

 

DW: Alright, what about H?

 

PB: H is for Heartbleed. Heartbleed is, sort of, a pesky little thing that has been around for quite a while, a couple of years. It is related to the Open SSL system, or secure socket layer system, and it is on about 70% of the internet. Open SSL, used with Apache servers, is really something that is used in just about everything, whether it is chat, instant message, email, or accessing web servers. The only way to guard against it is having the most up to date versions of open SSL running.

 

DW: Now, are most lawyers going to have SSL running on their computers?

 

PB: It is going to be running on most of the web that they are accessing, as opposed to their own computers, hopefully. Although, I suppose it could be running on their firm website servers.

 

DW: Right. I guess one thing they could do, if they have this Heartbleed vulnerability, is that they could test their SSL connections. But I guess they should also be aware of when they are connecting to a bank or something that uses SSL, they should know whether that one uses something that might have Heartbleed.

 

PB: Yes and then also, the banks running Windows XP and things like that. I is for the internet of things.

 

DW: Ooh, the internet of things, I love the internet of things.

 

PB: And the internet of things is going to play a bigger part in the next five to ten years, with some of the Bluetooth and Wi-Fi stuff that is out there, connecting your homes so you can initialize your coffee maker from work on your way home, or turn lights on and off and heat up and down and air-condition management, and a number of things like that. Of course, it potentially comes with a number of vulnerabilities, in terms of the security. A lot of these things really do not have the ability to update the security within them.

 

DW: Right and what I have heard is that a lot of these are coming with a version of Linux or a free operating system on them, because that makes the device cheaper to produce and distribute. But it makes it older software, in some cases or, as you say, software that cannot be updated. So you can potentially have a bunch of things for example, the latest one I have heard about is the toaster, an internet connected toaster. I do not know how that works if you are not there to put the bread in it though. You have all these devices that have passwords that you have to worry about, and connectivity issues that you are going to have to worry about.

 

PB: And I think one of these things is going to come back to managing your network. When you unwrap that network for the first time, make sure you change your administrative name and administrative passwords, and set your Mac permissions so that other devices cannot connect. Also keep an eye on your Wi-Fi and make sure it is updated often and that you have the most up to date security software that you can manage.

 

DW: Do you think internet of things is going to be more of an issue for lawyers in their firm or in their homes where they are doing work?

 

PB: I think it is more likely to be in their homes, especially where they are sharing networks and might have other less secure devices on that home network. Sort of a mishmash of bring your own device problems. So, your nanny cam, for instance, which might have been handed down from someone else, might not be very secure versus a newer version, or might be exposing a vulnerability to your home office computer, where you access your banking information.

 

DW: Sounds like a great time to go live in a cave.

 

PB: It is one of those things. Maybe you want to disconnect some of those devices that are great for convenience. Do you really need an internet enabled toaster or coffee maker in your home?

 

DW: I am thinking you do. What about J?

 

PB: J, juice jacking is just a term I am going to toss out. We have an entire podcast about it. It is really about when you go and see one of those kiosks where you can plug in your device to charge it while you are spending some spare time. Maybe you have noticed your phone is almost dead and you are running through the path or in a mall somewhere and you see one of these stands where you can just plug it in - it is brought to you by the local camera store or whoever. It may not be and you just have to be very wary that one of the things that you are potentially doing is exposing all of your information for download while you are plugging your device in to recharge.

 

DW: A USB port has four little pieces of metal inside, if you look inside. Two of those are for data and two of them are for power, so you should be aware that when you stick it in there, and you are getting the power over those two, you could also be receiving data over the other two.

 

PB: And then that is the other thing, you might be receiving a virus or something connected to a bot that is going to download your information later at some other time.

 

DW: But is it always safe to plug in as long as it is an actual plug and not a USB?

 

PB: As long as it is a plug that is physically located in the wall I suppose, but, again, there is also some potential vulnerabilities with power bars and things like that, which might not be what they seem.

 

DW: Yes, I love those. Okay, we were talking about the internet of things, devices that are hard to update. Why are they hard to update? I think that is our letter K.

 

PB: That is because of the kernel, which is not related to popcorn. It is really about the base level of your operating system. Operating systems are done in multi layers so that you have one layer that deals with your port connections, another layer that deals with how it handles visual objects, and another one that might deal with printer connections, and so on. The kernel is that base layer that, sort of, helps start up your computer and determines what memory is allocated to each little thing at that base layer. The more efficient the kernel is, the better your operating system is going to work.

 

DW: So Windows has a kernel and Mac OS has a kernel, and I guess that is why, with Linux, you have so many different types of Linux. They all share the Linux kernel, but then they have other stuff that is layered on top of it.

 

PB: Which brings us to -

 

DW: L.

 

PB: - L and Linux. Maybe you can tell us a little bit about Linux, because it is another operating system that is out there that is different. It is quite distinct from Mac OS and Windows.

 

DW: Linux is an operating system that was developed by a guy named, I think it is Linus, but it is definitely spelled L, I, N, U, S. Similar to the operating system, and the great idea behind that was, it was this open source operating system. Over the decades now, I guess, it has been out there, many people have adopted it, and it has become a core element of the web. It runs a lot of web servers that are out there. It runs a lot of application servers. It might even be running file servers in your law firm. The one place it has not gotten to is the desktop. So you probably have not seen it, but it has gotten a lot of press recently because it has some features that you may prefer over Windows 10, but it also has some of the same features that we are starting to see in Windows 10. It is interesting that this open source system, that has been out for so long, now has some traits that we are starting to see in the mainstream.

 

PB: And maybe another podcast will be devoted to talking about the differences between proprietary software and open source software, and advantages and disadvantages of each.

 

DW: Yes, I love Linux. I do not think it is for most lawyers, but it certainly is an option out there. I know that there are some diehards and, just like in the old WordPerfect days, they will have their Linux machines pulled from their cold dead hands.

 

PB: That is our look at letters 6 through 12 in the jargon podcast part two. Thanks a lot, David.

 

DW: Thanks, Phil.

 

Technology Jargon: A through F

 Permanent link
One obstacle to lawyers understanding technology is the jargon that invariably comes up when selecting hardware or software.  Phil and David take you through 6 jargon topics - API, bot, containers, DDoS, epub, and firewall - in the first of our jargon podcasts.
View Transcript

 

Speaker Key:    PB: Phil Brown, DW: David Whelan

 

PB:  Hi, it's Phil Brown, and I am here with David Whelan. Today we are going to do our jargon podcast for 2015.

 

DW: We thought we would take a look at the letters of the alphabet in particular because Google has just reorganized itself into The Alphabet Corporation. So, starting with A, we have the API, which is also the application programming interface, and you may have heard of APIs being tossed about and wondered what they are. There is some concern that the federal courts in the US do not really understand what they are either, because they called them software, and an API is not software. An API is a connector that allows different systems to communicate with each other. So what you might find is a company, like Dropbox, has an API, and then other developers can write software that talks to that API, to display files that are in your folders or to enable you to work on your Dropbox files without actually being in Dropbox, working through other things. It is an enabler between two different types of software systems.

 

PB: And you see APIs being bandied about when you go to a tech conference and you hang out with the vendors for a bit. Everyone is running around trying to figure out how they can get their software, in their packages, to run with someone else's, on their platform. So everyone is running around discussing API synergies and things like that when they are at these conferences.

 

DW: That's right. David Weinberger did a great book called Small Pieces Loosely Joined , and that is really where the API is. It allows you to make your program available to other things, to build it out, rather than building, as we did in the old days, monolithic programs that did everything all by themselves.

 

PB: And I suppose this is for another podcast topic, at some other time, but APIs could possibly create unique security situations as well.

 

DW: Right, absolutely.

 

PB: So B is for bot.

 

DW: B is for bot. Bots used to be nice warm fuzzy things, but bots increasingly come up in conversations about security and malware and computers that are infected. A bot is a computer that has been taken over by a remote system, and is then used for nefarious purpose, often an attack where the bot herder (as they are known) communicates to all of the bots in his herd or her herd, and tells them all to attack a particular website, or to send out a particular kind of message, or to do some sort of coordinated activity. So all the bots all respond at the same time.

 

PB: And bots are one of the reasons we have to type in all of that extra stuff when we are completing forms and trying to send it off. You will see that little photo of some letters, random letters and numbers that you have to fill in to show that you are a human and not a bot.

 

DW: Right. You want to make sure that the computers in your law firm are not part of a bot network, so make sure that you are running antivirus software and malware watching software, so that you can eliminate the ability for other people to plant software on your computer without you knowing about it.

 

PB: Right, containers.

 

DW: Yes. C is for containers, and containers are an obvious thing. If you do a Google search for a container you get a box, cardboard box, that sort of thing. This is a similar sort of thing, and it is going to become more and more popular, particularly in people who are dealing with vendors in the Cloud. You might go to a company and say that you want them to host your law firm technology in the Cloud, and how do you do that? They will say, "Well, we virtualize it", and, increasingly, the virtualization is something called containers. What happened in the bad old days of right now, is that you would virtualize a system and it would have an operating system like Windows, and it would have applications on top of that, and then your data would be on top of that, and for each customer, the Cloud provider would repeat the operating system and the applications over and over again across the entire system.

 

The thing with containers, and one of the leading types of container comes from a group called Docker, is that you do not have to have the operating system repeated over each virtualization anymore. In the future, if the Cloud providers use containers, there will be a single operating system across the entire platform, a single set of applications across the platform, and then the only enclosed area will be that container, which will have your stuff in it and separate from the container for, say, Phil's stuff.

 

PB: Right, D.

 

DW: D is for DDoS. You are all familiar with the old operating system DOS, MS-DOS. The DOS that we talk about these days is the denial of service, and then the more common one now is the DDoS, the distributed denial of service, and this comes into where those bots are. It is very easy to crash a website or to do an attack, by sending so many requests to it, that it can no longer respond to all the requests, and it stops doing so. That is what a denial of service is. It is the denial of the ability for that server to respond. The distributed denial service means that the attack is coming from many, thousands, in most cases, of computers at the same time, so that it is not only difficult for the server to respond, but it is difficult to figure out where the attack is coming from, and to then block it.

 

PB: And is there any way for the average small website owner to stop a denial of service attack?

 

DW: There is not. There are services you can use, like CloudFlare. Cloudflare.com has a free service, as well as a paid service, where they will intercept the DDoS attack and try to block it and filter it out, so that is one way you can do it. Most larger firms and larger corporations will have more than one connection to the internet, and so if a DDoS or a DOS attack happens on one set of addresses on the internet, it can turn those off and go to another one, so that it is still able to interact with and communicate with it, but otherwise you could see law firms going offline if their email servers or their web servers or other internet connections are being attacked.

 

PB: And you would have to have a somewhat sophisticated client who has you in their sites, to be a victim of this sort of thing. It is much more common for larger companies and they can have these, sort of, broad based attacks happening, and they can be shut down for a day, two days at a time.

 

DW: It is interesting, we may see that change. I think you are right that it is an individualized attack. They need to be aiming just for you, but we are seeing now that these bot herders are making themselves available so, for $20 or $30 and a credit card you can do a DDoS attack for an hour, and it has now become commoditized, like so many things are with technology.

 

PB: E.

 

DW: E is for EPUB. EPUB is a format that is common for eBooks. It is the most common eBook format, other than the Kindle format, which is proprietary to the Kindle platform. EPUB is interesting because it is one that you can actually open up and edit with a set of text tools that are available for free from groups like Sigil. The EPUB format is really nice. If you ever wanted to create an eBook, you could save it as an EPUB, but when people are talking about EPUB, they mean a particular type of format like Word documents and docx or doc in the old days. If they are talking about EPUBs, they are talking about eBooks.

 

PB: And a number of different readers can handle EPUB natively.

 

DW: Right. EPUB is probably the most common format, because you can read those on IOS devices, Apple devices, and Android devices. You can open them up on Windows and Mac computers and read them on your computer. It is great and they are often very flexible, and often come without DRM, the digital rights management.

 

PB: And our last letter for this podcast, F.

 

DW: F is a firewall. Firewalls are exactly what they sound like. In fact, if you come down to The Great Library, we have a physical firewall in the basement, which was meant to protect things from fire. It is a brick wall, and you can store things behind it. The firewalls that we have nowadays tend to be on our desktops and our hardware that we have attached to our networks. They are meant to prevent external people from getting in, who should not be, but also for your internal applications not to communicate outside of your firewall, without you knowing that they are doing it.

 

PB: And sometimes they are software firewalls, sometimes they are hardware firewalls which contain software, some of those security devices that are matched with routers and so on.

 

DW: Right. The Windows firewall comes with all the Windows operating systems and if you hit your Windows key and type "Windows firewall", it will pop up, and it will show you all of the rules that have been created, both the ones that block people from accessing, but also the ones that allow access. And particularly if you are on Windows 10, I would take a look at the rules that are allowing access because Microsoft has included a lot of new rules that allow all of its products to bypass the firewall and share information and things like that. You may want to disable them or delete them.

 

PB: And it is probably one of the most ignored security features for personal computers, the firewall. I mean, you can really tighten down the security on your computer so that things are not randomly sending cookies back and forth and checking out your computer and sniffing your ports and so on, and people just do not turn on those features.

 

DW: Right, you definitely want to try and have them. You can find firewalls for Android devices. I do not believe them for IOS, like iPhones and things but, in particular, if you have a home network where you are doing work or, for sure, at your firm, you should also use a hardware firewall that is at the connection between the internet and your firm network so that you are protecting not only on a machine-by-machine basis, but for every potential probe that comes in from the internet itself.

 

PB: Right. Thanks, David. That is the first six letters of our jargon podcast, thanks.

 

DW: Thanks, Phil.

 

Internet Service Providers

 Permanent link
Phil and David take a look at how lawyers connect to the internet.  What type of internet service provider do you use?  And what are some networking hardware and security topics you might need to know about?  We'll walk you through what a router is and why it's important in this podcast.
View Transcript

 

Speaker Key:    PB: Phil Brown, DW: David Whelan

 

PB:  Hi, it is Phil Brown and I'm here with David Whelan. Today we are going to talk about ISPs.

 

DW: ISPs are internet service providers. They are the people who sell you the access to the internet, that provide you with the technology that allows you to connect to your home and your law firm offices and other devices, to the internet.

 

PB: So not to prefer any particular companies, but we are talking about Rogers, Shaw, Bell, etc.

 

DW: Right. It is interesting, the types of technology that they use, and you will come across this, and I am not sure that we will ever get to the point where we can say one is better than another, but it used to be that you would get a connection called ISDN. If you wanted a nice dedicated line and dedicated throughput to the internet, but pretty much, these days, most law firms will be looking at either a cable connection or a DSL connection or, if you are big enough, what is known as a T1 or part of a T1. That is like a timeshare, a fractional T1, where you can have a certain amount of speed, but depending on what kind of wiring they are using, and what kind of system they are using, you are really talking about cable or DSL.

 

PB: Right. And we are not going to talk about dry loops and things like that, but there are lots of terminology out there, in terms of is "this a voice only line", "this is a voice and internet line", etc. But there are differences between DSL and cable. Some of them are shared in neighbourhood, and some of them are not. Your speeds can fluctuate, depending on what kind of line you are using, but let's talk about things like consumer versus business.

 

DW: Right. You will find, with most of the providers, that they will have business level speeds and services that are different from your home user. So you may have bought a package for your house and that works great for the films that you are streaming on Netflix or Show Me, and the files that your kids are downloading for their Xbox, but that may not be the sort of stability or speeds and bandwidth that you need to be providing for your law firm, especially if you are hosting your own email server inside the firm, or your own web server. All of those create traffic and you need to be thinking about paying for the additional overhead that all those things provide.

 

PB: That's right. Speaking of overhead, business prices tend to be quite a bit more than consumer prices and consumer systems, but you would definitely need a business enterprise system for a large office.

 

DW: Right, so shop around. I think you will find both from the cable providers and the DSL providers, and the real difference between those is that the cable system tends to be a shared system and the DSL is a line directly from your office or your home to the Telco, so it is a slightly different type of carrier but, at the end of the day, you will be able to get the same types of speeds, both upload and download speeds, and they are different, but can you say a word about how they are different?

 

PB: In terms of the speeds? Upload speed is typically much slower than download speed. A lot of the companies range (and you will get a range when you start shopping for packages) from 1 megabyte upload versus 10 or 20 megabytes download, and I am not sure why they make those distinctions, but they benchmark them and tell you if you pay $100 a month, this is what the minimums you can expect are. You really have to determine what it is you are doing. Are you uploading a lot of information, a lot of large files, or are you more likely to be downloading those files? You can shop around for an appropriate speed. The other thing is that some of them now have limited bandwidth, and you may be limited to a certain price, where you can only download 100 or 200 megabytes or 300 megabytes. You will see this with phone data plans, but now you will see it also with other packages. You might have a gigabyte of download available a month, and then you are going to start paying, on top of that, for every megabyte you use after that.

 

DW: It is something to be aware of. I think we are more aware of it with our phones than we are with our computers, but as these sorts of caps come into play, it may impact what you do and, certainly, there have been complaints already, for Windows 10 users, where Windows 10 is now doing automatic mandatory updates of its system, that you may have gigabyte downloads coming to all of your computers in your firm, coming over your internet connection, and then eating up some of that data cap. One of the things to look for is that some of the internet providers will have times of day, particularly between 2 a.m. and 6 a.m., where they may give you free access or free transmission times, so that if you have large downloads you can schedule them for that time of day to either upload or to download.

 

PB: That strikes me as the sort of thing where you will be populating those offices with students, to make sure that there is someone there at four in the morning to do those big uploads and downloads.

 

DW: That's right. I wanted to mention something called power line networking as well. This is sort of, an add-on. Once you have your ISP, you are connected to the internet, but then how do the devices in your office connect to the router or the modem that connects you to the internet? In many cases you will have category 5 network cable in the walls that allows you to just plug in and go. You may have wireless as well, but if you do not have one of those two, or you have computers that are in awkward places, you can use something called power line networking, to connect over the electrical wiring of your house or your office, so particularly in older buildings or in houses that where you might want to work in your basement but it has either bad wireless connectivity or no network wiring. You buy these power line adaptors. One goes next to the modem, to the internet, and one goes in the power outlet, and you just plug into that and you can get networking anywhere in your building.

 

PB: And this sounds very voodoo, are these things expensive?

 

DW: They are not expensive. You are probably looking at $30 to $40 per plug-in adapter, and many of them will have more than one plug, so you could run more than one computer off of it.

 

PB: And maybe we could just say a word or two about redundant connections and how many lines you need and things like that?

 

DW: Right. The issue of redundancy comes up. Some people believe that you should have redundant internet connections, just like you do backups and other things in your environment. That can become expensive unless you have a really good need for it, if you have problems of, for example, being attacked. If you are attacked on one of your internet addresses, if you have a redundant one you can quickly flip your firm over to the redundant one. In most cases it is not going to make sense for the solo or small firm lawyer who is out there to have more than one internet connection. It really is not going to be cost-effective to do that.

 

PB: Security with ISPs, is it something the average user needs to be concerned about?

 

DW: The ISP is really just providing you the connection to the internet, so you should be aware that they are probably not doing anything to protect you in particular, as far as people trying to get to your email server or your web server in your office. They are doing some things though. They are able to block attacks going out or coming into their network, and they may be also monitoring some of the traffic that you send out, if it is potentially going to a source of malware and things like that.

 

PB: And some ISPs offer additional services like email addresses and some of them offer free antivirus software and things like that, to use within your environment. That is something that you should be aware of, is if they are providing you with ten free email addresses on their servers, on their domain, that is information that might later be handed over to a lawful authority who is making a request.

 

DW: Yes and since it is an ISP-based email, it can be very useful. It is great for home users, but for a business user, you probably want to think about getting an email system that is intended for business users.

 

PB: And that is one of the things you need to look at in the beginning when you pick your ISP. What are your business needs now and what are your business needs going to be in five years? You have to figure out what it is they are selling you, and you have to ask questions.

 

DW: Exactly. You made a good point before we started, which is that a lot of the ISPs are actually piggybacking on other ISPs, so while I use TekSavvy myself, for DSL at home, it is actually on top of the Bell network, and so I could potentially get DSL from Bell just the same. I think you really need to shop around and see which providers will give you the speeds at the costs that you are willing to pay, and if you have done that assessment of what your business needs are, you will be better prepared when you are sitting down and trying to compare the packages that are all very similar.

 

PB: And I would say that if you are looking at home systems and things like a home business system, speak to your neighbours. Find out what they are using and what kind of reliable speeds they have, because I know, from my personal experience, a few different times that I have had packages sold to me, but the infrastructure would not support the speeds they were promising.

 

DW: And many of the ISPs will rent to you or sell you hardware, the modem and the router and other things for your network. You should cost check those against Best Buy and other technological things, because you can often get that same hardware on your own without renting it, for much less than you would pay over the life of the rental.

 

PB: You are going to be looking at user agreements and things like that, and I would say it is important that you read those over the same as you would any banking agreement and things like that, because there are various responsibilities and liability issues when they lose all of your information, or you drop a connection for weeks at a time, and you want to make sure you know who is liable for what.

 

DW: Right. ISPs are a little bit of a boring topic, but they are key and particularly as the legal profession relies so heavily on the internet, for communication and other things, you want to make a good choice

 

PB: Right. It is getting bigger and bigger. I mean, whole firms are moving to the Cloud and storing information in the Cloud and being reliant upon the ability to access that information at any time.

 

DW: And the daily show too.

 

PB: And the daily show as well. That's our look at ISPs. Thanks, David.

 

DW: Thanks, Phil.

 

Voice Recognition

 Permanent link
Lawyers using voice recognition can find a new way to productively create and edit documents, send messages, and more.  How do voice tools like Apple's Siri and Nuance's Dragon Dictate fit into a law practice?  Phil and David discuss voice recognition and provide tips on making it work for you.
View Transcript

Speaker Key:    PB: Phil Brown, DW: David Whelan

PB:  Hi, it's Phil Brown and I'm here with David Whelan. Today we're going to talk about voice recognition.

DW: Voice recognition has been a little bit of a holy grail, I think, for lawyers, because it offers an opportunity for them to use one of their primary tools, their voice, to record information more quickly than they can type or write it. But voice recognition has had a mixed past and I think the best news is that it is getting better and better, and almost to the point of magic it seems when you use certain devices.

PB: It is not your grandpa's voice recognition.

DW: For sure.

PB: Back in the old days, you downloaded a very large package of software onto your desktop and spent hours training that software to recognize the various nuances of your voice, and there were certain words it was never able to recognize.

DW: It was particularly difficult, I think, because it meant that you were recording it in a particular way. I did a demonstration of it after having trained it my voice, but I was a little stressed out during the presentation, so my voice actually went up and all the training was no longer any good because it had been trained for a slightly lower toned voice. And so, it was very, very finicky. But now when you open up your phone or your desktop device, as long as you have the software on there, it's really remarkable how close the technology has come to matching most of the words that we use.

PB: Since you mentioned phones, let's talk a bit about Siri, which might be what a lot of people are familiar with. Is that true voice recognition?

DW: Oh, for sure, it's definitely voice recognition and Android has some add-on apps that do a similar sort of thing. But I think it's not the voice recognition that most lawyers would think of. Siri and other voice apps tend to be good at giving you directions or responding to a particular query because that query has gone into a very large database of other people who have asked the same information or asked for the same kind of detail.

PB: And, as we found out recently, people are listening to the recordings of your voice that are made when you talk to Siri.

DW: Right, that's kind of creepy.

PB: So there's no real confidentiality there and you wouldn't necessarily want to be using Siri for anything sensitive.

DW: We have talked about it on another podcast, but there was a recent case with a television company where the television was able to pick up your voice command so that it would change channels and do other things, but all of that information was also being sent off to a third party voice recognition service. So there are these large databases now being put together, obviously to help the people who are using voice recognition so that it becomes better for all of us, but it does mean that the things that you are saying into microphones may not only be recorded by you, but being stored elsewhere.

PB: Right, so there are a couple of big players and bigger software out there, and I'm sure a lot of people have heard of Dragon Dictates, and it's available for a number of different professions. They have special packages for doctors and lawyers and so on. It has come a long way since they started.

DW: It's incredible. Nuance is really a juggernaut when it comes to voice recognition and they have absorbed a lot of the smaller players, I think, along the way and it's a very, very strong tool. Even just right out of the box, you can start to have your words translated right onto your screen, but I think that the key item, if you can find it with voice recognition and, of course, Dragon Dictates has it, is this legal dictionary, because we have lots of terms of art that don't appear properly unless you've trained your package to do that. I found this with my daughter. Her name comes out as Chilean when you record it and so, even though it is a common name, it is not in the database, and so, when you think about Latin terms and other terms of art you might have in your practice area, having those built into a dictionary where it's already available will just mean that you're up and running faster when you get started and you won't have to trip and watch as you're transcribing your voice.

PB: And it can be a very useful tool for Smart phones. I have a free version of Dragon Dictates for my iPhone and you can dictate a large amount of text and then decide which platform you want to send it out on, whether it is an email, an SMS, a text, or any different way you want to send it - you just select after you've made the recording.

DW: It's remarkable how accurate it is. I've been really impressed. Even Windows has some accessibility options, which are really not intended for the general user, but the speech recognition in Windows is very, very strong. It takes a very small amount of training and you can be up and running, again, doing basic things. One of the key things to remember with voice recognition, whether it's on your desktop or on your phone, is that you always get a word and so if you're speaking into it, it never stops and asks, "Did you mean this word or that word?", instead it interprets it as "It sounded like you said X, so I'm going to put X in there." And so you really need to go back and read what you have transcribed or recorded because it may not include the words you expected. It's a little bit like your keyboard on your phone and sometimes we get words that we don't intend.

PB: No, for sure, there has to be, if this is going to be used to document, a lot of proof-reading and it's probably a good idea to have, if you're not a particularly good proof-reader, a second set of eyes go over it to make sure you're not sending something out that had a particular value in it and it goes out under a completely different number.

DW: Yes, that million dollar contract going out as a ten dollar one would be a problem.

PB: I'm sure, and so using it for things like a settlement and things like that, I mean, no matter how many times you've done it, I think you want to carefully read it a few times to make sure that things have gone well.

DW: What you'll find with some of the paid voice recognition packages too is that you can use a digital recorder, so, say you're driving up to see a client or off to court and you're recording on your digital recorder for a different matter or whatever, you can then upload that sound file later when you get back to your office and it will go through the recognition process from that digital file. You don't actually have to be sitting in front of the computer all the time or you can send that file to someone else who can then do the recognition for you, so it doesn't necessarily have to be something that you have to do yourself and to tie yourself to new technology. You can use the tools that you're comfortable with and then just have that digital file turned into the document that you're trying to create.

PB: Sure, and you can make notes using these various voice recognition applications, to make notes for yourself, and send yourself emails. You can get a lot of work done while you're driving, for instance, if you're dictating things to yourself that become emails later or documents later. You can certainly dictate a bunch of them in one file and then split them up and send them out as a number of different emails if you wanted to, so you're not messing with it while you're in your car.

DW: Keep in mind that if you're dictating on the road or outside your office, that your voice may carry and so it's even more so than with conversations. You may be getting the benefit of voice recognition, but if other people recognize your voice as well and what you're talking about, that could lead to some uncomfortable consequences.

PB: Sure, it's not the sort of thing you want to do in a public place and, I suppose, the other thing that tends to play into voice recognition is background noise.

DW: Yes, a coffee shop for example, not only is it not a good place to dictate loudly, but the clanking of plates and other things can definitely distract the technology.

PB: Sure, so have a look at voice recognition. There are a number of options out there and it might be a time-saver for your practice.

DW: Thanks, Phil.

PB: Thanks, David.

Cloud Location

 Permanent link
You're a lawyer with obligations to protect your client's data and you're putting it in the cloud.  Do you know where your cloud servers are located?  This podcast will talk about some of the issues lawyers might face in knowing where their client confidential information is, and some things, like pre-encryption, they can do to further protect law practice information in the cloud.
View Transcript

Speaker Key:    PB: Phil Brown, DW: David Whelan

PB:  Hi, it's Phil Brown. I'm here with David Whelan and today we are going to talk about Cloud location.

DW: Location, location, location. We all know how important that is, but you may not think about it when you go to your Google website and log into your apps, or check your email, or when you go to your Microsoft One drive and upload or download a file. You may not think about where that Cloud actually is.

PB: It is not that easy, necessarily, to find out where that Cloud is. When we talk about the Cloud, we are talking about where those massive servers are kept by those thirds parties that are holding your information.

DW: The Cloud is a set of different layers and the layer that most of us interact with is called the software as a service layer, SAS, and so, in some cases, when you are dealing with Google or Microsoft or a really big company, you may be dealing with the company both at the software level and also at the platform level or the infrastructure level, which is the physical piece of the whole Cloud. If you are dealing with other smaller companies, you may actually only be dealing with the software piece of it, and so you may be dealing with, say, a Canadian company that has a software product in the Cloud who is using an Amazon or Windows as your Cloud platform that is based somewhere entirely differently in the east coast or west coast of the US or an entirely different continent.

PB: And they are often redundant as well. There may be an east coast and a west coast, and then maybe it is a server farm in Texas as well.

DW: That is a good sign, actually, because then if one of those goes down, your practice does not go down with it. But, yes, you really have no sense of knowing where those are and you can contact your vendor, Google or Microsoft, or certainly the smaller companies may be more amenable to telling you where their data centers are and how redundant they are, but it can be very tricky to know for sure. And the bigger the company, the more likely they are to say that they are really not going to disclose where their data centers are for the security of everybody.

PB: And even a company like Cleo, for instance, which does practice management software, they deal with a third party themselves: Amazon. So, somewhere there is an Amazon with Cleo information which, of course, is your information and it could be anywhere.

DW: We have sort of gotten past the point where lawyers in Canada are worried about the USA Patriot Act . They still may be worried about USA servers, US based servers, but it is not so much the Patriot Act that is the bug-a-boo. So, how much do you need to worry about where your Canadian client documents, the Canadian client confidential information, is being stored and what can you do about it?

PB: That is a good question and I think part of that goes back to your terms of use and knowing where your information is going to be stored. Some of it has to do with encryption, both on the way to your service provider and later on when it is stored.

DW: That is a good example, really, of two of the issues that you have. There are some faculty at the University of Windsor who have done a regular review of the terms of transmission that internet service providers in Canada have. You may have gone to the effort of finding a Canadian-based Cloud computing company, so that all of your information is being stored in Canada, but you may find that the transmission of your data is actually traversing into the United States and then back into Canada because most of the ISPs, internet service providers, in Canada do that. Most of them send your information across the border, even if you are going to a Canadian server.

PB: Sure, and I know I have exchanged information with the Law Society servers before and I live a few miles away or a few kilometers away, and I can track my information and know it has travelled through the US and other countries before it gets to the destination three kilometers away.

DW: It is one of the reasons you have to be really certain that you are sending your information in an encrypted format and having it stored in an encrypted format. It does not mean you actually have to apply encryption yourself, but you need to be using a web-browser and a secure connection and making sure that your Cloud provider is also secure. It does not get you away from the issue of where the location is, but at least the transmission then is being protected.

PB: And there has been some litigation already about Cloud locations.

DW: Yes, one of the interesting things that has come up, and it is interesting from a Canadian perspective, because the case does not involve Canada or the US directly. Microsoft was asked to divulge some emails of an Outlook or Hotmail user, but the user was based on Microsoft's servers in Ireland, and so Microsoft told the US government that it was not going to disclose it. You can follow the case, it is in New York and I think the latest briefs and things were filed at the Second Court of Appeals or Court of Appeals for the Second Circuit for the Federal level. But you will find that the EU data protection laws have essentially, Microsoft saying, they trump the ability of the American government to reach out to Ireland and pull that document out.

So, I think one of the interesting things is, in the past we have had the discussion with lawyers: do you place your content only in Canada or can you place it in the US or other places? And really, the other places option is becoming a viable alternative. You might find that putting your client confidential information in an EU data centre, Ireland or wherever, could be a better alternative than putting it onto an American server, and you could still use something like Microsoft's Windows or Amazon web services and the company that uses that, but use the data center in those locations. When you sign up for Office 365 from Microsoft, you can choose which data center you want too, so the location stops being a binary one of, "Do I put it in Canada or do I put it in the US?" You really can start to choose a little bit more because we are seeing more technology for lawyers being available in different jurisdictions with, in some cases, better laws.

PB:  And, you know, people get a little fussed about information being in the Cloud and that sort of seeming lack of control over that information because it is in someone else's hands, but, of course, if it is supposed to be encrypted and it is encrypted from your point to their point, it should be somewhat safe.

DW: It should be and if you are really worried, you can always do the pre-encryption to encrypted getting up. That can be a hassle when you are trying to interact with it, but again, it really is a matter of what your clients are comfortable with and what you are comfortable with. I know that I have heard from one law firm here in Ontario that said that they had a client who said if you have my data, it has to be on a server that is physically located in Canada. You will have some clients or maybe some practice areas where that becomes a mandatory step, but I think the interesting thing is that the location option, you should know where your files are as much as possible and I think that is something that is one of those easy questions to ask and hopefully is an easy one to get an answer for, at least down to the continent. But, with companies like Open Text opening a data centre in Australia, and Microsoft having data centres in the EU, I think there really are other options that you can think about where you might find better protection than just leaving it in Canada or just leaving it in the US.

PB: Sure, and there are other options as well. I mean, you mentioned pre-encryption, which would be encrypting the information yourself at your desktop or mobile device before you upload it into the Cloud, so it is encrypted by you. Then it travels through an encrypted path to get to their server and then is encrypted there as well, so it is almost a double, if not triple, protection and, I suppose, one wonders is encryption safe or do the various governments have all the keys to all the encryption and some people would say yes, they do. But at least you are making the efforts to store that data safely and you have taken steps along the way to protect your clients.

DW: Right. I was at a Montana bar session and a fellow said, "But can you protect me from the NSA?" and this was before Snowden had brought it up, and I was, like, "Well, you know what, I'm not sure that being able to outdo the NSA is really your professional obligation. You may still want to do that, but I think it's different from your professional obligation."

PB: And we did talk about this in another podcast on retainer letters. It is probably not a bad idea to discuss with your client where you are going to store their confidential information because you probably will get clients who want to opt out of storing their confidential information in the USA, perhaps, if they have business interests there or maybe in the EU because they have some issues there.

DW: If you are able to get information from your vendor about the standards that it has for security for encryption and for the location of your data, that can be really useful information to share right up front with your clients or at least have, if the question comes up later on.

PB: Absolutely, and let your clients know what steps you take to store their information, if they are interested, and what it is going to cost them to recover that information at some point if that is necessary.

DW: So, now you know all you need to know about Cloud locations.

PB: And at least that's part one. Thank you, David.

DW: Thanks, Phil.