With the partial government shutdown approaching one month, Marlene and Greg attempt to make some sense of what this means for those of us who rely upon the information produced by the US Government. On this episode, we have an extended talk with Emily Feltren, Director of Government Relations at the American Association of Law Libraries (AALL) to uncover what’s working and what’s shutdown. While the federal courts are still functioning, they are running on borrowed time, and are scheduled to run out of funds on January 25th. The Pew Research Center has listed a number of data sources which are not being updated during the shutdown. The OMB also has a list of agency shuddered at this time, and assume that the libraries are also closed. If you’re hoping to submit a Freedom of Information Act (FOIA) request… good luck. Agencies my accept them, but they may not have anyone to process them. Basically, it’s a cluster-fudge right now in D.C.

Joel Lytle, Director of Information Security at Jackson Walker, talks with Greg about the issue of .gov sites which are unable to renew their security certificates during the shutdown. It may not be all that bad… for now. However, there are already reports that the shutdown of sites like donotcall.gov and identitytheft.gov are already having some effects on consumers.

Joel’s advice… trust but verify. If you have questions about the website, call your technology security team and have them take a look at it. This is their area of expertise, so reach out to them.

Apple Podcasts LogoApple PodcastsOvercast LogoOvercastSpotify LogoSpotify

Information Inspirations:

The law library world lost a legend this month with the passing of Eileen Searls. In addition to being an influencer in the law library world, she is also the aunt of Eve Searls, who along with Jerry David DiCicca, performs the music you hear on The Geek In Review. Continue Reading Episode 24: What Does the Federal Government Shutdown Mean for Legal Information?

A look at Amazon’s voice-activated reporting capabilities by @Lihsa

Today I listened to a webex on how to set up Amazon’s Alexa with key analytics applications to deliver voice-activated reporting.

Alexa, can you hear me now? Invoking Amazon's Alexa Skill Interface for custom reports by Lihsa

Now it was super nerdy and I don’t even pretend to understand all of the programming involved that will let you ask Alexa, “How many Huey, Dewey and Louie Law Firm budgets were created today?” Or “Alexa, how many people are looking at my Huey, Dewey and Louie Law Firm  web site right now?”

It is something to do with designing a custom Alexa Skill Interface with custom “wake words”, “invocation words” and “intent processing.” Way over my head. But I like the idea of an invocation word—sounds magical doesn’t it?

[Side bar: one thing to know about invocation words as that they should be your brand’s name. So think about that: law firm names are notoriously long. Can you imagine saying over and over again, “How many Hewey, Dewy and Louie Law Firm blah, blah, blah … ?”]

All of this sounds great. But then envision yourself, a la Philip Seymour Hoffman in Mission Impossible III, being held at gunpoint, and told to read a nonsensical paragraph so that your doppelganger can replicate your vocal chords.

That is the flaw with voice-activated reporting (much like the flaws with iPhone’s facial recognition technology). Yes, I present an extreme hypothetical. Really, who wants to see a law firm’s web site analytics. Major snooze fest.

But it does raise a serious security consideration when contemplating this nascent technology.  What’s to stop someone from walking into anyone’s voice-activated office and asking, “Alexa, what is my colleague’s salary? Alexa, please send me the highly confidential, private report on Client X. Alexa, will I get a Christmas bonus this year?”

These are the things that inquiring minds want to know. And should Alexa be all that ready to be that helpful?

Don’t get me wrong, I like the idea of acting like a smooth talker (even though I’m frequently at a loss for words) and Alexa giving me instant answers. But I think we are too far from the necessary security to see this technology actively used in the legal workspace. Yet.

[Ed. Note: Please welcome back guest blogger, Keith Lipman, President at Prosperoware. Keith is a long-time friend of the Geeks, and well-known leader in the information management field of the legal industry. –GL]

Double-edged Sword: Protect & Deliver
2016 was a banner year for cyber incidents as records breaches increased by 556% with more than four billion records leaked. The regulatory and client response has been significant. The regulatory side brought the introduction of the New York State Department of Financial Services (NYS DFS) cybersecurity regulation, in addition to pending other regulations such as the General Data Protection Regulation (GDPR) which also mandate security requirements. From the clients, the Association of Corporate Counsel (ACC) released their Model Information Protection and Security Controls for Outside Counsel Possessing Company Confidential Information. The provisions of all these effectively create a standard of care for handling and protecting client data; that standard is fairly clear that firms must lock down access to only those who require it. This means that only those who clients authorize to have access to their matters can have it; this is commonly referred to as ‘need to know’ access.

Historically, firms have operated open access environments under the guise of knowledge sharing and collaboration. They must now fundamentally change an entrenched practice that has generally allowed everyone inside the firm access to clients’ sensitive documents. The challenge is that lawyers rely upon prior work product as the basis for new work product.

As firms scramble to comply with these new mandates, they’re concerned that locking down and limiting access to data repositories will impede knowledge sharing. They fear that cutting-off access to valuable work product will diminish operational efficiency, and that need to know access will destroy knowledge management. For those firms already thinking about the bigger picture and finding other ways to leverage their valuable data, need to know security may be an opportunity, not a hindrance.

Need to Know Access May Limit the Value of Prior Work
According to most indicators, electronic information is doubling every two years and will exceed 44 zettabytes by 2020.  The amount of data firms manage has been growing, exponentially. Disappointingly, firms seem to have struggled to properly collect, maintain, and harness the vast array of data they process, or even make use of that which they already manage.

To enable their professionals to benefit from the wealth of experience learned from prior matters, firms allow lawyers to search for prior work product. It makes little sense to reinvent the wheel for every new, yet similar matter when lawyers can rather improve service delivery in terms of time and quality by re-using others’ prior work.

Logic dictates that implementing need to know access will throw a wrench in the works by limiting the pool of prior work product any one lawyer can search or access; specifically, it would limit them to re-using only the work product for certain clients from other lawyers who provide services as a team.
Many law firms’ document repositories already exceed tens of millions of documents; contrary to what some might assume, this actually may improve efficiency. This is because the more limited dataset being searched could ensure a greater relevance of results, making it easier to locate specific items that lawyers need, especially when searches are being conducted on such a regular basis. Nevertheless, this alone is not the answer.

The Solution for Efficiently Locating Prior Work: Matter Profiles and Experiential Data
The problem that needs to be solved is how to enable lawyers to find work product they don’t know exists and for which the firm does not yet have any published template. Firms need to enable their lawyers to find others’ work product. Thankfully, there is a solution.

If firms properly tracked and organized the correct metadata around their engagements and used it to create matter profiles, this challenge would be solved – and the firm would be positioned to improve numerous other aspects of its operation. Matter profiles are also beneficial to business development, marketing, and knowledge management. Having robust matter profiles makes searching far more powerful.

Matter profile search can readily drive key knowledge sharing needs. Profiles deliver a more holistic method for readily identifying the most appropriate work product, even when the lawyer already has access to the documents. Matter profiles provide better context as to the purpose of each document.

Some examples of the data that should be tracked in such profiles include:

  • Matter type, sub-type
  • Area of law
  • Qualifiers or tags
  • Deal / Demand / settlement amount
  • Court / Location
  • Industry

Lawyers can track and easily find an appropriate matter and then request access to the data, without falling foul of maintaining need to know security. This ability to ‘pierce the veil’ allows a combination of need to know security while offering a method to enable awareness of the wealth of experience and prior work that exists within a firm.

These same matter profiles would also empower business development and resourcing decisions. Firms can make more intelligent decisions about where to invest and focus resources and marketing programs to improve pitch success rates. In this regard, that same metadata can drive:

  • Opportunity Management for firms to track and forecast pipelines
  • Proposal Generation to streamline and reduce costs and improve results
  • Matter, Client, Lawyer, Staff, Vendor, and Other Profiles for better search capability; and,
  • Comprehensive Firm Directory with integrated Experience Scoring to more quickly locate and identify appropriate personnel

Need to Know Security Doesn’t Apply to Public Data
The requirement to apply need to know security is not applicable to public data. As such, that data is easier to handle from a knowledge management standpoint. A significant portion of the data that law firms work with is or eventually becomes public. Examples of this type of data include pleadings filed in court (except for matters under seal, which are rare) and documents filed with most government agencies such as the SEC or UK Companies House. This data is still important to and plays and integral part of the broader firm knowledge management initiative. Although today it can be readily automated, prior to everything being made available in electronic format, lawyers manually created indexes to track this type of data; this included pleading indexes, closing indexes, bundles, and other various indexes.

Streamlining the creation of pleading and closing indexes is ‘low hanging fruit’ for process re-engineering. Ensuring the data is ordered in an optimal format is valuable to clients and lawyers for sharing and future re-use; almost all the valuable matter profile information is contained in these documents. Information such as closing dates or key court dates and transaction amounts are typically included in the closing index. A trained person can easily extract and capture such valuable metadata during preparation of an index.

Better Investments in Templates 

In today’s competitive market for legal services, firms must be able to demonstrate expertise, understand cost structure, price competitively, manage a pipeline of work, and recognize opportunitites for cross-selling. Core to all of these processes is leveraging the firm’s data, and it goes well beyond knowledge sharing.

In the age of need to know security, the argument asserting the inherent value of sharing prior work product without any limitations can no longer eclipse the security needs and demands of clients. Rather, firm leaders should take the opportunity to invest in the right technology to complement the new processes. This includes better data collection and management as well as automation of processes such as creation of forms for volume practices. This is an opportunity to improve data practices overall. Everything firms do today is related and can be tied-together with the same core data—and the mandates of need to know security just provide another opportunity for improvement.

Image [cc] Josh Bancroft

This morning, the American Library Association came out against the FBI’s attempt to order Apple to unlock an iPhone connected to the San Bernardino shooters, who murdered 14 people and injured another 22 back in December 2015. ALA’s Managing Director of the Office of Government Relations issued the following statement:

The only thing that could make last December’s attack in San Bernardino more horrible would be its use to profoundly erode the Constitution’s protection of our fundamental freedoms. Man­dated ‘back doors’ into encrypted systems cannot successfully be labelled ‘Bad Guys Keep Out.’  The only way to protect our data and, ultimately, our freedom is to fight any attempt by the courts and Congress to hack the Constitution.  ALA stands with Apple.

I also stand with Apple on this issue, and encourage my peer Law Librarians and Legal Information and Technical professionals to do the same. Librarians have always stood up for the rights of citizens against government intrusion. Long before there was a public uproar, or Edward Snowden, Librarians were pointing out and fighting the privacy breaches of the PATRIOT Act. It is time to stand up again and support the Constitution over the individual situation, regardless of the horror and tragedy surrounding the reason we wish to bend the rules.

Apple’s CEO, Tim Cook, issued a response this week rejected the United States government’s request where he underlined the dangerous precedent this order would create:

The implications of the government’s demands are chilling. If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyone’s device to capture their data. The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge.

It appears that the primary reason that the FBI is asking Apple to break the encryption and open the phone is one of convenience and cost. The government has not exhausted less intrusive methods of opening the shooter’s phone. Yes, it may cost more money and time to unlock the phone without Apple’s help, but it will cost far less in what this dangerous precedent creates if the Government successfully orders Apple to unlock that phone.

I stand with Apple.

“Better Call Saul!”

I’m watching the Breaking Bad marathon last night when a commercial comes on mentioning a familiar company. Although I couldn’t find the 30 second spot telling me to go to BringAClaim.com, I did find the 2 minute video from the firm behind Bring A Claim, San Antonio based, Watts Guerra, LLP, that describes the settlement agreement that entitles, “more than 100 million Americans who could be entitled to statutory damages of $100 to $1000 for each proven willful violation of the Fair Credit Reporting Act.”

It seems that Lexis wasn’t just having a problem with this issue, but according to KrebsOnSecurity, was hacked by a serious cyber criminal organization, along with Dun & Bradstreet, and Kroll Background America, Inc., where millions of social security numbers and business information were stolen and sold. The KrebsOnSecurity report, based on a seven month long investigation, reports that the Lexis breach seems to have been one where someone on the inside installed a program called NBC.exe in order to gain access to the system and download the personal data.

Perhaps the most alarming thing that Krebs’ reports is that there are over a thousand “customers” (AKA, Bad Guys) going through the hacked data:

The database shows that the site’s 1,300 customers have spent hundreds of thousands of dollars looking up SSNs, birthdays, drivers license records, and obtaining unauthorized credit and background reports on more than four million Americans.

Seems that Walter White wasn’t the only one having a bad year. But, remember, you may be entitled to damages, so you better call Saul… er, Watts Guerra.

Why Did Etisalat Block Flickr
Image [cc] Za3tOoOr!

Nothing really irritates a researcher more than attempting to get to a website only to find that it has been blocked by your network software. In fact, many of you may find that social media sites are closed off at work because someone decided that you’ll spend your time uploading cat videos instead of your real job. Hey!! Cat videos are a fun way to relieve stress, and it really doesn’t take that long to upload. Sorry… got off topic there. Back to the blocked websites.

Most of the time you can call your IT Department and have them exclude you from the ‘blocked’ list (and I highly suggest that you do this first!), but there may be times where you just need to quickly get to the site and get the information. It’s really easy, and it kind of shows that blocking websites might be a lesson in futility. The key is using translator sites, such as Bing Translator or Google Translate as a proxy. Here’s the simple instructions. If you want more information, you can view this Reddit thread, provided that IT hasn’t blocked Reddit.

Steps:

  1. Open translator: (I’ve found Bing to be a bit easier, but both work.)
  2. Enter the Blocked URL in the translate box
  3. Click on the Translate button
  4. Voilà, the translator is feeding the page through and is bypassing your web blocker.

Note: Sites that are not supported by the translator (e.g., Netflix, Spotify, or secured websites) will not work with this method. I’ve found a few sites, like Online-Translator that work around some of these issues (by telling it to translate from German to English), but nothing is 100%.

Here’s a good video that walks through the process. Again, this isn’t 100% perfect, but I’ve found it to be pretty helpful when I was in a bind and needed to get to a blocked website… strictly for research purposes, of course.

Image [cc] –  顔なし 


Jane:  Have you noticed that this job has become more and more about the correct usage of IT approved technology?  I mean, years ago, I practiced law.  I worked with my clients to determine the best way to work together.  Now, I spend an inordinate amount of time trying to learn the tools that IT has decided will make my practice more productive.  Ironically, the more and “better” tech they add, the less productive I become.  Meanwhile, in my personal life I am using technology more than ever.  I don’t need training, and most of it actually makes me more productive. Paying bills has gone from an all-afternoon Saturday exercise to a 2 minutes on the bus thing. Keeping up with friends has gone from a series of weekly or monthly hour long calls to a couple of minutes each day on Facebook. Even doing my taxes, and planning meals have changed from all-consuming tiresome activities to near-afterthought minor annoyances.  All the while practicing law gets more and more complicated.

Dan:  OK. Here is where you say, you should just be allowed to use whatever technology you want to at work.

Jane:  Yes, as a matter of fact, it is.

Dan:  That is asinine.

Jane:  Why!?  Why should some committee of techies – most of whom don’t know their amicus curiae from a hole in the ground – decide what tools I should be required to use to practice law?

Dan:  Jane, they are nerds! They know technology.  They know what’s safe and efficient to use.  A competent IT department does their due diligence on every system, learns it inside and out, and makes sure it’s easy enough for even a tech-challenged attorney like you to use.

Jane:  That’s bull.  And to be clear, I have no problem with my IT people.  They are smart and diligent, but they don’t know the law, the business of law, or the practice of law.  How can they possibly determine what technology is going to be most efficient for the firm, let alone my practice?

Dan:  Would you rather decide what technology your firm uses?

Jane:  No.  But I would love to decide what I use.

Dan:  And who will support that technology when it doesn’t work as expected?

Jane:  They will.

Dan:  Do you know how many possible configurations and variations an IT department would have to support if everyone picked their own tools?

Jane: OK. I can see the need for some limits, but COME ON! Give me a little flexibility here!  If I want to bring in, at my own expense, my personal Mac Laptop, because… well… the damn thing works, then IT should be prepared to support it.  Also, I should never have to carry around both a clunky old Blackberry and my sexy Android phone because IT can’t figure out how to enable a secure connection on the modern device. Plus, if there is no known virus or security threat, I should be allowed to go to whatever websites I want. I am not a child, I have the self-restraint to avoid porn, scams, and excessive use of personal social media while at work.  The point is: I know what I do on a daily basis, and they don’t.

Dan:  And all of the attorneys in your firm are as knowledgeable, self-restrained, and tech-savvy as you?

Jane:  Not remotely.

Dan:  So when one of your moronic partners clicks on a phishing link that takes him to the seedy underbelly of the inter-webs on his personal, but firm-networked, laptop and contracts the digital equivalent of tertiary syphilis, bringing down your firm’s entire network for a week or more…

Jane:   Well…

Dan: Or when one finally gives in to the incessant whining of her 6 year old and lets him play Candy Crush on her semi-secured Android device that has direct access to all firm records and documents, and the kid decides to play “Hey, I wonder what this does?” instead…

Jane:  That’s not what I…

Dan:  Or when you, moderately intelligent and tech-savvy as you are, plug your camera into a photo store kiosk on vacation to print out a couple of snaps for grandma, then come home and plug the same camera into your firm notebook to upload a new wallpaper image, and unknowingly unleash the Trojan Horse that gives hackers on the other side of the world carte blanche access to all of the firm’s client information…

Jane: That’s not possible.

Dan: No, that’s statistically unlikely, but it is extremely possible.  Which would be more inconvenient: learning the firm’s approved technology to do your job safely, or looking for a new job when your firm has lost all of its clients due to a security breach that you unwittingly caused?

Jane:  Ummmm….

Dan:  I know what you’re thinking. “How statistically likely is that?” Well, to tell you the truth, I don’t really know. But being as such a thing would ruin your career, your clients’ business, and would probably blow your firm clean off the map, you’ve got to ask yourself one question: “Do I feel lucky?” … Well, do ya, punk?


Several months ago I was asked by a partner to review the privacy policies and terms of service for a number of consumer cloud storage providers and to rank them according to how well they met his requirements based on firm policies, ABA missives, and a handful of other relevant opinions about client confidentiality and the cloud.  Long story short, they all failed miserably.  None of them came close to meeting the “requirements”.  

The partner was hoping to be able to tell his fellow attorneys that the firm doesn’t approve of consumer cloud storage for client related information, however, if you are going to use a consumer solution for “personal information” we recommend provider X.  My pessimistic report made even that a difficult statement.  Still hoping to salvage something from this conversation he asked a follow-up question. 

“Do any of these services provide anything close to the level of security we have in email?”

Had I sipped my coffee a second earlier I surely would have showered my office with stale joe.

“Excuse me”, I said, “Could you ask that again?”

“Attorneys send client confidential information all the time via email, so do any of these services come close to meeting the standards for email security?”

That’s what I thought he meant.  I broke the news to him slowly, explaining it this way. “I wouldn’t put anything in consumer cloud storage that I wouldn’t leave in a file folder on the front seat of my locked car.  But, I wouldn’t put anything in an email that I wouldn’t write on the back of a postcard and hand to a stranger on the street to mail for me.  The least secure of these consumer cloud storage solutions is many, many times more secure than a standard unencrypted email.  In fact, some of them have much better security protocols than your average law firm.”

The partner was flummoxed.  “Then what’s the big deal about this cloud thing?”

I was reminded of this incident when I attended the ILTA conference a couple of weeks ago.  In the vendor hall I saw a lot of vendors pushing their cloud-based SaaS solutions and a lot of firms saying, “Sorry, we have to host all of our own data.”  Typically the vendor went on to explain the value of allowing them to host the data. The product is constantly monitored, backed up, and securely encrypted in transit and at rest.  The product and mobile apps are updated multiple times a day. They simply can’t provide such a high level of service if you insist on hosting the product behind your firewall.  

These conversations went back and forth for a long while.  I never once heard a cloud vendor acquiesce and say, “Well, OK. We’ll let you host it yourself.”   Chances are good that if you host their service, you will have a less than ideal experience.  And if you have a less than ideal experience, they will have to spend a lot of time and money to make you happy, which will eat into their profits.  They would rather not have you as a customer at all, than to have you be a less-than-completely-satisfied customer.  It seems some vendors have learned a lesson that many law firm’s have not: not all revenue is profitable. 
Taken together I think these incidents are representative of a larger paradigm shift. Traditional IT services, even the big traditional Legal software vendors, are moving to the cloud.  Attorneys will eventually figure out how to work with the cloud and still meet their ethical obligations, or they will just get used to the risks and ignore them like they have with email in the last 20 years.  The ABA will eventually make some coherent and unambiguous statements about the acceptable use of cloud services. And all of these will come together at the same time that firms begin to realize the economic benefits of not supporting an entire service infrastructure in-house.

Once that happens law firms will look back on all of the sturm und drang surrounding the Cloud, Software as a Service, and the Consumerization of IT, and they’ll wonder what all the fuss was about.  They’ll probably also wonder what all those nice people who used to run their network are doing now.

In light of the recent LinkedIn password debacle, I thought I would share a password secret I’ve been using for a while now, client side password hashing. 

Password hashing takes a simple password, runs it through an algorithm and spits out a more complex password.  Stanford University researchers developed an algorithm for passwords that uses the domain of the site you’re logging into and your simple password to create a unique and more complex password for every site you log into, even if you use the same password for each site.

You can find out more about the Stanford project here.

On the right side of the pwdhash.com page, you’ll see a box (like the one above) with fields for Site Address, Site Password, and Hashed Password.  Enter the domain of the site you’re logging into in the Site Address field (geeklawblog.com), enter the same silly password you use for every single site you log into in the Site Password field (for me, it’s greglambert. Shhh!), press the Generate button and voila!, out pops your hashed password.  Ts7ZoXk8Nqj6d is my official password for 3 Geeks.

When I go to log into Facebook, I enter facebook.com, greglambert as my password, and my official password for Facebook becomes bmQHlmV4bWUEu.

This way I can continue to use 2 or 3 relatively simple passwords and still have complex and unique passwords for every site.

I know what you’re thinking.  “I don’t want to have to go to pwdhash.com every time I need to get my password!”  You don’t have to.  Cynix.org has created bookmarklets that you can save to your browser favorites.  When you go to a site that needs a password, click on the bookmarklet, a java window pops up asking for your Master/simple password, it takes the current domain from the page you’re on and runs the Stanford algorithm spitting out your unique password for that domain.  On some browsers it even enters the new password in the password field when you place your cursor there.  (Warning: I haven’t had a lot of luck with the bookmarklets in versions of IE. Stick with Chrome, Firefox, or Safari.)

But what about on my iPhone or iPad?  The bookmarket works in mobile safari.

But what about signing into Apps on my iPhone or iPad?  There’s an app for that too.  KeyGrinder uses the same algorithm to return the same password every time.  You enter the domain and password and then tap on the Create button, the hashed password is automatically saved to your clipboard.  Just go to the App, enter your username, tap in the password field and select paste.

The benefits of hashed passwords are many.

  • I can remember only my simple master passwords and still have unique complex passwords for every site.
  • If a website (like LinkedIn) is compromised, the attackers only have my password for that one site, not for every other site I go to.  
  • Since I’m never actually typing the hashed password in anywhere, keyloggers don’t capture my passwords.
  • Since the typed master passwords and hashed passwords are hidden (******) in the bookmarklet, someone standing over my shoulder or viewing my screen still wouldn’t get my password.
  • Since I’m only remembering my master passwords, I couldn’t reveal my actual passwords even if I was being tortured.  

On second thought, that last one might be a bad thing.

**************

UPDATE:  Added the words Client Side to the title to differentiate from the standard server side password hashing that LinkedIn is accused of doing poorly in the Computer World article linked at the top.

UPDATE 2: You can check here to see if your old LinkedIn password was confirmed as cracked.  Please change your password first!  Another benefit to client side password hashing, the server side hash is much harder to crack because it bears no relation to a dictionary word.  In case you’re wondering, my original password is not currently on the list of cracked passwords.  Glad I changed it anyway.

Oh how I long for the days when I would boot up my IBM 8086 PC off of the dual-floppy drives and not have to answer any security questions in order to get to my word processing program. Granted, it was slow… but it was simple. It wasn’t connected to a fast Internet connection… but I was just happy to be able to see the three emails that came in each day. However, time marches on… speeds increase… software upgrades… networks expand… some idiot decides to hack into the system… then the IT world’s version of the TSA begins its march to make sure “our systems” are not hacked. It’s too bad we’ve stopped having “smoke breaks” at work, because each time we log in to our computers, open email, load a template in our word processors, or try to watch YouTube an online training video, we could go outside and light up.

I know, I know… IT Security is needed to keep the bad guys out (and it seems that there are many bad guys out there.) The drawback to this constant war on hackers is that we have all suffered the effects of the long slog against an enemy that simply won’t die… won’t surrender… and adjusts their tactics whenever we’ve had any reasonable success against the existing attacks.

It seems that every year a new layer of security is added. Here’s just a few that come to me off the top of my head:

  • Username/Passwords
  • Advanced Password Requirements (where you have to add CAPITAL letters, Numb3rs, and Sp#cial Ch@racters)
  • Bio metric readers (finger print scanners)
  • Digital Codes on key chains that change every 60 seconds
  • Anti-Virus Software
  • Network Security Devices (anti-sniffer, sniffers)
  • Remote mobile devices wipers
  • Encrypted hard drives
  • Secure WiFi
Everyone of these (and the dozens or so I’m sure I didn’t list) are reactions to security threats that have either happened to your place of work, or to some other place of work and your IT staff doesn’t want to happen to them. Each of these is a burden upon the IT Group, the computer you’re using, the network you are on, and on you and your work production. The end result is that we have a fight between Moore’s Law and the Red Queen’s Hypothesis:

Speeds Double Every 18 Months…
But, We Need Them To Double Twice That Fast To Get Anywhere!!

I would have hoped by now that we would have things like automated security, instant boot-ups, programs that don’t move slower than their Windows 95 versions, tri-corders and food replicators… but alas, we do not. We seem to be stuck in an information world that is stuck marking time in a battle where winning is defined as simply not losing. I have to go now… my email program finished loading… and I have to make sure Postini didn’t capture any emails that I actually need to read.