The normal corporate responseto a network intrusion, data theft or destruction, or even something ascommonplace as an employee misconduct complaint is often to dispatch theinternal IT staff to investigate and deliver enough information to seniormanagement that they can evaluate the scope and veracity of the event andtake action if necessary.
However K&F Consulting's founding principal, Greg Fordham, thinks thatapproach is analogous to returning to your home, finding a window brokenand your belongings disheveled, and deciding to call the repairman firstinstead of the police.
Fordham and the members of his firm regularly advise clients on how torespond to computer based incidents.
According to Fordham there are some very basic dilemmas associated withcalling on the internal IT staff members rather than a forensic expert toinvestigate an incident.
"The IT mission is to operate and maintain an organization's computersystems. They are usually not well suited for incident response since theyare not trained to collect and preserve digital evidence," Fordham said.
Using the same skills that they would use to install a print driver,Fordham said IT staffers will likely, at a minimum, change important dateand time stamps, lose volatile memory, and change or overwrite free space.
"Even if the consequence of these blunders can be neutralized, theystill bring complexity and cost to any subsequent litigation that may beinitiated. And their actions could also raise doubt about the authenticityof significant evidence," Fordham said.
Fordham also said the lack of forensic analysis training and experiencecould result in telltale signs of wrongdoing going unnoticed.
To Continue Reading: Click Here
---------------------------------------
Source: PRNewswire
Tuesday, July 31, 2007
Find ways to manage electronic communication data, says Baker & McKenzie
IT administrators must find ways to manage electronic communication data now to control compliance risks effectively, global legal firm Baker & McKenzie has warned in a business guide to compliance.
Proper archiving, retention, monitoring, filtering and electronic data are no longer optional, they are imperative to reduce risk and protect intellectual property, according to the guide's author, Cynthia Jackson, partner in the legal firm's office in Palo Alto, California.
"Companies of all shapes and sizes should be aware that the age of electronic data imposes challenges and liabilities," she said.
US statistics show that by 2005, 24% of companies had e-mail subpoenaed and 15% had gone to court over lawsuits triggered by employee e-mail. The guide recommends that companies should plan, implement and train before a legal crisis arises.
Jackson said the guide is relevant to any UK company that does business in the US or has US customers. She said it also raises awareness of the issues and foreshadows the challenges UK companies are likely to face in future.
"This guide will help companies understand the problem and ask the right questions. Ignorance is no defence in a court of law," said Peter Lorant, senior director of marketing for Postini in Europe, the Middle East and Africa.
Postini, an electronic communications company, has made the Baker & McKenzie guide available to UK businesses through free download from the Postini website.
A webcast discussing the contents of the guide is also available.
To Continue Reading: Click Here
---------------------------------------
Source: computerweekly.com
Proper archiving, retention, monitoring, filtering and electronic data are no longer optional, they are imperative to reduce risk and protect intellectual property, according to the guide's author, Cynthia Jackson, partner in the legal firm's office in Palo Alto, California.
"Companies of all shapes and sizes should be aware that the age of electronic data imposes challenges and liabilities," she said.
US statistics show that by 2005, 24% of companies had e-mail subpoenaed and 15% had gone to court over lawsuits triggered by employee e-mail. The guide recommends that companies should plan, implement and train before a legal crisis arises.
Jackson said the guide is relevant to any UK company that does business in the US or has US customers. She said it also raises awareness of the issues and foreshadows the challenges UK companies are likely to face in future.
"This guide will help companies understand the problem and ask the right questions. Ignorance is no defence in a court of law," said Peter Lorant, senior director of marketing for Postini in Europe, the Middle East and Africa.
Postini, an electronic communications company, has made the Baker & McKenzie guide available to UK businesses through free download from the Postini website.
A webcast discussing the contents of the guide is also available.
To Continue Reading: Click Here
---------------------------------------
Source: computerweekly.com
Debate Breaks Out over Breakable Forensics Software Charges
The fur is flying over a presentation, planned for Black Hat in Las Vegas Aug. 1, that security firm iSEC says will demonstrate how easy it is to break forensics software.
Forensics tools such as Guidance Software's EnCase are used by law enforcement, enterprises and national security agencies for data recovery and investigation. As iSEC says in its presentation description, investigators use these tools for a range of functions, such as parsing dozens of different file systems, e-mail databases and dense binary file formats.
"Although the software we tested is considered a critical part of the investigatory cycle in the criminal and civil legal worlds, our testing demonstrated important security flaws within only minutes of fault injection," iSEC says.
iSEC is promising to present what it found after six months of subjecting leading forensics packages to exploitation techniques. The security firm also plans to release new file and file system fuzzing tools created specifically to put forensics software through its paces in the project.
Some of the problems iSEC claims to have uncovered are that forensics tool makers don't use protection for native code provided by platforms, including stack overflow protection and memory page protection, or safe exception handling.
"Forensic software customers use insufficient acceptance criteria when evaluating software packages. Criteria typically address only functional correctness during evidence acquisition when no attacker is present, yet forensic investigations are adversarial," iSEC says. "Methods for testing the quality of forensic software are not meaningful, public or generally adopted. Our intention is to expose the security community to the techniques and importance of testing forensics software, and to push for a greater cooperation between the customers of forensics software to raise the security standard to which such software is held."
Guidance, for one, isn't taking this lying down.
To Continue Reading: Click Here
---------------------------------------
Source: channelinsider.com
Forensics tools such as Guidance Software's EnCase are used by law enforcement, enterprises and national security agencies for data recovery and investigation. As iSEC says in its presentation description, investigators use these tools for a range of functions, such as parsing dozens of different file systems, e-mail databases and dense binary file formats.
"Although the software we tested is considered a critical part of the investigatory cycle in the criminal and civil legal worlds, our testing demonstrated important security flaws within only minutes of fault injection," iSEC says.
iSEC is promising to present what it found after six months of subjecting leading forensics packages to exploitation techniques. The security firm also plans to release new file and file system fuzzing tools created specifically to put forensics software through its paces in the project.
Some of the problems iSEC claims to have uncovered are that forensics tool makers don't use protection for native code provided by platforms, including stack overflow protection and memory page protection, or safe exception handling.
"Forensic software customers use insufficient acceptance criteria when evaluating software packages. Criteria typically address only functional correctness during evidence acquisition when no attacker is present, yet forensic investigations are adversarial," iSEC says. "Methods for testing the quality of forensic software are not meaningful, public or generally adopted. Our intention is to expose the security community to the techniques and importance of testing forensics software, and to push for a greater cooperation between the customers of forensics software to raise the security standard to which such software is held."
Guidance, for one, isn't taking this lying down.
To Continue Reading: Click Here
---------------------------------------
Source: channelinsider.com
Monday, July 30, 2007
Save costs by knowing your data
Classification tools help storage managers gain efficiency and find stored files faster
One size fits all used to be the standard approach to enterprise storage, with that one size being expensive, high-performance disk arrays. Now agency managers have storage choices that allow them to mix and match storage platforms by sacrificing some performance for lower costs.
But how do storage managers decide which data to store on which platform? New products that perform data classification can help managers sort through and understand what they have. That knowledge can help them boost the efficiency of their storage practices, assign data to the most cost-effective storage platform and meet legal requirements.
A variety of vendors now offers classification products, including start-ups and storage industry veterans, and the products they offer are equally diverse. Data classification sometimes is a feature embedded in a broader storage offering. Some products automatically classify files, and others prompt users to supply a label. A number of companies deliver software with classification capabilities and others bundle classification software with hardware.
The cost of data classification products can run into six figures. However, industry executives say data classification offers a compelling return on investment. They expect it to catch on in a year or two, given the growing volume of data in most organizations.
“This is still a relatively nascent marketplace,” said Todd Oseth, chairman and chief executive officer of storage consultant SANZ.
Some companies include data classification technology in a broader suite of storage management software.
Compellent, for example, has been offering data classification since 2005 as part of its storage-area network solution.Compellent’s data classification feature was one of the biggest factors behind its selection by the South Carolina Office of the Attorney General, said John Loy, network engineer in the attorney general’s office.
Sorting things out
The Compellent SAN automatically classifies data based on how often it is accessed. Frequently accessed documents and images move to fast storage while seldom-used documents migrate to Serial Advanced Technology Attachment storage.
“I don’t have to spend all my time on a server managing what files are going to be progressed up and down the scheme,” Loy said. “We have a very small staff. Having a system that automatically does [data classification] on the block level, behind the scenes, was a major reason we picked it.”
Because of Compellent’s ability to classify blocks — blocks are the units of storage that SANs use — a large database file can be stored across more than one tier of storage. The newly written data blocks may be assigned to faster primary storage while the old data is stored on more affordable disks, company officials said.
To Continue Reading: Click Here---------------------------------------
Source: FWC.com
FRCP And MetaData - Avoid The Lurking E-Discovery Disaster - Part II
Metadata And The Challenges It Raises
Metadata is too often defined today by referring to the origins and history of the component parts of the term. You often see metadata referred to as "data about data," a linguistically accurate and descriptive formulation, but not an especially useful or illuminating one. For our purposes, metadata should be thought of as information associated with and made part of an electronic document that is not visible in the normal viewing or printing of that document. In that sense, "hidden data" might one day replace "metadata" as a more useful term. Metadata can include descriptive, historical, technical or other information and is often generated automatically. It can also include hidden information manually added by users of the document. Classic examples of metadata are the information contained in "document properties" of Microsoft Word documents and comments or tracked changes in Word documents.
Metadata is neither inherently good nor bad. Depending on its context, it can be quite useful. Outside the legal environment, adding and using metadata is a highly valued method of making information more usable and findable. Metadata can also be quite useful in helping you organize, identify, and review your electronic documents. Metadata is not a new topic. It has been with us for a long time. Interestingly, the concept of metadata is not confined to electronic documents.
In fact, paper documents have their own analogous forms of metadata that are not immediately visible to readers. Consider "metadata" like paper size, whether a paper was printed, typed or copied, paper type, and other information, or written comments (ink, pencil or typed) or highlighting (color, ink type). Thinking about "paper metadata" will help you think more clearly about electronic metadata.
Metadata, and electronic documents, might contain three categories of metadata. In many cases, elements from all three categories will be found.
1. System Metadata
System metadata is data automatically added by your computer system that relates to the operation of the system and the handling of files. Examples of system metadata include file creation date and time stamps, file location, author or user identification and other information generally useful for system administration purposes. While this metadata is not the type that regularly draws headlines, it might be very useful when certain types of fact issues arise. For example, if the date when a document was created is a key fact issue in a case, a "date created" time stamp might be dispositive on the issue. A user name might resolve a dispute over who created a document.
To Continue Reading: Click Here
---------------------------------------
Source: Metropolitan Corporate Counsel
Metadata is too often defined today by referring to the origins and history of the component parts of the term. You often see metadata referred to as "data about data," a linguistically accurate and descriptive formulation, but not an especially useful or illuminating one. For our purposes, metadata should be thought of as information associated with and made part of an electronic document that is not visible in the normal viewing or printing of that document. In that sense, "hidden data" might one day replace "metadata" as a more useful term. Metadata can include descriptive, historical, technical or other information and is often generated automatically. It can also include hidden information manually added by users of the document. Classic examples of metadata are the information contained in "document properties" of Microsoft Word documents and comments or tracked changes in Word documents.
Metadata is neither inherently good nor bad. Depending on its context, it can be quite useful. Outside the legal environment, adding and using metadata is a highly valued method of making information more usable and findable. Metadata can also be quite useful in helping you organize, identify, and review your electronic documents. Metadata is not a new topic. It has been with us for a long time. Interestingly, the concept of metadata is not confined to electronic documents.
In fact, paper documents have their own analogous forms of metadata that are not immediately visible to readers. Consider "metadata" like paper size, whether a paper was printed, typed or copied, paper type, and other information, or written comments (ink, pencil or typed) or highlighting (color, ink type). Thinking about "paper metadata" will help you think more clearly about electronic metadata.
Metadata, and electronic documents, might contain three categories of metadata. In many cases, elements from all three categories will be found.
1. System Metadata
System metadata is data automatically added by your computer system that relates to the operation of the system and the handling of files. Examples of system metadata include file creation date and time stamps, file location, author or user identification and other information generally useful for system administration purposes. While this metadata is not the type that regularly draws headlines, it might be very useful when certain types of fact issues arise. For example, if the date when a document was created is a key fact issue in a case, a "date created" time stamp might be dispositive on the issue. A user name might resolve a dispute over who created a document.
To Continue Reading: Click Here
---------------------------------------
Source: Metropolitan Corporate Counsel
Friday, July 27, 2007
Native hard drive encryption: Coming soon to a notebook near you?
In March, Seagate, ASI Computer Technologies and Wave Systems announced they had created a notebook (the C8015) with native hard drive encryption. If the notebook is lost or stolen, no worries – the data is encrypted on the hard drive, and there's no way to access the data without the user's password (no back doors, recovery tools or services available to retrieve it).
A few weeks ago, Seagate sent me the C8015, which includes a 15.4-inch widescreen display, the Seagate Momentus 5400 FDE.2 hard drive (80GB), an Intel T7200 Core 2 processor, 1GB of DDR2 667 memory, an NVIDIA GeForce Go 7600 graphics card with 256MB of video RAM, DVD-RW optical drive, and Intel 802.11abg wireless connectivity. This configuration, with Windows XP Pro, would cost about $2,150.
The 2.5-inch Momentus 5400 FDE.2 hard drive uses Seagate's DriveTrust technology, and the C8015 also comes with Wave System's Embassy Security Center Trusted Drive Manager software, which helps in configuration and setup of the encrypted drive, as well as provide password management and policy settings.
Seagate says the FDE technology and native hard drive encryption offers more advantages to companies over typical software encryption programs, mainly in the system performance, cost and "user friendly" arenas. Part of the problem with encrypting data through software has been a drag on system performance, and Seagate says performance is not affected with the encrypted hard drive.
To Continue Reading: Click Here
---------------------------------------
Source: networkworld
A few weeks ago, Seagate sent me the C8015, which includes a 15.4-inch widescreen display, the Seagate Momentus 5400 FDE.2 hard drive (80GB), an Intel T7200 Core 2 processor, 1GB of DDR2 667 memory, an NVIDIA GeForce Go 7600 graphics card with 256MB of video RAM, DVD-RW optical drive, and Intel 802.11abg wireless connectivity. This configuration, with Windows XP Pro, would cost about $2,150.
The 2.5-inch Momentus 5400 FDE.2 hard drive uses Seagate's DriveTrust technology, and the C8015 also comes with Wave System's Embassy Security Center Trusted Drive Manager software, which helps in configuration and setup of the encrypted drive, as well as provide password management and policy settings.
Seagate says the FDE technology and native hard drive encryption offers more advantages to companies over typical software encryption programs, mainly in the system performance, cost and "user friendly" arenas. Part of the problem with encrypting data through software has been a drag on system performance, and Seagate says performance is not affected with the encrypted hard drive.
To Continue Reading: Click Here
---------------------------------------
Source: networkworld
E-documents to slash expenses
THE cost of business litigation is about to fall by millions of dollars as a result of rule changes by two of the nation's top commercial courts.
The changes have been triggered by widespread discontent in the judiciary at the excessive cost of commercial litigation.
It reached a crescendo with the massive C7 litigation in the Federal Court, which is estimated to have cost $200 million while generating 75,000 documents.
The Federal Court and the NSW Supreme Court aim to put an end to the cost blow-outs by switching some of the most expensive litigation processes to computer technology.
The first round of changes, announced by NSW chief justice Jim Spigelman, is expected to be followed within weeks by similar changes at the Federal Court.
"The objective is to minimise paper and maximise electronic communication and documentation," Justice Spigelman said.
"This has obvious cost benefits. It is not just the amount of paper, but the amount of handling and lawyer time in deciding what to disclose and use."
To achieve that goal the NSW Supreme Court has also adopted a new rule on legal professional privilege.
Justice Spigelman said the changes in his court would be introduced by amendments to the practice note covering commercial matters and those in the technology and construction list. They will eventually spread to other categories of litigation.
The process of pre-trial discovery -- one of the most expensive components of major commercial disputes -- will normally be undertaken electronically.
When undertaken in hard-copy format, discovery costs up to $2 million in major commercial disputes.
The court book, which contains affidavits and all other documents used in each commercial case, will also become an electronic database. "The content will not change, but the default position will be that the court book will be electronic," Justice Spigelman said. "This will be no different to any other court file as far as third-party or media access is concerned."
The only court-book documents that will be in hard copy will be those that are actually used and referred to in each case.
To Continue Reading: Click Here
---------------------------------------
Source: australianit.au
The changes have been triggered by widespread discontent in the judiciary at the excessive cost of commercial litigation.
It reached a crescendo with the massive C7 litigation in the Federal Court, which is estimated to have cost $200 million while generating 75,000 documents.
The Federal Court and the NSW Supreme Court aim to put an end to the cost blow-outs by switching some of the most expensive litigation processes to computer technology.
The first round of changes, announced by NSW chief justice Jim Spigelman, is expected to be followed within weeks by similar changes at the Federal Court.
"The objective is to minimise paper and maximise electronic communication and documentation," Justice Spigelman said.
"This has obvious cost benefits. It is not just the amount of paper, but the amount of handling and lawyer time in deciding what to disclose and use."
To achieve that goal the NSW Supreme Court has also adopted a new rule on legal professional privilege.
Justice Spigelman said the changes in his court would be introduced by amendments to the practice note covering commercial matters and those in the technology and construction list. They will eventually spread to other categories of litigation.
The process of pre-trial discovery -- one of the most expensive components of major commercial disputes -- will normally be undertaken electronically.
When undertaken in hard-copy format, discovery costs up to $2 million in major commercial disputes.
The court book, which contains affidavits and all other documents used in each commercial case, will also become an electronic database. "The content will not change, but the default position will be that the court book will be electronic," Justice Spigelman said. "This will be no different to any other court file as far as third-party or media access is concerned."
The only court-book documents that will be in hard copy will be those that are actually used and referred to in each case.
To Continue Reading: Click Here
---------------------------------------
Source: australianit.au
Digital discovery reduces delays
LITIGATORS at major law firms expect the switch to electronic discovery to save their clients millions of dollars.
All the big firms have been using electronic document-handling systems for years.
Now that major courts are encouraging electronic discovery, it will help eliminate delays and cut costs for clients.
Ian Dallen of Corrs Chambers Westgarth said the new practice rules in NSW would make litigation less costly but he was cautious about the rule allowing parties to release documents during discovery while retaining the right to claim legal professional privilege.
"As a conservative lawyer, this seems to be something to be extremely cautious about," he said. "It seems to run contrary to, or is inconsistent with, case law on waivers of privilege.
"Just because this is the practice of the court I am not sure that privilege would not be waived simply because of the practice note," Mr Dallen said.
His clients would still want their documents checked to ensure privileged information was not released during discovery, he said.
"I don't see how it would work to claim privilege after you have disclosed it. In any event you give the other side an advantage.
"Even if they are not allowed to use the matter, they know about it. Does that mean they are conflicted out of the case? The notion of moving to electronic discovery is sensible, but I still think you need to treat privilege in a very cautious, pragmatic way," Mr Dallen said.
To Continue Reading: Click Here
---------------------------------------
Source: australianit.au
All the big firms have been using electronic document-handling systems for years.
Now that major courts are encouraging electronic discovery, it will help eliminate delays and cut costs for clients.
Ian Dallen of Corrs Chambers Westgarth said the new practice rules in NSW would make litigation less costly but he was cautious about the rule allowing parties to release documents during discovery while retaining the right to claim legal professional privilege.
"As a conservative lawyer, this seems to be something to be extremely cautious about," he said. "It seems to run contrary to, or is inconsistent with, case law on waivers of privilege.
"Just because this is the practice of the court I am not sure that privilege would not be waived simply because of the practice note," Mr Dallen said.
His clients would still want their documents checked to ensure privileged information was not released during discovery, he said.
"I don't see how it would work to claim privilege after you have disclosed it. In any event you give the other side an advantage.
"Even if they are not allowed to use the matter, they know about it. Does that mean they are conflicted out of the case? The notion of moving to electronic discovery is sensible, but I still think you need to treat privilege in a very cautious, pragmatic way," Mr Dallen said.
To Continue Reading: Click Here
---------------------------------------
Source: australianit.au
No Hearsay in Electronically Generated Information
Are you facing a mountain of electronic discovery and wondering if you can get it into evidence? Take heart: A recent 101-page opinion out of Baltimore, issued in a case involving a small maritime insurance dispute, tells you how. The opinion, written by U.S. Magistrate Judge Paul Grimm, is a road map to how to use the fruits of electronic discovery as evidence at trial.
But be careful. For all of Grimm's step-by-step directions, he includes a detour through electronically generated information that could be a highway to nowhere. And whether you agree with his conclusions or not, you are almost certain to see Grimm's opinion in future disputes about the admissibility of electronic information at trial.
Although the case (Lorraine v. Market American Insurance) began as a $15,000 insurance dispute when lightning struck a yacht anchored in the Chesapeake Bay, Grimm's May 4 opinion veered off on an entirely different tack to give lawyers a clear, step-by-step framework for understanding how electronic evidence fits -- or does not fit -- into courtroom evidence.
The Lorraine opinion is important. Grimm provides an evidentiary manual of how to use documents that people create and store in computers as evidence at trial. In other words, this opinion will turn out to be a great study guide for corporate counsel confronting electronic evidence at trial. Because the object of electronic discovery is supposedly to gather evidence for trial, Grimm's observations also shed important light on questions of e-discovery.
LOOK WHO'S TALKING
Perhaps the more important -- and interesting -- aspect of Grimm's opinion is his conclusion that information he describes as "electronically generated" is completely outside the hearsay rule. The hearsay rule is among the best known and important of the gate-keeping rules to screen evidence before it reaches the jury. Under the hearsay rule, a statement made outside of court may not be offered into evidence for its truth unless the statement falls within one or more specific exceptions (for example, when the statements are contained in business records, made by employees or agents, or made against the speaker's interests). Hearsay evidence is excluded at trial because there is no opportunity to cross-examine its creator to determine how reliable the evidence is.
To Continue Reading: Click Here
---------------------------------------
Source: Law.com
By: Bradford E. Biegon
But be careful. For all of Grimm's step-by-step directions, he includes a detour through electronically generated information that could be a highway to nowhere. And whether you agree with his conclusions or not, you are almost certain to see Grimm's opinion in future disputes about the admissibility of electronic information at trial.
Although the case (Lorraine v. Market American Insurance) began as a $15,000 insurance dispute when lightning struck a yacht anchored in the Chesapeake Bay, Grimm's May 4 opinion veered off on an entirely different tack to give lawyers a clear, step-by-step framework for understanding how electronic evidence fits -- or does not fit -- into courtroom evidence.
The Lorraine opinion is important. Grimm provides an evidentiary manual of how to use documents that people create and store in computers as evidence at trial. In other words, this opinion will turn out to be a great study guide for corporate counsel confronting electronic evidence at trial. Because the object of electronic discovery is supposedly to gather evidence for trial, Grimm's observations also shed important light on questions of e-discovery.
LOOK WHO'S TALKING
Perhaps the more important -- and interesting -- aspect of Grimm's opinion is his conclusion that information he describes as "electronically generated" is completely outside the hearsay rule. The hearsay rule is among the best known and important of the gate-keeping rules to screen evidence before it reaches the jury. Under the hearsay rule, a statement made outside of court may not be offered into evidence for its truth unless the statement falls within one or more specific exceptions (for example, when the statements are contained in business records, made by employees or agents, or made against the speaker's interests). Hearsay evidence is excluded at trial because there is no opportunity to cross-examine its creator to determine how reliable the evidence is.
To Continue Reading: Click Here
---------------------------------------
Source: Law.com
By: Bradford E. Biegon
Thursday, July 26, 2007
New Legislation Would Bolster Attorney-Client Rights in Investigations
With bills now introduced in both the House and Senate, a wide-ranging coalition of business, bar and civil rights groups sees possible success by year's end for a new law barring federal prosecutors from requiring waiver of attorney-client and work-product protections in corporate investigations.
Bolstering its political campaign is a new survey by the Association of Corporate Counsel that found that more than 90 percent of 458 in-house counsel responding believe that the attorney-client privilege in the context of government investigations is either nonexistent or severely damaged. That is an increase from the organization's 2005 survey, when 74 percent of respondents shared those sentiments.
Skepticism by in-house counsel comes despite the recent policy changes in the use of privilege waivers announced by the U.S. Department of Justice in the so-called McNulty Memorandum, named after Deputy Attorney General Paul McNulty.
"If you ask inside or outside counsel if they give any different advice now that we have the McNulty memo, they would say no," said Stephanie Martz, director of the white-collar crime project of the National Association of Criminal Defense Lawyers, which assisted in the survey.
"The incentives [for waiver] are still there; the demerits [for nonwaiver] are still there," Martz added.
IN THE PIPE
On July 12, Rep. Robert "Bobby" Scott, D-Va., chairman of the House Judiciary Committee's subcommittee on crime, terrorism and homeland security, introduced H.R. 3013, the Attorney-Client Privilege Protection Act of 2007.
The legislation mirrors a Senate bill introduced earlier this year by Sen. Arlen Specter, R-Pa., and Senate Judiciary Committee Chairman Patrick Leahy, D-Vt.
Key to the coalition's optimism about final legislative action this year is the strong bipartisan and high-level support for the House legislation, drafted after hearings on the issue in March.
Scott's co-sponsors include House Judiciary Committee Chairman John Conyers, D-Mich., as well as the ranking Republican member of the full committee, Rep. Lamar Smith, R-Texas, and the ranking Republican subcommittee member, Rep. J. Randy Forbes, R-Va.
After the March hearing, "The members did believe there is a problem with respect to the way DOJ carries out its investigations and felt even though the McNulty memo made changes, it didn't go quite far enough," said a committee staffer.
Scott's bill would prohibit all federal enforcement agencies from, among other things:
• Requesting, demanding, rewarding or penalizing in any way an entity's decision with regard to the waiver of its attorney-client privilege.
• Demanding that an entity refuse to pay its employees' attorney fees.
• Demanding that an entity refrain from entering into joint-defense agreements with its own employees, even when the business and its employees share a common interest.
The subcommittee hopes to mark up the bill before the House's August recess, said a committee staffer. It would go next to the full Judiciary Committee.
To Continue Reading: Click Here
---------------------------------------
Source: Law.com
By: Marcia Coyle
Bolstering its political campaign is a new survey by the Association of Corporate Counsel that found that more than 90 percent of 458 in-house counsel responding believe that the attorney-client privilege in the context of government investigations is either nonexistent or severely damaged. That is an increase from the organization's 2005 survey, when 74 percent of respondents shared those sentiments.
Skepticism by in-house counsel comes despite the recent policy changes in the use of privilege waivers announced by the U.S. Department of Justice in the so-called McNulty Memorandum, named after Deputy Attorney General Paul McNulty.
"If you ask inside or outside counsel if they give any different advice now that we have the McNulty memo, they would say no," said Stephanie Martz, director of the white-collar crime project of the National Association of Criminal Defense Lawyers, which assisted in the survey.
"The incentives [for waiver] are still there; the demerits [for nonwaiver] are still there," Martz added.
IN THE PIPE
On July 12, Rep. Robert "Bobby" Scott, D-Va., chairman of the House Judiciary Committee's subcommittee on crime, terrorism and homeland security, introduced H.R. 3013, the Attorney-Client Privilege Protection Act of 2007.
The legislation mirrors a Senate bill introduced earlier this year by Sen. Arlen Specter, R-Pa., and Senate Judiciary Committee Chairman Patrick Leahy, D-Vt.
Key to the coalition's optimism about final legislative action this year is the strong bipartisan and high-level support for the House legislation, drafted after hearings on the issue in March.
Scott's co-sponsors include House Judiciary Committee Chairman John Conyers, D-Mich., as well as the ranking Republican member of the full committee, Rep. Lamar Smith, R-Texas, and the ranking Republican subcommittee member, Rep. J. Randy Forbes, R-Va.
After the March hearing, "The members did believe there is a problem with respect to the way DOJ carries out its investigations and felt even though the McNulty memo made changes, it didn't go quite far enough," said a committee staffer.
Scott's bill would prohibit all federal enforcement agencies from, among other things:
• Requesting, demanding, rewarding or penalizing in any way an entity's decision with regard to the waiver of its attorney-client privilege.
• Demanding that an entity refuse to pay its employees' attorney fees.
• Demanding that an entity refrain from entering into joint-defense agreements with its own employees, even when the business and its employees share a common interest.
The subcommittee hopes to mark up the bill before the House's August recess, said a committee staffer. It would go next to the full Judiciary Committee.
To Continue Reading: Click Here
---------------------------------------
Source: Law.com
By: Marcia Coyle
KM Attorneys Seek Calm in the E-Mail Storm
When Philip Bryce began practicing law in the late 1970s, his secretary used a typewriter, personal computers were unheard of and offices all over Manhattan would practically come to a standstill when a fax came chugging through on a machine the size and heft of a floor safe.
Mr. Bryce, manager of knowledge resources at White & Case, refers to standard procedure of that time as "a paper paradigm that took hundreds of years to establish."
Today, large New York firms are working together -- circumspectly, so as not to compromise the competitiveness of their respective offices -- to establish "new paradigms," as Mr. Bryce put it, because "e-mail is everything now and hard copy metaphors no longer apply" to the business of law.
Mr. Bryce and some 30 of his counterparts -- including Michael Mills of Davis Polk & Wardwell, Guy Wiggins of Kelly Drye & Warren and Oz Benamram of Morrison & Foerster -- meet in monthly rotation at one another's firms in the common cause of supporting colleagues in practice through the transition from old to new.
Although they are conversant in computerese, and though their work overlaps with that of technology officers at their respective firms, "knowledge management attorneys," as they have become known over the past five years, are not to be confused with the people who keep the servers running.
"Our job is meta-lawyering instead of lawyering," said Mr. Mills, director of professional services at Davis Polk. "It's taking one step back to think about advanced technology and organizing information based on the culture of the firm, and how we serve our clients."
Mr. Bryce explained one of many daily difficulties, in the context of past versus present.
"If I got a letter about a matter, it was either the original or maybe a carbon copy -- or maybe a photocopy. But I would know immediately if I had the original or not," he said. "Now everything's flying around electronically. If somebody sends an e-mail to 50 people, who's got the original document?"
E-mail is at the heart of a complex set of challenges to helping practitioners sort through the storm of information in cyberspace.
Less than a generation ago, said Mr. Mills, "lawyers had time to read opinions from the Second Circuit, and releases from the [Securities and Exchange Commission] on new rules. They just can't do it anymore. The flood is too great, the speed is too great."
He added, "Lawyers are expected to do deals in three days that used to take three weeks."
"Different pieces of a solution are in place, but there isn't really an overarching engine yet to make it all happen," said Mr. Wiggins, director of practice management at Kelly Drye. "I'm struggling with trying to figure out a way of bringing it all together under a Web-based umbrella that's really intuitive."
To Continue Reading: Click Here
--------------------------------------
Source: Law.com
By: Thomas Adcock
Mr. Bryce, manager of knowledge resources at White & Case, refers to standard procedure of that time as "a paper paradigm that took hundreds of years to establish."
Today, large New York firms are working together -- circumspectly, so as not to compromise the competitiveness of their respective offices -- to establish "new paradigms," as Mr. Bryce put it, because "e-mail is everything now and hard copy metaphors no longer apply" to the business of law.
Mr. Bryce and some 30 of his counterparts -- including Michael Mills of Davis Polk & Wardwell, Guy Wiggins of Kelly Drye & Warren and Oz Benamram of Morrison & Foerster -- meet in monthly rotation at one another's firms in the common cause of supporting colleagues in practice through the transition from old to new.
Although they are conversant in computerese, and though their work overlaps with that of technology officers at their respective firms, "knowledge management attorneys," as they have become known over the past five years, are not to be confused with the people who keep the servers running.
"Our job is meta-lawyering instead of lawyering," said Mr. Mills, director of professional services at Davis Polk. "It's taking one step back to think about advanced technology and organizing information based on the culture of the firm, and how we serve our clients."
Mr. Bryce explained one of many daily difficulties, in the context of past versus present.
"If I got a letter about a matter, it was either the original or maybe a carbon copy -- or maybe a photocopy. But I would know immediately if I had the original or not," he said. "Now everything's flying around electronically. If somebody sends an e-mail to 50 people, who's got the original document?"
E-mail is at the heart of a complex set of challenges to helping practitioners sort through the storm of information in cyberspace.
Less than a generation ago, said Mr. Mills, "lawyers had time to read opinions from the Second Circuit, and releases from the [Securities and Exchange Commission] on new rules. They just can't do it anymore. The flood is too great, the speed is too great."
He added, "Lawyers are expected to do deals in three days that used to take three weeks."
"Different pieces of a solution are in place, but there isn't really an overarching engine yet to make it all happen," said Mr. Wiggins, director of practice management at Kelly Drye. "I'm struggling with trying to figure out a way of bringing it all together under a Web-based umbrella that's really intuitive."
To Continue Reading: Click Here
--------------------------------------
Source: Law.com
By: Thomas Adcock
SMBs unprepared for IM revolution
With instant messaging (IM) poised to become the de facto electronic business communication tool, small and medium-sized businesses (SMBs) need to get a grip on its security risks.
IM at work: Who knew?
Gartner Inc., the Stamford, Conn.-based consultancy, predicts that by 2011 instant messaging will be the main conduit through which people will communicate, using video, voice as well as text. It will be so entrenched that by 2013, 95% of workers in leading global companies will use it as their primary way of communicating.
And if SMBs want to do business with those global organizations, they'll have to step up to the plate and adopt technologies to secure and manage IM use.
Peter Firstbrook, a research director at Gartner, said SMBs should treat IM the same way they would email. If a company has examined its risk with email and determined that it needs to have policies and technology in place for electronic discovery, records retention, content inspection and data leak protection, those polices and technologies should be extended to instant messaging as well.
Unfortunately, SMBs aren't taking IM seriously enough.
"I would argue that most SMBs are looking the other way or blocking it -- or they think they're blocking it," Firstbrook said.
It boils down to priorities.
"Their focus is on enabling the business and helping the business make money. They have to be working on projects that are making money. This is pretty low on their radar."
Some companies just try to block IM. The problem with doing that is IM clients tend to be port crawlers. They find a way in. Michael Ostermanprincipal, Osterman Research Inc.
Many SMBs have policies forbidding IM use, but they are difficult to enforce, Firstbrook added. Companies might try blocking IM technology at the firewall, but most consumer IM clients are good at finding ways around firewalls.
"Some companies just try to block IM," said Michael Osterman, principal of Black Diamond, Wash.-based Osterman Research Inc. "The problem with doing that is IM clients tend to be port crawlers. They find a way in."
An alternative to just blocking IM is to implement something from Akonix Systems Inc., FaceTime Communications Inc. or Symantec Corp. These products generally allow IT to control the clients used and to map IM handles to email addresses. You can really manage it without affecting users too much. "A third approach is to rip all that out and just deploy an enterprise IM solution," Osterman said.
IM is where email was about 12 years ago, Osterman added, when companies were trying to figure out whether there was a business case for the technology. Back then, he said, companies were debating whether they needed to take control of email.
"Today you'd be hard-pressed to find anyone to say that," Osterman said.
Firstbrook said SMBs need to take a realistic look at what their risks are by not taking control of IM use.
"Using instant messaging has a couple of risks," he said. "One is disclosure of sensitive information -- intellectual property losses or salacious material. It's also a new channel for malware. That's a risk for everybody."
Vendors are banking on the belief that SMBs will recognize a need to invest in technology. For example, Akonix, a San Diego-based IM management technology vendor, recently released the A1000 IM Essentials appliance, an IM risk management product that starts with licensing for up to 100 users at a price tag of just less than $7,000.
"There are a lot of SMBs and enterprises to this day who have no IM management," said Don Montgomery, vice president of marketing at Akonix. "But smaller firms are starting to apply the same rigor to email and IM retention, mainly because they're trying to do business with larger firms. And larger firms are compelling them."
Montgomery said SMBs will also be more inclined to manage their IM use because of the new federal rules of civil procedure adopted last December, which set rules for the legal discovery of electronic records.
To Continue Reading: Click Here
----------------------------------------
Source: SearchSMB
By Shamus McGillicuddy
IM at work: Who knew?
Gartner Inc., the Stamford, Conn.-based consultancy, predicts that by 2011 instant messaging will be the main conduit through which people will communicate, using video, voice as well as text. It will be so entrenched that by 2013, 95% of workers in leading global companies will use it as their primary way of communicating.
And if SMBs want to do business with those global organizations, they'll have to step up to the plate and adopt technologies to secure and manage IM use.
Peter Firstbrook, a research director at Gartner, said SMBs should treat IM the same way they would email. If a company has examined its risk with email and determined that it needs to have policies and technology in place for electronic discovery, records retention, content inspection and data leak protection, those polices and technologies should be extended to instant messaging as well.
Unfortunately, SMBs aren't taking IM seriously enough.
"I would argue that most SMBs are looking the other way or blocking it -- or they think they're blocking it," Firstbrook said.
It boils down to priorities.
"Their focus is on enabling the business and helping the business make money. They have to be working on projects that are making money. This is pretty low on their radar."
Some companies just try to block IM. The problem with doing that is IM clients tend to be port crawlers. They find a way in. Michael Ostermanprincipal, Osterman Research Inc.
Many SMBs have policies forbidding IM use, but they are difficult to enforce, Firstbrook added. Companies might try blocking IM technology at the firewall, but most consumer IM clients are good at finding ways around firewalls.
"Some companies just try to block IM," said Michael Osterman, principal of Black Diamond, Wash.-based Osterman Research Inc. "The problem with doing that is IM clients tend to be port crawlers. They find a way in."
An alternative to just blocking IM is to implement something from Akonix Systems Inc., FaceTime Communications Inc. or Symantec Corp. These products generally allow IT to control the clients used and to map IM handles to email addresses. You can really manage it without affecting users too much. "A third approach is to rip all that out and just deploy an enterprise IM solution," Osterman said.
IM is where email was about 12 years ago, Osterman added, when companies were trying to figure out whether there was a business case for the technology. Back then, he said, companies were debating whether they needed to take control of email.
"Today you'd be hard-pressed to find anyone to say that," Osterman said.
Firstbrook said SMBs need to take a realistic look at what their risks are by not taking control of IM use.
"Using instant messaging has a couple of risks," he said. "One is disclosure of sensitive information -- intellectual property losses or salacious material. It's also a new channel for malware. That's a risk for everybody."
Vendors are banking on the belief that SMBs will recognize a need to invest in technology. For example, Akonix, a San Diego-based IM management technology vendor, recently released the A1000 IM Essentials appliance, an IM risk management product that starts with licensing for up to 100 users at a price tag of just less than $7,000.
"There are a lot of SMBs and enterprises to this day who have no IM management," said Don Montgomery, vice president of marketing at Akonix. "But smaller firms are starting to apply the same rigor to email and IM retention, mainly because they're trying to do business with larger firms. And larger firms are compelling them."
Montgomery said SMBs will also be more inclined to manage their IM use because of the new federal rules of civil procedure adopted last December, which set rules for the legal discovery of electronic records.
To Continue Reading: Click Here
----------------------------------------
Source: SearchSMB
By Shamus McGillicuddy
New privacy rules may complicate records management
Records retention has been heating up in storage lately as new laws and new tools hit the market, from the Federal Rules of Civil Procedure (FRCP) to a new crop of Software as a Service email storage and data archiving players. However, some experts think this may still be the calm before the storm when it comes to compliance requirements.
According to Brian Babineau, analyst with the Enterprise Strategy Group (ESG), his firm is currently focused on two bills that have been registered in the U.S. House of Representatives and are waiting for debate, known respectively as H.R. 4127 and H.R. 3997.
The two bills were originally introduced to the 109th Congress in an effort to federalize data breach laws already passed by several states, the most famous of which is California's SB 1386, which requires companies that suffer a data breach to notify all California-based customers that their data is at risk. Other states, including New York, have followed suit, but there is not a federal standard for security breaches, yet.
Now tagging along with these laws are even more new provisions for individual data privacy that some in the industry believe could be a step toward the European Union's (EU) standards for data archiving. Currently, the closest regulation the U.S. has to an EU-style data archiving and privacy law is the Health Insurance Portability and Accountability Act (HIPAA), which dictates retention periods and privacy standards for healthcare organizations. That type of multidimensional data management could also be coming to other types of data archives if either of the two data security bills passes.
In particular, H.R. 4127, which is the most popular with consumer advocacy groups, gives consumers the right to see and dispute or correct the contents of data broker files annually.
It's an issue that companies have already begun to wrangle with overseas, according to Dave Hunt, CEO of C2C Systems Ltd., a British company that makes email archiving software.
European laws require each end user to "opt in" to email archiving, and users can demand that certain items be deleted from company archives. According to Hunt, one customer of C2C's software in the U.K. recently had to completely shut down its data archiving scheme while it figured out how to securely delete messages from a balky end user.
"I believe that similar laws are coming to the U.S.," Hunt said, citing HIPAA as an example. "More and more American companies are going to have to worry about these things and many already are if they have a global business."
In response, C2C has shunned single instancing for messages in its archive. "Under these kinds of regulations, you might want to be able to delete messages from certain users' archives only, or delete them from end-user search, but not from the archive itself," Hunt said. With the newest version of its product announced this week, C2C has also added a laptop client that archives an individual user's Outlook mailbox while it's running in cache mode, allowing archived messages to be accessed online and allowing the user to keep track of what content has been archived on his behalf.
To Continue Reading: Click Here
--------------------------------------
Source: Search Storage News
By: Beth Pariseau
According to Brian Babineau, analyst with the Enterprise Strategy Group (ESG), his firm is currently focused on two bills that have been registered in the U.S. House of Representatives and are waiting for debate, known respectively as H.R. 4127 and H.R. 3997.
The two bills were originally introduced to the 109th Congress in an effort to federalize data breach laws already passed by several states, the most famous of which is California's SB 1386, which requires companies that suffer a data breach to notify all California-based customers that their data is at risk. Other states, including New York, have followed suit, but there is not a federal standard for security breaches, yet.
Now tagging along with these laws are even more new provisions for individual data privacy that some in the industry believe could be a step toward the European Union's (EU) standards for data archiving. Currently, the closest regulation the U.S. has to an EU-style data archiving and privacy law is the Health Insurance Portability and Accountability Act (HIPAA), which dictates retention periods and privacy standards for healthcare organizations. That type of multidimensional data management could also be coming to other types of data archives if either of the two data security bills passes.
In particular, H.R. 4127, which is the most popular with consumer advocacy groups, gives consumers the right to see and dispute or correct the contents of data broker files annually.
It's an issue that companies have already begun to wrangle with overseas, according to Dave Hunt, CEO of C2C Systems Ltd., a British company that makes email archiving software.
European laws require each end user to "opt in" to email archiving, and users can demand that certain items be deleted from company archives. According to Hunt, one customer of C2C's software in the U.K. recently had to completely shut down its data archiving scheme while it figured out how to securely delete messages from a balky end user.
"I believe that similar laws are coming to the U.S.," Hunt said, citing HIPAA as an example. "More and more American companies are going to have to worry about these things and many already are if they have a global business."
In response, C2C has shunned single instancing for messages in its archive. "Under these kinds of regulations, you might want to be able to delete messages from certain users' archives only, or delete them from end-user search, but not from the archive itself," Hunt said. With the newest version of its product announced this week, C2C has also added a laptop client that archives an individual user's Outlook mailbox while it's running in cache mode, allowing archived messages to be accessed online and allowing the user to keep track of what content has been archived on his behalf.
To Continue Reading: Click Here
--------------------------------------
Source: Search Storage News
By: Beth Pariseau
Companies laying down keyboard law
Jacksonville lawyer Scott Cairns says a company he represents fired a worker for not doing his job, and the worker fired back with a lawsuit for wrongful termination.
So Cairns, with McGuireWoods, got hold of the man's work computer. "He was spending most of his day going to Web sites to pursue his hobbies," Cairns said.
"The reason he wasn't doing a good job at work was because he wasn't doing it."
Employers are increasingly laying down the law for abusers of their electronic communications systems, including e-mail, Web site access, blogs, message boards, media sharing sites, social networking and instant messaging.
This week, the Proofpoint Inc. e-mail security and data loss prevention company released a survey finding that U.S. companies with at least 1,000 employees are taking action.
For example, almost half of the 308 companies surveyed disciplined a worker for violating e-mail policies the past year. One in four fired a worker for it. Companies say that one in five outgoing e-mails poses a legal, financial or regulatory risk.
Still, about one in 10 of those companies say they have no formal policy for e-mail use.
Human resources director Cyndi Rooks says companies need to create and enforce electronics-system policies. If not, they risk not only the loss of productivity but exposure of sensitive company information and infection by computer viruses from risky sites.
Rooks created policies for e-mail, blogging, instant-messaging and more, "just letting the employees know what's appropriate, what's allowed, that nothing's private, that it does become subject to audit."
In a former job, she put some workers on notice for inappropriate e-mails. They stopped.
Employees of Morris Communications Co. LLC, which owns The Florida Times-Union, sign an electronic communications policy. In June, Morris launched an Internet filtering technology to strengthen security. Morris prohibits employees from accessing gambling and pornography sites, among others, without authorization. Employees also are prohibited from accessing personal e-mail accounts.
Lawyer Eric Bilik, also at McGuireWoods, talks about the case of a worker who downloaded company information onto a portable memory drive. A computer forensics check found not only what she downloaded and when but that she bought the device online while at work.
"She was so careless that she bought the device to steal the information while she was sitting at her desk," Bilik says.
Employers and employees need to know about a recent change in rules for federal civil cases about access to electronically stored information.
"I would call it a seismic shift," Bilik says. "It makes clear that all electronically stored information is fair game and if your opponent can demonstrate it's relevant or potentially relevant, you may have to produce that information."
To Continue Reading: Click Here
---------------------------------------
Source: Florida Times-Union
By KAREN BRUNE MATHIS
So Cairns, with McGuireWoods, got hold of the man's work computer. "He was spending most of his day going to Web sites to pursue his hobbies," Cairns said.
"The reason he wasn't doing a good job at work was because he wasn't doing it."
Employers are increasingly laying down the law for abusers of their electronic communications systems, including e-mail, Web site access, blogs, message boards, media sharing sites, social networking and instant messaging.
This week, the Proofpoint Inc. e-mail security and data loss prevention company released a survey finding that U.S. companies with at least 1,000 employees are taking action.
For example, almost half of the 308 companies surveyed disciplined a worker for violating e-mail policies the past year. One in four fired a worker for it. Companies say that one in five outgoing e-mails poses a legal, financial or regulatory risk.
Still, about one in 10 of those companies say they have no formal policy for e-mail use.
Human resources director Cyndi Rooks says companies need to create and enforce electronics-system policies. If not, they risk not only the loss of productivity but exposure of sensitive company information and infection by computer viruses from risky sites.
Rooks created policies for e-mail, blogging, instant-messaging and more, "just letting the employees know what's appropriate, what's allowed, that nothing's private, that it does become subject to audit."
In a former job, she put some workers on notice for inappropriate e-mails. They stopped.
Employees of Morris Communications Co. LLC, which owns The Florida Times-Union, sign an electronic communications policy. In June, Morris launched an Internet filtering technology to strengthen security. Morris prohibits employees from accessing gambling and pornography sites, among others, without authorization. Employees also are prohibited from accessing personal e-mail accounts.
Lawyer Eric Bilik, also at McGuireWoods, talks about the case of a worker who downloaded company information onto a portable memory drive. A computer forensics check found not only what she downloaded and when but that she bought the device online while at work.
"She was so careless that she bought the device to steal the information while she was sitting at her desk," Bilik says.
Employers and employees need to know about a recent change in rules for federal civil cases about access to electronically stored information.
"I would call it a seismic shift," Bilik says. "It makes clear that all electronically stored information is fair game and if your opponent can demonstrate it's relevant or potentially relevant, you may have to produce that information."
To Continue Reading: Click Here
---------------------------------------
Source: Florida Times-Union
By KAREN BRUNE MATHIS
The Internet and the Law: Work in Progress
So far, courtrooms have seen legal topics related the Internet covering freedom of speech, fraud, censorship, intellectual property, privacy rights, telecommunications, copyright and commercial law. It seems technological innovation will provide more than enough to keep Congress, the executive branch, attorneys, judges and others involved in legal work busy until at least the next generation.
New laws and regulations inevitably follow massive and profound technological changes as societies come to grips with how new technologies may be used.
Given the extent of changes the Internet has fostered across nearly every aspect of modern life, it comes as no surprise that innovations dealing with Internet-related technologies are proving very fertile ground for innovation in the form of new laws, regulations, legal precedents and interpretations of existing law.
So far, courtrooms have seen legal topics related to the Internet covering freedom of speech, national security, terrorism, fraud, censorship, intellectual property, patent law, privacy rights, telecommunications, copyright, contract and commercial law. It seems technological innovation will provide more than enough to keep Congress, the executive branch, attorneys, judges and the wide range of others involved in legal work busy until at least the next generation.
Copyright Infringement Dominates
Whether it's bringing Internet service providers (ISPs), P2P (peer-to-peer) services or individuals to court, the music and film industries are perhaps the leading sources of legal actions dealing with the Internet, much of it related to copyright infringement.
One of the most recent high-profile cases is the music industry's effort through the Library of Congress's Copyright Royalty Board (CRB) and its nonprofit agent SoundExchange to raise royalty rates to a point that independent webcasters say threatens the viability of Internet radio as we know it.
Urgent public and congressional appeals by independent webcasters brought a temporary, last-minute reprieve earlier this month when U.S. Rep. Edward D. Markey, D-Mass., brought the two sides to the bargaining table in front of the House Committee on Energy and Commerce. This set the stage for a deal in which SoundExchange agreed not to enforce the new rate structure.
Instead, SoundExchange is proposing a new rate structure that would cap an annual US$500 per channel minimum fee at $50,000 for webcasters in exchange for them providing more detailed data on the music they play and make efforts to stop unauthorized stream-ripping.
In addition, SoundExchange is considering allowing small webcasters to continue paying royalties under the existing rate structure until 2010. SoundExchange is holding larger webcasters to the new rate structure and its flat per-song, per-listener fees, but also capping the annual per-channel charges.
Independent music webcasters would prefer having the blade hanging above their heads removed completely. That could happen if the Internet Radio Equality Act makes it through the legislative process.
The act, which now has more than 100 cosponsors, was introduced by Rep. Jay Inslee, D-Wash., and Sen. Ron Wyden, D-Ore. Among its five major provisions, the act would nullify CRB judges' recent decision not to review the new royalty rate structure.
To Continue Reading: Click Here
--------------------------------------
Source: E-Commerce News
By: Andrew K. Burger
New laws and regulations inevitably follow massive and profound technological changes as societies come to grips with how new technologies may be used.
Given the extent of changes the Internet has fostered across nearly every aspect of modern life, it comes as no surprise that innovations dealing with Internet-related technologies are proving very fertile ground for innovation in the form of new laws, regulations, legal precedents and interpretations of existing law.
So far, courtrooms have seen legal topics related to the Internet covering freedom of speech, national security, terrorism, fraud, censorship, intellectual property, patent law, privacy rights, telecommunications, copyright, contract and commercial law. It seems technological innovation will provide more than enough to keep Congress, the executive branch, attorneys, judges and the wide range of others involved in legal work busy until at least the next generation.
Copyright Infringement Dominates
Whether it's bringing Internet service providers (ISPs), P2P (peer-to-peer) services or individuals to court, the music and film industries are perhaps the leading sources of legal actions dealing with the Internet, much of it related to copyright infringement.
One of the most recent high-profile cases is the music industry's effort through the Library of Congress's Copyright Royalty Board (CRB) and its nonprofit agent SoundExchange to raise royalty rates to a point that independent webcasters say threatens the viability of Internet radio as we know it.
Urgent public and congressional appeals by independent webcasters brought a temporary, last-minute reprieve earlier this month when U.S. Rep. Edward D. Markey, D-Mass., brought the two sides to the bargaining table in front of the House Committee on Energy and Commerce. This set the stage for a deal in which SoundExchange agreed not to enforce the new rate structure.
Instead, SoundExchange is proposing a new rate structure that would cap an annual US$500 per channel minimum fee at $50,000 for webcasters in exchange for them providing more detailed data on the music they play and make efforts to stop unauthorized stream-ripping.
In addition, SoundExchange is considering allowing small webcasters to continue paying royalties under the existing rate structure until 2010. SoundExchange is holding larger webcasters to the new rate structure and its flat per-song, per-listener fees, but also capping the annual per-channel charges.
Independent music webcasters would prefer having the blade hanging above their heads removed completely. That could happen if the Internet Radio Equality Act makes it through the legislative process.
The act, which now has more than 100 cosponsors, was introduced by Rep. Jay Inslee, D-Wash., and Sen. Ron Wyden, D-Ore. Among its five major provisions, the act would nullify CRB judges' recent decision not to review the new royalty rate structure.
To Continue Reading: Click Here
--------------------------------------
Source: E-Commerce News
By: Andrew K. Burger
Legal Help Wanted: Survey Shows Companies Rely on Outside Counsel to Meet Expanding Legal Needs
Corporate lawyers are calling in reinforcements to tackle rising caseloads, a new survey suggests. Nearly half (45 percent) of attorneys polled said their legal departments have increased their use of outside counsel in the last 12 months, while only 12 percent said levels have decreased. Litigation support topped the list of reasons corporations recruit outside counsel, followed by compliance and regulatory matters, and patent issues. The survey was developed by Robert Half Legal, a leading staffing service specializing in the placement of attorneys, paralegals and other highly skilled legal professionals. It was conducted by an independent research firm and includes responses from 150 attorneys among the largest corporations in the United States and Canada. All respondents have at least three years of experience in the legal field.
Lawyers were asked, "Has your corporate legal department increased or decreased its work with outside counsel during the last 12 months?" Their responses:
Increased 45%
Decreased 12%
No change 39%
Don't know 4%
100%
To Continue Reading: Click Here
---------------------------------------
Source: prnewswire
Lawyers were asked, "Has your corporate legal department increased or decreased its work with outside counsel during the last 12 months?" Their responses:
Increased 45%
Decreased 12%
No change 39%
Don't know 4%
100%
To Continue Reading: Click Here
---------------------------------------
Source: prnewswire
IT managers fall behind on e-discovery efforts
If your company is sued and needs to provide documents during an electronic discovery request, you are most likely not prepared, according to a survey released on Wednesday.
The survey commissioned by Contoural Inc, a data and storage consulting company, and Osterman Research indicated that 69 per cent of medium and large enterprises are not prepared for handling e-discovery requests for data such as e-mail archives. Additionally, only six per cent of the more than 100 IT managers surveyed said they could immediately and confidently handle potential e-discovery.
Late last year, the U.S. amended its Federal Rules of Civil Procedure to require that parties in a legal dispute bring up and agree upon e-discovery issues at the beginning of proceedings. These could include the file format of documents, how documents should be preserved and who has access to them. The rules could apply to any Canadian branch office of a U.S. firm, or any Canadian enterprise that deals with the States.
“We’re seeing a lot of organizations that just don’t know what they have, they don’t know where it is, and they don’t have an appropriate process for finding it,” Mark Diamond, CEO and president of Contoural, said. “Many companies are not clear on their retention policies and the ones that are often have policies that drive the wrong type of system, leading to a very difficult, costly, and often ineffective process.”
Michael O’Shea, president of the Barrie, Ont.-based consulting firm The Information Professionals, was unsurprised at the survey results and said that the lack of electronic record systems leads to unstructured data.
“Whether it’s practical materials, word documents, or any other type of data, it is not identifiable by a classification system that allows them to quickly identify a subject through e-discovery,” O’Shea said. “So, companies have a myriad of ways to do this and this creates a problem in that there is no standard nomenclature or taxonomy for naming the records and ultimately trying to locate them.”
To Continue Reading: Click Here
---------------------------------------
Source: itworldcanada
The survey commissioned by Contoural Inc, a data and storage consulting company, and Osterman Research indicated that 69 per cent of medium and large enterprises are not prepared for handling e-discovery requests for data such as e-mail archives. Additionally, only six per cent of the more than 100 IT managers surveyed said they could immediately and confidently handle potential e-discovery.
Late last year, the U.S. amended its Federal Rules of Civil Procedure to require that parties in a legal dispute bring up and agree upon e-discovery issues at the beginning of proceedings. These could include the file format of documents, how documents should be preserved and who has access to them. The rules could apply to any Canadian branch office of a U.S. firm, or any Canadian enterprise that deals with the States.
“We’re seeing a lot of organizations that just don’t know what they have, they don’t know where it is, and they don’t have an appropriate process for finding it,” Mark Diamond, CEO and president of Contoural, said. “Many companies are not clear on their retention policies and the ones that are often have policies that drive the wrong type of system, leading to a very difficult, costly, and often ineffective process.”
Michael O’Shea, president of the Barrie, Ont.-based consulting firm The Information Professionals, was unsurprised at the survey results and said that the lack of electronic record systems leads to unstructured data.
“Whether it’s practical materials, word documents, or any other type of data, it is not identifiable by a classification system that allows them to quickly identify a subject through e-discovery,” O’Shea said. “So, companies have a myriad of ways to do this and this creates a problem in that there is no standard nomenclature or taxonomy for naming the records and ultimately trying to locate them.”
To Continue Reading: Click Here
---------------------------------------
Source: itworldcanada
New Book And Toolkit Equip Organizations For The New Challenges Of Legal E-Discovery
New book and toolkit detail the recently amended Federal Rules of Civil Procedure in order to help organizations face the new challenges of legal E-Discovery.
Under the recently amended Federal Rules of Civil Procedure organizations face tough new requirements for preserving their electronically stored information, such as email and word-processing documents, so that it can swiftly be produced in the event of a lawsuit. However, research reveals that, while such legal demands are common for larger organizations, very few are ready for these new E-Discovery rules, leaving the majority open to costly fines and adverse rulings. To help corporations adapt to the new requirements top infosecurity publisher IT Governance Limited has launched 'E-Discovery and the Federal Rules of Civil Procedure' as the latest in its series of Practical IT Governance pocket guides.
'E-Discovery and the Federal Rules of Civil Procedure' is written in recognition that larger organizations are highly likely to face E-Discovery requests. According to ESG Research, 91 percent of organizations with over 20,000 employees have been through an E-Discovery event in the past 12 months. However, a recent survey of corporate attorneys by Pike and Fisher revealed that only 7 percent feel that their companies are ready to meet these new requirements.
In response, IT Governance Limited recruited Bradley J Schaufenbuel, senior manager in IT Risk and Security at Zurich Financial Services in Illinois, to write this concise expert guide to the new rules. Over 68 pages, he provides an easily absorbed account of the background and details of the new rules and explains what organizations must do immediately to ready themselves for possible future lawsuits.
In particular, Schaufenbuel addresses the tight timeframes in which electronic information must now be gathered and presented to opposing counsel, and how this in turn demands a far more rigorous and strategic methodology for storing corporate information on an ongoing basis. It highlights the stark truth that in the eyes of the court 'ignorance is no longer bliss' and that organizations are expected to be able to retrieve electronic information as needed. It also discusses the new multi-disciplinary approach that must be adopted to comply with these demands, drawing in personnel from record management, IT, compliance and legal, to ensure that a comprehensive compliance framework is developed.
To Continue Reading: Click Here
---------------------------------------
Source: emediawire
Under the recently amended Federal Rules of Civil Procedure organizations face tough new requirements for preserving their electronically stored information, such as email and word-processing documents, so that it can swiftly be produced in the event of a lawsuit. However, research reveals that, while such legal demands are common for larger organizations, very few are ready for these new E-Discovery rules, leaving the majority open to costly fines and adverse rulings. To help corporations adapt to the new requirements top infosecurity publisher IT Governance Limited has launched 'E-Discovery and the Federal Rules of Civil Procedure' as the latest in its series of Practical IT Governance pocket guides.
'E-Discovery and the Federal Rules of Civil Procedure' is written in recognition that larger organizations are highly likely to face E-Discovery requests. According to ESG Research, 91 percent of organizations with over 20,000 employees have been through an E-Discovery event in the past 12 months. However, a recent survey of corporate attorneys by Pike and Fisher revealed that only 7 percent feel that their companies are ready to meet these new requirements.
In response, IT Governance Limited recruited Bradley J Schaufenbuel, senior manager in IT Risk and Security at Zurich Financial Services in Illinois, to write this concise expert guide to the new rules. Over 68 pages, he provides an easily absorbed account of the background and details of the new rules and explains what organizations must do immediately to ready themselves for possible future lawsuits.
In particular, Schaufenbuel addresses the tight timeframes in which electronic information must now be gathered and presented to opposing counsel, and how this in turn demands a far more rigorous and strategic methodology for storing corporate information on an ongoing basis. It highlights the stark truth that in the eyes of the court 'ignorance is no longer bliss' and that organizations are expected to be able to retrieve electronic information as needed. It also discusses the new multi-disciplinary approach that must be adopted to comply with these demands, drawing in personnel from record management, IT, compliance and legal, to ensure that a comprehensive compliance framework is developed.
To Continue Reading: Click Here
---------------------------------------
Source: emediawire
Wednesday, July 25, 2007
Data deduplication technology of growing interest to SMBs
The emerging technology of data deduplication promises to give cash-strapped small and medium-sized businesses (SMBs) an affordable way to move to disk-based data backup.
We're all aware of stories of tapes disappearing or falling off the back of transport trucks.
The 451 Group, a New York-based research firm, has identified data deduplication as one of the hottest emerging segments in the storage and data protection industry.
"It's a technology that is applicable to just about any business, whether it's large or small, because backup itself is a highly redundant operation," said Simon Robinson, sector head for storage and systems at The 451 Group.
Data deduplication is a method of reducing storage requirements by eliminating redundant data. In a backup and recovery system, gigabytes of information will be stored over and over again at each backup, creating countless copies of data that might change only incrementally over time. With data deduplication, storage devices only store changes to that data. Redundant data is replaced with a pointer to the unique data copy.
According to a new survey of 100 organizations by The 451 Group, only 23% are using data deduplication in their backup and data protection infrastructure. However, 28% of nonadopters said they plan to use it within six months, and another 23% said they would adopt it within a year. Only 25% of nonadopters said they had no plans to use it. Eighty percent of organizations that had adopted the technology said it met or exceeded their expectations.
Although the survey looked at organizations of all sizes, Robinson said most of the early adopters of deduplicaton are in the small to midsized market because "there is a higher level of dissatisfaction with tape among that sized organization because it is so difficult to manage. Whereas, in bigger organizations there is more budget available and more established processes and products available."
Robinson said SMBs "in particular have been poorly served by incumbent technology. Tape backup is still a people-, time- and money-intensive activity. And the fact that tape is also unreliable and slow to restore from means many SMBs simply don't adequately protect their core data. So if they can back up to disk rather than tape, then it provides several strong benefits."
To Continue Reading: Click Here
----------------------------------------
Source: ComputerWeekly
By: Shamus McGillicuddy
We're all aware of stories of tapes disappearing or falling off the back of transport trucks.
The 451 Group, a New York-based research firm, has identified data deduplication as one of the hottest emerging segments in the storage and data protection industry.
"It's a technology that is applicable to just about any business, whether it's large or small, because backup itself is a highly redundant operation," said Simon Robinson, sector head for storage and systems at The 451 Group.
Data deduplication is a method of reducing storage requirements by eliminating redundant data. In a backup and recovery system, gigabytes of information will be stored over and over again at each backup, creating countless copies of data that might change only incrementally over time. With data deduplication, storage devices only store changes to that data. Redundant data is replaced with a pointer to the unique data copy.
According to a new survey of 100 organizations by The 451 Group, only 23% are using data deduplication in their backup and data protection infrastructure. However, 28% of nonadopters said they plan to use it within six months, and another 23% said they would adopt it within a year. Only 25% of nonadopters said they had no plans to use it. Eighty percent of organizations that had adopted the technology said it met or exceeded their expectations.
Although the survey looked at organizations of all sizes, Robinson said most of the early adopters of deduplicaton are in the small to midsized market because "there is a higher level of dissatisfaction with tape among that sized organization because it is so difficult to manage. Whereas, in bigger organizations there is more budget available and more established processes and products available."
Robinson said SMBs "in particular have been poorly served by incumbent technology. Tape backup is still a people-, time- and money-intensive activity. And the fact that tape is also unreliable and slow to restore from means many SMBs simply don't adequately protect their core data. So if they can back up to disk rather than tape, then it provides several strong benefits."
To Continue Reading: Click Here
----------------------------------------
Source: ComputerWeekly
By: Shamus McGillicuddy
What it took to hack the iPhone
The iPhone vulnerability that could let hackers steal data or commandeer the device also exists in the desktop edition of Apple Inc.'s Mac OS X operating system, the exploit's researchers said today.
Charles Miller, one of the three researchers from Baltimore-based Independent Security Evaluators (ISE) who found the bug and wrote proof-of-concept exploits, confirmed that the vulnerability in the iPhone version of Safari is also present in the desktop version of the browser. Safari is included with all Mac OS X installations.
The Windows version of Safari is also vulnerable. "[But] it may or may not be exploitable there," Miller said.
Miller, Jake Honoroff and Joshua Mason found the Safari flaw using what Miller described as "fuzzing" techniques. Fuzzing, a tactic commonly used by vulnerability researchers, drops random data into applications or operating system components to see if -- and where -- breakdowns occur. Typically, the process is automated with a fuzzer, software that hammers on application inputs.
Not that the iPhone made it easy. The lack of debugger, for example, required that Miller and the others turn to alternatives, including the Mac OS X crash reporter, which logs all crashes, for ways to probe the iPhone. "The crash reports contained the contents of registers and what libraries were loaded," giving the team some clues, Miller said. Others they gleaned by examining the phone's core applications, which they could pull off the device only using iPhoneInterface. That program, part of the results of a group effort at the iPhone Dev Wiki, lets researchers and hackers modify the phone.
To Continue Reading: Click Here
-----------------------------------------
Source: ComputerWorld
Charles Miller, one of the three researchers from Baltimore-based Independent Security Evaluators (ISE) who found the bug and wrote proof-of-concept exploits, confirmed that the vulnerability in the iPhone version of Safari is also present in the desktop version of the browser. Safari is included with all Mac OS X installations.
The Windows version of Safari is also vulnerable. "[But] it may or may not be exploitable there," Miller said.
Miller, Jake Honoroff and Joshua Mason found the Safari flaw using what Miller described as "fuzzing" techniques. Fuzzing, a tactic commonly used by vulnerability researchers, drops random data into applications or operating system components to see if -- and where -- breakdowns occur. Typically, the process is automated with a fuzzer, software that hammers on application inputs.
Not that the iPhone made it easy. The lack of debugger, for example, required that Miller and the others turn to alternatives, including the Mac OS X crash reporter, which logs all crashes, for ways to probe the iPhone. "The crash reports contained the contents of registers and what libraries were loaded," giving the team some clues, Miller said. Others they gleaned by examining the phone's core applications, which they could pull off the device only using iPhoneInterface. That program, part of the results of a group effort at the iPhone Dev Wiki, lets researchers and hackers modify the phone.
To Continue Reading: Click Here
-----------------------------------------
Source: ComputerWorld
Five steps to building information risk management frameworks
It is no secret to security and risk management professionals that security is a function of people, processes and technology. But when it comes to spending, historical data tells a very different story. Most organizations have traditionally spent a disproportionately high percentage of their security dollars on technology, relying largely on product-based approaches to solve their security issues.
Deploying technology may be easier than changing how employees think, or instilling the rigor of process within organizations, but it may not be very effective by itself. In this tip, we'll cover five steps that any organization can utilize to build a framework for mitigating business risk.
Step 1: Understand and define your information risk universe To develop a comprehensive information risk management (IRM) framework, CISOs must first define their responsibilities. For example, Forrester Research's framework consists of 17 domains that span people, processes and technology. But defining these domains by themselves will be useless unless each domain has appropriate controls to ensure confidentiality, integrity and availability of information.
Step 2: Determine confidentiality, integrity and availability requirements Not all areas of a business require the same level of protection. Contractual obligations and legislative mandates may determine business controls for some organizations, but for many others, informed judgment calls in conjunction with partners in line-of-business jobs is necessary. When assessing the criticality of a function, answer these three questions:
How confidential is the function? Assess the potential impact of a data breach for this function on your firm's overall business. For example, sanctions from the Federal Trade Commission (FTC) are often the least of a company's concerns; often times, companies pay a much heavier price in the loss of business reputation and ongoing litigation.
Is the accuracy of this function's information relied on heavily? Next, assess the potential impact of data corruption, which can vary widely. For example, cases of customers receiving the wrong medication are more difficult to handle than customer support complaints.
If this function is not there when needed, what are the consequences? Time is almost always money. You might not be worried about your instant message (IM) conversations being eavesdropped upon, but the company's Web site, which brings in $2 million a day, can't be threatened or knocked offline, even for a few minutes.
Step 3: Define your controls The role of a security office has expanded considerably over the past few years. CISOs are now responsible for areas such as business continuity, disaster recovery and compliance. There are related areas that the CISO is not directly responsible for, such as physical security, applications development and IT operations, but these functions have huge implications on the overall security of information assets. CISOs need to monitor and measure the security controls in all of these business groups to be able to do their jobs effectively. CISOs should employ a framework-based approach to identify and measure these areas in order to track their progress over time.
Step 4: Develop enforcement, monitoring and response mechanisms An IRM framework must ensure that these controls are defined, enforced, measured, monitored and reported. For areas where these controls may not sufficiently mitigate the risk, CISOs must ensure that those risks are reduced, transferred or accepted.
To Continue Reading: Click Here
-----------------------------------------
Source: SecuritySearch
By: Khalid Kark
Deploying technology may be easier than changing how employees think, or instilling the rigor of process within organizations, but it may not be very effective by itself. In this tip, we'll cover five steps that any organization can utilize to build a framework for mitigating business risk.
Step 1: Understand and define your information risk universe To develop a comprehensive information risk management (IRM) framework, CISOs must first define their responsibilities. For example, Forrester Research's framework consists of 17 domains that span people, processes and technology. But defining these domains by themselves will be useless unless each domain has appropriate controls to ensure confidentiality, integrity and availability of information.
Step 2: Determine confidentiality, integrity and availability requirements Not all areas of a business require the same level of protection. Contractual obligations and legislative mandates may determine business controls for some organizations, but for many others, informed judgment calls in conjunction with partners in line-of-business jobs is necessary. When assessing the criticality of a function, answer these three questions:
How confidential is the function? Assess the potential impact of a data breach for this function on your firm's overall business. For example, sanctions from the Federal Trade Commission (FTC) are often the least of a company's concerns; often times, companies pay a much heavier price in the loss of business reputation and ongoing litigation.
Is the accuracy of this function's information relied on heavily? Next, assess the potential impact of data corruption, which can vary widely. For example, cases of customers receiving the wrong medication are more difficult to handle than customer support complaints.
If this function is not there when needed, what are the consequences? Time is almost always money. You might not be worried about your instant message (IM) conversations being eavesdropped upon, but the company's Web site, which brings in $2 million a day, can't be threatened or knocked offline, even for a few minutes.
Step 3: Define your controls The role of a security office has expanded considerably over the past few years. CISOs are now responsible for areas such as business continuity, disaster recovery and compliance. There are related areas that the CISO is not directly responsible for, such as physical security, applications development and IT operations, but these functions have huge implications on the overall security of information assets. CISOs need to monitor and measure the security controls in all of these business groups to be able to do their jobs effectively. CISOs should employ a framework-based approach to identify and measure these areas in order to track their progress over time.
Step 4: Develop enforcement, monitoring and response mechanisms An IRM framework must ensure that these controls are defined, enforced, measured, monitored and reported. For areas where these controls may not sufficiently mitigate the risk, CISOs must ensure that those risks are reduced, transferred or accepted.
To Continue Reading: Click Here
-----------------------------------------
Source: SecuritySearch
By: Khalid Kark
Proactivity Is Best E-Discovery Strategy for SMBs
The incredibly quick growth of digital data has companies of all sizes scrambling to figure out how to store it and how to use it to make better business decisions.
But they also need to be concerned with how to manage it to comply with rules introduced last December that dictate the way electronic evidence is used in legal proceedings.
The Federal Rules of Civil Procedure (FRCP) pose a special challenge for SMBs, notes a recent E-Commerce Times article, because they generally lack a dedicated internal legal team to deal with the related issues. And the outside legal counsel hired by many SMBs often lacks federal experience, which will be needed if a lawsuit involves interstate commerce, says an e-discovery expert in the article.
So what’s an SMB to do? The article’s major point is that proactive planning is always preferable to a reactive strategy that won’t kick in until a lawsuit is filed.
Do some research on where possible electronic evidence may be found and how to preserve it. While a formal, documented process for dealing with such data is best, just knowing where the data is located is a good first step.
To Continue Reading: Click Here
-----------------------------------------
Source: itbusinessedge.com
But they also need to be concerned with how to manage it to comply with rules introduced last December that dictate the way electronic evidence is used in legal proceedings.
The Federal Rules of Civil Procedure (FRCP) pose a special challenge for SMBs, notes a recent E-Commerce Times article, because they generally lack a dedicated internal legal team to deal with the related issues. And the outside legal counsel hired by many SMBs often lacks federal experience, which will be needed if a lawsuit involves interstate commerce, says an e-discovery expert in the article.
So what’s an SMB to do? The article’s major point is that proactive planning is always preferable to a reactive strategy that won’t kick in until a lawsuit is filed.
Do some research on where possible electronic evidence may be found and how to preserve it. While a formal, documented process for dealing with such data is best, just knowing where the data is located is a good first step.
To Continue Reading: Click Here
-----------------------------------------
Source: itbusinessedge.com
Yahoo Yodels New Privacy Tune
Not one to be left out, Yahoo has joined the chorus of search engines boasting new privacy policies. Yahoo has chosen to anonymize users' search histories after 13 months, rather than the 18 month period settled upon by most rivals. The company's announcement came fresh on the heels of similar news from Microsoft and Ask.com.
Yahoo (Nasdaq: YHOO) became the latest major Internet search provider to alter its user privacy policy Monday. Under the new plan, the company said, it will anonymize search histories after only 13 months, five months earlier than its search competitors at Google (Nasdaq: GOOG) , Microsoft (Nasdaq: MSFT) and Ask.com.
"One of the core tenets of this company is the relationship and trust we have with our users. We are moving forward with a new approach to user search data," Jim Cullen, a Yahoo spokesperson, told TechNewsWorld.
"Yahoo's new global policy is: All search log data will be anonymized within 13 months of collection except where users request otherwise or where Yahoo is required to retain the information to comply with legal obligations. We believe the 13 month policy is the appropriate timeline to meet our commitment to our users' privacy while preserving our ability to continue to continue to defend against fraudulent activity and improve our services to advertisers, publishers and users," he added.
The company has not set a specific date to roll out the new policy, but Cullen said, "We are moving forward to implement as soon as possible. No specific timeline has been set."
Private Party
Yahoo's new policy shows a strong desire to compete in the marketplace based on consumer privacy, which in the end will benefit the consumer, Forrester Research analyst Jen Mulligan told TechNewsWorld.
Ask.com last Friday unveiled its AskEraser privacy tool; however, the search engine has a scant 1.8 percent share of the search market, according to data from Nielsen//NetRatings for April 2007, and therefore has relatively little influence within the industry. On the other hand, Yahoo, the No. 2 search provider, could bring about more changes within the industry with its new policy.
"Yahoo is also big enough that it may pressure others to shorten their time frame as well," Mulligan pointed out. "It depends on how customers react to the announcement. "
However, Mulligan cautioned, users should not expect to see any further alterations from Google, Microsoft and Ask.com any time soon.
To Continue Reading: Click Here
----------------------------------------
Source: technewsworld.com
Yahoo (Nasdaq: YHOO) became the latest major Internet search provider to alter its user privacy policy Monday. Under the new plan, the company said, it will anonymize search histories after only 13 months, five months earlier than its search competitors at Google (Nasdaq: GOOG) , Microsoft (Nasdaq: MSFT) and Ask.com.
"One of the core tenets of this company is the relationship and trust we have with our users. We are moving forward with a new approach to user search data," Jim Cullen, a Yahoo spokesperson, told TechNewsWorld.
"Yahoo's new global policy is: All search log data will be anonymized within 13 months of collection except where users request otherwise or where Yahoo is required to retain the information to comply with legal obligations. We believe the 13 month policy is the appropriate timeline to meet our commitment to our users' privacy while preserving our ability to continue to continue to defend against fraudulent activity and improve our services to advertisers, publishers and users," he added.
The company has not set a specific date to roll out the new policy, but Cullen said, "We are moving forward to implement as soon as possible. No specific timeline has been set."
Private Party
Yahoo's new policy shows a strong desire to compete in the marketplace based on consumer privacy, which in the end will benefit the consumer, Forrester Research analyst Jen Mulligan told TechNewsWorld.
Ask.com last Friday unveiled its AskEraser privacy tool; however, the search engine has a scant 1.8 percent share of the search market, according to data from Nielsen//NetRatings for April 2007, and therefore has relatively little influence within the industry. On the other hand, Yahoo, the No. 2 search provider, could bring about more changes within the industry with its new policy.
"Yahoo is also big enough that it may pressure others to shorten their time frame as well," Mulligan pointed out. "It depends on how customers react to the announcement. "
However, Mulligan cautioned, users should not expect to see any further alterations from Google, Microsoft and Ask.com any time soon.
To Continue Reading: Click Here
----------------------------------------
Source: technewsworld.com
New E-Discovery Survey Reveals Many Firms' IT and Legal Departments Not Litigation Ready
The results of a new survey by Contoural, Inc. and Osterman Research, released today, indicate a significant gap between enterprise IT and legal departments, and that companies are largely unprepared for having to respond to litigation. More than 69 percent of the survey's respondents were not litigation ready. Only 6 percent claimed they could immediately and confidently handle e-discovery requests. More than half thought they were at risk of not being able to enforce a litigation hold.
Highlighting the rift between legal and IT, only 9 percent of IT managers responded that legal had provided clear guidance on e-discovery procedures or contributed the budget dollars necessary to accomplish the goals. Conversely, nearly 40 percent claimed they received no guidance on supporting e-discovery requirements.
The study was commissioned by Contoural, a leading independent provider of business and technology consulting services for litigation readiness, compliance, policy development, and data storage strategy. Conducted in June 2007, the survey questioned more than 100 IT managers in medium and large enterprises about their litigation readiness status and practices.
"Companies are facing increasing challenges in meeting e-discovery requirements. It is extremely important that IT and legal forge strong and supportive connections," explained Mark Diamond, CEO and president of Contoural. "The courts are increasingly putting IT on the stand and asking for enforced policies and procedures around records management."
More than 51 percent of organizations surveyed had not yet identified anyone in their IT departments prepared to testify in court regarding electronically stored information -- what records are retained, where the records reside, how they are protected, and how the information could be retrieved if necessary under court order.
To Continue Reading: Click Here
----------------------------------------
Source: yahoo.com
Highlighting the rift between legal and IT, only 9 percent of IT managers responded that legal had provided clear guidance on e-discovery procedures or contributed the budget dollars necessary to accomplish the goals. Conversely, nearly 40 percent claimed they received no guidance on supporting e-discovery requirements.
The study was commissioned by Contoural, a leading independent provider of business and technology consulting services for litigation readiness, compliance, policy development, and data storage strategy. Conducted in June 2007, the survey questioned more than 100 IT managers in medium and large enterprises about their litigation readiness status and practices.
"Companies are facing increasing challenges in meeting e-discovery requirements. It is extremely important that IT and legal forge strong and supportive connections," explained Mark Diamond, CEO and president of Contoural. "The courts are increasingly putting IT on the stand and asking for enforced policies and procedures around records management."
More than 51 percent of organizations surveyed had not yet identified anyone in their IT departments prepared to testify in court regarding electronically stored information -- what records are retained, where the records reside, how they are protected, and how the information could be retrieved if necessary under court order.
To Continue Reading: Click Here
----------------------------------------
Source: yahoo.com
Law Firm Cleared of Hacking Opponents' Web Archives
A law firm did not violate copyright and computer anti-hacking laws when it used a Web archive search tool to recover old Web pages of its client's adversary, says a federal judge.
Although the archived pages were supposed to be shielded from public view, the protections failed and lawyers at Harding Earley Follmer & Frailey in Valley Forge, Pa., did not hack their way in, Eastern District of Pennsylvania Judge Robert Kelly Jr. ruled last week on summary judgment.
"They did not 'pick the lock' and avoid or bypass the protective measure, because there was no lock to pick," Kelly wrote in Healthcare Advocates Inc. v. Harding Earley Follmer & Frailey, No. 05-3524. "Nor did the Harding firm steal passwords to get around a protective barrier. ... The Harding firm could not 'avoid' or 'bypass' a digital wall that was not there."
The ruling, if it stands, wards off a potential judgment of $3 million in damages a patients' advocacy company sought from the firm.
The company, Healthcare Advocates Inc. of Philadelphia, alleged that Harding Earley lawyers violated the Digital Millennium Copyright Act and the Computer Fraud and Abuse Act by fetching protected pages using the "Wayback Machine," a search tool provided by Internet Archive, a San Francisco-based Web page archivist.
Harding Earley represented a rival company, Health Advocate Inc. of Plymouth Meeting, Pa., which Healthcare Advocates accused of stealing trade secrets. Healthcare Advocates also sued Internet Archive for failing to properly protect Web pages that Healthcare Advocates no longer wanted to be available for public view.
To Continue Reading: Click Here
----------------------------------------
Source: law.com
By: Michael Booth
Although the archived pages were supposed to be shielded from public view, the protections failed and lawyers at Harding Earley Follmer & Frailey in Valley Forge, Pa., did not hack their way in, Eastern District of Pennsylvania Judge Robert Kelly Jr. ruled last week on summary judgment.
"They did not 'pick the lock' and avoid or bypass the protective measure, because there was no lock to pick," Kelly wrote in Healthcare Advocates Inc. v. Harding Earley Follmer & Frailey, No. 05-3524. "Nor did the Harding firm steal passwords to get around a protective barrier. ... The Harding firm could not 'avoid' or 'bypass' a digital wall that was not there."
The ruling, if it stands, wards off a potential judgment of $3 million in damages a patients' advocacy company sought from the firm.
The company, Healthcare Advocates Inc. of Philadelphia, alleged that Harding Earley lawyers violated the Digital Millennium Copyright Act and the Computer Fraud and Abuse Act by fetching protected pages using the "Wayback Machine," a search tool provided by Internet Archive, a San Francisco-based Web page archivist.
Harding Earley represented a rival company, Health Advocate Inc. of Plymouth Meeting, Pa., which Healthcare Advocates accused of stealing trade secrets. Healthcare Advocates also sued Internet Archive for failing to properly protect Web pages that Healthcare Advocates no longer wanted to be available for public view.
To Continue Reading: Click Here
----------------------------------------
Source: law.com
By: Michael Booth
Improving Communication Between IT and Lawyers
Let's face it. From time to time, all of us in IT wonder whether our carefully crafted e-mails to attorneys go straight to the recycle bin. Attorneys complain that messages from IT are too long, don't get to the point, contain unfamiliar jargon, aren't timely, and/or aren't relevant to them or their practice.
So what are lawyers looking for in e-mail?
* Meaningful subject line
* Main point in first paragraph, followed by necessary supplemental information
* Brevity
* Use of conversational English!
* Clarity, accuracy, timeliness and relevance
Attorneys are inundated with hundreds of e-mail every day and don't open up each one. What are the characteristics of a winning subject line?
* Be brief, but not cryptic. "Software upgrade" only tells part of the story. "Software upgrade on Friday, 7/20/07" is better. Avoid vague subject lines, such as "FYI," "Problem," or "Issue."
* Represent, don't mislead. If your subject line announces a system outage, the message itself shouldn't discuss the entire software strategy for the year.
* One topic, one subject. Don't jam a plethora of unrelated topics into a brief e-mail and then try to encompass the contents in a catch-all subject line. Instead, send separate e-mail for separate topics.
* Keyword introductions. Use triggers to preface your subject lines. For example: "REQUIRED: Please reboot your computer in the morning." This is a cue to your reader that an action is needed on their part.
* Thread changes. As e-mail conversations proceed, the original subject sometimes gets superseded. Consider changing the subject line when the thread changes topics on your next reply or forward.
To Continue Reading: Click Here
----------------------------------------
Source: law.com
By: Tony Ranalli
So what are lawyers looking for in e-mail?
* Meaningful subject line
* Main point in first paragraph, followed by necessary supplemental information
* Brevity
* Use of conversational English!
* Clarity, accuracy, timeliness and relevance
Attorneys are inundated with hundreds of e-mail every day and don't open up each one. What are the characteristics of a winning subject line?
* Be brief, but not cryptic. "Software upgrade" only tells part of the story. "Software upgrade on Friday, 7/20/07" is better. Avoid vague subject lines, such as "FYI," "Problem," or "Issue."
* Represent, don't mislead. If your subject line announces a system outage, the message itself shouldn't discuss the entire software strategy for the year.
* One topic, one subject. Don't jam a plethora of unrelated topics into a brief e-mail and then try to encompass the contents in a catch-all subject line. Instead, send separate e-mail for separate topics.
* Keyword introductions. Use triggers to preface your subject lines. For example: "REQUIRED: Please reboot your computer in the morning." This is a cue to your reader that an action is needed on their part.
* Thread changes. As e-mail conversations proceed, the original subject sometimes gets superseded. Consider changing the subject line when the thread changes topics on your next reply or forward.
To Continue Reading: Click Here
----------------------------------------
Source: law.com
By: Tony Ranalli
Smooth operator with answers in murky world
CATHY BRODE deals in the murky world of metadata. Not many people know it is out there, but it is and it can catch out the unwary.
Metadata can be found embedded in every electronic document. It tells those that know how to access it a lot of facts and figures about word-processed documents, spreadsheets, pdf files, databases and other types of document. This can include sensitive information such as the name of the original author.
It was metadata that gave away the fact that a large part of the government’s dossier justifying war in Iraq was cribbed from a PhD student’s thesis.
Metadata can be found very easily. It can be accessed in a word document by using the file and properties from the menu. This reveals a panel that includes facts such as who authored the document, which company it came from, whether it used a template and figures such as how many times it has been revised and how long users have spent editing it.
Another potential pitfall for the unwary is the ability of a document’s recipient to track changes made to it. Opening a document in Wordpad will show deletions. Worse still, is a common problem afflicting law firms. Law firms often use the track changes option when creating a word document to see at a glance which member of a team made what amendment to contract, letter, witness statement or other evidence. If the lawyers forget to undo track changes before forwarding to the other side in a dispute or negotiation, they could find vital information is given away.
“It’s the constant frustration of IT departments in law firms,” says Brode.
To Continue Reading: Click Here
-----------------------------------------
Source: icseftonandwestlancs.icnetwork.co.uk
Metadata can be found embedded in every electronic document. It tells those that know how to access it a lot of facts and figures about word-processed documents, spreadsheets, pdf files, databases and other types of document. This can include sensitive information such as the name of the original author.
It was metadata that gave away the fact that a large part of the government’s dossier justifying war in Iraq was cribbed from a PhD student’s thesis.
Metadata can be found very easily. It can be accessed in a word document by using the file and properties from the menu. This reveals a panel that includes facts such as who authored the document, which company it came from, whether it used a template and figures such as how many times it has been revised and how long users have spent editing it.
Another potential pitfall for the unwary is the ability of a document’s recipient to track changes made to it. Opening a document in Wordpad will show deletions. Worse still, is a common problem afflicting law firms. Law firms often use the track changes option when creating a word document to see at a glance which member of a team made what amendment to contract, letter, witness statement or other evidence. If the lawyers forget to undo track changes before forwarding to the other side in a dispute or negotiation, they could find vital information is given away.
“It’s the constant frustration of IT departments in law firms,” says Brode.
To Continue Reading: Click Here
-----------------------------------------
Source: icseftonandwestlancs.icnetwork.co.uk
Tuesday, July 24, 2007
Distributed Backup is the Key to ILM
ILM solutions can significantly reduce the cost and complexity of data storage, but to reap the greatest rewards, ILM relies on a backup system that is ILM-aware. ILM has two goals. One is to minimize administration costs. The other is to make the most efficient use of storage hardware. Without a backup architecture that maximizes or even enables ILM, these goals cannot be realized effectively.
The Case for ILM
Since enterprises are so dependent on information about their processes, products, customers and suppliers, data storage is a challenge for IT executives and storage administrators everywhere. Reliable and secure data storage is crucial to business continuity plans. Many industries, such as finance and health care, face new regulatory policies that mandate ever-increasing durations of data retention.
Because of the combination of more data and longer retention times, the cost of managing information throughout its lifecycle grows as much as 20% to 30% per year, according to some estimates.
Though opinions vary, for the purposes of this article ILM will be defined as a data archiving process that automatically moves data to the most cost-effective storage media, based on predetermined policies of accessibility, security and long-term storage. Data is transferred automatically, with no manual intervention required, reducing hardware and real estate costs. As a result, ILM vendors promise a significant Return on Investment (ROI).
Archiving Versus Backup All of an enterprise?s data can be placed into one of two categories. Critical information is that which is needed for day-to-day operations and resides in the system?s primary storage for fast access. Important information is the historical, legal and regulatory information that can safely be archived to secondary storage?lower cost disk or tapes stored offsite.
Critical data is typically accessed often. However, as a given file is accessed less and less frequently, over time this data eventually changes from critical to important. If, as a matter of policy, a file ceases to be critical and becomes important after ninety days of inactivity, an ILM solution automatically archives this data after ninety days to secondary storage, without any intervention by IT personnel. ILM solutions create a pointer or placeholder for every file moved to secondary storage. Should a user ask for a file after ninety days (if the important information becomes critical) this placeholder points to the new location and the system can retrieve it and move it back to primary storage.
Archiving data that is no longer needed for day-to-day operations by moving it to long-term storage is distinctly, functionally different from backup operations which protect operational, critical data before it can be archived.
One key failing of backup systems that are not ILM-aware is that they will continue to store backup files on tape or secondary disk, even though this data has been archived elsewhere. Since this secondary storage must still be managed, the overall return on the ILM investment will be considerably less than anticipated.
Figure 1 illustrates this process in a typical e-mail setup. This architecture includes a backup system that protects critical data on primary storage before it is archived to lower-cost disks or tape by an ILM solution. This traditional tape-based backup is the ILM solution?s Achilles? heel when it comes to ROI.
To Continue Reading: Click Here
---------------------------------------
Source: Computer Technology Review
By: Aran Farajun
The Case for ILM
Since enterprises are so dependent on information about their processes, products, customers and suppliers, data storage is a challenge for IT executives and storage administrators everywhere. Reliable and secure data storage is crucial to business continuity plans. Many industries, such as finance and health care, face new regulatory policies that mandate ever-increasing durations of data retention.
Because of the combination of more data and longer retention times, the cost of managing information throughout its lifecycle grows as much as 20% to 30% per year, according to some estimates.
Though opinions vary, for the purposes of this article ILM will be defined as a data archiving process that automatically moves data to the most cost-effective storage media, based on predetermined policies of accessibility, security and long-term storage. Data is transferred automatically, with no manual intervention required, reducing hardware and real estate costs. As a result, ILM vendors promise a significant Return on Investment (ROI).
Archiving Versus Backup All of an enterprise?s data can be placed into one of two categories. Critical information is that which is needed for day-to-day operations and resides in the system?s primary storage for fast access. Important information is the historical, legal and regulatory information that can safely be archived to secondary storage?lower cost disk or tapes stored offsite.
Critical data is typically accessed often. However, as a given file is accessed less and less frequently, over time this data eventually changes from critical to important. If, as a matter of policy, a file ceases to be critical and becomes important after ninety days of inactivity, an ILM solution automatically archives this data after ninety days to secondary storage, without any intervention by IT personnel. ILM solutions create a pointer or placeholder for every file moved to secondary storage. Should a user ask for a file after ninety days (if the important information becomes critical) this placeholder points to the new location and the system can retrieve it and move it back to primary storage.
Archiving data that is no longer needed for day-to-day operations by moving it to long-term storage is distinctly, functionally different from backup operations which protect operational, critical data before it can be archived.
One key failing of backup systems that are not ILM-aware is that they will continue to store backup files on tape or secondary disk, even though this data has been archived elsewhere. Since this secondary storage must still be managed, the overall return on the ILM investment will be considerably less than anticipated.
Figure 1 illustrates this process in a typical e-mail setup. This architecture includes a backup system that protects critical data on primary storage before it is archived to lower-cost disks or tape by an ILM solution. This traditional tape-based backup is the ILM solution?s Achilles? heel when it comes to ROI.
To Continue Reading: Click Here
---------------------------------------
Source: Computer Technology Review
By: Aran Farajun
CDP Makes Backup Better, Faster, Cheaper
The data backup world has changed dramatically in recent years. No change has been more dramatic or rapid than the shift from traditional tape-based backup technology to disk-to-disk (D2D) backup. Disk-based backup has enabled shorter backup windows and more rapid data recovery which has opened the way for more sophisticated backup and recovery software technologies that were not possible with tape backup systems. Software vendors have responded to the technology potential of disk-based backup with new enhanced functionality, such as point-in-time snapshots and local and remote replication in an effort to reduce the vulnerability of data loss in between scheduled backup sessions.
Beyond the pure speed advantages, disk backup is also the right technology at the right time to address the convergence of two business trends: the necessity for 24/7 data access in a global wired economy and the increasing use and importance of remote offices. According to the Enterprise Strategy Group an estimated 60 percent to 70 percent of mission-critical data is stored and used at offsite locations. Enterprise IT managers face the challenge of how to protect and manage all remote data in an era of tight budget constraints and the reality that the geographically distributed locations typically lack the IT staff to manage, monitor and verify backup operations.
Continuous Data Protection (CDP) Gains Momentum
CDP is the disk-based backup and recovery strategy gaining traction in data centers of various sizes. The traction is especially visible among users of Exchange, where the management and compliance challenges are driving elements of the CDP marketplace.
A CDP product is one that will continuously monitor an object for changes and will preserve copies of all prior versions of the object. The user will have the ability to view and access these prior versions, as required. The time to perform recovery changes is shifted from hours or days to seconds or minutes. The backup window is no longer a problem because there is no longer the concept of a backup window.
CDP is a cross between disk-based backup and replication. CDP continually captures all changes made to a file, and engages in tagging (versioning) objects so that they can be specifically rolled back to a particular point in time. The business value of CDP lies in the ability to restore data objects to a point before a data corruption or interruption event takes place. CDP protects/captures data as it is written to disk. One of the great myths of CDP is the unspoken assertion that CDP is for every kind of data, all the time. This is of course untrue, since the value of data changes as a matter of time, urgency and business dynamics.
One important scenario to keep in mind when considering the implementation of CDP is that of centralized backup for the remote or branch office. Too often, basic IT tasks like monitoring the backup server and changing tapes can be missed when assigned to remote office clerical staff not skilled in IT. Using a CDP strategy over the WAN to protect branch office file servers removes the requirement for tape drive and media handling at the remote site.
What about Recovery?
There are two general principles that govern all recovery policy-making: the recovery point objective (RPO) and the recovery time objective (RTO). The RPO defines how much data you are willing to lose when you recover data.
The RTO defines how long it will take to recover your business processes from a data failure. This includes not only the data recovery, but restarting the servers or applications that depend on that data. These recovery considerations must also be applied to local and remote recovery strategies.
A true CDP product protects every data change as it takes place, and the RPO approaches zero. On the other hand, with the vast amount of data being recoverable, how you choose the recovery point effects your RTO.
Some recovery points are based on time, a particular hour or minute. More useful, however, they are event-based. Since every data change is protected, a loss event can be absorbed and yield a recovery event.
To Continue Reading: Click Here
-------------------------------------
Source: Computer Technology Review
By: Eran Farajun
Beyond the pure speed advantages, disk backup is also the right technology at the right time to address the convergence of two business trends: the necessity for 24/7 data access in a global wired economy and the increasing use and importance of remote offices. According to the Enterprise Strategy Group an estimated 60 percent to 70 percent of mission-critical data is stored and used at offsite locations. Enterprise IT managers face the challenge of how to protect and manage all remote data in an era of tight budget constraints and the reality that the geographically distributed locations typically lack the IT staff to manage, monitor and verify backup operations.
Continuous Data Protection (CDP) Gains Momentum
CDP is the disk-based backup and recovery strategy gaining traction in data centers of various sizes. The traction is especially visible among users of Exchange, where the management and compliance challenges are driving elements of the CDP marketplace.
A CDP product is one that will continuously monitor an object for changes and will preserve copies of all prior versions of the object. The user will have the ability to view and access these prior versions, as required. The time to perform recovery changes is shifted from hours or days to seconds or minutes. The backup window is no longer a problem because there is no longer the concept of a backup window.
CDP is a cross between disk-based backup and replication. CDP continually captures all changes made to a file, and engages in tagging (versioning) objects so that they can be specifically rolled back to a particular point in time. The business value of CDP lies in the ability to restore data objects to a point before a data corruption or interruption event takes place. CDP protects/captures data as it is written to disk. One of the great myths of CDP is the unspoken assertion that CDP is for every kind of data, all the time. This is of course untrue, since the value of data changes as a matter of time, urgency and business dynamics.
One important scenario to keep in mind when considering the implementation of CDP is that of centralized backup for the remote or branch office. Too often, basic IT tasks like monitoring the backup server and changing tapes can be missed when assigned to remote office clerical staff not skilled in IT. Using a CDP strategy over the WAN to protect branch office file servers removes the requirement for tape drive and media handling at the remote site.
What about Recovery?
There are two general principles that govern all recovery policy-making: the recovery point objective (RPO) and the recovery time objective (RTO). The RPO defines how much data you are willing to lose when you recover data.
The RTO defines how long it will take to recover your business processes from a data failure. This includes not only the data recovery, but restarting the servers or applications that depend on that data. These recovery considerations must also be applied to local and remote recovery strategies.
A true CDP product protects every data change as it takes place, and the RPO approaches zero. On the other hand, with the vast amount of data being recoverable, how you choose the recovery point effects your RTO.
Some recovery points are based on time, a particular hour or minute. More useful, however, they are event-based. Since every data change is protected, a loss event can be absorbed and yield a recovery event.
To Continue Reading: Click Here
-------------------------------------
Source: Computer Technology Review
By: Eran Farajun
Subscribe to:
Posts (Atom)
