October is Cyber Security Awareness Month

The goal of Cyber Security Awareness Month is to remind us to guard against cyber threats.  The Canadian Government getcybersafe website has resources to describe the risks and suggest ways to protect against things such as cyberbullying, scams and fraud.  It covers both personal and corporate risks for smartphones, social networking, online banking, online shopping, and more.  It also explains the differences between common threats such as pharming, phishing, and spoofing.

If you’ve ever wondered how many people actually fall for what appear to be blatant phishing attempts, take a look at this infographic that shows that even a very small percentage of phishing success translates into significant actual numbers.

 

Cross posted to Slaw

harrisonpensa.com/lawyers/david-canton 

 

Businesses relying more on mobile – is Blackberry still in the game?

A BMO poll released today shows the unsurprising result that the business world is becoming more reliant on mobile technology.

Lawyers were early adopters of Blackberries, for which email was the killer app.  At our firm there are only a handful of lawyers still using Blackberries.  The rest of us are split between iPhones and Android.  While Windows phones are technically as good as the others, they just can’t seem to gain ground.

Passport

Blackberry has not given up, though.  It just launched a new phone called the Passport.  Blackberry has moved from touting email as its killer feature to touting productivity and security as its killer features.  The main focus is clearly on the business market.

Only time will tell whether Blackberry can claw back market share.

Cross posted to Slaw.

http://harrisonpensa.com/lawyers/david-canton

Will a smartwatch be on your wrist? 10 things to ponder.

As expected, Apple introduced its Apple Watch (not iWatch) last week with great fanfare. It is actually not a single watch, but a series of watches in 2 sizes and 3 models with various types of bands.  It will be available “early 2015″.

Of course only those with iPhones can use an Apple Watch.  Those with Android phones will use one of the options running Android Wear.

The reaction to the smartwatch phenomenon has been interesting.  Traditional watch manufacturers are being dismissive about it – which  sounds a lot like how Rim (Blackberry) dismissed the iPhone when it first came out.

Things to ponder about the smartwatch market include:

  • How many people will value the advantage of not having to pull out a phone so often that they will want a smartwatch?
  • Will those who no longer wear watches because they use their phone for the time start wearing watches again?
  • Will it hurt sales of traditional watches?
  • How many traditional watch manufacturers will sell their own smartwatch versions?
  • Will people want to spend hundreds of dollars on a watch that has a far shorter life span than a traditional watch?
  • Will style trump functionality? Smartphone physical differences are subtle – but watches come in many shapes and sizes.  There has been a lot of comment on square vs round, for example.
  • Apple announced its watch with an unusually large lead time – perhaps in part to steal the thunder of the various Android Wear watches.  Will Android Wear be updated by the time the Apple Watch comes up in ways that make it more compelling?
  • The type of phone one has will dictate the Apple watch vs Android Wear watch choice.  But will some choose or change their smartphone preference based on watch choice?
  • Will the large size of a smartwatch (some might be a challenge to put tour shirt sleeve over it, for example) be a negative?
  • How much better will smartwatches become as they mature over the next few years?

I definitely want one – I’m in the Android camp – the only issue is which one, and can I hold out long enough for 2nd gen improvements?

Cross-posted to Slaw

http://harrisonpensa.com/lawyers/david-canton

CASL software provisions

CASL – the Canadian anti-spam legislation – contains provisions that require certain disclosure and permission requirements on the installation of software that does certain things, or when software does certain things.  This aspect of CASL has been overshadowed by the anti-spam provisions, in part because the software provisions are not in effect until January 15, 2015.

Unfortunately these software provisions are not easy to comprehend or apply in practice. There is a lot of uncertainty around their interpretation.  And IMHO they are going to cause far more harm than good.  There is a real danger that some software creators will simply not offer their products in Canada to avoid the pain of complying with CASL.

Yesterday CRTC and Industry Canada representatives were at a Canadian IT Law Association teleconference to collect questions from the IT bar to help them prepare FAQ’s or guides to the CASL software provisions.  That guidance should be a big help to understanding the legislation.

Unfortunately they did not give us any hints at all on their thoughts on interpretation.  They are aiming to publish their material in November or December, which, as one participant commented, is far too late.  Compliance will be more complicated than tweaking a EULA.  Software vendors will require time to create new processes and verbiage to comply.   Then back that up through an effective lost 2 weeks over the holidays, and the time it will take to digest and advise clients on what they have to do….

Cross-posted to Slaw

http://harrisonpensa.com/lawyers/david-canton

Smartwatch week

The IFA – the European equivalent of the Las Vegas Consumer Electronic Show – starts Friday – although manufacturers have already started pre-show press conferences.   A wide range of consumer electronics and appliances will be on display.  The tech press will have extensive coverage, including CNET and engadget.

Smartwatches will be prominent.  With Google’s recent launch of its Android Wear smartwatch operating system, several new smart watches are being announced.  Some are updates of existing models, and some are new.  Examples include the Asus ZenWatch and the Sony SmartWatch 3.  Not to be outdone, Apple is expected to announce the iWatch at its own event Sept 9.

I want one – but am not quite sure yet which one. I’ll be watching the specs, prices, launch dates and reviews. Will this be the year that smartwatches take off?  Is a smartwatch in your future?

smartwatch

Cross posted to Slaw

http://harrisonpensa.com/lawyers/david-canton

If you think our red tape is bad…

We often get frustrated with seemingly unnecessary red tape and arbitrary rules – but every once in a while we run across requirements from other countries that are mind boggling.  For those who have never encountered this, it goes something like this.

A government agency or business in a country your client does business in requires a copy of a document.  If they were here, they may not need that document in the first place, but even if they do it would be a simple manner of scanning and emailing a pdf.

But no, they require a notarial copy – still simple enough.  Then they say the document needs to have a corporate seal as well.  Explaining that most Canadian companies don’t have corporate seals because they have not been required here for decades doesn’t help – its easier and cheaper to just buy a corporate seal.

But they won’t accept a notarial copy on its own, it has to be consularized, meaning the document has to go to that country’s embassy or consulate to be vetted and stamped or formalized in some way.  So you look up the process for that on the consulate web site and see that they have very specific rules about things such as what time of day they will accept documents, what ID has to be provided by the requesting person, and the need to bind the document together in a way that avoids substitution.  It may suggest methods such as sealing wax or an eyelet.  No staples allowed.  So the firm gets canvassed to see if there exists anywhere an eyelet/rivet tool that some lawyers used decades ago to fasten wills together. That fails, so you end up sending the document to a print shop to be bound.

Before the bound document goes to the consulate, it has to go to the provincial Ministry of Government Services so they can sign the document to confirm that the notary who signed it is really a notary.   Then it goes to the consulate where they add their official seal for a modest fee.

But we are still not done.  All of this is in English, so you have to send it to be translated by a certified translation agency or law firm in the country it is going to.

Then it can go to whomever requested it.

By the time this is all done, that document copy has been certified/stamped/sealed by: originating company, notary, provincial official, consulate, official translator.

The task that would have taken 5 minutes here has stretched into hours of work, various fees, and an elapsed time that might be measured in weeks.

Cross posted to Slaw

harrisonpensa.com/lawyers/david-canton

Wipe your car before you sell it

I’m in the process of buying a new car, and realized that when we get rid of a car we should think about more than just cleaning out the glove box and taking the snowbrush out of the trunk. A list of data to clear is at the end of this post.

At one time, cars stored no personal information other than the odometer reading and radio presets.

Cars are laden with computers that control and monitor things like the engine, brakes, climate control, entertainment, tire pressure, and safety features. With this comes more data, and with more data comes the temptation to save it and to use it for other things. This is becoming even more so for hybrid and electric cars.

An example is the OBD (on board diagnostics) and EDR (electronic data recorder) system. They contain useful information for the diagnosis of problems, and information for a short period (measured in seconds or minutes) for accident investigation, such as speed, seat belt use, steering angle, number of passengers, engine speed, and throttle position.

It is possible to plug devices into the OBD port to use and retain that information for displaying a dashboard on your phone, spying on your kids driving habits, or sending to your insurer for rate calculations.

Since the EDR system contains limited memory and overwrites itself quickly, there is little risk of that personal information being used after you give up your car – but if you are concerned, make your last drive a leisurely one.

Keeping in mind that it is easy to get a used car report showing owner name and address to link data on your old car back to you, here are some things you might want to do before you part with your car:

  • Delete Bluetooth pairings.
  • Delete stored phone numbers and call history.
  • Remove any CDs, DVDs, and usb keys. (It’s easy to forget a usb key, for example, plugged into a port hidden in the glove box or other compartment, and it might have more on it than just music.)
  • Delete built in garage door opener codes.
  • Clear the GPS of pre-programed destinations and route history.
  • Clear wifi hotspot settings and passwords.
  • Remove any OBD/EDR recorders you have added.
  • Cancel Onstar subscription and reporting. (I know someone who forget to cancel reporting, and continued to get monthly reports on his old car now with the new owner.)
  • Cancel or transfer satellite radio.

Cross posted to Slaw

http://harrisonpensa.com/lawyers/david-canton

 

 

 

Russian hackers amass 1.2 billion username/password combinations

A New York Times story says that: “A Russian crime ring has amassed the largest known collection of stolen Internet credentials, including 1.2 billion user name and password combinations and more than 500 million email addresses…”.  This was discovered by a company called Hold Security, that so far has not named the sites.  I’m a bit skeptical of the news, however, when Hold Security has a paid service to find out if your site is affected by this.

This emphasizes yet again the importance of using proper passwords and taking advantage of multi-factor authentication wherever it is offered.

Since the only good password is one we can’t possible remember, and they should be different for each site, the best approach is to use a password manager.  Password managers both create strong unique passwords and save them for you.  Here’s a recent PC Mag article on The Best Password Managers.

Make sure your password to get into your password manager is a strong one, and take advantage of multifactor authentication for it.  Make sure you have a backup copy of those passwords.  And lets hope that the password manager sites have protected themselves strongly enough that they can’t be compromised.

Cross posted to Slaw

http://harrisonpensa.com/lawyers/david-canton

Can a tablet replace your work PC?

Apple CEO Tim Cook recently said that 80-90% of his computer time is spent on an iPad.

This comment lead tech journalist Mike Elgan to wonder: “Could 80 percent of the corporate workforce do 100 percent of their work on a tablet?”  

His article sets out arguments for and against, but basically concludes that tablets would be sufficient for many.

For me personally, for what I need it for, while you would have to pry my tablet out of my hands, it is not adequate to replace my PC.  For too many things it is just not quite good enough, or efficient enough.  But depending on what one’s role is, a tablet may indeed be sufficient.

What do readers think?  Is anyone using a tablet while their PC gathers dust?

Cross posted to Slaw

http://harrisonpensa.com/lawyers/david-canton

Simple is not easy

Have you ever used an app – whether on a phone, tablet, or desktop, and found them lacking?

Developers creating app versions of existing desktop software or online services face a dilemma. Apps are generally slimmed down versions of the original as they need to be used on touch interfaces, and the code needs to be smaller.

So app developers need to decide what features are important, how the app might be used differently in that context, and what can be left out.  Even though desktop software is often bloated with features that are rarely used, deciding what to leave out is not easy.   With computer code, similar to drafting contracts, simple is good but not easy.  Sometimes things are left off that are missed by some users or that drive users nuts because they spend so much time trying to figure out how to do something that is missing.

I recently found, for example, that the Windows metro Dropbox app won’t let you select more than 1 file at a time to download.  That’s a real pain if you are trying to download a couple hundred photos.  I’ve also noticed that the OneDrive app doesn’t let you access OneDrive databases other than the one linked to that computer.  And seen weather apps with reduced information.

This is a factor that makes some people lean towards HTML5 websites vs apps.

Cross posted to Slaw.

harrisonpensa.com/lawyers/david-canton