If you think our red tape is bad…

We often get frustrated with seemingly unnecessary red tape and arbitrary rules – but every once in a while we run across requirements from other countries that are mind boggling.  For those who have never encountered this, it goes something like this.

A government agency or business in a country your client does business in requires a copy of a document.  If they were here, they may not need that document in the first place, but even if they do it would be a simple manner of scanning and emailing a pdf.

But no, they require a notarial copy – still simple enough.  Then they say the document needs to have a corporate seal as well.  Explaining that most Canadian companies don’t have corporate seals because they have not been required here for decades doesn’t help – its easier and cheaper to just buy a corporate seal.

But they won’t accept a notarial copy on its own, it has to be consularized, meaning the document has to go to that country’s embassy or consulate to be vetted and stamped or formalized in some way.  So you look up the process for that on the consulate web site and see that they have very specific rules about things such as what time of day they will accept documents, what ID has to be provided by the requesting person, and the need to bind the document together in a way that avoids substitution.  It may suggest methods such as sealing wax or an eyelet.  No staples allowed.  So the firm gets canvassed to see if there exists anywhere an eyelet/rivet tool that some lawyers used decades ago to fasten wills together. That fails, so you end up sending the document to a print shop to be bound.

Before the bound document goes to the consulate, it has to go to the provincial Ministry of Government Services so they can sign the document to confirm that the notary who signed it is really a notary.   Then it goes to the consulate where they add their official seal for a modest fee.

But we are still not done.  All of this is in English, so you have to send it to be translated by a certified translation agency or law firm in the country it is going to.

Then it can go to whomever requested it.

By the time this is all done, that document copy has been certified/stamped/sealed by: originating company, notary, provincial official, consulate, official translator.

The task that would have taken 5 minutes here has stretched into hours of work, various fees, and an elapsed time that might be measured in weeks.

Cross posted to Slaw

harrisonpensa.com/lawyers/david-canton

Wipe your car before you sell it

I’m in the process of buying a new car, and realized that when we get rid of a car we should think about more than just cleaning out the glove box and taking the snowbrush out of the trunk. A list of data to clear is at the end of this post.

At one time, cars stored no personal information other than the odometer reading and radio presets.

Cars are laden with computers that control and monitor things like the engine, brakes, climate control, entertainment, tire pressure, and safety features. With this comes more data, and with more data comes the temptation to save it and to use it for other things. This is becoming even more so for hybrid and electric cars.

An example is the OBD (on board diagnostics) and EDR (electronic data recorder) system. They contain useful information for the diagnosis of problems, and information for a short period (measured in seconds or minutes) for accident investigation, such as speed, seat belt use, steering angle, number of passengers, engine speed, and throttle position.

It is possible to plug devices into the OBD port to use and retain that information for displaying a dashboard on your phone, spying on your kids driving habits, or sending to your insurer for rate calculations.

Since the EDR system contains limited memory and overwrites itself quickly, there is little risk of that personal information being used after you give up your car – but if you are concerned, make your last drive a leisurely one.

Keeping in mind that it is easy to get a used car report showing owner name and address to link data on your old car back to you, here are some things you might want to do before you part with your car:

  • Delete Bluetooth pairings.
  • Delete stored phone numbers and call history.
  • Remove any CDs, DVDs, and usb keys. (It’s easy to forget a usb key, for example, plugged into a port hidden in the glove box or other compartment, and it might have more on it than just music.)
  • Delete built in garage door opener codes.
  • Clear the GPS of pre-programed destinations and route history.
  • Clear wifi hotspot settings and passwords.
  • Remove any OBD/EDR recorders you have added.
  • Cancel Onstar subscription and reporting. (I know someone who forget to cancel reporting, and continued to get monthly reports on his old car now with the new owner.)
  • Cancel or transfer satellite radio.

Cross posted to Slaw

http://harrisonpensa.com/lawyers/david-canton

 

 

 

Russian hackers amass 1.2 billion username/password combinations

A New York Times story says that: “A Russian crime ring has amassed the largest known collection of stolen Internet credentials, including 1.2 billion user name and password combinations and more than 500 million email addresses…”.  This was discovered by a company called Hold Security, that so far has not named the sites.  I’m a bit skeptical of the news, however, when Hold Security has a paid service to find out if your site is affected by this.

This emphasizes yet again the importance of using proper passwords and taking advantage of multi-factor authentication wherever it is offered.

Since the only good password is one we can’t possible remember, and they should be different for each site, the best approach is to use a password manager.  Password managers both create strong unique passwords and save them for you.  Here’s a recent PC Mag article on The Best Password Managers.

Make sure your password to get into your password manager is a strong one, and take advantage of multifactor authentication for it.  Make sure you have a backup copy of those passwords.  And lets hope that the password manager sites have protected themselves strongly enough that they can’t be compromised.

Cross posted to Slaw

http://harrisonpensa.com/lawyers/david-canton

Can a tablet replace your work PC?

Apple CEO Tim Cook recently said that 80-90% of his computer time is spent on an iPad.

This comment lead tech journalist Mike Elgan to wonder: “Could 80 percent of the corporate workforce do 100 percent of their work on a tablet?”  

His article sets out arguments for and against, but basically concludes that tablets would be sufficient for many.

For me personally, for what I need it for, while you would have to pry my tablet out of my hands, it is not adequate to replace my PC.  For too many things it is just not quite good enough, or efficient enough.  But depending on what one’s role is, a tablet may indeed be sufficient.

What do readers think?  Is anyone using a tablet while their PC gathers dust?

Cross posted to Slaw

http://harrisonpensa.com/lawyers/david-canton

Simple is not easy

Have you ever used an app – whether on a phone, tablet, or desktop, and found them lacking?

Developers creating app versions of existing desktop software or online services face a dilemma. Apps are generally slimmed down versions of the original as they need to be used on touch interfaces, and the code needs to be smaller.

So app developers need to decide what features are important, how the app might be used differently in that context, and what can be left out.  Even though desktop software is often bloated with features that are rarely used, deciding what to leave out is not easy.   With computer code, similar to drafting contracts, simple is good but not easy.  Sometimes things are left off that are missed by some users or that drive users nuts because they spend so much time trying to figure out how to do something that is missing.

I recently found, for example, that the Windows metro Dropbox app won’t let you select more than 1 file at a time to download.  That’s a real pain if you are trying to download a couple hundred photos.  I’ve also noticed that the OneDrive app doesn’t let you access OneDrive databases other than the one linked to that computer.  And seen weather apps with reduced information.

This is a factor that makes some people lean towards HTML5 websites vs apps.

Cross posted to Slaw.

harrisonpensa.com/lawyers/david-canton

CASL now in force

You may be tired of hearing about CASL, and tired of getting the consent requests that people were sending out before July 1.  The pre July 1 scramble was done because sending an email to request consent is now itself considered spam.  But we may still see requests, which can be sent if the recipient fits into one of the exceptions.

In hindsight, I wish I had kept track of the number of consent requests I got, how many of those were not technically compliant with CASL, and how many were from entities I’d never heard of that were just trolling for contacts.

There are uncertainties over the interpretation of many parts of CASL, but it can’t be ignored.  Businesses need to do the best they can to comply and demonstrate diligence.  CASL compliance will be an iterative process over time as the interpretation hopefully becomes more clear. While the CRTC will no doubt focus on real spammers, anyone can complain, and you never know who they might choose to make an example of.  Don’t set yourself up to be that example.

For more detail on CASL check out the HP CASL page, or search for CASL on my blog.

Cross posted to Slaw

SCC “gets” tech – government not so much

Far too often – at least in my opinion – courts and legislators don’t seem to understand technology related issues or how the law should fit with them.  The Supreme Court of Canada, however, got it right with Spencer, which basically says that internet users have a reasonable expectation of anonymity in their online activities.  Last Fall the SCC sent a similar message in the Vu case saying that a general search warrant for a home was not sufficient to search a computer found there.  And that trend will hopefully continue with its upcoming Fearon decision on the ability to search cell phones incident to arrest.

While the SCC seems to now “get it” when it comes to privacy and technology, the federal legislature doesn’t seem to.  It has continually tried to erode privacy with a series of “lawful access” attempts, the latest of which may be unconstitutional given the Spencer decision.  Another example of the federal legislature not “getting it” is the CASL anti-spam legislation, which imposes huge burdens on normal businesses and software providers.

Cross posted to Slaw

http://harrisonpensa.com/lawyers/david-canton  

The Cloud – Panacea or Perilous?

The cloud has been touted as a significant revolution in computing – providing scalable, secure, and cost effective alternatives to owing and managing your own computing infrastructure.  It has also been criticized for being insecure, unreliable, and a potential threat to the future of your business if something goes wrong.

So which is it?  It can be both, actually.

Done right – with the right application, the right vendor, the right agreement, and with proper attention to issues like security, encryption, privacy, and continuity – it can work very well.

Done wrong – without those details being considered – it has the potential to cause things ranging from spotty performance to embarrassing data leakage to a business ending catastrophic failure.

The key is to spend the time up front to get it right.

(Cross-posted to Slaw)

http://harrisonpensa.com/lawyers/david-canton

Carmi Levy’s 7 tech trends

I was at a presentation this morning by tech guru Carmi Levy who talked about 7 tech trends.  If you watch national news broadcasts you will have seen Carmi.

1. Cloud.  It aligns spend with need, and you can spend less time managing your infrastructure.

2. Mobile.  More smart phones were sold last year than feature phones.  Facebook revenue from mobile is more than 50% now.  Just 3 years ago was zero.  25% of Facebook users are mobile only.  This trend is similar for other providers - mobile is rapidly becoming a prime way to connect.  Businesses need to address the mobile market.   Some businesses are not even bothering with web sites because their customers are just using social media and apps.

3.  Social Media.  Social media is today’s town square.  It is changing the way we consume content and works well local as well as global.  London’s #Ldnont hash tag is an example of an effective local tool.

4.  Apps.  The real action is mobile.  Apps can be a meaningful way to connect.   In some cases they are becoming as important as a web site.  Apps vs responsive web is controversial.   Apps can give richer experience, but responsive can be simpler to do and is platform agnostic.

5.  Gaming.  Casual gaming is the fastest growing game segment. Ties in to the mobile trend.

6.  Ecommerce.   We are seeing a revolution at summer festivals in the park.  Festival vendors used to use cash only.  Now vendors increasingly use mobile payment options such as Square.  The tech allows the smallest of small business to do this easily and cheaply.

7.  Hyperlocal.  London’s Hacker studios is an example of a startup hub where users pay a subscription for space including mentoring and support.

In general, Carmi says tech is an investment not a cost.  It is a marketing enabler if it is done right.  It is a constant adaptive process, and has to be part of business culture in general – not just delegated to a particular department.  Digital competency is something we become not something we build.

Cross posted to Slaw

http://harrisonpensa.com/lawyers/david-canton

CASL observations

I was at a conference on CASL (anti-spam) last week chaired by Barry Sookman.  His summary of conference highlights is worth reading.  Below are some of my observations based on both that conference and my CASL dealings with clients so far.

Large companies are spending millions of dollars to comply with CASL.  Small business is struggling to comply and to make sense of how to comply and why it is even needed. But you can bet that the true spammers will just continue to try to hide from the regulators.

Opt-in rates for attempts to get express consents so far have in some cases been abysmal – low single digit %. I suspect there are a number of reasons for that. Many on the mail list don’t care (meaning it’s a waste of time to send to them anyway). But many actually do want it and are not paying attention, who will eventually wonder why they stop getting things.  The challenge is to request consents in a way that will encourage a quick and easy yes – meaning that the use of marketing professionals may be key to getting a good response rate.

There is so much uncertainty around CASL interpretation that CASL compliance will be an iterative process.

No software solutions are available for the average business to track CASL compliance.  There is a business opportunity to develop affordable mini-CRM software that meets CASL rules and evidentiary requirements and can tie in with bulk mail programs and contact management systems such as Outlook.

The CASL software consents that kick in in January 2015 have the potential to cause real havoc.  They are being overshadowed now because of the looming July 1 date for CEM, and that the software consent issue only applies to those creating software.  These rules are unprecedented, and there is a danger that many offshore software developers will simply not offer their products to Canadians rather than taking the time and effort to comply.

(Cross posted to Slaw)

http://harrisonpensa.com/lawyers/david-canton