Tip: Spotlight searches with Boxcryptor

Filed under: Mac Tips | Tags: , , , , , |

Quicksilver splash

I have been trying to get Boxcryptor to play nice with Spotlight but it has been a no go.

There is a way to turn it on. However, it has not worked for me. 

I have found a work around with using the out-of-beta version 1 of Quicksilver. By putting the Boxcryptor volume into the Quicksilver catalog, I get an index of the Boxcryptor volume. 

It is not a perfect solution. Searching for a folder when saving still requires Spotlight (which still won’t work even if you have Quicksilver installed). However, this work around does the job if you are just looking for files on your hard drive.


Backup strategies for solo or small firm lawyers

Filed under: Cloud, Mac Tips, Practice Tips | Tags: , , , , , , |

It’s a new year and it is time to make good on that resolution to strengthen your law firm’s backup strategy (or to get one started)!

How to get your back-up plan in order, in case of a hard drive failure, theft or fire, is one of the most important things a solo attorney and small law firm can do — especially once you go paperless. Then it is all just bits. And you do not want them to go away. Fortunately, it is much easier to copy bits than it is paper documents, allowing you to have multiple up to date and versioned copies in multiple locations.

Goals of a successful backup strategy:

  • Automatic. You already know that if something is a hassle, it is not going to get done. You want something that works in the background whether you remember to use it or not.
  • Multiple locations. One of the worst backup strategies is to have your backup sitting next to your computer. You want to make sure you have offsite back-up. And having a backup in a completely different regions is even better.
  • Multiple copies. One backup is good, but several are better. You never know when a perfect storm will hit and take out your one backup.or
  • Multiple services. If something happens with your backup provider, even a temporary problem with connectivity, you could be left out in the cold. It is a good idea to put your eggs in several different baskets just in case.

Great, you say. You could read pabulum like this on any number of law blogs. So let me give you a quick and dirty guide to backing up. Some of this is Mac specific, but I am including PC alternatives for the Morlocks among you ;)

Read the rest of this entry »


Making Dropbox secure for lawyers and law offices

Filed under: Cloud | Tags: , , , |

security

Lawyers are particularly concerned about using cloud based service to store information. Here are some of the issues attorneys face:

  • I am handing over sensitive client matters to a third-party! Note: this is despite the fact that lawyers already do this when they store client files in a rented office.
  • Where are the files stored? Are any files stored outside of the United States?
  • What are the security procedures at the cloud service provider?
  • Who can see my data?
  • Will the data be handed over to law enforcement and under what conditions (subpoena)?
  • Will I be notified if data is handed over?

The flaw (some say the fatal flaw) with using a cloud service like Dropbox is the service ultimately has access to your files and could theoretically view or reveal your data.

There have been a number of workarounds including putting your files into an encrypted container. I discussed the trade-off with this in “Is Cloud Storage Secure Enough for Lawyers.” The problem is that you lose the benefit of constant synchronization: instead of files constantly being backed up and synced, you have to sync a single LARGE file when all you want to do is shut down your system and go home.

SpiderOak

The goal has been per file encryption and services like Spider Oak have stepped up to the plate to offer this. However, moving away from Dropbox, means moving away from a known service which is currently the market leader with cross-platform application on desktop (Windows, Apple/Mac, and Linux) and mobile devices (iPhone, iPad, Android, Blackberry) plus many applications support Dropbox right out of the box!

Dropbox mobile

Dropbox just logo

Plus, Dropbox just works! Sync is hard. Just ask anyone who has tried to keep contacts synchronized between various computers and online services: you get old information, conflicts, and duplicates. With Dropbox files sync accurately and quickly — even “files” like Circus Ponies Notebook which are actually folders work!

Now, I’m not saying other service do not work just as well. It is just that any contender needs to be considerably better to make me move.

The ONE thing Dropbox lacks is — per-file encryption. That is, until SecretSync. Read the rest of this entry »


Dropbox left open for 4 hours

Filed under: Cloud | Tags: , , |

A wrinkle has appeared in the perennial question, “Is Dropbox Secure?” Dropbox (one of my favorite services) was effectively unlocked for 4 hours on Monday June 20, 2011!

Writing in PC World, Sara Yin notes:

A code update left Dropbox, the popular cloud storage service, password-free for about four hours on Monday afternoon.

During this time, anyone could access any of Dropbox’s 25 million user accounts by typing in any password. The lapse occurred between 1:54 p.m. to 5:46 p.m. PT.

Ok. Altogether, “FUUUUU…!”  Read the rest of this entry »


Mac Tip: DropBox Tips – Selective Sync & Cache Cleaning

Filed under: Mac Tips | Tags: , |

Chocolate Tools
Dropbox is an amazing tool and now that it has selective synchronization, you no longer have to have every folder synced across all of your systems.  This is particularly useful if you find solid states hard drive sizes a bit cramped. Read the rest of this entry »


Legal Technology: Practicing in the Cloud Presentation

Filed under: Presentations | Tags: , , , , , , , , |

Here are the slides from “Practicing in the Cloud” presented at the Colorado Trial Lawyers convention and Colorado Bar Association Hanging Your Shingle CLE. This covers the best of cloud based solutions for attorneys!


Is Dropbox Secure Enough For Lawyers?

Filed under: Cloud | Tags: |

I have been using DropBox in my practice for over a year and I have been absolutely thrilled with it. It keeps my computers synchronized and with its versioning and off site storage, it provides a layer in my backup strategy.

Later this year I will be doing  a presentation on cloud based services for lawyers at Colorado Trial Lawyers Convention. This has given me a chance to go back and review Dropbox’s security. I have to say, I have come away impressed.

Much of this is taken from Dropbox’s website and the Amazon S3 site (Dropbox uses S3 for its storage).

How secure is Dropbox?

  • Shared folders are viewable only by people you invite.
  • All transmission of file data and metadata occurs over an encrypted channel (SSL).
  • All files stored on Dropbox servers are encrypted (AES-256) and are inaccessible without your account password.
  • Dropbox website and client software have been hardened against attacks from hackers.
  • Dropbox employees are not able to view any user’s files.
  • Online access to your files requires your username and password.
  • Public files are only viewable by people who have a link to the file(s). Public folders are not browsable or searchable.

Where are Dropbox files stored?

  • All files stored online by Dropbox are encrypted and kept securely on Amazon’s Simple Storage Service (S3) in data centers located along the east coast of the United States.

So lets take a look at Amazon’s security:

PHYSICAL SECURITY

Amazon has many years of experience in designing, constructing, and operating large-scale data centers.  This experience has been applied to the AWS platform and infrastructure.  AWS data centers are housed in nondescript facilities, and critical facilities have extensive setback and military grade perimeter control berms as well as other natural boundary protection. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, state of the art intrusion detection systems, and other electronic means.  Authorized staff must pass two-factor authentication no fewer than three times to access data center floors.  All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff.

Amazon only provides data center access and information to employees who have a legitimate business need for such privileges.  When an employee no longer has a business need for these privileges, his or her access is immediately revoked, even if they continue to be an employee of Amazon or Amazon Web Services.  All physical and electronic access to data centers by Amazon employees is logged and audited routinely.

BACKUPS

Data stored in Amazon S3, Amazon SimpleDB, or Amazon Elastic Block Store is redundantly stored in multiple physical locations as a normal part of those services and at no additional charge.  Data that is maintained within running instances on Amazon EC2, or within Amazon S3 and Amazon SimpleDB, is all customer data and therefore AWS does not perform backups.

In summary, your data is encrypted during transmission and storage, kept in redundant, distributed data centers guarded with security systems that no single law firm could possibly hope to match.

So, yes, I consider cloud based storage (at least as far as Dropbox is concerned) to be secure* enough for lawyers.

*Note: there are other issues to be considered, such as the cloud providers Terms of Service. However, that will have to be a topic for another day.

07/14/11 UPDATE: Since this article was written a lot has changed with Dropbox:

  • I have written about the June 2011 security hole left Dropbox accounts open for several hours.
  • A summary of the rapidly changing Dropbox terms of service.
  • If all this makes you scared to use Dropbox, you can always set up your own synchronizing service with a pogoplug. The trade off is reduced physical security (you’re not going to be able to have the same physical security as Amazon), but you control user access and when data gets turned over to the feds (assuming they don’t just seize everything). Check out my discussion of the pros and cons of do-it-your-self vs various services.

The upshot is that regardless of the “planned-for” security, “actual” security is based on how a service deals with attacks, treats its uses data, and how it evolves over time. I wrote on Ben Stevens site that the ultimate goal is for a syncing services that allows per-file pre-encryption. However, that goal still has to be achieved within a system where the syncing works. That may seem obvious, but syncing is hard.

Consider the relatively simple task of synchronizing contacts and calendars between several systems (iCal, Google, etc). I still hear frequent complaints of duplicated entries or older versions “updating” newer versions with bad information. Again, syncing is hard. The thing about dropbox is that it works. It does sync, cross-platform, and it doesn’t mess up files (even with some picky programs on the Mac like Notebook which have had problems with other sync services).

So, while I am on the lookout for the service that will allow per-file pre-encryption, the first and foremost concern is a service that will not chew up and destroy my files (especially if it does it slowly so it is not noticeable until it is too late).

One contender in the market for per-file pre-encryption is Spider Oak. If you have used in, particularly in a Mac environment, please let me know your experiences. Thanks!