Category Archives: Legal

Secure File Delivery with an Audit Trail

My Docs Online has enhanced its web-based secure file delivery feature to add additional controls and a comprehensive delivery audit trail.

“We were the first to offer web-based file delivery, back in 1999,” said Stephen Campbell, CEO of My Docs Online, “and we’ve consistently enhanced and expanded our capabilities as user needs have evolved. What we are seeing now is the need for optional controls like passwords, variable expiration limits, and most importantly, a detailed audit trail documenting delivery and the ability to make changes after the fact. No other product offers our range of options coupled with an audit trail.”

In order to offer such a wide range of options without making the feature cumbersome to use, customization controls allow unneeded options to be hidden, allowing a streamlined, custom experience for each user. In addition, group administrators can control defaults and enforce group policies such as requiring passwords or setting a fixed expiration.

The new “Smart Label” feature allows users label a Share, and also save default values like custom comments and expirations for future use. Smart Labels also add more value to the Share Management portion of the product, making it easier to locate, verify and control Shares.

Users also have the option to generate a link they can send themselves, or select email addresses from an address book and let My Docs Online send the email.

The file delivery page displays the customer’s logo, and offers an optional zipped download of all files when there is more than one.

A web API is also available for third-party use.

More details are available in the My Docs Online FAQ.

PowerDMS Expanding in Orlando Aided by City Incentives

PowerDMS, Inc., a cloud-based document management software company, will expand its presence in downtown Orlando, Florida, adding 65 new jobs over the next three years and investing $400,000 into the region. In addition to being awarded a financial incentive from the City of Orlando, PowerDMS recently secured growth equity funding from Ballast Point Ventures and plans to use the investment to augment its sales and marketing team and enhance its technology platform by offering new features to its customer base, which includes law enforcement, public safety, healthcare and retail.

Founded in 2001, the company’s software platform provides “practical tools necessary to organize and manage crucial documents and industry standards, thereby helping organizations maintain compliance with constantly evolving industry accreditation protocols.”

Structured as a software-as-a-service (SaaS) model, PowerDMS combines attributes of Governance and Risk Compliance (GRC) and Enterprise Content Management (ECM) into its software platform, allowing customers to manage risk through living compliance documentation and content.

The application provides tools to organize and manage crucial documents and industry standards, train and test employees, and uphold proof of compliance, thereby helping organizations reduce risk and liability.

“Downtown Orlando is a great location for dynamic tech companies like PowerDMS,” said Orlando Mayor Buddy Dyer, “with a talented labor force, business friendly environment and high quality of life, Orlando has become an ideal site for corporate headquarters looking to expand.”

 

Aereo Decision: the Cloud at a Crossroad?

Broadcasters’ latest legal target is 2-year-old upstart Aereo—which retransmits over-the-air broadcast television using dime-sized antennas to paying consumers, who can watch TV online or record it for later viewing. The case, before the Supreme Court, may have impact on cloud computing generally, not just on Aereo’s business. A federal appeals court said that Aereo’s service is akin to a consumer putting a broadcast antenna atop their dwelling. Aereo, the appeals court ruled, “provides the functionality of three devices: a standard TV antenna, a DVR, and a Slingbox”

Companies like Google, Microsoft, Mozilla, Yahoo, and others are worried that a victory for the broadcasters could upend the cloud. The companies, in trade association briefs, told the justices in a recent filing that the “dramatic expansion of the cloud computing sector, bringing with it real benefits previously only imagined in science fiction, depends upon an interpretation of the Copyright Act that allows adequate breathing room for transmissions of content.”

Consider any file-hosting service that allows people to store their own material, such as Dropbox. What if it can be shown they are storing copyrighted work. Do they need a license?

Mitch Stoltz, an Electronic Frontier Foundation attorney, said in a telephone interview that, “If the Supreme Court rules in favor of the broadcasters, their opinion might create liability for various types of cloud computing, especially cloud storage.”

But, in urging the high court to kill Aereo, the broadcasters said that “The disruption threatened by Aereo will produce changes that will be difficult, if not impossible, to reverse.”

More detail and analysis.

PRISM Scandal Generates Renewed Interest in Non-US Cloud Providers

Guest Post by Mateo Meier, founder of Swiss hosting provider Artmotion

Businesses vote with their feet, in light of the recent PRISM scandal. Up until recently, the US had been considered the leading destination for cloud services with its vast infrastructures and innovative service offerings, but recent leaks have sparked panic amongst many business owners and is driving demand for Non US cloud providers.

The most concerning aspect for many is the wide ranging implications of using US-controlled cloud services, such as AWS, Azure and Dropbox. As a result, businesses are now turning to Switzerland and other secure locations for their data hosting needs.

Swiss ‘private’ hosting companies are seeing huge growth because privacy in Switzerland is enshrined in law. As the country is outside of the EU, it is not bound by pan-European agreements to share data with other member states, or worse, the US. Artmotion, for example, has witnessed 45 per cent growth in revenue amid this new demand for heightened privacy.

Until now the PRISM scandal has focused on the privacy of the individual, but the surveillance undertaken by NSA and Britain’s own GCHQ has spurred corporate concern about the risks associated with using American based cloud providers to host data. It is especially troubling for businesses with data privacy issues, such as banks or large defence and healthcare organisations with ‘secret’ research and development needs.

Before PRISM, the US was at the forefront of the cloud computing industry and companies worldwide flocked to take advantage of the scalable benefits of cloud hosting, as well as the potential cost savings it offered.

However the scandal has unearthed significant risks to data for businesses, as well as for their customers. With US cloud service providers, the government can request business information under the Foreign Intelligence Surveillance Act (FISA) without the company in question ever knowing its data has been accessed.

For businesses large and small, data vulnerabilities and the threat of industrial espionage from US hosting sites can present real security risks or privacy implications, and it’s causing a real fear. Business owners are worried that by using US based systems, private information could potentially be seen by prying eyes.

The desire for data privacy has therefore seen a surge in large corporations turning to ‘Silicon’ Switzerland to take advantage of the country’s renowned privacy culture. Here they can host data without fear of it being accessed by foreign governments.

Mateo-Meier

Mateo Meier, founder of Artmotion, spent the early stages of his career in the US before returning home to Switzerland to start Artmotion. Artmotion was started in early 2000 and provides highly bespoke server solutions to an international set of clients.

The Future of Tech Companies, the NSA, and Your Information

Guest Post by Lewis Jacobs

Verizon and the NSA

Last week, the technology world was turned upside down when the Guardian broke the news that the National Security Agency had directed telecommunications company Verizon to release customer call records and metadata on an “ongoing daily basis.”

Though the metadata doesn’t include the audio content of calls, it does include the phone numbers on both ends of calls, the devices and location of both parties involved, and the time and duration of calls.

The order was leaked by Edward Snowden, an analyst for defense contractor Booz Allen Hamilton at the NSA. The order targets both international and domestic calls, and it does not contain parameters for who can see the data or whether or not the data will be destroyed after NSA use.

Though the White House and the NSA say that the data will only be used for counter-terrorism efforts and other national security measures, the order nonetheless gives the federal government access to data from all of Verizon’s more than 100 million customers.

Since the story broke, there has been significant debate over whether the NSA is working within the regulations of the First and Fourth Amendments or whether it is violating citizens’ rights to free speech and privacy. The White House has defended the order as a necessary measure for national security. But critics, including the American Civil Liberties Union and several U.S. lawmakers, disagree.

What it means for the future

The controversy raises the question of whether or not other technology and telecommunications companies will be required to follow suit—or whether they already have. Amy Davidson at the New Yorker speculates that the leaked Verizon order is “simply one of a type—the one that fell off the truck.” Adam Banner at the Huffington Post wonders, “How many other ‘top secret’ court orders are currently in action with countless other information providers?”

The NSA is said to have been monitoring and collecting customer data from some of the world’s largest technology companies with the help of surveillance program PRISM. But many companies, including Google, Facebook, Microsoft, Yahoo, Apple, and AOL, have denied providing the government direct access to their users’ information. Google, one of the companies to deny any knowledge of PRISM, wrote an open letter to the Attorney General and the FBI requesting to make public any federal requests for data.

In any case, it’s unlikely that the NSA demanded customer information only from Verizon, meaning that the federal government could be (and probably is) accessing information about citizens through their phone providers, their email services, and their search engines. Faced with federal orders, there’s not much that technology companies can do in opposition.

The future of NSA technology surveillance will depend, of course, on its legality, which is yet to be determined. It’s unclear whether or not the NSA’s actions fall under the provisions of the Patriot Act, the FISA Amendments Act, the Constitution, and federal government’s system of checks and balances.

The American Civil Liberties Union recently announced their plan to sue the White House Administration for violating the privacy rights of Americans. On the other side, whistleblower Edward Snowden is currently under investigation for the disclosure of classified information, an offense that could result in life in prison.

This article was submitted by Lewis Jacobs, an avid blogger and tech enthusiast. He enjoys fixing computers and writing about internet trends. Currently he is writing about an internet in my area campaign for local internet providers.

Sources:

http://www.newyorker.com/online/blogs/closeread/2013/06/the-nsa-verizon-scandal.html

http://www.huffingtonpost.com/adam-banner/the-nsa-and-verizon

http://money.cnn.com/2013/06/11/technology/security/google-government-data/

http://money.cnn.com/2013/06/07/technology/security/nsa-data-prism/

http://www.washingtonpost.com/blogs/wonkblog/wp/2013/06/06/everything-you-need-to-know-about-the-nsa-scandal/

Anticipating Law Enforement Move to the Cloud, Assocation Publishes Guide

Today, the International Association of Chiefs of Police (IACP) released “Guiding Principles on Cloud Computing in Law Enforcement” at the Leveraging the Cloud for Law Enforcement Symposium held at the Newseum.  Developed in collaboration with key law enforcement subject matter experts from around the nation as well as experts from SafeGov.org, the principles establish clear and concise parameters and a path forward for the exploration of cloud-based computing solutions and services by law enforcement.  The IACP principles come after a newly released IACP/Ponemon Institute/SafeGov.org commissioned survey showed that over half of law enforcement agencies surveyed indicated that they had implemented, were planning or considering implementing cloud-based solutions in the next two years.

“Cloud computing represents an important shift in the way information resources are managed and deployed by law enforcement agencies,” said Bart R. Johnson , Executive Director, IACP. “Realizing the substantial potential benefits of cloud computing, however, requires that we recognize the sensitivity of law enforcement information, make every effort to maintain the security and availability of key systems and data, and that we work closely with industry to build solutions that meet the critical and evolving needs of law enforcement.”

The IACP principles focus on addressing some of the most tangible benefits that cloud computing offers, including cost savings, rapid deployment of critical resources, off-site storage and disaster recovery as well as meeting dynamic operational needs, while maintaining the security of systems and the proper use of data.

Key principles include:

  • FBI CJIS Security Policy Compliance – Services provided by a cloud service provider must comply with the requirements of the Criminal Justice Information Services (CJIS) Security Policy.
  • Data Ownership – Law enforcement agencies should ensure that they retain ownership of all data.
  • Impermissibility of Data Mining – Law enforcement agencies should ensure that the cloud service provider does not mine or otherwise process or analyze data for any purpose not explicitly authorized by the law enforcement agency.
  • Confidentiality – The cloud service provider should ensure the confidentiality of law enforcement data it maintains on behalf of a law enforcement agency.

IACP will be working in the coming months to develop model policies associated with cloud computing through the IACP National Law Enforcement Policy Center. Model policies are expected to be released at the IACP Annual Conference, scheduled for October 19-23, 2013 in Philadelphia, Pennsylvania.

To view the IACP principles and results and methodology of the IACP/Ponemon Institute/SafeGov.org commissioned survey, please visit http://www.theiacp.org/cloudcomputing.

Sorenson Forensics Launches New Cloud-based Database for CSI Management, DNA Profile Archiving

Sorenson Forensics today announced the launch of its new LEAD (Local Entry Accessible DNA) Database, a secure, cloud-based service designed for local law enforcement agencies to simplify the archival, search and reference of DNA profiles from crime scene samples. The LEAD Database™ was unveiled during the 2012 International Association of Chiefs of Police Conference in San Diego, Calif.

The Sorenson Forensics LEAD Database™ gives law enforcement agents at a local level the control they need to archive DNA profiles collected within their jurisdiction to be easily searched and referenced by an authorized user. By centralizing collected profiles, users can access the database to compare DNA profiles against current crime scene evidence. Using a sophisticated algorithm, the LEAD Database™ searches existing profiles and will automatically notify users when a matching profile is identified, enabling crimes to be solved more quickly.

“The national DNA database is controlled by the FBI, and while federal, state and local public crime labs have access to its information, it is not comprehensive nor does it provide a local database of information that is needed,” said Timothy D. Kupferschmid, executive director of Sorenson Forensics. “With the Sorenson Forensics LEAD Database™, we are giving local control of DNA profiles to law enforcement agencies. This solution enables each agency the ability to handle casework in a way that best suits their individual needs, and expedites the time it takes to get the information needed to resolve cases.”

DNA profiles from evidence samples can be manually uploaded to the LEAD Database™ via a secure Internet connection by a local state crime lab, or samples can be submitted to Sorenson Forensics’ laboratory to be analyzed and added to the database. Sorenson Forensics’ advanced DNA laboratory holds the prestigious ASCLD/LAB-International accreditation.

The LEAD Database™ is the latest in a line of innovative services introduced by Sorenson Forensics to better assist local law enforcement agencies to solve difficult cases. In 2011, the company launched Investigative LEADTM, the industry’s most advanced ancestry DNA test for law enforcement. Since its founding in 2006, Sorenson Forensics has developed an international reputation for providing advanced forensic DNA services, including DNA testing and analysis, expert witness testimony, DNA case reviews, laboratory validation services and evidence screening.

For pricing and purchasing information on the Sorenson Forensics LEAD Database™, contact: salesinfo@sorensonforensics.com.


Old Model: Patents Protect Products. New Model: Patents Themselves Are Products

Unwired Planet, Inc. has filed patent infringement complaints against Apple Inc. and Google Inc. in the U.S. District Court for the District of Nevada.  Unwired Planet claims to be “the inventor of the mobile Internet.” It is now an “intellectual property
company that makes and sells no products – except patent licenses. Or as they say on their website:

Old Model: Patents Protect Products. New Model: Patents Themselves Are Products

In two separate complaints filed in Reno, Nevada, Unwired Planet charges Apple with infringing 10 of its patents, and charges Google with infringing 10 different patents. Together, the two cases charge infringement of a total of 20 patents related to smart mobile devices, cloud computing, digital content stores, push notification technologies and location-based services such as mapping and advertising.

“Today’s actions follow a careful review that we launched in late 2011 as we began to transform Unwired Planet into an Intellectual Property company,” said Mike Mulica, CEO of Unwired Planet.

In the case against Apple, the complaint specifically alleges that infringing Apple products and services include, among others:

  • Mobile Devices (including mobile phones, tablets, and music players
    with the iOS operating system including iPhones, iPads, and iPods),
  • Mobile Digital Content Systems and/or Services (including Apple App
    Store, Apple Apps, iTunes),
  • Cloud Messaging Systems and/or Services (including Apple Push
    Notification Service (APNS), Siri), and
  • Map and Location Systems and/or Services (including Apple Maps, Local
    Search, iAds, Safari web browser, Find My iPhone, Find My iPad, and
    Find My Friends).

The patents asserted against Apple are:

1. United States Patent No. 6,317,594, entitled “System and method for providing data to a wireless device upon detection of activity of the device on a wireless network,” asserted against devices such as iPhones and iPads which are able to get information, for example update notifications, when the device is switched on or moves between cells of the cellular network.

2. United States Patent No. 6,317,831, entitled “Method and apparatus for establishing a secure connection over a one-way data path,” asserted against services which use a push mechanism to get notifications to devices such as update badges sent to iPhone and iPad applications.

3. United States Patent No. 6,321,092, entitled “Multiple input data management for wireless location-based applications,” asserted against devices such as iPhones and iPads which use more than one source of location information, for example GPS, Wi-Fi and cell tower location.

4. United States Patent No. 6,532,446, entitled “Server based speech recognition user interface for wireless devices,” asserted against wireless server-assisted speech recognition for personal assistant services and dictation, such as Siri on iPhones and iPads.

5. United States Patent No. 6,647,260, entitled “Method and System Facilitating Web Based Provisioning of Two-Way Mobile Communications Devices,” asserted against Appstores for selecting and downloading applications on devices such as iPhones and iPads.

6. United States Patent No. 6,813,491, entitled “Method and apparatus for adapting settings of wireless communication devices in accordance with user proximity,” asserted against ways of using motion and proximity sensors to control devices like iPhones and iPads.

7. United States Patent No. 7,020,685, entitled “Method and apparatus for providing internet content to SMS-based wireless devices,” asserted against automated searching and information delivery based on keywords in a message from a mobile device, for example as used in Siri for iPhones and iPads.

8. United States Patent No. 7,233,790, entitled “Device capability based discovery, packaging and provisioning of content for wireless mobile devices,” asserted against digital stores with content and Apps for devices with different capabilities, for example the App Store for iPhones and iPads.

9. United States Patent No. 7,299,033, entitled “Domain-based management of distribution of digital content from multiple wireless services subscribers,” asserted against services such as iTunes or the App Store that distribute digital content to multiple domains, internationally.

10. United States Patent No. 7,522,927, entitled “Interface for wireless location information,” asserted against ways of obtaining device location information such as Find my iPhone, Find my iPad and Find my Friends.

The complaint against Google specifically alleges that infringing Google products and services include, among others:

  • Search and Advertising Systems and/or Services (including Google
    Search, Google AdWords, Google+Local, Google Places, Google Mobile
    Ads),
  • Mobile Digital Content Systems and/or Services (including Google Play,
    Google Apps, Bouncer, C2DM, and GCM),
  • Cloud Messaging Systems and/or Services (including C2DM and GCM),
  • Maps and Location Systems and/or Services (including Android Location,
    Google Maps, Google Street View, Google Latitude, Google My Location,
    Google+, Google+Local, Google Places),
  • Short-Range Radio Communications Systems and/or Services (including
    Google Wallet, Google Offers, and Google Mobile Ads), and
  • Mobile Devices (including mobile phones and tablets with the Android
    operating system, including Motorola Mobility and Nexus mobile phones
    and tablets).

The patents asserted against Google are:

1. United States Patent No. 6,292,657, entitled “Method and Architecture for Managing a Fleet of Mobile Stations Over Wireless Data Networks,” asserted against mass updates to applications installed on devices such as Android phones and tablets.

2. United States Patent No. 6,654,786, entitled “Method and Apparatus for Informing Wireless Clients about Updated Information,” asserted against push mechanisms to get updated information to devices such as Android phones and tablets.

3. United States Patent No. 6,662,016, entitled “Providing Graphical Location Information for Mobile Resources Using a Data-Enabled Network,” asserted against placing a location marker for the current location of a mobile device on a corresponding map, such as My Location in Google Maps.

4. United States Patent No. 6,684,087, entitled “Method and Apparatus for Displaying Images on Mobile Devices,” asserted against zooming into a map on devices such as Android phones and tablets, and providing zoomed-in images to users of Google Maps.

5. United States Patent No. 6,895,240, entitled “Method and Architecture for Managing a Fleet of Mobile Stations over Wireless Data Networks,” asserted against group and mass notifications/updates to mobile devices such as Android phones and tablets.

6. United States Patent No. 6,944,760, entitled “Method and Apparatus for Protecting Identities of Mobile Devices on a Wireless Network,” asserted against authenticated push of information from application developers to devices such as Android phones and tablets.

7. United States Patent No. 7,024,205, entitled “Subscriber Delivered Location-Based Services,” asserted against search and advertising using location, such as sponsored links in Google searches which are paid for using Google Adwords.

8. United States Patent No. 7,035,647, entitled “Efficient Location Determination for Mobile Units,” asserted against identifying the location of a device, such as an Android phone or tablet, with increased accuracy using multiple sources, such as GPS, Wi-Fi and cell tower location.

9. United States Patent No. 7,203,752, entitled “Method and System for Managing Location Information for Wireless Communications Devices,” asserted against privacy control for applications requesting access to the location to a device, such as an Android phone or tablet.

10. United States Patent No. 7,463,151, entitled “Systems and Methods for Providing Mobile Services Using Short-Range Radio Communication Devices,” asserted against devices with advanced Near Field Communications (NFC) services, such as NFC-based commerce, advertising and coupons, and access to content using NFC.