The most widely read magazine for Canadian lawyers
Issue link: https://digital.canadianlawyermag.com/i/50818
TECH SUPPORT detection, after the popular TV series of the 1980s, could offer a mechanism for policing weapons ban treaties. Much closer to home, the existence of the GhostNet implies at least the possibility of similar espionage efforts mounted not by governments but by enterprises aimed at their competitors. In fact, it's extremely likely. "Industrial espionage is a driving force behind many malware attacks," says Deibert. Law firms, especially those involved in high-stakes litigation, may be particu- larly susceptible to being targeted. And if you think that simply keeping your firm's security software up to date guarantees impregnability, think again. The Citizen Lab used a meta tool to test the ability of 35 different commer- cially available virus programs to detect Gh0st RAT. Only 11 could. This is not surprising given how quickly threats develop and how long it takes for them REPLICA where lawyers are storing crucial data on personal computers, it's a constant headache. Confi guring backups can be maddeningly complex. Indi- A viduals have to remember to do it regularly, or if they're using a system that supposedly does it automatically, regularly check that it's actually happening. Enter Replica, a new portable USB hard drive from Seagate Technology LLC. Replica includes software that simplifi es and automates backups to the point of being almost idiot proof. You plug Replica into a PC and it backs up all your data. The product comes in two versions: a 250GB model (about $150) with a one-PC software licence, and a 500GB model (about $230) with a multi-PC licence. There is no confi guration to worry about. Replica does backups one way only. It copies everything on designated hard drives. After an initial backup it continuously backs up data as you add or change fi les. And unlike some backup systems that store data in compressed archives accessible only through a time-consuming recovery process, Replica stores fi les using the same folder structure as the source drive. It becomes a mirror — or replica — of the source. Simplicity does come at a small cost. You can't choose which types of fi les to back up and which to leave out. Replica grabs everything, including junk you'll never need again, such as temporary fi les and saved Web pages. But given the low price of hard disk storage, it seems a small price to pay. — GB t big fi rms with IT departments, lawyers don't worry about backups. It happens behind the scenes, out of sight, and out of mind. But in smaller fi rms, especially to come to light and for security soft- ware companies to then add profiles to their scanners, says Deibert. The Citizen Lab has shown other ways governments, individuals, and companies can use network connections for surveillance and clandestine moni- toring. An earlier investigation focused on the Chinese version of Skype, the free, or cheap, Internet phone service, which the provider claims is very secure because it uses end-to-end encryption of voice streams. But Deibert's team showed the Chinese government had easy access to unencrypted conversa- tions, apparently provided by Skype's Chinese partner — unbeknownst to Skype, the company claims — and that it routinely tapped into calls placed by and to dissidents, who were using the service in the first place because it promised security and privacy. There is a widespread mispercep- tion, says Deibert, that the cyber realm is something we enter and exit when we choose, that it's somehow immaterial, and that it can't easily be controlled. "All three assumptions need to be seri- ously questioned," he says. Anytime you're connected to the Internet — and most companies and individuals are connected continuously — com- puters are vulnerable to some extent, however well protected. And anytime you're active on the Internet, data pass- es from your computer through sev- eral physical switching points that are outside your control, and for the most part, outside your ken. "And at every step along the way," Deibert points out, "there are opportunities for govern- ments and private companies to inter- cept or block traffic." This has implications in particular for cloud computing, the increasingly popular notion of using applications that reside on a remote server on the Internet rather than on a local server or personal computer, and storing associated data on remote servers as well. Cloud appli- cations for business include online backup (sometimes free) and collabo- ration services with file sharing, wikis, blogs, and social networking features. They offer significant convenience and in some cases cost savings. But are they inherently insecure? "So much of what we do is mediated by private companies," Deibert notes. "Who are these companies that control different segments of the cloud?" And where, physically, is data asso- ciated with cloud applications stored? To what extent do the private com- panies involved collude, willingly or otherwise, with government — or might they if push came to shove? It's clear from the Skype case that service provider claims of privacy and security cannot be taken at face value. Deibert stops short of saying nobody should use cloud computing services. He adds, however, "I would recom- mend great caution to anyone, but especially to law firms." Gerry Blackwell is a London, Ont.-based freelance writer. He can be reached at gerryblackwell@rogers.com www. C ANADIAN Law ye rmag.com JULY 2009 29 Gadget Watch