20 December 2014

CloudHQ review

Having recently returned to private legal practice, it's been an interesting time to think about best practices for data storage, information capture and document management. While there are a number of enterprise grade products that would be excellent single repositories for email, documents and notes, there are other options that work well with a bit of thought.

I recently came across cloudHQ, which reminded me of IFTTT, but goes much further and has far greater application for a business user. Both products act as the glue in the middle of various cloud services, such as allowing Evernote to exchange data with Dropbox, but cloudHQ integrates more deeply and with greater functionality.

As a very long-term Evernote user, I have a lot of data there, and it is very easy to create notes when out and about with a mobile device . As a lawyer, making a file note contemporaneously with a conversation can be very important, and on mobile phones Evernote is really the easiest place to do that. In fact, using the IFTTT Android channel, a note is automatically created in Evernote every time I create or receive a phone call on any of my Android phones. It captures the phone number, caller name if possible, date and time and length of call. I can then add to that note any notes that I need to make.

Where cloudHQ comes in is when I want to take the data out of Evernote and put it into the file system. We operate with virtual desktops which are securely hosted and provide our law firm with great flexibility in where we work and how we work. Evernote has many great features, and Evernote for business is coming along well, but our current source of truth is the file server that is part of our virtual environment. CloudHQ will automatically either copy or sync my Evernote notes into Dropbox, OneDrive, Google Drive, box and webdav (just to name the file system products) as Word and/or PDF files continuously. It happens on the cloudHQ servers so my bandwidth is not affected, and it can be a one-way or two-way synchronisation.

A nice feature is a form of versioning, where cloudHQ will automatically save previous copies of documents before overwriting with the latest version. Evernote does not automatically version documents, and you have to rely on it simply creating a new version from time to time, over which you have no control. That doesn't really work for lawyers - we need certainty over how version control works.

Outlook email is not solved with cloudHQ, but Gmail and Google Apps are very nicely integrated. I personally have a Google Apps account, so I can do backup emails with that account under the premium plan, where it will back up or migrate all emails into Evernote or the file system (Dropbox, OneDrive et cetera) or another connected service. CloudHQ also permits two-way or one-way sync of just a single label.

Even where sync is two-way, you can choose whether or not to replicate deletion of files and folders. This let you have hybrid models of backup rather than simply synchronisation. The output for emails can be HTML, text, PDF, EML and others. Attachments are also exported automatically.

The control panel for managing your synchronisation pairs is easy to use and gives you a great deal of control over synchronisation. Events are logged and viewable, and synchronisation can be paused without deleting the entire rule.

There are many use cases for cloudHQ, and whether or not it is valuable for you will depend on what you need. I find the ability to get data out of Evernote without any effort into a file system folder is really valuable, because it lets me use Evernote for what it's good at on mobile devices without ending up with multiple repositories for my important client data.

I think cloudHQ is well worth a look.

(Disclosure: I may receive a discount from cloudHQ for writing this blog post, but that was not the purpose of this post nor did affect my evaluation of the product.)

15 December 2014

Sydney exclusion zone 16 December 2014

If you work in the Sydney central business district, the NSW State government has issued a map and details of an exclusion zone around the Lindt cafe. Since I work one day a week in Martin Place next to the zone I thought I'd share it:

Details of zone: 


Map of zone: 

29 November 2014

OS X force quit - fail

I'm happy to be corrected on this, but today I had an app that misbehaved on Yosemite, and the Force Quit... command didn't interrupt the misbehaving application nor the operating system. The force quit dialogs sat behind the errant app, and couldn't solve the problem.

Maybe I'm naive, (I doubt it) but an operating system should give the user control to manage every running app on the system. OS X does not. (Windows is better, but not as good as it should be).

22 November 2014

Exchange email applications for Android

Over the last few days I've done a quick review of a number of Microsoft Exchange email clients for Android. I like to keep work and private life separate, and in Lollipop this has become harder when using the default Gmail and Email applications. After an upgrade, my corporate Exchange account was combined into the Gmail application, and that isn't what I wanted.

So I did a short review of the following apps from the Play Store:

  1. AcquaMail
  2. MailWise
  3. Accompli
  4. CloudMagic
  5. Nine
(I also did a review of BlueMail, which is not an Exchange client, but worth mentioning - see below)

These are all good applications - lots of work has gone into them, and I could live with any of them. Clearly though, I wanted to work out what was best for me.

The application I think I will purchase?  Nine, but it wasn't easy.

Your use-case may differ. This is not about the "better app"; it's about what works best for me.


  • clean interface, nice to look at
  • threaded email conversations
  • rich text HTML body
  • rich text signature
  • works offline
  • two widgets - one that shows recent emails, the other that shows unread count and starts the app
  • can compose and "send" while offline and it will send when back online
  • cons
    • I missed the neat integration in CloudMagic with Evernote and Todoist


no rich text - dealbreaker
  • clean interface, nice to look at
  • would do the job for me except for the "Cons" below
  • had very neat integration with Evernote, Todoist, Trello and a number of other useful apps
  • Cons
    • no rich text
    • doesn't work offline
    • no threading
    • didn't always sync fast enough for me
    • a bit slow to display inbox because it goes to a cloud service


  • did the job
  • nice rich text in email and signature
  • cons
    • interface was not my cup of tea
    • wasn't obvious how to get to subfolders
    • no threading


no rich text - deal breaker
  • good interface and showed cc/bcc without any extra clicks
  • has threading


No rich text - dealbreaker
  • Nice interface
  • threading
  • cons
    • no rich text
    • I didn't like the way it handled an email with no body text but had an attachment - wasn't obvious that there was an attachment


While I'm at it, I should mention I tried BlueMail before I realised it didn't do Exchange - however, I was impressed with how it worked with my Google Apps account. It's quite a good Gmail client, and it has some features that help you turn emails into sort-of to-do tasks. Well worth a look!

20 November 2014

Android 5.0 Lollipop - early issues

I've had the over-the-air update to Android 5.0 Lollipop for 36 hours, and I have a few observations:

  • Skype stopped working until uninstalled and reinstalled
  • My Nexus 5 lost its APN settings (carrier is virtual mobile network operator TPG, which resells Optus in Australia)
  • No obvious effect on battery life
  • In two apps a dialogue box has stopped working - I can't connect in FinchVPN, and I can't install the latest beta of Waze. In each case, the relevant button doesn't work and I have to click cancel.
  • Some things take more clicks - e.g. changing the wifi network manually or getting into Settings
  • Notifications on the lock screen are pretty cool, but you need to change the notification settings for apps that tended to sit in the Notifications area in 4.4.4, such as Skype or Lightflow
  • Do Not Disturb is a nice touch but not completely intuitive to set up
  • I had read reports that there would be a single app for mail that did both Gmail and Exchange - that's not correct. 
  • Messenger is much better for SMS than Hangouts
  • Bluetooth settings now have not only Phone Audio and Media Auto, but also Contact Sharing, which reduces a dialog when connecting in a car.
  • There are plenty of bugs, such as the button bug above, and sometimes checkboxes don't respond, such as when changing the profiles of a paired Bluetooth device

I'd say it's worth upgrading, but don't do it on the morning of a day that you really need your phone to work completely as expected!

08 November 2014

Long term review of the MacBook Air mid 2013

Although I have used Macintoshes professionally since System 6, I by choice use Windows computers since Windows 7 - working in enterprises means that I need to use Windows apps, and I don't need cross-platform-aggro. Having said that, I have a 2013 MacBook Air and a 2013 MacMini (with an aftermarket SSD and aftermarket 8 GB RAM - the Mini is unusable if you don't do this).

Even on Yosemite I don’t really like the Finder. It's ok, and I can live with it, but as an operating system shell it has a few faults. Windows 7 does too (don't mention Windows 8 or 8.1 - but the Windows 10 technical preview might one day be as ok as Windows 7).

So, I have a MacBook Air 13" mid 2013 model. I really, really like it. It's, given the present state of the art, the best laptop out there for my use case.

I don't use Boot Camp. I boot into OS X 10.10, but have Parallels 10, so I can use Foxit Phantom PDF Standard and Microsoft Office 2010 (2013 really annoys me). I use Foxit because OS X Preview bloats file sizes badly, and Foxit has a bunch of other abilities.

The battery life of the Air is a standout. I can easily take it out for a full day's work of 8-10 hours without worrying about the battery. As of November 2014 I can see that battery life is waning by maybe 10-20%, so a refurb will definitely be required at the 2 year mark.

The screen is very nice, the size of the whole machine is just right for a portable computer, and the weight is great for a machine of this power and battery life. The power brick isn't huge, it has Intel 5000 graphics and a backlit keyboard. Time Machine works well to back up the whole disk including the Parallels files. WiFi is reliable and works on 2.4 and 5 GHz. Recharging is surprisingly fast. The speakers are fine for watching YouTube or listening to internet radio in a hotel room.

An AUD$20 DisplayPort to DVI cable means I can use a second screen with just about any monitor. It also works fine with my 27" Thunderbolt Display and a DisplayPort to HDMI adapter - all very easy to use.

Some foibles of OS X annoy me, but they aren't the MacBook Air's fault. I really like Chrome shortcuts on the desktop in Windows, which aren't available on OS X.

I won't bore you with comments about everything about the MacBook Air mid 2013 - it's a laptop that has all the things that come along with laptops.

My conclusion - after 16 months with the MacBook Air mid 2013? It's the best laptop I've used or owned.

(c) 2014 Andrew Calvin, Sydney Australia

30 October 2014

DropBox or OneDrive?

I have, as a university student, a 4 year subscription to onedrive for four years for USD$100. That gives me at least 1 TB but that might be "unlimited" given the news of this week.

I don't think I will ever use it. Why? I don't trust it. I buy 100 GB of storage from Dropbox for a lot more, but it works better. Today I did some testing of file creation and editing on two well-connected sites (using TeamViewer to test) and Dropbox created and updated files within 5-10 seconds,  OneDrive didn't update some changes at all, and most of them took a minute or two to propagate. That's not going to work for collaboration in a fast workflow.

Sorry Microsoft, but this is a system I can't trust based on simple testing, and the one attraction (offline files) doesn't work that well on Windows 7, and you know I'm not going to upgrade to Windows 8.x or 10 just for that.

It's got a long way to go before it's a trustworthy solution.

17 October 2014

Making file notes of phone calls while on the go

The problem: You receive a phone call while on the go, and you really should make a written file note of what was said. You try to remember to do it when you get a chance.

One solution: I use a Nexus 5 Android-based phone, and am a heavy Evernote user. I don't use Evernote as my main practice management tool, but it does have its advantages. The ingredients for the solution are:
IFTTT has a nifty way of connecting a multitude of online services, and it solves this problem by creating a new Evernote note whenever I receive a phone call on my mobile phone. I can then type the note there and then, or when I see it later in Evernote I'm reminded to type up that file note. The file note is pre-populated with as much information as is available from the phone. I just add my own text at the end and email the note to my main system.

Of course, if you use Evernote to run your practice then it's just a matter of moving it to the correct notebook.

02 October 2014

National Security Legislation Amendment Bill (No. 1) 2014

The Australian Senate has passed the National Security Legislation Amendment Bill (No. 1) 2014. It has a lot of interesting amendments to various pieces of legislation such as to the Australian Security Intelligence Organisation Act 1979, which gives it a framework for ASIO affiliates who may be consultants or contractors to the organisation. It also allows for secondment to or from the organisation, and one presumes that if an employee is seconded to an overseas intelligence organisation, they retain their powers.

The bill is quite long and has many interesting provisions in it, so I’ll just note the couple of issues for now and perhaps come back to the bill later. There are a number of provisions around computer surveillance, which may be of a particular computer or a computer on particular premises, or a computer associated with a person, whether or not the person’s identity is known. In appropriate cases it permits adding, copying, deleting or altering other data in the computer, but this should not materially interfere with the operation of the computer unless it is necessary for the purpose of the warrant.

The bill also has quite a number of provisions in relation to how a surveillance device warrant may be issued and attempts to achieve a fairly high bar before a warrant will be issued. Such a warrant can authorise removing say, a clock, inserting a device into it and then returning the clock to the premises. Even electricity cables may be tapped, and I understand that there is some technology available that can provide intelligence from power cables.

Many of the activities set out in the bill may be done upon authorisation by the Minister or the Director-General, rather than a judge.

25 September 2014

TPG v NBN - TPG a clear leader

For whom the TPG bell tolls: NBN competition heats up: (source - Financial Review)

So TPG is now offering 100 Mb down, 50 Mb to selected developments in Sydney, such as my mate's place at Millers Point. Unlimited data, plus calls at that speed, all for about $60!

That leaves the NBN for dead. There were some machinations, it seems, at the ACCC about whether or not TPG could do this, but it's definitely up and running as my buddy's smile proves.

I've done a bit of analysis of the cost and access to the National Broadband Network before, so I'll keep this short and remind you that those 100 Mb speeds that have been advertised to you by the previous Labor government in particular are Tier 5 speeds - most consumer plans are Tier 1 or 2, and they aren't any better (and probably worse) than existing cable from Optus. The Tier 5 costs are very expensive indeed compared to TPG's current offering.

02 September 2014

Microsoft Matter Center for Office 365 for Law Firms & In-house Counsel

The Claim: Microsoft Matter Center for Office 365 boosts law firm productivity:

I've used SharePoint for many years, and was even on stage at the launch of SharePoint 2007 in Sydney & Melbourne, courtesy of a joint project with my law firm and Microsoft. SharePoint has its place, but it's not won me over as a true document management system yet.

Office 365's incarnation of SharePoint takes us a lot closer - and Matter Center might tip the balance for me, although I reserve judgement until I can get substantial hands-on time. It relys on OneDrive for Business, which I do currently use, and I have a few reservations about it at the moment. The software isn't as mature as DropBox, and it shows in a few clumsy ways.

I plan to do a full review of Matter Center for Office 365 in the not too distant future.

Andrew Calvin

28 August 2014

Lawyers blog better

Kevin O'Keefe correctly explains that lawyers' blogging is good for the dissemination of news...


04 August 2014

Netflix in Australia

Using Netflix in Australia is a breach of the customer contract between the user and Netflix, even if you are normally domiciled in the USA.

Netflix, like many other companies that distribute media content, is restricted by the geographic regions to which it can provide content. This is hard to do without letting in customers who don't qualify, and accidentally blocking people who do qualify. There are around 20 million Australians, many of which are wanna-be Netflix customers, waving their credit cards, and they can't understand why they can't join the 314 million USA citizens who can access Netflix.

Netflix is just a distributor (well, it's not a content creator for now, but who knows...). It is bound by its contractual relations with its content providers. Assuming Netflix has a rational approach to business, it is not interested in being bound by geographic rules - it would serve anyone in the world if it could provide a satisfactory service.

Content providers have spent money creating content. They will, by and large, not do that if they cannot make a profit from their efforts. In addition, like most economically rational organisations, they will try to maximise return.  I am a lawyer - it might surprise you, but I do give away substantial amounts of my chargeable time, but I try to maximise my return on my personal effort.

The divide between content owners and content distributors is extremely well-canvassed. I'm not writing much new here. What I do want to suggest is that both providers and distributors might find a bit of "leakage", provided there is some remuneration, is acceptable. Why would I suggest that? One of the big questions is: should I (assuming I am the content provider) sell to Australia/UK/New Zealand/Luxembourg/Mexico for the same price that I sell to the USA? Do I refuse to sell until I work out how much I can sell it for? Or, do I just work out how much I can sell in that geographic market, and be prepared to delay launch for a few years knowing that my prices will make up for it? Perhaps the real issue is that the local rights owners just aren't able to make the deal work - there can be many reasons for this.

It's pretty easy for an Australian (or a USA citizen located in Australia) to use Netflix and pay their way. Netflix receives the same income as it would from a USA resident, and the content providers receive their share too. Do Netflix or their content providers really care? They probably do, because they need to look after their contractual obligations towards rights holders in other jurisdictions. These can limit the timing, format, first run, repeats and more. 

How does one do it? There's a few ways, but a quick search suggests that the most popular method is:
  1. set up an account with www.getflix.com.au and change your router settings as advised;
  2. jump on line and go to Netflix and create an account, even with an Australian credit card;
  3. if you have a Chromecast or Roku box, make changes to the static routes on your router;
  4. enjoy.
That was pretty easy to say. In fact, item 3 is harder than it looks. It's possibly a bit more fiddly than you might prefer, but it all does work.  But, there are problems with doing this, and they revolve around breach of contract with Netflix and breach of copyright.

This hardware solution also doesn't mean I can take my Chromecast with me on holidays to Vietnam or France and plug it in and watch (although a VPN on a computer will make it work). The need to configure the edge router means that a Chromecast will never work in a hotel. Having said that, when I'm in Hoi An or Strasbourg, watching telly is not on my list of priorities.

Geographic pricing is nothing new. Many years ago Ford Australia used to build an ugly convertible that sold for less in the USA than it did in Australia. Ford Australia won my admiration by simply admitting that the sell price in Australis was simply what the market would bear - there was little competition.

So my tiny contribution to the geographic content argument is: we are not talking about cars, and that way of thinking doesn't work any more.

03 August 2014

Cyberspace May 2014

The final piece

The Journal of the Law Society of New South Wales is changing, and this is the last journey through cyberspace that I’ll write about. The title of this column has, for the last 16 years, been entitled “Journeys Through Cyberspace” because it has been a journey in terms of the evolution of the internet, my career, technology, societal change and communication. This column has always been written in the first person, because it’s been my journey through cyberspace (a word which is pretty naff today, but in fact remains useful) and a lot of people were interested in coming along on the journey. This piece is an incredibly brief conclusion to a 16 year journey.

While this is the last piece for the Journal of the Law Society of New South Wales, I’ll keep writing regularly on my main blog at http://blog.calvin.it.

At the age of 50 I am a technology geek because that is the world in which I live. In 1983 when I was 20 I had never touched a personal computer (nor had most people), and my technology fix came from being a member of the armed forces (an amazing hand-held computer that could plot our mortar shoots), and tweaking car and motorcycle engines on weekends. Technology takes many shapes. I find it amusing that the forefront of technology today is largely to be found in motor vehicles.

My sole exposure to computing in the early 80s was because of a lecturer at UNSW named Graham Greenleaf, who had typed a few hundred full-text judgements on animal law into the School of Engineering’s VAX (a VAX 4000?). From the law school we could use an acoustic coupler to call the VAX at 300 baud (I can't describe how slow this is), and search for keywords in cases.  Today Graham is an AM, Professor, and co-founder of AustLII, which formed the foundation of legal research in Australia & many other countries.  Speaking of AustLII, I also remember having a conversation with (now Professor) Andrew Mowbray in the early 90s, who was also instrumental in the founding of AustLII. I had just read that someone had come up with a way of using Compact Discs to store computer information, and I was interested in his thoughts. We both puzzled over how on earth that might work. The rest is history.

For reasons that aren't clear to me, over the last few years I’ve become a bit of a gun property lawyer, but it appeals to my interest in contracts and the law in the real world. However, through this column I’ve tried to show how cyberspace and law and the real world work together. I’ve been gratified by all the email I’ve received over the last decade or two (remembering that when I first wrote this column, only 22% of NSW lawyers had an email address). Actually, I ended up writing this column because of a meeting of the Law Society Technology sub-committee, chaired by my then colleague Patrick Fair (who has flourished in his technology & law career and is the chair of the Internet Industry Association). The committee thought it might be worthwhile if the Journal had a column on this internet thing, and I put my hand up. The rest is history (again).

Today my relationship with technology is pretty clear - it enables me to do my job anywhere anytime. Last week I had my car serviced, and for four hours I sat a desk at Renault over their WiFi with a VPN connection to Sydney Water, and punched out four solid hours of work. In a similar vein, when I worked at the ABC I was astonished at the amount of technology in the business and how most of it “simply worked.” Used correctly, technology really is an enabler and not a barrier.

In the early 90s I was a construction litigator at Phillips Fox, and most of those cases were document intensive. I managed to work out a way to use a newish product named FileMaker Pro (now one of the world's most popular databases) and a Macintosh SE30 to capture the information from the documents into a useful database which could produce summaries. These assisted in taking witness statements and finding documents. In fact, during our opening in a Construction List matter our opponent said that we had not pleaded a point we were opening on. A free-text search of the 104 page summons shut him down in a few seconds. They were heady days, and this was, to us, amazing.

During the early 90s a number of the major law firms such as Blake Dawson Waldron, Phillips Fox, Henry Davis York, the Law Society and more were using the Macintosh computers. We had something called document management. It opened my eyes to how electronic information could be managed – thank you Dave Masters. At that time the current Windows operating system was Windows 3.1. I remember having a chat with a Senior Associate at Blakes named Elizabeth Broderick about the future of lawyers who chose a technology path. We both agreed that we were atypical in our career path, but there was probably a future. Elizabeth became a partner in the firm and is now the Australian Sex Discrimination Commissioner.

In about 1994 Phillips Fox was running Macintoshes with Microsoft Mail. There was no concept of Internet e-mail. I had read in a magazine how one could get an Internet e-mail address and send and receive e-mail to other people. I recall contacting Robert Elz in Melbourne to see if we could register phillipsfox.com.au. He was the sole manager of the.au namespace in these early days. We installed Eudora on the Macintoshes and setup an account with Dialix, based at Sydney University. Twice a day, initially, the modem would call Dialix and conduct a UUCP exchange to send and receive email. While this was going on, I remember demonstrating using the web browser Lynx, a purely text based browser, to show how we could read poems from a university in America. The lawyers in my office were astounded. Shortly afterwards I received my first spam, which so offended me that I e-mailed the gentleman involved about it. He telephoned me immediately to apologise, saying that he had purchased a mailing list which he thought he was able to use.

In late 1996 I was working on a matter for London underwriters on a court case known as Estate Mortgage, which was heading for hearing in the Supreme Court of Victoria. There were so many parties involved that an entire floor of the building was leased and fitted out for the courtroom and the parties. Andersen Consulting, working for the receivers, had digitised many thousands of documents relating to the collapse of the fund (a first in litigation at the time), and a way of displaying these at trial was needed. A young Victorian barrister had some good ideas, and wrote a web based evidence and transcript system that that he called Lantern. He sat down with me and showed me the beta of Windows NT 4 and how it could be used to receive and display information over the Web. Today it is named Ringtail and is one of the premier litigation support products in the world.

Towards the end of the 90s I was given for review what looked like a shiny river rock, which turned out to be one of the first Apple Airport Expresses. Together with a very expensive laptop and a very expensive wireless card, I was able to walk around my house and, as I put it in my column, surf in the bath tub. Of course, my house had a second phone line which was purely to dial into the firm to hold up my Internet connection. At that time, many people had a single phone line at home and many a download session was interrupted by someone else picking up one of the extensions. It was quite common for employees to use their business as their ISP and Phillips Fox had 18 dial in lines. I wrote about how the Internet was a good idea, but would never take off until it was "always on". And of course the rest is history (again).
In 2008 I bought one of the first netbooks with a 7 inch screen to travel overseas extensively. Its usefulness was mind blowing, yet today one needs to compare the 1 inch plastic lump with a 7 inch screen and compare it with my Nexus 7 or iPad. But even in 2008, sitting in a cafe using the free Wi-Fi on one of these tiny computers was straight out of Star Wars.

In April 2008 I wrote about Apple giving consideration to introducing a product in Australia known as the iPhone. At that time I was using a BlackBerry Pearl, and also had a Sony S500, which for at this time was an amazing phone. It also had a great camera, which reminds me of the time when I met a Nokia programmer who showed me a preproduction model of a mobile phone with a camera built in. It seemed like a ridiculous idea to me and it would never fly. The rest is history.

The development of litigation discovery over the last 16 years has been a difficult journey, and I still don't think we are there yet. I spent a reasonable amount of my career at the forefront of development, and I am pleased to leave it to others. I wrote the first draft of what was to become the first practice note in relation to electronic discovery in the Supreme Court of New South Wales. Today's version is light years beyond what I wrote, but I still think we have a long way to go.

 It has been unbelievably exciting to have been involved in the development of the law and technology since 1990. I am definitely not finished yet, but this is a good time to document some of the progress. The key to the future is making technology invisible to lawyers so they can just get on with the main game. In 1993 I was badgered online for setting up a USENET group named aus.mountainbiking. I was asked what it had to do with technology. My answer was that technology should be able to help me be a better mountain biker. Technology is not an end in itself, it is just an enabler.

Cyberspace April 2014

You may have read about the recent case of Mickle v Farley [2013] NSWDC 295 (29 November 2013), in which a former Orange High School student was held to have defamed a teacher at the school. Elkaim SC DCJ awarded $105,000 damages plus costs to the plaintiff, who was defamed via Twitter messages and on Facebook. In many respects there is not much new about this case, although the lesson really is that there are many more opportunities to cross the line publicly today, which in the past might have been done over a beer with a couple of friends.

There are other ways to mess up your life (or your parents’) by throwing away $80,000. The Third District Court of Appeal (Florida) in Gulliver Schools, Inc and anor v Snay No. 3D13-1952 recently held that a non-disclosure clause in a settlement agreement was breached by Snay telling his daughter he had settled his claim against his former school employer. The clause prohibited revelation of the existence of the settlement agreement. Shortly after the agreement was signed, Snay’s daughter posted on Facebook to 1200 friends and former Gulliver students: “Mama and Papa Snay won the case against Gulliver. Gulliver is now officially paying for my vacation to Europe this summer. SUCK IT.” None of that was technically correct, but the appeals court held that as a matter of construction the agreement meant that Snay could not directly or indirectly disclose any information regarding the existence or terms of the agreement. So, the Facebook post wasn’t the key breach, but it was pretty impressive evidence of it. So, under the terms of the confidentiality agreement, Snay forfeited $80,000.

In the aftermath of the Edward Snowden revelations about US Government surveillance of foreigners, you might be amused to know that the Australian Department of Foreign Affairs and Trade set up a special email address for those needing help at the Sochi Winter Olympics. It was a Gmail address.

The Office of the Australian Information Commissioner has released a statement (http://goo.gl/OwJ0bv) confirming that organisations can be held accountable for data breaches where the breach occurs due to a cyber attack. This has always been the case, as privacy principle 11 requires an organisation to take reasonable steps to prevent unauthorised access to personal information. There can be other personal effects too, such as the data breach that Target USA suffered in early 2014, where data on 110 million consumers was lost. The CIO has now resigned.

Of course you read updates to terms of service? Dropbox recently issued an update (https://blog.dropbox.com/2014/02/updating-our-terms-of-service/) which enforces USA binding arbitration unless you explicity opt-out. Class actions are prohibited (although it remains to be seen if this is effective) and the forum for litigated disputes is California. Dropbox also issued new Government Data Requests Principles, which are, frankly, a bit fluffy and seem to lack enforceable substance.

I’m a fan of Evernote (www.evernote.com) to store everything I know but can’t remember, but Microsoft has announced that OneNote is now free for non-business use on all platforms, including OS X. Combined with an Office 365 account or OneDrive (the newly renamed SkyDrive) you have a cloud-based repository for your free-text and rich-text notes. I’m going to stick with Evernote for now (and continue to ignore Google Keep), but OneNote is now a worthy contender on desktop, cloud and mobile devices.

05 March 2014

Taking your site down - blackmail

There are a few lessons to be learned as a result of the massive attack on the Meetup web site in early March 2014. That attack meant that Meetup, a very large site used to organise meetings of every size and type, wasn't available for more than two days. It has more than 15,000,000 members and more than 300,000 meetings per month organised through it.

The Meetup blog helpfully provided lots of information about the attack, and the email that gave notice of it. While the email suggests that the attack was at the instigation of a competitor, and that the attack would stop if $300 was paid, it's obvious that neither statement was true. If someone does this sort of damage to a business, why would you consider anything he/she says to be even remotely truthful?

The distributed denial of service (DDoS) attack meant that Meetup's servers were overwhelmed by requests for data, and so the site simply stopped operating. Clever work by their engineers and consultants resulted in the site coming back on line.

Meetup rightly refused to pay the blackmail amount, not trusting that it would stop the attacks, nor believing that such payments are appropriate.

Meetup's response was to reassure customers that their data was safe, and keep their users informed of what was happening. It's basic good practice in customer relations to be transparent when issues arise, and it's astounding how many organisations think that by denying there is a problem, or not providing information, is a smart move (airlines, especially).

While this attack was somewhat novel, allowing a smaller number of zombie computers to create a large attack, one of the solutions was to ensure that the servers were patched to the latest revision and applying specific patches. Lesson: keep your servers up to date.

Business continuity: do you or your clients rely on an internet presence to do business? If so, then you need to ensure servers are properly patched, and there is a business continuity plan in place (prepared with the advice of experts - not just some tech guys). By way of example, Meetup used CloudFlare to assist them and improve their ability to withstand attacks.

24 February 2014

International travel with a mobile phone - France

I'm presently in France for two weeks, and was interested in using a local pre-paid SIM. I settled on Lebara, which is a global virtual mobile operator. While Lebara operates in Australia, it bears little relationship with other Lebara operators, so I dealt with Lebara France directly.

I registered for a new SIM on http://lebara.fr before I left Australia, and within a few days Lebara had air mailed me a SIM and details of the phone number. I activated it on the web site, and that was that until I arrived in France.

Just before I left Australia I changed my voicemail on my Optus account to ask people to email me or SMS me. I then diverted all inbound calls to voicemail.

On arrival in France I inserted the Lebara SIM into my Nexus 5, and went to their website and added EUR20 credit. This was supposed to give me EUR20 credit and 3 GB of data. As it turned out, despite quite clearly clicking on "3GB" bonus data topup, I still only received 1 GB of data. Black mark for false advertising and an incorrect web site. Still, at this stage I had credit and 1 GB of data for two weeks, which is likely to be plenty.

I also put my Australian SIM into a spare old phone with good battery life, and data roaming disabled. The only point of this phone is to receive SMS sent to my Australian Optus phone number.

Another useful part of their plan is that there seems to be some level of free Lebara to Lebara calling, which is useful if you're travelling with others. I got two SIMS for this.

Lebara's web site is wrong

Lebara.fr must hate its customers. After adding credit you are directed to a web page which allegedly shows you how to add their APN into your phone so that 3G data works. Unfortunately it's absolutely wrong. In short:

- the APN name is fr.lebara.mobi
- the username is Web  (Lebara tells you it's wap)
- the password is Web (Lebara tells you it's blank)

After finding the above setting on Tripadvisor I was able to get 3G working, and away I went. If you have a problem with Lebara and 3G data, this is your answer.


Their rates are very good for an Australian traveller. Calls to Australian landlines are 15 cents flag-fall, and 1 cent per minute! Calls within France are more expensive, but still cheap.  I really only wanted data, the occasional phone call in France to book restaurants, and to call home (although I also have Skype credit to call landlines and mobile numbers). 


I doubt that Lebara.fr would be a great choice for someone who can't solve technical issues or might need to call the support line (business hours Mon-Fri). If you're a bit more determined, it's a great solution. Just watch out for the false advertising on the amount of pre-paid data.

Cyberspace March 2014

That old chestnut

The Sydney Morning Herald reported on 14 February 2014 that the Federal government was once again considering requiring ISPs to block websites that allow users to infringe the copyright of others, and provide a graduated response against the ISP account holder. Blacklists can be a problem, as weve seen in the past - the existing blacklist of really unpleasant sites even gets it wrong occasionally. The other worrying part of this announcement is that while it is completely wrong for people to steal digital content, punishing the internet account holder by cutting off access when the infringer may be a family member or housemate is wrong-headed.

This announcement is made more interesting in the light of a January 2014 paper (http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2380522) about the French HADOPI three strikes piracy law introduced in 2009. This law also provided a graduated response and a government agency was created to administer it. In its original form the agency could issue several notices to an alleged infringer, and ultimately require an ISP to suspend internet access for up to a year. The authors (Arnold et al, from USA and French universities) analysed the impact of this law on individual behaviour in the light of their theoretical model.   Their results indicated that the law has no substantial deterrent effect. They also found that determined and knowledgeable infringers will find ways to steal content with a greatly reduced likelihood of detection - they wont use the well-known channels such as bittorrent. The authors found that there was a reduction in theft, but it was insignificant. 

If laws such as HADOPI do not affect the behaviour of infringers in a material way, it makes sense to find other methods. Like many crimes, there are the suppliers (such as the old Pirate Bay) and there is the demand side. Pursuing individuals on the demand side is resource-intensive, and requires justice to be administered on a case-by-case basis for it to be fair. Pursuing the suppliers seems to be the obvious route, just as it is with illegal drugs. Of course, another way to prevent theft of physical objects is to lock them up, which is where the digital content industry started - Digital Rights Management. DRM eventually became such a headache for all involved that it has largely been abandoned in the consumer space, except for some book suppliers such as Amazons Audible. Blocking piracy is a difficult problem, but we should be aware of proposals to cut off household (or business) internet access when there might be only one infringing person.


You have no doubt read stories about children making in-app purchases on Apple or Android devices, sometimes spending thousands of dollars feeding virtual unicorns or building farms. In-app purchases are becoming a preferred monetisation model over up-front purchases of the application. After playing a game for some days or weeks, the player runs into a wall preventing meaningful progress unless they purchase credits ranging from $5 to $100 or more. The USA Federal Trade Commission filed a complaint against Apple Inc, who in January agreed to pay at least USD$32.5M to settle the claim. Apple must also change its processes to avoid unplanned purchases. Apple had tried to limit the problem by only allowing a 15 minute window for purchases after the password had been entered (by the parent, one presumes). However, the parent may have thought they were only authorising one purchase. The Android store has an even longer window. The ACCC has released consumer advice on the problem which notes that getting a refund can be time consuming and difficult. Unfortunately, Australian consumers cant access the USA settlement.

Cyberspace February 2014

Net neutrality

Most consumers think that their electronic bits sent across the internet are just that - bits of information that are simply routed to their intended destination. However, telecommunication companies have a different view - many treat or want to treat the data differently depending on what’s inside those packets. ISPs and operators of the infrastructure often want to discriminate against certain types of traffic, such as VoIP, Skype or BitTorrent. This form of discrimination might be the bandwidth available to the type of traffic, or the location or user, and there are other types of net discrimination. This is a battle that has gone on for years, and it’s called “net neutrality.”  Some time ago the USA Federal Communications Commission issued a ruling that telecommunication companies must treat all types of traffic equally. However, after a challenge by Verizon the US Court of Appeals DC Circuit held on 14 January 2014 that the FCC does not have the power to make such an order.

Why would a telecom coy want to discriminate? If your ISP is also a phone provider, it might not want to offer great service for cheap VoIP or Skype calls. ISPs with poor infrastructure that can only handle web browsing and email might want to throttle file downloads over ftp or BitTorrent. An ISP who also sells cable tv may want to offer a lousy YouTube or other IP video experience. These reasons are often clouded in arguments that the throttled services are damaging quality of service to other customers or are somehow unfair, but it usually comes down to protecting business opportunities.

In the world of free markets an ISP who applies net discrimination would only survive if it either offered other great services, or it was a monopoly or duopoly. You can see where this argument is going in relation to Australia, because in many Australian towns even a duopoly would be an improvement. Despite this, we have been fortunate to date.

Why is net neutrality important? It is mostly because it lets the consumer decide what is important. An immobile person might find it fantastic to have the array of YouTube videos on offer, whereas I rarely watch it. On the other hand, I often download gigabytes of software from my Microsoft TechNet subscription at 20 Mb/sec that dwarfs any YouTube watching. Teenagers will play online for hours and only use 50 MB/hour. An immigrant in a low paying job will want to call home frequently, and can do it cheaply with VoIP. Whose use is “better” or more deserving?


Net discrimination has been lurking in the wings in Australia for a while, but it hasn’t drawn too many complaints. We’ve always had access to the maximum speed possible for our location, but what about the NBN? Does it discriminate by user? Under Labor and Coalition governments it has never treated consumers equally on price. Many/most consumers think they are going to get a 100 Mb connection - but they’re not unless they pay for it. The NBN is intentionally speed throttled depending on how much you pay, which is very different to consumer experience to date. Apart from some cable users, until the NBN ISPs have offered same speed to all customers on a plan, and the only difference was the amount downloadable during the month. With the NBN both speed and downloads are in play; the entry speed is 12 Mb/s on Tier 1 (as opposed to, say, my Optus cable of 20 Mb/s), and the widely advertised 100 Mb is only available on Tier 5. By way of example, as I write, Optus is offering an NBN bundle of unlimited calls and 200 GB of download, but it’s only on Tier 1. I’m currently on Optus cable at nearly twice the speed, more than double the download, unlimited calls, and I pay $15/month more...

Cyberspace December 2013

Going mobile

If you work for a large firm or enterprise you may well have experience in using Citrix technologies to access the corporate IT systems. This allows you to use applications on any computer (Mac or PC) in a way that either makes the remote corporate desktop take over the local computer, or you can just use the remote applications in a way that it seems like they’re running locally. On a fast connection with good IT systems it can be just as good as being in the office. The big advantage of this is that all your data is safe on the corporate system, and you can reconnect anytime and carry on working. There are even Citrix clients for iOS and Android that work fairly well despite the small screen size. This, combined with diverting your desk phone to your mobile means that unless you need a paper file, you become “location independent.”

Amazon has now entered this field and are trialling “remote desktop computers.” The idea is that your local computer (Mac, PC, Linux, iOS, Android) does nothing at all except run the Amazon software that connects to the remote PC, and that PC lives in their data centre. Every time you connect you log into your “own” PC, which will be in the state in which you left it. So let’s say you’re a small firm. You don’t want to be too involved with technology but you’ve got a new employee or a temporary contractor. You buy for your employee a basic PC or Mac that only has the operating system installed (around $400). You then log into a web page at Amazon and click a few buttons, and some minutes later a new remote computer has been provisioned with the software you requested (eg Microsoft Office). The new user receives his login details and is up and running. Since Amazon is already offering servers in this virtual environment you can share documents with each other, and the computer and documents are all backed up. The user can log off at work and log in at home or at a client - the same computer desktop is available.  You pay for the remote PC by the month USD$35-75 depending on configuration. If you downsize your firm then you delete the PC and stop paying for it. Amazon is not alone in offering this type of service, but this seems to be the first relatively accessible offering to a wider market. You still might need some technical advice in how to configure email and file sharing services, but it certainly is an interesting model for a firm who doesn’t want a huge capital outlay or wants to outsource its IT management and backup.

Quick notes

In the late 90’s I was on a Law Society sub-committee on technology. One of the things we discussed was how many NSW solicitors had email addresses, and at that time it was well under 50%. I recently read a report (http://goo.gl/9lq3Tl) that a retired South Carolina attorney was disciplined for failing to have an active email address. We’ve come a long way.

Online dating profiles can be used in ways you don’t expect. The accused in a recent USA shooting has had his Match.com and AdultFriendFinder.com profiles and comments tendered in court.
My organisation has recently issued me with a Windows Phone 8, which I've been keen to try. I'm a very happy Android Nexus 4 user and ex-iPhone user, but Windows Phone 8 has been a bit of a challenge. Despite that, the Nokia Lumia 820 has great battery life and free downloadable GPS maps.

Cyberspace November 2013

Having just finished International Business Transactions in my LLM course I’ve been looking at the practical methods of transacting overseas compared with the theory. Paying for goods and supplying goods using documentary letters of credit seems a pretty sensible, if cumbersome way of doing business with someone who you don’t yet trust. Once you do have a clearly good business relationship then you can dispense with all that and just use email and direct bank transfers. Or can you?

In Factory Direct Fencing Pty Ltd v Kong AH International Company Limited [2013] QDC 239 (27 September 2013) the Supreme Court of Queenland considered this very problem. Fencing had been purchasing fencing supplies from Kong for a time, and all was going well. Orders and invoices were exchanged by email, and payments were made by SWIFT transfer to the supplier’s bank in Hong Kong. Kong’s employee’s email address was junfumetal@yahoo.cn, but later emails arrived from junfu.metal@yahoo.cn. Fencing used the address glenn@fdfefencing.com.au, but after a time emails came from glenn.fdfencing@ymail.com. In each case the latter address turned out to be a fraudster impersonating both parties.

The fraudster emailed Fencing from the fraudulent address, giving him a bull story about why the banking details needed to be changed. The address was such that it wasn’t obvious it was a different address, and the tone of the email (despite having some clear warning signs) was more or less in keeping with previous correspondence. Any reply from Fencing went to the fraudulent address, and the fraudster was able to provide assurances as neccessary. It seems that the fraudster had had access to Kong’s email account, as he clearly had knowledge of the transactions and was able to use similar language to that used in previous correspondence, strengthening the impersonation.

Emails sent by either party were effectively intercepted and modifed before being on-sent with details to effect the fraud. This man-in-the-middle scam requires some skill and luck, but can only occur if at least one of the parties’ email account is compromised so that the requisite knowledge can be gained.  Perhaps unsurprsingly, the forensic expert found that the IP addresses shown were allocated to Nigerian entities, although the court noted that these can be spoofed as well, so the emails could have originated in China.

Kong shipped the goods and Fencing paid into the fraudulent bank account, but when Kong didn’t receive payment it refused to authorise the release of the goods to Fencing, and the fraud came to light. The purchaser had paid on fraudulent invoices into the fraudster’s account. The court held that the vendor was not liable to the purchaser.

There are lessons to be learned here.  Don’t use a public email domain like Gmail or Yahoo. It’s neither hard nor expensive to get your own domain. Remember that Gmail differs from Yahoo in that bill.bloggs is the same as billbloggs with Gmail, whereas at Yahoo they are different addresses. Yahoo also now recycles abandoned email addresses, which makes impersonation much more likely  You might consider not including your name in the “from” address - only the actual email address is transmitted and a change will be obvious.  Confirm critical changes by two methods. Ask for confirmation via fax or over the phone. Each of those could be fraudulent as well, but getting it “right” twice is less likely than getting it right once.  Don’t “reply” to an email if you’re not positive about the sender. Create a new email from your own address book (but watch out for systems that auto-add addresses as soon as you receive an email).