[Fwd: Re: [ETHICS] Microsoft Vista]

Interesting post on Solosez.  Could the degree of access to an
attorney's computer data which is allowed by Vista to Microsoft, be a
problem for attorney-client privilege or client confidentiality?  Discuss.

Carol Shepherd

-------- Original Message --------
Subject: Re: [SOLOSEZ] [ETHICS] Microsoft Vista
Date: Wed, 11 Apr 2007 09:48:53 -0400
From: J. Robert Thompson <jrtesquire@...>
Reply-To: J. Robert Thompson <jrtesquire@...>
To: SOLOSEZ@...
References: <017401c77c2a$759a36e0$0eebf70a@DESKTOP>

A computer guru friend of mine made the suggestion that the degree of access
to an attorney's computer which Vista allows to Microsoft (apparently they
could access literally anything) may be a serious violation of the duty of
confidentiality, and possibly make the attorney-client privilege
inapplicable to any document stored on an internet-accessible computer.

Any comments?

J. ROBERT THOMPSON
P.O.BOX 831912
STONE MOUNTAIN, GA 30083
(770) 925-7999

-----Original Message-----
From: For lawyers who are practicing alone or in a small firm setting
[mailto:SOLOSEZ@...] On Behalf Of Fran Sweeney
Sent: Wednesday, April 11, 2007 7:14 AM
To: SOLOSEZ@...
Subject: [SOLOSEZ] [WC] Microsoft Vista Class Action

I ran across the article below and thought it interesting as a
follow up on the thread several months ago regarding Vista.


http://blog.seattlepi.nwsource.com/microsoft/archives/113491.asp



Fran Sweeney
Attorney and Counselor at Law
7723 Tylers Place Boulevard
West Chester, Ohio  45069
Phone:  513-305-8635
Fax:  5513-759-6755
Email:  fsweeney@...

CONFIDENTIALITY NOTICE

This transmission is intended for the sole use of the individual or entity
to whom it is addressed, and may contain information that is privileged,
confidential and/or exempt from disclosure under applicable law.  You are
hereby notified that any dissemination, distribution or duplication of this
transmission by someone other than the intended addressee or its designated
agent is strictly prohibited.  If your receipt of this transmission is in
error, please notify the law firm of Fran Sweeney, LLC immediately by
collect call at (513) 305-8635, or by reply to this transmission.

----------------------------------------------------------------------------
----
To remove yourself, or change your settings for this listserv, please go to
http://www.solosez.net

SOLOSEZ is a service of the American Bar Association
General Practice, Solo and Small Firm Division
http://www.abanet.org/genpractice

Are you an ABA Member?  To renew your membership or join,
visit http://www.abanet.org/members/join/
----------------------------------------------------------------------------
----

--------------------------------------------------------------------------------
To remove yourself, or change your settings for this listserv, please go
to http://www.solosez.net

SOLOSEZ is a service of the American Bar Association
General Practice, Solo and Small Firm Division
http://www.abanet.org/genpractice

Are you an ABA Member?  To renew your membership or join,
visit http://www.abanet.org/members/join/
--------------------------------------------------------------------------------


--
Carol Ruth Shepherd
Arborlaw PLC
Ann Arbor MI USA
734 668 4646 v  734 786 1241 f
http://arborlaw.com

"legal solutions for 21st century businesses"


**********************************************************************
For Listserv Instructions, see http://www.lawlists.net/cyberia
Off-Topic threads: http://www.lawlists.net/mailman/listinfo/cyberia-ot
Need more help? Send mail to: Cyberia-L-Request@...
**********************************************************************

On Wed, Apr 11, 2007 at 02:33:28PM -0400, Carol Shepherd wrote:
> Interesting post on Solosez.  Could the degree of access to an
> attorney's computer data which is allowed by Vista to Microsoft, be a
> problem for attorney-client privilege or client confidentiality?  Discuss.

Is there a link to the stated level of access and under what terms Microsoft will utilize that access?  I ran Vista for nearly 3 days before I got rid of it because it was too slow and did not provide me anything I needed.  

I would think that it would be okay if Microsoft said they would never access or read data from a vista computer without first notifying the owner (except, of course, data that concerns installed patches and the like), but if they make unannounced access and just read data, then there might be something to that post on Solosez.

The terms would be interesting to read.

K

--
In Vino Veritas
http://astroturfgarden.com



**********************************************************************
For Listserv Instructions, see http://www.lawlists.net/cyberia
Off-Topic threads: http://www.lawlists.net/mailman/listinfo/cyberia-ot
Need more help? Send mail to: Cyberia-L-Request@...
**********************************************************************

In message <461D29F8.60907@...>, at 14:33:28 on Wed, 11 Apr
2007, Carol Shepherd <arborlaw@...> writes
>Interesting post on Solosez.  Could the degree of access to an
>attorney's computer data which is allowed by Vista to Microsoft, be a
>problem for attorney-client privilege or client confidentiality?

I think you need to provide a cite for this "degree of access ...
allowed to Microsoft".

If it were possible for them to access any data on their customers' PCs,
without the customer's permission, I expect it would be headline news -
and I can't find any such news.

--
Roland Perry


**********************************************************************
For Listserv Instructions, see http://www.lawlists.net/cyberia
Off-Topic threads: http://www.lawlists.net/mailman/listinfo/cyberia-ot
Need more help? Send mail to: Cyberia-L-Request@...
**********************************************************************

Roland Perry wrote:
How would we know?  Microsoft is not required to disclose how their
operating system does and does not work, to a level of certainty.  The
fact that the systems implemented by Microsoft in Vista run at
Administrator privilege means Redmond can read *anything* on the
computer.  And the EULA is silent on Microsoft's restrictions when
accessing your computer.

In some Unix set-ups where there is remote administration, there is an
unprivileged user (sometimes called "wheel", sometimes "admin",
sometimes "maint", sometimes even called "bin") that has access to all
binaries and directories of binaries, but to none of the user home
directories.  In short, the maintainer doesn't have root/superuser
privs, so the data is secure.

Microsoft's implementation of file access control would allow such a
restriction.  All Microsoft would have to do is publicize that, with
enough detail that third parties can verify the authenticity of the
claim, and the problem is solved.

Otherwise you are placing all your data in the hands of someone else.
With no legal restrictions on them to use your data by statue, only by
tort -- with all the difficulties getting proof would be.

There is a similar problem with on-line backup people.  Some of the
back-up people use encryption to protect your data so YOU can get to it,
but THEY can't.  (At least, not without cipher-breaking.)  Further, the
contracts have something to say about the matter; not Microsoft's EULA.

That's why I'm glad I'm using a Linux distribution.  No "phone home".
No "authentication".  And OpenOffice 2.0 is proving to be surprisingly
compatible with Microsoft Office, at least as far as documents and
spreadsheets go.

(I can't speak for Macintosh -- I've been away from the platform too
long.  I'm even considering getting rid of my ancient Mac II.)


**********************************************************************
For Listserv Instructions, see http://www.lawlists.net/cyberia
Off-Topic threads: http://www.lawlists.net/mailman/listinfo/cyberia-ot
Need more help? Send mail to: Cyberia-L-Request@...
**********************************************************************

In message <461EF02A.3080105@...>, at 19:51:22 on Thu, 12 Apr
2007, Stephen Satchell <list@...> writes
>>  If it were possible for them to access any data on their customers'
>>PCs,  without the customer's permission, I expect it would be headline
>>news -  and I can't find any such news.
>
>How would we know?  Microsoft is not required to disclose how their
>operating system does and does not work, to a level of certainty.  The
>fact that the systems implemented by Microsoft in Vista run at
>Administrator privilege means Redmond can read *anything* on the
>computer.

Anything not otherwise encrypted (is there a suggestion they have a
back-door for files coded with their own encryption?) and it has to be
transmitted to Redmond, which someone would probably have noticed
happening by now.

There was a lot of fuss about the way the XP "activation" process might
have transmitted details of the software installed on a PC; I can't
imagine the fuss if there was now content being sent by Vista.

That's my common sense view, anyway.
--
Roland Perry


**********************************************************************
For Listserv Instructions, see http://www.lawlists.net/cyberia
Off-Topic threads: http://www.lawlists.net/mailman/listinfo/cyberia-ot
Need more help? Send mail to: Cyberia-L-Request@...
**********************************************************************

Alas Windows backdoors are old news. The NSA mandated backdoors into Windows
versions up to Win2k http://www.heise.de/tp/r4/artikel/5/5263/1.html. Plenty
of stuff on the Net, and it certainly created lots of headlines. This
article talks about no less than three ways in.

Cheers,
Simon Rawson

-----Original Message-----
From: Law & Policy of Computer Communications
[mailto:CYBERIA-L@...] On Behalf Of Roland Perry
Sent: Friday, 13 April 2007 11:57 PM
To: CYBERIA-L@...
Subject: Re: [CYBERIA] [Fwd: Re: [ETHICS] Microsoft Vista]

In message <461EF02A.3080105@...>, at 19:51:22 on Thu, 12 Apr
2007, Stephen Satchell <list@...> writes
>>  If it were possible for them to access any data on their customers'
>>PCs,  without the customer's permission, I expect it would be headline
>>news -  and I can't find any such news.
>
>How would we know?  Microsoft is not required to disclose how their
>operating system does and does not work, to a level of certainty.  The
>fact that the systems implemented by Microsoft in Vista run at
>Administrator privilege means Redmond can read *anything* on the
>computer.

Anything not otherwise encrypted (is there a suggestion they have a
back-door for files coded with their own encryption?) and it has to be
transmitted to Redmond, which someone would probably have noticed
happening by now.

There was a lot of fuss about the way the XP "activation" process might
have transmitted details of the software installed on a PC; I can't
imagine the fuss if there was now content being sent by Vista.

That's my common sense view, anyway.
--
Roland Perry


**********************************************************************
For Listserv Instructions, see http://www.lawlists.net/cyberia
Off-Topic threads: http://www.lawlists.net/mailman/listinfo/cyberia-ot
Need more help? Send mail to: Cyberia-L-Request@...
**********************************************************************



--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.446 / Virus Database: 269.4.0/760 - Release Date: 13/04/2007
8:04 PM


**********************************************************************
For Listserv Instructions, see http://www.lawlists.net/cyberia
Off-Topic threads: http://www.lawlists.net/mailman/listinfo/cyberia-ot
Need more help? Send mail to: Cyberia-L-Request@...
**********************************************************************

In message <005201c78022$fb6bfc30$0201a8c0@...>, at 22:29:56
on Mon, 16 Apr 2007, Simon Rawson <simon@...> writes
>Alas Windows backdoors are old news. The NSA mandated backdoors into Windows
>versions up to Win2k http://www.heise.de/tp/r4/artikel/5/5263/1.html. Plenty
>of stuff on the Net, and it certainly created lots of headlines. This
>article talks about no less than three ways in.

Fair enough, that covers the "Window's own encryption system", but not
any other encryption systems. For convenience, more than anything else,
I have never used a Microsoft supplied encryption system, but have used
those provided by others.

And there still remains the issue of how files can be transmitted
somewhere without anyone ever having noticed.
--
Roland Perry


**********************************************************************
For Listserv Instructions, see http://www.lawlists.net/cyberia
Off-Topic threads: http://www.lawlists.net/mailman/listinfo/cyberia-ot
Need more help? Send mail to: Cyberia-L-Request@...
**********************************************************************

Was struck by this news item in the BNA morning report:

"TorrentSpy, a popular BitTorrent search engine, was ordered on May 29
by a federal judge to create logs detailing users' activities on the
site. However, the judge granted a stay of the order on Friday to allow
TorrentSpy to file an appeal." with news link here:

http://news.com.com/2100-1030_3-6189866.html

Is this the next step that we will likely see in the digital evidence
arena -- requests by parties that the other side, (or depending on one's
characterization of TorrentSpy in this case--a third party
intermediary), be required to create, collect and maintain records?
Seems a bit unique and certainly has some slippery slope problems, but
the facts of these types of cases are also pretty unique.  Has anyone
see the order itself? Any thoughts about it?

Erik J. Phelps
ejphelps@...
My opinions are my own and may not be shared by my employer.


****************************************************************************

Unless otherwise expressly indicated, if this email, or any attachment
hereto, contains advice concerning any federal tax issue or
submission, please be advised that the advice was not intended or
written to be used, and that it cannot be used, for the purpose of
avoiding federal tax penalties.

The information contained in this communication may be confidential,
is intended only for the use of the recipient(s) named above, and may
be legally privileged.  If the reader of this message is not the
intended recipient, you are hereby notified that any dissemination,
distribution, or copying of this communication, or any of its
contents, is strictly prohibited.  If you have received this
communication in error, please return it to the sender immediately and
delete the original message and any copy of it from your computer
system.  If you have any questions concerning this message, please
contact the sender.


**********************************************************************
For Listserv Instructions, see http://www.lawlists.net/cyberia
Off-Topic threads: http://www.lawlists.net/mailman/listinfo/cyberia-ot
Need more help? Send mail to: Cyberia-L-Request@...
**********************************************************************

Blog of attorney for torrentspy has order online -
http://www.moredata.com/home/ram-and-server-log-files-in-e-discovery.html

As Mr. Phelps notes, and characterization in order suggest, the facts
are a bit odd, and perhpas logging was occuring.


On 6/11/07, Phelps, Erik J (22247) <ejphelps@...> wrote:

--
This communication is being sent by an attorney. This communication
may contain information that is proprietary, privileged, or
confidential.

If you have received this message in error, please notify the sender
immediately by e-mail and delete all copies of the message.


**********************************************************************
For Listserv Instructions, see http://www.lawlists.net/cyberia
Off-Topic threads: http://www.lawlists.net/mailman/listinfo/cyberia-ot
Need more help? Send mail to: Cyberia-L-Request@...
**********************************************************************

 

-----Original Message-----
From: Law & Policy of Computer Communications
[mailto:CYBERIA-L@...] On Behalf Of Ethan Ackerman
Sent: Monday, June 11, 2007 10:34 AM
To: CYBERIA-L@...
Subject: Re: [CYBERIA] Court order to create logs

Blog of attorney for torrentspy has order online -
http://www.moredata.com/home/ram-and-server-log-files-in-e-discovery.htm
l

As Mr. Phelps notes, and characterization in order suggest, the facts
are a bit odd, and perhpas logging was occuring.


On 6/11/07, Phelps, Erik J (22247) <ejphelps@...> wrote:
> Was struck by this news item in the BNA morning report:
>
> "TorrentSpy, a popular BitTorrent search engine, was ordered on May 29
> by a federal judge to create logs detailing users' activities on the
> site. However, the judge granted a stay of the order on Friday to
allow
> TorrentSpy to file an appeal." with news link here:
>
> http://news.com.com/2100-1030_3-6189866.html
>
> Is this the next step that we will likely see in the digital evidence
> arena -- requests by parties that the other side, (or depending on
one's ************************************************************************
****

--
This communication is being sent by an attorney. This communication
may contain information that is proprietary, privileged, or
confidential.

If you have received this message in error, please notify the sender
immediately by e-mail and delete all copies of the message.


**********************************************************************
For Listserv Instructions, see http://www.lawlists.net/cyberia
Off-Topic threads: http://www.lawlists.net/mailman/listinfo/cyberia-ot
Need more help? Send mail to: Cyberia-L-Request@...
**********************************************************************


****************************************************************************

Unless otherwise expressly indicated, if this email, or any attachment
hereto, contains advice concerning any federal tax issue or
submission, please be advised that the advice was not intended or
written to be used, and that it cannot be used, for the purpose of
avoiding federal tax penalties.

The information contained in this communication may be confidential,
is intended only for the use of the recipient(s) named above, and may
be legally privileged.  If the reader of this message is not the
intended recipient, you are hereby notified that any dissemination,
distribution, or copying of this communication, or any of its
contents, is strictly prohibited.  If you have received this
communication in error, please return it to the sender immediately and
delete the original message and any copy of it from your computer
system.  If you have any questions concerning this message, please
contact the sender.


**********************************************************************
For Listserv Instructions, see http://www.lawlists.net/cyberia
Off-Topic threads: http://www.lawlists.net/mailman/listinfo/cyberia-ot
Need more help? Send mail to: Cyberia-L-Request@...
**********************************************************************

[Sorry for empty post earlier; to quick on the click]

My thanks first to Ethan Ackerman, who provided a link to the torrentspy
order:

Blog of attorney for torrentspy has order online -
http://www.moredata.com/home/ram-and-server-log-files-in-e-discovery.htm
l

which is interesting reading.  Couple of things:

Using primarily MAI v. Peak, court finds that data stored in RAM is ESI
for purposes of discovery; I think this is probably right
definitionally, though it may have some far reaching implications.  I
think most folks believe/conclude that things like deleted file space,
backup tapes, flash memory, etc. are potentially discoverable ESI, so
the concept that RAM may also fit this definition isn't too shocking

Then, court finds that such ESI is in the "possession, custody or
control" of defendants (almost certainly true, if they are running the
site).

Then, the court says that requiring that the preservation and production
of the server log data which exists in RAM is not tantamount to
requiring the creation of new documents.  Well, now we have some
interesting implications.  

What is going to be in the required log files?  From reading the order,
sounds like some of the boxes at issue are IIS boxes -- well, the
logging done by IIS is pretty customizable, varies by version and varies
by plug-ins installed: see, e.g.,
http://msdn2.microsoft.com/en-us/library/ms525410.aspx 

What if one created a version of a webserver (by modifying an open
source one, like, say, Apache) that didn't have a logging capability
that could be enabled -- clearly the information about inbound requests
is still there in RAM and being responded to, but would you now be
obligated to install additional software to preserve the information?
What if they had logging enabled, but didn't capture a piece of
information that Plaintiffs wanted -- could the order require them to
modify their logging to capture it?

Think about how many devices/machines/etc. create "ESI" in RAM during
normal operation.  Every single draft outlook email and draft word
document would qualify, but why stop there: smtp servers, routers and
switches themselves (which also have logging capabilities, I might add);
IDS devices; the list is nearly endless -- almost anything with a
processor that interacts with things will have information in RAM that
is accessible in some way shape or form.

Reading between the lines, what appears to be going on here is that the
facts are pretty unique--the information sought goes right to the heart
of proof in the case; defendants have made an affirmative (public, it
sounds like) choice NOT to keep information of this type when many
similarly situated people would, and the burden for keeping it and
producing it is relatively low (and if not, I'm sure the plaintiffs
would have offered to pay for some disk space).

Erik Phelps
ejphelps@...
My opinions are my own and may not be shared by my employer.


****************************************************************************

Unless otherwise expressly indicated, if this email, or any attachment
hereto, contains advice concerning any federal tax issue or
submission, please be advised that the advice was not intended or
written to be used, and that it cannot be used, for the purpose of
avoiding federal tax penalties.

The information contained in this communication may be confidential,
is intended only for the use of the recipient(s) named above, and may
be legally privileged.  If the reader of this message is not the
intended recipient, you are hereby notified that any dissemination,
distribution, or copying of this communication, or any of its
contents, is strictly prohibited.  If you have received this
communication in error, please return it to the sender immediately and
delete the original message and any copy of it from your computer
system.  If you have any questions concerning this message, please
contact the sender.


**********************************************************************
For Listserv Instructions, see http://www.lawlists.net/cyberia
Off-Topic threads: http://www.lawlists.net/mailman/listinfo/cyberia-ot
Need more help? Send mail to: Cyberia-L-Request@...
**********************************************************************