“U.S. Magistrate Judge Paul S. Grewal in San Jose, Calif., ordered Google within two days to disclose what terms it’s using to find documents Apple has requested in pretrial information sharing, and to tell Apple which Google employees those documents came from,” writes Bloomberg Business Week. “Google had argued the collection of information would be too burdensome.”
“The court cannot help but note the irony that Google, a pioneer in searching the Internet, is arguing that it would be unduly burdened by producing a list of how it searched its own files,” Grewal wrote in a footnote to his order.
Apple took the step of asking the judge to intervene because it believed the search terms Google was using in response to Apple’s document production requests weren’t inclusive enough, and so left things out.
“Apple believes Google purposely uses suboptimal search terms,” writes the FossPatents blog. “For example, Apple claims to know that Google uses a different term internally for what Apple calls ‘slide to unlock.’ As a result, searches for ‘slide to unlock’ wouldn’t deliver too many documents in which Google employees discussed this patented technology. ”
(Why is Google involved in the Samsung case in the first place? Because all of the products said to be infringing run the Android operating system that Google developed.)
Apple was also criticized by the judge for not being more cooperative, such as by telling Google what documents it thought were missing. As you may recall, the 2006 rules for electronic discovery require the different sides in a legal suit to work together and agree on how they will search for documents.
There is, of course, more to the story.
“Warren, a lawyer for Google who is also representing Samsung, explained to the judge that turning over the requested information Apple is seeking could lead to ‘future discovery that we don’t think they’re entitled to’ and give the company ‘ideas about how to proceed that they wouldn’t have had,’” writes BGR.
Good story though.]]>
EMC is sort of the IBM of the storage industry — big, not necessarily terribly exciting or innovative, but continuing to be a major player because, remember big? Just like IBM can suddenly decide to make a particular technology front-page news by throwing a billion dollars at it, like it did with flash a few weeks ago, EMC can make a big deal about storage virtualization, software-defined storage, mobile, cloud, and so on simply by virtue of being EMC, even though other storage vendors have been doing it for years.
There’s other places to read about the specific announcements so I won’t go into them, other than to observe that EMC is saying you will be able to use them to have your own Facebook-like data center. Except the whole point of the Facebook’s data center storage is that it uses commodity hardware, and if you’re using commodity hardware, then what do you need EMC for anyway? I know, I know, it’s a metaphor, never mind.
Befitting the conference’s theme of “transformation,” EMC seemed to be spending an awful lot of time explaining the various reorganizations it’s had over the past few years, starting when CEO Joe Tucci decided he was going to retire, then changed his mind, followed by a lot of musical chairs between EMC and VMware, and culminating in the recent announcement of Pivotal, which rearranges yet more pieces of EMC and VMware.
At the same time, the company also spent a lot of time talking about the “third platform” — a conglomeration of mobile, big data, cloud, and so on, after the first platform of mainframes and the second platform of client/server. After all, if EMC can make mobile and the cloud sound like just another generational version of mainframes, it sounds more like they’ll continue to be the logical alternative, right?
And of course EMC is going to do all it can to promote big data. Like Cowboy Curtis, who knows that “big feet” means “big boots,” EMC knows that big data means big hardware to put it on, and nobody does it bigger than EMC.
Ironically, this was all happening against a backdrop of EMC announcing it was laying off more than 1,000 people, with VMware laying off another 800. The company said it was always doing this and that by the end of the year it would actually have more people than it started with. Okay. But seriously? After all the investment in hiring and training those people, the company sees no other way but to do a forklift upgrade of its employees?
On second thought, for EMC, maybe that isn’t so surprising after all.
In any event, EMC has to at least go through the motions of being up on what users are interested in, lest it sound too much like another Bruno Mars number, “The Lazy Song” [mildly NSFW]:
Today I don’t feel like doing anything
I just wanna lay in my bed
Don’t feel like picking up my phone, so leave a message at the tone
‘Cause today I swear I’m not doing anything
I’ll be lounging on the couch just chilling in my Snuggie
Click to MTV so they can teach me how to dougie
‘Cause in my castle I’m the freaking man]]>
“In late March 2012, hackers broke into a Medicaid server that a technician had placed online without changing the factory password and downloaded the personal information of 780,000 Utahns,” writes the Salt Lake City Tribune. (To put that in perspective, that’s one out of every six Utahns.) “Some were on Medicaid, but also affected were the privately insured, uninsured and retirees on Medicare whose providers had sent their data to Medicaid in the hopes of billing the low-income program.” Of those, 280,000 people had their Social Security numbers exposed, which puts them at particular risk.
Initially, it was thought that only 24,000 people had had their information put at risk. Stephen Fletcher, executive director of the state’s Department of Technical Services lost his job over the incident.
“Utah’s Medicaid Management Information System, which receives eligibility inquiries and billing information from providers, was not protected by a firewall as it was upgrading on March 10, when hackers in Eastern Europe first gained access to the state server,” wrote the Deseret News last May. “That server was also installed by an independent contractor more than a year ago, which is not typical protocol for the department, [new DTS director Mark] VanOrden said. A process to ensure that new servers are monitored and a risk assessment performed prior to use was not followed, and factory-issued default passwords were still in effect on the server, which is also not ‘routine.’ The final ‘mistake,’ he said, is that information stayed on the server for too long and while it was there, it was not encrypted, leaving it vulnerable to hackers who began downloading the sensitive information March 30.”
A year later, the state is now saying that the damage is estimated to be $9 million, with $3.4 million coming from the department. It includes $467,000 to hire an ombudsman, staff a hotline, run ads and hold community meetings to notify victims; $1.9 million to provide two years of credit monitoring for those whose Social Security numbers were compromised; $741,000 on a legal consultant and forensic security audit; and $300,000 to create an Office of Health Information and Data Security. The state also spent $1.2 million on a review of state servers and $4.4 million to increase security, according to the Associated Press.
In addition, state residents and businesses face potential fraud of up to $406 million, according to new estimates from Javelin Strategy & Research, which examined the Utah breach. “Based on Javelin’s calculations, 122,000 cases of fraud will occur as a result of this breach, with each incident resulting in $3,327.87 of loss,” wrote the company – which admittedly has a vested interest in making the case look as bad as possible. ”Each Utahn whose info is misused as a result of this data theft will incur $770.49 in out of pocket costs and spend 20 hours resolving these cases.” The company estimates that victims of data theft now have a 1 in 4 chance – up from 1 in 9 – have having their information using fraudulently.
Unfortunately, this is not uncommon. “According to information posted by the Privacy Rights Clearinghouse, of the 203 data breaches reported so far this year in the US, 103 involved either government or healthcare information,” Mary Jander of Internet Evolution wrote last year. “Of that subset, 16 cases were the result of hacking.”
As in a similar case in South Carolina last fall, Utah said it didn’t encrypt the data because the federal government didn’t require it. After the South Carolina incident, politicians from the Republican party – normally the party of small government that is against federal mandates – called for the federal government to require encryption of PII by state governments, apparently not trusting state governments to connect the dots themselves. Like South Carolina, Utah is also a Republican state, but thus far its politicians have limited themselves to a state bill that requires more notifications – but also not requiring encryption.]]>
Zhang wrote a note and put up flyers about the theft, which was picked up by ABC News and which a friend of his posted to his Facebook page, and which was then posted to Reddit and many other websites beyond that. He offered $1000 to the thieves for the data, telling them exactly where on the disk they could find it, giving them the password, and telling them they could keep the computer already; he just wanted to graduate.
Now, in honor of the “Everything Wrong With … in X Minutes” CinemaSins YouTube movie spoofs (and they’re hysterical), here’s everything wrong with this story.
“Compliance with the Health Insurance Portability and Accountability Act means that Box provides file redundancy to prevent data loss in a disaster, restrictions on employees’ access to documents, a breach-notification policy, data encryption and other features, ” writes GigaOm’s Jordan Novet.
In addition, the company now has ten new healthcare applications. Box is doing this by partnering with a number of other vendors. According to Jasmine Pennic at HIT Consultant Media, those applications are:
Box is also supporting the requirements of the Health Information Technology for Economic and Clinical Health (HITECH) Act, and is investing in drchrono.
Compliance requirements include the following, writes Patrick Ouellette in Health IT Security.
Support for HIPAA and HITECH could also help the cloud storage company improve its reputation for security and privacy overall; various incidents have sometimes led to such services, rightly or wrongly, being seen as insecure. In particular, noted GigaOm, it may make Box more attractive to enterprise users, as well as for a planned initial public offering.
Moreover, HIPAA support could also make it easier for healthcare providers to implement BYOD, writes Ouellette. “Clinicians would now be able to set up secure cloud folders for a patient’s medical records or collaborate on a patient’s diagnosis with the Box mobile application in a compliant manner,” he writes.
HIPAA requirements can be pretty arduous; for example, the Boise-based WhiteCloud Analytics healthcare analytics software company, had to have a separate set of doors, through which one can enter only by being buzzed in, due to HIPAA requirements.
Chances are, this isn’t the first such announcement. Now that Box has come up with the idea, one can expect that other cloud storage vendors — like Dropbox, Microsoft’s Skydrive, Google’s Drive, and so on — will soon follow suit. Microsoft’s Office 365 already supports HIPAA and in fact the company has also announced improvements in its HIPAA support.]]>
At least, that’s the observation GigaOm’s Barb Darrow recently made of a Digital Realty survey of managers’ data center plans. “Despite the angst that superstorm Sandy and Hurricane Irene caused data center providers and their customers in the New York metro area over the last two years, businesses still want to expand their data center capacity in that low-lying, suddenly storm-surge-prone area,” she writes.
Apparently the familiar is more comfortable than the unknown. According to the survey, two-thirds of respondents would rather see the data center in the city where they work, and target locations, other than New York were Los Angeles (earthquakes and fires), Dallas (tornadoes), Chicago (blizzards), the San Francisco Bay Area (earthquakes again), and Phoenix.
“Of course, when two 100-year storms hit the same area within two years of each other, you might start evaluating new locations,” Darrow writes. “Then the question becomes what areas are not susceptible to natural disasters,” echoing what she wrote at the end of last year about Fidelity Investments setting up a data center in the far-from-water, far-from-earthquakes, yet tornado-prone Omaha, Neb.
And recall that last June, just a little ol’ thunderstorm took out Amazon Web Services.
The most important reasons given for data center expansion, Digital Realty notes, are (in order of priority) the need for increased security, energy efficiency, new applications/services, and more space. It isn’t clear whether “Not Being Under Water,” “Not Being on Fire,” or other variations on “Not Being Destroyed” were choices. (To be fair, when respondents were asked to provide multiple reasons for expanding data centers, “disaster recovery/Sarbanes-Oxley” came in second after “security.”)
The other interesting factor that cropped up was the data sovereignty issue. As you may recall, this is becoming more of a thing as an increasing number of countries, including the U.S., claim some degree of access to data stored on their shores, regardless of the data’s country of origin or the residence of the company that owns it.
“Geopolitical location of data” was extremely important to 50 percent of respondees, though it was slightly beaten out by data authenticity and security, physical security, control over the facility, and the total cost of the technology. “The two factors in data sovereignty (data authenticity/security and geopolitical/legal location) are the most important considerations for 29% of the respondents,” Digital Realty noted.
Physical security — that is, Not Being Underwater, Not Being on Fire, and Not Being Destroyed — was apparently a consideration for only 14 percent of respondees.]]>
Now in its third year, the event — deliberately scheduled for the day before April Fool’s Day, to ensure your data is backed up in the case of a prank gone awry — is intended to encourage people to make sure their data is backed up, much like the days that daylight saving time starts and ends get piggybacked by Change the Batteries in Your Smoke Detector Day.
Last year, I didn’t find out til afterwards, but this year, I found out in plenty of time to celebrate it properly.
As of Thursday, almost 4500 people had pledged to observe the day, which not only includes making backups of your own data and checking your restores, but also alerting your friends and family.
Vendors such as Carbonite and Kroll also released surveys associated with backups. The Carbonite study found that 30% of small businesses believe their backup plan is insufficient, 45% said their organization had experienced data loss, and 14% were never able to restore their lost business information.
Small businesses often lack a formal disaster recovery plan is because they do not have the budget, the survey showed, but there’s an average cost of about $9,000 for a small business to recover their data after a failure, Carbonite said.
Surveying its own users, Kroll Data Recovery found that of the 81% who do have backups now, 53% use an external hard drive, while 15% used tape and 15% used online or cloud backup services. And while 60% of its customers did have a backup running at the time of the data loss, it wasn’t current or was operating incorrectly, Kroll warned.
World Backup Day now also has posters and t-shirts, as well as a Tumblr. In addition, the event asks people to take pictures of themselves celebrating. “Be sure to take pictures or videos of you promoting World Backup Day!” reads the website. “Just send them to firstname.lastname@example.org, tweet us @WorldBackupDay, or submit them to our Tumblr!” There’s also a Facebook page, an Instagram feed, and a Pinterest page.
In addition, there’s a full press kit, which includes an infographic.
All kidding aside, it’s not a bad time to re-examine your backup strategy; a number of vendors actually do have World Backup Day Sales.
There’s even a contest.
And as a bonus, this year’s World Backup Day is also followed the next day by my favorite holiday, Cheap Chocolate Day, though you can’t always count on that happening, plus some people hold out for the traditional February 15 for that one.]]>
The report, which is freely downloadable, surveyed 512 information professionals.
Legal holds and E-discovery were the fourth most likely element to be included in an information governance policy, with almost 50% saying it was included (plus almost 20% who included it in an “all of the below” choice).
“Only 18% have a sufficiently comprehensive policy that covers all of these areas,” AIIM warns. “Taking these into account, over 80% in total have included information retention and access restrictions in their policy. While 75% include data protection of personally identifiable information, this is likely to be a legal requirement for almost any organization that keeps personnel records of employees. Only 57% are dealing with “information in motion” i.e. laptops, USB sticks, etc. Only 49% have a policy on mobile access and only 27% are covering cloud-based file shares.”
In terms of email storage, about 55% of respondents said that employees were expected to manually declare or save important email messages as records, while more than 30% said they expected there were multiple copies of messages on various systems,
That said, while the content may be electronic, E-discovery mechanisms are still manual, the survey found, with 53% of respondents saying they are still reliant on manual processes for E-discovery searches across file shares, email and physical records. However, only about 5% either automatically classified important email messages as records or used outsourcing or the cloud for email archiving.
That’s even more so for social media interactions. Almost 35% said they believed there are social interactions that could be important but that they were not currently recording them; about 22% said they didn’t do social; and about 18% said they weren’t looking at the issue. 34% reported that they have used their social business records for purposes such as staff disciplinary action, staff dismissal, or resolving a customer/citizen dispute or complaint.
For E-discovery, more than 60% of respondents said they needed to deal with re-trial request by attorneys (eg, US –style), about 25% for judge-directed disclosure (eg, UK-style), about 15% for no defined disclosure (civil law, eg, France, Germany), about 30% for competition/anti-trust, fraud, or trading investigation, and more than 20% said “All of the above.”
“We asked if respondents feel that their organization has a consistent and effective E-discovery mechanism across all of their physical and electronic records,” AIIM writes. “Overall, only 9% have achieved this, but a further 29% are optimistic that they are getting there. Another 24% have plans, but 20% consider the task to be simply ‘too difficult.’”
However, in what may be some incentive, the survey also asked respondents about the consequences of their lack of an E-discovery system. In the last three years, 14% of organizations have suffered from embarrassing data loss, 21% have disciplined or dismissed employees for non-compliance with governance policies, 31% have had issues with their regulators, and 18% have been questioned in court about their records, AIIM finds. “As might be expected, larger organizations score nearly double in many of these areas with, for example, 28% suffering from embarrassing data loss — an arguably bigger disaster for a large organization or well-known brand than a small one — and nearly half having issues with auditors or regulators,” AIIM writes.]]>
Simple. Take a block of wood and carve away everything that doesn’t look like an elephant.
How do you make a virtualization company? Simple. Take VMware and carve away everything that doesn’t look like a virtualization company. And then you spin it off.
EMC CEO and Chairman Joe Tucci announced today that the company was forming the Pivotal Initiative, comprising Pivotal Labs and Greenplum from parent company EMC, and Cloud Foundry, Spring and Cetas from VMware. It will be headed by former VMware CEO Paul Maritz, who was named chief strategy officer at EMC in July 2012, when speculation arose as to his future role. His role as chief strategy officer at EMC will now be shared with VMware CEO Pat Gelsinger and EMC COO David Goulden.
Altogether, Pivotal, which will technically come to life on April 1, is 69 percent owned by EMC, 31 percent VMWare, with about 1,250 employees and $300 million in revenue, though Maritz predicted it could be a $1 billion business in five years.
“What the newly minted Pivotal Initiative brings to the table is Greenplum’s parallel query and data processing strengths; Gemfire’s ability to rapidly ingest events (lots and lots of events); Cloud Foundry’s application development and deployment strengths and Spring’s Java rapid application development framework,” writes Barb Darrow in GigaOm. Cloud Foundry, which is a platform as a service that currently runs on VMware, will now also run on Amazon Web Services, she added.
The companies had signaled their intention to form the spin-off in December and said more details would be available in the third quarter. With 18 days left in the quarter, apparently they figured they’d better get on the stick. Darrow said at that time that the effort, which had long been predicted, was the companies’ attempt to better compete in the cloud space.
“Last December, while others in our industry suggested that VMWare was shedding its components that weren’t performing to help its bottom line and to keep the company focused on its highly successful virtualization business, we said that that was nonsense — that there was something much bigger at play (especially because EMC’s precious assets Greenplum and Pivotal Labs were involved), that EMC would be spinning off a new company and that its business would be Big Data Apps,” agreed Virginia Backaitis in CMSwire.
Bloomberg also talked about the stock aspects of the move, noting that VMware’s stock has been falling and that Pivotal might eventually have an IPO.
The upshot is that VMware will also be able to focus more on its virtualization business. It said it expects to boost its annual revenue growth as high as 20 percent in coming years, according to Reuters.]]>
William Steven Albaugh, 67, was arrested after police found “numerous files of child pornography” on his Verizon online storage locker and several thumb drives, the Baltimore Sun reported. “Detectives began investigating Albaugh after Verizon Online notified the National Center for Missing and Exploited Children that Albaugh, a subscriber, had stored images of children engaged in sexual acts on the online cloud storage system, police said.”
We already learned, in 2011, that cloud storage systems such as Dropbox would turn over files if requested by law enforcement. We also learned that some systems such as Dropbox, when a file is uploaded, check to see if it’s already online, and, if so, just save a pointer to the original copy. While this saves space, it also means that, in theory, law enforcement could upload any number of files it’s illegal to own — such as copies of movies — and if the stored file length is less than the original file, it means someone has it on the system already.
In the process of that, we learned, if we didn’t know already, that in 2010 New York Attorney General Andrew Cuomo made an agreement with several online services such as Facebook and LiveJournal to check uploaded images for child pornography. ”Through its investigations, the Attorney General’s Office has created a database of more than 8,000 hash values that are associated with images of child pornography,” the Attorney General’s office wrote at the time. “The database can be used to identify the corresponding child pornography images through the fingerprints and stop that picture from ending up on a site.” The office also said it would continue working with other online services to encourage them to do the same thing.
Apparently, at least one of them was the Verizon Online Backup and Sharing cloud storage service.
Media outlets have pointed out that this was all clearly spelled out in the terms of service. “Like many types of online storage or media services, Verizon’s Online Backup and Sharing states in its terms of service that the company is ‘required by law to report any facts or circumstances reported to us or that we discover from which it appears there may be a violation of the child pornography laws,’” writes the International Business Times.
Because, of course, we all read every word of our terms of service.
If this sounds familiar, it may be because, as of last July, four out of the five cases concerning whether people have to provide the key to their encrypted storage also have had to do with child pornography, according to the Electronic Frontier Foundation’s attorney Marcia Hoffman.
Look, there isn’t any question that child pornography is bad. But there’s a saying, “Hard cases make bad law” — that is, an unpleasant case can lead to a harsher general law that can end up being more widely applied. (We don’t know whether law enforcement is more likely to push the envelope of legal search because they so badly want to catch child pornographers, or because they think people will be less likely to criticize their methods because the crime is so heinous.)
If it’s determined through these cases that checking people’s files as they are uploaded to a cloud storage service is an acceptable practice, it has the potential to apply to all files and all people, not just ones we don’t like.
In the meantime, it sounds like we’d better be sure to read our terms of service carefully.]]>