Tannenbaum Helpern Syracuse & Hirschtritt, LLP
About Us Careers Contact Us Search
Home Practice Areas Industries Case Results Attorneys Publications Events Press Room

Computer Security

Last week, I had the honor and privilege of gazing at the spot where my computer once lived only to see nothing but sliced computer cables. Stolen.

When my secretary found out about the theft, I think she figured on unemployment because she expected me to die of the stress. She knew that computer held my clients' deepest, darkest secrets, all of my business data and personal information of all sorts. Nonetheless, she's still got a boss-I survived, and here's why.

Backups

In real estate, the cliched, "three most important words" are: location, location and location. In the world of computers, we have a similar list: backup, backup and backup.

My daily routine consists of transferring data before I go home from my desktop machine to my notebook computer. When I get home, I transfer my data from my notebook to my home computer. Finally, at 2:00 p.m. each day, my home computer runs a tape backup of my work from the day before. Suffice it to say that in spite of the theft, I lost NO data.

These backup measures may seem extreme, but they aren't. Computer disaster will strike you eventually; I absolutely guarantee it. It may take many forms: burglary, fire, hurricane, failed hard drive, random corruption, unintentional deletion of key files or whatever. But when this inevitable computer disaster strikes you, these "extreme" measures will give you a sense of calm.

I know that I felt better knowing that my data resided in several different places. Redundancy is a good thing in space travel, aircraft and computing. It's a simple proposition: You can never overdo your backup routines.

And if your data is important to you-as mine is to me-then you must use extreme measures to ensure its integrity. For example, I lock my hard drive using a software product called Norton Your Eyes Only. This means that the thief, may he rot very slowly in hell, or the first person who attempts to use my stolen computer, will be greeted with a message that asks for a password. Lacking that lengthy password, which includes non-alphanumeric characters (like #$%^&*~?), my system's new user will be forced to repartition and reformat the hard drive before he can operate my computer. Doing those processes to the hard drive will effectively destroy the data it holds. So, although someone may figure out how to work around the password security by repartitioning and reformatting the hard drive, he will not have my information.

Encryption

You may think this is overkill, but I also use encryption to protect my most sensitive data. Norton Your Eyes Only's "bootlock" is a good lock, but an even better protection is another feature on the program, encryption. With encryption, the computer scrambles your information so that without the proper password, the information is unreadable.

Today, commercially available encryption is so good that it's widely believed to be unbreakable in any practical way. I say "in any practical way" because all encryption is ultimately breakable with enough effort and, who knows, maybe the C.I.A. knows how. If so, it's a closely guarded national security secret, and you can probably rest well knowing that your encrypted information is not that important to anyone but you.

Other Locks

Many computers come already programmed with a built-in front door lock similar to the one I described that's part of Your Eyes Only. Be aware, though, that these built-ins are usually pretty simple, and can easily be defeated by a moderately knowledgeable adversary. They will keep the curious out, though.

By the way, I am not particularly recommending or endorsing Your Eyes Only; there are several competitors out there that you might want to check out. I just happen to use the Norton program, and I guess (I hope) it has earned its keep. Nonetheless, Your Eyes Only is relatively quirky and buggy, and its tech support is so-so at best. So explore other options, but whatever you do, you must take steps to protect your information if it's private.

Cyber Tips: About That Custom Software

Companies often pay large amounts for the custom development of software for their business. If the original software developer goes out of business, files for bankruptcy or otherwise stops supporting the software, the buyer may be unable to maintain or upgrade the custom software unless their lawyer properly protected them.

Under most software licenses, the licensee or user only gets what's called the "object code." The object code is what the computer can read. It's the only thing that a user needs-unless they want to modify the software.

Modifying software generally requires access to what's called the "source code." The source code is what we human beings can read, and whoever you choose to replace your original developer will need it.

The problem is that from the original developer's perspective, the source code is a highly confidential trade secret. Keeping it secret prevents others from stealing their work.

The solution that balances: (a) the need of the software developer to maintain secrecy and possession of their proprietary secrets with (b) the need of the user to be able to maintain and upgrade the software without the developer's assistance in case of something like the developer's bankruptcy is (c) a "source code escrow" agreement.

The general idea is that a trusted third party securely holds the source code in escrow. If certain triggering events like the developer going bankrupt or breaching the contract with the user occur, then and only then does the escrow agent release the source code to the user.

Common Mistakes

Even when companies set up software escrows, they commonly make a few mistakes that you should avoid.

Make sure that the escrow agent is truly an independent third party. Whatever you do, it must never be the developer's attorney (unless, of course, it's me). The conflict of interest is glaring. Use a professional escrow company.

Often, users forget to follow up to ensure that the developer actually delivers the source code to the escrow agent or to check that the source code is the correct code for that software and version. Professional software escrow companies know how to check the source code; they will likely charge a fee.

Your lawyer must make sure that your rights in the source code, once you receive it from the escrow agent, are sufficiently broad. It doesn't help you to have the source code if you can't use it to modify and maintain the software.

Your agreement should specifically give you those rights and the right to turn the source code over to a third party-your new software developer. Unless you have an in-house software developer, you will need to turn it over to a third party in order to get value from having it.

Software escrows are not cheap. There are several companies that do this, and they charge handsomely for their services. Nevertheless, you should never sign a contract for custom software development without a software escrow. Without the source code, you may end up getting very little for your money.



Click here to download mobile version



Like us on FaceBook Follow us on Twitter Get LinkedIn with us Pin It! Email Us Print this Page

Sitemap | Terms of Use | Privacy | Attorney Advertising

Tannenbaum Helpern Syracuse & Hirschtritt LLP provides legal advice only to individuals or entities with which it has established an attorney-client relationship and such advice is based on the particular facts and circumstances of each matter. Contacting us through this site, or otherwise, will not establish an attorney-client relationship with us. Any e-mail or other communication sent to THSH or its lawyers through this site will not be treated as subject to the attorney-client privilege or as otherwise confidential and you should not include any confidential information in any such communication.