Microsoft has rolled out its new cloud product: Office365. Office 365 purports to be thecompany’s familiar Microsoft Office collaboration and productivity tools delivered through the cloud.

It includes Web-based email, shared documents, shared calendars, instant messaging, video conferencing and Web meetings, and websites. Customers can pick and choose which apps they want and pay a monthly subscription from $2 to $27 per month.

The product is aimed primarily at individuals and small business and features pay-as-you-go monthly subscriptions rather than large. 

Will it surpass GoogleDocs in adoption?  Will it have as many security holes as normal windows-based software?  Time will tell.

DropBox Drops All Security

DropBox - the darling of many cloud lawyers - admitted this week that it accidentally left all of its customers’ data open and completely insecure for approximately 4 hours.  Here is what Dropbox has to say about the event:

 

Yesterday we made a code update at 1:54pm Pacific time that introduced a bug affecting our authentication mechanism. We discovered this at 5:41pm and a fix was live at 5:46pm. A very small number of users (much less than 1 percent) logged in during that period, some of whom could have logged into an account without the correct password. As a precaution, we ended all logged in sessions.

We’re conducting a thorough investigation of related activity to understand whether any accounts were improperly accessed. If we identify any specific instances of unusual activity, we’ll immediately notify the account owner. If you’re concerned about any activity that has occurred in your account, you can contact us at support@dropbox.com.

This should never have happened. We are scrutinizing our controls and we will be implementing additional safeguards to prevent this from happening again.

 This is the third recent security issue for DropBox in recent months.  Last month a complaint was filed against the company with the Federal Trade Commission, alleging that DropBox does not follow industry best practices because some of its employees have direct access to encryption keys and can, therefore, have direct access to client data.  

In April, DropBox changed its terms of service to indicate several circumstances in which the company retains the right to access your data and turn it over to third parties.  Here is the exact language from the Terms of Service:  

Compliance with Laws and Law Enforcement Requests; Protection of Dropbox’s Rights. We may disclose to parties outside Dropbox files stored in your Dropbox and information about you that we collect when we have a good faith belief that disclosure is reasonably necessary to (a) comply with a law, regulation or compulsory legal request; (b) protect the safety of any person from death or serious bodily injury; (c) prevent fraud or abuse of Dropbox or its users; or (d) to protect Dropbox’s property rights. If we provide your Dropbox files to a law enforcement agency as set forth above, we will remove Dropbox’s encryption from the files before providing them to law enforcement. However, Dropbox will not be able to decrypt any files that you encrypted prior to storing them on Dropbox.

So should a lawyer use DropBox to store client data?

Short answer: Probably not.  Attorneys have an extremely high duty to keep the data of their clients as confidential as possible.  True, no system is perfectly secure - your office could be burglarized and your computers stolen (although I assume you keep your data files encrypted on your office server).  And with the ever-increasing need to have client data available to iPads and laptop computers, use of the internet “cloud” to transport data is surely inevitable.  

I myself use cloud-based extranet software to collaborate with clients about confidential matters every day.  I have done the research and set up a system that is as secure as I can reasonably make it given the constraints of current technology and my clients’ technical abilities to utilize same.  I try to refrain from using plain vanilla (and horribly insecure) email for confidential communications and for the most part use cloud storage for pleadings and discovery documents, which are already matters of public record or by their nature designed to be provided to opposing counsel.  

But DropBox has unfortunately proven to me that it is not to be trusted with sensitive client data.  I actually do use DropBox for personal file sharing - photos, videos of the kids and such.  That is MY business and if lack of security exposes my video of the memorial day Bar-B-Q to the world then that is one thing.  Client data is another matter though and DropBox just doesn’t seem to have its act together sufficiently to allow me to use it to share or store such sensitive data.

My personal recommendation is that if you currently use DropBox to store client data -stop.  Or at the very least, encrypt your data on your end before sending to DropBox.  This will be hard for some because DropBox syncs data extremely well and is a very convenient tool.  This is especially true if you make heavy use of a smart phone or a tablet computer like the iPad to access data.  But as attorneys, security of client data must trump our personal convenience.  It really is just that simple.  

Apple’s WWDC conference is this week and yesterday, Steve Jobs and the gang held their opening keynote presentation.  Among other things, the company introduced iOS 5 for iPad and iPhone devices.  New features such as Twitter integration, camera improvements and the task list (yes…thats right…an actual task list on a smart phone…go figure) are getting quite a lot of coverage around the web. Today, Apple put up an excellent summary page, outlining most of iOS 5’s new features.  

For me in my law practice, here are my top 3 additions/improvements:

 Notification Center

Jiminy Christmas, this is a welcome improvement to the OS.  Apples current notifications act like idiot lights on your car.  They always pop up and interrupt you when you don’t want them to and then can’t be found when you want to take a look at them.  Borrowing a page from Google’s Android system, Notification Center creates a nice centralized pull-down menu where you can find all of your pending notifications.  

 Safari Improvements

The Safari web browser in iOS has always felt underpowered and just not fully baked.  iOS 5 finally brings tabbed browsing to the app.  Switching between pages in the current iOS is clunky and often requires a page reload.  This welcome addition will make Safari much more useful and efficient - especially if you make heavy use of web applications.  Safari will also be getting Reader/Reading List, which will allow the user to strip all the ads from a given web page and save a clean copy to memory (backed up to the iCloud) to read later on or offline.  (Currently I use third-party app Instapaper to serve this function so we will have to see if Apple’s implementation is more elegant or useful.)

 Airplay Mirroring 

Airplay Mirroring is the final piece of the puzzle needed to convert the iPad from a nice reader and fun toy into a serious presentation engine.  Using Airplay, you can broadcast a mirror image of whatever is on your iPad to any HDTV by through Apple’s $99 Apple TV.  Apple TV is roughly the size of a hockey puck so it can easily go with you to meetings, mediations and trials.  Apps will be able to access Airplay through the API, so look for presentation programs like Keynote and TrialPad to make use of it.