A recent news story, on CBC and elsewhere, told of a woman whose son went missing for two years. When she found his body (in a morgue), she did not know why he died. She has been trying to get information about his social media accounts, in order to see if there was something particular on his mind that might explain his death.

She has not been very successful, especially with the US social media giants like Yahoo and Google. (She did get an order from a Canadian court that got her some information from Canadian sources.)

Question: should the . . . [more]

It was big news in late August when Microsoft said that users who enable multi-factor authentication (MFA) for their accounts will end up blocking 99.9% of automated attacks. This doesn’t apply just to Microsoft accounts. It applies to any other account on any website or online service.

Today, virtually all service providers support multi-factor authentication, and in most cases, there is no charge. It can be something as simple as SMS-based one-time passwords or advanced biometrics solutions.

“Based on our studies, your account is more than 99.9% less likely to be compromised if you use MFA,” said Alex Weinert, Group . . . [more]

I’ve previously highlighted the concerns of border officials seizing and reviewing information and documents protected by solicitor-client privilege found on electronic devices.

The first publicly reported case of this occurring was released this weekend, involving an lawyer from Toronto returning from Guatemala and Colombia on April 10,

“The policy’s outrageous,” said Toronto business lawyer, Nick Wright. “I think that it’s a breach of our constitutional rights.”

His thoughts follow a personal experience. After landing at Toronto’s Pearson Airport on April 10, he said the Canada Border Services Agency (CBSA) flagged him for an additional inspection — for no stated reason.

Well, it’s finally here. In the fall of 2017, a vulnerability in WPA2 wireless encryption was discovered. Known as the Krack Attack, the flaw impacts every implementation of WPA2. The manufacturers needed to provide a patch update to fix the flaw. The Wi-Fi Alliance has now announced the availability of the WPA3 standard (to be implemented in certified devices starting later this year), vastly improving security over WPA2, which has been around for over 15 years and should be the current WiFi encryption of choice. WPA3 provides a new security protocol that contains improvements in terms of configuration, authentication and . . . [more]

The Guardian reports us that the World Wide Web Consortium (W3C) is close to adopting a new authentication standard that can replace passwords. This would be some kind of “who you are” (biometric) or “what you have” (token, phone to receive code) method of authentication, rather than a “what you know” password. (I suppose a code sent to your phone is what you know, but you know it only case by case, because you have another communications channel.)

Some web services already work this way, as the article notes – or does in special cases, as when one is logging . . . [more]

Blockchain (the technology behind Bitcoin) is in a hype phase. It has been touted as the solution to many issues around trust. To some extent blockchain is still a solution in search of a problem. Blockchain will, however, become an important technology, and perhaps during 2018 we will begin to see some practical uses.

CASL, Canada’s anti-spam legislation, has been under review. It is a horrible law where the cost / benefit ratio is way off. Most small businesses simply don’t have the resources to comply. And no matter how hard they try, larger businesses have a difficult time complying . . . [more]

A few days ago I returned to my office after a meeting to find emails and voicemails telling me that someone was sending facebook messenger messages pretending they were from me. The first message sent was an innocuous “Hello, how are you doing?” But if the recipient engaged it quickly turned into how I got a $300,000 government grant to pay off my bills, and tried to convince the recipient to send an email to “the agent in charge” to see if they were eligible. I suspect if followed through it would either ask for payment of a loan . . . [more]

From co-author Nelson: Normally, I write SLAW columns with Sensei VP John Simek, but in light of the recent and horrific disasters experienced by American law firms, I teamed up with Jim Calloway, Director of Management Assistance Program at Oklahoma Bar Association, to offer these disaster recovery tips.

1. Immediately after a disaster, there is only one thing that matters – human life. Do what you can possibly do to help those in need and to ensure the safety of those who work with and for you. Supply your employees with all the support resources you can.
2. Establish communications. Hopefully,

I’ve been thinking a lot about cybersecurity recently. But when news of the Equifax data breach surfaced recently, I was more alarmed than usual. Although Equifax is the latest of a long line of data breaches where personal information has been stolen, this one was different.

There was the usual furor, of course, (US Senate hearings, questions in the House, newspaper headlines raging, stock tanking, etc.) when the fact of that massive data breach occurred was finally disclosed (a full five months after the breach occurred). More details on the scale of the breach have trickled out since then. But . . . [more]

From time to time one reads of court orders banning people from using social media, usually in anticipation of trial but sometimes as part of a formal disposition.

For example, in R. v. Elliott, the defendant accused of harassment on Twitter was banned from using Twitter pending trial. Ultimately he was acquitted, and the ban was lifted. He had spent three years off Twitter.

A Nova Scotia court banned a teenaged defendant from social media for 21 months after his conviction for assault, uttering threat and criminal harassment. He was ordered to delete his Facebook, Twitter and Instagram accounts . . . [more]

The WannaCry ransomware attack of almost 3 weeks ago may be a fading memory – but we can’t forget how important it is to protect our computer systems. This is true no matter what kind of business or organization you are.

This video does a good job of summarizing what happened.

The bottom line is that there are some basic things everyone needs to do to reduce the chances of ransomware or malware affecting us. Unfortunately not everyone does these simple things.

They include:

• Keeping software and patches up to date
• Upgrade operating systems before support ends (that means you