What is the best way of combining multiple jpegs into one jpeg/PDF on Mac OS X?
Tobine multiple JPEG format s you want in your PDF right-click and choose open with Preview Step 2 In Preview's Sidebar drag the s to be included in the PDF document; otherwise only a single image may end up the PDF document Step 4 Then from the File menu choose Print Selected Images (or Print... in recent OS X versions) and then PDF Save as PDF
What are the information security procedures and practices that attorneys and law offices must follow in order to properly discharge their duty under the doctrine of attorney-client privilege?
I don't have anything to add to the extrinsic requirements so thoroughly laid out by Mr. Halliburton. For whatever they're worth below are some of themon sense information security procedures and practices that I use. Some of them are fundamental data hygiene practices but I know attorneys who do not know how to use the address bar in a web browser so people like that might not be familiar with what they should be doing given the current state of technology. The attorney-client privilege typically extends beyond the death of the client (which in the case of a corporation may be never) so it is something to take pretty seriously particularly as more and more information gets stored digitally. Hopefully my own death is a long way off and I doubt someone would try to sue my estate for wrongful disclosure of confidential information if someone roots through an old hard drive of mine after I die but I would hate for my children to have to find that out so I take a few precautions. 1) Passwords. Standard advice Don't share them. Don't write them down on Post-it notes. Don't use the same one for everything Don't use your dog's name etc. My favorite method for passwords that other people will use (e.g. to give them access to encrypted files or an extranet) is abination of the XKCD correct horse battery staple method ( s s ) plus some random number and symbol padding (see s s ). Here's a simple (work in progress) python script I wrote to generate relatively memorable and secure passwords s s . Suggested usage . 4 4. I would really like to see a better version of this (e.g. to set max. length and exclude characters for websites that require non-secure passwords). Please branch or hack and submit pull requests to your heart's content or just take some of the ideas and run with them if you don't like my code (I still have a lot to learn). I haven't added capitalization but that is easy enough to do manually and makes it a bit more secure (e.g. capitalize the 2nd to last letter of the first word which adds a bit more entropy and could hold off a dictionary attack or brute force attack for a while). There is also but I do not know who monitors the traffic to that server and I haven't reviewed the code to see if it phones home at all (although it appears to run in-browser but that assumes you have a secure browser). If you happen to be lucky (or cursed) enough to easily remember relatively long strings (2+) of random digits and symbols those are likely the most secure passwords and you should use them if you can. If you do need to write down your passwords (i used to be able to remember them all but they seem to have proliferated out of control lately) put them in a secure place such as a Truecrypt ( ) volume or if you use Linux an ecryptfs ( s s ) mount. Or you can use one of the many password storage tools out there if you trust them. 2) Exchanging information. na) Email. I have found that most people I encounter arepletely ignorant of email encryption. I would prefer to use GPG to encrypt confidentialmunications but I have only evermunicated with one or two other people who seem to know what GPG is. Personal email certificates are OK too but I find them harder to work with than GPG. If you can get someone to use Hushmail ( s s ) that is also a pretty good option. If someone refuses to use encryption either because they don't understand it or they have e.g. internal corporate policies that require monitoring of allmunications to ensure that employees are not leaking trade secrets or insider information then I prefix (or suffix) the subject of any privileged email *PRIVILEGED AND CONFIDENTIAL* so it is harder to ignore than the standard privileged and confidential signatures that everyone pretty much ignores. b) Documents. In a pinch 128-bit encrypted PDFs MS Office or LibreOffice documents can work but that can be a pain to maintain. 4-bit encryption is easy to break Avoid it. If I need to share a password with someone (e.g. for a symmetrically-encrypted document or a SpiderOak share) I call them on the phone or send them an email or off-the-record IM with a to a privnote ( s s ) with instructions for reconstructing the password. 3) Encryption. Encrypt your local files and databases. Without encryption someone who has physical access to yourputer can easily access whatever they want. Ecryptfs makes encryption easy (on Linux that is) but I dislike the auto-mount directory encryption feature because it s your key with your login password thus removing one layer of security. I also dislike using a private key because if that happens to be on the one block of a storage device that gets corrupted your data are unrecoverable; you then also have to lock up the storage device which defeats a major benefit of having an electronic key i.e. nothing to physically lose. Instead I use a (really) strong password. To get to the files on my system I need to log in to my user account with one password then mount my client files with another password and my database system with yet another. Then I can start my local database. If someone steals my laptop or hard drive or otherwise gets physical access to the machine even if they really know what they're doing the best they can do is recover the salted hash of my ecryptfs password and see that I have a bunch of encrypted files. I do not know anything about Windows BitLocker so I can'tment on it. The Mac FileVault seems to work but generally suffers the same drawback as an ecryptfs encrypted home directory One password. You can also make a striped encrypted volume with DiskUtility that allows easy backup with Time Machine without rewriting the entire volume then backup the stripe set (whatever they call it nowadays) rather than the unencrypted files. When I used a Mac that is what I did and it worked really well. 4) Backups. Again encrypt them. I use ecryptfs but WITHOUT using the overlay mount feature or filename encryption. This lets me reliably back up only the encrypted files on an external drive or off-site e.g. to have the encrypted files in a directory and mount it at This way I can back up ~ to my external drive or VPS (or even a shared hosting server) and not have to encrypt it again on the other side. I've tested this and restoring the encrypted files works reliably as long as you have the right passphrase for the encrypted files and use the matching encryption algorithm. This also prevents accidentally writing decrypted files to the encrypted mount point or vice-versa. Not encrypting the file names also allows reliable incremental backup and selective restoration from backup. For secure and automatic off-site backups I left Dropbox for two reasons a) I had one client delete all of its files when it was done with a matter rather than simply leave the shared folder. (I backup regularly so I restored from backup which was not a big deal but it was still annoying and demonstrates the risks of opening your data to other people; I am fully aware that I could have stashed a separate copy somewhere else but that defeats the purpose of seamless background backup and sharing); and b) Dropbox can turn over your unencrypted information to any authorities when properly asked. (See s s item 3 paragraph 4). This may cause them to disclose privileged information without your or your client's explicit consent or prior notice. I now use SpiderOak which allows read-only access to other people (no more clients deleting my files or me storing multiple copies of something). SpiderOak also claims that it does not have the technical capability to turn over unencrypted data even if they wanted to (see s s ). Every once in a while once a matter is well and truly finished I'll burn the encrypted files to DVDs or put encrypted files on an SD or micro-SD card for archival purposes. The jury is still out on how long a platter drive SSD DVD or SD card will stay stable but for now my money is on NVRAM such as an SSD or SD card for being the most stable in the long run (assuming sufficient anti-static protection which should be easier than protection from magnetic fields or whatever could degrade a DVD which from what I have read is a pretty fragile medium in the versions available to consumers). 5) Network security. Use the hardware firewall in your router and software firewalls on yourputers. Enable UPnP NAT traversal. Close all the iing ports on your hardware firewall and only open the ports you need on your localputers e.g. if you have an on-site file or knowledge management server but restrict access to your local network if appropriate. As annoying as it is use anti-virus software. 6) Telephone. If you have a particularly sensitive client matter the best option is to not discuss it on the phone. Any phone anywhere is potentially subject to wire taps. There are some solutions out there such as RedPhone s but I don't have the technical knowledge to confirm that the object code corresponds to the source code they have published not to mention understand whether the source code is truly secure. For Skype you will have to judge for yourself whether you think that is secure enough for your needs. Research Project Chess or details about Microsoft's contributions to the Skype architecture and make your own call. 7) Yourputer. a) Protect it from other peoples' hands. Lock your screen whenever you step away from your desk or set a screensaver with a 1-minute delay that requires a password if you're truly forgetful about this sort of thing. (Command-L on a Mac I believe; Linux is so customizable that it's hard to generalize; I have my lock set up as Ctrl+Alt+L so it doesn't conflict with XMonad s ). On a Mac or most Linux systems you should be able set up hot corners so you just move your mouse into a corner and it locks the screen. I'm not sure if this feature exists on recent versions of Windows but back in the olden days when I used Windows The Windows key + K did the trick. If you can put a password on your BIOS (I am reasonably certain this is possible with most modernputers) this could help prevent someone from booting yourputer with a rescue disk and accessing unencrypted information. On the other hand it can also prevent someone from using a rescue disk to fix a technical problem which is why I generally would not rmend fully encrypting hard drives unless you must for some reason install sensitive programs outside of your user storage space and have them accessible before login. If you have a desktop power off and unplug yourputer (power and LAN) at the end of the day if your organization allows it (many do not). Manyputers now have a wake-on-LAN capability that allows someone to remotely power on yourputer and do things to it. This is typically a systems administration tool to run updates when offices are empty but like any tool it can be abused but not if there is no power going to theputer. Also always do a quick check of the USB ports to make sure that you recognize whatever is plugged in to theputer (or your laptop docking station or USB hub if you have one). If you see an extra dongle or cable you didn't put there call your IT department if you have one and ask them about it before you touch anything. b) Protect it from other peoples' eyes. If you do a lot of flying or train travel get a privacy filter (preferably a removable one) for your laptop screen. If you have a window in your office make sure that no one has line of sight to your screen. If you have a door or you're in a cubicle or relatively public place set up your screen so you can't have people look over your shoulder unless you want them to. If you are worried about TEMPEST countermeasures I probably have a lot more to learn from you than the other way around. 8) Physical materials. I try not to keep any paper around. Scan to an encrypted volume or directory then shred diagonally with a cross-cut shredder (fold in half along the long diagonal and feed in or tear in half halfway down the long side and feed diagonally). Strip shredders are useless. Diamond cut shredders slightly less so. For paper that must be maintained (e.g. documents with raised seals or if there is just too much to scan in a reasonable amount of time) or for physical items a file cabinet or desk drawer with a decent tumbler lock should be sufficient. A typical desk drawer with a wafer lock is really only enough to keep someone from opening a drawer by accident but not much more than that It is disturbingly easy to open a standard 3 or 4 plate wafer lock with just a pair of paper clips. Use your favorite search engine to help determine whether you have wafer or tumbler locks on your desk or file cabinet. If the item itself has intrinsic (or potentially incriminating or exonerating) value a fireproof safe with abination lock (not an electronic keypad; I don't trust them to not melt in a fire) or a bank safe deposit box is probably best. 9) People. As tempting as it may be to talk with your spouse or best friend about your fascinating work don't unless they have their own duty of confidentiality to you (spousal privilege alone does NOT count; that just allows your spouse to refuse to testify against you) or you arefortable de-identifying client information. Ex to your friend or spouse the duty of attorney-client privilege and live it. Some people might be offended because they share every detail of their work with you but as an attorney you don't have that luxury. For example here is how I talk with my wife family and friends about my work Several years ago I worked on a project for large globally-recognized corporate client that was trying to introduce a new product to the US market. They wanted to get it covered by a federal health care program. I helped them find the most efficient way to do that after analyzing several relevant regulatory systems. Do you have any idea who the client is or what the product was? No. Who theirpetitors might be? No. Do you have any idea what the client was trying to introduce? No. Who exactly they were trying to get to pay for it? No. But you do have some idea of what I did and what I was working on and (I hope) I don't sound like I'm trying to hide anything except the client's privileged information. Those are the main things I can think of for now but I may add more later. Suggestionsments are very wee.