Addison Cameron-Huff, Blockchain Lawyer

1. Every eight minutes someone receives ("mines") 25 Bitcoins (worth more than $10k)

2. The Bitcoin network is many times faster than the world's top 500 supercomputers put together

Here's a good technical article on how the Bitcoin protocol works: http://www.righto.com/2014/02/bitcoins-hard-way-using-raw-bitcoin.html?m=1.

This is a follow-up by the same author on how mining works: http://www.righto.com/2014/02/bitcoin-mining-hard-way-algorithms.html

Forbes reported $15 million per day in power consumption for the entire Bitcoin network back in January but some people disagree with that estimate.

I think a fair estimate of Bitcoin power consumption is about $150,000 per day.

I recently drafted a liability waiver. The waiver clearly stated why - in the first paragraph - there is a risk of loss.

This doesn't sound very ground-breaking but I wish more lawyers drafted contracts that clearly state why the legal language to follow is necessary. What is the object of the contract? Too few contracts have appropriate recitals/explanations of risk in plain language.

I don't find Google Analytics to be very insightful. A big disadvantage is that it's mostly not real-time so you lose out on time-sensitive opportunities/insights.

There is probably a nice analytics service I could buy but it's also fun to roll your own software. The screenshot below shows my personal logging system (click for a better image).

Come learn about Bitcoin every Wednesday night at 7pm: 64 Spadina Ave, Toronto.

The event is held at Bitcoin Decentral, the main space in Toronto for this growing industry.

There are only three companies that are allowed to make case law search engines in Ontario and Google isn't one of them.

The decisions of Ontario courts are public information but there are only three organizations that you can get them from and none of them provide bulk access. That last part is the key because that's what a truly public system would have: the ability for anyone to access Ontario's cases and make use of them how they would like (e.g. building a better search engine).

The New York Times reported over the weekend that Snowden used a web crawler to spider the NSA's internal sites and steal documents. This is a good example of an organization that didn't have appropriate controls over the velocity of access that was permitted and a great follow-up to my post from a couple weeks ago.

In lighter news, the NYT was mocked over their use of scare quotes by Marc Andreesen and others. It may not be the best story but it does highlight an important point for lawyers: don't let any user download all of your files.

I was interviewed by Global TV last week on the topic of CSEC's airport wifi spying experiment.

You can watch the interview here (at approximately 1:50). I did an approximately 15 minute interview but unfortunately only a few seconds made it into this three minute segment. There's a lot more to say on the topic!

The Communications Security Establishment of Canada (CSEC), the Canadian version of the NSA tasked with spying on foreigners, has been revealed by Snowden to be busy spying on Canadians too. But what has CSEC been doing?

A redacted version of the PowerPoint presentation that CSEC delivered can be found here. It's difficult to tell what CSEC is doing because the PowerPoint is at a fairly level. This blog post has my initial speculations.

I just presented at Campbell House in Toronto with George Takach, Mark Hayes and Alex Cameron on the topic of Cybercrime and Law Firms. I learned a lot from the other speakers about privacy, data breach notification and client-led security. You can buy access to the presentations here.

My slides for the presentation are below. The zip file has the slide notes and slides in PPT/PDF format. If you have any questions about the material please feel free to email me at addison@cameronhuff.com.

I'll be presenting tomorrow on the topic of Cybercrime and Law Firms. Here are a few of the sources that I used for the presentation (some of which didn't make it into the final cut):

Small firms having their online banking accounts cleaned out: http://krebsonsecurity.com/2014/01/firm-bankrupted-by-cyberheist-sues-bank/

A static website is one in which all of the content is pre-generated. This blog is a good example of that because all of the HTML files are built locally and then uploaded to the server (using RSync).

The usual way that websites work is by having a content management system that generates pages on the fly (e.g. Wordpress, FlatLaw). Although there are a lot of factors that go into choosing a dynamic vs. static website, an important advantage for a static site is security.

So far as I know, Gmail doesn't have a button to show you just your unread emails. I receive a lot of mail and I'm tired of writing in the search box "in:unread in:inbox".

So today I wrote a quick Chrome extension that injects an unread email button into Gmail. Could I have found an extension somewhere that does this? Probably, but I like to know what code is interacting with my emails. You can review the very short source code for this extension by downloading it below and reading the "run.js" file.

The most recent edition of Law Pro Magazine has some good tips on the use of passwords.

One good tip that isn't in the article is to use a base password that you modify for each website/service. I have a couple patterns that I modify by using letters from the domain that the password is for (e.g. the password for eBay would be "PasswordEba", and for Gmail it would be "PasswordGma"). This technique can help avoid the risk of your password being stolen from one site and applied to all of your other accounts.

The Pentagon had several terabytes of data related to the F-35 fighter stolen in 2009. This is just one of many hacking incidents involving exfiltration of large amounts of data. Law firms are particularly vulnerable to these kinds of attacks.

If your firm has a network drive with everyone's files or a document management system then you're likely vulnerable to the mass theft of documents. Whenever I read about these kinds of losses I always wonder why the systems allowed thousands or millions of documents to be downloaded at once.

Last night I was asked why a company would want to switch from outside counsel to in-house lawyers. I've been in-house at Research in Motion (AKA BlackBerry), worked at a large Bay St. law firm and am now practising independently. Although I'm not a grizzled veteran, I have seen both sides of the practise of law.

I think there are two key advantages of in-house:

I use Gmail to manage my eleven different email accounts. I have all of my accounts set up as mail forwards (e.g. addison@cameronhuff.com forwards to myemail@gmail.com) and then SMTP for outgoing from Gmail. This set up allows me to have all of my different businesses funnelled into one account that's accessible on my phone and computer. When I reply to a message my email will be sent from the email address that it was sent to (and not the Gmail address).

Besides the incredible convenience of managing many email accounts through one, using Gmail gives me Google's anti-spam filters (they're great). Google anti-spam is also a great defence against phishing emails.

This blog post contains a summary of practical steps to make your law practice more secure. Most of these steps require technical knowledge to execute on but there should be enough information provided for you to have a conversation with your technical staff.

The best way to secure a firm against hackers stealing money is to use "air gaps". Read more in this blog post.

Even if you have a password to unlock your phone (and you should), the contents of your phone are not secure. All of your attachments, emails, phone call records, notes, etc. could be available to a thief, hacker or border agent. If you're not using a firm-supplied BlackBerry (where this should be enabled by default) you should enable encryption on your phone.

In order to secure your phone you'll need to enable encrypted storage. The method for doing so depends on your model and may require some help from an IT expert. Try googling the name of your phone and "storage encryption". On Android you can enable it by following these steps (may not be applicable to your version of Android).