10 Commandments of IT Contracts

Posted on January 27, 2009 by Peter S. Vogel

My 10 Commandments of IT Contracts have been a common speech I have given for many years and is based on drafting, negotiating, and litigating hundred of IT contracts. Most IT professionals can guess all 10:

1st Commandment No Computer Project is ever completed on time
2nd Commandment No Computer Project is ever complete
3rd Commandment If you cannot see the software, it does not exist
4th Commandment New versions of operating systems never work
5th CommandmentThere are no Industry Standards
6th Commandment Do not buy brand new hardware
7th Commandment Do not buy brand new software
8th CommandmentSales people have answers to every question
9th Commandment Sales people know absolutely nothing
10th CommandmentIndividuals who negotiate contracts are never around later

Obviously there are other issues to be concerned about when negotiating IT Contracts, this is not the universe by any stretch.

Consider all 10 Commandments when you next negotiate an IT Contract, and post a comment to let me know if you know of other Commandments to add to the list.
 

Tags: ,

Wow Another Huge Data Breach!

Posted on January 24, 2009 by Peter S. Vogel

Heartland Payment Systems disclosed what may be largest payment data breach to date with over 100M cards being compromised. Apparently unknown intruders planted malicious software to steal data card information which was not detected until Visa and MasterCard alerted Heartland. Heartland’s public statement indicated that this may have been the result of “widespread global cyberfraud,” and also claimed that no merchant data, Social Security number, and other personal data was compromised. However until there’s a complete investigation we cannot be sure.

No Federal Law About Data Breaches

The US Congress has been mulling over legislation for some time, but in the meantime many states have laws that require disclosure of these breaches. The first such law as in California in 2003 (SB 1386) which requires that any computer which is breached there must be a notice sent to every citizen of California whose data was in that computer. The computers themselves do not have to be in California, merely that the computer has data about California residents. Texas (2005 SB 122) and many other states of similar laws now, but it does seem logical that there a federal law.

PCI Data Security Standards

PCI (Payment Card Industry) established Data Security Standards, however these standards are not law, and each Credit Card company has slightly different rules. Basically any company that processes credit card transactions is covered by these standards. However until there is significant disaster testing the effective of the standards, or some state adopts these standards we will not have one single set of rules.

Computer Breaches are Not New

Breaking into computer networks is as old as computers. Back in the 1960’s and 1970’s there were plenty of stories of universities whose computer networks were shut-down by incoming freshman year after year as a challenge to see who could clobber the system first. The simple solution was to provide a command that would automatically disable the system, and the challenge evaporated. Fast forward to the Internet era and we now reward hackers by hiring them to work for our government security agencies since they know how to penetrate systems.

Post a comment to let me know what you think about data breaches and how they should be managed.
 

Tags: , , , ,

Browser Wars Never End - The EU Accuses Microsoft of Antitrust Charges

Posted on January 17, 2009 by Peter S. Vogel

Reports that the EU regulators have now formally accused Microsoft of antitrust charges for including Internet Explorer as part of the Windows operating system is hardly a surprise. Apparently in December 2007 the Opera Software the Norwegian browser developed filed a complaint with the EU that Microsoft violated EU antitrust laws. Opera’s 2007 complaint jump-started the EU’s Competition Commission and only a few months earlier Microsoft ceased appealing the EU’s 2004 antitrust violations related to the Media Player that included fines of $1.3 billion.

What Happens Next?

Microsoft has 8 weeks to respond to the EU why Internet Explorer should not be removed from the Windows operating system. But it seems clear that the EU wants Microsoft to change it marketing practices or risk more fines. Stay tuned for more rulings from the EU on these charges.

Historical Perspective

The Internet’s been around since the 1960’s as an academic research platform to help the space race in response to Russia launch of Sputnik in 1957. Until the browser was available the Internet was not user friendly. The Internet was a lot like MS-DOS before the advent of the mouse and GUI (graphic user interfaces) and using the Internet required users to know arcane and alien instructions. What changed the Internet and allowed it to take off was that Microsoft started giving away Internet Explorer with Windows in about 1995. Of course other browsers existed before 1995, but had it not been for Microsoft embedding Internet Explorer as part of Windows it is debatable whether the Internet would have taken off when it did and with such gusto.

Irony of Ironies

It seems ironic that Microsoft is now being penalized for including the Internet Explorer with Windows, since had Microsoft not embedded Internet Explorer with Windows in the mid 1990’s, the Internet may never had developed at the pace it has.
 

Tags: , , ,

Google Enters the e-Discovery Fray!!

Posted on January 10, 2009 by Peter S. Vogel

Google recently starting promoting a new service App they call Google Message Discovery which creates a new, huge change for e-Discovery. This service uses Postini which provides email filtering for hundreds of companies. When Google acquired Postini in 2007 many wondered what the heck’s going on? How did email filtering services fit in to the Google game plan? At a flat $45 per user per year for up to 10 years without additional costs for storage, this new service App creates a cloud email service that will likely have a monstrous impact on e-Discovery.

How does it work?

With no new costs to users subscribers merely employ the Google Message Discovery that stores all emails and attachments on Google’s servers. Users may establish retention periods for different categories of email users and groups. The process is built to provide support for litigation hold and legal review. Searches are easy and allow most anyone to review emails and attachments without the need for any sophisticated proprietary e-Discovery software technologies. Also the cost to store e-Discovery email and attachments will be fixed.

Of Course There are Issues

Google Message Discovery seems to be great for managing email going forward, but legacy emails still need to be managed and will be litigated for some time to come. It also remains to be seen how the courts will deal with attorney-client privilege issues, confidentiality of intellectual property, and a myriad of other evidence issues.

What’s the Impact on e-Discovery?

Without question Google’s new service may be the greatest change on email discovery since courts finally realized that 95% of all information is electronic and started requiring parties to deal with electronic evidence. What makes this new service so extraordinary is that there is a fixed cost, no new hardware or software required, and litigation support is built in. Google demonstrates again that it is so creative, but undoubtedly the Google Message Discovery will change the way courts will see email discovery.
 

Tags: ,

Conviction of Software Pirates in China is Significant

Posted on January 5, 2009 by Peter S. Vogel

A report that 11 people were convicted in China of violating Chinese copyright laws is most significant because of the cooperation and joint efforts between the US Federal Bureau of Investigation and China’s Ministry of Public Security. These convictions are a good sign that software counterfeiters are risk which is critical to Microsoft who estimates it global sales at more than $2 billion. Unfortunately it appears that these 11 individuals who were convicted did not have millions in sales, but did account for about $200,000 of products. There is still a separate trial in China against other alleged counterfeiters of software products from Symantec and Microsoft.

Selling Counterfeit Software on eBay

The Software & Information Industry Association (SIIA) is actively pursuing sales of counterfeit software on the Internet in what it calls the Auction Litigation Program. In July 2008 the SIIA reported that Jeremiah Mondello pled guilty to counts of copyright infringement, mail fraud and identity theft for sale of counterfeit software on eBay. He was sentenced to 48 months in federal prison in addition to the confiscation of his computers and $220,000 in cash.

How Big is Software Piracy?

In 2008 the Business Software Alliance (BSA) and International Data Corporation (IDC) issued their 2007 Global Software Piracy Study. The BSA/IDC Study has a breakdown country by country, and some regions of the world are worse than others. The bottom line is that this BSA/IDC Study estimates that in 2007 about 38% of all software used in the world was counterfeit which accounted for approximately $47 billion.

Can the Software Pirates be Contained?

Counterfeit software is an enormous business and these convictions in China and the US should have an impact on other software pirates, but not all countries around the world are willing to pursue software counterfeiters. Given the percentage of illegal software in many countries it seems unlikely that it is possible to ever stop this software piracy. For instance the BSA/IDC Study indicates that about 21% of software in the North America is counterfeit with a value of $9.1 billion which is accounts for about 19% of all of the counterfeit sales in the world.
 

Tags: , , , , ,