Tuesday, 9 August 2011

08:45 – On her way out the door this morning, Barbara asked if one of our Pentax DSLRs had any images on the memory card. She works in the IP division, where they frequently need to shoot images of clients’ products for patent and trademark documents. They’ve been using a point-and-shoot digital camera, but Barbara says they’ve been having problems with getting usable product images. She wanted to try shooting images with a better camera, so I pulled all the images files off the memory card so she could take a clean camera to work.

I assumed that she’d just bring the camera home and I’d transfer the images as usual and burn them to a disc or write them to a USB flash drive. I should have realized that was a non-starter. The stuff they do is confidential, and the images aren’t allowed to leave the law firm’s premises. So I gave her a USB cable that she could use to transfer the images and then delete them from the card. Fortunately, I remembered that the camera was set to record images in RAW format, which they’d have no way to handle, so I reconfigured it to save as JPG files.

Since they apparently need to shoot product images frequently, it seems to me that Barbara’s law firm needs to purchase a decent DSLR, a copy stand, tent, lights or slave flashes, and so on, and set themselves up an imaging station. Of course, they’re not really concerned with artistic merit. All they need is images to document the products for legal reasons, so they probably don’t care much about stuff like even lighting or controlling reflections.


Orders continue to arrive for the chemistry kits, which are currently back-ordered. We’ll complete one batch of 28 kits this weekend, which will lack only the one item that’s still back-ordered from our vendor, and start on the next batch of 28 kits. When the back-ordered item arrives here, it’ll take only a few minutes to drop it into each of the 56 pre-built kits and have 56 more kits ready to ship.


11:43 – I’m playing around a bit with the right-column layout. Given the presence of the monthly calender and the fact that I’m now naming each daily post only with the day and date, the “recent posts” section seemed superfluous. So I got rid of it and expanded the “recent comments” section from 15 to 25 comments, which should make it easier to find new comments on older posts. I’m seriously thinking about switching to a three-column theme and dedicating one of the side columns to my links.

28 thoughts on “Tuesday, 9 August 2011”

  1. I’m sure they don’t care about art, but reflections do more than make it ugly – they make it illegible. The first time they lose a multi-million dollar case because the word “not” is covered by a reflection, they’ll probably go buy a DSLR. Given the price of a decent DSLR that seems really surprising to me.

  2. True. I suspect they shoot multiple images from different angles to address that problem. And, of course, an attorney should review the images before they’re incorporated in patent or trademark applications. But you’re right, the opportunity for error is there; the attorney may not realize that something is significant and doesn’t show properly in the image. That’s one reason I think they should use a tent, to avoid reflections. I wonder if they do forensic-y stuff like including a rule in the image and shooting orthogonally to provide scale. Come to think of it, I wonder if the Pentax records meta-data such as focal length in the JPG versions as it does in the RAW versions.

  3. The metadata is indeed present in the JPG images along with the RAW images. Even information such as camera make, focal length, lens settings, flash settings, firmware version, serial number, etc. is in the metadate (EXIF). You also have the IPTC information. Problem is the metadata can be easily changed. There is nothing magical about it. I have software that allows most of the data to be changed. What cannot be changed with my software I can easily find other software that changes the information.

    There are legal hurdles that must be overcome to certify that the image is an original and has not been modified in any form. Checksumming the image at the time it was taken and storing that checksum in a manner that is not alterable, such as a notarized document might be in order. Or the relatively low tech solution of printing the image and time stamping the back of the image or documents containing the image.

    In my opinion any image in digital form entered into evidence can be challenged in court as any digital image can be easily altered. Not only the content of the image but also the metadata about the image.

    Barbara’s law firm really, seriously needs to get their own camera and properly document the images. Even if the card in your camera is reformatted the images can still be easily recovered. The only secure method is to keep the memory card in the office. You may have just lost a memory card. I know if I was in charge of the firm I would not let the card out of the office or would physically destroy the card.

  4. I’ve seen many a person embarrassed by EXIF information that they didn’t know was being saved with the image. Smartphones will even save GPS coordinates as well. That can be rather awkward when someone starts posting risqué photos of themselves or their girlfriend not realizing someone is tracing back the GPS coordinates to their street address and they’re in for a world of embarrassment when somebody prints those photos and anonymously mails them to that guy’s/gal’s nieghbors or something similarly devilish.

    It’s just good practice to strip all EXIF data from a photo as soon as you pull it from the camera/phone or just save them in a format that doesn’t support EXIF. Whether you’re taking potentially embarrassing photos or not. Better safe than sorry.

  5. Yeah, I’d thought about how easy it is to recover erased data from a card. I’ll suggest to Barbara that she read this thread and the comments and have one of her attorneys look over it as well.

  6. Journal Layout: I like the current two-column format. Your blogroll and such aren’t that long, so it’s not a chore to scroll down. And the width of the main column is good as is, at least at the screen resolution and browser width that I prefer.

    Recovering camera data: Yah, trivially easy. If the pictures the law firm took were at all sensitive, just have them hang onto the card and buy you a new one. (Assuming you had nothing incriminating or embarrassing on it yourself. How about those naked puppy pictures? Unless that dog was 18/7 years old, you’re looking at time in the big house.)

  7. On second thought, I’m not even going to bring it up with them. Barbara could get in trouble somehow. I won’t even suggest that when they buy a DSLR they keep control of the memory card(s). I figure that’ll happen naturally, since the camera and card(s) shouldn’t leave the office.

  8. The change makes it a bit more difficult to get from viewing one day’s message to another recent day’s, but it is no big deal. The longer list of links to comments is appreciated.

    One link I do not see but which should be there is to where you sell your science kits. I got curious yesterday and had to do a bit of searching to find it.

  9. RBT wrote: “On second thought, I’m not even going to bring it up with them. ”

    Yeah, they would just bill you for your time, anyway.

  10. On second thought, I’m not even going to bring it up with them.

    I would be significantly concerned about the abilities of any law firm that does not recognize the risks of exposing intellectual property by having someone use a personal camera for company work.

    Reminds me of the time I bought a second hand computer, scanned the drive, and found about a dozen Turbo Tax files. I opened the files with my version of Turbo Tax and there was all the tax return information for some fairly wealthy people. In the returns you had the SSN, address, and in many cases bank account numbers. Not good.

    Some more searching and I found some MSWord documents with some sensitive information about clients. I also determined the previous owner was a lawyer.

    I had three choices.
    1. Do nothing and just format and use the drive.
    2. Contact the clients and inform them of the indiscretion of their lawyer.
    3. Contact the lawyer and inform him of his stupidity.

    While number 1 was the easiest I did not chose that route. Number 2 was really, I mean really, tempting. Problem was I may have wound in a legal battle and been forced to appear in court or some other legal proceeding. Number 3 was what I chose. The lawyer thanked me and asked me to destroy the information. I complied. He said he traded in the computer and was assured by the shop that the drive would be cleaned. He was going to have a talk with the shop.

    A fourth option I was later informed was extortion. Tell the lawyer that I wanted a couple thousand to make it all go away. I quickly discounted my friends idea.

  11. I doubt there’s a law firm on the planet that meets your standards. All of them, for example, think nothing of emailing critical information unencrypted. They also send critical data in unencrypted faxes, which are trivially easy to compromise. As to securing their PCs, they’re no better or worse than any other non-technical user.

    Frankly, I’m surprised that businesses haven’t already been sued under HIPPA or a similar law for using Windows, which is known to be horribly insecure. Legally, I would think there would be no excuse for using Windows (client or server) if data security is at all important, when there are other operating systems, e.g., OS X and Linux, that are literally orders of magnitude less likely to allow data to be compromised.

  12. Not sure on your last point, according to a presentation at BlackHat / Defcon, Windows is more secure than most people running OS X. Lion closes the gap usefully. The problem Windows still has is that its the ‘de-facto’ standard for malware authors. You might be interested in this PDF -> https://www.isecpartners.com/storage/docs/presentations/iSEC_BH2011_Mac_APT.pdf

    Any comments on the horrific mess in London and the smaller copycats in other UK cities? Its horrific here 🙁

  13. Any comments on the horrific mess in London and the smaller copycats in other UK cities? Its horrific here

    I read a good quote (I think it was on the BBC’s site) that the rioters are not citizens angered at some social injustice but mostly young teenagers on a rampage for no greater purpose than pure criminality and laughing while they do it.

    Essentially, it’s a bunch of mixed race 13 to 16 year olds burning buildings and looting for their own sick amusement and out of some misplaced anarchist/revolutionary romanticism.

  14. Sorry, I don’t and never have bought the idea that Windows is compromised so frequently because it has the largest base. It’s compromised so often because it was written as a single-user, non-networked program loader. Real operating systems have security built into them by design. Windows has had 25 years of add-on patches.

    As to the riots, these are just the first of many that will occur across Europe and probably eventually the US as people come to realize that their governments have bankrupted them and that the bread and circuses can’t continue. Britain, like the US, is full of young people who have no jobs, no hope, and no prospects of improving their living standards. The old folks will join in as they come to realize that their governments have pissed away their pensions. But Britain and the US will be a lot better than southern Europe.

  15. This isn’t much about government spending cuts; it’s about looting and arson. Perhaps the spending cuts have aggravated it a little. Chad summarised it well, though describing the thugs as “mixed-race” is a bit misleading. A lot of them are of mixed race, but no more than you’d expect for that level of income and society. That is, there are enough white/black/asiatic thugs that race is irrelevant. In fact, one of the worst groups is the EDL, who’ve taken to patrolling the streets at night. They beat people up and claim that they’re protecting us from rioters.

  16. I doubt there’s a law firm on the planet that meets your standards.

    Maybe it is just my paranoia from having worked at one of the nuclear plants in Oak Ridge. I was never around particularly sensitive information but my restrictions were severe. I could not take anything into the office that had the capability to record such as a digital camera. I was also not allowed to have anything that could transmit such as a cell phone. USB ports on computers were expoxied closed, cases were sealed with a tamper seal, no monitors were allowed to face a window. Some fairly strict stuff.

    Any company that has sensitive information should consider some of those measures. A little protection can go a long ways toward having any problems with disclosures. It would also mitigate some of the damages if data was exposed as the company did due diligence.

    As for the MAC/PC compromise issue I have been exposed to information on several MAC viruses and PC viruses (virii). Anyway, it is more of a social engineering issue and not a platform issue. All the current crop of viruses, on a properly updated W7 system, require some action on the part of the user. Same as on the MAC. All you can do to prevent those is lock the system down as much as possible and educate the user.

    I have the dubious honor of supporting both platforms. The W7 plaform is much easier. On the MAC it is very easy, or almost impossible to figure out. Cryptic error messages abound, same as Windows. It is a mindset of the OS writers, not the platform.

  17. My Atchison shotgun

    http://www.youtube.com/watch?v=7wg1pFNwTOE

    works even better than a baseball bat. (Anyway, I didn’t think they played baseball much in the UK.)

    No that’s not me in the video. He looks like me, he wears the same type of shirt I do, and he’s using the same shotgun, but it isn’t me. Honest.

  18. That does look interesting. It reminds me of my High Standard 10B, which holds only 8 rounds, and that with a Garth Choate magazine extension. I also like the downward ejection. My 10B ejects to the right, and I’m a natural lefty. The 10B is bullpup style, which means if you fire it from your left shoulder the ejected cases hit you in the face.

  19. “(Anyway, I didn’t think they played baseball much in the UK.)”

    They’re very civilised in the UK. Cricket is the main summer sport. They also drink tea to a greater extent than Americans.

    As I said, very civilised…

  20. http://www.abc.net.au/news/2011-08-10/gun-warning-after-mp27s-husband-charged/2833074

    The husband of a local member of parliament has been charged with keeping a loaded gun in a locked safe. He and his politician wife live on a farm outside a small country town near here and the cops sprung an inspection. Apparently the law requires that unloaded guns be kept in a safe and that ammunition be stored safely in another locked container. The two can be kept in the same safe, let alone loaded in the gun. It’s for “safety”, suicide prevention and so on…

  21. The two can be kept in the same safe…

    *can’t*

    (I really wish it was possible to edit posts.)

  22. We have a similar law here, and I presume there is a gun registry in effect in Australia? Otherwise how would the cops have known to pull the inspection? I also presume backroom tampering by their political opponents, in order to score points.

    I applaud people who keep their home weapons loaded.

  23. I’m not very familiar with the law on this but I assume a person needs to have a licence to own a gun and the gun needs to be licensed too. Our laws are a lot tougher now due to a maniac called Martin Bryant, who went on a killing spree in 1996.

    http://en.wikipedia.org/wiki/Port_Arthur_massacre_(Australia)

    I think it should be possible to keep guns loaded at home but I think I’d like to keep mine reasonably secure, in a locked cabinet when I wasn’t actually carrying.

  24. The UK gun laws are nuts. But then, politicians are nuts: “if something doesn’t work, do it harder.”

    Anyway, what is this about a surprise inspection – don’t the UK police require warrants? Or can they just waltz into your house and demand to see anything they please?

    Back in the US, where police are working hard to eliminate the need for warrants before breaking into your house, no surprise: criminals wearing police uniforms are on the rise.

  25. I don’t live in Texas, and I don’t own a gun. But I far prefer the Texas response to gun violence. As I recall after a mass shooting in Texas, a lady went ballistic about their gun laws and they were changed. She was upset because some madman shot up the restaurant she was in, and all she could do was hide because the law required her to leave her handgun locked in her vehicle. I believe that was the rationale for changing Texas gun law to allow concealed carry.

  26. Yeah, Barbara commented on that the other night when we were watching some program or other where an armed bad guy took a bunch of unarmed people hostage. Unfortunately, the way things are now, such bad guys can assume that their hostages will be unarmed, and they’ll usually be right. Allowing concealed carry completely changes the dynamics of the situation. Bad guys don’t have eyes in the backs of their heads, so they’re much less likely to try taking groups of hostages when any of those hostages might shoot them in the back.

    I remember years ago when Florida liberalized its carry law and at least one city had a formal training program for women who wanted to carry. The rate of rapes and other assaults on women plummeted to something like a quarter of what it had been. And it benefited all women, not just those who carried. Even women who weren’t carrying would walk into parking decks with their hands down in their purses. Rapists and muggers learned fear. She might not have a Glock in her purse, but then again she might.

    The common objection among anti-gun zealots is that having untrained people carrying pistols will result in a lot of accidental shootings and shootings in the heat of an argument. There’s absolutely no evidence of that, and a lot of evidence to contradict it. On average, firearms skill is higher among armed civilians than it is among police officers, many of whom shoot only when required to qualify. And, statistically, the rate of shootings during arguments committed by people who are carrying legally is much, much lower than it is among the general population.

Comments are closed.