Mar 31

It’s a sad day- apparently the comedian Mitch Hedberg died in his sleep last night. If you’ve heard any of Mitch’s stuff then you know how funny this guy was. Normally it doesn’t even phase me when I hear about famous people I’ve never met passing away but having seen Mitch live and heard a bunch of his stuff on CD, I felt like I knew him pretty well. I’m sure wherever Mitch is, he’s found some classic “stoner irony” to poke fun at. My favorite quote of his:

I think Pringles’ initial intention was to make tennis balls. But on the day that the rubber was supposed to show up, a big truckload of potatoes arrived instead. But Pringles, being a laid-back company, said “Fuck it… Cut ’em up.”

You can read some other funny quotes of his here. RIP Mitch.

Mar 29

Well I found out today that the article I was asked to write over Easter for Law Office Computing was rejected because it violates their editorial guidelines concerning “touting your own stuff” as a vendor (except that we’re not actually selling anything, the app is free). It was intended to be published in their May edition under the “Consultant’s Challenge” column but after going back and forth with their editor, we determined that given the nature of the issue, it made more sense for them to publish a news story on it rather than in the column for which I had written. Rather than scrap the article I figured I’d post it here – it is an pressing issue confronting lawyers right now and from the survey of our clients I conducted over the holidays, not many lawyers are even aware of it. The bottomline is that I wrote a simple application called Sentinel that greatly reduces the work involved for attorneys in maintaining compliance and my company is (for the time being) donating the service free to the legal community. Here is the article:

***********************

Solving OFAC Compliance for Attorneys

Sentinel provides an elegant solution for a daunting task

By Sean Tierney

In the wake of national crises like 9/11 and Enron, the government introduces legislation and creates regulations to reduce the likelihood of such disasters occurring in the future. Acts like Sarbanes-Oxley and the Patriot Act are implemented, businesses adapt to ensure they meet compliance and life goes on. In October, however, I had my ear to the rail and began hearing the rumblings of a new issue called “OFAC compliance” and the ” SDN list .” This type of compliance apparently was familiar to the financial sector but was a new concern for law firms. Cursory searches of the major search engines yielded no de facto solution for attorneys and with penalties as steep as $10mm in fines per violation, it was clear that this issue demanded attention. I began a rapid research project to gain an understanding of the problem and the potential solutions.

Background on the OFAC

The Office of Foreign Assets Control (“OFAC”) is a branch of the US Department of the Treasury tasked with the responsibility of enforcing sanctions against certain entities deemed to be “enemies of the United States .” It operates by freezing monetary assets in domestic jurisdiction to thwart activities of these entities thereby achieving foreign policy and national security goals. OFAC is the successor to the Office of Foreign Funds Control which was established at the onset of WWII for the purpose of blocking financial transactions that would otherwise have assisted the Axis powers. It functions today by publishing a list of approximately 5000 Specially-Designated Nationals and Blocked Entities (“SDN list”) and levying stiff penalties against anyone who conducts business with these entities. And “stiff” means “seven and eight-figure” stiff… Unknowing acceptance of monies from a entity on the SDN list is punishable by a $1mm fine per instance. Knowingly engaging in a financial transaction with one of these entities can result in a whopping $10mm fine and up to thirty years imprisonment for the individual responsible for the transaction.

Technical Challenges of Meeting Compliance

Okay, they had my attention with the part about the $10mm fines. The trouble now was that nowhere was there a clear definition of what constituted “proper compliance.” From reading the FAQ on their web site it appeared that it was a “don’t get caught” type of attitude. You have to be able to prove that you have taken “reasonable steps” to ensure on a continual basis that you are not dealing with clients who appear on the SDN list. But you could still scrutinize your client list daily and, if you end up accidentally taking on a bad client that happened to be using a pseudonym or spelled his/her name differently, you would have exposure. This challenge of vetting client names against the SDN was further compounded by the fact that most entities on the list were foreign names and had multiple aliases (about twenty each) and different permutations of spellings with odd characters (ever had to type the “schwa” character?). On top of all this, law firms’ client lists were evolving at the same time as the SDN list was changing. The OFAC provides no software searching tools to simplify the process of comparing names. According to their web site, their idea of “automation” for this task consisted of bookmarking their web page in Internet Explorer and monitoring for updates to the list via browser synchronization. To actually compare your client names against the list, OFAC recommends downloading a 1.5MB Adobe PDF file containing all the names and using the built-in “find tool” with each of your clients’ names and business names to scan one-by-one against the document, EACH time the SDN list is updated. The analogy here is that law firms are standing on a moving platform using a bow and arrow to shoot at a moving target and are expected to have laser-precision accuracy. At best, this SDN list review process could be considered cumbersome – more than likely, it could be considered entirely unrealistic and dysfunctional.

The Existing Options

Shunning the advice of the OFAC web site for manually comparing client names against the SDN list, I researched the other automated software solutions in existence. I came across Bridger Insight which is a subsidiary of ChoicePoint (the company that was recently in the news for accidentally selling 150,000 of its clients’ names to criminals). They offer a piece of software which runs on Windows that claims to (among other things) scan a client list against names on the SDN. It sounded promising so I downloaded their demo version and tried it out for myself. I was able to get it working immediately and it did, in fact, offer the ability to search specific names against the SDN from my desktop. Its interface, however, was less-than-intuitive and the steps required to scan a full list of clients against the SDN proved to be a perplexing task even for someone who is adept at using hundreds of different software programs. It ended up being a pretty involved hack that their tech support guided me through over the telephone to get it to scan my contacts. With a hefty price tag and recurring service fees associated with their product, I continued looking to see what other options were out there.

I came across another company called Attus Technology that made a product called ” Watchdog ” which sounded like it might be the answer. Unfortunately, I was never actually able to demo their product. I asked some difficult questions of their sales guy and mentioned that I was considering developing my own solution if I didn’t find one that I liked. I think he viewed me as a potential competitor because I was never given an evaluation version of their software. At any rate, their price tag was comparable to Bridger Insight’s and by this point I was beginning to think that for the features these products offered, they were severely over-priced and that with my programming background I might be able to solve this issue in a manner that lawyers would find more intuitive.

The “Sentinel” Solution

Arthur C. Clark once said “any sufficiently advanced technology is indistinguishable from magic.” Having written software myself, I share this ideal that good software is the kind that you never notice – it does its job transparently and you simply derive the benefits without having to alter your routine and learn new tricks to make it work. I set about writing an application that would run anywhere and allow any attorney to check his or her client list against the SDN and receive a concise report any potential matches it found. I had the following three goals:

1. The whole process should take no more than one minute from start to finish

2. Steps should be comprehensible to anyone with common sense

3. It should work with any operating system and the “lowest common denominator” format in which most attorneys store their client lists.

I chose the web as a delivery platform instead of creating a desktop application because it offered the advantages of being easier to maintain and averted OS compatibility issues. It’s also an easier sell to a security-conscious Network Administrator for an attorney to view a web page rather than install a downloaded binary executable on their PC. From my experience, nearly all law firms use Outlook for their email, contacts and calendaring. Outlook supports all types of import and export formats making it an attractive “hub” to target for this project (if people didn’t currently store their contacts in Outlook, it wouldn’t be terribly difficult to import them). Its pervasiveness and versatility of import formats made it the logical choice for the “common denominator” storage format for contacts.

Under the hood the Sentinel web application runs ColdFusion application server and a souped-up version of the Verity search engine called K2 . The web site that hosts the Sentinel application resides on a php-based opensource content management system called Mambo. I wrote a brief two-minute video tutorial that walks the visitor through the steps of how to check your Outlook contacts against the SDN using Sentinel. Basically, Sentinel grabs a fresh copy of the SDN each night, indexes the list in a database and awaits you to upload your client list. When you upload your clients, Sentinel scans each individual name and company name against its indexed copy of the SDN and reports back with your client list highlighting any potential matches in red. You can then drill down on offending records to get details on the matching records to investigate if it is in fact a true match. Searching is very fast – Sentinel can assimilate and compare a 1000 person client list against every SDN entity and each of its aliases under two seconds. The results page can be printed from the browser with the timestamp and archived for hardcopy proof of “reasonable” steps taken to ensure compliance. Best of all, Sentinel is currently offered free as a service to the legal community by my company, Legal Technology Consulting .

Room For Improvement

This one-minute process is clearly a major improvement over OFAC’s suggested method of screening names, however it still requires manual intervention on the part of the attorney and therefore doesn’t yet meet the “indistinguishable from magic” litmus test for advanced technology. Ideally this scan would occur automatically at a predefined interval and intelligently converse with a centralized billing and conflict management system behind the scenes and alert the appropriate person only when it finds a problem. Depending on the demand for such a tool, my company is prepared to allocate my time towards development of this system and to make it available for a reasonable fee. In the meantime Sentinel is currently offered free of charge on www.SDNCompliance.com . There is a concern I have heard voiced before that I wanted to address here “in order to use Sentinel client information must be transmitted in clear-text over HTTP to our server – isn’t that insecure?” To this objection I would respond by saying that it’s no more insecure than lawyers using unencrypted email to conduct sensitive communications with their clients. Unless you are currently using PGP for all email communications, this would be an unfounded complaint. Using SSL to encrypt the transmission of the client list to our server is certainly an option and one we will implement if the market demands it.

I welcome your feedback on the OFAC compliance process and the Sentinel service in particular and hope you find this free tool useful in your efforts to maintain compliance. To take part in an ongoing discussion of Sentinel-related questions, visit my personal blog at www.ScrollinOnDubs.com .

Mar 26

I’ve had my Treo 650 for just under a month now and I’m in love. My friend Benny convinced me to get one and he was right – this is the first PDA convergence device they finally got right. I was reading a forum post on TreoCentral.com and this guy was referring to it as “my precious.” I can totally see Golem salivating over this phone if it were in LOTR – “one phone to rule them all.”

Every day since I’ve had it, I’ve discovered a new feature I really like. I would love to see someone calculate the person-hours of time that went into designing this particular phone, there is so much they aced on the interface. I know some people like the convenience of receiving email on their phone – I find it decidedly inconvenient since I’m already too “wired in” as it is and being out of the office is the only escape from super-connectedness. I remember having had a BlackBerry back in the day and how bad it sucked having to receive and respond to email wherever you are – I mean you wouldn’t want the postman to follow you around and tap you on the shoulder everytime a piece of snail mail arrived, much less be accountable for responding immediately to that communication… no plausible deniability of “i didn’t get that memo” when every email comes right to your phone. So basically I don’t use the email features of the Treo. But Cingular’s MMS system has the capability to send email through their gateway so it’s an option if you need to.

All in all I dig my setup right now: I use Yahoo for all personal mail (can’t beat their spam blocking and I’m hooked on their personal organizer features and the public calendar). I use their free Intellisync software to hotsync all my contacts, notes, tasks and dates with my Treo. I use Gmail for all listservs I’m on (roughly 10 I think) and I have the free Google Desktop Search running in the background at all times to index every piece of content that comes in or out of my laptop. The Gmail does a great job of indexing my lists and for every other piece of communication, GDS is like a “helmet cam” that records everything I read or write 24/7. With their recent release of a full 1.0 product, GDS now supports PDF’s, Firefox and Thunderbird as well as ID3 tags on MP3’s and other file formats- plus there’s a third-party plugin to index Trillian chat sessions so all my IM’s (yahoo, MSN, AIM and ICQ) are indexed as well. Powerpoint, Excel and Word docs are all supported which is key in the legal tech industry when you have to hunt down a specific detail someone’s asking for. With so many disparate communication channels and a barrage of info we deal with everyday, I was having the problem of “where did I read that… was it an RSS feed, on a web site, in an email – oh no someone IM’d me that URL…” It was getting to be a scavenger hunt through web history and emails every time I needed to track down a simple reference. Now I have one place to search and I know that GDS will return accurate results immediately (it even makes a little screenshot thumbnail for each result for visually-oriented people like myself).

Other tid-bits for the Treo that probably demand entries unto themselves:

  • SoundRec – is a free app that turns your Treo into a dictaphone. very cool
  • SD Memory Card – I got a $50 512MB expansion card from Fry’s and I now have almost a CD’s-worth of storage on my treo. That translates to either 7000 photos at 640x480px or 3hrs of video at 320x200px.
  • Chess Everywhere – this ingenious program allows you to play chess with a friend over your phone. I don’t know what protocol it uses (SMS maybe?) but it let’s you play against a buddy or find a random human opponent.
  • PdaNet – exactly what I was looking for – turns your treo into a modem for your computer. It works with a USB cable or Bluetooth if you have it. Simple to use and it does exactly what it claims. Genius.
  • AvantGo – is nothing new but it’s good at what it does. I find the web browsing on the Treo to be slow enough where it’s only worth it if you need it in a bind but not for leisure reading. AvantGo however caches the content you specify to your device when you hotsync. The coolest thing is their “autochannel” bookmarklet that you can use to grab a copy of a web page you’re on and send it to your phone.

It pretty much is the ideal customized setup for what I want. I can’t imagine improving anything on this phone at this point except for adding support for 802.11 wifi but then again, I just snagged this nifty gadget from PCTEL – it’s a wifi detector that goes on your keychain and alerts you if it finds a hotspot. The trouble is I don’t know if my keychain can physically fit another gadget. My girlfriend always says “honey, you are such a dork” when I start talking about this stuff – I’ve always defended myself but occasionally I’ll have this moment of clarity when I’m emtying my pockets at the end of the day and think “wow, you know I guess you’re right.”

Mar 25

Just a note to announce progress on some projects recently completed by Lights Out and a renewal to my commitment to start journaling more on this blog. I have been brainstorming a bit and have some great ideas for future articles. Below is a scan of topics I plan to cover in the coming months. This list spans a wide variety of topics I know but the idea is to distill the cool insights and tricks I’ve come across and share anything that fits the description "man, i wish someone would have just told me this in the first place." This may be gibberish to most but the topics I have in mind are:

I was also just recently tapped to write a consultant’s column for Law Office Computing magazine so between that, my blog, my and my AZIPA postings, I will be doing quite a bit of writing in the coming months.
Now for what’s been happening w/ me…
I just completed three separate web development projects- pocc.info, burythetanks.com and ritef1o.com. They basically consumed most of my free time for the past few months so that’s why this blog has been so silent. Each project offered different challenges and I thought I’d give a quick summary here of what I learned from each. The overall takeaway is that Mambo abolutely rocks. It’s an opensource php/mysql-based content management system that I’ve fallen in love with for constructing and maintaining web sites. It runs cross platform, has an intuitive interface for administration, generates dynamic pages that are friendly for the search engines with the help of the 404SEF component (thanks Bill!), generates XHTML-compliant code, supports inline edit (which is key for people that aren’t very tech savvy who want to maintain content), has a superb development community behind it and has a slew of third party add-ons to extend its capabilities. I used it for all three sites I recently finished and can’t praise it highly enough. I had looked at a bunch of options before selecting mambo. The ones I vetted:

  • PHP-nuke – more suited for hobby sites like gamers use
  • EZ Publish – looked promising but could never get it to work on windows
  • Typo3 – powerful but was just overkill for what i needed
  • Site Lite – didn’t seem to have the developer support that mambo did

There were only about a kajillion options to choose from but those four seemed to be the most talked-about in the forum posts that I read. Mambo installed first time no troubles and had a great wizard interface that made setup a breeze. It required a few tweaks to the php.ini file to get it to work on windows but other than that it was a clean install. Learning the administrator interface was fairly straightforward too. The one gotcha for me was getting used to the way news content items, categories and sections work. I still don’t have a crystal-clear understanding of the difference between sections and categories but I’m wingin’ it and it seems to work. The greatest strength with this CMS is the extensibility through the development portal called MamboForge. It’s like a SourceForge exclusively dedicated to mambo add-ins. The 404sef component takes the cake as being most useful, it has been instrumental in helping secure a #1 ranking on MSN for one of the sites I created as I’ll explain later. The other component I find very helpful is the Facile Forms tool – it’s basically an elegant way to build forms using a visual interface and it handles the validation, database-related logic and provides a way to browse records. It also makes it easy to package your forms in xml and deploy them and share them with others or simply re-use them for other projects.

The Pocc.info site is for a neighborhood coalition group in my parents’ neighborhood that is fighting Donald Trump’s proposed building in the Camelback Corridor neighborhood. He’s trying to trample the zoning rules that were in place that would prohibit a building as tall as he wants from going up in that neighborhood. This project was mostly vanilla content organization stuff but it taught me some lessons in collaborating w/ a client that doesn’t even have an internet connection much less a thorough understanding of web sites! I also learned that mambo makes it easy to delegate pieces out to others – I’m used to being a solo act handling all aspects of writing code, doing design, adding/maintaining content. On this project we found a highschool kid who is good with computers that we made an administrator and was able to help with most of the scanning and updating of content. Three cheers for mambo on providing a framework that made this possible.
The other thing that was kind of neat for this project was generating a fax for each member that signed up on the site. As I mentioned, the client had zero internet connection and relied heavily upon his secretary and his fax machine for info. Lights Out delivered a custom solution that used an internet fax gateway to translate emails into faxes and send them to the client. nifty.

The BuryTheTanks.com site was a pro-bono endeavor that a neighbor and I took on for our own neighborhood. The City of Scottsdale and Arizona American Water Company are behaving like idiots regarding the construction of this Arsenic Treatment Facility directly behind my house. As you might expect, I’m not thrilled with this idea but what really ticks me off is that they’ve used less than scrupulous tactics to push through the right to construct two ENORMOUS 28’x117′ storage tanks that will loom in my backyard. There are too many problems to name here, that’s why we created a site to tell our story. The cool things I learned in constructing this project:

  • ThisCause.org is a site that makes it a snap to create and host an online petition. you can use your mouse to sign it and it counts as a valid handwritten signature. This is waaay useful because it removes the friction from the process of getting signatures and makes it easy to get a lot of people involved quickly. It’s a great tool I would recommend to anyone with a cause.
  • I tinkered with the javascript behaviors pallette in dreamweaver mx and was able to make a cool interactive piect that pokes fun at the ridiculous suggestion that we can choose our artwork we’d like to decorate this storage tanks.
  • I also had the opportunity to play with the macromedia flv exporter tool for doing embedded video and in webpages. It’s a great alternative to linking to an external wmv or mpg and has great compression plus it uses flash which is nearly ubiquitous now and it streams so it begins palying instantly. very cool stuff.

The RiteF1o site (can’t provide a link due to privacy concerns of my client) has been a colossal undertaking that for awhile was consuming about three hours each night. I’ve been tracking my time on this project and have accounted for over 100 hours of development (and the cms framework code was already built). It seems to have paid off though – within the first week of launching the site, it has achieved the number one slot on MSN and a front-page ranking on yahoo. Of course, I can’t take sole credit for this achievement- we contracted High Ranking Domains to help with the SEO features and as I mentioned, I used the 404SEF mambo component to generate search-engine-friendly URL’s which seem to have really helped. There’s so much involved in SEO (the more I read about it the more I realize how little I know) that we decided to stick with our motto of core competencies and defer to another company that specializes in SEO.
The other lessons I’ve gleaned from this project-

  • Yahoo store is a great option for getting an ecommerce solution in place quickly. We secured the merchant account in three days (it took a month to get our pubcrawl merchant account). Their setup and administration is what you would expect from yahoo- beautiful interface. There was a great thread on azipa that talked about the features to look for in evaluating commerce systems. Yahoo is a great hosted solution. we will be looking to move to something like OS commerce or potentially Suite Spot once we have cleared the FDA audit process and are ready for a more robust commerce setup.
  • there’s a slick freeware tool for making the custom site icon you see in the address bar for some sites. you do this by placing this special image file called favicon.ico in the site root and referencing it with special syntax in the head tag. i’ve seen a bunch of programs that can do this but they all charge. someone finally created a free one. the tool is a fileformat plugin for photoshop that allows you to save in the .ico format, it can be found here.
  • Groove Virtual Office has been a lifesaver in streamlining the collaboration process for this project. Obviously Microsoft recognized how valuable they were because just a week ago they acquired them. Groove is another piece of software like Mambo that I just can say enough good things about. There are few applications these days that blow me away with surprising potential possiblities but this is one of them. Very briefly, it provides super-secure collaboration amongst people that are occasionally-connected and working remotely (there’s a real term for that but it evades me at the moment) and has "peripheral awareness" features built in to facilitate interactions like those that occur in a physical office space. Groove is the culmination of 5 yrs(?) work by Ray Ozzie and his team (the guy who founded Lotus Notes) and is a mature wonderful product. I use it both in my day job as well as my freelance business to share info and track project status. An example of how it came in handy the other day- my truck’s power steering went out on the way into work one morning. I diverted to a local garage near my house and phoned my boss to tell him I would be late but I had my laptop on me and was running groove. I fired it up and was able to work even without a connection because it caches local versions of all the files in a project. The hour I spent in the garage while the mechanics fixed my truck was actually one of the most productive hours I had that week because I was entirely free from the distractions of email, IM and web so I was able to knock out an interface for showing animations for an upcoming trial we have in May. When I got back into the office and got online, my changes immediately broadcast to the seven other people sharing that workspace and the interface got rave reviews. Score one for the Groove dev team – this is exactly the type of "roll with the punches" situation that their software claims to be able to handle.

So there’s been a lot going on for me sideproject-wise, so much so I’ve completely neglected to finish the Lights Out web site. I plan to carve out more time for posting here though because, well, i wish more people would take the time to condense their "ah ha" moments and archive them for others. Actually I’ve always talked about writing a book called "the crap that someone should have told me in the first place" – i have about 20 entries already of little random tid-bits of everyday practical knowledge. It would be cool to make a wiki for that and allow others to contribute- I know Lessig is having the public write his second edition of the Code book – kind of a cool way to author something and get an immediate fan base. Well, back to recovering from this 3-day tour of duty St. Patty’s weekend. Gotta plan my bro’s bachelor party now…

sean

preload preload preload