Open Password – Wednesday, May 26, 2021
#926
Cold War in Cyber Space – Cyber Disarmament – John Feffer – thenation.com – Stuxnet – Iran – Aramco – North Korea – Sony Pictures – Chinese Hackers – US Patents – Russia – Ukraine – Chinese Government – USA – Russian Malware – Wanna Cry – Not Petya – Shadow Brokers – Zero-Day Exploits – National Security Agency – Cyber Mission Teams – Kim Zeter – Larry Hall – Outsell – Pandemic – All-or-Nothing Strategy – Hugh Logue – Funding Rounds – Legal Tech – Rocket Lawyer – Clio – Vista Credit Pertners – Rocket Lagal Cloud – Edition Lefebvre Sarrut – Legal Practice Management Software – XIRA Connect – Legal Consumer Market – AI Document Review – LegalZoom – FindLaw – In-Person Legal Services – Plugins with Platforms – Bringing Down the Cost of Accessing Legal Support – Science communication – Infodemic – University of Hildesheim – Christian Drosten – Hendrik Streeck – Artificial intelligence – Hate speech – Home office – Pandemic – IoT Inspector – Household and home devices – Rainer M. Richter – Security gaps – Federal Office for Security and Information Technology
I
Outside the Box: Chronicles of the Cold War in Cyberspace
II.
Cover Story: In Pandemic Times an All-or-Nothing Strategy – Legal Tech Providers Rocket Lawyer and Clio Fuel up to Take on the Same Market
III.
Events at the University of Hildesheim on democratic discourse
Home office: Hardly secured
Outside the box
Chronicle of the Cold War in Cyber Space:
2009 – 2023
Cyber disarmament is possible,
but rarely sought
John Feffer, The Cyber Cold War is Here, in: thenation.com . The cyber war has long since begun. The following are milestones from the last decade:
2009 Stuxnet, a US-Israeli development, destroys a thousand uranium enrichment centrifuges.
2012 Iran destroys 30,000 computers belonging to Saudi oil company Aramco with malware.
2014 North Korea attacks Sony Pictures, which depicted a fictional attack on Kim Jong-un in a film. Chinese hackers seek to collect US patents while Russia supports a right-wing candidate in Ukraine’s presidential election.
2015 USA and Chinese agree to mutually refrain from cyber attacks. After that, Chinese attacks on US infrastructure fell by 90%. After Donald Trump imposed economic sanctions on China, Chinese hackers are returning to their old ways. The Russian government had expressed interest in an agreement similar to that with China, but had not received interest from the Obama administration.
2016 Russian malware knocks out heating and electricity in Ukraine, influences Brexit and the American election, and undermines the security measures of a Saudi oil company. Wanna Cry, a North Korean imitation of an NSA development, attacks British hospitals, Indian airlines, Chinese gas plants and US power plants, causing $4 billion in damage. The Russian plight of Petya is causing $10 billion in damage, especially in Ukraine and the USA.
2017 The “Shadow Brokers” publish twenty of the most important zero-day exploits (“You don’t have another day to repair the damage discovered”) from the US National Security Agency.
2019 The NSA has a budget of ten billion dollars, 6,000 employees and 133 “cyber mission teams”
2021 Kim Zeter: “Cyberweapons can be easily obtained on underground markets or, depending on the complexity of the system being targeted, custom-built from scratch by a skilled teenage coder.” – Larry Hall, a former employee builds an underground “Survival Condo “to be completely independent of the US infrastructure – this in the event that the entire infrastructure is paralyzed by a hack.
2023 Every person on earth has an average of 3.6 devices that are integrated into networks and can therefore be hacked.
Feller concludes: “It’s not too late. But to prevent a rush to the bunkers will take a concerted effort by the major players – the United States, Russia, and China – to recognize that cyber war would at best, produce the most pyrrhic of victories.”
Outsell’s Second May Contribution
In Pandemic Times an All-or-Nothing Strategy:
Legal Tech Providers Rocket Lawyer and Clio
Fuel up to Take on the Same Market
By Hugh Logue, Director & Lead Analyst
Two legal solution providers have secured large amounts of funding to tackle the same legal consumer market opportunities from two different ends of the market.
___________________________________________________________________________
What to Know and Why It Matters
___________________________________________________________________________
Two legal solution providers that target the small to mid-sized law firm market have recently closed large funding rounds. Clio (Themis Solutions Inc.), a cloud-based legal practice management provider, announced that it raised a further $110 million in Series E funding to bring its total funding to $386 million. It plans to use the latest funding round to accelerate product development (by expanding product and engineering teams by 40% in 2021) and to make strategic acquisitions. The funding follows Clio’s 2019 Series D funding round of $250 million; at the time, this was a level of investment almost unheard of in the legal tech space.
Clio provides law firms with the tools they need to run their practices, such as calendaring, time-tracking, note-taking, document management, billing, and other tools. The company, headquartered in Vancouver, primarily serves the US market but opened offices in Ireland in 2013 to serve the legal industry in the UK and Europe. Outsell estimates Clio’s revenues at $80 million for 2020, an increase of 23% over 2019.
Meanwhile, the legal marketplace website Rocket Lawyer recently announced growth capital financing of $223 million, led by Vista Credit Partners, the credit-investing arm of Vista Equity Partners. Rocket Lawyer and Vista plan to use the investment to scale Rocket Legal Cloud, a legal practice management software that competes with Clio.
Vista Equity Partners has extensive experience in the legal tech market, having invested in several companies, including Aderant, Mitratech, and Zapproved. In 2016, Rocket Lawyer also gained the support of Editions Lefebvre Sarrut (ELS), through a joint venture, to launch Rocket Lawyer in continental Europe. ELS is the leading legal and regulatory information provider in France and the fourth largest in the world.
Outsell estimates Rocket Lawyer’s revenues at $60 million for 2020, an increase of 20% from 2019. However, Outsell also estimates that Rocket Lawyer has 300 employees, almost half Clio’s 575, which Clio plans to increase to 1,000 by the end of 2021.
While Clio is investing in moving into Rocket Lawyer’s consumer space, Rocket Lawyer is doubling down to invest in Clio’s legal practice management software space.
__________________________________________________________________________________
Analyst Rating: Neutral
__________________________________________________________________________________
Based on Outsell’s revenue estimate, Clio’s valuation of $1.6 billion puts the business at 20 times its revenue. Outsell estimates the size of the global Legal Practice Management Software market, within which Clio operates, at just under $1.9 billion in 2020. While Clio may have great things ahead, its valuation looks a little frothy for today’s market.
This is especially true given that the race to the bottom of the Legal Practice Management Software market is causing the bottom of the market to fall away, as we saw at the end of 2020 when XIRA Connect launched a free suite of cloud-based practice management software tools.
Clio’s valuation is clearly based on the hope that it will be able to serve a largely untapped mainstream legal consumer market, but it has yet to properly launch products and reposition its revenue models for that purpose. The risk for Clio in taking on so much funding is that it now becomes an all-or-nothing strategy for the company.
In Outsell’s view, Rocket Lawyer will be able to produce a quicker return on investment, as the $223 million will go to accelerate the development of its current products without needing it to significantly change its positioning or revenue structure. However, it needs to invest in innovation, as its current legal forms are quite static and could benefit from the addition of automation technologies such as AI document review.
__________________________________________________________________________________
Winners and Losers
_________________________________________________________________________________
There are a number of players vying for the consumer and small business marketplace. While Clio is firmly established among small law firms, gaining market recognition in the consumer space will be a challenge that will require considerable marketing spend. It will be competing with the likes of Internet Brands, LegalZoom, and Thomson Reuters FindLaw. In this extremely competitive online environment — terms related to legal services are some of the most expensive pay-per-click keywords in Google AdWords — Clio will quickly burn through its funding if it doesn’t adopt alternative strategies to maximize its marketing budget.
However, Rocket Lawyer comes from the other end of the spectrum. It spent 13 years building a successful brand presence in the legal consumer and small business space, and while its brand is not as well known as that of its larger competitor LegalZoom, it has served over 25 million people and organizations. With this foundation, its established consumer-facing customer services team, and its existing cloud-based legal technology, Rocket Lawyer’s new investment could enable it to come out ahead of Clio if the two end up competing head to head.
___________________________________________________________________________
What’s Next
___________________________________________________________________________
Clio needs to increase its revenues and expand into the legal consumer space; it stated that its latest funding would let it make strategic acquisitions that could achieve these objectives. It could approach Internet Brands to potentially acquire one of its consumerfacing legal marketplace websites, such as Avvo, or Levine Leichtman Capital Partners to acquire Best Lawyers, but these online directory-type websites look increasingly dated.
Instead, Clio needs to use its law firm customers to access consumer market opportunities. That said, while this is a partnership model that Rocket Lawyer has already developed, Clio might struggle to convince law firms that it is not cannibalizing their customers’ revenues.
Clio and Rocket Lawyer would also make a good merger candidate, as there are clear synergies between the two, and they both have strengths in areas where the other is weak.
__________________________________________________________________________________
Essential Actions
__________________________________________________________________________________
The legal consumer space offered good growth opportunities prior to the pandemic. However, the pandemic accelerated demand for cloud-based digital legal solutions even further, both for law firms and legal service consumers. In Outsell’s view, most legal service consumers are unlikely to return to in-person legal services once the pandemic ends, and both Clio and Rocket Lawyer will benefit from this. With that in mind, Outsell recommends the following actions.
- Move to Where Legal Needs Arise
With so much of the world’s economic activity now online, a trend that only accelerated during the pandemic, legal solution providers need to be one or two clicks away from where legal needs arise online. This means developing affiliate plugins with consumer-to-consumer marketplaces, real estate platforms, gig economy platforms, etc. Providers also need to watch for large consumer-facing brands building their own legal solution offerings, especially given the emergence of nonlawyer ownership of law firms in the US.
- Target the Latent Demand for Legal Services
Solution providers can develop new market opportunities by targeting the latent market in the legal services sector. The latent market is driven by the fact that, for many transactions, the cost of instructing a lawyer is prohibitive relative to the value of the transaction. By applying new automation technologies, self-serve legal information providers can tap into this latent market by bringing down the cost of accessing legal support. Far from being a threat to law firms, this provides new opportunities for them to partner with these providers to deliver premium legal advice for more complicated matters.
Outsell is the international partner of Open Password.
Save the date and call for submissions
How do we cope with the infodemic
during Corona times?
July 2, 2021, online conference “Interdisciplinary research approaches to science communication and information behavior in the Corona pandemic (InFoCoP).” https://www.uni-hildesheim.de/fb3/institute/iwist/forschung/forschungsprojekte/aktuelle-forschungsprojekte/ interdisciplinary-research approaches-to-scientific-communication-and-information-behavior-in-the-corona-pandemic-infocop/#c129213
In the corona crisis, it is essential that the civilian population informs themselves about the COVID-19 virus and follows the recommendations of experts or the measures ordered. Due to the novelty of the virus and the acute need for action on the part of each individual, there was an increased need for information, especially at the beginning of the corona crisis. Scientists like Christian Drosten and Hendrick Streeck played an important role in communicating corona-related information games in Germany, and the in-depth scientific policy advice during the current crisis is often seen as one of the reasons why Germany has so far been less affected than other countries.
On the other hand, the polarization of society is once again evident in the corona crisis, because at the same time hate comments on the internet in the corona discourse are increasing again, between the different opinion groups, but also against the scientists themselves involved in the discourse. Therefore, in the context of the corona pandemic, the The term infodemic is mentioned. The Corona crisis has thus drawn more attention than previous crises to how science communication should be carried out in times of crisis and has shown how important technically correct information is in such situations.
The program will follow shortly. The InFoCoP conference is part of the WInCo project (Science Communication in the Information Crisis surrounding the COVID-19 pandemic) funded by the Lower Saxony Ministry of Science and Culture. The aim is to compile and discuss the state of research on science communication, reporting and information behavior in times of the corona pandemic from an interdisciplinary perspective. The question of the extent to which we can derive quality criteria for high-quality and effective scientific communication or information transfer from the findings of current research should play an important role.
Lecture format: 15 minutes plus 5 minutes discussion time. There is no conference fee. In particular, but not exclusively, scientists from linguistics, information science, library science, computer science, media and communication science, psychology, social science, political science and journalism are invited. If you are interested in a short presentation, please send a short abstract (max. 300 words) to jakisy@uni-hildesheim.de by June 4th, 2021. You will receive notification of acceptance or rejection of your abstract from us by June 14th, 2021.
University of Hildesheim
Artificial intelligence against hate speech
July 10, online conference “AI against hate speech”. The topic of /artificial intelligence/ and /hate speech/ is discussed online with interested parties. Knowledge on the topic is communicated transparently and the opportunities and limitations of detection systems are viewed in a differentiated manner. Hate speech is a significant problem, particularly in online media, and is increasingly perceived as a social threat. Hateful messages make objective public discourse more difficult and thus endanger the formation of democratic opinions.
The public debate on the topics of hate speech and artificial intelligence is usually limited to a succinct presentation of scientific findings or research processes. Uncertainties or the presentation of scientific opposing positions on the topic are usually avoided. Scientific processes for automatically detecting hate speech are also often presented as complete. The reports on the topic reflect approaches to detecting hate speech quite uncritically and are in contrast to the much more cautious attitudes of those who work on such systems.
The program includes short lectures, the presentation of tools and a panel discussion. The event takes place online. Participation is free of charge. To register, send an email to/cetta@uni-hildesheim.de/ with the subject “AI against online hate” and you will receive further information about the program and access information to the conference tool by email.
Home office
Hardly secured
(IoT) Millions of jobs were relocated to their own four walls as a result of the corona pandemic. While just under four percent worked from home before the crisis, a quarter of employees in Germany now work from home. The majority of households use smart devices with a connection to the home network – routers, smart vacuum cleaners, media systems, lighting controls or smart locking systems. However, nine out of ten of these devices have blatant security gaps in the firmware, according to studies by IoT security specialist IoT Inspector. For the “(I)IoT Security Report 2021” study, 260 companies from the IT industry were surveyed – 57 percent see these devices as a risk of hacker attacks on company networks.
“These smart household and home devices are a Trojan horse that allows hackers to gain relatively easy access to a Wi-Fi network in the home. They can be used to attack integrated computers and ultimately also company networks that are accessed via VPN, for example,” explains Rainer M. Richter, Managing Director of IoT.
Home office as a key to the company network. Although 57 percent of those surveyed consider a VPN connection to be secure, none of the 260 company representatives surveyed consider this form of encryption to be “very secure”. 30 percent, on the other hand, classify the encryption as “less secure” or even “insecure”. “Accessing the local home network and infecting a computer in it is the key to the company network. Once this happens, there is rarely anything in the usual company setup that protects against attacks with ransomware or other malware,” says Richter.
With the IoT Inspector platform, his company enables one-time or ongoing checking of the firmware of such IoT devices for security gaps and possible entry points for cyber criminals. The gaps range from the WLAN key, which can easily be read in plain text, to hidden administrator access in the firmware, with which hackers can start to wreak havoc in just a few minutes.
BSI warns of vulnerabilities in WLAN routers. There are hardly any security measures or guidelines for such gateways in companies, and there is no awareness of the risk – 71 percent of company representatives are certain that traditional security mechanisms are no longer sufficient to cover risks from IoT devices. 71 percent are also of the opinion that the measures to secure IoT devices are not sufficient. Seven percent even gave the school grade “poor”, only 12 percent of those surveyed consider the measures to be sufficient. The latest warnings from the Federal Office for Information Security on May 12th underline these assessments. The BSI publishes an explicit level 3 warning – “the IT threat situation is business-critical”. The vulnerability for so-called “FragAttacks” affects WLAN routers from almost all manufacturers.
OpenPassword
Forum and news
for the information industry
in German-speaking countries
New editions of Open Password appear four times a week.
If you would like to subscribe to the email service free of charge, please register at www.password-online.de.
The current edition of Open Password can be accessed immediately after it appears on the web. www.password-online.de/archiv. This also applies to all previously published editions.
International Cooperation Partner:
Outsell (London)
Business Industry Information Association/BIIA (Hong Kong)
Open Password Archive – Publications
OPEN PASSWORD ARCHIVE
DATA JOURNALISM
Handelsblatt’s Digital Reach