Please advise me about how to respond to a question from a potential client

53 views
Skip to first unread message

G. Swain

unread,
Feb 7, 2012, 4:48:30 AM2/7/12
to Honyaku E<>J translation list
Dear colleagues, I wonder if you could help me respond to a question I
got from a potential client.

I had a meeting with someone from a large multinational corporation
today. It went fairly well and I'm hopeful it might lead to work in
the future.

As we were wrapping up, he said, "OK, to re-cap, we need you to
provide us with X and Y - oh, and include some information about how
you will guarantee the security of our data."

Now, security is a core part of this company's business and it's no
surprise that they are very sensitive about how their data is handled.
I imagine this refers to things like password protection, encryption,
perhaps using unconnected computers to do the translation, and
uploading/downloading to/from a dedicated server using IDs and
passwords instead of regular e-mail.

Am I missing something? Is there anything else I should (or can) do to
"guarantee" the security of the company's sensitive material? I am
really keen to work with this company and don't want to look like a
fool when I get back to them.

All advice would be appreciated. Thanks in advance.

Gareth Swain
Osaka, Japan

Richard Sadowsky

unread,
Feb 7, 2012, 5:18:17 AM2/7/12
to hon...@googlegroups.com
Gareth,
Might it also be wise to say that you a have confidentiality agreement with
any freelancers you might subcontract the work to?
I'm curious as to what others have to say on other measures, as well.

Richard

--
Richard Sadowsky, Awajishima

Eleanor Goldsmith

unread,
Feb 7, 2012, 6:12:33 AM2/7/12
to hon...@googlegroups.com
G. Swain wrote:
> I imagine this refers to things like password protection, encryption,
perhaps using unconnected computers to do the translation, and
uploading/downloading to/from a dedicated server using IDs and passwords
instead of regular e-mail.

One of the agencies I work for in Japan has recently requested that I send
all completed translations as password-protected zip files, sending them the
password by a separate e-mail. Apparently this is a requirement in order to
comply with some new standard (ISO or JIS, I'm not sure), or something.

Hope this helps!

Best wishes,

Eleanor Goldsmith

Gareth Swain
Osaka, Japan

--
You received this message because you are subscribed to the Honyaku Mailing
list.
To unsubscribe from this group, send email to
honyaku+u...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/honyaku?hl=en?hl=en

Wataru Tenga

unread,
Feb 7, 2012, 6:44:58 AM2/7/12
to hon...@googlegroups.com
G. Swain wrote...

>Is there anything else I should (or can) do to
>"guarantee" the security of the company's sensitive material?

(1) Use state-of-the-art malware protection programs.
(2) Protect your system with a strong logon password.
(3) If you use online backup, avoid popular services like Dropbox and go
for the secure ones like Backblaze and Crashplan.
(4) Keep P2P, torrent, and other file sharing programs off your system.
(5) Don't carry your data on USB memory or on laptops taken to coffee
shops.

Wataru Tenga, Tokyo

Scott Mason

unread,
Feb 7, 2012, 9:33:50 AM2/7/12
to hon...@googlegroups.com
Hi Gareth,

One thing you might say is that you have your computers locked down
according to the latest NSA hardening guidelines. That should impress
them.

http://www.nsa.gov/applications/search/index.cfm?q=hardening%20guidelines

I think you also should be able to certify that you securely delete
their data and files after you finish using it, and that all printouts
and removable media are shredded, etc. and securely disposed of.

You might also state that you do not use the cloud for anything on my work
computers.

Scott Mason

G. Swain

unread,
Feb 7, 2012, 8:16:38 PM2/7/12
to Honyaku E<>J translation list
Thanks to Richard, Eleanor, Wataru, and Scott. Very helpful and much
appreciated.



> Gareth Swain
> Osaka, Japan

G. Swain

unread,
Feb 8, 2012, 8:21:53 PM2/8/12
to Honyaku E<>J translation list
Just to add: Also offline replies from a couple of people.

Thanks to all.

> > Gareth Swain
> > Osaka, Japan

Frode Aleksandersen

unread,
Feb 10, 2012, 10:43:18 AM2/10/12
to Honyaku E<>J translation list
On Feb 7, 8:44 pm, Wataru Tenga <wte...@gmail.com> wrote:
> (3) If you use online backup, avoid popular services like Dropbox and go
> for the secure ones like Backblaze and Crashplan.

Just curious, but what's wrong with Dropbox? They use AES256 and SSL
to store your date last time I checked.

/frode

Wataru Tenga

unread,
Feb 10, 2012, 5:02:09 PM2/10/12
to hon...@googlegroups.com
Frode Aleksandersen wrote...

>> (3) If you use online backup, avoid popular services like Dropbox and
go
>> for the secure ones like Backblaze and Crashplan.
>
>Just curious, but what's wrong with Dropbox? They use AES256 and SSL
>to store your date last time I checked.

The services I mention make it impossible for anyone but you to see your
data; even if their company were to receive a court order, there is no
way their staff can access customer-stored data. DropBox and other such
services, on the other hand, not only can access customer data as plain
text but state in their terms of use that they will show it to
authorities if requested to.

For more about the issues, Google "Dropbox security" (no quotes) and
read comments by Ed Bott, Ryan Singel, Bruce Schneier and others.


Wataru Tenga, Tokyo

Alan Siegrist

unread,
Feb 10, 2012, 7:13:45 PM2/10/12
to hon...@googlegroups.com
No, I believe that Wataru's objections to DropBox are solely political in
nature.

DropBox cooperated with the United States Department of Justice and so
Wataru (and the others he mention) appear to want to punish them for doing
this.

Wataru Tenga writes:

> > Just curious, but what's wrong with Dropbox? They use AES256
> > and SSL to store your date last time I checked.
>
> The services I mention make it impossible for anyone but you to
> see your data; even if their company were to receive a court order,
> there is no way their staff can access customer-stored data.
> DropBox and other such services, on the other hand, not only can
> access customer data as plain text but state in their terms of use
> that they will show it to authorities if requested to.
>
> For more about the issues, Google "Dropbox security" (no quotes)
> and read comments by Ed Bott, Ryan Singel, Bruce Schneier and
> others.

Regards,

Alan Siegrist
Carmel, CA, USA

Steven P. Venti

unread,
Feb 10, 2012, 7:20:04 PM2/10/12
to hon...@googlegroups.com
"Alan Siegrist" <AlanFS...@Comcast.net> wrote:
> No, I believe that Wataru's objections to DropBox are solely political in
> nature.

Please take this aspect of the discussion elsewhere.

Steve Venti, on behalf of
---------------------------------------------------------
Pam Ikegami, Stephen Carter, Steven Venti
Administrators of the Honyaku mailing list
Honya...@yahoogroups.com
https://sites.google.com/site/honyakumailinglist/
---------------------------------------------------------

Wataru Tenga

unread,
Feb 10, 2012, 7:23:45 PM2/10/12
to hon...@googlegroups.com
Alan Siegrist wrote...

>I believe that Wataru's objections to DropBox are solely political in
>nature.
>
>DropBox cooperated with the United States Department of Justice and so
>Wataru (and the others he mention) appear to want to punish them for
>doing this.

Political or not, they are legitimate factors to consider; nor are they
solely political, as you suggest, since the policies are baked into the
technology. Gareth wants to know how to satisfy the security needs of a
potential customer, and that is was I was addressing.

Wataru Tenga, Tokyo

Alan Siegrist

unread,
Feb 10, 2012, 7:24:15 PM2/10/12
to hon...@googlegroups.com
Steven P. Venti writes:

> > No, I believe that Wataru's objections to DropBox are solely
> > political in nature.
>
> Please take this aspect of the discussion elsewhere.

I will certainly do so as long as Wataru halts his unfounded and unwarranted
public criticisms of DropBox.

Alan Siegrist

unread,
Feb 10, 2012, 7:52:18 PM2/10/12
to hon...@googlegroups.com
Despite the warning from List Admin Steve Venti, Wataru Tenga is still
continuing his political attack.

Does this mean that this topic is still open for discussion on this list or
not?

I would like some clarification from the List Administrators, please.

Wataru Tenga writes:

> > DropBox cooperated with the United States Department of Justice
> > and so Wataru (and the others he mention) appear to want to punish
> > them for doing this.
>
> Political or not, they are legitimate factors to consider; nor are they
solely
> political, as you suggest, since the policies are baked into the
technology.
> Gareth wants to know how to satisfy the security needs of a potential
> customer, and that is was I was addressing.

Regards,

David J. Littleboy

unread,
Feb 10, 2012, 8:06:19 PM2/10/12
to hon...@googlegroups.com
From: "Alan Siegrist" <AlanFS...@Comcast.net>

> Despite the warning from List Admin Steve Venti, Wataru Tenga is still
> continuing his political attack.

Ah. I was just about to address this. Here's what I was about to post:

Hmm. Since this is my bailiwick, allow me to point out that Wataru's point
that there exist services whose claim to fame is that they_cannot_ allow
third parties to read your data is a _technical_ point. From a Computer
Science standpoint, that's a technical point relevant to the question at
hand.

And a quick Google search reveals that paragon of liberal/progressive
advocacy, The Economist, pointing out that DropBox continues to have
problems, and that there are other services that don't have those problems.
So Wataru hasn't said anything not available in conservative publications.

http://www.economist.com/blogs/babbage/2011/05/internet_security

"SpiderOak, by contrast, cannot disclose its customers' files, even if it
wanted to. That is because it lacks tools to tap any of the data it stores
on behalf of users. However, this "zero knowledge" means that if a user
loses his key, he can never again access those data."

Alan, I don't understand why you take factual criticisms of DropBox so
personally. Feel free to explain that over at not-honyaku-redux.

> Does this mean that this topic is still open for discussion on this list
> or
> not?
>
> I would like some clarification from the List Administrators, please.

Again, it's my opinion here (as someone with a Comp. Sci. background) that
Alan is completely dead wrong on this issue from a simple technical
standpoint. It's not political, it's technical.

David J. Littleboy
Tokyo, Japan


kanji saito

unread,
Feb 10, 2012, 8:16:30 PM2/10/12
to hon...@googlegroups.com
オンラインでのファイルバックアップについて。

技術的に第三者が読めない(AES256 and SSL)とか、契約事項に第三者(国や警
察など)が必要に応じて読むことができる、あるいはできない、というようなこ
とに関わらず、インターネット上にファイルを置く、と聞いただけで、拒絶反応
を示すクライアントもたくさんいます。

だから、仕事関連のファイルはオンラインのバックアップをしていません、と伝
えた方がいいかも。

斉藤 完治

Benjamin Barrett

unread,
Feb 11, 2012, 4:47:26 AM2/11/12
to hon...@googlegroups.com


I was not able to understand why the conversation was squelched.

Whether Alan's assessment of Wataru being political was correct or not (the one before the one cited above), it was an interesting and relevant comment that did not attack Wataru. I have no interest in using DropBox, so the conversation is not directly relevant to me, but I was greatly enlightened by Alan's comment.

As a human being and a translator, I felt learning both sides of this issue was important.

My impression is that Honyaku has become a forum where you must walk on eggshells because of the constant threat of being censored. I cannot imagine remaining a member much longer because of that threat.

Benjamin Barrett
Seattle, WA

Noah SILVA

unread,
Feb 27, 2012, 10:07:33 PM2/27/12
to Honyaku E<>J translation list
Hi,

This (Password protected zip file) approach is sadly common in
companies because it is convenient. It isn't, however, particularly
secure or efficient. If they are serious about security, they will
have an SCP/SFTP server set up, and/or some sort of PKI system (PGP
mail, Lotus Notes PKI, etc.).

You should ask them about those things and gauge their response. If
they don't know what those are, then they are probably not really that
strict, and encrypted ZIP files (hopefully AES encrypted with a long
complex password) by email might be acceptable.

If you are using Mac OS 10.7 or Windows (7?), there is built-in full
disk encryption, so that even if you lose a laptop, nobody can get at
the data. You can tell them you will use that and do the translation
on a computer or VM that doesn't have any unrelated software
installed.

Completely disconnected computers may be overkill, depending on the
nature of the documents. (Most malware these days is in the form of
Trojans that users are duped into voluntarily installing on their own
computers).

I also second the NSA link provided by the other poster.

Thank you,
Noah Silva

On Feb 7, 8:12 pm, Eleanor Goldsmith <eleanor.goldsm...@clear.net.nz>
wrote:

Keith Wilkinson

unread,
Feb 29, 2012, 8:53:23 AM2/29/12
to Honyaku E<>J translation list
How much would it cost a determined hacker
to crack the password of that confidential file?
The following article is rather dated (cloud com-
puting costs are falling rapidly), but the answers
in the article may surprise you.
http://news.electricalchemy.net/2009/10/password-cracking-in-cloud-part-5.html

Jonathan Michaels

unread,
Mar 1, 2012, 7:37:45 PM3/1/12
to Honyaku E<>J translation list
On Feb 29, 10:53 pm, Keith Wilkinson <keith.s.wilkin...@gmail.com>
wrote:
> in the article may surprise you.http://news.electricalchemy.net/2009/10/password-cracking-in-cloud-pa...

Unfortunately in the approach referred to by Eleanor earlier in this
thread (sending the confidential information in a password-protected
ZIP file attached to one email and the password in another email),
which I've also encountered among Japan-based translation agencies, no
brute-forcing is required. Heck, any adversary capable of obtaining
the password-protected ZIP file is by definition trivially capable of
obtaining the password using the same method.

I wonder who came up with that "method", and whether the person who
came up with it actually believed it to be more secure than a
plaintext email attachment, or just figured that it might reassure
people with no computer knowledge.

Jonathan

----------
Jonathan Michaels
Mito, Ibaraki

sh

unread,
Mar 10, 2012, 8:44:35 PM3/10/12
to hon...@googlegroups.com
Hello members

Here is a job posting:

1) Japanese to German/French translator
2) Content: sentence like resume
3) Count : 1400 Japanese characters
4) Delivery date: 3/16

If you are interested in this job, contact with the address below as soon as
possible.

hosa...@ybb.ne.jp

Saneyuki Hori


Reply all
Reply to author
Forward
0 new messages