Confidentiality

All services are not equal

Only through a mix of careful planning, execution and monitoring can confidentiality can be maintained. It requires a blend of technological expertise, behavioral enforcement, legal contracts and understanding of internet jurisdiction.

Confidentially is of the utmost importance, there are so many things that can compromise confidentiality that it would take volumes to cover them all, suffice to say good intentions don't mean much. All transcription providers state they are secure yet few reflect it in their infrastructure and behaviour. For confidentiality and security to be effective there must be excellent protective measures, both technically and in policy. Furthermore, it has to be understood and valued so that there is a consistent mindset of appreciating security over convenience. Let me clarify this further by highlighting some of the ways we have observed our competitors falling short, either through naivety or a lack of genuine concern.

No or unenforced encryption

I can't tell you the number of times I've looked at a competitor's client login page and found it is either unencrypted or unenforced.  When you upload, download, read or write any information to a website, that communication usually passes through many computers during the process. Transport Layer Security (TLS) is the first defense against malicious practices like eavesdropping, password interception and it is the universal technology that makes things like secure credit-card internet use possible.  The 's' in https:// indicates a secure port is being used, the standard acceptable encryption level is currently 2048 bits.  To check if it's also enforced just try and remove the 's' and see what happens.  For example, go to ScribeOut's client login page https://secure.scribeout.com, now remove the 's' and try to reload the page.  You will see that you are automatically put back to the secured connection.  Technically this is quite a basic principle, yet many providers don't deem it important enough to worry about.

Emailing of documents

ScribeOut will never email you transcribed files.  This is our policy because the standard internet email system is very insecure and while there are ways to encrypt emails it is not something clients generally want to set up.  However, this doesn't mean we don't use email at all.  Our system will send you an automated email the instant your transcription is ready with a direct secure download link.  This is the best of both worlds; fast communication and simple but safe file handling.  We also have created a safe and intuitive area where we can exchange any sort of file with the client, which is aptly named your "File Exchange" area.

File storage and retention

At times some clients want to retain some or all their transcripts within their ScribeOut WorkSpace, perhaps indefinitely or whilst on holidays.  Our system delivers this in the Transcript Repository service. However, many of our clients conduct very sensitive interviews where they are contractually bound to ensure control of copies and total erasure within certain time-frames. People often innocently assume that when a transcription company completes the work they have destroyed all copies of their audio and completed transcript files, but this is not necessarily so.  I'll explain why.  To exchange and move files around the internet transcription companies use either their own file transfer systems or a 3rd party service like Dropbox.  Either system has its pros and cons, so let's consider each in turn.

3rd Party File Transfer / Storage

Whilst popular for their ease of use and convenience 3rd party file transfer services like Dropbox means that the files are more than likely no longer under Australian jurisdiction and also now in the control of foreign companies who themselves are subject to many unsavoury influences.  For example, Dropbox currently is unable to discuss how they comply with America's spy agency, the NSA, due to a gag order.  Also, recently tens of thousands of users who stored their files with the popular Megaupload service were shocked when the FBI shutdown all 600 of Megauploads servers.  All the users' files were then later deleted without warning and users were given no opportunity to obtain copies.  Even SkyDrive (Microsoft) and iCloud (Apple) are not immune.  Edward Snowden's leaks reveal that NSA are given pre-encryption access to services like Outlook.com and Skype sessions.  Even companies like Google and Yahoo are forced to be a part of NSA's Prism and are held under gag orders.  In short, things become very uncertain when you rely on external systems, particularly overseas ones.  These direct factors aside, when transcription companies use these 3rd party services they have little to no ability to know what really goes on, when system level backups occurs, where these backups are held and for how long.

Own file transfer software

For the companies who do understand the value of controlling their file transfer systems there remains the issue of server backups.  Server backups will hold all files held on the server.  This includes your audio and transcription documents and by default they will remain in the server backups even after the transcription company has deleted copies off their management system.  There's the catch. As most transcription companies don't own nor maintain their own servers directly but pay a hosting service to manage things, they are detached from the server level environment.  They are probably unaware if or when server level backups occur, what is included or excluded from this backup, where and how many copies or direct mirrors of the backups are held, how long the retention periods are and who has access to these backups.

The good news is ScribeOut know the answer to all these questions.  We have invested our time and resources into this frequently neglected area because we understand the possible implications and ramifications of not caring.  It scares us and it should scare you too.