BY: Steven Lapkoff
Data security has become an important issue for the legal world. Whether you are a tech-savvy law student or a veteran attorney without much experience online, now is a good time to think about the safety of your files and your clients’ information. In the free-for-all of the Internet, even privileged attorney-client communications are not always respected as such (as this article from The Guardian on the GCHQ – the UK’s equivalent of the NSA – makes clear).
These dangers shift the burden of responsibility to the individual attorney to ensure that, short of keeping locked stacks of paper files and certified letters, client information remains confidential.
Nearly once a week since the start of the summer, news headlines have been disclosing in increasing detail the efforts of the National Security Administration to access personal communications (email, instant messaging, and cloud-based data) of nearly every Internet user. Most recently, a Washington Post article revealed that not even your contact list is safe.
This has understandably set off a round of security-related concern in the IT world, with even Google scrambling to encrypt data stored on the popular Google Drive service, as companies fear the possible legal ramifications of allowing their users’ data to be accessed. Some of these questions have been discussed in an excellent article in the New York Law Journal, by Richard Raysman and Peter Brown.
Recently, a small change to Comment 8 of the ABA’s Model Rule 1.1 “serve[s] as a reminder to lawyers that they should remain aware of technology, including the benefits and risks associated with it, as part of a lawyer’s general ethical duty to remain competent.” See this recent article from Inside Counsel for a thorough discussion of the full implications of such an emphasis.
This change strengthens the confidentiality requirements of Model Rule 1.6, whose comments also include language regarding “reasonable efforts to prevent the access or disclosure” (see Comment 18 and 19), but do not specifically mention encryption. Perhaps in light of the recent disclosures, it will be an issue specifically addressed in the future.
So, where to start out if talk of bits and bytes is foreign to you? The ABA has a useful information page about many different methods of securing your information and email with encryption. However, there’s no need to spend a lot of money (or sometimes any at all) to get into the basics of staying safe.
First, I recommend losing the memory stick. Many of us have gone through several of the key-sized devices, either dropping them from a backpack or leaving them in a library. Instead, look at one of the many “cloud”-based services, such as DropBox, that allow you to access your files anywhere there is an internet connection. The cloud-based services have recently gotten a bad rap for their security, so I use a nifty free app called SafeMonk as an extra layer of encryption for everything I put into DropBox.
Second, if you have an email to a client that contains particularly sensitive information, think about encrypting your email. If you are a Gmail user, SecureGmail is a free ad-on that brings encryption seamlessly into your email composition. There are (more complicated) options for Outlook as well.
Finally, if you have large files on a hard drive, TrueCrypt is a free, open-source software that can help you get started.
Using encryption is certainly not required to represent client’s effectively, but “smart lawyers will realize that obtaining technological proficiency directly will not only help them satisfy the mandate of Model Rule 1.1, but also will empower them to serve as stronger advocates on behalf of their clients and result in competitive advantages.” (Inside Counsel).