ABA Techshow 2014
Be vigilant about protecting sensitive client data with these tools
Posted Jun 1, 2014 3:10 AM CDT
By Victor Li
Are you concerned that Big Brother (including the National Security Agency) is not only watching but also listening to, recording and even transcribing your confidential client conversations?
The good news for lawyers worried about maintaining their duty of confidentiality is that there are tools and safeguards to help them. In the Techshow session "NSAy What? Firm and Client Data Security & Encryption in the Age of Monitoring," Sensei Enterprises vice president John Simek and Oracle Corp.'s Chris Ries provided tips on gadgets and best practices lawyers can use to avoid the NSA's massive net.
"Lawyers need to be very cognizant of their communications being intercepted by NSA," Simek said. Even worse for lawyers is that they can't even be certain what the law is, since the status of the NSA's various programs and the data they collect seems to change every day. Plus, given the secretive nature of the NSA, as well as the U.S. Foreign Intelligence Surveillance Court that oversees its surveillance warrants, lawyers can't even be sure of what is and is not legal.
As such, Ries and Simek said lawyers should assume all of their conversations are subject to NSA surveillance and take steps to protect confidential information.
To begin with, they advised that all emails, electronic messages and communications be encrypted. There's no shortage of available encryption hardware and software, and they recommended using an encryption service such as ZixCorp or the open-sourced TrueCrypt. Platform-specific devices are also available, such as Microsoft's BitLocker to Go and Apple's FileVault.
Lawyers can also purchase self-encrypting hard drives such as the Seagate Secure, encrypted flash drives such as the IronKey from Imation Corp., and encryption software such as PGP Whole Disk Encryption and Sophos Ltd.'s Safeguard.
As for passwords, Simek recommended a more secure method of authentication, such as security tokens or USB tokens. Biorhythmic devices that take a user's fingerprint or retinal scan are also available, but Simek and Ries predicted they wouldn't be around for long. As Simek said, if the biometric should be compromised, you can't change a finger or an eyeball.
"You're screwed," he concluded.
For lawyers worried about talking on the phone, their prayers could be answered this month: Spanish smartphone company GeeksPhone and software company Silent Circle launch Blackphone, an encrypted smartphone that protects phone calls, text messages, emails and Internet browsing. Using VPN technology, Blackphone promises to be an NSA-resistant phone.
"Does using a Blackphone raise a red flag to the authorities that the user has something to hide?" Simek asked. "Maybe. But the same could be said about BlackBerry users."
This article originally appeared in the June 2014 issue of the ABA Journal with this headline: "Tools to Fight Cyberthieves: Be vigilant about protecting sensitive client data."