Cybersecurity issues and advice steal the Techshow
Electronic Frontier Foundation Executive Director Cindy Cohn encouraged attendees to stay vigilant about government surveillance. Photograph by Wayne Slezak.
Cybersecurity was a major theme at ABA Techshow 2016. Legal concerns about privacy and security were serious enough to demand their own program track at the mid-March conference.
A panel of cybersecurity heavyweights presented stern warnings and solid advice during a Friday evening plenary. Some of the important messages were that FaceTime is actually a pretty secure way to communicate, the FBI can access the camera on your laptop without you knowing about it, and lawyers should think twice before storing their confidential files on Dropbox.
The panel, titled “Can They Hear Me Now? Practicing Law in an Age of Mass Surveillance,” was moderated by Above the Law’s managing editor, David Lat, and included digital rights attorney Marcia Hofmann, American Civil Liberties Union technologist Chris Soghoian and ACLU attorney Ben Wizner.
TAKING IT SERIOUSLY
Wizner and Soghoian spoke about how being called on to represent Edward Snowden, the former government contractor who revealed the existence of a massive federal electronic surveillance program, forced their organization to confront its own cybersecurity shortcomings.
“Getting Snowden as a client was the best thing for us,” Soghoian said, “because Ed came in and wanted all these security safeguards in place. He made us take it seriously.”
Hofmann uses Signal from Open Whisper Systems on the recommendation of her friends in the cyber-security field. She also pointed attorneys to a scorecard published by her former employers at the Electronic Frontier Foundation, which rates a number of apps based on how secure they are (or aren’t).
Soghoian suggested lawyers use SpiderOak as a more secure alternative to the popular Dropbox, though if you forget your password, data on SpiderOak is lost.
“There is no way to design a program that keeps the government out and allows you to keep your data if you lose your password,” said Soghoian. “If you can see your old files after you reset your password, then it’s not safe for attorney-client data.”
The plenary session expanded on some of the themes EFF executive director Cindy Cohn talked about during her keynote address. Cohn has been involved in numerous high-profile court cases against the National Security Agency over its mass surveillance data-collection programs.
A capacity crowd gave Cohn a rousing reception and a standing ovation during her address. “The government’s ongoing quest to make sure no one can have a private conversation online has been going on for 20 years now,” said Cohn. “Liberty depends on people having a zone of privacy whether they’re online or offline.”
Cohn wrapped up her speech with a call to action, encouraging the lawyers in attendance to get involved in the fight. She also urged them to stay vigilant and not to forget about governmental surveillance once Snowden, Apple’s privacy issue and everything involved disappeared from the headlines.
Martin Tully, a partner at Akerman in Chicago, had a lot to cover in the hour that was set aside for “Legal Survey: Cybersecurity and Data Protection Laws.” That’s because data protection laws are “all over the map,” Tully said.
There’s no uniform federal law covering all aspects of cybersecurity. Instead, the United States has at least 30 laws covering it in specific sectors of the economy. Tully added that regulatory agencies are also stepping up their involvement.
“It’s a pretty exciting time to practice in this area,” said Andrew Tannenbaum, chief cybersecurity attorney at IBM in New York City, “because while computers have been around for a while,” he said, “the laws are starting to form.”
The same is true overseas. Germany, Japan and the Netherlands have all recently passed laws on data security or seen them go into effect.
Looking ahead, Tully said, he expects to see lots more regulatory involvement, more state laws and continued interest in Congress on national standards.
Lorelei Laird contributed to this article.
This article originally appeared in the May 2016 issue of the ABA Journal with this headline: “Private Lines: Cybersecurity issues and advice steal the Techshow.”
