Tools for lawyers worried that NSA is eavesdropping on their confidential conversations
Are you concerned that Big Brother (including the National Security Agency) is not only watching, but listening, recording and even transcribing your confidential client conversations?
The good news for lawyers worried about maintaining their duty of confidentiality is that there are tools and safeguards to help them. In a session entitled “N.S.A.y What? Firm and Client Data Security & Encryption in the Age of Monitoring” held at ABA Techshow on Friday, Sensei Enterprises vice president John Simek and Oracle Corporation’s Chris Ries provided tips on gadgets and best practices for lawyers to use if they wish to avoid the NSA’s massive net.
“Lawyers need to be very cognizant of their communications being intercepted by NSA,” said Simek. Even worse for lawyers is that they can’t even be certain what the law is, since the status of the NSA’s various programs and the data they collect seems to change every day. Plus, given the secretive nature of the NSA, as well as the United States Foreign Intelligence Surveillance Court that oversees its surveillance warrants, lawyers can’t even be sure of what is and what is not legal.
As such, Ries and Simek said lawyers should assume all of their conversations are subject to NSA surveillance and take steps to protect confidential information. To begin with, they recommended that all emails, electronic messages and communications be encrypted. There’s no shortage of available encryption hardware and software, and they recommended lawyers use an encryption service such as Zix Corporation’s ZixCorp or the open-sourced TrueCrypt. Platform-specific devices are also available, such as Microsoft’s BitLocker to Go and Apple’s FileVault. Lawyers can also purchase encrypted hard drives, including Symantec Corporation’s PGP Whole Disk Encryption and Sophos Ltd.’s Safeguard, as well as encrypted flash drives such as IronKey from Imation Corp.
As for passwords, Simek recommended a more secure method of authentication such as security or USB tokens. Biorhythmic devices that take a user’s fingerprint or retinal scan are also available, but Simek and Ries predicted they wouldn’t be around for long. As Simek said, should the biometric be compromised, you can’t change a finger or an eyeball. “You’re screwed,” he concluded
For lawyers worried about talking on the phone, their prayers could be answered in June when Spanish smartphone company GeeksPhone and software company Silent Circle launch Blackphone, an encrypted smartphone that protects phone calls, text messages, emails and Internet browsing. Using VPN technology, Blackphone promises to be an NSA-resistant phone.
“Blackphone has been deliberately not claiming it is ‘NSA-proof,’ because that is simply a claim no commercial vendor can make with 100 percent certainty,” said Blackphone representative Tom Resau to the ABA Journal. “Clearly, when you look at Blackphone’s total sum of features and protections, it is obviously a very secure communications platform, but you will not find Blackphone billing itself as ‘NSA proof.’ “
“Does using a Blackphone raise a red flag to the authorities that the user has something to hide?” asked Simek. “Maybe. But the same could be said about BlackBerry users.”
Of course, lawyers and clients could simply choose to meet in person and avoid using electronic devices completely—assuming there aren’t any government agents in the bushes or listening in on long-range parabolic devices.
Edited on March 31 to clarify that Blackphone is intended to be NSA-resistant and to add a quote from the company’s rep.