Posts Tagged ‘cybersecurity’

Safe Alternatives to Box and Dropbox

Ways to exchange large files (or numbers of files) with your client, and keep your law license.

by Ronald L. Chichester, past chair of the Computer & Technology Section

Purpose

This article is one of a series that caters to small law offices in Texas (e.g., five or fewer attorneys). The articles will cover topics involving technology that small law firms need occasionally, but not often enough to warrant the purchase of a license or a subscription to a service. In other words, something on the cheap for occasional use. We’ll concentrate on those technologies that are less likely to cause a violation of the Disciplinary Rules or cause your client to lose their attorney-client privilege.

Some History

Over the last several years, attorneys have adopted services such as DropBox and Box to store and transfer large numbers of files (or files larger than would fit as an email attachment. While these services are convenient, a recent Virginia case has law firms searching for viable alternatives. The case in question was Harleysville Ins. Co. v. Holding Funeral Home, Inc. (W.D. VA, Feb. 9, 2017). In that case, the client needed to transfer a large number of files — including the all-important claims file — so that an agent with the National Insurance Crime Bureau could access the files. Here, the client chose to use the Box service as the transfer medium. The client uploaded the files to a Box account and then sent an email to the agent with a hyperlink to the storage area. Anyone with access to that hyperlink could access the files. No password or encryption was used to protect the files. In cyber parlance, the plaintiff relied on security through obscurity. Subsequently, the Bureau responded to a subpoena from the defendant and provided the email containing the hyperlink (among other documents) to opposing counsel, the latter of whom proceeded to gain access to the claims file. The plaintiff moved to disqualify all defense counsel. The defendant responded by claiming that the plaintiff had waived privilege.

Magistrate Judge Sargent, using Virginia law, ruled in favor of the defendant and deemed the disclosure of the claims file to be inadvertant, rather than involuntary, and the plaintiff did not “implement sufficient precautions to mainting its confidentiality.” Indeed, in ruling for the defendant, the Judge Sargent noted that the plaintiff didn’t undertake “any precautions” to safeguard the information. Futher, the court noted:

“It does not matter whether this employee believed that this site would function for only a short period of time or that the information uploaded to the site would be accessible for only a short period of time. Because of his previous use of the Box Site, this employee either knew — or should have known — that the information uploaded to the site was not protected in any way and could be accessed by anyone who simply clicked on the hyperlink. Despite this, this employee purposefully uploaded the Claims File to the Box Site, making it accessible to anyone with access to the internet, thus making the extent of the disclosure vast.”

Some More History

Several members of the Computer & Technology Section attended the Legal Tech New York conference that was held in late January, 2017. As with most legal conferences, there were vendors who cater to the needs of large law firms. In fact, by the measure of the conference organizers, small law firms had up to fifty attorneys. Clearly, the organizers of that conference live in a different world.

The vendors that were at the conference were, as usual, after money. We don’t fault them for that, but of 100+ vendors at that conference, only three of them had something of merit for small law firms in Texas.

One of those vendors was a company called TitanFile. As the company name suggests, it enables attorneys to transfer large files to their clients without the use of DropBox or Box. TitanFile has a subscription service that costs at least fifteen dollars per month, a price that is comparable to Box (minimum of three users at $5/month). DropBox has a free option, but the space for that option is capped at 2 GB.

Problems with the Paid Services

One of the problems with Box and DropBox is security, privacy and attorney-client privilege, as the Virginia case attests. In addition to the security concerns is the Texas Disciplinary Rules of Professional Conduct, namely Rule 1.05 regarding Client Confidences, in particular 1.05(b)(1)(ii). Put quite simply, the uploading of client confidences to something like Box or DropBox might be deemded to run afoul of Rule 1.05 because those services are outside the posession or control of the attorney. It should be said at this point that the Bar has not expressly stated that those services run afoul of 1.05, but several attorneys (the author included) have refrained from using Box or DropBox for client information precisely because the attorney cannot completely control who has access to that information, how or where the information is backed up, and who has the keys to any encryption used (or not). This, of course, begs the question…

Is There a Less Expensive Alternative?

Yes! Does that less expensive alternative require the purchase of a software license? No. Does the less expensive alternative require a subscription? No.

Enter OwnCloud.

OwnCloud.org
OwnCloud is an open source replacement for Box and DropBox. Actually, OwnCloud is more than just file storage and file sharing. With OwnCloud, you can sync calendars, contacts, mail and quite a lot more. Even better, OwnCloud uses an authentication mechanism (by default), which is what the Viginia Judge found missing in the plaintiff’s web service.

For you and your client, all that is needed to access the data is a standard web browser and a machine to run OwnCloud that is accessible via the Internet. For most attorneys, however, the requirement of an Internet-accessible machine is a show stopper. However, you shouldn’t let that deter you because…

Enter DigitalOcean.
DigitalOcean Logo
DigitalOcean is a service that hosts virtual machines that are accessible via the Internet. DigitalOcean offers “Droplets” which are pre-configured machines that you create, use, and then destroy. You pay only for as long as the virtual machine is in existence.

Does DigitalOcean have a pre-configured droplet for OwnCloud? Yes! Which means that you can install and deploy OwnCloud on an Internet-accessible machine in about 55 seconds.

The upside is that the attorney has complete control of the OwnCloud virtual machine. You create a droplet. Tell OwnCloud who can access it, and transfer the data with your client. When you’re finished, simply delete the droplet. Note, from bitter experience, I have learned that once a droplet has been deleted, no one can get it back. The information is gone — permanently. That’s a good thing. Once you delete that droplet, you can honestly say to your client that the data that was on that server is gone for good. Digital Ocean does not make any attempt to back up the data under the standard contract.

If you don’t like DigitalOcean, there are alternatives…

Enter Amazon Web Services.
AmazonWebServices Logo
Amazon Web Services also has pre-configured OwnCloud virtual machines that can be created quickly and easily. Depending on what you’re doing, Amazon’s pricing may be more attractive than DigitalOcean’s.

One Final Note

Because OwnCloud is open source software, other companies have adopted it for the same reasons that DigitalOcean has. In fact, one of my aerospace clients routinely uses OwnCloud for data transfers for precisely the reasons noted above. If you don’t want to go to the (minor) inconvenience of setting up a tempoary OwnCloud site, your client might do it for you. Suggest it to them. The cost is minimal, and they will know that you’re looking out for their best interests.

Federal Trade Commission’s Suggestions to Secure Data

In the most release of Circuits, Pierre Grosdidier and Cassidy Daniels share a thorough article on the Federal Trade Commissions guidelines. Their research and reference to supporting materials sheds light on the FTC guidelines. Just a small sampling of suggestions the FTC’s guidelines offer:

  •  Do not collect unneeded information.
  •  Restrict access to data.
  •  Require secure passwords. “Qwerty” and “121212” are no better than having no password at all.
  • Suspend or disable users after a certain number of unsuccessful login attempts.
  • Store and transmit sensitive information securely. Train personnel and use accepted encryption methods—no need to reinvent the wheel.
  • Segment networks and monitor who is trying to get in and out.
  • Secure remote network access.

Read the article by Pierre and Cassidy in its entirety here.

ABA LawTech Show: “You Don’t Know What You Don’t Know Until You Go The Show”

By: Michael Peck | @mdpeck1 | mdpeck@mdpecklaw.com

You don’t know what you don’t know until you go to the Show”

Michael PeckThat is the key takeaway from the recent ABA LawTech Show in Chicago.

Far too many of our attorney colleagues sit contentedly in their offices completely unaware of the many ways they could be saving save minutes, if not hours, each day. The increases in efficiency that modern technology can provide are astounding, and not only for attorneys, but for their staff as well. Simply put, with appropriate technology, everyone in your law practice can get a lot more done in less time. This is good for everyone, especially you, the (hopefully) smart business owner. Never forget that you run a business and the purpose is to make money, infuse happiness into your day-to-day life, and most importantly, keep the gnat-buzzing distractions and crap out of your consciousness!

Efficiency is the Ultimate Goal

I was reminded of this by an excellent presentation by Perlman/Flaherty at the ABA LawTech Show. They spoke to the daily ‘inefficiency magnitude’ as it applies in your office, day after day after day, to overall productivity and profitability.

TechShow 2015How immune to change are you? Flaherty gave the statistic that only one in seven patients can change their lifestyle behavior when told by their doctor that they are in imminent danger of a heart attack and death. That is a compelling statistic that begs the question, “how many attorneys are immune to common sense and obvious managerial efficiencies when told their office practices are inefficient and antiquated?” It’s only money–your money–are you willing to find out if your office needs a change? If so, give the office audit to your staff, and yourself, and see how you can make more money, and have more spare quality time.

While you are thinking that over, here are 7 other observations I took away from the ABA LawTech Show on things you can do to make your practice more efficient and profitable:

1. If you can’t go all paperless, at least can that old fax machine

Imagine the furor if, ten years ago, an attorney had wanted to discuss a futuristic paperless law office and then had an entire day of discussion allocated exactly to that! The Paperless Office Track is the result of that need and was one of my favorites at this LawTech. It always is. One discussion point that I found mind-boggling was how many attorneys still use fax machines with dedicated hard phone lines in their offices (probably even ones with the roll of paper). Sign up with an eFax-type provider for an absolutely ridiculously small monthly amount; then, ditch the fax machine, the phone line for the fax machine, and the supplies and service agreement for the fax machine. We’re talking some serious dollars that we can save on a monthly basis with no complications.

2. There is a big push toward the Cloud, but don’t forget about the ethics issues

Discussions and presentations abounded on scanners, cloud document management, and PDF. It’s an Alvin Toffler Third Wave moment that third party vendors would be vying to become the ultimate custodians of all of your office’s legal product in the Cloud. And, notwithstanding the security issues, make you pay for the privilege! This is why there was an all day “The Cloud” track that included presentations such as “Ethics in Choosing Cloud Services”, “Cloud Architecture” and “Cloud Collaboration.” As Dylan once stated, “the times, they are a changin'” — and seemingly, on a daily basis.

3. Digital dictation tools — it’s time to cut loose of the tape

An interesting factoid disclosed to me by one of the many vendors is that micro-cassette tapes, that used to cost $2 each twenty years ago now sell for $50 each on EBay for die-hard ‘dictators’ because they are not being manufactured anymore, all because of digital technology. The gradual shift away from “dictation tape-to-secretary” to “dictation-to-automatic written text” on your computer has changed so many paradigms in the typical law office. Speed, efficiency, and cost cutting typists and transcription have been factored multiple times by the accuracy of digital dictation. And I might add, for you lawyers out there who have fantasized about writing your great novel, that is, if only you could escape the clutches of your law practice, digital dictation to automatic text is now here-to-stay for you to win your Nobel Prize for Literature.

Be aware of the several vendors who were selling pocket recorders with “Dragon Dictation Legal” software (at about $1500 per set with a pocket digital recorder) but which worked only with PCs, and not Macs, or vice-versa. There is no Dragon Dictation Legal for Macs per se, but there is MacSpeech Dictate Legal, which is made by Nuance, which coincidentally, also makes and sells Dragon Dictation Legal. There is, however, little if any marketing for MacSpeech Dictate Legal which sells for around $600. Does anyone use it and like it? If so, please let me know. A good source told me that he dictates quite a bit with the non-legal edition and he noticed no difference whatsoever between the legal and non-legal editions of the product.

For you Mac users, dictating into your computer (function key 2X) is easy enough and comes as part of your computer’s IOS software when you purchase. But, having to stop dictating mid-thought and wait for it to upload to the Cloud every thirty seconds is a buzz kill, especially when you’re ADD like I am and can’t remember my train of thought, much less an individual train car! So let’s just download the digital dictation software directly into my computer, dictate non-stop, or in my case, stream of unconsciousness, without any up-to-cloud interruptions and churn out the next best seller novel; or, at least be able to dictate 97% of a complete motion, or the responses to one, directly into text without the necessity of stopping every thirty seconds for the computer to upload, transcribe and return the text to your computer. Maybe it’s just me, but if efficiency is the goal (and it is), then it makes more sense to use the more efficient application.

4. Cybersecurity and protecting client data is vital

ABA Ethics Rule 1.05 seemed to be on everyone’s mind regarding the security of our client’s personal information and proprietary data. That’s because you are deemed knowledgeable (and hence become a prospective deep pocket defendant) of the multiple morphing technological changes in law office technology, specifically, “including the benefits and risks associated with relevant technology.” M&A practices and PHI-intense practices such as personal injury and family law, may be feeling the heat of possible class actions against firms that have been hacked. Many firms have already been hacked, as have so many retail and financial institutions, though they often do not discover it until much later.

5. Paralegals and legal assistants are welcome at ABA LawTech Show

Another observation: many firms sent their paralegals and legal assistants to LawTech, only a few of whom were accompanied by their bosses, with most traveling solo. Seven out of ten attorneys are ignorant of many of the new technologies, especially the Cloud, and refuse to learn (or, perhaps are incapable of grasping the basic concepts) and thus default the learning requirements to their heavy lifters, the paralegals and legal assistants. If you are a paralegal or legal assistant reading this, this would be a tremendous learning opportunity for you; if you are an attorney, you should consider bringing your paralegal or legal assistant along with you next year.

6. Legal technology gap — generational, geographical, or both?

The younger attorneys seemed to be more plentiful than the more senior attorneys. Also, I saw a noticeable competency difference between the urban attorneys, who have more teaching resources to lean on and tend to be more technologically adept, and the more non-urban attorneys, who often find themselves in the technology hinterland.

What does this translate to? Simply put, you have non-urban attorneys and their staff probably spending two or three times the hours working on and billing for matters that their urban counterparts do, with the urban counterparts either passing the savings to their respective clients, or, more than likely, doubling or tripling their profit margins. The takeaway: technological office inefficiencies make the current practice of law difficult, unprofitable and disillusioning.

7. Practice management systems must easily integrate with other applications

When a case management system is able to work with 300+ API’s from other vendors and applications, it will be the most marketable to attorneys, even if it takes more time to master. I purchased Clio to determine the efficacy of having the choice of 300+ applications to integrate with Clio. An update on the API integrations as to which work and which do not will be following on this site, if I survive the testing process.

TechShow2016Plan Now to Attend Next Year!

In summary, you should have attended the ABA LawTech Show because you just don’t know, what you don’t know!

Next year will be the 30th Anniversary of the ABA Techshow and it will be held on March 17-19, 2016.  More information on ABA Techshow can be found at www.abatechshow.com


about the author

Michael Peck is an attorney practicing in Flatonia, Texas.  He can be contacted at mdpeck@mdpecklaw.com or via Twitter at @mdpeck1 

1 2