Posts Tagged ‘Security’

With Technology and Justice for All

Join us for an evening social, followed by a jam-packed CLE!

Register Now!

CLE Sponsored by the Computer & Technology Section, State Bar of Texas Friday, December 1, 2017 from 9 a.m. to 2 p.m. Texas Law Center, 1414 Colorado Street, Austin, TX 78701

Register Online Here or View the Full Program

Cost (Includes electronic materials, continental breakfast and lunch):

  • $0  – Legal Aid and Texas Opportunity & Justice Incubator Attorneys
  • $100 – Members of the Computer and Technology Section
  • $125 – All others**

Overview. Leading practitioners will discuss a wide range of technology-related topics, including laws dealing with technology, security issues and recommendations, issues related to use of social media, latest developments in eDiscovery, tips and tricks to increase efficiency and realize cost savings, and more.

Topics include: 

  • Welcome and Opening Remarks by Chief Justice Nathan Hecht of the Supreme Court of Texas
  • 15 Tech Laws to Protect Your Clients: Cases and Codes for the Courtroom: Shawn Tuma, Lisa Angelo, Pierre Grosdidier (45 Minutes)
  • Improving Your Posture: How to Increase the Security of Your Practice and Protect Client Confidentiality: Elizabeth Rogers, David Coker (45 Minutes, 15 Minutes Ethics)
  • #NoTweetingAfterMidnight: Ethical Use of Social Media for You and Your Clients: John Browning (30 Minutes, 30 Minutes Ethics)
  • On Sale Now: eDiscovery for Low or No Cost: Craig Ball (30 Minutes)
  • The Princess Bride: Mobile Lawyering and Using Low Cost Tech for Client Communication: Rick Robertson, Mark Unger (30 Minutes)
  • 60 Apps in 60 Minutes: Tips, Tricks, and Technology to Improve Your Practice: Kristen Knauf, Joseph Jacobson, Shannon Warren, Al Harrison (60 Minutes)

Join us the evening before for a reception. Attendees and Section Members are invited to a reception from 5 to 7 p.m. on Thursday, November 30, 2017 at WeWork University Park located at 3300 N. Interstate 35, 7th Floor, Austin, TX 78705. View the eVite and RSVP. 

This event will sell out! Sign up soon to secure your spot. Approximately 50 seats only are expected to be sold for this exciting CLE.  You will earn 4 hours of CLE credits while you learn the latest developments in technology and law, plus you get the chance to network with colleagues from around the state.

Reserve your room! DoubleTree Suites by Hilton, just a few steps from the CLE, is offering suites at a rate of $146/night from Nov. 29-Dec. 2. Just reserve your room HERE or call 800-222-8733, with Group Code STA and Group Name State Bar of Texas. Hurry because rooms at these rates will not last long!

**Join the section for an annual fee of $25 on your My Bar Page and get all the 
additional benefits of membership in addition to saving money on this CLE.

Safe Alternatives to Box and Dropbox

Ways to exchange large files (or numbers of files) with your client, and keep your law license.

by Ronald L. Chichester, past chair of the Computer & Technology Section


This article is one of a series that caters to small law offices in Texas (e.g., five or fewer attorneys). The articles will cover topics involving technology that small law firms need occasionally, but not often enough to warrant the purchase of a license or a subscription to a service. In other words, something on the cheap for occasional use. We’ll concentrate on those technologies that are less likely to cause a violation of the Disciplinary Rules or cause your client to lose their attorney-client privilege.

Some History

Over the last several years, attorneys have adopted services such as DropBox and Box to store and transfer large numbers of files (or files larger than would fit as an email attachment. While these services are convenient, a recent Virginia case has law firms searching for viable alternatives. The case in question was Harleysville Ins. Co. v. Holding Funeral Home, Inc. (W.D. VA, Feb. 9, 2017). In that case, the client needed to transfer a large number of files — including the all-important claims file — so that an agent with the National Insurance Crime Bureau could access the files. Here, the client chose to use the Box service as the transfer medium. The client uploaded the files to a Box account and then sent an email to the agent with a hyperlink to the storage area. Anyone with access to that hyperlink could access the files. No password or encryption was used to protect the files. In cyber parlance, the plaintiff relied on security through obscurity. Subsequently, the Bureau responded to a subpoena from the defendant and provided the email containing the hyperlink (among other documents) to opposing counsel, the latter of whom proceeded to gain access to the claims file. The plaintiff moved to disqualify all defense counsel. The defendant responded by claiming that the plaintiff had waived privilege.

Magistrate Judge Sargent, using Virginia law, ruled in favor of the defendant and deemed the disclosure of the claims file to be inadvertant, rather than involuntary, and the plaintiff did not “implement sufficient precautions to mainting its confidentiality.” Indeed, in ruling for the defendant, the Judge Sargent noted that the plaintiff didn’t undertake “any precautions” to safeguard the information. Futher, the court noted:

“It does not matter whether this employee believed that this site would function for only a short period of time or that the information uploaded to the site would be accessible for only a short period of time. Because of his previous use of the Box Site, this employee either knew — or should have known — that the information uploaded to the site was not protected in any way and could be accessed by anyone who simply clicked on the hyperlink. Despite this, this employee purposefully uploaded the Claims File to the Box Site, making it accessible to anyone with access to the internet, thus making the extent of the disclosure vast.”

Some More History

Several members of the Computer & Technology Section attended the Legal Tech New York conference that was held in late January, 2017. As with most legal conferences, there were vendors who cater to the needs of large law firms. In fact, by the measure of the conference organizers, small law firms had up to fifty attorneys. Clearly, the organizers of that conference live in a different world.

The vendors that were at the conference were, as usual, after money. We don’t fault them for that, but of 100+ vendors at that conference, only three of them had something of merit for small law firms in Texas.

One of those vendors was a company called TitanFile. As the company name suggests, it enables attorneys to transfer large files to their clients without the use of DropBox or Box. TitanFile has a subscription service that costs at least fifteen dollars per month, a price that is comparable to Box (minimum of three users at $5/month). DropBox has a free option, but the space for that option is capped at 2 GB.

Problems with the Paid Services

One of the problems with Box and DropBox is security, privacy and attorney-client privilege, as the Virginia case attests. In addition to the security concerns is the Texas Disciplinary Rules of Professional Conduct, namely Rule 1.05 regarding Client Confidences, in particular 1.05(b)(1)(ii). Put quite simply, the uploading of client confidences to something like Box or DropBox might be deemded to run afoul of Rule 1.05 because those services are outside the posession or control of the attorney. It should be said at this point that the Bar has not expressly stated that those services run afoul of 1.05, but several attorneys (the author included) have refrained from using Box or DropBox for client information precisely because the attorney cannot completely control who has access to that information, how or where the information is backed up, and who has the keys to any encryption used (or not). This, of course, begs the question…

Is There a Less Expensive Alternative?

Yes! Does that less expensive alternative require the purchase of a software license? No. Does the less expensive alternative require a subscription? No.

Enter OwnCloud.
OwnCloud is an open source replacement for Box and DropBox. Actually, OwnCloud is more than just file storage and file sharing. With OwnCloud, you can sync calendars, contacts, mail and quite a lot more. Even better, OwnCloud uses an authentication mechanism (by default), which is what the Viginia Judge found missing in the plaintiff’s web service.

For you and your client, all that is needed to access the data is a standard web browser and a machine to run OwnCloud that is accessible via the Internet. For most attorneys, however, the requirement of an Internet-accessible machine is a show stopper. However, you shouldn’t let that deter you because…

Enter DigitalOcean.
DigitalOcean Logo
DigitalOcean is a service that hosts virtual machines that are accessible via the Internet. DigitalOcean offers “Droplets” which are pre-configured machines that you create, use, and then destroy. You pay only for as long as the virtual machine is in existence.

Does DigitalOcean have a pre-configured droplet for OwnCloud? Yes! Which means that you can install and deploy OwnCloud on an Internet-accessible machine in about 55 seconds.

The upside is that the attorney has complete control of the OwnCloud virtual machine. You create a droplet. Tell OwnCloud who can access it, and transfer the data with your client. When you’re finished, simply delete the droplet. Note, from bitter experience, I have learned that once a droplet has been deleted, no one can get it back. The information is gone — permanently. That’s a good thing. Once you delete that droplet, you can honestly say to your client that the data that was on that server is gone for good. Digital Ocean does not make any attempt to back up the data under the standard contract.

If you don’t like DigitalOcean, there are alternatives…

Enter Amazon Web Services.
AmazonWebServices Logo
Amazon Web Services also has pre-configured OwnCloud virtual machines that can be created quickly and easily. Depending on what you’re doing, Amazon’s pricing may be more attractive than DigitalOcean’s.

One Final Note

Because OwnCloud is open source software, other companies have adopted it for the same reasons that DigitalOcean has. In fact, one of my aerospace clients routinely uses OwnCloud for data transfers for precisely the reasons noted above. If you don’t want to go to the (minor) inconvenience of setting up a tempoary OwnCloud site, your client might do it for you. Suggest it to them. The cost is minimal, and they will know that you’re looking out for their best interests.

Federal Trade Commission’s Suggestions to Secure Data

In the most release of Circuits, Pierre Grosdidier and Cassidy Daniels share a thorough article on the Federal Trade Commissions guidelines. Their research and reference to supporting materials sheds light on the FTC guidelines. Just a small sampling of suggestions the FTC’s guidelines offer:

  •  Do not collect unneeded information.
  •  Restrict access to data.
  •  Require secure passwords. “Qwerty” and “121212” are no better than having no password at all.
  • Suspend or disable users after a certain number of unsuccessful login attempts.
  • Store and transmit sensitive information securely. Train personnel and use accepted encryption methods—no need to reinvent the wheel.
  • Segment networks and monitor who is trying to get in and out.
  • Secure remote network access.

Read the article by Pierre and Cassidy in its entirety here.

Show Buttons
Hide Buttons