Tag: data security Archives

Join us on Dec. 11 for the 4th Annual “Technology and Justice for All” CLE: Vaccinating Your Technology Tools for Practice in a Pandemic

The Computer & Technology Section will be hosting (virtually) its 4th Annual “Technology and Justice for All” CLE — Vaccinating Your Technology Tools for Practice in a Pandemic — from 8:45 a.m. – 4:00 p.m. CST on Friday, December 11, 2020. You don’t want to miss this outstanding CLE providing 5.5 hours of continuing legal education credit, including .75 of ethics.

See the full agenda below and you can register online here.

COST

  • $50 for Section members
  • $75 for non-Section members
  • FREE for any legal aid providers or justice incubators

FULL AGENDA

4th Annual Technology and Justice for All CLE: Vaccinating Your Technology Tools for Practice in a Pandemic

8:45 Welcome, Opening Remarks and Announcements
Shawn Tuma, Chair, Computer & Technology Section
William Smith, Course Director; Assistant General Counsel at Business Talent Group LLC, CIPP/E

9:00 Ransomware – a True Existential Threat to Your Practice!   (1 hr / .25 ethics)
Lavonne Hopkins, Sr. Legal Director – Cybersecurity, Product & App Security, IT Security at Dell Technologies
Brett Leatherman, Supervisory Special Agent at the Federal Bureau of Investigation
Shawn Tuma, Co-Chair, Data Privacy & Cybersecurity Practice, Spencer Fane, LLP

10:00 Ethical Considerations for Practicing Remote and in a Pandemic (.5 hr ethics)
Hon. Roy Ferguson, Judge 394th Judicial District Court
Craig Haston, Attorney at Law at The Haston Law Firm, P.C.

10:30 Break

10:45 Trials, Depositions, Hearings, and other Remote Proceedings (1 hr)
Sammy Ford, Trial Lawyer, Ahmad, Zavitsanos, Anaipakos, Alavi & Mensing P.C. or AZA
Tim Shelby, Partner at Ahmad, Zavitsanos, Anaipakos, Alavi & Mensing P.C. or AZA
Monica Uddin, Attorney at Ahmad, Zavitsanos, Anaipakos, Alavi & Mensing P.C. or AZA
Jason McManis, Trial Lawyer for Business and IP Disputes, Ahmad, Zavitsanos, Anaipakos, Alavi & Mensing P.C. or AZA
Paul Turkevich, Attorney at Ahmad, Zavitsanos, Anaipakos, Alavi & Mensing P.C. or AZA

11:45 Break 

12:00 Celebrating 30 Years of the Computer and Technology Section (No MCLE Credit)
Peter Vogel, Cyber, IT, eCommerce, eDiscovery, Arbitrator, Mediator, Trial Lawyer, & Of Counsel at Foley & Lardner

12:45 Break

1:00 U.S. Supreme Court Technology Case Roundup  (1 hr)

Matthew Murrel, Partner at Soltero Sapire Murrell PLLC
Pierre Grosdidier, Senior Assistant City Attorney at City of Houston
Ron Chichester, Attorney at Law at Ronald Chichester, P.C.

2:00 #SoEasyEvenMarkCanDoIt: Practice Management Systems and Virtual Law Practice with Mitchell and Mark (.5 hr)
Mitch Zoll, Founder & Principal at Zoll Firm, PLLC
Mark Unger, Attorney at The Unger Law Firm and Consultant at Muse Legal Technology Consulting

2:30 Expert Panel – Q&A With the Techies  (.5 hr)

3:00 60 Apps in 60 Minutes (1 hr)
Michael Curran, Executive Legal Professional, CEO ➲ Leading Financial & Technology Expertise for Risk Mitigation & Asset Protection
Shannon Warren, Patent Attorney at The Law Office of Shannon Warren, PLLC
Robert Ray, Attorney At Law at TexasAntiSlapp.Com
Al “VirtuAl” Harrison, VP at Harrison Law Office, P.C.

4:00 Closing Remarks and Adjourn
William Smith, Course Director; Assistant General Counsel at Business Talent Group LLC, CIPP/E

HEY, WHILE YOU’RE HERE, CONNECT WITH US ON SOCIAL MEDIA!

We are excited to provide you with seven social media channels to interact with others and stay connected to the Section:

Safe Alternatives to Box and Dropbox

Ways to exchange large files (or numbers of files) with your client, and keep your law license.

by Ronald L. Chichester, past chair of the Computer & Technology Section

Purpose

This article is one of a series that caters to small law offices in Texas (e.g., five or fewer attorneys). The articles will cover topics involving technology that small law firms need occasionally, but not often enough to warrant the purchase of a license or a subscription to a service. In other words, something on the cheap for occasional use. We’ll concentrate on those technologies that are less likely to cause a violation of the Disciplinary Rules or cause your client to lose their attorney-client privilege.

Some History

Over the last several years, attorneys have adopted services such as DropBox and Box to store and transfer large numbers of files (or files larger than would fit as an email attachment. While these services are convenient, a recent Virginia case has law firms searching for viable alternatives. The case in question was Harleysville Ins. Co. v. Holding Funeral Home, Inc. (W.D. VA, Feb. 9, 2017). In that case, the client needed to transfer a large number of files — including the all-important claims file — so that an agent with the National Insurance Crime Bureau could access the files. Here, the client chose to use the Box service as the transfer medium. The client uploaded the files to a Box account and then sent an email to the agent with a hyperlink to the storage area. Anyone with access to that hyperlink could access the files. No password or encryption was used to protect the files. In cyber parlance, the plaintiff relied on security through obscurity. Subsequently, the Bureau responded to a subpoena from the defendant and provided the email containing the hyperlink (among other documents) to opposing counsel, the latter of whom proceeded to gain access to the claims file. The plaintiff moved to disqualify all defense counsel. The defendant responded by claiming that the plaintiff had waived privilege.

Magistrate Judge Sargent, using Virginia law, ruled in favor of the defendant and deemed the disclosure of the claims file to be inadvertant, rather than involuntary, and the plaintiff did not “implement sufficient precautions to mainting its confidentiality.” Indeed, in ruling for the defendant, the Judge Sargent noted that the plaintiff didn’t undertake “any precautions” to safeguard the information. Futher, the court noted:

“It does not matter whether this employee believed that this site would function for only a short period of time or that the information uploaded to the site would be accessible for only a short period of time. Because of his previous use of the Box Site, this employee either knew — or should have known — that the information uploaded to the site was not protected in any way and could be accessed by anyone who simply clicked on the hyperlink. Despite this, this employee purposefully uploaded the Claims File to the Box Site, making it accessible to anyone with access to the internet, thus making the extent of the disclosure vast.”

Some More History

Several members of the Computer & Technology Section attended the Legal Tech New York conference that was held in late January, 2017. As with most legal conferences, there were vendors who cater to the needs of large law firms. In fact, by the measure of the conference organizers, small law firms had up to fifty attorneys. Clearly, the organizers of that conference live in a different world.

The vendors that were at the conference were, as usual, after money. We don’t fault them for that, but of 100+ vendors at that conference, only three of them had something of merit for small law firms in Texas.

One of those vendors was a company called TitanFile. As the company name suggests, it enables attorneys to transfer large files to their clients without the use of DropBox or Box. TitanFile has a subscription service that costs at least fifteen dollars per month, a price that is comparable to Box (minimum of three users at $5/month). DropBox has a free option, but the space for that option is capped at 2 GB.

Problems with the Paid Services

One of the problems with Box and DropBox is security, privacy and attorney-client privilege, as the Virginia case attests. In addition to the security concerns is the Texas Disciplinary Rules of Professional Conduct, namely Rule 1.05 regarding Client Confidences, in particular 1.05(b)(1)(ii). Put quite simply, the uploading of client confidences to something like Box or DropBox might be deemded to run afoul of Rule 1.05 because those services are outside the posession or control of the attorney. It should be said at this point that the Bar has not expressly stated that those services run afoul of 1.05, but several attorneys (the author included) have refrained from using Box or DropBox for client information precisely because the attorney cannot completely control who has access to that information, how or where the information is backed up, and who has the keys to any encryption used (or not). This, of course, begs the question…

Is There a Less Expensive Alternative?

Yes! Does that less expensive alternative require the purchase of a software license? No. Does the less expensive alternative require a subscription? No.

Enter OwnCloud.

OwnCloud.org
OwnCloud is an open source replacement for Box and DropBox. Actually, OwnCloud is more than just file storage and file sharing. With OwnCloud, you can sync calendars, contacts, mail and quite a lot more. Even better, OwnCloud uses an authentication mechanism (by default), which is what the Viginia Judge found missing in the plaintiff’s web service.

For you and your client, all that is needed to access the data is a standard web browser and a machine to run OwnCloud that is accessible via the Internet. For most attorneys, however, the requirement of an Internet-accessible machine is a show stopper. However, you shouldn’t let that deter you because…

Enter DigitalOcean.
DigitalOcean Logo
DigitalOcean is a service that hosts virtual machines that are accessible via the Internet. DigitalOcean offers “Droplets” which are pre-configured machines that you create, use, and then destroy. You pay only for as long as the virtual machine is in existence.

Does DigitalOcean have a pre-configured droplet for OwnCloud? Yes! Which means that you can install and deploy OwnCloud on an Internet-accessible machine in about 55 seconds.

The upside is that the attorney has complete control of the OwnCloud virtual machine. You create a droplet. Tell OwnCloud who can access it, and transfer the data with your client. When you’re finished, simply delete the droplet. Note, from bitter experience, I have learned that once a droplet has been deleted, no one can get it back. The information is gone — permanently. That’s a good thing. Once you delete that droplet, you can honestly say to your client that the data that was on that server is gone for good. Digital Ocean does not make any attempt to back up the data under the standard contract.

If you don’t like DigitalOcean, there are alternatives…

Enter Amazon Web Services.
AmazonWebServices Logo
Amazon Web Services also has pre-configured OwnCloud virtual machines that can be created quickly and easily. Depending on what you’re doing, Amazon’s pricing may be more attractive than DigitalOcean’s.

One Final Note

Because OwnCloud is open source software, other companies have adopted it for the same reasons that DigitalOcean has. In fact, one of my aerospace clients routinely uses OwnCloud for data transfers for precisely the reasons noted above. If you don’t want to go to the (minor) inconvenience of setting up a tempoary OwnCloud site, your client might do it for you. Suggest it to them. The cost is minimal, and they will know that you’re looking out for their best interests.

Built by Placement Edge Web Design