“The best part of waking up” looks like it is going to be less Folgers in your cup, as fanatic coffee drinkers everywhere are panic stricken and brace themselves for the shortage of coffee bean harvesting and production out of Brazil, our largest coffee resource in the World.
Law Firms on the other hand are waking up with a little different nightmare which involves the N.S.A and spying on client attorney emails and phone conversations. According to a recent New York Times article a “top-secret document, obtained by the former N.S.A. contractor Edward J. Snowden, shows that an American law firm was monitored while representing a foreign government in trade disputes with the United States.” In short, the government of Indonesia hired a law firm in the United States regarding trade talks and the N.S.A.’s counterpart out of Australia spied on these conversations and offered to share that information.
What this Means To Law Firms:
The alleged N.S.A. spying into Law Firms brings to light a major concern regarding attorney client privilege, lawyers working and communicating with clients overseas and more importantly data security and hacking in general. In 2012 the American Bar Association revised its ethics rules to explicitly require “lawyers to make reasonable efforts to protect confidential information from unauthorized disclosure to outsiders.”
What are Reasonable Efforts to Protect Confidential Information:
It’s hard enough to keep data safe these days. Add to that the possibility that professionally-trained federal agents may be actively seeking to eavesdrop without a warrant, and you have an uphill battle. That said, law firms and organizations in litigation are both obligated and wise to keep data safe in transit. The first place to start is to encrypt. Often times encryption doesn’t happen for many reasons that range from lack of effort, to lack of knowledge, to error. Litigators and Corporations alike should make sure data is encrypted over secure, encrypted, file transfers or fully encrypted on hard drives.
You may recall the recent security scandal when Apple admitted that a longstanding flaw in its implementation of SSL in its IOS and MacOS operating systems had been allowing for the possibility of spoofing SSL encrypting and intercepting transmissions (I always wondered why the little padlock in Safari didn’t tell me as much information about the SSL certificate as in Google Chrome). This incident underscores that a transmission can be completely encrypted, and be hacked by a web site or point on the internet that pretends to be secured if the software does not think to verify the certificate.
The security surrounding where the data is stored is equally, if not more important. Law firms and/or service providers who are storing data should ensure proper data storage guidelines. Always ensure your data storage or online services provider follows security standards such as SSAE-16, SOC II and protects internet traffic between client computers and such servers with point-to-point SSL encryption. To protect yourself from data duplication and propagation to unknown physical locations in the cloud, ensuring that your storage provider can tell you specifically where your data is stored, or at least that it remains within a network that is sealed off by security compliant procedures. Data should not be streamed or processed through any other point unless completely encrypted during the traverse.
Require these guidelines and just maybe you will have one of those Folgers type mornings just like in the commercials.