Category Archives: Encryption

Do You Use the Cloud for Document Storage or Production? Read This First.

28 Tuesday Feb 2017

Posted by in Attorney Work Product, Attorney-Client Privilege, Clouds, Confidentiality, Discovery, Dropbox, Emails, Encryption, Evidence, Insurance Defense, Legal Ethics, Legal Technology, Litigation, Passwords, Privilege and Confidentiality, Requests for Production, Sanctions, Subpoena Duces Tecum

Comments Off on Do You Use the Cloud for Document Storage or Production? Read This First.

Tags

, , , , , , , ,

Upload To File-Sharing Site Was Like Leaving Legal File On A Bench, Judge Says; Privilege Is Waived, by Debra Cassens Weiss, ABA Journal©

http://bit.ly/2mxwEcF

Many use the cloud for file storage and sharing when attachments are too big to send by email. If you use the cloud for storage, file-sharing or transfer, document management, project management, or anything similar, here is a cautionary tale.

The plaintiff insurance company sued the defendants, and sought a declaratory judgment on the defendants’ claim of loss by fire. The plaintiff’s investigator uploaded the entire claims file, including surveillance footage, to a drop-box cloud, Box, Inc. The link had no encryption or password. Access to the link alone allowed anyone to see the file.

He then sent the link by email to the plaintiff insurance company, who sent it to the insurance company’s attorneys, who inadvertently sent it the defendants’ counsel in response to a subpoena duces tecum.

The defendants’ counsel looked at it, but didn’t tell the plaintiff they had seen the privileged and confidential information. Inevitably, the defense sent the information back on a thumb drive to the plaintiff’s attorneys during discovery.

After vigorous arguments about confidentiality, work-product doctrine, attorney-client privilege, and disqualification of defense counsel, the facts and court’s reasoning make this an interesting read. -CCE

E-Filing Your Tax Return? Read This Before You Hit “Send.”

13 Saturday Feb 2016

Posted by in Cybersecurity, E-Filing, Encryption, Identity Theft, Internal Revenue Service, Legal Technology, Tax Law

Comments Off on E-Filing Your Tax Return? Read This Before You Hit “Send.”

Tags

, , , , ,

Hackers Trying to Steal Your Tax Refund With Stolen SSNs, by Angela Moscaritolo, PC World

http://bit.ly/1O8kgVv

[T]he IRS on Tuesday announced that hackers recently attempted to use some 464,000 stolen Social Security numbers and an automated bot to generate E-file PINs, which can be used to electronically file a tax return. The incident occurred last month, and the hackers were able to successfully access an E-file PIN with 101,000 of the SSNs.

*     *     *

Last year, Turbo Tax temporarily halted e-filing for state returns across the U.S. after it found ‘an increase in suspicious filings and attempts by criminals to use stolen identity information to file fraudulent state tax returns and claim tax refunds.’

Is Email Between You And Your Client Safe? No, And This Is Why.

01 Monday Dec 2014

Posted by in Android Phones, Apple, Blackberry Phones, Clouds, Confidentiality, Emails, Encryption, iPad, iPhones, Legal Ethics, Legal Technology, Malpractice, PC Computers, Technology

Comments Off on Is Email Between You And Your Client Safe? No, And This Is Why.

Tags

, , , , , , , ,

How to Encrypt Attorney-Client Communications, by Lisa Needham, Lawyerist Blog (with hat tip to Allen Mihecoby, CLAS, RP!)

http://tinyurl.com/kfrpqz3

If you have decided you need to get serious about client data protection, you will need to consider encrypting both your data and your communications. We have previously covered how to encrypt your data and will focus here on how to encrypt your email communication.

What Is Encryption?

Simply by using the Internet, you are probably using some sort of encryption scheme during some activities, whether you know it or not.

Encryption is simply the act of turning your data into unreadable gibberish. If your data is intercepted or hacked, the thief now has nothing but a pile of garbage.

End-to-end encryption is a must for transferring sensitive data across the internet. In end-to-end encryption, your data is encrypted while it travels towards your intended location and the same encryption occurs on the reverse trip. Your bank (hopefully) uses end-to-end encryption. Your practice management software (hopefully) uses end-to-end encryption if it stores and syncs data remotely. This sort of encryption is done for you without any effort on your part, as it is just a standard feature of the infrastructure you are using to bank or update client data or similar activities.

Why Do You Need to Care?

A few years ago, the ABA issued a formal ethics opinion stating that if there is a significant risk that a third party might gain access to the email, attorneys have to warn clients about that risk.

This poses a problem, because unlike your bank and practice management software, email is usually unencrypted. This is true whether you are using a desktop client or a web-based email like GMail. . . .

Westlaw Public Records Database Breached. Who Is Affected?

16 Sunday Nov 2014

Posted by in Cybersecurity, Encryption, Identity Theft, Legal Technology, Privacy, References, Research, Westlaw

Comments Off on Westlaw Public Records Database Breached. Who Is Affected?

Tags

, , , , ,

Westlaw Discloses Breach Of Public Records Database, by Sabrina I. Pacifici, BeSpacific Blog

http://tinyurl.com/pffqhny

News release: ‘West Publishing Corporation, a unit of Thomson Reuters, has notified the New Hampshire Attorney General’s Office of a breach involving their Westlaw subscription-only public records database. In a letter dated November 4th to those affected, Senior Vice President Andy Martens explained that on October 14, they detected unusual search activity. Investigation revealed that some subscribers’ passwords had been compromised and used to access the database. The types of information involved included addresses, date of birth, and in some cases, driver’s license numbers and Social Security numbers. No bank account or credit card information was involved. In response to the breach, West removed external access to full sensitive identifiers in public records, forced a password reset on all public user accounts, and implemented  additional technological controls to detect and respond to searches of more limited public records that also appeared unauthorized. Federal law enforcement was also contacted. West offered those affected two years of free credit monitoring with Experian ProtectMyID Elite. Nine NH residents were notified. The total number of individuals notified was not indicated in their report to New Hampshire.’

Huge Cyberattack on JPMorgan Chase and Wall Street – How Far Does It Go?

05 Sunday Oct 2014

Posted by in Computer Forensics, Cybersecurity, Encryption, Identity Theft, Legal Technology

Comments Off on Huge Cyberattack on JPMorgan Chase and Wall Street – How Far Does It Go?

Tags

, , , , , , , , ,

Hackers’ Attack Cracked 10 Companies in Major Assault – NYT, by Matthew Goldstein, Nicole Perlroth, and David E. Sanger, New York Times, posted by Sabrina Pacifici, BeSpacific Blog

http://tinyurl.com/o3vf8fq

We have heard of other hacks on that stole information from credit/debit cards and other financial and personal data. This is far more serious. It was first discovered in July, and the investigation is ongoing.  Initial reports of the damage and who caused it have changed as the investigation progresses. -CCE  

‘The huge cyberattack on JPMorgan Chase that touched more than 83 million households and businesses was one of the most serious computer intrusions into an American corporation. But it could have been much worse. Questions over who the hackers are and the approach of their attack concern government and industry officials. Also troubling is that about nine other financial institutions — a number that has not been previously reported — were also infiltrated by the same group of overseas hackers, according to people briefed on the matter. The hackers are thought to be operating from Russia and appear to have at least loose connections with officials of the Russian government, the people briefed on the matter said. It is unclear whether the other intrusions, at banks and brokerage firms, were as deep as the one that JPMorgan disclosed on Thursday. The identities of the other institutions could not be immediately learned. The breadth of the attacks — and the lack of clarity about whether it was an effort to steal from accounts or to demonstrate that the hackers could penetrate even the best-protected American financial institutions — has left Washington intelligence officials and policy makers far more concerned than they have let on publicly. Some American officials speculate that the breach was intended to send a message to Wall Street and the United States about the vulnerability of the digital network of one of the world’s most important banking institutions.’ . .  .

Apple iCloud’s Two-Step Verification – Why It Didn’t Stop Hackers.

01 Monday Sep 2014

Posted by in Apple, Cell Phones, Clouds, Cybersecurity, Encryption, iPad, iPhones, Legal Technology, Mac

Comments Off on Apple iCloud’s Two-Step Verification – Why It Didn’t Stop Hackers.

Tags

, , , , , ,

Apple Says It Is “Actively Investigating” Celeb Photo Hack, by Arik Hesseldahl,

http://tinyurl.com/les3wqe

Apple said Monday it was ‘actively investigating’ the violation of several of its iCloud accounts, in which revealing photos and videos of prominent Hollywood actresses were taken and posted all over the Web.

*     *     *

Security experts said the hacking and theft of revealing pictures from the Apple iCloud accounts of a few celebrities might have been prevented if those affected had enabled two-factor authentication on their accounts.

Apple hasn’t yet said anything definitive about how the attacks were carried out, but security researchers at the security firm FireEye, examined the evidence that has emerged so far, and said it appears to have been a fairly straightforward attack. That said, it is also one that could have been thwarted had some additional steps to secure the targeted accounts been taken.

That additional step is known as two-factor authentication. Apple calls it ‘two-step verification,’ although it doesn’t work very hard to tell people about it, said Darien Kindlund, director of threat research at FireEye.

‘In general Apple has been a little late to the game in offering this kind of protection, and doesn’t advertise it,’ he said. ‘You have to dig through the support articles to find it.’

When enabled, two-factor authentication requires users to enter a numerical code that is sent to their phone or another device, in addition to using their regular password. Since the number constantly changes, it makes it much more difficult for attackers to gain access the account, even if they know the password.

Assuming the compromised accounts were running without the two-step option turned on, it would then have been relatively easy for the attacker to gain access to the accounts.

As The Next Web reported earlier today the attack may be linked to software on GitHub called iBrute that is capable of carrying out automated brute-force attacks against iCloud accounts. In this scenario, an attacker simply guesses a password again and again until they succeed. While tedious and time-consuming for a person, it’s a simple and infinitely faster process for a computer.

The as-yet unknown attacker had one other thing going for him: Apple allows an unlimited number of password guesses. Normally, systems limit the number of times someone can try to log in to a system with an incorrect password before the account is locked down entirely. Apple has since fixed that aspect of the vulnerability.

‘The attackers never should have been allowed to make an unlimited number of guesses,’ Kindlund said. . . . [Emphasis added.]

10 Top Law-Related TED Videos.

20 Sunday Jul 2014

Posted by in Bad Legal Writing, Computer Forensics, Computer Fraud and Abuse Act, Computer Virus, Copyright, Criminal Law, Cybersecurity, Digital Millenium Copyright Act, Discovery, Encryption, Evidence, Finance and Banking Law, Fraud, Google, Government, Identity Theft, Intellectual Property, Law Office Management, Legal Technology, Legal Writing, Legalese, Malware, Management, Patent Law, PC Computers, Plain Language, Presentations, Search Engines, Trial Tips and Techniques, Trojans, Video

Comments Off on 10 Top Law-Related TED Videos.

Tags

, , , , , , , , , , ,

Top 10 Legal TED Talks, by Tim Baran, Legal Productivity Blog

http://www.legalproductivity.com/op-ed/top-10-legal-ted-talks/

Have you heard of TED? It began in 1984 as a conference and now covers a wide range of topics in more than 100 languages.  Think of it as a massive brain trust that shares great ideas and information.

Each of the law-related TED talks listed in this article are worthwhile on their own: (1) four ways to fix a broken legal system; (2) eliminate legalese by using plain English; (3) how to beat a patent troll; (4) how the Internet will change government; (5) laws that choke creativity; (6) copyright law; (7) why eyewitnesses get it wrong; (8) how technology could make crime worse; (9) the Internet and anonymity online; and (10) how great leaders inspire. -CCE

Is It Time For A “Bring Your Own Device” Policy for Your Law Office?

01 Tuesday Jul 2014

Posted by in Android Phones, Apple, Blackberry Phones, Cell Phones, Clouds, Computer Forensics, Confidentiality, Cybersecurity, Disaster Preparedness, Emails, Encryption, Google, Intellectual Property, iPad, iPhones, Law Office Management, Legal Blogs, Legal Ethics, Legal Technology, Mac, Management, Marketing, Passwords, PC Computers, Social Media, Supervising Support Staff, Tablets, Technology, Using Social Media

Comments Off on Is It Time For A “Bring Your Own Device” Policy for Your Law Office?

Tags

, , , , , , , , , , , ,

Mobile Device Security for Lawyers: How Solos and Small Firms can Ethically Allow Bring Your Own Device, by Will Harrelson, Curo Legal Blog (with hat tip to Jeff Richardson, iPhone J.D. Blog!)

http://tinyurl.com/lrrnp7g

The Start of Bring Your Own Device Policies

It really is the iPhone’s fault. Yes, Apple is to blame for designing the most desirable piece of technology of the last decade. So desirable, in fact, that employees of all stripes requested (and, often, begged) their IT departments to toss the increasingly-‘corporate’ Blackberry out the window and allow the use of their personal iPhones for corporate emails and calls. As a result, we have been living in the age of ‘Bring Your Own Device’ where employees use a single personal mobile phone (or tablet) for both their personal email, texting, and social media while also using it for work email, word processing, and other enterprise applications.

Before the Bring Your Own Device era, a company’s greatest out-of-office security concern was an employee who left a briefcase in a taxi. Today, the worry is an employee misplacing a device the size of wallet containing almost limitless amounts of data that criminals or hackers would easily and quickly exploit if given the chance. Clearly, there is an obvious financial motivation for all businesses to protect their own or customer’s sensitive data.

However, lawyers face particular ethical consequences if they fail to take reasonable efforts to either investigate the technologies that they implement or protect their client’s confidential information. . . .

The Hole In Mobile Security Making Your Phone An Easy Target.

15 Sunday Jun 2014

Posted by in Android Phones, Cell Phones, Cybersecurity, Encryption, Fraud, Identity Theft, iPad, iPhones, Legal Technology, Malware, Tablets

Comments Off on The Hole In Mobile Security Making Your Phone An Easy Target.

Tags

, , , , , , , , , , , , , , , , , , ,

Here’s One Big Way Your Mobile Phone Could Be Open To Hackers, by Steve Henn, All Tech Considered, NPR

http://tinyurl.com/l2re8ll

Despite the fact that every major Internet provider has added some kind of encryption to its services over the past year, tracking your online traffic is easier than you think.

And you don’t have to be the target of the hacker or the NSA for your traffic to be intercepted. There is a hole in mobile security that could make tens of millions of Americans vulnerable.

Unsecure Wi-Fi networks have been a well-known vulnerability in the tech industry for years. They can let even the most unsophisticated hacker capture your traffic and possibly steal your identity. . . .

When You Share Files, Are They Secure?

31 Saturday May 2014

Posted by in Clouds, Confidentiality, Cybersecurity, Dropbox, Emails, Encryption, Legal Ethics, Legal Technology, Technology

2 Comments

Tags

, , , , , , ,

File Sharing by Lawyers Largely Insecure, Survey Suggests, by Robert Ambrogi, Robert Ambrogi’s Law Sites

http://tinyurl.com/pr3apcc

If I were to leave a document on a table entitled, ‘My Deepest, Darkest Secrets,’ under which I wrote, ‘Please do not read this unless you are someone I intended to read this,’ how securely would you think I’d protected myself?

That, effectively, is all the majority of lawyers do to protect confidential documents they share with clients and colleagues, according to a LexisNexis survey published this week. . . .

A Double Treat – Two-Part Posts On Cybersecurity and Outsourcing From Ralph Losey.

19 Monday May 2014

Posted by in Computer Fraud and Abuse Act, Computer Virus, Confidentiality, Document Retention, Emails, Encryption, Heartbleed, Law Office Management, Legal Ethics, Legal Technology, Malpractice, Malware, Technology, Technology, Trojans

Comments Off on A Double Treat – Two-Part Posts On Cybersecurity and Outsourcing From Ralph Losey.

Tags

, , , , , , ,

The Importance of Cybersecurity to the Legal Profession and Outsourcing as a Best Practice – Part One, by Ralph Losey, e-Discovery Team®

http://tinyurl.com/oalblet

and,

The Importance of Cybersecurity to the Legal Profession and Outsourcing as a Best Practice – Part Two, by Ralph Losey, e-Discovery Team®

http://tinyurl.com/mjek896

It is worth taking the time to read the Comments for both Part One and Part Two. -CCE

2014 Best of Legal Tech from Jim Calloway.

17 Saturday May 2014

Posted by in Android Phones, Apple, Apps, Cell Phones, Clouds, Computer Forensics, Dashboards, Emails, Encryption, iPad, iPhones, Law Office Management, Legal Technology, PC Computers, Tablets

Comments Off on 2014 Best of Legal Tech from Jim Calloway.

Tags

, , , ,

The Best of Legal Tech for Solos and Small Firms 2014, by Jim Calloway, Jim Calloway’s Law Practice Tips Blog

http://tinyurl.com/mjqjp9a

This month’s Digital Edge podcast covers ‘The Best of Legal Tech for Solos and Small Firms 2014.’

John Simek is our guest, who is the business partner and spouse of my podcast teammate, Sharon Nelson. Together with Michael C. Maschke, they were the authors of The 2014 Solo and Small Firm Legal Technology Guide: Critical Decisions Made Simple, published by the American Bar Association. I was quite honored to be asked by them to write the forward for the book.

We discuss all sorts of technology for solo and small firm lawyers, including practice management software, workstations and cloud-based services. Enjoy the podcast.

The Mashable Hit List.

13 Sunday Apr 2014

Posted by in Android Phones, Apps, Cell Phones, Clouds, Computer Virus, Disaster Preparedness, Dropbox, Emails, Encryption, Google, Heartbleed, Identity Theft, Law Firm Web Sites, Law Office Management, Legal Blogs, Legal Technology, Malware, Office Procedures, Passwords, PC Computers, Search Enginges, Technology, Using Social Media

Comments Off on The Mashable Hit List.

Tags

, , , , , , , ,

The Heartbleed Hit List: The Passwords You Need to Change Right Now, The Mashable Team

http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/

If you wondered whether any main specific websites are affected, such as Yahoo, this list will help you.  It will also help explain the Heartbleed bug,  and why you should pay attention to what it is. If you want to know whether your specific bank was compromised, this list may not answer all your questions. So, if you’re not sure whether you should change your password, go ahead and do it.

Even better, find a password manager in this list of the best of the best from PC Magazine by Neil J. Rubenking — http://www.pcmag.com/article2/0,2817,2407168,00.asp. If you use one password for more than one website — and lots of people do — this is a good solution and a wise move regardless of the Heartbleed bug. -CCE

 

Apple Fixes NSA Encryption Security Flaw.

24 Monday Feb 2014

Posted by in Apple, Apps, Cell Phones, Encryption, iPad, iPhones, Legal Technology

1 Comment

Tags

, , , , , , , , , , , , , , ,

Apple Fixes Security Flaw In iOS, Perhaps Thanks To Snowden?, by Jeff Richardson, iPhone J.D. Blog

http://tinyurl.com/lmnrlvr

Apple releases minor security updates for the iPhone and iPad from time to time.  When folks ask me if they should upgrade, I virtually always say yes.  Why not have an iPhone that is more secure, and less likely to be hacked by bad guys?  So this past Friday afternoon when Apple released iOS 7.0.6 and said that it was a security update, I updated my devices but otherwise did not think much of it.  (And no, you did not miss an update if, like me, you went from iOS 7.0.4 to 7.0.6; 7.0.5 was only released for iPhones sold in China.)

But over the weekend, there were two posts about this update by John Gruber of Daring Fireball (Post 1, Post 2) that I thought were pretty interesting.  According to PRISM documents leaked by Edward Snowden, the NSA gained the ability to intercept encrypted iPhone traffic in October of 2012, and that’s apparently right after the bug fixed by iOS 7.0.6 was introduced.  As Gruber notes, this could mean all sorts of things.  It could mean that someone at Apple intentionally added a backdoor for the NSA.  Or it could mean that someone at Apple made a simple coding mistake but the NSA found out about it and exploited it.

Or it could just be a big coincidence, but there is at least a chance that Apple has now found and fixed a security bug that had been exploited by the NSA. . . .

How Soon Will Everything On The Internet Be Encrypted?

07 Saturday Dec 2013

Posted by in Encryption, Legal Technology

Comments Off on How Soon Will Everything On The Internet Be Encrypted?

Tags

, , , , , , , ,

Coming Soon: An Encryption by Default World, by Sharon D. Nelson, Esq., Ride the Lightning!

 http://tinyurl.com/lly66n6

With Yahoo promising “encryption everywhere,” Google moving to 2,048-bit certificates by year’s end, HTTP 2.0 to be automatically encrypted, and a renewed interested in secure email, we’ve entered a new phase: the era of encryption by default over the network — and maybe everywhere else, too.