|
Security Spotlight
Digital Couriers Take Off
By Albert Barsocchini
AS E-MAIL becomes the delivery medium of choice for lawyers, the legal community has become increasingly concerned about protecting confidentialities. E-mail is considered by many as the single largest unprotected application that exists in the corporate world today. To fill this security void, new easy to use digital courier services are sprouting up on the Internet.
These services encrypt your document and safely transport it over the Internet. Digital couriers are cheaper than overnight deliveries, personal couriers or faxes -- and more secure than all three. Offering different levels of security, features and pricing -- from free Web-based services such as Hushmail and Ziplip, to high end services using heavy encryption, digital certificates and sophisticated tracking such as PrivateExpress -- digital couriers are tailor-made for a profession that deals in confidential communications. Now is the time to think about e-mail security and whether your law firm should be using a digital courier service instead of regular e-mail for protective communications.
Most law firms use the Internet without any security measures. In California, where I practice, there is no ethical obligation for lawyers to encrypt e-mail, lawyers can still be sued for breaches of client confidences and secrets through the use of e-mail (e.g. e-mail that is mis-delivered, intercepted, lost, etc.)
The national trend is reflected in ABA Advisory Opinion 99-413, which states, in essence:
- There is a reasonable expectation of privacy in e-mail.
- Lawyers need not encrypt e-mail automatically.
- Client confidences, regardless of the medium used to transmit those confidences, are susceptible to interception/disclosure.
- Lawyers should discuss the dangers inherent in any communication and reach agreement on how to communicate.
How Safe?
 E-mail intrusions or mistakes in delivery are almost never reported. What law firm wants to publicize its mistakes? When a normal e-mail is sent, it is logged and leaves a complete audit trail from the time it is uploaded to the sender's ISP, all the way to the destination mailbox. As e-mail moves across the Internet, information, including source, destination and path taken, is recorded at every intermediate stop, amounting in some cases to a surprisingly long "paper trail."
The interception of e-mail via intervening criminal acts of third parties using sniffers, spoofing, etc. is on the rise and easier than ever. Once e-mail has reached its recipient's inbox, it is present on his or her computer and can be read by anyone with access to that e-mail account. Just like faxes, the misdelivery of e-mail happens more often than we expect. Furthermore, law firms can be held liable for inappropriate content, trade secret disclosure and the unauthorized disclosure of sensitive information. Exposure from the lawful discovery of e-mail residing on a server or backup device can haunt a firm years later. Why take this chance?
Slow Adoption
What has been holding lawyers back from using secure e-mail? The answer is simple: It is not easy enough to use. The first programs on the market to encrypt e-mail were cumbersome and difficult to use. However, there are now easy-to-use services that will both manage all of your public and private keys, and track the delivery process of your electronic messages like a digital version of a private delivery service, such as FedEx.
Among the current services available are PrivateExpress and UPS Document Exchange. Here's a quick look at these two:
Private Express
|
|
Messaging Policy
AS MESSAGING continues to rise in popularity over traditional courier and overnight delivery services as the primary means of client communications, individual lawyers and law firms must proactively create and enforce a consistent office messaging policy.
Here are some recommendations for a safe office messaging policy:
* Require that all outgoing sensitive messages be sent using a digital courier just like you would use a real courier.
* Place confidentiality notices on all outgoing office messages, as you do with faxes.
* Insist that messages always be drafted with care and thought in light of the business setting.
* Prohibit message forwarding, without the express permission of the sender.
* Specifically prohibit inappropriate material.
* Advise employees that the employer monitors office messaging use.
* Make sure all messaging clients are password protected to prevent unauthorized access and alteration of any third party e-mail message.
* Encourage employees to immediately report unauthorized or inappropriate use of messaging systems by third parties.
* Mandate the use of encryption for sensitive communications and provide periodic training.
|
|
|
Private Express is easy for anyone with a personal computer to install and use. If you have about 10 minutes and an e-mail address, then visit www.privateexpress.com to download the client software and activate an account. Private Express allows you to to send, receive, open and track sensitive documents from your desktop computer.
Unlike existing e-mail methods, which are insecure and unreliable because they send documents through servers where messages and attachments can be captured and read, Private Express provides secure and traceable document delivery. The monthly service handles all of the transactions and manages public and private keys making it is easy to instantly send and receive sensitive documents securely from your PC. Private Express is the best way I've found to be sure that no one inside or outside of my network is intercepting confidential communications.
It also saves time. With a personal computer and an Internet connection, lawyers can instantly send secure documents in seconds any time, anywhere. No more filling out forms or locating the nearest overnight delivery drop-box.
The service offers a flat subscription rate, rather than on a per-shipment basis. Whether you are sending a 30-page contract, or a one-page memo, the low monthly cost is the same. There are no extra telephone charges, like with a fax, and no additional costs for heavier documents and depending upon your business, no expense to your clients.
Private Express also tracks document deliveries to provide proof of delivery and added peace of mind. With document status updates, you can prove when documents were sent, when they were received and even when they were opened, and eliminates worry as to whether your documents reached the intended recipient because e-mail systems were down or faxes were out of paper, and no more wading through organizations and receptionists to determine the location of your most sensitive documents.
UPS Document Exchange
UPS Document Exchange offers a variety of services, including OnLine Courier, which allows lawyers to move large files (up to 70 MB) without firewall restrictions. Users can monitor the digital delivery of documents with instant receipt notification, and can recall or cancel e-packages up until the time that the recipient opens it. The service offers encryption and password-only access.
UPS OnLine Courier charges on a pay-per-use basis. Pricing options depend on the number of documents sent per month, and whether or not you want "trackable and encoded" or "trackable only" service. (For example, Users who send more than 1000 documents per month pay $1.75 per document for "trackable and encoded" compared to $2.50 per document for users who send up to 99 documents). Additional fees are charged for receiver confirmation and for oversized files. Documents can be sent in Adobe Acrobat PDF (portable document format).You can "test drive" for free for 30 days by visiting the Web site.
UPS also offers a billing translation and secure electronic delivery service, UPS Document Exchange Invoices, which allows law firms and corporate counsel to share sensitive invoices securetly, over the Internet or via private networks. It uses technology developed by Houston's Occam's Razor Technologies Inc., and offers legal industry formats including the Legal Electronic Data Exchange Standard (LEDES).
Looking ahead
The legal profession is a relative newcomer to e-mail and lawyers must remain vigilant in protecting the confidentiality of communications and avoid unintended waivers of the attorney-client privilege. Any claims to the attorney client privilege will ultimately depend on the reasonableness of the precautions taken by the law firm to preserve confidentialities.
Electronic messaging can save you and your firm both time and money, as long as the proper care and consideration are put toward encouraging its safe and secure use. Where before the methods of securing e-mail were difficult to understand and use, now there are easy to use services that provide the enhanced security, speed and tracking that both you and your clients require.
Albert Barsocchini is president of The Lawtek Group LLC, a legal technology consulting company, based in San Anselmo, Calif. He is chair of the Law Practice Management & Technology section of the California State Bar, and is a member of the Law Technology News Editorial Advisory Board.
|
