Law Technology News
November 2000
American Lawyer Media National Sites

National Sites

The American Lawyer Magazine

Corporate Counsel

National Law Journal

Law Catalog

Legal Seminars


New York

New Jersey




Washington, D.C.






Litigation Support

Extranets and Intranets Are Definitely Very Popular -- But are They Really Safe?

Law firms have numerous options to safeguard their intellectual property.

By Tom O'Connor

Extranets and Intranets Are Definitely Very Popular -- But are They Really Safe? ONE OF THE hottest topics for litigators these days is virtual depositories. Most of these new systems use a standard Extranet business model.

The appeal to litigators is obvious. Trial lawyers are attracted to the potential to connect with clients quickly and inexpensively to access documents, work with data and collaborate on cases anytime, anywhere. The migration from banker's boxes to private network (PN) technology -- using the Internet to share data in electronic form similar to existing local area networks or wide area networks -- a natural evolution..

In fact, by the first quarter of this year, according to the 2000 AmLaw Tech survey, 95 percent of large firms are using Intranets for information sharing (up from 88 percent a year ago). And 78 percent of large firms report using Extranets with clients, up from 55 percent a year ago.

But is this new communication platform safe to use?

Attorneys obviously are concerned about attorney-client privilege and confidential communications, and worried that -- just like the public telephone system upon which it depends -- the Internet is susceptible to tampering or eavesdropping. Furthermore, the Internet brings its own unique security concern: transmission of viruses that can corrupt or destroy information at the receiving end of a transmission.

Extranets and Intranets Are Definitely Very Popular -- But are They Really Safe? The standard Extranet security architecture emphasizes network security thru encryption, firewalls, packet filtering and specific policies such as passwords. Physical security can involve redundant power systems, UPS (uninterrupted power supply) capabilities, and even high security building guards-- such as card key access doors or biometric authentication systems.

Application security can include server security software such as user token sessions, expiring session IDs, URL verification or regular password changes. Some companies even advocate activity logging and tracking to review system utilization, software smart cards for user authentication and even digital certificates.


The next step is the Virtual Private Network, which is essentially an encryption code for a specific law firm or litigation group. Data is encrypted as it is being sent on the Internet's public lines to isolate it from adjacent traffic. But this type of network is indeed "virtual" because it is still using the same public telephone lines as all other Internet users.

This is not a separate physical network at all. Still, many litigators feel that a Virtual Private Network affords complete security and trust the complexity and sophistication of the encryption makes them secure when using the Web for the transfer of confidential data. But, like Olivier in the Marathon Man, I ask once again: "Is it safe?" I think not.

First, a VPN can use any number of encryption techniques but anyone who can crack the code of these encryption programs can access the underlying data.

Second, the danger of interception is still present. Finally, and most important, all data on the Internet is susceptible to viruses. A virus need not be a specific attack but be a general threat from a member of the active electronic subculture which is always at work trying to undermine the Web. How large is this threat? I have two words for you: "Love Bug."

A recent Wall Street Journal article entitled, "Web's Design Hinders Goals of User Privacy" posed the rhetorical question, "Want to protect your privacy on the World Wide Web? Good luck. Much of the Web's underlying architecture is rigged against you." But absolute data protection can only be provided by another type of Internet based transmission system, the Secure Private Network.

The primary difference between a Secure Private Network and the Internet is that the SPN operates on private, dedicated lines that only subscribers can access.

An SPN thus provides law firms and corporate legal departments true security by using physically separate telephone lines for communication thereby giving each subscriber its own discrete physical circuit.

Not only does this enhance security and create an absolutely safe on-line office environment but it also guarantees that the SPN can outperform the Internet. The SPN provides faster and more robust communication while ensuring data security.

There is absolutely no way a computer virus can penetrate an SPN unless it is generated from within the group using the VPN and if that's the case, well you have problems bigger than document security on one case.


In terms of connectivity, an SPN can outperform the Web's speed and ability to transmit large amounts of data instantaneously. How? Because a good SPN provider can partner with a communications provider and offer wide-band fiber optic lines that are completely isolated and allows the provider to protect and manage the bandwidth from end-to-end.

This also allows the SPN provider to allow true convergence technology and simultaneously transmit voice, video and data. The VPN version of convergence is typically not as fluid as a dedicated SPN and can stall or breakup during periods of peak traffic. Since the traffic on the VPN comes only from the litigation group, it will not be jammed with traffic at certain "high peak" times like the Internet, and thus won't have slowdowns. This is particularly important in litigation discovery when the speed and privacy of document transmission is critical.

For even stronger security, a VPN provider can build a system for each of its subscribers on top of the already private SPN. A subscribing law firm or corporation will have its own passwords and encryption on the SPN, creating a fail-safe system. This truly remote collaborative environment eliminates fear of a security breach, a major concern for law firms concerned with protecting insider information.

So if you absolutely positively want to keep it safe, use an SPN. For the "virtual" law firm or litigation group, the SPN is the ideal support platform.

It provides an additional layer of security beyond the VPN and can offer huge savings, and peace of mind, for firms involved in sharing large amounts of data.

Consultant Tom O'Connor is a member of the LTN Editorial Advisory Board, and lives in Newcastle, Wash.

Editor's Note
Legal Tech Toronto
Letters To The Editor
Tech Calendar

Calendaring Systems
Compare & Contrast
Conflicts Checking
Extranet Spotlight
Intranets & Extranets
Lawtech News
Litigation Support
London Insider
MIS@Blank Rome Comisky & Mccauley
Second Opinions
Security Spotlight
Small & Home Office
Snap Shot: Peter Keane
Voice Recognition
Web Watch

Document Management
Industry News
Library Administration
Mac Corner
Networking & Storage
Office Gear
Portable Office
Practice Tools
Quick Takes
Regional Roundup
Security Spotlight
Security Update
Time & Billing
Utilities Roundup
Web Works

Client Notes
People In The News
Privacy Statement and Terms and Conditions of Use
Copyright copy; 2000 NLP IP Company. All rights reserved