Last night, the CBC reported on foreign hackers who launched a massive attack on Canadian government computers last fall, also broke into the data systems of prominent Bay Street law firms to get insider information on an attempted $38-billion corporate takeover of Potash Corporation of Saskatchewan. No surprise, statements issued by the legal firms were predictable and generic. But what struck me was that the issued statements included something that goes like this: “We take our obligations of confidentiality to our clients very seriously”. Following on to my blog entry in November, it sure doesn’t feel that way. The medium most used by law firms to communicate with their clients is email. I have and continue to use lawyers extensively for personal and corporate representation, including employment lawyers for the HR side of my life. Not once has a law firm ever used email encryption or secure email to communicate with me. Not only does the body of the email contain sensitive strategy conversations, but there are also numerous draft documents that are transferred back and forth as unsecured email file attachments. Now I will concede that the information I am dealing with, such as personal family law matters or employee terminations are likely not as sexy or hack-worthy as the Potash deal. But how do I know that this information is not being intercepted and reviewed? Who is going to fess up if this happens? It may be happening all the time and I just don’t know about it – and never will. Email is a much easier target for attacks then any client file saved behind a legal firm’s firewall. Email leaves the relative safety of the legal firm and travels into the world ‘wild’ web through various passages and nodes before it gets to its final destination. It can be intercepted at any time through its zig zagged and stopped-over journeys through cyberspace. What we do trust is the technology used for internet banking to communicate and process the ultimate in high-risk and sensitive transactions because the protocol used to transfer information is as safe as we can get it. The transmission is protected by an end-to-end SSL pipe that cannot be intercepted. When we see that additional ‘s’ in https:// in our browser, we are assured that it’s SSL protected – such as when we access internet banking or process a credit card transaction on line. Without that ‘s’, the information submitted is simply not secure. It seems to make sense that we (clients) should be expecting law firms (and government) to begin taking client confidentiality as seriously as banks do, by adopting the same type of security technology used by banking to secure email communication with clients. After all, whose responsibility is it to safeguard my (the client) confidential and ultra-sensitive information – the law firm or the client? Addressing compliance and the law is also clear in echoing my feelings about this important topic. It’s unequivocally the legal firm’s responsibility. It really feels like it’s time for legal firms to put the ‘confidential’ back into ’priviledged and confidential’ for their clients. Technology exists to help them do just that. Join the discussion. Agree or disagree? Ariane Laird works with Email2. Email2 provides straightforward secure email encryption solutions and data leak prevention for government and law firms that uses the same security technology as internet banking. Email2 enables professional services organizations to securely send, receive, track and automate delivery of confidential email and large attachments outside the organization – without requiring staff or recipients to change their existing email.
When I ask my teenager to send me an email, she cringes as if I have just asked her to mow the lawn. When I ask her about the repulsion, the jist of her response is that email is ‘so yesterday’. That may be the case in her world, but email continues to be the primary communication tool for organizations and that’s not going to change anytime soon. Email allows senders and receivers to communicate asynchronously – meaning that each party does not have to be present at the same time to engage in the conversation. It eliminates playing telephone tag, in-person meetings, or the even more delayed methods of mail and couriers. It occurred to me that as instant as email is, it does not provide the instant feedback that some of the other electronic communication methods provide such as Blackberry Messenger, Facebook, or Google Talk. With these tools, one knows instantly that the message has been received and can even see the recipient typing a reply (and can see when they stop typing and decide to never send the reply they’re typing – there’s a whole social game attached to that one, and another full blog entry for another time). But bottom line is that communication is in real time and instant feedback exists. Which is not the case with email. There are many benefits to email, but one of the challenges is that you never really know what’s happening to your email after it leaves your sent box. What exactly is that email doing? Did it get stuck in spam? Was it intercepted? Did it stop over in one of the many nodes it has to go through before reaching its final destination and decided it was a nice place to stay for a while? Where exactly is it? And if you don’t hear back from the recipient within 24 hours, do you send another email asking if it was received? A sender is never really sure about the appropriate timing to reach out to the recipient to ask if they simply decided to not respond, or confirm that they received the message. How many times have we heard from a recipient “I never got your email”? I for one have both said or heard those words on many occasions. The younger generation is impatient and don’t want to wait for a reply, and want to know what is happening to the words that have been sent electronically – and when it is being responded to – in real time. Email would be a much better 2012 communication tool if we had better visibility into its life cycle. It would be ideal if email was a hybrid of social media’s instant feedback and email’s asynchronous qualities of not having to be be present in real time to communicate. A ‘Fedex’ version of email would solve this challenge. Send out the email communication with the ability to track its every move. In other words, evolve email so that we (the sender) know and can get proof when an email is received, read, forwarded, replied to, printed, or deleted. Otherwise, the next generation will continue to view email as the ’pigeon carrier’ of electronic communication. Ariane Laird works with email2. email2 provides features that guarantees email delivery and tracks and provides proof when an email and attachment is received, read, replied to, forwarded, deleted or printed. email2 enables professional services organizations to securely send, receive, track, control and automate delivery of confidential email and large attachments outside the organization – without requiring staff or recipients to change their existing email.
I have communicated with my lawyer over email for years. Every time I hit ‘send’ or open an email from my lawyer, I have always felt uncomfortable and vulnerable about the lack of security surrounding the exchange. The sensitive information and super-confidential details included in the body of the email often include financial information and legal strategy discussions. Not to mention the email attachments which often include copies of financial statements or draft responses to opposing counsel. This private information which is intended to be classified as ‘privileged and confidential’ can easily be cyber-attacked and intercepted. My legal counsel exchanges confidential information with both me and opposing counsel. The communication exchange methods include unsecured fax which can also easily be intercepted. Faxes are paper-based and are often printed in public office spaces. I have never insisted on a secure email solution from my attorney because I naively felt that if there was a straightforward solution available, the law firm would undoubtedly have adopted it by now. After all, the responsibility for ensuring that confidential legal email exchanges remain secure lies with the legal firm, not the client. But a recent situation with my legal firm has zapped me out of complacency and into insisting that my lawyer adopt an email encryption solution to secure my email transactions and records. In this particular situation, my attorney and I were involved in hot negotiations with another party and working on a 10 page proposal to be presented to opposing counsel. As the client and active participant, I literally spent at least 15 hours working on the proposal to ensure it was positioned perfectly. To accomplish this, my attorney and I emailed 10 versions of the draft proposal back and forth as email attachments. When it was finalized, I gave my lawyer the green light to send the proposal to opposing counsel. Unfortunately, the wrong version of the proposal was faxed to opposing counsel by the legal firm’s receptionist. It was void of important changes in strategy and points included in the final version of the proposal. Because it was sent by fax, there was no way to retract the proposal. Re-sending the correct version of the proposal to opposing council would only have served to highlight the changes in the document and divulge the evolving strategy. There was nothing I could do except deal with my frustration. The following ‘fix’ may appear biased. But this is a true account of my unfortunate experience, and email2’s secure email is truly the ideal solution to address the discomforts outlined in this blog post. Firstly, email2’s secure email would ensure that my private email exchanges (and attachments) with my lawyer are as secure as internet banking. Secondly, email2 would be able to repair the erroneous send of the older version proposal. Had the legal firm adopted email2’s encrypted email solution, the message and file attachment could have instantly been recalled – even if opposing counsel had opened and read the email and attached proposal. The email and attached wrong version proposal would have instantly been fully recalled (pulled) from opposing counsel’s inbox, and the correct version would have been re-emailed. Third, I have also been in a position where the legal firm does not hear back from opposing counsel for weeks, and we’re never sure if opposing counsel has received or read the proposal. They simply go dark. Are they away? On vacation? With email2, my lawyer would have access to message tracking capabilities and instant visibility into what happens to an email after it’s sent. Was the message and attachment received? Read? Printed? Deleted? Saved? email2 also provides functionality to prevent opposing counsel from forwarding, saving or printing the email and attachment for full control of confidential exchanges. email2 does not require my legal firm or me (the client) to change their existing email – including my use of Outlook, Blackberry, or Yahoo. So there should be no reason why clients can’t insist that their legal firm of choice adopt a solution that provides secure email and controls. Join the discussion. Tell us your stories about unsecured communication with your legal firm. Ariane Laird recently joined email2. email2 enables professional services organizations to securely send, receive, track and automate delivery of confidential email and large attachments outside the organization – without requiring staff or recipients to change their existing email.