I see from ComputerWeekly that UK law firm Browne Jacobson are to encrypt all their emails using PGP's Universal Gateway EMail (Wikipedia), after reviewing their security strategy, in order to "secure e-mail communication with large groups of customers, partners, experts and witnesses using clientless e-mail encryption."
Good for them. I've always been surprised that so many law firms don't encrypt their emails or attachments - particularly as emails between law firms and their clients (or with other firms) often contain confidential information, including sensitive and indeed price-sensitive information. Surely it's best practice.
At the very least, I think documents attached to emails ought to be password protected as a matter of course.
I'm surprised that, as far as I know, no law firm has come a cropper yet due to lack of encryption. Surely it's only a matter of time before those who scour bins (now hopefully countered by law firms shredding their waste papers) move on to intercepting solicitors' and attorneys' emails to look for juicy inside information on proposed mergers or other confidential business information. Organised crime have done very well with phishing, identity fraud and the like - think how much more money they might make from private business data.
Why aren't the authorities which regulate the legal profession, in whichever countries, more strict about encryption?
©WH. This work is licensed under a Creative Commons Attribution Non-Commercial Share-Alike England 2.0 Licence. Please attribute to WH, Tech and Law, and link to the original blog post page. Moral rights asserted.
Posts
4 comments:
Interesting issue.
> Why aren't the authorities which regulate the
> legal profession, in whichever countries, more
> strict about encryption?
I have wondered that too. 3 reasons as I see it:
1. We routinely leave important documents in public (letter-boxes) or heavily-trafficed offices, etc.
2. It's technically too difficult for most lawyers and clients.
3. No one has been badly stung (yet).
Thanks for your thoughts Guy. Targeting documents to intercept may be easier to do electronically than breaking open letter boxes, and the technical difficulties can be overcome with enough effort and money - or indeed, just effort (which may be too much trouble for most people). Password protecting a Word document just takes an extra minute. I think the crux of it is that no one has been badly stung yet, but I won't be surprised when someone is, and then people will be racing around like mad after the fact trying to get new, adequate rules and procedures in place!
Ok, a bit late, but I agree that technical difficulty plays a major factor. Even after firms have been "stung", it remains relative quiet, since they did what was "commercially reasonable". What if email encryption was super easy, built into your email program, and just added a "Send Secret" button? ;-) Welcome to Secret 1-2-3! http://www.Secret123.com/
I completely agree with you. It is very important for Law firms to use encryption for emails and attachments. After all their files always contain confidential data for the clients and they really don’t want them to get hacked them.
Post a Comment