Privacy, Technology

Secure Client Communication In The Trump Era

What can you do to protect yourself from invasive ISPs?

By  
on
(Photo by Andrew Harrer - Pool/Getty Images)

(Photo by Andrew Harrer – Pool/Getty Images)

You’re probably already aware that Internet privacy took a huge hit last week when Congress passed, and the President signed into law, a bill that that repeals the Federal Communications Commission (FCC) rules. These rules were designed to protect consumers from privacy invasions by their Internet service providers (ISP).

As someone who no doubt uses the Internet regularly, I’m sure you were dismayed by the news. And as a lawyer who relies on email to communicate with your clients about confidential information, I can only assume that your level of concern was raised to alarm when you thought about the attorney/client confidentiality implications of this roll back of Internet privacy protections.

If not, let me spell it out for you: your ISP can now legally track all of your unprotected web browsing history (including every page within a domain that you visit), app usage, location history — and sell it to the highest bidder. That’s a lot of data, and much can be gleaned from it, including, as many are speculating, information about who you’re communicating with, how often you’re doing so, and for how long. For lawyers who communicate with clients using unsecure methods such as email, this new tracking capability that ISPs now have represents a troubling trend.

We discussed this very topic yesterday when I attended the monthly solo and small firm meeting at my local bar association. An IP lawyer raised the issue and explained why he found the repeal to be so disquieting. He also shared that since the passage of this legislation, he’d had a change of heart since our last meeting regarding client portals and was now seriously considering using practice management software with a built-in, secure portal for client communication and collaboration.

By way of background, at the prior month’s meeting, I’d presented on cybersecurity for lawyers using my recent Above the Law post on cybersecurity for lawyers as my outline. When I reached the part where I recommended that lawyers ditch email and use client portals, this IP lawyer, who happens to be well-versed in technology, took issue with my position.

He explained that he preferred to have control over his data and was reluctant to share it with third parties. So he typically communicated with clients via email, but ensured that they understood the risks and that the sharing of particularly sensitive information was reserved for in-person meetings. And for collaboration purposes, he temporarily used online storage tools that allowed him to retain the encryption key and after the documents were shared, he would delete them.

Sponsored

After some back and forth on the topic of client portals, we agreed to disagree. I acknowledged the reasons for his methodology and understood why he might prefer it. But I nevertheless remained steadfast in my belief that as long as lawyers carefully chose their software providers, client portals were the future for secure client communication due to changing times and the fast pace of technological advancement.

Fast forward to yesterday’s meeting, and this same lawyer advised that he was unsatisfied by the security options being suggested to protect Internet users’ privacy in light of the repeal (more on those in a moment). As such he was increasingly convinced that client portals were the most secure option for client communication since ISPs would only know that users logged into their secure, encrypted practice management platform but would have no knowledge of the actions taken while logged in. In other words, because of the repeal, he believed that prevailing security concerns outweighed his reluctance to outsource data to third parties.

Of course, as Internet users who happen to be lawyers, you undoubtedly have concerns about your personal privacy even if you use a cloud-based law practice management platform to communicate with clients. So what can you do to protect yourself from invasive ISPs?

The Electronic Frontier Foundation published a great blog post earlier this week that outlines many things you can do to reduce the amount of information that your ISP can collect about your usage. Here are the key steps that are recommended (refer to the post for more detail on each one):

  • Pick an ISP that respects your privacy (the post includes a link to a list of recommended ISPs);
  • Opt-out of supercookies and other ISP tracking;
  • Install EFF’s browser extension to automatically enable HTTPs;
  • Consider using a VPN; and
  • Consider using the TOR browser.

Sponsored

So those are some steps you can take preliminarily to protect yourself. The solutions are not perfect and some may disrupt your online workflow (as I discovered after installing and enabling the EFF browser mid-post and then realizing that it interfered with my access to Above the Law’s blog posting platform). Over time, your options will likely increase as developers come up with new solutions to address this new need. But ISPs will no doubt attempt to combat your attempts to ensure your privacy, so expect to be in for a bumpy ride for the next few years.

Niki BlackNicole Black is a Rochester, New York attorney and the Legal Technology Evangelist at MyCase, web-based law practice management software. She’s been blogging since 2005, has written a weekly column for the Daily Record since 2007, is the author of Cloud Computing for Lawyers, co-authors Social Media for Lawyers: the Next Frontier, and co-authors Criminal Law in New York. She’s easily distracted by the potential of bright and shiny tech gadgets, along with good food and wine. You can follow her on Twitter @nikiblack and she can be reached at niki.black@mycase.com.

CRM Banner

Topics

, , , , , , , ,