cyber security

There is a popular conception, within and without the legal industry, of lawyers as Luddites. If this is true, there is a massive disconnect between the burgeoning legal technology industry — on abundant display at the recent LegalTech New York Conference — and its would-be clientele, lawyers themselves. Can it be that while legal tech entrepreneurs and innovators are racing to create a more efficient and productive future, there is widespread indifference on the part of the attorneys toward these emerging technologies? Considering that these technologies are promising (threatening?) to transform the profession and practice of law, this would be a curious attitude.

On attending this year’s LegalTech panel on the findings of the ILTA Tech Survey, Joe Patrice could not help but conclude that there is a “profound lack of technological savvy among law firms.” To cite but a few examples: 80% of lawyers do not record time on a mobile device. Nearly 90% of firms do not maximize their cybersecurity capabilities. Nearly one-third of firms are using a version of Word that’s seven or more years old. And so on. The survey’s findings do little to contradict the idea that “technology leaps, the law creeps.”

Further reinforcing this “Luddite” notion is the Flaherty/Suffolk University Law School tech audit. This tool tests a range of fundamental technical competencies of law firm associates and the results can be construed as evidence of a lack thereof common to law firms. According to Casey Flaherty, an in-house counsel at Kia Motors and the creator of the audit, the failure rate of associates attempting the test is, thus far, one hundred percent.

A couple weeks back, we conducted a little survey of the ATL audience concerning your familiarity with some legal tech concepts. These ranged from the most “basic” (from the perspective of the tech world) to the somewhat more obscure (e.g., “dark data”). Besides your familiarity (or not) with these concepts, how relevant are they to your current or future practice? How successfully is your employer addressing these issues?

double red triangle arrows Continue reading “Does Technology Leap While Law Creeps?”

Ed. note: This post appears courtesy of our friends at Techdirt. We’ll be sharing law-related posts from Techdirt from time to time in these pages.

The US government is already fighting wars on several fronts, including the perpetual War on Terror. “War is the health of the state,” as Randolph Bourne stated, and the state has never been healthier, using this variety of opponents as excuses to increase surveillance, curtail rights and expand power.

Bruce Schneier highlights a piece written by Molly Sauter for the Atlantic which poses the question, “If hackers didn’t exist, would the government have to invent them?” The government certainly seems to need some sort of existential hacker threat in order to justify more broadly/badly written laws (on top of the outdated and overbroad CFAA). But the government’s portrayal of hackers as “malicious, adolescent techno-wizards, willing and able to do great harm to innocent civilians and society at large,” is largely false. If teen techno-wizards aren’t taking down site after site, how is all this personal information ending up in hackers’ hands? Plain old human carelessness.

double red triangle arrows Continue reading “The Greatest Trick The Government Ever Pulled Was Convincing The Public The ‘Hacker Threat’ Exists”

Shoes. Oh my God, shoes.

On Monday, my roommate came home griping that his Zappos.com account, which he had not used in a year, had been hacked. Instead of feeling sympathetic, I started wondering how I might write about it. Data breaches are a dime a dozen these days.

It seems almost every company loses control of their customers’ sensitive data at some point. Someone almost always sues after the news breaks. But the lawsuits are rarely successful, unless customers can show real harm caused by the breach.

Most often, companies do not give up full credit card or Social Security numbers. This week, Zappos said it only suffered unauthorized access to somewhat less sensitive information. It’s a bit unnerving, but not the end of the world.

Did that stop some opportunistic consumer from taking action against the online shoe retailer?

Of course not. And we didn’t have to wait very long. A Texas woman filed a class-action lawsuit against Amazon, which owns Zappos, the same day the breach was announced. Is her lawsuit premature, vague, and a bit silly? Probably. Will it go anywhere? Probably not. But c’mon, you gotta love melodramatic, eager-beaver, consumer litigation.

So what, exactly, did Zappos lose? And how many people’s data was compromised? (Hint: it’s a lot.) Let’s mosey on past the jump and find out….

double red triangle arrows Continue reading “Zappos Suffers a Data Breach, and the Other Shoe Drops with a Lawsuit”

I write about hacking and data security periodically, even though sometimes I get the feeling legal professionals try hard not to think about the subjects. But the stories in this realm bear repeating. Corporate data security is a real concern for many, many corporate attorneys, and especially in-house counsel.

Data security problems used to stem most frequently from weak firewalls or unencrypted equipment. But more and more, the biggest sources of risk and liability are just dumb or technologically overeager employees.

What kind of computer trouble are you and everyone you know getting your company or firm into? Let’s see….

double red triangle arrows Continue reading “You Are Your Company’s Biggest Security Risk”