cyber security

Jennifer Lawrence

In case you haven’t heard, over the weekend a whole bunch of celebrities got hacked and nude photos of them leaked onto the internet. Let me just start out by saying that hacking into a celebrity’s phone and stealing her nude photos is just a horrible thing. It’s not a funny joke. It’s not something hackers should be high fiving over. Celebrities have the right to live private lives like everyone else and they have the right to take and keep private photos. On top of the embarrassment of having their private photos available to their parents and all of their fans and every pervert with an internet connection, it could seriously damage their careers. This should be another big warning slap in the face to everyone who stores private or confidential things on the internet, especially lawyers.

What lessons can lawyers learn from this unfortunate episode?

double red triangle arrows Continue reading “Why Jennifer Lawrence’s Leaked Nude Photos Should Be Important to Lawyers”

Over the course of the past few years, law school personnel have found it especially difficult to keep their students’ personal information private. In April 2012, someone at Baylor Law School sent out an email containing a trove of admissions data — from names, to grades, to LSAT scores — to every student admitted to the Class of 2015. In March 2014, Loyola Law School in Los Angeles sent out an email with a heap of financial information for the entire graduating class — up to and including Social Security numbers and loan amounts — to some members of the Class of 2014.

Today, we’ve got another email screw-up for you, and this is one of the juiciest and most prestigious accidental data dumps we’ve seen yet. Someone at a T14 law school “inadvertently” sent out every piece of vital information possible about its clerkship applicants — from GPA, to class rank, to work experience, to recommenders, right down to where their girlfriends live — to everyone on its clerkship listserv.

If you’d like to see how you stack up against elite law students, now you can. We’ve got all the data…

Please note the UPDATES at the end of this post.

double red triangle arrows Continue reading “Oops! Top Law School Email Screw-Up Reveals Grades, Ranks Of All Clerkship Applicants”

A few months ago, I went to an MCLE seminar on cybersecurity. The 90-minute presentation hit topics such as public wifi, cloud computing, thumb drives, and password strength. The goal of the presentation was of course to scare everyone into being more vigilant in their firm policies regarding cybersecurity. The recommendations included:

  • Never use cloud computing. Always store your data on onsite servers.
  • Don’t use thumb drives on company computers.
  • Never use any mobile devices to store firm information (including emails).

After the presentation, we ate dinner, and everyone and my table came to the same conclusion: “Screw that. We are going to use thumb drives while checking our business email on our phones while client files upload to Dropbox.” That’s because some things are just too convenient to give up. As a solo, I might not want a server that I have to maintain. And I like getting my emails on my phone and on my watch because it makes my life easier.

Now, I don’t want to make light of cybersecurity because it is a very serious issue. But, the fact remains that if your data exists in a tangible form, people can steal it and it is vulnerable….

double red triangle arrows Continue reading “The 3 Easiest Things You Can Do to Protect Yourself From Cybersecurity Threats”


There is a popular conception, within and without the legal industry, of lawyers as Luddites. If this is true, there is a massive disconnect between the burgeoning legal technology industry — on abundant display at the recent LegalTech New York Conference — and its would-be clientele, lawyers themselves. Can it be that while legal tech entrepreneurs and innovators are racing to create a more efficient and productive future, there is widespread indifference on the part of the attorneys toward these emerging technologies? Considering that these technologies are promising (threatening?) to transform the profession and practice of law, this would be a curious attitude.

On attending this year’s LegalTech panel on the findings of the ILTA Tech Survey, Joe Patrice could not help but conclude that there is a “profound lack of technological savvy among law firms.” To cite but a few examples: 80% of lawyers do not record time on a mobile device. Nearly 90% of firms do not maximize their cybersecurity capabilities. Nearly one-third of firms are using a version of Word that’s seven or more years old. And so on. The survey’s findings do little to contradict the idea that “technology leaps, the law creeps.”

Further reinforcing this “Luddite” notion is the Flaherty/Suffolk University Law School tech audit. This tool tests a range of fundamental technical competencies of law firm associates and the results can be construed as evidence of a lack thereof common to law firms. According to Casey Flaherty, an in-house counsel at Kia Motors and the creator of the audit, the failure rate of associates attempting the test is, thus far, one hundred percent.

A couple weeks back, we conducted a little survey of the ATL audience concerning your familiarity with some legal tech concepts. These ranged from the most “basic” (from the perspective of the tech world) to the somewhat more obscure (e.g., “dark data”). Besides your familiarity (or not) with these concepts, how relevant are they to your current or future practice? How successfully is your employer addressing these issues?

double red triangle arrows Continue reading “Does Technology Leap While Law Creeps?”

Ed. note: This post appears courtesy of our friends at Techdirt. We’ll be sharing law-related posts from Techdirt from time to time in these pages.

The US government is already fighting wars on several fronts, including the perpetual War on Terror. “War is the health of the state,” as Randolph Bourne stated, and the state has never been healthier, using this variety of opponents as excuses to increase surveillance, curtail rights and expand power.

Bruce Schneier highlights a piece written by Molly Sauter for the Atlantic which poses the question, “If hackers didn’t exist, would the government have to invent them?” The government certainly seems to need some sort of existential hacker threat in order to justify more broadly/badly written laws (on top of the outdated and overbroad CFAA). But the government’s portrayal of hackers as “malicious, adolescent techno-wizards, willing and able to do great harm to innocent civilians and society at large,” is largely false. If teen techno-wizards aren’t taking down site after site, how is all this personal information ending up in hackers’ hands? Plain old human carelessness.

double red triangle arrows Continue reading “The Greatest Trick The Government Ever Pulled Was Convincing The Public The ‘Hacker Threat’ Exists”

Shoes. Oh my God, shoes.

On Monday, my roommate came home griping that his Zappos.com account, which he had not used in a year, had been hacked. Instead of feeling sympathetic, I started wondering how I might write about it. Data breaches are a dime a dozen these days.

It seems almost every company loses control of their customers’ sensitive data at some point. Someone almost always sues after the news breaks. But the lawsuits are rarely successful, unless customers can show real harm caused by the breach.

Most often, companies do not give up full credit card or Social Security numbers. This week, Zappos said it only suffered unauthorized access to somewhat less sensitive information. It’s a bit unnerving, but not the end of the world.

Did that stop some opportunistic consumer from taking action against the online shoe retailer?

Of course not. And we didn’t have to wait very long. A Texas woman filed a class-action lawsuit against Amazon, which owns Zappos, the same day the breach was announced. Is her lawsuit premature, vague, and a bit silly? Probably. Will it go anywhere? Probably not. But c’mon, you gotta love melodramatic, eager-beaver, consumer litigation.

So what, exactly, did Zappos lose? And how many people’s data was compromised? (Hint: it’s a lot.) Let’s mosey on past the jump and find out….

double red triangle arrows Continue reading “Zappos Suffers a Data Breach, and the Other Shoe Drops with a Lawsuit”

I write about hacking and data security periodically, even though sometimes I get the feeling legal professionals try hard not to think about the subjects. But the stories in this realm bear repeating. Corporate data security is a real concern for many, many corporate attorneys, and especially in-house counsel.

Data security problems used to stem most frequently from weak firewalls or unencrypted equipment. But more and more, the biggest sources of risk and liability are just dumb or technologically overeager employees.

What kind of computer trouble are you and everyone you know getting your company or firm into? Let’s see….

double red triangle arrows Continue reading “You Are Your Company’s Biggest Security Risk”