Meat on the Bone : Comments on the Guidelines for Practicing Ethically With New Information Technologies
The Canadian Bar Association recently published Guidelines for Practicing Ethically with New Information Technologies (the "Guidelines") as a supplement to its Code of Professional Conduct.
While the Guidelines provide a considerable amount of information concerning the use of technology in a legal practice (even referring to certain software in its annexes), some lawyers may find themselves at a loss as to how to actually implement the guidelines in their practice. This essay identifies certain aspects of the Guidelines that are worthy of additional commentary and refers readers to (mostly free) tools which will prove useful in following the Guidelines.
Encryption (page 6 of the Guidelines)
Regardless of the data protection systems that firms may have set-up, like an elaborate remote access system, there is always a temptation, for example, to not carry a laptop but rather to put the documents you need on a feather light USB key and then work from a desktop computer at home, offline and thus free of the distraction of an everlasting online Risk game.
Typically, USB keys don’t have an encryption application bundled-in, but it is possible to download one. Truecrypt is one which is relatively simple to use. Basically, the user creates a “fake” file that Truecrypt formats as an encrypted fictional drive (a volume). Once the volume is created, Truecrypt allows the user to “mount” the volume (and will then ask for the password that was set-up when creating the volume) and the fictional drive then becomes accessible from “My Computer” as an additional hard-drive that the user can load with his privileged or sensible data. It is also possible to fully encrypt a USB drive.
Truecrypt is free and is a “portable” software, which means that you can install it only on your USB drive and (unless there are special security settings on the computer) run it on any computer without further installation. Not exclusive to USB drives, Truecrypt can also encrypt part of a computer’s hard-drive as well, what can be a good idea if your intention to travel internationally with your laptop.
Passwords (Page 6 of the Guidelines)
People are always asked to create “strong” passwords. Unfortunately, strong passwords, such as `”02r94wu5Po34i:àëLhfap^ocifu-098u are absolutely impossible to remember. That is the reason why people either:
- Always forget their passwords;
- Pick passwords that are easy to remember (and thus often easy to guess, or to crack with a brute force attack);
- Pick the same easy-to-remember password for every single thing they need a password for; or
- Create a file on their computer subtly named “mypasswords.txt”.
Keypass, another free, portable, light and user-friendly application manages your strong passwords.
After loading the program, the user is invited to create a password database that is (guess what?) encrypted. The user then only has to remember one (strong enough) password that gives access to any other password he uses. Keypass has a password generation feature that helps uninspired minds create strong passwords.
When the user wants to use a service where his account is password protected, he opens his database on Keypass and right-clicks on the entry he has created for that service. The right-click menu will offer to either copy the login or copy the password on the computer’s clipboard (Keypass empties your clipboard after ten seconds). This way, not only do you not have to find the inspiration to create strong passwords, but you don’t have to remember them and you don’t have to type them (which is especially useful when you use public computers and risk that your password may be captured by key-logger software).
Backup (page 7 of the Guidelines)
Not only can you now backup your files offline on a hard-drive, but online backup services now abound. Mozy and Carbonite were recently called the best of their class by the team of a well known Internet blog. More often than not, theses services offer free limited storage (for personal use only though) and charge a small fee for unlimited storage.
As for local backup (as in "not online"), free software like Clonezilla and Disk Copy allow the backup of an entire drive while other free programs like Syncback are there to help you to automatically backup pre-identified folders on your hard drive.
Deletion (page 9 of the Guidelines)
Deletion software suffers from a bad reputation in that it is often use to wipe out evidence, but it is also necessary when a lawyer intends on recycling, selling or giving away electronic hardware.
For single files or small folders, Cybershredder (another free and portable software) may be used. It seems to work as I haven’t been able to recover the files I “cybershredded”, but seeing as how I’m not a forensic expert I wouldn’t take that as conclusive evidence of its effectiveness. Darik's Boot and Nuke is the type of program I would recommend for wiping information over a full hard-drive.
Metadata (page 10 of the Guidelines)
Metatada is a relatively complex issue, but as a general rule (when sending documents), lawyers can adopt the practice of never sending a file externally in its native format (that is in .doc format if its a text created from Office Word) but rather create a .pdf version of the document (with PDF Creator for example ). If it is necessary that the recipient of the file has access to the native format, a lawyer should "scrub" the metadata off the file before sending it externally.
There are some great tools that allow you to scrub metadata automatically when you send a document as an attachment to an email (like Payne's Metadata Assistant, $80 for a license), but Windows also has a free plugin for its Office 2003 (I’m not certain about Office 2007) that allows its users to “remove hidden data” from Office files.
Lastly, Doc Scrubber (for Word documents) allows you to analyze documents, but also to "scrub" multiple documents at the time.
I hope you enjoyed reading my comments and that they may help in avoiding tech costs, annoyances, small problems or… huge blunders. Please feel free to comment!
[Many thanks to Robert Notkin for reviewing this post.]