If you check out Steve Matthews' great post today, Web Law Predictions for 2010, there is one that is already starting to stand out:
I’ll go out on a limb, and predict that 2010 will be the year a law firm somewhere will declare smart phones to be a security risk, jamming transmission internally or banning usage from inside the firm.
The ABA Journal recently noted concerns raised by Sharon Nelson and John Simek of Sensei Enterprises about the use of iPhones by lawyers. The major issue is that handheld device takes screenshots of documents in order to provide its trademark zoom and click functions. The problem is that these screenshots may contain confidential client information.
Jonathan Zdziarski, an iPhone hacker and data-forensics expert, explains in this video how to break the iPhone's passcode lock, which would then allow access to all the confidential information.
Nelson observes that some firms are already taking proactive measures,
Apparently, one mid-sized law firm (50 plus lawyers) took the article very seriously. The firm has cut off all access to the MS Exchange Server for iPhones. Lawyers who have iPhone are being required to get BlackBerrys.
[emphasis added]
Check out the complete paper by Nelson and Simek on the subject, Why Lawyers Shouldn’t Use The iPhone: A Security Nightmare. Their 2006 book written with the ABA, Information security for lawyers and law firms, may also be of general interest.
Respond: make a comment | read the 6 comments
Share:
Email
|
Save as PDF | Print
|
Bookmark & Share
|
|
More: in Practice of Law or Practice of Law: Practice Management or Substantive Law or Technology | from Omar Ha-Redeye
|
the count:
8235 posts | 11422 comments
recent comments  
Max Amsterdam once said: “Business is the art of extracting money from another man’s pocket without resorting to violence.” The purpose of having a written agreement between all … »»Practice There is good leagal content that doesn’t necessarily come in the neat packages that we usually look in. Though our commercial legal database subscriptions have linked, vetted, edited, and easily. […] »»Research When you need to collaborate on a document displayed on your screen, it’s great to have a colleague from down the hall come into your office and look over your … »»Technology
-
Available online today are four new chapters of the publication Women in Canada: A Gender-based Statistical Report, which explores the socio-demographic and economic circumstances of Canadian women in general.
-
The bill amends the Constitution Act, 1867 by readjusting the number of members and the representation of the provinces in the House of Commons.
-
-
Blueseed plans to buy a ship and turn it into a floating incubator anchored in international waters off the coast of California.
-
Under Prime Minister Stephen Harper, the flow of information out of Ottawa has slowed to a trickle.
-
-
"…the IPC has exclusive jurisdiction to decide whether a record is in the custody or control of a university in the context of an access request…"
-
-
John J.L. Hunter, Q.C. of Vancouver has been elected President for 2011-2012
-
Detailed results from 321 members.
These summaries of selected recent cases are provided each week to Slaw by Maritime Law Book.
More information.
-
Banks and Banking - Liability of banks to third parties - Negligence - General
The plaintiffs were the former shareholders of a company that failed. They sued the defendant bank alleging that it breached its contract with the company and the plaintiffs and breached a duty ...
-
Actions - Cause of action - General principles - New or extended cause of action - Opening of floodgates
The plaintiff and defendant worked at different branches of the same bank. The defendant’s common-law husband was the plaintiff’s ex-husband. Over a four year period, the defendant ...
-
Aliens - Definitions and general principles - Immigration consultants
The Canadian Society of Immigration Consultants (CSIC) had been designated as the sole regulatory body of immigration consultants in Canada from 2004 until June 2011. On June 30, 2011, Bill C-35 came into force, which significantly amended ...
-
Criminal Law - Sexual offences, public morals and disorderly conduct - Public morals - Obscenity - Possession of child pornography
The accused was convicted of making child pornography available and two counts of possession of child pornography (see [2010] Sask.R. Uned. 197). Subsequently, he was sentenced ...
-
Criminal Law - Procedure - Charge or directions - Jury or judge alone - Directions regarding pleas or evidence of witnesses, co-accused and accomplices
Rowe was convicted by a jury of five offences. He appealed.
The Ontario Court of Appeal allowed ...
-
Narcotic Control - Offences - Possession - General
The accused wished to access marijuana for medicinal purposes but did not have an authorization to possess marijuana issued under the Marihuana Medical Access Regulations. He was notified that a package of marihuana addressed to him had been ...
-
Narcotic Control - General - Legislation - Exemptions - Medicinal marijuana
McCrady, who had an application pending under the Marihuana Medical Access Regulations (MMAR) to possess and grow marijuana, was convicted of possession of marijuana (Controlled Drugs and Substances Act (CDSA), s. 4(1)). Hearn pleaded guilty ...
-
Criminal Law - Sentence - Trafficking in hashish or marijuana (incl. possession for purposes of trafficking)
The accused pleaded guilty to one count of possession of marijuana for the purpose of trafficking. He was sentenced to 30 days’ imprisonment to be served intermittently and 11 months’ ...
-
Municipal Law - Powers of municipalities - Particular powers - Imposition and collection of taxes or fees
Catalyst Paper Corp. operated a paper mill in the District of North Cowichan. Catalyst objected to the tax rate that it paid compared to residential ratepayers. In 2009, the ...
This is a listing of a few upcoming events in Canada of interest to lawyers, law students, legal librarians, and others involved in the practice of law.
Clicking on any event in the list below will give you access to more information and to links allowing you to see the full entry and to add the event to your own calendar.
Click this link for a fuller version of the TalkLaw/ParLoi calendar of events and for instructions as to how to add events and calendars to your own calendar.
|
I hope they don't. I know many law firms that out source their I.T. infrastructure to companies that have complete access to their email, databases, and on line systems remotely … is that a security risk? Then there are the law firms that use services such as Gmail to manage and maintain their email containing confidential information or the staff that bring their laptops home and traveling which contain completely insecure operating systems and unencrypted data.
If they really are serious about security, I would suggest iPhones are the least of their worries.
-mike.
I think I'm with Michael on this. Cracking a computer is relative child's play — as is breaking into an office and a file cabinet. So it's not just iPhones that represent a risk. Think of briefcases.
Until law firms make their lawyers use, and regularly change, complex passwords, encrypt every document, send email only over secure lines with encryption, cross borders with empty laptops, and outsource only to firms that pass certain security standards — it's silly to worry about iPhones.
I don't necessarily think the fears raised above are valid, I'm just pointing out that they have been raised.
There is risk with everything involved with technology. Unless we are going to hold lawyers liable for losing briefcases, I don't see iPhones as a major concern right now, as long as they don't deliberately leave it lying around providing access to confidential information – essentially the same as the briefcase.
The whole issue has been overblown because too few lawyers are looking at the Rules of Professional Conduct for guidance on their confidentiality obligations. See my full response at http://reidtrautz.typepad.com/reidmyblog/2009/12/debating-the-intersection-of-confidentiality-and-iphone-security.html
@Reid
I read your response, but unfortunately comments are not permitted.
It is obvious you like your iPhone and I understand that. What I would suggest is really needed is a technical assessment of the risks of PDAs, the type of information on them (depending on the business) and then reasonable policies crafted and enforced. This should be done with all businesses with all technologies.
It is unfortunate, but security does not make money and is viewed as a hindrance. In todays web 2.0 world this issue is going to have to be managed and the sooner businesses realize that the better. They of course won't realize it, until it can potentially cost them dollars and public embarrassment.
The point I draw from all this is that lawyers have the privilege of dealing with sensitive issues and sometimes very sensitive information as well as their staff. With that privilege comes responsibility and accountability. It is not the same as the iPhone that has emails of a chat between friends. Law enforcement, doctors, security consultants, government officials, military all fall into this category and a breech on their systems should come with a greater price.
As an example, given the current state of security on PDAs, I would suggest that a Blackberry has more security than an iPhone. An individual who chooses and iPhone over a Blackberry isn't wrong. However, they are making the choice of convenience over data security today and that should be considered accordingly in an investigation of a breech in my opinion.
-mike
Funny how security is driving stupidity. One firm I know of actually did a risk assessment and came to the conclusion that there was more risk to the organization that a user will die in a car wreck trying to access their phone than actually 'prevent' a hacking attack where the attacker is good enough to overcome the existing controls