Comments on: iPhone Already Revealing Security Risks

By: Alex

Alex — Mon, 28 Dec 2009 19:18:16 +0000

Funny how security is driving stupidity. One firm I know of actually did a risk assessment and came to the conclusion that there was more risk to the organization that a user will die in a car wreck trying to access their phone than actually 'prevent' a hacking attack where the attacker is good enough to overcome the existing controls

By: Michael Dundas

Michael Dundas — Tue, 22 Dec 2009 17:26:29 +0000

@Reid

I read your response, but unfortunately comments are not permitted.

It is obvious you like your iPhone and I understand that. What I would suggest is really needed is a technical assessment of the risks of PDAs, the type of information on them (depending on the business) and then reasonable policies crafted and enforced. This should be done with all businesses with all technologies.

It is unfortunate, but security does not make money and is viewed as a hindrance. In todays web 2.0 world this issue is going to have to be managed and the sooner businesses realize that the better. They of course won't realize it, until it can potentially cost them dollars and public embarrassment.

The point I draw from all this is that lawyers have the privilege of dealing with sensitive issues and sometimes very sensitive information as well as their staff. With that privilege comes responsibility and accountability. It is not the same as the iPhone that has emails of a chat between friends. Law enforcement, doctors, security consultants, government officials, military all fall into this category and a breech on their systems should come with a greater price.

As an example, given the current state of security on PDAs, I would suggest that a Blackberry has more security than an iPhone. An individual who chooses and iPhone over a Blackberry isn't wrong. However, they are making the choice of convenience over data security today and that should be considered accordingly in an investigation of a breech in my opinion.

-mike

By: Reid Trautz

Reid Trautz — Tue, 22 Dec 2009 14:31:55 +0000

The whole issue has been overblown because too few lawyers are looking at the Rules of Professional Conduct for guidance on their confidentiality obligations. See my full response at http://reidtrautz.typepad.com/reidmyblog/2009/12/debating-the-intersection-of-confidentiality-and-iphone-security.html

By: Omar Ha-Redeye

Omar Ha-Redeye — Mon, 21 Dec 2009 19:23:48 +0000

I don't necessarily think the fears raised above are valid, I'm just pointing out that they have been raised.

There is risk with everything involved with technology. Unless we are going to hold lawyers liable for losing briefcases, I don't see iPhones as a major concern right now, as long as they don't deliberately leave it lying around providing access to confidential information – essentially the same as the briefcase.

By: Simon Fodden

Simon Fodden — Mon, 21 Dec 2009 16:23:20 +0000

I think I'm with Michael on this. Cracking a computer is relative child's play — as is breaking into an office and a file cabinet. So it's not just iPhones that represent a risk. Think of briefcases.

Until law firms make their lawyers use, and regularly change, complex passwords, encrypt every document, send email only over secure lines with encryption, cross borders with empty laptops, and outsource only to firms that pass certain security standards — it's silly to worry about iPhones.

By: Michael Dundas

Michael Dundas — Mon, 21 Dec 2009 02:17:49 +0000

I hope they don't. I know many law firms that out source their I.T. infrastructure to companies that have complete access to their email, databases, and on line systems remotely … is that a security risk? Then there are the law firms that use services such as Gmail to manage and maintain their email containing confidential information or the staff that bring their laptops home and traveling which contain completely insecure operating systems and unencrypted data.
If they really are serious about security, I would suggest iPhones are the least of their worries.
-mike.