Human Rights, Google and Internet Explorer…

♫ A moment of despair
That forces you to say that life’s unfair
It makes you scared of what tomorrow may bring
But don’t go giving into fear ..♫

Lyrics and music by: Stone, Greenberg, Daniel Pierre, recorded by Joss Stone.

You may wonder what human rights has to do with Internet Explorer. Prior to the earthquake in Haiti, the news was filled with the cyber-attacks on Google. The latest attacks on Google’s network appear to have originated in China, reported ComputerWorld in a post dated Jan 12, 2010 and were directed at the Google accounts of human rights activists in China. ComputerWorld stated:

In a blog post Tuesday, David Drummond, Google’s chief legal officer, said that attacks have forced the company to “review the feasibility of our business operations in China.” Google, continued Drummond, is “no longer willing to continue censoring our results on Google.cn, and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all.”

As Simon Chester noted in his post: Federal Office for Information Security Slams Internet Explorer for Insecurity, IT World in an article dated Jan. 17, 2010 is advising users to dump Internet Explorer, as the latest attacks have outlined the security holes in Internet Explorer. The Financial Times in an article dated Jan. 19, 2010 entitled: Microsoft rivals gain after Europe browser warning stated:

The German and French governments have both warned citizens not to use Internet Explorer, at least until a security patch is released to fix a vulnerability in the software. Concerns were raised last week after it emerged that an apparently Chinese hacking attack against Google had 33 other companies had leveraged a flaw in Internet Explorer code.

As a result, downloads of Firefox, Safari and other web browser rivals have spiked.

I wonder how long it will be before IT departments start re-evaluating their attachment to the Microsoft operating systems and software and start looking at alternative systems such as Linux and Apple’s OS X that do not share these same vulnerabilities. For lawyers and law firms who must guard client confidentiality and confidences, knowing that there are security holes in their IT systems is enough to keep them up at night. At least moving to alternative systems no longer means you have to be scared of what tomorrow may bring and you don’t have to go giving into fear.

Comments

  1. Given that lawyers routinely send emails with client documents as unencrypted attachments, I doubt that yet another security hole in Internet Explorer will cause many of them any loss of sleep. Whether it should is another issue.

    The US Justice Dept and the EU competition authorities went after Microsoft for tying Internet Explorer to its Office suite and its browsers. My own beef is the tied selling of Word with Office – since it effectively drove Word Perfect off the market. (Lawyers are probably the last holdout, but their clients who bought MS Office and thus Word have generally forced them to convert.) I find Word a user-hostile program, but I have no choice but to use it for work.

    I am not aware of any successful lawsuits against MS for insecure browsing or email. Am I missing something?

  2. …. tying IE to its Office suite and operating system, that is…

  3. We sent paper documents for years and most were not (and still are not) encrypted. ISP are the electronic analogues of couriers and the mail service. In some ways material is now easier to intercept. In some ways it’s more more difficult. However, the needle in the haystack concept still applies.

    My view, for whatever it’s worth.

  4. John G:

    At the Law Society of British Columbia, we advise lawyers to gauge the sensitivity of the message with the method of communication. There is no substitute for giving due consideration to the potential that the message may be overhead (a cell phone call), intercepted (an email), misdirected (a fax) or even mistakenly sent to the wrong person (putting the letter in the wrong envelope). With some communications, there may be no better method than to meet with your client in a 1-1 physical meeting.

    Having said that virtually every jurisdiction of which I am aware has approved using unencrypted email for ordinary solicitor-client communications, provided that you have obtained your client’s consent to this.

    However, given that laptops are now being manufactured with hard-drive encryption built into the machines, it may not be that far off before encrypted email is available and is easy and fast. Once that occurs, then the ethics of communicating by unencrypted email may change.

    My thoughts anyway.

    Cheers,

    Dave

  5. I agree with David and Dave – but they both support my scepticism that lawyers will be losing any sleep over the latest report of an Internet Explorer security vulnerability. Here is what the Law Society of Upper Canada says about sending documents by email to clients (consistent with the LS of BC in my view):

    “If sent in an unencrypted format, e-mails received in error or purposefully intercepted could be read by anyone who receives or intercepts them. The use of encryption is not mandatory but it may be one consideration to increase security. As with any form of electronic communication, the risk of interception and the options to protect or secure such communications should be discussed with the client prior to transmitting information by these means. A privacy statement should be added to every e-mail so that if a message is mistakenly sent, the recipient can contact the lawyer or paralegal and destroy the e-mail. For more information, review LawPRO’s article Managing the Security and Privacy of Electronic Data.