Synametrics Technologies
Revolving around the core of technology
Preparing Your Law Firm for a Secure Communication in 2023 and Beyond
Communicating and collaborating effectively and confidentially is an integral part of practicing law. Lawyers have an ethical obligation to ensure client confidentiality to maintain attorney-client privileges. This obligation requires every communication channel is secure and protected from prying eyes. This article discusses typical channels used and how to ensure the communication is secure.
However, before discussing different channels, it is essential to understand one very critical technical term: End-To-End encryption.
What is End-To-End Encryption
End-to-end encryption is a term often used by many products and services. It is important to understand what exactly this means and why it is important in business-to-business communications.
Third-party actors are implicitly involved when two individuals communicate with each other. Take an example of an email message. On one end, the sender uses their MS Outlook to compose an email. Conversely, the recipient uses Outlook to view the message on the other side. This message typically goes through multiple network routers, firewalls, and email servers before reaching the final destination. Let?s called these intermediary devices a hop. The actual contents of every message can be viewed by individuals, usually administrators, or software, such as spam filtering tools, at every hop. This defeats the privacy requirements mandated otherwise.
End-to-end encryption solves this problem by encrypting the message at the source and then decrypting it at the destination in a way that cannot be viewed by intermediate hops.
Communication Channels
Now let?s talk about different communication channels. We also explore how each channel deploys end-to-end encryption to ensure unauthorized access is denied.
Videoconferencing tools
Videoconferencing technology is relatively new. Therefore, making it secure by using end-To-end encryption has been a part of almost every vendor. Some of the popular players in this arena are Zoom, Webex, GoToMeeting, Microsoft Teams, and Legaler.
Risk Factor: low
Risk Mitigation
Since most companies deploy end-to-end encryption as part of their features, this type of communication is generally considered very safe, provided you ensure computers within your network are using the latest software with every security patch applied.
Messaging Tool Apps
Similar to videoconferencing, many messaging tools use relatively new technology, and therefore, end-to-end encryption is already an integral part of their platform. Applications like iPhone Messaging, WhatsApp, Viber, and other similar apps provided it out of the box.
Risk Factor: low
Risk Mitigation
Before using a particular app, confirm with the publisher to ensure end-to-end encryption is being used.
Text Messages - SMS
Unlike newer messaging apps, SMS technology is based on protocols that are more than 20 years old. As a result, there is no provision for end-to-end encryption baked into the platform automatically. SMS messages sent from one phone can easily be read by software deployed by telephone companies.
Risk Factor: very high
Risk Mitigation
Do not use SMS messaging if privacy is a concern. Some device manufacturers, such as Apple, use a combination of SMS and proprietary messages. For instance, if an iPhone detects another iOS device on the receiving end, it switches an SMS message to an iMessage, which then uses end-to-end encryption.
It is important to remember that even though some newer devices avoid using SMS instead of their proprietary technology, they fall back to SMS if an error occurs. Consider a scenario where someone is traveling and does not have Internet access, but they do have a phone signal. In such cases, an iMessage will fall back to SMS and will deliver it through a non-secure mechanism.
Email is probably the most used communication tool in the legal industry. Whether you?re sending simple messages or attaching important documents, maintaining privacy is of utmost importance. Unfortunately, there are several misconceptions related to email that gives users a false sense of security, further complicating the issue.
The terms SSL, TLS, and STARTTLS are often used along with email servers to let users know their messages are secure. Although such statements are partially true, they are not enough to ensure the privacy that is usually desired in the legal industry. SSL/TLS often refers to in-transit security. In other words, when the message is transferred from one machine to another, both ends can use encryption to ensure nothing in between can view or modify the message. However, once the message reaches an intermediate server, it can be viewed and modified, defeating the purpose of end-to-end encryption.
Risk Factor: very high
Risk Mitigation
There are several methods of accomplishing end-to-end encryption with email. Generally, you could classify these methods in the following categories:
- PGP - Pretty good privacy Although this method is very effective when ensuring privacy, it is not very easy to use for a typical lawyer who has no idea about public/private keys.
- Web Portals Using a web portal, email communication is converted into web-based messages. Both sender and recipient can then use a web-based application to exchange messages and files.
One downside of using this method is that the communication channel switches from email to the web, which is not always desirable. Moreover, in many cases, it burdens the recipients to create new accounts on the sender?s email system.
- Email to PDF In this case, an email message is converted to a password-protected encrypted PDF file, which can only be opened by
the intended recipient. This method is the easiest option to use for both sender and recipient. The sender composes an email normally using their
favorite email program, either on their computer or a mobile device. The email server, upon receiving the message, converts it into a PDF file that cannot be
opened by anyone unless they know the password. Rather than seeing the actual confidential message in an email, the recipient gets a generic email with a PDF file attached.
Senders can also attach files to their original email, which are attached inside the PDF document.
One such email server that supports this feature is Xeams.
File Sharing
Sharing confidential files is usually a significant part of any lawyer's communication. Often contracts, business proposals, trademark secrets, and many other types of documents are shared using different mechanisms. Let?s categorize these channels individually and assess their pros and cons.
Services like Dropbox, OneDrive, and Google Drive are very common. They are easy to use and available to everyone, in most cases, for free.
Pros: Easy to use for both sender and recipient
Cons: Private files go to a third-party service provider. These files may stay on their network for days, possibly months. Cost may go up depending upon usage and bandwidth. Achieving end-to-end encryption is usually not available.
Software like SynaMan facilities on-premise alternatives to services like Dropbox and OneDrive. An important distinction between on-premise VS cloud services is that you have full control over the sensitive content without any third-party involvement.
Pros: Privacy is maintained. There is no additional cost of bandwidth or the number of files transferred. Audit logs can be produced retroactively for forensic analysis. End-to-end encryption can be provided in conjunction with end-to-end encryption. Additional business logic can be added after a file transfer completes.
Cons: Have to invest in the hardware and network to run the software.
FTP has been used in the industry to transfer files for more than 40 years. Initially, the protocol did not facilitate in-transit encryption. Later on, FTPS and SFTP were introduced to provide in-transit encryption.
Pros: Privacy is maintained within the organization. No additional cost for bandwidth and the number of files transferred.
Cons: Have to invest in the hardware and network to run the software. It requires an FTP client on both ends. End-to-end encryption is typically not possible without third-party plugins on both ends.
Using emails to attach files is a very common practice that has been used in the industry for several years. Although attached files to email messages by themselves are not secure, by adding third-party solutions, you can achieve end-to-end encryption. For example, when combining with Xeams and SynaMan, you can:
- Add end-to-end encryption to any email message
- Achieve end-to-end encryption for attached files
- Send large files as attachments
Pros: When combined with proper email servers, end-to-end encryption can be achieved for attached files via email. Such solutions are easy to use and transparent to the sender. For example, senders can use any device such as a desktop computer, a mobile phone, or a tablet.
Cons: Have to invest in a proper system.
Summary
When sharing files, it is important to use a solution that supports end-to-end encryption. This is particularly important in the legal industry to ensure attorney-client privileges are not compromised. Products and services like Xeams, SynaMan, Apple iMessage, WhatsApp, Zoom, MS Teams, WebEx, and GoToMeeting are all examples of solutions that employ end-to-end encryption.
| Created on: | Aug 12, 2022 |
| Last updated on: | Apr 26, 2024 |
