Email Encryption For Everyone

The recent confirmation that the US government, through the NSA’s PRISM surveillance, collects massive amounts of electronic data is really only the tip of the iceburg when viewed in light of all of the potential exposure email has to unauthorized access. From hackers to governments to law enforcement to targeted espionage to identity thieves, there are many who may want to access and view your email and its attachments.

Depending on the type of client you represent and the work you do unencrypted email exchange may not provide enough protection for confidential communication. The ABA’s formal opinion from 1999 on email encryption (99-413) generally allows for use of email to communicate with clients, but also provides the caveat that “when the lawyer reasonably believes that confidential client information being transmitted is so highly sensitive that extraordinary measures to protect the transmission are warranted, the lawyer should consult the client as to whether another mode of transmission is, such as special messenger delivery, is warranted..”

Much has changed since 1999. Commentary in the opinion states: “[t]he Committee believes that e-mail communications, including those sent unencrypted over the Internet, pose no greater risk of interception or disclosure than other modes of communication commonly relied upon as having a reasonable expectation of privacy. The level of legal protection accorded e-mail transmissions, like that accorded other modes of electronic communication, also supports the reasonableness of an expectation of privacy for unencrypted e-mail transmissions. ” Read in light of the known, legal interception of email transmission by the government and the increased use of webmail services that offer free service in exchange for access to the text of the email is it still reasonable to rely on an expectation of privacy and legal protection of email transmissions?

There are a variety of ways to encrypt email communications. For large firms working with corporate clients, firms representing governments, lawyers representing political prisoners and other circumstances may require an end to end encryption solution such as PGP to be set up and used by both parties. Once in place the process is relatively seamless. Lifehacker provides a great guide on end to end encryption for email clients and webmail..

However, lawyers who work with consumer clients including estate planning, family law, bankruptcy, criminal, real estate, civil rights etc. may not have a long term relationship with their clients or have the level of sensitivity in the communication that warrants a long term encryption key exchange. For those situations attorneys can still encrypt email on a short term or case by case basis by using some of the “on demand” email encryption options available. These tools are often free for limited use and while they do not provide the level of protection afforded by traditional email encryption they do provide some peace of mind. The article Easy Encryption for Email is Not an Oxymoron provides information on three such services that employ different models for protection. To see these easy encryption options in action check out the How To… video from the Chicago Bar Association’s LPMT.

Power up the free Google Calendar

There’s plenty to take advantage of in the free Google Calendar—features like creating and sharing multiple calendars, “quick add” smart appointments and the ability to make calendars public. In this article I dig in to unearth a few neat tricks to integrate your Calendar more tightly with Gmail and Tasks. With some exploring and clicking, you will find the free Google Calendar and productivity tools are quite robust, and with a little know-how, have more integration than meets the eye. Check it out … 

Want more? Watch the training video from the Chicago Bar Association and check out these articles and resources:

Layering Security: Two Factor Authentication

“In the space of one hour, my entire digital life was destroyed. First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. And worst of all, my AppleID account was broken into, and my hackers used it to remotely erase all of the data on my iPhone, iPad, and MacBook.”

Thus starts the story of Mat Honan, a writer for Wired Magazine. Mat’s story should be a cautionary tale for all, especially lawyers whose duties to maintain the confidentiality of client data extend the need for added security beyond just personal inconvenience.  Mat admits that much of what happened could have been avoided by using two factor authentication on his Google account and other security measures.  So, why didn’t he do it? Because adding layers of security means adding a layer of complication, and sometimes inconvenience. However, to unravel from a firm security breach or hack would be even more inconvenient.

Google’s Gmail, Google Chrome, LastPass, Dropbox, WordPress and many other popular services have added an extra layer of security that a user must enable called “two factor authentication”.  The concept of this security is that a person cannot access another user’s account without something she knows and something she has. In the case of these popular services the solution is a strong password plus a secondary code that is sent via text to a smartphone or mobile device.  Both are required to access the account. For two factor access to laptops there are devices like USB tokens and smart cards that must be plugged in for the machine to boot up. Likewise you can buy external biometric security devices, such as a fingerprint reader, which is a substitution for what the user has to what the user is.

The SANS Institute OUCH! newsletter this month provides further information and links on two factor authentication for popular online services. When enabling two factor authentication make sure to read all the instructions carefully. Matt Cuts blogs for Google on how the two factor authentication works with Gmail, and dispels some myths about any perceived difficulties this may add to accessing your email.

Want to learn more about security best practices for your law firm? Sign up for the CBA CLE (1.5 IL PR Credit)  “Lighting the Corners: Security Best Practices”  in person or webcast on November 20 at 12 CT.

Offline Google Docs Tutorial

A fantastic general tech blog, GroovyPost, just posted a nice step-by-step tutorial on “How to Enable and Set Up Google Docs Offline“.  Sometimes you need offline access to files in “the cloud” and it is nice that Google works to make files available  locally.  In fact, you can access most of Google’s services offline, such as Gmail and calendaring. What about other services? Read my recent article on accessing your law office email, files and matters offline in “Fog Bank: When the Cloud is Down“.

You Are Backing Up Your Gmail, Right?

See one of my past posts to the AttorneyatWork blog “You Are Backing Up Your Gmail, Right?“:

Google’s Gmail has made news in the past couple of years by “losing” users’ e-mail—often years’ worth. While these outages have primarily affected the free Gmail service, even access to the paid Google Apps has occasionally been lost. More egregiously, in 2008 Charter Communications (an ISP) accidently deleted 14,000 customers e-mail accounts—and all the e-mail messages in them. For lawyers who are using the free Gmail, or other webmail services, as their primary e-mail tool for client communications, one must ask, “How are you backing that up?”

Set Gmail as Your Default Email Handler

Recently you may have noticed a pop-up request when you opened your Gmail, asking “Allow Gmail to open all email links?”. If you are like me, and still struggling to understand the ramifications of the new Google privacy policy, you clicked “No”.  However, for those who use Gmail as their primary email application, this new option will be a great productivity tool. In essence this allows you to automatically open any hyperlinked email address on the web in Gmail by default. This will let you easily email someone directly from a link, instead of having to copy and paste.  You may have struggled with email links in the past, because most operating systems will want to default to the local mail client (like MS Outlook or Windows LiveMail).

So, if you want to go back and answer “yes!”  see “How to Set or Remove Gmail as Your Default Email Link Handler” from Groovy Post and gain a little productivity.

Directory powered by Business Directory Plugin