Once upon a time, paper ruled the legal industry. Volumes of case law, massive treatises, and thousands upon thousands of client files were eternalized on the pulped and shredded tree mash we call paper. With the advent of the information age, though, the industry swapped the physical for the digital. At first, electronic data was locally stored, but as technology advanced, data began to move into the cloud.1
However, the use of the cloud comes with a significant compromise that did not exist with either paper or locally stored electronic data. When you use a traditional cloud service provider, you accept that your provider has the ability to search, index, and provide your data to third parties if they deem it necessary or they are compelled by law. This is true of all traditional service providers. Google, Microsoft, Dropbox, Evernote, Yahoo … all of these service providers hold the “keys” to peruse the data stored on their servers. Thus, when you decide to store your data in the cloud, you must trust that your service provider will not abuse their access to your data.
I am not suggesting that traditional service providers are untrustworthy or that the protections they offer are anything less than robust. To the contrary, these providers’ business models are built, in part, on the trust that their users have in the security of their platforms. However, the risk that cloud service providers will disclose users’ sensitive data to unauthorized parties is necessarily greater than zero. Ultimately, traditional service providers are a weak point in the security chain. They can accidentally disclose users’ data, they can be forced to provide users’ data to law enforcement agencies or, as unlikely as it may be, their employees can choose to disclose users’ data to unauthorized parties.
Lawyers who want to maximize the confidentiality of their data should consider the solutions provided by end-to-end encrypted (E2E) service providers.
End-to-End Encryption – Confidentiality First
E2E service providers approach data storage using something called the “zero-knowledge” principle.2 As discussed above, traditional service providers necessarily have the means to access users’ data. In part, this is because they must be able to verify a user’s identity. They do this by storing a copy of users’ passwords on their systems.3 Providers using a zero-knowledge system, however, cannot access users’ data because they never receive a copy of passwords in the first place. Instead, they use mathematically linked keys (a private key the user has and a public key they hold) that verifies the user’s login is correct without ever revealing the key.
Chad D. Post, Temple 2017, is a Wisconsin attorney currently working in Washington, D.C. He previously worked as a system information technology engineer and cybersecurity expert in conflict zones around the world for various Department of Defense contracting companies. He is also interested in veteran’s law, privacy law, cyberlaw, and quixotic tilting at windmills.
I realize that this explanation is a bit abstract, so an imperfect analogy is in order.
A chef wishes to keep his secret recipe for breakfast pastries away from prying eyes. He usually locks his recipes in a safe deposit box down at 1st Recipe Bank. Because of the absolute deliciousness of this pastry recipe, however, he is worried that keeping his recipe at 1st Recipe isn’t safe enough because the manager and employees also have keys to the safe deposit boxes under their care. He trusts them, but he is still worried that they may fall prey to a recipe espionage plot … a “respionage plot,” if you will.
Therefore, the master chef contacts Zero K Bank. Zero K Bank provides an impenetrable safe and allows the chef to provide a combination for the safe, which only the chef knows. Even if a thief made off with the safe, the recipe inside would be inaccessible without the chef’s combination. As such, the chef can rest easy knowing that his secret recipe is safe.
This is, in essence, how E2E service providers work. The provider stores users’ data, but that data is encrypted with the users’ private keys. If the E2E provider suffered a data breach or was forced to provide a copy of a user’s data, that data would be incomprehensible (read: encrypted) and could not be accessed without the user’s key. Harkening back to our analogy, the party with the protected copy of the data would have an impenetrable safe and no combination to open it.
If you’re interested in the technical aspects of how zero-knowledge principles are implemented, look at Tresorit’s excellent overview of the process.4
Is End-to-End Encryption Overkill?
Traditional service providers have a reputation for trustworthiness. They also offer well-known products that most people are accustomed to using. Though they lack the protections E2E encryption provides, their products are excellent and often free. Why, then, should a lawyer use an E2E provider when the risk is so low?
The answer, in true lawyer fashion, is that it depends.
For many lawyers, the traditional providers’ balance of security, convenience, and usability makes sense. The extra security offered by E2E providers is outweighed by the convenience and familiarity of traditional platforms. For lawyers who work with extremely sensitive or valuable data, or lawyers who must travel through locations that are less respectful of attorney-client privilege or of privacy in general, the protection offered by E2E solutions might be worth the initial inconvenience.
As an example of situations in which E2E providers might be valuable, I offer two scenarios below.
Scenario One: Corporate or Foreign Espionage. A lawyer is representing an inventor who is a leader in her field. She is developing inventions that competing companies and foreign governments would absolutely love to get their hands on. As a reclusive, tech-savvy genius, she prefers to communicate via email and text, and she shares her patent files through an online file-sharing service.
Adversarial companies and foreign governments know that the lawyer represents the inventor. As such, they try to bribe, threaten, and blackmail the employees of the lawyer’s service provider, hoping to gain access to her developing inventions.
If the lawyer is using a traditional provider, it is possible, if improbable, that the adversarial parties succeed in gaining access to the inventors’ unencrypted data and thus her cutting-edge, unfiled patents.
If, however, the lawyer is using an E2E provider, it does not matter if the adversarial parties are successful because they would only be able to retrieve the impenetrable safe (so to speak.) As such, the unfiled patents would be safe.
If the E2E provider suffered a data breach or was forced to provide a copy of a user’s data, that data would be incomprehensible (read: encrypted) and could not be accessed without the user’s key.
Scenario Two: Defending Terror Suspects. A lawyer is defending a client who believes that she is likely to be accused of terrorism. The U.S. government is in fact contemplating just that and has petitioned the Foreign Intelligence Surveillance Court (FISC)5 for permission to intercept the text messages between the client and her lawyer. While the government may be exceeding its authority by intercepting these privileged communications, the lawyer is unaware of the intrusion because the service provider is barred from informing the lawyer that he is being watched.
If the lawyer and the client are using a traditional text messaging service, their communications might or might not be stored on the service provider’s servers, and the communications might or might not be encrypted in transit.
If the lawyer and the client are using an E2E text messaging service, their communication is stored in the “impenetrable safe,” forcing the government to reveal its intentions if it wants a copy of the data.
These are but two of the many scenarios in which E2E encryption might be useful. FISC warrants are an extreme example of a scenario in which privileged information might be erroneously collected, but FISC is not the only court capable of issuing overbroad warrants and subpoenas. Lawyers representing public figures might also see value in using E2E providers given the damage that informal communications can do to the reputations of elected officials. Prosecutors with high-profile cases involving well-heeled, unscrupulous defendants might also desire an extra layer of protection for their data for many reasons. Ultimately, though, a lawyer might just wish to offer clients the extra peace of mind that comes with the use of an E2E provider.
Concerns with End-to-End Encryption
Despite the value that E2E solutions offer, there are technical and legal considerations that lawyers should be aware of before deciding to take the plunge.
Substandard Security Practices. I recommend that lawyers who wish to migrate to an E2E solution remember that a secure solution is only as good as the data security practices of the people using the solution. This is not a failing of E2E solutions per se. If lawyers are using weak passwords, are foregoing multifactor authentication,6 or are saving copies of the data on non-E2E providers, they’re poking holes in the protection offered by their E2E solution. For example, if a lawyer’s email password is “password123!” then the protection offered by E2E has been compromised.7
Similarly, storing sensitive data on unencrypted devices (such as cell phones or laptops) is a risk because those devices can be stolen. When possible, one should not store local copies of those files. If it is impossible or impractical to not store local copies, encrypting the devices in question and configuring a way to wipe them remotely is wise.
The Principle of the Weakest Link. E2E services are excellent tools, but like any tool they must be used properly. When using E2E solutions, one must remember that the least protected person handling a particular piece of data establishes the net protection level of that data. For example, if I send a text message from my E2E text messaging app to a regular phone, then that message is unprotected once it leaves my app. If I’m sending email, I must remember that the email might not be protected at the recipient’s end.8
For lawyers who work with extremely sensitive or valuable data, or lawyers who must travel through locations that are less respectful of attorney-client privilege or of privacy in general, the protection offered by E2E solutions might be worth the initial inconvenience.
Applicable Laws and International Concerns. Lawyers also should be aware of any applicable data storage laws that pertain to their practices. Many E2E providers store their data abroad to take advantage of strong privacy laws. Switzerland and countries that are members of the European Union are popular E2E storage sites, though E2E solutions exist in the United States and Canada as well. Taking advantage of strong privacy laws can be advantageous, but particular practice areas – those involving national security, for instance – might require lawyers to store their files in the United States.
Features and Staying Power. I also suggest that lawyers considering migrating to an E2E service provider identify indispensable features, so when they are considering E2E providers they know which features to look for. For example, if they need an integrated calendar with their E2E email, they should identify that fact up front. If they want to be able to sync any folder on their computer to their E2E file store, that’s something to be aware of before they buy.
When selecting providers, lawyers also should be cautious about using providers who have not been in business for very long. Selecting a well-established provider reduces the risk of having to migrate your data later if that provider closes up shop. Should a newer E2E provider be too attractive an option to pass up, a lawyer should work with their information technology department or provider to ensure that they have secure, encrypted backups of their data. (Please see the sidebar of providers of E2E solutions.)
E2E encrypted service providers offer lawyers a means of communicating and collaborating with their clients securely and safely. While E2E solutions might not be a viable solution for every lawyer, those with special privacy concerns or those who wish to present themselves as “privacy forward” could do worse than to use E2E services. In many ways, a law firm is its client data, so maximizing the protection of that data makes economic sense.
If you have any questions about E2E service providers or you wish to read me waxing poetic about technology in general, my inbox is always open. You may email me at my very own E2E email account at me cpjd pm pm cpjd me.
Providers of E2E Solutions
The following are some of my favorite E2E solutions. This list is far from comprehensive but offers a good cross-section of reliable providers. I have focused on the “big three” E2E areas: texting, email, and file storage. There are E2E solutions geared toward other areas of communication as well.
Text Messaging Solutions
My go-to E2E text messaging app is Signal. Signal is an open source9 app available on both Android and iPhone. I like Signal because it automatically encrypts messages between Signal users, showing a “locked” symbol to indicate that communications are secure.
I’ve also installed Telegram on my phone. Telegram is also offered on both Android and iPhone. While Telegram appears to be secure, the fact that it is not open source does raise concerns about security. However, I still use it because I have contacts who are on Telegram exclusively.
The ubiquitous WhatsApp also has a home on my phone. WhatsApp is offered on Android and iPhone and is based on Signal’s code. It falls in that grey area between open source software and open source derived software, as only part of WhatsApp’s code is published for review. Although I think WhatsApp is likely E2E secure, Facebook’s somewhat spotty privacy record does raise concerns. However, it has the largest adoption rate of the three options listed, making it useful for that alone.
I have been using Protonmail for two years now. Protonmail is an open source, cross-platform app based in Switzerland. The bunker its servers are stored in is capable of withstanding a nuclear blast. The web interface is excellent, and the phone app is pretty good, too.
I am relatively new to Tutanota, but so far I am impressed. Tutanota is an open source email and calendar platform based in Germany. The web interface is clean, and I have no complaints with the mobile app either.
File Storage Solutions
I have been using Tresorit for quite some time now despite my reservations about its non-open source nature. I enjoy the fact that Tresorit allows me to sync any directory, and that I can (and do) require two-factor authentication to access the app on my phone.
As a secondary file storage service, I use the excellent open source SpiderOak. It has many (but not all) of the same features as Tresorit, making it an excellent alternative for people 100 percent committed to open source solutions.
Turn to the State Bar to Help You Manage and Protect Your Practice
As a State Bar of Wisconsin member, you have an extensive system of support at your fingertips.
Formal Ethics Opinion EF-15-01: Ethical Obligations of Attorneys Using Cloud Computing. A lawyer may use cloud computing as long as the lawyer uses reasonable efforts to adequately address the risks associated with it. The Rules of Professional Conduct require that lawyers act competently both to protect client information and confidentiality, and to protect the lawyer’s ability to reliably access and provide relevant client information when needed.
To read the entire opinion, visit wisbar.org/ethop.
For confidential ethics consultation, call the Ethics Hotline: (608) 229-2017 or (800) 254-9154
In partnership with Identillect (encrypted email service), members can protect their email communications. According to Identillect’s website, “All messages bodies and attachments are encrypted end to end with the highest government recommended level of encryption.” The State Bar has selected Identillect’s Delivery Trust® as the preferred solution provider for bar members to assist in meeting regulatory requirements and protect their sensitive communications.
Cyber Security and Insurance
In partnership with M3 Insurance, members can obtain greater protection with cyber security, option bond or crime policy, and expanded bond coverage.
Cyber security insurance. Coverage is tailored to your firm’s size and needs and can include these areas: cyber extortion (such as ransomware), business interruption, data reconstruction, website liability, breach-response mitigation expenses, and more.
Optional bond or crime policy. This coverage helps lawyers comply with the amended trust account rule, SCR 20:1.15(f)(3)c.2. Coverage encompasses employee dishonesty, forgery or alteration, computer fraud, money orders and counterfeit currency, funds transfer fraud, partners inclusion endorsement, social engineering fraud, and loss of clients’ property.
Expanded bond coverage. Expanded bond coverage is available for the following areas: court bonds (appeal, attachment, bankruptcy trustee, injunction, receivership, release of lien, replevin, sheriff indemnity, TRO); probate bonds (administrator, conservator, guardian, trustee); notary bonds (individual); notary errors and omissions (individual or business); and title agency or agent bond.
See “1, 2, 3 … New Member Benefits to Help You Manage and Protect Your Practice,” InsideTrack (Sept. 19, 2018).
Practice Management Assistance
For guidance on insurance questions, technology needs, and other office and practice management concerns, contact the contact the Practice411™ program for a confidential consultation, (800) 957-4670.
Discover the benefits of State Bar membership. Visit wisbar.org/member.
Meet Our Contributors
Complete the Sentence: I never leave home without __, because __.
I never leave home without at least one backup cell phone battery because I’m as tied to technology as Star Trek’s Borg. If you find me wandering around an unfamiliar city, you can be almost certain that I will have at least one (and probably two) spares.
While I’d love to pretend that my need for these chargers is because I’m a fan of photography … I am, incidentally … the reality is that I’m also a fan of having access to the 1,001 apps that I have installed. On the bright side, I usually have a spare cable or three so if you ever see me wandering and need a quick battery boost, well … consider me your own personal charging station!
Chad D. Post, Washington, D.C.
Become a contributor! Are you working on an interesting case? Have a practice tip to share? There are several ways to contribute to Wisconsin Lawyer. To discuss a topic idea, contact Managing Editor Karlé Lester at (800) 444-9404, ext. 6127, or email org klester wisbar wisbar klester org. Check out our writing and submission guidelines.
1 I don’t like the phrase “the cloud,” as it invokes a sense of mysticism that is entirely undeserved. In essence, all a “cloud service provider” is offering is a place to store and share data that isn’t on the data owner’s own equipment. In other words, when people refer to “the cloud,” they’re really just referring to storing data on someone else’s internet-connected computers.
2 Secure Swiss Data, End-to-end Encryption Explained, (last visited March 3, 2020).
3 The behind-the-scenes workings are more involved than this, but I am erring on the side of making this easy to understand versus technically exact.
4 Istvan Lam, What is Zero-Knowledge Encryption? (May 20, 2016).
5 FISC is an intelligence court that can issue secret warrants and prevent service providers from disclosing that they were subject to the same. www.fisc.uscourts.gov/.
6 Users authenticate using something they know (for example, password), something they have (for example, a login card), or something they are (for example, a fingerprint). Standard authentication uses one of those three factors, while multifactor authentication uses at least two of those factors (for example, a password and a fingerprint, or a password and a login card). For a more detailed overview, see www.nist.gov/itl/applied-cybersecurity/tig/back-basics-multi-factor-authentication.
7 For advice on creating strong passwords, see Chris Hoffman, How to Create a Strong Password (and Remember It) (May 9, 2018).
8 This does not mean that they’re not secure while stored on the lawyer’s E2E solution, only that on the other party’s side, they will be subject to the pitfalls outlined above. For a truly secure communication path, both parties must be using E2E providers.
9 Open source means that the provider has published the underlying code for the service for public review. This offers the public a chance to review the code, identify any security issues, and most importantly in this context, verify that the code is free of means for third parties to access your unencrypted data.