TECHNOLOGY AND THE PRACTICE OF LAW COMMITTEE
Attorney Professional Competence in Technology: An Introduction and Foundation for Enhancement
[Friday, June 14, 2013 — 14:00-15:30
Cavalier Oceanfront Hotel, Virginia Beach, VA]
© 2013 EZ Justice PLC
[Lecture notes with hardware and software URL's appear here.]
Good afternoon! Welcome to the Introduction to Attorney Professional Competence in Technology.
My name is Olivier LONG. I have a virtual law office and I practice family law in Maryland, DC and Virginia.
My colleague, Jim McCauley is Legal Ethics Counsel to the Virginia State Bar. Jim teaches Professional Responsibility at the T.C. Williams School of Law in Richmond, Virginia.
Alan Goldberg could not be with us today. He practices business and tax law in McLean, Virginia, concentrating in IT and health care regulation.
Here is how we are going to proceed:
I am going to condense five hours of advice into 45 minutes of lecture on what hardware, software and safeguards a competent legal professional should be using.
Then Jim will relate that conduct to the Virginia Professional Guidelines and Rules of Professional Conduct.
At the end, we will have time for questions.
My preference would have been to deliver this lecture by iPad. Unfortunately, the available projectors will not talk to iPads, so this presentation cannot be multimedia. Live hyperlinks and slides for my lecture are available on the web.
The overriding principle in law practice technology is securing data and protecting the privacy of client information, while at the same time pursuing the goals of spending less time and delivering greater value to the client.
The major category of office software for lawyers consists of practice management programs like
These programs usually do such things as –
Trust Account Management
In-office data security consists primarily of password management and hard drive encryption.
My favorite password management software, also called a password vault, is 1-password. I enter a lengthy password for access to all my logins, credit card and secure data. It randomly generates up to 20-character passwords, and stores them without my having to memorize anything.
David Pogue writing for the NY Times earlier this month recommended Dashlane, which is a comparable product.
The leading Email encryption provider is Symantec PGP.
The highest-risk operations are outside the office, and they involve data transfer and data storage. This zone of activity is called practicing law in the cloud.
The tech extreme in cloud-based practice is the virtual law office. Stephanie Kimbro wrote in an ABA report that the virtual law office is:
“[A] professional law practice where an attorney is able to work with clients over the Internet through a secure portal from the establishment of the attorney/client relationship through to the payment of and final rendering of legal services”.
However much or little you are doing on the Internet, when you allow client secrets to move outside your office, you need to take two steps:
Example: Box, a competitor of Dropbox
Read the terms of service.
Write to Box challenge security policies that appear contradictory or missing.
Advise your client that you have vetted the service provider.
Box files are encrypted in transit and at rest. “In transit” means to and from their storage site. At rest means in their cloud storage.
Box is free if you are a solo practitioner like me. Otherwise, it is free for two weeks, then $540 up front a year for up to 3 people, plus $180 per additional person.
Incidentally, Box is generally considered safer storage than Dropbox. If you use Dropbox, as I find most attorneys do, I recommend using VIVO, a free encryption program that works with Dropbox, and the use of two-factor authentication is absolutely required.
Show of hands – Who does not know what two-factor authentication means?
You need to perform due diligence and exercise reasonable care. You often do better with products that are made for lawyers, as their terms of service are more attuned to a lawyer’s need to protect client confidences.
The lack of privacy in social media and phone and Email communication is so much a part of the current national news, that the public expectation of data security may be expected to increase rapidly. You should never be in a position where your client is more concerned about safeguarding their information than you are. Any time you send or receive Email containing a social security number, or an admission of liability or guilt, you are risking a breach of attorney-client privilege.
When you are considering utilizing an Internet service provider, make sure that their Email service and remote server provide encryption, multiple storage-site redundancy and brick-and-mortar security. Find out if the company may use servers outside the United States where data is less secure.
This care that is required of you in selecting an Internet storage firm, applies to cloud storage companies like Carbonite.
It also applies to businesses providing SAAS, software as a service. This is cloud-based software that you rent. Examples are Clio, MyCase and RocketMatter.
Two reasons to back up data to the cloud:
1. Same document can be accessed by more than one person at the same time.
2. Less chance of document getting lost, misplaced or destroyed.
Three reasons not to purchase software:
1. Create a hedge against calendar-based malpractice errors.
2. Avoid annual update fees.
3. The software is always current.
Remember, we are talking about the two procedural prerequisites to placing client data in the cloud. This data, called ESI, or Electronically Stored Information, is moving or at rest outside the walls of your office.
The first step was vetting the provider.
2. STEP TWO is the second critical step, after you have performed the due diligence necessary to meet the requirements of the disciplinary rules, is making sure that you are providing the level of security sought by your client.
Example: Contract for legal services with check boxes —
☐ Encrypted Email
☐ Encrypted Cloud Storage: ☐ Attorney holds the keys.
☐ Storage provider holds the keys.
☐ VOIP or Cellular vs. Wired Voice Communications
☐ Wickr [a communications site where all words and voices disappear after a pre-determined number of minutes]
You should establish your security policy, obtain signed informed consent just like a doctor or hospital; and advise clients promptly in the event of any breach.
Let me re-state this message:
Your responsibility as a Virginia lawyer is to assure encryption for your storage site, your device, and the data in transit. Vet the provider, and determine the client’s need for security.
Now, I would like to step outside our focus on data security and talk about a couple of other principles of technological competence as a practicing attorney:
A. Going paperless is no longer optional. You need to get a scanner, and start scanning everything that arrives on paper.
The advantages in terms of efficiency are substantial:
1. Offsite backup,
2. Remote access,
3. Instant access,
4. Word searching,
5. Collaborative review, and
6. Document assembly.
The hardware product I recommend is the ScanSnap IX500 (about $500.00).
Straight-path for paper causes less jamming;
Automatic document feeder;
Black & white or color;
Handles both sides of the page automatically;
Fast & relatively high volume for the price
Allows OCR and conversion to PDF on the fly
B. You need a digital document platform in the courtroom.
If you do not already have a laptop, I recommend you consider a tablet computer:
Expedited document search and retrieval;
Instant messaging with staff;
Instant calendar access;
Document markup by hand;
Ability to focus attention of a judge or jury on particular words;
Access to the market leading trial-presentation software: Trial-pad.
The efficiencies of digital data have revolutionized law practice, raising the threshold definition of professional competence, while reducing lawyer hours and generally making more services available at a lower cost.
At the same time, cloud-based activity like Email, remote storage, and virtual law practice require a new level of diligence in protecting the confidences and secrets of clients.