From Public Wi-Fi to Encrypted Emails, Panel Probes Security of Lawyer Communications
One takeaway from a New York State Bar Association discussion centered around data security in a lawyer's day-to-day-practice and related ethical obligations is the importance of using encrypted communication devices for client information.
January 23, 2018 at 05:02 PM
5 minute read
From left: moderator Michael Ross from the Law Office of Michael Ross; Karen Peters, former presiding justice of the Appellate Division, Third Department; Jonathan Stribling-Uss, of Constitutional Communications; James Bernard of Stroock & Stroock & Lavan; Timothy O'Sullivan of the New York State Lawyer's Fund for Client Protection; and William Rashbaum of the New York Times. Photo: David Handschuh/NYLJ What happens when a lawyer connects a laptop containing sensitive client information to a public Wi-Fi network or prints out documents from a hotel printer?
Those scenarios could put lawyers—and their clients—at an increased risk for data leaks and hacking, said panelists at a Tuesday discussion at the New York State Bar Association's annual conference in Manhattan.
One takeaway from the discussion, which was centered around data security in an attorney's day-to-day-practice and related ethical obligations, is the importance of using an encrypted communication device in transmitting client information.
Encryption is often “client dictated,” not law firm-driven, said panelist James Bernard, a partner at Stroock & Stroock & Lavan who also serves as general counsel to his firm. Many clients, particularly financial services companies that are concerned about unauthorized access to personally identifiable information in their customer base, will use encrypted email, sometimes exclusively, in communications with law firms, Bernard said.
Some corporate counsel offices even have internal reviews to make sure legal staff are sending encrypted email.
“They get dinged if they don't send out encrypted emails,” Bernard said.
The moderator of the discussion, Michael Ross, whose firm represents other lawyers in ethics and disciplinary matters, said some engagement letters can even set out the standards of encryption that law firms promise to provide.
If lawyers are not using encrypted technology, they could be exposing client confidential information, said panelist Jonathan Stribling-Uss, a lawyer, digital security consultant and director of Constitutional Communications, a nonprofit that specializes in information security.
In the situation of a lawyer using a public Wi-Fi network and sending email “that does not have end-to-end encryption,” that communication could be read by someone also on that network and the connection itself could be changed to allow for some sort of malicious attack, Stribling-Uss said.
“That's totally possible with any public Wi-Fi connection,” added Stribling-Uss, who also noted that printers can store documents for years and also be hacked.
Another panelist, Karen Peters, a former presiding justice of the Appellate Division, Third Department, said an attorney's ethical obligations vary depending on the firm.
“Are you talking about a large law firm with hundreds of lawyers that has an international presence? Then I would think their obligation to ensure confidentially to client data is a much higher obligation,” said Peters, noting that such a firm's clients have information that hackers are looking to acquire, unlike a small firm in Plattsburgh, New York, handling family law or Surrogate's Court work.
For Peters, who retired in December, the issue of cybersecurity is one that her former colleagues on the bench must now face.
“The question I would think for any judge who has this situation in front of him or her is, 'What was reasonable under the circumstances,' and those change depending upon the kind of business you're in,” she said, citing Rule 1.6 of the New York Rules of Professional Conduct.
Still, a firm of any size can be targeted.
Timothy O'Sullivan, executive director of the New York State Lawyers' Fund for Client Protection, which reimburses client money that is misused in the practice of law, said a common scheme is an email solicitation to lawyers that asks them to deposit a check in escrow and then disburse the money.
“Turns out that check was bogus,” but it's not caught right away, said O'Sullivan in describing the scam.
Peters raised another hypothetical for any firm: An executive assistant, in their spare time, uses an office computer for online shopping, social media and other internet surfing. Is it best for the law firm to be rigid with staff on how they use the equipment in the office?
Stribling-Uss said that firms should be strict, confirming that personal use of office equipment by staff can expose law firms to hacking. Stribling-Uss, however, said that firms don't have to pay a fortune.
“The best types of encryption are actually free,” he said. “You're being fleeced by these security companies,” he added, pointing out encryptions apps such as Signal and WhatsApp.
Meanwhile, notices at the end of law firm emails noting that any information included in them is intended only for the person to which is it addressed with unauthorized access being strictly prohibited is “mostly just catnip” for hackers, Stribling-Uss said.
Another takeaway from the discussion is just “to be smart and start thinking about these issues more often,” said Bernard, noting that various ethics opinions on this subject are situational.
“You definitely need to be thinking about this all along a graded scale, if you will, in terms of how important the matter is and what it is you're transmitting,” Bernard said.
A New York Times reporter on the panel, William Rashbaum, reminded the audience, “When somebody provides us with documents that are confidential, they are newsworthy because they are confidential.”
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View All
New York-Based Skadden Team Joins White & Case Group in Mexico City for Citigroup Demerger
Bankruptcy Judge Clears Path for Recovery in High-Profile Crypto Failure
3 minute read
US Judge Dismisses Lawsuit Brought Under NYC Gender Violence Law, Ruling Claims Barred Under State Measure
Trending Stories
- 1Doug Emhoff, Husband of Former VP Harris, Lands at Willkie
- 2LexisNexis Announces Public Availability of Personalized AI Assistant Protégé
- 3Some Thoughts on What It Takes to Connect With Millennial Jurors
- 4Artificial Wisdom or Automated Folly? Practical Considerations for Arbitration Practitioners to Address the AI Conundrum
- 5The New Global M&A Kings All Have Something in Common
Who Got The Work
J. Brugh Lower of Gibbons has entered an appearance for industrial equipment supplier Devco Corporation in a pending trademark infringement lawsuit. The suit, accusing the defendant of selling knock-off Graco products, was filed Dec. 18 in New Jersey District Court by Rivkin Radler on behalf of Graco Inc. and Graco Minnesota. The case, assigned to U.S. District Judge Zahid N. Quraishi, is 3:24-cv-11294, Graco Inc. et al v. Devco Corporation.
Who Got The Work
Rebecca Maller-Stein and Kent A. Yalowitz of Arnold & Porter Kaye Scholer have entered their appearances for Hanaco Venture Capital and its executives, Lior Prosor and David Frankel, in a pending securities lawsuit. The action, filed on Dec. 24 in New York Southern District Court by Zell, Aron & Co. on behalf of Goldeneye Advisors, accuses the defendants of negligently and fraudulently managing the plaintiff's $1 million investment. The case, assigned to U.S. District Judge Vernon S. Broderick, is 1:24-cv-09918, Goldeneye Advisors, LLC v. Hanaco Venture Capital, Ltd. et al.
Who Got The Work
Attorneys from A&O Shearman has stepped in as defense counsel for Toronto-Dominion Bank and other defendants in a pending securities class action. The suit, filed Dec. 11 in New York Southern District Court by Bleichmar Fonti & Auld, accuses the defendants of concealing the bank's 'pervasive' deficiencies in regards to its compliance with the Bank Secrecy Act and the quality of its anti-money laundering controls. The case, assigned to U.S. District Judge Arun Subramanian, is 1:24-cv-09445, Gonzalez v. The Toronto-Dominion Bank et al.
Who Got The Work
Crown Castle International, a Pennsylvania company providing shared communications infrastructure, has turned to Luke D. Wolf of Gordon Rees Scully Mansukhani to fend off a pending breach-of-contract lawsuit. The court action, filed Nov. 25 in Michigan Eastern District Court by Hooper Hathaway PC on behalf of The Town Residences LLC, accuses Crown Castle of failing to transfer approximately $30,000 in utility payments from T-Mobile in breach of a roof-top lease and assignment agreement. The case, assigned to U.S. District Judge Susan K. Declercq, is 2:24-cv-13131, The Town Residences LLC v. T-Mobile US, Inc. et al.
Who Got The Work
Wilfred P. Coronato and Daniel M. Schwartz of McCarter & English have stepped in as defense counsel to Electrolux Home Products Inc. in a pending product liability lawsuit. The court action, filed Nov. 26 in New York Eastern District Court by Poulos Lopiccolo PC and Nagel Rice LLP on behalf of David Stern, alleges that the defendant's refrigerators’ drawers and shelving repeatedly break and fall apart within months after purchase. The case, assigned to U.S. District Judge Joan M. Azrack, is 2:24-cv-08204, Stern v. Electrolux Home Products, Inc.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250
