Trust has always been a key instrument of economics. Up until recently, central banks have acted as the metaphorical custodian of trust, employing complex processes that force populations to participate in bank accounts and credit cards to earn trust benefits, like credit scores. Yet, devastating moments such as the 2008 U.S. financial crisis that took an enormous taxpayer-funded bailout showed the same centralized and slow processes were weakening and could not adapt quickly enough in a digital economy. Further, banks have become the number one target for malicious hackers. As a result, banking systems, credit rating agencies and other traditional legal instruments no longer remain effective mechanisms for P2P reputation and trust measurement.


[PremCon id="testid"]This article appeared in Cybersecurity Law & Strategy, an ALM publication for privacy and security professionals, Chief Information Security Officers, Chief Information Officers, Chief Technology Officers, Corporate Counsel, Internet and Tech Practitioners, In-House Counsel. Visit the website to learn more.
[/PremCon]


A new legal structure that bestows and monitors trust must be employed. Is decentralization of these traditional, gigantic repositories of data the answer? Is blockchain technology the new path that the legal industry should take to sustain in the digital age? Let us consider the most significant implications of decentralized technologies to the legal industry.

Blockchain is one of the most promising new technologies to emerge from the past decade. Financial institutions, healthcare, public sector and government agencies, manufacturing, and energy companies are all embracing digital business trends. Law firms have commonly lagged behind other industries in adopting new technology, but unlike other technologies, the blockchain is a safer tool for law firms.

Making Businesses Safer

Top billing clients of law firms (financial institutions, healthcare, public sector and government agencies, manufacturing, energy companies) found continued success in the deployment of tech innovations, including cloud-based services, cloud security, Machine Learning, Artificial Intelligence, and robotics — all of which present tremendous opportunities for saving time, boosting savings, and accelerating overhead cost reduction. To bear the changing tide of regulatory requirements, these high net clients have proactively adopted rapid updates with cybersecurity solutions to ensure confidential information remains ironclad against the latest cyber attacks.

Along with securing digital transactions, blockchain technology integration within existing security protocols reduces numerous cybersecurity risks. For instance, DDOS attacks are effective because they send a barrage of requests that eventually overwhelm and take down the targeted servers. However, with the blockchain's decentralized nature, these attacks would be less effective since the information would be stored among a large network in many locations.

Blockchain is a sure win for these clients and the law firms that want to be in the role of a secure technology advisor. Blockchain technology can bring a lot of benefits for law firms looking to embrace success in the 21st century.

The legal industry should watch DLT innovations as they are quietly revolutionizing the way people connect and transact. In the next few years, we will see blockchain fundamentally alter the way people:

  • Trade commodities, services, and assets without involving third parties (g., an exchange) as blockchain provides infrastructure for cross-border transactions.
  • Propel various crowdfunding models to break free from investment fund oversight burdens and gain more direct benefits from returns. The idea of the DAO and self-inserting smart contracts is to democratize early-stage investing in the blockchain environment.
  • Provide automatic control over transfer of assets.
  • Keep track of land registry and improve deed management.
  • Ensure clearing and contract disputes settlement in a digital manner to avoid court procedures.
  • Store, exchange, and control access to valuable data and any other PII from the Internet and/or any digital infrastructure.

In addition to these changes, blockchain and DLTs will replace the traditional role of legal professionals by adopting more sophisticated functions, such as becoming an arbiter in dealmaking, advisory, matchmaking, due diligence, assets transfer, financial crime prevention (AML), improving regulatory processes, and other tasks typically associated with legal experts.

Three significant pillars in this new “Trust Economy” era have since surfaced: recordation of assets, value exchange, and smart contracts, in which blockchain technology trims the trade lifecycle to a single trade stage. We will explore these pillars more in depth.

Ledger Technologies for Regulatory Reporting and Compliance

Blockchain is practically immutable due to four key characteristics of its architecture, which help eliminate the risk of fraudulent transactions:

  1. Data is stored in decentralized locations.
  2. Data is immutable. In order to affect the blockchain, bad actors need to delete or change data in all locations.
  3. Multiple sources are required for new data to qualify for acceptance into the blockchain.
  4. Reducing the number of steps in transactions and confirmation times eliminate chances for a transaction to be compromised.

Today, legal professionals are facing multiple challenges related to regulatory compliance management and globalization. The speed of modern business, enhanced service availability, and fast transactions require clients of law firms to ensure security while easily sharing huge amounts of documents between teams, clients and contractors. At the same time, these organizations need to make sure all compliance and regulatory requirements are duly met, including clarity over jurisdictions as data passes between multiple parties.

Blockchain-based solutions help maintain uniformity, consistency, and accuracy of data, minimize manual intervention into systems and human errors, and make sure compliance is achieved. User authentication with a Public Key Infrastructure (PKI) approach is vulnerable to human errors and numerous types of cyber attacks. Simple logins, password authentication, and centralized IT infrastructures are major vulnerabilities that law firm clients face, and this is why blockchain-based technology should be implemented to protect sensitive data.

Major Cybersecurity Challenges for Lawyers and Law Firms

The legal industry continues to be a major focus for cybercriminals, and the leading cybersecurity solutions providers continue to develop innovative products to solve two significant problems: data loss and data leaks in the cloud. Cyber criminals are targeting law firms because they have access to their clients' most valuable information. The less tech-savvy a law firm is, the more attractive a target it is for cyber criminals, because hackers are able to detect those firms that have weaker security. Data protection is a core element of corporate security, and this is especially true for law firms dealing with clients' sensitive data, which is becoming a bigger target for cyber attacks. Law firms need to implement exceptionally secure mechanisms to protect content and file sharing to ensure that only authorized partners can access highly confidential documents, including data encryption capabilities or file-level usage rights.

Law firms should never assume that they won't be targeted, but instead be cybersecurity-savvy and protect against security breaches as they emerge. Law firms should fight the growing cybersecurity threat since the risks are increasingly evolving. Now, let's take a quick look at the recent top data leaks of the world's largest law practices.

Notable Data Breaches, and Law Firms Victimized

  • Hackers are aggressively targeting law firms' data. If you thought hackers were afraid of the guys who can prosecute them, think again.
  • Leading offshore firm Appleby admitted it was the victim of a hack in 2016.
  • In the Panama Papers scandal, the law firm Mossack Fonseca was basically wiped out of existence after 11.5 million documents were revealed as a result of data leaked to a German publication, Sueddeutsche Zeitung. Mossack acknowledged the firm's credibility had been entirely destroyed.
  • Cravath, Swaine & Moore and Weil Gotshal & Manges, which represent Wall Street banks and Fortune 500 companies, were attacked in 2016. Hackers penetrated into a computer network and stole the confidential information worth over $4 million for the purpose of insider trading and planned mergers.
  • Several law firms in British Columbia, Canada, were infected with ransomware. The companies that were targeted by cyber criminals preferred to remain anonymous to avoid potential reputational damages. Similarly, an Indianapolis-based law firm was infected by ransomware distributed through a spear-phishing email message, containing a malicious attachment impersonating the United States Postal Service.
  • Thirty Nine Essex Street fell victim of a cyber attack. Reportedly, the Russian state-sponsored group Energetic Bear was behind it.
  • And recently, Deloitte suffered a sophisticated cyber attack, where clients' emails were stolen along with other confidential information.

Ransomware infects organizations through phishing, and law firms need to implement comprehensive information security awareness programs for their employees. Cybersecurity experts recommend using fully automated and sophisticated protection against ransomware for your SaaS data with the help of machine-learning algorithms.

Blockchain-Powered Protection for SaaS Data

There are solution providers that are taking the lead to help law firms secure their data. For instance, a blockchain-based company undertook a crucial initiative to develop a unique Blockchain Single Sign On solution (BSSO), which is a technological answer to these compliance and regulatory challenges. BSSO will automate regulatory and compliance processes, and enable organizations to comply with the standards and federal laws for customers subject to ISO 27001, EU Model clauses, HIPAA BAA, FISMA, and others. Blockchain Single Sign On (BSSO) for G Suite, Office 365 and other leading cloud services is the most secure data leak protection, which provides password-free access to customers' critical SaaS data through an SSL certificate that can be easily installed on any device, with a high level of protection of the certificate itself at all stages. BSSO allows organizations to access and share highly confidential documents securely from anywhere.

Blockchain Single Sign On for Leading Cloud Services

Additional security is added by rethinking the username-and-password model of inputting credentials. Now, there will be password-free access to SaaS data stored in G Suite, Office 365, and other cloud services based on Single Sign On (SSO) authentication and blockchain. SSO based on certificate authentication has long been deployed in corporate solutions. The X.509 protocol-based certificate is supported by all browsers, OS, and most software products. This method has not been widely adopted yet, since deep technical skills are required for users and administrators, along with the availability of a special PKI, or a Certificate Authorization (CA) service. However, the traditional CA model involves two serious vulnerabilities:

User Identification

Certificates contain user data (email, login, etc.). When issuing a certificate, CA identifies the user requesting the certificate by using the authentication data contained in it. To implement thorough identity checks, most Certificate Authorities require physical authentication documents, such as a SSN, a driver's license, utility bills, etc. This brings inconveniences and limitations of use, such as the service only being provided in some countries. If the Certificate Authority alleviates the identification requirements, it might play into the harmful hands of a cybercriminal who can impersonate the victim, issue fake certificates in their name, and get full access to the victim's cloud services.

Fraudulent Certificates

Legitimacy of a digital certificate is ensured by the secure Root Key issued by CA, which is the principal identifier for all users. If a hacker steals or forges a root certificate, this will enable him to forge certificates of any other user as well. Cybersecurity experts are reporting a growing number of compromised CA certificate attacks. Blockchain-based companies intend to solve the problem of traditional PKI by introducing a unique user identification procedure via leading cloud providers such as Google, Microsoft and certificate recordings in blockchain. SaaS providers verify the digital identity of a certificate holder and ensure that the certificates are requested by the cloud account holder, thus avoiding fraudulent attacks on accounts.

Blockchain companies will save the digital fingerprint of the certificate issued in the blockchain network. The certificate will be transferred to the user and will not be stored by the solution provider. All data required for user authentication will be kept solely by the user. In order to verify the certificate, the checksum needs to match the one stored in the certificate.

Because of the distributed nature of blockchains, this data cannot be falsified, as the checksum ensures the integrity of a digital certificate. That's why blockchain plays a crucial part and creates a unique interaction between cloud providers and the users of blockchain in order to implement a simple and secure way to access cloud data.

Basic Principles of BSSO Solution

  • The confirming factor is the permission to access the profile through the API of leading cloud providers such as Google, Microsoft, Salesforce, etc.
  • The blockchain-based solution provider doesn't store personal data of its customers. After the certificate is created, the client data is completely deleted from the solution provider's servers.
  • The certificate is stored only on the client's device.
  • Checksums of certificates are stored in the blockchain decentralized network, therefore, it is impossible to replace the existing certificate or create a fake one.
  • The client must have an active account at G Suite or Office 365.

BSSO Is Capable of Re-Engineering Cybersecurity

The blockchain-based provider's solution eliminates the security problems of classic PKI: trust of the certificate is not based on the certificate chain, but on the strict verification of the checksum of the certificate that is stored in the blockchain and cannot be replaced. There is no dependence on the availability of the CRL when the certificate is validated. The data stored in the distributed network block is always available for verification. Compromising blockchain-based solution provider's key does not lead to a compromise of the issued certificates. To verify a user's certificate, the Web service is accessed in blockchain.

Conclusion

Groundbreaking blockchain technology is poised to transform traditional legal services, improve core business processes, facilitate regulatory and compliance procedures, and significantly simplify contract execution. It is clear from the many tangible blockchain use cases that law firms owe it to the profession and their clients to learn more about how disruptive technologies can help them provide cutting-edge services.

*****
Dmitry Dontsov
is the CEO and founder of Spinbackup and the former CEO of Optimum-web, where he led the company for 10 years. He is an expert in SaaS data security and has built a successful software development company that was focused on cloud and mobile app development, and has contributed as a CTO in two startups. Dmitry supports early technology and commercialization of data management, protection, and recovery capabilities. He also holds a number of patents and continues to push for market adoption of industry standards-based security and blockchain.