![[Horizontal Rule]](../grph/marblebar.gif){kind=small}
It's interesting how expectations about security suddenly rise when lawyers evaluate the Internet.
That communications on the Net are not 100% secure is not in dispute. Since it is technically possible for someone other than the intended recipient of an e-mail message to intercept it at a number of points along its route, users are responsible for taking their own security precautions.
The Internet per se has no built-in protection. (Neither, incidentally, do your office or home -- the only security systems and procedures they have are those someone deliberately put in place and you actually use.)
The conclusion that some lawyers have drawn is that the security risks using the Internet are thereby greater than those in other forms of communication.
I think that's unfounded. Take Canada Post, for example. We've all had letters lost in the mail. Apart from misdelivery, misplaced mail, vandalism of dropboxes and outright theft, numerous security loopholes can be uncovered in the mail collection, sorting and delivery system.
At many homes mail is left outside a front door. Canada Post's position is that once they leave the mail at your premises, security is your problem. The only truly secure delivery service offered by Canada Post is insured registered mail with return receipt, yet law firms send most letters with considerably less fanfare.
Fax is no better. Most firms use absolutely no security on the documents they send by fax: they neither encrypt the contents for privacy nor use a pre-established security passcode to ensure that the other fax machine is sitting in the correct office.
The closest most firms get to `taking security precautions' is announcing the fax with a cover page containing some lame disclaimer threatening the recipient not to read the attached sheet if an error has been made.
A Nepean lawyer told me about a client who soured on him and didn't want to pay his account. When the client enumerated the points he was upset over, one accusation took the lawyer by surprise. "And to top it all off," he complained, "you spoke to me from a cellular phone without my permission."
The client is right, of course. A lawyer should obtain permission before communicating with a client over a cellular telephone. This precaution applies to all telephone calls on the client's matter, not only calls to the client but also calls to office staff, since the same security risks are attendant.
Had he tried, the lawyer most likely would have received this permission from the client. Both parties are aware of the limitations of the technology, and can easily figure out when to work without it. The same restrictions apply to cordless telephones, public telephones, and even talking about the case in public areas such as restaurants.
Authentication of the sender of a message is a similar problem. It's easy to forge an e-mail address, so some people feel that there is no future to using Internet e-mail. I'd like to know how they authenticate their paper mail. Do they keep their clients' signatures on file, the way banks do, and check each piece of correspondence against the file copy?
When you think about it, it'schild's-play to forge a signature on a letter to a lawyer, and just as easy toforge a lawyer's letter to a client. I daresay that few law firms have grappled with the issue, since in the normal course of business it just doesn't come up.
In reality, human security holes are far harder to plug than technical holes. If I wanted to get confidential information from your firm, the easiest way is to poke through your garbage or recycling bins. The second easiest way is to slip $100 to your cleaning staff. Sifting through billions of pieces of e-mail in the hopes of finding the right string of characters is definitely the hard way.
The issue has a slight twist when it comes to taking or making payment over the Net. Most experts advise us not to send credit card information over the wires until a proper system of security is put in place, and I would agree that that is good advice. However, in reality, you're probably at more risk during the five minutes that your waiter has your credit card for processing than you are using the Internet.
It's interesting that the expectations are so different. Lawyers know that conventional means of communication -- mail, courrier, fascimile -- are not 100% tamperproof. They use those conventional means of communication as a matter of course because they are just that: conventional. People expect to be communicated with in that fashion.
Today e-mail may be marginalized, but by 1997 it, too, will be conventional. Issues like reliability, ease of use and speed may enter into the decision choosing one means over the other. For most firms, though, the Internet will be no more and no less secure than the alternatives.
The csalt-talk mailing list has moved. Sponsored by the Canadian Society for the Advancement of Legal Technology, the mailing-list serves as an on-line forum for discussion about the use of technology in the practice of law. Its members are lawyers, administrators, consultants and legal software vendors across the country.
To subscribe, send a message to Majordomo@csalt.on.ca, with the body containing only the words subscribe csalt-talk (or, if you prefer a digest version, subscribe csalt-talk-digest).
© 1996 Lewis S. Eisen