encryption for lawyers
play

Encryption for Lawyers : The Time Has Come David G. Ries John W. - PDF document

Oct 16, 2023 •217 likes •455 views

Encryption for Lawyers : The Time Has Come David G. Ries John W. Simek David G. Ries dries@clarkhill.com 412.394.7787 John W. Simek jsimek@senseient.com 703.359.0700 2 Why Encryption Is Needed Up to 70% of data breaches involve

  1. Encryption for Lawyers : The Time Has Come David G. Ries John W. Simek › David G. Ries dries@clarkhill.com 412.394.7787 John W. Simek jsimek@senseient.com 703.359.0700 2 Why Encryption Is Needed Up to 70% of data breaches involve laptops & portable media. About 10% of laptops are stolen during their useful lives. 1.4 million smartphones were lost during 2013. 3.1 million smartphones were stolen during 2013. 3

  2. 4 ‹#› Why Encryption Is Needed 2011: Maryland law firm: -unencrypted portable hard drive with medical records left on light rail. 2014: Georgia law firm: - unencrypted portable hard drive with personal information on clients stolen from trunk of car. 4 ‹#› 5 Why Encryption Is Needed 2007: 18 laptops were stolen from the offices of a law firm in Orlando. - Protected by encryption - SANS Institute: “(laptop stolen, but the data was protected) shouldn’t be newsworthy...” Encryption protects data! 5 ‹#› 6 Why Encryption Is Needed Electronic communications can be intercepted. Wired and wireless network traffic can be intercepted. Cyberspace is a dangerous place! 6

  3. 7 ‹#› Why Encryption Is Needed PRISM • Web-based e-mail • Telephone records • Text messages • Social media sites • ISP communications • VoIP • File transfer • Video conferencing 7 ‹#› 8 Attorneys Avoid Encryption Encryptio n 10 FT 8 ‹#› 9 Encryption  An electronic process to protect data Transforms readable data into unreadable data Requires a key to make data readable again 9

  4. ‹#› 10 Encryption Readable Unreadable Readable Plaintext Cyphertext Plaintext Encryption Key Decryption Key 10 ‹#› 11 11 ‹#› 12 12

  5. 13 Encryption Key Example AES-256 Key +30NbBBMy7+1BumpfmN8QPHrwQr36/vBvaFLgQM561Q= 13 14 Encryption Key -----BEGIN PGP PRIVATE KEY BLOCK----- Version: BCPG C# v1.6.1.0 lQOsBFIOnHgBCACwAhCyBG5X52IkbIKpeN21wEa3kR+eLvqRkdjD1oL1o4kmy3hh Zz1l/DH7RcZX+efCP3RfEvi7Mu3a9KIEq0D0KxLQbhaWvVDzJ8yUCR8kRepFDKtj pj1G/049DJGM4AYHqhmTPSnwRnPBtv5Ci2k9cWgZSnH/4NnkAGYudsftReoxOsUt pfYTyMeoGBg2DkNG4yZ6uG86v5k641lgH9qABajjFfXoe2aMwbYPMWQDahJlCZfH U2q05GJt/2zThnky/D//savhrshpNxr1ddEa1QwgGSR/EDPkflv1b4yWH05DbRST dR9B136kh+2YMDtqaJ75hhU/H9Q6WmhBAIlXABEBAAH/AwMCoZz7ekYu0YZgXUod EoYlOwJmlu/ZLx2GSFtZO2RNyvblG+O3ZeKukG1xbSvzBS0Z5OjQOYnD+X5arvNM DmpyilKpb5DueaN1osxPOkunqQ6cJlOWdROvUQkgLCD7Y7jfu4/coeK+HZuoIHSq txEQaICTDcEnFYjDJNYNGWKj6WfT3LGjDhCreck6MZcGGJHjmCN8VF+yEmsUIkM+ 9D/US/rl/lWnINlfgmhiN1NxpAhg9Xo43Mpwex3hZLXLrbhdTkRMVgHLEH5h3xxo /UyNGCn3T9CTa4/vNdmZmMlAAHQk6F0ZhqFLS8x3sR2hxwkaNGmGHRr/ihklv15U RrggHzH89zxc3RDC8al/wcieM1vXx9hK195r9NPJ/hET1EIqs3wLu8rmZDPazIVT j8bQdhH3X964Q70ciiREVXbY29uwSXKHU6Q8agmCDdeGoZ/bhtLaYSs6Q53dgW97 U2IN6QIxHDTa+eZU5t1RVR5ugHph6yhTk6rCQF+FTsiaezwHkXqS5SfyNJ2JgOCi 6l4HpA2gLOy3raV4MoSpsEwIpquTccu/B8Aiucy6UL7IELOAMT2s7c2R7qVoBvew 5e2gDid0CWNqN03Zvg4USKq3lYskMUWUtaaexDWNALB210OKixm6mGN4VzelmqMK w6drwWbfuo+Xt540wlGOOuCjZoEM+qxKofnDZicDQ9Lns/eswvLZS2L/ei3kF4du B0wexeG7R5eNlOlDfReyz5qWXOLgS47In6OLBXlUfuuNsI0m64DM3Z9LBXev2TuG YHGG26j1FRwgOdSDynjITA2xZrIJQ7rBjJhiMedH1bLlUau75EU/qQVAV1jZ+qD/ CbD/vxVW237NaAPPlctGXrvWMyZh/PSjb/wC56veYrQAiQEcBBABAgAGBQJSDpx4 AAoJEKJQRE9Opr2dRb8H/A67kPkY8fwCY8JxF6tV46rmXIyPOsVzVHb+TG9p+0ep 1js13t1MGJuMS7CXaDdtPdahD9IKwKRO3z2Jxsg2ADYditkR7QUknGUnrJsQOkKx 8gXinRihRNjM2JzsqWkBEOauIlnO5+Y01g7KTo93N1F+pNrPNzRko8gAPWIozJMd 5wLT9NvtdJLRumJjTjQ9ydyLa41uOq8EZvYELwyq0USO5AzlOu5XAduduRv9qhIm CmN8RLgShJzCGhu2E08hgU2kZZtY1g3VyGnttkkn4Vtr6wREh5SyvMlzirWAMb1G LvaFZWAYAPLlCtCZQU3pL8mjFTFAxsKS1CcRLUrOkLM= =9Ry2 14 -----END PGP PRIVATE KEY BLOCK----- ‹#› 15 A Simplified Overview Encryption Program Algorithm Key 15

  6. ‹#› 16 Protect Data at Rest – Servers, Desktops, Laptops, Tablets, Portable Media, Smartphones, etc. Data in Motion – Wired Networks, Wireless Networks, Internet, Cell Networks, etc. 16 ‹#› Is Encryption Too Difficult? AES ALGORITHM Source: quadibloc.com 17 ‹#› 18 Is Encryption Too Difficult? USENIX Security Symposium Aug. 1999 18

  7. ‹#› 19 Is Encryption Too Difficult? Attorneys will often need assistance in setting up encryption. There are now many easy to use options for encryption (particularly after setup). 19 ‹#› 20 Attorneys’ Duty to Safeguard Ethics Rules Common Law Contracts Statutes and Regulations 20 ‹#› 21 ABA Ethics 20/20 Amendments Model Rule 1.1 Competence Comment [8] To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology…” Adopted by PA! 21

  8. ‹#› 22 ABA Ethics 20/20 Amendments Model Rule 1.6 Confidentiality (c) A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client. Adopted by PA! 22 ‹#› 23 Ethics Opinions - Encryption New Jersey Opinion 701 (2006) California Formal Opinion No. 2010-179 Pennsylvania Formal Opinion 2011-200 Texas Opinion No. 648 (2015) 23 ‹#› 24 Unencrypted Email = “A Postcard” Bruce Schneier (1995, 2000 +) Larry Rogers (2001) (“written in pencil”) Google Official Blog (June 3, 2014) New York Times (July 16, 2014) “Reasonable Expectation of Privacy?” 24

  9. ‹#› 25 Lost and Stolen Devices: “Considering the high frequency of lost assets, encryption is as close to a no-brainer solution as it gets for this incident pattern. Sure, the asset is still missing, but at least it will save a lot of worry, embarrassment, and potential lawsuits by simply being able to say the information within it was protected.” “Competent and Reasonable Measures” 25 ‹#› 26 Learning from the Past? 5/06 Dept. of Veterans Affairs (laptop & hard drive stolen from employee’s home in burglary) 6/06 OMB (encrypt all sensitive data on agency mobile computers/devices) NV Encryption Law (eff. 10/1/08) MA Security Law (eff. 1/1/09) (encrypt PII on laptops and portable media) 8/11 Baltimore law firm (external hard drive – backup – left on light rail) 8/14 GA law firm (external hard drive – backup - stolen from employee’s trunk) 26 ‹#› 27 Bottom Line Encryption is increasingly required in areas like banking and health care and by new state data protection laws. As these requirements continue to increase, it will become more and more difficult for attorneys to justify avoidance of encryption. It has now reached the point where all attorneys should generally understand encryption, have it available for use when appropriate, and make informed decisions about when encryption should be used and when it is acceptable to avoid it. 27

  10. 28 ‹#› Protect Decryption Key! Generally requires password/passphrase to access. Use a strong password/phrase - 12 characters or more. Use a password manager for multiple encryption instances. 28 ‹#› 29 Safeguards Backup Data Backup Recovery Key Data Enterprise Management 29 ‹#› 30 Strong Passwords / Passphrases Current recommendations for strong passwords or passphrases: • Minimum length of 8 characters – moving toward 14 • Contain lower and upper case letters • Include numbers • Include a symbol or symbols • Avoid dictionary words 30

  11. ‹#› 31 Passphrases Iluvmy2005BMW! IluvmXy2005B3MW! Stronger: Break dictionary words with random letters, numbers, or symbols. 31 ‹#› 32 Laptops and Desktops Full Disk Encryption Limited Encryption – Partition, Folder or File 32 ‹#› 33 Hardware Full Disk Encryption • Automatically encrypts entire disk • Decrypted access when an authorized user logs in • Examples: – Seagate Momentus (SED) – Samsung SSD – Hitachi Self-Encrypting Drive Seagate 33

  12. ‹#› Operating System Encryption Microsoft Windows - Bitlocker (business versions: Vista, 7, 8) – [Encrypted File System (EFS)] – Device Encryption (8.1 with specific tech specs) Apple OS X – FileVault – FileVault 2 34 ‹#› 35 Encryption Software Full Disk & Limited Examples: – Check Point – Dell Data Protection – McAfee Endpoint – Sophos Encryptio n – Symantec (PGP and Endpoint) – WinMagic – TrueCrypt (open source) 35 ‹# Encrypted Portable Media Ironkey CMS Secure Vault SanDisk (Imation) Imation Bitlocker Seagate Go-Flex 36 to Go

  13. ‹#› 37 Smartphones and Tablets BlackBerry iPhones and iPads Android 1. Follow manufacturer’s instructions. 2. Enable encryption. 3. Use strong PIN or passcode. 4. Set auto timeout. 5. Use 3 rd party encryption on older Androids. 37 38 Proceed With Caution! E-mail 38 More Secure (Examples) Dell Data Protection Cloud Edition Business Enterprise Sookasa

  14. 40 Cloud Encryption Who has the key? Internet End User Cloud Service Provider 40 ‹#› 41 Wireless Networks • [Wired Equivalent Privacy (WEP)] – weak! • Wi-Fi Protected Access (WPA) - cracked • Wi-Fi Protected Access, second generation (WPA2) • Sniffer programs • War driving • Pineapple • Evil twin Source: Wikipedia.org 41 ‹#› 42 Wireless Networks 42

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

TOP LAWYERS HEALTH & MED-MAL These LEADING LAWYERS have been recommended by their peers to be

TOP LAWYERS HEALTH & MED-MAL These LEADING LAWYERS have been recommended by their peers to be

TOP LAWYERS HEALTH & MED-MAL These LEADING LAWYERS have been recommended by their peers to be among the TOP LAWYERS in Illinois. Stephen T. Moore Hinshaw & Culbertson LLP Rockford/Chicago 312.704.3000 LEADING HEALTH LAWYERS Lisa R.

540 views • 4 slides
YOUNG LAWYERS ON CENTER STAGE CURRENT ISSUES RELATED TO YOUNG LAWYERS & VOLUNTARY BARS

YOUNG LAWYERS ON CENTER STAGE CURRENT ISSUES RELATED TO YOUNG LAWYERS & VOLUNTARY BARS

YOUNG LAWYERS ON CENTER STAGE CURRENT ISSUES RELATED TO YOUNG LAWYERS & VOLUNTARY BARS KATHERINE HURST MILLER AND ZACK ZUROWESTE THE FLORIDA BAR YOUNG LAWYERS DIVISION Our mission is to inspire and empower young lawyers to succeed, to

177 views • 15 slides
Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about

Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about

Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about encryption? Encryption Certificates Crypto Currencies Public Key AES Encryption Privacy SSH VPN HTTPS TLS Quantum Digital Signatures

837 views • 46 slides
Usable Encryption Class Presentation for CMSC 818D Wei Bai S Application S Hardware

Usable Encryption Class Presentation for CMSC 818D Wei Bai S Application S Hardware

Usable Encryption Class Presentation for CMSC 818D Wei Bai S Application S Hardware Encryption S Web Encryption S Email Encryption OpenPGP S S/MIME S S Online Social Network Public Key Encryption S Encryption/Decryption

842 views • 26 slides
Communicating with Lawyers about Civil Legal Aid: Highlights of 2014 Research Among Lawyers By

Communicating with Lawyers about Civil Legal Aid: Highlights of 2014 Research Among Lawyers By

Communicating with Lawyers about Civil Legal Aid: Highlights of 2014 Research Among Lawyers By Lake Research Partners and The Tarrance Group AN UPDATE TO 2013 RESEARCH AMONG LIKELY VOTERS Commissioned By: For soliciting participation in the

368 views • 35 slides
Tax Controversy Training for Pro Bono Lawyers and CPAs Presented by Maryland Volunteer Lawyers

Tax Controversy Training for Pro Bono Lawyers and CPAs Presented by Maryland Volunteer Lawyers

Tax Controversy Training for Pro Bono Lawyers and CPAs Presented by Maryland Volunteer Lawyers Service, Inc. May 8, 2018 What you will get when you are assigned a client: Copy of the presentation slides IRS forms and publications

988 views • 96 slides
Wentworth Lawyers COMMERCIAL LAWYERS D IRECTORS D UTIES : L ESSONS FROM THE PAST TO GUIDE

Wentworth Lawyers COMMERCIAL LAWYERS D IRECTORS D UTIES : L ESSONS FROM THE PAST TO GUIDE

Wentworth Lawyers COMMERCIAL LAWYERS D IRECTORS D UTIES : L ESSONS FROM THE PAST TO GUIDE FUTURE CONDUCT FOR D IRECTORS SOME PRACTICAL TIPS FOR NFP S On 30 November 2017, we presented a webinar in partnership with Better Boards Australasia

621 views • 42 slides
for Pro Bono Lawyers Presented by Maryland Volunteer Lawyers Service, Inc. September 15, 2016

for Pro Bono Lawyers Presented by Maryland Volunteer Lawyers Service, Inc. September 15, 2016

Tax Controversy Training for Pro Bono Lawyers Presented by Maryland Volunteer Lawyers Service, Inc. September 15, 2016 Instructors Gerald W. Kelly Kelly | Dorsey, P.C. gkelly@kellydorseylaw.com 410-740-8750 James P. Leith Local Taxpayer

1.31k views • 84 slides
RSA Encryption 10 February 2012 RSA Encryption 10 February 2012 1/35 We saw some methods of

RSA Encryption 10 February 2012 RSA Encryption 10 February 2012 1/35 We saw some methods of

RSA Encryption 10 February 2012 RSA Encryption 10 February 2012 1/35 We saw some methods of encryption Wednesday, but none of these is good enough to be used in actual situations. Today well talk about one method, RSA Encryption, which is

1.01k views • 59 slides
Secret-Key Encryption Introduction Encryption is the process of encoding a message in such a

Secret-Key Encryption Introduction Encryption is the process of encoding a message in such a

Secret-Key Encryption Introduction Encryption is the process of encoding a message in such a way that only authorized parties can read the content of the original message History of encryption dates back to 1900 BC Two types of

533 views • 38 slides
Functional Encryption Lecture 27 Functional Encryption Plain encryption: for secure

Functional Encryption Lecture 27 Functional Encryption Plain encryption: for secure

Functional Encryption Lecture 27 Functional Encryption Plain encryption: for secure communication. Does not allow modifying encrypted data. Homomorphic Encryption: allows computation on encrypted data, but result remains encrypted Functional

987 views • 61 slides
Encryption at Rest in ZFS Tom Caputi tcaputi@datto.com Overview of Encryption Implementation 2

Encryption at Rest in ZFS Tom Caputi tcaputi@datto.com Overview of Encryption Implementation 2

Encryption at Rest in ZFS Tom Caputi tcaputi@datto.com Overview of Encryption Implementation 2 What is Encryption? Want to prevent someone (an attacker) from accessing private data Permissions arent good enough Root user can

788 views • 20 slides
Functional Encryption for Regular Languages Brent Waters Public Key Encryption

Functional Encryption for Regular Languages Brent Waters Public Key Encryption

Functional Encryption for Regular Languages Brent Waters Public Key Encryption [DH76,M78,RSA78,GM84] Avoid Prior Secret Exchange PubK SK 2 Functional Encryption [SW05] Functionality: f( , ) MSK Authority Key: y 2 {0,1}* y SK CT: x

945 views • 16 slides
Security of Encryption Security of Encryption Perfect secrecy (IND-Onetime security) is too

Security of Encryption Security of Encryption Perfect secrecy (IND-Onetime security) is too

Defining Encryption (ctd.) Lecture 3 CPA/CCA security Computational Indistinguishability Pseudo-randomness, One-Way Functions Security of Encryption Security of Encryption Perfect secrecy (IND-Onetime security) is too strong (though too

1.36k views • 113 slides
Lecture 3 Encryption Suggested readings: Chs 1 & 2 in KPS Ch 1 in Stinson

Lecture 3 Encryption Suggested readings: Chs 1 & 2 in KPS Ch 1 in Stinson

Lecture 3 Encryption Suggested readings: Chs 1 & 2 in KPS Ch 1 in Stinson (recommended) 1 Encryption Principles A cryptosystem has (at least) five ingredients: 1. Plaintext 2. Secret Key 3. Ciphertext 4. Encryption algorithm 5.

657 views • 12 slides
WHERE ARE THE BORDERS OF THE ACCEPTABLE LAWYERS PATERNALISM? A CLIENTS INFORMED CONSENT IN

WHERE ARE THE BORDERS OF THE ACCEPTABLE LAWYERS PATERNALISM? A CLIENTS INFORMED CONSENT IN

IGOR MILINKOVIC, PhD Assistant Professor of Legal Ethics Faculty of Law, University of Banja Luka (BH) WHERE ARE THE BORDERS OF THE ACCEPTABLE LAWYERS PATERNALISM? A CLIENTS INFORMED CONSENT IN BOSNIA AND HERZEGOVINA Lawyers protectors

473 views • 18 slides
Pitney Bowes Second Quarter 2016 Results August 2, 2016 The Company's financial results are

Pitney Bowes Second Quarter 2016 Results August 2, 2016 The Company's financial results are

Pitney Bowes Second Quarter 2016 Results August 2, 2016 The Company's financial results are reported in accordance with generally accepted accounting principles (GAAP). The Company reports measures such as adjusted earnings before interest and

724 views • 29 slides
Scrum Scrum framework Roles Ceremo monies Artifact cts Product Owner Sprint Planning

Scrum Scrum framework Roles Ceremo monies Artifact cts Product Owner Sprint Planning

CPSC 310 Software Engineering Lecture 4 Scrum Scrum framework Roles Ceremo monies Artifact cts Product Owner Sprint Planning Product Backlog Scrum Master Daily Scrum Meet Sprint Backlog T eam Sprint Review Burndown Charts

452 views • 15 slides
Triangle Project Update December 2019 1 NWC Triangle Project Overview FUTURE PHASES FOR THE

Triangle Project Update December 2019 1 NWC Triangle Project Overview FUTURE PHASES FOR THE

Triangle Project Update December 2019 1 NWC Triangle Project Overview FUTURE PHASES FOR THE CAMPUS NWC Phases 1 & 2 NWC Phases 3-8 The Triangle 2 Performance Based Infrastructure Office PBI is not appropriate for all public

127 views • 10 slides
Docket No. 4774 2018 Renewable Energy Growth Program Rhode Island Public Utility Commission

Docket No. 4774 2018 Renewable Energy Growth Program Rhode Island Public Utility Commission

Docket No. 4774 2018 Renewable Energy Growth Program Rhode Island Public Utility Commission Public Hearing January 24, 2018 Overview of Presentation System Sizing Issues Small Solar Class Capacity Notifications Program

156 views • 15 slides
Power BI Administration Devin Knight dknight@pragmaticworks.com Assuming this goes well.

Power BI Administration Devin Knight dknight@pragmaticworks.com Assuming this goes well.

Power BI Administration Devin Knight dknight@pragmaticworks.com Assuming this goes well. President, Pragmatic Works Training Popup books about Microsoft Data Platform MVP maintaining a healthy Author of 7 books relationship with your

502 views • 13 slides
Agile Design and Development A Roundtable Discussion 2017 Exchange Network National Meeting

Agile Design and Development A Roundtable Discussion 2017 Exchange Network National Meeting

Agile Design and Development A Roundtable Discussion 2017 Exchange Network National Meeting Innovation and Partnership May 15-18, 2017 Sheraton Philadelphia Society Hill Hotel Philadelphia, Pennsylvania #EN2017

528 views • 7 slides
PV System Design and Sizing 2 3 Designing PV Systems Determine how much energy you want to

PV System Design and Sizing 2 3 Designing PV Systems Determine how much energy you want to

1 ESCI61 Introduction to Photovoltaic Technology Ridha Hamidi, Ph. D. Ridha Hamidi, Ph. D. PV System Design and Sizing 2 3 Designing PV Systems Determine how much energy you want to generate per year (or for specific time periods if

921 views • 46 slides
Post-Quantum Static-Static Key Agreement Using Multiple Protocol Instances Reza Azarderakhsh 1

Post-Quantum Static-Static Key Agreement Using Multiple Protocol Instances Reza Azarderakhsh 1

Post-Quantum Static-Static Key Agreement Using Multiple Protocol Instances Reza Azarderakhsh 1 David Jao 2 , 3 Christopher Leonardi 2 Department of Computer and Electrical Engineering and Computer Science, Florida Atlantic University Department

807 views • 58 slides

More recommend