its time is here
play

Its Time Is Here David G. Ries John W. Simek David G. Ries - PowerPoint PPT Presentation

Jan 28, 2023 •200 likes •937 views

Encryption for Lawyers : Its Time Is Here David G. Ries John W. Simek David G. Ries dries@clarkhill.com 412.394.7787 John W. Simek jsimek@senseient.com 703.359.0700 2 A-orneys Avoid Encryp6on Encryptio n 10 FT 3 A-orneys Avoid Encryp6on

  1. Encryption for Lawyers : Its Time Is Here David G. Ries John W. Simek

  2. David G. Ries dries@clarkhill.com 412.394.7787 John W. Simek jsimek@senseient.com 703.359.0700 2

  3. A-orneys Avoid Encryp6on Encryptio n 10 FT 3

  4. A-orneys Avoid Encryp6on • Encryp6on is too difficult. • Encryp6on is too expensive. • “I don’t need encryp6on!” 4

  5. Is Encryp6on Ethically Required? Never Some6mes Always 5

  6. Duty to Safeguard Ethics Rules Common Law Contracts Laws & Regula6ons 6

  7. Duty to Safeguard Rule 1.1 Competence Rule 1.6 Confiden6ality Rule 1.4 Communica6on Rules 5.1, Supervision 5.2, 5.3 7

  8. Aug. 2012 Amendments Model Rule 1.1 Competence Amendment to Comment [8] Maintaining Competence “…a lawyer should keep abreast of changes in the law and its prac6ce, including the benefits and risks associated with relevant technology…” Adopted by 26 states as of Jan 2017 8

  9. Aug. 2012 Amendments Model Rule 1.6 ConfidenCality of InformaCon AddiCon to rule “(c) A lawyer shall make reasonable efforts to prevent the unintended disclosure of, or unauthorized access to, informa6on rela6ng to the representa6on of a client.” 9

  10. Reasonable Safeguards (Rule 1.6, Comment [18]): 1. the sensi6vity of the informa6on 2. the likelihood of disclosure if addi6onal safeguards are not employed 3. the cost of employing addi6onal safeguards 4. the difficulty of implemen6ng the safeguards 5. adverse effect on the lawyer’s ability to represent clients Risk-Based 10

  11. Electronic Communica6ons Model Rule 1.6 Comment [19] “When transmieng a communica6on that includes informa6on rela6ng to the representa6on of a client, the lawyer must take reasonable precau6ons to prevent the informa6on from coming into the hands of unintended recipients. …” 11

  12. Electronic Communica6ons Model Rule 1.6 Comment [19] “…does not require that the lawyer use special security measures if the method of communica6on affords a reasonable expecta6on of privacy. Special circumstances, however, may warrant special precau6ons….” if “reasonable expecta6on of privacy” 12

  13. Ethics Opinions - Encryp6on New Jersey Opinion 701 (2006) California Formal Opinion No. 2010-179 Pennsylvania Formal Opinion 2011-200 Texas Opinion No. 648 (2015) 13

  14. Is Encryp6on Ethically Required? “The poten6al for unauthorized receipt of electronic data has caused some experts to revisit the topic and issue [ethics] opinions sugges6ng that in some circumstances, encryp6on or other safeguards for certain email communica6ons may be required.” ABA, Eye on Ethics (July 2015) 14

  15. Lost and Stolen Devices: “Considering the high frequency of lost assets, encryp6on is as close to a no-brainer solu6on as it gets for this incident pa-ern. Sure, the asset is s6ll missing, but at least it will save a lot of worry, embarrassment, and poten6al lawsuits by simply being able to say the informa6on within it was protected.” “Competent and Reasonable Efforts” 15

  16. Why A-orneys Need Encryp6on Up to 70% of data breaches involve laptops & portable media. About 10% of laptops are stolen during their useful lives. 1.4 million smartphones were lost during 2013. 3.1 million smartphones were stolen during 2013. 16

  17. Why A-orneys Need Encryp6on 8/11 Bal6more law firm (external hard drive – backup – lep on light rail) 8/14 Law firm with GA opera6ons center (external hard drive – backup - stolen from employee’s trunk) 1/15 San Francisco a-orney (laptop stolen) 4/15 San Diego law firm (laptop stolen on trolley) 17

  18. Why A-orneys Need Encryp6on 2007: 18 laptops were stolen from the offices of a law firm in Orlando. - Protected by encryp6on - SANS Ins6tute: “(laptop stolen, but the data was protected) shouldn’t be newsworthy...” Encryp6on protects data! 18

  19. Why A-orneys Need Encryp6on Electronic communica6ons can be intercepted. Wired and wireless network traffic can be intercepted. Cyberspace is a dangerous place! 19

  20. Why A-orneys Need Encryp6on Unencrypted Email = “A Postcard” "The common metaphor for Internet e-mail is postcards: Anyone – le-er carriers, mail sorters, nosy delivery truck drivers - who can touch the postcard can read what's on the back." Bruce Schneier 1995 20

  21. Why A-orneys Need Encryp6on Unencrypted Email = “A Postcard” Email – A Postcard Wri5en in Pencil Larry Rogers 2001 SEI - Carnegie Mellon University 21

  22. Why A-orneys Need Encryp6on Unencrypted Email = “A Postcard” “Emails that are encrypted as they’re routed from sender to receiver are like sealed envelopes, and less vulnerable to snooping—whether by bad actors or through government surveillance—than postcards.” Google Official Blog June 2014 22

  23. Why A-orneys Need Encryp6on Unencrypted Email = “A Postcard” "Security experts say email is a lot more like a postcard than a le-er inside an envelope, and almost anyone can read it while the note is in transit.” New York Times July 2014 23

  24. Why A-orneys Need Encryp6on 24

  25. 25

  26. Bo-om Line – Ethical Du6es Encryp6on is increasingly required in areas like banking and health care, by the FTC, and by new state data protec6on laws. As these requirements con6nue to increase, it will become more and more difficult for a-orneys to jus6fy avoidance of encryp6on. It has now reached the point where all a-orneys should generally understand encryp6on, have it available for use when appropriate, and make informed decisions about when encryp6on should be used and when it is acceptable to avoid it. 26

  27. Encryp6on = An electronic process to protect data = Transforms readable data into unreadable data Requires a key to make data readable again 27

  28. Encryp6on Readable Readable Unreadable Plaintext Plaintext Ciphertext Encryption Key Decryption Key 28

  29. 29

  30. Encryp6on Key Example AES-256 Key +30NbBBMy7+1BumpfmN8QPHrwQr36/vBvaFLgQM561Q= 30

  31. Encryp6on Key -----BEGIN PGP PRIVATE KEY BLOCK----- Version: BCPG C# v1.6.1.0 lQOsBFIOnHgBCACwAhCyBG5X52IkbIKpeN21wEa3kR+eLvqRkdjD1oL1o4kmy3hh Zz1l/DH7RcZX+efCP3RfEvi7Mu3a9KIEq0D0KxLQbhaWvVDzJ8yUCR8kRepFDKtj pj1G/049DJGM4AYHqhmTPSnwRnPBtv5Ci2k9cWgZSnH/4NnkAGYudsgReoxOsUt pfYTyMeoGBg2DkNG4yZ6uG86v5k641lgH9qABajjFfXoe2aMwbYPMWQDahJlCZfH U2q05GJt/2zThnky/D//savhrshpNxr1ddEa1QwgGSR/EDPkflv1b4yWH05DbRST dR9B136kh+2YMDtqaJ75hhU/H9Q6WmhBAIlXABEBAAH/ AwMCoZz7ekYu0YZgXUod EoYlOwJmlu/ZLx2GSFtZO2RNyvblG+O3ZeKukG1xbSvzBS0Z5OjQOYnD+X5arvNM DmpyilKpb5DueaN1osxPOkunqQ6cJlOWdROvUQkgLCD7Y7jfu4/coeK+HZuoIHSq txEQaICTDcEnFYjDJNYNGWKj6WfT3LGjDhCreck6MZcGGJHjmCN8VF+yEmsUIkM+ 9D/US/rl/lWnINlfgmhiN1NxpAhg9Xo43Mpwex3hZLXLrbhdTkRMVgHLEH5h3xxo /UyNGCn3T9CTa4/vNdmZmMlAAHQk6F0ZhqFLS8x3sR2hxwkaNGmGHRr/ihklv15U RrggHzH89zxc3RDC8al/wcieM1vXx9hK195r9NPJ/hET1EIqs3wLu8rmZDPazIVT j8bQdhH3X964Q70ciiREVXbY29uwSXKHU6Q8agmCDdeGoZ/bhtLaYSs6Q53dgW97 U2IN6QIxHDTa+eZU5t1RVR5ugHph6yhTk6rCQF+FTsiaezwHkXqS5SfyNJ2JgOCi 6l4HpA2gLOy3raV4MoSpsEwIpquTccu/B8Aiucy6UL7IELOAMT2s7c2R7qVoBvew 5e2gDid0CWNqN03Zvg4USKq3lYskMUWUtaaexDWNALB210OKixm6mGN4Vzelmq MK w6drwWbfuo+Xt540wlGOOuCjZoEM+qxKofnDZicDQ9Lns/eswvLZS2L/ei3kF4du B0wexeG7R5eNlOlDfReyz5qWXOLgS47In6OLBXlUfuuNsI0m64DM3Z9LBXev2TuG YHGG26j1FRwgOdSDynjITA2xZrIJQ7rBjJhiMedH1bLlUau75EU/qQVAV1jZ+qD/ CbD/vxVW237NaAPPlctGXrvWMyZh/PSjb/wC56veYrQAiQEcBBABAgAGBQJSDpx4 AAoJEKJQRE9Opr2dRb8H/A67kPkY8fwCY8JxF6tV46rmXIyPOsVzVHb+TG9p+0ep 1js13t1MGJuMS7CXaDdtPdahD9IKwKRO3z2Jxsg2ADYditkR7QUknGUnrJsQOkKx 8gXinRihRNjM2JzsqWkBEOauIlnO5+Y01g7KTo93N1F+pNrPNzRko8gAPWIozJMd 5wLT9NvtdJLRumJjTjQ9ydyLa41uOq8EZvYELwyq0USO5AzlOu5XAduduRv9qhIm CmN8RLgShJzCGhu2E08hgU2kZZtY1g3VyGnikkn4Vtr6wREh5SyvMlzirWAMb1G LvaFZWAYAPLlCtCZQU3pL8mjFTFAxsKS1CcRLUrOkLM= =9Ry2 -----END PGP PRIVATE KEY BLOCK----- 31

  32. A Simplified Overview Encryp6on Program Algorithm Key 32

  33. Protect Data at Rest – Servers, Desktops, Laptops, Tablets, Portable Media, Smartphones, etc. Data in Mo6on – Wired Networks, Wireless Networks, Internet, Cell Networks, etc. 33

  34. Is Encryp6on Too Difficult? A-orneys will open need assistance in seeng up encryp6on. There are now many easy to use op6ons for encryp6on (par6cularly aper setup). 34

  35. Protect Decryp6on Key! Generally requires password/passphrase to access key. Use a strong password/phrase - 14 characters or more. Use a password manager for mul6ple encryp6on instances. New NIST recommenda6ons. 35

  36. Passphrases Iluvmy2005BMW! IluvmXy2005B3MW! Stronger: Break dic6onary words with random le-ers, numbers, or symbols. 36

  37. Safeguards Backup Data Data Backup Recovery Key Enterprise Management 37

  38. Smartphones and Tablets iPhones and iPads Android BlackBerry 1. Follow manufacturer’s instruc6ons. 2. Use strong PIN or passcode. 3. Enable encryp6on. 4. Enable wipe aper X failed log-on a-empts. 5. Set auto 6meout. 38

  39. Open Whisper Systems Private Messaging Private Calling 39

  40. WhatsApp Private Messaging Private Calling 40

  41. Blackphone 2 Silent Circle Voice, Video, Conference Calling, File Transfer, Messaging 41

  42. Laptops and Desktops Full Disk Encryp6on Limited Encryp6on Secure – Par66on, Folder or File 42

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

E N G A G E W I T H D R A W W I T H D R A W B A L A N C E E N G A G E There is an appointed

E N G A G E W I T H D R A W W I T H D R A W B A L A N C E E N G A G E There is an appointed

E N G A G E W I T H D R A W W I T H D R A W B A L A N C E E N G A G E There is an appointed time for everything. And there is a time for every event under heaven A time to give birth and a time to die; A time to plant and a time to

626 views • 16 slides
HSEye Full Full- Full Full - - -Time HSE eye Time HSE eye Time HSE eye Time HSE eye 1

HSEye Full Full- Full Full - - -Time HSE eye Time HSE eye Time HSE eye Time HSE eye 1

HSEye Full Full- Full Full - - -Time HSE eye Time HSE eye Time HSE eye Time HSE eye 1 Health, Safety, and Environment ( HSE ) is crucial for any Oil & Gas and Construction business 2 Main Main accident kinds for the latest three

317 views • 13 slides
THE SOFTWARE Custom camera control software allows extra cameras to be added as needed allowing

THE SOFTWARE Custom camera control software allows extra cameras to be added as needed allowing

Time Slice systems - - also known as bullet time, stop time, or time freeze implement a camera array that ranges anywhere from 24 to 150+ cameras to create an effect of stopped time or extremely slowed time. Although the process was pioneered

197 views • 5 slides
W HAT IS TIME SERIES D ATA ? W HAT IS TIME SERIES D ATA ? A value over time W HAT IS TIME

W HAT IS TIME SERIES D ATA ? W HAT IS TIME SERIES D ATA ? A value over time W HAT IS TIME

T IME S ERIES D ATA P APERS C OVERED Interactive Visualization of Serial Periodic Data John V. Carlis and Joseph A. Konstan Visualizing and Discovering Non-Trivial Patterns in Large Time Series Databases Jessica Lin, Eamonn Keogh,

764 views • 32 slides
? Same time Same time Same place Same time Same place 2 different painters Our story really

? Same time Same time Same place Same time Same place 2 different painters Our story really

? Same time Same time Same place Same time Same place 2 different painters Our story really begins here The Wise Man Grard Mari Professor of Art History at Sciences-Po The art guru who told fascinating stories Myself Coline Debayle

1.14k views • 57 slides
Time and Timers The time Epoch The Current Time Sleeping and Waiting Timers

Time and Timers The time Epoch The Current Time Sleeping and Waiting Timers

CPSC-313: Introduction to Computer Systems Time and Timers Time and Timers The time Epoch The Current Time Sleeping and Waiting Timers Reading: R&R, Ch 9 Current Time UNIX Time Zero : 00.00 (midnight), January 1,

244 views • 7 slides
Time of Arrival (ToA ToA) ) Time of Arrival ( Used in GPS. Need synchronization.

Time of Arrival (ToA ToA) ) Time of Arrival ( Used in GPS. Need synchronization.

Time of Arrival (ToA ToA) ) Time of Arrival ( Used in GPS. Need synchronization. If round-trip time is used, then accurate clocks are only needed at the anchors. 9/8/05 Jie Gao, CSE590-fall05 1 Time Difference of Arrival

830 views • 54 slides
International Time Use Community & Policy-Relevant Time Use Research Time Use Research

International Time Use Community & Policy-Relevant Time Use Research Time Use Research

International Time Use Community & Policy-Relevant Time Use Research Time Use Research Kimberly Fisher Secretary International Association for Time Use Research Centre for Time Use Research Early Time Use Developments Earliest

661 views • 34 slides
Time and synchronization (Theres never enough time) Todays outline Time in

Time and synchronization (Theres never enough time) Todays outline Time in

Time and synchronization (Theres never enough time) Todays outline Time in distributed systems A baseball example Synchronizing real clocks Cristians algorithm The Berkeley Algorithm Network

484 views • 21 slides
As a PhD student we have to much to handle and not enough time to get it all done Time

As a PhD student we have to much to handle and not enough time to get it all done Time

As a PhD student we have to much to handle and not enough time to get it all done Time management (Getting more done) Showan Asyabi- Shain Roozkhosh Time Management Techniques Urgent Not Urgent Important Paper Deadlines Quality Time

565 views • 15 slides
Run-time Environments Chapter 7 1 Compiler Construction Run-time Environments Run-time

Run-time Environments Chapter 7 1 Compiler Construction Run-time Environments Run-time

Run-time Environments Chapter 7 1 Compiler Construction Run-time Environments Run-time Environment The static source code requires considerable support to be executed on a computer Data objects must be created and destroyed

590 views • 42 slides
Demography of First Time College Students Gender GENDER FIRST TIME % NOT FIRST TIME % Female

Demography of First Time College Students Gender GENDER FIRST TIME % NOT FIRST TIME % Female

Demography of First Time College Students Gender GENDER FIRST TIME % NOT FIRST TIME % Female 57.7% 63.7% Male 42.3% 36.3% ETHNICITY FIRST TIME % NOT FIRST TIME % Asian 15.8% 17.5% Black 13.9% 13.7% Hispanic 43.2% 42.5% White

456 views • 12 slides
Page 1 Time Stolen by Network Stolen Time Solutions Receive Processing Move CPU-intensive

Page 1 Time Stolen by Network Stolen Time Solutions Receive Processing Move CPU-intensive

Outline of Talk Background Augmented CPU Open real-time systems Reservations Rez and HLS Stolen time Rez-C and Rez-FB John Regehr John A. Stankovic Design University of Virginia Performance More stolen time

164 views • 3 slides
Time z ones W OR K IN G W ITH DATE S AN D TIME S IN R Charlo e Wickham Instr u ctor Time z

Time z ones W OR K IN G W ITH DATE S AN D TIME S IN R Charlo e Wickham Instr u ctor Time z

Time z ones W OR K IN G W ITH DATE S AN D TIME S IN R Charlo e Wickham Instr u ctor Time z ones Sys.timezone() "America/Los_Angeles" WORKING WITH DATES AND TIMES IN R IANA Time z ones OlsonNames() "Africa/Abidjan"

735 views • 18 slides
It's about TIME David Hoppe @hopasaurus hopasaurus@gmail.com It's time, so what! What is Time?

It's about TIME David Hoppe @hopasaurus hopasaurus@gmail.com It's time, so what! What is Time?

It's about TIME David Hoppe @hopasaurus hopasaurus@gmail.com It's time, so what! What is Time? What is a day? What is an hour? What is a minute? What is a second? Lets start at the beginning... What is a Day? How is time measured? By

928 views • 50 slides
A Brief History Of Time In Riak Time in Riak Logical Time Logical Clocks

A Brief History Of Time In Riak Time in Riak Logical Time Logical Clocks

A Brief History Of Time In Riak Time in Riak Logical Time Logical Clocks Implementation details Mind the Gap How a venerable, established, simple data structure/algorithm was botched multiple times. Order of Events Dynamo And

2.27k views • 168 slides
Work or Knowledge Foteini Baldimtsi, Aggelos Kiayias, Thomas Zacharias, Bingsheng Zhang

Work or Knowledge Foteini Baldimtsi, Aggelos Kiayias, Thomas Zacharias, Bingsheng Zhang

Indistinguishable Proofs of Work or Knowledge Foteini Baldimtsi, Aggelos Kiayias, Thomas Zacharias, Bingsheng Zhang ASIACRYPT 2016 8th December, Hanoi, Vietnam Motivation (ZK) Proofs of Knowledge - PoK Statement: Prover

984 views • 79 slides
Sending E-Mail Today MX Priority #1 SMTP Exchange

Sending E-Mail Today MX Priority #1 SMTP Exchange

DANE and SMTP: TLS Protec4on for SMTP Using DANE and DNSSEC Russ Mundy & Wes Hardaker Parsons <Russ.Mundy@parsons.com> <mundy@4slabs.com> 7/17/13

481 views • 9 slides
Job Search Youth Employment Services provides inclusive employment services for youth between 16

Job Search Youth Employment Services provides inclusive employment services for youth between 16

Job Search Youth Employment Services provides inclusive employment services for youth between 16 and 29. Our purpose is to prepare youth in realizing their potential to become self-sufficient. Aim Know how to plan your job search and where to

212 views • 6 slides
Internationalisation of the Curriculum. Linda Renton. Senior Lecturer. Queen Margaret

Internationalisation of the Curriculum. Linda Renton. Senior Lecturer. Queen Margaret

Internationalisation of the Curriculum. Linda Renton. Senior Lecturer. Queen Margaret University, Edinburgh, Scotland. Linda BM Renton. Email: lrenton@ qmu.ac.uk Images sourced from https://search.creativecommons.org/ Introduction. 24 th

526 views • 34 slides
2019 Cybersecurity Report Beyond Obfuscation: The Defense Industrys Position within Federal

2019 Cybersecurity Report Beyond Obfuscation: The Defense Industrys Position within Federal

2019 Cybersecurity Report Beyond Obfuscation: The Defense Industrys Position within Federal Cybersecurity Policy About the Report Section I: Illustrations of Cyber Threats and Vulnerabilities Section II: Policy Response to Cyber Risk

249 views • 20 slides
Beta Presentation Information Technology Assessment Toolkit The Capstone Experience Team IBM

Beta Presentation Information Technology Assessment Toolkit The Capstone Experience Team IBM

Beta Presentation Information Technology Assessment Toolkit The Capstone Experience Team IBM Adam Koshorek Alex Hanlon Connor Gilbert Eunbong Yang Department of Computer Science and Engineering Michigan State University Fall 2013 From

199 views • 7 slides
Distributed Computing at Hai.Thai@rackspace.com About: Me ME About: Me ME 09 Tech grad

Distributed Computing at Hai.Thai@rackspace.com About: Me ME About: Me ME 09 Tech grad

Distributed Computing at Hai.Thai@rackspace.com About: Me ME About: Me ME 09 Tech grad B.S. Computer Engineering 4 years at rackspace About: Rackspace About: Rackspace Managed + Cloud hosting Cloud Applications: Email

527 views • 30 slides
Security in Managed Print Services Toma Janiauskien | Arno t Matjka MFP is a tool

Security in Managed Print Services Toma Janiauskien | Arno t Matjka MFP is a tool

Security in Managed Print Services Toma Janiauskien | Arno t Matjka MFP is a tool integrated into business processes 2 Security 3 Occupational safety Video systems, parking control IT CYBER SECURITY Physical protection

546 views • 41 slides

More recommend