There was a moment in time, not too long ago, where the invasion of personal business was an intimate interaction. There was usually a gun or knife involved, and the mustache-twirling masked offender could see the whites of his victim’s eyes. Nowadays, the intimacy has dissipated. Many offenders commit their crimes from the comfort of their own homes, and the victims have become more numerous. Threats have gone digital.
In a landscape formed by hacks like the latest Equifax breach—and where such data attacks are becoming more and more commonplace[1]—attorneys are becoming increasingly concerned about their technology use. And rightfully so. An attorney has access to a tremendous amount of their client’s confidential information, and they often store and access this information through various applications on their various tech devices. As ethics-bound professionals, many lawyers find themselves asking the questions like, “Should I be using tablets and smartphones?” and “Should I be using email and the Cloud?”
In Philippe Doyle Gray’s essay, The Pillars of Digital Security, Doyle Gray argues that these are the wrong type of questions to ask. The question is not if the use of technology is ethical. The question is how we can use technology ethically. Equal parts anecdote and how-to guide, Doyle Gray’s essay seeks to inform and train readers to navigate the treacherous tech terrain so even the most tech-adverse attorney is capable and aware.
Doyle Gray begins his essay by laying out the stakes. He recounts a personal experience in 2013, where a financially-strapped client was asked to produce documents. This request resulted in $11,000 in photocopies. Later, when the same client was asked to produce more documents, Gray persuaded his team to go digital. This time, the cost was $990.
The benefits of technology are clear. Technology saves time and money. It makes tasks like accessing documents and communicating with clients and counsel easier and more immediate. But the risks are similarly clear—HIPAA violations, negligence suits, and potential disbarment for ethical violations should the information end up in the wrong hands. So how does one protect themselves and their clients? What is the most ethical way to govern one’s tech usage? As guidelines, Doyle Gray offers the American Bar Association rule 1.1.8 (on Maintaining Competence):
To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology, engage in continuing study and education and comply with all continuing legal education requirements to which the lawyer is subject.
and the American Bar Association rule 1.6.c:
A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.
And thus, the answer to the question, “How do I use this technology ethically?” becomes:
An attorney should make reasonable efforts to:
1) be aware of the risks and benefits of technology, and
2) prevent unintended/unauthorized disclosure or access of sensitive data
Doyle Gray utilizes these requirements to structure the rest of his essay. He outlines the risks and benefits of technology through the use of anecdotes, and he explains how to prevent sensitive data from falling into the wrong hands through the use of step-by-step instructions. To this end, Doyle Gray references law, traces historical events, and explains everything from setting up Find My iPhone to implementing necessary software upgrades. He ends the essay with the awareness that the legal sphere is slow to change and has always adhered to the status-quo, but with an appeal to the commitment that drives them—lawyers can be progressive when it helps justice be better served.
Doyle Gray’s essay is thorough, well-structured, and clear. It is a work that can be easily read over the course of a couple of hours, and his arguments are presented so plainly, it is difficult not to be persuaded. In his section about passwords, Doyle Gray explained that in 2013, it took a computer two seconds to break a six-character password, but it would take the same computer 48,000 years to break a 12-character password. Immediately after reading that, I changed my own phone password.
Though a little painstakingly comprehensive for the more tech-aware readers, Doyle Gray leaves no stone unturned for the tech-illiterate. He draws distinctions between passwords and logins, and devices and services, and defines words like “encryption” and “patching.” Doyle Gray gives readers step-by-step instructions for most prescriptive actions, some of which can be ignored by those weaned on the smartphone-bottle. He even deals with counter-arguments for most claims, providing the tongue-and-cheek answers to statements tech-unaware attorneys may make about distrusting “the Cloud” (“Oh, so you don’t use email”) and demonstrating that concerns for digital security are no more demanding than securing physical files and being cognizant of one's physical environment when on a client phone call. All in all, Doyle Gray offers a valuable resource in The Pillars of Digital Security for any attorney interested in being more aware and competent in their tech usage. In order to keep up with the ever-evolving digital security space, we should all take every resource we can get.
Consider Your Own Data Security:
- How long is your password? Is it complex enough?
- Do you have back-ups of your work?
- Is your information encrypted? How so? Not all encryption is created equal.
- Is your network secure? Or is it unprotected?
- Is your practice management software secure? Are they transparent about their security? (We are, check it out!)
- Are you doing everything you can to protect your data?
To buy Philippe Doyle Gray's essay, The Pillars of Digital Security, click here.
For more reading on digital security, check out our interview with Mara Glasser, a cyber intelligence analyst.
[1] If you feel like terrifying yourself (it is almost Halloween, after all), go ahead and click here to see a timeline of data breaches.
Philippe Doyle Gray is a commercial equity senior junior barrister, and a member of 8 Wentworth Chambers, from where he predominantly practices in document-intensive civil litigation involving allegations of criminality, fraud or other serious misconduct. His passion is the application of technology in legal practice to enhance cost-effectiveness and deliver justice.
Since 2013, he has conducted a paperless office and paperless courtroom. TECHSHOW is the world’s premier annual legal conference dedicated to legal technology, organised by the American Bar Association. Philippe is the first—and only—Australian lawyer ever to have been accepted as a member of the teaching faculty.
You can find Philippe Doyle Gray's LinkedIn profile HERE.
Leave a Reply