Data Access by Government or Law Enforcement a Concern for Law Firms Using the Cloud
BY Kerrie Spencer
While storing sensitive legal documents in the cloud may be a good idea thanks to the lower costs associated with storage and flexibility, a question rises – who can access the material once it is up there.
More and more law firms are consigning their documents to cloud storage. However, there are still firms that would prefer not to make the move due to security and data access concerns. For instance, what about the cloud providers’ giving client data to law enforcement agencies or government when requested – informally or formally via a warrant.
According to the American Bar Association (ABA), 55 percent of the ABA 2018 TechReport survey respondents indicated they used cloud computing, up from 52 percent in 2017. Of the respondents, 60 percent stated they used Dropbox, 22 percent used iCloud and 36 percent worked with Google Docs.
The thought of having confidential client material in the hands of the government or law enforcement is not a situation most law firms want to find themselves in. This is especially true for law firms that provide criminal, white-collar defense or defense in the case of sexual assault.
Even in personal injury cases, it would be a problem if confidential information was revealed.
The cloud computing industry has recognized the concerns of their clients in that it now offers more control for law firms and others over their data encryption keys. However, this might not be enough. Legal pundits believe there need to be more significant changes made before firms sign on to the cloud. For now, law firms will have to wait and see.
A point to consider for those leery about putting client information up on the cloud is the fact that ever since email became the mainstay of just about everyone, even law firms, clients have been exposed to the cloud. Somehow, it just does not seem the same when some law firms consider storing information “up there,” but in the final analysis, it is.
Perhaps though, it is a matter of degree, as pointed out by Dan Nottke, chief information officer for Kirkland & Ellis LLP (Kirkland), an international law firm founded in Chicago, Illinois and the largest law firm in the United States.
Kirkland uses the cloud for expense and HR data but does not store client data on the cloud. Nottke says, “… to get full functionality out of systems, [cloud providers] have to have full access to your data stored on the cloud.” Nottke also added that “the ability for a cloud vendor to have access to your data and take your data away without you knowing,” is a point of concern.
To better explain what issues law firms are facing, a working group was formed with representatives from the biggest law firms to outline the unique and specific roadblocks and risks cloud computing presents for them. The annual International Legal Technology Association’s (ILTA) conference this August may see the outline created by the group. Whether or not cloud providers are going to address the concerns remains to be seen.
What about encryption keys?
Some cloud providers are offering encryption keys to address the concerns of law firms relating to client data and sensitive material. But, are encryption keys enough to allay security breach fears? According to Matt Coatney, HBR chief technology officer, encryption keys may be the answer as they are “very top of mind for law firms.” “Keys are the 21st century equivalent of the locked door to the law office file room.” It means the firm would need to know and be involved in getting client data, which may meet their stringent privacy and client confidentiality obligations.
What if a law firm owns its encryption keys? While that may be one solution to protect their data, encryption keys not safe from hackers. What’s more, the encryption keys can also be sought via warrants or subpoenas.
This area of the law is new. Currently, there are no regulations that apply to a situation such as a warrant or a subpoena for encryption keys.
To store data in the cloud is an important business decision for any law firm. Law firms will have to carefully assess what risks they may face and whether they are prepared to take them.
The Knowledge Graph uses the information on the web to understand real-world connections between the data it collects.
Content guidelines with stated direction let writers, designers, and contributors know what they need to focus on.