Data Access by Government or Law Enforcement a Concern for Law Firms Using the Cloud

BY Kerrie Spencer

Data Access by Government or Law Enforcement a Concern for Law Firms Using the Cloud


While storing sensitive legal documents in the cloud may be a good idea thanks to the lower costs associated with storage and flexibility, a question rises – who can access the material once it is up there.

More and more law firms are consigning their documents to cloud storage. However, there are still firms that would prefer not to make the move due to security and data access concerns. For instance, what about the cloud providers' giving client data to law enforcement agencies or government when requested – informally or formally via a warrant.

According to the American Bar Association (ABA), 55 percent of the ABA 2018 TechReport survey respondents indicated they used cloud computing, up from 52 percent in 2017. Of the respondents, 60 percent stated they used Dropbox, 22 percent used iCloud and 36 percent worked with Google Docs.

The thought of having confidential client material in the hands of the government or law enforcement is not a situation most law firms want to find themselves in. This is especially true for law firms that provide criminal, white-collar defense or defense in the case of sexual assault.

Even in personal injury cases, it would be a problem if confidential information was revealed.

The cloud computing industry has recognized the concerns of their clients in that it now offers more control for law firms and others over their data encryption keys. However, this might not be enough. Legal pundits believe there need to be more significant changes made before firms sign on to the cloud. For now, law firms will have to wait and see.

A point to consider for those leery about putting client information up on the cloud is the fact that ever since email became the mainstay of just about everyone, even law firms, clients have been exposed to the cloud. Somehow, it just does not seem the same when some law firms consider storing information "up there," but in the final analysis, it is.

Perhaps though, it is a matter of degree, as pointed out by Dan Nottke, chief information officer for Kirkland & Ellis LLP (Kirkland), an international law firm founded in Chicago, Illinois and the largest law firm in the United States.

Kirkland uses the cloud for expense and HR data but does not store client data on the cloud. Nottke says, "… to get full functionality out of systems, [cloud providers] have to have full access to your data stored on the cloud." Nottke also added that "the ability for a cloud vendor to have access to your data and take your data away without you knowing," is a point of concern.

To better explain what issues law firms are facing, a working group was formed with representatives from the biggest law firms to outline the unique and specific roadblocks and risks cloud computing presents for them. The annual International Legal Technology Association's (ILTA) conference this August may see the outline created by the group. Whether or not cloud providers are going to address the concerns remains to be seen.

What about encryption keys?

Some cloud providers are offering encryption keys to address the concerns of law firms relating to client data and sensitive material. But, are encryption keys enough to allay security breach fears? According to Matt Coatney, HBR chief technology officer, encryption keys may be the answer as they are "very top of mind for law firms." "Keys are the 21st century equivalent of the locked door to the law office file room." It means the firm would need to know and be involved in getting client data, which may meet their stringent privacy and client confidentiality obligations.

What if a law firm owns its encryption keys? While that may be one solution to protect their data, encryption keys not safe from hackers. What's more, the encryption keys can also be sought via warrants or subpoenas.

This area of the law is new. Currently, there are no regulations that apply to a situation such as a warrant or a subpoena for encryption keys.

To store data in the cloud is an important business decision for any law firm. Law firms will have to carefully assess what risks they may face and whether they are prepared to take them.

Kerrie Spencer

Kerrie Spencer is a staff contributor to Bigger Law Firm Magazine.


WordPress Plugins for Law Firms

Supercharge Your Law Firm’s Website: 5 Must-Have WordPress Plugins!

Are you looking to maximize your law firm’s website’s potential? You’re in the right place. WordPress offers a wealth of plugins that can improve your website’s functionality, from search engine optimization to online event scheduling. Here are five must-have plugins for law firms: Gravity Forms – Communication is key when it comes to your law…

Security vulnerability infected websites

WordPress Security Breach Used Vulnerabilities in Plugins in Themes

Over one million WordPress websites have been infected by a malware campaign called Balada Injector since 2017, according to cybersecurity firm GoDaddy’s Sucuri. The attackers behind the campaign use all known and recently discovered vulnerabilities in WordPress themes and plugins to breach sites. They typically play out their attacks in waves once every few weeks,…

Law firm partner learning about SEO

How to talk to the partners about SEO

As a law firm marketing director, you understand the importance of SEO in driving traffic to your website and generating leads for your firm. However, convincing the partners of your law firm to invest in SEO can be a daunting task, particularly if they do not understand its benefits. Here are some tips on how…