Data Access by Government or Law Enforcement a Concern for Law Firms Using the Cloud

While storing sensitive legal documents in the cloud may be a good idea thanks to the lower costs associated with storage and flexibility, a question rises – who can access the material once it is up there.

More and more law firms are consigning their documents to cloud storage. However, there are still firms that would prefer not to make the move due to security and data access concerns. For instance, what about the cloud providers' giving client data to law enforcement agencies or government when requested – informally or formally via a warrant.

According to the American Bar Association (ABA), 55 percent of the ABA 2018 TechReport survey respondents indicated they used cloud computing, up from 52 percent in 2017. Of the respondents, 60 percent stated they used Dropbox, 22 percent used iCloud and 36 percent worked with Google Docs.

The thought of having confidential client material in the hands of the government or law enforcement is not a situation most law firms want to find themselves in. This is especially true for law firms that provide criminal, white-collar defense or defense in the case of sexual assault.

Even in personal injury cases, it would be a problem if confidential information was revealed.

The cloud computing industry has recognized the concerns of their clients in that it now offers more control for law firms and others over their data encryption keys. However, this might not be enough. Legal pundits believe there need to be more significant changes made before firms sign on to the cloud. For now, law firms will have to wait and see.

To better explain what issues law firms are facing, a working group was formed with representatives from the biggest law firms to outline the unique and specific roadblocks and risks cloud computing presents for them. The annual International Legal Technology Association's (ILTA) conference this August may see the outline created by the group. Whether or not cloud providers are going to address the concerns remains to be seen.

What about encryption keys?

Some cloud providers are offering encryption keys to address the concerns of law firms relating to client data and sensitive material. But, are encryption keys enough to allay security breach fears? According to Matt Coatney, HBR chief technology officer, encryption keys may be the answer as they are "very top of mind for law firms." "Keys are the 21st century equivalent of the locked door to the law office file room." It means the firm would need to know and be involved in getting client data, which may meet their stringent privacy and client confidentiality obligations.

What if a law firm owns its encryption keys? While that may be one solution to protect their data, encryption keys not safe from hackers. What's more, the encryption keys can also be sought via warrants or subpoenas.

This area of the law is new. Currently, there are no regulations that apply to a situation such as a warrant or a subpoena for encryption keys.

To store data in the cloud is an important business decision for any law firm. Law firms will have to carefully assess what risks they may face and whether they are prepared to take them.