How the Internet Privacy Repeal Affects Secure Client Communication

This week’s Bar View guest author is Nicole Black. The opinions expressed in this piece are those of the author and are not intended to represent those of the MCBA or its board of trustees.

By Nicole Black, Esq.
Nicole black

You’re probably already aware that Internet privacy took a huge hit earlier this month when Congress passed, and the President signed into law, a bill that that repeals the Federal Communications Commission (FCC) rules. These rules were designed to protect consumers from privacy invasions by their Internet service providers (ISP).

What this means is that your ISP can now legally track all of your unprotected web browsing history (including every page within a domain that you visit), app usage, location history — and sell it to the highest bidder. That’s a lot of data, and much can be gleaned from it, including information about who you’re communicating with, how often you’re doing so, and for how long. For lawyers who communicate with clients using unsecure methods such as email, this new tracking capability granted to ISPs is troubling.

We discussed this very topic at the most recent monthly solo and small firm meeting at the MCBA. An IP lawyer raised the issue and explained why he found the repeal to be so disquieting. He also shared that since the passage of this legislation, he’d had a change of heart since our last meeting regarding client portals for client communication and collaboration.

By way of background, at the prior month’s meeting, I’d presented on cybersecurity for lawyers. When I reached the part of my talk where I recommended that lawyers ditch email and use client portals, this IP lawyer, who happens to be well-versed in technology, took issue with my position.

He explained that he preferred to have control over his data and was reluctant to share it with third parties. So he typically communicated with clients via email, but ensured that they understood the risks and that the sharing of particularly sensitive information was reserved for in-person meetings. And for collaboration purposes, he temporarily used online storage tools that allowed him to retain the encryption key and after the documents were shared, he would delete them.

After some back and forth on the topic of client portals, we agreed to disagree. I acknowledged the reasons for his methodology and understood why he might prefer it. But I nevertheless remained steadfast in my long held belief that as long as lawyers carefully chose their software providers, client portals are the best tool for secure client communication due to changing times and the fast pace of technological advancement.

Fast forward to the meeting earlier this month, and this same lawyer advised that he was unsatisfied by the security options being suggested to protect Internet users’ privacy in light of the repeal (more on those in a moment) and was increasingly convinced that client portals were the most secure option for client communication. His rationale was that with client portals, ISPs would only know that users logged into their secure, encrypted practice management platform but would have no knowledge of the actions taken while logged in. In other words, because of the repeal, he believed that prevailing security concerns outweighed his reluctance to outsource data to third parties.

Of course, as Internet users who happen to be lawyers, you undoubtedly have concerns about your personal privacy even if you use a cloud-based law practice management platform to communicate with clients. So what can you do to protect yourself from invasive ISPs?

The Electronic Frontier Foundation recently published a great blog post that outlines many things you can do to reduce the amount of information that your ISP can collect about your usage. Here are the key steps that are recommended (refer to the post for more detail on each one):

  • Pick an ISP that respects your privacy (the post includes a link to a list of recommended ISPs);
  • Opt-out of supercookies and other ISP tracking;
  • Install EFF’s browser extension to automatically enable HTTPs;
  • Consider using a VPN; and
  • Consider using the TOR browser.

So those are some steps you can take preliminarily to protect yourself. The solutions are not perfect and some may disrupt your online workflow. Over time, your options will likely increase as developers come up with new solutions to address this new need. But ISPs will no doubt attempt to combat your attempts to protect your privacy, so expect to be in for a bumpy ride for the next few years.

Nicole Black is a Rochester, New York attorney and the Legal Technology Evangelist at MyCase, a law practice management software company. She is the nationally-recognized author of “Cloud Computing for Lawyers” (2012) and co-authors “Social Media For Lawyers: The Next Frontier” (2010), both published by the American Bar Association. She also co-authors “Criminal Law in New York,” a Thomson West treatise. She writes a weekly column for The Daily Record, has authored hundreds of articles for other publications, and regularly speaks at conferences regarding the intersection of law, mobile computing and Internet-based technology.

Save

Save