FIREWALLS COULD MEAN HACKING FREE-FOR-ALL
ABA Survey: Most
Firms Don’t Protect Confidential Documents With Security Software
BY STEPHANIE FRANCIS
Lawyers are noted for
their respect of client confidentiality, but they are showing an
interesting lack of concern about computer security, a recent ABA survey
that prevents unauthorized access to private data by outsiders, known as
firewalls, for the most part can protect businesses from hackers. But it
seems the devices are not prevalent at law firms.
The ABA’s 2002
Legal Technology Survey, published in August, surveyed 3,904 attorneys
and found that nearly 81 percent did not use firewall software on
personal desktop computers. About 35 percent reported that the software
was not available at their law firms, and 23 percent of the respondents
did not know if their law firms had firewall software.
If lawyers think
hackers aren’t interested in targeting them, says John A. Klein,
they’re wrong. Klein should know because his Minnesota-based company
is named Rent-A-Hacker Inc. The firm tests client sites to see if they
The notion that
hackers only target large corporations is a misconception, he says. He
estimates that only about 2 percent target high-profile businesses.
"The majority of
hacks have nothing to do with that," he says. "They’re
looking for the low-hanging fruit, and if that happens to be the lawyer
down the street, great."
In some instances,
Klein or one of his independent consultants can be hired to gather
electronic information from a third party. "We won’t be hired to
break the law," says Klein, a self-described hacker known as
"Cobras." "But there are some gray areas, and the law
regarding electronic communications may be the grayest, because it’s
As an example, he
mentions an instance in which his firm was hired by law enforcement to
break into the computer of a noncustodial parent who had kidnapped a
child. The authorities "may or may not have had the appropriate
warrants," he says.
Hackers use the
Internet to send out scanners, which check groups of Internet service
providers for vulnerability, Klein says. Once they find vulnerability,
they attack it. If a scanner hits a law firm, there’s nothing keeping
the hacker from accessing confidential client information, which could
be sold illegally.
"One would think
that a group that understands due diligence would know better than to
put itself at risk," Klein says.
That being said,
there are no model rules or ethics opinions that deal with lawyers
protecting electronic information, says Vincent I. Polley, chair of the
Cyberspace Law Committee of the ABA Section of Business Law. According
to the Houston lawyer, it’s an area that would be hard to legislate.
A firewall is not
something you can admire, which might explain why few lawyers have one,
says Robert McNeill, a Washington, D.C., lawyer and legal technology
consultant. Also, he thinks that many lawyers may not completely
understand what a firewall is.
pretty, like an LCD display," he says. "Sometimes the
companies that put in the computer system aren’t as diligent as they
should be about recommending this sort of thing because it’s not
Hiring a technician
to install a software firewall costs around $300 for a small law firm,
says Ben Sherwood, an Illinois-based computer security consultant. Also,
you can download an individual firewall for free at sites such as
surprised by the ABA survey results, which also showed that 80 percent
of respondents have sent confidential or privileged communication in
e-mails, while 70 percent of those lawyers rely solely on a
confidentiality statement accompanying the transmission to cover ethical
concerns. When he speaks about computer security with various legal
groups, most audience members indicate they have not taken measures to
protect their systems.
there are many different threats, like eavesdropping, lack of client
confidentiality of e-mail files, and the possible destruction of
files," he says. "Law firms are low on hackers’ radar
screens, but people are realizing the value of the information law firms
McNeill did not know
of any law firms that have been targeted by hackers, but he says it’s
something that few broadcast because of the client confidentiality
implications. According to the ABA survey, 13 percent reported that
their law firm had experienced a hacker attack, and 28 percent said that
they didn’t know if such an attack had occurred.