[vox-tech] Legal Ethics Tech Question

Mon Dec 14 22:51:42 PST 2009

Bob Scofield wrote:
> I need some help on a legal ethics question.  I occasionally take my laptop to 
> the Sacramento Public Law Library to use its public access wireless 
> connection for some great online resources.  Right now the California State 
> Bar has a formal ethics opinion up for public comment:
> 
> http://calbar.ca.gov/calbar/pdfs/public-comment/2009/Prop-Opin-Tech-Confidentiality.pdf
> 
> With regard to a hypothetical where "Attorney A" used a public wireless 
> connection the opinion concludes:  
> 
> "that due to the lack of security features provided 
> in most public wireless access locations, Attorney A risks violating his 
> duties of confidentiality and competence in using the wireless 
> connection at the coffee shop to work on client X's matter unless he 
> takes appropriate precautions, such as using an adequate encryption 
> device and a personal firewall." 
> 
> The opinion goes on to state that the attorney generally "should not use 
> any unsecured public wireless connection that does not require a 
> password for access."  The opinion states that the attorney might get 
> his client's informed consent to use the unsecured wireless connection.  
> Footnote 15 notes that a hacker can gain access to a client's 
> confidential information on a computer even if the file pertaining to the 
> client is not open.
> 
> I've got a dual boot laptop, but I have to use Windows for my legal work.  
> Supposedly Windows XP has a firewall, though I've never used it.  But note 
> that the opinion talks about having to use both a firewall and an encryption 
> device.  So what is an "encryption device" that I can use to comply with the 
> ethics opinion when I am using Windows Internet Explorer to connect to the 
> web?  
> 
> Thank you.  (And thanks for making your answers simple since I'm not a 
> techie.)
> 
> Bob
> 
> 

While the built in firewall for Win XP SP2 is not necessarily the best I
would suggest turning it on as it does provide protection against some
of the hacks you mention, as it should block access to file shares that
aren't approved. There still are some known exploits that may allow
people to access any file on your system, and it might take a little
more research or a 3rd party firewall to effectively close those.

As for encryption, my read of that is that you need to create a secure
tunnel to a server somewhere else that you then do all your web surfing
through. Some examples of this would be a VPN, or an ssh tunnel: the
basic idea is that the first thing you do when you get on a network is
to create your secure tunnel, and from then on all of your web traffic
goes through that encrypted tunnel.

If you belong to a law firm investing in a company wide VPN setup would
make sense. For a single person there might be some services out there
that you could pay for a single user VPN. If you're feeling inclined you
could run your own, as long as you have a server somewhere, or a router
that supports OpenVPN (about $50). I actually have one but haven't tried
it yet, Netgear Open Source Wireless G router, has a VPN that can be
connected to from the outside world, then all traffic is as if I was at
home.

Hope that leads you down the right track,
Alex