How lawyers can use Dropbox safely

Dropbox is a popular cloud computing service that offers some advantages for lawyers. Imagine how nice it would be to sit at home with your own computer, open up a client’s document (contract, will, etc.) and work on it—all without having to carry the document on a flash drive or email it to yourself. Dropbox gives you that ability. The great thing about Dropbox is that you can use up to two gigabytes of storage on Dropbox absolutely free.

With Dropbox installed, you have a folder on your computer called (appropriately) Dropbox. Whatever you move into that folder gets uploaded to Dropbox’s servers. If you install Dropbox on another computer (like the one you have at home), you have another folder named Dropbox. When you open it, you’ll find the very same documents that you put in the Dropbox folder on your office computer.

Brilliant, right?

Absolutely, but for lawyers there’s a catch.

Our ethical obligations require us to maintain our clients’ information in confidence. In theory, an employee at Dropbox could snoop around and see the client’s documents. Practically, this is unlikely given that your client’s documents are like a needle in a haystack—one of millions (if not billions) of documents stored on thousands of servers at Dropbox’s location.

For some lawyers, this practical obscurity is enough security. It’s a personal judgment call, and some lawyers won’t be comfortable with this setup. (Personally, I find myself riding the fence between these two positions, which is why I use Dropbox for limited purposes.)

Suppose that we could make sure our client’s files and documents were encrypted before they were uploaded to Dropbox, so that anyone who might access the files on the Dropbox servers would see only gibberish. That would certainly address all concerns about confidentiality—so long as you use a smart password for the encryption.

It turns out that we lawyers can have a setup like this with the use of another free tool, TrueCrypt. This software lets you create a virtual hard disk that is encrypted and requires a password to open. TruCrypt is available for Windows, Mac OS X, and Linux.

Basically, on your work computer, you create a TrueCrypt volume, say one gigabyte. Copy the files you want to upload to Dropbox onto this volume. Next, unmount the volume, and you’ll have a file you can copy to Dropbox–the file is basically an encrypted container for your sensitive documents.

From the other computer you use (perhaps at home), you make sure TrueCrypt is installed. Open up your Dropbox on the second computer, pull the TrueCrypt file out, open it and mount it. Voila–your files are on your home computer where you can work on them.

This workaround is not perfect. Because Dropbox sees the TrueCrypt disk only as a file, any changes made on your home computer will not automatically sync with your work computer. When you’re done making changes on the home computer, you need to close the TrueCrypt disk, unmount it, and drag that TrueCrypt file back to Dropbox (replacing the old one).

The other thing that’s missing from this workaround is the ability to access files on a TrueCrypt disk from portable devices. Presently, TrueCrypt is not available on iOS, Android, Blackberry, or any of the other portable operating systems. Hopefully, the people behind TrueCrypt are at work on apps for the iPad and Android so that we can access files from those devices. I haven’t seen any indication that these apps are on their way, but perhaps if enough of us ask for it, we might get lucky.


Technorati Tags: , , ,



6 thoughts on “How lawyers can use Dropbox safely

  1. Have you looked at sharefile? After looking at your article, it made me think that Dropbox isn’t the way to go for a law firm as there are too many hoops to be sure of the security of the files, and the process you outlined won’t allow us to sync with our file server. A quick review of sharefile leads me to think they may be more appropriate for the legal profession, or anyone who is more security oriented given they seem to have thought through the security aspects. Thanks for the overview, Todd. FYI, I’ll be test driving sharefile next week.

  2. Hey, I use the same tools to store private documents in the cloud. I just found Disk Decipher for the iPad to open TrueCrypt files. Now I just need to reduce my TrueCrypt volume size to open it on the iPad – 2gb was kind of slow… 🙂

  3. It’s also worth mentioning that the TrueCrypt files CAN auto sync after changes are made, by disabling the “preserve timestamps” setting in the TrueCrypt preferences for each machine. Then it only uploads the changes (block level) and also will automatically sync the changes after unmounting.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s