The news about the National Security Agency’s wholesale gathering of Internet and phone data is getting to be old news. The issues this news create, however, are not. Indeed, over the weekend, I began wondering about what duties we lawyers have that might be affected by the NSA’s data collection.
We all know that we have a duty to maintain client confidences. Rule 1.6 makes that abundantly clear, and even in the absence of the Rule clients expect confidentiality. It is widely understood that email is not a secure means of communication with clients, and some jurisdictions might require attorneys to advise clients of this fact. Apart from encrypting email, there’s not much that can be done to make email more secure.
But what about other Internet traffic that we generate? For example, could the NSA or some private actor be sniffing at your Internet traffic to see what web sites you’re visiting? Could those web sites give a clue to someone about the matters you’re working on? If you’re a business lawyer with a client that sells pizza restaurant franchises, imagine what a competitor might conclude if its snooping reveals you’re suddenly accessing web sites related to a new territory—like the state’s secretary of state. Your client’s secret plan to expand into a new state might not be so secret any longer.
Let’s not even start to contemplate all the web traffic associated with lawyers using online practice management services like Clio.
Before you begin to get too paranoid (or you conclude that I am), let’s keep in mind that the amount of traffic on the Internet is enormous. There is a practical obscurity that provides a level of security. Singling out your Internet traffic on behalf of a client is like looking for the proverbial needle in a large field of haystacks.
That being said, we lawyers are under a duty to take reasonable precautions or steps to ensure client confidentiality is preserved. We’re required to instruct our staff about this duty. We make sure that any online tools we use have sufficient encryption and security policies. Perhaps we should take one reasonable step with regard to our own Internet traffic. What would that step be?
Introducing virtual private networks
Virtual private networks, or VPNs, are nothing new. Their ease of use, however, has improved greatly. A VPN basically creates an encrypted tunnel on the Internet through which all of your traffic travels. This makes it a whole lot harder for an outsider (like the NSA, the Chinese government, or your neighborhood hacker) to see what your traffic looks like. A VPN can also confuse snoops, making them think your computer is actually in another city, state, or even country.
I won’t go into more details here, but Lifehacker.com has an excellent article that covers the details and more. I commend it to you for your consideration.
Having thought about it for a while over the weekend, I decided that a VPN was a good idea. The cost is very reasonable, and I know that my home and work computers no longer generate traffic that is easily monitored. I’ve been able to easily use the VPN on my iPad and iPhone as well. Now I have one less thing to worry about.