Table of Contents of this Article:
By David Ferry. Based in San Francisco, he writes about the law, social issues, technology, and other oddities.
Emerging security, password, and research technologies offer new help for lawyers.
The legal profession may depend on centuries-old concepts and layers of precedent, but it is now increasingly moving online. And, with dozens of Silicon Valley startups offering new tools to ease lawyers’ daily workloads and improve security, law firms can’t afford to ignore emerging technologies.
Remembering It All
Two important challenges to address amid the relentless migration online are the exponential growth of passwords and the increasingly strict conventions that govern them. The long-standing practice of using combinations of eight characters plus a number is giving way to requirements for extra-strong passwords that cannot feature real words and must be changed every three to six months. The result? Three quarters of people use the same password for multiple websites – a big security no-no.
Enter password managers, which can store hundreds of passphrases – whether for LinkedIn, the bank, or movie rentals – all in one place. Services such as LastPass free, or $12 per year for added security features) and Siber Systems’ RoboForm free, or $10 per year to use on multiple devices) let you get at your stored passwords with a single encrypted master passphrase that the companies don’t have access to. So even if they’re hacked, they say, your data remains secure.
The key, says Jeremi Gosney, founder of password security consulting firm Stricture Group, is making sure your main password is especially strong. “Your master password is your key to the kingdom,” Gosney notes. So don’t make it password.
An alternative is using a local password manager, such as 1Password from Agilebits (free) and SplashID free to try, with tiered pricing for added services), which do the same thing but not online. A local password manager encrypts all your passwords and stores them on your own device. This provides greater security but is slightly less convenient for people who use more than one device.
Paul Youn, a San Francisco-based technical director at the security consulting firm iSEC Partners, warns that even if a password manager helps you track 30 different passphrases, each of those passwords is only as strong as you make it. He suggests generating random passwords (most password managers will do this for you), and “don’t try to make something memorable,” he says. “Memorable passwords are easier to crack.”
Notably, plenty of companies offer browser-based options, which can be considerably less secure but are more convenient. On the other hand, if your device is lost or stolen, a local manager would provide no better protection than an online manager. Youn and Gosney use online password managers themselves, both choosing LastPass.
Playing with Fire
More data was exposed in 2013 – more than 822 million records total, according to data breach tracking website DatalossDB – than any year in the past decade, often because hackers easily slipped past the network security systems, known as firewalls, that are supposed to control incoming and outgoing traffic. An old firewall is a bit like a leaky roof: Even if it fends off some of the downpour, you still have a problem. And a seven-year-old firewall is about as effective as a worn-out thatched roof.
Next-generation firewalls give users both greater security and greater control, says Sam Erdheim, senior strategist at AlgoSec, a security- management firm. They also give network administrators more control to block users from accessing services such as Skype or Facebook and to keep track of and manage employees who use their own devices for work. “The flip side of next-generation firewalls is more complexity. There’s a new skill set that the IT team needs to learn to actually manage this stuff properly,” Erdheim says. The learning curve may slow technicians at first, he admits, but the added security and customizability are worth the effort.
The newest trend in practice management is actually a tool that was popular a decade ago or earlier: the extranet. An extranet allows a law firm to give outsiders limited access to specific documents without putting any online.
Even relatively secure, cloud-based document-sharing services may leave sensitive documents vulnerable to hacking, says Norman Calderon of Greentree Solutions, a practice management consultancy in El Segundo. But an extranet allows a firm to hand out unique log-ins to expert witnesses, opposing counsel, or judges, for example, and then rescind the login credentials when they’re no longer needed. So it may be the ideal way to share sensitive files with outsiders.
“I’m waiting for the big case, where a law firm pays someone thousands of dollars to hack the other firm’s server and get an advantage in the case,” Calderon says. Then using extranets may get an added boost.
Wisdom of the Crowd
Finally, two startups are trying to breathe new life into the field of legal research, with apps that aim to do what Wikipedia did for encyclopedias (hopefully with a little more credibility).
At Casetext, a crowd-sourced legal-research website, lawyers, law school professors, and students – and anyone else with a mind to – can contribute annotations to more than a million legal texts. Users vote on the annotations, and those that rank highest float to the top. So there is no one “right answer” on Casetext.
“We’re the place where you can come see what the legal profession has to say about today’s leading cases,” says cofounder Jake Heller, who came up with the idea while he was president of the Stanford Law Review in 2009. Heller says more than 110,000 people visit the site each month. Of those users, he says, most have IP addresses associated with big law firms. The annotations generally come from a small share of users.
Another company trying to harness the crowd for legal research is Mootus. On Mootus, users can suggest a legal issue – whether Facebook “likes” are protected by the First Amendment, for example – and then others cite case law to “argue” the issue. After that, users vote for their favorite positions. Suggesting a topic is free, but paying $100 ensures that a question will be posted. Those winning the most points earn their writers extra “reputation and status” – on the site at least.