Is It Time for Lawyers to Encrypt Data?

Has the time arrived for lawyers to begin routinely encrypting data, especially data carried on laptop computers and USB drives?
I take a look at some of the practical questions involving data encryption and the state of encryption in 2008 in my latest legal technology column in the ABA Journal called “Hidden Assets.” I focus on recent developments in the area of disk encryption.
The money quote:

When you balance the risks of loss or exposure of sensitive data against the costs and effort in encrypting data and drives, it’s becoming clear that we’ll see many lawyers moving to disk encryption in the very near future.

Disk encryption looks to be a simple, effective way to address some, but not all, data security concerns. Have you tried it? Is it working for you? Have you become less comfortable with not encrypting data in the past year?
Here’s the article. Your feedback is appreciated.
[Originally posted on DennisKennedy.Blog (]
Coming in March from ABA Publishing – The Lawyer’s Guide to Collaboration Tools and Technologies: Smart Ways to Work Together, by Dennis Kennedy and Tom Mighell
Technorati tags:


  1. Will says

    Hi, Dennis
    I work for as a lawyer for English central government. We use encrypted USB drives and have the USB ports on desktops and laptops encrypted to only use pre-approved, encrypted drives. But we have to be sensitive to this issue…
    For my personal use, I want software that deletes data if your laptop or USB drive got stolen from your car or at an airport.
    What I’d be concerned about is some punk selling on the laptop with client information still on it. Or, if it was my personal laptop, details of my kids’ schools, tax returns, bank accounts, bar membership, and more. I’d want to know that the information was being discreetly erased.
    Most times a laptop gets stolen, it’s some opportunist thief, not espionage or even that firm in the next street who, when you are angry, you think might just do that stunt.
    The laptop itself is worth only so many dollars. I may be insured. Yes, I’d have to reinstall all the software, but I may have a backup to take the edge off that chore. And why should the opportunist thief mind? Even the thief’s handler’d prefer not to have data that shows the machine is unlikely to have come from a legitimate garage sale.
    I’d be willing to risk the loss of all my data on one of those days I use up my three strikes on a wrong password. Because it’s backed up somewhere else, right?
    Discreet erasing of data would be of more use than encryption (although encryption would be a good second line of defence). If some commercial rival wants my data, will the encryption work? Features like a tracker are fine for the $50,000 Mercedes, but for an $800 laptop? (Would the PD find time to go round town to help me out? I’m not so sure.)
    The nearest I’ve seen come close to what I have just mentioned is DoOrDel
    Kind regards from London, England

  2. says

    I’m sure you’ve seen Bruce Schneier’s take on full-disc encryption, but just in case…
    I’ve been encrypting data on my laptop for a while now, and I don’t think I would ever risk not using some kind of encryption. At the very least, an encrypted partition for personal data–but I think whole disc encryption is the way to go. Since I use a Mac, it’s very easy to do with FileVault. But PC users might also want to take a look at PGP… it’s been around a *long* time in the encryption business.
    As you mentioned, with drives and CPU speeds ever increasing, I think there’s an argument to be made that not encrypting your data on a laptop is irresponsible at best, and in the future (if not already) might put you at risk of malpratice…

  3. says

    Just getting around to reading this a couple weeks later and it is an incredibly important issue that seems to be pushed off indefinitely. The biggest issue with deploying encryption on a broader scale seems to be the implementation headaches. Everyone knows they need it, and everyone is looking at it, but the uptake is very slow because deploying 10 or 100 or 1000 laptops with encryption configured correctly and the key management in place is way harder than the alternative, which is to do nothing. Of course it needs to be done, but even if the software is free the implementation costs seem to be pretty high.
    Microsoft has made some progress in simplifying the overall effort, but it still is a step or two short for an easily managed mass deployment.
    Here’s hoping that the industry continues to improve on this front!