http://denniskennedy.com/blog/2008/02/is-it-time-for-lawyers-to-encrypt-data/ Legal technology, technologylaw and other musings. Wed, 28 Mar 2012 14:08:25 +0000 hourly 1 http://wordpress.org/?v=3.0.4 http://denniskennedy.com/blog/2008/02/is-it-time-for-lawyers-to-encrypt-data/comment-page-1/#comment-282 Seth Mon, 25 Feb 2008 06:49:59 +0000 http://denniskennedy_com.innosoftware.net/?p=1332#comment-282 Dennis: Just getting around to reading this a couple weeks later and it is an incredibly important issue that seems to be pushed off indefinitely. The biggest issue with deploying encryption on a broader scale seems to be the implementation headaches. Everyone knows they need it, and everyone is looking at it, but the uptake is very slow because deploying 10 or 100 or 1000 laptops with encryption configured correctly and the key management in place is way harder than the alternative, which is to do nothing. Of course it needs to be done, but even if the software is free the implementation costs seem to be pretty high. Microsoft has made some progress in simplifying the overall effort, but it still is a step or two short for an easily managed mass deployment. Here's hoping that the industry continues to improve on this front! Dennis:
Just getting around to reading this a couple weeks later and it is an incredibly important issue that seems to be pushed off indefinitely. The biggest issue with deploying encryption on a broader scale seems to be the implementation headaches. Everyone knows they need it, and everyone is looking at it, but the uptake is very slow because deploying 10 or 100 or 1000 laptops with encryption configured correctly and the key management in place is way harder than the alternative, which is to do nothing. Of course it needs to be done, but even if the software is free the implementation costs seem to be pretty high.
Microsoft has made some progress in simplifying the overall effort, but it still is a step or two short for an easily managed mass deployment.
Here’s hoping that the industry continues to improve on this front!

]]> http://denniskennedy.com/blog/2008/02/is-it-time-for-lawyers-to-encrypt-data/comment-page-1/#comment-281 Dave! Tue, 12 Feb 2008 07:34:18 +0000 http://denniskennedy_com.innosoftware.net/?p=1332#comment-281 I'm sure you've seen Bruce Schneier's take on full-disc encryption, but just in case... http://www.wired.com/politics/security/commentary/securitymatters/2007/11/securitymatters_1129 I've been encrypting data on my laptop for a while now, and I don't think I would ever risk not using some kind of encryption. At the very least, an encrypted partition for personal data--but I think whole disc encryption is the way to go. Since I use a Mac, it's very easy to do with FileVault. But PC users might also want to take a look at PGP... it's been around a *long* time in the encryption business. As you mentioned, with drives and CPU speeds ever increasing, I think there's an argument to be made that not encrypting your data on a laptop is irresponsible at best, and in the future (if not already) might put you at risk of malpratice... I’m sure you’ve seen Bruce Schneier’s take on full-disc encryption, but just in case… http://www.wired.com/politics/security/commentary/securitymatters/2007/11/securitymatters_1129
I’ve been encrypting data on my laptop for a while now, and I don’t think I would ever risk not using some kind of encryption. At the very least, an encrypted partition for personal data–but I think whole disc encryption is the way to go. Since I use a Mac, it’s very easy to do with FileVault. But PC users might also want to take a look at PGP… it’s been around a *long* time in the encryption business.
As you mentioned, with drives and CPU speeds ever increasing, I think there’s an argument to be made that not encrypting your data on a laptop is irresponsible at best, and in the future (if not already) might put you at risk of malpratice…

]]> http://denniskennedy.com/blog/2008/02/is-it-time-for-lawyers-to-encrypt-data/comment-page-1/#comment-280 Will Mon, 11 Feb 2008 02:15:42 +0000 http://denniskennedy_com.innosoftware.net/?p=1332#comment-280 Hi, Dennis I work for as a lawyer for English central government. We use encrypted USB drives and have the USB ports on desktops and laptops encrypted to only use pre-approved, encrypted drives. But we have to be sensitive to this issue... http://business.timesonline.co.uk/tol/business/money/consumer_affairs/article2917650.ece http://news.bbc.co.uk/1/hi/uk/7197045.stm For my personal use, I want software that deletes data if your laptop or USB drive got stolen from your car or at an airport. What I'd be concerned about is some punk selling on the laptop with client information still on it. Or, if it was my personal laptop, details of my kids’ schools, tax returns, bank accounts, bar membership, and more. I'd want to know that the information was being discreetly erased. Most times a laptop gets stolen, it's some opportunist thief, not espionage or even that firm in the next street who, when you are angry, you think might just do that stunt. The laptop itself is worth only so many dollars. I may be insured. Yes, I'd have to reinstall all the software, but I may have a backup to take the edge off that chore. And why should the opportunist thief mind? Even the thief’s handler'd prefer not to have data that shows the machine is unlikely to have come from a legitimate garage sale. I’d be willing to risk the loss of all my data on one of those days I use up my three strikes on a wrong password. Because it's backed up somewhere else, right? Discreet erasing of data would be of more use than encryption (although encryption would be a good second line of defence). If some commercial rival wants my data, will the encryption work? Features like a tracker are fine for the $50,000 Mercedes, but for an $800 laptop? (Would the PD find time to go round town to help me out? I’m not so sure.) The nearest I've seen come close to what I have just mentioned is DoOrDel http://www.donationcoder.com/Software/Skrommel/ Kind regards from London, England Will Hi, Dennis
I work for as a lawyer for English central government. We use encrypted USB drives and have the USB ports on desktops and laptops encrypted to only use pre-approved, encrypted drives. But we have to be sensitive to this issue…
http://business.timesonline.co.uk/tol/business/money/consumer_affairs/article2917650.ece
http://news.bbc.co.uk/1/hi/uk/7197045.stm
For my personal use, I want software that deletes data if your laptop or USB drive got stolen from your car or at an airport.
What I’d be concerned about is some punk selling on the laptop with client information still on it. Or, if it was my personal laptop, details of my kids’ schools, tax returns, bank accounts, bar membership, and more. I’d want to know that the information was being discreetly erased.
Most times a laptop gets stolen, it’s some opportunist thief, not espionage or even that firm in the next street who, when you are angry, you think might just do that stunt.
The laptop itself is worth only so many dollars. I may be insured. Yes, I’d have to reinstall all the software, but I may have a backup to take the edge off that chore. And why should the opportunist thief mind? Even the thief’s handler’d prefer not to have data that shows the machine is unlikely to have come from a legitimate garage sale.
I’d be willing to risk the loss of all my data on one of those days I use up my three strikes on a wrong password. Because it’s backed up somewhere else, right?
Discreet erasing of data would be of more use than encryption (although encryption would be a good second line of defence). If some commercial rival wants my data, will the encryption work? Features like a tracker are fine for the $50,000 Mercedes, but for an $800 laptop? (Would the PD find time to go round town to help me out? I’m not so sure.)
The nearest I’ve seen come close to what I have just mentioned is DoOrDel
http://www.donationcoder.com/Software/Skrommel/
Kind regards from London, England
Will

]]>