Take a good look at your mobile phone.
The thing you use to make calls on the go now does e-mail, chat, web surfing, takes pictures and voice recordings and lets you use practice management systems.
Legions of software developers and users alike use smartphones as platforms much like they use Microsoft’s Windows or Apple’s MacOS — as a means to an end, not just an end in itself — which makes modern phones harder to 'lock down' than their predecessors.
'Losing today’s smartphone is like losing your laptop,' wrote Brett Burney, principal of Burney Consultants LLC, in an article for abanet.org. 'There is a gold mine of sensitive and confidential information on your phone that shouldn’t be allowed in the wrong hands.'
Steve Matthews, principal of Stem Legal Web Enterprises, raised a few eyebrows when he predicted in a blog post that 'a law firm somewhere will declare smart phones to be a security risk, jamming transmission internally or banning usage from inside the firm.'
'The limb I was a referring to is law firms who overestimate security risks, especially when they fit another motive,' Matthews explained. 'In this case, I think the other motive is in-house productivity. Many firms block access to online time wasters, which simply routes employees to personal smartphones not under firm control.
'So my ‘limb’ was that we might see some law firm out there use it as an excuse to regain that internal control.'
Increasing discussion of smartphones, time wasters and all, has mainly been stoked by Apple Inc.’s iPhone, which has caught the eye of many a lawyer. Yet Sensei Enterprises, Inc. Vice President and Forensic Technologist John Simek insists the iPhone is riddled with security risks. He authored a paper entitled Why Lawyers Shouldn’t Use The iPhone: A Security Nightmare that picked apart the iPhone’s security lacunae.
Among his criticisms: data encrypted on an iPhone can be decrypted by transferring it off the phone using an SSH connection replacing a passcode file on the phone with one that contains a blank passcode and removes the unlock code.
'The problem is inherent in the iPhone design and must be fixed by Apple,' Simek insists.
While nobody denies Simek’s charges, his article has earned rebuttals that centre largely around: the smartphone genie having long since escaped the bottle; that no technology is 100 percent secure; and that the security gaps on the iPhone require a not insignificant level of technical expertise (like SSH and passcode files) to exploit.
Matthews also de-emphasizes the passcode criticism. 'BlackBerry owners are equally deficient in not enabling smartphone passwords,' he says.
Dean Leung, Director of Information Technology for Davis LLP, points out another counterargument — the risk inherent in smartphones relative to other things lawyers use to store information.
'I’ve heard of breaches via smartphones,' Leung admits, 'but they aren’t as severe as those from stolen notebooks.'
Thieves would most likely wipe iPhones to use themselves or sell them, Leung opines.
That said, Davis has standardized on BlackBerrys for several reasons, not the least of which is peace of mind. 'BlackBerry devices are the most mature when it comes to security,' Leung says, noting that their maker, Research in Motion Ltd. (RIM) has been catering successfully to the business market for much longer than the competition. 'Other smartphones are several generations behind in terms of security.'
'They’re pervasive in the U.S. government,' Leung adds. 'Even President (Barack) Obama carries a BlackBerry.'
Leung, who also serves on the Mobile, Remote and Wireless Peer Group Steering Committee for the International Legal Technology Association (ILTA), acknowledges other reasons for standardizing on one handheld. These include a more straightforward helpdesk workload and the applications all Davis lawyers have on their Berrys, like digital dictation, time and billing and a document management system client.
Carrying all these tools, plus e-mail, contacts, calendar and so forth in a shirt pocket or purse instead of a briefcase or roller bag, makes lawyers loathe to cede their smartphones.
That doesn’t stop them from grumbling about the hassles of keeping mobile devices secure, though. Leung understands this. 'It’s inconvenient to wear a seatbelt or to put a PIN number on an ATM card,' he says.
Yet lawyers need to accept their roles as the first line of information security for their firms. 'Lawyers have an ethical obligation to educate themselves on how technology works,' Leung says. 'It can’t be a black box anymore.'
Back
