g jn wj#sgcontent.sfbar.org/source/basf_pages/pdf/g184501materials.pdf · 2018-01-24 · a lawyer...
TRANSCRIPT
CYBERSECURITY
ETHICS FOR LAWYERS
SONAL MITTAL TOLMAN PRIVACY & CYBERSECURITY
WILSON SONSINI GOODRICH & ROSATI
02
BRADFORD A . BLEIER
FBI CYBER DIVISON
"Law firms have a tremendous concentration of really critical private information.” Infiltrating them is
an "optimal way toobtain economic
and personalinformation."
03
ABA Model Rules of
CA Rules of Professional Conduct
(1) Client confidentiality
(2) Competent representation
MODEL RULES
A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.
04
ABAMODEL RULE 1 .6 (C )
05
A lawyer shall providecompetent representation to a
client. Competence requiresthe legal knowledge, skill,
thoroughness, and preparationreasonably necessary for the
representation.
ABAMODEL RULE 1 .1
FOR 'TIS THE SPORT TO HAVE THE ENGINER / HOIST WITH HIS OWN
PETARD
HAMLET , I I I . IV .206-207
BONUS accept software updates
Screenshot example: Mac OS
Screenshot example: iPhone
Is this stuff really that helpful?
Really?
Lots of the tips we’ve discussed is what the pros do.
more references
● ABA Ethics Opinion No. 99-413, Protecting the Confidentiality of Unencrypted E-Mail (March 10, 1999), https://cryptome.org/jya/fo99-413.htm
● ABA Ethics Opinion No. 11-459, Duty to Protect the Confidentiality of E-mail Communications with One’s Client (Aug. 4, 2011), http://www.americanbar.org/content/dam/aba/publications/YourABA/11_459.authcheckdam.pdf
● ABA survey of cloud ethics opinions, https://www.americanbar.org/groups/departments_offices/legal_technology_resources/resources/charts_fyis/cloud-ethics-chart.html
more references
● Freedom of the Press Foundation’s guide to installing PGP (plus other helpful info), https://freedom.press/encryption-works
● Electronic Frontier Foundation, Surveillance Self-Defense Guide: Tips, Tools, and How-tos for Safer Online Communications, https://ssd.eff.org/en
● David G. Ries and John W. Simek, Encryption Made Simple, ABA GP Solo (Nov./Dec. 2012), http://www.americanbar.org/publications/gp_solo/2012/november_december2012privacyandconfidentiality/encryption_made_simple_lawyers.html
even more references
● Jack Nicas, “Google Faces Challenges in Encrypting Android Phones,” Wall Street Journal, http://www.wsj.com/news/article_email/google-faces-challenges-in-encrypting-android-phones-1457999906-lMyQjAxMTE2MDE3NjUxMDYzWj
● FTC, “Start with Security: A Guide to Business,” https://www.ftc.gov/tips-advice/business-center/guidance/start-security-guide-business#control
● VPN Comparison Chart, https://docs.google.com/spreadsheets/d/1FJTvWT5RHFSYuEoFVpAeQjuQPU4BVzbOigT0xebxTOw/edit#gid=0
—CYBER S ECUR I T Y FOR LAWYERS
Bar Association of San Francisco
Cybersecurity and Privacy Law SectionJanuary 16, 2018
Maureen O’NeillSVP, Discovery Strategy & Data Privacy/SecurityDiscoverReady
—WHAT TYP E S OF “ S ENS I T I V E I N FORMAT ION ” MUST B E S ECURED ?
—Corporate information systems are awash with sensitive information.
—SHAR ING S ENS I T I V E I N FORMAT ION IN L EGAL MAT T ER S
W H O A R E YO U S H A R I N G I N F O R M AT I O N W I T H ?
*See Appendix for some specific examples of security requirements
P R OV I D E R R I S K M A N A G E M E N T
https://www.acc.com/advocacy/upload/Model-Information-Protection-and-Security-Controls-for-Outside-Counsel-Jan2017.pdf
https://www.americanbar.org/groups/public_services/law_national_security/cybersecurity.html
https://thesedonaconference.org/download-pub/5194
R E S O U R C E S : L E G A L S E RV I C E S P R OV I D E R S
—L I T I GAT ION D I SCOVERY WORKF LOWS THAT PROTECT S ENS I T I V E DATA
Develop Sensitive Data
Strategy
Scan During Processing
Analyze, Organize, and Cull in Hosting
Conduct Careful Review
Check for Quality,
Consistency & Gaps
W O R K F L O W S T H AT P R O T E C T S E N S I T I V E D ATA
W O R K F LO W S T H AT P R O T E C T S E N S I T I V E D ATA
Develop Sensitive Data
Strategy
W O R K F LO W S T H AT P R O T E C T S E N S I T I V E D ATA
Scan During Processing
W O R K F LO W S T H AT P R O T E C T S E N S I T I V E D ATA
Analyze, Organize, and Cull in Hosting
Richness, Precision, & Recall
Richness What percentage of documents in the data set are relevant to our search?
PrecisionHow accurate is our search?• Better precision means reviewing fewer non-relevant documents• Better precision means lower costs
RecallHow complete is our search?• Better recall means finding more relevant documents• Better recall means lower risk
A N A LY T I C S T E R M I N O LO G Y
S E N S I T I V E D ATA S C A N / S E A R C H W O R K F L O W
W O R K F LO W S T H AT P R O T E C T S E N S I T I V E D ATA
Conduct Careful Review
W O R K F LO W S T H AT P R O T E C T S E N S I T I V E D ATA
Check for Quality,
Consistency & Gaps
—PRODUC ING IN FORMAT ION TO OPPOS ING PAR T I E S , R EGULATORS , AND COURTS
—D I SCOVER B E T T ER .D i s c o v e r R e ad y .
m a u r e e n . o n e i l l @ d i s c o v e r r e a d y . c o m4 1 5 . 4 8 9 . 8 2 6 4
T h a n k y o u .
—Appe nd i x :E x amp l e S e c u r i t y R e q u i r eme n t s
S E C U R I T Y R E Q U I R E M E N T S — E XA M P L E S
S E C U R I T Y R E Q U I R E M E N T S — E XA M P L E S
S E C U R I T Y R E Q U I R E M E N T S — E XA M P L E S