Law Technology Today From the ABA Legal Technology Resource Center
Related Articles
The days before the mobile phone, in which people would meet face-to-face and use paper to correspond with each other, feels like a light year ago. Much has changed in a very short space of time, and it has mostly been for the better. Innovations like instant communication, not just voice but also image/video, conference call, instant messaging and email, have made the world akin to a village, in which we can literally cross the globe in seconds and communicate audio-visually.
But as communication technology continues to gain speed, the security threats against the mobile devices that facilitate these advanced interactions also intensify. We therefore need added reassurance that the people we are speaking to or messaging are who they say are they are. We need to be able to determine this at the blink of an eye and we need a method to shield ourselves from prying eyes and ears.
This is the challenge that businesses currently face, and where solutions such as Pryvate earn their keep. Standards like RSA4096, the strongest known public algorithm available, and AES256 allow us to have secrets and keep them where needed. Encryption has been around for quite some time already and has a reputation for making life hard for the user. The newer generation of crypto products is therefore no longer trying to enhance the level of security, but is rather working on making things easier to use.
For example, Public Key Infrastructure (PKI) offers the highest level of security imaginable but is extremely hard to implement, so key management will challenge even the technically astute. The real challenge for someone in the legal profession would be to have the trust their profession demands reflected in the electronic world, without having to rely on external parties or an additional degree in IT.
Making email secure can be achieved by installing certificates and encryption keys in email clients and ensuring they don’t expire, as well as keeping them in sync. Fixed encryption keys can be used with any particular customer, or the same key can be used for each and every customer—and both have their own challenges. Using the same key for every customer means messages for one customer can be read by any other, while using different keys for each customer requires a different AES256 key that needs tracking in a database which must be kept up to date.
Legal professionals might find this challenging, annoying, boring or even endangering to their business. We have seen several examples in the last year where even IT Security Professionals have managed to get it wrong with disastrous consequences, such as Comodo Comodo and DigiNotar.
Looking forward and learning from these errors we have learned that we need a system that is reliable, easy to use and able to adapt to whatever situation arises – without compromising trust and confidentiality. This will enable businesses to use the tools of the trade but at the same time upgrade their security to tomorrow’s standards to ensure they are always ahead of the game.
This demands state-of-the-art technology implemented in innovative ways that do not tie firms’ hands but liberate their communications while safeguarding privacy. This can be achieved through the use of encryption keys that are never handed over to anyone, but instead remain in app, in user control and are never given out. Whether for Voice, Video, IM or email this system can ensure no key is ever re-used or given to anyone else so no compromise is possible. Even the company that provides you the tool is never in possession of the key material and all material is even deleted from the app as soon as it has been used.
From the user’s perspective this all boils down to a system that employs the strongest algorithms in an asynchronous way, providing them with the best tool available for the task at hand. They can now use one app on iOS and Android to communicate with their customers, without fear of breaching confidentiality and without having to watch what they say or write, while also being guaranteed that they are communicating with the right person.
In this new world of secure communication, where mobile phones and tablets have replaced paper communication, no information can ever get into the wrong hands or be eavesdropped upon, as no-one can decrypt a message not meant for them. Throw in strong authentication and an easy to use tool, and for a few dollars a month businesses have an impenetrable suite of communications tools in their arsenal, permitting legal professionals total confidence that all their legal material relevant to a case will be kept safe and secure on mobile devices notorious for a lack of security.
