Spears Legal Technology


This blog is a resource guide for informational purposes only, and not the delivery of legal, technical or other professional advice. Using the information provided on this blog does not constitute an attorney-client relationship. If you need legal advice, please consult your lawyer.

Legal Practice

Lawyers Are Failing At Secure File Sharing

According to the survey:

  • 77 percent include a confidentiality statement;
  • 22 percent encrypt emails;
  • 22 percent include a confidentiality statement in the subject line;
  • 17 percent require clients' written consent for transmission (compared to 13 percent that require oral consent);
  • 14 percent password protect documents;
  • 13 percent share links to documents shared on a secure site.

Why is this a problem? After all, it's not like clients' email accounts aren't password protected. You're not leaving the files on their door stoop, or on a table.

But in a way, you are. Take, for example, a family law dispute. You email important documents to a client. Her spouse, if he doesn't know her password already, probably knows the typical information required to gain access to the account (birth date, mother's maiden name, etc.). Or, even more simple: he's stopped by to pick up the kids and clicks around on her unattended computer.



ABA asks NSA how it handles attorney-client privileged information in intelligence work

OK, NSA. It was all fun and games until the lawyers discovered that you were also spying on privileged attorney-client information.

Now it's fun and games with infinitely more paperwork.



Cryptolocker scambles U.S. law firm's entire cache of legal files

We are going to see more small and medium sized businesses with poor security/backup processes be affected by malware like this.

The email infected a company server holding thousands of important documents after an email with a malicious attachment was mistaken for a message sent from the firm's phone answering service.

That error left every single document used by firm on its main server in an encrypted state, including Word, WordPerfect and PDF files, said Goodson's owner, Paul M. Goodson.

"The virus also warned if you tried to tamper or decrypt anything, it was going to be permanently locked and you could never open it," Goodson said.

After IT staff were unable to make any headway against the malware's encryption, Goodson tried to pay the ransom but discovered that the grace period - another nasty aspect of Cryptolocker - had expired.

Read the full article

ABA survey: lawyers at most large firms unaware of data breaches

A recent American Bar Association survey, Security Snapshots: Threats and Opportunities, conducted by the ABA's Legal Technology Resource Center, asserts that "Fully 70% of large firm respondents reported that they didn't know if their firm had experienced a security breach." The survey findings also implied a systemic, widespread lack of information security best practices across the industry.

Because of the sensitive data handled by law firms, they're a critical and oft-overlooked weak link in the "Cybersecurity chain," according to Inside Cybersecurity.


E-Discovery: The Sedona Conference "JumpStart Outline"

Electronic Discovery is new enough to be foreign to practicing attorneys, and technical enough to be intimidating. Preparing to meet obligations related to data preservation, requests for production, court conferences, and FRCP Rule 26 can be a daunting process.

The Sedona Conference Jumpstart Outline (download here) provides a solid starting point for attorneys who wish to instruct clients about their preservation and production obligations, understand the opposing party's preservation efforts, or tailor discovery requests addressed to the opposing party.

Topics discussed within the outline include:
  • Relevant Document Retention Policies
  • Identifying Ke Custodians of Potentially Relevant Information
  • Data Stored on Network Servers
  • Emails and Instant Messages
  • Hard Drives
  • Data on Non-Company Computers
Check out the Sedona Conference website for additional publications detailing current best practices in e-discovery.


MN Prosecutor’s Facebook Posting Not Enough To Overturn Conviction

An interesting decision was handed down by the Minnesota Court of Appeals on Monday involving whether a prosecutor's Facebook posting is enough to warrant a Schwartz hearing to investigate allegations of juror misconduct.

In February, 2010 Abdulsalam Mohamed Usee was convicted of attempted murder and assault related to a 2008 Minneapolis shooting. On the day the jury was to begin deliberations Usee's defense attorneys learned that Assistant Hennepin County Attorney Gretchen Gray-Larson had made a post on her public Facebook page that discussed one of the jurors and stated that she was 'keep[ing] the streets of Minneapolis safe from the Somalias'. Six days after learning of the comments - and four days after the jury returned the guilty verdicts - Usee moved for a Schwartz hearing, which the trial court denied.

The appellate court affirmed the denial by stating that Usee had not presented evidence that the jurors had been exposed to the comments and thus "did not establish a prima facie case of juror misconduct." The appellate court also noted that because Usee waited six days after learning of the Facebook post to move for a Schwarz hearing - until after the verdict was announced - the district court was prevented from taking any precautionary measures against juror misconduct.

Neither side came off looking good in this case. According to the Star Tribune article, the district court judge called both the prosecution and defense "careless, foolish and unprofessional." If the Facebook posts were as described in court (and the opinion suggests the only evidence of the posts was presented in the form of two defense attorney affidavits), one can only wonder what was going through the mind of the prosecutor. Even in the modern world of social networking, awareness of the ethical consequences of posting anything related to a client matter should be paramount.

State v. Usee, 2011 WL 2437271 (Minn. App. June 20, 2011)


Failed Redactions in PACER: Lawyers Should Pay Attention

PACER is the program used by the federal court system to access case management and case documents that have been either scanned or e-filed. Last month Princeton University's Center for Information Technology Policy (CITP) released an article examining the frequency of redaction failures in PACER.

Building upon Carl Malamud's "groundbreaking" audit that found more than 1600 cases in which litigants submitted documents to PACER with unredacted Social Security numbers, CITP instead sought to determine how many litigants attempted to redact documents submitted to PACER but failed.

While acknowledging that the sample size used in their survey wasn't random, and that their discovery tool may be imperfect, CITP concluded that "thousands, and probably tens of thousands" of documents in PACER existed where the authors failed in their redaction efforts. Among the information their survey pulled from the sample: trade secrets, patient medical information, and the names of witnesses, jurors, and plaintiffs.

Read the entire CITP article here.

For a guide outlining techniques to securely redact documents, check out the NSA's "Redacting with Confidence: How to Safely Publish Sanitized Reports Converted From Word to PDF" published in 2005.


Social Media Defamation Lawsuits Multiplying

Social media may have a greater impact on the legal system due to defamation lawsuits, not threats or harassment, according to Vincent Gautrais, who holds the Université de Montréal Chair in e-security and e-business law. This conclusion is based on a recent study examining criminal activity on the Internet, where it was found that 15 percent of all Canadian and U.S. Internet-based rulings were on defamation cases. In France, it’s 49 percent and in Quebec it’s more than 10 percent.

“We often tend to believe that the Internet has increased the risk of threats and harassment, but that isn’t true,” says Gautrais. “It is defamation cases that have increased exponentially with the arrival of social media.”

My take: I have no doubt that defamation cases are on the rise due to social media and other web-based outlets. Those most likely to bring defamation claims, however, aren't the average Joes but businesses and individuals who have the resources to protect their public image. Also, the average Joes might have more trouble proving the legal element of harm necessary to win a defamation claim.

So if Gautrais is suggesting that defamation occurs on the Internet more often than threats and harassment, he has a ways to go before I'm convinced. The threatened and harassed might just choose to respond in a way other than using the legal system.


Social Media Law Enforcement Guides

Family law attorneys and prosecutors may find this information particularly useful, but I think it's a fascinating read on its own.

EFF, along with students from the Samuelson Clinic at UC Berkeley, filed suit against a half-dozen government agencies seeking their policies for using social networking sites for investigations, data-collection, and surveillance.

Here are the results of the EFF's efforts.

Image Credit: julosstock at stock.xchng


If we spoke a different language, we would perceive a somewhat different world.

Attorneys and technology specialists have more in common than you might think. Both groups spend a great deal of time troubleshooting an existing situation, or planning ways to prevent one from occurring. Both analyze the issue’s boundaries by referencing written standards and searching a vast history of prior cases to provide context. And both communicate in a specialized language filled with lingo that leaves everyone else scratching their head.

Unfortunately, they usually don’t speak the same specialized language.

Read More . . .