1 CLOUDY WITH A CHANCE OF ETHICS Adaptable Lawyer Track Sammy Ford Abraham, Watkins, Nichols, Sorrels, Agosto & Friend Houston Al Harrison Harrison Law Office PC Houston Friday, June 19, :30 p.m. 2:30 p.m.
2 Sammy Ford I represent plaintiffs who have been hurt. I am board certified in Personal Injury Trial Law and handle catastrophic personal injury cases, but I also practice construction, securities, and complex commercial litigation, for companies and individuals. I am a native Houstonian and attended St. Thomas High School where I currently serve on the board. I went to Harvard and graduated with high honors, magna cum laude, in At Harvard, I served as Historian of the Harvard Political Union, the College's debating society, and as Secretary of Harvard CHANCE, a group dedicated to mentoring and tutoring students from Cambridge Rindge and Latin School. While participating in the leadership of CHANCE, I also helped two recently-immigrated students prepare for their English as a Second Language exam. After graduating from college, I came back to Texas for law school, finishing with Honors from the University of Texas School of Law in During my time there, I served as Development Editor of The Review of Litigation and as Chair of the Career Services Committee of the Thurgood Marshall Legal Society. In my final year, I participated in the school s first Supreme Court Clinic. We convinced the United States Supreme Court to review our client's case during a term in which the Court agreed to hear only 78 of the 8,517 cases filed. After graduation, I returned to Houston to clerk for the Honorable Jerry E. Smith of the United States Court of Appeals for the Fifth Circuit. During my time with Fifth Circuit, I worked on cases ranging from insurance law to administrative law to one of the most watched white-collar criminal cases of the 21st century. I then worked for two years at the Houston trial firm that pioneered contingent-fee commercial litigation, handling bet-the-company litigation. I am active in the community as a member of the local and state bar associations and the local, state, and national trial lawyer associations. I currently serve as a member of the State Bar's Computer and Technology Section Council, the Houston Lawyer magazine's editorial board, and the Houston Bar Association's Law Week Committee. When I am not working on behalf of my clients, I am active with travel, book collecting, and trying new and interesting restaurants.
3 Biographical Sketch: Al Harrison Harrison Law Office, P.C.; Houston Al Harrison is a patent attorney practicing intellectual property law in Houston with his wife Ronnie Harrison, a family law specialist, with the firm of Harrison Law Office, P.C. He has served as an expert witness and special counsel, and as a consultant on computer & online access, HIPAA protocol, and State Bar advertising review compliance issues. He speaks frequently on issues pertaining to intellectual property, ethics and advertising compliance, and law practice management. Prior to practicing law, he was employed as an engineer featuring operations research and mathematical modeling, and as a computer professional. Al has been a member of the State Bar Advertising Review Committee and presently is a member of the Web Services Committee. He also is a member of the Board of the Texas Bar College. He serves on the Houston Bar Association The Houston Lawyer Editorial Board and on the American Bar Association General Practice & Solos Division Book Publishing Board. He received a Bachelor of Engineering degree from City College of the City University of New York (cum laude; Tau Beta Pi); a Masters degree in Operations Research/Artificial Intelligence from New York University; and a J.D. from the University of Houston Law Center.
4 AL HARRISON Harrison Law Office, P.C. 411 Fannin Street, Suite 350 Houston, Texas (tel) (fax) Law Practice: Patent Law & Intellectual Property Matters; Computer & On-Line Law Education: City College of the City of New York: B. Eng (cum laude, Tau Beta Pi) New York University: M.S. Oper. Res University of Houston Law Center: J.D (Research Fellow 1984) Professional Activities Board, State Bar College Chair, SBOT Computer & Technology Section ; Council ; Lifetime Achievement Award 2007 Council, SBOT GP Solos/Small Firm Section Chair, SBOT Computer Law Committee, Intellectual Property Law Section SBOT Advertising Review Committee SBOT Law Practice Management Committee American Inns of Court, Garland Walker Chapter Editorial Board, HBA The Houston Lawyer ; Guest Co-Editor, IP/Litigation Issue 2007 Chair, HBA Law Practice Mgt. Section ; Chair, HBA Computer And Online Law Section HBA President's Award Board of Directors, Houston Intellectual Property Law Assoc Life Fellow, Texas Bar Foundation & Houston Bar Foundation Fellow, College of Law Practice Management Board of Governors, Downtown Club Houston President, Houston Area League of PC Users (HAL-PC) Law-Related Publications & Presentations Speaker, SBOT, Jefferson County Ethics Extravaganza Social Media 2012 Speaker, SBOT, Family Law Technology Course Cybersleuthing: Without Losing Your License 2012 Speaker, SBOT, Annual Meeting How Loud Is Your Cloud? 2012 Article, "Intellectual Property Issues: Thumbdrive Trademark"-The College Bulletin 2012 Speaker, SBOT, Annual Meeting Safeguarding Confidentiality & Privacy 2011 Speaker, Baylor GP Solos Institute "Enriching the Attorney-Client Relationship" 2011 Speaker, Harris County Attorney's Office, Emergency & Disaster Planning: Intellectual Property Issues 2011 Speaker, SBOT Advanced Consumer & Commercial Law Seminar Protecting Client Privacy 2010 Speaker, SBOT, Annual Meeting Safeguarding Confidentiality & Privacy 2010 Speaker, SBOT, Annual Meeting Billing & Collecting 2010 Speaker, SBOT, Advanced Consumer Bankruptcy Course, Virtual Practice 2010 Speaker, SBOT Emerging Legal Issues & Internet Course, Internet & Privacy 2009 Panelist, SBOT, Perfecting Your Practice Course, Law Practice Virtualization 2009 Panelist, San Antonio Bar Assoc, TechLawSA Course, Law Office Software-Taming Paper Tiger 2008 Panelist, SBOT Nailing It Course, Establishing SBOT-Compliant Website 2008 Panelist, Austin Bar Assoc & SBOT Webcast, Establishing SBOT-Compliant Website 2008 Article, The Houston Lawyer Magazine: Trademark-Surfing in Domain Name Space 2007 Speaker, Houston Solos & Galleria Chamber of Commerce Fail-Safed Electronic Office 2007 Speaker, SBOT Bill of Rights Course Freedom of Speech in Technology Age 2007 Speaker, Houston Bar Assoc. Empowering Your Law Practice: Online Strategies & Techniques 2006 Article, "Registration Roundup on Internet: Trademark Surfing in Domain Name Space"-Houston Lawyer 2006 Faculty, Center For Texas Judiciary Director, SBOT Lawyers and the Internet Seminar 1997 [2/2015]
5 Cloud Computing: Ethical considerations Sammy Ford IV - Abraham,Watkins, Nichols, Sorrels, Agosto & Friend, Houston Al Harrison Harrison Law Office PC
6 Agenda History Legal and Ethical Opinions Ethical Concerns with Data Privacy Popular Cloud Computing Options Questions
7 How We Work What exactly do we do in the office? What applications or tools do we use? How do we communicate with our colleagues both inside and outside the firm?
9 The Closed Network Model In-office Server [mail, documents] In-office Client [Attorney] In-office Client [Paralegal] In-office Client [Legal Assistant] In-office Client [Receptionist]
10 Remote Access to the Network Web Browser Tablet Inoffice Server Smartphone Office
11 Two Views of the Cloud: Overview Cloud File Server
12 Two Views of the Cloud: Client Cloud Server Cloud File Server Cloud Applications Client
13 Cloud: What is it? Definition: A decentralized model for access to shared computer resources. Key Characteristics: On Demand Self Service Network Access Resource Sharing Measurable Elastic
14 Cloud: Delivery Models Software as a Service o o Applications o Office 365 o Google Storage Infrastructure as a Service o o o o Secure Data Center Storage You rent hardware or space Co-location
15 Cloud: Why try it? Cost Savings o Pay overtime, not upfront Remote Access Syncronization Increased Security o Physical security, data backups, redundant power Advanced technologies and upgrades
17 Texas Rules of Professional Conduct Rule 1.01: Attorney has obligation to have competence in the performance of his/her duties. Rule 1.05: Attorney has obligation to protect and preserve the confidential information of his/her client. Rule 1.14: Attorney has obligation to safeguard the client s property.
18 ABA Model Rules of Professional Conduct Rule 1.1 Competence: A lawyer shall provide competent representation to a client. Competent representation requires the legal knowledge, skill, thoroughness and preparation reasonably necessary for the representation. Comment 8: To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in law and its practice, including the benefits and risks associated with relevant technology, engage in continuing study and education and comply with with all continuing legal education requirement to which the lawyer is subject.
19 Cont. Rule 1.6 Confidentiality of Information: (c) A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client. [Subsection (c) added August 2012]
20 ABA: Cloud Broadly defined, cloud computing (or "Software as a Service") refers to a category of software that's delivered over the Internet via a Web browser (like Internet Explorer) rather than installed directly onto the user's computer. The cloud offers certain advantages in terms of minimal upfront costs, flexibility and mobility, and ease of use. Because cloud computing places data--including client data--on remote servers outside of the lawyer's direct control, it has given rise to some concerns regarding its acceptability under applicable ethics rules. harts_fyis/cloud-ethics-chart.html
21 ABA s Question How does the vendor safeguard the privacy/confidentiality of stored data? How often is the user's data backed up? Does the vendor backup data in multiple data centers in different geographic locations to safeguard against natural disaster? What is the history of the vendor? Where do they derive their funding? How stable are they financially? Can I get my data "off" their servers for my own offline use/backup? If I decide to cancel my subscription to the software, will I get my data? Is data supplied in a non-proprietary format that is compatible with other software? Does the vendor's Terms of Service or Service Level Agreement address confidentiality and security? If not, would the vendor be willing to sign a confidentiality agreement in keeping with your professional responsibilities?
23 Ethics Opinions Overview All states allow for the use of the cloud Standard: Reasonable Care
24 Ethical Opinions Arizona Opinion Rules 1.1 and 1.6 require an attorney or law firm to take competent and reasonable steps to ensure that the client s confidences are not disclosed to third parties through theft or inadvertence and that the client s electronic information is not destroyed. Lawyers must recognize their own competence limitations regarding security measures and take the necessary time and energy to become competent or alternately consult with available experts in the field.
25 Florida Opinion 10-2 Lawyers who use devices that contain electronic storage must take reasonable steps to ensure that client confidentiality is maintained and to sanitize the device before disposition.
26 Alabama Opinion Lawyers may use cloud computing to store client files if they keep current on the appropriate security safeguards and take reasonable steps to ensure the cloud vendor uses suitable methods to protect the stored data.
27 Connecticut Lawyers ownership and access to the data must not be hindered. Security policies and processes should segregate the lawyer s data to prevent unauthorized access to the data, including by the cloud service provider.
28 Massachusetts Review (and periodically revisit) terms of service, restrictions on access to data, data portability, and vendor's security practices. Follow clients' express instructions regarding use of cloud technology to store or transmit data. For particularly sensitive client information, obtain client approval before storing/transmitting via the internet.
30 Texas Opinion No. 648 April 2015 May a lawyer communicate confidential information by ? o Even if unencrypted? Yes.
31 Attacks on Law Firms FBI and MI5 have both issued warnings to law firms about data security Street crime has gone down as cybercrime has gone up o Why? 85 percent of assets are intangible.
32 Is your law firm safer than cloud providers?
33 Are you safer than Jlaw In May, Jennifer Lawrence joked to MTV: "My icloud keeps telling me to back it up, and I'm like, I don't know how to back you up. Do it yourself."
34 icloud Hack Fall 2014 celebrity hack o Jennifer Lawrence, Kate Upton Nude photos released How did they gain access? o Hackers guessed their passwords o icloud allowed an unlimited number of retries without locking the user out.
35 Access and Encryption Who can access your cloud? Can employees of the cloud provider access your data? Can you send encrypted data to the cloud? Is the data encrypted on the cloud provider s server?
36 Encrypting Medical Records Health Insurance Portability and Accountability Act of 1996 (HIPAA) o Covers protected health information. o Now applies to just about all law firms as a result of HB 300. o Documents and information in the cloud must be encrypted o Encrypt locally and save encrypted files in the cloud o Professional level cloud services encrypt documents in transit and on server
38 Who can get your data? PRISM o What is it? A way for NSA, through FISA subpoena, to get data at rest Companies such as Yahoo, Facebook, Microsoft, and Google participated
39 Government Access Backdoors and disclosure What about encryption? Only as good as the product itself Good reason to encrypt before you send. BULLRUN o NSA (UK counterpart: Edgehill) o Attempt to weaken encryption standards and obtain backdoors and master keys Is data on the internet ever really safe?
41 Litigation Concerns Cloud is new and still trying to figure out appropriate policies Still have duty to preserve and produce data under your possession, custody or control Google Apps for Business with Vault ($10/user/month) archives s and chats, allows for creation of data retention policies, and has e-discovery features (admins can search user's s) What happens if your provider goes away? (Megaupload)
42 Questions to ask oneself The issues which an attorney must consider before using a cloud computing service include the following: Is the provider of cloud computing services a reputable organization? Does the provider offer robust security measures? Such measures must include at a minimum password protections or other verification procedures limiting access to the data; safeguards such as data back-up and restoration, a firewall, or encryption; periodic audits by third parties of the provider's security; and notification procedures in case of a breach. Is the data stored in a format that renders it retrievable as well as secure? Is it stored in a proprietary format and is it promptly and reasonably retrievable by the lawyer in a format acceptable to the client? Who owns the data? Where is the data stored? Does the provider commingle the data?
43 Recommendations Use password or PIN to lock and secure mobile devices Report any lost or stolen devices immediately Blackberry and Firm-approved handheld devices can be remotely wiped Firm laptops use encrypted hard drives Use encrypted removable flash drives for transporting confidential materials
44 THE MOST IMPORTANT POINT YOUR PASSWORD IS THE WEAKEST LINK
45 Wi-Fi Wi-Fi networks with no passwords can be easily intercepted Wi-Fi spoofing is common in high traffic areas like malls, coffee shops and airports o Beware of strangely named and unfamiliar Wi-Fi hot spots Consider using VPN to encrypt communications even over open Wi-Fi networks.
46 Cloud Storage Types Internal o Owned and operated by your in-house IT department o Private External o Owned and operated by someone else; hosted by a third-party o External private server
47 Backup Sync Collaboration Cloud Storage Types
48 Cloud Storage: Privacy Encryption o What is it? o Why is it important? o Encrypted transmission vs. encrypted storage Zero-Knowledge o What is it? o Why is it important? o What are the downsides? None, in theory.
49 File/Folder Encryption What is it? Why use it? Providers o Windows o Adobe o Winzip Cloud providers may produce your data o Provider can t unencrypt file.
50 Cloud Storage: Backup Server Server Server Mozy/Carbonite /Amazon
51 Cloud Storage: Sync
52 Cloud Storage: Sync Most sync services provide file storage and collaboration options as well. o SugarSync o Dropbox
53 Cloud Storage: Collaboration
54 Cloud Storage: Collaboration Not all storage solutions are suitable for collaboration There is a difference between storage and backup and collaboration The most popular storage solutions, however, do provide collaboration; most of those also provide syncing services.
55 Cloud Storage Providers Amazon Cloud Drive Box.com Comodo Cloud Storage CX (Cloud Experience) Dropbox Glide Google Drive HiDrive Idrive MegaCloud Memopal Mimedia Safecopy Sharepoint Skydrive Spideroak Sugarsync Synplicity Teamdrive Wuala
56 Dropbox o Most popular o 2GB 1TB Cloud Storage (Simply) o Boxcryptor Skydrive/Sharepoint o Integrated with MS Office going forward o 7/25GB 125GB o Boxcryptor Google Drive o Integrated with Google Documents/ o Boxcryptor
57 Box.com o 5GB Unlimited; Cloud Storage (Simply) o HIPAA Compliant o Encrypted storage in business accounts o Sync; Collaboration SpiderOak o Zero Knowledge o Probably HIPAA Compliant o SpiderOak's encryption is comprehensive -- even with physical access to the storage servers, SpiderOak staff cannot know even the names of your files and folders. On the server side, all that SpiderOak staff can see, are sequentially numbered containers of encrypted data.
58 Cloud Storage Horror Stories Some cloud storage providers are known for storing illegal and dangerous files Risks associated with using those providers Examples o Megaupload o Rapidshare
59 Productivity, , Calendar Hasn't this always been in "the cloud"? What's New? o Pricing per user per month o Scales with need o Maintenance done by host
60 Productivity, , Calendar What's included? Services: o o Calendar o Tasks o Contacts o Documents Software o Office suites accessible from a browser
61 Productivity, , Calendar Should We Purchase Office Software? o Does it make sense to purchase Microsoft Office for your office o Microsoft and Google are betting that many will not think so. Office Software As A Service o Benefits: Always up to date. Accessible anywhere Easy collaboration o Downsides Cost. Monthly fee. Not as feature rich
62 Productivity, , Calendar Services in Focus: Google Apps o o o o o o (cont.) Free to $50 per user per year Gmail-based . Use your own domain for free Google Drive-based storage Apps for word processing, spreadsheets, presentations; calendars; collaboration what we used to prepare presentation 4 million business customers / 5,000 new companies per day Small businesses to global banks
64 Productivity, , Calendar Office365 (cont.) o $4-$20 user/mo. o Cloud based using your own domain o Small Business Version: $6 per month gets , Word, Excel, etc. o Enterprise: $20/user comes with full version of Office, unlimited storage, external website, shared calendars. o Real-time collaboration o Sharepoint provides file storage for internal and external users.
69 Productivity, , Calendar Windows Live o o o o (cont.) Free through Hotmail Online storage through Skydrive Webapp allows retrieval of files stored on your computer, even if not synced in the cloud Webapp versions of Word, Excel, and Powerpoint Same as what's offered in Office365. More features than Google Apps. Option to edit document stored on Skydrive in browser or Office application. Easy collaboration
70 Remember the Milk o o o o Task Management Based on GTD Paradigm Multiple interfaces iphone/ipad Android Outlook (pro) Blackberry (pro) Web tasks Free for most users Pro: $25
71 Asana Task Management (cont.) o Online team and individual task manager Collaborative o Founded by facebook co-founder Dustin Moskovitz. o Free for teams up to 30 o Easy to add tasks to workspace: All ed tasks go to the user's general workspace o Multiple projects within a single workspace Tasks can be assigned and followed o
73 Faxing in the Cloud Fax is dying No need to purchase expensive server software o o o You have a fax number but no fax machine Move your fax server out of your office Many are using Microsoft Server's built-in fax server. Cloud options offer richer features Send and receive faxes by o View on your smartphone
74 Faxing in the Cloud (cont.) Services in Focus: RingCentral o o o Plans for either one fax number or individual fax numbers for each employee. $7.99/month - $49.99/month Toll free or local number ; Dedicated fax number; Receive faxes on your PC, via , or with a mobile application; Send faxes by ; Send faxes on your PC from any application
75 Faxing in the Cloud (cont.) efax o Standard: Choose a local or toll-free number; 150 Included inbound fax pages per month; 150 Included outbound fax pages per month; $.10 per page overage charge; $10.00 one-time setup fee; Lifetime storage; $16.95/mo o Pro: Choose a local or toll-free number; 200 Included inbound fax pages per month; 200 Included outbound fax pages per month; $.10 per page overage charge; $19.95 one-time setup fee; Lifetime storage o Incoming faxes delivered to inbox. Outgoing faxes sent to recipient's fax
76 Note Taking
77 Note Taking: Comparison Pro Con Both Programs Hold notes, lists, to do lists, pictures Great at syncing notes between computers and mobile devices OCR Translating handwriting into searchable notes Quick search of all notes Integration with Windows & MS Office Bundled with Microsoft Office Suite Basic account is free Better Mac support $99 Not in Mac version of Office $45/ year for a Pro account
78 Law Office Management Time Tracking Timesolv, Bill4Time, Time59 Billing and Finances Quickbooks Online, Freshbooks Legal Research Computer & Technology Section App All-in-One Options Amicus, RocketMatter, Total Attorneys
79 Law Office Mgmt (cont.)
81 Questions? Sammy Ford IV -