Published in The Drum / UK
SAT 21 MAY 2011
By Elaine Whitfield Sharp, distinguished British-born US lawyer
In Google’s latest move to take over the world, it is touting its newest shiny toy — the “Chromebook” — as technology empowering us to reach into “The Cloud” (aka, off-site digital storage) for all our needs in computer operating systems, software and data storage.
But, will this technology free us or enslave us? My view is that Chromebook and any other device that relies on “Cloud Computing,” creates stormy skies for lawyers and their clients by risking the loss of privacy and liberty at the hands of Big Brother.
Let’s get down to brass tacks: Storing data on the “The Cloud” is just a trendy term for storing data on someone else’s server so that when you are away from your desk, you can access that data by WiFi or 3G network.
Lawyers disagree about the security of so-called “cloud computing.” But what about clients? Do clients really want their lawyers to entrust their confidences and secrets (that is, the kind that we lawyers swear to take to the grave) to “The Cloud”?
One implication of storing client data on “The Cloud” is that a government entity may issue a subpoena to the third party (that is, the administrators of the remote server where the data is stored, aka, “The Cloud” server) commanding them to produce the data.
In America, The lawyer would not be notified of this. (Sharp says she has not checked out the UK position yet) The lawyer would have no opportunity to be heard by a US court to try to prevent access by raising, for example, the attorney-client privilege.
You disbelieve? Under the US Patriot Act, third party hosts of data areforbidden to inform customers if the FBI issues a subpoena for data. It would be a federal crime to tell.
If it’s on The Cloud, where’s the need for a search warrant for your office (protected under the fourth amendment to the US Constitution from unreasonable searches and seizures). If it’s on The Cloud, a subpoena will do very nicely.
One supposed benefit of The Cloud is that your computer won’t crash because the operating system, the virus and the software updates are all automatic. Who among us isn’t sick and tired of all these software updates and patches? Who among us hasn’t experienced the dread of a blinking cursor on a black screen after a disabling virus? To be sure, convenience is a big plus in The Cloud.
But, Cloud hackers are NOT looking to disable the server or shut you down; they want you very much alive. Cloud hackers are aiming at infiltration and colonization. They are blood-sucking, opportunistic data vampires. Take the recent Sony Play Station debacle where hackers got into the server cloud space (rented from Amazon) used for Play Stations and lynched personal information of some 80 million customers.
This is quite separate from the outage, also damaging to the Cloud computing concept, which disabled a large chunk of Amazon’s network in the US a few weeks ago
In a short video of interviews with experts (very outspoken!) about the Play Station attack, Tom Kellerman, a member of US President’s Barack Obama’s commission on cyber security, states, “Cloud infrastructure has yet to be secured.”
As a lawyer, that statement scares the Hell out of me. If The Cloud has “yet to be secured,” I say to Chromebook and to The Cloud, “Thanks; but, no thanks.”
Years ago, even before “The Cloud” became the trendy name for off-site data storage, I was approached by a company selling space for off-site data storage for lawyers.
For about two weeks, I went back and forth with various sales people, middle management and finally upper management on the issue of security and privacy. Not one of the people with whom I spoke — from minion to magnate — was able to guarantee me that the data could not be accessed by a hacker; and not one of them was able to guarantee me that I would be given notice of a subpoena to access the data by a third party, such as the FBI.
The US Patriot Act forbids it. And, if you think that the government can be trusted to only use that law to stop terrorism, just remember that absolute power corrupts absolutely. Cloud computing — data stored on off-site servers — is nothing new. And, according to Tom Kellerman, it is still not safe.
Yet, many state bars in the US — Alabama, Arizona, Massachusetts, New York, North Carolina and Nevada have either issued ethics opinions, or proposed ethics opinions, permitting cloud computing for lawyers. California has set forth standards for the storage and transmission of electronic client data, which arguably permits cloud computing.
Personally, I still believe that the best way to protect your data is to keep it close to you, in your office. If you need to access your data remotely, then set up a virtual private network (VPN) and make sure everything is heavily encrypted.
Better yet, don’t use a VPN. Take what you need on a flash drive zipped up in a pocket. Or use an iPhone and put all the documents you need on that. Back it up before you leave. And, if you lose it, nuke it remotely.
Call me slow to change. But colour me “safe” — not chrome.