Tech Up Your Law Practice— ABA TECHSHOW MARCH 27-29, 2014

ABA TechShow Banner

The Annual ABA TECHSHOW will be held in Chicago at the Chicago Hilton, March 27-29, 2014.  This year there will be more than 50 educational sessions focused on the latest technology tools, tips, and strategies for lawyers who want to stay abreast of “what’s next” and use technology to deliver more efficient client service.  I am honored to be co-presenting two of the sessions this year.  In addition, there are large exhibit halls where you can actually see, touch and learn about the latest law tech in action.

I am also really looking forward to the presentation by this year’s keynote speaker Rick Klau.  Rick is a partner at Google Ventures where he helps lead Startup Lab. Rick was previously a product manager at Google where he led product initiatives on Blogger, Google, and YouTube. You don’t want to miss his presentation on Disruptive Tech: What’s New, What’s Coming, and How It Will Change Everything.  This is sure to be an eye opener.

Now is the best time to start planning your trip to ABA TECHSHOW while everything is at the lowest price:

•        Early Bird Registration – Sign up by February 10, 2014, to get up to a $200 discount.

•        Housing – Make your reservation online before all the rooms are gone.

•        Airfare – ABA Members receive discounted airfare through Orbitz for Business.

To register or for more information to http://www.techshow.com/

See you in Chicago!

First Steps in Case of Suspected Data Breach

image

Okay, the breaking glass part is for dramatic effect and is optional.  However, once the specter  of a data breach rears its ugly head, your company should  immediately retain experienced breach counsel before it hires cyber security and forensics firms to access the scope of the breach.  Why?  Because if the law firm truly directs and manages the internal investigation and any loss  mitigation efforts, the attorney-client privilege and protections of the work product doctrine should apply.  Given that litigation often follows a data breach, the ability to investigate with an  assurance of confidentiality will promote more candid communications with company personnel  and will allow the company to better control the flow of information and public relations  messaging.  If outside counsel are not directing the investigation and loss  mitigation efforts, the whole process will be discoverable in litigation and information may be  misconstrued or mischaracterized.

The rationale behind the attorney-client privilege is to encourage free and open communication between the client and his or her lawyer, thus promoting informed, effective representation. The privilege protects communications between a lawyer and a client, or an agent of either, that are made in confidence for the purpose of obtaining or providing legal advice for the client. There is a serious question as to whether the privilege applies in the case of in-house lawyers interviewing company employees.  Clearly, if no lawyer is involved in the communication, or if a third party is present when the communication is made, there is no privilege

In comparison, the work product doctrine protects an attorney’s mental impressions, opinions and legal conclusions from disclosure based on the rationale that an attorney should be afforded privacy to prepare her client’s case. Work product protection is provided to documents or tangible things, prepared by or for a party, and prepared in anticipation of litigation or for trial. See FED. R. CIV. P. 26(b)(3).  Unlike the attorney-client privilege, the work product doctrine confers a qualified privilege and if the opposing party can show compelling reasons that requested information should be produced, for example, if it is not available anywhere else, the court in its discretion may order production.

For the “hire counsel first” strategy to work, the law firm retained must be prepared to respond almost immediately and to hit the ground running.  Preferably, the firm will have the capability of fielding a rapid reaction team of experienced attorneys that can rapidly assess the situation, retain the appropriate experts from a pre-vetted panel, properly conduct an internal investigation and promptly provide cogent legal advice on damage control strategies.  Your prospective  breach counsel should be able to discuss up front a proposed plan of action (“POA”).  The POA will vary depending upon the circumstances, but might look something like this:

  1. Ensure data is no longer being actively compromised  (retain expert for determination as needed);
  2. If possible, physically secure the data systems, data and documentation
  3. Obtain high level overview of factual circumstances;
  4. Identify scope of breach if possible and type of data (e.g., financial, personal, medical, etc.);
  5. Retain appropriate forensic experts;
  6. Implement document and data retention plan;
  7. Conduct interviews with key personnel to determine circumstances of breach;
  8. Determine how the breach occurred and whether it was  accidental or malicious (inside or outside job);
  9. Assess security factors and improvements needed going forward;
  10. Retain public relations experts as appropriate;
  11. Assess legal and regulatory requirements;
  12. Determine if law enforcement, or other officials should be alerted;
  13. Provide detailed opinion to client on legal and regulatory obligations, as well as loss mitigation action plan;
  14. As appropriate retain data breach response firm;
  15. Provide hotline and on line information resources for affected personnel;
  16. As appropriate provide notification of breach to regulators, government and affected persons;
  17. As appropriate provide mitigation resources to affected persons (e.g., credit monitoring), and,
  18. Provide assessment of steps needed to avoid or reduce the risk of future data breaches.

The POA above is bare-bones and generic. The bottom line is that breach counsel should be retained soon as a potential breach is discovered, and that once retained should be prepared to immediately implement a plan of action agreed upon with the client.  If that plan is properly executed by the law firm, the protections of the attorney-client privilege and work product doctrine should apply to most of the investigation and mitigation efforts.  Preservation of the privilege could prove to be vitally important in future litigation.

Bill Latham is the self-proclaimed Hytech Lawyer. He is also partner in the law firm of Nelson Mullins Riley & Scarborough, LLP and is a Certified Information Privacy Professional (CIPP-US).

Don’t be that Luddite Lawyer

OLD SCHOOL

According to the Merriam-Webster online dictionary, the word Luddite describes “one of a group of early 19th century English workmen destroying laborsaving machinery as a protest [for fear of losing their jobs]; broadly: one who is opposed to especially techno­logical change.” Being an out of the closet technophile, I frequently en­counter self-described “luddite law­yers” who brag about their lack of technological prowess and that all they need to practice law is “their wits, a pen and a yellow legal pad.” When I hear such drivel, it brings to mind stories of 19th century doctors resisting hand washing protocols and basic operating room hygiene because they too were “old school.” Who wants to be a patient of a self-proclaimed luddite doctor? Like­wise, how can technological ignorance be an asset for a lawyer?

In the most recent changes to the ABA Model Rules of Professional conduct, lawyers are advised that to be professionally competent it is necessary to keep current on the benefits and risks associated with technology. This guidance is found Comment 8 to Model Rule 1.1, which addresses the duty to provide competent representation. Comment 8 states in pertinent part:

To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks asso­ciated with relevant technology, engage in continuing study and education and comply with all continuing legal education requirements to which the lawyer is subject.

Id. (emphasis added).

What constitutes relevant technology is undefined and will no doubt vary depending up the practice area. Clearly, if you intend to represent clients in any sizable civil, criminal, bankruptcy or domestic litigation matter, an understanding of basic e-discovery principles is required to be an effective advocate. On the other hand, a small trusts and estates practice may have a lower technology bar to cross.

Savvy clients are also demanding their lawyers be technologically competent. One widely reported example is Casey Flaherty, in-house counsel at Kia Motors. Flaherty has developed a basic technology audit he administers to lawyers doing Kia’s work at outside law firms. He indicates that as a whole, his outside lawyers do not perform well on the initial test. This suggests to him that the lawyers are not using readily available technology to work efficiently. The take away: lawyers who fail to become technologically proficient are unlikely to get future Kia work.

With competitors like Legal Zoom, document review software, and so­phisticated document assembly programs taking ever larger shares of the legal service pie, lawyers will need to use technology advances just to hold their ground against tech heavy competitors. True, technol­ogy has and will displace some lawyers. Historically, however, ad­vancements in technology have largely benefited the human condition and improved life. For example, in 1900, 50% of the US population lived on farms and were employed in farming or farming related work. Contrast that with today where less than 2% of the population lives on farms and less than 4% of the population is employed in farm re­lated work. If you were a farm worker in 1900 and knew so many farm jobs would be lost in the upcoming century, you might be very afraid for the ensuing generations– “what will they do for a living?” As it turned out, such fear of widespread unemployment would have been unwarranted. As technology disrupts and destroys old economic systems, it creates new ones from the rubble. The trick is to recognize and adapt to the new normal.

Like farming in the 1900s, it is obvious that technology and economic efficiency pressures are transforming the way we practice law. Many legal futurists predict that in the near future there will likely be far few­er lawyers, working more efficiently and at a lower cost. Arguably, this a good thing for society and the profession, if not for us as individual lawyers living through the change. There will be winners and losers in the legal industry– those that can adapt to technological advances and innovate will thrive. Those that cannot will find employ­ment in a lower tech service field.

The good news is things are changing so fast on the legal technol­ogy front everyone is learning. A former luddite can jump into the deep end of the technology pool and with just a little effort  (meaning an investment of quality time) can get up to swimming speed with the techies fairly quickly. So come on in, the water is fine. Start with re­ally learning the useful features of your current software systems. Chances are your practice uses the Microsoft Office suite of software. You would likely be amazed how much more you can do with Outlook, Word, Excel, PowerPoint, Publisher, OneNote, Access, etc., than you do now. Move from there to really learn your practice management software. Look for areas of repetition that can be auto­mated. Look for interactive tutorials, CLEs, or even consider bringing in an outside consultant to teach a small group at your office. Hands on learning is most effective. Bottom line: Don’t be that luddite lawyer!

(The author thanks the Richland County Bar Association for granting permission to reprint this article from the November/December 2013 edition of the Richbar News).

Toys for the Hytech Lawyer—Your Personal Drone- Really! (Video)

image

For my 51st birthday, my wife and kids gave me a “hytech toy” that I now highly recommend tothose of  my tech savvy colleagues with some kid still left in them.  The Parrot AR Drone 2.0 Power Edition is an iPhone/iPad controlled quad-copter that is incredibly easy (and fun!) to fly and transmits HD video/photographs to your iPhone/iPad via Wi-Fi (the drone is the Wi-FI source).  You can record to video (but not sound) to your i-device or insert a thumb drive into the USB port of the drone for even better quality photos. The video quality of the Parrot is high enough that an enterprising lawyer could find it practical for taking an aerial view of an accident scene, inspecting the roof of a building, etc.  I have been asked by a local farmer to photograph his crop.  Possible tax deduction?  The Parrot also comes with an indoor shell that would permit it to be flown inside—but you better have a gym size room because this baby moves fast. The Parrot is not cheap at $ 369.00 (Brookstone) for the Power Edition.  This version comes with extra propellers in different colors and two long life batteries that go for 18 minutes each.    Make sure you get the 2.0 version as it is reportedly a signficant improvement over the original Parrot. The first video was taken on my second day with the Parrot—after about an hour of flight experience and I was doing flips and controlling the Parrot with confidence. One thing is definitely clear the Parrot can take a beating as I crashed it hard at least 10 times without more than minor scratches.   The next video depicts a high velocity fence crash that the Parrot survived relatively unscathed. Bottom line—this is a great toy to engage your inner kid and to play with your kids.  Highly Recommended.

The Hytech Lawyer Mourns the Loss of Steve Morrison

1jCi13_AuSt_74

Steve Morrison was my teacher, mentor, law partner and friend.  Steve died yesterday morning at only 64 years of age.  It’s been less than 24 hours since we learned the news, but my law firm, Nelson Mullins Riley & Scarborough, already misses him terribly.  You see, Steve Morrison was never ordinary- no ordinary lawyer, no ordinary person, no ordinary partner, no ordinary friend. He was in every respect bigger than life.

To describe Steve Morrison as a talented trial lawyer is an extreme understatement. Steve’s ability to connect with the jury and judge bordered on the mystical. He was a lawyer called upon to try the most difficult and unwinnable cases – more often than not, he won them.   To prepare for trial with Steve was the best legal education that a young trial lawyer could have.  A few years ago, I was first chair on a difficult commercial case with large exposure. I asked Steve if he would consult with me on the case. In reality, Steve was too busy to do so, but characteristically he agreed anyway. This was a new dynamic for me (and for him) because previously Steve had always been lead in any case I worked on with him.  Steve was a gracious teacher, never undercutting my “role” in the case, but instead engaging me–  “What are your themes?”  “What will your jury care about?” “what is the right outcome and why?”   We had a mock trial in the case with Steve playing the role of opposing counsel–  Steve dominated with the mock jury as was typical.  However, I took comfort in the fact that our opposing counsel was no Steve Morrison.  This is just one example of the many times Steve Morrison mentored me.   I know Steve was just as generous with many of my colleagues, many of the law students he taught as an adjunct professor at the University of South Carolina School of Law, and with many others both inside and outside the profession.

Steve was not only a lawyer, but an activist.  He not only talked about doing the right thing and making a difference – he went out and did it.  Over his career, Steve invested thousands of hours in pro bono work advocating for the underdogs of our society, from poor school districts, to incarcerated youth, to the homeless.  Morrison was a man of action.  This boy from Michigan, embraced his new home of South Carolina, and in particular the city of Columbia, and determined to make them better—he did.  Steve was active in everything – the arts, education, and community welfare.  He dreamed of what Columbia and South Carolina could be – then put his shoulder into pushing in that direction. He left his adopted home a much better place than he found it.

As a law partner, year after year Steve was more often than not the most productive lawyer in the Firm. He asked much of himself, and much of his colleagues. He continually pushed us to be better.  He shared Claude Scarborough’s vision of a national firm, headquartered in South Carolina, but with influence throughout the world.  As a member of our Firm’s Executive Committee, he pushed us to dream– to dare to be great.  Steve Morrison was a key contributor to what this Firm has become and what it will be in the future.

Finally, Steve was a devoted friend.  Although he had reached a level of national prominence, he always had time to speak to you.  He treated the high and the mighty and the poorest among us as Christ would have us treat one another.  That is not to say that he suffered fools lightly—but Steve had a big, compassionate heart.  He was a giver and sharer.  The State newspaper has a wonderful tribute to Steve on the front page of today’s edition. The title refers to Steve as “a force of nature.”  That is so very true.  Steve—we will miss you, but your spirit will always be with us.  Thank you.  Rest in peace my friend.

Cloud Computing Basics for Lawyers (Niki Black Interview)

clouds

I recently had the privilege to interview one of the pioneers of the legal blogosphere, Niki Black.  Niki is Director of Business Development at MyCase, a cloud based law practice managment system.  She is combination cloud computing guru and legal technology cheerleader.  In this recorded slide show, Niki gives a basic overview of “the cloud” including ethics issues, security precautions, and advantages for lawyers.

ABA Editorial Niki is also the author of the ABA publication  “Cloud Computing for Lawyers”

Niki Book

 

 

 

 

Other Recommended resources:

This is the first in a series of interviews we plan to conduct with some of the interesting personalities in the law technology business.

Presenting Witnesses at Trial or Hearing using Skype, Facetime, iPad, etc.

 

image

In the relentless drive to reduce litigation costs, it is becoming more and more common for witnesses to testify at trials and hearings via two-way video/audio feed as opposed to travelling long distances to testify in person.  At the same time, the technical challenges and costs of live video feeds have fallen drastically– to the point that they are hardly a consideration.   I have presented witnesses at hearings and bench trials using various combinations of Skype, FaceTime, GoToMeeting, the iPad, projectors, electronic courtrooms, etc.  With proper prior planning, adequate backups, the cooperation of the tribunal and opposing counsel, video testimony can be almost effective as live testimony.  The converse is also true, as was evident in the high profile Zimmerman trial where counsel did not understand the necessity of turning off the notification features in Skype, and the testimony was so disrupted by text messages that the court was forced to shut it down.   See Skype Fiasco.

In the below linked video, I demonstrate several configurations of video feeds, and share some of my experiences using them.  For questions or to share your own video witness presentation experiences, please comment to this post.

Video Presentation of Witnesses

IN CASE OF DATA BREACH EMERGENCY: STEP 1- BREAK GLASS AND HIRE BREACH LAWYERS TO PRESERVE PRIVILEGE

image

Okay, the breaking glass part is for dramatic effect and is optional.  However, once the specter  of a data breach rears its ugly head, your company should  immediately retain breach counsel before it hires cyber security and forensics firms to access the scope of the breach.  Why?  Because if the law firm truly directs and manages the internal investigation and any loss  mitigation efforts, the attorney-client privilege and protections of the work product doctrine  should apply.  Given that litigation often follows a data breach, the ability to investigate with an  assurance of confidentiality will promote more candid communications with company personnel  and will allow the company to better control the flow of information and public relations  messaging.  If outside counsel are not directing the investigation and loss  mitigation efforts, the whole process will be discoverable in litigation and information may be  misconstrued or mischaracterized.

The rationale behind the attorney-client privilege is to encourage free and open communication between the client and his or her lawyer, thus promoting informed, effective representation. The privilege protects communications between a lawyer and a client, or an agent of either, that are made in confidence for the purpose of obtaining or providing legal advice for the client. There is a serious question as to whether the privilege applies in the case of in-house lawyers interviewing company employees.  Clearly, if no lawyer is involved in the communication, or if a third party is present when the communication is made, there is no privilege

In comparison, the work product doctrine protects an attorney’s mental impressions, opinions and legal conclusions from disclosure based on the rationale that an attorney should be afforded privacy to prepare her client’s case. Work product protection is provided to documents or tangible things, prepared by or for a party, and prepared in anticipation of litigation or for trial. See FED. R. CIV. P. 26(b)(3).  Unlike the attorney-client privilege, the work product doctrine confers a qualified privilege and if the opposing party can show compelling reasons that requested information should be produced, for example, if it is not available anywhere else, the court in its discretion may order production.

For the “hire counsel first” strategy to work, the law firm retained must be prepared to respond almost immediately and to hit the ground running.  Preferably, the firm will have the capability of fielding a rapid reaction team of experienced attorneys that can rapidly assess the situation, retain the appropriate experts from a pre-vetted panel, properly conduct an internal investigation and promptly provide cogent legal advice on damage control strategies.  Your prospective  breach counsel should be able to discuss up front a proposed plan of action (“POA”).  The POA will vary depending upon the circumstances, but might look something like this:

  1. Retain breach counsel;
  2. Obtain high level overview of factual circumstances;
  3. Retain appropriate forensic experts;
  4. Ensure data is no longer being compromised  (retain expert for determination as needed);
  5. Identify scope of breach if possible and type of data (e.g., financial, personal, medical, etc.);
  6. Physically secure the data systems, data and documentation;
  7. Implement document and data retention plan;
  8. Conduct interviews with key personnel to determine circumstances of breach;
  9. Determine how the breach occurred and whether it was  accidental or malicious (inside or outside job);
  10. Assess security factors and improvements neded going forward;
  11. Retain public relations experts as appropriate;
  12. Assess legal and regulatory requirements;
  13. Determine if law enforcement, or other officials should be alerted;
  14. Provide detailed opinion to client on legal and regulatory obligations, as well as loss mitigation action plan;
  15. As appropriate retain data breach response firm;
  16. Provide hotline and on line information resources for affected personnel;
  17. As appropriate provide notification of breach to regulators, government and affected persons;
  18. As appropriate provide mitigation resources to affected persons (e.g., credit monitoring), and,
  19. Provide assessment of steps needed to avoid or reduce the risk of future data breaches.

The POA above is bare-bones and generic. The bottom line is that breach counsel should be retained soon as a potential breach is discovered, and that once retained should be prepared to immediately implement a plan of action agreed upon with the client.  If that plan is properly executed by the law firm, the protections of the attorney-client privilege and work product doctrine should apply to most of the investigation and mitigation efforts.  Preservation of the privilege could prove to be vitally important in future litigation.

Bill Latham is the self-proclaimed Hytech Lawyer. He is also partner in the law firm of Nelson Mullins Riley & Scarborough, LLP.

How To Create Your Own Secure Private Cloud

Pogo brandMany lawyers send and receive confidential client information via the “cloud” everyday. This includes popular services such as Dropbox, Box, Evernote, iCloud, SkyDrive, etc., etc. Despite the mysterious connotations engendered by the word “cloud,” cloud storage is really nothing more than a collection of servers and storage devices accessible via the internet.

There are a number of advantages to cloud computing. Besides having access to your files anywhere there is an internet connection, saving data in the cloud permits the backup storage of key documents in multiple locations lowering the risk of data loss. There is also the ability to share documents with others in a collaborative fashion.  This is significant because it allows computers and tablets (e.g., the iPad) with limited memory capability to access vast amounts of information that is actually housed externally.

One concern with traditional cloud computing, is that someone else has physical control of the equipment on which your data is stored and usually the data itself. This data can be stolen, hacked, destroyed, etc., or as we have seen recently, turned over to the government in response to a secret FISA subpoena.

Pogo backPogo Plug is an economical alternative cloud storage solution that allows access to data over the internet just like other cloud services, but instead of the data being stored on a server farm in India, Indiana, or Timbuktu, the data resides on your own computer storage device(e.g., thumb drive, external hard drive), at your home, office or other location of your choosing. In other words, you can access your own backup hard drive by the Internet. Like other cloud options, Pogo Plug allows you to securely share links to designated files with others. You can also stream music and videos. Access to Pogo Plug can be slow at times as compared to cloud services such as DropBox; however, in most cases this is a reasonable trade-off for the security of having physical possssion and control of your data,

Pogo Plug has been around since 2009. I have a model that is two years old. Several newer models of Pogo Plug devices are currently available and range in price from $25.00-99.00 and are available at most computer electronics retailers. You simply plug the Pogo Plug into an available Ethernet port on the rear of your wireless router. Then, plug one or more storage devices into one of the four USB ports on the Pogo Plug (e.g., a USB thumb drive or a backup hard drive). Once set up, you can upload data to or download data from almost any device via the cloud, including the iPad. The data is encrypted in transmission. When using Pogo Plug you have the choice of saving data to the Pogo Plug Cloud server (5 GB free– you can purchase additional storage capacity), or your own storage devices up to their full capacity. In my setup, I have a 1 TB ( = 1000 Gigabyte) drive and 32 GB thumb drive plugged into my PoGo Plug at home. I can access this drive from any computer, smart phone or tablet that is Internet capable. There is no additional cost beyond the initial purchase price of the device, so long as you are using your own storage (as opposed to buying storage capacity on the optional Pogo Plug cloud). Pogo Plug also has a free App for the iPhone and iPad allowing access to your Pogo Plug files.  Below are screen shots for showing Pogo Plug access via an iPad:

POGO2pogo33pogo44

 

 

 

 

 

 

Finally, Pogo Plug system appears to be sufficiently secure for lawyer use:

Files stored locally on your Pogoplug-connected hard drives remain safe in your home or office, and we do not keep a copy of any of your files on our servers. We also do not store your account password on our servers. When you transmit files to Pogoplug they are encrypted using 256-bit SSL, which is the same encryption protocol that your online banking system uses to protect access to your account.

So if you want the convenience of cloud access, but are concerned about the security of your data, Pogo Plug may be just the solution you need.  Questions? Leave a comment and we will reply on the site.

In-flight Wi-Fi- Gogo is a No No for Sensitive Info

image

In my practice, I frequently fly back and forth between the East and West coasts of the United States.   Consequently, I do a lot of work on planes and was delighted when several years ago my favorite carrier Delta introduced the Gogo Internet service on cross-country flights.  However, because my practice includes cyber security and data breach mitigation, I did what few lawyers do when they open a Gogo account — I actually read the Terms of Service.  It turns out that Gogo is very upfront about the lack of security on its in-flight Wi-Fi service.  Gogo explains :

The connection through which users purchase Gogo is an SSL-encrypted link. However, following such purchase, due to multiple users of our In-flight Wi-Fi access point, Gogo does not provide an encrypted communication channel (Wired Equivalency Protection known as “WEP”) or (Wi-Fi Protected Access known as “WPA”) between our in-flight Wi-Fi access point and the user’s computer. Gogo does support secure Virtual Private Network (VPN) access. If you have VPN, Gogo recommends that you use that channel for greater security. SSL-encrypted websites or pages, typically indicated by “https” in the address field and a “lock” icon, can also generally be securely accessed through the Gogo In-flight service. Users should be aware, however, that data packets from un-encrypted Wi-Fi connections can be captured by technically advanced means when they are transmitted between a user’s device and the Wi-Fi access point. Wi-Fi customers should therefore take precautions to lower their security risks.

Gogo recommends that users follow good security practices, such as ensuring file-sharing is not enabled while accessing the Internet from an un-encrypted public network and that laptops have firewall and other protection against malware. Gogo recommends that sensitive or private information should not be accessed via or transmitted over an un-encrypted connection.

Gogo Customer Help (emphasis added).

The bottom line is that Gogo lacks even the most rudimentary encryption capabilities.   So listen and heed Gogo’s own advice:— “Gogo recommends that sensitive or private information should not be accessed via or transmitted over an un-encrypted connection” (i.e, Gogo).”   This means don’t sign into your bank or financial institution while using the Gogo service. This also means not accessing confidential client information via Gogo.

So to sum it all up, be wary of airborne Wi-Fi, and let’s be careful out there