LITIGATION SUPPORT TIP OF THE NIGHT

Make note of the American Bar Association's Formal Opinion 477, published this past May. The summary states that:

A lawyer generally may transmit information relating to the representation of a client over the internet without violating the Model Rules of Professional Conduct where the lawyer has undertaken reasonable efforts to prevent inadvertent or unauthorized access. However, a lawyer may be required to take special security precautions to protect against the inadvertent or unauthorized disclosure of client information when required by an agreement with the client or by law, or when the nature of the information requires a higher degree of security.

The opinion does not recommend specific technical cyber security measures that should be taken, but requires attorneys to take reasonable steps specific to different factual circumstances. A lawyers should follow these guidelines:

1. Understand if a particular case presents a high threat for cyber intrusion. "[H]ighly sensitive industries such as industrial designs, mergers and acquisitions or trade secrets, and industries like healthcare, banking, defense or education, may present a higher risk of data theft."

2. Understand how data is transferred and stored. "Each access point, and each device, should be evaluated for security compliance."

3. Take Reasonable Security Measures. Such as, "using secure internet access methods to communicate, access and store client information (such as through secure Wi-Fi, the use of a Virtual Private Network, or another secure internet portal), using unique complex passwords, changed periodically, implementing firewalls and anti-Malware/AntiSpyware/Antivirus software on all devices upon which client confidential information is transmitted or stored, and applying all necessary security patches and updates to operational and communications software." An attorney is specifically charged with understanding that deleted files can be recovered.

4. Protect Electronic Communications - "If client information is of sufficient sensitivity, a lawyer should encrypt the transmission and determine how to do so to sufficiently protect it, and consider the use of password protection for any attachments."

5. Label electronic media as confidential.

6. Lawyers and their nonlawyer assistants should receive formal cyber security training.

7. Do due diligence on vendors hired to assist with electronic communications including checking their security policies and protocols.

If you're using Windows online email services (Hotmail or Outlook.com), Windows 7 may store emails used with accounts accessed on the PC in the Users folder on the C drive. You should be able to find emails in the .eml format at this location:

C:\Users\[User Name]\AppData\Local\Microsoft\Windows Live Mail

There are separate folders for emails from in the inbox and the outbox. Don't miss the additional email data that is saved in the 'Storage Folders' subfolder.

Email spoofing is the practice of sending a forged email that appears to be from a legitimate email domain, but is in fact from a different sender. Email protocols don't always verify that an address in the FROM field is one which the sending system is authorized to send from. A different (but similar) email address may be listed in the REPLY-TO field.

DKIM - DomainKeys Identified Email - is a method of authenticating the domain of an email sender.

Your Gmail account can run a DKIM authentication.

Follow these steps:

1. In a gmail message near the reply arrow, click on the drop arrow and select 'Show original'.

2. The resulting message will include a DKIM field indicating whether or not the particular message has passed the DKIM authentication test.

3. In the email header look for the line, "dkim=pass header", as official verification that the email has DKIM authentication.