I wrote an article not long ago about protecting our personal and sensitive important information. As some of you are well aware, once your data is out there, it’s out there. From the first click of the “check out now” button, you are being traced, watched and analyzed. From how much you spend, where you shop, to your favorite products to your prime shopping time – you’re being tracked. But that’s just one aspect of this passive monitoring. Big Brother (e.g. and fact, as we now all know, the NSA) has the capability and may not only watching but also listening, recording and even transcribing your confidential client conversations.
What about when it’s not only your information that is being tracked, but your clients’ confidential information is at risk of also being recorded? As a risk and security director of a multi-million dollar company, it is one of the toughest questions and concerns I have. I’m in constant contact with high-profile clients and sensitive data.
The good news for lawyers, corporations and medical professionals, concerned about maintaining their duty of confidentiality is that there are tools and safeguards now to help them.
Legal and risk management specialists, such as myself, need to be very aware of the possibility (or now, probability) of their communications being intercepted by empowered governmental agencies. Given the ever-changing, nebulous status of agency data collection laws, legal professionals have to deal with the ambiguity of this usage of collected data – while contending with the secretive nature of intelligence agency operations, as well as the U.S. Foreign Intelligence Surveillance Court that oversees surveillance warrants.
Lawyers – and anyone for that matter – should assume all of their conversations are subject to covert surveillance an should take steps to protect confidential information.
I can’t stress enough that all pertinent emails, electronic messages and communications should be encrypted. There is no shortage of available encryption hardware and software, and I highly recommend using an encryption service such as ZixCorp or the open-sourced TrueCrypt: (Warning: this is an open source method and may not be as stable as desired.) Platform-specific devices are also available, such as, Apple’s FileVault.
“One can also purchase self-encrypting hard drives such as the Seagate Secure and already-encrypted flash drives – e.g., IronKey from Imation Corp. and encryption software such as Symantec Whole Disk Encryption and Sophos Ltd.’s Safeguard“, says Lina Maini of Beacon Network Investigations, LLC.
As for passwords, I recommend a more secure method of authentication, such as security tokens or USB tokens.
Perhaps apparently, I’m a big fan of firewalls, and encrypting everything networked – from email to any and all telecomm technology apps. I’ve also become a huge fan of the company Silent Circle. One of my favorite features of Silent Circle’s service is the ability to program burn settings. I.e., one I’ve sent any type of message: email, text, audio, it is then encrypted and will burn itself at the pre-set time. I’ve chosen.
Many people forget that one a voice message, text or email has bent sent, that data has to go through a provider, e.g., Apple, and is then is transferred back to the end-user, therefore leaving data footprints that can be copied.
For professionals that mainly communicate via phone, relief from eavesdropping is on its way. This month: Spanish smartphone company GeeksPhone and software company Silent Circle launch Blackphone, an encrypted smartphone that protects phone calls, text messages, emails and Internet browsing. Using VPN technology, Blackphone promises to be an NSA-resistant phone.I’m looking forward to ours arriving soon.