![Page 1: Encryption for Lawyers - Amazon S3 · 2009. 1. 1. · Encryption for Lawyers: The Time Has Come David G. Ries John W. Simek. 2 John W. Simek ... dries@clarkhill.com 412.394.7787](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbc15e7da10ce669446beb5/html5/thumbnails/1.jpg)
Encryption for Lawyers: The Time Has Come
David G. Ries
John W. Simek
![Page 3: Encryption for Lawyers - Amazon S3 · 2009. 1. 1. · Encryption for Lawyers: The Time Has Come David G. Ries John W. Simek. 2 John W. Simek ... dries@clarkhill.com 412.394.7787](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbc15e7da10ce669446beb5/html5/thumbnails/3.jpg)
3
Why Encryption Is NeededUp to 70% of data breaches involve
laptops & portable media.
About 10% of laptops are stolen during their useful lives.
1.4 million smartphones were lost during 2013.
3.1 million smartphones were stolen during 2013.
![Page 4: Encryption for Lawyers - Amazon S3 · 2009. 1. 1. · Encryption for Lawyers: The Time Has Come David G. Ries John W. Simek. 2 John W. Simek ... dries@clarkhill.com 412.394.7787](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbc15e7da10ce669446beb5/html5/thumbnails/4.jpg)
4
Why Encryption Is Needed
2011: Maryland law firm: -unencrypted portable hard drive with medical records left on light rail.
2014: Georgia law firm:- unencrypted portable hard drive with personal information on clients stolen from trunk of car.
‹#›4
![Page 5: Encryption for Lawyers - Amazon S3 · 2009. 1. 1. · Encryption for Lawyers: The Time Has Come David G. Ries John W. Simek. 2 John W. Simek ... dries@clarkhill.com 412.394.7787](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbc15e7da10ce669446beb5/html5/thumbnails/5.jpg)
5
Why Encryption Is Needed2007: 18 laptops were stolen from the offices of a law firm in Orlando. - Protected by encryption - SANS Institute:
“(laptop stolen, but the data was protected) shouldn’t be newsworthy...”
Encryption protects data!
‹#›5
![Page 6: Encryption for Lawyers - Amazon S3 · 2009. 1. 1. · Encryption for Lawyers: The Time Has Come David G. Ries John W. Simek. 2 John W. Simek ... dries@clarkhill.com 412.394.7787](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbc15e7da10ce669446beb5/html5/thumbnails/6.jpg)
6
Why Encryption Is NeededElectronic communications can be intercepted.
Wired and wireless network traffic can be intercepted.
Cyberspace is a dangerous place!
‹#›6
![Page 7: Encryption for Lawyers - Amazon S3 · 2009. 1. 1. · Encryption for Lawyers: The Time Has Come David G. Ries John W. Simek. 2 John W. Simek ... dries@clarkhill.com 412.394.7787](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbc15e7da10ce669446beb5/html5/thumbnails/7.jpg)
7
Why Encryption Is NeededPRISM
• Web-based e-mail
• Telephone records
• Text messages
• Social media sites
• ISP communications
• VoIP
• File transfer
• Video conferencing
‹#›7
![Page 8: Encryption for Lawyers - Amazon S3 · 2009. 1. 1. · Encryption for Lawyers: The Time Has Come David G. Ries John W. Simek. 2 John W. Simek ... dries@clarkhill.com 412.394.7787](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbc15e7da10ce669446beb5/html5/thumbnails/8.jpg)
8
Attorneys Avoid Encryption
10 FT
Encryption
‹#›8
![Page 9: Encryption for Lawyers - Amazon S3 · 2009. 1. 1. · Encryption for Lawyers: The Time Has Come David G. Ries John W. Simek. 2 John W. Simek ... dries@clarkhill.com 412.394.7787](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbc15e7da10ce669446beb5/html5/thumbnails/9.jpg)
9
Encryption An electronic process to protect data
Transforms readable data into unreadable data
Requires a key to make data readable again
‹#›9
![Page 10: Encryption for Lawyers - Amazon S3 · 2009. 1. 1. · Encryption for Lawyers: The Time Has Come David G. Ries John W. Simek. 2 John W. Simek ... dries@clarkhill.com 412.394.7787](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbc15e7da10ce669446beb5/html5/thumbnails/10.jpg)
10
Encryption
Readable
Plaintext
Readable
Plaintext
Unreadable
Cyphertext
Encryption Key Decryption Key
‹#›10
![Page 11: Encryption for Lawyers - Amazon S3 · 2009. 1. 1. · Encryption for Lawyers: The Time Has Come David G. Ries John W. Simek. 2 John W. Simek ... dries@clarkhill.com 412.394.7787](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbc15e7da10ce669446beb5/html5/thumbnails/11.jpg)
11
‹#›11
![Page 12: Encryption for Lawyers - Amazon S3 · 2009. 1. 1. · Encryption for Lawyers: The Time Has Come David G. Ries John W. Simek. 2 John W. Simek ... dries@clarkhill.com 412.394.7787](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbc15e7da10ce669446beb5/html5/thumbnails/12.jpg)
12
‹#›12
![Page 13: Encryption for Lawyers - Amazon S3 · 2009. 1. 1. · Encryption for Lawyers: The Time Has Come David G. Ries John W. Simek. 2 John W. Simek ... dries@clarkhill.com 412.394.7787](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbc15e7da10ce669446beb5/html5/thumbnails/13.jpg)
Encryption Key
+30NbBBMy7+1BumpfmN8QPHrwQr36/vBvaFLgQM561Q=
ExampleAES-256 Key
13
13
![Page 14: Encryption for Lawyers - Amazon S3 · 2009. 1. 1. · Encryption for Lawyers: The Time Has Come David G. Ries John W. Simek. 2 John W. Simek ... dries@clarkhill.com 412.394.7787](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbc15e7da10ce669446beb5/html5/thumbnails/14.jpg)
Encryption Key -----BEGIN PGP PRIVATE KEY BLOCK-----
Version: BCPG C# v1.6.1.0lQOsBFIOnHgBCACwAhCyBG5X52IkbIKpeN21wEa3kR+eLvqRkdjD1oL1o4kmy3hh
Zz1l/DH7RcZX+efCP3RfEvi7Mu3a9KIEq0D0KxLQbhaWvVDzJ8yUCR8kRepFDKtj
pj1G/049DJGM4AYHqhmTPSnwRnPBtv5Ci2k9cWgZSnH/4NnkAGYudsftReoxOsUt
pfYTyMeoGBg2DkNG4yZ6uG86v5k641lgH9qABajjFfXoe2aMwbYPMWQDahJlCZfH
U2q05GJt/2zThnky/D//savhrshpNxr1ddEa1QwgGSR/EDPkflv1b4yWH05DbRST
dR9B136kh+2YMDtqaJ75hhU/H9Q6WmhBAIlXABEBAAH/AwMCoZz7ekYu0YZgXUod
EoYlOwJmlu/ZLx2GSFtZO2RNyvblG+O3ZeKukG1xbSvzBS0Z5OjQOYnD+X5arvNM
DmpyilKpb5DueaN1osxPOkunqQ6cJlOWdROvUQkgLCD7Y7jfu4/coeK+HZuoIHSq
txEQaICTDcEnFYjDJNYNGWKj6WfT3LGjDhCreck6MZcGGJHjmCN8VF+yEmsUIkM+
9D/US/rl/lWnINlfgmhiN1NxpAhg9Xo43Mpwex3hZLXLrbhdTkRMVgHLEH5h3xxo
/UyNGCn3T9CTa4/vNdmZmMlAAHQk6F0ZhqFLS8x3sR2hxwkaNGmGHRr/ihklv15U
RrggHzH89zxc3RDC8al/wcieM1vXx9hK195r9NPJ/hET1EIqs3wLu8rmZDPazIVT
j8bQdhH3X964Q70ciiREVXbY29uwSXKHU6Q8agmCDdeGoZ/bhtLaYSs6Q53dgW97
U2IN6QIxHDTa+eZU5t1RVR5ugHph6yhTk6rCQF+FTsiaezwHkXqS5SfyNJ2JgOCi
6l4HpA2gLOy3raV4MoSpsEwIpquTccu/B8Aiucy6UL7IELOAMT2s7c2R7qVoBvew
5e2gDid0CWNqN03Zvg4USKq3lYskMUWUtaaexDWNALB210OKixm6mGN4VzelmqMK
w6drwWbfuo+Xt540wlGOOuCjZoEM+qxKofnDZicDQ9Lns/eswvLZS2L/ei3kF4du
B0wexeG7R5eNlOlDfReyz5qWXOLgS47In6OLBXlUfuuNsI0m64DM3Z9LBXev2TuG
YHGG26j1FRwgOdSDynjITA2xZrIJQ7rBjJhiMedH1bLlUau75EU/qQVAV1jZ+qD/
CbD/vxVW237NaAPPlctGXrvWMyZh/PSjb/wC56veYrQAiQEcBBABAgAGBQJSDpx4
AAoJEKJQRE9Opr2dRb8H/A67kPkY8fwCY8JxF6tV46rmXIyPOsVzVHb+TG9p+0ep
1js13t1MGJuMS7CXaDdtPdahD9IKwKRO3z2Jxsg2ADYditkR7QUknGUnrJsQOkKx
8gXinRihRNjM2JzsqWkBEOauIlnO5+Y01g7KTo93N1F+pNrPNzRko8gAPWIozJMd
5wLT9NvtdJLRumJjTjQ9ydyLa41uOq8EZvYELwyq0USO5AzlOu5XAduduRv9qhIm
CmN8RLgShJzCGhu2E08hgU2kZZtY1g3VyGnttkkn4Vtr6wREh5SyvMlzirWAMb1G
LvaFZWAYAPLlCtCZQU3pL8mjFTFAxsKS1CcRLUrOkLM=
=9Ry2
-----END PGP PRIVATE KEY BLOCK-----
14
14
![Page 15: Encryption for Lawyers - Amazon S3 · 2009. 1. 1. · Encryption for Lawyers: The Time Has Come David G. Ries John W. Simek. 2 John W. Simek ... dries@clarkhill.com 412.394.7787](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbc15e7da10ce669446beb5/html5/thumbnails/15.jpg)
15
A Simplified Overview
Encryption Program
Algorithm
Key
‹#›15
![Page 16: Encryption for Lawyers - Amazon S3 · 2009. 1. 1. · Encryption for Lawyers: The Time Has Come David G. Ries John W. Simek. 2 John W. Simek ... dries@clarkhill.com 412.394.7787](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbc15e7da10ce669446beb5/html5/thumbnails/16.jpg)
16
ProtectData at Rest
– Servers, Desktops, Laptops, Tablets, Portable Media, Smartphones, etc.
Data in Motion
–Wired Networks, Wireless Networks, Internet, Cell Networks, etc.
‹#›16
![Page 17: Encryption for Lawyers - Amazon S3 · 2009. 1. 1. · Encryption for Lawyers: The Time Has Come David G. Ries John W. Simek. 2 John W. Simek ... dries@clarkhill.com 412.394.7787](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbc15e7da10ce669446beb5/html5/thumbnails/17.jpg)
17
Is Encryption Too Difficult?
AES
ALGORITHMSource: quadibloc.com
‹#›
![Page 18: Encryption for Lawyers - Amazon S3 · 2009. 1. 1. · Encryption for Lawyers: The Time Has Come David G. Ries John W. Simek. 2 John W. Simek ... dries@clarkhill.com 412.394.7787](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbc15e7da10ce669446beb5/html5/thumbnails/18.jpg)
18
Is Encryption Too Difficult?
USENIXSecurity
Symposium
Aug. 1999
‹#›18
![Page 19: Encryption for Lawyers - Amazon S3 · 2009. 1. 1. · Encryption for Lawyers: The Time Has Come David G. Ries John W. Simek. 2 John W. Simek ... dries@clarkhill.com 412.394.7787](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbc15e7da10ce669446beb5/html5/thumbnails/19.jpg)
19
Is Encryption Too Difficult?Attorneys will often need assistance in setting up encryption.
There are now many easy to use options for encryption (particularly after setup).
‹#›19
![Page 20: Encryption for Lawyers - Amazon S3 · 2009. 1. 1. · Encryption for Lawyers: The Time Has Come David G. Ries John W. Simek. 2 John W. Simek ... dries@clarkhill.com 412.394.7787](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbc15e7da10ce669446beb5/html5/thumbnails/20.jpg)
20
Attorneys’ Duty to SafeguardEthics Rules
Common Law
Contracts
Statutes and Regulations
‹#›20
![Page 21: Encryption for Lawyers - Amazon S3 · 2009. 1. 1. · Encryption for Lawyers: The Time Has Come David G. Ries John W. Simek. 2 John W. Simek ... dries@clarkhill.com 412.394.7787](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbc15e7da10ce669446beb5/html5/thumbnails/21.jpg)
21
ABA Ethics 20/20 AmendmentsModel Rule 1.1 Competence
Comment [8] To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology…”
‹#›21
Adopted by PA!
![Page 22: Encryption for Lawyers - Amazon S3 · 2009. 1. 1. · Encryption for Lawyers: The Time Has Come David G. Ries John W. Simek. 2 John W. Simek ... dries@clarkhill.com 412.394.7787](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbc15e7da10ce669446beb5/html5/thumbnails/22.jpg)
22
ABA Ethics 20/20 AmendmentsModel Rule 1.6 Confidentiality
(c) A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.
‹#›22
Adopted by PA!
![Page 23: Encryption for Lawyers - Amazon S3 · 2009. 1. 1. · Encryption for Lawyers: The Time Has Come David G. Ries John W. Simek. 2 John W. Simek ... dries@clarkhill.com 412.394.7787](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbc15e7da10ce669446beb5/html5/thumbnails/23.jpg)
23
New Jersey Opinion 701 (2006)
California Formal Opinion No. 2010-179
Pennsylvania Formal Opinion 2011-200
Texas Opinion No. 648 (2015)
Ethics Opinions - Encryption
‹#›23
![Page 24: Encryption for Lawyers - Amazon S3 · 2009. 1. 1. · Encryption for Lawyers: The Time Has Come David G. Ries John W. Simek. 2 John W. Simek ... dries@clarkhill.com 412.394.7787](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbc15e7da10ce669446beb5/html5/thumbnails/24.jpg)
24
Unencrypted Email = “A Postcard”
Bruce Schneier (1995, 2000 +)
Larry Rogers (2001) (“written in pencil”)
Google Official Blog (June 3, 2014)
New York Times (July 16, 2014)
“Reasonable Expectationof Privacy?”
‹#›24
![Page 25: Encryption for Lawyers - Amazon S3 · 2009. 1. 1. · Encryption for Lawyers: The Time Has Come David G. Ries John W. Simek. 2 John W. Simek ... dries@clarkhill.com 412.394.7787](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbc15e7da10ce669446beb5/html5/thumbnails/25.jpg)
25
Lost and Stolen Devices:
“Considering the high frequency of lost assets, encryption is as close to a no-brainer solution as it gets for this incident pattern. Sure, the asset is still missing, but at least it will save a lot of worry, embarrassment, and potential lawsuits by simply being able to say the information within it was protected.”
“Competent and Reasonable Measures”
‹#›25
![Page 26: Encryption for Lawyers - Amazon S3 · 2009. 1. 1. · Encryption for Lawyers: The Time Has Come David G. Ries John W. Simek. 2 John W. Simek ... dries@clarkhill.com 412.394.7787](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbc15e7da10ce669446beb5/html5/thumbnails/26.jpg)
26
Learning from the Past?5/06 Dept. of Veterans Affairs(laptop & hard drive stolen from employee’s home in burglary)
6/06 OMB(encrypt all sensitive data on agency mobile computers/devices)
NV Encryption Law (eff. 10/1/08) MA Security Law (eff. 1/1/09)(encrypt PII on laptops and portable media)
8/11 Baltimore law firm(external hard drive – backup – left on light rail)
8/14 GA law firm(external hard drive – backup - stolen from employee’s trunk)
‹#›26
![Page 27: Encryption for Lawyers - Amazon S3 · 2009. 1. 1. · Encryption for Lawyers: The Time Has Come David G. Ries John W. Simek. 2 John W. Simek ... dries@clarkhill.com 412.394.7787](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbc15e7da10ce669446beb5/html5/thumbnails/27.jpg)
27
Bottom LineEncryption is increasingly required in areas like banking and health care and by new state data protection laws.
As these requirements continue to increase, it will become more and more difficult for attorneys to justify avoidance of encryption.
It has now reached the point where all attorneys should generally understand encryption, have it available for use when appropriate, and make informed decisions about when encryption should be used and when it is acceptable to avoid it.
‹#›27
![Page 28: Encryption for Lawyers - Amazon S3 · 2009. 1. 1. · Encryption for Lawyers: The Time Has Come David G. Ries John W. Simek. 2 John W. Simek ... dries@clarkhill.com 412.394.7787](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbc15e7da10ce669446beb5/html5/thumbnails/28.jpg)
28
Protect Decryption Key!Generally requires password/passphrase to access.
Use a strong password/phrase- 12 characters or more.
Use a password manager for multiple encryption instances.
‹#›28
![Page 29: Encryption for Lawyers - Amazon S3 · 2009. 1. 1. · Encryption for Lawyers: The Time Has Come David G. Ries John W. Simek. 2 John W. Simek ... dries@clarkhill.com 412.394.7787](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbc15e7da10ce669446beb5/html5/thumbnails/29.jpg)
29
Safeguards
Backup Data
Backup Recovery Key
Enterprise Management
Data
‹#›29
![Page 30: Encryption for Lawyers - Amazon S3 · 2009. 1. 1. · Encryption for Lawyers: The Time Has Come David G. Ries John W. Simek. 2 John W. Simek ... dries@clarkhill.com 412.394.7787](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbc15e7da10ce669446beb5/html5/thumbnails/30.jpg)
30
Strong Passwords / PassphrasesCurrent recommendations for strong passwords or passphrases:
• Minimum length of 8 characters –moving toward 14
• Contain lower and upper case letters
• Include numbers
• Include a symbol or symbols
• Avoid dictionary words
‹#›30
![Page 31: Encryption for Lawyers - Amazon S3 · 2009. 1. 1. · Encryption for Lawyers: The Time Has Come David G. Ries John W. Simek. 2 John W. Simek ... dries@clarkhill.com 412.394.7787](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbc15e7da10ce669446beb5/html5/thumbnails/31.jpg)
31
Passphrases
Iluvmy2005BMW!
IluvmXy2005B3MW!
Stronger: Break dictionary words with random letters, numbers, or symbols.
‹#›31
![Page 32: Encryption for Lawyers - Amazon S3 · 2009. 1. 1. · Encryption for Lawyers: The Time Has Come David G. Ries John W. Simek. 2 John W. Simek ... dries@clarkhill.com 412.394.7787](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbc15e7da10ce669446beb5/html5/thumbnails/32.jpg)
32
Laptops and Desktops
Full Disk Encryption
Limited Encryption
–Partition, Folder or File
‹#›32
![Page 33: Encryption for Lawyers - Amazon S3 · 2009. 1. 1. · Encryption for Lawyers: The Time Has Come David G. Ries John W. Simek. 2 John W. Simek ... dries@clarkhill.com 412.394.7787](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbc15e7da10ce669446beb5/html5/thumbnails/33.jpg)
33
Hardware Full Disk Encryption• Automatically encrypts entire disk
• Decrypted access when an authorized user logs in
• Examples:
– Seagate Momentus (SED)
– Samsung SSD
–Hitachi Self-Encrypting DriveSeagate
‹#›33
![Page 34: Encryption for Lawyers - Amazon S3 · 2009. 1. 1. · Encryption for Lawyers: The Time Has Come David G. Ries John W. Simek. 2 John W. Simek ... dries@clarkhill.com 412.394.7787](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbc15e7da10ce669446beb5/html5/thumbnails/34.jpg)
34
Operating System EncryptionMicrosoft Windows
- Bitlocker(business versions: Vista, 7, 8)
– [Encrypted File System (EFS)]
– Device Encryption(8.1 with specific tech specs)
Apple OS X
– FileVault
– FileVault 2
‹#›
![Page 35: Encryption for Lawyers - Amazon S3 · 2009. 1. 1. · Encryption for Lawyers: The Time Has Come David G. Ries John W. Simek. 2 John W. Simek ... dries@clarkhill.com 412.394.7787](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbc15e7da10ce669446beb5/html5/thumbnails/35.jpg)
35
Encryption SoftwareFull Disk & Limited
Examples:
– Check Point
– Dell Data Protection
– McAfee Endpoint
– Sophos
– Symantec (PGP and Endpoint)
– WinMagic
– TrueCrypt (open source)
Encryption
‹#›35
![Page 36: Encryption for Lawyers - Amazon S3 · 2009. 1. 1. · Encryption for Lawyers: The Time Has Come David G. Ries John W. Simek. 2 John W. Simek ... dries@clarkhill.com 412.394.7787](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbc15e7da10ce669446beb5/html5/thumbnails/36.jpg)
36
Encrypted Portable Media
Ironkey
(Imation)
Seagate Go-Flex
CMS Secure Vault
Imation
SanDisk
Bitlocker
to Go
‹#
![Page 37: Encryption for Lawyers - Amazon S3 · 2009. 1. 1. · Encryption for Lawyers: The Time Has Come David G. Ries John W. Simek. 2 John W. Simek ... dries@clarkhill.com 412.394.7787](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbc15e7da10ce669446beb5/html5/thumbnails/37.jpg)
37
Smartphones and TabletsBlackBerry
iPhones and iPads
Android
1. Follow manufacturer’s instructions.
2. Enable encryption.
3. Use strong PIN or passcode.
4. Set auto timeout.
5. Use 3rd party encryption on older Androids.
‹#›37
![Page 39: Encryption for Lawyers - Amazon S3 · 2009. 1. 1. · Encryption for Lawyers: The Time Has Come David G. Ries John W. Simek. 2 John W. Simek ... dries@clarkhill.com 412.394.7787](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbc15e7da10ce669446beb5/html5/thumbnails/39.jpg)
Business
Enterprise
DellData Protection
Cloud Edition
Sookasa
More Secure (Examples)
![Page 40: Encryption for Lawyers - Amazon S3 · 2009. 1. 1. · Encryption for Lawyers: The Time Has Come David G. Ries John W. Simek. 2 John W. Simek ... dries@clarkhill.com 412.394.7787](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbc15e7da10ce669446beb5/html5/thumbnails/40.jpg)
Cloud EncryptionWho has the key?
End User
Internet
Cloud Service Provider
40
40
![Page 41: Encryption for Lawyers - Amazon S3 · 2009. 1. 1. · Encryption for Lawyers: The Time Has Come David G. Ries John W. Simek. 2 John W. Simek ... dries@clarkhill.com 412.394.7787](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbc15e7da10ce669446beb5/html5/thumbnails/41.jpg)
41
Wireless Networks• [Wired Equivalent Privacy (WEP)] – weak!
• Wi-Fi Protected Access (WPA) - cracked
• Wi-Fi Protected Access, second generation (WPA2)
• Sniffer programs
• War driving
• Pineapple
• Evil twin Source: Wikipedia.org
‹#›41
![Page 42: Encryption for Lawyers - Amazon S3 · 2009. 1. 1. · Encryption for Lawyers: The Time Has Come David G. Ries John W. Simek. 2 John W. Simek ... dries@clarkhill.com 412.394.7787](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbc15e7da10ce669446beb5/html5/thumbnails/42.jpg)
42
Wireless Networks
‹#›42
![Page 43: Encryption for Lawyers - Amazon S3 · 2009. 1. 1. · Encryption for Lawyers: The Time Has Come David G. Ries John W. Simek. 2 John W. Simek ... dries@clarkhill.com 412.394.7787](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbc15e7da10ce669446beb5/html5/thumbnails/43.jpg)
43
“Let’s Be Careful Out There!”Risky if open (no need for username and
password)
Be sure you have a secure connection (https: or VPN)
Be sure you have a properly configured firewall
Warnings from security professionals / US-CERT
Sgt. Phillip Freemason EsterhouseHill Street Blues
‹#›43
![Page 44: Encryption for Lawyers - Amazon S3 · 2009. 1. 1. · Encryption for Lawyers: The Time Has Come David G. Ries John W. Simek. 2 John W. Simek ... dries@clarkhill.com 412.394.7787](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbc15e7da10ce669446beb5/html5/thumbnails/44.jpg)
VPN
Remote
User
VPN Concentrator
Virtual Private Network
Internal
NetworkInternet
44
44
![Page 45: Encryption for Lawyers - Amazon S3 · 2009. 1. 1. · Encryption for Lawyers: The Time Has Come David G. Ries John W. Simek. 2 John W. Simek ... dries@clarkhill.com 412.394.7787](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbc15e7da10ce669446beb5/html5/thumbnails/45.jpg)
Encrypted
Tunnel
Remote
User
Web Server
Secure Connection (https:)
Internal
Network
https:
(SSL / TLS)
Internet
45
![Page 46: Encryption for Lawyers - Amazon S3 · 2009. 1. 1. · Encryption for Lawyers: The Time Has Come David G. Ries John W. Simek. 2 John W. Simek ... dries@clarkhill.com 412.394.7787](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbc15e7da10ce669446beb5/html5/thumbnails/46.jpg)
Email Encryption
46
46
PrivatePublic
![Page 47: Encryption for Lawyers - Amazon S3 · 2009. 1. 1. · Encryption for Lawyers: The Time Has Come David G. Ries John W. Simek. 2 John W. Simek ... dries@clarkhill.com 412.394.7787](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbc15e7da10ce669446beb5/html5/thumbnails/47.jpg)
47
‹#›47
![Page 48: Encryption for Lawyers - Amazon S3 · 2009. 1. 1. · Encryption for Lawyers: The Time Has Come David G. Ries John W. Simek. 2 John W. Simek ... dries@clarkhill.com 412.394.7787](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbc15e7da10ce669446beb5/html5/thumbnails/48.jpg)
Digitally Signed Email
48
48
![Page 49: Encryption for Lawyers - Amazon S3 · 2009. 1. 1. · Encryption for Lawyers: The Time Has Come David G. Ries John W. Simek. 2 John W. Simek ... dries@clarkhill.com 412.394.7787](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbc15e7da10ce669446beb5/html5/thumbnails/49.jpg)
Signed and Encrypted Email
Public
49
49
![Page 50: Encryption for Lawyers - Amazon S3 · 2009. 1. 1. · Encryption for Lawyers: The Time Has Come David G. Ries John W. Simek. 2 John W. Simek ... dries@clarkhill.com 412.394.7787](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbc15e7da10ce669446beb5/html5/thumbnails/50.jpg)
Outlook
50
50
1
2
![Page 51: Encryption for Lawyers - Amazon S3 · 2009. 1. 1. · Encryption for Lawyers: The Time Has Come David G. Ries John W. Simek. 2 John W. Simek ... dries@clarkhill.com 412.394.7787](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbc15e7da10ce669446beb5/html5/thumbnails/51.jpg)
Outlook
51
51
3
4
![Page 52: Encryption for Lawyers - Amazon S3 · 2009. 1. 1. · Encryption for Lawyers: The Time Has Come David G. Ries John W. Simek. 2 John W. Simek ... dries@clarkhill.com 412.394.7787](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbc15e7da10ce669446beb5/html5/thumbnails/52.jpg)
Email Server
Gateway to Gateway (TLS)
Email Server
Clear Clear
Encrypted
1
2
3
![Page 53: Encryption for Lawyers - Amazon S3 · 2009. 1. 1. · Encryption for Lawyers: The Time Has Come David G. Ries John W. Simek. 2 John W. Simek ... dries@clarkhill.com 412.394.7787](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbc15e7da10ce669446beb5/html5/thumbnails/53.jpg)
Secure Portal (Pull)Secure Portal
Noticeof
Message
1
2
3
![Page 54: Encryption for Lawyers - Amazon S3 · 2009. 1. 1. · Encryption for Lawyers: The Time Has Come David G. Ries John W. Simek. 2 John W. Simek ... dries@clarkhill.com 412.394.7787](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbc15e7da10ce669446beb5/html5/thumbnails/54.jpg)
Secure Attachment (Push)
Internet
Encrypted
Attachment
Clear
Attachment
![Page 55: Encryption for Lawyers - Amazon S3 · 2009. 1. 1. · Encryption for Lawyers: The Time Has Come David G. Ries John W. Simek. 2 John W. Simek ... dries@clarkhill.com 412.394.7787](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbc15e7da10ce669446beb5/html5/thumbnails/55.jpg)
55
Secure Email (Examples)
Zixcorp
Mimecast
Voltage
DataMotion
Office 365
‹#›55
![Page 56: Encryption for Lawyers - Amazon S3 · 2009. 1. 1. · Encryption for Lawyers: The Time Has Come David G. Ries John W. Simek. 2 John W. Simek ... dries@clarkhill.com 412.394.7787](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbc15e7da10ce669446beb5/html5/thumbnails/56.jpg)
56
Encryption of Attachments
Microsoft Office
Adobe Acrobat
WinZip
Limited Protection!
‹#›56
![Page 57: Encryption for Lawyers - Amazon S3 · 2009. 1. 1. · Encryption for Lawyers: The Time Has Come David G. Ries John W. Simek. 2 John W. Simek ... dries@clarkhill.com 412.394.7787](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbc15e7da10ce669446beb5/html5/thumbnails/57.jpg)
57
Word Menu
‹#›
1
![Page 58: Encryption for Lawyers - Amazon S3 · 2009. 1. 1. · Encryption for Lawyers: The Time Has Come David G. Ries John W. Simek. 2 John W. Simek ... dries@clarkhill.com 412.394.7787](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbc15e7da10ce669446beb5/html5/thumbnails/58.jpg)
Word2
3
4
![Page 59: Encryption for Lawyers - Amazon S3 · 2009. 1. 1. · Encryption for Lawyers: The Time Has Come David G. Ries John W. Simek. 2 John W. Simek ... dries@clarkhill.com 412.394.7787](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbc15e7da10ce669446beb5/html5/thumbnails/59.jpg)
59
Microsoft Office
‹#›
6
5
![Page 60: Encryption for Lawyers - Amazon S3 · 2009. 1. 1. · Encryption for Lawyers: The Time Has Come David G. Ries John W. Simek. 2 John W. Simek ... dries@clarkhill.com 412.394.7787](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbc15e7da10ce669446beb5/html5/thumbnails/60.jpg)
60
Adobe Acrobat
‹#›
1
32
4
![Page 61: Encryption for Lawyers - Amazon S3 · 2009. 1. 1. · Encryption for Lawyers: The Time Has Come David G. Ries John W. Simek. 2 John W. Simek ... dries@clarkhill.com 412.394.7787](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbc15e7da10ce669446beb5/html5/thumbnails/61.jpg)
61
Adobe Acrobat
‹#›
6
5
7
8
![Page 62: Encryption for Lawyers - Amazon S3 · 2009. 1. 1. · Encryption for Lawyers: The Time Has Come David G. Ries John W. Simek. 2 John W. Simek ... dries@clarkhill.com 412.394.7787](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbc15e7da10ce669446beb5/html5/thumbnails/62.jpg)
62
New File
Existing File
WinZip
‹#›
![Page 63: Encryption for Lawyers - Amazon S3 · 2009. 1. 1. · Encryption for Lawyers: The Time Has Come David G. Ries John W. Simek. 2 John W. Simek ... dries@clarkhill.com 412.394.7787](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbc15e7da10ce669446beb5/html5/thumbnails/63.jpg)
63
Encryption is part of the solution.
Use with other comprehensive security measures.
BACKUP!
Key recovery
Enterprise management
‹#›63
![Page 64: Encryption for Lawyers - Amazon S3 · 2009. 1. 1. · Encryption for Lawyers: The Time Has Come David G. Ries John W. Simek. 2 John W. Simek ... dries@clarkhill.com 412.394.7787](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbc15e7da10ce669446beb5/html5/thumbnails/64.jpg)
David G. RiesJohn W. Simek
Questions
Encryption for Lawyers: The Time Has Come