August 21, 2017

Colorado Court of Appeals: Ordinary Person Would Not Be Aware of Specifics of IP Address and ISP Locating

The Colorado Court of Appeals issued its opinion in People v. Garrison on Thursday, August 10, 2017.

Email—Internet Protocol Address—Internet Service Provider—Expert Testimony—Lay Testimony—Police Officers—Continuance—CRE 702.

Garrison had an affair with the victim’s wife. After the affair ended, Garrison and his wife set up through Google a Gmail account in the victim’s name. Using that account, they sent themselves derogatory and threatening emails. Based on these emails, Garrison and his wife made police reports against the victim and provided related documents to the police. They sought a protection order against the victim and testified about the emails at the hearing. The police filed charges against the victim. When it was later determined that Garrison and his wife had set up the Gmail account, charges against the victim were dismissed, and the Garrisons were charged. At trial police officers gave testimony about Internet Protocol (IP). Garrison was convicted of first degree perjury, attempt to influence a public servant (three counts), conspiracy to attempt to influence a public servant, possessing a defaced firearm, and felony menacing.

On appeal, Garrison first contended that the trial court erred in refusing to grant his request for a continuance of the trial. The trial court did not abuse its discretion in denying him a continuance, and Garrison was not prejudiced because, as discussed below, he is entitled to a new trial on his convictions related to the IP address testimony.

Garrison also argued that the trial court abused its discretion in allowing the prosecution to present expert testimony regarding tracing IP addresses through the lay testimony of police officers. Where an officer’s testimony is based not only on his perceptions and observations of the crime scene but also on specialized knowledge or experience, the officer must be properly qualified as an expert. The concept of an email transmission including an IP address, which can be linked to an Internet service provider (ISP), and in turn traced to the physical location of a particular ISP customer, is not within the knowledge or experience of ordinary people. Thus, because some of the police testimony on direct examination was based on particular experience and specialized knowledge within the scope of Rule 702, the trial court abused its discretion in admitting this portion of the testimony as lay testimony. The error was not harmless because this information was central to the prosecution’s case on the charges of first degree perjury, attempt to influence a public servant (three counts), and conspiracy to attempt to influence a public servant. The charges of possessing a defaced firearm and felony menacing were unrelated to IP addresses.

The judgment was affirmed in part and reversed in part, and the case was remanded for further proceedings.

Summary provided courtesy of Colorado Lawyer.

Ethics in the Electronic Age: Social Media Guidance for Attorneys

Do you have a LinkedIn account? How about a Facebook page? Twitter handle? Instagram? Blog? All of the above?

Have you ever considered the Rules of Professional Conduct when commenting on someone else’s Facebook post, or sharing a clever tweet, or even writing on your personal blog? If not, then you should.

Most lawyers are probably aware that there could be ethical implications to their professional use of social media, but personal use can also implicate the Rules. Learn more from Katrin Miller Rothgery of Brownstein Hyatt Farber Schreck in the video, below.

Ms. Rothgery’s presentation on Ethics in the Electronic Age was just one part of the 2017 Real Estate Spring Update. Purchase the full homestudy here, or call (303) 860-0608. CLE Pass Holders can access the MP3 and Video OnDemand homestudies for free. Find out more about the CLE Pass here.

ABA Formal Ethics Opinion Issued Regarding Secured Communications of Client Information

On Thursday, May 11, 2017, the ABA Standing Committee on Ethics and Professional Responsibility released Formal Opinion 477, “Securing Communication of Protected Client Information.” The opinion discusses internet transmission of protected client information, concluding that:

A lawyer generally may transmit information relating to the representation of a client over the internet without violating the Model Rules of Professional Conduct where the lawyer has undertaken reasonable efforts to prevent inadvertent or unauthorized access. However, a lawyer may be required to take special security precautions to protect against the inadvertent or unauthorized disclosure of client information when required by an agreement with the client or by law, or when the nature of the information requires a higher degree of security.

Formal Opinion 477 is an update to the basic confidentiality requirements addressed in Formal Opinion 99-413. The opinion was issued in response to the 2012 amendments to the ABA Model Rules in which technological competency was enunciated. This opinion discusses cybersecurity and measures that lawyers should take to safeguard client information, electing to reject requirements for specific security measures in favor of a fact-specific approach to business security obligations.

The opinion offers guidance on what reasonable steps an attorney may undertake in response to a cybersecurity threat, including:

  1. Understand the nature of the threat;
  2. Understand how confidential client information is transmitted and where it is stored;
  3. Understand and use reasonable security measures;
  4. Determine how electronic communications about client matters should be protected;
  5. Label confidential client information;
  6. Train lawyers and nonlawyer assistants in technology and information security; and
  7. Conduct due diligence on vendors providing communication technology.

To read the entire opinion, click here.

Colorado Court of Appeals: High School Student’s Tweets Did Not Constitute True Threats or Fighting Words

The Colorado Court of Appeals issued its opinion in People in Interest of R.D. on Thursday, December 30, 2016.

Social Media—Juvenile Delinquent—Harassment—First Amendment—Right to Free Speech—True Threats—Fighting Words.

R.D., a high school student, argued with a student from a different high school through tweets on the social networking website Twitter. The People filed a petition in delinquency against R.D., and the district court adjudicated R.D. a juvenile delinquent based on conduct that would constitute harassment if committed by an adult.

On appeal, R.D. argued that C.R.S. § 18-9-111(1)(e) as applied to his conduct violated his First Amendment right to free speech. The People responded that R.D.’s statements were not protected by the First Amendment because they were true threats and fighting words. While the language of R.D.’s tweets was violent and explicit, R.D.’s tweets did not constitute true threats because they were not “a serious expression of an intent to commit an act of unlawful violence to a particular individual or group of individuals.” Fighting words can occur only when the speaker is in close physical proximity to the recipient. R.D. was not in close physical proximity to A.C. at the time of the incident. Because R.D.’s statements were neither true threats nor fighting words, the statute as applied violated his First Amendment rights.

The judgment was reversed and the case was remanded with directions to vacate the adjudication of juvenile delinquency and dismiss the proceeding.

Summary provided courtesy of The Colorado Lawyer.

Event Data Recorders, Drones, and Evidence: What You Need to Know

DroneThe Denver District Attorney’s monthly newsletter for September 2016 warned consumers about connecting their cell phones to the computers in rental cars. The newsletter warned, “Once your phone is connected to the car, it can access all your phone’s information such as GPS searches, home address, phone calls, contacts, etc. The information is stored indefinitely, waiting for the next person to connect to the car, and to your private information. The risk is obvious.”

The risk to rental car drivers concerns the car’s Event Data Recorder, or EDR. However, EDRs in cars can be useful for more than accessing another driver’s playlist. EDRs can record when and how often drivers use certain features in cars, such as the hand brake or the turn signal. The raw data from a vehicle’s EDR can be enormously useful in litigation. C.R.S. § 12-6-402 governs the use of EDR evidence in litigation, providing

EDR data is the personal information of the vehicle’s owner and the data shall not be retrieved by a person who is not the owner unless:

  1. The owner or the owner’s agent has consented to the retrieval in the last 30 days;
  2. The data is retrieved by a technician performing service or repair;
  3. The data is subject to discovery pursuant to the rules of civil procedure in an auto accident case;
  4. A court or administrative agency with jurisdiction orders the data be retrieved;
  5. The EDR is installed after the manufacturer or dealer sells the vehicle; or
  6. A peace officer retrieves the data pursuant to a court order as part of an investigation.

Another relatively new source of litigation evidence comes from drones. Drones, or unmanned aerial systems, collect video evidence from their on-board cameras. The use of drones is fraught with controversy, as cases collect regarding people shooting drones in the airspace above their property, people expressing surveillance concerns regarding drones, and more. The Federal Aviation Administration has promulgated rules regarding the use of drones, but more will be developed as these unmanned aircraft gain popularity.

Savvy lawyers need to know about the complexities of digital evidence preservation and the ethical considerations of working with technology and the experts who gather the data. Join Fay Engineering and Chad Lieberman, Esq. for an exciting presentation about the cutting edge technology of drones, dash cams and black boxes. Digital information is being gathered by our vehicles, our phones, and in nearly every aspect of our lives. The technology of aerial photography continues to rapidly change. The presentation covers the latest advances in evidence collection by drones and commercial services. Register online here, or by clicking the links below.

 

CLELogo

CLE Program: New Technology for Evidence Preservation: Drones, Dashcams, Black Boxes and More

This CLE presentation will occur on September 26, 2016, at the CBA-CLE offices (1900 Grant Street, Third Floor), from 12 p.m. to 1:30 p.m. Register for the live program here or register for the webcast here. You may also call (303) 860-0608 to register.

Can’t make the live program? Order the homestudy here: MP3Video OnDemand.

The Ethical Danger of the Microsoft/LinkedIn Merger

Editor’s Note: This post originally appeared on Stuart Teicher’s blog, “Keeping Lawyers Out of Trouble,” on June 16, 2016. Reprinted with permission.

Headshot-Stuart-TeicherBy Stuart Teicher

This week it was announced that Microsoft is buying LinkedIn. There are some hidden attorney ethics implications about which we all need to be aware.

A review of the recent news articles announcing the acquisition reveals that a key motivating factor in Microsoft’s purchase of LinkedIn was access to LinkedIn’s data.  Of course, sharing data is nothing new. But when companies improve their ability to share our data across various platforms, my ears perk up. Not just because it’s creepy or because of obvious privacy implications. The type of data sharing they’re contemplating in the Microsoft/LinkedIn combination makes me worry about confidentiality (and other) issues.

Why they are merging:

According to the Wall Street Journal, Microsoft sees a critical synergy with LinkedIn:

“LinkedIn’s users are, arguably, Microsoft’s core demographic. They also offer Microsoft something it has long sought but never had—a network with which users identify. Microsoft needs to persuade LinkedIn users to adopt that identity, and use it across as many Microsoft products as possible.

Access to those users, as well as the enormous amounts of data they throw off, could yield insights and products within Microsoft that allow it to monetize its investment in LinkedIn in ways that the professional networking site might not be able to. [Microsoft CEO] Mr. Nadella already has mentioned a few of these, including going into a sales meeting armed with the bios of participants, and getting a feed of potential experts from LinkedIn whenever Office notices you’re working on a relevant task.“

In other words, Microsoft wants to have your Outlook and other Microsoft software products speak to your LinkedIn profile. The intersection of that data is valuable—various sellers of products and services would be willing to pay for it.

It appears that Microsoft wants to be able to read through the work we do on their products like Word, review our upcoming appointments in our Outlook calendar, search for keywords in our emails, and then find connections with people with our LinkedIn connections. That’s what they are searching for—connections they could monetize.

For instance, let’s say accountant X has an Outlook Calendar appointment which sets a meeting with “Charles McKenna of Account-Soft Corp.” Microsoft could then search LinkedIn and it would learn that McKenna works for a company that sells workflow management software. Well, now Microsoft knows the accountant is in the market for workflow management software… and they could sell that knowledge to other software companies who would then direct solicitations in the accountant’s direction. That’s an annoyance for an accountant, but a potential ethics disaster if he/she were a lawyer.

Basic issue, Confidentiality:

If Microsoft scours our Word documents and emails, then there could be Rule 1.6 confidentiality issues.  That’s so obvious that we don’t need to spend time talking about it now. I think the more unusual issues come from the Calendar function…

If they leverage the data in our Calendar, it could reveal our client relationships:

The substance of what we learn from the client is confidential, but so is the very existence of the lawyer-client relationship. Will the integration of these platforms make it easier for people to figure out who we represent?

Think about how much information Microsoft could piece together from our Calendar. They might see a potential client introduction (which lists Pete Smith as present), a court appearance (which lists Pete Smith as present), and a meeting for settlement purposes (which lists Pete Smith as present). It’s not going to be too tough for the Microsoft bots to figure out that Pete Smith is your client.

If they leverage data in our Calendar, it could reveal key substantive information that could harm the client:

If Microsoft looks at our Calendar they can see that we’re heading to a particular locale. They might then cross reference our LinkedIn connections and send a message to one of them that says something like, “Your connection Bruce Kramer is going to Chicago next week. Why don’t you look him up?”

That heads-up might give someone the incentive to look into our movements a bit more… and who knows what they could find. What if that info was given to a real estate agent that we know in Chicago… and maybe we are representing a successful land owner… and we’re clandestinely scouting a real estate purchase because we don’t want people to figure out that we’re there on behalf of our deep-pocketed client… because if they know, the purchaser will run up the price. That LinkedIn message tipped off the real estate agent and it could cost the client a lot of money.

If they leverage data in our Calendar, it could end up revealing a misrepresentation:

Imagine that Client A asks you to accompany them to a meeting in Los Angeles. You tell her that you can’t go because you’ll be on vacation on the East Coast. That’s not true, however. The truth is that you’ve already scheduled a meeting with a potentially new client in Los Angeles. You didn’t want Client A to know that you’d be in town because you didn’t want to have to shuffle between clients—it would just be too much work. You could have told Client A that you’d be in town but you didn’t have time to meet her, but you thought she’d be insulted. It was just easier to say you’re far away and be done with it.

Later, Client A gets a LinkedIn message that says, “Your Connection Mary Smith is going to be in Los Angeles next weekend… send her a message and try to link up!” Do you know what you are now? Busted. And not only do you have egg on your face, but you may also have committed an ethical violation.

Is the white lie that you told your client going to be considered a misrepresentation or deception per Rule 8.4(c)? That rule states: “It is professional misconduct for a lawyer to (c) engage in conduct involving dishonesty, fraud, deceit or misrepresentation…”

I know what you’re thinking… it was a half-truth. No harm no foul. Well, I searched the ethics code, and I didn’t find the term “white lie” or “half-truth” anywhere in the code. You should also note that Rule 8.4(c) does not require that the misrepresentation be “material.” It doesn’t allow you to lie about inconsequential things and there’s no modifying language- it just says that you can’t lie or deceive.

These are just a few issues. Some of these are clear ethics concerns, others are more akin to PR nightmares. Are they so terrible that we all need to get off LinkedIn right away? That might be a bit premature. After all, they only just announced the merging of the platforms- they haven’t actually done anything yet. I don’t know what dangers will actually be realized, or whether any dangers will be realized at all. What I do know is that part of being a responsible attorney in this technological age is to be diligent in thinking about these issues. As lawyers practicing in an ever-changing technological environment, we need to be aware of the potential problems. Keep your eye on the news and stay abreast about the details regarding the integration of these two platforms. Then, if you determine that you need to act, do so.  That way we are “keep[ing] abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology.” Comment [8], Rule 1.1.

Save the Date!

Stuart Teicher will be at the CLE offices on Thursday, September 8, 2016, to present two ethics programs. Registration is not yet open, but mark your calendars and don’t miss these important programs.

 

Stuart I. Teicher, Esq. is a professional legal educator who focuses on ethics law and writing instruction. A practicing attorney for over two decades, Stuart’s career is now dedicated to helping fellow attorneys survive the practice of law and thrive in the profession. Stuart teaches seminars and provides in-house training to law firms/legal departments.

Stuart helps attorneys get better at what they do (and enjoy the process) through his entertaining and educational CLE Performances. His expertise is in “Technethics,” a term Stuart coined that refers to the ethical issues in social networking and other technology. He also speaks about “Practical Ethics”– those lessons hidden in the ethics rules that enhance a lawyer’s practice. Stuart writes the blog “Keeping Lawyers Out of Trouble.”

Mr. Teicher is a Supreme Court appointee to the New Jersey District Ethics Committee where he investigates and prosecutes grievances filed against attorneys, an adjunct Professor of Law at Rutgers Law School in Camden, New Jersey where he teaches Professional Responsibility and an adjunct Professor at Rutgers University in New Brunswick where he teaches undergraduate writing courses. He is a member of the bar in New York, New Jersey and Pennsylvania. In 2014, he authored the book Navigating the Legal Ethics of Social Media and Technology (Thomson Reuters).

Fiduciary Access to Digital Assets, Tampering with Deceased Human Bodies, and More Bills Signed

On Thursday, April 7, 2016, Governor Hickenlooper signed five bills into law. To date, he has signed 78 bills into law this legislative session. The bills signed Thursday include a bill creating a new crime of tampering with deceased human bodies, a bill promoting the Revised Uniform Fiduciary Access to Digital Assets Act, a bill regarding the Department of Corrections’ authority to distribute medication, and more. The bills signed Thursday are summarized here.

  • SB 16-010 – Concerning the Purchase of an Off-Highway Vehicle by a Dealer, by Sen. Randy Baumgardner and Rep. Jon Becker. The bill allows a powersports dealer to purchase a used off-highway vehicle without a title if it was purchased in a jurisdiction that does not issue titles for such vehicles or if it was purchased in Colorado prior to January 1, 2014.
  • SB 16-034 – Concerning Tampering with a Deceased Human Body, by Sen. Jerry Sonnenberg and Reps. Rhonda Fields & Polly Lawrence. The bill creates a new crime of tampering with a deceased human body in order to impair its appearance or availability for an official proceeding.
  • SB 16-088 – Concerning the “Revised Uniform Fiduciary Access to Digital Assets Act,” by Sen. Pat Steadman and Rep. Yeulin Willett. The bill sets forth conditions under which certain fiduciaries may access a decedent’s electronic communications, a catalog of communications sent or received by a principal or decedent, or any other digital asset in which a decedent had a right.
  • HB 16-1152 – Concerning the Authority of the Department of Corrections to Distribute Medication, by Rep. Mike Foote and Sen. John Cooke. The bill authorizes the Department of Corrections to distribute compounded and prepackaged medications to its pharmacies.
  • HB 16-1353 – Concerning Payment of Expenses of the Legislative Department, by Reps. Crisanta Duran & Brian DelGrosso and Sens. Mark Scheffel & Lucia Guzman. The bill provides FY 2016-17 appropriations to the legislative department.

For a complete list of Governor Hickenlooper’s 2016 legislative decisions, click here.

Two Law Firm Hacks Should Be Scaring Your Firm Into Action

Editor’s Note: This post originally appeared on Stuart Teicher’s blog, “Keeping Lawyers Out of Trouble,” on April 4, 2016. Reprinted with permission.

Headshot-Stuart-TeicherBy Stuart Teicher

For years people have been warning that law firms of all sizes are major targets for cyber-criminals. If your firm didn’t take that seriously before, then there are two major hackings last week that should get your attention.

The Wall Street Journal reported that cyber criminals breached Cravath, Weil Gotshal, and several other unnamed firms (read the article here: http://on.wsj.com/1MzYlN2). The paper states that it’s not clear what (or whether) information was taken, but the focus is on the possibility of confidential information being stolen for purposes of insider trading.

The other major breach is so big that it has its own hashtag— search Twitter for #PanamaPapers or #PanamaLeaks.  According to Reuters, the target was a law firm in Panama who specializes in setting up offshore companies. Hackers stole data from the firm and provided that data to journalists who promptly revealed it to the public (read the article here: http://reut.rs/25GEy4X). The information allegedly reveals a network of offshore loans. According to the BBC, the stolen data reveals how the law firm, “has helped clients launder money, dodge sanctions and avoid tax” (read the BBC’s article here: http://www.bbc.com/news/world-35918844). Political figures and friends of popular politicians are allegedly implicated, according to the report.

My concern is not about the obvious political ramifications. My concern is about the ethical ramifications to lawyers. The danger of hacking is real.

No report has implicated any type of ethical wrongdoing on the part of any firm. That needs to be restated and made abundantly clear: there has been no report of any evidence of ethical impropriety by any of the law firms mentioned in the news. I am bringing this to your collective attention because it should serve as a warning. Confidential client information was stolen from that law firm in Panama… which reminds us that we are targets.

All lawyers are targets. Small firms, large firms, in-house counsel, government lawyers, you name it. The bad guys know that lawyers are the custodians of valuable information and they are coming after us in a big way. The message for all of us is clear: you could be subject to an ethics grievance if you don’t take proper steps to secure your clients’ information.

The responsibility to protect our client information is nothing new. However, these recent events require us apply an increased sense of urgency to evaluating our compliance with that duty. Have you, or your firm, taken the necessary steps to adequately protect your clients’ information? Have you considered the fact that bad guys could be targeting you? What steps have you taken to counteract the potential piracy that could be aimed at your clients’ information?

You could be darn sure that someone is going to be asking those questions to the firms that were targeted in the hacks. Maybe you need to put yourself in their position and ask, “how would we fare if that review was directed toward us?”

Our duty of competence requires that we take appropriate steps to protect our clients’ confidential information. And remember that you, as the lawyer, have the primary ethical duty, not your IT people. Furthermore, various ethics opinions have held that, in some circumstances, the lawyer needs to understand the underlying technology itself.

If these issues weren’t on the front burner in your office before, these two hacks should be causing you to shift your priorities.

Quickly.

 

Save the Date!

Stuart Teicher will be at the CLE offices on Thursday, September 8, 2016, to present two ethics programs. Registration is not yet open, but mark your calendars and don’t miss these important programs.

 

Stuart I. Teicher, Esq. is a professional legal educator who focuses on ethics law and writing instruction. A practicing attorney for over two decades, Stuart’s career is now dedicated to helping fellow attorneys survive the practice of law and thrive in the profession. Stuart teaches seminars and provides in-house training to law firms/legal departments.

Stuart helps attorneys get better at what they do (and enjoy the process) through his entertaining and educational CLE Performances. His expertise is in “Technethics,” a term Stuart coined that refers to the ethical issues in social networking and other technology. He also speaks about “Practical Ethics”– those lessons hidden in the ethics rules that enhance a lawyer’s practice. Stuart writes the blog “Keeping Lawyers Out of Trouble.”

Mr. Teicher is a Supreme Court appointee to the New Jersey District Ethics Committee where he investigates and prosecutes grievances filed against attorneys, an adjunct Professor of Law at Rutgers Law School in Camden, New Jersey where he teaches Professional Responsibility and an adjunct Professor at Rutgers University in New Brunswick where he teaches undergraduate writing courses. He is a member of the bar in New York, New Jersey and Pennsylvania. In 2014, he authored the book Navigating the Legal Ethics of Social Media and Technology (Thomson Reuters).

Colorado Court of Appeals: Computer Crime Statute not Overbroad Facially or As Applied

The Colorado Court of Appeals issued its opinion in People v. Stotz on Thursday, February 11, 2016.

Matthew Stotz and Gustav Eicher (defendants) were managers for the Denver office of Electric Power Systems (EPS), a nationwide company that performs electrical testing for utilities. In July 2012, defendants and three other employees resigned from EPS and began working for a competitor, EPC. When defendants returned their company laptops to EPS, there were several files missing, including bids for clients, operation manuals, and emails. EPS paid a forensic computer company to recover the deleted files, but the recovery data was incomplete and difficult to use. EPS initiated a civil suit against Stotz, Eicher, and the other three employees, and in October 2012 the district court issued a preliminary injunction, enjoining defendants from using information pertaining to bids they had obtained while at EPS and ordering them to return the missing files that they had saved onto external hard drives. Stotz and Eicher had already returned the data in September 2012.

In November 2012, EPS submitted a formal complaint to the Economic Crime Unit of the Denver District Attorney’s Office, and the DA’s office filed criminal charges against Stotz and Eicher in January 2013. EPS sought and obtained, over objection of defendants, dismissal without prejudice of the civil suit. Defendants were charged with computer crime causing loss of more than $1,000 but less than $20,000, conspiracy to commit computer crime, conspiracy to commit theft, theft of trade secrets, and conspiracy to commit theft of trade secrets. A jury convicted them only of the felony computer crime charge, and they were sentenced to a suspended two-year prison sentence with two years of probation and ordered to pay $104,920.26 in restitution.

Defendants appealed, arguing the computer crime statute was unconstitutionally vague both as applied and on its face because it provides inadequate guidance as to what conduct is prohibited, it criminalizes lawful conduct, and it impermissibly left the determination of criminality to EPS. The court of appeals rejected all of defendants’ arguments. The court noted that the deletion of thousands of documents from an employer’s computer clearly falls within the statutory definition of “damage,” and that definition is specific enough to provide notice to a person of ordinary intelligence that the deletion of thousands of documents may cause damage to the computer’s data. The defendants’ facial challenge based on the definition of “damage” therefore failed. Next, analyzing defendants’ as-applied challenge, the court of appeals rejected defendants’ theory that they could do whatever they wanted with their employer-owned laptops. The court noted that the truth of defendants’ assertion was a fact question for the jury, and not a question of whether the statute provided fair notice.

The court similarly rejected defendants’ overbreadth challenge, based on a theory that the statute punishes conduct that can legitimately occur within the course of business. Because defendants’ knowingly destroyed the data on the computers without company permission, their conduct fell within the State’s purview of regulation. The court declined to examine other circumstances in which the statutory language could be applied in an overbroad fashion.

Finally, defendants argued the restitution award was unreasonable because they had returned the information to EPS. Because EPS employees spent considerable time and money trying to recover the information deleted by defendants before they returned it, the district court found no error in the amount of the restitution award. The court of appeals affirmed, finding no abuse of discretion.

The court of appeals affirmed the district court.

Five Cybersecurity Tech Tips: Worries to Give You the Willies

Editor’s Note: This post originally appeared on Attorney at Work on January 29, 2016. Reprinted with permission. See below for information about ordering Colorado CLE’s homestudy for our program, “Data Privacy & Information Security: Meeting the Challenges of this Complex and Evolving Area of the Law.”

By Sharon Nelson and John Simek

A keyboard with a red button - Privacy

A keyboard with a red button – Privacy

There are lots of cybersecurity worries to give you the willies in the wee hours of the morning, but we were asked to pick five. So here are some of the most common threats for lawyers to keep in mind.

1. Ransomware. We continue to see law firms struck by ransomware, which is a type of malware that encrypts your data (restricting your access to it) and then demands a ransom payment — usually in bitcoins — to get your data back. Training your employees not to click on suspicious attachments or links in email will help. They should stay away from suspicious sites as well since ransomware can be installed by just “driving by” an infected website.

Overwhelmingly, from a technological standpoint, you can defeat ransomware by having a backup that is immune to it. This can mean, particularly for solo lawyers, that you back up and then disconnect the backup from the network. For others, it means running an agent-based backup system rather than one that uses drive letters. Make sure your IT consultant has your backup engineered so that backups are protected — that way, even if you are attacked with ransomware, you can thumb your nose at the thief’s demands for money because you can restore your system from your backup. Of course, this means backups need to be made frequently to avoid any significant data loss.

2. Employees. Employees are by nature rogues. Every study made shows employees will ignore policies (assuming they exist) to do what they want to do. This often means people bring their own devices (BYOD) which may be infected when they connect to your network. They may also bring their own network (BYON) or bring their own cloud (BYOC). Certainly, your policies should disallow these practices (in our judgment) or, at least, manage the risks by controlling what it is done by implementing a combination of policies and technology.

Oh, and employees steal your data or leave it on flash drives or their home devices, too. This means you have “dark data” — data you don’t know about and over which you have no control. This means you may miss data required in discovery because you don’t know it exists. Your data may not be protected in compliance with federal or state laws and regulations. And you have no way to manage the data because you don’t know it is there. Once again, a combination of policies and technology should be in place to prevent these issues.

3. Targeted phishing. This is perhaps the greatest and most successful threat to law firm data. Someone has you in their sights — often they have done research on your law firm. They may know the cases you are involved in — and who your opponents are. They may know the managing partner’s nickname. Everything they know about you, they may use to get you to click on something (say, an email from an opponent referencing a specific case and saying “The next hearing in ___ case has been rescheduled as per the attachment). Many a lawyer has clicked on such attachments — or a link within an email.

The best solution to protect yourself from targeted phishing is training and more training — endlessly. One California firm was targeted by multiple phishing attacks but survived them because the lawyers and staff who received such emails questioned their authenticity.

Forget the loss of billable time. The loss of money, time and even clients due to a data breach can be far worse.

4. Interception of confidential information. Start with the proposition that everyone wants your data, including cybercriminals, hackers and nation states (including our own). Frankly, if they want your data and they have sophisticated tools, they will get it. So shame on you if you are not employing encryption (which is now cheap and easy) to protect confidential data transmitted and received via voice, text, and email. Encryption today is a law firm’s best friend. You may choose to use it always or in cases where it is warranted — but you surely should have the capability of encrypting.

5. Failure to use technology to enforce passwords policies. First, let us say that you should use multi-factor authentication where available and use it to protect sensitive data. But failing that, we recognize that passwords are still king in solo practices and small to midsize firms. Therefore, have your IT consultant assist you in setting up policies that can be enforced by technology, requiring that network passwords be changed every 30 days, not reused for an extended period of time — and mandating strong passwords (14 or more characters in length, utilizing upper- and lowercase letters, numbers and symbols). Passphrases are best. Iloveattorneyatwork2016! would do nicely.

There are many other “willies” out there, but address them one digestible chunk at a time!

Sharon D. Nelson (@SharonNelsonEsq) and John W. Simek (@SenseiEnt) are the President and Vice President of Sensei Enterprises, Inc., a digital forensics, legal technology and information security firm based in Fairfax, VA. Popular speakers and authors, they have written several books, including “The 2008-2015 Solo and Small Firm Legal Technology Guides” and “Encryption Made Simple for Lawyers.” Sharon blogs at Ride the Lightning and together they co-host of the Digital Detectives podcast.

 

CLE Homestudy: Data Privacy & Information Security — Meeting the Challenges of this Complex and Evolving Area of the Law

This CLE presentation took place Friday, January 22, 2016. Order the homestudy here: CDMP3 audioVideo OnDemand.

Top Ten Law Practice Management Programs and Homestudies

The year is almost over, and with it the compliance period is ending for many Colorado attorneys. As we draw to a close with our review of the Top Ten Programs and Homestudies in several substantive practice areas, we wanted to include something important to practitioners across all fields of law—law practice management and legal writing. Colorado CLE offers law practice management and legal writing programs throughout the year, including classes on how to use Adobe Acrobat in a law practice, analyzing financial statements, conducting online research, and much more. Read on for the Top Ten Law Practice Management Programs and Homestudies.

10. Essential Legal Research Methods and Resources for Colorado Lawyers. Legal research in a university setting often involves analyzing a long-standing legal issue with well-established outcomes. Research in practice, however, can focus on cutting edge and messy legal issues where the law is only starting to emerge, with conflicting and ethical issues. This program provides advanced techniques for finding and analyzing primary and secondary law sources, free legal research, and more. Three general credits; available as CD homestudy, MP3 audio download, and Video OnDemand.

9. Drafting Complex Legal Documents with Microsoft Word. This program, taught by nationally renowned speaker Barron Henley, features tips and tricks to create, share, automate, and manage electronic documents. Learn about Word’s style features, simple automation techniques, file organization, keeping documents secure while allowing comments, and more. Seven general credits, including one ethics credit; available as DVD homestudy and Video OnDemand.

8. Legal Writing in the Smartphone Age. Gone are the long, flowing emails messages with pretty graphics and lots of attachments. Today’s communication — almost 100% electronic — is immediate, brief, clear, and powerful. Designed to boost your instant or near-instant message-drafting skills, this practical half-day program will teach you how to draft clearer and more effective emails, court documents, and memoranda. Three general credits; available as CD homestudy, MP3 audio download, and Video OnDemand.

7. Accounting and How to Understand and Analyze Financial Statements. There are financial issues involved with every type of law practice and it is your duty to possess the skills and knowledge necessary to handle those issues effectively.  This detailed program will provide you with the financial literacy required to protect yourself and your clients through your understanding of accounting concepts, terminology, and financial statements. Six general credits; available as CD homestudy, MP3 audio download, and Video OnDemand.

6. iPad for Legal Professionals — Basics and Advanced. These two half-day programs provide useful tips for using iPads in a law practice. The first half covers “must-have” apps that should be on every lawyer’s iPad and tackle important security settings and how-to’s on loading documents and printing. The second half answers more advanced questions, like “How can you do legal research on the iPad? How do you give a presentation on the iPad? Do you need to buy a keyboard or stylus?” Four general credits each; available as DVD homestudy (Basics/Advanced) or Video OnDemand (Basics/Advanced).

5. Better Motion Practice — How to Argue, Present, and Write Motions More Effectively. This program is designed for lawyers who want to sharpen their skills. It provides a practical overview of various kinds of motions likely encountered in pre-trial civil practice. Specific techniques, skills, and methods for persuading the court and decision-makers are covered. The program will generally reference state and federal rules of procedure and evidence. Seven general credits; available as CD homestudy, MP3 audio download, and Video OnDemand.

4. The Art of Communication. Being a lawyer means being an effective communicator. Yet, in an increasingly electronic age, what is effective communication and how do we measure our own effectiveness in keeping our clients informed as to complex issues, guiding them in making difficult decisions, and speaking on their behalf to others? This half-day interactive seminar is designed to explore in depth the art of strategic communication by introducing participants to theories and specific practice tips concerning improved written and electronic communications. Four general credits; available as MP3 audio download and Video OnDemand.

3. How to Become Your Own Cybersleuth: Conducting Effective Internet Investigative and Background Research. In this fast-paced investigative research seminar, you will learn to create more effective Internet searches to locate information crucial to your matters, which you might otherwise miss. We will reveal hidden Google search features and shortcuts to speed up your research. You will also learn to use free public record sites and sites with free “publicly available” information (including social media sites), for discovery, trial preparation, background checks, and for locating missing persons. Discover the advantages (and limitations) of data broker databases. Each homestudy comes with a copy of the book, The Cybersleuth’s Guide to the InternetSeven general credits; available as live Video Replay in Denver on January 5, 2016, or as CD homestudy.

2. Hanging Your Shingle 2015: Hardware. Software. Anywhere You Go. In this intensive two and a half day course, you will get the tools, information and building blocks you need to confidently open the doors to your new firm. If you believe you can’t afford to venture out on your own, is it time to ask yourself if you can afford not to? Eighteen general credits, including 7.9 ethics credits; available as CD homestudy, MP3 audio download, and Video OnDemand. NOTE: This program is repeated annually. Click here for the 2014 program and click here for the 2013 program.

1. Preventing Legal Malpractice. Each year, CLE presents two Preventing Legal Malpractice programs: one directed at transactional attorneys, one directed at litigation attorneys. In addition to the printed materials, each attendee receives a copy of CLE’s book, Lawyers’ Professional Liability in Colorado. For 2016, there will be Preventing Legal Malpractice programs in Denver on March 11 and in Colorado Springs on March 17. Registration is not yet open, but save the dateFour general credits, including four ethics credits. NOTE: This program is repeated annually. Click here for the 2015 programs (transactional/litigation) and click here for the 2014 programs (transactional/litigation).

10 iPad Apps for Use in the Office and the Courtroom

PrintThink of the first courtroom you were ever in. Was there a flip chart? An easel? A projector and slides? Or was there a sophisticated plasma TV screen and electronic system so attorneys could showcase their best evidence through their tablets? That last example may not have appeared in your first courtroom, but it certainly is becoming a common sight today.

Attorney Jason Márquez of Johnson Márquez Legal Group uses an iPad in every courtroom presentation where the judge allows it. Using apps like Adobe, Evernote, and Pocket Scan, he can create a compelling courtroom presentation to highlight favorable evidence while minimizing costs associated with photocopying and creating exhibit notebooks. Márquez believes so strongly in using iPads in his practice that he provides them to every member of his firm. He uses several apps, but suggests these ten apps as must-haves for office use and courtroom presentations:

  1. Adobe Acrobat® is multi-platform, PDF solution that allows you to work with all kinds of documents to: View, Create, Manipulate, Print, Combine files.
  2. GoodReader® is the super-robust PDF reader for iPad, iPhone and iPod touch. Sync with Dropbox, OneDrive, any FTP or SFTP server. Sync entire folders or individual files separately.
  3. DropBox® is a folder on your computer that synchronizes your files online and across computers. Any files you place within it will be available on your other computers with Dropbox, as well as the web.
  4. Evernote® is designed for note-taking and archiving. A “note” can be a piece of formatted text, a full webpage or webpage excerpt, a photograph, a voice memo, or a handwritten “ink” note. Notes can also have file attachments.
  5. Pocket Cloud® is a secure and fast way to remotely connect to your Mac or Windows desktop with your iPad, iPhone, iPod touch, or Android device no matter where you are. Access your files, pictures, and applications like Excel, Powerpoint, Photoshop, games or any other program.
  6. Tiny Scan® turns your iPhone/iPad into a portable scanner. Scans are saved to your phone as images or PDFs. Name and organize your scans into folders, or share them by: Email, Dropbox, Evernote, DropBox, Wi-Fi to your computer, Fax (using TinyFax).
  7. Dragon® Dictation is an easy-to-use voice recognition application powered by Dragon® NaturallySpeaking® that allows you to easily speak and instantly see your text or email messages. In fact, it’s up to five (5) times faster than typing on the keyboard.
  8. Prezi® is a presentation tool that can be used as an alternative to traditional slide making programs such as PowerPoint or Keynote. Instead of slides, Prezi makes use of one large canvas that allows you to pan and zoom to various parts of the canvas and emphasize the ideas presented there.
  9. Casemaker® is an alternative legal research tool to LexisNexis and Westlaw. It allows users to search and browse a variety of legal information such as statutes, regulations, and case law on the Web. Casemaker comes free with your CBA membership!
  10. JuryPad® assists with voir dire in different jurisdictions. Create custom seating charts for any courtroom. Add or modify a juror’s information including age, occupation, education, prior jury service, and much more.

Márquez will present on “The iPad Advantage” at the 2015 Colorado Legal & Technology Expo on Friday, August 21, 2015 at the Warwick Hotel in downtown Denver. Entrance to the Expo is free, and Márquez’s CLE program is only $19 for CBA members. Join us at the Warwick on Friday and learn how you can increase your productivity—and your bottom line.

2015 Colorado Legal & Technology Expo

The 2015 Colorado Legal & Technology Expo will take place on Friday, August 21, 2015 at the Warwick Hotel in Denver. Entrance to the Expo is free. Each 50-minute CLE program is $19 for CBA members and $39 for non-CBA members. Register for the event and find more information here.