By Bill Kammer
Zoom Bombing
By now, most of us have either initiated or attended a Zoom meeting or conference. Our community’s level of expertise probably varies from novice to sophisticated, but all lawyers have heard of security issues with the Zoom application. Zoom Bombing refers to unauthorized visitors entering conferences or meetings, often because the organizer has broadcast or reused a meeting ID. Organizers can easily eliminate that concern by not reusing meeting IDs, adding a password to any meeting invitation, and locking the meeting room when all invitees have entered the meeting. Lawyers naturally have privacy and confidentiality concerns. Zoom has promptly repaired the reported security issues and clearly remains the application of choice for most web meetings and conferences.
Reed Smith’s New App
This national law firm has developed an electronic discovery application you may find useful. The free E-Discovery App is available for download in both the Apple App Store and Google Play. With the app, you have access to a glossary, selected rules, sample forms, a GDPR checklist, a vendor directory, and other reference materials.
iPhone Location Data
You may have recently seen messages on your iPhone about apps wanting to use your location data. These messages result from new versions of the operating system that have provided privacy improvements. Even if you once granted an application permission to mine your location data, these new reminders provoke a suggestion that you only permit an app to use location data when using the application, assuming the app needs to know where you are to provide relevant information. Past collection and mining of location data likely did not benefit consumers. If so, there is really no reason to tolerate that. A favorite example of unnecessarily broad permission requests was the flashlight apps that wanted location data and access to your contacts. Too often, we clicked on those permission requests. Now, because of Apple’s privacy changes via its operating system, marketers are collecting 68% less background location data.
Deepfakes
Most lawyers have experienced altered evidence such as documents and photographs and have developed methods to evaluate their authenticity.
Now, they must consider no longer taking audio or video evidence at face value. This results from the advent of deepfake technology. Increased computer power and audio and video forging software have developed to where a plausible but fake recording is a simple creation. The forging technology uses the power of machine learning to analyze old footage of past speeches or presentations to then produce a fake video with words the speaker never used. You may have seen audio and video examples in social media, but now these are just something else for trial lawyers to worry about. Recent reports noted the appearance of deepfakes in family law proceedings. A prime example was the proffer of a forged audio recording of a party threatening another party. The intonations, word choices,
and accents were those of the supposed actor, but the recording was a complete fake.
Passwords and Password Managers
This topic will never go away because it deserves constant attention. The power of modern computers has reduced attacks on simple and short passwords to child’s play. Length and variety remain the best defenses to password attacks. Remember also that a passphrase is just as effective as a password and usually much easier to remember. You can judge your password’s strength and demonstrate the power of small changes at a site such as GRC’s www.grc.com/haystack. If you want to illustrate the methods to enhance password security, visit Dialogic’s website at dialogictelecom.com/2019/04/passwords-dont-keep-all-your-eggs-in-one-basket.
Law Office Security
Law offices remain soft targets for bad actors seeking confidential information or ransom sums. Hacks of law firms are frequently featured in headlines, and some hacked law firms have been sued for malpractice by clients whose confidential information was disclosed. Human error remains the predominant cause, and phishing is the most common weapon. The only defense is constant training and testing. That testing might also include “pen testing,” white hat hackers attempting to penetrate systems and networks.
IoT Hacks
The Internet of Things (IoT) consists of many devices and products in offices and homes connected, often wirelessly, to and over the internet. Even with installed security, most are sold with generic passwords that require immediate change and enhancement. We’ve all heard of hacked monitors, baby cams, and doorbells, but the threats include everyday commodities such as Philips Hue Smart Bulbs. Devices usually have firmware that can and should be updated as vulnerabilities provoke manufacturers to make security changes. But the simple reminder provided by the backdoor vulnerability of a lightbulb should alert us to weigh the utility of these IoT devices against the security risk they may present.
Bill Kammer is a partner with Solomon Ward Seidenwurm & Smith, LLP.