Lawyers Would Rather Fly Than Download PGP 426
An anonymous reader writes "The NYTimes is running a front-page story about lawyers for suspects in terrorism-related cases fearing government monitoring of privileged conversations. But instead of talking about the technological solutions, the lawyers fly halfway across the world to meet with their clients. In fact, nowhere in the article is encryption even mentioned. Is it possible that lawyers don't even know about PGP?" The New Yorker has a detailed piece centering on the Oregon terrorism case discussed by the Times.
Where I work (Score:2, Informative)
I work at a law firm that is considered in the top 25 as far as firms go. We are also ranked in the top 10 in terms of providing technology to the lawyers.
We have probably 3 out of 1000 lawyers that have used PGP for business purposes. For those 3, it was because the client requested it. PGP is a PITA in a law firm environment. Lawyers get paid to practice law, not to use technology. Communications between lawyers and the client is not between Joe Client and Jim lawyer, it is between Joe Clients group of 20 people and Jim lawyers group of 20-500 people including third party processors, litigation support teams with their applications, paralegals, etc....
Even with the current offerings of commercial PGP applications and integration into Outlook, it does not work easy with that many people.
What many large firms and large clients do is use TLS integrated into the outgoing/incoming email. The path out and in is secured. It is seamless to the lawyer and client.
Re:S/MIME, anyone? (Score:1, Informative)
Re:Communication more than just writing (Score:4, Informative)
PORTLAND, Ore. Thomas Nelson, an Oregon lawyer, has lived in a state of perpetual jet lag for the last two years. Every few weeks, he boards a plane in Portland and flies to the Middle East to meet with a high-profile Saudi client who cannot enter the United States because he faces charges here of financing terrorism.
Mr. Nelson says he does not dare to phone this client or send him e-mail messages because of what many prominent criminal defense lawyers say is a well-founded fear that all of their contacts are being monitored by the United States government.
It's all fair game (Score:3, Informative)
These would probably be the first guys on the NSA's list of folks to snoop on.
You can bet the lawyers handling these cases are, however, aware of the implications of a violation of attorney-client privilege, and would appeal if concrete records of such monitoring ever came out.
Re:Security not just about encryption. (Score:4, Informative)
However, the FBI (and by loan or extension, the NSA) has some very good black bag people, and they are much more likely to add in a hardware keylogger or currently-undetectable rootkit nowadays. That's how the FBI got crucial evidence against Nicodemo Scarfo, Jr., son of former mob boss Little Nicky Scarfo, adding a hardware keylogger to grab his PGP password to allow them to decrypt his messages in concert with his private key, also copied at the time.
Re:Security not just about encryption. (Score:3, Informative)
Re:S/MIME, anyone? (Score:4, Informative)
If the NSA compromises your CA, the best they can do is create another certificate which pretends to be yours. If the destination already had your certificate, then the public key they have won't match your private key.
The grandparent needs to review PKI.