Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Privacy Encryption Security Government The Courts Politics News

Lawyers Would Rather Fly Than Download PGP 426

An anonymous reader writes "The NYTimes is running a front-page story about lawyers for suspects in terrorism-related cases fearing government monitoring of privileged conversations. But instead of talking about the technological solutions, the lawyers fly halfway across the world to meet with their clients. In fact, nowhere in the article is encryption even mentioned. Is it possible that lawyers don't even know about PGP?" The New Yorker has a detailed piece centering on the Oregon terrorism case discussed by the Times.
This discussion has been archived. No new comments can be posted.

Lawyers Would Rather Fly Than Download PGP

Comments Filter:
  • Is it possible that lawyers don't even know about PGP?"

    Is it possible that the submitter doesn't even know about keyloggers, passive listening devices (for phones), compromised encryption binaries, vulnerabilities in protocols, etc?

    If the goddamn NSA can't snoop on an encrypted conversation between a lawyer & client, then frankly, they're not doing their job
    • by Brian Gordon ( 987471 ) on Monday April 28, 2008 @07:22PM (#23231898)
      If the NSA can listen in, then PGP isn't doing their job.
      • If the NSA can listen in, then PGP isn't doing their job.

        It's got to be decrypted at one end of the other - there's not much PGP can do about a compromised terminal, keyloggers, passive listening devices (reconstructing passwords from the sound of keyboard tapping), etc.

        Basically, a well-resourced, determined attacked doesn't have to crack PGP itself.
        • by Sloppy ( 14984 ) on Monday April 28, 2008 @07:39PM (#23232144) Homepage Journal

          there's not much PGP can do about a compromised terminal, keyloggers, passive listening devices (reconstructing passwords from the sound of keyboard tapping), etc.
          If there's a microphone in the room, then meeting in person probably isn't much better.
          • Re: (Score:3, Insightful)

            by dekemoose ( 699264 )
            Unless that meeting occurs outside of this country, which is why the lawyer in question is racking up the frequent flyer miles.
            • Because there are no US agents anywhere outside the boundaries of the US.
              • Would a recording outside of the US be viable in a US court? I don't know Australian law on the matter either. Of course, using said recording to direct ones investigations ("I just had a hunch boss") is still, of course, viable.
                • Re: (Score:3, Insightful)

                  by cheater512 ( 783349 )
                  Does it have to be viable evidence in a court of law?

                  Remember that we are talking about private discussions between lawyers and clients.
                  Thats supposed to be highly confidential to start with.
                • Re: (Score:3, Informative)

                  Actually you don't even have to call it a hunch. You can use all sorts of things in the course of an investigation that you cannot use in court. For example intelligence gathered by one of the agencies from a foreign agent that reveals the identity of an internal mole. Generally that would be inadmissable as evidence, but its perfectly legit to use it as justification to investigate the individual to get evidence you can use in court.
                • Re: (Score:3, Insightful)

                  by ceoyoyo ( 59147 )
                  In terrorism cases I don't believe you need to worry about things like "viable in court."
                • by fyngyrz ( 762201 ) * on Tuesday April 29, 2008 @12:53AM (#23234890) Homepage Journal

                  Would a recording outside of the US be viable in a US court?

                  Do US courts seriously consider these issues any longer? The majority of the constitution is at best nod and wink territory these days. They tap whoever they want; they jail whoever they want; and as for admissible in court, who says it'll even get to court? Who says you'll even get a phone call? This isn't your father's USA.

        • Re: (Score:3, Interesting)

          by Otter ( 3800 )
          Basically, a well-resourced, determined attacked doesn't have to crack PGP itself.

          Anyway, who says the NSA can't crack PGP? Some crypto-fanboy showing off how much smarterer he is than lawyers who make no claim of security expertise and have a professional obligation to err on the side of caution?

          • by AHuxley ( 892839 )
            You do not need into "PGP".
            If its running on MS, you are in with a click.
            This is not the Enigma or Crypto AG days where the spooks need to think about a unique 'box'.
            No need to get into PGP, when the OS is wide open.
            Face to face you are in the lawyers world.
            They can read a face like the NSA/CIA/FBI/DHS can read MS.
          • by Angst Badger ( 8636 ) on Monday April 28, 2008 @09:28PM (#23233352)
            If it were my ass on the line, I'd assume that the NSA can crack PGP. I remember many years ago when PGP first appeared and how much effort the NSA put into trying to get Congress to stuff the genie back into the bottle. Then, all of a sudden, they stopped resisting. Either the NSA decided they couldn't win -- which is frankly out of character for them -- or they found a way to crack it. Given the resources available to them, I wouldn't want to rely on any cryptographic system that doesn't bother them.
          • Re: (Score:3, Interesting)

            I can think of a couple of reasons to meet face to face, but the vulnerability of PGP is not one of them. There are scientific reviews of the implementation, so it's disingenuous to characterize it as a fanboy technology. Besides, if you really doubted it, you could make a single trip to your client and set up a supply of unbreakable one-time pads.

            I think it's funny how willing some people are to speculate that US Intelligence agencies have superhuman powers. Haven't their obvious limitations dispelled the
      • Re: (Score:2, Insightful)

        by BungaDunga ( 801391 )
        PGP's job is to stop anyone snooping in between sender and receiver. If either computer has been rooted, then you could be running as much encryption as you like and they'll still be able to read your keystrokes. PGP stands for "pretty good privacy": is that good enough for a lawyer?
      • For all I know the NSA can decode the text on your screen by listening to the whine of your CRT from down the street.
        • by Martin Blank ( 154261 ) on Monday April 28, 2008 @08:59PM (#23233046) Homepage Journal
          That's not far from the truth. Each monitor has a unique signal that can be tuned in using TEMPEST gear, to which s0litaire indirectly referred in another reply to you. PGP has (had?) a viewer that was intended to defeat TEMPEST viewing. I don't know the details of it, but I recall it was a gray-on-gray scheme, and it had something to do with the relatively low resolution and color depth available on TEMPEST viewers.

          However, the FBI (and by loan or extension, the NSA) has some very good black bag people, and they are much more likely to add in a hardware keylogger or currently-undetectable rootkit nowadays. That's how the FBI got crucial evidence against Nicodemo Scarfo, Jr., son of former mob boss Little Nicky Scarfo, adding a hardware keylogger to grab his PGP password to allow them to decrypt his messages in concert with his private key, also copied at the time.
    • by Ethanol-fueled ( 1125189 ) * on Monday April 28, 2008 @07:30PM (#23232032) Homepage Journal
      Another question: Why does the summary title read, "Lawyers would rather fly than download PGP" while the summary asks,
      "Is it possible that lawyers don't even know about PGP?"
    • by mrbluze ( 1034940 ) on Monday April 28, 2008 @07:39PM (#23232134) Journal

      If you take into consideration that communication (as we are told) is 70% non-verbal, then any half decent lawyer will make sure he/she is able to see the client face to face. It is impossible to take a good history from a person if you can't see them, let alone hear their voice.

      Given this fact, it is not a surprise that lawyers want to meet their clients. Yes and there are limitations to PGP that won't ensure privacy especially when you are opening lines of communication in an already hostile environment. There are things you just can't know unless you are physically there.

      • by Pendersempai ( 625351 ) on Monday April 28, 2008 @08:21PM (#23232644)
        That's an interesting theory, but shot down in the first two paragraphs of the article:

        PORTLAND, Ore. Thomas Nelson, an Oregon lawyer, has lived in a state of perpetual jet lag for the last two years. Every few weeks, he boards a plane in Portland and flies to the Middle East to meet with a high-profile Saudi client who cannot enter the United States because he faces charges here of financing terrorism.

        Mr. Nelson says he does not dare to phone this client or send him e-mail messages because of what many prominent criminal defense lawyers say is a well-founded fear that all of their contacts are being monitored by the United States government.

      • by ozbird ( 127571 )
        I'm sure being able to charge for your travel time and expenses had nothing to do with their preference to fly. No siree...
    • by plover ( 150551 ) * on Monday April 28, 2008 @07:53PM (#23232352) Homepage Journal
      Imprisoned suspects don't have the right to free communications, and especially not encrypted communications. The only privacy they're assured of (in the United States) is if it's a letter going to an attorney; but how is the warden to know for sure that huey.dewey@dewey-cheatham-and-howe.com is really the public key belonging to a licensed attorney, and not the aliased public key of Emmanuel Goldstein or Osama bin Laden?

      Even if they knew this for sure, the jailer is under no obligation to provide access to PGP or even a computer, and he would likely be an idiot if he did provide PGP to the inmates.

      • Do imprisoned suspects have the right to send encrypted letters (of the ink-and-paper variety) to an attorney? If so, encrypted emails should be fair game. After all, your objection doesn't seem to be with the encryption per se, but rather that the email is actually being routed to a lawyer. It wouldn't be difficult for the warden to ensure that the email is going where it's supposed to go, regardless of whether it's encrypted.
    • This is the credited answer. At first, I was leaning towards being cynical and thought that the lawyers just wanted to pad the bill. But we're talking about the United States of America deciding to spy on "terrorists" and their attorneys. I mean, "The Justice Department does not deny that the government has monitored phone calls and e-mail exchanges between lawyers and their clients as part of its terrorism investigations in the United States and overseas. *** In a terrorism-financing investigation centered on the offices of an Islamic charity here, the government mistakenly provided defense lawyers in August 2004 with what the lawyers say was a logbook of intercepted phone calls between the charity's lawyers in Washington, D.C., and clients in Saudi Arabia."

      If the government is tapping your phone lines, what makes you think they aren't intercepting your e-mail? I'm sure PGP would avoid problems like the U.S. government installing a keylogger on your system, or just sending a national security letter demanding access to your e-mails on pain of imprisonment as an accomplice to terror. Oh wait, it doesn't.

      I'd rather take the airplane flight be more sure that I'm not getting bugged.
      • by pipingguy ( 566974 ) * on Tuesday April 29, 2008 @12:53AM (#23234894)
        I'd rather take the airplane flight be more sure that I'm not getting bugged.

        And then the bastards will install a 3 year-old to kick your seat from behind, an incessant talker who loves chatting about lolcats next to you and a screaming infant in the seat in front just to bug you. You can't possibly win and they'll all be wearing a wire.
    • Kdawson hasn't done much to earn his editor keep here, but he has done much to cement his reputation for knee jerkery.
    • Heh, even the submitter didn't bother to include a link for PGP [wikipedia.org].

      Which, in turn, has links...

  • Of course, while PGP may solve some of these problems what is so bad about having some face to face time with your lawyer.
    • by JesseL ( 107722 ) *
      Nothing, If you've got more money than you know what to do with.

      The lawyers travel time and business class airfare are going on your bill.
  • nuff said.
  • by overshoot ( 39700 ) on Monday April 28, 2008 @07:23PM (#23231914)
    It's all billable hours, remember.
    • Plus minibar, out of town expenses and an excuse to take the shaggable assistant to an out-of-town location for a few days.
    • Re: (Score:3, Insightful)

      The downside is in the jet lag, waste of time, and inconvenience to both attorney and client. A criminal defense lawyer prominent enough to represent a wealthy Saudi defendant accused of terrorism likely doesn't have any trouble billing as many hours as he is willing to work. I assure you that this guy would much rather be working on an interesting legal problem than snoozing on an airport seat. I think your cynicism is going too far.
    • Exactly what I came here to say.

      When you think about it, if you bill by the hour any time efficacy ends up costing you money ( in terms of lost billable hours ).

      Now, if you can make up that lost revenue in terms of increased business ( possibly through undercutting the competition on price, although that can't last forever ) then it's worth the effort. If not, then you're cutting your own throat.

      Think I'll go throw up now... seems I'm channeling a PHB or something.
  • You have that much faith in PGP over the government's nearly unrestricted resources in surveillance? really?

  • S/MIME, anyone? (Score:5, Interesting)

    by danaris ( 525051 ) <danarisNO@SPAMmac.com> on Monday April 28, 2008 @07:24PM (#23231924) Homepage

    What is it with the Slashdot crowd and PGP? What's wrong with S/MIME?

    I can say with some authority, having been evaluating and testing it for my company for some months now, that it is natively supported by current versions of the 3 major email clients (Outlook, Thunderbird, and Apple Mail), and that their implementations are, by and large, compatible.

    So...are there any particular issues with S/MIME that make PGP a significantly more desirable solution?

    Dan Aris

    • by ScrewMaster ( 602015 ) on Monday April 28, 2008 @07:33PM (#23232060)
      So...are there any particular issues with S/MIME that make PGP a significantly more desirable solution?

      Everybody hates a mime.
    • Re:S/MIME, anyone? (Score:5, Interesting)

      by Tacvek ( 948259 ) on Monday April 28, 2008 @07:39PM (#23232140) Journal

      What is it with the Slashdot crowd and PGP? What's wrong with S/MIME?

      I can say with some authority, having been evaluating and testing it for my company for some months now, that it is natively supported by current versions of the 3 major email clients (Outlook, Thunderbird, and Apple Mail), and that their implementations are, by and large, compatible.

      So...are there any particular issues with S/MIME that make PGP a significantly more desirable solution?

      Dan Aris

      I think many Slashdot poster prefer OpenPGP encryption to S/MIME because OpenPGP is not email specific, and having 2 different keys (an S/MIME email key, and a PGP key) is not ideal. Further I suspect the PGP Web of Trust model is preferred by many of us to the CA model. Of course, there are ways around both things, but it may be slightly easier to use PGP for email than to deal with those issues. However, for your uses (depending on what they are), S/MIME may indeed be the best solution.
    • S/MIME requires going through a CA to get your key signed. PGP's web-of-trust makes more sense for individuals.
    • I love S/MIME, and it's great for practical commercial security. It's good enough for the exchange of HIPAA-protected data, IMHO, and I'm kinda paranoid about that.

      But if I were up against an intelligence agency, I would not trust S/MIME. (Nor PGP, for that matter.)
    • Re: (Score:3, Funny)

      by Hatta ( 162192 )
      You're right. S/MIME is a terrible thing to waste.
    • Re:S/MIME, anyone? (Score:5, Interesting)

      by Chandon Seldon ( 43083 ) on Monday April 28, 2008 @08:35PM (#23232794) Homepage

      OpenPGP software allows you to easily self-generate valid keys. Doing the same with S/MIME (self-signing certificates) is really obnoxious. Further, OpenPGP clients tend to support a web-of-trust introduction model which is strictly better for actual security than the centralized commercial PKI model that S/MIME software tries to force on users.

      For sending secure messages within a medium to large sized organization there is some argument for S/MIME using a local CA, but even then simply emulating the same effect with a organization PGP key signer and key server is probably cleaner.

    • Re: (Score:3, Insightful)

      by dpilot ( 134227 )
      S/MIME has a single point of failure - the CA. They can be presented with a warrant, or worse still, a National Security Letter, and your privacy is all gone.

      The Web of Trust of PGP doesn't give anyone else your private key. It only gives attestation to your identity. Even if one of your contacts was wretched villainous scum he can't compromise your key, the worst he can do is issue transitive trust (ab)using your trust of him.
  • by Derling Whirvish ( 636322 ) on Monday April 28, 2008 @07:26PM (#23231964) Journal

    But instead of talking about the technological solutions, the lawyers fly half way across the world to meet with their clients.
    There are other considerations involved. Similar to how TV News anchors somehow manage to find stories to report on in the Caribbean that require their personal presence during the worst months of North American winters.
  • Has the submitter not heard about billable hours?

  • Something I've learnt a bit from business.

    Perceived security is a lot easier to sell and profit from then actual security.

    Unless their clients are nerds themselves, they are not going to understand, let alone trust what PGP does.

    Every client understands how much harder it is to listen in on a face to face talk. They appreciate that, and that kind of appreciation is also billable.
  • by EdIII ( 1114411 ) *

    Is it possible that lawyers don't even know about PGP?"


    No, they probably do. They just ALSO know the amount of billable hours it takes to "fly half way across the world" to meet their clients.
  • They're just aware of all the CIA backdoors.

    \me adjusts tinfoil hat
  • I know quite a few attorneys, and for some reason cuturally many of them are very slow to embrace technology. Most of them still prefer faxes over emails, and I can see encryption taking a long, long time to get any kind of adoption in the legal community.

    That doesn't mean all lawyers by any stretch, but many really do seem to be a bit hidebound with regards to adopting technology.
  • by Compuser ( 14899 ) on Monday April 28, 2008 @07:32PM (#23232044)
    I would not trust encryption in this case. You are dealing with an agency or agencies capable of gaining physical access to your computer so the only security worth a lick is guarding yourself against planted mics and the like and keeping it all in your brain. Sounds like the lawyers are doing their job properly.
  • You can get a person to say a lot of thing face to face that they will never say over an impersonal email - no matter how encrypted.
  • Are you dumb? (Score:4, Insightful)

    by Reality Master 201 ( 578873 ) on Monday April 28, 2008 @07:36PM (#23232100) Journal
    Since the government's willing to bug communications, what's going another step and snagging the prisoner's password with a keylogger? Or snagging decrypted text from memory, or any one of a slew of things you could do with a lot of money, time, and complete access to one end of the connection.

    Hell, they could just torture the password out of the prisoner - turns out that the Land of the Free and the Home of the Brave does that kind of thing now.
    • by alfredo ( 18243 )
      The NSA can crack just about anything you can throw at them. If I was a lawyer I not trust any electronic transmission with any client in US custody. Where you meet will be bugged. Big brother doesn't believe in fair trials. To them it is a privilege, not a right.

  • Where I work (Score:2, Informative)

    by Anonymous Coward
    Not specific to the article but anyway...

    I work at a law firm that is considered in the top 25 as far as firms go. We are also ranked in the top 10 in terms of providing technology to the lawyers.

    We have probably 3 out of 1000 lawyers that have used PGP for business purposes. For those 3, it was because the client requested it. PGP is a PITA in a law firm environment. Lawyers get paid to practice law, not to use technology. Communications between lawyers and the client is not between Joe Client and Jim
  • It's an interesting story but a very silly title.

    The type of security that you need to ensure a very interested US government from monitoring you is not affordable in this case.

    PGP would make the government's job a great deal more difficult, but the physical security needed to prevent the feds from inserting some sort of eavesdropping device on either end of the communications channel is not affordable to your average terror suspect.

  • by Actually, I do RTFA ( 1058596 ) on Monday April 28, 2008 @07:40PM (#23232164)
    How would that play out?
    An e-mail:
          Attn Client,
    Please download PGP in violation of US export control laws.
                Your accomplice,
                      your lawyer

    Or maybe tell them in person, and then use PGP to communicate, indicating that you knew and ex post facto helped them pay off their violataion US export laws.

    Fact of the matter is, is is illegal to get encryption software to some parties as individuals, and some countries in mass. And I'm sure the clients referenced in the article are on the verboten list.
    • Which is why most crypto software is developed outside the US nowdays -- because there's nothing against importing crypto, only exporting it.
      • Which is why most crypto software is developed outside the US nowdays

        But PGP still is subject to those laws. Interestingly, I read somewhere where a textbook on cryptography was exported to a forbidden country. The CD with the binaries was confescated, but the book, with compliable source written out, was allowed.

        I agree with the spirit of the law, but it seems unenforcable.

        • Re: (Score:3, Interesting)

          Zimmermann challenged these regulations in a curious way. He published the entire source code of PGP in a hardback book, via MIT Press, which was distributed and sold widely. Anybody wishing to build their own copy of PGP could buy the $60 book, cut off the covers, separate the pages, and scan them using an OCR program, creating a set of source code text files. One could then build the application using the freely available GNU C Compiler. PGP would thus be available anywhere in the world. The claimed principle was simple: export of munitionsâ"guns, bombs, planes, and softwareâ"was (and remains) restricted; but the export of books is protected by the First Amendment. The question was never tested in court in respect to PGP, but had been established by the Supreme Court in the Bernstein case.

          More worryingly why do you agree with the spirit of the law? are foreigners not allowed privacy? DO you consider privacy as US ONLY, right?

  • by MMC Monster ( 602931 ) on Monday April 28, 2008 @07:43PM (#23232210)
    Encrypting correspondence only works if the end points are secure. If your fears of the government spying on you are based in fact, your computer is effectively compromised already.

    Between hardware keyloggers, low-level virtualization, and good old fashion espionage, it would be difficult to impossible to keep data hidden from the feds if they had the timeframe needed to run a case through the courts.
  • A nice trip around the world on the customer's dime however, that is a sacrifice they will make to obtain justice!

    (all of the following above has been sarcasm)
  • Here in the UK, there was a big fuss recently over the police bugging an MP while he visited one of his constituents in prison. In these kind of cases you have to assume you are being bugged too. That's not to say that covert communication is impossible. If a lawyer took a pad and pencil with him, they could communicate buy writing on that and keeping it close to their chest.
  • If the lawyers can bill for their flight time, it's an easy way to bill extra hours. Years ago I heard the story of a lawyer who billed 25 hours in one day, because his red-eye flight crossed time zones. (This was from a friend of a lawyer who heard the story from another lawyer, so I can't really vouch for its validity or whether the billing was accepted, but my friend delighted in telling it and thought it was hilarious.) So why would they bother with PGP and reduce their income?
    • (IANAL, but ask me again after I take the bar in July.) That's not an entirely implausible story. If you fly across time zones such that you're sitting on the same date for more than 24 hours, then you could theoretically bill for more than 24 hours in one day. More likely, however, was that the lawyer billed one client for his time in the air (travel time) and then billed another client for the time spent in the air working on the other client's matter. This may be unethical in some jurisdictions, and it w
  • "But instead of talking about the technological solutions, the lawyers fly half way across the world to meet with their clients. In fact, nowhere in the article is encryption even mentioned. Is it possible that lawyers don't even know about PGP?"

    When you're up against the FBI, CIA, and NSA - which he presumably is - even PGP is not good enough. S/MIME? Forget it*.

    PGP is a great way to protect messages in transit. But the problem here is not the security of the message in transit, it's the security of the me
    • Very nicely put. I find it touching how much faith computer-oriented people tend to have in their machines and software. The plain fact of the matter is that most security breaches and failures of confidentiality occur as the result of good, old-fashioned sneakiness and duplicity, coupled with misplaced trust and human error.

    • Barring the laptop remaining in his sight at every moment from the time he took the case until this moment, there's the possibility that a sneak-n-peek has compromised his private keys, or that someone has even installed a keylogger.

      That's actually pretty reasonable to guard against, and given that the laptop would presumably be locked, someone would need to be alone with it for an extended period of time.

      And did you notice that even the Ninth Circuit has now allowed laptops to be searched by border guards without evidence of a crime?

      A laptop can be had for less than that plane ticket, so you don't have to take that particular one overseas.

      Now consider that the lawyer's own laptop is probably the more secure end of the connection.

      If so, you have to assume that the other end of the connection is probably much more thoroughly bugged physically than either of their computers are electronically.

      • Re: (Score:3, Interesting)

        by peacefinder ( 469349 )
        "That's actually pretty reasonable to guard against, and given that the laptop would presumably be locked, someone would need to be alone with it for an extended period of time."

        Oh, I dunno. Unless you're using an encrypting drive, worst case - for the attacker - is long enough alone with it to physically pull the hard drive, clone it, and button the case back up. A couple hours tops, for a well-rehearsed operation. (How good is the laptop's security while you're asleep?) A better case is to boot it in fire
    • And this from the most liberal federal circuit.]

      Eh. Probably true, but easily overstated. The Ninth Circuit has 28 judges from places as far-flung as Hawaii and Idaho. It takes only three judges to make up a panel, so you can end up with some extremely conservative permutations. Really, the most noteworthy aspect of Ninth Circuit jurisprudence is how politically unpredictable it is, since so much can turn on which three judges you draw. It makes for extremely fractured jurisprudence, as each panel tries to distinguish the facts of its case from those of

  • by DnemoniX ( 31461 ) on Monday April 28, 2008 @08:00PM (#23232420)
    Several years ago now I set up a PGP server at work, mainly for my own use. However it was suggested that our attorney's might like to use it. Here is how the conversation went:

    "Hey I just finished setting up an encryption system for the e-mail system"

    "A what?"

    "Encryption, you know to keep your corrispondence confidential..."

    "A what what?"

    Then about 5 years later I rolled out an automated encryption system that uses lexicons to detect patterns and auto encrypt e-mails if they trip the filters. That conversation with the attorney's went like this.

    "You put in a what and why?"

    A lengthy explanation later filled with examples of when they should be using it. Finally the lawyer who had just spent a few days at a HIPPA conference sees the light. DING DING DING Clueless I swear.
    • by Actually, I do RTFA ( 1058596 ) on Monday April 28, 2008 @09:05PM (#23233102)

      inally the lawyer who had just spent a few days at a HIPPA conference sees the light. DING DING DING Clueless I swear.

      Don't confuse your specialized knowledge with common knowledge. Your phrasing assumes that encryption, as a word, conjures up images as it would in a geek's mind (and more than five years earlier than now, when it was less well known.) Obviously they explained it better at the HIPPA conference.

      Really, I doubt had I not already know what encryption, or the ease of e-mails being read by third-parties, I would have gained nothing from your explaination.

      A possible alternative: It is easy for any third party to read your e-mails. Encryption uses a password (or automatic process) on both ends to make sure that only you and your recipients can read the e-mail. It also verifies that the person who claims to have sent the e-mail did, since falisifying the sender of an e-mail is also very easy.

  • Given the choice between the ability to fly and being allowed to encrypt my e-mails, I would choose flight. If I really need to say something in private, I could just fly over to the person's house. The amount saved in gas bills is well worth it.
  • by lawpoop ( 604919 ) on Monday April 28, 2008 @08:11PM (#23232516) Homepage Journal
    This sounds like a typical geek solution: Jump latest and greatest technology.

    However, if I were a lawyer, I would stick with the time-tested method of ensuring privacy, rather than risk my client's confidentiality with some new-fangled technology that I don't understand. Do I have it installed right? What if it gets hacked?

    Heck, I'm a computer guy and I don't understand PGP. I do in the biggest sense; but not enough to pass my own judgment on how well it works. I have to rely on the opinions of people who are smarter than me. Suppose they discover a new kind of math tomorrow that renders PGP useless?
    • Jump latest and greatest technology.
      That would be S/MIME, if you just like new and shiny things.

      PGP is 17 years old. GnuPG is 9 years old. This is pretty mature stuff.

      Suppose they discover a new kind of math tomorrow that renders PGP useless?
      Then, chances are, we'll all know about it. More importantly, lots of people are trying, and in very public ways, and not getting very far -- short of a quantum computer, it's pretty unbreakable.
  • It's all fair game (Score:3, Informative)

    by Sir Holo ( 531007 ) * on Monday April 28, 2008 @08:25PM (#23232680)
    Any communication outside of the US is fair game to get intercepted by the NSA under the USA PATRIOT Act. Especially if one end of the conversation is an accused enemy of the state.

    These would probably be the first guys on the NSA's list of folks to snoop on.

    You can bet the lawyers handling these cases are, however, aware of the implications of a violation of attorney-client privilege, and would appeal if concrete records of such monitoring ever came out.
  • by sampson7 ( 536545 ) on Monday April 28, 2008 @08:26PM (#23232684)
    You are thinking like nerds instead of lawyers. More importantly, you are neglecting the human element.

    The lack of internet security is not why attorneys visit their clients in person. It is because their client will tell them things face to face that they would never say over a telephone or video conference, no matter how secure. Assuming that the lawyer trusted the technology, do you think the client is going to? I've had corporate clients practically whisper things to me in perfectly secure conference rooms when it is clear that nobody is listening in. Why? It's human nature. Now take a terrorism suspect, who likely is not that well educated and has a legitimate fear of being spied on, and tell him to speak clearly into the microphone. Do you seriously think that is going to work?

    Moreover, lawyers -- the good ones anyway -- are half poker player. When we interview clients, we are looking for "tells" and evaluating everything the client says. Not only to determine if their client is telling the truth (sometimes it doesn't matter), but to determine if their client _looks like_ they are telling the truth. There is no way that you could ever evaluate whether to put a witness on the stand without seeing them in person. (Not that it matters in these cases where a jury trial is exceedingly unlikely, but still.) These human factors are every bit as important to properly representing your clients as knowing the law.
  • Am I the only one wondering why the lawyers need to 'hide' their conversations from the NSA? I mean, what do they have to hide?
  • IANAL, but... (Score:5, Insightful)

    by Whatsthiswhatsthis ( 466781 ) on Monday April 28, 2008 @08:50PM (#23232954)
    But I am about to graduate from law school in a few days, so hear me out. Lawyers are a risk averse bunch. If you tried to tell a lawyer to use PGP (and the lawyer actually knew what PGP was), in the back of his mind he's thinking, "How is this going to nail me? How is this going to lead to a malpractice lawsuit? How is this going to get screwed up and cost me my career, my reputation, or my client's ass?" The answer is that we just don't know. What lawyers can and do trust is face-to-face communication.

    Until PGP becomes widely adopted outside the legal context (and it hasn't), lawyers are not going to be the first to adopt it. The reasons proffered above--that the government can break PGP or tap into the end-users' computers--may be true, but I doubt they are the reasons lawyers don't use PGP.

    Also, while I would concur with most of the comments about lawyers padding billable hours, in these cases it's probably not about that. Suspected terrorists likely don't have the kind of cash that typical corporate clients do. Many of these lawyers are working for suspected terrorists (especially those in Gitmo) on a pro-bono basis. Ahkmed from a tent in Afghanistan probably couldn't afford a lawyer in his country, much less one from the United States.
    • Re: (Score:3, Insightful)

      The people accused of financing terrorism, like the aforementioned Saudi client DO have the kind of cash that typical corporate clients do.
    • Re: (Score:3, Interesting)

      by Miseph ( 979059 )
      Indeed, I am taking a course taught by a lawyer who is working with some people in Guantanamo Bay and I know that he flies down there frequently to see his clients (one of my papers has the smudges and small airplane grit to prove it, he did some grading on the flight). He's working pro bono because the people he is representing have no money at all, although I believe his actual expenses are being covered, at least in part, by various funds and groups (he's the ACLU representative for his county). Even if
  • by atomic-penguin ( 100835 ) <wolfe21NO@SPAMmarshall.edu> on Monday April 28, 2008 @09:22PM (#23233290) Homepage Journal
    I would say there are 3 big reasons PGP is not used widespread in the legal community. I'm not trying to make a broad generalization about all lawyers, some are in fact quite computer literate. This is just a few observations I've made working with lawyers.

    1) Not all attorneys are technically inclined. Many do not even use technology outside of the scope of a cell phone or PDA. There are usually support staff available to law firms to do the typing and technological heavy-lifting. There are attorneys who have done things a certain way their entire career, and are reluctant to change their ways quickly. Unfortunately, software and training costs may be viewed as expenses rather than assets to the firm. After all, it is the legal staff bringing in the revenue, not the I.T. department.

    2) Not only do the attorneys and legal staff need to be aware of technologies such as PGP, but clients would also have to be aware of such technologies to take full advantage of them. Training both legal and support staff on such technologies is time consuming, and may not fit into a busy attorney's schedule. Even if the legal and support staff are up to speed, you still have the hurdle of training clients on such technologies. How do you go about training clients in your firm's privacy policies in respect to e-mail?

    3) Billable hours... Resources and time spent on a case can be billed to the client. That means a firm can bill more time on paper for traveling/flying than sending an e-mail.

    I think PGP will see more common adoption in the legal world, eventually. As far as I know, attorneys have to do continuing education credits to maintain their state bar status, so training is certainly encouraged. Privacy becomes a major issue when one of the parties, in a CC'ed e-mail, blindly hits reply-all to a sensitive e-mail. It is only a matter of time before more firms adopt more stringent communication policies.

Disc space -- the final frontier!

Working...