On November 20, 2019, the Pennsylvania Supreme Court in Commonwealth v. Davis held that a defendant in a criminal case cannot be compelled to disclose a password protecting an encrypted computer under the so-called foregone conclusion exception to the doctrine of self-incrimination in the Fifth…
Government May Compel Disclosure of Encryption Passwords in Pennsylvania
The Pennsylvania Superior Court issued another troubling, computer-related opinion in late November 2017. Commonwealth v. Davis holds that the Pennsylvania government can compel an individual to disclose a computer password for an encrypted computer. Commonwealth v. Davis, 2017 PA Super 376 (Nov. 30,…
Attorney Brown Receives Cybersecurity Technical Certification
Attorney Shannon Brown passed the new, performance-based, CompTIA Security+™ certification exam on September 16, 2014. CompTIA Security+™ certification provides an industry-recognized method to objectively demonstrate technical skills in computer security, data security, or cybersecurity. The new cybersecurity certification is believed to be a first for an attorney in Pennsylvania. The…
Cybersecurity Basics for Pennsylvania Law Firms
Most Pennsylvania law firms either misunderstand cybersecurity [computer and network security] or significantly underestimate the threat of data breaches at law firms. Successful “hacks” can result in the loss of client confidential data or even losses of escrow funds. Considering the November 2013 updates to the…
Attorney Brown Completes Malware Course
Not many lawyers engage in malware analysis and issues. But malware poses a formidable and emerging challenge for companies, businesses, organizations, and individuals who face cybersecurity threats, cybercrime, cyber-espionage, identity theft, and data breaches. Attorney Shannon Brown recently completed a six week, online, graduate-level course in malware entitled Malicious Software and its Underground Economy: Two Sides to Every Story. The course covered current and emerging trends in malware including traditional malware, mobile device malware, and sophisticated malware obfuscation techniques. The course also provided lessons in detecting malware (malare is far more sophisticated than most realize) and decompiling malware using decompilation tools and machine code analysis (Attorney Brown has a significant background in computer programming and systems analysis aiding in this exercise).
Invited to Present at a National, Legal-Technology-Ethics Program
Attorney Shannon Brown was invited to present on emerging technology-ethics issues for a nationally broadcast ethics program. The program, entitled Legal Ethics and Technology: Complying With Changes to the Model Rules of Professional Conduct, will explore topics such as the ABA 20/20 Commission Model Rule updates related to technology, cloud computing, and encryption.
Statements of Accomplishment for Natural Language Processing and Cryptography Coursework
Attorney Shannon Brown received two, Statements of Accomplishment for completing courses in 1) Natural Language Processing and 2) Cryptography. Coursera offers the challenging, non-credit courses which are taught by Stanford University Professors. According to data released by the Natural Language Processing professors, only about 3% of students received a Statement of Accomplishment for that course.
CALI’s Topics in Digital Legal Practice Completed
Attorney Shannon Brown completed the nine-week Topics in Digital Legal Practice course offered by CALI. The non-credit, online course (MOOC) covered emerging topics such as Virtual Law Offices, Document Automation, Un-bundled Legal Services, and Social Media. The primary take-away was: the legal profession has changed significantly due to technology innovations.
Decrypting Encryption for Pennsylvania Lawyers: Understanding Encryption Basics Before Considering Cloud Computing
Pennsylvania Lawyers Should Understand the Basics of Common Encryption Algorithms Before Engaging in Cloud Computing
You are considering cloud computing. The cloud provider ad reads:
Your cloud data is protected with military-grade, 256 bit, AES encryption.
“Wow!,” you think. Military grade. Sounds impressive. That must be good [enough]. But ….
Attorney Brown Continuing Education
In October, Attorney Brown returns to class by taking three, technology-related, non-credit courses:
Introduction to Machine Learning,
Introduction to Databases, and
Introduction to Artificial Intelligence.
Navigating the Fog of Cloud Computing
Cloud computing may raise ethical questions. It also requires technical competence. Are you ready?
Published as: Shannon Brown, Navigating the Fog of Cloud Computing, The Pennsylvania Lawyer 18–22 (Sept./Oct. 2011).
S/MIME Encrypted Email Available
Attorney Brown now offers an additional method for client’s to encrypt emails sent to Attorney Brown and for Attorney Brown to authenticate emails.
An Unofficial Quick Guide to Installing a VeriSign Digital ID (S/MIME Certificate) for Lawyers
Installing an email encryption S/MIME (SMIME) certificate on Mozilla Thunderbird and Mozilla Firefox is simple. However, the instructions provided by Verisign (as of August 2011) do not appear to address newer versions of Mozilla products (circa 5.0+) and can be frustrating for a novice user.
Hiatus Explained—Technology & Ethics CLE Pending
For the past few weeks, Attorney Brown took a brief hiatus from blogging and website articles to prepare for a forthcoming Legal Ethics & Technology CLE. Attorney Brown is scheduled to deliver the CLE at the Lancaster Bar Association on September 9, 2011. The CLE will address (as time permits) emerging issues for lawyers related to technology
Attorney Brown Attends Sessions of “Cloud Computing: Securely Moving From the Fringes to the Mainstream”
On June 22, 2011, Attorney Brown attended sessions of the online seminar entitled “Cloud Computing: Securely Moving From the Fringes to the Mainstream.” Sessions addressed the technical and business challenges arising from cloud computing
New, Active-controller Hard Drive Technologies Pose Challenges and Benefits
Toshiba plans a new line of hard drives that self-encrypt data and automatically wipe the drive (delete data) if the drive is removed. [FN1] A smart controller embedded in the hard drive provides the self-encryption and wiping capabilities. These new technologies pose potential challenges to lawyers (e-Discovery and digital forensics) and may provide benefits such as additional data encryption options to protect client data.
Cloud Computing: Who Holds the Encryption Keys? [And Why It May Matter to Lawyers]
General cloud-provider statements simply indicating that the cloud-based data is encrypted might not be adequate protection for a lawyer’s data. The lawyer should also know 1) when the data is encrypted and 2) who holds the encryption key(s). (See my prior article entitled Storing Files in the Cloud: Storage-as-a-Service for Lawyers—Encryption.)
Avoiding Being “Bit”ten: Bandwidth Issues With Cloud Computing Backups
As attorneys consider using cloud computing for file backup, the time required to restore files after a disaster may [unpleasantly] surprise a law firm. Backups in cloud storage may take days to download depending on the speed of the internet connection and the amount of data. Anticipating the potential download times, and creating a plan, may help a law firm to avoid unexpected problems should a disaster occur. (And confirms that off-site cloud storage should be combined with local backups to minimize down-time and law firm disruption in the event of a catastrophic data loss.)
Basic Email Encryption and Authentication for Lawyers
Some compare email to sending a post card via postal mail. As an open format, standard email is potentially readable by any intervening person. Encrypting email provides some privacy and confidentiality protection by obscuring the text of the email. Encryption uses a computer algorithm to transform the plain text email into an encrypted email. Perhaps surprisingly, many email clients (MS Outlook, Thunderbird, etc.) include at least one form of built-in email encryption. Furthermore, email encryption tools can also serve as an “authenticating signature” and confirms the message’s origin—this email came from A.