Slashdot Mirror
Lawyers Would Rather Fly Than Download PGP
An anonymous reader writes "The NYTimes is running a front-page story about lawyers for suspects in terrorism-related cases fearing government monitoring of privileged conversations. But instead of talking about the technological solutions, the lawyers fly halfway across the world to meet with their clients. In fact, nowhere in the article is encryption even mentioned. Is it possible that lawyers don't even know about PGP?" The New Yorker has a detailed piece centering on the Oregon terrorism case discussed by the Times.
Is it possible that lawyers don't even know about PGP?"
Is it possible that the submitter doesn't even know about keyloggers, passive listening devices (for phones), compromised encryption binaries, vulnerabilities in protocols, etc?
If the goddamn NSA can't snoop on an encrypted conversation between a lawyer & client, then frankly, they're not doing their job
There are shills on slashdot. Apparently, I'm one of them.
Of course, while PGP may solve some of these problems what is so bad about having some face to face time with your lawyer.
30% Troll, 50% Underrated, 10% Interesting
Score:5, Troll
nuff said.
How we know is more important than what we know.
It's all billable hours, remember.
Lacking <sarcasm> tags,
You have that much faith in PGP over the government's nearly unrestricted resources in surveillance? really?
What is it with the Slashdot crowd and PGP? What's wrong with S/MIME?
I can say with some authority, having been evaluating and testing it for my company for some months now, that it is natively supported by current versions of the 3 major email clients (Outlook, Thunderbird, and Apple Mail), and that their implementations are, by and large, compatible.
So...are there any particular issues with S/MIME that make PGP a significantly more desirable solution?
Dan Aris
Fun. Free. Online. RPG. BattleMaster.
You never know what other people are capable of...
You do realize that PGP is only Pretty Good Privacy. I daresay the NSA would consider a terrorist case something worth spending a little computing power on in case the defendant spills something they could use. So Pretty Good isn't going to stop them...
Has the submitter not heard about billable hours?
The Mothership
Something I've learnt a bit from business.
Perceived security is a lot easier to sell and profit from then actual security.
Unless their clients are nerds themselves, they are not going to understand, let alone trust what PGP does.
Every client understands how much harder it is to listen in on a face to face talk. They appreciate that, and that kind of appreciation is also billable.
To avoid criticism; Say nothing, Do nothing, Be nothing.
No, they probably do. They just ALSO know the amount of billable hours it takes to "fly half way across the world" to meet their clients.
They're just aware of all the CIA backdoors.
\me adjusts tinfoil hat
I know quite a few attorneys, and for some reason cuturally many of them are very slow to embrace technology. Most of them still prefer faxes over emails, and I can see encryption taking a long, long time to get any kind of adoption in the legal community.
That doesn't mean all lawyers by any stretch, but many really do seem to be a bit hidebound with regards to adopting technology.
basically, a computer is build with speed in mind, no trust is being considered when design the whole thing.
Never trust the computer.
I would not trust encryption in this case. You are dealing with an agency or agencies capable of gaining physical access to your computer so the only security worth a lick is guarding yourself against planted mics and the like and keeping it all in your brain. Sounds like the lawyers are doing their job properly.
... once the RSA gets a quantum computer. http://slashdot.org/articles/01/12/20/006228.shtml WHo knows? They may already have one.
You can get a person to say a lot of thing face to face that they will never say over an impersonal email - no matter how encrypted.
Moved to http://soylentnews.org/. You are invited to join us too!
Since the government's willing to bug communications, what's going another step and snagging the prisoner's password with a keylogger? Or snagging decrypted text from memory, or any one of a slew of things you could do with a lot of money, time, and complete access to one end of the connection.
Hell, they could just torture the password out of the prisoner - turns out that the Land of the Free and the Home of the Brave does that kind of thing now.
Not specific to the article but anyway...
I work at a law firm that is considered in the top 25 as far as firms go. We are also ranked in the top 10 in terms of providing technology to the lawyers.
We have probably 3 out of 1000 lawyers that have used PGP for business purposes. For those 3, it was because the client requested it. PGP is a PITA in a law firm environment. Lawyers get paid to practice law, not to use technology. Communications between lawyers and the client is not between Joe Client and Jim lawyer, it is between Joe Clients group of 20 people and Jim lawyers group of 20-500 people including third party processors, litigation support teams with their applications, paralegals, etc....
Even with the current offerings of commercial PGP applications and integration into Outlook, it does not work easy with that many people.
What many large firms and large clients do is use TLS integrated into the outgoing/incoming email. The path out and in is secured. It is seamless to the lawyer and client.
Encryption is not the answer for them - good old fashioned lips-to-ear is (the interview room is bugged).
Consider: The laptop / PDA / cellphone is subject to search going and coming. Also consider they can be compelled to divulge password / keyfiles or face the ire of the Court and that assumes conventional doctrines apply (and that's dubious). This is not a typical legal setting, this is the Bush Administration's ball game - they own the field, the bat, the ball, the glove ...
If you take into consideration that communication (as we are told) is 70% non-verbal, then any half decent lawyer will make sure he/she is able to see the client face to face. It is impossible to take a good history from a person if you can't see them, let alone hear their voice.
Given this fact, it is not a surprise that lawyers want to meet their clients. Yes and there are limitations to PGP that won't ensure privacy especially when you are opening lines of communication in an already hostile environment. There are things you just can't know unless you are physically there.
Do it yourself, because no one else will do it yourself. [beta blockade 10-17 Feb]
It's an interesting story but a very silly title.
The type of security that you need to ensure a very interested US government from monitoring you is not affordable in this case.
PGP would make the government's job a great deal more difficult, but the physical security needed to prevent the feds from inserting some sort of eavesdropping device on either end of the communications channel is not affordable to your average terror suspect.
How would that play out?
An e-mail:
Attn Client,
Please download PGP in violation of US export control laws.
Your accomplice,
your lawyer
Or maybe tell them in person, and then use PGP to communicate, indicating that you knew and ex post facto helped them pay off their violataion US export laws.
Fact of the matter is, is is illegal to get encryption software to some parties as individuals, and some countries in mass. And I'm sure the clients referenced in the article are on the verboten list.
Your ad here. Ask me how!
In fact, nowhere in the article is encryption even mentioned. Is it possible that lawyers don't even know about PGP?
Is it possible that lawyers look at the time on these planes as billable hours?
It's not that attorneys are too stupid to figure out how to download and install pgp; it's that they can charge billable hours, travel time, travel expenses (marking up the travel costs, of course!), per diem, and so forth.
I've been writing SW for almost 30 years. I would never trust a general purpose computer as a means of secure communications. It could be used as a gateway for a specialized device. And as for face to face, I wouldn't even trust that without the Cone of Silence.
Lawyers are experts at spending other people's money and living the good life on everyone else's money.
Why would it surprise anyone that a lwyer would rather fly? It's not like they're paying for it in the end anyway.
Encrypting correspondence only works if the end points are secure. If your fears of the government spying on you are based in fact, your computer is effectively compromised already.
Between hardware keyloggers, low-level virtualization, and good old fashion espionage, it would be difficult to impossible to keep data hidden from the feds if they had the timeframe needed to run a case through the courts.
Help! I'm a slashdot refugee.
> What's wrong with S/MIME?
Where can you find enough mimes for that? The last mime I saw was in Final Fantasy.
[...]
Well, that and in my wild youth, I was a mime for a short amount of time. But only because I needed the school credit! I just hope that that one snapshot never surfaces.
Speaking of which, if any of you guys have a picture where a mime accidentally ran in front of your camera, please burn it and don't forget to destroy the negatives! Ex-mimes everywhere will thank you!
A nice trip around the world on the customer's dime however, that is a sacrifice they will make to obtain justice!
(all of the following above has been sarcasm)
it's called losing your law license b/c paralegal/secretary screwed up + malpractice suit
If you have access to the lawyers computer you can theoretically easily obtain his public key + passphrase.
The same goes for his client, how can you know that his public key + passphrase isn't already well known?
when you work with secrets it's best to not have anything written or logged.
meeting someone at a safer random location is probably gonna give you maximum confidentiallity.
Here in the UK, there was a big fuss recently over the police bugging an MP while he visited one of his constituents in prison. In these kind of cases you have to assume you are being bugged too. That's not to say that covert communication is impossible. If a lawyer took a pad and pencil with him, they could communicate buy writing on that and keeping it close to their chest.
Lawyers are social people by trade & by lifestyle, the better representative will go meet his client f2f because that is what's most important, not privacy and pgp bullshit.
If the lawyers can bill for their flight time, it's an easy way to bill extra hours. Years ago I heard the story of a lawyer who billed 25 hours in one day, because his red-eye flight crossed time zones. (This was from a friend of a lawyer who heard the story from another lawyer, so I can't really vouch for its validity or whether the billing was accepted, but my friend delighted in telling it and thought it was hilarious.) So why would they bother with PGP and reduce their income?
Even if they knew this for sure, the jailer is under no obligation to provide access to PGP or even a computer, and he would likely be an idiot if he did provide PGP to the inmates.
John
They, like the mob, do not trust anything with wires or electronic in general... Pretty smart if you ask me... Except of course if you are not up to anything... http://roboeco.com/Lets-Get-on-With-it
The Future is already here, just unevenly distributed... THE ROBOTIC WAGELESS ECONOMY NOW! http://RoboEco.com/slash
"But instead of talking about the technological solutions, the lawyers fly half way across the world to meet with their clients. In fact, nowhere in the article is encryption even mentioned. Is it possible that lawyers don't even know about PGP?"
When you're up against the FBI, CIA, and NSA - which he presumably is - even PGP is not good enough. S/MIME? Forget it*.
PGP is a great way to protect messages in transit. But the problem here is not the security of the message in transit, it's the security of the message at every stage from composition to delivery, in both directions.
For example: Is the lawyer confident that his own laptop is private? He shouldn't be. Barring the laptop remaining in his sight at every moment from the time he took the case until this moment, there's the possibility that a sneak-n-peek has compromised his private keys, or that someone has even installed a keylogger. And did you notice that even the Ninth Circuit has now allowed laptops to be searched by border guards without evidence of a crime?**
Now consider that the lawyer's own laptop is probably the more secure end of the connection.
No. PGP is not good enough. In a case like this, he's right to do everything live and in person.
[*: The NSA is in a position to monitor S/MIME certificate exchanges with your key authority. Willing to bet your client's life or freedom that they can't they break the key delivery session?]
[**: '"We are satisfied that reasonable suspicion is not needed for customs officials to search a laptop or other personal electronic storage devices at the border," Judge Diarmuid O'Scannlain wrote (PDF) for the unanimous panel.' And this from the most liberal federal circuit.]
With reasonable men I will reason; with humane men I will plead; but to tyrants I will give no quarter. -- William Lloyd
Several years ago now I set up a PGP server at work, mainly for my own use. However it was suggested that our attorney's might like to use it. Here is how the conversation went:
"Hey I just finished setting up an encryption system for the e-mail system"
"A what?"
"Encryption, you know to keep your corrispondence confidential..."
"A what what?"
Then about 5 years later I rolled out an automated encryption system that uses lexicons to detect patterns and auto encrypt e-mails if they trip the filters. That conversation with the attorney's went like this.
"You put in a what and why?"
A lengthy explanation later filled with examples of when they should be using it. Finally the lawyer who had just spent a few days at a HIPPA conference sees the light. DING DING DING Clueless I swear.
Given the choice between the ability to fly and being allowed to encrypt my e-mails, I would choose flight. If I really need to say something in private, I could just fly over to the person's house. The amount saved in gas bills is well worth it.
Worst. Summary. Ever.
This sounds like a typical geek solution: Jump latest and greatest technology.
However, if I were a lawyer, I would stick with the time-tested method of ensuring privacy, rather than risk my client's confidentiality with some new-fangled technology that I don't understand. Do I have it installed right? What if it gets hacked?
Heck, I'm a computer guy and I don't understand PGP. I do in the biggest sense; but not enough to pass my own judgment on how well it works. I have to rely on the opinions of people who are smarter than me. Suppose they discover a new kind of math tomorrow that renders PGP useless?
Computers are useless. They can only give you answers.
-- Pablo Picasso
The advantage of saying something and not having it be recorded is that it can never be subpoenaed. And if it was never recorded, it can never be cracked, spied, or leaked.
There are conversations I have in non-recorded form for just this reason.
Encryption is only as good as cracking isn't, and also as good as the physical security of the consumers. Cracking has historically improved, and the ability to spy has also improved.
Which isn't to say that the conversation in person is safe - but it is more safe than the recorded conversation of email - which has to be not encrypted at the producer and consumer ends, and which may be decrypted more than once at either end.
I would not trust encryption in this case. You are dealing with an agency or agencies capable of gaining physical access to your computer so the only security worth a lick is guarding yourself against planted mics and the like and keeping it all in your brain. Sounds like the lawyers are doing their job properly.
College-Pages.com - Online Colleges, Degrees, and Programs
Plus minibar, out of town expenses and an excuse to take the shaggable assistant to an out-of-town location for a few days.
Engineering is the art of compromise.
Most of the reasons people say PGP is not useful still apply if the data is on the same computer. If it is compromised... your already screwed.
Then again PGP involves getting the client to install and use it. And the face to face with the layer on large matters is probably preferable for the client.
Any communication outside of the US is fair game to get intercepted by the NSA under the USA PATRIOT Act. Especially if one end of the conversation is an accused enemy of the state.
These would probably be the first guys on the NSA's list of folks to snoop on.
You can bet the lawyers handling these cases are, however, aware of the implications of a violation of attorney-client privilege, and would appeal if concrete records of such monitoring ever came out.
You are thinking like nerds instead of lawyers. More importantly, you are neglecting the human element.
The lack of internet security is not why attorneys visit their clients in person. It is because their client will tell them things face to face that they would never say over a telephone or video conference, no matter how secure. Assuming that the lawyer trusted the technology, do you think the client is going to? I've had corporate clients practically whisper things to me in perfectly secure conference rooms when it is clear that nobody is listening in. Why? It's human nature. Now take a terrorism suspect, who likely is not that well educated and has a legitimate fear of being spied on, and tell him to speak clearly into the microphone. Do you seriously think that is going to work?
Moreover, lawyers -- the good ones anyway -- are half poker player. When we interview clients, we are looking for "tells" and evaluating everything the client says. Not only to determine if their client is telling the truth (sometimes it doesn't matter), but to determine if their client _looks like_ they are telling the truth. There is no way that you could ever evaluate whether to put a witness on the stand without seeing them in person. (Not that it matters in these cases where a jury trial is exceedingly unlikely, but still.) These human factors are every bit as important to properly representing your clients as knowing the law.
They should not only meet in person.
They need to bring along their own portable Cone of Silence TM.
Very nicely put. I find it touching how much faith computer-oriented people tend to have in their machines and software. The plain fact of the matter is that most security breaches and failures of confidentiality occur as the result of good, old-fashioned sneakiness and duplicity, coupled with misplaced trust and human error.
I've calculated my velocity with such exquisite precision that I have no idea where I am.
Which is why most crypto software is developed outside the US nowdays -- because there's nothing against importing crypto, only exporting it.
Don't thank God, thank a doctor!
DHS will seize those because even if they're attorney-client privileged, they might be hiding something illegal! I wonder if it even helps if you have a diplomatic immunity.
Do imprisoned suspects have the right to send encrypted letters (of the ink-and-paper variety) to an attorney? If so, encrypted emails should be fair game. After all, your objection doesn't seem to be with the encryption per se, but rather that the email is actually being routed to a lawyer. It wouldn't be difficult for the warden to ensure that the email is going where it's supposed to go, regardless of whether it's encrypted.
Don't thank God, thank a doctor!
But PGP still is subject to those laws. Interestingly, I read somewhere where a textbook on cryptography was exported to a forbidden country. The CD with the binaries was confescated, but the book, with compliable source written out, was allowed.
I agree with the spirit of the law, but it seems unenforcable.
Your ad here. Ask me how!
they know that travel time is billable, encryption isn't and that most people are comforted by proximity.
If I had some very classified information that was super-important, $1000 or less for a round trip ticket to anywhere in the world would be money well spent.
And then there was E
Am I the only one wondering why the lawyers need to 'hide' their conversations from the NSA? I mean, what do they have to hide?
Semi-automatic amateur armchair Australian philosopher; conjecture ready at any moment...
do we expect lawyers to understand technology? It's like water and oil.
OTOH, there might be a legal reason on using crypto tools with a suspected terrorist. You know, one might not want to teach underdeveloped countries how to use weapons or technology against western civilization...
But I am about to graduate from law school in a few days, so hear me out. Lawyers are a risk averse bunch. If you tried to tell a lawyer to use PGP (and the lawyer actually knew what PGP was), in the back of his mind he's thinking, "How is this going to nail me? How is this going to lead to a malpractice lawsuit? How is this going to get screwed up and cost me my career, my reputation, or my client's ass?" The answer is that we just don't know. What lawyers can and do trust is face-to-face communication.
Until PGP becomes widely adopted outside the legal context (and it hasn't), lawyers are not going to be the first to adopt it. The reasons proffered above--that the government can break PGP or tap into the end-users' computers--may be true, but I doubt they are the reasons lawyers don't use PGP.
Also, while I would concur with most of the comments about lawyers padding billable hours, in these cases it's probably not about that. Suspected terrorists likely don't have the kind of cash that typical corporate clients do. Many of these lawyers are working for suspected terrorists (especially those in Gitmo) on a pro-bono basis. Ahkmed from a tent in Afghanistan probably couldn't afford a lawyer in his country, much less one from the United States.
IANAL but god dammit I would rather fly. Specially super-man style!
or they want to run up their travel expenses? /ducks
I don't like lawyers, and the cynical part of me says that the flight may be 'billable time'.
I would say there are 3 big reasons PGP is not used widespread in the legal community. I'm not trying to make a broad generalization about all lawyers, some are in fact quite computer literate. This is just a few observations I've made working with lawyers.
1) Not all attorneys are technically inclined. Many do not even use technology outside of the scope of a cell phone or PDA. There are usually support staff available to law firms to do the typing and technological heavy-lifting. There are attorneys who have done things a certain way their entire career, and are reluctant to change their ways quickly. Unfortunately, software and training costs may be viewed as expenses rather than assets to the firm. After all, it is the legal staff bringing in the revenue, not the I.T. department.
2) Not only do the attorneys and legal staff need to be aware of technologies such as PGP, but clients would also have to be aware of such technologies to take full advantage of them. Training both legal and support staff on such technologies is time consuming, and may not fit into a busy attorney's schedule. Even if the legal and support staff are up to speed, you still have the hurdle of training clients on such technologies. How do you go about training clients in your firm's privacy policies in respect to e-mail?
3) Billable hours... Resources and time spent on a case can be billed to the client. That means a firm can bill more time on paper for traveling/flying than sending an e-mail.
I think PGP will see more common adoption in the legal world, eventually. As far as I know, attorneys have to do continuing education credits to maintain their state bar status, so training is certainly encouraged. Privacy becomes a major issue when one of the parties, in a CC'ed e-mail, blindly hits reply-all to a sensitive e-mail. It is only a matter of time before more firms adopt more stringent communication policies.
/^([Ss]ame [Bb]at (time, |channel.)){2}$/
There isn't much of a free market in the legal field. You have to be admitted to the bar to practice law and the bar is pretty hard to get into (I'm not just talking about the test but the process of going to school for seven years and jumping through a bunch of hoops.) The reason it's so hard is not to protect legal consumers, but to keep competition out. What does this have to do with technology? Just like any market that is insulated and closed, the legal market doesn't innovate. I would estimate that billions of dollars are wasted each year in the legal field because of a lack of moderization. Yes, there are times when face-to-face is necessary (like to meet your client), but each day thousands of lawyers spend time and money traveling to court, talking into tape recorders, and copying documents when they could be video-teleconferencing, typing, and using pdfs. This is probably true of a lot of industries but it is worse in the legal industry because it it protects itself from competition.
It's possible that they're mileage runners from flyertalk.com who like to earn miles. A mileage runs is flying only for the sake of earning miles and getting status with an airline
-Palal
Option 1. You visit your client in person, carry out a conversation, and come back. The government asks what you talked about, and you refuse to talk, citing attorney client privilege. End of story.
Option 2. You engage in PGP email exchange with client. Government tries to subpoena the encryption key from you, but does not ask for the emails themselves. You say no. You now get involved in a long court fight over whether or not attorney client privilege covers the keys.
Option 1 seems the better way to go.
"That's actually pretty reasonable to guard against, and given that the laptop would presumably be locked, someone would need to be alone with it for an extended period of time."
:-)
Oh, I dunno. Unless you're using an encrypting drive, worst case - for the attacker - is long enough alone with it to physically pull the hard drive, clone it, and button the case back up. A couple hours tops, for a well-rehearsed operation. (How good is the laptop's security while you're asleep?) A better case is to boot it in firewire target mode, snarf up the relevant files for analysis and/or execute a scripted keylogger install. Or if you're really paranoid, maybe you'd wonder if they can just pop in bootable media and install a custom keylogging bios (crafted just for your machine) in five minutes flat. Hard to say.
Of course all these attacks have countermeasures - bios passwords, drive passwords, no firewire, truecrypt, keeping the laptop under your pillow at night - but to be really thorough would be pretty inconvenient, and still wouldn't protect against simple theft of the whole laptop for leisurely analysis of past secrets.
"A laptop can be had for less than that plane ticket, so you don't have to take that particular one overseas."
So you're leaving the one with the actual secrets on it back in the office, then? See above.
"If so, you have to assume that the other end of the connection is probably much more thoroughly bugged physically than either of their computers are electronically."
True. But if you assume that level of surveillance on the other end, it wouldn't be safe for your client to use a computer there either, would it?
As has been said often by people much smarter than I, "security is hard".
With reasonable men I will reason; with humane men I will plead; but to tyrants I will give no quarter. -- William Lloyd
Need I say more?
-- Will program for bandwidth
If it was simple to install and use and guaranteed secure - then they just might consider using it.
The choice to fly to the Middle East rather than risk detection by federal authorities has absolutely nothing to do with whether or not the lawyer believes PGP--or any other encryption--is capable of thwarting government attempts to eavesdrop. Why? Because encryption doesn't do you any good if a court orders you to turn over the key, as it's likely to do if criminal charges are ever filed.
The lawyers aren't nearly as concerned with having the content of their conversations intercepted as they are with having the fact of their conversations intercepted. In normal telecommunications, the police need no judicial authorization to record the fact of a telephone call, and they can use such a pattern to establish the likelihood of a conspiracy, which will enable them to get judicial authorization for a proper wiretap. Similarly, if authorities can establish the likelihood of a conspiracy using a pattern of emails, even encrypted ones, they can get a court order for the encryption key.
This isn't a lawyer stunt to bill more hours or take vacations in Dubai. It's the entirely rational legal instinct to avoid a paper trail where it has the possibility of coming back to haunt you.
Hmm, spend 5 minutes to download and install some software, or fly first-class while billing the client $900 per hour...
Windows has a broken random number generator. All encryption on windows therefore has a backdoor built in. I wouldn't recommend any electronic communications if I were the lawyer unless they were smart enough to use something other than windows.
Hmm... Fly or Download. Fly or Download. Fly or Download. I think I'll take the ability to fly, thanks!
IranAir Flight 655 never forget!
Using encryption is only going to convince the government that you do have something to hide, which will probably cause them to take a lot greater interest in everything you do, not just your relationship with the one or two clients they cared about to begin with. Given that the DOJ has decided it is fair game to prosecute lawyers for representing "terrorists", it isn't a happy time to be a criminal defense attorney in this area. And, if worse comes to worse and you find your client (or even yourself) charged with a crime, there is no current rule that would prohibit a court from allowing a jury to draw a negative inference from the fact that you took steps to conceal your communications from the government. In other words, the fact that you encrypted your email might be used as evidence that the email was incriminating unless you agree to produce it and prove otherwise. (You can't even claim it is privileged without at least disclosing it to the Court).
I'm a lawyer with excellent karma. Something's gotta be wrong.
I have a tax lawyer that I've used for my business for 12 years who STILL doesn't 'trust' email for ANY communication. He doesn't have an email address at all - everything must be faxed or sent snail-mail.
Seriously I've been on the verge of getting rid of him, just because he's so hard to communicate with (every call's a voicemail) but he does a great job knocking down my property taxes, so I put up with it.
-Styopa
If they can hold someone without a writ of habeas corpus, you think they're worrying about giving him/her access to a lawyer?
You are welcome on my lawn.
I used to support MCI mail. Yes, that one time alternative to regular email. Lawyers loved it since each email was charged. It drastically cut down on spam, hackers and other things that plague email today. By 2001 it was security through obscurity. Yes, that is a terrible security plan but it has worked well for Apple.
Is he strong? Listen bud, He's got radioactive blood.
If you ever worked in a law office, you will eventually realize EVERYTHING is encrypted to some point...Have you ever tried reading a settlement contract?
The submitter must know nothing of attorneys, the way they work, or the protocols in place to protect the innocent and the guilty. My initial guess is the only experience they've had with the law has been interacting with the channel changer.
How do these things get past the filters?
Congratulations, you have the first cluefull post. Your'e right. The NSA is going to tap all of the terrorist calls going into the US. There are strong protections in place in the NSA to prevent the prosecuting attorneys from getting any of them going to the defense attorneys; the NSA doesn't want to blow the case. The NSA doesn't do stateside interceptions; it would be the FBI that would tap the attorney's computer. That is blatantly against the law and would not happen (again, they don't want to blow the trial).
More importantly, though, lawyers don't believe in anything but face to face communications. And, keep in mind, there are a lot of billable hours from flying to the middle east and back every month. PGP is trying to apply a technical problem to a social problem. Paranoia can't be beat with technology.
Yes, of course because a terrorist suspect in Gitmo, Ramstein, Guam or wherever the hell they are being held can afford to pay $500/hour for a top flight attorney. Get real.
Most of the attorney's doing this work are either doing it pro bono or doing it for publicity/PR. They know that they are unlikely to ever get paid in full for the fair value of their services. Most of the expenses are coming right out of their own pocket.
Getting back to the original topic. Much of communication is non-verbal. Visual cues like rapidly shifting eye movements or hurried language can be signs that a person lying, and those are not picked up over purely text exchanges. And believe it or not, plenty of criminal defendants lie to their attorneys either out of lack of trust or a desire to cover up/save face.
Cutting through the bullshit and uncovering a truthful set of facts off which one can base a realistic defense is the essence of being a good defense attorney. If you let the defendant lie or misrepresent himself and his situation to you, you're failing to do that.
The sun beams down on a brand new day, No more welfare tax to pay, Unsightly slums gone up in flashing light...
It's about education yes. But it's also about how easy it is to use encryption. PGP and certificates are just to much trouble. Identity based encryption has been proven to be easier. All you need is someone's email address to send them and encrypted message. Voltage Security is helping many different industries (including the legal industry!) protect partner and customer communication, files and databases. You can see for yourself at http://www.voltage.com
Safety in numbers. Ever heard of signal/noise ratio? If everyone does it, no plausible inference of guilt could be made in a particular case. So start doing it now.
Apparently they want to demonstrate that there is no terrorist danger!
Otherwise they wouldn't be so brave to fly.
Patents Drive Free Software as Hurricanes Drive Construction Industry
Dammit, don't tell them about encryption! Now they're going to subpoena our keys the next time they sue us for music piracy!
IAAL and I am also quite familiar with encryption and PGP in particular. And you are quite right.
Add to that the fact that electronic communication is virtually useless for legal work. If it's important, it's still on a physical piece of paper in a modern law firm. Email and phone calls are regarded as less significant forms of communication and are generally less useful as evidence, should that be required at a later date.
I won't even start to talk about how moronic the suggestion of talking to a client accused of a serious criminal offence by email or other electronic methods is. There is no substitute for face to face contact.
This article is obnoxious and is basically flamebait (or would be if there were more lawyers here).
Read Pynchon.
Let me just tell you that taking your USB key with your key in and out your rectum every time you receive an e-mail, is plain PITA.
Most of them probably don't. Those who do probably have figured out they get paid anyway and prefer lunch in SF and spending the weekend in Miami.
I'd rather chat with friends and peers in person than over PGP.
" lawyers fly half way across the world to meet with their clients" Hmm.. now that's a hard one.. Fly half way around to world to exotic location all expenses paid Use PGP Fly half way around to world to exotic location all expenses paid Use PGP Fly half way around to world to exotic location all expenses paid Use PGP I have *NO* idea whatsoever which one to choose...
I just upgraded my PGP license yesterday. PGP's webstore is the only one I've come across so far where you can place an order using your credit card, and you do the whole process using unencrypted http connection...
A friend works at a top London law firm (think top 3). Her group was given a PDF document and needed to find all sentences refering to a certain person. Instead of using the in-built search function they printed out all 400 pages of the document and then went through it by hand with highlighter pens...
They're bloody good at law though.
You should never trust email, so in that sense good for him. Then again, faxes and phonecalls can be tapped and are logged. So if someone is really serious about privacy, simply stay off the grid.
My tax lawyer does have an email address, but he only uses it for arranging meetings. Rightfully so IMHO, as handling this kind of stuff face-to-face is much more fruitful (and they'll charge you the same anyway).
This sig is intentionally left blank
lawyers can bill more hours by flying around the country then downloading PGP. So this comes down to: more billable hours or pgp... I think most will go with more billable hours, but I'm no lawyer so I can't say for certain.
... the submitter doesn't know about lawyers expenses ? Who do you think pays for the flight ?
I suspect the real culprit is that the Gov't pays their bills, and the hours they spend traveling to/from their clients are billable. I'm sure privacy plays a part, but first class air travel, as billable time (allowing them to double bill for the work they do on the plane) AND collect frequent flyer miles as well has to be tempting for these lawyers...
Ken
Surely maths wins this overall at the moment? Unless Government agencies have super computers that make IBM's BlueGene/L look like a ZX Spectrum..
Is it possible that the submitter doesn't even know about keyloggers, passive listening devices (for phones), compromised encryption binaries, vulnerabilities in protocols, etc?
If the goddamn NSA can't snoop on an encrypted conversation between a lawyer & client, then frankly, they're not doing their job Don't forget TEMPEST.
1) Travel Time is chargeable
2) In person discussions have the advantage of plausible deniability
There are no loopholes. It's either legal or it's not.
Why would you want to sit in front of a computer all day when you could get out of the office, eat at nice restaurants and stay at nice motels on expense account?
I have some lawyers at my company...their computer knowledge is certainly nothing special. I'd be shocked if any of them had more than a passing topical knowledge of encryption in general. Not that I can blame them, my legal knowledge isn't that good either.
"When information is power, privacy is freedom" - Jah-Wren Ryel
http://en.wikipedia.org/wiki/RED/BLACK_concept
http://en.wikipedia.org/wiki/TEMPEST#RED.2FBLACK_separation
With the first link, the chain is forged.
This story is pointless, I am a lawyer, which whom I have a wealthy client of mine that is willing to pay me to travel to meet him in his defense, not only do I get to travel, BUT I GET PAID TO DO IT.
I am going to make sure he thinks nothing but paranoid thoughts, feeding more and more until he cracks and gives me that plane ticket.
The cool thing is even with keyloggers, and screen captures there is still stenanography.
you get a comp that is brand new, install a software for steno, update the image, then encrypt it, then logon to the net send it by email, on his end he buys a brand spanking enw comp....unencrypts the image, then decrypts the steno...and wow, no pgp to tip off the NSA.
But that would be the cheap way of doing it.
Face it lawyers know face to face conversations are more secure. There's no record of what was said other then what each person can remember. If it was sent in an encrypted e-mail, the key to decrypt the message could be supoenaed by the courts (IANAL but I can check things online)
What makes you think the only people lawyers advise are imprisoned suspects?
Yes, I remember that book. The page numbers had C-style comment markers around them, to facilitate scanning.
Vintage computer games and RPG books available. Email me if you're interested.
what if there is a backdoor to pgp for government use only? Can we really trust pgp to fully protect data from the hounds of riaa, nsa, homeland security, and the security agents from other nations or corporations.
How do we know theres not one????
How is it shot down, exactly? Just Because the journalist words things in a particular way to support his assertion? The lawyer might have a multitude of reasons for going in person, including both the need for 'face time' AND the fear that communications are monitored...the journalist might have just decided to emphasize the one...he may have asked the lawyer very specific questions about electronic communications and ignored other issues. You don't know. But even if 'face time' isn't an issue...PGP is still not an absolute guarantee of privacy, esp when you don't know how careful your client is with his computer security. The lawyer is maybe just providing services commiserate with his pay by going out of his way to ensure privacy in a world where (gasp) even PGP might be the government's bitch that yields whenever they get the itch to spy.
"Lawyers would rather fly than download PGP"...
And how would a non-techie lawyer ensure that his copy of PGP is actually authentic? Check its PGP signature? Use SSL? Review the source code and disassemble the compiler? What about getting good random numbers? As we've seen over the past year, you often can't rely on the operating system to generate them for you, especially not on Windows.
Not transmitting sensitive information over an insecure network, while prohibitively expensive in many cases, is far more reliable than transmitting it "encrypted" and hoping the encryption actually holds.
http://outcampaign.org/
In this instance pgp is a technical solution for a social problem.
Don't fight for your country, if your country does not fight for you.
Give me an effing break. The lawyers use this as an excuse to get out of the office, go play golf, and stay at the Ritz Carlton all on their clients' dime. Who the hell are you kidding?
I for one am glad the smart folks at Gitmo are not giving suspected terrorists access to the Internet, email, strong cryptography software such as PGP, and training how to use it.
In a case like this, that is probably not enough. IE lawyer client privacy only goes so far even constrained to US laws (this case wouldn't be constrained to US law), so they could be forced give up all info they have on the PGP encryption keys, etc, once the lawyers actions were considered illegal. Under US law these lawyers communications being kept private would be illegal (by my under-educated) understanding, the moment that any information they received could be used to stop a future attack.
Which it sounds like (in this case) would be all evidence.
Assuming the following:
A) the lawyers have been notified they are under investigation as well.
B) if A, then destroying evidence (such as a PGP key) would be illegal.
C) the Government can crack PGP when given the Key.
D) the government can intercept and log all the PGP traffic, until such time they receive the key.
talking about the case would not create evidence, but transmitting it would cause it to be recorded and thus it sounds like no legal way to avoid exposing it.
I am pretty technical minded, but I would have a hard time solving these issues for the lawyers, so they could transmit data that could only be viewed one time.
IANAL but can the government require a lawyer communicating with a non-US citizen identified as a terrorist to turn over all communications if they believe there is a national threat?
If they can't do it now, there is always the chance that legislation will be passed allowing such a practice.
If so, that would discourage the use of PGP. Even if they can't crack PGP, the govt could require a lawyer to provied his key/password or sit in jail indefinately for comtempt.
If communications between people are recorded, there is always the possibility the communication will be available to others. Face to face talk (barring listening devices) is the only way to ensure only the parties involved in the conversation will know the contents of that conversation. A lawyer could still be questioned about what they talked about, but then he could lie, omit facts, or take some other option if he didn't want to disclose the true nature of a meeting.
Ninjas don't carry tic tacs
> Do US courts seriously consider these issues any longer?
Of course they do. However, this is YRO so you get mod points for talking out of your ass.
...for Word Perfect 5.2
Why use encryption when you can fly 40 hours to Dubai and back, and use the hours to either bill the government or fulfill your pro-bono work requirement?
Give a man a fish and you have fed him for today. Teach a man to fish, and he'll say "WHERE'S MY FISH, YOU IDIOT?"
Geez, I hope they consider theirs "unbreakable" :)
Is it possible lawyers bill by the hour and flying halfway around the world takes longer than installing PGP?
The tyrant will always find a pretext for his tyranny - Aesop
Because it is clear that encryption is useful in warfare (see Engima machines). I favor a decisive advantage. If it were possible to keep other countries governments from learning complex encryption techniques (for subtle improvements to them) I favor it.
I want the NSA to be able to break any encryption. I just want it to be costly enough that it is only used for non-trivial cases.
Your ad here. Ask me how!
and how are they supposed to generate a keypair for the convict and assure control over the keypair? what hardware is the convict supposed to run this on? get real.
Absolutely true.
Also, as I understand it, the email is not considered properly privileged communication. If someone infiltrates the office and records the lawyer having a conversation with their client, that's still not evidence admissible in court. But if they subpoena the email server of a client being investigated, I believe those emails to the lawyer saying "Oh crap, I committed the following felonies, you think that's gonna be a problem?" are admissible in court.
IANAL, any actual lawyers able to jump in and correct me here?
PGP has its own random number generator
Mod down people who tell people how to mod in their sigs
Doesn't all that flying around just increase the need to find them guilty so we can proceed to invade more "terrorist-ridden" (and coincidentally oil-rich) countries? That will put more pressure on the plaintiff to find terrorism everywhere, weakening the defendants' cases.
And isn't raising demand for greenhouse-gas--emitting technologies doing a lot more to kill everyone than even a moderately effective terrorist could?
"The biggest problem with communication is the illusion that it has taken place."
i live next door to a very intelligent and successful criminal defense lawyer. he doesn't have a computer. he doesn't even use email. he does use sms, but mostly to talk to his wife and kids. he just flew across the country to meet with a client.
it's not that he has issues with pgp or doesn't trust it - he probably doesn't know it even exists. i'm sure if it came up in one of his cases he would go the distance to learn.
i think we make a lot of assumptions about how much people's lives revolve around computers. amazingly, even with the number of personal computers out there, there's still a sizable percentage of people that simply don't need them.
But yes, security is hard.
Don't thank God, thank a doctor!
Science fiction, by the way, not propaganda, even if I'm using it as such. If it were possible to keep other countries governments from learning complex encryption techniques (for subtle improvements to them) I favor it. Governments will, full stop. They'll do it on their own if they have to.
What's more important is for this to be available to individuals. I want the NSA to be able to break any encryption. I just want it to be costly enough that it is only used for non-trivial cases. Yeah, pretty sure we're never going to agree on this.
I do NOT want the NSA, or anyone else, to be able to encrypt my own messages. Find a form of warfare which works even if indecipherable messages are a fact.
Or better, don't fight wars.
Don't thank God, thank a doctor!
Hmm, send and receive encrypted email, saving your client money, or jump on a plane and get some travel to interesting places at your client's expense? Which would you choose? (Remember, we're talking about lawyers here.)
"I hope you like Guinness, Sir. I find it a refreshing substitute for, er... food." Col. Jack O'Neil, SG-1
That's the word on the street, at least.
Might not apply for mujahideen in Afghanistan.