Online Storage For Lawyers?

alharaka writes "I have a relative that has been a lawyer for over two decades. In passing conversation, he revealed to me that he has a great deal of his data stored on floppies. Naturally, as an IT guy, I lost it on him, telling him that a one-dimensional storage strategy of floppies was unacceptable. If he lost those files, his clients would be enraged. Since I do not know much about online data storage for lawyers, I read a few articles I found on Google. A lot of people appear to recommend CoreVault, since a few bar associations, including Oklahoma, officially endorsed them. That is not enough for me. Do any Slashdotters have info on this topic? Do you have any companies you would recommend for online data storage specifically for lawyers? My relative is a lawyer with recognition in NJ, NY, CA, and DC; are there any rules and regulations you know of regarding such online storage he must comply with? I know IT and not law. I am aware this is not a forum for legal advice, but do any IT professionals who work for law firms know about such rules and regulations?"

Yes.

[Aaron_Pike]

I firmly believe we should store lawyers online.

Re:Yes.

[gandhi_2]

With a big knife you could store them in a Redundant Array of Inexpensive Freezers. RAIF-0 supports striped lawyers.

Re:Yes.

[dgatwood]

I thought it was the Judicial Array of Inexpensive Lockers that held the striped lawyers....

Re:Yes.

[Red+Flayer]

Meh. The operating costs of that are too high (refrigeration ain't cheap). I suggest RAID-0, Redundant Array of Inexpensive Dumpsters.

This does have an issue with degradation of the lawyers over time, but that's OK... it feeds into our COMP-Office Services Technology department.

Re:Yes.

[chappel]

I'd like to see more stored at /dev/null

Re:Yes.

[wastedlife]

Seriously, its like he thinks the internet is just a big dumptruck. Everyone knows that it is a series of tubes. All those lawyers would clog the tubes. It might take one of my staff a whole day to send me an internet again.

Sincerely,
Ted Stevens, former Senator

A Few Helpful Lists

[eldavojohn]

Well, there's a list of online backup services on Wikipedia that's probably only half of what's available so if you feel you are lacking options and would like to help your friend out, you can do a thorough comparison matrix containing his priorities and rate each of them. You might be able to find viable options in the list of file hosting services as they use encryption.

As a lawyer with recognition in NJ, NY, CA, and DC, are there any rules and regulations you know of regarding such online storage he must comply with?

Ahahahahaha, you are asking Slashdot for advice on legal rules and standards to assist a lawyer?

Look, you're probably going above and beyond what a normal lawyer did back in the day: throw a piece of paper in a filing cabinet in his office. Subject to fire and theft, sure, but I doubt the law has changed enough to make that illegal. CoreVault looks good, you can also visit each of the state bar association pages you listed and find things like NY State Bar Association offering a discount at VENYU for offsite data storage which is probably as close as you'll get to an endorsement. Have you thought about calling each state bar association office and asking them what they use/recommend?

Re:A Few Helpful Lists

IAAL and using any of these services is suicide.
Store your documents IN A FIREPROOF SAFE or VAULT ON PAPER.
Use a document scanner for retrieving them if you lose the electronic originals.
Disclosure to a 3rd party is suicide as your atty-client confidentiality could be lost (what happens if the 3rd party gets subpoenas?). Losing data is suicide because it shows a lack of due diligence.
Use paper. It works. or burn to 2X archival CDR and THEN use paper. whatever floats your boat.
   

Re:A Few Helpful Lists

[Captain+Splendid]

Speaking as someone who runs a small law firm, parent has it mostly right, especially in regards to the document scanner. We live and die on paper, so we make a lot of effort to keep the physical and digital versions safe. As for online storage, HDs are cheap, and even several million pages of text documents won't break anyone's bank.

I've never understood the online storage appeal for just about any commercial entity, but for a law firm, that just ain't gonna happen.

Re:A Few Helpful Lists

[quantumplacet]

You do know that you can back up to a 3rd party and still maintain sole access to the data, correct? All of our backups are encrypted using a 448bit key that only we have access to. If our backup provider is subpoenaed they can give all my data to whoever they want, it's just a meaningless binary blob.

Re:A Few Helpful Lists

[archangel9]

Same here. Ours is encrypted offsite w/Blowfish and a 256-bit alphanumeric key. Our data company sees nothing but a bit chunk of data and nothing more. Good thing I have that key written down on a sticky note next to my monitor for safe keeping.

Re:A Few Helpful Lists

[KDR_11k]

Or

3) He was hoping for the lawyers to identify themselves to build a list of names for the Ark B.

Re:A Few Helpful Lists

[DiegoBravo]

> I've never understood the online storage appeal for just about any commercial entity, but for a law firm, that just ain't gonna happen.

I have the theory that lawyers get seduced by the seals stamped on papers -and like gamers, the have a special appeal for the more 3d ones- (obviously, digital firms are not understandable nor artistic, so any kind of digital storage is secondary.) That "seduction" is so strong that they yet carry the idea that more seals = more authentic.

Re:A Few Helpful Lists

[Chabo]

If they do that, then the information is protected against attorney-client privilege. Practically no judge would allow that privilege to be broken, so any warrants given under those circumstances would be thrown out.

Re:A Few Helpful Lists

[nametaken]

Commercial entities usually love it for a number of reasons.

If my building burns down, they have a copy.

If I get infected with something that wipes out/corrupts my data, they have a copy.

They have a dedicated IT staff that specifically manages the security and integrity of my data. I do not.

They have facilities specifically designed to safely store my data. I may not.

There are lots of good reasons.

Re:A Few Helpful Lists

[ixidor]

exactly. i did support for a small accounting firm, anyone here felt the pain ofgoing from quickbooks 05,06 to 2008 ... omg that sucked. i had bought them a cheap prepackaged nas box from newegg, around $200. then in the QB2008 documents it says specifically not to do this, 4x the network overhead. so i looked around for online storage. and i have a question related to the lawyer theme, if the data is encrypted in the online storage place, evan if they were to be subpoena'd what would they get ? unusable encryped data chunks. but back to the point, second that about onsite and paper. burn copies to cd or something ok. but mozy is cheap, like $5/month. how is that hard to justify?

Re:A Few Helpful Lists

[Captain+Splendid]

If my building burns down, they have a copy.

If I get infected with something that wipes out/corrupts my data, they have a copy.

Yawn. The backup to the backup should be in the managing partner's house. It's ultimately his or her job anyway.

They have a dedicated IT staff that specifically manages the security and integrity of my data. I do not.

They have facilities specifically designed to safely store my data. I may not.

Talking different levels of money here, that's all. Online storage is cheaper in that regard, but is it worth what you lose by managing it yourself? For a law firm, the answer's no. For most other businesses, the answer's also no, unless you're so magnificently tiny that it just doesn't pay. Which sounds like a pretty slim market to me.

Re:A Few Helpful Lists

[anagama]

IAAL too, and I wouldn't feel comfortable with any particular service in which the service owner could have access to my files or the keys/passwords for decryption. I simply won't entrust my data to a third party, not even my calendar to Google Calendar. I do however perform nightly automated backups to a remote server.

My system works like this:
- in my office, tar the data into a single file, encoding the date into the filename.
- mcrypt that tar file.
- transfer the encrypted tar to a virtual private server via ssh. (*)
- on the VPS, I have a script that keeps a set of my backup files: the last 7 days are kept, and then mondays for the previous 7 weeks.

The risk is that my VPS or another VPS on the remote machine might be hacked and my data files exposed. However, because the data files are encrypted as well as can be by present standards, it is highly unlikely that the actual data will be exposed even if my account was hacked. The person would simply get a set of encrypted files. I suppose it would be possible for a person to grab my files, and 20 years later decrypt them. I think that worry starts to get a bit foil-hatish in that I don't work with terribly sensitive information -- at least not the kind that someone will wait decades to be able to decrypt.

Even if my data was somehow decrypted, I feel that I have performed sufficient due diligence under the rules in my state (**). In fact, there is no data existing anywhere that cannot through some highly contrived set of circumstances, cannot be revealed. I do feel I'm doing a better job than if I merely stored the files in a locked storage closet. Taking a bolt cutter to a masterlock and then trundling off CDs, papers, or thumb drives is way easier than decrypting my files. Any safe I can afford can probably be picked in 30 seconds by some 13 year old kid looking for cred on YouTube. Lastly, I have no doubt my encrypted files on the VPS are more secure than files located on a computer through which the internet is accessed by a web browser.

Anyway, I do feel I'm going beyond what most lawyers do with backup security. Of course there are certain unlikely possible breaches -- but I'm not required to protect against all of them. For example, I don't need to personally hand deliver all paper documents because I'm allowed to use the mail. What could be less secure than documents protected by a paper envelope?

As an added bonus, because my backups are nearly 3000 miles away (I'm on the Pacific, my VPS is on the Atlantic), even a devastating regional disaster will not cause me to lose data. If a disaster is so bad as to stretch from sea to shining sea -- my files will be the least of anyone's concern.

(*) I only get 15gb of space, but it only costs $10/month. It's running CentOS 5, no webserver or anything else, just ssh.

(**) Comment to WA State RPC 1.6 (confidentiality and information):
[17] When transmitting a communication that includes information relating to the representation of a client, the lawyer must take reasonable precautions to prevent the information from coming into the hands of unintended recipients. This duty, however, does not require that the lawyer use special security measures if the method of communication affords a reasonable expectation of privacy. Special circumstances, however, may warrant special precautions. Factors to be considered in determining the
reasonableness of the lawyer's expectation of confidentiality include the sensitivity of the information and the extent to which the privacy of the communication is protected by law or by a confidentiality agreement. A client may require the lawyer to implement special security measures not required by this Rule or may give informed consent to the use of a means of communication that would otherwise be prohibited by this Rule.

Why online?

[captaindomon]

Why online storage? Why not just copy everything to a couple USB drives and then backup off-site occasionally with DVDs? It's not like we're talking about a lot of storage, they're probably just text documents mostly, right?

Re:Why online?

[berend+botje]

Almost anything would be better than a stack of floppies. Get the guy two usb harddrives and get it over with. No need to over-engineer the solution.

Re:Why online?

[fuzzyfuzzyfungus]

Barring(har, har, not intended) poor recent graduates slaving to pay off giant loans and shoestring do-gooder types being paid in peanuts to keep poor kids off death row, I strongly suspect that most lawyers have more available cash than available time or technical expertise.

Copying everything to a couple of USB drives is exactly the sort of thing that is easy to forget to do, and potentially disastrous. Far better to pay a fee that, for a bunch of mostly text documents and some .tiff scans, won't be all that high, and have it done for you.

Re:Why online?

[TheRaven64]

I've worked with a couple of companies that had the same kind of requirements:

• They can't afford to lose the data.
• They can't take if off-site without some additional constraints (e.g. stored in a safe, encrypted).
• The users don't want to have to understand the technology.

A lot of these companies currently use a third-party warehouse with locked cages and transfer photocopies of court documents there for off-site storage, and want something a bit more high-tech.

The best solution I've come across is an on-site RAID-5 NAS with hourly snapshots. If they can store their data on floppies now, it is almost certainly less than 1GB. Put this on a three or four 250GB disks in a RAID-1 array (no point in RAID-5 when you've got that little data - go for the extra redundancy) which takes (volume-level) snapshots every hour (something like GEOM or ZFS snapshots). Every work night, burn the latest snapshot to a DVD and give it to the boss to take home and put in his safe. He should store the most recent 5 backups there and, n week-end backups. If you're not using ZFS on the server then make sure you're using something else to check for single-sector corruption.

Note: This is not legal advice. I know some law firms one accountancy firm who use this system, but I am probably not in your jurisdiction and you may have additional regulatory / legal requirements. Fortunately, if you are a law firm, you can probably consult a lawyer and get some legal advice cheaply...

Re:Why online?

[snowraver1]

Every work night, burn the latest snapshot to a DVD and give it to the boss to take home and put in his safe.

HAHAHA hahahahahahahahahaha ha ha, whew. That's funny. Who is loading the dvd drive?

Gather 'round boys and girls, it's story time. My dad was a lawyer for somewhere around 30 years. At the time, he and 4 other partners togeather made up their law firm. Because each of them were essentially seperate from each other, they tended to have their files stored either on their own comptuer, or on their secretary's computer.

My dad was smart enough to know that this probably wasn't the best setup, so he hired an "IT Professional" to fix this problem. The computer guy came in and set them up with a small server which would be a centeral repository for digital files. This server would then do daily (possibly weekly, can't recall) backups. The secretarys would then take the tape home with them over night.

Not a bad setup. This system was in place for several years. One day, one of the secretaries computer's HDD died. The office called the guy that had setup this system for them to have the HDD replaced. What happened next will require a new paragraph.

I get a call that day from my Dad. I was weeks away from graduating from Computer Engineering at a local technical school. My dad calls, clearly upset. Apperantly a while ago there was some problem that they had to call the "IT Guy" for. The "IT guy", in the process of fixing that problem, changed it so that the secretarys computers and I think 1-2 of the lawyer comptuer backed up to one of the secretary's comptuers, and not the server. Well, guess which computer died? You know it, the secretary's computer that was holding the backups it shouldn't have been.

No problem right? They were taking weekly backups and taking them off site. Well... Turns out that in the process of moving the backups to the secretary's computer, he was also preventing that data from being backed up. Essentially, the backups were only backing up 1/2 the data.

So, I'm just about to graduate, I get this call from my dad, and he tells me the story. I tell him what he already knows, no data should be on the comptuers, it should all be stored on the servers and backed up. The next day my dad's firm and the "IT Guy" had a meeting. This guy was scared shitless that he was going to get his pants sued off. Not all lawyers are bastards, my dad and the firm told him to send the HDD to a data recovery specialist and told the IT guy that he would be responsible for the bill. The data recovery was partially successful.

Losing that much data caused real problems at the office. Some lawyers were hit harder than others. My dad got through it just fine. My dad had a system where everything was done in triplicate. Document was saved on computer (1), printed and attached to the client file (2), I'm pretty sure that he also printed a third copy to send to Iron Mountain. When the data was lost, he still had the paper copies, the other lawyers wern't so lucky.

Having seen that, I would recommend printing and filing EVERYTHING. Most lawyers change outragous rates for printing anyways, so why not? So, I would say that you should definately take precautions against data loss, the hard copy should be your real backup.

Re:Why online?

[jra]

And *this*, boys and girls, is an altogether excellent example of why professional system administration talent is well worth whatever you have to pay to have it around.

Re:Why online?

[brtech]

One good story deserves another, from several years ago

There was this medical device manufacturer. It had an older product, pre-microprocessor. One day, the FDA came for an inspection. When they do that, they usually send at least one person with clue, but they cross train other people and send them too. On this inspection, one of the inspector's regular job was inspecting galleys in ships (another FDA function you may not know about). This guy had been cross trained.

So, they are walking down the manufacturing line, and the employee shows them the board from the product. One of the chips has a label on on. The inspector says "PROM"? Meaning, is that chip a programmable read only memory (like today's flash, but usually one time programmable and a lot smaller). The employee says "Yes, that's a PROM". The inspector says "Checksum?" and the employee says "yes, the checksum is on the label". The inspector says "Verify?" and the employee takes the board, pulls the chip, goes over to the programmer, plugs it in and verifies that the checksum is valid.

The inspector says "Source Code?". The employee is a bit stumped. He goes away to ask some engineers who were around for a while, then goes to the manufacturing engineering guys and finally goes back to the inspector and asks them to accompany him to a storage room.

In the storage room, there are a number of 4 drawer file cabinets. The employee searches around, and finally finds the right file.

The file has the right build data on the cover. He opens the file and triumphantly removes the floppy disk with the source code on it.

An 8" floppy disk.

You know what's coming right?








No 8" drive left in the company.

TrueCrypt?

Come to think of it, I think we should store them in *actual* true crypts... ;-)

Re:TrueCrypt?

[scotay]

*actual* true crypts at the bottom of the sea.

That way you get a natural coral reef.

Re:TrueCrypt?

[kasperd]

Before anybody starts using TrueCrypt for encrypting data to be stored online, let me warn you, that TrueCrypt was not designed for that. Several years ago TrueCrypt switched to LRW because the encryption mode used before that was vulnerable to some watermarking attacks. However the LRW encryption was even more vulnerable in case an adversary is able to get a copy of the encrypted data from two different points in time. What that means is, that if you just have the encrypted container stored online using some networking file system, then whoever operates the server will have access to the encrypted data from any point in time. By comparing the data from different points in time, you can perform watermarking attacks. The same applies if you store your encrypted container locally but periodically put a backup of it on a server not directly controlled by you.

I mentioned above vulnerability to the TrueCrypt authors, but they didn't consider it a problem. However I think they did switch to a different mode later for other (less severe) reasons. I don't know if the new mode is better, but I doubt it. I have not yet seen any storage encryption specifically designed to handle this use case. Anything I have seen operating at the block layer TrueCrypt, cryptoloop, GBDE, etc. have been designed without considering the possibility that an adversary would have access to the encrypted data from two different points in time, in other words they are not suitable for storing online.

If you do intend to use an encrypted container and store backup copies of it online, then encrypt it again before storing it online. One approach would be to encrypt the container using a gpg key. Keep only the public key on your computer. Print out the private key along with the passphrase and store it in a safe.

Scan and shred

[peacefinder]

Scan the lawyers and shred the originals. You'll be very popular.

omfg...

[gandhi_2]

a few bar associations, including Oklahoma, officially endorsed them.

I see.

That is not enough for me.

uh, huh.

Do any Slashdotters have info on this topic?

*head explodes*

Re:omfg...

[lymond01]

You know, I might put Slashdot above Oklahoma. Slashdot is the biggest tech site on the internet. Oklahoma has a musical named after it.

That gives me an idea...

Re:omfg...

[compro01]

This guy beat you to it years ago.

Mozy.com, you can provide your own encryption key

I have used Mozy for several law offices, primarily because you can specify your own 256-bit AES encryption key. Not even Mozy has access to your data.
In California the bar association regulations require that a law firm takes "reasonable care" of client data. That's it. Kinda Scary.

Online backup - Mozy

[Bill+Dimm]

Mozy (owned by EMC) has some sort of deal with the ABA to give members a discount, so I would take that to be somewhat of an endorsement for use by lawyers. I'm not affiliated with them in any way -- I just know about them because their booth was across from ours at the ABA TechShow.

Insolvency, deletion, and encryption

[Beryllium+Sphere(tm)]

Questions to ask, if you're sure that online is the right approach:

Will customers have access to their data when the service provider goes out of business? If so, how much delay will be involved? ("You can have your data when we get the server back from the repo man").

There may be some standard telling lawyers to use reasonable care when handling privileged information. If there is, then by today's standards I'd personally argue that reasonable implies encrypted.

Is deleted data really deleted? Does it live on in backups? Is it like Google, where ghosts of departed data linger in the cloud?

The only thing I can tell you about bar association standards is that at one time the ABA was telling people that email was acceptable for communicating privileged information. I hope they're doing better now.

Re:Just a few cents of advice (not an actual value

[Qubit]

if GoogleArchive (or whatever) gets a subpoena, can they (be required to) surrender your whole legal strategy to the prosecution?

As far as I understand it, attorney-client privilege is stronger than doctor-client privilege -- in fact, I'm not sure if there IS a stronger commitment our laws have to privacy and confidentiality.

If a lawyer is a ridiculous n00b and uploads unencrypted data about a client to an online service, my guess is that even though he was an idiot for doing such a thing, the court would still recognize that as being protected client data and would rule it inadmissible. I mean, it might show up as front page material if it leaks, but theoretically the court wouldn't take that information into consideration.

probably rather easy to move to .pdf (which I'd say would be the higher priority)

If all you have is images or hard copies of documents, then scan them to PDF, but if you have text files, I'd suggest storing both PDFs (to retain the precise markup) as well as text/wordperfect/OOo/whatever. It's difficult to do PDF editing and/or full-text searching across lots of docs (although I hear that FOSS tools to do both are getting better).

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Well..

[N7DR]

My main concern would be privacy. You start putting confidential client files on the internet, and if anything goes wrong you are looking at a malpractice suit for sure.

I tried to explain that to a local lawyer who wanted to use gmail (unencrypted, of course) for his practice's e-mail. I could never get him to understand that there was anything even remotely wrong with doing what he wanted to do. So now he's doing it.

Just as scary, none of his clients seem to think that it's a problem.

This is one of those times that I just want to bang my head on a wall and scream (to myself, since no one else seems to listen), "Why does no one else get it?"

And by talking to other lawyers here, their backup strategy generally seems to consist of... hope that they never have a fire (or, in some cases, hope that they never lose a hard drive).

You seem to be missing the point

[Minwee]

Half of keeping copies of important documents is being able to retrieve them later on when you need them.

You seem to understand that, which is why you are trying to convince your relative to move his data to a more reliable storage medium.

The other half is in _not_ being able to retrieve them when it is inconvenient to do so. This is why there are floods, fires, mice, lost envelopes, poorly made photocopies and , in this case, corrupt old floppy disks. And as long as you have a storage system which is just barely good enough then you can lose anything you need to and nobody will even blink.

It's all about identifying the client's needs. Give them what they really need, not just what they ask for.

Average attorney salary ~$60k/yr

[ahbi]

The average attorney salary is ~$60k per year. And that is with $300k+/yr equity partners pulling the average up.
I was in my 1st year of law school when I found out that I was making more as an engineer (BSEE) than most lawyers were making. (Fortunately, my company was paying for school & guaranteeing me a job upon graduation that involved a pay-grade jump every year for 4 years.)

The truth is, there are just too many lawyers.
Most of them can't find a job in a "real" law firm. So, instead they have to hang-up their own shingle and become sole practitioners.
Sole practitioners usually take DUI cases or other minor disputes, often for clients that decide they're unhappy with the outcome and refuse to pay.
Sole practitioners also get to be taxed on both halves of self-employment taxes, pay their own benefits and business insurance.
Good times.

Add on top of that law school is ~$100k, which most people take out loans for.
So, if you go to law school chances are high you'll graduate with the equivalent of a mortgage and no job.

It really doesn't make financial sense to get a law degree unless you have a lucrative specialty (e.g., patent or admiralty law), go to a cheap state school (e.g., ASU), or feel a moral duty akin to the priesthood.

Re:Encryption

[SirGarlon]

And it would be smart to store the key/passphrase on paper in a safe, in case you get hit by a bus and your partner/assistant urgently needs a client's file. IANAL.

Re:Mozy.com, you can provide your own encryption k

[xcut]

I have also used Mozy, specifically MozyPro, for my company, for more than a year.
I had a terrible experience with it, the client initially worked well, but is so badly written that as you get to multi-gigabyte volumes, the incremental scanning kills completely stalls the OS.
So: whatever you choose, test it for a while. And, most online storage services have encryption, including DriveHQ, which I switched to. Works fine so far (6 months).

Wikileaks

[Tokolosh]

Please give some good advice, which is to use the latest and best system, endorsed by important entities everywhere.

It is called "Wikileaks", and can be found using any search engine.

Have you looked at....

[s0litaire]

...Spideroak.com

I currently use it for backups. Some of it's coding is OSS. you get 2Gb free storage (which should be enough for you to test out the system.

Online != Insecure. Options exist.

[alanfairless]

There's no reason online can't be secure. Online means it's automatically offsite and that a 3rd party has the time and incentive to be sure it's actually working.

2 years ago I founded https://spideroak.com/ for this exact situation -- wanting a zero-knowledge approach to encryption. We explicitly don't know anything about your data. We just see boring sequentially numbered data blocks on the server. Instead of a EULA, we have a "remember your password" agreement.

You can combine data from unlimited devices and it de-duplicates, and can automatically sync folders for you. Storage is perpetual (unless you explicitly remove things.) FWIW, it's written in Python and we have always supported Linux.

Re:Online != Insecure. Options exist.

[networkBoy]

What encryption does your service use on your end?
What encryption is used to TX/RX the data from the client?
I particularly like the de-duplication aspect, however I don't trust you (as I am sure you do not trust me). Is there any issue with uploading TrueCrypt container files to your service (maximum single file size, etc.?)
Looks good, especially for $1/gig/year...
-nB

Re:Online != Insecure. Options exist.

[alanfairless]

Encryption specs are are here: https://spideroak.com/engineering_matters#encryption_specifications

We like to say that trust isn't necessary because we're incapable of betraying our users. It's makes good business sense too. We don't want to spend our time answering subpoenas. :)

To add your own layer of encryption, you can archive container files or whatever you like. No limits. If you a sector based encrypted disk image, SpiderOak will be able to efficiently snapshot it between versions, giving you history and only saving the changes between revisions.

If you want a layer of additional local control, there's a "Keep your own copy" option where SpiderOak will put a copy of every encrypted data block on your own server, so you can manually inspect them if you wish (and have offline/local access for very fast restores.)

There are many services out there...

[techsoldaten]

There are many services out there, but Wikileaks is what lawyers should probably be using.

M

bah.

[commodoresloat]

What you really need to keep your data secure is use a secure password like the one we use at my company -- 23$wu!x6 -- we've been using that password for a while now and never had any problems.

also,

[Khashishi]

Where can I get a toilet seat designed specifically for lawyers?

Amazon S3 + duplicity + gpg + cron

[Alives]

I setup a backup system for a lawyer last year. Its basically a cron job that runs a script every night. It uses duplicity + gpg and stores everything on amazon s3. Its incredibly cheap. I store 6 months of revisions, with a full backup on the first weekend of every month, then incrementals after that. I perform regular restores and run a big md5sum job to ensure that the restores are working. I havent automated that stage of it yet, but so far so good. I'd be happy to send you the scripts if you want. PM me if youre interested.

Re:Encryption

[MrKaos]

And it would be smart to store the key/passphrase on paper in a safe, in case you get hit by a bus and your partner/assistant urgently needs a client's file. IANAL.

The banks (I worked in) did it by storing half of a key in two safes, two different managers have access to their particular safe. Each is asked to enter their half of the key when it's required (get's them involved in the data's ownership too). No one actually knows the entire key.

It's a function of the role to have appropriate access. YMMV