Book review: information security for lawyers

On Slashdot, a reader called benrothke reviews a book called Locked Down: Information Security For Lawyers. This sounds like a vital book -- my experience of lawyers (and accountants, doctors and other professions that deal with sensitive information) is that they really don't get information security, routinely transmitting potentially compromising documents in the clear as email attachments. Not only don't they understand PGP -- they think it's good security to attach an encrypted ZIP archive to one email and follow it up with another email containing the password to decrypt it (facepalm). Anything that gets this sort of profession thinking well about security is most welcome.

The book quotes an ABA 2011 technology survey in which 21% of large law firms reported that their firm had experiences some sort of security breach, and 15% of all firms reported that they suffered a security breach. It is figures like those which show that attorneys really need to read this book and take the information to heart.

The books 17 chapters are in a readable 150 pages, with an additional 120 pages of appendices. Written in an easily understandable style and non-technical for the technologically challenge lawyer.

When it comes to the security of client data, in chapter 4 the authors write that encryption is a topic that most attorneys don't want to touch with a ten-foot pole. But it has reached a point where attorneys must understand how and when encryption should be used. Just as important, they need to know about key managements, and what good encryption is. The chapter provides a high-level detail on what needs to be done regarding encryption.

Chapter 13 is on secure disposal, is an important topic to everyone, and not just lawyers. Digital media needs to be effectively disposed of; and for many lawyers, they often think that means reformatting a hard drive or simply erasing files. The chapter effectively details the issues and offers numerous valuable hardware and software-based solutions.

Book Review: Locked Down: Information Security For Lawyers

Locked Down: Information Security For Lawyers [Amazon]


  1. Is there any content in the book that is not available for free on the web?

    I mean  – to justify the $80. And what makes it specifically for lawyers?

    1. You can tell it’s for lawyers because it’s prohibitively priced for anyone else.  Just because you might one day use the information in the book to make, or preserve your ability to make, money, it gets priced at four times the amount it would be if it were published to almost any other market.
      I’m in law school and anything at all that might inform you, improve you skills, or possibly result in some benefit gets priced insanely high.  As someone that works two jobs to pay to go to law school at night and is barely squeeking by, this is f’ing retarded and makes me want to consider alternate means of obtaining the book.

      For those of you thinking “Oh, poor him, he’s going to be a lawyer and make lots of money with that knowledge, he can pay for it now.”  I’m doing law school this way so that I won’t graduate $250,000.00 in debt.  Pricing educational books as high as they are is a contributing factor to the obscene cost of higher education and prohibitive loan debt that many graduates face. Most of the problem lies with the universities themselves, but the providers of educational material make sure they get their large bite of the action too.

  2. I imagine the content is geared specifically toward lawyers, keeping in mind that they have a fiduciary duty to their clients to keep all information private (even the fact that a person may have retained an attorney is confidential information).  The $80 pricetag is cheap compared to most other legal publications.

    Unfortunately, many attorneys really don’t understand the importance of data security, treating email as more sophisticated version of faxes.  One bar association leader recently told a room full of other lawyers the benefits of using Dropbox as a means to bring their law firms into the cloud cheaply.

    1.  Oh, the stupid, it burns!

      … You know, information security isn’t hard to do at all. Want cloud? RetroShare. Want easy, yet secure SMS? TextSecure. Encrypted phone call? Twinkle or any number of free ZRTP clients.

      Oh, the stupi-

  3. I remember trying to explain to an attorney’s  receptionist what “cross talk” is, and why it’s not good to have it on your telephone . . . shortly after she had put me on hold. I could hear the conversation that was going on, on the other line.

Comments are closed.