Information Security

While there are undoubtedly any number of juicy moral indiscretions to be observed in the Petraeus scandal that has been unfolding over the past few weeks, for me, the informational security issues are the most salacious.

It hasn’t been explicitly detailed, but it appears that the CIA chief’s dalliances came to light when the FBI ran a standard background check on his biographer. That background check turned up inappropriate e-mail correspondence in the drafts folder of a Gmail account that the biographer shared with Petraeus.

That means that without a warrant, and without any hint of a criminal activity, a government agency was able to freely examine the contents of the encrypted online e-mail account of the world’s foremost intelligence official.

Could there be any more stark an example of how weak informational security really is in the world today?

And it’s not just the mighty FBI that seems to reach out and grab whatever pieces of secure information it desires – the Israel/Palestine battles this week were met with another campaign by the hacking group Anonymous, where the group was somehow able to defeat various Israeli secure databases and post the contents online for all to see.

As a law firm, virtually everything that we do is private. All of our communications are privileged and the information that clients impart to us is often the most secret and valuable thing they can imagine. The very idea that this information is vulnerable is chilling.

For that reason, we take a number of steps to ensure that the information is as safe as is reasonably possible. We’re certainly not invulnerable, and we don’t have the resources of the CIA or the FBI, but we do take information security very seriouly. We use encryption, rotating password protection, secure physical plant protocols and whenever possible, 2 (or more) step authentication procedures. We try very hard.

But that’s not enough. Sometimes we actually have to forego technology altogether and go pick up a document. Or have a conversation in person. In private. Sometimes we have to advise clients that (where legal, ethical and appropriate) something shouldn’t have a permanent record.

As a client, who is expert in these matters, recently ranted to me – Balance is important. It is about being logical about competing priorities. If a piece of information is the most important thing in the world, we’re not going to e-mail it. We’re not going to leave it in a folder on our front desk waiting for someone to pick it up. It’s going to be treated very special. We’re going to devote significant time and attention to that piece of information. But we’re not going to give that same level of attention to something much more trivial. It just doesn’t make sense.

The world keeps changing and the pace of technological innovation isn’t going to slow down. But the more things change, the more they stay the same. The way we conduct our business and the advice we give to our clients will always have a strong foundation in common sense and logic.

Scott R. Young