Profile cover photo
Profile photo
Benjamin Wright
1,407 followers -
Data Law
Data Law

1,407 followers
About
Posts

Post has attachment
I’m honored to be moderating a panel on legal investigations of possible data breaches, featuring international lawyers from Paris, the UK and the US. Will you join us at our SANS Data Breach Summit in NYC this August? @MelindaMcLellan and @JamesSherer will be there! http://www.sans.org/u/EGq
Photo
Add a comment...

Post has attachment

Post has attachment
To perform well as a cyber investigator, you need to understand the law applicable to your work.
Add a comment...

Post has attachment
Who owns artificial intelligence inference data?

Inference data refers to information collected by an artificial intelligence system in order to analyze or understand a topic. For example, an artificial intelligence system might accumulate inference data about how an engineer solves a problem or designs a system. Then the artificial intelligence might be able to use that data to think like the engineer and go beyond what the engineer can do.

Employers have long required employees like Engineers to sign intellectual property agreements that say the employer owns anything that the employee invents while working for the employer. I can imagine that employers will now expand those agreements to say that any inference data gathered while the employee is working for the employer is the property of the employer.

The employer argues that while the employee is doing his or her work, the employer is paying for artificial intelligence to evaluate what the employee is doing and make sense of it and advance artificial intelligence capabilities to do the type of work that the employee does. Therefore the employer says it is entitled to own the inference data.
Photo
Add a comment...

Post has attachment
Balance and proportionality have roles to play when you try to comply with all the data laws around the world.
Add a comment...

Post has attachment
Data law compliance is hard. Helpful tools for compliance are tags, labels, banners, terms of use and the like. http://blog.netmail.com/improve-legal-outcomes-by-marking-data-with-labels
Add a comment...

Post has attachment
To comply with #GDPR , you must locate data that may have been collected long ago. http://blog.netmail.com/comply-with-gdpr
Add a comment...

Post has attachment
The security and confidentiality of records produced in eDiscovery are becoming more urgent issues. If the requesting party in eDiscovery cannot protect the produced records, then the whole eDiscovery procedure may be called into question.
Add a comment...

Post has attachment
The future of "hostile e-Discovery," such as through raid of a corporation by FBI or IRS: http://blog.netmail.com/a-new-vision-for-hostile-ediscovery
Add a comment...

Attorney Ethics in the Cloud

I am thinking about my obligations as a lawyer to protect the confidentiality of client information.

I just read an article (the "Article") in the February 2017 issue of the Texas Bar Journal titled "Don't Let the Cloud Rain on Your Parade: Emerging issues with software-as-a-service providers and ethical obligations." The Article is thoughtful work written by Texas attorney Tom Kulik.

The Article points out that large, widely-used cloud providers can get hacked, as Evernote and Dropbox have been hacked. I'll add that Yahoo has been hacked too.

The article argues attorneys should not use cloud providers that are repeatedly hacked. I ponder that advice. How can I practically apply that advice?

Over the years, I have read many stories of the United States Postal Service being abused. Should I stop using the US postal service in my professional work?

I have read stories about police (without a warrant) using the Stingray device to track cell phones and listen on cell phone calls and communications. I have learned stories about cell phone providers allowing 3rd parties like Carrier IQ to collect a great deal of sensitive information from cell phones (without warning or notice to users). Should I stop using cell phones in my professional work?

I read many stories of Internet-connected PCs and wifi routers getting hacked. Should I stop using Internet-connected PCs and routers in my professional work for clients?

The Article suggests getting consent from clients -- by way of the engagement letter between the client and the lawyer -- for use of cloud services. I could imagine such an engagement letter becoming very long and confusing ... describing all of the well-known cloud services (Evernote, Dropbox, Yahoo) a lawyer might use to help a client. I could imagine the engagement letter tediously but accurately describing all of the problems these services face.

Query whether the engagement letter should also disclose the use of the US postal service and Internet-connected PCs and wifi routers. Should the client not also be warned about these imperfect services and devices so that the client can decide whether to consent to the use of these common things during the course of legal representation? Wow. I can now see an engagement letter becoming very long ... and tedious.

However, one might argue that clients are already on notice that Evernote, Dropbox, Yahoo, Internet-connected PCs and Internet-connected routers, the US postal Service and the cell phone networks are less that perfectly secure. So one might argue that disclosure of all this stuff in an engagement letter is of little value to clients, and possibly confusing to clients.

A Better Solution

What about this as an alternative? I publish this statement broadly on my blogs, Google Plus Profile and other Internet statements about myself so that clients and prospective clients are informed about the risks of insecurity when working with me:

"Privacy/Security Vision. Some people provide Mr. Wright private information. Mr. Wright strives to treat such information reasonably according to the circumstances. People should have no more than reasonable expectations about information security. It is unreasonable to expect that the offices, computers, cell phones, brief cases, filing cabinets and online or other services used by Mr. Wright are very secure."

What do you think of that statement? Am I being reasonable? Am I being ethical? Do my clients need more protection from the risks of modern, common devices and services?

Should I back the foregoing statement up with a lot more detail in an engagement letter describing the problems with cloud providers and Internet-connected devices (as well as the problems with cell phones and the US postal service)?

Comments invited.

--Benjamin Wright
Texas Attorney

Post Script: The Article also suggests lawyers study the Terms of Service of cloud providers like Evernote, Dropbox and Yahoo. I question how much the lawyer is really going to learn by studying the terms of large, well-known service providers. Can it really be expected that anything in these terms will materially change the confidentiality of attorney-client information exchanged through these services? The terms of these services are available to untold millions of people. If the terms said something like "Yahoo will read your messages and publish them publicly for all to see on the web," the public would complain vociferously. Twitter users would widely bring attention to these ridiculous Yahoo terms. Therefore, I doubt a lawyer will learn anything of value by studying the terms of Yahoo and comparing them to the terms of Gmail and then deciding which service to use. Am I wrong?
Add a comment...
Wait while more posts are being loaded