British intelligence agencies have for years spied on the communications between lawyers and their clients. So how to protect lawyers and their clients?

According to a report from BBC News UK, The British intelligence agencies MI5, MI6 and GCHQ have for years routinely spied on the communication between lawyers, their clients and even the courts in the UK. This behavior shines a very strange light on the authority of the state especially in handling criminal matters and is clearly contrary to several British laws. Nevertheless, this practice shows that the powers of the State do not always play together in a clean way and you should not rely on the protection provided by the legislation alone.

Rachel Logan, the legal adviser of Amnesty UK is quoted in the article as follows

It "clearly violates an age-old principle of English law set down in the 16th Century - that the correspondence between a person and their lawyer is confidential"

"It could mean, amazingly, that the government uses information they have got from snooping on you, against you, in a case you have brought," she said.

"That affords the government an unfair advantage akin to playing poker in a hall of mirrors."

This case highlights the importance of encrypted communications between lawyers and their clients very clearly. Nevertheless, many lawyers find it difficult to implement a solution for the encrypted exchange of e-mails and files. What is the cause?

E-mail encryption technologies such as S/MIME and PGP have been available for years however they have serious disadvantages, especially if you want to communicate with many different individuals, as is often the case during a legal exchange. Typically there is a requirement for pre-installed and managed technology on both sides bringing complexity, cost and time delays to situations where time is frequently the essence, and ease of use is essential.  The implementation of S/MIME or PGP and the exchange of certificates is difficult to understand and perform for individuals without an IT background. In addition these technologies are incompatible with each other, so both must be used by a firm if in doubt. However even if an S/MIME or PGP encryption is in place, this still carry some limitations.

While the content of the message is encrypted, the subject lines travel in plain text through the network, meaning they can be read by anybody who scans that network, and this may not just be the government. Senders and recipients should be made aware of this as an attacker can already draw some clear conclusions from this legible information.

Since the most common and certainly the fastest transport method remains e-mail, size restrictions often apply in respect of file attachments, legal bundles are not noted for modest size! By way of example, videos or large assessments with image data cannot typically be transferred easily by email and communication correspondents often seek to evade barriers by using an alternative such as expensive and slow regular mail or insecure consumer grade cloud-based file sharing services.

Cryptshare overcomes these challenges in a very simple manner. Using strong encryption the system allows bi-directional transmission of encrypted emails and files of any size. It is ideal for secure ad-hoc communication with multiple correspondents and people who do not have specialist IT know-how. No special software is needed to be installed on the client side, no license purchased, no user accounts are needed and no certificates need to be obtained or exchanged.

Information can be sent and received via an intuitive browser interface using one-time passwords that are pre-agreed or exchanged between lawyer and client. For daily use an Outlook add-in or integration in IBM Notes is also available.

All access to the data is protected by the agreed password and is logged with time and IP address and confirmed, if necessary, by e-mail. The information is protected by strong encryption both in transit and during the retention on the Cryptshare server. For the lawyer the operation of a Cryptshare server does not require a large investment. The server may be operated in their own office or by a trusted IT service provider. The system is designed so that it produces no significant management expenses after initial setup.

Avoid the pitfalls of the ‘mirror hall’ and keep your clients cards private.

To learn more about how Cryptshare makes your business more secure, please contact us!