FOR PUBLICATION IN ComputerCOUNSEL
Looking back from the edge of cyberspace...
by Samuel Lewis, Contributing Editor

To encrypt, or not to encrypt...

The debate over attorneys' use of e-mail for client communications­­and whether that e-mail needs to be encrypted to maintain privilege/confidentiality among other issues--is stirring on several of the law- and ethics-related Internet mailing lists. For better or worse, the spark which touched off came from a pet project I started to increase attorney awareness of a public key encryption scheme called Pretty Good Privacy (PGP). PGP was created by Phil Zimmermann, the subject of a government investigation for allowing his encryption program to be distributed over the Internet, and thus, outside of the United States. PGP is software which implements something called split-key encryption. Under this scheme of encryption, you give others a "public key" which allows them to lock a message and send it to your. Only your "private key"--which is never distributed to others--will unlock the locked message.

A major complaint with PGP, or any encryption scheme for that matter, is that the program itself is very difficult to use. The publicly available version of the program for personal use is only available in a DOS version. Admittedly, even for power-users, this is not convenient. There have been a number of window-shell programs created which allow you to use PGP without ever leaving windows (the shell handles all of the cryptic DOS commands for you). There are even some programs which allow you to encrypt/decrypt/sign messages directly from your mail program.

PGP: An understated John Hancock...

You should notice that I included the word "sign" when talking about the basic function of PGP. One thing that this public key technology allows is a system of digital signatures. Even if you're not sending e-mail to clients, you should consider playing around with PGP (and perhaps one of the Windows-based shells as that will make experimentation significantly easier). These signatures, while technologically impressive, tend to be comprised of a rather boring and seemingly random set of numbers and letters which, ironically, are much easier to read than the typical hand-written signature. PGP allows you to verify that a "signed" document--one with a digital signature--came from the person purporting to be sender, and that the message was not altered prior to the time you validated the message.

At the time of this writing, Florida just passed digital signature legislation into law, and similar legislation is on the drawing board in several other states. This legislation allows for, among other things, the creation of "cyber notaries", people who will be able to notarize an electronic signature. As more commerce is conducted over the Internet, the need for electronically signed documents will become more and more important.

Even if PGP doesn't become the de facto standard, it is currently the popular favorite among the people using encryption/digital signatures over the Internet. Given the growth of the Internet, it is important that attorneys take the opportunity to learn how to use technology like digital signatures for the day when such technology will be necessary for your survival on the information superhighway.

If you want more information about the PGP Awareness Project (including a list of Windows-based shell programs and collection of attorney public keys), point your web browser to URL: http://www.CompLaw.com/pgp.html.

Gripe of the month...

David Hirsch <david@iowalaw.com> forwarded me a copy of the Iowa Bar's Ethics Board findings relating to attorneys' web pages. The Board found that law firm/attorney web pages constitute advertising, regardless of whether the firm/attorney are located in Iowa. Whether an attorney web page constitute advertising is an issue confronting Bar Associations around the country. Florida, for instance, has assembled a special committee to review the current situation and make recommendations.

The most troubling aspect of the Iowa opinion is the fact that many of the people involved in the decision have never used the Internet. Fortunately, Hirsch immediately contacted members of the Board and volunteered to give them a demonstration. As far as I know, the Board has taken Hirsch up on his offer, and may reconsider its ruling as a result.

It seems to me that anyone involved in technology--attorneys and consultants alike--need to view the Iowa ruling as a call to action. States are beginning to formulate ethical rules relating to technology that very few people truly understand. It is critical that those with an understanding of the technology begin to educate the Bar Committees and Judges facing these questions. To do anything less, we run the risk of seeing more decisions like the Iowa ruling which will only serve to stifle the attorneys' use of technology.

Got A Story? Share It!

If you hear information about firms moving towards technology, or a new way to become more productive through the use of technology (old or new), or any other war stories, please let me know. Send your story to <Edge@CompLaw.com>. Who knows, the story might be reproduced here.

Samuel Lewis is an attorney practicing Computer/Internet Law and Intellectual Property Law with the firm of Romanik, Lavin, Huss & Paoli in Hollywood, Florida, a member of the Florida Bar's Computer Law Committee, and the creator of COMPLAWSM . He can be reached at 954-922-4656 or via e-mail: <slewis@CompLaw.com>. The URL for the COMPLAWSM web site is http://www.CompLaw.com.

Copyright © 1996, Samuel Lewis. All Rights Reserved.

[Contents] Back to Article Index
[an error occurred while processing this directive]
For more information about this site, email: info@complaw.com
Web Layout - Copyright © 1996, CompLaw, All Rights Reserved.
CompLaw is a service mark of Samuel Lewis. Revised -- 15 Sep 96 by WebMaster.