This is a transcript of a podcast discussing lawyer use of publicly accessible Internet connections, like coffee shops and courthouses.
Speaker Key: PB Phil Brown, DW David Whelan
PB: It’s Phil Brown, I’m here with David Whelan, and we’re going to talk about the public internet - using the internet in public.
DW: Yes, and one of the favorite topics is the hot spot and whether to use the hot spot or not. And when we talk about a hot spot we’re not talking about sick dogs, we’re talking about open, available, wireless or Wi-Fi connections that you can get at a coffee shop, or at a courthouse, or at the public library. It’s a place where the access is always on and you really just have to connect your device to it.
PB: And this would be different, I suppose, from home Wi-Fi where people would be encouraged to have some sort of password on their access.
DW: Absolutely. And in offices as well you can start to see that if you open up a device that supports Wi-Fi and you browse for the available networks. I think, certainly, in my experience is that I’m starting to see more and more of those home networks and those office networks being secured, requiring some sort of password before you can get onto them.
PB: And, in terms of using them, it’s a radio frequency.
DW: Right. So anybody who’s in the physical vicinity of that antenna could potentially see the network and then get access to whatever’s available on it.
PB: Right. So Wi-Fi is really just your computer is acting as a transmitter and receiver, and there’s another transmitter or receiver somewhere within the area that you’re getting access to.
PB: And that has some down sides.
DW: It does have some down sides because you can’t always be sure that the wireless antenna that you think you’re connecting to is actually a wireless antenna at all. And you may just be connecting to a person who is looking for people who have interesting information on their devices, whether it’s a hand-held device or a laptop.
PB: And this is just a word of caution and we weren’t really going to talk about things like file sharing, but a lot of computers have a default file-sharing switch turned on so that other people can see some of the information on your computer if you’re on a Wi-Fi node.
DW: Right. And in the older versions of Windows, in order to share files in your office, you probably have done some sort of file sharing, and so those folders would be accessible to other people when you’re outside the office as well. Windows 7 has improved that so that you can actually select which of your wireless connections are office connections and which are public and that public connection will turn off that access.
PB: And I should mention that I typically use a Mac, and I can tell you when I plug into a... or virtually plug into a Wi-Fi access point I can usually see the other Macs and the other computers in the room listed on my computer and I can play music from someone else’s Mac.
DW: That’s a scary concept!
PB: I can also download their music to my Mac, and that’s because they have file sharing turned on. I would suggest to people that they be very careful about that sort of thing and knowing that other people have access to that information if you don’t have the proper controls in place.
DW: Right. And that’s a great point, because I think a lot of people think about sitting down with their laptop in a coffee shop and the web browser being the issue where you’re typing in a user name and a password and people can find that user name and password. But there really are a number of things that your laptop or your device is sharing when you’re on that Wi-Fi network.
PB: And people, when they carry their laptops and other devices around, you really need to think of it as if you have client information on there. It’s just really a big briefcase full of files.
DW: Exactly. And, in fact, you can now carry your entire practice around on a very small device. So it’s a huge risk if you suddenly lose access to that device or, worst case, someone else picks it up. I think we often focus on the confidentially issues that raises if someone else gets access to your files, but you also have privacy issues now where you might have credit card information from your clients or other information that is not necessarily confidential in the way that lawyers think about it, but it’s certainly private information that doesn’t need to be shared.
PB: And if you lose that information, there’s going to be a number of people you’re going to have to notify. If you have client information it’s going to be each and every client you’re going to have to notify. You’re going to have to give them information about how they would get independent legal advice about what their next course of action might be, they might have to get new counsel, and you might be contacting LawPRO.
DW: Right. There are a couple of basic things you can do to make sure that, if that happens, your information doesn’t walk away. So if you’ve left your laptop out, you can make sure that you’re using better passwords on your laptop or on your device and, if you can, to encrypt the contents on your device so that, if someone gets access to the device, they can’t necessarily get access to the contents.
PB: And one of the other things we spoke about before was the idea of encryption whilst you’re surfing, or whilst you’re browsing the internet.
DW: Right. You’ll notice that, when you go to a website, the website address starts http:// and then goes on with the address. When you’re going to an online bank or a secure site, there’s an s that’s added to https:// and that tells you that you’re connecting in a secure way. So if you can use sites online that use secure sockets - https - in order to communicate, then at least you know that when you are transmitting information to and from that site, nobody else in that coffee shop or in that courthouse will be able to access that information, it’s all encrypted. For those of you who use the Firefox web browser, there’s a plug-in called HTTPS Everywhere, and it’s a free download that automatically turns on https if you go to one of the sites that it supports.
PB: And that would prevent one of these man-in-the-middle attacks where someone’s actually accessing your information whilst it’s traveling from your computer to another.
DW: Right. And these attacks are going to be based on what’s available. People are probably not going to be focussing on lawyers as targets. They’re just looking for information flowing by. They’re looking for credit cards and passwords and that sort of thing. And the tools for monitoring your traffic in a coffee shop or monitoring your traffic on any open Wi-Fi are remarkably easy to download and install and see what’s going on and notice when people are going to Dropbox or notice when people are going to their Google mail account and then start to see if they can pull out information.
PB: One of the other tools said, that we’re not going to elaborate on, necessarily, but the concept of a virtual private network.
PB: Which is just a small internet pipe connection between you and the computer you’re using maybe in your office.
DW: That’s right. So if you’re using resources in your office, this is probably the best way to make sure that there isn’t any straggling information going by. One of the benefits of using cloud computing - if you do use it in your practice - is that in most cases not only is your connection to that cloud system encrypted, but also all the activity on that system is encrypted. So you have an encrypted experience when you use those systems from a public site.
PB: And another option to get, I suppose, even more secure would be the idea of using anair card or a mobility stick.
DW: Right. If you can avoid Wi-Fi entirely, then that is probably your best option for making sure that the information that you’re transmitting and receiving is not going to be overheard by somebody else.
PB: Those are available through your phone company provider, whoever it may be, and you would pay a monthly fee and it’s, essentially, instead of using Wi-Fi it’s using a data connection over a phone-like service.
DW: Right. You can also see if your smartphone does what’s called wireless tethering, in which case, you can connect your smartphone up to your laptop and use that smartphone as your stick or your air card.
PB: Which is a great idea, and I would just mention as an aside that there tends to be some fairly high data rate costs associated with that. So it’s a good idea to have a pretty robust data plan if you’re going to use your phone as a hot spot or tethering your phone to your computer.
DW: Yes, that’s a great point. When you’re going over the web, it’s been customised to make sure the data stays low. But when you’re sending things directly, it could be a Word file or something else could really rack up those charges.
PB: So I guess the last point would be should lawyers and paralegals ever be using public internet access data points?
DW: I think it’s fine to, but I do think that you need to think about it in the same way that you would lock your door in your office at the end of the day. You need to make sure you’re using strong passwords and encryption on the device so that, if it walks away, you don’t lose any information or you haven’t breached any confidentiality or privacy obligations. And then if you’re surfing the web or you’re transmitting information over the wireless network, you’re using secure connections wherever possible.
PB: Okay. Thanks.
DW: Thanks, Phil!