Speaker Key: PB Phil Brown, DW David Whelan
PB: It’s Phil Brown, I’m here with David Whelan, and we’re going to talk about the public internet - using the internet in public.
DW: Yes, and one of the favorite topics is the hot
spot and whether to use the hot spot or not. And when we talk about a
hot spot we’re not talking about sick dogs, we’re talking about open,
available, wireless or Wi-Fi connections
that you can get at a coffee shop, or at a courthouse, or at the public
library. It’s a place where the access is always on and you really just
have to connect your device to it.
PB: And this would be different, I suppose, from
home Wi-Fi where people would be encouraged to have some sort of
password on their access.
DW: Absolutely. And in offices as well you can start
to see that if you open up a device that supports Wi-Fi and you browse
for the available networks. I think, certainly, in my experience is that
I’m starting to see more and more of those home networks and those
office networks being secured, requiring some sort of password before
you can get onto them.
PB: And, in terms of using them, it’s a radio frequency.
DW: Right. So anybody who’s in the physical vicinity
of that antenna could potentially see the network and then get access
to whatever’s available on it.
PB: Right. So Wi-Fi is really just your computer is
acting as a transmitter and receiver, and there’s another transmitter or
receiver somewhere within the area that you’re getting access to.
PB: And that has some down sides.
DW: It does have some down sides because you can’t
always be sure that the wireless antenna that you think you’re
connecting to is actually a wireless antenna at all. And you may just be
connecting to a person who is looking for people who have interesting
information on their devices, whether it’s a hand-held device or a
PB: And this is just a word of caution and we
weren’t really going to talk about things like file sharing, but a lot
of computers have a default file-sharing switch turned on so that other
people can see some of the information on your computer if you’re on a
DW: Right. And in the older versions of Windows, in
order to share files in your office, you probably have done some sort of
file sharing, and so those folders would be accessible to other people
when you’re outside the office as well. Windows 7 has improved that so that you can actually select which of your wireless connections are office connections and which are public and that public connection will turn off that access.
PB: And I should mention that I typically use a Mac,
and I can tell you when I plug into a... or virtually plug into a Wi-Fi
access point I can usually see the other Macs and the other computers
in the room listed on my computer and I can play music from someone
DW: That’s a scary concept!
PB: I can also download their music to my Mac, and
that’s because they have file sharing turned on. I would suggest to
people that they be very careful about that sort of thing and knowing
that other people have access to that information if you don’t have the
proper controls in place.
DW: Right. And that’s a great point, because I think
a lot of people think about sitting down with their laptop in a coffee
shop and the web browser being the issue where you’re typing in a user
name and a password and people can find that user name and password. But
there really are a number of things that your laptop or your device is
sharing when you’re on that Wi-Fi network.
PB: And people, when they carry their laptops and
other devices around, you really need to think of it as if you have
client information on there. It’s just really a big briefcase full of
DW: Exactly. And, in fact, you can now carry your
entire practice around on a very small device. So it’s a huge risk if
you suddenly lose access to that device or, worst case, someone else
picks it up. I think we often focus on the confidentially issues that
raises if someone else gets access to your files, but you also have privacy issues now where
you might have credit card information from your clients or other
information that is not necessarily confidential in the way that lawyers
think about it, but it’s certainly private information that doesn’t
need to be shared.
PB: And if you lose that information, there’s going
to be a number of people you’re going to have to notify. If you have
client information it’s going to be each and every client you’re going
to have to notify. You’re going to have to give them information about
how they would get independent legal advice about what their next course
of action might be, they might have to get new counsel, and you might
be contacting LawPRO.
DW: Right. There are a couple of basic things you
can do to make sure that, if that happens, your information doesn’t walk
away. So if you’ve left your laptop out, you can make sure that you’re
using better passwords on your laptop or on your device and, if you can,
to encrypt the contents on your device so that, if someone gets access
to the device, they can’t necessarily get access to the contents.
PB: And one of the other things we spoke about
before was the idea of encryption whilst you’re surfing, or whilst
you’re browsing the internet.
DW: Right. You’ll notice that, when you go to a
website, the website address starts http:// and then goes on with the
address. When you’re going to an online bank or a secure site, there’s
an s that’s added to https:// and
that tells you that you’re connecting in a secure way. So if you can
use sites online that use secure sockets - https - in order to
communicate, then at least you know that when you are transmitting
information to and from that site, nobody else in that coffee shop or in
that courthouse will be able to access that information, it’s all
encrypted. For those of you who use the Firefox web browser, there’s a plug-in called HTTPS Everywhere, and it’s a free download that automatically turns on https if you go to one of the sites that it supports.
PB: And that would prevent one of these man-in-the-middle attacks where someone’s actually accessing your information whilst it’s traveling from your computer to another.
DW: Right. And these attacks are going to be based
on what’s available. People are probably not going to be focussing on
lawyers as targets. They’re just looking for information flowing by.
They’re looking for credit cards and passwords and that sort of thing.
And the tools for monitoring your traffic in a coffee shop or monitoring
your traffic on any open Wi-Fi are remarkably easy to download and
install and see what’s going on and notice when people are going to Dropbox or notice when people are going to their Google mail account and then start to see if they can pull out information.
PB: One of the other tools said, that we’re not going to elaborate on, necessarily, but the concept of a virtual private network.
PB: Which is just a small internet pipe connection between you and the computer you’re using maybe in your office.
DW: That’s right. So if you’re using resources in
your office, this is probably the best way to make sure that there isn’t
any straggling information going by. One of the benefits of using cloud computing -
if you do use it in your practice - is that in most cases not only is
your connection to that cloud system encrypted, but also all the
activity on that system is encrypted. So you have an encrypted
experience when you use those systems from a public site.
PB: And another option to get, I suppose, even more secure would be the idea of using anair card or a mobility stick.
DW: Right. If you can avoid Wi-Fi entirely, then
that is probably your best option for making sure that the information
that you’re transmitting and receiving is not going to be overheard by
PB: Those are available through your phone company
provider, whoever it may be, and you would pay a monthly fee and it’s,
essentially, instead of using Wi-Fi it’s using a data connection over a
DW: Right. You can also see if your smartphone does
what’s called wireless tethering, in which case, you can connect your
smartphone up to your laptop and use that smartphone as your stick or
your air card.
PB: Which is a great idea, and I would just mention
as an aside that there tends to be some fairly high data rate costs
associated with that. So it’s a good idea to have a pretty robust data
plan if you’re going to use your phone as a hot spot or tethering your
phone to your computer.
DW: Yes, that’s a great point. When you’re going
over the web, it’s been customised to make sure the data stays low. But
when you’re sending things directly, it could be a Word file or something else could really rack up those charges.
PB: So I guess the last point would be should lawyers and paralegals ever be using public internet access data points?
DW: I think it’s fine to, but I do think that you
need to think about it in the same way that you would lock your door in
your office at the end of the day. You need to make sure you’re using
strong passwords and encryption on the device so that, if it walks away,
you don’t lose any information or you haven’t breached any
confidentiality or privacy obligations. And then if you’re surfing the
web or you’re transmitting information over the wireless network, you’re
using secure connections wherever possible.
PB: Okay. Thanks.
DW: Thanks, Phil!