Did You Really Read Those Terms of Service?

Episode Notes

Transcript

New Solo

Did You Really Read Those Terms of Service?

10/17/2019

 

[Music]

 

Intro: So you are an attorney and you have decided to go out on your own, now what? You need a plan and you are not alone. Join expert host Adriana Linares and her distinguished guests on New Solo. Tune into the lively conversation as they share insights and information about how to successfully run your law firm, here on Legal Talk Network.

 

[Music]

 

Adriana Linares: It’s time for another episode of New Solo on Legal Talk Network. I am Adriana Linares. I am your host. I am a legal technology trainer and consultant. I time zone hop helping lawyers and law firms use technology better and implement new solutions and tools and services.

 

Before we get started with today’s episode, I want to make sure and thank our sponsors.

 

Nexa, formerly known as Answer1, is a leading virtual receptionist and answering service provider for law firms. Learn more by giving them a call at 800-267-9371 or online at nexa.com.

 

Thanks to our sponsor Clio. Clio’s cloud-based practice management software makes it easy to manage your law firm from intake to invoice. Try it for free at clio.com, and that’s clio.com.

 

We would like to thank our sponsor LAWCLERK, where attorneys go to hire freelance lawyers. Visit lawclerk.legal to learn how to increase your productivity and your profits by working with talented freelance lawyers. They have given us a rebate code that you can use after your first project to take $300 off. lawclerk.legal is where you are going to go and the rebate code is NEWSOLO300.

 

We have got a new sponsor and I am very excited about them. Thanks to our sponsor ROSS Intelligence, the legal research platform that leverages AI to get to the heart of legal issues fast. Go to rossintelligence.com for a 14-day free trial.

 

Okay, let’s move on and introduce my guest today, which I am super excited about and we have been trying for a long time to get together and find the time. He is a very busy attorney, practicing in Florida. His name is Daniel Whitehouse and I am going to ask him to tell us a little bit more about himself and his practice.

 

Hey Daniel.

 

Daniel Whitehouse: Hey Adriana. Thanks so much for having me on. As you said, my name is Daniel Whitehouse. I am a technology attorney based out of the Orlando area. I have a background in technology, with a Bachelor’s in Computer Science, worked in the IT industry before going to law school, and I have now married the two practices together, the technology and the law.

 

I work with a lot of different technology companies, deal with a lot of different technology issues, even if you are not a technology company, including talking with lawyers about our own technology uses from an ethical standpoint and trying to keep ourselves out of trouble.

 

One of the other things I work on are data breaches and unfortunately when we get to that point where our information has been disclosed to someone who is unauthorized to receive it, I am on the receiving end of that phone call and trying to help the business or the attorney or whomever it might be through that crisis type of situation.

 

So it’s a very interesting and emerging time in technology and certainly in the technology and the law field. I am glad to be doing this podcast here with you today. It’s certainly a much needed topic.

 

Adriana Linares: I completely agree and thank you so much. Let me ask you a little bit. You said you have a technology background, what does that mean? Did I open up a big giant can of history worms?

 

Daniel Whitehouse: No, no, not at all. I worked in IT consulting on the outsourcing arena and dealing with data center migrations and very large Fortune X 100 companies and use that background and now work with some of those from the legal side.

 

Adriana Linares: Oh, that sounds perfect. Like you said you married the two, sounds like it’s hopefully a happy marriage?

 

Daniel Whitehouse: Indeed yes, there is no talk of divorce anytime soon.

 

Adriana Linares: Oh good, that would be ugly. Who would keep all the PII? Oh, cool. So thanks Daniel, I appreciate that little bit of background. What I really wanted to talk to you about and have you talk to us about is Terms of Service and a lot of the popular third party services that we use in the legal world today.

 

And a lot of that — I think when we think about that, when you say to a group of lawyers, what are you using for document sharing or email management, a lot of their answers are going to be Gmail and not necessarily G Suite, so we are going to talk about the difference between those two. Dropbox, which is of course very popular and there is a free version and there is a paid version and you and I have a short list of topics that we are going to go through, but why don’t we start with, let’s just knock out some of the administrative stuff to say that we talked about it. I don’t think any of this is new to a lot of us.

 

(00:05:00)

 

We all know that there are Model Rules, there are Ethics Rules, there are now 36 states that have decided understanding technology and how to use it and its risks and benefits are an important part of being a lawyer.

 

Florida is, and I think North Carolina now has hopped on, but Florida was the first state to make technology a CLE requirement. That’s a topic that’s very near and dear to my heart because I was a big part of having that happen in Florida and it made me very happy. While I don’t believe that a lawyer can learn everything there is to know about technology with three hours of CLE being mandated over three years, I think the signal we were trying to send there through the Florida Bar was it’s an important topic.

 

So give us a little bit of your usual talk about understanding the services that you are using and the ethical requirements or risks that are involved when we sign on with a free service or even a paid for service?

 

Daniel Whitehouse: Sure. And you are right, it’s not a new topic, yet it’s one that we continue talking about, because very many lawyers are so risk adverse that they seem to think that this whole cloud computing thing and I use air quotes when I refer to this thing is something new, it’s something we can’t define.

 

Frankly, it’s something we have been using since the very beginning of the Internet. If you go back to the days of dial-up, where you were connecting in via AOL or CompuServe or any of those services, that was cloud computing way back then. We didn’t call it cloud computing back then, we didn’t have that good of a definition for it, but that’s what we were using. We didn’t own and control all of the data that was sitting in our email boxes, that was being managed by those services.

 

So here we are, a large number of years later, we are still talking, trying to define what this cloud computing thing is, how we can use it, how we can’t use it, and a number of the bar associations around the country have issued ethics opinions on the use of cloud computing. Florida was one of those. In 2012 we had our Cloud Computing Ethics Opinion come out and they surveyed the other ethics opinions at the time that were in existence.

 

Very common themes among all of them, and that common theme is yes, you can use cloud computing if you use reasonable diligence in the selection of the vendor and you as the attorney understand that you are ultimately responsible for anything that may occur through that cloud computing environment, meaning some unauthorized individual or let’s just call them criminal, some criminal gets access to your data. You have to be responsible for whatever comes as a result of that.

 

The big thing for us as attorneys is we have to protect attorney-client privilege. If our data has been disclosed to some unauthorized third party, we risk losing attorney-client privilege. That’s the backbone of all of these ethics opinions. If we use cloud computing, are we still maintaining attorney-client privilege? Can we look our clients in the eyes and say yes, we are maintaining attorney-client privilege even though I am using whatever platform it is that’s out there?

 

This is very similar to the concept of having administrative staff in your office, whether they are full-time staff or contract staff, the attorney is ultimately responsible for ensuring those administrative staff adhere to the same ethical obligations that the attorneys have.

 

Apply that to the cloud computing vendor space, those vendors must comply with the same ethical obligations that we as attorneys must comply with. If you just pick that piece up, you move it to the Internet and you apply the same concept, that gives you the answer as to whether you, the attorney, have adequate control over the data that you are placing in the Internet.

 

It doesn’t mean that one of your trusted staff people can’t all of a sudden steal protected information, client confidential information, that could happen in the cloud computing space as well, but have you been diligent and when you hired that staff person, did you have any reason to believe that staff person would go and do something like that.

 

Same concept with the vendor, do you have any reason to believe that vendor would have taken that data and done something nefarious with it.

 

Adriana Linares: That sounds kind of scary. I am sure there are some lawyers going, ah, but how do I know what those services and companies are doing — how do I know what unauthorized access is just by housing it out there, does that count as unauthorized access or it is authorized because I am letting my data go there?

 

(00:09:46)

 

Daniel Whitehouse: Essentially the vendor becomes an agent of the attorney, just like that staff person that the attorney hires. So how do you know your paralegal isn’t going to steal attorney-client privilege information and bring it to opposing counsel, how do you know that? Does that stop the attorney from never hiring a paralegal? Of course not. There is some level of trust that we have to grant to our trusted agents if we are going to allow any of this control to seep away from us. So if we want to use cloud computing, we have to grant that level of control to those trusted partners as well, but I want to just highlight the trusted aspect.

 

Adriana Linares: Oh, good, I was going to ask you about that. I am like oh, how do we put them on the trusted list?

 

Daniel Whitehouse: I wish there was a checklist to say that this one is a good one, this one is a bad one, because the good ones today may not be the good ones in five years from now and the bad ones today may — assuming there are bad ones, the bad ones today may evolve into good ones over time, or perhaps there are some offerings that the “bad ones” might use that turns them into a good one.

 

Adriana Linares: So it means regularly reviewing what those companies are offering and doing and when you get one of those notices that they have changed their Terms of Service or other notices like that, we should actually read them?

 

Daniel Whitehouse: We really should, even though Chief Justice Roberts has said he doesn’t read those contracts that are on the Internet, when it comes to us selecting our cloud providers, we really should be reviewing those Terms of Service and when they do change, what changes with regard to our responsibility.

 

Reading the Terms of Service is the only way we are going to be able to answer whether these vendors fall into the trusted category or not. It’s like reading the résumé of the person who is applying to work in your office. You wouldn’t just have anybody who walks in take the job and start tomorrow, you are going to do some sort of a screening process, and the screening process for cloud computing vendors is the Terms of Service. It also very well could be the privacy policies.

 

Adriana Linares: Oh, that’s a great analogy. Good way to put it is if you are going to sign up for a service, consider it like a résumé for someone that you are going to have helping you in your office, I think that’s a great idea.

 

Well, I know lawyers are really good at reading contracts and legal documents and privacy policies, a lot of that can be though mumbo-jumbo, either just because they don’t understand the terminology or it just — who has time to really read all that?

 

So when we are reviewing a Terms of Service and/or privacy policy, what are the main questions that we should look at or terms, or what are the questions that we are looking to answer? I assume it’s things like who owns my data, where is my data stored, is the data encrypted, who has the decryption keys?

 

So I am sure you must have a quick little checklist; I am sure it’s not quick actually, of what we are looking for?

 

Daniel Whitehouse: Yeah. And those are definitely some of the items that we want to look for, and frankly, if every vendor had the same form of how they laid it out, it would be so much easier for us to just tick through a checklist and say yes, this vendor meets this criteria, no, this one doesn’t, that type of thing.

 

But the manner in which all of these Terms of Service are written are very different. Some of them are more from a legalese standpoint and you can tell that as a lawyer that it’s legalese, others are geared toward more of the consumer and they are written in consumer-friendly language. And so they use cutesy terms like your stuff is yours. Well, what is my stuff? What are we talking about? And what they really mean is any of the documents, any of the data that you upload into the platform, that’s your content.

 

Some of them will refer to it as content; others will refer to it as your stuff. So who owns it is certainly a very critical question and for me that’s the threshold question. If you are telling me that you take any ownership in my data, how am I preserving attorney-client privilege if I have now granted you ownership to the data that I am going to upload.

 

And if you don’t own it, if I continue to own my stuff, what are you going to do with it, who are you going to share it with, where are you going to store it. You mentioned where is it located? I want my data stored in the United States, because if I ever have to get a court to enforce some action against my data, I need a United States court to do that. I can’t guarantee that a court in foreign jurisdiction is going to treat my data the same way.

 

What are you going to do with my data, who are you sharing it with and again remember, we said some of this is in the Terms of Service, some of it’s in the privacy policy, you kind of have to flip back and forth. The sharing of the data that many times is in the privacy policy side of it and what I want to see there is that you are sharing it with no one.

 

Adriana Linares: Right. Good tip. Tip number one, listeners, the answer to who are you sharing it with is no one.

 

(00:14:58)

 

Daniel Whitehouse: And I say that, but then of course there is always an exception to the rule. So some services will use other vendors on the back end for third party data storage. So Amazon Web Services is one of those that many vendors use as their place of storage and they will disclose to you that we may store your data on our servers, that are in our data centers located in the US or we may store them on Amazon Web Services that’s also located in the US.

 

I am probably okay with that, if I see that, but if I do and they point me to Amazon’s Terms of Service that they are applying, I will review that as well. So now we are two layers deep.

 

Adriana Linares: We are hopping, and that’s exactly what I was going to ask you. So like you said, most or a lot of services use AWS, so does that mean, go look at AWS at least one time and then when you sign up for a service who uses AWS, then you have got that covered, because a lot of them do use it. Can you name some names that I know are popular?

 

Daniel Whitehouse: Sure.

 

Adriana Linares: So if we are looking — let’s talk about just at gmail.com. Let’s start with Gmail.

 

Daniel Whitehouse: The free version, right?

 

Adriana Linares: Yeah.

 

Daniel Whitehouse: We go to gmail.com, we sign up with —

 

Adriana Linares: We are going to start with @Gmail. Yeah, we are going to start with @Gmail. Now, when you say data, are you thinking or considering email the same as an attachment that’s in an email which is a document?

 

Daniel Whitehouse: Gmail in particular treats data as the same, whether it’s an email and it’s the substance in an email or if it’s an attachment that I am storing in Google Docs — it’s a document that I am storing in Google Docs or an attachment to an email within Gmail, they treat all of those the same for a very useful reason on their end —

 

Adriana Linares: Which is advertising.

 

Daniel Whitehouse: Advertising, yes, yes, advertising.

 

Adriana Linares: So without having to spend too much time on Gmail, let’s just make this really easy, is it okay for me as a lawyer to use free Gmail as my email service provider to communicate with clients or even just to email myself documents to be able to work on them on an airplane or have them somewhere else?

 

Daniel Whitehouse: In my professional opinion, no.

 

Adriana Linares: Excellent. Okay, and that’s because they use robots to scan all that data and then mine keywords out of that data in order to offer me up advertisements that are based on that information?

 

Daniel Whitehouse: You know, if they just said that in their Terms of Service that we are going to scan it with robots and we are going to send you advertising, if they just said it in that language, I would probably change my opinion on whether we can professionally use Gmail, but they say so much more than that, so much more.

 

Adriana Linares: Tell us.

 

Daniel Whitehouse: If you look at their Terms of Service and the grant of the IP license to the content that goes through any of the @Gmail free services, they give themselves a worldwide royalty free license to use, reproduce, create derivative works and all of those intellectual property type clauses that IP lawyers are used to seeing to themselves for the purpose of delivering the service or any other purpose they deem necessary.

 

Adriana Linares: Wow, it’s kind of like the John Mayer song of Your Body Is A Wonderland, but more like your data is a wonderland and I can enjoy it in any way I want.

 

Daniel Whitehouse: Talking about interesting analogies, yes.

 

Adriana Linares: Okay. So what about other popular free email services and I am going to start with Outlook.com, because we often get — for some reason I feel like we think we can trust Microsoft more than we can Google, but what about Outlook.com?

 

Daniel Whitehouse: I am going to put that in the same category of free email. There is a saying in the tech industry that if you are not paying for a product, you are the product. And any of these free type services, they are making money off of you somehow and the only way they are going to be able to make that money is through the advertising revenue that you were mentioning before. That’s a legitimate way for them to make money off of consumers. Us, as attorneys, we have a much higher standard than the average consumer.

 

Adriana Linares: One job.

 

Daniel Whitehouse: One job, protect attorney-client privilege. We are not doing it with free products. Don’t use the free products.

 

Adriana Linares: Excellent. God, I love you. if I could hug you through this video.

 

What about Dropbox, and let’s still stay in the free lane for right now, because then I am going to switch and ask you about the paid for services, but right now I am just a solo attorney, I am fresh out of law school, I have got to find a place to put my documents that I can share them with clients, that I can have them on my Mac and my PC and my phone and I just sign up at dropbox.com.

 

(00:19:56)

 

Daniel Whitehouse: I am not going to store my documents on dropbox.com for a host of reasons. One is what we have talked about previously, what is the license that they are using, what are they going to be doing with that.

 

But there is a number of very interesting terms in Dropbox’s Terms of Service. Things like will encrypt your data at rest, our employees don’t have access, oh, but maybe a few of them will have access. But don’t worry we won’t use it unless we need to. We flip-flop back and forth on these things probably four or five different times and it just got me to the point where I am not sure what they are actually doing with the data that we would upload to Dropbox. Who does have access, who doesn’t have access, I am not going to risk it.

 

Another thing on Dropbox is, and this goes to any cloud provider that’s out there, what is their reputation in the industry, how have they been from the moment they were conceived as a startup to the time now. If you google some of the security flaws that Dropbox has had over the years, there is quite a few of them. And even if they were to change their Terms of Service to something that was more in line with what we would expect as attorneys, I am not going to risk placing my data in Dropbox because of what I have seen from some of the security flaws they have had.

 

Adriana Linares: Okay. And just a question I am going to throw out there, although I know the answer, but I am just going to say it because somebody is probably thinking it, I have HIPAA compliance requirements based on my practice. These services are most certainly not going to be HIPAA compliant.

 

Daniel Whitehouse: They will not sign a business associate agreement.

 

Adriana Linares: Not even close?

 

Daniel Whitehouse: Not even close, on the free side, they absolutely will not sign business associate agreements.

 

Adriana Linares: Right, all right. What are some of the other popular services that I just want to make sure — I mean I think we — can we pretty much put a blanket over the whole if it’s free, chances are it wouldn’t hold up in our conversation?

 

Daniel Whitehouse: That’s my blanket, if it’s free, put it in that category, some are better than others, but what is better and are you willing to risk your law license on that.

 

Adriana Linares: Great. Well, before we flip over and talk to some of the paid services, which I am sure a lot of listeners are right now going, thank God, I stopped using free and I have upgraded and now I pay, let’s take a couple of minutes to listen to some messages from some sponsors.

 

[Music]

 

Adriana Linares: Artificial intelligence will outpace lawyers anytime soon, but lawyers who use AI are already outpacing lawyers who do not. With Ross Intelligence, lawyers conducting legal research leverage AI to get to the heart of legal issues fast. Ask a question on the Ross Legal Research Platform and Ross will return on point case law.

 

Go to rossintelligence.com today and get a 14-day free trial. Use promo code LEGALTALK for 10% off.

 

[Music]

 

Adriana Linares: If you are missing calls, appointments and potential clients, it’s time to work with Nexa Professional. More than just an answering service, Nexa’s virtual receptionists are available 24×7 to schedule appointments, qualify leads, respond to emails, integrate with your firm’s software and much more. Nexa ensures your clients have the experience they deserve. Give them a call at 800-267-9371 or visit them at nexa.com/podcast for a special offer.

 

And we are back. Okay, so now that Daniel has scared the pants off of most of us from using free services — wait, can I go back and ask you one backwards question?

 

Daniel Whitehouse: Oh, sure.

 

Adriana Linares: On Dropbox free, what if the documents that I put into Dropbox are there temporarily, but they are all documents that have been publicly filed in court?

 

Daniel Whitehouse: Yeah, I have people say that all the time that if I am filing something that’s publicly available somewhere else, is that okay? I don’t see why not? I mean that’s not privileged information once it’s filed with a court, assuming it’s the same versions, any redaction, things of that nature that are filed with the court, if it really is the same version that I can get from going to the clerk’s website and downloading that file, that pleading, that what have you, then that’s not attorney-client privilege information.

 

Adriana Linares: Okay, great, so there is that. There is that bit of hope.

 

So let’s talk about paid services, because to move from Gmail to G Suite, which is Google’s business level service is so cheap, I just don’t know why anybody wouldn’t do it. We are talking $6 a month per user.

 

And then also Microsoft, to go from something free like Outlook.com or what was Live.com over to Office 365, I am now paying for the services, and it’s also very affordable, $8-12 a month per user. What happens to all of those terms and what do I need to worry about when I move from free to paid?

 

(00:24:51)

 

Daniel Whitehouse: The first thing you get when you pay the $6 or however much it is a month for each of those is a completely different Terms of Service than what we have been talking about before. Some of them are in completely different areas of their website. If you go to gmail.com and scroll down the Terms of Service there, that’s the regular consumer based Terms of Service. It’s only when you go to sign up as a business that you see the business version or the paid version of those Terms of Service.

 

You are no longer the product once you are paying that nominal fee per month —

 

Adriana Linares: Seems they are worth it.

 

Daniel Whitehouse: And they are willing to — absolutely worth it, they are willing to grant you the protections that you really need as an attorney to use the service. They are also willing, most of them, to sign a business associate agreement, and that — if you use that as a litmus test, if you don’t do anything in the medical world and this whole business associate agreement is foreign to you, it’s all about protecting PHI, Protected Health Information and the regulations that are associated with protecting PHI.

 

If you find a vendor that is willing to sign a business associate agreement and is acknowledging that they will be responsible to the Office of Civil Rights, you can use that as a litmus test to say, you know what, this is one that understands its data protection obligations, I am not giving you carte blanche to just use them without reading their Terms of Service, don’t get me wrong, but there is a pretty good chance at that point that you are not the product any longer and that you are using a product that understands why they are in business.

 

Adriana Linares: If I have paid and upgraded to the paid services for either one of those two, G Suite or Office 365, which I am going to just sort of confine the conversation to those two products, because I think those are most definitely the most popular, and I do the type of work that requires a business associate agreement. Do I need to sign up for that separately or is it just sort of understood that that’s part of what I am paying for, because you said they are not willing to sign, so my question is, do I have to ask them to sign if I need that level?

 

Daniel Whitehouse: There is a process for that, yeah, and it’s within your administrative panel usually that you can go and execute the business associate agreement on both sides.

 

I do want to make one caveat though, because if your business is one that you are dealing with PHI or highly sensitive information, it may not be something that you want to be emailing back and forth anyway. So don’t get some false sense of security that just because you logged into your G Suite and you signed a business associate agreement that all of a sudden you can just start sending Social Security Numbers via email or medical records or anything of that nature, you still need to take additional steps from an encryption standpoint to protect that. And you are not going to email it from one party to another anyway; you are probably going to have some sort of a secure portal where that information is accessed.

 

So let’s just be really, really clear on that. I don’t want to send anybody down the wrong path on sending PHI in the wrong manner.

 

Adriana Linares: Would there be anything wrong with my just asking for that, even though maybe I don’t have the type of practice that has PHI, I mean wouldn’t I just go the extra mile because why not and what if some day I get some documents that have that kind of information in there?

 

Daniel Whitehouse: I don’t see much harm in that, if you ask G Suite or Office 365 to sign that reciprocal business associate agreement, I don’t see much harm in that. Some of the vendors may put you on a designated set of servers or do something out of the ordinary, but I am really not certain on G Suite or Office 365 if that’s their practice.

 

I know Amazon Web Services that we talked about earlier, they have a number of different layers that they will place different services in, depending on the type of security that’s needed, they even have government level security that they will offer, but I am taking this off track, so I will digress.

 

Adriana Linares: No, that’s okay, it’s very helpful. Now, talk to me about the difference between free Dropbox and paid for Dropbox?

 

Daniel Whitehouse: Free Dropbox, paid for Dropbox, the Terms of Service are different. On the paid Dropbox, they are willing to execute a business associate agreement. But I would just go back to something we mentioned earlier, what is their reputation; if it’s the same company that had some of the flaws that I mentioned previously and is that enough to give you the comfort that you need to use them or perhaps to keep looking.

 

Adriana Linares: And then just in the discussion of documents, Dropbox as a place that we are able to store, sync, and share documents, Microsoft and G Suite obviously have document services as well, so I am going to assume that based on the earlier conversation and paying for those services is going to put the same sort of rules or terms on documents as much as my emails?

 

(00:30:00)

 

Daniel Whitehouse: Indeed, yes, if you are paying for the G Suite, if you are paying for Office 365, then you do get the document management portion of both of those included with it and I am pretty sure it’s the same Terms of Service. I know it is with G Suite, I am pretty sure it is for Office 365 as well, same Terms of Service that govern both of those, the email side and the document management sharing side.

 

Adriana Linares: Okay. And then back to, let’s stay on the paid side of things and you mentioned earlier the encryption. So obviously as a technology consultant when I am doing tech audits and technology consults for lawyers and law firms, it’s very important for me to talk to them about encryption. Typically I am talking to them about encrypting their laptops and their devices and then that conversation can of course become into encrypting documents while they are stored at rest or in motion.

 

What about encryption? Who has decryption keys to my data when I am paying for services, and then if you have some commentary on the free services, which I think was always one of the issues with Dropbox, was that at a higher level they could decrypt your data and get in there if they wanted to, like you said, a few employees, so can you talk to us a little bit about that?

 

Daniel Whitehouse: Sure. So you mentioned two parts of encryption that are important to separate, the data that’s at rest, meaning when I have uploaded it to this cloud and it’s sitting on the cloud, if somebody were to come along and somehow gain access to that data that’s sitting up there basically.

 

Adriana Linares: In Microsoft or Google or Dropbox’s servers, not mine?

 

Daniel Whitehouse: Correct, not my servers.

 

Adriana Linares: Because I have said okay, I trust these people, here goes my data, and up and goes into their cloud services. Now, someone else or again robots these days get in there and access that data.

 

Daniel Whitehouse: Let’s say hypothetically somebody comes in and steals an entire server rack out of one of their data centers, is that data encrypted such that once they go to extract the data from those physical servers that all they are going to see is gibberish, zeros and ones and hexadecimal characters and bunch of things that only the computers understand, because along with those servers did not come the decryption keys. That’s encryption at rest.

 

The encryption in transit is when I am sending it from my machine or if I am connected to my browser and I am editing a document, what level of encryption is being used for it to go to the cloud, and conversely, when I am accessing or downloading one of those documents, what level of encryption is being used to bring it back down to me.

 

We want both. We want encryption in transit and we want encryption at rest and who has the keys to that, I want the keys to that.

 

Adriana Linares: And no one else.

 

Daniel Whitehouse: And no one else, because it’s my data, I want to be able to control that and I should be the only one that has the access to it.

 

In speaking of the free Dropbox, when I have had some of these discussions with people previously, I have heard people say well, I can use my own encryption method on top of Dropbox and that should help me secure it, right? Why should you have to do that? Why should you have to use one product and then put another product on top of it to help secure it?

 

Adriana Linares: Seems like a lot of work to me.

 

Daniel Whitehouse: I just want one product that’s secure. I don’t want to have two that I have to manage because one may not be as secure as I am comfortable with.

 

Adriana Linares: Seriously, like come on lawyers, you are creating a lot of extra work for yourself to do, you have enough work to do otherwise. Yeah, I get that too, it was Boxcryptor for a while and then I forget what else, but okay, so the answer is pay up.

 

Daniel Whitehouse: Pay a few dollars a month, pay a few dollars a month.

 

Adriana Linares: Okay. What about if there is a subpoena of some sort for the data, can these companies — so I always think about, and I use this example a lot is, and I hate to use this example, but the San Bernardino shooters’ iPhones. Apple just said we cannot decrypt these phones. We don’t have the technology. It’s not part of what we offer. We cannot help you.

 

So they were able to get out of that by just saying — not just, I mean obviously it was a big fight, and correct me wherever I am wrong or getting the story wrong, they were able to say we can’t help you, literally. What companies can help them? What if it hadn’t been Apple, or where do I find that information in their Terms of Service or privacy policies?

 

Daniel Whitehouse: I would start by looking at what their obligations are to reveal information to law enforcement or to any type of civil subpoena. They do list that information in their Terms of Service from a technology standpoint, whether they have the ability to deliver it in clear readable form or if they are just turning over everything that they have.

 

(00:35:02)

 

There is a little bit of a distinction there, right, you get a subpoena for documents that may relate to a particular matter, are they going to be able to respond to that matter; if so, how? How did they know that a particular document relates to some subject versus a truly heavy-handed governmental takedown of all your information as we may or may not have seen in recent news with one of the President’s attorneys, that was a little different story where some entity is coming in and essentially seizing all of the documents and all of the data.

 

I am hopeful that it would be one of these all-or-nothing type of arrangements with the vendors that we choose, because if it’s some sort of selective process, I want to know how they had access to make that selection.

 

Adriana Linares: Excellent. Oh, I have another question before we move on. What about data destruction. So I decide to leave or stop paying for the service or I decide to go to another service, from one free one to another free one, which we have already decided no one is going to ever do ever again, we are going to start paying for stuff, but what if I need to cancel my account, what happens or how do I — where do I look to figure out what’s going to happen to my data?

 

Daniel Whitehouse: So most of them will have a data destruction policy and it will tell you two things. Number one, how do you get your data off of their platform; and number two, once you have canceled that service, how long is your data going to remain active on that platform? Do you have to do anything to tell them to delete it? Will they automatically delete it after some period of time? And if they don’t openly disclose this information to you, you might want to ask why.

 

Adriana Linares: Back to ground zero, which is if it’s not disclosed, you probably don’t want to use it.

 

Okay, let’s take another quick break, listen to some sponsor messages and then come back and talk about legal specific products, because so far we have been talking about regular business and consumer products and now let’s turn our focus a little bit and see what we need to look for or consider when we are talking about products that are designed and made specifically for lawyers and law firms.

 

We will be right back.

 

[Music]

 

LAWCLERK is where attorneys go to hire freelance lawyers. Whether you need a research memo or a complicated appellate brief, our network of freelance lawyers have every level of experience and expertise. Singing up is free and there are no monthly fees, only pay the flat fee price you set. Use rebate code NEWSOLO to get a $100 Amazon gift card when you complete your next project. Learn more at lawclerk.legal.

 

[Music]

 

Imagine what you could do with an extra eight hours per week? That’s how much time legal professionals save with Clio, the world’s leading practice management software. With intuitive time-tracking, billing and matter management, Clio streamlines everything you do to run your practice from intake to invoice. Try Clio for free and then get a 10% discount for your first six months when you sign up with the code New Solo 10, that’s New Solo 10, and do that at clio.com.

 

[Music]

 

Adriana Linares: Okay, we are back. With me today is Daniel Whitehouse. He is a technology lawyer based out of Orlando, Florida. We have been friends and buddies for a long time, thanks to our work with the Florida Bar, which reminds me that a couple of years ago the Florida Bar put together a — well, they have a Technology Committee. That Technology Committee worked really hard to put together Cloud Computing Guidelines and if you are interested in seeing that, there is a For Dummies form that says here are the things you want to look for when you are talking to cloud-based service providers and then there is a really technical longer one. But if you just Google Florida Bar Cloud Computing Guide, I think that would be helpful for our listeners.

 

So, so far Daniel, you and I have talked about popular services that most of us who are running a business today are using, almost everyone is using Office 365 and/or G Suite, some of us use both. I am a bi-tech user so I use G Suite on the back end for my email, but I love Office 365, so I sort of funnel them together. I pay for both, and together those services don’t cost me but under $15 a month and you have made me feel so much better about my data and my emails, except I am not a lawyer, so I don’t have to be held to the same standards. I mean I do obviously want to be held to the same standards, but certainly without the same sanctions that a lawyer would suffer.

 

So let’s talk now about some — towards specific legal service providers. So again, when I am talking to lawyers, I say look, if there is a service that you are looking at that’s built and geared toward lawyers, a lot of the questions that you are going to ask — you are not going to be the first person to ask Rocket Matter, hey, are you compliant with my ethical requirements when it comes to my Bar Association; they started there, but when it comes to legal specific products, what’s your take on those types of conversations?

 

(00:40:14)

 

Daniel Whitehouse: Generally speaking of course there are always exceptions to the rule, we can address some of the exceptions, but generally speaking, the products that are geared toward the law office management side of our house, that are geared to lawyers, as you said, have gone through all of the those nuances already. They know the questions they are going to get from lawyers and they are going to comply with it, because as we were mentioning before, when you are paying for a product and you are paying a reasonable fee for that product, you have a certain expectation of what you are going to receive in return. They know if they are selling to lawyers that they have an expectation that the lawyers are going to expect from them. So they deliver that to us.

 

And the Terms of Service, even if you just look through them at a 50,000 foot view, they look totally different. The protections are geared around them protecting their intellectual property so that their competitors aren’t trying to steal or do anything nefarious with their IP as opposed to what they can gain from us as users of the platform and what they can do with the things that we put in and take out of the platform.

 

Adriana Linares: Very good. I asked you real quick when we were emailing before recording to just look at a couple of those terms. I sent you Clio’s terms and NetDocuments, two of my favorite products and if you are a regular listener to this show, you know that I love Clio and I think NetDocuments is just the end-all when it comes to document and email security and storage.

 

I am going to assume that their competitors’ Terms of Service are going to be very similar. So let’s talk about Clio, because that’s the one you glanced up for me really quick, but I am going to assume that Rocket Matter and MyCase and its other competitors have same terms. Did you see anything that alarmed you in Clio’s Terms of Service or their privacy policies?

 

Daniel Whitehouse: Nothing alarming at the 50,000 foot view. The one thing that has been mentioned about Clio in the past and I have had conversations with them about this, it’s written all over their website as well, the company is actually based in Canada, but they give you assurances that the data you store when you are a US-based customer, the data you store with them is actually stored in the United States.

 

So again, I have had those conversations with them. They have given me plenty of assurances and it’s written all over the website as well. And in fact, I think it’s somewhere in their terms, but you have to dig a little bit for it specific, because if you are connecting to them in Canada, you might have a different Terms of Service than if you are connecting from the USA.

 

Adriana Linares: Right. And like I said, I am going to assume that all the practice management programs are the same. These companies are obviously built and geared toward legal. They have got it covered.

 

NetDocuments is interesting and I don’t know if you spent too much time with them, but their privacy policies and their security is going to be like on steroids compared to anything else.

 

Daniel Whitehouse: That’s a perfect example, yeah, it’s a perfect explanation for NetDocs. They are document storage on steroids, no doubt about that.

 

Adriana Linares: I like to say that they are a security platform that happens to help us manage documents and emails, and I just got back from their two-day conference in Salt Lake City this week and they are introducing even more security mechanisms and just more security internally on their servers, so that makes me happy to hear.

 

Are there any other products or tools or services that you regularly hear about or get asked about from lawyers that you want to help us understand?

 

Daniel Whitehouse: Those are the big ones on the practice management side. The one exception that I will throw out there is there are a lot of online providers or online referral sources, those types of things that may not comply with some of our ethical obligations from other standpoints, on the sharing fees with lawyers type of a scenario. The Florida Bar is doing its due diligence in exploring this and figuring out how Florida is going to be in the future with regard to some of these providers.

 

So I just do want to make a one small distinction there between platforms that are built for practice management versus maybe a platform that’s for referral fees or client marketing, those types of things, just because it’s targeted to lawyers, it may not be built specifically for lawyers and we do need to still be diligent in looking at those.

 

(00:44:47)

 

Adriana Linares: That’s really great. Well, I have got to say this conversation has been so enlightening and coming for such a long time I very, very much appreciate you helping us. I mean really finally somebody who just said these things out loud instead of sort of well, I have heard and I have kind of wondered and yeah, I think, I think you have really nailed it and said look, free services are not something that lawyers should be using. It’s easy and affordable to upgrade to a paid service where your terms of service are much more compliant with your ethical requirements and your just business requirements and trying to keep data confidential and secured.

 

We could talk about a million other things when it comes to communications with clients and I mean this is certainly a rabbit hole we could go down, but I very much appreciate you staying in lane, in this lane and helping us understand this.

 

Before I let you go, will you make sure and tell everyone how they can find, friend or follow you, and I hope you don’t mind, I am sure you might get some follow-up questions, maybe attorneys who are looking at some Terms of Service and they are confused, I suppose you help them with that, and can you help lawyers nationally?

 

Daniel Whitehouse: I sure can and I am as accessible as I can be. Our website is whitehouse-cooper.com. Of course Facebook, LinkedIn, Twitter. We are not on Instagram; I may have to ask my daughter what this whole Instagram thing is about.

 

Adriana Linares: These crazy kids.

 

Daniel Whitehouse: But any of the others, except for Instagram, we are out there and accessible.

 

Adriana Linares: Whitehouse & Cooper.

 

Daniel Whitehouse: whitehouse-cooper.com.

 

Adriana Linares: You could have a really sexy Instagram feed with like screenshots of Terms of Service and all you would need to do is like put a thumbs down and a thumbs up or highlight really bad Terms of Service.

 

Daniel Whitehouse: I don’t think even my mom would follow that one Adriana.

 

Adriana Linares: Oh man, if we can’t get our moms to follow our social media accounts, you know it’s pretty sleepy stuff.

 

Well, that’s awesome. Thank you so much Daniel for taking time out of your very busy in the middle of the day day. I know how busy you are and I very, very much appreciate it.

 

Having said all that, thanks for listening to New Solo on Legal Talk Network. If you liked what you have heard today, please give us a good rating on iTunes. I very much appreciate that.

 

Share New Solo with your friends and colleagues and if I can help you in any way, you can always reach me at New Solo at legaltalknetwork.com. We will see you next time. And remember, you are not alone, you are new solo.

 

[Music]

 

Outro: Thanks for listening to New Solo with host Adriana Linares. Tune in again to learn more about how to successfully run your new practice, solo, here on Legal Talk Network.

 

[Music]

 

The views expressed by the participants of this program are their own and do not represent the views of, nor are they endorsed by Legal Talk Network, its officers, directors, employees, agents, representatives, shareholders, and subsidiaries. None of the content should be considered legal advice. As always, consult a lawyer.

 

[Music]

Continue Reading