Packing Your Digital Suitcase
When we travel for work, we anticipate taking enough material and “gear” with us to let us do the work we need to do. Although traveling light makes things easier whether we travel for work or for pleasure, we seem to have a greater willingness to double as beasts of burden when traveling for work. When we vacation, the less work-related gear we pack along, as a general rule, the better we like it. As an aside, most of us can also lighten our load when traveling for work, without making a significant change in our ability to perform our work.
Simply put, we can carry several bankers’ boxes worth of documents on a USB stick on our keychain or a small external hard disk in our pocket or a backpack. We can plug these storage devices into almost any modern computer and use our data. Alternatively, we can carry the data on a very light and portable laptop or a tablet and not have to worry about finding a computer to plug into on the road. Most of us prefer to use our own hardware and likely feel more comfortable from an ethical perspective than we would plugging our data into a public computer and using it there.
We have the power to convert paper files to electronic images, making our files easily transportable on our electronic devices. All it takes is a good scanner. Although you can scan documents into a variety of formats, you will find that PDF makes an excellent, if not the best, choice. PDF has grown in popularity and acceptance. Most attorneys that I know use PDF as the format of choice for creating electronic files to preserve their documents. PDF offers great utility and flexibility for you in terms of organizing, marking, coding, and reviewing your documents. Although several software programs will create PDF files, I have a strong preference for Adobe Acrobat Professional (adobe.com) as it offers a very good collection of features for attorneys, including Bates numbering, redaction capabilities, and the ability to create searchable files. In terms of hardware, if you don’t have a scanner, you should take a look at the Fujitsu ScanSnap iX500 ($495, fujitsu.com). I have liked this line of scanners since it first came out, and the iX500 represents the latest and greatest. The “i” in the iX500 stands for iOS, and the new scanner, which has wireless capabilities, will communicate wirelessly with computers on the Mac OS X or the Windows operating system as well as portable devices (phones and tablets) using Apple’s iOS or the Android operating system.
Once you convert paper to electronic files, taking them with you becomes a matter of simply transferring them to the device (computer, tablet, phone, or storage device) you want to carry them on, packing, and leaving.
Locking Up Your Luggage
The problem (why must we always have a problem?), however, is that when we take information with us on the road, we increase the likelihood of loss of the information owing to inadvertence or the acts of third parties. Computers, tablets, and mobile phones “disappear” regularly. The better and more expensive the device, the more likely someone will want to help it disappear. Smaller and more portable devices travel most easily. The reduced size and weight, however, make them more easily misplaced. Bottom line: We need to exercise caution whenever traveling with our electronics. Don’t let them out of sight. Don’t leave them unattended in public places. Don’t plug them in to charge and turn your back to them. You will find it better to carry an external battery and plug your phone or tablet into it to charge and leave it in a briefcase or your pocket while you charge it, rather than laying it on a table or chair plugged into an outlet in an airport or coffee shop.
Although losing hardware may prove inconvenient (and expensive), the data it carries can prove the most inconvenient and expensive loss of all—far more than the replacement cost of the hardware. As attorneys, we owe our clients a duty to protect the confidentiality of their information. Unprotected information on an unprotected device in the hands of a third party breaches confidentiality.
We need to protect our data as well as our devices. That way, should a device containing confidential data go missing, the confidentiality of the data may still have protection. Protecting devices, in addition to the suggestions in the preceding paragraph, requires the use of password protection and/or biometric protection. Biometric protection (use of a biometric feature, such as a fingerprint, to allow access to the device) continues to grow in popularity and will likely move ahead strongly now that Apple has built it into the iPhone 5s. Likely future iterations of the iPhone, iPad, iPad mini, and iPod touch will also have fingerprint scanners built into the Home button as does the iPhone 5s. Undoubtedly other manufacturers will add similar technology to their smartphones and tablets in the near future. Some laptops have had that ability for years. Many devices also offer the ability to remotely wipe them (erase their data), a good feature to have. Another useful feature will wipe the device after a set number of wrong attempts to access it. If your devices have these capabilities, you should activate them.
When it comes to ethical issues, I like to operate according to the principle of Murphy’s Law: “If something can go wrong, it will.” Put another way, protecting access to your device does not offer enough security. Moreover, USB sticks and external hard drives generally do not have password-protected access, so if you carry your information on such devices, a third party can easily access the information stored there. The underlying moral: Do not leave unprotected confidential information on electronic devices.
To protect information you carry with you, encrypt it using a reliable encryption program. You can find good encryption programs from many vendors. I am partial to TrueCrypt (truecrypt.com) as it does a good job and works reliably on Mac OS X, Windows (XP and later), and Linux platforms—and you cannot beat the price (it costs nothing). If you work on the Mac OS, you also have encryption capabilities built into the OS that will allow you to encrypt any file. Apple has also built into the system the ability to encrypt all the data on your internal hard drive, automatically unencrypting it as you need it (assuming you have first entered the appropriate password to access it).
When you encrypt a file or a disk, you need to employ a password to protect it against inappropriate decryption. Encrypting files without a password offers very little security (not enough to even consider it protection) as third parties with relatively little knowledge can easily decrypt them using commonly available software.
When it comes to passwords, select strong ones. The best passwords have at least eight characters, use a combination of alphabetical, numeric, and symbolic characters, and use upper- and lowercase letters. Most people find it hard to remember one random collection of characters, let alone several. Because you should not use the same password for everything (ideally, each device and account has a separate password), keeping track of the passwords (or, for that matter, generating them) takes some effort. You can get software to help with these tasks. AgileBits (agilebits.com) offers 1Password on the Mac OSX, Windows, iOS, and Android platforms. 1Password can help you generate strong passwords, record all your passwords, and keep them secure. You need only remember the password to get into your device and the password to get into 1Password. It will keep the rest for you.
Please note that nothing can ever guarantee absolute protection for your data. Recent disclosures suggest that the National Security Agency has the ability to get through most, if not all, currently available encryption. Whether that proves completely or substantially true remains to be seen, but the fact remains that over time people developed algorithms enabling them to crack older encryption techniques; the encryption techniques in force today, if not already breachable, will likely become so in the future. As attorneys, we have the obligation to take reasonable steps to encrypt client confidential information. The protective measures outlined in this column represent what I would consider reasonable precautions at the present time. We should take them. But recognize that nothing you can do will completely protect against all possible risks. The reasonable goal should be risk minimization. These techniques will do that, but you need to stay current to ensure that you maintain reasonable protection.
Not Taking It with You
Speaking of minimizing risk, even though electronic files have no physical weight, you can do better in terms of risk minimization by not carrying them around with you. Yes, I know that seems counter-intuitive, as this column focuses on taking your data with you, but the truth is that most of the time, you can have all the advantages of taking your data with you while reducing the risk of loss by not taking it with you. The trick: Store your data in the cloud and access it wherever and whenever you need to. If you do not carry your data around on an external storage device and/or laptop or tablet, you will not risk losing it if you misplace your device or someone steals it.
With this arrangement, you encrypt and store the data, travel, and then download your data, decrypt it, use it, re-encrypt it, upload it again to the cloud, and finally erase it from your device. Note, however, that erasing an item from your device does not guarantee that someone cannot recover it. Using the secure erase feature of a Mac or comparable software on any platform helps make it more difficult (if not impossible) to recover using current technology.
Using the cloud also has a built-in limitation: You must have Internet access to retrieve it. Additionally, if you have a large file, downloading it (or uploading it) can take up a fair amount of time. Downsides notwithstanding, storing encrypted information in the cloud represents what may be the safest and most secure way to make your data accessible to you while on the road.
The bottom line: If you have properly encrypted your data using a strong password to allow access to it, you should be in pretty good shape.
Happy trails to you!