Cybersecurity

Overview

The ABA has long recognized that we must make it a priority to enhance our protection of computer systems utilized by lawyers, and this vigilance must extend to other critical sectors as well. We closely monitored Congressional consideration of ABA-approved principles for cybersecurity legislation, and we continue to advocate for policies designed to prevent unauthorized intrusions into the computer systems and networks utilized by lawyers.

On December 18, 2015, President Barack Obama signed into law the Cybersecurity Information Sharing Act of 2015 (CISA) as part of the 2016 omnibus spending bill.

Key Points

Attacks continue to occur at an alarming rate with no sign of abating. The IRS and OPM breaches represent cybersecurity failures across all levels.  The American Bar Association will continue to monitor, analyze and offer assistance to policymakers as they debate ways to better protect our cyber systems.

Now that comprehensive cyber information sharing legislation has been signed into law, Congress will focus their attention on what to do with all this new information. Congress will also debate the use of encryption technology and whether law enforcement should be granted access to encrypted data. We expect legislation governing encryption to be introduced soon. President Obama recently made statements favoring law enforcement’s ability to access encrypted data with a warrant.

Statement of ABA President William C. Hubbard Re: President Obama’s Executive Order on financial sanctions for cyberintrusions

ABA Advocacy

On June 1, the ABA sent a letter to Senate Majority Leader McConnell and Senate Minority Leader Reid urging consideration of the ABA’s position on cybersecurity measures while debating the comprehensive cybersecurity legislation passed by the House and pending in the Senate. 

ABA Policy

Report and Resolution 109, Adopted at the 2014 Annual Meeting in Boston
August 2014

This Resolution addresses cybersecurity issues that are critical to the national and economic security of the United States (U.S.).  It encourages private and public sector organizations to develop, implement, and maintain an appropriate cybersecurity program that complies with applicable ethical and legal obligations, and is tailored to the nature and scope of the organization, and the data and systems to be protected.

Report and Resolution 118, Adopted at the 2013 Annual Meeting in San Francisco
August 2013
This Resolution condemns intrusions into computer systems and networks utilized by lawyers and law firms and urges federal, state, and other governmental bodies to examine and amend existing laws to fight such intrusions.

Cybersecurity Legal Task Force: Resolution and Report to the ABA Board of Governors (November 2012) 
The ABA's Board of Governors approved a policy in November comprised of five cybersecurity principles developed by the Cybersecurity Legal Task Force.

House of Delegates: Resolution 105A, Adopted at the 2012 Annual Meeting in Chicago
(August 2012)
The ABA House of Delegates amends the black letter and Comments to Model Rules 1.0, 1.6, and 4.4, and the Comments to Model Rules 1.1 and 1.4 of the ABA Model Rules of Professional Conduct dated August 2012.

Resources

In the News

Contact

David Eppstein
Legislative Counsel
American Bar Association
Governmental Affairs Office
1050 Connecticut Avenue, NW, Suite 400
Washington, DC 20036
202-662-1766
David.Eppstein@AmericanBar.org