The phrase “electronic evidence” is becoming meaningless. It comes down to this: we are approaching a time when almost all evidence will be electronic. Some kinds of evidence, such as emails and texts, are born and live their lives electronically. Others start as hard copies but are eventually stored and conveyed electronically. We owe our clients a duty to protect and preserve all forms of electronic evidence, and what follows are some ways to do that.
Cloud-Based File Storage and Sharing
The best way to store and transfer large files quickly and easily is to use services such as Dropbox, Google Drive, and iCloud. These services allow you to create a file or a folder of any number of files that can then be sent to other people. You control the contents and type of access; for example, you can choose whether someone else may view the contents or edit them. Some services—Google Drive is one—allow you to create a link that can be shared with anyone or only with people to whom you send the email with the link. This is cost-effective. Some of these services are as low as $2.34 per month for 100GB of storage.
Avoid Being Hacked
You should assess the risk of being hacked. In most cases, there is very little risk that electronic evidence is being tampered with in your law office. But in a complex case, or one of social interest, the risk might be greater. For those clients in that greater-risk group, use different and more robust services than you use every day. Basically: don’t keep the jewels in the office vault—put them elsewhere. More secure electronic message and storage services (which also might be a bit more cumbersome to use) might be provided by your practice management software, Cisco, or SpiderOak (full disclaimer: one of my adult kids works for SpiderOak, but in mentioning the company, I do not intend in any way to promote it). SpiderOak is so secure that if you lose the password, even they can’t help. My practice management software uses RMail, a service to send encrypted emails as an option.
Importance of Strong Passwords
Passwords are the first and most common defense against data breaches. The first thing to know about passwords is that there are bad ones. Bad passwords are your address, birthday, names of children or parents, your own name, the name of the case or case number, or any variation on the letters that result from sliding your finger on the keyboard—don’t do that. The keyboard name “qwerty” was once a favorite. These passwords are easy to guess with relatively little information. Hackers have lists of these, and their software can try each one in seconds.
Here are some easy ways to make your passwords better. Passwords shorter than eight characters can be hacked into by using brute force applications downloaded from the Internet. Use longer passwords. Many experts recommend using at least fifteen characters. Make your passwords complex by adding symbols inside words or changing from upper- to lowercase at different times in your password. Purposeful misspellings can make a password memorable but secure.
Consider using pass phrases. These are combinations of multiple words into a long password. These can be extremely secure and surprisingly easy to remember. These pass phrases also generally lend themselves to having upper- and lowercase letters with more than fifteen characters. Good (and, in my humble opinion, funny) examples would be WillUtakemYcaseOnPayments?, mYc0uzinvINNYizalawy3r, or YouKantHAndleThetruth!!.
Use different passwords for different accounts so that if one gets hacked, the others do not. Change your passwords regularly to thwart the unknown trespasser.
One of the best ways to secure your data is to use two-factor authentication. This method typically requires you to use a password to access an app or other software program on your computer and then also asks you to quickly enter a one-time passcode sent to your cellphone. This method thus adds an entirely new layer of security.
Effective management of electronic evidence is an ethical mandate because the Model Rules of Professional Conduct call upon us to safeguard our clients’ property. Certain familiar technologies are no longer being used for this purpose; CD-ROMs are dead, and few computers have drives to read them. Thumb drives are dying and get lost easily. The new goal is to manage data in an uninterrupted workflow with the appropriate security precautions already in place on your computers and other devices.