Last week a prospective litigation client suggested we use Dropbox to share confidential and proprietary information relating to a technology startup. This gave me access to the information that I needed to price the matter, the information was far too voluminous to simply attach to an email, and, perhaps most important in the client’s eyes, “Dropbox is free!”
Dropbox is an intriguing cloud based storage solution: your data is stored on your own computers and servers, and synchronized and accessible from servers in the cloud.
Still, as lawyers, we are supposed to take “reasonable precautions” to safeguard confidential and proprietary client information. Dropbox says that transmissions and storage are encrypted, are password protected, are “hardened against attacks for hackers” and kept on secure Amazon servers. Even assuming you know what all this means, are you ready to give up physical control of your client’s media and place it in this environment? Does simply relying on Dropbox’s no doubt sincere assurances equal “reasonable precautions”?
Dropbox has been the subject of an FTC complaint alleging Dropbox misled users about the privacy and security of their files as well as a class-action lawsuit (since dismissed) based on an alleged instance in which Dropbox accounts could be accessed without passwords for four hours. Whether well-founded or not, allegations such as these place lawyers on notice that they need to be proactive when taking advantage of Dropbox or any other cloud storage service.
Lawyers should take the additional step of encrypting, or pre-encrypting, client data before we give it to Dropbox or any other cloud-based storage solution. This way the Dropboxes of the world have zero knowledge of the contents of your data. You, your client and your malpractice carrier sleep much better knowing this precaution has been taken. Even Dropbox thinks so:
Dropbox: Yes, we have always recommended third-party encryption solutions for advanced users who are comfortable managing their own encryption keys.
(From Michael Kassner’s post Dropbox: Convenient? Absolutely, but is it secure?)
Thanks to my paralegal, Janet Ho, I’ve learned how to use the archiving and file compression features that come with Windows to do the encryption. Here’s how: