My favorite encryption software, TrueCrypt, released a major update today. There are two major new features:

• TrueCrypt now allows encryption of the entire system partition in Windows. TrueCrypt has enabled encryption of non-system partitions before, but this features allows you to encrypt your entire drive.
• The long-awaited graphical interface for GNU/Linux!

TrueCrypt is a free and open-source software for encrypting files and disks. For a tutorial on getting started with TrueCrypt, see this post from last April. If and when I experiment with full-system encryption, I will post a new tutorial and review.

[via Slashdot

Edit: I had to see the GNU/Linux graphical interface. Click the thumbnail to see the larger version. It works so well I could cry for joy. No more command line! It is missing some of the nice features of Windows interface. For example, it will not automatically mount your encrypted volumes on startup, and will not automatically dismount them on shutdown. But it does automatically detect and enable NTFS, which is a great feature. Thanks you, TrueCrypt team! Definitely a project worth supporting.

By now, most attorneys are at least thinking about marketing their practice online, if not doing it in some fashion already. But “online marketing” is a concept so vague it is completely unhelpful. Online marketing encompasses everything from websites to social networking sites to chat rooms. Much online marketing is similar to offline marketing, but some of it is very different.
LinkedIn
But whatever your comfort level–both with privacy and with technology–you can find a way to market your practice online. In this series of three posts, I will talk about privacy issues, the necessary technical know-how, and the major ways to market yourself and your practice online: websites, paid advertising, blogs, and social networks.

First, privacy and technical know-how.

(more…)

My office was burglarized over the weekend, a valuable reminder of the need to backup and secure your files, both paper and digital.

All the jerks stole was a few rolls of stamps and my video camera. Expensive for me, to be sure, but nothing particularly disturbing. They didn’t touch my external hard drive that I use for backup (and to store movies for lazy Friday afternoons). Apparently stamps are hot items. The building management may have been negligent, and I hope they will buy me a shiny new video camera before my next depositions.

I was irritated, but largely unfazed due to the fact that my files are well-protected and I have multiple backups. I back up my files daily to my external drive, and my laptop comes with me every night. I backup weekly (or so) to a second, portable external hard drive, so I had a backup just a few days old. All my backups are encrypted, so I wasn’t worried about losing client information.

The only paper files in my office are public information like original pleadings. So although I am quite irritated at having to blow a few hundred dollars on a new video camera when the one I had was perfectly good, it wasn’t nearly as bad as it could have been.

But it is a reminder to back up diligently and make sure your client files are protected, whether paper or digital. You don’t want to have to send a letter to your clients notifying them to look out for identity theft, since you never encrypted your files.

This is why you need to encrypt your client files.

If the data on that hard drive was encrypted, rather than sitting out there for anyone to see, the headline might have been entirely different. All the thief would be able to see would be a file, partition, or drive full of gobbledygook (that’s a technical term). Encrypt your data.

At the same time, reconsider carefully the data you do hold onto. Do you really need your client’s social security number or driver’s license number? If you do, you had better encrypt that information and keep any paper copies under lock and key. It will take more than a simple log-in password to escape liability in a case like this, I think.

We recently mentioned encryption, but what do you do when it comes time to throw out a hard drive? Wipe it clean. Why go to the trouble? The same reason you should encrypt client data. As a lawyer, your computer is an identity thief’s dream. When you toss a hard drive with readable data on it, you might as well be handing your clients’ bank accounts over to the bad guys.

And remember there is no such thing as deleting files. Getting them back is a small freeware download away.

Fortunately, wiping a hard drive isn’t difficult. I have used Darik’s Boot and Nuke in the past. All you do it burn it to a CD, pop it in the CD drive, turn on your computer, and follow the prompts. Done.

Lifehacker also points to a ZDNet article about Secure Erase, a set of commands that has been embedded in most ATA hard drives since 2001. Get the Freeware Secure Erase Utility to use it.

In the end, Darik’s Boot and Nuke is probably easier and has broader application, but it never hurts to have options.

Attorneys have a lot of data about clients. A lot of this may be no your computer, especially if you have gone paperless to any extent. And hard drives are only as secure as the lock on your office door. Paper can’t be encrypted–another downside to paper–but digital data can.

While I don’t think an attorney’s ethical obligation to protect client data goes further than locking the office door, attorneys who fail to protect client data could very well face liability if their clients’ identities are stolen from a hard drive. Let’s face it, opposing counsel probably isn’t hiring thugs to break into your office, but identity thieves are swiping laptops and buying old computers by the pallet-load at local auctions, looking for personal information. And you can’t necessarily trust your computer repairman, either.

This should be especially worrisome if you carry client data on a laptop, whether in the form of e-mails or actual digital files. Laptops are mobile and easy to steal. And all an identity thief has to do is pop out your hard drive and start looking around.

So, let’s talk encryption.

(more…)