Law Practice Emerging Trends: One Step at a Time

OK, I admit it. I’m one of those bloggers that writes about the need to adopt emerging legal trends as if your practice will disappear tomorrow if you don’t. Virtual lawyering, alternative fee arrangements, unbundling and document assembly: threats of the legal services industry nibbling at the edges of your client list.

Admittedly, there is a certain urgency to this as new and different legal service delivery models proliferate. The problem is approaching the task of incorporating radical changes into your law practice structure all at once is daunting—so daunting that many lawyers become discouraged and do nothing. How do I know this?

Here’s the story about my recent Android phone purchase. I’d wanted to move up from my Blackberry for over a year. I qualified for an upgrade. Yet I did nothing. Why? Because I couldn’t face the task of learning how to use a completely different device while continuing to do business. Then I had an AHA! moment: I could buy my Android and at first only learn and use the functions I knew and relied on. After that, I could take 15 minutes or an hour to learn something new and expand my use. This approach worked really well, and could do the same for you in integrating new processes that will streamline and expand your practice.

Online Communication and Document Storage

Since the invention of email, lawyers have unwittingly been partially practicing online when they communicate via email. As virtualization, cloud computing and other non-resident technology has evolved, online security has been seriously compromised and threaten your ability to comply with your duties of confidentiality and privacy. To respond to this, virtual law office technology offers  highly-securitized communication systems in conjunction with many other functions, but may be  too overwhelming to consider incorporating into your practice right now.

In that case, try converting only your communication and document transfers via a system such as is a cloud application that enables you to upload and store documents in folders, and communicate with clients or other players by inviting them into the folder, where they can view the documents and communicate details through their messaging system. It offers a comprehensive security architecture that protects documents and communication on application, network and facilities levels.

Dropbox is a similar product that offers AES-256 standard (bank-grade) encryption for file storage, and uses Amazon S3 for data storage.  Your file transfers and communications are conducted over a secure channel using 256-bit SSL (Secure Sockets Layer) encryption, the standard for secure Internet network connections. Dropbox also enables collaboration via their sharing functions.

For simple encrypted email, try Hushmail. The free version offers private, secure free email accounts that are encrypted and spam/virus scanned. The business version lets you manage unlimited accounts and unique customization.

Alternative Fee Arrangements

The billable hour is fast being replaced by alternate methods of pricing legal services as clients seek certainty in the cost of their legal matters and are finding competing legal delivery services that will give them just that. But there are a variety of alternative pricing methods, there is a learning curve to pricing your work in any way other than by time, and in the meantime, you still need to generate revenue. Try taking one segment of your practice that is at least partially systemized, package it, and ask yourself:  what do you think the delivery of that particular legal product is worth? Give it a fixed price. It is a risk, but a small one, and will give you the opportunity to start thinking along the lines of fixed pricing, subscription models and the king of alternative fees: value pricing. If you are strictly a litigator, you can price pre-trial projects this way as well, converting to the billable hour system at a pre-determined point where the unknown becomes predominant.

Document Assembly

LegalZoom isn’t the only legal  document producer in town.  Try integrating their delivery model into your practice by using a document assembly service such as HotDocs, Exari, or ProDoc. This will enable you to take another step into the cloud, compete with legal document delivery businesses that offer documents “without legal advice”, help in creating a basis for fixed, or other alternative, pricing models, and attract a client-base that may ordinarily be out of reach.

Each one of these suggestions will take you one step closer to bringing your practice along on the emerging trends ride. Pick one and try it. Research and play with it, just as you would a new tech toy. You will not take the legal revolution by storm, but you will be moving that much further toward the goal of creating a successful practice in a changing profession.


  1. Avatar Leigh Honeywell says:

    It’s worth noting that with many of these “cloud” services, your data is encrypted in transit, but not on the company’s servers.

    This means that you have three risks to assess about your data when considering these services:

    1) rogue employees at the service provider may be able to access your data
    2) if law enforcement agencies subpoena your data, the service providers may not notify you that the data has been subject to search. Hushmail has even said that they would have to comply with court orders to compromise the security of their in-browser encryption program.
    3) for lawyers practicing outside of the United States there are specific concerns with the accessibility of data stored in the US to US law enforcement, because of the PATRIOT act.

    Many services don’t the above very clear – Dropbox drew fire (including an FTC complaint) recently over misrepresenting their encryption technology in ways which included the above.

    There are even geekier details about exactly how the key is derived, but hopefully the above gets people thinking about what putting their documents “in the cloud” means.

    What does this mean for end users? Consider running some things on the client side only, for example email encryption software such as PGP or the various compatible open source alternatives to it such as GPG. For storage services, look for a service which encrypts your data in such a way that it is neither accessible in transit /nor/ at rest on the provider’s servers, such as Wuala, SpiderOak, Tarsnap, or TahoeLAFS. At an individual level, look at the free/open source disk encryption software TrueCrypt.

    Most of these services will have more overhead and setup complexity than the shiny rounded-corner Web 2.0 offering of the day. But when your data falls into the wrong hands, that shine wears off.

    • Sam Glover Sam G. says:

      Most of these services send data over an encrypted connection, and store it encrypted. Some services encrypt the data before it is sent over the encrypted connection, for extra security.

      (1) Rogue employees? Are you serious? I’m just as worried about rogue employees at Iron Mountain and similar archiving warehouses, where attorneys have been storing unencrypted client information for decades. (Which is to say, not very worried.)
      (2) When would someone not have to comply with a court order?

      • Avatar Leigh Honeywell says:

        Sam, aside from’s Enterprise product, which of the services listed in the original article store data at rest encrypted?

        Re: your other points:

        1) I’m not a lawyer, I have no idea about that stuff.
        2) If the data is encrypted at rest in a way that the service provider can’t access without the customer’s consent, court orders don’t matter. In all other cases, the customer’s data is accessible under a court order to the service provider. That’s all.

        • Avatar Leigh Honeywell says:

          Apologies, hit send prematurely.

          My first point should have read “encrypt data at rest with a key that’s not accessible to the service provider.” Hushmail, for example, encrypts data at rest but because of the design of their system could be forced to provide a Trojaned version of their browser applet (as per the article I linked in my original post).

          All told, these issues all depend on one’s threat model. But I do think it’s important to really understand who can access your data before signing up for the “cloud”.

        • Sam Glover Sam G. says:

          Dropbox, for one. From the security policy:

          We encrypt the files that you store on Dropbox using the AES-256 standard, which is the same encryption standard used by banks to secure customer data. Encryption for storage is applied after files are uploaded, and we manage the encryption keys.

          I think it’s the last part you have a problem with, and I’ve already stated why I don’t. My cleaning staff has more access to my paper files than Dropbox has to my digital ones. Which is why I’m paperless.

          • Avatar Leigh Honeywell says:

            “We manage the encryption keys.” Under court order, they will hand those managed keys over. They will not necessarily disclose that a court order was executed.

            If you had the keys under your control alone, the court order would come to you. That’s the fundamental difference between a service like Dropbox and one of the ones I mentioned.

  2. I like the idea of encouraging lawyers to try one new technology at a time. But the basis for encouraging them should not be fear or hyperbole. The post states “online security has been seriously compromised and threaten[s] your ability to comply with your duties of confidentiality and privacy.” That’s a pretty broad statement. Where is the support for that?

    Also, lawyers are not required to use encrypted e-mail. Period. No state ethics authority or the ABA has opined otherwise. I do not believe there have been any (any!) instances in which a lawyer’s e-mail was intercepted by a third-party (a felony, by the way) and confidential information disclosed because the e-mail was not encrypted. There may be some lawyers whose work is so highly confidential and so attractive a target for evil-doers that they want to take extra precautions (IP lawyers come to mind). But the other 99% of us will be just fine with our existing e-mail. We don’t need to convince people that vampires are real so that we can sell garlic.

  3. If law enforcement wants someone’s data and gets a court order for it, they will likely first go to the person’s home and / or office, seize all of the computers, and image them. They do not call ahead and make an appointment. They will then likely be able to access whatever that person can access. In that situation, whether the on-line provider manages the encryption keys is really the least of the person’s problems.

    The duty to disclose executing a criminal subpoena or court order rests with the government, not the third party who responds to the order (this is true in civil matters as well).

    Fortunately, this is something very few lawyers have to worry about.

Leave a Reply