| RICHTER, MILLER & FINN WASHINGTON, D.C. |
1900 L Street, N.W. #610 Washington, D.C. 20036 Tel: +1-202-467-6200 Fax: +1-202-293-4395 E-mail:counsel@rlaw.com |
 |
|
Richter, Miller & Finn is pleased to provide the following general information about how to use its electronic communications facilities. Further specific information is provided only on a need to know basis.
Please let us know if this information is helpful. We are particularly interested in how to make it more useful! |
|
| This WWW Page contains basic information about how to use our Internet and other basic communications facilities and is intended primarily for use by our clients, other law firms and lawyers with which we have regular dealings. The basic communications facilities to be discussed include:
Individuals and businesses which communicate with their lawyers using electronic and other communications methods of the modern world expect that the content of their communications will not be compromised. At the same time, clients also expect that complete confidentiality concerning their affairs will be maintained even when lawyers and law firms at different locations are involved in representing their interests. Each of these separate communications methods presents different security considerations, the essentials of which must be understood by all parties to the communications if a satisfactory level of security is to be assured. Because of their importance, we will the security basics first. |
|
| A comprehensive discussion of communications security is beyond the scope of these materials, but we provide a brief discussion of several aspects of communications security which are important to our activitites as "outside" lawyers. Most often, the greatest risk of communications content compromise in a business operation is within the business itself - by disgruntled employee(s) or by other(s) tempted to disclose that information to a competitor or adversary for money or to misuse the information internally or for his or her personal advantage. Information which senior management of businesses exchange with their outside lawyers, particularly in business strategy and planning, intellectual property protection, contract negotiations and actual or potential litigation contexts, is particularly susceptible of misuse or abuse by others within the business who may obtain unauthorized access to it. Good internal security controls are essential. These include control of mailroom and receiving office operations, limitations on access to fax machines used for sensitive communications, restrictions on access to computer backup media and conventional hardcopy files containing sensitive materials, restrictions on access to computer and e-mail files and archives on computers connected to local LANs, restrictions on access to stand-alone desktop computers and procedures (e.g. shredding) for disposal of "trash" containing sensitive materials. Plain-text e-mail, with or without "attached" binary files and other forms of communications over the Internet may easily be intercepted and read by a technically informed and determined snooper (or hacker) at or connected to any node point along the path between the sender and the recipient, including at the mail server which provides e-mail services to the end user. The security of the content for such materials is in some respects analogous to that for written material on a postcard sent through the postal mail system: no one concerned about misuse of sensitive information would send a confidential message on a postcard which potentially can be read by anyone who might see the postcard while enroute! On the other hand, the volume of traffic on the Internet is now such that the likelihood of a random interception followed by an actual misuse of the content of ordinary e-mail messages (or files) is quite small. The likelihood of misuse is, of course, much greater for plain text materials with obviously sensitive content, and the potential risk of compromise is very high if either the sender or the recipient is being targeted for interception. The mail servers which provides e-mail services to each of the end users present points of high vulnerability for unencrypted e-mail in almost all cases. Some mail servers (particularly local ones within an office environment) are set up to log automatically the contents of all e-mail traffic through the server. When such automatic logging occurs, the technical personnel who are responsible for maintaining the mail servers may later be able to read the contents of messages offline. In the U.S., all mail, packages and electronic communications which cross national boundaries (i.e. the borders) are potentially subject to government scrutiny. Legal (and illegal) interception by the government and unlawful interception by others can occur in numerous other situations. Given these possibilities, why take any chance with confidential or sensitive materials when easy technical solutions exist to minimize or even completely avoid such risks? The easy technical solutions which we have found useful include:
We provide a separate WWW page with essential information about the PGP Encryption / Decryption software which we use for high security encryption. That page includes basic information about where to obtain the software, how to use it, and the two published public encryption keys which we use. We also provide a separate WWW page with essential information about the ARJ and PKZIP compression and archiving programs which we use for low security encryption. Those programs, with related DOS batch files, and pertinent "how-to-use" information are available for downloading from this WWW server from that WWW page. We recommend the use of PGP encryption for all highly sensitive E-Mail communications and all Internet or network FTP file transfers of highly sensitive files. The use of PGP encryption may also be warranted for highly sensitive files which are forwarded on diskette or in other electronic or magnetic media by mail or courier. ARJ and PKZIP provide easily used, low level encryption facilities, which may be satisfactory for routine communications for which privacy is desired, but for which there is limited potential for intentional interception or misuse of the message or file content if intercepted. You should be aware that plain text files encrypted using the one-step encryption options provided by ARJ and PKZIP can be successfully decrypted in only a few minutes by a determined intercepter with only a modest level of technical sophistocation. Plain text E-Mail and file transfers are appropriate only when there is little or no potential for misuse of the message or file content. |
|
|
E-Mail has come into widespread use over in-house computer networks in the modern business world. Modern in-house E-Mail systems now usually permit connection to the Internet so that E-Mail may be sent anywhere in the World over the Internet. A large number of private E-Mail networks still exist, but most are now interconnected with the Internet. E-Mail sent over the Internet is particularly useful in our business for the exchange of messages, correspondence or text based materials as well as "attached" binary files with our clients, other law firms and lawyers with which we have regular communications. Most of our communication are sent from or to unpublished E-Mail addresses at RLAW.COM which are provided on a "need to know or use" basis. We also maintain a published "general" E-Mail address: counsel@rlaw.com in addition to the two published email addresses for Paul S. Richter and Thomas P. Miller on our How To Contact Us page. Our published E-Mail addresses are generally reliable and are checked by us regularly for incoming E-mail. In our experience, however, the Internet E-mail forwarding system is not 100% reliable all of the time; generally, this has been caused by message routing problems or failures occurring on the Internet itself or by one or the other of the mail servers on either end of an e-mail path. Because of these experiences, we recommend that when critical e-mail is sent to us which may not be specifically expecting, that a confirming fax or telephone message also be sent immediately alerting us to look for an incoming e-mail, and providing a follow up procedure to be used by us in case the e-mail does not arrive by a particular time after it was sent. We can provide alternative, unpublished e-mail addresses involving different e-mail servers to which second copies may be sent. As already noted, we recommend that you use proper communications security procedures at all times to protect all content sensitive electronic communications. PGP encryption for should be used for all highly sensitive E-Mail communications. Plain text E-Mail is appropriate if you view the risk of (improper) interception as very low and there is little or no potential for misuse of the message content even if intercepted. |
|
|
The ability for our firm to send and receive binary files over the Internet (and otherwise) has become increasingly important. The most common examples of binary files are document files in standard word processor formats, in standard spreadsheet formats or in standard database formats, which we exchange with client representatives, associate counsel or other counsel. A common example: we originate complex legal documents as a work product, and send the draft document binary files in a standard word processor format to the client representative or to an associated counsel at another location. The documents are reviewed by each, coordinated by us for final editing and then printed, signed and filed in final form at our Washington, D.C. office or at a remote location. We are able to use any one of several distinct methods for effecting electronic transfers of binary and other files:
We have found that the use of "attachments" of binary or other files to conventional E-Mail provides the easiest to use method for the transfer of files over the Internet. No special technical skills are required by the user on either end. Again, we recommend that sensitive files being sent as "attachments" to conventional E-Mail be suitably encrypted before "attachment". We can upload files with arbitrary filenames to hidden directories on the RLAW.COM web server so that remote users can access and directly download those files using a conventional Web Browser. This is handy for users with limited technical skills. We provide the "hidden" directory and arbitrary filename information to the users on a "need-to-know" basis. We can also set up the hidden directories to require use of predetermined usernames and passwords for access to the directories. We also recommend that sensitive files be encrypted before uploading. RLAW.COM also has an FTP server which can be accessed over the Internet with a logon name and password and used for uploading and downloading of files. We restrict the how-to-use details for that facility to those with a need-to-know. We still also have the capability to effect file transfers by dial-up modem connection over the regular telephone network, although this is no longer frequently used. Our preferred software package for this is Hyperaccess, but we also have the PC Anywhere and Carbon Copy software packages for compatibility with certain users. When we use the dial-up modem connections, we can originate or receive incoming requests. In all instances, the telephone numbers and the Logon Names and Passwords are unpublished, and are changed frequently for security reasons. As already noted, we recommend that you use proper communications security procedures at all times to protect all content sensitive electronic file communications. PGP encryption for should be used for all files containing highly sensitive information. The use of ARJ or PKZIP low level encryption is satisfactory for many instances in which there is little potential for misuse of file content. Plain text file transmission is appropriate if you view the risk of (improper) interception as very low and there is little or no potential for misuse of the file content even if intercepted. |
|
Our main telephone number in Washington, D.C. is: +1-202-467-6200 , and that number is always answered by an automated answering system (or sometimes by a "live" operator) during our normal office hours, 9:00am to 5:00pm local time in Washington, D.C. on weekdays. Voice mail is always available; and the automated answering systems is always in use outside of regulars hours. When the automated answering system is in use, our callers need to know in advance the extension number(s) for the individual(s) whom they wish to reach; otherwise the caller will need to leave a message with the "Operator" voice mail and wait for a return call. We also have an unpublished "800" number which can be used to make a "free" telephone call to our main office telephone number in Washington, D.C. from anywhere in North America. Our main facsimile (fax) number in Washington, D.C. is: +1-202-293-4395 and a G3 fax machine is connected to that line at all times. We also have an unpublished "800" number which can be used to make a "free" fax call to the our main office fax machine in Washington, D.C. from anywhere in North America. |
|
| Copyright © 1994 - Richter, Miller & Finn - Last Update: 30 Dec 2004 Constructive suggestions for improvements are always welcome! |
URL: http://rlaw.com/rmf E-mail:counsel@rlaw.com |