|RICHTER, MILLER & FINN
Northern Virginia &
P.O. Box 216
Catharpin, Virginia 20143
Richter, Miller & Finn is pleased to provide the following general information about how to use its electronic communications facilities. Further specific information is provided only on a need to know basis.
Please let us know if this information is helpful. We are particularly interested in how to make it more useful!
This page contains basic information about how to use our Internet and other communications facilities and is intended primarily for use by our clients, other law firms and lawyers with which we have regular dealings.
The basic communications facilities to be discussed include:
Individuals and businesses which communicate with their lawyers using electronic and other communications methods of the modern world expect that the content of their communications will not be compromised. At the same time, clients also expect that complete confidentiality concerning their affairs will be maintained even when lawyers and law firms at different locations are involved in representing their interests. Each of communications method presents different security considerations, the essentials of which must be understood by all if a satisfactory level of security is to be achieved; we briefly review security basics first.
A comprehensive discussion of communications security is beyond the scope of these materials, but we provide a brief discussion of several aspects of communications security which are important to our activitites as "outside" lawyers.
Most often, the greatest risk of communications content compromise in a business operation is within the business itself - by disgruntled employee(s) or by other(s) tempted to disclose that information to a competitor or adversary for money or to misuse the information internally or for his or her personal advantage. Information which senior management of businesses exchange with their outside lawyers, particularly in business strategy and planning, intellectual property protection, contract negotiations and actual or potential litigation contexts, is particularly susceptible of misuse or abuse by others within the business who may obtain unauthorized access to it.
Good internal security controls are essential. These include control of mailroom and receiving office operations, limitations on access to fax machines used for sensitive communications, restrictions on access to computer backup media and conventional hardcopy files containing sensitive materials, restrictions on access to computer and e-mail files and archives on computers connected to local LANs, restrictions on access to stand-alone desktop computers and procedures (e.g. shredding) for disposal of "trash" containing sensitive materials.
Plain-text e-mail, with or without "attached" binary files and other forms of communications over the Internet may easily be intercepted and read by a technically informed and determined snooper (or hacker) at or connected to any node point along the path between the sender and the recipient, including at the mail server which provides e-mail services to the end user. The security of the content for such materials is in some respects analogous to that for written material on a postcard sent through the postal mail system: no one concerned about misuse of sensitive information would send a confidential message on a postcard which potentially can be read by anyone who might see the postcard while enroute!
On the other hand, the volume of traffic on the Internet is now such that the likelihood of a random interception followed by an actual misuse of the content of ordinary e-mail messages (or files) is quite small. The likelihood of misuse is, of course, much greater for plain text materials with obviously sensitive content, and the potential risk of compromise is very high if either the sender or the recipient is being targeted for interception.
The mail servers which provides e-mail services to each of the end users present points of high vulnerability for unencrypted e-mail in almost all cases. Some mail servers (particularly local ones within an office environment) are set up to log automatically the contents of all e-mail traffic through the server. When such automatic logging occurs, the technical personnel who are responsible for maintaining the mail servers may later be able to read the contents of messages offline.
In the U.S., all mail, packages and electronic communications which cross national boundaries (i.e. the borders) are potentially subject to government scrutiny. Legal (and illegal) interception by the government and unlawful interception by others can occur in numerous other situations.
Given these possibilities, why take any chance with confidential or sensitive materials when easy technical solutions exist to minimize or even completely avoid such risks? The easy technical solutions which we have found useful include:
We provide a separate WWW page with essential information about the PGP Encryption / Decryption software which we use for high security encryption. That page includes basic information about where to obtain the software, how to use it, and the two published public encryption keys which we use.
We also provide a separate WWW page with essential information about the ARJ and PKZIP compression and archiving programs which we use for low security encryption. Those programs, with related DOS batch files, and pertinent "how-to-use" information are available for downloading from this WWW server from that WWW page.
We recommend the use of PGP encryption for all highly sensitive E-Mail communications and all Internet or network FTP file transfers of highly sensitive files. The use of PGP encryption may also be warranted for highly sensitive files which are forwarded on diskette or in other electronic or magnetic media by mail or courier.
ARJ and PKZIP provide easily used, low level encryption facilities, which may be satisfactory for routine communications for which privacy is desired, but for which there is limited potential for intentional interception or misuse of the message or file content if intercepted. You should be aware that plain text files encrypted using the one-step encryption options provided by ARJ and PKZIP can be successfully decrypted in only a few minutes by a determined intercepter with only a modest level of technical sophistocation. Plain text E-Mail and file transfers are appropriate only when there is little or no potential for misuse of the message or file content.
Email is in almost universal use in the modern business world. In-house Email systems now usually permit connection to the Internet so that Email may be sent anywhere over the Internet. A few private Email networks still exist, but all are now interconnected with the Internet.
Email sent via the Internet is used for exchange of messages, correspondence or text based materials as well as "attached" binary files. Most of our communication are sent from or to unpublished Email addresses at RLAW.COM which are provided on a "need to know" basis.
We also maintain a published "general" Email address:
in addition to the two published email addresses for Paul S. Richter and Thomas P. Miller on our How To Contact Us page.
Our published Email addresses are generally reliable and are checked by us regularly for incoming Email. In our experience, however, the Internet Email forwarding system is not 100% reliable all of the time; generally, this is by message routing problems, failures occurring on the Internet itself, by one or the other of the mail servers on either end of an email path, or by spam filtering systems or procedures now in widespread use. Spam filtering systems and procedures can delay or delete non-spam email which have spam-like subject lines or content.
We recommend that when time critical email is sent to us which may not be specifically expecting, that a confirming fax or telephone message also be sent immediately alerting us to look for an incoming email, and providing a follow up procedure to be used by us in case the e-mail does not arrive by a particular time after it was sent. We can provide alternative, unpublished email addresses involving different email servers to which second copies may be sent.
As already noted, we recommend that you use proper communications security procedures at all times to protect all content sensitive electronic communications. PGP encryption for should be used for all highly sensitive Email communications. Plain text Email is appropriate if you view the risk of (improper) interception as very low and there is little or no potential for misuse of the message content even if intercepted.
Modern law firms now routinely send and receive binary files over the Internet: The most common examples of binary files are document files in word processor or spreadsheet or PDF file formats which are we exchange with client representatives, associate counsel or other counsel. For example, we originate legal documents as a work product, and send the draft document in a binary file format to the client representative or to an associated counsel at another location. The documents are reviewed by each, coordinated by us for final editing and then printed, signed and filed in final form at our office or at another remote location.
We are able to use any one of several distinct methods for effecting electronic transfers of binary and other files:
The use of binary file "attachments" to conventional Email provides the easiest to use method for the transfer of files over the Internet. No special technical skills are required by the user on either end. Again, we recommend that sensitive files being sent as "attachments" to conventional Email be encrypted before "attachment".
We upload files with arbitrary filenames to hidden directories on the RLAW.COM web server so that remote users can access and directly download those files using a conventional Web Browser. This is handy for users with limited technical skills. We provide the "hidden" directory and arbitrary filename information to the users on a "need-to-know" basis. Sensitive files can be encrypted before uploading.
RLAW.COM also has an FTP server which can be accessed over the Internet with a logon name and password and used for uploading and downloading of files. We restrict the how-to-use details for that facility to those with a need-to-know.
We also have the capability to effect binary file transfers by dial-up modem connection over the regular telephone network but this is no longer frequently used. When we use the dial-up modem connections, we can originate or receive incoming connections. The telephone numbers, Logon Names, Passwords and other procedures are unpublished and provided only on an "as needed" basis.
As already noted, we recommend that you use proper communications security procedures at all times to protect all content sensitive electronic file communications. PGP encryption for should be used for all files containing highly sensitive information. The use of ARJ or PKZIP low level encryption is satisfactory for many instances in which there is little potential for misuse of file content. Plain text file transmission is appropriate if you view the risk of (improper) interception as very low and there is little or no potential for misuse of the file content even if intercepted.
Our main telephone number at our home office is: +1-202-467-6200, and that number is answered (24/7) by an automated answering system or sometimes by a "live" operator during our normal office hours, 9:00am to 5:00pm local time on weekdays. Voice mail is always available; and the automated answering systems is always in use outside of regulars hours. When the automated answering system is in use, our callers need to know in advance the extension number(s) for the individual(s) whom they wish to reach; otherwise the caller will need to leave a message with the "operator" voice mail and wait for a return call. We also have an unpublished "800" number which can be used to make a "free" telephone call to our office from anywhere in the U.S. or Canada; we also maintain for the convenience of particular client(s) and/or as needed to facilitate the business of the law firm local telephone numbers at other locations around the United States.
Our main facsimile (fax) number at home office is: +1-202-293-4395 and a G3 fax machine is connected to that line at all times. We also have an unpublished "800" number which can be used to make a "free" fax call to the our office from anywhere in the U.S. or Canada.
The law firm provides clients and others as needed with "emergency contact procedures" which can be used to reach specific individuals associated with the firm by email, telephone or SMS message almost 24/7. Most of the telephone and fax lines now used by the law firm are based upon VOIP systems which have proven to be very reliable; on rare occasions when the Internet connectivity needed by a VOIP system temporarily goes down, callers will not reach the firm's internal PBX, but instead will receive a special voice message advising of the problem and requesting the caller either to try again shortly, to use an "emergency contact procedure" or to leave a voice message. Wired telephone systems provide "trunk busy" signals when similar outages occur (also rare).
|Copyright © 1994 - 2009 - Richter, Miller & Finn - Last Update: June 2009
Constructive suggestions for improvements are always welcome!