Friday, June 16, 2006

Minimizing the Danger of an Online World - WISCONSIN LAW JOURNAL

Computers and electronic documents can be dangerous for attorneys and their clients. Most often, we read about the use of computer evidence in criminal cases involving illegal pornography and online gambling. However, the risks inherent in technology apply to attorneys and clients in any field of the law that makes use of a computer in favor of a typewriter. Innocuous documents sent through one’s computer and materials stored on the computer can create risks in litigation and in dealing with clients.

As an example, did you know that the number of times a document was edited, the date it was first created, the last user to edit the document and other information can be obtained when viewing an emailed Word or WordPerfect file? Further, older versions of Word or WordPerfect store edits which may be revealed to allow opposing counsel to view the changes you have made in drafting.1 Imagine sending an email with a attached draft settlement proposal that has circulated between two colleagues at a law firm. One suggests a smaller settlement offer in the client’s approved range as reasonable, but this is replaced, after discussion, with a higher amount by the second firm attorney. The attorney then emails the settlement offer to opposing counsel. Technologically sophisticated opposing counsel may be able to retrieve the “metadata” buried within the document and discover the changes made to the documents and learn of his opponent’s willingness to settle the case for a significantly smaller figure.

Such exposure can be avoided by only sending documents through email which are in .pdf (Portable Document Format). In order to use this format, a computer user needs to purchase Adobe Acrobat Writer available at www.adobe.com. This software creates an option in the File menu to “publish” a document as a .pdf document. This essentially creates a image of the text document. Because it is an image of the text document, the underlying changes to the file can not be revealed. (This format is common to those who practice in the Eastern District Federal Court in Milwaukee, as the court requires filing of pleadings in this format, and the Western District Bankruptcy Court, where electronic filing is encouraged.) Sending documents in a format other than .pdf can allow for the risk of others viewing (or making) changes to your file.
Computers users also erroneously assume that moving files to the trash can icon and then “emptying” the trash removes these files from their computer. Taking these steps does not truly delete these files; it simply removes the “pointers” indicating to the computer that such data can be overwritten. A computer contains data allocated space and unallocated space. The “allocated space” on your computer is for programs and files that have a designated file path or location. The “unallocated space” does not have a file path and is available to be overwritten.
The materials, that computer users mistakenly believe that they have deleted, reside in the unallocated space until they are overwritten with new data. The materials in the unallocated space are not overwritten in a chronological process either. The overwriting process is not related to the duration of time that data has been unallocated; it relates to the size of the material. When new data is “overwritten”, it replaces a strip of data which may have been “unallocated” for several years, months or hours. Additionally, the “slack” area of the hard drive may maintain data for years that a user believes is deleted.

Files and programs that users believe that they have deleted may be located and examined by the use of computer forensic software. Consider the import of this statement: sensitive materials that a user believes that he or she has deleted may still be retrieved and read. This type of investigation arises often in cases in which the government has seized the computer of an individual accused of possession of child pornography or of being involved in white collar computer crimes. However, the scope of the ability to recover data is much more broad - attorneys can seek access to mirror image of a witness’ computer hard drive through subpoena and attempt to recover deleted documents, images or remnants of sent emails. Also, with these same forensic tools, computers used by former employees can be searched by an employer. The possibilities and risks are extreme.

Software exists to securely remove the data stored in the unallocated space of one’s computer. As attorneys, we use email to converse with clients regarding sensitive and privileged matters. For the protection of client matters, attorneys ought consider purchasing and routinely using software which eliminates the unallocated data. One recommended example of this type of software is called “Shred-X 3.0”, which overwrites unallocated data.

Finally, attorneys should also consider using encrypted email and electronic signatures. Encrypted emails and electronic signature software are available though companies like PGP Corporation (referred to often as “Pretty Good Privacy”). PGP is a software encryption program that allows for secure communications with clients through email. These tools can help protect email from unwanted interception or distortion.

The security risks in an online world should not be taken lightly. The steps described above can help to minimize the risks of communicating in an online environment. However, despite these protections, when one decides to get rid of a computer, it should be broken into pieces, burned and/or shot and email should never be the vehicle for communication of extremely sensitive matters.

Erik Guenther is a criminal defense litigator with Hurley, Burish & Stanton, S.C. (www.hbslawfirm.com), practicing in both state and federal courts. The firm’s criminal practice group has taught defense attorneys statewide about the nuances of defending child pornography cases. While handling a variety of criminal matters, Erik has a keen interest in computer crime cases.

1 A computer forensic expert advises that recent versions of Microsoft Word and WordPerfect do not store the underlying changes to the document, or “metadata”. Changes to a Microsoft Word document are contained in a separate temporary file. This temporary file is deleted, though still recoverable on the computer, when the Word file is saved. It is a different file and thus when the Word document is emailed it would not be attached to the message. However, if a Word document is provided to another party on disc, then the changes may still be discovered.