Two months ago, I reported on a preview I’d seen of WindTalker, describing it as a document-security product unlike anything I’d seen. This week, WindTalker makes its formal debut, launching as a cloud-based content-security platform with an initial focus on the legal sector.

Initially developed for the U.S. Department of Defense, WindTalker is unlike other encryption or redaction software in that it allows a user to protect a document in its native format and on a granular level, allowing or denying access to others according to rights-based permissions.

That means that you can protect any text or image within a document — paragraphs, lines or even just words — and set access for different roles and people to any of those individual protected pieces, without have to generate multiple documents for different types of users. Within the same document, you could, for example, give your co-counsel access to some parts and your outside expert access to other parts. The same document can be opened by different people, and each person will see only what they have access to.

Although protected content appears to be redacted to those who do not have access, it is actually encrypted. The encryption can be applied to both Microsoft Word and Adobe Acrobat documents, and it follows the documents, so that if one recipient forwards it, the permissions still apply. A single document can contain multiple sets of permissions.

The different protections you apply to a document appear as different colors based on your defined access roles.

Further, each separate protection of text within a single document is a separate encipherment. WindTalker says it uses military-grade encryption that is virtually impossible to decrypt. But even if someone were to decrypt a single instance of protection within a document, all the other instances would remain separately encrypted.

WindTalker works only on Windows-based computers using Windows 7 or higher. It requires users to download client software that interfaces with the WindTalker servers. Users must also install add-ins within Microsoft Word and Adobe Acrobat DC.

The company tells me that it plans to release native support for Macs in 2019. However, clients are already using WindTalker on Mac computers through the use of the separately purchased Parallels software.

A reader who does not have access cannot see the underlying text.

WindTalker can protect content either manually or automatically. To use it manually within Word, the user highlights the content to protect, selects a “role” from a dropdown menu in the WindTalker tab on the Office ribbon, and then clicks “Apply.”

You, your firm or your organization define the roles to be applied. A role might be “attorney-client privileged” or “human resources” or “medical.” You can create roles via a dashboard on the WindTalker website, where you can assign users to a role, assign a color to a role (for how protected text will appear in your document), and assign tags to roles.

WindTalker can also protect content using what it calls Scouts. Scouts will automatically protect specific types of information — Social Security numbers, credit card numbers, phone numbers and dates. To use this, you would first select the protection role you wish to apply, and then click the button for the particular type of Scout.

WindTalker also allows users to create custom Scouts to protect specific words, phrases or any regular expressions, or to create macros to apply protections based on certain conditions. In addition, Scouts can be set to automatically run based on triggers such as opening or closing a document. In this way, they can be used to enforce security policies against documents.

In order for someone else to be able to view the portions of the document to which they have access, they will have to be running the WindTalker client software. Someone who does not have access or who does not have the software will see PROTECTED in place of the protected text. WindTalker is enabling free guest licenses for third parties to view documents protected with its software.

It is always a drawback when a program requires others to have the same program in order to read a document. But the guest license is free and the software is quick to install.

Pricing and What’s Ahead

Last week, Doug Martinez, executive vice president of WindTalker, gave me a demonstration of the product and then provided me with a password to try it for myself.

Martinez said that in testing the product so far, it has proven to have found a “sweet spot” in litigation, and in particular in e-discovery to protect documents based on different roles.

Martinez points out that the user retains the ability to turn on, turn off and revise permissions for a document. Thus, when litigation ends, an attorney who shared documents with opposing counsel can revoke that access. Or if a judge wanted to do an in-chambers review of protected parts of a document, the attorney could turn on access for the judge.

And if the judge ordered changes in what was or was not redacted, those changes could easily be made by changing permissions, rather than have to go back to the original documents and perform the redaction over again.

The cost of the software is $40 a month per user. For enterprise clients, the company will scale the pricing. A free trial account is available through the website.

Coming later this year will be an add-on for Microsoft Excel and then early next year an add-on for Microsoft Outlook. The company also plans to offer a split-key option, where half the decryption key sits on its cloud and half on premises with the customer.

While WindTalker is focusing on the legal market initially, Martinez believes it will prove valuable across industries as a tool that can serve the dual roles of protecting security while promoting collaboration. “A tool such as this enables companies to start easily applying protection to documents while also relieving them of risk if they share those documents,” he says.

WindTalker appears to be a unique and practical variation on software for protecting the security of documents. I like that it makes it easy to protect documents on a granular level and to apply different sets of permissions within a single document. The Word add-on makes it easy to use and there is virtually no learning curve. For both author and reader, the overall experience seems preferable to plodding through redactions and multiple document versions.



Only a third of lawyers use encryption when sending confidential or privileged documents to their clients. Instead, the great majority of lawyers rely on a confidentiality statement in the message body to protect the email’s privacy.

According to the 2015 edition of the annual Legal Technology Survey Report, compiled by the American Bar Association’s Legal Technology Resource Center. only 35% of lawyers use email encryption. That percentage has remained virtually unchanged over the last four years of the survey, even as understanding of the need for encryption has grown throughout the professional and business worlds.

When the survey asked lawyers what security precautions they use when sending confidential or privileged communications to clients via email, the answer given by 71% of lawyers was that they rely on the confidentiality statement in the message body.

I simply do not understand the logic of this. If the confidentiality statement is inside the email, then by the time anyone sees it, they’ve seen the email. It is akin to putting a note inside a box that says, “Do not open this box.”

Other ways lawyers say they protect client email include:

  • A confidentiality statement in the subject line.
  • Requiring clients to provide written or oral consent.
  • Password protecting documents.
  • Using registered email.

It gets worse. Of the lawyers who say they use encryption, fully a third cannot say what kind of encryption they use. Those who could say what type of encryption they use most commonly identified it as a general purpose software with encryption features that required the recipient to be sent a separate password.

Lawyers in larger firms are most likely to use email encryption. More than half of lawyers in firms of 500 or more and 41% of lawyers in firms of 100-499 use it. Among solos, only 24% encrypt their emails.

The cloud-based document management service NetDocuments today announced the roll-out of an enhanced security architecture with stronger encryption technology and new capabilities for users to manage their own encryption keys.

The new security architecture includes up to three separate encryption keys for each data file and allows firms and corporations that use NetDocuments to hold and control specific encryption keys relating to sensitive documents or content falling under regulatory, compliance or client-mandated data governance policies, the announcement says.

For law firms, that means that they can now assign encryption keys to specific workspaces within NetDocuments, such as matters and cases, which are highly sensitive and require additional security. This allows firms to revoke access to specific sets of data as opposed to the entire document management service.

For even greater security, firms can now implement a private hardware security module (HSM) to store workspace encryption keys under their exclusive control and custody. With this option, all ownership, management, control and monitoring of these keys is directly under the custody of the firm. NetDocuments would have no management access to the private HSM.

The new system uses multi-layered encryption. Each individual file is encrypted using the AES-256 standard and a distinct key. Each individual key is then separately encrypted using a master encoding key (MEK). Optionally, users may apply a second layer of encryption to the individual keys with a workspace encoding key (WEK) that the user controls.


At ABA Techshow next week, the file-sharing platform TitanFile will be demonstrating its new integration with Credeon, a highly secure, browser-based encryption technology developed by Hitachi Solutions America Ltd. The first such product targeted at the legal market, the integration allows secure sharing of files and other communications, with the user maintaining control of the encryption key and of who can access shared files.

[See also my previous review of TitanFile.]

“By leveraging the latest advances in browser technology, we’ve brought Credeon client-side encryption to the TitanFile application in the browser, without requiring the user to download and install any software or plugins,” TitanFile President and COO Tony Abou-Assaleh told me in an email.

“It allows users to automatically encrypt files before they’re sent through TitanFile. This adds another layer of protection to confidential data. And, in the rare event that any file transfer service is compromised or doesn’t function, data that’s encrypted through a browser will still be safe.”

Credeon is based on the HIBUN encryption software, which is widely used in Japan. Files are encrypted on the user’s computer, before they are shared or uploaded. Because the user controls the encryption key, no one else can access the files without the user’s authorization, including no one at either TitanFile or Hitachi.

With this new integration, Credeon will now be embedded in TitanFile so that no separate download or installation will be required.

In my post last week, The 10 Most Important Legal Technology Developments of 2014, I said that email encryption is now a “must-have tool for lawyers.” Yet, as I’ve also noted here, only a minority of lawyers use encryption. Part of the reason for this, no doubt, is that encryption can be cumbersome.

This, in previous posts here, I’ve reviewed two different applications that make it easy for lawyers to encrypt email. One, Enlocked, which I wrote about here and here, is a plugin that works with Microsoft Outlook, Gmail and iOS and Android mobile devices. The other, Delivery Trust, which I wrote about here, has more security controls than Enlocked and does not require the recipient to install a plug-in.

Today I am covering a third option for easy email encryption, Virtru, a free program that works with Outlook 2010 and 2013, with webmail services such as Gmail and Yahoo, with Mac Mail, and on iOS and Android devices.

Virtru adds options to Outlook’s toolbar.

Like both Enlocked and Delivery Trust, Virtru is enabled in Outlook by adding a plug-in. For web-mail services, Virtru provides browser extensions that work with Chrome and Firefox.

Virtru adds two security features that Enlocked lacks: the ability to disable forwarding of an email and the ability to set an email to expire, after which the recipient will be unable to read it.

To use Virtru with Outlook, you first download and install the plugin. It adds an option to the Outlook toolbar to turn Virtru on and off. When on, all emails you send are encrypted, including their attachments.

You can personalize the message to the recipient.

The recipient receives an email from you explaining that you have sent a secure message and directing the recipient to a secure website to read it. You can customize this message and toggle it on and off. Recipients must log in to the site with their email credentials to verify their identity, where they can then read the message and reply. The reply is also encrypted.

The message can be read directly in Outlook.
The message can be read directly in Outlook.

If the recipient has already installed the Virtru plugin, then the email appears as a regular email message, except that it shows a padlock icon. It can be opened and read directly in Outlook, along with any attachments.

Virtru includes two other options for encrypted emails: “Disable Forward” and “Set Expiration.” If you click Disable Forward when sending an email, the recipient will be unable to forward it. If you click Set Expiration, you can set a date and time for the message to expire, after which the recipient will be unable to read it. After you send an email using Virtru, you can revoke it at any time, after which the recipient will no longer be able to read it. All of these options are available directly from within Outlook.


Regardless of whether you use Virtru with Outlook or with a webmail service, you also get access to an online dashboard. The dashboard shows you the full history of messages you’ve sent using Virtru and includes controls for revoking access, adding an expiration date and disabling forwarding.

My first message sent to Gmail was blocked as spam.
My first message sent to Gmail was blocked as spam.

The one glitch I ran into using Virtru involved Gmail. The first time I sent an encrypted email from Outlook on my desktop to Gmail, Gmail considered the message spam. As you can see above, Gmail explained that it considered it spam because it was “written in a different language than your messages typically use.” Presumably, this “different language” was the encrypted text. However, once I indicated that the message was not spam, the problem never recurred.

Using Virtru on an iPhone

As noted earlier, Virtru can also be used with the iPhone and with Android devices. It works directly with your device’s email application and includes the same options as other versions for revoking emails, setting expiration dates and limited forwarding.

Virtru is free to use. It is still in beta, but users were sent an email last week saying that it is soon moving from beta to general availability. The email did not indicate whether there would be a charge to use the product after it comes out of beta. Virtru also offers an enterprise version that works with Google Apps.

Like the other encryption apps I previously reviewed, the bottom line on Virtru is that it makes encryption as easy as sending an email. No exchange of “keys” is required, as with some other encryption programs, or even any real understanding of encryption.

Virtru works best when both the sender and recipient already have the plug-in, in which case it as seamless as sending and reading any other email. Even when only the sender has it, however, it is easy for the recipient to read and receive attachments.

Last year, I posted my picks for the 10 most important legal technology developments of 2013. In many ways, this year’s big legal tech stories were continuations of last year’s. Last year, for example, I wrote about the cloud having come into its own, about competence in legal technology becoming a necessity, about mobile becoming the driving force in tech development, about practice management becoming mainstream, and about technology helping to fill the access-to-justice shortfall. All of these continued to be important into 2014 and to develop throughout the year.

But 2014 had significant developments of its own in the area of legal technology. As I look back over the year, here are my picks for 2014’s most important legal technology developments. The numbers are not meant to be rankings — all of these are important in their own ways.

1. Legal research “rebels” join the establishment. 

PowerPeopleBudget-consciousness at large firms is driving greater use of “value” legal-research services, transforming the importance of those services in the overall legal-research landscape. Let me explain. Loosely speaking, legal research providers fall into three groups. One consists of the 800-pound gorillas, the large and established companies that dominate the market. Here you find Westlaw and LexisNexis, along with Bloomberg BNA and Wolters Kluwer. Another group consists of the start-up innovators, new companies that are introducing new approaches to legal research. In this group, you have companies such as Casetext and Ravel Law. Somewhere in between those two groups are the companies you might think of as “value” providers, most notably Fastcase and Casemaker. These companies were once rebels themselves, bringing primary legal research to the legal market at a cost far more affordable than the gorillas offered.

These value companies are perceived as primarily serving the smaller-firm market and not widely used by larger firms. That, however, has changed. This struck me most clearly when I attended last summer’s annual meeting of the American Association of Law Libraries. From large-firm librarian after large-firm librarian, I heard the same thing: Fastcase is now a key part of their legal-research line-up. (Not to slight Casemaker, but it was Fastcase I heard mentioned most often.) Large firms have their Westlaw or LexisNexis subscriptions, maybe both, because there is some research that can’t be done anywhere else. Many now also have some number of Bloomberg Law subscriptions, for the specialized areas that it covers better than others, such as finance. But now part of the mix is Fastcase, and to a lesser extent Casemaker, and these larger firms are encouraging associates to use them for routine case law and statutory research. These services, once seen as rebels, have joined the establishment. And that’s a good thing for the market overall, because it is driving cost reductions and product enhancements.

2. ‘Legal Hacking’ is no longer an oxymoron. 

Hackathon_017A year ago, many legal professionals had never heard of a hackathon and the concept of legal hacking seemed like an oxymoron. Today … well, many legal professionals have still never heard of a hackathon — but a whole lot more have than had a year ago. Now, legal hackathons are a “thing” and legal-hacker groups are active all around the country. By “hacking,” I do not mean breaking into computer systems. Rather, I am referring to people who are skilled in computer coding and who use that skill to develop innovative solutions to problems. In the legal field, hackers are using coding skills to develop computer programs, mobile apps and web tools for purposes that range from streamlining legal practice to bridging the access-to-justice gap. Legal hacking gained its first national stage in 2014 with the ABA Journal’s Hackcess to Justice event during the ABA annual meeting in Boston, a tw0-day competition where three judges (of whom I was one) awarded cash prizes to the teams that came up with the most innovative ideas for improving access to justice. All of a sudden, there are legal hacking events taking place all over the country (here is one coming up in January) and associations being formed of those who are involved in hacking, such as Hacking is a grassroots phenomenon that is already pushing innovations in legal technology and legal services.

3. Encryption becomes essential.

encryptionFrom time-to-time here, I have pointed out that lawyers fall woefully short in their use of encryption and other security measures to protect privileged client communications, and I have reviewed various products that make the use of encryption easier. Even so, encryption-avoiders take comfort in ethics opinions that tell them that encryption is not necessary. The most prominent of these was ABA Formal Opinion 99-413, which concluded that a lawyer sending confidential client information by unencrypted email does not violate the model rules. Well, that was 1999. We know a lot more now than we did then about the state of digital security. Law firms are being hacked. Email is being intercepted. This isn’t a “maybe” anymore. In 2014, encryption became a must-have tool for lawyers. Don’t just take my word for it. Two of the most respected voices in law firm security, Sharon D. Nelson and John W. Simek, recently said the same thing: “Trust us, it has now reached the point where all attorneys should have encryption available for use, where appropriate, to protect client data.”

4. Businesses and technology are changing the nature of law practice.

shoppingcartThe Legal Services Act enabled companies in the UK to offer legal services. And the world did not end. In fact, three years later, the act is widely perceived as having driven innovations that have been beneficial to consumers. (See here, for example.) Meanwhile, here in the U.S., many in the legal profession remain focused on trying to shut down innovative legal companies on the grounds that they are engaged in the unauthorized practice of law. But the marketplace is a powerful force. Increasingly, companies are using technology to push the UPL envelope. This was a year in which LegalZoom won significant victories on the UPL battlefront and stood poised to expand the range and types of services it offers. This was a year in which Avvo began providing fixed-fee, on-demand legal advice. This was a year in which even the ABA acknowledged, “Familiar practice structures are giving way in a marketplace that continues to evolve. New providers are emerging, online and offline, to offer a range of services in dramatically different ways.”

5. Docket searching is the new black.

UspacerLawyers have a love-hate relationship with PACER, the federal courts’ system for electronic access to records. We love having electronic access to these records, but we hate the system’s clunky and archaic interface. PACER turned 25 last year and it is showing its age. Thankfully, 2014 brought the emergence of a whole new group of products, all aimed at making it easier for lawyers to get at and use the information PACER contains. Last March, I reviewed one of these, PacerPro, in the ABA Journal. Now, there are several services offering variations on this theme, such as Inforuptcy for researching bankruptcy dockets (which I reviewed in May) and DocketFish (which I plan to review soon).  Another service, Patent Advisor, is doing something similar for the USPTO’s Patent Application Information Retrieval (PAIR) system, letting you slice and dice its data in ways that give you new insights into the patent approval process and into the examiners who drive it.

6. Human + Machine > Human

In last year’s post, I noted that lawyers were at last overcoming their fear of computer analytics and artificial intelligence. The sensational headline of a 2011 New York Times article, Armies of Expensive Lawyers, Replaced by Cheaper Software, characterized the concern that technology would render lawyers moot. If 2013 was the year in which lawyers overcame their fear of such technologies, then 2014 was the year in which these technologies became accepted as essential and commonplace. Nowhere is this more true than in the area of e-discovery. The volumes of data now common in large-scale litigation render it physically and economically impossible for lawyers to perform eyes-on review of every document, as they once did. No longer are lawyers asking whether they should use technology-assisted review. Instead, the debate has turned to which methods are better for which cases. And no longer is the fear that TAR and similar technologies will displace lawyers. Rather, we now understand that humans and technology can work together to produce results far superior to those from humans working alone.

7. Your father’s legal directory is dead.

Reading-Book-ManWhen a major legal publication such as the ABA Journal looks into whether a company is about to die, it probably is. Martindale-Hubbell was once an essential resource. Its hard-bound volumes filled shelves in most law offices and its AV ratings were considered the ultimate badges of prestige. But this year saw the completion of a joint venture in which Internet Brands — which operates a portfolio of consumer-facing websites such as and — took over operation of Martindale from LexisNexis. This led Kevin O’Keefe to question whether Martindale-Hubbell and its lawyer ratings “still exist as we knew it” and Jean O’Grady to declare that Martindale had bitten the dust. Meanwhile, the once-controversial and now widely accepted legal directory site Avvo picked up another $37.5 million in financing, for a total raised since its inception of $60.5 million, a LinkedIn profile has become de rigueur for legal professionals, and lawyers’ use of Facebook continues to expand.

8. Practice management goes wide.

OrdervChaosMy legal-developments post last year declared that 2013 was the year in which practice management “went mainstream,” thanks to a growing crop of sophisticated and established cloud-based practice management platforms. Continued growth in the use of practice management applications remained a major development throughout 2014. But even as that as happened, these applications have been changing the trajectory of their development. From a lean focus on simple practice management, some are looking to go wider — to provide an array of integrated tools and services that bring them closer to serving as a hub not just for practice management, but for all functions within a law practice. The clearest example of this was Clio’s announcement at its conference in September of integrations with Fastcase, QuickBooks Online, and other products. As Clio co-founder Jack Newton told me in a recorded interview, “We want Clio to be an all-encompassing solution for a law practice. We want it to be the hub of a multi-spoked wheel that is providing a very complete and comprehensive solution to law offices.” Other practice management providers are pursuing similar trajectories.

9. Innovation and disruption become the norm.

innovationEarly in 2014, I wrote a post, A Time of Unprecedented Innovation in Legal Technology, in which I posited that we are now in a moment in legal technology of unprecedented innovation and creativity. As 2014 comes to a close, I believe that even more strongly. I summed up my sense of this in a recent post, where I wrote, “We live in a time when two guys in law school who think they have a better idea for a legal research site can run with it and create the company Ravel Law by the time they graduate. We have transformed from a time when legal technology and legal information were products driven by large corporations to a time when anyone with a way to make things simpler and smarter can succeed.” I’ve written this blog since 2002 and covered legal technology for more than 20 years. There have been times when I’ve struggled to find interesting products to write about. These days, I can’t keep up with them all. Some fail. Some are just dumb. But many are good and some are really good, and both we as practitioners and our clients reap the benefits.

10. The justice gap becomes a primary driver of innovation.

bridgingthegapWe are in the midst of a crisis in the delivery of legal services and it is only getting worse. Study after study has documented that our justice system is addressing only a small fraction of the legal needs of low- and moderate-income people. Year-after-year of cutbacks in IOLTA and other sources of funding has only exacerbated the problem. There is growing recognition of the fact that lawyers, alone, will never bridge the gap. We can’t just hope for more pro bono hours or greater funding — and they wouldn’t be enough in any event. All of that said, it is this very gap that is driving innovation in the delivery of legal services. I have an article out this week in the ABA Journal about the widening use of non-lawyers to deliver legal services, driven by the justice gap. The growth of companies such as LegalZoom and Rocket Lawyer has been driven by the justice gap. There is a vaccum in the delivery of legal services, and innovators are coming forward to fill it.





When drafting an email in Outlook, the Delivery Trust toolbar provides security options.

Email encryption is one of those things lawyers talk about far more than they do. As I reported here recently, the 2014 ABA Legal Technology Survey Report found that only a quarter of law firms had any kind of email encryption available for their lawyers to use. Instead, a large majority of lawyers rely on confidentiality statements in their emails to protect them.

For many lawyers, a key roadblock to using email encryption is that doing so can seem confusing and cumbersome. That why I like software that makes it easy to encrypt. One such program is Enlocked, which I wrote about here and here, and which I described as making encryption “idiotically easy.” It is a plugin that  works with Outlook and Gmail and with iOS and Android mobile devices.

Recently, I’ve been trying out another option, Delivery Trust, from Identillect Technologies. Like Enlocked, Delivery Trust installs as an Outlook plugin. It can also be used through a Web portal and via mobile apps for iOS and Android. It does not work with webmail programs such as Gmail and Yahoo.

One major difference in Delivery Trust is that it not only encrypts email, but it also allows the sender to place various security controls on a message. Using these security controls, you can require various forms of authentication by the recipient; you can disable printing, forwarding or downloading; and you can set when the message will expire.

Another difference is that it does not require the recipient to install a plug-in or provide log-in credentials. With Enlocked, for example, the recipient must also have the Enlocked plug-in in order to read your encrypted messages. With Delivery Trust, the recipient is directed to a web page to read the message.

Adds Toolbars to Outlook

When you install Delivery Trust in Outlook, the plugin adds a “Secure Send” button to the toolbar. It also adds a toolbar to the right side of the screen that you see only when you are composing an outgoing message.

This right-hand toolbar has two tabs. The first, “Authentication Choices,” lets you set policies for how, if at all, the recipient is to authenticate his or her identity. Choices include the last four digits of the recipient’s mobile or business phone number, the recipient’s zip code, or a custom password or security question. If you set one of these options, then the recipient must provide the answer in order to view your email.

If the recipient is already in your Outlook contacts, then Delivery Trust will automatically fill in these authentication fields. You can toggle the ones you want to use or not use.

The second tab, “Security Policies,” lets you place restrictions on the message. Here, you can disable printing or forwarding of the email and block downloading of the email or any attachments. You can also set when the email will expire and limit the number of times the recipient can view the email.

Delivery Trust does not allow you to turn off message expiration. All messages you send will expire after a month, or sooner if you set the expiration to be sooner. However, if you do not disable downloading, the recipient is able to download the message and any attachments in PDF, but that must be done before the message expires.

Once you send your message, the recipient receives an email saying that the sender has sent a secure email. To view it, the recipient must click on a link. That opens a web page showing who sent the email and identifying any restrictions on the email, such as its expiration date. The recipient then clicks “submit” to view the email. No log in or special account is required.

The cost of Delivery Trust is $8.95 per user per month. A web-only version, which cannot be used with Outlook, is $5.95 a month. A business version, which includes a company logo on emails and a branded Web portal, is $10.95 a month.

If you want even more security controls for your email than just encryption, Delivery Trust may be the product for you. It provides a number of security controls and authentication options. Its one downside, at least for some users, is the inability to disable email expiration.

Security Tools Used

Nearly half of law firms were infected with viruses, spyware or malware last year, according to the latest ABA Legal Technology Survey Report. At the same time, only a quarter of law firms had any kind of email encryption available for their lawyers to use, the survey found.

Also, 14% of law firms experienced a security breach last year in the form of a lost or stolen computer or smartphone, a hacker, a break-in or a website exploit.

Taken together, these findings paint a sorry picture about the state of law firm security: Viruses are common; encryption is not.

Firms with virus

In the survey, 45% of respondents said that their law firm technology had been infected with a virus, spyware or malware. That was more or less the same as the two prior years (43% in 2013 and 44% in 2012) and down from 55% in 2011. Firms of 2-9 attorneys were most likely to have had a virus (51%), while firms of 500 or more attorneys were least likely (31%). Another 28% of respondents could not say whether their firm had been infected.

On the bright side, of those who reported an infection, 48% said it resulted in no business losses or breaches. The most common negative results from virus infections were downtime/loss of billable hours (42%), consulting fees for repair (37%), and temporary loss of network access (25%).

Only 6% said the virus resulted in the destruction or loss of files and less than 1% said it resulted in unauthorized access to non-client sensitive data.

Regarding email encryption, just 25% of law firms have it available, according to the survey. It is more commonly used at larger firms and least likely to be used at solo and small firms.

However, among lawyers who affirmatively say they use email to send privileged or confidential communications, the use of email encryption is slightly higher — 35%. By far, the most common “security precaution” taken by lawyers who send privileged emails is to insert a confidentiality statement in the email. Seventy-three percent of lawyers rely on these statements to protect email confidentiality.

Security Breach

As for security breaches, they were most common at firms of 10-49 lawyers (19%) and 500 or more lawyers (17%). Among solos, just 12% reported a security breach.

For the most part, these breaches resulted in no business disruption or loss, although 26% said the breach caused downtime and loss of billable hours. Eight percent of the breaches caused the destruction or loss of files, but just 1% said it resulted in unauthorized access to sensitive client data. In 5% of the cases, the firms notified clients of the breach.

Some other interesting findings pertaining to law firm security:

  • 56% of respondents said their firm has a disaster recovery or business continuity plan, while 21% did not know whether their firm had such a plan.
  • The most common form of data back-up is an external hard drive, followed by offsite backup and online backup. Some 10% of firms use USB drives for back-up and 6% use CDs.
  • Half of all firms back up their computer files daily. Another 15% back up more than once a day.

About the Survey

The Legal Technology Survey Report is edited by Joshua Poje, director of theLegal Technology Resource Center.  It is published in six volumes. Each volume can be purchased for $350 or, for ABA members, $300. The volumes are:

combined edition can be purchased for $1,800 or, for ABA members, $1,550.


Professional-strength PDF software is a must-have for lawyers, and the gold standard for PDF software has always been Adobe Acrobat Pro. But at Acrobat Pro’s current retail price of $449, many lawyers, especially in smaller firms, opt for more budget-friendly alternatives, such as CutePDF Professional, which I reviewed here several years ago.

Now there is another choice. Today, Nuance Communications — maker of the Dragon speech recognition software — is launching Nuance Power PDF Advanced, a full-featured professional PDF program, with all the features businesses — including lawyers — would expect in such a program. Notably, Nuance has set the price of Power PDF at $149.99 — a third the cost of Acrobat Pro — with volume discounts available.  (A 30-day free trial is available.)

Although Nuance also offers a version for individuals and home offices, Power PDF Standard, at $99.99, most lawyers would want Power PDF Advanced. It includes several features that are important in a law practice:

  • Redaction to black out sensitive information, including the ability to automatically search and redact.
  • Bates stamping and advanced header and footer functionality.
  • PDF/A and Section 508 compliance checking, including the ability to fix files that do not comply.
  • Secure delivery, encryption and digital rights management capabilities.
  • Integration with LexisNexis CaseMap.

Another feature of the advanced version is integration with file-sharing sites and document-management systems, enabling users to open files directly from and save them directly to these systems. A smaller law office could use this to integrate with Box, Dropbox, Evernote, Google Docs or Office 365. A larger firm could connect with an enterprise DMS such as Autonomy, Documentum, SharePoint and NetDocuments. (This integration must be selected during installation of the software. If you forget, re-run the installer and select “Install Cloud Connector.”)

I have been testing a pre-release version of Power PDF Advanced for a little over a week. I’m sure there is a power PDF user out there who could find shortcomings in this over Acrobat, but I could not. I was able to do any of the tasks I would want with a PDF program.

Also, once I adjusted to the different user interface, I found it easier to perform many tasks using the Nuance software than with Acrobat. The software uses a Microsoft-office style ribbon interface which is easy to navigate. Items can easily be added or removed from the ribbon or rearranged.

Some of the other notable features of Power PDF Advanced include:

  • Integrated Dragon Notes speech recognition, enabling users to add notes to PDF files by dictating text. Nuance actually sends the speech off to its servers in the cloud to process; within seconds, it appears in the sticky note.
  • Integrated OCR using the same technology as Nuance’s OmniPage.
  • Watched folder and batch sequence capabilities to automate common tasks and move files from one location to another. Using watched folders, you could simply drag a group of documents to a folder to automatically convert them to PDF. With a batch sequence, you can string together multiple commands to be performed as a single command on a group of documents, such as stamping and watermarking them.
  • Word-processor-like ability to edit PDF content, including graphics and charts.

Of course, it also includes the features you would expect to find in a professional PDF program:

  • One-click creation of PDF files from within Microsoft Word, Excel, PowerPoint and Outlook.
  • One-click creation of PDF files from within Internet Explorer (but not other browsers, where you would have to print to PDF).
  • Creation of PDF packages and portfolios.
  • Conversion of PDF files into Word, Excel, PowerPoint and WordPerfect (and to convert only a selected area of a page).
  • Conversion of image PDFs to searchable PDFs.
  • Drag-and-drop ability to add or remove pages from a PDF document, with automatic page renumbering.
  • Full commenting and annotations.
  • Support for network scanning.

Whereas Acrobat Pro is designed for use in graphics and printing, the Nuance product is not. It will not produce files in PDF/X, which is a graphics format for printing, or PDF/E, which is a format used in engineering. The product manager I spoke readily acknowledged this, saying that Nuance’s focus was on developing a product for the business setting, where customers care more about document assembly and functionality.

If you have been holding out from buying Acrobat Pro because of the price, then check out Power PDF.

Lawyers have an ethical obligation to protect the confidentiality and security of communications with their clients. The more we learn about NSA snooping, the more we realize what a challenge that can be.

wickr_compose_messageOne option for secure communications is to skip the email and use the SMS messaging app Wickr, which is available for iOS and Android phones. Wickr lets you send text, picture, audio and video messages, as well as PDF documents, with military-grade encryption, so that only you and the recipient can read the message. Although your message travels through Wickr’s servers, it is transmitted using cryptographic hashing that prevents anyone at Wickr from opening your message or revealing it to third parties yielding subpoenas.

In addition, you can set an expiration date for any message you send — anywhere from one second to five days. When the recipient opens the message, the timer begins counting down. Once the expiration time arrives, the message is deleted from the recipient’s device. Your sent message will also self destruct, although not until 24 hours after the self-destruct time you set for the recipient. You can delete a message at any time.

Deleted messages are destroyed using file-shredding technology specifically designed for mobile devices. Typically, when you send an email or message to trash, it remains accessible if someone were to take your phone. When Wickr is running, its file shredder continuously shreds anything you put in the trash.

Wickr integrates with Box, Dropbox and Google Drive. That means that you can use Wickr to send a document securely from one of these services to a client or colleague.

Wickr has one of the strongest privacy policies you’ll find anywhere. The following is taken directly from Wickr’s policy:

  • We use military-grade encryption. Our encryption is based on 256-bit symmetric AES encryption, RSA 4096 encryption, ECDH521 encryption, transport layer security, and our proprietary algorithm.
  • We canʼt see information you give us. Your information is always disguised with multiple rounds of salted, cryptographic hashing before (if) it is transmitted to our servers. Because of this we donʼt know — and canʼt reveal — anything about you or how you use the Wickr App.
  • Deletion is forever. When you delete a message, or when a message expires, our “secure file shredder” technology uses forensic deletion techniques to ensure that your data can never be recovered by us or anyone else.
  • You own your data. We do not share or sell any data about our users. Period.

On top of that, the company promises that it will never collect any location information from your device or have access to the contents of any communications you send. After messages are deleted, “they are forensically deleted and are not retrievable by us or anyone else.”

Wickr is free to use and the app is free to install. An added bonus for those who pay for text messaging is that messaging through Wickr is not only secure, it’s free.