Practicing Law Securely — Living with Links
Bob Blacksberg discusses the fundamental security features a secure shared location, a “Secure Repository", should have when sharing messages with links.
24 March 2015
In the Practicing Law Securely — No More Attachments, I urged lawyers to stop attaching files to email messages. Instead, messages should include links to files kept in a secure shared location, which I will call here the “Secure Repository.” For this blog post, I assume that the Secure Repository operates with fundamental security features:
- All content saved in the repository is encrypted, when sent and saved at rest.
- Permission to find, view, and download any item can be controlled and limited to those authorized by the person who stores the content.
- Access to downloaded documents can be revoked.
- The repository can support notification of changes, reports of usage, and auditing of its contents.
Practicality Comes First
The “No More Attachments” rule will be adopted and sustained only if people can work with documents in a Secure Repository in a practical way, easily mastered with low frustration. The balance of effort and protection against risk may feel like a burden. Yet, nearly all of us master habits to protect against risk every day when we lock the doors to our houses and cars.
For practicality, use of the Secure Repository must compete with the ease of adding files as attachments to email messages. True, it is not always “easy” to send and receive email attachments. Large email messages may be blocked. Email systems, when used for document storage, may misbehave (or their users do). IMany of us have been burned by versions intentionally or accidentally saved in the temporary folders used when opening an attachment for editing. Conflicting versions may exist in file folders, document management systems, and email messages.
If lawyers and their staff are going to be able to send, receive, and use links to documents saved in a Secure Repository, these features matter:
- When preparing to send an email message, preliminary attached files can be filed to the Secure Repository, and links to their location in the Repository can be inserted in the message automatically.
- Working from the Secure Repository, it is easy to create an email with a link to the secure documents.
- Recipients can open the links to the Repository with minimal (at best no) intervention by the sender or the sender’s staff.
- The Repository content must be encrypted when traveling in and out of the Repository and when stored in the Repository.
- Participants can choose to work with the secure content on a copy local to their system, synchronized automatically with the Repository, and retaining its security protections through encryption.
External Repositories — Now Familiar
Shared repositories used to be a mysterious concept for most lawyers. They were accessible at an address on the web, but required that documents be uploaded and downloaded manually, and had no automated connection to the lawyer’s regular programs, such as email, Microsoft Office, and the law practice’s document management system. One had to go to the website to get a link to a document, and then insert that link into an email message. These steps interrupted and complicated “attach and mail.”
Some of us, particularly in M&A practices, use shared repositories regularly for due diligence. For many of us, Do It Yourself technologies have led the way to easier document sharing, and widespread unofficial usage occurs in many law practices. Google Drive, Apple iDrive, Microsoft OneDrive, Dropbox, Box, and others all support practical document sharing, especially by synchronizing their contents with a local copy, but they all may not support all of the capabilities described above.
How Links to the Secure Repository Gets Created and Shared
We can see these capabilities at work in Intralinks VIA®. When an email message is ready to be sent, Intralinks VIA will gather, upload, and create links to files attached to the message.
As shown in Figure 1, when an email is sent with attachments, Intralinks VIA gathers the attachments, uploads them to the Secure Repository, creates a folder for the attachments, and gives rights to the folder and the documents to the recipient of the email message. Intralinks VIA adds the link to the Secure Repository folder to the outgoing message, as shown in Figure 2. One suggestion for writing a message with linked files — include an explicit description of the files, such as their titles, in the body of the email message. We have become used to writing messages that just refer to the “attached” files, allowing their file names to describe what they are.
Following the link, the recipient can open the folder in the Secured Repository containing the documents. Along the way, the recipient must log in to the Secured Repository to confirm his or her permission to access the documents.
Figure 1: Intralinks VIA gathers attachments
Figure 2: Message with link replacing documents
Figure 3: Linked documents in Intralinks VIA
For my next post, I'll review two scenarios for working with the Shared Repository, as well as how the use of the Shared Repository should be coordinated with an internal Document Management System.
Robert L. Blacksberg Esq.
Bob’s experience spans more than two decades of technology leadership for lawyers, following a law practice that included partnerships at two Philadelphia law firms. Bob is principal of Blacksberg Associates, LLC and leads engagements with law firms in strategic technology planning and implementation, creates and delivers CLE training programs, and works with leading technology vendors to explain, promote and train leading-edge technology products for lawyers. An author and speaker, Bob has appeared at the International Legal Technology Association (ILTA) conference and on ILTA Roadshows.