Why Email Encryption is Necessary for Lawyers

No matter your profession, encryption is a smart way to protect your intellectual property and sensitive email messages, but how important is email encryption for lawyers?

To learn more, we reached out to Gordon D. Cruse, an attorney practicing divorce and family law in San Diego. When he’s not representing clients, Cruse also provides eDiscovery consultation through his firm eDiscovery Readiness and Results, which helps attorneys learn how to securely work with electronically stored information (ESI). An attorney and a digital security advocate, Cruse explained to us why he thinks every attorney should include email encryption as part of their overall security and privacy policy.

Do you use email encryption in your practice?

I do. What I use right now is Virtru — I just find it to be both incredibly easy and incredibly secure, so I can send the client data without risk of it being intercepted. As it is now, we have a policy that every client has to sign asking permission for us to use email to transmit sensitive data. We advise the clients that we can’t guarantee the security of using email without some sort of encryption software.

We suggest that they allow us to use Virtru because for us, it’s a matter of clip and switch. It’s literally just a slide bar on our mail program. We can then encrypt the email, and there’s nothing for our clients to download. They don’t have to get Virtru themselves and they don’t have to buy anything — there’s no cost to them — they literally just have to log in with their email address and then they’re able to get the mail that we send them. The email message is protected, and the attachment is protected.

What kinds of documents or attachments do you send via email?

Settlement agreements, which might encompass estates worth multiple millions of dollars, tax returns, credit card statements, pay information, brokerage account statements — things that I would have had to redact a great deal of info out of (which damages the utility of the document), or I would have had to photocopy and FedEx to the client with an email saying, “I have FedExed the documents to you. You’ll have them tomorrow. I cannot include them in an email.”

I’ve had this discussion with other lawyers. When you send an email, it doesn’t go from your computer to mine. It goes from your computer to whatever mail server, then bounces all over the place before it eventually gets to mine. Little bits can be left anywhere, and anyone with a packet sniffer can get that email. With many of these documents, you’ve given an address, social security numbers and bank account information. That sets your clients up for data theft, identity theft and credit card theft. It’s “below the standard of care” to send naked tax returns or other documents via email. You should at least be password protecting your documents, but you should also encrypt the email and attachment.

We’re always surprised at how trusting people are with their data.

On one hand, people have an inordinate fear of technology, but at the same time, they have this belief that the data inside the metal case of their computer is somehow safe. They have no understanding that the minute they plug into that network cable or they hook up to WiFi that they’re outright broadcasting data that any receiver that’s tuned correctly can intercept, or (if they have the right applications) read and understand. Anyone’s account can be hacked.

We’ve written about how limited email disclaimers are in scope. To be frank, they don’t really do much. How does email encryption for lawyers help prevent confidentiality breaches?

In California, our inadvertent client privilege material disclosure rules are a little stronger than the federal rule. Under the federal rules, if you inadvertently disclose attorney-client privileged information, then the privilege is waived and no side gets to use the stuff. In California, you’re supposed to notify the sender if you’ve inadvertently received privileged information, since the sender is blind to the fact they’ve sent it. You then have to return it or destroy it, not use it.

If you send a client letter in a Virtru secured email, and there’s an attachment, you can call it back. But the fact is: we’re all adults here. You know they’ve read it. You can’t unring the bell. It’s going to be there every time someone makes a decision affecting the case. Now, Virtru gives you the ability to recall any secure email you’ve sent, so you can at least shut off access if it went to the wrong person. It does require vigilance on the sender’s part — if you sit on that email for a week, for all you know, the receiver might have already logged on and read it, maybe even written things down.

The other thing I love is that I can stop people from forwarding what I’m sending. Sometimes, as a divorce lawyer, you run into the client who uses an email you sent as a way to intimidate their spouse: “Well, you know, my lawyer says.” Of course, that’s a confidential email, so being able to prevent forwarding is a very useful feature.

Would you encourage someone about to get a divorce or to enter into a family law dispute
to use email encryption?

In some cases, you might be living in the same house as the person you’re having the dispute with, so privacy is a bit more complicated.

We always instruct the client to set up a new email account with a password that the other side won’t be able to guess (because inevitably, people tend to use the same kinds of passwords). You have to use a different password, and you can’t write it down.

By the time the client opens a new account, they’ve been married long enough that it’s really easy that at some point in the past they said, “Oh just copy that and send it to the accountant.” Well, it’s in their email account, so they might have given their spouse their password. While you have a defense because you only allowed conditional use of the password that one time, it’s still easier to avoid the problem and open a new account.

In the policy I have, we talk about using encryption. I say, “I will use Virtru on my end.” More and more of my clients agree to use it because it’s so simple. It doesn’t require that they do anything other than that one-time login.

Do you feel that email encryption for lawyers will catch on soon?

Right now, lawyers are about 20 years behind where they need to be in terms of technology and security. I think that the fact that Virtru is so convenient will absolutely help it catch on. I’ve done Virtru demonstrations for colleagues simply by saying, “I’m going to send you a secure email,” and then sending the email. It costs nothing, and then you compare that to something like Pretty Good Privacy (PGP), where you pay, get an encryption and a decryption key, and then the client loses the key within the first week. Now you have to fix it by creating a new key for them. It’s just hassle after hassle, versus Virtru.

With Virtru, you slide the little bar over, click how long you want the email to last, select whether or not you want it to be forwarded, add any attachments, and click send. Done. It’s idiot-proof.

The other thing that’s good about Virtru that a lot of lawyers don’t understand is that any time you do cloud storage — and in a way, Virtru is cloud storage for lawyers, since your messages are in an off-site email server — here we have control over the physical media. Even if Virtru is served a subpoena, the data is encrypted and unreadable. So the client’s data is protected, the servers are in the United States and I understand the law of this country, since I’m an attorney who lives here.

By using email encryption, I’ve done everything I can, well beyond the standard of care, to make sure that my client’s data is protected, even if it’s sitting on Virtru’s server. I don’t understand why every lawyer isn’t using this.

Virtru: Email Encryption for Lawyers, Business Professionals and Personal Use

With the complicated nature of family law, privacy can get hairy, so it’s important to take all necessary measures to protect your clients’ data. Email encryption is a big piece of that puzzle. But email encryption isn’t just a great way for attorneys to look out for their clients. Whether you’re a lawyer worried about attorney-client privilege, a doctor on the hook for HIPAA compliance or simply an individual user looking to improve your own online privacy, encryption can help you make sure that your email stays between you and the recipient.

Ready to get started with a more secure, more private inbox? Download Virtru today.

Subscribe to Our Newsletter

Connect With Us