Encrypt data before sending it to the Cloud. A best practice?

Note:  Bruce Schneier is a highly regarded expect on security and security technology. The following is from his blog Schneier on Security.  He refers to an article in The Economist.

Dropbox Security

I haven’t written about Dropbox’s security problems; too busy with the book. But here’s an excellent summary article from The Economist,

The meta-issue is pretty simple. If you expect a cloud provider to do anything more interesting than simply store your files for you and give them back to you at a later date, they are going to have to have access to the plaintext. For most people — Gmail users, Google Docs users, Flickr users, and so on — that’s fine. For some people, it isn’t. Those people should probably encrypt their files themselves before sending them into the cloud. (emphasis added)



A Rule 1.6 Technology Audit: What is it? Part 1

Subject to certain exceptions, Rule 1.6 requires that lawyers “not reveal information relating to representation of a client without the client’s informed consent….”  Much of the “information relating to representation” covered by Rule 1.6 is in digital form.  It is reasonable, isn’t it, to require lawyers to know where digital information relating to representation of their clients is stored and who has access to it.   The purpose of a Rule 1.6 Technology Audit is to answer those questions in writing within a reasonable degree of certainty.  One question is “within a reasonable degree of what kind of certainty?”  Lawyers, most of us, are not technologists.  Who can provide reliable information about how secure digital information is?  More in a later post.