Cybersecurity

Contractors Are Now Using Encrypted Calls and Texts for Legal Advice

Maksim Kabakou/Shutterstock.com

With economic espionage and domestic surveillance creating a climate of cyber insecurity, some intellectual property attorneys now employ encrypted communications to correspond with federal contractor clients.  

Tools such as RedPhone, a mobile voice app, and Silent Circle, a text, video and voice service, are among the more user-friendly technologies in use. Civil liberties activists, dissidents and some journalists have long resorted to cryptography to protect information, but some assembly was always required. The new secret message techniques still require trading a little convenience for confidentiality. 

In an attempt to promote wider adoption, and perhaps his business, James Denaro, a patent litigation attorney with the CipherLaw Group, tweeted  Friday night: "We use@Silent_Circle phone and text and encourage our clients to use it to contact us."

The firm started using Silent Circle about a month ago for calls and texting, and six clients are now active users, he told Nextgov via PGP-encrypted email. About 90 percent of the practice’s federal contractor clients use some sort of secure communications to talk or type with counsel. Adoption is lower among companies outside the government sector, with only a bit more than half of all clients, total, using encrypted correspondence. "Our federal contractor client base is relatively technically adept,” Denaro said.

CipherLaw began communicating through PGP-encrypted email when it opened in 2011. Twenty-two-year-old PGP, which stands for pretty good privacy, scrambles messages in a way that requires a unique, private "key" to decode. Along with PGP and Silent Circle, clients also use RedPhone, developed by Open Whisper Systems, and X.509 encryption, another technique for digitally locking emails.

"While there is concern about government surveillance at the moment, there have long been concerns about corporate espionage or security failures at third-party systems through which communications pass or are stored," Denaro said. The financial loss attributed to economic espionage is hard to pin down, with estimates ranging from $13 billion to, as recently reported by the Commission on the Theft of American Intellectual Property, more than $300 billion. 

Competitors and foreign adversaries poach trade secrets by accessing data stored in systems and intercepting data in transit, the way the U.S. government sometimes bugs communications. In fact, the FBI has proposed forcing Web services to build "back doors" into their technology for wiretapping -- a tactic that critics argue would let in eavesdroppers who don't have U.S. citizens’ best interests at heart. 

"While most corporate clients aren't particularly worried about the U.S. government misappropriating their intellectual property in connection with a surveillance program, there is a pervasive concern that any backdoors make systems less secure," Denaro said. 

In May, Silent Circle co-founder Phil Zimmermann condemned the FBI’s proposal. Zimmermann invented PGP. Another company co-founder, former Navy SEAL Mike Janke is slated to discuss the tension between national security and privacy at the Nextgov Prime conference in October.  

"The voice and text message offerings from Silent Circle and Open Whisper Systems are relatively easy to use while still offering a high degree of security,” Denaro said. “Unfortunately, most of the software offerings for PGP email encryption are somewhat difficult for many users to configure and use.”

As secure communications tools become more expedient, he expects to see additional clients take to encryption. 

The American Civil Liberties Group applauded CipherLaw’s legal maneuver. 

ACLU privacy technologist Christopher Soghoian tweeted late Friday, "Cyber security focused law firm the Cipher Law Group encrypting calls with clients. I hope this is a trend."

(Image via Maksim Kabakou/Shutterstock.com)

Threatwatch Alert

Network intrusion / Unauthorized use of system administrator privileges / Software vulnerability

Spammers Commandeer City of Mobile’s Server via Shellshock

See threatwatch report

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
// October 24
X CLOSE Don't show again

Like us on Facebook