CCBE guidance on improving the IT security of lawyers against unlawful surveillance

Lawyers suck at infosec.

Expensive lawyers also suck at infosec.

They’re just more expensive.

The Surveillance Working Group of the Council of Bars and Law Societies of Europe (CCBE) apparently want lawyers to suck less (at infosec) hence has issued a Guidance (.pdf - EN)1 on improving the IT security of lawyers against unlawful surveillance in May 2016.

The requirement for lawyers to keep confidential their communications with their clients is an essential component of the rule of law in a free and democratic society. Yet it is a value which is coming under increasing threat, whether by means of unlawful interference by third parties or, in some cases, inadequately regulated governmental surveillance.

There is a wide variety of security risks to which data held by lawyers and communications between lawyers and clients are being exposed on a daily basis.

There goes their conclusion:

Absolute protection of IT systems against surveillance, lawful or otherwise, and against other forms of hacking cannot be achieved. IT systems will always be vulnerable, and, as this Guidance demonstrate, there is no such thing as a comprehensive system which will give total protection of data.

Against that background, it is important for lawyers to be able to demonstrate, to their clients, and to the wider public the measures they have taken.

Armed with this, lawyers won’t certainly turn to infosec wizards but they can try at least to suck less (at infosec). They might get even more expensive though.

  1. .pdf also available in French↩︎