Though many industries require documents to remain confidential, few have as high stakes as the legal industry. There are various types of documents that a lawyer has to keep secret, from those relating to attorney-client privilege to evidence that includes bank account information and social security numbers or draft contracts.
As well as confidential information, there’s documentation that’s considered “privileged information”, where disclosure, under law, must not happen under any circumstances.
The consequences of highly confidential or privileged leaking information can be severe. In legal work, the relationship with the client is paramount. As you can imagine, many clients would view such a leak as unforgivable.
But, of course, the leak of privileged and personal information also comes with potential legal trouble that could reflect poorly on the firm as a whole.
Preventing document leaks
Clearly, then, controlling the flow of legal documents is incredibly important. But how do you ensure they’re viewable only by the parties you authorize?
Throughout the legal process, information may need to be shared remotely with various parties, from the opposition to the client, paralegals, co-counsel, and more.
Trusting that documents won’t be leaked at any point in the process is a recipe for disaster, so we have to turn to software for a solution.
Cloud storage services
A tempting option is to utilize a cloud storage service like Dropbox, Google Drive, or OneDrive. These platforms have the advantage of being prevalent and accessible while offering built-in collaboration tools.
However, these platforms are rarely the best choice when it comes to confidentiality. While you can limit access to only certain accounts, this is more of a protection against interception than deliberate misuse.
There’s little to stop a person from downloading the file from your cloud storage and sharing it with whoever they like. Even if you disable downloads in favour of an online viewer, the reality is that this can be easily bypassed by printing the browser page to a PDF, screenshotting it, or sometimes utilizing the developer mode or plugins in your browser to bypass the controls.
Failing all that, they can simply give their login details to another person.
Collaboration services are sometimes acceptable for internal use (if the additional measures are put in place), but once a document reaches its final form and starts to be shared, additional protection is needed.
Secure deal rooms
One industry that has sprung up in recent years is the secure deal room industry, also known as secure data room or virtual data room. These services often target the legal industry in their marketing, claiming to ensure “absolute confidentiality” while maintaining collaboration and centralized storage.
The basic idea is to rent or create a space on a server and upload your unprotected documents. Logins are then created for third parties to access the documents and collaborate. Documents are encrypted at rest, and tracking is often applied went they’re in use.
Unfortunately, secure data rooms are likely less secure than you think. They often use a username and password system for access. Just like cloud storage services, these credentials can be deliberately shared or stolen, allowing unauthorized users to access documents.
And while two-factor authentication may help with stolen credentials, it doesn’t help when they’re deliberately shared – the user can simply forward their 2FA code.
On top of this, most secure deal rooms utilize the browser for access. This is a problem, not just because it can be sluggish for large documents, but because of the inherent security limitations.
Though some secure deal rooms promise to prevent editing and printing or set expiry dates, there’s only so much a browser can stop.
Due to the user’s control over their browser environment, controls such as this, which are usually enforced using JavaScript, are trivial to bypass. They can use third-party plugins or their browser’s developer mode to modify the code in their browser and circumvent their controls.
On top of this, there’s nothing to stop a user from simply screenshotting a document using screen-grabbing tools and compiling the pages in a photo editing app. If you need to enable physical printing, they can also print to a PDF instead and make infinite, untraceable copies of your document.
Document DRM
There’s no real way around it, then. If you want to protect your confidential documents, a good document DRM is likely your best choice. With PDF DRM, the document is heavily encrypted before it leaves the sender’s PC and only be opened by a recipient with the DRM’s secure viewer application and a corresponding license file.
The use of a dedicated app to interact with files eliminates the inherent issues with browser-based methods. In addition, the app can enforce far more controls on the operating system, effectively preventing editing, screenshotting, and printing due to its secure nature and the inability to add plugins.
This freedom to enforce controls additionally allows for new types of restrictions to be enforced. You can, for example, set expiry and self-destruct timers, revoke documents on the fly, restrict access to locations and devices, and add dynamic watermarks.
This added flexibility allows protection to be applied to legal documents on a modular basis, depending on their sensitivity.
The best thing about document DRM is that it can often be combined simply with other solutions. For example, you can create your documents in a secure collaboration tool, then save the final version as a PDF and encrypt it before uploading it to cloud storage.
The document is then protected during its creation and can be easily accessed through online storage. Yet, it is still unable to be edited or copied by others after being downloaded. This makes it an ideal solution for many law firms and other industries.
