If you perform research outside of the office, you have a number of ways to secure your research session. The most obvious is to use encrypted browser sessions, like searching https://www.google.com – note the s after the http – rather than the unencrypted site. You might also use a VPN. Lifehacker has a nice description of the Disconnect Web browser add-on, which can protect your wireless connection against sidejacking. An added bonus is that it blocks some of the tracking done by advertisers and other sites while you’re surfing the Web.
Disconnect is a free add-on for Mozilla Firefox, Google Chrome, and Apple Safari.
Lawyers struggle with confidentiality related to communicating with clients in a secure way. While e-mail has been accepted as a reliable method, if only because of an expectation of privacy, you may be more concerned about sending an attachment. Yousendit.com is frequently mentioned in legal technology circles as an easy and reliable way to send large files. You upload the file to Yousendit’s Web site and your recipient accesses it there.
Microsoft Outlook users could quickly send files using a plug-in. Yousendit has recently updated their Windows and iPad software and have now added an Android app and support (still beta) for Macintosh OS. Yousendit supports e-signing as well as secure e-mail, and may be a good way for lawyers to send and receive files from clients and keep them in a native, electronic format.
When you are managing online information, you are probably storing some of that information online, whether it’s your Web-based e-mail or your online bookmarks. I wrote a piece for the Slaw.ca blog in September on using encrypted connections. But your connection is just one piece of the puzzle.
Google has added a help tool in its support area to help you assess your online security. It is a checklist that walks you through a number of possible risk areas, including your computer, your Web browser, your Google accounts and, if you use it, your Gmail settings. In some ways, it’s almost too general to be helpful. It doesn’t actually test anything. But if you aren’t sure what your possible threat areas are, it may be able to identify some of them. It even has a progress meter, to show how many of the steps you’ve completed. This meter didn’t actually work for me, but if it does for you, it can help you to get a sense of how much work you might need to do to harden your online access!
I mentioned that Google was enabling an encrypted search, which may be a preferable way to search on topics that you need to keep confidential. They have moved the search from:
The new URL enables some organizations to use encrypted search while keeping their Web filters in place. It may not be a permanent move.
[ via ReadWriteWeb , eWeek]
When you perform legal research using online tools, you leave a trace of the information you seek. Whether you are using a client or party name or topical keywords related to your matter, your keywords are logged by search engines. In fee-based databases, it is just the publisher who tracks this information; on the Web, each Web site you visit will see your search terms. More importantly, if you are using an insecure network, like a home or coffee shop wireless network, other people may be able to tap into your search stream and see what you are researching. The reality is that online research in fee-based or free tools is relatively focused, so searches are unlikely to divulge much on their own.
There may still be some times that you want to keep your search encrypted, though. In the past, this has meant encrypting your entire online experience, using a virtual private network (VPN) or connecting only to Web sites using the secure sockets layer. On those sites, the Web address changes from http:// to https://, reflecting an encrypted connection.
If you add that s to Google’s address – https://www.google.com/ – you will arrive at Google’s new encrypted search service, which has just moved to beta. It is hard to know whether this is a trend in search and how long it will be in beta. But it means that when you search, your search terms are not available to third parties, whether the sites that you visit online or people around you who might be able to see your online activity. There may be some research where, just for peace of mind, you will feel better trying the encrypted Google for your research.
One of the benefits of doing online research is that you can be largely anonymous. You are not logging into a fee-based database with a username or password, so at a high level, no one can identify you. But do not confuse the privacy mode of your Web browser with the ability for Web sites to track your access.
Say you are doing some background research about a client, opponent, or witness. You might be looking at Facebook sites, business sites, and other online sources. When you select to use the privacy mode of your Web browser – called InPrivate on Internet Explorer, Private Browsing on Firefox, and Incognito on Chrome – you are obscuring your local identity, on the computer on which you are working. These privacy tools mean that information created by your Web browser (like cached files or your research history) or by the Web sites that you visit (like cookies) is not saved on your computer.
At the same time, though, each Web site you visit is logging your visit and this information, known as Web site analytics, will note where you are coming from, time, pages visited, and much more. Your Web browser privacy mode cannot interfere with the capture of this information, since it is happening entirely on a remote server.
There is one new tool you might consider using if you do research and it is important for you to avoid leaving a trail. Google is providing a new add-on for all browsers that will block the Google Analytics tool from tracking your access to servers running the software. It is a common Web site analytics product and you are probably visiting sites using it. The new opt out tool is free but still in beta. If that is the only analytics or logging tool used on a Web server, you can eliminate that track. But if the server logs visits outside of Google Analytics, this add-on will not impact that tracking.
When you are online, they may not know that you are a dog, but you may still be leaving more clues about research than you would like.
A favorite resource of mine, the ReadWriteWeb, highlighted a tool from Mozilla that enables a quick plug-in check up. Originally written just for Mozilla Firefox users, you can now test plug-ins on Google Chrome, Microsoft Internet Explorer, and other browsers.
Check out your own plug-ins!
You may run the checking tool and wonder what you are looking at! Keep in mind that plug-ins tend to be helper applications that your Web browser relies on behind the scenes. For example, if you are displaying Flash or Quicktime video in your Web browser, you probably have a plug-in to enable that.
I was impressed to find all of the plug-ins that were in use on my computer. In fact, there were far more than I expected to see because it highlights some that you do not install yourself. While you might download the latest plug-in for Google’s Picasa photo site, you might not have installed your own version of Microsoft DRM (or perhaps not have realized it).
It can also help you see which of your add-ons – those small software components you add to your Web browser and that are specific to that browser, where a plug-in may actually be available to multiple Web browsers – straddle the line between add-on and plug-in. I love my Chrome IE Tab extension (add-on) but it shows up when I use the Mozilla plug-in checker. That may be because it reaches out to the operating system to pull display IE functionality within my Google Chrome browser.
This is a great tool to add to your maintenance toolkit.