Skip to Content
  • Home
  • About the Bar
  • Mission
  • Forms
  • Sitemap
    • Member Directory
      Last Name:
      First Name:
      Bar Number:
      City:


    • Login
OSB Logo
Oregon State Bar Bulletin — JULY 2004

Bar Counsel
THE INVISIBLE DOOR
Confidentiality meets wireless technology
By George A. Riemer

I have been using computers for a long time and am somewhat of a technology junkie. I don’t qualify for the "nerd" honorarium. I have no degrees in computer science or technology. My "education" in technology is experience-based.

About 24 months ago I set up a wireless connection between my desktop computer and portable computer at home and have since extended it to include two TIVO ® personal video recorders. Over time, with a lot of trial and error, I have gotten everything to work, and I love the ability to connect to the Internet wirelessly using my portable computer from anywhere in my home (a "couch network"). I have had to learn about NAT, SSID, WEP and MAC in the process. I feel my wireless connection is reasonably protected from wireless hackers.

Lawyers are increasingly using wireless technology in their offices. A recent call from a lawyer concerning just such a situation generated the idea for this article.

I suspect the scenario the lawyer explained is replicated across the state and country on a daily basis. A small group of lawyers are in an office-sharing arrangement. Everyone is on their own, and they all know of the need for separation in their practices to preserve their independence of action vis a vis the conflict of interest and client confidentiality rules. Each lawyer has his or her own mix of computer and technology equipment. Several of the office sharers have set up wireless networks. Yet another office sharer decides to set up a wireless network using a computer consultant to make sure it is done right. The consultant determines that the wireless network of one of the other office sharers is "wide open." In other words, the lawyer using that network has not utilized any security measures to ensure others cannot access it. The consultant indicates that any shared files on the lawyer’s computers that are not protected by the computers’ file system security are readily accessible by anyone using a wireless enabled computer within the range of the lawyer’s wireless access point. In addition, any data transmitted to or from the wireless access point can be captured and analyzed with software originally developed for network troubleshooting, which is readily available on the Internet at no cost. Obviously, this is not a good situation. The lawyer risks the mischief of others and the possible misuse of confidential personal, business and client information.

The plot thickens. The lawyer who discovered this problem through her computer consultant felt an obligation to tell the lawyer with the "wide open" wireless network of the problem. What was the lawyer’s response? "Mind your own business."

What’s wrong with this picture? Plenty! Lawyers have an ethical duty to protect the confidences and secrets of their clients and to exercise reasonable care to prevent their employees, associates and others whose services are utilized by the lawyers in connection with the performance of legal services from disclosing or using confidences or secrets of a client. See DR 4-101. Failing to employ adequate security measures when using a wireless network in the practice of law exposes a lawyer to ethics charges (if not also to possible civil claims) if a client’s confidential information is misused by someone who gained access to it through the lawyer’s "open" wireless network. An aggravating circumstance could certainly be a lawyer’s disregard of a prior warning about the problem.

Most of us with small wireless networks use what is called an 802.11b "Wi-Fi" network. 802.11g is starting to become more popular and inexpensive. It is arguably more secure than the 802.11b protocol and might be worth considering if you haven’t already bought and installed 802.11b equipment.

The 802.11b "Wi-Fi" networks have security problems, but they can certainly be protected to some reasonable extent from ad hoc "war driving." War driving is the "hobby" of some computer hackers. They literally drive around town with appropriately configured computer equipment looking for "open" wireless networks to see what information they can access. The more malevolent of these folks will attempt to destroy information on open networks and put accessed information to criminal use.

What can, what should, you do to protect your law office wireless network? First, decide whether you really need a wireless network. Wired networks are a lot more secure. If you don’t really need a wireless network, why spend the money, time and energy to create one? Second, change the Service Set Identifier (SSID) on your wireless access point to some name other than the one the manufacturer set at the factory. This doesn’t affect security, but you don’t need to broadcast your security complacency by leaving "linksys" as your SSID. Third, enable Wired Equivalent Privacy (WEP) on your wireless network and use a 128-bit encryption key. This should prevent most casual efforts to tap into your wireless network. Most recently-manufactured wireless access points offer 128-bit WEP encryption and allow you to generate and change these keys in real time (keep your wireless access point software up-to-date too). Finally, restrict your access point to only allow access to those machines you configure using their Media Access Code (MAC). Every wireless card and access point has a MAC. You can set the access point to only allow access to the equipment you identify by MAC. Yet another option, which I won’t go into in any detail here, is the establishment of a virtual private network (VPN) to encrypt all data between your computers and access point, but a VPN involves more equipment, software and expertise to set up than a wireless network.

Candidly, all of these measures can be compromised, but the odds are that if you use these tools, only the most determined hackers will want to spend the time necessary to crack your small office wireless network. It is possible, however, for this to occur. Newer wireless equipment is coming out which uses WPA (Wi-Fi Protected Access). I understand WPA is more secure than WEP and you may wish to research wireless equipment using WPA if you haven’t already jumped on the wireless bandwagon.

On a related, but separate, note, many cordless phones are susceptible to eavesdropping. Many portable phones use the same radio frequencies that wireless computer networks use and may not be adequately protected by encryption or other security features. You should use a land line when appropriate, considering the nature of the information being exchanged in a telephone call with a client.

Don’t be fooled into thinking no one knows of your wireless network or wouldn’t bother at least trying to get into it. Wireless access points transmit up to several hundred feet in all directions. Put "war driving" into Google ® and see how many links you bring up on your web browser on this topic. In fact, there is a website dedicated just to "war driving" (http://www.wardriving.com). This really is no joking matter. You need to close and lock the invisible door on your office (and home) wireless network. You, and your clients, will sleep better at night if you do so right away.

© 2004 George A. Riemer

ABOUT THE AUTHOR
George A. Riemer is general counsel and deputy director of the Oregon State Bar. He can be reached at griemer@osbar.org or by phone at (503) 620-0222 or toll-free in Oregon, (800) 452-8260, ext. 405. He thanks David Johnson, OSB information systems supervisor (and mentor) for his help in reviewing this article for accuracy.


— return to top
— return to Table of Contents

  • For The Public

      Public Legal Information

    • Public Information Home
    • Legal Information Topics
    • Oregon Juror Guide
    • Submit Ethics Complaint

    • Getting Legal Help

    • Finding The Right Lawyer
    • Hiring A Lawyer
    • Lawyers Fees

    • Client Services

    • Client Assistance Office
    • Client Security Fund
    • Fee Dispute Resolution
    • Public Records Request
    • Locating Attorney Files

    • Unlawful Practice of Law

    • UPL Information
    • UPL FAQ

    • Volunteer Opportunities

    • Public Member Application
  • For Members

    OSB Login

    • Log In To OSB Site
    • Member Account Setup
    • Non-Member Account Setup
    • Reset Password

    OSB Resources

    • Attorney's Marketplace
    • Career Center
    • Events
    • Forms Library
    • Online Resources
    • OSB Group Listings
    • Performance Standards
    • Rules Regulations and Policies
    • Surveys and Research Reports
    • Unclaimed Client Funds
    • Voting Regions and By-City
      County Information

    Fastcase™

    • Log in to Fastcase
    • Overview
    • Scheduled Webinars
    • Inactive Member Subscriptions

    Legal Ethics

    • Legal Ethics Home
    • Find an Ethics Opinion
    • Bulletin Bar Counsel Archive

    Company Administrator

    • Company Administrator Home
    • Company Administrator FAQ
    • Authorization Form

    State Lawyers
    Assistance Committee

    • SLAC Info

    Volunteering

    • Volunteer Opportunities

    Court Information

    • Judicial Vacancies
    • Court Info | Calendars | Jury Info
    • Oregon Attorneys
      in Federal Court
    • Tribal Courts of Oregon

    OSB Publications

    • Bar Bulletin Magazine
    • – Bulletin Archive
    • – Legal Writer Archive
    • Capitol Insider
    • Disciplinary Board Reporter

    PLF Programs

    • (OAAP) Oregon Attorney
      Assistance Program
    • Practice Management Attorneys
    • Malpractice Coverage
  • CLE/Legal Publications

    CLE Seminars

    • CLE Seminars Home
    • Online Seminar Registration
    • General Info/FAQ

    My Account

    • My Content
    • My Events
    • Order History

    Legal Publications

    • Legal Publications Home
    • Log in to BarBooks®
    • BarBooks® FAQ
    • Online Bookstore
    • Legal Pubs Blog
  • Bar Programs

    Diversity & Inclusion

    • Diversity & Inclusion Home
    • Diversity Story Wall
    • D&I Programs
    • ACDI Roster
    • D&I Staff Contacts
    • D&I Links

    Legislative/Public Affairs

    • Legislative Home
    • Committee Contacts
    • Legislative Sessions
    • Staff Contacts
    • Useful Links

    Legal Services Program

    • LSP Home

    Oregon Law Foundation

    • OLF Home
    • Partners in Justice

    Fee Dispute Resolution

    • Fee Dispute Resolution Home

    Pro Bono

    • Pro Bono Home
    • Pro Bono Reporting
    • Volunteer Opportunities

    Lawyer Referral and Information Services

    • RIS Login
    • Summary of Referral and Information Services Programs
    • Lawyer Referral Service Info and Registration Forms
    • Modest Means Program Registration Forms
    • Military Assistance Panel Training Info and Registration Form
    • Problem Solvers Registration Form
    • Lawyer To Lawyer Registration Form

    (LRAP) Loan Repayment Assistance Program

    • LRAP Home
    • LRAP FAQ
    • LRAP Policies
  • Member Groups

    Sections

    • Section Info/Websites
    • Joining Sections
    • CLE Registration Services
    • Standard Section Bylaws (PDF)
    • Leadership Resources
    • Treasurers Tools

    Committees

    • Home
    • Leadership Resources
    • Professionalism Commission
    • Volunteer Opportunities

    House of Delegates

    • HOD Home
    • HOD Resources
    • Meetings
    • Rules (PDF)
    • Roster (PDF)
    • Staff Contacts

    Board of Governors

    • BOG Home
    • Meetings & Agendas
    • Members
    • Liaisons
    • Committees
    • Resources
    • Task Forces

    Oregon New Lawyers Division

    • ONLD Home
    • Law Students
    • Student Loan Repayment
    • Committees
    • Upcoming Events

    Task Forces and Special Committees

    • Task Forces Home

    Volunteer Bars

    • List/Contacts
    • Leadership Resources

    Volunteering

    • Volunteer Opportunities
  • Licensing/Compliance

    Admissions

    • Admissions Home
    • Alternative Admittance
    • Applicants for Admission
    • Admissions Forms
    • Past Bar Exam Results

    Supervised Practice Portfolio Examination

    • SPPE Home

    Licensed Paralegal Program

    • LP Home

    Lawyer Discipline

    • Discipline Home
    • Disciplinary Board Reporter
    • Disciplinary Boards
    • Client Assistance Office
    • (SPRB) State Professional Responsibility Board

    Membership Records

    • Address Changes
    • Good Standing Certificate
    • Request Discipline File Review

    MCLE

    • MCLE Home
    • Program Database
    • Forms
    • Rules (PDF)

    IOLTA Reporting

    • IOLTA Home
    • IOLTA FAQ

    Licensing Fees

    • Licensing Fee FAQ
    • Licensing Fee Payment

    Status Changes

    • Status Changes FAQ
    • Inactive Status Form
    • Retired Status Form
    • Active Pro Bono Status Form
    • Reinstatement Forms
    • Resignation Form A
    • Pending Reinstatements

    Unlawful Practice of Law

    • UPL Information
    • UPL FAQ

    Pro Hac Vice/Arbitration

    • Pro Hac Vice
    • Arbitration

    New Lawyer Mentoring Program

    • New Lawyer Mentoring Program Home

    Professional Liability Fund

    • Professional Liability
      Fund Website
For The Public

Public Information Home
Legal Information Topics
Oregon Juror Guide
Finding The Right Lawyer
Hiring A Lawyer
Lawyers Fees
Client Assistance Office
Public Records Request
Unlawful Practice of Law
Fee Dispute Resolution
Client Security Fund
Volunteer Opportunities
for the Public

For Members

BarBooks®
Bulletin Archive
Career Center
Fastcase™
Judicial Vacancies
Legal Ethics Opinions
OSB Group Listings
OSB Login
OSB Rules & Regs
SLAC Info
Surveys and Reports
Volunteer Opportunities

CLE/Legal Pubs

CLE Seminars Home
Legal Publications Home

Bar Programs

Diversity & Inclusion
Fee Arbitration/Mediation
Legal Services Program
Legislative/Public Affairs
Loan Repayment
Assistance Program

Oregon Law Foundation
Pro Bono

Member Groups

Board of Governors
Committees
House of Delegates
Volunteer Bars
Oregon New
Lawyers Division

OSB Sections
Professionalism
Commission

Volunteer Opportunities

About The Bar

About the Bar
ADA Notice
Contact Info
Copyright Notice
Directions to the Bar
Meeting Room Rentals
Mission Statement
OSB Job Opportunities
Privacy Policy
Staff Directory
Terms of Use

Licensing/Compliance

Admissions
Client Assistance Office
Client Security Fund
IOLTA Reporting
Lawyer Discipline
MCLE
Member Fee FAQ
New Lawyer
Mentoring Program

Professional Liability Fund
Status Changes

Oregon State Bar Center

Phone: (503) 620-0222
Toll-free in Oregon: (800) 452-8260
Facsimile: (503) 684-1366

Building Location:
16037 SW Upper Boones Ferry Road
Tigard, OR 97224

Mailing Address:
PO Box 231935
Tigard, OR 97281

Oregon State Bar location Map

Copyright ©1997 Oregon State Bar  ®All rights reserved | ADA Notice | Mission Statement | Privacy Policy | Terms of Use