Videoconferencing technology has been rapidly implemented across industries as the current pandemic has made major changes to how Americans operate and conduct business. Apps such as Zoom, Microsoft Teams and Skype have suddenly become a part of daily work and social life for many. And the increased use of such apps has brought new concerns regarding web conferencing’s safety and security.
Zoom, a video communications service, faces a class-action lawsuit, filed March 31, for passing data to third parties, including Facebook, without notifying users, according to Business Insider. In an April 14 article, the ABA Journal described a California lawsuit alleging Facebook created profiles on users who installed the Zoom app — even if they did not have a Facebook account — which benefitted Facebook’s targeted advertising. Zoom, in turn, profited by helping Facebook target users for additional services, according to the lawsuit.
According to the FBI, reports of “VTC hijacking” also called “Zoombombing” are emerging across the nation. “The FBI has received multiple reports of conferences being disrupted by pornographic and/or hate images and threatening language,” the FBI said. This included two schools in Massachusetts that reported separate “Zoombombers” who broke into class calls; one flashed a swastika, and the other screamed obscenities and shouted the teacher’s home address.
With the sudden shift to the use of web conferencing, and the related security risks, questions arise about how attorneys can protect their clients’ privacy — and themselves — when technological communication is a necessity.
The advent of work from home has brought concerns over privilege and confidentiality to the forefront. In a general sense, law firms need to be cognizant about these issues of privacy and security, Emily Keimig of Sherman & Howard said.
“The nature of the communications that we have with our clients is subject to privilege, in many instances,” she said. “And protecting that privilege and protecting that confidentiality is really paramount for a whole number of reasons.”
An attorney needs to do their due diligence with whatever platform is going to be used, Keimig said. There are protections available on many platforms to address security concerns, but as part of that diligence, a law firm needs to know how to implement those protections for privacy and confidentiality in order to make the platform more “workable.”
Training and education are a fundamental component of “any data security and privacy measure” being implemented on any platform, be it web conferencing or how to print and save documents in a remote work environment, Melissa Reagan also of Sherman & Howard said.
She added there are various components to due diligence, such as the terms of the master service agreement with whatever web conferencing platform is used. Another is to check with a cybersecurity insurance broker or provider to see if there are any certain requirements in the scope of their policies
Attorneys should do the due diligence and train the folks using it so users are not creating problems where otherwise they might not exist, Keimig said. “And then looking at the scope of your clients and what are their confidentiality needs,” Reagan said, adding examples of HIPAA and Colorado Bureau of Investigation or FBI compliance in certain cases. She added that these groups are providing guidance on what each group views as acceptable. “And, within the scope of those platforms, what security measures you need to have in place to use those platforms.
In addition to consulting a cybersecurity insurance carrier, it is also wise to consult with a malpractice insurer to make sure they do not have concerns about standing behind a firm or lawyer if a problem arises, Keimig said.
“I think our clients are struggling with the whole working from home and working online platforms experience because it is new and because it was invoked by so many people in such a short period of time,” Keimig said. The learning curve is very steep, it is definitely a good opportunity to become “good friends with your IT group,” Keimig mentioned. “They really need to be a partner in this process.”
One of the main challenges is that there are so many different kinds of platforms to use, Keimig said. For a case coming up where hearings will be held via teleconference, the court is using a WebEx platform, and many of the platforms have shared characteristics but do have differences, she said. Being able to be flexible and nimble enough to adapt to a necessary platform can feel overwhelming.
Part of that overwhelming feeling can come from how quickly the needs for these new platforms arose, and the training that is entailed. In many instances, user error is the root of the problem, irrespective of what type of technology it is, Keimig said. Reagan mentioned that there is a vast majority of user error as companies and employees moved so quickly to a new work environment in response to the pandemic.
“It happened so rapidly, and the ability to pick what platform you’re going to use and how you’re going to train them in a remote environment all create the perfect storm,” Reagan said. “And I think that’s why we’ve seen over the past few weeks things start to settle down as people are people are getting better educated and implementing the security measures that are being recommended by the various governmental offices on compliance and security issues.”