Risk Update

Little Brother? Acceptable Risk? — Does Amazon “Alexa” and its Ilk Compromise Privilege or OCGs?

We’ve covered several updates about Zoom and general conferencing risks. New technologies always bring new potential and often new risks. Here’s more on the question of these convenient listening devices in many homes. It looks like sensitivity levels, concerns and mitigation practices are starting to rise, if the quoted firm representatives are any indication, in: “Digital Ears Everywhere: Lawyers’ Home IoT Devices Stoke Privacy Concerns” —

  • “Can a confidentiality agreement or attorney-client privilege be compromised by your smart refrigerator or smart speaker? It’s a question that’s becoming all the more pertinent these days.”
  • “Lawyers say internet of things (IoT) devices can pose a security and privacy threat as more legal professionals work and discuss sensitive client matters from home and hackers adjust their attacks.”
  • “But Dickinson Wright member Sara H. Jodka said lawyers owe it to their clients to protect their privacy. ‘Because I don’t know and I can’t guarantee that privacy to my clients, I will not have that technology on when I am having sensitive client phone conversations,’ she said.”
  • “To be sure, IoT devices have been known to listen in. Last summer, it was revealed various Facebook, Apple and Google products leverage contractors to manually review recordings directed to their software. The IoT devices are also not impenetrable. Earlier this year, Amazon.com Inc. was hit with a class action suit over hacks of its internet-connected home surveillance product Ring.”
  • “Uncertainty aside, Giftos said her firm [Husch Blackwell] has internally and externally shared articles highlighting the potential cybersecurity and privacy pitfalls of IoT devices. She also noted she turns off her personal IoT electronics and Siri when making client calls.”
  • “Unplugging IoT devices when making client calls isn’t irrational, but practical for mitigating risk, agreed Stroock & Stroock & Lavan chief information officer Neeraj Rajpal.”

And even more recent commentary and action: “Lawyers urged to switch off Alexa when working from home” —

  • “Toni Vitale, head of data protection at JMW Solicitors, said that hackers could access sensitive details through the speakers. ‘We’ve told staff to check the default settings on the speaker and to the extent that you can, switch them off during the working day,’ Mr Vitale said.”
  • “‘Obviously we advise clients and their view is going to be that if you didn’t change the setting you’re liable. You’re liable for any breach of security that happens and not just in the sense that you might by fined by the ICO but that you might be liable to those clients personally.'”
  • “Mishcon de Reya, the law firm which advised Princess Diana on her divorce from Prince Charles, is understood to have also issued similar advice to staff.”