Law & Cybersecurity - How Private is Email?
We all use email every day. It's an indispensable tool for communicating with lawyers and clients. As NoticeConnect's Chief Technology Officer, I architect and oversee our platform's cybersecurity. This blog post takes a look at what's going on behind the scenes after you click 'Send'.
Emails don't travel directly from Point A to Point B
When you send an email to someone, your message does not travel directly from your computer to theirs. If I write an email in Waterloo and send it to a colleague in Toronto, for example, that message might go through servers in several different cities before reaching its destination.
Why such a convoluted route?
It's a lot like physical mail. When you send someone a letter, it doesn't go from your house directly to theirs. The letters stops at a number of different places (mailboxes, processing facilities, etc.) along the way. Similarly, an email you send stops at numerous servers on its way to the person you've sent it to.
Your message may even travel back and forth across the US border on its way to its destination.
Are my emails encrypted?
The emails you send are automatically encrypted, i.e. translated into an unreadable code so they can't be intercepted and read. Your recipient gets the key that they can use to read (decrypt) the message. But this isn't the whole story.
There are two types of encryption: 1) in transit, and 2) at rest. Encryption in transit means that your data is encrypted while traveling from one place to another. Your emails are encrypted in transit.
Encryption at rest means that your data is encrypted when it's stored somewhere. There's no guarantee that your recipient's system will store your email in an encrypted form, in the same way that there's no guarantee that someone who receives a physical letter will store it somewhere private.
Once you've sent your email, you can't be certain it will be encrypted at rest. And the recipient's email provider may be scanning your messages.
What does this mean for law firms?
Email is a great business tool. But in the same way that you can't control what happens to a physical letter after you put it in the mail, you have limited control over what happens to an email after you send it.
Lawyers should be mindful of what information they're sending by email and who they're sending it to. Be aware that this information - while encrypted - may still be crossing back and forth across the US border.
Your firm can also make sure that your own email provider is following best practices and keeping your received emails encrypted at rest and stored within Canada.
Cybersecurity at NoticeConnect
Security is the single biggest consideration that went into designing and building the Canada Will Registry. We use email for some communications, but for others we have special file uploads that ensure your data stays within Canada and is encrypted at all times.
If you'd like to learn more about how we keep your information secure, don't hesitate to get in touch.