Placeholder Image

Subtitles section Play video

  • [MUSIC PLAYING]

  • SPEAKER: So today we're going to have our first of a few discussions

  • about cybersecurity, and later on we're going

  • to talk a little bit about cybersecurity in the context of the internet

  • and some of the challenges that it brings up there.

  • But today we're going to focus mostly on cybersecurity issues related

  • to your machine, your computer without necessarily

  • being connected to the internet.

  • Before we do, we need to understand a little bit more

  • about our machine's infrastructure, its hardware.

  • And the biggest question to ask at the outset

  • is, when we talk about the system's memory, what do we mean by that?

  • That term kind of gets thrown around and it means a couple of different things,

  • potentially.

  • It might mean your system's RAM or random access

  • memory, which is a rough translation of how much computing power it has,

  • how many things it can do.

  • And we can also talk about hard drive space

  • as another example of system memory.

  • Hard drive space is usually just free storage, basically.

  • How much room do we have to literally store files on our machine?

  • How much memory does your computer have?

  • Maybe you do or maybe you don't know.

  • If you take a look at your system information

  • or look up the computer that you bought on the internet,

  • you might find that if we're quoting memory in terms of RAM,

  • that your device might have as low as 512 megabytes of RAM, which

  • is about half of a gigabyte.

  • And that's not very much, most machines have much more than that now

  • unless you have a low powered Chromebook,

  • for example, that you use for travel.

  • Memory on the RAM scale might go as high as 32 gigabytes of RAM,

  • which is quite a bit more than that.

  • That's generally for really high end computers.

  • Computers, in particular, that process a lot of graphics.

  • So sometimes computers that are specifically dedicated for gaming

  • might have that much RAM.

  • But typically the range is somewhere between four and 16 nowadays.

  • When we're talking about hard drive space, that number is quite a bit

  • bigger.

  • So the typical hard drive nowadays might be as low as 128 gigabytes,

  • if the drive is a solid state drive, versus a hard disk drive.

  • We won't go into too much detail about the distinction between those two

  • things, other than right now to say those are just two

  • different ways to store data long term.

  • So that might be the low end.

  • The high end is probably somewhere on two terabytes of information.

  • One terabyte is 1000 gigabytes, give or take.

  • So two terabytes would be about 2000, give or take, gigabytes.

  • So quite a bit.

  • Maybe even as high as four terabytes.

  • That's quite a bit of storage information.

  • That's enough to store several hundred HD, high quality films.

  • But there's much more to memory than just RAM and hard disk space.

  • There's actually kind of a hierarchy of memory that exists within your machine.

  • Most of these numbers, though, aren't usually quoted

  • in the specs of a device.

  • So there's RAM, random access memory, and then

  • there's a series of caches, each of which gets successively smaller.

  • So they're going to be quite a bit smaller than the four gigs,

  • say, of RAM that your device has.

  • But they're also a little bit faster, and the reason these things get faster,

  • these caches get faster, is they are getting closer and closer

  • to the computer's processor, which is really the only part of the device that

  • is able to manipulate information.

  • It's the only part that can process information.

  • So the memory that we're feeding to that processor

  • needs to get faster and faster, such that it

  • can continue to swap things in and out.

  • So we have the RAM, maybe an L3 cache, a Level 3 cache, Level 2, Level 1,

  • and then finally CPU memory, which is the processor memory itself.

  • Plus some small bits of memory called registers,

  • which are used to be the final sort of pass of information from RAM

  • or this hierarchy of memory into the CPU.

  • But again, every file on your machine lives somewhere permanently

  • on a disk drive.

  • And there are, again, two different kinds of disk drives.

  • We have solid state drives and hard disk drives.

  • We should treat them as effectively identical

  • for purposes of our discussion today.

  • They-- solid state drives tend to behave a bit differently than hard disk

  • drives, they tend to be a bit more secure than some of the vulnerabilities

  • that hard disk drives present, which we're

  • going to talk about a little bit later in today's lecture.

  • But in general, when we talk about hard disks or storage space

  • for the rest of today's lecture, we're going

  • to be mostly focusing on hard disk drives.

  • They're also just much more prevalent still.

  • Solid state drives are coming into their own and becoming more and more frequent

  • as they appear in devices, but hard disk drives

  • are still far and away more and more prevalent within devices

  • that exist now.

  • They are just storage space, though, we can't do anything

  • with data that is stored on disk.

  • We have to first move it to RAM and then have

  • it sort of go up and down that chain of RAM, the different caches to the CPU,

  • in order to actually manipulate the data.

  • Once we're done manipulating it, and maybe we're

  • turning our computer off for the evening,

  • then all of the data that is in RAM will be stored back into the hard disk space

  • so that we're able to access it at another time.

  • One thing to keep in mind as we begin this discussion of memory,

  • though, is that memory is really just an array.

  • And we've talked about arrays already, where each cell of that array

  • basically is one byte wide.

  • And recall that one byte is eight bits.

  • We may have anywhere between 512 megabytes of memory,

  • so about 512 million of those little one byte

  • sized cells, maybe as high as four, 8, 16, and so on gigabytes.

  • And we have quite a few of those items in our array.

  • But it really is just an array, which means

  • we can jump to different addresses.

  • It has the same properties as any other random access

  • array that we've already discussed.

  • Different types of data take up different amounts of memory

  • on our systems.

  • So if we think about a very low level programming language like C,

  • which is this is just an example.

  • Different programming languages may store different types of data

  • using different amounts of space.

  • But if we look to just the most base level of data

  • and think about the smallest individual pieces into which we can break it,

  • we may be able to store an integer, for example, in four byte.

  • Which means we have exactly 32 bits worth of space to store an integer.

  • Characters will take up one byte, so we have only eight bits worth of memory

  • required to store a single character.

  • So capital or lowercase letters, digits, punctuation marks, and so on.

  • Not a huge variety of options there.

  • Floats are-- you may recall are real numbers,

  • numbers that have decimal points in them.

  • Doubles are, as well.

  • They're double precision floating point values

  • and they take up four or eight bytes.

  • So basically the idea here is different types of memory

  • will take up different amount of space and then

  • we eventually can construct these things into pixels, and images, and films,

  • each of which will also take up different amounts of space and memory

  • if we are manipulating or working with that data.

  • So again, let's think of memory as a big array of individual byte-sized cells.

  • Because it is an array, that means we have random accessability.

  • We can say, I want to go to memory address x and see what is there.

  • I want to go to memory address y and change what is there.

  • We have the ability to do that.

  • We don't have to iterate through step by step by step in order to make changes.

  • If we did, the processor would be quite a bit slower having to perform this,

  • we might term linear search as we try to iterate through memory

  • to find the one byte we're looking for.

  • It's very helpful to be able to jump to a particular byte.

  • And that means that every location in memory must have an address.

  • We must have a way to refer to that individual byte

  • in order to randomly access it.

  • We can't just look at this grid of cells and say, I want to go to this one

  • and sort of, you know, imagine particular spot.

  • We need to say, I want to go to exactly this memory address.

  • OK?

  • So s-- the fact that memory cells have an address

  • is what comes into play when you think about this idea

  • of a 32-bit system or a 64-bit system, and this

  • may be a term that you've heard before.

  • It refers to the ability to process an address.

  • So for example, a 32-bit computer, a 32-bit system,

  • can process memory addresses up to 32 bits in length.

  • Which means it understands memory address zero through memory address

  • right up to four billion, a little over four billion.

  • But it doesn't understand memory past that.

  • Now interestingly, this doesn't mean that a 32-bit system

  • is limited to four gigabytes of RAM.

  • There are some software tricks that we can pull using something called virtual

  • memory, which we're not going to get into in any more depth than to refer

  • to it as virtual memory today, that allow you to use more than four

  • gigabytes of RAM on a 32-bit system by doing-- sort of, you know,

  • pretending that things live somewhere where they don't.

  • But when you talk about a 64-bit system, that

  • means we have many more memory cells that we

  • can refer to without running into our sort of artificial limit of how high we

  • can count.

  • Now granted, there are no memory banks out there

  • that have all of the memory addresses from zero to 64 bits worth of memory.

  • That's somewhere in the quintillion or higher.

  • It's a very, very large number and we don't yet

  • have the storage capacity to store that much data on our machines.

  • But theoretically, it is possible that with a 64-bit system

  • we could have very, very large amounts of RAM and again, the more RAM we have,

  • generally the more quickly our computer is

  • going to operate because there's more space for it to store information.

  • It doesn't have to keep sending stuff back to the hard drive

  • when the RAM is full because there's so much information

  • being processed at once.

  • More of it is available in that quicker, more accessible bit of memory.

  • So recall that with each bit, remember a bit can only take on one of two states.

  • Zero or one, off or on.

  • Or you can think about it in terms of electricity, which is how RAM actually

  • works, as being unpowered or powered.

  • That again means that we have 32--

  • two to the 32nd power, excuse me, possible memory addresses.

  • So about four billion memory addresses.

  • Now it is sometimes the case that programmers, and subsequently,

  • those who may need to read their code, may need a way

  • to refer to specific memory addresses.

  • But a memory address like this, which is a memory address.

  • There are zeros and ones in this address.

  • This is exactly how we would refer to an address in memory.

  • This is rather cumbersome.

  • No programmer wants to talk to another programmer and no programmer wants

  • to talk to an advisor by saying the code that lives at 00101 and so on.

  • That's just not-- that doesn't make any sense.

  • That's just not how we would talk and it would take forever just

  • to say the name of the memory before you even get

  • to the point of what is in that memory.

  • And so rather than using binary notation to refer to a memory address,

  • computer scientists will oftentimes use something called hexadecimal notation.

  • Hexadecimal is 16 hexadecimal, 6 and 10.

  • And so this is the base 16 number system.

  • It's a different number system than the decimal system, base 10,

  • that we have used since childhood to count and understand

  • place values of numbers and so on.

  • What's convenient about hexadecimal being

  • base 16 versus binary being base two is that four binary digits or four bits

  • can be represented using a single what is often called hex digit.

  • So for every group of four binary digits that we have,

  • we can represent that more succinctly using just one hexadecimal digit.

  • And because there are four bits, that means

  • we have two to the fourth, or 16 different combinations.

  • So we can account for every single possible on off

  • combination of all of the four bits in that cluster using a single hex digit.

  • So we might instead refer to this memory address looking like this.

  • And there are some letter characters in there,

  • and that's because in order to represent a single digit in hexadecimal,

  • we need to be on the count higher than 10

  • using two digits, as we are confined to in decimal.

  • In order to represent the number 10, we need

  • a one and zero, a one being in the tens place and a zero in the ones place.

  • But in hexadecimal, we need 16 possible digits

  • to represent all of the 16 possible values at any given place value.

  • So here's an example of something that a programmer might see.

  • This is using a tool called GDB, which is

  • a debugging tool that is used to debug or root out problems in some low level

  • code.

  • And all we're seeing here is a bunch of memory addresses.

  • So I've highlighted them here in yellow.

  • We don't need to worry too much about the context around this, what these all

  • refer to.

  • But basically, these things on the left, EAX, ECX and so on are registers.

  • Those are things that are very close to the memory.

  • And they are storing the memory address of something else.

  • And so all these things on the left here are just memory addresses,

  • and the things on the right are translations of those memory addresses

  • in some cases into decimal numbers that make

  • more sense to us having used the base 10 or decimal system for quite some time.

  • So we can map all of the different possible values in hexadecimal

  • to their binary equivalents as well as to decimal numbers

  • that we're familiar with.

  • So again, here we have all of the possible combinations of four bits

  • or zeros and ones showing you what they translate to in decimal,

  • recalling that for every set of four bits here we see, the one on the right

  • is the ones place, the one to its left is the twos place.

  • Then we have the fours place and the eights place.

  • Because again, our base is two.

  • Every place value is a power of two as opposed to a power of 10

  • like we would in decimal.

  • And then it's hexadecimal equivalent.

  • So again, for every single one of those combinations,

  • we have one distinct way to represent it using a single hex digit.

  • And sometimes you'll see the hex digits for 10

  • through 15, which are a through f, presented in capital letters.

  • I like to present them in capital letters,

  • but sometimes you see them in lowercase letters as well.

  • That is immaterial to it.

  • And this zero x at the beginning of it, I should mention that as well.

  • Zero x means absolutely nothing.

  • It is purely a note for us as human beings

  • when we are seeing something like this that we should interpret it

  • as hexadecimal numbers as opposed to as decimal, for example.

  • Because we could have a valid hexadecimal string that is--

  • I'm going to use the zero x here just for second--

  • 0x, five, zero.

  • If we saw that, we might read it if we didn't have a 0x in front of it,

  • we might read that as 50, which would be not actually accurate, because 0x,

  • five, zero is actually 80 in decimal notation.

  • So that 0x is really just a guide for us as human beings

  • to say, OK, what I'm about to read here is a hexadecimal number.

  • Let's just do a quick exercise where we translate

  • some binary into hexadecimal and then subsequently into decimal as well.

  • And so here, we have eight bits, each of which again is a zero or a one,

  • and our goal is to translate this into ultimately decimal,

  • but let's start by translating it into hexadecimal.

  • The first approach is counting from right to left,

  • we want to split these into groups of four.

  • It so happens that we have eight bits here,

  • and so this splits pretty cleanly into two groups of four.

  • But if we, for example, had seven bits, like if this wasn't here,

  • we would start by having one zero one zero,

  • and then whatever we had left over, we would just

  • pad with extra zeros at the front so we always had a cluster of four bits

  • at a time to work with.

  • Each of these maps directly to a single hexadecimal digit.

  • And sometimes you may be able to just quickly do this in your head,

  • or you can jump back to the table that we had here

  • to see when I see this particular pattern,

  • I want to plug in this hexadecimal digit.

  • And so if we do that here, we see that the one on the left, 0010,

  • this is in binary again.

  • A zero in the ones place, a one in the twos place,

  • and nothing else, which means we have one times two.

  • And so this would be a two.

  • And 1010, well, that's a one in the eights place and a one

  • in the twos place, which is 10.

  • But in hexadecimal, we would represent that as a, because again,

  • we need to confine this idea of 10 to a single place value.

  • We can't have two digits to represent it using hexadecimal notation.

  • And so this binary value, 001010, is 0x--

  • again, human convention to prepend a 0x in front of anything

  • that is a hexadecimal number--

  • 0x2a.

  • Now, how do we translate this to decimal?

  • Well, it may help to think about how we translate this or understand

  • this number, 123.

  • When we see it, one two three just written out,

  • we are really doing something like this in our head where we're saying,

  • there's a one in the one hundreds place, there's a two in the tens place,

  • and there's a three in the ones place.

  • And we've just over time internalized that

  • and have been able to very quickly understand

  • that the number I'm talking about here is 123.

  • Well, another way to think about these labels here,

  • one hundreds place, tens place, and ones place, might be to say,

  • we have the 10 squareds place or the 10 to the second powers place,

  • the 10 to the first powers place, and the ten to the zero powers place.

  • Any number to the zero power is always one,

  • and so this is really the ones place, the tens place, and the hundreds place.

  • With hexadecimal, we don't have 10 as the base of the exponent here.

  • Instead, we have 16 as the base of the exponent.

  • But the rules are the same.

  • We have a 16 to the zero place which is one.

  • We have 16 to the first power or 16s place,

  • and we have a 16 squared or 256s place.

  • In our example number here, we didn't go that high.

  • We had 0x2a.

  • We only had two digits, which means we really

  • only needed these two place values, the 16 to the zero power and the 16

  • to the one power.

  • Now, we just translate this in exactly the same way that we would intuitively

  • do it in when we're counting in decimal or reading a decimal number.

  • This is zero times 16 squared plus two times 16

  • to the first power plus a times one, or 16 to the zero power.

  • Two times 16 is 32, and a, which again is hexadecimal's way of representing

  • 10, 10 times one is ten, so what we're really saying

  • is that we have 32 plus 10.

  • And so to translate this hexadecimal number, 0x2a, into decimal,

  • we end up with 42, because 42 is 32 plus 10.

  • So hopefully, that gives you a bit of a better understanding

  • of what these cryptic number strings that you might have seen before mean.

  • And if you're working with programmers or you're ever analyzing source code

  • and you see references like this, hopefully this

  • gives you a better understanding of what they mean

  • and what they likely refer to on the system

  • and how that might affect things.

  • Let's talk a little bit more about the function, how memory actually

  • works now that we know how to access individual parts of it.

  • With the exception of hard disk space-- so again,

  • the permanent storage space on your device--

  • memory on your computer is termed volatile,

  • which means two different things.

  • One, that the memory is constantly changing.

  • Things are cycling in and out of it.

  • It's very dynamic in terms of the values that are being stored there,

  • again because the RAM is sort of this holding ground for everything that's

  • going to eventually need to go to the processor,

  • and things are getting swapped in and out pretty frequently.

  • But the other really key detail about volatile memory

  • is that it requires power.

  • If it is unpowered, if there is not electricity literally

  • flowing to the RAM at any given time, that is a problem

  • and that memory will no longer work.

  • In fact, after some amount of time, a pretty small amount time

  • like 30 seconds to a minute perhaps, without power, the electrical charge

  • which is used to maintain each of those individual cells of memory--

  • remember, a little bit of electricity being one,

  • and the absence of electricity being zero

  • is how the computer can store this idea of zeros and ones

  • on a physical manifestation thereof.

  • Without power, that electrical charge eventually dissipates.

  • It does not just stay.

  • it goes away.

  • And the state is eventually lost such that unpowered for about a minute

  • or so, all the data in RAM has effectively turned into zeros.

  • It has completely become completely unpowered.

  • Now obviously, that would be very bad if our entire system

  • relied on this technology.

  • But it's only RAM and the caches from RAM going forward that rely on this.

  • Processing can only happen in the processor.

  • This probably makes a little bit of sense.

  • And again, recall that a 32-bit processor

  • can understand 32-bit addresses.

  • That also means that it only has 32 bits of space in which to do anything.

  • So it only can work with four bytes of information at a time.

  • And maybe if you have a computer that has multiple cores,

  • maybe you've heard that term before, multicore processors,

  • you might have a few of these processors that can do four bytes at a time.

  • But either way, we're still talking about a very, very small amount

  • of information, maybe four to 16 or 32 bytes.

  • That's not very much at all when you consider

  • that a basic document perhaps using Microsoft Word

  • will contain enough metadata to be about 15,000 bytes before you even

  • type a single character into it.

  • So a lot of metadata there, and that amount of empty files

  • gets pretty big pretty quickly.

  • Because the process can only process 32 bits worth of information

  • at a time, any given processor, we need to move data to it frequently.

  • And that's what the caches are for, and that's

  • why each one needs to be faster and be able to get information

  • to the processor pretty quickly.

  • Because even though the processor can only

  • process four bytes or 32 bits worth of information at any given time,

  • it can do two to three billion operations per second,

  • so that's what a gigahertz is.

  • And in terms of when a processor's speed is quoted,

  • it's sometimes said it's like 2.4 gigahertz or 2.6 gigahertz or so on.

  • That means that the computer can do 2.4 to $2.6 billion things per second.

  • So again, 32 bits, not a lot of information at any instant,

  • but there's a lot of those instants within a second.

  • It can do two to three billion things per second, each one of those things

  • operating on exactly four bytes at a time, 32 bits at a time,

  • on a 32-bit processor, as opposed to a 64-bit processor which

  • can process a little bit more data.

  • Let's take a look now at what we determine

  • on your computer as the motherboard, or sort of the control

  • processor for everything that your computer does,

  • and highlight some of the different pieces of where

  • things live on your physical device.

  • So right here are some slots for RAM, so these are

  • basically sticks that get plugged in.

  • A RAM stick is just a green chip.

  • It looks similar to the motherboard.

  • They're usually green.

  • They have some gold connector pins at the bottom of them,

  • and they plug into the motherboard.

  • And information can then be stored there and flow to and from when

  • needed by the processor and so on.

  • So that's where these go.

  • This particular motherboard, which is from a computer that's

  • about 15 years old.

  • For example, I don't think most of us have

  • floppy drive connectors on our computers anymore, but this one still does.

  • Here is where the CPU would live, so this

  • is where the actual processor goes.

  • And that processor again can only do 32 or 64 bits worth of information

  • at any given time.

  • And on top of the CPU, it's not pictured here, but typically on top of the CPU

  • there's a giant fan, literally like mounted or screwed right above it.

  • And again, that's because the computer is doing two to three billion things

  • a second, so it gets quite hot.

  • And to prevent a CPU meltdown or a core meltdown,

  • you want to make sure to have air constantly flowing

  • across the top of the device as well as a heat

  • sink to pull all the heat away from the CPU such that it doesn't overheat,

  • which would create quite a big problem and eventually might

  • result in computer breakage if left to overheat

  • for a prolonged period of time.

  • Over here is a graphics processor.

  • Graphics processors are really just CPUs that

  • are specialized to do certain operations that make interpreting graphics

  • on your monitor much easier.

  • The math for those is usually a bit more complicated,

  • and so modern devices may have both a CPU and a GPU, a Graphical Processor

  • Unit, as opposed to relying on just the CPU you to handle

  • all of those different things.

  • And it similarly would have a heat sink and a fan mounted with it as well.

  • And then over here at the top, it's pretty small.

  • There are things called SATA connectors.

  • SATA connectors are what you might use to connect hard drives to your machine

  • so that you can extend the storage capacity of the device.

  • But all of these things might live on your computer,

  • and also all of these things in shrunk down form will live on your laptop

  • and even in your mobile phone.

  • This basic idea exists just in smaller and smaller scales

  • with all of the parts being similarly scaled down.

  • So again, CPU memory, what actually lives in the CPU as well

  • as the registers, those really fast things right around the CPU memory,

  • is the fastest memory on your machine.

  • But there's the least of it.

  • And the reason for this is that it's very, very expensive.

  • It is the most expensive stuff in your computer.

  • That is basically the price that you are paying

  • when you buy the computer is for that processor

  • and the materials that are used to allow electricity

  • to conduct through it very quickly really

  • determines the cost of the device.

  • So there's the least amount of it, but it is the most important memory

  • on your machine.

  • The caches, one two and three, are each successively slower than CPU memory

  • but also successively cheaper.

  • So your l1 cache is going to be a little bit slower than your CPU,

  • but there will be a little bit more of it.

  • And your l1 cache will be a little bit larger than the CPU space

  • that you have, but it'll be a little bit cheaper.

  • The l2 cache may be a little bit larger than the l1 cache

  • but a little bit cheaper.

  • Again, this is really just referring to the materials that are

  • used to make the memory operational.

  • RAM is slower but cheaper.

  • RAM typically used to be the most expensive

  • or be considered the driving cost.

  • If you had more RAM in your computer, that made it more powerful.

  • That was the cost driver.

  • This is becoming less and less the case.

  • It's still more expensive than hard disk space, which

  • is effectively free at this point.

  • It's really just how much stuff we can literally

  • fit into the container for the hard disk itself, which is just pure storage.

  • But RAM is slower memory than any of the caches,

  • but you're able to have more of it because it is less expensive.

  • So that's memory.

  • But in terms of hard disk space, that does not work in the same way

  • that RAM and the other volatile memories work,

  • and hard disk space is non-volatile.

  • Information in the hard disk is not changed terribly often,

  • only when we're certain that we're done working with it in RAM.

  • And the data there is also persistent, and that's

  • because it does not rely on electricity to store state.

  • Instead, and we're talking again specifically now about hard disk drive,

  • solid state drives behave a little bit differently.

  • They use microchips that do some different things.

  • But we're talking about hard disk space, HDDs, traditional hard disks.

  • Each cell of a hard disk is instead controlled by magnetism,

  • so data is stored magnetically.

  • If there is a--

  • we'll just say for purposes of this discussion

  • here that if the magnetism is in a down position, so south for example,

  • it's oriented south, that would be zero.

  • That's a way to represent zero.

  • And any magnet that is in the up position

  • is one, so we can have these flip states of the polarity is pointing up or north

  • and the polarity is pointing down or south to represent zero and one as

  • opposed to using powered versus unpowered to represent one and zero,

  • respectively in a RAM or volatile memory situation.

  • Because these magnets, though, don't require power

  • in order to work long term, that means that when the computer shuts off

  • and they become unpowered, the data remains.

  • And this is a really good thing, right?

  • Because if every time we shut off our computer

  • we lost literally all of the files we'd ever saved on it,

  • that would not be very effective.

  • We would lose a lot of the utility that we rely on computers for.

  • And so the way that hard disks work is specifically designed such that memory

  • can persist after the computer is shut off.

  • But again, that memory can not be processed directly in the hard disk.

  • We have to move it to the processor eventually.

  • So if our system detects that we need a chunk of memory

  • from the hard disk, that's all going to be moved from the hard disk

  • to RAM using something called a bus.

  • Much like a bus is used to move human beings from one place

  • to another in large quantities, a bus is used

  • to move data from one part of your machine to another in large quantities.

  • And in fact, if you ever see a SATA connection from a hard drive to RAM

  • using one of the SATA connectors we saw a moment ago on the slide,

  • there's usually a long, thin strip that connects them together.

  • That strip also forms part of the bus that

  • is used to transfer data from the hard drive

  • to the RAM in fairly large quantities.

  • In general, when we're working on a program,

  • the data for that program including the code that actually is running

  • is moved from hard disk to RAM.

  • And it stays in RAM, assuming there's no space constraint that

  • forces it to have to leave which sometimes can happen if you're

  • running a lot of programs at once.

  • You may notice your computer slows down quite a lot.

  • That's because the computer is going to have

  • to keep swapping things in and out of RAM

  • in order to process multiple things.

  • That's why you don't want to leave several hundred tabs open,

  • for example in your browser, or have 20 or 30 programs running

  • at once on your computer if you can avoid it,

  • because it's going to slow down and require things

  • to be swapped in and out of RAM such that it can

  • be moved to the processor quite a bit.

  • That's really going to slow things down.

  • While the program is running or being used by the computer,

  • everything will stay in RAM.

  • All the data will keep being manipulated there,

  • and then ultimately when we close the program

  • or once we otherwise indicate we haven't used it for some time

  • and the computer realizes it needs that space for something else, all

  • of those bits and bytes have been manipulated in RAM

  • will be sort of picked up and moved back on the bus back to a hard disk

  • where they will be resaved with the new state, such that any changes that you

  • make in a program will ultimately be saved back to hard disk,

  • but only once the program is completely done being used by the computer

  • and it realizes it can free up that information

  • and save it for long term storage.

  • Hard drives, though, are not unbreakable.

  • They have a lot of moving pieces.

  • A typical hard disk drive consists of several platters,

  • some thin metal circles spinning around a central axis very rapidly,

  • about 4,000 to 5,000 revolutions per minute.

  • So very, very quickly, with a magnetic read

  • write arm that extends over across the diameter of the disk, basically.

  • And each one of the little rings that gets

  • formed as you do this, as is the read write arm moves in and out,

  • it can access different sectors on the disk,

  • and those different sectors are the things that

  • get zeroed and oned over time.

  • So it is possible for hard drives to fail.

  • There's usually a couple ways that this happens.

  • If the read write arm jams, because it is on some sort of track that

  • moves in and out, if it jams without collapsing,

  • your hard drive will just stop working, basically,

  • because you can't read or write information anymore using that arm.

  • But it is also possible for the hard disk arm to break and fall.

  • That arm spins just above the top of these disks, and if it crashes into it,

  • you'll hear that sound.

  • That'll be a very unique and interesting sound to hear.

  • Suffice it to say, your hard drive at that point

  • is destroyed, because the collapse will crash everything,

  • and these things are spinning very, very quickly,

  • and so they're going to shred themselves from the inside.

  • And you will no longer be able to get any data off of that drive.

  • But if it's just the arm that gets stuck moving in and out but it doesn't fall

  • down, you will still be able to recover data from that hard drive,

  • and we'll talk about that shortly.

  • Because a hard drive failure does not mean that the data is unrecoverable

  • if the hard drive hasn't literally suffered this catastrophic shredding

  • sort of thing that happens.

  • That's going to render it unusable.

  • But if it's just the arm that gets stuck, it is still usable.

  • So what happens when we actually delete something on our machine?

  • It turns out that overwriting hard disk space

  • is actually a very, very time consuming and what

  • we might consider computationally expensive operation for the machine.

  • You could think about it as it has to pull all of the data from the hard disk

  • into RAM, change all of those bytes to delete what was there before,

  • and then put all of that data back.

  • The computer for some large files, say you

  • want to delete a video file like a movie, that

  • might be several gigabytes, so several billion bytes worth of data

  • that we have to delete.

  • The computer does not want to incur that sort of cost.

  • Deleting a file if it actually had to do it that way would be very, very slow.

  • It would compromise any other program that you had running on your machine.

  • And so that's not how computers actually delete information.

  • Rather, they just forget where the data live.

  • It turns out there's also something called a page file that

  • exists on your machine that is basically the home

  • address of the first byte of every single file

  • that you have on your machine.

  • And when you delete a file typically in your computer,

  • it just forgets where it lives.

  • The bytes that made it up are still there.

  • The zeros and ones that comprise that file don't go anywhere.

  • They may eventually be overwritten by some other file that

  • happens to be stored in that same spot, because the computer now

  • thinks it's open because it forgot that you live there.

  • And even then, this only happens when you empty your recycle bin or trash

  • if you're using a Mac.

  • If you just put something in the recycle bin,

  • that's not actually deleting it in any meaningful way at all.

  • It hides the icon.

  • You can't really click on that icon anymore,

  • but you haven't deleted that file, and you probably

  • know this because you can restore things from the recycle bin.

  • But even when you empty the recycle bin or empty the trash on your machine,

  • you're still not actually deleting anything in the sense

  • that you might be thinking is how we delete things.

  • Instead, your computer's just forgetting what was there before.

  • But those bits and bytes that comprise those files that you have deleted

  • are still there, and that creates a couple of really interesting security

  • implications.

  • So files that get deleted aren't really deleted,

  • which means that we can recover the information from them if we need to.

  • How exactly might we do that?

  • Well, there's definitely some tools out there that can be used to do this.

  • And again, this requires that the hard drive was not

  • physically destroyed in some way by the collapse of the read write arm.

  • But we can literally just connect the hard drive to something and have

  • a specialized tool that reads over all of those individual sectors

  • on the disk-- and this is a very slow operation for sure--

  • read over all of the individual sectors on that disk and just

  • say, well, this is a zero and this is a one and this is a zero

  • and this is a one until we end up with this huge file that

  • is all the zeros and ones that comprised what was originally

  • the state of that hard drive.

  • And we usually refer to this file that gets created,

  • this clone of the hard drive, as a for forensic image.

  • It's really just a huge file that is a complete replication

  • of the bit by bit content as well as any metadata that

  • might be associated with it that can be then created

  • and read on a different computer so that even though the hard drive this was

  • plugged into, maybe the computer got destroyed,

  • where we can make a copy of it and read it on a different machine instead.

  • So we go from this to how do people pick out what those files were?

  • Again, computers only understand zeros and ones

  • and at the end of the day, all of the stuff that

  • is stored in your hard drive, all those files,

  • anything that was stored in RAM when it was powered,

  • is still just zeros and ones.

  • They don't have icons like we see on our desktop.

  • They don't mean anything intuitively.

  • So how do we figure out what those files are?

  • Well, it turns out that many of them have what is called a signature

  • or a magic number associated with them.

  • A magic number is just a way to refer to the first few bytes of a file

  • where many file types, for examples, PDFs, most image files, most music file

  • types and so on, happen to start in a particular way.

  • This isn't a way that we ever see when we open one of these files.

  • But in the metadata at the beginning of those files,

  • there's usually a sequence of bytes that represent

  • a signature in effect of saying, the file that I'm about to open is a PDF,

  • and you can generally rely on that because these first four bytes

  • or whatever are these values.

  • Now again, it's four to eight bytes, which

  • means there are two to the 32 to two to the 256ish possibilities for what

  • these first bits are.

  • That's a lot of different combinations.

  • And so if we see a magic number randomly appear in some forensic image

  • or on some hard drive, the odds are pretty

  • good that if we see that pattern, we know that that pattern generally

  • refers to a file of that type, that what we have found

  • is the beginning of a file of exactly that type.

  • And we can start to interpret it in that way

  • maybe and maybe be able to reconstruct something from it.

  • So for example, it turns out that most PDFs have in their metadata--

  • and we never really see this--

  • the characters percent PDF at the beginning of them.

  • And that translates into this sequence of bits using the Ascii

  • table that we've talked about before, and we

  • don't need to get into a lot of detail, and it translates

  • into these hexadecimal values.

  • And so generally, if we happen to encounter exactly this pattern of 32

  • bits, which we should only expect to see at the beginning of a PDF

  • or otherwise once every one in two to the 32nd times--

  • like it's pretty uncommon to see exactly this pattern

  • and we're looking for exactly that pattern.

  • If we see those bits, generally what we can do

  • is start to interpret the rest of this file as a PDF

  • until we encounter some signature that we've reached the end of that.

  • Whether that's a whole bunch of zeros or whether that's a signature

  • that is again perhaps the start of another PDF.

  • Now, of course it's possible that you'll end up with a false positive.

  • For example, anybody who's examining these slides

  • at some point in the future-- say that my hard drive crashed

  • and I happen to literally have the characters percent

  • PDF typed on to this slide.

  • If you were to forensically recover my hard drive and analyze it

  • and you found this PowerPoint file that is where I'm presenting the slides from

  • and you saw literally the characters percent PDF in it as zeros and ones,

  • you might mistakenly think, this happens to be a PDF

  • and start to interpret from this point forward,

  • this yellow point forward as a PDF.

  • But it wouldn't work.

  • And that's OK.

  • You might get a false positive sometimes,

  • and then you just kind of disregard it and you keep looking.

  • You look for a different type of file.

  • You look for a different file signature and so on.

  • But it can happen that you have a false positive like this

  • in situations where you're trying to sort it out,

  • because you have no other context clues.

  • All you have are the bits and the information

  • that you know about file signatures.

  • OK, so we have this empty trash or empty recycle bin icon or menu

  • option on our computers.

  • But now we know it doesn't actually empty the trash at all.

  • So how do we actually delete files from our hard drives

  • as opposed to just having our hard drives forget

  • or our systems forget where on the hard drive that file lived?

  • We probably want to do that at some point, get rid of the data

  • on our machines.

  • How exactly can we go about that?

  • Well, there's actually relatively few ways to actually delete this data.

  • The first of which we've already kind of discussed,

  • which is physically destroying the hard drive.

  • There are services out there that will shred your hard drives for you.

  • If your read write arm breaks in a catastrophic way,

  • your read write arm will shred the device for you itself.

  • That's one way to ensure that your data is protected or deleted

  • is to make it absolutely impossible to recover information

  • from it by physical destruction.

  • You can use a tool called a degausser A degausser is really

  • just a very strong magnet that you hold over the device for a period of time.

  • It will also usually cause some sort of physical damage,

  • because it's also going to mess up some of the metal that

  • is inside the machine that is not storing data

  • but is just structural metal.

  • So usually a degausser will not only wipe out information

  • by setting all of the bits, flipping the polarity of all the bits from south

  • to north or something like that, but it will also

  • usually cause some sort of mechanical wear just based

  • on the strength of that magnet.

  • But then we have this thing Secure Empty Trash.

  • We saw this in the menu a second ago.

  • What do you think Secure Empty Trash might do?

  • Well, one thing that you might think is that it

  • would overwrite the data with random bits, and you would be correct.

  • That's what Secure Empty Trash does.

  • So instead of just deleting information from the hard drive

  • by forgetting where it lives, instead we actually go to that spot.

  • And instead of writing all zeros or all ones,

  • we just write random bits over it.

  • But it turns out that this is actually not good enough

  • to delete information on a single pass.

  • But a single pass is actually what Secure Empty Trash does.

  • It only makes one pass through, randomly setting each bit of that file

  • to a one or a zero.

  • But it turns out, and the physics of this is a little bit beyond me,

  • but it turns out that when the polarity of a magnet on a hard drive

  • is flipped from zero to one, there's actually sort of this lingering halo

  • effect that it leaves behind so that you can tell that this bit is a one now,

  • but it used to be a zero.

  • And that effect lingers for a little while.

  • But if you keep changing it multiple times over and over,

  • eventually that effect gets lost.

  • So you can tell what bits--

  • imagine every bit was a one after you make one pass through it.

  • All of those things that were ones before, their polarity didn't flip.

  • There's no halo effect.

  • But everything that used to be zero and is now a one

  • has this slight signature left behind that says, this used to be a zero.

  • And a good forensic analyst is able to take a look at that.

  • As it reads, it can read the polarity of the magnet

  • and see that it's slightly not exactly zero and not exactly one and say, OK.

  • Well this bit probably used to be the opposite.

  • And so even making one random pass across a hard drive

  • is not enough to definitely securely erase the data on it.

  • You actually have to make it's considered

  • to be seven passes is the industry standard

  • to make sure that enough randomness has affected each of the individual magnets

  • such that you can't tell what was there before.

  • So to truly securely erase the hard drive and preserve it in a state where

  • you can actually use it, you need to use--

  • and there are software tools that do this--

  • a tool that will overwrite the drive randomly

  • multiple times to eliminate any of that lingering halo effect.

  • But Secure Empty Trash does not do that.

  • It only makes a single pass over the drive.

  • So enough to cover it up for undescerning

  • eyes, but experts who study this and work with this kind of data

  • regularly might still be able to figure out what the original data was

  • if just a single pass is made.

  • So why is this important?

  • Well, there's two reasons.

  • One, as attorneys, we want to make sure that we are doing everything

  • we can to protect our clients' data.

  • And also as we're working with those who may be less technically inclined, it's

  • important for us as part of our competent representation of clients

  • to inform them about what we can about the technology implications of some

  • of the things they do from a legal perspective.

  • And so if you're working in a large firm environment or as an in-house counsel,

  • it's probably not going to fall to you as an attorney

  • to develop some sort of protocol for establishing the best

  • practices for working with client data.

  • But it is really useful to understand what these protocols are

  • and how you might be able to contribute to a conversation

  • about making these protocols more robust.

  • Here are some basic strategies that you can use as an attorney

  • to protect your own client data but also to advise clients

  • so that they can protect their data for their clients and so on.

  • So the first one is quite easy, and that is to encrypt your hard drive.

  • So we talked about encryption previously,

  • but you can also encrypt your own hard drive such

  • that when your computer turns on, you need to enter a password.

  • It's again similar to this public private key idea

  • that we've previously discussed.

  • You need to type in this password in order for your entire hard drive

  • to be unencrypted such that you can then read the data on it.

  • Most operating systems now provide tools that

  • are built into the operating system itself so that you can do this.

  • So there's really no excuse not to do it.

  • It is a very easy, straightforward and simple way

  • to take a pretty strong step at protecting the data on your machine

  • easily.

  • Again, this usually requires a password.

  • Typically it'll be after you turn your computer on before the operating

  • system itself loads, the operating system being one of the few things that

  • is not encrypted such that it can then open the files

  • and unencrypt everything and so on.

  • But it will not proceed past the operating system load point

  • until that password is provided.

  • But do be careful, because some of these systems,

  • particularly the more advanced ones, after a certain number

  • of incorrect guesses will begin to securely wipe your hard drive using

  • multiple passes of zeros and ones.

  • And so if you think there's a danger that you might forget your master

  • password so to speak for this hard drive encryption,

  • you might want to keep something somewhere to remind you.

  • I wouldn't recommend like sticking a sticky note on the monitor

  • or anything like that, but have some sort of way

  • to remember that password in the event that you might forget it,

  • because you might lose data if you guess wrong too many times depending

  • on which hard drive encryption tool you are using.

  • Another relatively easy thing to do is to avoid

  • using insecure wireless networks.

  • These are generally not as common anymore.

  • Most people have wireless networks that require a password,

  • and usually wireless networks that require a password will then

  • have encryption for that individual making the connection

  • on the system on the network.

  • But unsecured networks do provide opportunities

  • for those listening using tools that are called packet sniffers, which

  • are literally just listening and gathering

  • data on all of the packets of information

  • that are being transmitted over the internet in the vicinity

  • of the unsecured wireless network.

  • And so you might see-- this as a screenshot of a tool called Wireshark,

  • and it's a little blurry.

  • There's not a lot of relevant information here.

  • But on an unsecured network, it is possible to read

  • all of the bytes and bits that are flowing through,

  • translate them into their Ascii equivalence,

  • and realize that this person is providing a username

  • and password and an action logging in.

  • And so anybody who is able to then take this information and see what IP

  • address it came from-- and we'll talk about IP addresses shortly as well--

  • or where it was going to might be able to use

  • that data to log in as that person, which would definitely not

  • be a good thing at all.

  • One way to get around this if you find yourself in a situation

  • where you need to connect to the internet to do work

  • or for whatever reason you need to be connected to the internet

  • even if you're not sure about the quality of the network

  • is to rely on private or work provided VPN services.

  • VPN is a virtual private network, and it provides a way

  • to connect to a trusted encrypted network, have that network act as you,

  • effectively for providing encryption services for your web traffic

  • even if you're not sure that your traffic itself is unencrypted.

  • So VPNs are available at most businesses or also available online.

  • Relatively inexpensively, you can buy tools

  • that would allow you to make use of a virtual private network.

  • Password managers.

  • Password managers are great.

  • Honestly, I can tell you that I don't know most of the passwords

  • that I use on a daily basis because I rely on a password manager.

  • There are several services out there--

  • Last Pass, One Password, and others.

  • Basically, the idea is the tool will generate passwords for you.

  • You only have to remember the master password, the one

  • password that you can use to unlock everything

  • to open the password manager itself.

  • And then once you're logged into the password manager,

  • you just direct it to log in on your behalf to different services.

  • You usually tell it this is the URL I'd like you to go to,

  • this is the username to use, and then the secretly generated password

  • that you don't generally know is stored in the password manager itself.

  • Some of these tools are local to your machine.

  • More often than not, they are starting to migrate

  • to be cloud based services, which does introduce another interesting question

  • of do you trust your data to be stored on the cloud as opposed

  • to being stored on your device?

  • And that's really a question that you should

  • consider when you're thinking about using one of these tools.

  • Most of these tools also have an excellent secondary effect,

  • which is that they often provide two factor authentication support.

  • And two factor authentication is something

  • that we will talk about shortly as well, but it is usually something

  • that you know, like a password or something

  • that the password manager knows, and something you have like your cell

  • phone, for example, that might be getting a text message with a code

  • that you're you're supposed to enter as well.

  • And the idea is that an adversary who is trying to hack into your account

  • probably may know your password but won't have your phone,

  • or may have your phone because they took it but won't know your password.

  • And so these two factors are designed to preempt basic hacking attempts.

  • But as I mentioned, these tools are great,

  • but you should be skeptical of them, particularly

  • if they are cloud based, because it is possible for bad things to happen.

  • So for example, not too long ago, a few million users

  • of the password manager Blur had information that was leaked online.

  • None of this information was actually their passwords.

  • It was more customer related information, sort of ancillary

  • this is their email address and some other stuff.

  • But it hits a little close to home.

  • And so again, always be skeptical when thinking

  • about your own data and your clients' data.

  • But these tools are generally more good than bad.

  • But again, the decision of whether to use these tools really

  • does ultimately fall to you having done research into them,

  • seeing whether or not they make sense for you,

  • whether you want to take advantage of the advantages that they offer.

  • If you're not going to use a password manager,

  • you should at least be sure to use complex passwords

  • and certainly make sure to avoid using the same password for multiple services

  • unless it's like a throw away password that you use on things

  • that you don't care about.

  • But you want to definitely avoid using the same password

  • on important services.

  • So like your Gmail account or any client log in related information

  • that you have, or anything banking.

  • You want to use different passwords for all of those things.

  • Passwords that have less than eight characters

  • or less than or equal to eight characters,

  • you should effectively consider have been broken and hacked already.

  • Those are not secure.

  • Computers are definitely powerful enough nowadays that it can be brute forced

  • in a relatively short amount of time.

  • We're still talking maybe days here for an eight character password,

  • but that is not that much of an effort.

  • Passwords should be at least 12 characters now for sure.

  • You should definitely have a mix of uppercase, lowercase letters, numbers,

  • symbols, anything like that.

  • But anything that is less than or equal to eight characters

  • should definitely be considered to be effectively hacked already.

  • And if it hasn't been hacked already, certainly it

  • is capable of being hacked very easily by anybody who

  • wants to put in the effort to do so.

  • You should also change your passwords as frequently as you can.

  • For example, I have a bank that requires me to change my password every 90 days

  • in order to continue to use their online banking services.

  • And on the one hand, yes, you may find that kind of annoying.

  • But on the other hand, it's good to keep things changing so that you're never

  • having a password get stale and potentially then leaving it vulnerable,

  • especially if it's the password that you may have

  • used on multiple services in the past.

  • It's a good thing to keep in mind, especially

  • if you don't have that many passwords that you

  • need to maintain to change them as frequently as you're able to.

  • Creating backups.

  • Creating backups of information is really

  • important, because sometimes things will go wrong that you don't expect,

  • like maybe your hard drive will suffer some sort

  • of catastrophic mechanical failure and you wouldn't otherwise have a way

  • to get that information back.

  • So periodically backing your data up protects you

  • in the event of hardware failure or in the event

  • of some sort of ransomware attack where an adversary breaks

  • into your network, your office's network for example,

  • and doesn't take any data away but encrypts it using their own public

  • and private key such that there's no way for you

  • to read that information until you usually pay them

  • some ransom, which is usually money or something like that

  • or bitcoin or the like.

  • So you should back your data up pretty regularly.

  • You can back it up in the cloud using cloud based document storage services.

  • You can also just back it up on paper in certain situations as well.

  • But definitely back it up to non network connected machines,

  • so a computer that you have that is never connected to the internet

  • and is primarily used just for its hard drive space, basically.

  • Or to flash drives or CD ROMS if you're still using that technology.

  • Just have some offline way to access important data in the event

  • that something goes really, really wrong.

  • Also, have an archival plan for data.

  • You don't need to keep data around forever.

  • We oftentimes think that because we're living in this digital age

  • that everything we do persists forever and needs to persist forever

  • and is tracked.

  • But that's not entirely true, particularly

  • if we are proactive in doing our part to archive or delete data

  • when we no longer need it.

  • Particularly when you're considering client data,

  • it is important to develop a consistent plan for when

  • you are done working with that data.

  • So for example, it may be the case that in your firm after three years of no

  • longer having any matters related to that client,

  • it is just your office's policy to delete that client's data.

  • And that might mean transferring other data that

  • might be on a shared disk with them off of it

  • and literally going through the process of either destroying the drive

  • or doing the multiple passes over the drive using zeros and ones randomly

  • just to obscure that data, because having that policy of not keeping

  • things forever generally protects you, protect your clients if that data is

  • no longer needed.

  • Also, make talking about data security a priority.

  • I know it's not exactly the buzziest conversation

  • to have around the water cooler, but a lot of people

  • are not as thoughtful about technology as you may be taking this course.

  • And it may be a shock to them to realize that when

  • they delete a file on their machine, it doesn't actually do anything,

  • basically.

  • It just forgets that information, but that information still lives on.

  • You don't have to be a tech expert to educate others.

  • Particularly as someone who's coming into it with maybe a bit more of a leg

  • up in understanding technology, speaking to individuals

  • who may not know anything about what this technology is you

  • can really do yourself and your colleagues and your clients a service

  • by making this part of a typical conversation.

  • Share your knowledge with others in your office and in your field.

  • And finally, think about establishing a compliance protocol.

  • A lot of these things that I've just described

  • are very, very easy to set up at the outset.

  • It is not difficult to say, I'm going to change all my passwords,

  • and I'm going to use this password manager,

  • and I'm going to write this policy for deleting information and archiving

  • information periodically.

  • The problem is that it becomes over time something that we forget to do.

  • And having regular periods of having someone

  • designated to make sure that these policies are being followed

  • is really important, as we'll see shortly when we talk about some

  • of the ABA ethical requirements for lawyers dealing with technology.

  • You want to make sure that if you establish some of these ground rules

  • for working with data, that you continue to follow these rules as you work

  • with this data for the months and years and so on going forward

  • as opposed to just doing it once and forgetting about it.

  • Because technology is not static.

  • It's going to continue to advance, and we need

  • to stay ahead of that as attorneys.

  • It's part of our obligation to really understand this technology,

  • stay current with any changes, and adapt and change our policies accordingly

  • so that we're always staying as close to the cutting edge as we possibly can.

  • I really encourage you to volunteer with the compliance team.

  • You may have a compliance team, particularly

  • if you are at a large office or in-house counsel

  • setting, who is tasked with developing these technological policies.

  • And even if you don't feel like you want to advise on new avenues to pursue

  • or new policies to initiate, you still should be part of that conversation.

  • You do bring something valuable to the conversation just having the knowledge

  • that you have from a course like this and should be part of this conversation

  • so that you can contribute to it more in the future as well.

  • I'd like to conclude our discussion today about security

  • by drawing your attention to two really important ABA ethical decisions

  • that relate to lawyers and technology and what

  • lawyers should do in the event of a data breach at their office.

  • And let's start by taking a look at formal opinion 477R which

  • was released by the ABA in May of 2017.

  • This opinion deals with attorneys' obligations with respect to technical

  • know how.

  • So it is now considered part of competent representation

  • for an attorney to be considerate of the technological implications of what

  • they do in their office.

  • What does it mean to store documents?

  • What does it mean to secure communications with clients?

  • It is incumbent upon us as lawyers to stay abreast of these developments

  • and really be informed about them and inform

  • our clients about the ramifications of some

  • of these new technological advancements.

  • It also formalizes the requirement of offices and firms

  • to have a compliance protocol.

  • What do you do when you receive client data?

  • Now, this opinion came out in 2017.

  • It replaced something from 1999, which at the time

  • the previous ABA opinion stated that all communications, including

  • unsecured unencrypted email, were generally

  • considered quote unquote secured.

  • Obviously, I think we can agree that is not the case anymore

  • and certainly the ABA agrees that is not the case anymore.

  • That's because we've transitioned from a time when a lot of lawyerly work

  • was done not using the internet, not using emails.

  • It was done using fax and paper and so on.

  • And now we've transitioned to a mostly electronic way

  • of providing legal services to our clients,

  • and so our technological rules of our self-governing ethics

  • need to evolve to account for that.

  • It also brings up a very interesting question which is something just

  • to think about going forward or discuss with others in your group of how

  • do you reconcile a situation where you have a client who doesn't want

  • to use secured communications or doesn't want

  • to secure their data in working with you?

  • How does that square with your job or your requirement

  • as an attorney to ethically abide by this opinion

  • and be mindful and guard clients against technological mistakes?

  • Is it possible to provide competent representation to a client

  • if they are unwilling to adhere to your firm's compliance protocol?

  • It's a really interesting question that I don't have an answer to

  • but provokes an interesting discussion about what does it

  • mean for us to have client intake and work with clients,

  • and what happens when the client's wishes run

  • against our ethical obligations?

  • That's not a novel question to lawyers.

  • That presents itself in different ways, but via technology,

  • do we have yet another way we might have to consider this dilemma?

  • Subsequent to 477R, a year and a half later in October of 2018,

  • the ABA issued formal opinion 483, which kind of

  • is the natural follow on to 477R, which deals with what

  • happens if a lawyer's information is breached?

  • If there is a data breach at the firm and client data is compromised,

  • what do you have to do?

  • One important thing to think about here is that this opinion formalizes

  • the notion that has sort have long been held in technological circles

  • that there are two kinds of businesses that exist--

  • ones that have been hacked, and ones that will be.

  • Not ones that might be or not ones that could be.

  • And perhaps even these are ones that have been and they don't know it yet.

  • But it's just such a part of life nowadays

  • that businesses either have been hacked or will be hacked,

  • and that is the mindset that you should have

  • when you are thinking about protecting client data, bringing in consultants,

  • and hiring people to do their best work to defend your clients' data.

  • Now, it turns out that law firms tend to be excellent targets for hackers,

  • and the reason for that is that they have a lot of very valuable data.

  • And unfortunately, the history is such that it is not always as well protected

  • by law firms as it might have been by the clients themselves,

  • because we as lawyers have been as equipped

  • to have a conversation about technology and how that technology might

  • affect our representation of clients.

  • The opinion describes a bunch of different cyber episodes, so to speak,

  • that might comprise a data breach, which would rise to the level of needing

  • to report to a client.

  • These include things such as ransomware attacks,

  • as we've discussed a little bit earlier today,

  • systems attacks that might break or somehow damage

  • the infrastructure of the firm or workplace,

  • as well as exfiltrations, which are probably the worst

  • kind of breach, which is someone hacks into your system

  • and is able to remove data such that you may not even have a copy of that data

  • anymore, and that's why having backups is so important, but removes

  • that data from your servers, for example, to the adversary's servers.

  • There is no ethical violation in being hacked.

  • It's really important to make that very clear.

  • The ethical violation occurs when non reasonable efforts are made,

  • unreasonable efforts are made to protect that data.

  • If we as attorneys are making reasonable efforts to protect our clients' data

  • and we still get hacked, we have not necessarily done anything wrong

  • as long as we were doing our best to protect or prevent that

  • from happening in the first place and once we

  • detect that it has happened, to make every reasonable effort to stop

  • the attack if it is ongoing from continuing.

  • This also introduces a very interesting question

  • of what to do with former client data that has been hacked,

  • and that's why it's really important to establish

  • some sort of archival or deletion plan for working with that data.

  • The ABA proposes a couple of different ways

  • to resolve how to deal with informing a former client about information related

  • to a hack.

  • But one of the most important things to draw from this opinion, I would say,

  • is discussion about data retention needs to be

  • part of your firm's intake process or your intake

  • process for dealing with new clients.

  • Who owns what has always sort of been part of the conversation.

  • Generally as we know, we return client data to them

  • when we are done working with it.

  • How does this work in a digital context?

  • It is really important for your intake plan

  • at your firm to handle what happens to digital versions of client data

  • when the representation has concluded because the matter has concluded.

  • Speaking of concluded, that is going to wrap up our discussion today

  • on security.

  • This will be the first of our two discussions

  • generally at length about security in the legal context.

  • But hopefully you've come away from today

  • with a better understanding of how your system works, what memory is,

  • and why when we delete things on our hard drives,

  • it doesn't actually get deleted and what some of the ramifications

  • might be for that.

  • And hopefully you also have come away from this

  • with an understanding of what to do going forward establishing

  • best practices for working with client data

  • to stay within the ethical guidelines proposed by the ABA,

  • and just to generally have a more technical conversation with clients

  • about your representation of them and what happens to their data

  • when that representation has concluded.

[MUSIC PLAYING]

Subtitles and vocabulary

Click the word to look it up Click the word to find further inforamtion about it