Musing on Ethics, Security, and Client Communication

I represent some Very Bad People. Many of my clients are people the Government would love to talk to, or at least listen in on their communications.

In light of increased awareness of Government surveillance of our every bit and byte of communication, I believe it is the responsible, ethical move to 1) stop communicating with clients via email and, and 2) set up an in-house, encrypted email system for clients to log in and communicate securely with me, sort of like what some doctor’s offices now use.

What I don’t know is whether such a system exists, off-the-shelf. I also wouldn’t trust something commercial simply because of the potential for backdoors.

This comment at Popehat outlines some of the design considerations:

For all client communication, especially criminal clients, you set up a Mac Mini server or small Linux box as a mailserver, on your premises.

This server should support IMAP-SSL ONLY for reading mail, SMTP-over-SSL for sending mail, and should REFUSE to send mail (autobounce) to anything outside your domain. (So it can’t be used to send mail that ends up turning into insecure mail, which means it only gets used to communicate with your law firm.)

When a client retains you, you create them a mail account, and all subsequent email communications are done through just that account. For an extra $200, you can hand them a preconfigured, locked down Android tablet…

This is critical:

All access is encrypted:, Any wiretap gets no content. And its configured to basically prevent screwups, since it can’t be used to send mail outside the domain. The only real metadata escaped is that your client is reading his communication with his lawyer, and roughly how much is going back & forth. So the metadata leakage is quite tolerable even if wiretapped.

Its on your premises: Rule #1 of cloud computing OPSEC: Don’t use cloud computing. Any system which needs protection from governmental attacks must be in-house.

Yet it still works with normal workflow: Everyone just has one additional email account in their mail reader, even if using their own computers.

And it can’t be abused by clients: Since its only usable for internal rather than external email, your crooks can’t use it to mail other, unrepresented crooks. Additionally, include rules that REQUIRE all mail at least CC one of the lawyers, so it can’t be abused even for “both crooks are clients” purposes without consent of a Saul Goodman like criminal attorney.

The privilege log is easy: Since its only for attorney/client and internal attorney/attorney, attorney/consultant communication, this makes that problem easier.

The only addition I would make is a web-based portal for clients without home computers, including a mobile version of the service.

It would also have to be open and auditable to assure users that it isn’t sharing communications with the government.

Since I lack the time and skills to build such a system myself, I’m thinking about commissioning someone to build it. Ideally, it would be something that could be shared with other like-minded attorneys who want to set up their own secure systems.