This article appeared in the March 2000 issue of Law Technology News.
The much-touted “Information Age” has created an incredible degree of access to information, as well as an expectation that the amount of information and level of access will continue to increase. This is a positive step for public information, but it has created a new problem: protecting sensitive information when using the Internet as a delivery mechanism. Here, the court reporter’s customary role as guardian of the record extends into protecting the integrity of court documents in cyberspace.
When delivering sensitive documents electronically, court reporters must assure that they arrive intact at their intended destination(s), and nowhere else. This is true whether those documents are sent in e-mail, placed on a Web site, or squirreled away elsewhere on the Internet for eventual pickup.
The Danger
The danger is not where most people first perceive it. Many Internet users live in fear of “hackers,” digital miscreants who are able to intercept your transcript, modify key portions undetectably, and send it on its way. Are these gremlins able to distinguish your important e-mail from the millions of others sailing down the information superhighway and snatch it from its intended route? While it is theoretically possible, the odds against such an occurrence are overwhelming.
Data pirates are far more likely to find your file at its source or destination than to intercept it in transit. Just spend a day or two looking at bulletins from CERT security advisories (www.cert.org) and reading mailing lists like BUGTRAQ and AntiOnline to see how many known security holes there are in your network systems. Unfortunately, even those with moderate computer skills can gather enough information from online sources to effect a break-in when a system administrator doesn’t promptly follow security bulletins. Yet, this scenario doesn’t represent the most likely attack.
The majority of electronic break-ins are perpetrated by insiders. It isn’t the hired computer whiz-kid that snatches the document. It’s the file clerk in the law office who employs a password from a Post-it note stuck to the legal secretary’s monitor, or simply uses a computer left on while its owner goes to lunch. It’s much easier to bribe a low-level employee than to determine where documents are stored and break into the system.
Spending thousands of dollars on firewalls and electronic intrusion protection is worthless in this situation. Luckily, prevention is easy. Assume that all sensitive documents have the potential to be accessed by unauthorized personnel, and assure that (a) the document will be useless to them if they get it, and (b) you’ll be able to detect any modifications to the document. How can you accomplish this? Using encryption and its sidekick, digital signatures.
Verifying The Document
A digital signature verifies two things: the source of a document, and its integrity. When a court reporter electronically signs a transcript, the entire document is mathematically manipulated to produce a fingerprint, which is then encrypted along with a unique ID. When the recipient checks the signature, it will fail to verify if even a single character has been changed. This assures that your copy of the document has not been tampered with, and that it came from the court reporter it purports to come from.
The simplest way to sign documents electronically is to use systems like PGP (Pretty Good Privacy) or VeriSign, which have gained widespread acceptance as secure signature systems, and have no per-use cost. Other benefits can be gained by using systems like the Digital Notary from Surety Technologies, which can verify not only the source and authenticity, but also other information like the date when the document was signed.
In the days of proprietary e-mail systems, “return receipts” were a standard feature. The interoperability and flexibility of the Internet has brought many benefits, but reliable and consistent return receipts were lost. The court reporter has no way of guaranteeing what kind of computer the recipient of an e-mail will be using, much less which of dozens of e-mail programs.
E-mail, however, is by no means the only way to deliver documents. In the case of transcripts and other court documents, it is most likely not even the most common method.
The client/server structure of the Internet allows court reporters to place a document on a server with restricted access. The document is then held for pickup by the attorneys, who must pass virtual security checkpoints to gain access. This verifies the identity of the recipients, allows each to pick up the document at his or her leisure, and prevents “clogged e-mail syndrome,” where megabytes of documents must be processed before the e-mail program can pick up other critical e-mail.
Most server programs keep logs of who has accessed the documents, and these logs can be used in lieu of return receipts to assure that the documents have, indeed, been picked up.
The downside, as discussed earlier, is that Internet servers are inherently hackable. A talented hacker (more correctly called a “cracker” in this context) masquerading as a valid recipient could pick up a copy of a sensitive document, and the really good ones know how to modify the log files almost undetectably to keep their intrusion secret.
Keeping Out The Rabble
This is where encryption comes in. Whether using a dedicated system such as e-transcript from PubNETics, or using ASCII transcripts with a generalized encryption program like PGP, court reporters can lock up the transcript so that when our theoretical malfeasant snatches a copy of the document, it is unreadable and therefore useless.
All of this technology does not abrogate the attorney’s responsibility to protect private information, it only simplifies the process. Nor is encryption a panacea. Increasing the security of a system or process correspondingly increases the complexity and decreases its convenience. Court reporters must now redefine their roles as guardians of the record, protecting the integrity, confidentiality, and authenticity of documents as they travel through the uncharted waters of cyberspace. Like realtime transcription, this is yet another milestone in the evolution of the court reporting profession.
Gary D. Robson 