Hello Hacker News,
Here's a pain point my lawyer friend has - in order to reduce her liability exposure she has to find a way to securely send files to her clients. She asked me how to do this, and I don't know a good way. She's an estate lawyer so a lot of her clients are on the older side and not too tech savvy.
I know that she could password-protect the docs, but she would still have to email the passwords to her clients, which defeats the whole scheme.
Does anyone have any ideas on how to do this? Does anyone know of any web apps that would let her upload the docs and then invite people to look at the docs - sort of a specialized / streamlined / secure version of google docs? I am pretty sure that she'd pay a monthly subscription fee if that would solve her problem.
(Her email to me is below ...)
----------
Well, I have an ulcer after attending a webinar sponsored by my malpractice carrier. Lawyers may have to deal with the FACTA rules which has "red flag rules" to prevent id theft. You may know about this. I basically know nothing.
During the seminar, the speaker said that encrypting data (separating the client name from the information) helps. More and more, I send clients drafts and final pdf docs via email. What can you tell me about encrypting? I have received encrypted attachments from two financial planners in the past, and I thought they were being way too Dick Tracey at the time; however, it seems this is the future. They would send me a password to open the docs (couldn't someone intercept the password?).
What do I need to know? Big sigh. Thanks SO MUCH.
2. Use password protected PDFs. Tell your lawyer friend to use the person's last name and/or DOB (or some equivalently easy to remember token) as the password. Pre-arrange the password over the phone--since it is based on their name it is easy to tell them what it is. The key here is to stop the vast majority of folks who might stumble across the email. Again, given a sufficiently motivated intruder, this is pointless, but still more secure than plain old email.
3. Use encrypted archives of the documents. The files can be encrypted with AES256 or an equivalently difficult cypher. Test the type of archive/encryption to ensure that Windows XP and above will be able to decrypt the file easily w/ the build in archive folders. This can avoid any potential compatibility problems with #2 from above. It might introduce new ones.
Using a web drop service doesn't eliminate the need to protect the file. If you password protect the file then you need to share the password. If you password protect access to the file, you need to share the password. The link in an email is nearly equivalent to an attachment, so it doesn't really solve anything unless you have an easy way to share a secret with the receiver.