No problems with email here, but then again we dont use Microsoft exchange.

One example is the Voltage Security Network (http://vsn.voltage.com)

This solution does offer a transparent solution in the form of a plug-in for encryption and decryption.

As far as I’m concerned, however, the most important and interesting elements of this post and the comments that followed it are the references to privacy, security and encryption. It’s very true that standard email tools generally do not encrypt the message before sending it; but the capability to do so, cheaply, has been around for years, ever since Phil Zimmerman publicly released PGP (Pretty Good Privacy) and gave the world free public key encryption and (incidentally) it’s first T-shirt classified as a munition under US export law.

The reason the majority of email is still not encrypted is because it requires some effort on the part of both the sender and receiver to implement. (As an aside, routinely encrypting all your email communications would be a wonderful way of filtering out spam, because anyone who sent you something which was not encrypted is probably not someone you wanted to hear from in the first place…) It does not require a degree in computer science, but it does require you to know how to use the tools properly – and by far the vast majority of people would much prefer to hit send and move on.

This is much less of a problem in a modern web browser, because the encryption systems are already built into the browser, so when you connect to a secure site (like your online banking system), the browser handles all the encryption for you. All you (the end user) need to know if your identity and password or passphrase. The same is true for any other secure type of application, including the secured extranets Jordan mentions in point 1 of his post.

The differences here are not ones to do with technology; they’re to do with people, and more specifically with social inertia. The reason people don’t use encryption in email is mostly because it requires effort on their part to do so; they use it in most other aspects of their on-line lives because (to borrow a phrase from my educational pantheon) it’s “transparent to the user”. So moving the online legal microcosm away from email will require not just the members of the legal profession, but also their clients, to modify a social behaviour which has become entrenched over the last 20 to 30 years.

How long it will take to do that is anyone’s guess, but it’s unlikely to be a short or simple process. Will your large corporate clients do it quickly? Of course, because it’s in their best interests to do so, and because they have IT staffs to handle it for them. Private individuals will follow only if you and the computing industry can make it simple, painless, cheap and above all else effective for them to do so.

I’m curious – not that I expect an answer through this medium – but how many of the people reading this blog routinely encrypt their personal or professional communications over email?

I completely agree. Email is typically not encrypted and therefore not the safest method of communicating with clients. Each of my clients has their own secure homepage from my virtual law office where we may communicate, upload and download documents, handle billing, etc. all online but in a secure environment.

You wouldn’t conduct online banking through email so why expect clients to transfer sensitive legal matters that way? Clients expect something more from their attorneys than email when it comes to security. The tech and security are available; it’s just up to attorneys to embrace the change.