Legal Industry and Data Security

ArticSoft PGP compatible products provide you with the following benefits:

• Complete client confidentiality
• Removes potential liability for disclosure
• Certainty information came from your firm
• Compliance with current privacy legislation
• Prevents viruses and hacking attacks
• Proof of source of documents

How FileAssurity OpenPGP Enteprise meets lawyer's demands

In any law practice there are a number of critical requirements to be met before any file or e-mail encryption service can be accepted:
 

1. encrypted information must only be read by those specific individuals authorized to see and use it (this does not include the IT department)
    
2. a partner must be able to gain access to any encrypted information whenever there is a need to do so
    
3. matters being dealt with by a department must be capable of being handled by any member of the department
    
4. secretaries must be able to move mail from one mailbox to another without being able to read the contents themselves
    
5. clients must be able to make use of the service without any prior notice
    
6. the law firm needs to be confident that their system cannot be misused by those who have left the firm.
    

ArticSoft's FileAssurity OpenPGP Enteprise provides a number of novel features that ensure the law firm retains all its current flexibility without compromising any of its internal controls or customer care and confidentiality.

1. Controlled access
   ArticSoft use public key technology to ensure that only the person(s) who are intended to receive the information are able to decrypt it.   The use of digital signatures also ensures that you know who authorized the document.
    
2. Accessing all information
   As you would expect, CA provides an information recovery system such that, provided two authorized members of the firm approve, any information encrypted by a member of the firm can be recovered.   This may be any two individuals rather than specific people.
    
3. Departmental use
   ArticSoft provide a unique capability - to allow all designated members of a group - whether this is the entire firm, a specific department or just individuals associated with a specific matter - to share encrypted documents without any other members of the firm (except under 2 above) being able to read or use any of the documents.   This has significant benefits.   You can publish a single key for the whole firm so that potential client enquiries can be carried out in complete confidence.   Your clients can be certain who is able to see what they are sending, just by choosing whether to communicate with an individual or a group within the firm.   Client confidentiality is fully maintained at all times.
    
4. Secretarial management
   Just as secretaries are able to re-route post when a specific fee earner is not available, so, given the proper permissions in the e-mail system, secretaries will be able to forward encrypted information to those able to deal with it.  
    
5. Client use
   You are able to accept PKI or PGP keys from your clients, if they already use that system themselves. Otherwise you are able to issue them with a keystore that you have generated and can vouch for, and you can send them the software or provide a download link.   Your clients can be operating in a totally secure mode with you in minutes.   You can decide how long they are able to use the system, and can bill them for the provision of the service.
    
6. Preventing misuse
   One of the biggest concerns in the use of these technologies is preventing people from misusing their authority once they have left the firm (or ceased to be a client).   FileAssurity OpenPGP gives you a very flexible way of controlling the situation.

You can decide how often the user has to verify their authority with you before being able to use the service.   This can vary from every time they logon, to once a day, week, month or year, or anything in between.   The client program is preset so that it will not allow the user to operate the system unless they have realtime authorization from you.

Further, checks are made to ensure that the user does not attempt to alter their computer system in order to try and bypass this control.

As a result, you can be confident that people can only do what they have been authorized to do.   There is no complexity about publishing 'revocation' lists or verifying certificates.   If you remove them from the system they are no longer able to use the service and cannot compromise your operations or use any encrypted information that they already hold. You are in control.