MTC: 📱 Protecting Client Confidentiality NOW in Anticipation of Holiday Travel - Essential Digital Security Guide for Lawyers!

/ The Tech-Savvy Lawyer.Page/

Lawyers know your rights and responsibilities when crossing an international boarder.

As legal professionals prepare for the busy holiday travel season from November through early January, an alarming trend demands immediate attention. U.S. Customs and Border Protection (CBP) conducted a record-breaking 14,899 electronic device searches between April and June 2025—a 16.7% increase over the previous quarterly high. With nearly 15,000 devices examined in just three months, lawyers carrying client data face unprecedented risks to attorney-client privilege.

The timing coincides with significant TSA rule changes that fundamentally alter airport security protocols. Secretary Kristi Noem announced the elimination of shoe removal requirements at checkpoints, while implementing advanced facial recognition technology through TSA PreCheck Touchless ID at select airports. These changes represent the most substantial security overhaul since 9/11, creating new vulnerabilities for legal professionals.

Understanding the Current Threat Landscape

Border searches have escalated dramatically over the past decade. From 8,503 searches in 2015, the numbers jumped to 46,362 in fiscal year 2024. The latest data shows CBP conducting 13,824 basic searches and 1,075 advanced searches during the recent quarter. Basic searches involve manual inspection of device contents, while advanced searches employ forensic tools to extract comprehensive data repositories.

Legal professionals face particular vulnerability because electronic devices commonly contain materials protected by attorney-client privilege. The New York City Bar Association addressed this concern with its Formal Opinion 2017-5 directly, noting that attorneys carry confidential client communications, work product, and sensitive case materials on personal devices. When border agents request device access, lawyers must balance professional obligations with potential entry denial or device confiscation.

Professional Ethical Obligations

The American Bar Association has urged the Department of Homeland Security to establish policies protecting attorney-client privilege during border searches. However, current CBP policies permit extensive searching authority under the border search exception, which allows warrantless inspections within 100 miles of international borders. This doctrine significantly reduces Fourth Amendment protections for travelers, including U.S. citizens.

New York lawyers operating under Rule 1.6 must take reasonable steps to prevent unauthorized disclosure of confidential information. The reasonableness standard requires evaluating potential harm against disclosure likelihood. For attorneys whose practice involves government agencies as opposing parties, heightened precautions become necessary.

Practical Protection Strategies

Modern legal practice demands strategic preparation for international travel. Attorneys should evaluate necessity before carrying confidential information across borders. Essential data should remain minimal—only materials professionally required for specific travel purposes. Cloud-based storage offers significant protection since CBP cannot access remotely stored information during searches.

Encryption provides another critical layer of defense. Strong passwords and disabled biometric authentication prevent immediate access. Restarting your device before reaching the border forces manual password entry rather than biometric unlocking, effectively blocking access for those without proper credentials. For maximum protection, consider using alphanumeric passwords of at least 12 characters combining uppercase letters, numbers, and special symbols. Some firms implement clean device policies, providing employees with minimal-data devices for international travel. Virtual private networks (VPN) and secure remote access solutions allow attorneys to retrieve necessary information without local storage. Additional protective measures include enabling two-factor authentication on cloud accounts, using encrypted messaging applications like Signal for client communications, and implementing remote wipe capabilities for lost or confiscated devices.

Don’t get caught not protecting your client’s pii when traveling!

Technology considerations extend beyond individual devices. The implementation of CT scanners at major airports enables enhanced screening capabilities, while new facial recognition systems create biometric templates for identity verification. These advances improve security efficiency but raise additional privacy concerns for legal professionals handling sensitive cases involving government oversight, immigration matters, or politically sensitive litigation where client anonymity becomes paramount.

Legal authorities have issued specific guidance regarding these new biometric screening protocols. The Privacy and Civil Liberties Oversight Board recommends that TSA's facial recognition program remain voluntary for all passengers, while twelve bipartisan U.S. Senators have called for comprehensive oversight of the technology's expansion. Privacy and digital rights experts advise attorneys to exercise their right to opt out of facial recognition screening by politely requesting alternative identity verification procedures, especially when handling sensitive or high-risk matters. According to the TSA's own policies, travelers can decline biometric scanning without penalty or additional scrutiny. However, studies show that 99% of travelers are not verbally informed of this option by TSA agents, making proactive assertion of opt-out rights essential. The American Bar Association and bar associations recommend attorneys stay informed about biometric screening procedures and safeguard client confidentiality during travel. For attorneys handling cases where government surveillance poses particular risks, consistently opting out of facial recognition becomes a professional obligation to protect client interests and maintain confidentiality.

Preparing for Holiday Travel Season

The holiday travel period presents unique challenges. TSA expects record-breaking passenger volumes during Thanksgiving week, with peak travel days including November 26-27 and December 1. Christmas travel intensifies December 20-22 and December 26. New Year's travel typically peaks December 29 and January 2-3. These high-volume periods increase security scrutiny and delay risks.

Attorneys should develop comprehensive travel protocols before departure. Essential preparations include identifying devices containing client data, securing informed consent for potential disclosure, and establishing communication protocols with firm leadership. Bar identification cards help verify professional status during searches. Legal counsel should remain accessible for consultation during border encounters.

Response Protocols During Searches

When facing device searches, attorneys should immediately identify themselves as legal professionals and notify agents about privileged content. CBP policies require consultation with agency counsel before searching devices containing claimed privileged materials. (See 5.2.1.2) However, this protection offers limited practical value since determination processes remain unclear.

Professional obligations continue during border encounters. Attorneys must object to searches on privilege grounds while understanding that resistance may result in device confiscation or entry complications. U.S. citizens cannot be denied entry, but devices may face extended detention for forensic examination. Non-citizens risk entry denial entirely.

Post-Search Obligations

Following any disclosure of confidential information, attorneys must promptly notify affected clients pursuant to professional responsibility rules. Documentation requirements include recording disclosed materials, identifying involved personnel, and implementing remedial measures. Firms should establish incident response protocols addressing client notification, privilege assertions, and regulatory compliance.

Final Thoughts: Looking Forward

you have certain rights when dealing with boarder patrol.

The legal profession must adapt to evolving security landscapes while maintaining ethical obligations. Holiday travel season presents heightened risks due to increased passenger volumes and enhanced scrutiny. Legal professionals should prioritize preparation, implement robust data protection protocols, and maintain clear communication with clients about potential disclosure risks.

As border search authority continues expanding and technology enables more intrusive examinations, the legal profession must advocate for meaningful protections while developing practical compliance strategies. The intersection of national security concerns and professional obligations requires ongoing attention from bar associations, legal practitioners, and policymakers.

The stakes are clear: protecting client confidentiality while navigating modern travel security demands requires preparation, awareness, and strategic planning. As lawyers prepare for holiday travel, implementing comprehensive digital security protocols becomes not just prudent practice, but professional obligation.

MTC

It's Happening This Saturday! Tech-Savvy Saturday Goes Live at 12 PM EST! 🎉💻

/ The Tech-Savvy Lawyer.Page/

The wait is over! This Saturday, August 30, 2025 at 12:00 PM EST, we're finally presenting "Preparing Your Old Office Technology for Your Kids' Back-to-School Success" – and it's going to be incredible! 🚀

As your award-winning host at The Tech-Savvy Lawyer.Page, I've crafted a comprehensive, action-packed session that transforms the way legal professionals approach family technology. This isn't just about repurposing equipment – it's about creating secure, efficient learning environments while maintaining the ethical standards our profession demands.

What makes this session extraordinary:

  • Step-by-step device sanitization protocols specifically designed for legal professionals.

  • Family cybersecurity strategies that protect both your practice and your children.

  • Attorney-client privilege protection during device transitions.

Your patience has been rewarded with enhanced content, deeper insights, and practical solutions you won't find anywhere else. Join hundreds of legal professionals who are already registered for what promises to be our most valuable session yet!

You can Register Here for free!

Mark your calendar: Saturday, August 30, 2025 at 12:00 PM EST ⏰

See you there! 🌟

MTC: Judicial Warnings - Courts Intensify AI Verification Standards for Legal Practice ⚖️

/ The Tech-Savvy Lawyer.Page/

Lawyers always need to check their work - AI is not infalable!

The legal profession faces an unprecedented challenge as federal courts nationwide impose increasingly harsh sanctions on attorneys who submit AI-generated hallucinated case law without proper verification. Recent court decisions demonstrate that judicial patience for unchecked artificial intelligence use has reached a breaking point, with sanctions extending far beyond monetary penalties to include professional disbarment recommendations and public censure. The August 2025 Mavy v. Commissioner of SSA case exemplifies this trend, where an Arizona federal judge imposed comprehensive sanctions including revocation of pro hac vice status and mandatory notification to state bar authorities for fabricated case citations.

The Growing Pattern of AI-Related Sanctions

Courts across the United States have documented a troubling pattern of attorneys submitting briefs containing non-existent case citations generated by artificial intelligence tools. The landmark Mata v. Avianca case established the foundation with a $5,000 fine, but subsequent decisions reveal escalating consequences. Recent sanctions include a Wyoming federal court's revocation of an attorney's pro hac vice admission after discovering eight of nine cited cases were AI hallucinations, and an Alabama federal court's decision to disqualify three Butler Snow attorneys from representation while referring them to state bar disciplinary proceedings.

The Mavy case demonstrates how systematic citation failures can trigger comprehensive judicial response. Judge Alison S. Bachus found that of 19 case citations in attorney Maren Bam's opening brief, only 5 to 7 cases existed and supported their stated propositions. The court identified three completely fabricated cases attributed to actual Arizona federal judges, including Hobbs v. Comm'r of Soc. Sec. Admin., Brown v. Colvin, and Wofford v. Berryhill—none of which existed in legal databases.

Essential Verification Protocols

Lawyers if you fail to check your work when using AI, your professional career could be in jeopardy!

Legal professionals must recognize that Federal Rule of Civil Procedure 11 requires attorneys to certify the accuracy of all court filings, regardless of their preparation method. This obligation extends to AI-assisted research and document preparation. Courts consistently emphasize that while AI use is acceptable, verification remains mandatory and non-negotiable.

The professional responsibility framework requires lawyers to independently verify every AI-suggested citation using official legal databases before submission. This includes cross-referencing case numbers, reviewing actual case holdings, and confirming that quoted material appears in the referenced decisions. The Alaska Bar Association's recent Ethics Opinion 2025-1 reinforces that confidentiality concerns also arise when specific prompts to AI tools reveal client information.

Best Practices for Technology Integration 📱

Technology-enabled practice enhancement requires structured verification protocols. Successful integration involves implementing retrieval-based legal AI systems that cite original sources alongside their outputs, maintaining human oversight for all AI-generated content, and establishing peer review processes for critical filings. Legal professionals should favor platforms that provide transparent citation practices and security compliance standards.

The North Carolina State Bar's 2024 Formal Ethics Opinion emphasizes that lawyers employing AI tools must educate themselves on associated benefits and risks while ensuring client information security. This competency standard requires ongoing education about AI capabilities, limitations, and proper implementation within ethical guidelines.

Consequences of Non-Compliance ⚠️

Recent sanctions demonstrate that monetary penalties represent only the beginning of potential consequences. Courts now impose comprehensive remedial measures including striking deficient briefs, removing attorneys from cases, requiring individual apology letters to falsely attributed judges, and forwarding sanction orders to state bar associations for disciplinary review. The Arizona court's requirement that attorney Bam notify every judge presiding over her active cases illustrates how sanctions can impact entire legal practices.

Professional discipline referrals create lasting reputational consequences that extend beyond individual cases. The Second Circuit's decision in Park v. Kim established that Rule 11 duties require attorneys to "read, and thereby confirm the existence and validity of, the legal authorities on which they rely". Failure to meet this standard reveals inadequate legal reasoning and can justify severe sanctions.

Final Thoughts - The Path Forward 🚀

Be a smart lawyer. USe AI wisely. Always check your work!

The ABA Journal's coverage of cases showing "justifiable kindness" for attorneys facing personal tragedies while committing AI errors highlights judicial recognition of human circumstances, but courts consistently maintain that personal difficulties do not excuse professional obligations. The trend toward harsher sanctions reflects judicial concern that lenient approaches have proven ineffective as deterrents.

Legal professionals must embrace transparent verification practices while acknowledging mistakes promptly when they occur. Courts consistently show greater leniency toward attorneys who immediately admit errors rather than attempting to defend indefensible positions. This approach maintains client trust while demonstrating professional integrity.

The evolving landscape requires legal professionals to balance technological innovation with fundamental ethical obligations. As Stanford research indicates that legal AI models hallucinate in approximately one out of six benchmarking queries, the imperative for rigorous verification becomes even more critical. Success in this environment demands both technological literacy and unwavering commitment to professional standards that have governed legal practice for generations.

MTC

📢 Tech-Savvy Saturday Postponement: We're Getting It Perfect for You! 🛠️✨

/ The Tech-Savvy Lawyer.Page/

I must apologize for a second postponement of our highly anticipated Tech-Savvy Saturday event, “Preparing Your Old Office Technology for Your Kids’ Back-to-School Success,” originally moved to today. The slidedeck isn’t quite ready, and you deserve engaging, practical, and properly vetted content crafted especially for our legal audience.

Thank you for your continued patience and enthusiasm. This session matters—and making sure it delivers the best possible value is my top priority. Mark your calendars for next Saturday, August 30, 2025. Expect a session packed with actionable advice, clear step-by-step instructions, and the latest insights on repurposing office tech for your family.

Stay tuned for updates and get ready for an enriched, expertly presented seminar next week. Your support means everything, and I can’t wait to see you there! 🚀

Pixel 10 Review for Lawyers

/ The Tech-Savvy Lawyer.Page/

the pixel 10 is a good phone but not without its tradeoffs.

On August 20, 2025, the Pixel 10 was revealed with a refined design, a highly capable camera system, and Google’s best AI integrations, packaging upgrades that matter for law practice workflows, mobile document management, and courtroom performance.

  • Display and Form Factor: The 6.3-inch Actua OLED display, protected by Gorilla Glass Victus 2, shines in courtroom and office lighting. Lawyers will appreciate the bright, color-accurate screen when reviewing evidence or video depositions on the go, but those who favor larger screens for multitasking may prefer Samsung’s S25 Ultra or the iPhone 16 Plus.

  • Security: Lawyers will welcome 7 years of OS, security, and Pixel Drop updates, the Titan M2 security coprocessor, and built-in VPN; these features help maintain client confidentiality and align with legal industry compliance. Android’s anti-phishing and anti-malware tools reinforce the phone’s robust defense against threats.

  • Document Capture & Communication: The triple camera system, led by a powerful 48MP wide, 13MP ultrawide, and a 10.8MP telephoto lens with 5x optical zoom, ensures legible document scans even in dim offices. Pixel’s signature Night Sight and Super Res Zoom help legal professionals snap critical case files, courtroom whiteboards, or contract amendments with superior clarity. That said, for lawyers who value top-tier video (for remote depositions), Samsung’s 8K capabilities and higher frame rates may have the edge.

  • AI Features: ‘Gemini’—Google’s advanced AI assistant—boosts search, summarization, and contextual replies in emails and messaging, expediting legal research and workflow automation from the palm of the hand. ‘Call Assist’ and Live Translate are advantageous for real-time communication with clients of diverse backgrounds, though Apple and Samsung both offer strong competition in translation and AI productivity tools - although note that at the time of the Pixel’s release Apple’s Apple Intelligence has been disappointing (but hopefully can only get better).

  • Battery and Charging: A 4,970mAh battery means over 24 hours of typical use and up to 100 hours in Extreme Battery Saver mode—critical for marathon trials or days at depositions. Wired charging up to 30W and wireless Qi2 up to 15W keep downtime minimal, although Samsung’s S25 Ultra bests Pixel in charging speed and battery size for power users.

  • Accessibility & Connectivity: Dual eSIM support, Wi-Fi 6E, Bluetooth 6, and NFC cover the connectivity needs of busy attorneys moving between offices, courtrooms, and remote client sites.

Comparison Table

Google’s Pixel 10 sets a new bar for productivity, privacy, and AI-powered features that appeal directly to lawyers and legal professionals, yet notable tradeoffs exist compared to Apple’s iPhone 16 and Samsung’s Galaxy S25 Ultra in August 2025.

📱

Google’s Pixel 10 sets a new bar for productivity, privacy, and AI-powered features that appeal directly to lawyers and legal professionals, yet notable tradeoffs exist compared to Apple’s iPhone 16 and Samsung’s Galaxy S25 Ultra in August 2025. 📱

Pros for Lawyers

  • Best-in-class security updates and built-in VPN.

  • Top-tier document and evidence capture with versatile camera system.

  • AI tools powerful for legal research, communications, and workflow efficiency.

  • Long battery life and robust durability—the all-aluminum frame and IP68 rating withstand the rigors of a law practice.

Cons for Lawyers

  • Display may be dwarfed by the S25 Ultra or iPhone 16 Pro Max, meaning less multitasking space.

  • Samsung offers superior video capture (8K, 120fps) for attorneys recording depositions or client interviews at the absolute highest quality.

  • Some legacy legal apps may still run better on iOS, and Apple’s closed ecosystem can be a compliance advantage for large law firms.

  • Although AI features are sophisticated, concerns over Google’s data handling may deter privacy-sensitive practices, whereas Apple maintains a firmer stance on local data processing.

Final Thoughts

the pixel 10 might be the right choice for lawyers starting out.

The Google Pixel 10 represents a compelling choice for legal professionals seeking robust security, AI-powered productivity, and exceptional document capture capabilities at a competitive price point. While the device excels in privacy protection with its built-in VPN, seven years of guaranteed security updates, and superior camera system for evidence documentation, attorneys must weigh these advantages against potential limitations in display size for multitasking and compatibility with legacy legal applications that may favor iOS ecosystems.

For solo practitioners and emerging law firms prioritizing cost-effectiveness without compromising security, the Pixel 10 delivers enterprise-grade protection and Google's advanced AI integration that can significantly enhance legal research workflows. However, established practices with existing Apple infrastructure or attorneys requiring the largest possible mobile screens for complex document review may find better value in the iPhone 16 Pro Max or Samsung Galaxy S25 Ultra alternatives.

The decision ultimately hinges on your firm's technology ecosystem, budget constraints, and specific workflow requirements. Legal professionals should evaluate their carrier compatibility, existing software integrations, and long-term technology strategy before making this significant productivity investment. The Pixel 10 proves that Google has created a legitimate professional tool worthy of serious legal practice consideration—not merely another consumer smartphone with legal applications as an afterthought.

How to Ask AI "Are You Sure?" for Better Legal Research Accuracy!

/ The Tech-Savvy Lawyer.Page/

Lawyers need to be “sure” their AI use is accurate

Legal professionals increasingly rely on AI tools like ChatGPT, Claude, and Google Gemini for research and document preparation. However, these powerful tools can produce inaccurate information or "hallucinations" — fabricated facts, citations, or legal precedents that appear credible but don't exist. A simple yet effective technique is asking AI systems "Are you sure?" or requesting verification of their responses.

The "Are You Sure?" Technique:

When you ask ChatGPT, Claude, or similar AI tools "Are you sure about this information?" they often engage in a second review process. This prompt triggers the AI to:

  • Re-examine the original question more carefully

  • Cross-reference information internally

  • Flag potential uncertainties in their responses

  • Provide additional context about confidence levels

For example, after receiving an AI response about case law, follow up with: "Are you sure this case citation is accurate? Please double-check the details." This often reveals when the AI is uncertain or has potentially fabricated information.

Other AI Verification Features

Google Gemini offers a built-in "double-check" feature that uses Google Search to verify responses against web sources. However, this feature can make mistakes and may show contradictory information.

Claude AI focuses on thorough reasoning and can be prompted to verify complex legal analysis through step-by-step breakdowns.

ChatGPT can be instructed to provide sources and verify information when specifically requested, though it requires explicit prompting for verification.

Essential Legal Practice Reminders 

While AI verification techniques help identify potential inaccuracies, they never replace the fundamental duty of legal professionals to verify all citations, case law, and factual claims. Recent court cases have imposed sanctions on attorneys who submitted AI-generated content without proper verification. If you don’t, you run the risk of running afoul of the ABA Model Rules of Professional Conduct — including Rule 1.1 (Competence), which requires the legal knowledge, skill, and thoroughness reasonably necessary for representation; Rule 1.1, Comment 8, which stresses that competent representation includes keeping abreast of the benefits and risks associated with relevant technology; Rule 1.3 (Diligence), which obligates attorneys to act with commitment and promptness; and Rule 3.3 (Candor Toward the Tribunal), which prohibits attorneys from knowingly making false statements or failing to correct false material before the court.

Best practices for legal AI use include:

  • Always verify AI-generated citations against primary sources

  • Never submit AI content without human review

  • Maintain clear policies about AI use in your practice

  • Understand that professional responsibility remains with the attorney, not the AI tool

The "Are you sure?" technique serves as a helpful first-line check when you notice something seems off in AI responses, but thorough legal research and verification remain your professional responsibility. Your reputation and bar license could depend on it.

TSS: Repurpose Your Old Work Tech Into Family Learning Tools This Back-to-School Season 💻📚

/ The Tech-Savvy Lawyer.Page/

repurposing your tech for your children can be a platform for a talk with your school kids on the Safe use of Tech.

The new school year approaches, and your children need reliable technology. Before you head to the electronics store, consider the laptops and tablets gathering dust in your office closet or your current devices that you are about to upgrade. With proper preparation, these work devices can become powerful educational tools while teaching your family essential cybersecurity skills.

Why Lawyer Parents Need This Workshop 🎯

As attorneys, we face unique challenges when transitioning work devices to family use. Attorney-client privilege concerns, firm policy compliance, and data breach liability create legal risks most parents never consider. Our August Tech-Savvy Saturday seminar addresses these challenges head-on with practical solutions.

What You'll Master in This Essential Session 🛡️

Device Sanitization for Legal Professionals: Step-by-step Windows, Mac OS, iOS, and Android procedures that protect privileged information while preparing devices for family use. We cover complete data wiping, software licensing removal, and documentation requirements.

Family Technology Management Systems: Implementation strategies for password managers, shared calendars, and network security configurations that work for legal families. Special focus on co-parenting considerations and court-approved platforms.

Family Cyber Talks should be routine!

Age-Appropriate Cybersecurity Education: From elementary through college-age guidance on digital citizenship, password security, and online safety. Critical discussions about digital permanence and the serious legal consequences of non-consensual intimate image sharing.

Emergency Response Planning: Practical protocols for handling cyberbullying, predator contact, and other digital crises. Know when to involve law enforcement versus school administration.

Register Now for August Tech-Savvy Saturday 🚀

This workshop combines legal ethics with practical family technology management. You'll leave with actionable checklists, template agreements, and the confidence to transform old work devices into safe learning tools.

🎙️Ep. 118: Essential Legal Tech Competency - Colin S. Levy on Building Foundational Technology Skills for Modern Lawyers!

/ The Tech-Savvy Lawyer.Page/

My next guest is Colin Levy, General Counsel at Malbek. Colin is a leading voice in legal innovation. During our interview, he shared practical insights on building foundational legal tech skills for modern lawyers.

During the conversation, Colin outlines the top three steps every lawyer should take to develop legal tech competency, regardless of their technical background. He emphasizes the ethical responsibilities that lawyers face when utilizing AI, particularly the risks associated with unchecked reliance on generative tools and the need to acknowledge potential inaccuracies. Colin also shared some great tips on how to better utilize legal professionals' use of Microsoft Word to improve efficiency and save time (and money💰). In discussing the adoption of new technology, he underscores the importance of defining problems, clarifying desired outcomes, and fully leveraging existing tools before selecting new solutions strategically.

Join Colin and me as we discuss the following three questions and more!

  1. Based on his extensive experience interviewing legal tech leaders and your role as general counsel at Malbek, Colin provides the top three foundational steps every lawyer should take today to build their legal tech competency, regardless of their current technical skill level.

  2. Colin shares three specific ways lawyers can immediately improve their document drafting efficiency using existing technology tools, and how this foundational competence connects to more advanced legal tech adoption.

  3. Colin has conducted hundreds of interviews with legal tech leaders and now serves as general counsel for a CLM company.  He has seen both the vendor and practitioner perspectives. Colin shares his top three strategic considerations lawyers should evaluate when selecting and implementing new technology solutions to ensure they actually improve client service delivery and practice efficiency rather than just adding complexity.

In our conversation, we covered the following:

[01:28] Colin's Tech Setup

[11:14] The Three Core Steps to Legal Tech Competency

[13:17] AI Tools and Ethical Considerations

[17:29] Improving Document Drafting Efficiency

[23:15] Strategic Considerations for Technology Selection

Resources:

Connect with Colin:

Mentioned in the episode:

Hardware mentioned in the conversation:

Software & Cloud Services mentioned in the conversation:

🧐 MTC/🚨 BOLO - Court Filing Systems Under Siege: The Cybersecurity Crisis Every Lawyer Must Address!

/ The Tech-Savvy Lawyer.Page/

🔐 The Uncomfortable Truth About Court Filing Security 📊

Federal court filing systems are under attack! Are your client’s information protected?!

The federal judiciary's electronic case management system (CM/ECF) and PACER have been described as "unsustainable due to cyber risks". This isn't hyperbole – it's the official assessment from federal court officials who acknowledge that these systems, which legal professionals use daily for document uploads and case management, face "unrelenting security threats of extraordinary gravity".

Recent breaches have exposed sealed court documents, including confidential informant identities, arrest warrants, and national security information. Russian state-linked actors are suspected in these intrusions, which exploited security flaws that have been known since 2020. The attacks were described by one federal judiciary insider as being like "taking candy from a baby".

Human Error: The Persistent Vulnerability 🎯

Programs like #ILTACON2025’s "Anatomy of a Cyberattack" demonstrations that draw packed conference rooms highlight a critical truth: 50% of law firms now identify phishing as their top security threat, surpassing ransomware for the first time. This shift signals that cybercriminals have evolved from automated malware to sophisticated human-operated attacks that exploit our psychological weaknesses rather than just technical ones.

Consider these sobering statistics: 29% of law firms experienced security breaches in 2023, with 49% of data breaches involving stolen credentials. Most concerning is that only 58% of law firms provide regular cybersecurity training to employees, leaving the majority vulnerable to the very human errors that sophisticated attackers are designed to exploit.

What Lawyers Must Do Immediately 🛡️

Model rules require lawyers be aware of electronic court filing “insecurities”!

First, acknowledge that your court filings are not secure by default. The federal court system has implemented emergency procedures that require highly sensitive documents to be filed on paper or on secure devices, rather than through electronic systems. This should serve as a wake-up call about the vulnerabilities inherent in digital filing processes.

Second, implement multi-factor authentication everywhere. Despite its critical importance, 77% of law firms still don't use two-factor authentication. The federal courts only began requiring this basic security measure in May 2025 – decades after the technology became standard elsewhere.

Third, encrypt everything. Only half of law firms use file encryption, and just 40% employ email encryption. Given that legal professionals handle some of society's most sensitive information, these numbers represent a profound failure of professional responsibility.

Beyond Basic Defenses 🔍

Credential stuffing attacks exploit password reuse across platforms. When professionals use the same password for their court filing accounts and personal services, a breach anywhere becomes a breach everywhere. Implement unique, complex passwords for all systems, supported by password managers.

Cloud misconfiguration presents another critical vulnerability. Many law firms assume their technology providers have enabled security features by default, but the reality is that two-factor authentication and other protections often require explicit activation. Don't assume – verify and enable every available security feature.

Third-party vendor risks cannot be ignored. Only 35% of law firms have formal policies for managing vendor cybersecurity risks, yet these partnerships often provide attackers with indirect access to sensitive systems.

The Compliance Imperative 📋

The regulatory landscape is tightening rapidly. SEC rules now require public companies to disclose material cybersecurity incidents within four business days. While this doesn't directly apply to all law firms, it signals the direction of regulatory expectations. Client trust and professional liability exposure make cybersecurity failures increasingly expensive propositions.

Recent class-action lawsuits against law firms for inadequate data protection demonstrate that clients are no longer accepting security failures as inevitable business risks. The average cost of a legal industry data breach reached $7.13 million in 2020, making prevention significantly more cost-effective than remediation.

Final Thoughts: A Call to Professional Action ⚖️

Lawyers are a first-line defender of their client’s protected information.

The cybersecurity sessions are standing room only because lawyers are finally recognizing what cybersecurity professionals have known for years: the threat landscape has fundamentally changed. Nation-state actors, organized crime groups, and sophisticated cybercriminals view law firms as high-value targets containing treasure troves of confidential information.

The federal court system's acknowledgment that its filing systems require complete overhaul should prompt every legal professional to audit their own digital security practices. If the federal judiciary, with its vast resources and expertise, struggles with these challenges, individual practitioners and firms face even greater risks.

The legal profession's ethical obligations to protect client confidentiality extend into the digital realm. See ABA Model Rules 1.1, 1.1(8), and 1.6. This isn't about becoming cybersecurity experts – it's about implementing reasonable safeguards commensurate with the risks we face. When human error remains the biggest vulnerability, the solution lies in better training, stronger systems, and a cultural shift that treats cybersecurity as a core professional competency rather than an optional technical consideration.

The standing-room-only cybersecurity sessions reflect a profession in transition. The question isn't whether lawyers need to take cybersecurity seriously – recent breaches have answered that definitively. The question is whether we'll act before the next breach makes the decision for us. 🚨

🚨 BOLO CYBERSECURITY ALERT: LunaSpy Android Spyware Threatens All Users—Protect Your Law Practice Now!

/ The Tech-Savvy Lawyer.Page/

Android users must be aware of potential threats to their data!

CRITICAL THREAT ALERT 🚨 A sophisticated new Android spyware campaign dubbed LunaSpy has been active since February 2025, broadly targeting Android users via messaging apps—anyone installing its fake “antivirus” could be compromised, including legal professionals. LunaSpy spreads through Telegram, WhatsApp, Signal, and other platforms by sending messages like “Hi, install this program here,” tricking victims into granting extensive device permissions after fake security scans report fabricated threats.

Once installed, LunaSpy’s capabilities pose severe risks: it steals passwords from browsers and messaging apps, intercepts text messages (including two-factor codes), records audio and video via microphones and cameras, captures screen contents (e.g., client documents, case notes), and tracks real-time location (e.g., revealing meetings and court visits). Kaspersky researchers have linked over 150 command-and-control servers to LunaSpy’s global network, enabling continuous data exfiltration and remote command execution.

While any Android user is at risk, lawyers face heightened consequences if infected. A breach of attorney-client communications or privileged documents can trigger:

Immediate Action Steps for all Android-using legal professionals and their staff:

users are the first line of defense when it comes to preventing computer viruses on their tech!

  1. Audit and remove any unverified security or banking apps; restrict installations to Google Play only.

  2. Deploy Mobile Device Management (MDM): enforce app blacklists, remote wipe, and automated patching.

  3. Enable full-disk encryption and secure lock screens with complex passcodes or biometrics.

  4. Train staff on social engineering tactics—recognize unsolicited install prompts or links in messages.

  5. Use end-to-end encrypted desktop-based messaging for privileged communications, limiting mobile use.

  6. Establish an incident response plan: include immediate device quarantine, forensic analysis, and regulatory notification procedures.

LunaSpy is not a hypothetical risk—it’s actively compromising Android devices around the globe. Although the campaign targets the general public, legal professionals handling sensitive client data are particularly vulnerable to cascading professional, legal, and ethical consequences if infected. With over 150 active command servers and ongoing code enhancements, the threat will only escalate. Every day without these safeguards increases your exposure—act now to secure mobile devices, train teams, and reinforce your firm’s cybersecurity posture.