THE ABA CYBERSECURITY HANDBOOK
A RESOURCE FOR ATTORNEYS, LAW FIRMS, AND BUSINESS PROFESSIONALS
JILL D. RHODES AND VINCENT I. POLLEY
Cover design by Jill Tedhams/ABA Publishing.
The materials contained herein represent the opinions of the authors and/or the editors, and should not be construed to be the views or opinions of the law firms or companies with whom such persons are in partnership with, associated with, or employed by, nor of the American Bar Association or the ABA Cybersecurity Legal Task Force unless adopted pursuant to the bylaws of the Association.
Nothing contained in this book is to be considered as the rendering of legal advice for specific cases, and readers are responsible for obtaining such advice from their own legal counsel. This book is intended for educational and informational purposes only.
2013 American Bar Association. All rights reserved.
No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior written permission of the publisher. For permission contact the ABA Copyrights & Contracts Department, .
The ABA cybersecurity handbook : a resource for attorneys, law firms, and business professionals / Jill D. Rhodes and Vincent I. Polley, editors; Section of National Security Law, American Bar Association.
pages cm
Includes index.
ISBN: 978-1-62722-255-6
1. Law officesUnited States. 2. Computer securityUnited States. I. Rhodes, Jill D. (Jill Deborah) editor of compilation. II. Polley, Vincent I., editor of compilation. III. American Bar Association. Standing Committee on Law and National Security.
KF318.A7518 2013
340.684dc23
2013027279
Discounts are available for books ordered in bulk. Special consideration is given to state bars, CLE programs, and other bar-related organizations. Inquire at Book Publishing, ABA Publishing, American Bar Association, 321 N. Clark Street, Chicago, Illinois 60654-7598.
www.ShopABA.org
Dedication
This handbook is dedicated to Thomas J. Smedinghoff, ABA Cybersecurity Legal Task Force Member and contributor to this book, in honor and memory of his daughter, US Foreign Service Officer Anne T. Smedinghoff, who was killed with four other Americans in a terrorist attack on April 6, 2013, while delivering knowledge through textbooks to schoolchildren in Afghanistan.
Knowledge will forever govern ignorance; and a people who mean to be their own governours must arm themselves with the power which knowledge gives.
James Madison
Contents
By Laurel Bellows
President, American Bar Association
By Judy Miller and Harvey Rishikof, Co-Chairs
Written by Vincent I. Polley and Jill D. Rhodes
Written by Lucy L. Thomson and Randy V. Sabett
Written by Thomas J. Smedinghoff and Ruth Hill Bro
Written by Peter Geraghty, Lucian T. Pera, and Alfred J. Saikali
Written by Roland Trope
Written by Alan Charles Raul and Jonathan P. Adams, of Sidley Austin, LLP
Written by Jeffrey Allen and Ashley Hallene
Written by Jason Gonzalez and Anthony Chavez
Written by Alan Raul and Jon Adams
Written by Anjli Garg and Demetrios Eleftheriou
Written by Clark Walton and Timothy H. Edgar
Written by Michelle Richardson
Written by George B. Huff, Jr. and John A. DiMaria
Written by James L. Rhyner and H. Wesley Sunu
Foreword
By Laurel Bellows
President, American Bar Association
The American Bar Association recognizes that cybersecurity is one of the most important challenges facing our economy and nation. To examine cybersecurity from both the legal business and national security perspectives, the ABA created the Cybersecurity Legal Task Force. The association asked the Task Force to address the tough questions about the appropriate role and responsibility of lawyers in cyber-related incidents and to examine ways that lawyers and businesses can protect their practices and their clients confidential information and intellectual property.
The Task Force is proud to release the ABA Cybersecurity Handbook . The handbook is a powerful and effective tool that attorneys, law firms, in-house counsel and business professionals should utilize in understanding, planning for and responding to a cyber breach.
Thank you to the members from various sections and committeesincluding Administrative Law, Business Law, Criminal Justice, Disaster Response and Preparedness, Environment, Energy and Resources, Individual Rights and Responsibilities, International Law, Law and National Security, Law Practice Management, Litigation, Professional Responsibility, Public Utility, Communications and Transportation Law, Science and Technology Law, State and Local Government Law, Technology and Information Systems, and Tort, Trial and Insurance Practiceand the advisory team of corporate general counsel and security experts from private industry who volunteered to serve on the Task Force. I am especially grateful to Judith Miller and Harvey Rishikof for their leadership and vision.
On behalf of the entire American Bar Association, I extend our sincere appreciation to Jill Rhodes, Vince Polley and their team for their dedication, creativity and discipline in articulating the questions requiring a response and developing this handbook.
As the national voice of the legal profession, the ABA has a professional obligation to help lawyers understand and defend against cyber threats while meeting new ethical obligations. Our world will only become more reliant on technology and the Internet as we move farther into the Digital Age. I am confident that the ABA Cybersecurity Handbook will be an invaluable resource for years to come.
Introduction
ABA Cyber Legal Taskforce
By Judy Miller and Harvey Rishikof, Co-Chairs
Cyberspace has become the new domain of intense social, legal and political interest. But the cyber domain has come with threats and vulnerabilitiescybercrime, cyber espionage and cyber war. Each of these presents legal challenges appropriate for American Bar Association analysis, evaluation and discussionin an effort to help lawyers and clients in both the private and public sectors grapple with some of these issues and assist when possible in their resolution, this ABA Cybersecurity Handbook is being offered.
The ABA, under President Laurel Bellows leadership, created a Cybersecurity Legal Task Force in 2012. The Task Force is composed of representatives of all ABA entities having an interest in the cyber domain. The Task Force is guided by four goals: provide organizational cohesion and a platform for the work being done and to be done by the ABA; raise awareness of these issues in specific lawyer and client settings; ensure real involvement across the legal and technical communities; and finally, craft solutions to the strategic challenges the Task Forces work identifies, including best practices, operational solutions, and legal and policy recommendations. The ABA Cybersecurity Legal Task Force has and will bring together and highlight resources within the ABA to focus and coordinate the ABAs input into analysis of proposals on cybersecurity. Our activities have and will include:
- Facilitating collaboration and information exchange among constituent ABA entities and with relevant public agencies and private organizations;
- Serving as a clearinghouse among ABA entities, regarding cybersecurity activities, policy proposals, advocacy, publications and resources;
Next page