[Dave Heal's] Observations & Reports

Letter to an Erstwhile Valedictorian

As your 1L year gets under way, increasing numbers of adults in your life will describe the main difficulty of the first year of law school as “learning to think like a lawyer.” Not only do they make it sound exhausting and terrible, but loads of them have packaged this observation along with a general admonition against becoming a lawyer at all. This is information that might have been helpful a year or so ago but now seems more like hostility cloaked as advice. They’ll come brandishing out-of-context Shakespeare quotes and bemoaning the state of tort reform in two-sentence talking points and will aggressively accuse you of mortgaging your future only to be turned into a bigger and more useless jerk than you already are. There may be something to that last bit, actually, but now’s not the time to sort all that out.

You’d like to imagine, after having probably taken some time off, invented PCR, joined and left the academy, or done some other remarkable thing with your giant brain, that you at least have a reasonable shot at being good at and might even enjoy this “thinking like a lawyer.” What this usually refers to, I’m guessing, is mostly a kind of unalloyed reasoning process, having something to do with the ability to dispassionately carve up complex problems into their constituent parts and progress logically to a solution.

Pleasant surprise time: most of it really isn’t that new. Sure, there’s something uniquely systematic and initially slightly foreign about reading and processing caselaw. But if you’ve worked at all with texts or done any scientific problem solving (making a bong out of your Mountain Dew emphatically does NOT count), or even been able to reliably find Waldo, you’ve probably got the tools to do a passable job at reading legal opinions after some practice. That these opinions often more closely resemble Lewis Carroll’s Jabberwocky than something you’d expect to be a guide to the law will provide a considerable obstacle to your understanding. But eventually you’ll learn to distinguish legal sense from nonsense as well.

Like the MBA, the JD is a professional degree, and you should be prepared to be somewhat underwhelmed by the intellectual stimulation offered by some of the courses you’ll have to take. But look on the bright side: judging from a very small sample of, well, me and my roommate, your legal training will amplify your already heightened sense of your own rightness. And at the very least you will gain the ability to verbally bludgeon your mildly inebriated friends at home into acknowledging how right you are about everything all the time. Now, there are less expensive ways of becoming no fun at parties, but this is the particular one you chose, and you should embrace it. Or at least use your new power with care.

Indeed, what should instill you 1Ls with The Fear is not the Socratic method but rather the prospect of turning into that annoying cocktail party lawyer who thinks the rest of the civilized world always gives a crap about the fine distinctions that you’re going to be learning to care about. I believe that people who come into law school as tactful, empathetic people will usually emerge pretty much unscathed, taking with them some valuable tools and hopefully discarding whatever obnoxious groupthink tendencies are engendered by a prolonged suckling at a common teat. Thankfully, most of us are no longer 18 and therefore not as susceptible to turning into the legal equivalent of the obnoxious freshman philosophy major who’s just had his first Hegel-induced erection. But let this be a reminder: law school doesn’t have to change who you are. That may sound incredibly obvious and corny, but it becomes less self-evident the deeper in you get.

Not only does law school seem especially successful at burning think-like-a-lawyer pathways into the brains of eager, impressionable students, but it also seems to lock them irreversibly into writing really really lame prose. I would never begrudge your looking forward to peppering your casual speech with archaic latin phrases in that typically student-y way that results in a lot of creolization and awful puns. See, for example, my 7th grade Spanish class and the inevitable deployment of the made-up verb ‘ramajar,’ which provided four marking periods of juvenile comic relief before our teacher relented and finally taught us some sex slang. But there really should be an activist group lobbying against the yearly creation of thousands of head-smackingly dull prose stylists. On the other hand, according to one Georgetown Law professor at an event I attended before law school, few of his students knew how to write in the first place. So maybe there’s something noble in merely teaching us how to write a minimally comprehensible complete sentence, even if it’s only minimally comprehensible to a small subset of the population. That being said, your first exposure to Alex Kozinski or Oliver Wendell Holmes should convince you that you don’t have to give up writing lucid, unique prose in order to be precise and persuasive.

And so with that, here’s some unsolicited but heartfelt advice:

  1. Continue to do other things that make you happy. Law school can be dull and all-consuming, but everybody here used to have interests and even passions that didn’t involve Aspen Publishing. Keep doing them or your soul will die a thousand deaths.
  2. Having more or less failed at doing this during my 1L year I know it’s difficult, but try to keep reading stuff for pleasure. Whether it’s fiction or non-fiction or the Superficialist, it will be good for both your writing and your mental health to think about other things for some non-trivial amount of time every week. If you have to write it into your iCal in order to get it done, do it.

And finally, and most importantly:

  1. Give your classmates a break. Most people are kind of scared and intimidated and self-conscious about seeming smart. If on a daily basis you can try and be self-aware enough to acknowledge your own similar feelings, it’ll be easier to cut the kid in the front row some slack for being a bit overeager and obnoxious. This will probably take a substantial amount of effort and concentration. And, if you are like me, some days you won’t be able to do it. But on most days, if you’re conscious enough to give yourself a choice, you can choose to look differently at the guy or girl in your section that everybody dismissed as a gunner on the first day. Some of those people may be assholes, but many of them are good and well-meaning. Empathy isn’t a skill that is taught here, but if you can at least attempt to give people the benefit of the doubt, I’ve discovered they often surprise you.

1Ls, I wish you [way more than] luck!

Rethinking Rethinking the Cloud

Or: Why Does David Dahl Hate Janitors?

David Dahl is the CTO of Total Attorneys, which provides “law firm solutions” (ed: blargh!) for small law firms & solo practitioners. This appears to involve marketing, virtual administrative services (they will answer your phones and schedule appointments for you), and generally helping with client management. He recently wrote a blog post titled “Rethinking the Cloud” in which he responds to an ABA journal article by Joe Dysart that rightly expressed some caution about law firms’ increasing use of cloud-based software and storage [solutions!].

Indeed, increasing numbers of lawyers are expected to find themselves embracing and endorsing the same computing technologies they now view as risky once they decide the risk is worth it.-Joe Dysart in “The Trouble with Terabytes”

Mr. Dysart is half right. It’s true that most attorneys will embrace cloud technology in the next few years because it’s easier, more convenient and less expensive. But unless misunderstanding abounds, lawyers won’t be making that choice “in spite of the risks”. They’ll be embracing new technology because in addition to being simple, flexible and cheap, it’s safer than the way they’ve always done business.

Here, as elsewhere on the Total Attorneys website, Dahl asserts that not only is cloud computing safer than on-site, but that it’s so safe that “unless misunderstanding abounds” there isn’t even a risk analysis to be done. From the end of the post:

Cloud-based computing, though, is a complete departure from that trend—it may be the first major technological development that offers a solution to security issues for attorneys rather than throwing them into a complicated analysis of acceptable risk. [emphasis added]

This makes no sense. And even if the decision to move some portion of your data to the cloud was a no-brainer, deciding from among the various SaaS (software as a service) providers is no less complicated. I doubt that Dahl would dispute this if asked directly, but in his rush to create business-generating soundbites about the safety of cloud services he ends up ignoring the complexities involved and completely sidesteps the concerns of the ABA article, which raises some very real issues about privacy, data security and the ease with which the government can obtain access to your data.

Dahl’s case for the obviousness of cloud storage takes the form of a tortured analogy:

The security concerns raised in the recent ABA Journal article “The Trouble with Terabytes” reminded me of something I observed a few years ago when my wife and I were building our house. During the transition, we put some of our furniture and other random things in a storage unit, and the security was impressive. Security cameras monitored the premises every hour of the day and night; a locked gate kept the public out, and a lock on the storage unit kept my things locked in – I guess.. That was all very reassuring. Once we were ready to move in, everything left the storage facility, into the shiny new house with a couple dead-bolts – no constant video surveillance or levels of locked doors protecting my couch.

Most business data, even in law firms, lives in a place much more like my living room than that storage facility. Mr. Dysart encourages attorneys to question whether bank-grade encryption is sufficient to protect their client data. However, small firm and solo attorneys often store that data unencrypted on a local machine accessible not only to any employee but to the cleaning crew and the building manager.That data resides on a server protected by a door and a lock not unlike those protecting my couch, whereas cloud service providers typically use servers in secure data centers much more like the secure storage unit. And that’s only the beginning.

In the presentation I linked to above (“as elsewhere” hyperlink), Dahl once again needlessly impugns the janitorial profession. He seems to be exceedingly paranoid about the possibility of malevolent custodians. Which, when you really think about it, does make some sense as everybody knows that the greatest threat to data security is the steady and unacknowledged infiltration of janitorial unions by those seeking to destroy small law firms.

Before we go on, let’s be clear about one thing: David Dahl is not a lawyer. This is, on balance, a good thing for Mr. Dahl, but that does render him a bit more suspect when it comes to his pronouncements about the unalloyed benefits of cloud computing, especially for entities such as law firms that should be thinking seriously about the legal implications of moving their communications and data storage to the cloud.

The Stored Communications Act of 1986 (18 U.S.C. 2701 et . seq.)

The SCA regulates the circumstances under which a company (“electronic communication service” in the language of the statute) can divulge information about a customer’s electronic communications to a private party. Congress passed the SCA to prohibit a provider of an electronic communication service “from knowingly divulging the contents of any communication while in electronic storage by that service to any person other then the addressee or intended recipient.” S.Rep. No. 99-541, 97th Cong. 2nd Sess. 37, reprinted in 1986 U.S.C.C.A.N. 3555, 3591.

Sounds great, right? Well, the government has long maintained that an email is no longer “in electronic storage” once it has been read by the recipient. Moreover, the application of the Fourth Amendment to the Internet is kind of a mess, and the SCA is no small part of that mess. The statute allows the government to access remotely stored electronic communications in certain circumstances without having to get a warrant. Information that has been stored for fewer than 180 days requires a warrant, but 2703(a) & (b) state that for information that has been in storage longer than 180 days, the government may obtain that information using administrative subpoena or a court order. Essentially, for information older than 180 days, the government does not need to show probable cause. This section of the law is arguably unconstitutional, but it’s still on the books.

So, contrary to Mr. Dahl’s categorical statements, this would seem to be a relevant thing to consider when deciding between on-site and remote storage of an entire law firm’s communications. Moreover, once your activity moves to the cloud, you are no longer in control of data retention periods (unless you are able to negotiate this separately). If Google or Yahoo or your email provider of choice decides that they want to retain infinity years worth of data, when the government comes calling, there is no plausible deniability. On the other hand, so long as you’re complying with the laws regarding minimum retention periods, you are free to delete your records. Which means that if there’s nothing for the government to request, there’s nothing for you to divulge.

The final slide in the presentation linked above is the following:

Image and video hosting by TinyPic

I find this hilarious. #1 is not true in any meaningful sense. Being “already in the cloud,” by which I assume he means that almost all of us use a cloud-based service of some sort, doesn’t mean that moving your law firm’s entire infrastructure to the cloud isn’t potentially new or scary. #2 does not compute. The language here is rather ineptly invoking the 4th Amendment search standard from Katz v. United States, which found the government’s action constituted an unlawful search because the person demonstrated a reasonable expectation of privacy over the object involved. I don’t know what Dahl had in mind with this second bullet point, but the result is the creation of a false sense of security about the protections afforded by the law to electronic communications hosted by third parties. #3 may even be true based on the “more often” language, but given that Dahl never talks about the vulnerabilities associated with cloud storage, this isn’t a good faith description of the risks involved either.

It should be clear at this point that I don’t think that Dahl’s analogy of on-site data storage:locked house::cloud storage:high-security self-storage locker is particularly apt. For a much longer and more-expert take on why, check out privacy/security researcher Chris Soghoian‘s work. In particular, An End to Privacy Theatre: Exposing and Discouraging Corporate Disclosure of User Data to the Government & Caught in the Cloud: Privacy, Encryption, and Government Back Doors in the Web 2.0 Era.