Louise Matsakis’ 1/9/19 article in Wired, “Paul Manafort Is Terrible with Technology,” and L.V. Anderson’s 1/8/19 article in Digg, “Lawyers File Response to Mueller Claims, Accidentally Fail to Properly Redact The Secret Stuff,” eloquently converge to illustrate the dangers of legacy software and mindset.
The headline grabber stems from an explosive announcement made by the Mueller camp late last November that Manafort breached his cooperation agreement by lying to prosecutors. If the charges were correct, Mueller’s favorable plea deal was off the table and he might face a potential life sentence (due to his age) behind prison. Just days ago, Manafort’s legal team replied, averring that their client “provided complete and truthful information to the best of his ability.”
However, the reply also inadvertently revealed damaging details about Manafort’s alleged crimes due to a redaction error. As initially reported by Guardian writer Joe Swain in his 1/8/19 article, the world learned that “Manafort shared polling data on 2016 election with elusive Russian” because his attorneys thought a pdf was redacted using a black bar when it was not.
Anderson described the release of this information as “basic incompetence on the part of Paul Manafort’s attorneys.” That’s because the attorney’s redaction via black bars “can easily be revealed by simply highlighting those bars and copying and pasting [the redacted] text into a new document.” This is a rookie error that a hardworking, well-intentioned attorney or legal staff could easily make without knowing how to properly redact a pdf. And this lack of knowledge may well stem from the outdated culture of law firms when it comes to staff education and technology implementation.
A Little Knowledge is Worse than None at All
As Matsakis’ article points out, for Manafort technology may even be a curse, spreading from his own history of Infosecurity errors to that of his legal team. Back in 2017, the FBI’s cyber squad learned Manafort used various derivations of “bond007” as passwords, thereby accessing his old Adobe and Dropbox accounts which revealed damaging information. There Manafort broke the cardinal rule to always use sophisticated, bizarre passwords that bear no association to each other or you. Then Manafort used encrypted messaging services like WhatsApp to send secret information but failed to turn off the setting automatically storing the message in the clouds in unencrypted format.
There are Solutions
This latest Manafort technology failure teaches us that teaming together clients and attorneys who are both untrained and uneducated in Infosecurity is the perfect storm for cyber disaster. Today, attorneys can redact documents from cradle-to-grave, protect and share confidential information differentially, i.e., share to different people depending on defined access permissions, and retroactively revoke access given to redacted portions of documents that have already been disclosed. Encryption software is also available to any attorney who wants to use it, as are continuing education classes on how Infosecurity works in a modern age.
As we’ve noted, the problem lies at least in part in the technology culture of most law firms. Despite cyber alarm-bells ringing 24/7, lawyers have a reputation of being technology luddites. Law firms are often deemed the weakest link in the cyber-security chain, prompting more and more organizations to audit their outside attorney’s cybersecurity practices. And though we know don’t know the exact details of the Manafort redaction error, we can say this: with basic cybersecurity knowledge, this wouldn’t have happened in the first place.