Jason Tashea’s 1/10/19 article in the ABA Journal online, “How to redact a PDF and protect your clients,” further affirms the dangers of legacy software, underestimating technology risk, and mindset; yet it fails to identify current Infosecurity software solutions.
The article hovers over a disastrous court filing by the criminal defense attorneys for Paul Manafort, President Trump’s beleaguered ex-campaign chair. The filing countered accusations made by special counsel Robert Mueller’s office that Manafort lied to his investigators in violation of his plea bargain.
While the Special Counsel’s filings were properly redacted of confidential information, defense counsel’s reply was not, revealing for the first time publicly a previously undisclosed accusation.
Story details can be found in the New York Times, The Washington Post, and Vox, revealing the redacted text could be read by anyone who copied and pasted it into a new document…which many (including the media) did with relish. In other words, the black highlights disappeared (because the redaction layer did not transfer).
As we pointed out in our Blog post, The Manafort Redaction Disaster Could Have (And Should Have) Been Prevented with Technology and Education, “This latest Manafort technology failure teaches us that teaming together clients and attorneys untrained in Infosecurity is the perfect storm for cyber disaster.”
Tashea explains that the error, though inexcusable, occurs quite often for the technologically untrained. To prevent redaction-free transfer, Adobe Acrobat Pro (or equivalent open source) must be engaged by applying the mark-for-redaction tool. Apparently, that was not done. Yet as we observed in our Blog post, Rethinking Redaction, proper redaction technique is set forth on federal district court websites.
Tashea wisely reminds lawyers that only “supported” Adobe Acrobat Pro software should be used. When “end of mainstream support” arrives, e.g., Windows XP in 2014, you are on your own, and if you aren’t updating your software regularly, you are (arguably) negligently risking privileged client files.
Which brings us to the issue of technology education and risk. The ABA Standing Committee on Ethics and Responsibility has weighed in strongly on this subject. ABA Model Rule 1.1 on the duty of competence now expressly incorporates the requirement that attorneys keep “abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology.” MR 1.1[8], emphasis added.
As we said in Rethinking Redaction, “Today, software applications enable all Word and PDF documents to be color-coded, differentially-protected, differentially-shared, and monitored from cradle-to-grave. Access can be open or limited by word, line, or document, and banned to anyone without a password and proprietary access. Every open, share, and print is documented, and access can be revoked or expanded at any time to meet client needs, attorney needs, or court orders.”
But there’s more. In addition to the foregoing, information security software applications permit all privileged materials to reverse accessibility. In other words, even if unredacted material reached the wrong eyes, access to it can be digitally revoked. None of that can be accomplished with simple PDF redaction.
Keeping abreast of changes in the benefits and risks associated with relevant technology, would have prevented or reversed the Manafort Disaster, not just through proper redaction technique, but through state-of-the-art technology. It would seem that ABA 1.1 would demand nothing less.