With lawyers and clients working from home, we have come to rely more heavily than ever before on relatively less secure IT applications and systems, outside the tested company firewalls, often using personal devices and consumer-grade connections that may leave us comically stuttering or dropping in and out of video conferences and potentially exposing confidential exchanges to bombers and trolls – or to more serious hackers. We have had to quickly adapt to utilizing Internet-based chat apps, once the preserve of teenagers and after-hours socializing, now critical for daily business functions. We are learning how to take precautions with conferencing apps that were designed for board meetings and sales pitches but are now employed for everything from teaching students at home to conducting court hearings. (UK Prime Minister Boris Johnson inadvertently gave us all an object lesson in videoconference security when he tweeted a screenshot of his first-ever virtual cabinet meeting -- complete with the Zoom meeting ID for all the world to see.) Companies are scrambling to download VPNs and security software on employee smartphones and laptops while making the necessary updates to their employee privacy policies and “acceptable use” terms for company network access.
COVID has accelerated the take-up of cloud-based software-as-a-service (SaaS), a trend that has been going on for years, where companies subscribe to the software and access it by the Internet. Increasingly, they also host their data in the cloud, renting space and services from AWS, IBM, or others rather than building their own data centres. It turns out that the cloud model is an advantage when workers are at home but have Internet connections.
As major vendors integrate productivity applications with communications, the majority of large enterprises, and an increasing number of small and medium enterprises, are adopting these solutions. A CNBC survey in December 2019 reported that Microsoft Teams, which integrates the Microsoft (formerly Office) 365 suite with Skype for Business, had overtaken Slack for group communications. Cisco offers some similar functionality with Webex Teams, and Zoom phone goes beyond conferencing now to provide calling, chat, and messaging. Tens of millions of business users were subscribed to these cloud-based applications before the COVID lockdowns, and their use has skyrocketed since. It is not likely a temporary phenomenon.
But the cloud model raises security and privacy issues, often cross-border, that lawyers can help their clients tackle. Several countries (including China and Russia) have adopted data localization measures that effectively require local data hosting. Many restrict the use of encryption. The European Union and many other jurisdictions with comprehensive data protection laws impose conditions on the transfer of personally identifiable information. Several countries restrict voice over Internet protocol applications such as Skype and WhatsApp that bypass telephone tolls or government surveillance (although some of these restrictions have been temporarily eased during the COVID crisis).