Jump to content
House Price Crash Forum

Archived

This topic is now archived and is closed to further replies.

Sledgehead

Just how stupid and backward are solicitors?

Recommended Posts

So, I'm trying to get my solicitor to have a care for my privacy by requiring them to encrypt my medical records before sending them over email. The result is a comedy of repeated errors.

First they complain that they just don't usually do 'that sort of thing'. Hardly surprising for a group of people who think a pink ribbon constitutes a form of filing.

When I raise the issue of GDPR, they get all acquiescent (it's law, innit, and that trumps common sense any day, yeah?). And then the fun starts.

I realise it's gonna be baby-steps, so I ask them to password protect documents as attachments with the simple to use acrobat encryption system. To that end, I ask them to choose a password.

They suggest their company name as a password.

I wonder if we can do better.

They suggest my name.

I take a deep breath and suggest we form a password from a common product name, sticking a number between the words and a capital letter somewhere. "Right, this is getting complicated now," comes the reply.

Having cajoled them into this course of action over the phone - let's say we used the password "rice4Crispies" -  I await their email.

Have you guessed what's coming next?

EMAIL : "Dear Mr Sledgehead, please find attached the document requested, encrypted with the password "rice4Crispies".

The saga continues, and I promise, it doesn't get any better, or for that matter any less ridiculous.

Share this post


Link to post
Share on other sites
5 hours ago, Sledgehead said:

So, I'm trying to get my solicitor to have a care for my privacy by requiring them to encrypt my medical records before sending them over email. The result is a comedy of repeated errors.

First they complain that they just don't usually do 'that sort of thing'. Hardly surprising for a group of people who think a pink ribbon constitutes a form of filing.

When I raise the issue of GDPR, they get all acquiescent (it's law, innit, and that trumps common sense any day, yeah?). And then the fun starts.

I realise it's gonna be baby-steps, so I ask them to password protect documents as attachments with the simple to use acrobat encryption system. To that end, I ask them to choose a password.

They suggest their company name as a password.

I wonder if we can do better.

They suggest my name.

I take a deep breath and suggest we form a password from a common product name, sticking a number between the words and a capital letter somewhere. "Right, this is getting complicated now," comes the reply.

Having cajoled them into this course of action over the phone - let's say we used the password "rice4Crispies" -  I await their email.

Have you guessed what's coming next?

EMAIL : "Dear Mr Sledgehead, please find attached the document requested, encrypted with the password "rice4Crispies".

The saga continues, and I promise, it doesn't get any better, or for that matter any less ridiculous.

videoblocks-a-person-places-post-it-pass

nearly as bad 😄

get them to winrar it up with a password and txt the password to you not via email. 

 

Share this post


Link to post
Share on other sites
7 minutes ago, longgone said:

videoblocks-a-person-places-post-it-pass

nearly as bad 😄

get them to winrar it up with a password and txt the password to you not via email. 

 

When they sent me an MS Word doc, encrypted natively, I told them to revert to acrobat or winrar, since I run Linux.

Instead they sent me an arsey email, telling me they'd tried the newly side-channel agreed 'Wheat3a4bix' and it worked just fine (missing the point entirely and invalidating yet another password).

Another phone call, another side-channel agreed password and another email later and my hopes are up.

Will I ever learn?

This time they'd winrared it with a password ... and attached the plaintext doc as well.

So my records sit in plaintext on every server from here to them.  And to add insult to injury, given the size of files, a cryptanalytical tool could take those two and drop the password out the bottom to boot, ready to decrypt any further messages.

Why even f**king bother with these supposedly intelligent people?

Share this post


Link to post
Share on other sites
34 minutes ago, Sledgehead said:

When they sent me an MS Word doc, encrypted natively, I told them to revert to acrobat or winrar, since I run Linux.

Instead they sent me an arsey email, telling me they'd tried the newly side-channel agreed 'Wheat3a4bix' and it worked just fine (missing the point entirely and invalidating yet another password).

Another phone call, another side-channel agreed password and another email later and my hopes are up.

Will I ever learn?

This time they'd winrared it with a password ... and attached the plaintext doc as well.

So my records sit in plaintext on every server from here to them.  And to add insult to injury, given the size of files, a cryptanalytical tool could take those two and drop the password out the bottom to boot, ready to decrypt any further messages.

Why even f**king bother with these supposedly intelligent people?

probably because they know its not "their" problem. 

i spoke to a solicitor once about adverse possession after reading about the limitations act of 2003 and the process and pitfalls with the crown estate i ended up advising the so called expects on the subject. 

They are as good as the page that they have got to in the law books and the very good ones can remember what was on all the pages. 

Share this post


Link to post
Share on other sites
15 hours ago, longgone said:

probably because they know its not "their" problem. 

 

On the contrary, under GDPR:

Quote

"In order to maintain security and to prevent processing in infringement of this Regulation, the controller or processor should evaluate the risks inherent in the processing and implement measures to mitigate those risks, such as encryption" (GDPR Recital 83)

Moreover, medical records constitute not just personal data, but sensitive data. Email is widely understood to be necessarily insecure. Furthermore, ignorance of the law is no defense under the law. This means they are being negligent, so not only are they breaching GDPR, they stand to be liable for any loss I might insecure as a result of their negligence, and for personal injury lawyers, it doesn't get more damaging than that.

On top of all this, they could, if they knew what business they were in, look to make serious money from bringing cases against malfeasors.

But as you point out, they haven't read that page yet, cos nobody has written it yet, and what's more, it won't be a lawyer who writes it, but rather a client of theirs. That's why case law bears the plaintiff / defendant names, rather than the law firms or LJs involved.

Share this post


Link to post
Share on other sites
41 minutes ago, Sledgehead said:

On the contrary, under GDPR:

Moreover, medical records constitute not just personal data, but sensitive data. Email is widely understood to be necessarily insecure. Furthermore, ignorance of the law is no defense under the law. This means they are being negligent, so not only are they breaching GDPR, they stand to be liable for any loss I might insecure as a result of their negligence, and for personal injury lawyers, it doesn't get more damaging than that.

On top of all this, they could, if they knew what business they were in, look to make serious money from bringing cases against malfeasors.

But as you point out, they haven't read that page yet, cos nobody has written it yet, and what's more, it won't be a lawyer who writes it, but rather a client of theirs. That's why case law bears the plaintiff / defendant names, rather than the law firms or LJs involved.

i guess you would need to ask the hacker though where he got it from ? the solicitors mail server/local data or your machine that had been hacked and he got it from there. 

 

Share this post


Link to post
Share on other sites
1 hour ago, longgone said:

i guess you would need to ask the hacker though where he got it from ? the solicitors mail server/local data or your machine that had been hacked and he got it from there. 

 

I take your point.

I wonder whether there is a case - in all kinds of fields - for decriminalizing certain 'crimes'.

Maybe we'd get better security if hacking was not a crime but playing fast and loose with peoples' data was?

Maybe institute The Annual Tech Purge.

Sounds extreme, sure, but we have a prime example: aerospace and defense. Despite war crimes conventions etc, most people know that in war, might is right: there is effectively no law against an America that wants to prosecute war, no matter where it wants to do it. War has essentially be decriminalized - if it ever was a crime, a notion encapsulated in the phrase "everything is fair in love and war."

And what do we see in the arena of war? Amazing technology.

Now consider burglary. Most houses can be easily broken into. The reason? Burglary is a crime (plus we have insurance).

Laws make for sloppy tech. GDPR at least attempts to put some responsibility where it might make a difference. But as you say, will anyone ever be successfully prosecuted?

Perhaps we have to wait for quantum computing. Then we could in theory fingerprint our data, just like handwriting used to 'fingerprint' our communications. Then if any of that data pops up, we simply compare it to the original, and hey presto, we know who we sent it to: they get prosecuted for weak security. How does that sound?

Share this post


Link to post
Share on other sites
1 hour ago, Sledgehead said:

Perhaps we have to wait for quantum computing. Then we could in theory fingerprint our data, just like handwriting used to 'fingerprint' our communications. Then if any of that data pops up, we simply compare it to the original, and hey presto, we know who we sent it to: they get prosecuted for weak security. How does that sound?

How would that work? Say it's my name and date of birth. No matter the computer someone could always see it and write it down. You may eventually discover it's out there but that doesn't tell you where it came from because it hasn't been preserved in its original form.

Share this post


Link to post
Share on other sites
45 minutes ago, Riedquat said:

How would that work? Say it's my name and date of birth. No matter the computer someone could always see it and write it down. You may eventually discover it's out there but that doesn't tell you where it came from because it hasn't been preserved in its original form.

plus much of the personal data held on us is input by third parties, who only stand to lose by fingerprinting their own submissions: we're fooked, well and truly, forever. 😟

Share this post


Link to post
Share on other sites
2 hours ago, Sledgehead said:

I take your point.

I wonder whether there is a case - in all kinds of fields - for decriminalizing certain 'crimes'.

Maybe we'd get better security if hacking was not a crime but playing fast and loose with peoples' data was?

Maybe institute The Annual Tech Purge.

Sounds extreme, sure, but we have a prime example: aerospace and defense. Despite war crimes conventions etc, most people know that in war, might is right: there is effectively no law against an America that wants to prosecute war, no matter where it wants to do it. War has essentially be decriminalized - if it ever was a crime, a notion encapsulated in the phrase "everything is fair in love and war."

And what do we see in the arena of war? Amazing technology.

Now consider burglary. Most houses can be easily broken into. The reason? Burglary is a crime (plus we have insurance).

Laws make for sloppy tech. GDPR at least attempts to put some responsibility where it might make a difference. But as you say, will anyone ever be successfully prosecuted?

Perhaps we have to wait for quantum computing. Then we could in theory fingerprint our data, just like handwriting used to 'fingerprint' our communications. Then if any of that data pops up, we simply compare it to the original, and hey presto, we know who we sent it to: they get prosecuted for weak security. How does that sound?

Why should war be any different to the latest iphone media pump. There is plenty of money around to make killing more efficient buying the latest kit. After all it`s there to protect it`s native owners citizens that can do no wrong.

as said your data is only important to you in the long term you are the only victim should it end up in the wrong hands. There is no full proof security there are always back doors regardless of technology quantum octo and upwards. 😉

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

  • 301 Brexit, House prices and Summer 2020

    1. 1. Including the effects Brexit, where do you think average UK house prices will be relative to now in June 2020?


      • down 5% +
      • down 2.5%
      • Even
      • up 2.5%
      • up 5%



×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.