Security challenge for on-line legal services

Tim Hill discusses the technical problems and opportunities facing solicitors

The government nearly achieved its goal, set in 1998, of 'making the UK the world's best place to trade electronically by 2002'.

An international benchmarking study found the UK had the second best environment for e-commerce (behind the US) among nine leading industrial nations.

In March 2000, Tony Blair set his government a new challenge.

To make the UK the world's leading Internet economy, he brought forward the target for getting all government services on-line by three years to 2005.

This may have a sharper impact on practitioners than the more diffuse - if inexorable - growth in e-commerce.

E-conveyancing, which will start to make an impact this spring, along with ambitious plans for integrated criminal justice computer systems, revamping of court service systems and a myriad of other on-line initiatives, will mean unprecedented opportunities and challenges for practitioners.

The profession is in a mixed state of readiness.

A recent survey of 600 firms for the Law Society found that although 42% had a Web site, only 20% were interactive; a further 20% planned to launch a site in 2003, but the rest had no plans at all.

Yet the current demand for electronic services appears to be strong - only 20% had never received a request for them.

Three-quarters had received requests for e-mail from private and business clients.

Future demand can only grow.

Or can it?

Robust security is a pre-requisite for electronic transactions of any sophistication or real business value, and concern about Internet security is cited by many consumers and businesses as a major barrier to the use or development of on-line services.

It is certainly a pre-requisite for transactional e-government services.

If lawyers are to be allowed access to secure government systems through the Internet, then they will have to meet the security requirements set by government departments.

There may be some scope for the Law Society and solicitors to influence what these are - there is already a dialogue - but demanding security requirements are inevitable given the inherently insecure nature of the Internet.

Fortunately, cryptography - encoding information so that it can only be read by an authorised person - has provided a basis for making the Internet secure.

By using a complex cryptographic formula, or algorithm, to encrypt information, the sender of a message can ensure that only someone holding the key to that algorithm can decrypt it.

This ensures the confidentiality of the message.

A similar technique allows the receiver to check that the message has not been changed.

Public key cryptography exploits the unusual mathematical properties of particular algorithms to allow certain keys to be made public and from this starting point, complex patterns of trust relationships and assurance can be developed.

Perhaps the most sophisticated involve the management of public key infrastructures using digital certificates to link identities with cryptographic keys.

The Law Society has recognised that e-commerce and e-government represent major opportunities for both it and the profession.

Given that effective security mechanisms will be needed, Chancery Lane is determined to give a strategic lead.

As an initial step, the Society has commissioned Trustis, a consultancy that specialises in e-business security, to study on-line security technologies.

The study will consider - but not be limited to - e-commerce security solutions involving public key cryptography and infrastructures.

The aim is to identify what action the Society should take to develop its own services and support the profession in the transition to on-line services.

An initial report will be completed by Easter.

Input from the profession is critical.

Trustis has organised a number of half-day 'business discovery' workshops around the country.

These workshops are structured, non-technical, discussions seeking to identify the security issues of real concern to practitioners.

They involve discussion of firms' existing and planned use of technology, the strategic and policy issues associated with secure e-commerce and - to move from the abstract to the concrete - a detailed exploration of secure e-mail.

What is clear is that the Law Society and the profession need to work together to respond strategically to the security challenge, as well as the business opportunity it represents.

Tim Hill is e-commerce policy adviser at the Law Society.

E-mail: timothy.hill@lawsociety.org.uk