Security in leading document management and litigation support systems under the microscope -- the results may shock you!

In this issue of "Just The Facts" we examine security in leading litigation support and document management systems. Computer security is esoteric and very few truly understand all the intricacies sufficiently; consequently, we all too often take it for granted -- especially when the system that we're looking at is from a first tier developer or "market leader".

You shouldn't need to understand all the intricacies, just as you don't need to know how the locks in your house work. However, as with anything, the more you know, the better judgements you can make. So, we're going to focus on just what you need to understand to assess the security behind leading litigation support and document management systems.

If security and confidentiality is important to you, we think you'll be quite shocked at what you'll discover and urge you to read the entire article.

Here's what we'll cover:

• What do we mean by "security"?
• Security in leading litigation support and document management systems:
  Worldox, Concordance and its FYI Server, Summation and CaseMap
• In plain English, what does all this mean?
• MasterFile -- Easy to use, robust and built for business
• Further Information

What do we mean by "security"?

In the "real world", we can physically see and understand security levels intuitively. For example, the lock on the front door of your house is designed to thwart the opportunist, but will not stop the amateur thief. Similarly a safe will stop the amateur but not a professional. And, if you need more security, you'll use a bank's safety deposit vault.

However, in the "cyber world" there's nothing to physically see so it's difficult to appreciate your exposures. And, unlike like physical files which you'll know are missing, computer information rarely goes "missing" -- it's usually just silently copied so you're not alerted, and you may never know it's been taken.
 

What are we trying to protect and from whom?

What you are trying to protect is your information (client information, strategy, internal documents, potentially incriminating evidence, etc.) and, in general, you are trying to keep it away from the opposing side. Whether they'll be happy to take something sent their way by mistake, or just take advantage of an opportunity should it present itself, or actively try and obtain your information, will depend on the stakes.

The fundamental fact to understand about computer security is that the moment there is access to information, it's at risk, not just from theft, but also from mistakes such as simply e-mailing a critical document to the wrong person. Therefore, the most important security measure you can take is to limit the points of access so only limited potential exposures remain.

Keeping in mind that access creates risk, it becomes obvious that although the opposing side will usually be the party interested in your information, they will not necessarily be the party you must be concerned about from a security point of view. Those on the outside generally won't have easy access to your network unless your corporate network is connected to the Internet without proper safeguards.
 

Where is the information stored, how can it be accessed and by whom?

Depending on the system, for each of your case files, both litigation support and document management systems typically store:

• document information in some sort of database,
• the documents themselves or other similar "bulky data", and
• system configuration details, such as the security information itself.

Products such as CaseMap^®, Summation^®, Concordance^® and Worldox^® keep all this information in files stored on network file servers -- like the ones your organization currently uses for storing your documents and sharing your printers, and probably the very same ones.

Without considering viruses or other malicious software which exploit security holes, there are two primary security measures used to protect information on file servers -- logon security, which determines who can use the file server, and file/directory security, which determines which files users can access on the server.

So, to keep your information secure, you need to have your technical staff ensure only authorized people can access the server -- which is usually everyone in the organization. And they need to limit which directories each user, or group of users can access -- which is an administrative nightmare so it's rarely done, except very broadly.

Security in leading litigation support and document management systems:
Worldox 2002, Concordance, FYI Server, Summation and CaseMap

Now lets consider the following leading systems:

• Worldox, who describe themselves as "an innovative leader in the Document Management Systems" and their Worldox 2002 product as "increasingly becoming the DMS of choice among law firms and legal departments".
• LexisNexis^®, who describe themselves as "a world leader in litigation support software" and state "Concordance and Opticon^® set the industry standard for litigation database management and image management software".

They describe their FYI Server^™ as "a software product that provides secure, remote access to Concordance databases and Opticon imagebases via the internet".

• Summation, who describe themselves as "publisher of America's leading litigation support software" and their Summation LG/iBlaze^® products as "America's #1 litigation support software".
• CaseSoft, who describe themselves as a developer of software "that assists attorneys and investigators develop case strategy" and their CaseMap product as "used by tens of thousands of professionals around the world".

Note: CaseMap does not store any documents, it links to documents scattered all over your network or in products like Summation or Concordance so is dependant on these products for document security. However, CaseMap stores critical case knowledge that needs to be kept secure.

In their documentation they explain, or specifically state:
(To understand what all this means in plain English, click here.)

• Worldox' 2002 ¹ "Configuration & Administration Guide", pages 180-181 states:
  (Worldox GX ² -- See note 2 below regarding Worldox GX's new Active Directory based security).
   
• The main point of of document management security is to control who can see what documents.
• Worldox should not be considered a "security product" yet is "highly secure".
• Document security at the network level is not enforced -- this is planned for "future release".
   
• Concordance's v8 help system states:
   
• Concordance only has menu and field access security. Field level security only limits user access to a specific field in every document -- it does not let you control access to individual documents.
• Concordance does not provide document level security and its security does not stop individuals from accessing the database directly using the operating system.
   
• Dataflight's FYI Server for Concordance ³ product web page and server installation FAQ web page stated:
   
• FYI Server is a client/server solution to provide remote access to Concordance databases.
• FYI Server builds upon existing Concordance security and provides "state-of-the-art" Internet security such as communication encryption -- i.e. document security is unchanged with the FYI Server.
   
• Summation's iBlaze 2.5 application help system states:
   
• Summation has two primary directory trees -- a program directory and a case directory (the "Master Case Directory") where case folders are created.
• All users must have full access rights to the Master Case Directory, including the ability to create new directories if they are allowed to create new cases or modify existing case information.
   
• CaseMap's 5.0 ⁴ application help system states:
   
• You can create CaseMap databases anywhere on your network and link it to documents anywhere on your network -- network level security by user is not enforced.
• There are two levels of security -- author and scribe. Authors are able to do anything. Scribes are able to do anything on behalf of an Author.

Notes to the above

1. Worldox 2002
The Worldox 2002 documentation further states "judicious" Worldox configuration together with a "co-ordinated" network security policy is one main approach to securing documents.

In other words, working with network specialists, by extra configuration of Worldox 2002 and by splitting documents into various subdirectories, a very limited pre-set, static security protocol can be set for some documents and some users with specific rights. And further, provided that:

• the affected users remember this security option is available,
• they remember how to use it,
• within the set of documents no individual security changes are needed, and
• only a very limited number of such document sets exist as otherwise the method rapidly becomes unmanageable.

Which is why Worldox states, network level security is planned for a "future release."

Other than set out above, all Worldox 2002 users have full access to all documents.

2. Worldox GX:
Worldox GX now implements file-level security provided Active Directory is installed. However, as stated by Microsoft themselves (PC Magazine, 2 February, 2004), organizations have not even upgraded their Exchange 5.5 e-mail systems partly because of the difficulty of migrating to Active Directory. Instead, as PC Magazine states, organizations are actually looking to replace Exchange.

"Microsoft says that half of Exchange Server 5.5 sites have never upgraded to Exchange Server 2000, in part because of the difficulty in migrating [to] Active Directory. Although Exchange Server 2003 improves the upgrade picture, moving directly from 5.5 to 2003 isn't an option unless you upgrade to Exchange 2000 as an interim step.

"Although the advantages of unified corporate directory structure are clear (especially for larger organizations), administrative overhead is involved in setting up and maintaining one.

"IT managers are facing the choice of whether to upgrade from the popular Microsoft Exchange Server 5.5 -- not a trivial undertaking — or to look elsewhere."

-- Email Servers, PC Magazine, 2 February 2004 [emphasis added]

3. LexisNexis' FYI Server for Concordance
The intent of the FYI Server is to allow mobile users have secure access to Concordance databases over the Internet. Therefore, it includes technology to protect it against Internet hackers trying to get direct access to documents and data stored on the FYI Server. However, once the hacker is through your network's primary security firewall, and is able to roam your network, the FYI Server's "double firewall" is irrelevant. Why? Because unless you purchase an FYI license for every internal Concordance user and not just for mobile users, internal Concordance users will access the databases stored on the physical FYI Server using basic network file shares and similarly for other databases not stored on the FYI Server. So, the hacker can breach the FYI servers and reach your data by simply breaching NT/Windows 2000/XP network share security using the same method viruses use to spread across networks.

Above information regarding FYI Server was obtained from FYI 1.0 documents posted on Dataflight's website in August 2004. From information we have since obtained from LexisNexis, we do not believe this situation has changed in FYI 3.0.

4. LexisNexis' CaseMap 8
Although the CaseMap 8 help system no longer discusses using CaseMap on a network, CaseMap 8 has the same security system used in CaseMap 5.

In plain English, what does all this mean?

What these products essentially say, in different words, is that:

• their "security" systems only are in effect while you use the software,
• their systems all provide access to the data using network file shares, and
• for any given case database (or for all cases as far as Summation and Worldox 2002 are concerned), each user of that case has, or must have, full access, at the network file server level, to the database and all work product or evidentiary document files for that case.

In other words, in English:

Individual documents can not be kept private. This means for any given case database (or for all case databases as far as Summation and Worldox 2002 are concerned), any user of that case can read, copy or delete any document and they can do so by simply using Windows' File Explorer!

As we explained above, the first and foremost consideration for a secure system is to limit the points of access. If this how these systems "limit" access to your documents is OK for you, then you don't have to worry; otherwise, if client confidentiality is important to you, because every litigation has sensitive documents or notes that you will need to limit access to, the implications should scare you.

For example:

• You can not selectively keep sensitive documents private or confidential perhaps to yourself or a few members of your team. Or perhaps you need to keep them hidden from outside experts sharing your database, for example.
• Confidential reports, documents, etc. are normally kept in locked file cabinets with limited access, but once they have been scanned and stored in these systems, they are available for everybody to access.
• Confidential documents can be copied or e-mailed out of your organization by users who should not have access to them.
• With Summation, a user of any one of your litigation databases automatically has access to all the others and everything in them.
• Worldox 2002 security is no better, and perhaps worse, than in organizations which do not use Worldox 2002 but have manually set up, as far as is practically possible with a manual system, network directory security on their file servers to limit who can see what work product.
• Malicious software such as Trojan horses or viruses which hijack users' file-server network connections, scouring the servers for documents, have free reign over all the documents in a given case database (or all case databases as far as Summation is concerned). This gives them the ability to potentially e-mail documents out of your organization, and what's worse, without anybody even knowing until it's too late.
• None of these systems encrypt your documents.
• Etc.

In addition, another issue we haven't addressed is mobile users storing documents and data from the server on their notebooks using these systems' mobile clients.

We think you get the picture.

MasterFile -- Powered by Lotus Notes security: Robust and built for business

Domino is a quiet workhorse with over 145,000,000 e-mail users and comparable market share to Microsoft, but rarely gets adverse publicity, unlike regular press alerts about security breaches in other e-mail systems

Robust security using private/public keys was a design specification for Notes' database architecture from the beginning. It was not an afterthought and is matched by few, if any, other database products. In fact, Notes was one of the first commercial products to incorporate this technology.

MasterFile's security is built on Notes/Domino security. The same technology that keeps 145,000,000 e-mail users secure. And the same technology used for the US Navy's global classified network connecting every Navy ship in the world:

"... the U.S. Navy implemented a collaborative solution, named "Collaboration at Sea", using Domino and Sametime [a Lotus Domino product] ... The solution has created a global, classified, Sametime network using the fleet's satellite communications network so that anyone on any US Navy ship at sea anywhere in the world can be aware of anyone on line on any other ship at sea anywhere in the world. ... The Collaboration at Sea solution is the only successful collaborative solution in the challenging satellite environment of intermittent and narrow bandwidth. ... The IBM/Navy developed Collaboration at Sea solution has proven itself as robust, flexible, and secure in the most challenging network environment for the mission critical command and control of US and coalition maritime forces ..."

-- "Collaboration at Sea: Fleet Command and control efficiency", Lotus case study [emphasis added]

Notes security technology works and is easy to use. It works exactly the way you expect and delivers exactly what you need -- no ands, ifs or buts. It's that simple. Especially important if you're considering using virtual paralegals for clerical or other activities.

Here's how security works in MasterFile

1. The whole purpose of security in a document system is to ensure confidential documents remain confidential.
    
   As mentioned, every litigation has sensitive documents or notes that you will need to limit access to for one reason or another. For example:
• ensuring access to all documents is limited to your team, or
• further limiting access to a few sensitive documents to selected members of your team, or
• granting access to a selected set of documents for external or temporary team members, such as outside counsel or expert witnesses, to review.

Only document level security lets you to handle situations like these and MasterFile's easy to use Global Maintenance Tools and groups gives you the flexibility to set access to documents quickly by yourself, as you see fit and whenever needed, without continuous requests to IT staff:
 

Furthermore, with MasterFile, notes and commentary that you want to keep private can be entered and secured as an extract of the document they are relevant to, on a document by document or extract by extract basis. Several users can extract the same information, enter their own notes and keep them private to themselves (or some members of their team).

MasterFile does not use "field level" security so you do not need to modify the entire database design to create special, limited access "user" or "expert witness" fields, for example, in every document profile for each user just so they can make their own private notes for a few documents. "Field level" security also produces other problems. For example, if you want to share some of your notes for some documents with some team members or share different notes with different team members -- you can't.

Fundamentally, the problem with "field level" security is that it is not a security system that allows you to decide who can see what based on information content. Instead, it is a technical solution for a database administrators to give users wholesale access to portions across the entire database irrespective of the contents of those portions. In other words, although field level security sounds "granular", it only allows you to limit who can see what field across the entire document set. It does not allow granularity for you to limit who can see what information, on a document by document basis, within the document set.

Furthermore, field level security is of little practical value -- rarely do you need to restrict access to information such as a document's type or its summary description, author, recipient, date, etc.

In addition, security and check out facilities are available for extracts and facts, not just documents, to allow a member of the team to lock an item for extended use, such as drafting argument.

 

2. MasterFile does not use network file servers or file shares to provide access to data or documents. And MasterFile does not depend on network logon or file server file and directory access security to protect documents.
   
   Instead, MasterFile uses Notes/Domino servers. The only way to access shared data is with the Notes client. The whole idea of being able to use Windows' File Explorer or similar methods (such as simply browsing the network to find a file to open) to examine file shares does not exist.
   
   This fundamental difference in MasterFile security immediately limits access to data to one method only: via the Lotus Notes client, eliminating the problems with network file shares, including most, if not all, exposures in shared offices, viruses, etc. Remember, the most important security measure you can take is to limit the points of access.
    
3. You gain access to a MasterFile database stored on a Notes/Domino server through private/public key authentication -- not just a simple password. Hackers need to have a trusted certificate to gain access to a Notes server -- the same type of technology used to make on-line banking secure.
   
   Consider this: As mentioned above, there are more Notes e-mail users than Microsoft, yet when was the last time you heard about a Lotus Notes e-mail security breach?

"Today, Lotus has the largest installed customer base of Public Key Infrastructure (PKI) users in the world"
-- Lotus document

"Exchange [2003] can also now support RPC over HTTPS, meaning your users can work securely from a remote location without needing a cumbersome VPN, though we found configuration dauntingly complex."
-- Email Servers, PC Magazine, 2 February 2004 [emphasis added]
 
 

4. Private/public key authentication is the same technology that allows Lotus Notes to be secured for Internet communications without special servers such as Concordance's FYI server, Summation's WebBlaze^® server or Worldox/Web all of which add support and maintenance costs, not to mention complexity and additional systems to secure.
    
5. Once a user has been authenticated for access, they are only allowed access to the MasterFile case files to which they are granted access -- either by being specifically named or as part of a group with access. So it's simple and straight forward to create ethical walls that can't be breached accidentally.
    
6. Unlike all the other products discussed above, MasterFile stores all information related to one case inside one Notes database file. That's right everything -- database data, evidentiary documents, work product, work in progress, court room visuals, your notes and commentary, facts, argument, strategy, etc.. It's the same robust technology used by over 145,000,000 e-mail and other mission critical Notes databases.
   
   In MasterFile, documents, data, security details, etc. are not scattered across thousands of files in dozens of directories across your network, that you have to keep track of, secure, back-up, etc.
    
7. MasterFile databases on your notebook, or Domino servers, can also be encrypted using the private/public keys, thereby keeping your documents, notes, argument and strategy, etc., secure even if your notebook is stolen because everything is inside the encrypted database -- not  in file folders scattered across your notebook. The encryption is automatic and transparent and you simply continue to work normally.
   
   
    
8. When you have to share documents with your colleagues, or others with access to the server or replicas of the databases, with MasterFile you don't extract them and attach them to your e-mails. Instead, with one click, you e-mail doc-link files, as shown below, and the recipient accesses the document through the doc-link by simply opening it as they would any other file attachment. This allows MasterFile to enforce security over e-mail.
   
   
   An added benefit is that the small doc-link files don't clog your e-mail system with bulky file attachments (imagine sending a 300 page report to 10 people who forward it on again).
    
9. Since MasterFile manages evidentiary documents, work product and work in progress you get all these benefits for all your documents and don't need to learn and support the security intricacies and nuances of several systems -- wondering what to do when you find out one is less secure than another, etc. Less to learn. Less to support.
    

With MasterFile, confidential documents stay confidential -- even on notebook computers or in shared offices -- because all users don't have full access to everything. Instead, you give users access to information on a need to know basis.

We focus on the technology so you can focus on your cases.

Further information

• Managing litigation and work-product (work in progress) documents:
  Are two systems really needed just to manage your documents?
• Regular mail and new paper documents -- why conventional litigation support and document management systems are unsatisfactory.
• Mobile and remote users -- the truth about how "leading" litigation and document management systems really support them.
• Why does MasterFile use Lotus Notes and not SQL or Microsoft Exchange?

All statements, technical information, and recommendations in this document and in any guides or related documents are believed reliable, but the accuracy and completeness thereof are not guaranteed or warranted, and they are not intended to be, nor should they be understood to be, representations or warranties concerning the products described. MasterFile publications may include technical inaccuracies or typographical errors. THIS DOCUMENT IS INTENDED FOR USE AS A GUIDELINE ONLY. THIS PUBLICATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. MasterFile reserves the right to make changes to the information described in this document at any time without notice and without obligation to notify any person of such changes. Please refer to our legal page for further information.

E. & O. E.

MasterFile Home | Compare MasterFile to CaseMap, Summation, Concordance or Worldox | Contact Us | Site map