Posts tagged ‘security’

New Massachusetts Data Security/Privacy Regulations and Small & Mid-Size Law Firms

What the New Massachusetts Data Security Regulations Really Mean for Small and Mid-Size Law Firms

You may have heard of the new regulations released by the Massachusetts Office of Consumer Affairs and Business Regulation – specifically, 201 CMR 17.00: Standards for the Protection of Personal Information of Residents of the Commonwealth (PDF link).

These regulations apply to anyone who owns or licenses certain information (so-called “personal” information) about a Massachusetts resident, but for the purposes of this discussion, we’re going to limit ourselves to how these regulations apply to law firms.

Many law firms, and especially smaller firms, don’t have an in-house IT person or technical staff, which leaves the attorney or office manager to grapple with the issues raised by these regulations – issues which in many cases go well beyond their areas of expertise. The goal of this article is to help people understand how these regulations apply to them in plain English.

Note: While we hope you find this article helpful, this isn’t meant to be a definitive guide as to what you should do to make sure your firm complies with these new regulations. This is just general advice and tips.

First, some definitions – the regulations themselves contain a far more extensive “definitions” section (see section 17.02 of the actual regulations) – so we’ll just cover the basics here.

What exactly is “personal” information? The regulations define what constitutes “personal” information – specifically, information that is personal is: A person’s first & last name (or first initial & last name) in combination with any one (or more) of the following:

  • Social Security number
  • Driver’s License Number (or other state-issued ID number)
  • Financial account number(s) (checking/savings account number, etc.)
  • Credit card number(s)

What exactly am I required to do? In general, you have to take steps which are appropriate to the size, scope, and nature of your business to protect “personal” information from unauthorized use. More or less, this means coming up with a (written) plan to make sure that the personal information you have is kept safe, keeping that plan up-to-date and making sure everyone in your firm is educated about the plan.

Section 17.04 of the regulations spells out what you have to do as far as computer security is concerned. This section is broken down into a number of topics relevant to computer security.

Secure User Authentication: This is a very technical way of saying “user names and passwords.” We’ve posted a link to an article from Microsoft on choosing strong, secure passwords before, but in general, the longer your password is, the more secure it will be. For most people, the password you need to worry about the most is the password you use to log on to your computer (that is, log on to Windows). Fortunately, Windows allows you to use very long passwords – you can even use spaces and upper & lower case letters – so you can pick very long, but easy (for you) to remember passwords. You can use entire sentences, complete with punctuation, if you want.

For example, the password (or “pass-phrase” as it’s sometimes called when it’s this long) “I grew up on my uncle’s farm in Sudbury, Massachusetts” is very long (54 characters) – which makes it very strong. (A 54 character password, using just the letters, numbers, and punctuation marks on your keyboard, has something on the order of  2.564 x 1091 possible permutations!) The benefit of a long pass-phrase like this is that its length gives it strength (it’s hard for someone else to “guess”), but the fact that it’s a plain English sentence makes it easy for you (the user) to remember. After all, a good password does you no good if you can’t remember it!

Another useful tip is that most computer systems have a limit on the number of times you can try to log on while getting the password wrong (3 or 5 are the usual number of tries you’re allowed). After you’ve tried to log on a few times, but gotten it wrong, you might be locked out – or you might have to wait a period of time before you can try again. This helps prevent people from just guessing passwords as fast as they can (usually automatically using another computer).

However, the built-in “Administrator” account in Microsoft Windows (and in other operating systems too, like Mac OS X and Linux) usually has no limit on the number of times the password can be guessed (after all, you need at least 1 account that you can’t be locked out of, so that you can log on and unlock the people who guessed wrong). It is very important to set a very strong password for the “Administrator” account. If your “Administrator” account doesn’t have a good password, then all of your other good passwords are useless, since by definition the “Administrator” account has access to everything on your computer.

Secure Access Control Measures: In general, this means that people only have access to the files & data that they actually need to get their job done. Your bookkeeper, for example, doesn’t need access to your client’s financial statements – that’s not part of his or her job. Likewise, your receptionist doesn’t need access to your firm’s financial records (unless your receptionist is also your bookkeeper of course!).

All versions of Windows since Windows 2000 provide easy ways for you to set “permissions” on files, so that you can give access to files to some users, but not to others. However, these “permissions” depend on the user who is logged onto the computer – so if you have two or more people “sharing” a computer, make sure that you have a separate user name for each of them. Otherwise, from the computer’s point of view, they are all the same person and have access to the same files.

Secure access control also means disabling or deleting user accounts for people once they no longer work for you anymore – this is something that many people forget to do, and the result is that the ex-employee now has a “back door” into your files. Even if he never intentionally uses it, the account is still around, and he may re-use his password somewhere else, and it may get stolen, and now whoever stole the password has access to your files!

Encryption of personal information sent over public networks (e.g., the Internet): For most people, this refers to email – but it can also refer to websites where you upload files or enter and save information.

Encryption is a complicated topic in itself – but you can think of it as “locking” something in a box or safe, so that no one else can open it up. In respect to email, encryption means that you lock the email before sending it, and the recipient also has to have his own copy of the “key” so that when he receives it, he can unlock the email.

The difficulty here is of course that the recipient must already have the key to unlock the email in the first place. It’s sort of a catch-22 situation – no matter what you do, you need the recipient to somehow already have the “key” before you can send encrypted email. There is no easy answer to this – other than not to send “personal” information via email in the first place. There are many different third party services which offer ways to send encrypted email – but all of them involve making the person to whom you’re sending the email have to do something “extra” to get your message. Whether this involves signing up for an account with the third party service or something else entirely, he will have to do something. (This is one of the main reasons that encrypted email – although it’s been possible for years and years – has never caught on.)

As far as email is concerned, it’s worth remembering that you only need to encrypt emails that contain “personal” information – and remember that “personal” information isn’t just someone’s name, it has to be a name and some form of ID number (SSN/License/credit card/etc.). So if you never send that sort of stuff by email, you’ll never have to encrypt your email.

If you only need to send personal information by email once in a while, you might be able to get by with one of the third party solutions for encrypted email – assuming that you let the recipient know in advance that he’s going to have to do something extra to get your file. Alternatively, you might turn to a secure website for transferring files – we’ve talked about this before here in our article on “Solving the problem of sending sensitive files by email.”

If you upload files that contain personal information to any website (or if you enter and save personal information into a website), chances are that the website already has encryption – just look for the little “lock” icon that appears in your browser when you visit that site. If the “lock” icon is there, then the connection is encrypted.

If you use a third party website which saves personal information, you also have to check with the provider of that website to make sure that the information you’re saving there is also adequately protected – basically, the people who run the website have to comply with the Massachusetts regulations just as you do.

Reasonable Monitoring: In general, this means exactly what it sounds like – take reasonable steps to monitor your computers and make sure that no unauthorized use has taken place. In other words, it means “be aware of your stuff.” Of course, what constitutes “reasonable” will depend greatly on the size and resources of your firm, but in general you’d want to have some sort of record or log of (for example) when someone tries unsuccessfully to log on several times (this might mean that someone’s trying to guess your password and log on).

Encryption of Personal Information on Laptops and other Portable Devices: This part of the regulations is required because laptops and other “portable” computers (netbooks, iPhones, Blackberries, etc.) are naturally more susceptible to being stolen, due to the fact that they are portable – you might forget your laptop somewhere, or it might be stolen, and so on. Because of this, you need to take extra precautions with the information on portable computers.

For example, if someone steals your laptop, even though you have a very good, strong password that prevents him from just logging on and reading your files, he can still just take your laptop’s hard drive out of the laptop and plug it into a different computer and read the files off of it. (The same thing goes for desktop computers as well, but since they are safe behind the locked doors of your office, it is less of a worry.)

To prevent someone from just reading the files off of your laptop’s hard drive, you need to “encrypt” the files – basically, locking them with a “key” which only you know. Fortunately, this is not very hard to do, although there are many different ways to go about doing it. We’ve talked about encrypting your client files here before, in our article on “Keeping your Client’s Data Safe.” If you use Windows, and you have a good, strong password, you can use the encryption that is built right into Windows itself (see our article for links on how to go about doing this).

The only files you absolutely have to encrypt (as far as these regulations are concerned) are the files that contain “personal” information. However, if you have lots of files in many different programs all over your computer, you may want to encrypt the entire hard drive (using “whole-disk” encryption). The top-end editions of recent Windows versions (e.g., Windows 7) have whole-disk encryption tools built-in, or you can use a third party solution.

As far as portable devices (iPhones, Blackberries, etc.) go, there may be encryption software available, or you may be able to use a PIN/password feature of the phone itself to “lock” the phone completely so that if it’s stolen, no one can use it (without erasing the phone’s memory, which of course also erases any personal information, thus keeping it safe from unauthorized use).

Up-to-date firewalls, anti-virus, anti-malware: This section of the regulations is just formalizing what you should already have – to use a computer that’s connected to the Internet these days without some sort of firewall or anti-virus is just asking for trouble. Fortunately, all of these options are very easy to take care of.

If you have an Internet connection to your office, chances are you have some sort of “router” into which you plug your computers and which then is connected to your actual Internet connection (DSL/Cable modem, etc.). Your DSL or Cable modem may even be a router itself – this depends on your Internet provider and the manufacturer of your DSL/Cable modem. Most modern routers also act as a firewall as well, keeping the computers in your office “invisible” from the outside Internet. Some even offer more advanced filtering options – you should check the manual that came with your router to be sure.

In addition to your router, chances are your computer itself has a “software” firewall built in – all versions of Windows (since Windows XP Service Pack 2) have a firewall built in. As long as you haven’t turned it off, it should be silently doing its job, keeping outsiders from connecting to your computer.

Anti-virus and anti-malware programs are likewise easy to come by, although you need to take care with selecting a reputable vendor, as some spyware/malware disguises itself as anti-spyware or anti-malware programs – so you think you’ve installed a program to protect you, when in fact it is not doing anything but infecting your computer!

There are many well-known names as far as anti-virus programs go – and most of them are available as a “suite” of products, that includes a firewall, anti-virus, and anti-malware. Some you must pay for (and these usually include extra options, for example the ability to administer remotely the settings for all the computers in your office), while others are free. Although we tend not to recommend any one product over another, Microsoft does have an anti-virus and anti-spyware program called Microsoft Security Essentials which is both free and very effective. There are of course other products, which you can easily find both online and at your local software/office supply store.

Education and Training: The final aspect of these regulations involves both education and training. Basically, all the security in the world won’t do any good if the people using the systems aren’t educated about how it works and what they need to do to keep it working. Keep yourself and your staff informed on what proper procedures are for handling personal information in your firm so that no mistakes are made. (For example, you might prohibit your staff from copying files with personal information onto USB flash drives to take home and work on – since their home computers and the USB flash drive itself are not subject to your control and might not be secure.)

In many security breaches, the problem is often not a technical one, but instead a case of “human error.” So keep your staff informed on how personal information must be treated and you will help greatly reduce the chances of unauthorized use of personal information.

Final Thoughts: Although the new Massachusetts data security regulations may appear to be somewhat complex or demanding at first glance, many of the things mandated by these regulations are actually things you are already doing (or should be doing). Although you do have to do some extra work to keep on top of your security policy (such as writing it down and keeping it up-to-date), most of the other things you are required to do are relatively easy to accomplish.

Remember, this guide is just a guide – although it is very easy to learn how to secure your computer systems using the information found here and elsewhere; if you’re not confident that you can do it, please seek the advice or help of a competent computer technician or IT person.

Icons courtesy of the Crystal Icon Set.

Solving the Problem of Sending Sensitive Files via Email

A common problem for law firms (and for businesses in general) that is getting increasingly more attention these days is how to share files and documents between people – such as between a lawyer and a client, or between members of a team that are not physically in the same office. (Such sharing is often described as collaboration.)

The classic approach to this – and the one most people probably think of first – is to simply email the files to whomever needs them, have them edit the files, and then email them back. This method is relatively easy and popular because most people already know how to use email.

Sharing FilesHowever, increasing privacy and data protection laws, as well as the increased risk of identity fraud (a.k.a. “identity theft”) have made many people re-think the classic approach of emailing files around.

This is because there are lots of downsides to using email to share files:

  • Sending a large number of files is cumbersome
  • Different email providers all have different limits on the maximum size of attached files
  • Email has no “security” built in – because emails are sent “in the clear” they can potentially be intercepted and read, or even modified
  • Sharing files with multiple people for collaboration (shared editing) is basically impossible
  • Some people are trained to avoid opening attachments because of past experiences with viruses
  • Some email programs (notably Microsoft Outlook) just flat-out block certain types of attached files

Part of the problem is that sending files via email is simply not what email was originally meant for. Email was originally “text only” – the ability to “attach” files to email was not originally part of the email specification. In fact, attachments were sort of “grafted” on much later – circa 1996, in fact.

Fortunately, there are better options for sharing files instead of email – and they are just as easy to use. You just need to know about them.

There are several “file sharing” websites and services available these days – precisely because of the need to share files without sending them through email. We’ve picked out two that are a good match for law firms and other small businesses: Box.net and drop.io. [UPDATE: Unfortunately, drop.io has discontinued its service after being bought out. An alternative service is Dropbox.]

(Full disclosure: we are not affiliated with these companies in any way – we have picked these two based on the merits of the services they provide.)

box.netBoth of these websites offer the same basic service: upload your file (or files) to their server (protected with a password if you wish) and then get a link you can give to other people so that they can get the file. Basically, both of these websites are acting like digital “drop boxes.”

Both websites offer a “free” service that is limited in the number of files you can save, and both offer a paid service that gives you a lot of space to store files (useful if you’re sending big files – like videos or audio transcriptions – back & forth).  drop.io

Both of these services allow you to organize the files you upload, control what access people have to them (for example, you might want to give someone only the permission to download the file, but not to re-upload it back), and set “expiration dates” for the “drops” that you create. All of these options give you incredible control over how you end up sharing files and documents with your clients and with other firms.

These services are managed via the web, so you can upload files from wherever you are. And because they are both web-based, you don’t have to worry about whether the person with whom you are trying to share files has a PC, a Mac, or whatever. If they can get on to the Internet, they can get the files.

The best parts of these services, though, are that they provide you with a simple, secure, safe, and controlled way to share documents, forms, and other files with your clients or other law firms – without exposing yourself to the potential problems that come with sending things via email. And you can do all this very easily from a web site, without needing to have an IT person come in and set it up for you – which is a real bonus in these tough economic times.

If you send documents back & forth frequently via email – especially confidential or sensitive documents – you really should check out one of these type of services. They may just end up saving you from a lot of trouble later on down the road.

Icon courtesy of the Crystal Icon Set. Box.net and drop.io logos are trademarks of their respective companies.

Keeping Your Clients’ Data Safe

We all know that it’s important to protect sensitive information, but with so much information these days stored in our computers (in files, databases, emails, etc.), it can be hard to know how to protect these digital files adequately. In this article, we’re going to talk about easy steps you can take to protect sensitive client information – client’s names, Social Security or Tax ID numbers, etc. – and the documents that may contain such information.

With the increasingly worrisome trend of “identity theft” (which might be more accurately described as “identity fraud”), comes the need to take steps to reduce the risk of personal information being stolen and used fraudulently. Many states (including Massachusetts) have or are beginning to pass laws to address this issue – but ultimately, if you take and store this sort of information, the responsibility for protecting it is on you.

First off, it’s worth knowing what sort of personal information might be saved, and where on your computer it is saved:

  • TurboLaw Document Software stores client’s names, addresses, and in some cases, Social Security or Tax ID numbers. This information is stored both in TurboLaw’s database file and in any document or form you create that calls for that information.
  • TurboLaw Time and Billing, on the other hand, does not ask for any personal information beyond a client’s name and address.

So, what can you do to protect this information? There are many different ways you can protect information, but here are some of the simplest:

Using Microsoft Windows Encrypting File System

Microsoft Windows itself has something built-in that can help you. Windows (2000 or later) has a feature called the Encrypting File System. This feature allows you to “encrypt” files on your computer, so that if your computer is (for example) stolen, the person who stole it won’t be able to read the encrypted files.

This method is generally best for when you have a (relatively) small number of files you need to protect, and you know where those files are located on your computer.

Below are two articles which describe how to use this feature and some “best practices” for using it:

It is worth noting that this method of protecting your files is only as strong as the password you use on your computer – if you don’t use a password, or if you use a simple, short password, then your files will not be very secure. A full discussion of choosing a good password is beyond the scope of this article, but you can read some tips and suggestions in this article: Strong Passwords: How to create and use them.

Knowing this, and knowing that you can click the “View” menu in TurboLaw and choose “TurboLaw Status” to see where TurboLaw is currently saving your database and case documents, you can encrypt that folder (as well as any other folders on your computer where you store documents that might contain sensitive information) and know that your data is protected.

Using Microsoft BitLocker Drive Encryption

If you have Microsoft Windows Vista or Windows 7 (the “Ultimate” or “Enterprise” editions only), then you have another built-in option called BitLocker Drive Encryption.

This is what is known as “whole disk encryption,” and it’s a bit more complicated than just encrypting a few files using the Encrypting File System mentioned above. BitLocker Drive Encryption, as its name suggests, encrypts your entire hard drive, so that if your computer is stolen, the thief will be unable to read anything at all from your hard drive (as opposed to just not being able to read the specific files you encrypted).

This method is generally best for when you know you have sensitive data in many places in your computer (perhaps stored in many different programs), but you aren’t exactly sure where the data is specifically saved on your disk. By encrypting the entire hard drive, you make sure that any data is encrypted, no matter where on the hard drive it is actually located.

Because of the way BitLocker works, setting it up requires a little bit more work than the simpler Encrypting File System method. Although Microsoft has made BitLocker very easy to use (considering what it does), it is still probably best to consult with a qualified IT professional before going this route.

Other Solutions

There might be reasons why you wouldn’t want to use the solutions built-in to Microsoft Windows. Fortunately, other solutions are available (although they are a little bit more technical).

For example, you might use software such as TrueCrypt to encrypt an entire disk on your computer – much like what Microsoft BitLocker Drive Encryption allows you to do.

You could also use TrueCrypt to create a “virtual” disk which is also encrypted. You could then save all of your files to this encrypted disk, without having to worry about encrypting your program files and other non-sensitive files. Also, because the disk is “virtual,” you can copy the “virtual” drive to another computer if needed (for example, when you get a new computer), thus making transferring your data to a new computer easier.

Another option is to store your data on a USB flash drive which comes with encryption options (similar to TrueCrypt). There are a large number of these type of USB flash drives available today, with varying degrees of ease-of-use.

Final Thoughts

If you have an in-house IT department (or an arrangement with an IT provider or firm), we would generally recommend that you speak to them for advice on how to secure sensitive client data on your computers.

However, if you are a small firm or a solo practitioner, the tips provided above will help you be more proactive about protecting the sensitive information that is increasingly stored on your computer.

Technology & Law – Vol. III

“Technology & Law” is a semi-regular column posted by Keith M. Survell. It deals with the interaction of technology and security with the modern law office.

Today’s article was not written by me, but instead by Bruce Schneier, a highly-regarded authority in the world of computer security & technology.

Since “Identity Theft” (or just plain fraud) is the biggest crime on the Internet today, and since a law office typically stores quite a bit of personal information on its clients, this is something that all legal professionals should keep in mind.

You can read the entire original article by clicking here.

April 15, 2005
Mitigating Identity Theft

Identity theft is the new crime of the information age. A criminal collects enough personal data on someone to impersonate a victim to banks, credit card companies, and other financial institutions. Then he racks up debt in the person’s name, collects the cash, and disappears. The victim is left holding the bag. While some of the losses are absorbed by financial institutions — credit card companies in particular — the credit-rating damage is borne by the victim. It can take years for the victim to clear his name.

Unfortunately, the solutions being proposed in Congress won’t help. To see why, we need to start with the basics. The very term “identity theft” is an oxymoron. Identity is not a possession that can be acquired or lost; it’s not a thing at all. Someone’s identity is the one thing about a person that cannot be stolen.

The real crime here is fraud; more specifically, impersonation leading to fraud. Impersonation is an ancient crime, but the rise of information-based credentials gives it a modern spin. A criminal impersonates a victim online and steals money from his account. He impersonates a victim in order to deceive financial institutions into granting credit to the criminal in the victim’s name. He impersonates a victim to the Post Office and gets the victim’s address changed. He impersonates a victim in order to fool the police into arresting the wrong man. No one’s identity is stolen; identity information is being misused to commit fraud.

The crime involves two very separate issues. The first is the privacy of personal data. Personal privacy is important for many reasons, one of which is impersonation and fraud. As more information about us is collected, correlated, and sold, it becomes easier for criminals to get their hands on the data they need to commit fraud. This is what’s been in the news recently: ChoicePoint, LexisNexis, Bank of America, and so on. But data privacy is more than just fraud. Whether it is the books we take out of the library, the websites we visit, or the contents of our text messages, most of us have personal data on third-party computers that we don’t want made public. The posting of Paris Hilton’s phone book on the Internet is a celebrity example of this.

The second issue is the ease with which a criminal can use personal data to commit fraud. It doesn’t take much personal information to apply for a credit card in someone else’s name. It doesn’t take much to submit fraudulent bank transactions in someone else’s name. It’s surprisingly easy to get an identification card in someone else’s name. Our current culture, where identity is verified simply and sloppily, makes it easier for a criminal to impersonate his victim.

Proposed fixes tend to concentrate on the first issue — making personal data harder to steal — whereas the real problem is the second. If we’re ever going to manage the risks and effects of electronic impersonation, we must concentrate on preventing and detecting fraudulent transactions.

Fraudulent transactions have nothing to do with the legitimate account holders. Criminals impersonate legitimate users to financial intuitions. That means that any solution can’t involve the account holders. That leaves only one reasonable answer: financial intuitions need to be liable for fraudulent transactions. They need to be liable for sending erroneous information to credit bureaus based on fraudulent transactions.

They can’t claim that the user must keep his password secure or his machine virus free. They can’t require the user to monitor his accounts for fraudulent activity, or his credit reports for fraudulently obtained credit cards. Those aren’t reasonable requirements for most users. The bank must be made responsible, regardless of what the user does.

If you think this won’t work, look at credit cards. Credit card companies are liable for all but the first $50 of fraudulent transactions. They’re not hurting for business; and they’re not drowning in fraud, either. They’ve developed and fielded an array of security technologies designed to detect and prevent fraudulent transactions. They’ve pushed most of the actual costs onto the merchants. And almost no security centers around trying to authenticate the cardholder.

That’s an important lesson. Identity theft solutions focus much too much on authenticating the person. Whether it’s two-factor authentication, ID cards, biometrics, or whatever, there’s a widespread myth that authenticating the person is the way to prevent these crimes. But once you understand that the problem is fraudulent transactions, you quickly realize that authenticating the person isn’t the way to proceed.

Again, think about credit cards. Store clerks barely verify signatures when people use cards. People can use credit cards to buy things by mail, phone, or Internet, where no one verifies the signature or even that you have possession of the card. Even worse, no credit card company mandates secure storage requirements for credit cards. They don’t demand that cardholders secure their wallets in any particular way. Credit card companies simply don’t worry about verifying the cardholder or putting requirements on what he does. They concentrate on verifying the transaction.

This same sort of thinking needs to be applied to other areas where criminals use impersonation to commit fraud. I don’t know what the final solutions will look like, but I do know that once financial institutions are liable for losses due to these types of fraud, they will find solutions. Maybe there’ll be a daily withdrawal limit, like there is on ATMs. Maybe large transactions will be delayed for a period of time, or will require a call-back from the bank or brokerage company. Maybe people will no longer be able to open a credit card account by simply filling out a bunch of information on a form. Likely the solution will be a combination of solutions that reduces fraudulent transactions to a manageable level, but we’ll never know until the financial institutions have the financial incentive to put them in place.

Right now, the economic incentives result in financial institutions that are so eager to allow transactions — new credit cards, cash transfers, whatever — that they’re not paying enough attention to fraudulent transactions. They’ve pushed the costs for fraud onto the merchants. But if they’re liable for losses and damages to legitimate users, they’ll pay more attention. And they’ll mitigate the risks. Security can do all sorts of things, once the economic incentives to apply them are there.

By focusing on the fraudulent use of personal data, I do not mean to minimize the harm caused by third-party data and violations of privacy. I believe that the U.S. would be well-served by a comprehensive Data Protection Act like the European Union. However, I do not believe that a law of this type would significantly reduce the risk of fraudulent impersonation. To mitigate that risk, we need to concentrate on detecting and preventing fraudulent transactions. We need to make the entity that is in the best position to mitigate the risk to be responsible for that risk. And that means making the financial institutions liable for fraudulent transactions.

Doing anything less simply won’t work.

Subscribe

 Subscribe to our RSS feed

Enter your email address to receive notifications of new posts by email.

Categories

@TurboLaw

Legal Blogs

Archives

Search

Subscribe

 Subscribe to our RSS feed

Enter your email address to receive notifications of new posts by email.

Categories

@TurboLaw

Legal Blogs

Archives

Search