share TWEET PIN IT share share 0

Flight Restriction: How Law Firms and the TSA Struggle with Security

By Jared Correia

The history of air travel in America is endlessly fascinating. And consider: All of that has been built up in just over 100 years. But it’s clear that what has had the largest effect on air travel in America was the 9/11 attacks — a tragedy that, in the scope of U.S. history, remains a relatively recent event.

Because of that, the security regime attached to commercial air travel has ramped up intensely over the past 20 years. If someone who regularly flew in the 1990s was plucked out of that time and transported to ours, the likelihood of her being arrested for trying to board a plane the same way she used to would be a virtual lock. Then it would be on Twitter. But suffice it to say, pre-9/11 air travel was a lot simpler.

In the modern world, security has become perhaps the primary focus of American life. A large part of the difficulty in adopting and maintaining reasonable security safeguards in the airline industry lies in the suddenness with which changes were originally adopted. A gradual realization that better airline security was needed would have yielded a much different version of said security than the one under which we live, which emanated from an immediate and aggressive response to a shocking tragedy. While that response was commensurate with the threat then presented, it’s now clear that the application of security protocols has been, and continues to be, somewhat ham-handed.

While trivial compared to the loss of life and property in the 9/11 attacks, there have been frequent, recent economic shocks as well — most notably the Great Recession. Another prominent economic shock of the 21st century, however, has been the mass data breaches taking place across the corporate landscape. This has laid bare the lack of data protection consumers receive from corporations to whom they entrust their identities and fortunes. Of course, this is not just a big-business problem — most small businesses don’t pay nearly enough attention to protecting clients’ information.

The increasing lack of trust in businesses has been addressed by laws, rules and regulations. At this point, every state has a law respecting data security, in addition to federal laws on the books. Legal institutions have gotten into the act, too (better late than never, I suppose). The American Bar Association Model Rules of Professional Conduct now address, specifically, technology competence and data security. And much of that language has trickled down to state ethics rules.

Data Security: A Shock to the System for Law Firms

All of this kind of came as a surprise to the large majority of solo and small firm lawyers, many of whom took pride in being Luddites. (“Oh, you refuse to answer emails, too, Chester? You’re the man!”) The notion that lawyers needed to understand the technology they used (or should use) and apply modern safeguards to the new types of information sort of flew in the face of what lawyers always want to do: just practice law, and not be disturbed by business management necessities.

While these changes did not happen in the blink of an eye and came to the profession in due course, the time frame was still staggering for lawyers. You see, lawyers process industry changes in dog years — so it’s like seven years of business information got dumped onto them in one year’s time. Given that most of them never saw it coming, data security and its implications were a shock to the system for many law firms, as well as the legal industry itself.

How have lawyers dealt with it? Anger. Denial. Panic. But now, in much the same way the federal government and airline industry are trying to figure out the right measure of security as it butts against privacy rights, lawyers are starting to have similar conversations, and making decisions about how to best secure the business data they receive and maintain.

How’s it going? Not surprisingly, the results have been similarly ham-handed.

There are usually two types of law firm technology platforms: those rooted in 1992 and those uncomfortably walking a long tightrope between 1992 and 2001. That’s not the case in all law firms, of course. Some are entirely cloud-based and secure their clients’ information effectively! But most are trying to stitch together old and new technology in a Frankenstein arrangement. That creates a number of problems, but for now, let’s talk about how it affects law firms’ customer service.

Diabolus Ex Machina and the Details

Law firms aren’t great at customer service. Spoiler alert: Neither is the TSA. Indeed, even where law firms are less likely to be gropey, there are similarities between the two.

The TSA’s problem is that it is trying to enforce a robust security program at the cost of consumers’ convenience. Law firms are kind of like that, too. A major part of what a law firm does is to act as a steward of its clients’ information. To protect client information more diligently, the firm needs to inconvenience clients further. Passwords, encryption, secure email. It’s barrier after barrier placed in front of the destination, all in the name of protecting information no one can get at any longer. Of course, if it was up to the average lawyer, they wouldn’t do any of that. It’s the increasingly rigorous laws and rules that require it. I bet you didn’t know, Mr. Big Shot Lawyer, that you were a glorified TSA screener?

But that’s not all. At the airport, the process is painful because all of the clumsy machinery is laid bare. Unending conveyors. Two kinds of screening devices. Wands! Consistent peer pressure forcing you to re-belt as quickly as possible while hoping your pants will stay up! There’s a tangible relief when you arrive in the gate area. Snacks! Restrooms! Power chargers! You know it’s horrible, you’ve been through it.

Is that so different from the ways clients approach law firms? Law firm websites are often poorly designed, making it difficult to contact them. It’s kind of like sticking your head down a long, dark hole, shouting “Hello, in there!” and waiting for the echo. Form fillers are overly chunky, and a barrier to entry. There are a million disclaimers everywhere — because, damn it, that’s what lawyers do. Apparently, everyone is an award-winning attorney who doesn’t actually talk to anyone. How would a layperson react in reviewing your website? Do the terms “consternation,” “medieval” or “gut-wrenching” come to mind? It’s all that noxious machinery, laid bare. Like the Onceler’s former castle.

The process becomes no easier once contact is made. Scheduling can be an exercise in jumping hoop after hoop, from gatekeeper to gatekeeper, just to get a two-party date on the calendar. Sharing documents is an earnest venture, for sure. Trading emails. Uploading and downloading versions of documents with little real access or effective internal controls. Since many lawyers are not tech-savvy or intake-forward, it can get to be a zoo.

Sort of like the air travel experience, is it not? The brief moment of joy awakened by passing through security dampens once the cattle call begins for loading the plane. People ignoring groups entirely and just standing around, blocking everyone else from getting through to the check-in screener. This fool is reclining his seat … before takeoff! My in-seat TV is busted! For the love of God, why is the line for the bathroom so long?

And yet: People still fly. And people still hire lawyers.

Why? Their choices are limited. What are you going to do? Drive? Read a statute? (They’re awful!) So drive to Nevada. Write an appeal. Go ahead, throw your vote away!

A Better Idea: Build Your Own TSA Pre

Of course, it’s possible to be both necessary and convenient.

Sure, the TSA general screening is rough. But TSA Pre is much better. One reason is the machinery is behind the curtain. You’re less engaged with the process because you’re excused from some of its more onerous aspects. The laptop stays in the bag. Shoes stay on. Personnel aren’t on top of you as much. TSA Pre works, of course, because the user has to put in some additional work — it’s a two-way street. You’ve made the time to show up, complete some paperwork and paid a fee. In return for your diligence, the gears grind less close to you.

Law firms can operate in a similar fashion to increase convenience while retaining an acceptable level of security.

  • At the intake level, law firms can reduce the machinery. Consider a chat bot rather than a lengthy intake form. If your secretary is overworked and possibly cranky when answering phone queries, use a virtual receptionist service, where employees are paid to be delightful.
  • Offer convenient scheduling options, like via Calendly.
  • Make it easier for potential clients to engage you — don’t coerce them into your struggle over data management. That’s what the back office is for. Nobody wants to see how the sausage is made; they just want to eat the damn sausage.

When you’re ready to sign a client, here are more ways to build and manage your own version of TSA Pre.

  • Include clauses in your fee agreement respecting the law firm’s use of technology and the importance of data security.
  • Explain to clients how they will access information, including what specific tactics they will need to mold their behavior around to keep their own information confidential.
  • Tell the client you are the steward of her case file and you can work together to make sure no one gets their hands on her stuff who shouldn’t. Like case results, data security is not guaranteed, but the likelihood of a breach decreases substantially when the right technology is in place, and when both parties to the attorney-client relationship are aware of their distinct obligations.
  • Review the various methods you will use to share information with your client. Set access portals and passwords ahead of time, to reduce confusion later.

These steps will also serve to decrease administrative burdens during the course of the case, allowing you both to focus on the substance of the matter. 

The Wizard of Id

The profound disappointment engendered at the end of “The Wizard of Oz,” when the titular wizard is revealed to be just some dude, is palpable. And it’s all because the curtain came down. Everything seemed to be going so well, even if it really wasn’t. That’s the power of effective presentation (if not follow-through), in a nutshell.

Plenty of hack attorneys stay in business by coddling their clients, relying on service more than substance. The majority of lawyers, however, who do focus on substantive practice, must supplement what they do by creating a customer service protocol that matches the kind of work they do on the ground.

Everybody knows the ending of “The Wizard of Oz,” but there is an alternate reality where the wizard is real — or where he’s at least hung his curtain better.

Illustration ©

Subscribe to Attorney at Work

Get really good ideas every day: Subscribe to the Daily Dispatch and Weekly Wrap (it’s free). Follow us on Twitter @attnyatwork.

share TWEET PIN IT share share
Jared Correia Jared Correia

Jared D. Correia is CEO of Red Cave Law Firm Consulting, which offers subscription-based law firm business management consulting services, and works with legal vendors to develop programming and content. Jared is also COO of Gideon Software, Inc., which offers intelligent messaging and predictive analytics software built exclusively for law firms. A former practicing attorney, Jared is the host of the Legal Toolkit podcast and speaks frequently at industry events. In addition to his Attorney at Work column, Managing, he writes an advice column for Lawyerist and on tech startups for Above the Law. Follow him @JaredCorreia.

More Posts By This Author
MUST READ Articles for Law Firms Click to expand

Welcome to Attorney at Work!

Sign up for our free newsletter.


All fields are required. By signing up, you are opting in to Attorney at Work's free practice tips newsletter and occasional emails with news and offers. By using this service, you indicate that you agree to our Terms and Conditions and have read and understand our Privacy Policy.