Untangling the Web: Area attorney helped write the 'book' on cybersecurity

By Linda Laderman
Legal News
For as long as she has been in practice, Claudia Rast, a shareholder in Butzel Long’s Ann Arbor office, has used her science background to help her clients manage their technology-related issues.
“When I was seven years old I wanted to be a neurosurgeon. It’s my geek path,” Rast said. “My first few years out of law school I was doing environmental work dealing with chemical and hazardous waste constituents, which is basically forensics, so cybersecurity was a natural for me.”

A graduate of University of Michigan with a degree in natural resources and the Detroit Mercy School of Law, Rast was recently reappointed to serve a one-year term on the American Bar Association’s (ABA) Cybersecurity Legal Task Force. 

Rast also co-authored a chapter dealing with small business and cybersecurity events for the second edition of “The ABA Cybersecurity Handbook” that was published at the end of July. 

At a time when the financial data belonging to millions of Americans is stored in a host of online data bases, incidents like the recent cybersecurity breach of the credit monitoring company, Equifax, demand that members of the legal community revisit how they safeguard their clients’ privacy, Rast said.

“As a result of the Equifax breach, 143 million people now have their information floating the dark web,” Rast noted. “I would posit that much of that material was out there anyway but in bits and pieces. But the Equifax breach put the data out there in a neat box for the bad guys, like a gift with a nice little bow on it.”

Rast said hackers who steal information from individuals, retailers, universities, and government institutions leaves victims with questions for which there are often not any definitive answers.

“We have to realize that we are part of a whole new paradigm and ask, ‘How do I live with my Social Security number on my forehead, how do I live with a constant breach with my name and address out there?’” Rast said. “There are algorithms out there, based on what sites you visit and what you buy, that can piece together who you are without really knowing who you are. We are transitioning into a kind of brave new world where we have to learn to deal with this.”

Equifax created additional problems when it failed to immediately report the extent to which their customers’ data had been compromised, later telling their customers that they would have to pay to freeze their credit data, then rescinding that statement, creating a “crime scene with digital yellow tape all around it,” Rast said.

“We have Equifax, that is supposedly there to protect us, fumbling the ball in dealing with this massive breach and customer relations,” Rast said. “That goes against the things that we as lawyers in this business of cybersecurity really work very hard at doing, and that is managing the details of the message in a way that is not obscure, but helpful and useful.”

Attorneys whose clients suspect they were affected by a cyber breach should advise them to undertake a careful and scientific investigation of the situation to determine if an actual breach took place, and if it did, to assess the severity of the incident, Rast said.

“Cybersecurity attorneys have access to third party forensic people who know how to preserve attorney client privilege and collect the evidence without trampling all over it. I have been involved in cases where the first call a client will make is to law enforcement and it is too soon because it really wasn’t a breach,” Rast said. 

Attorneys have a duty “to be knowledgeable about their clients’ cybersecurity and if they don’t have competency they should find someone who does,” she added.

Rast is not only proactive when it comes to competency for attorneys with cybersecurity concerns, but also she is involved with helping global legal communities and the public access better tools to advance the rule of law worldwide.

This past summer Rast spoke at The Hague, at a conference of global leaders for the World Justice Forum V in the Netherlands, where she addressed the Rule of Law Index, an interactive website, that she helped develop.

“I was part of a panel that introduced the results of the Environmental Rule of Law Index, WJP Rule of Law Index 2016, covering five countries: Germany, Japan, Colombia, Kenya, and Argentina,” Rast said. “My involvement began when the president of the ABA, asked for a representative from each section, to participate in the World Justice task force. Our group helped frame the survey questions to provide data for the index.”
 The project, which is ongoing, is a volunteer endeavor that Rast said she finds gratifying.

“Working on the Rule of Law Index to develop a non-partisan, non-bias gathering research tool carries a tremendous sense of satisfaction,” Rast said.
 “Being able to give back, to provide something that crosses barriers makes you glad to be a lawyer.”