Book review: Technology and Security for Lawyers and Other Professionals, Kuan Hon
A time-saving kicking off point and explainer for all non-tech professionals
Law and information technology. The two disciplines have much in common. Both can seem virtually impenetrable to outsiders, a warren of specialist rabbit holes, each with its own arcane terminological baggage. Both are vital to the functioning of the modern world.
And yet, each has often tended to act as though the other doesn't exist.
"Lawyers simply weren't expected to be technology proficient," says Phil Lee of tech specialist law firm Digiphile in the foreword to this book. But times have changed. "Technology proficiency is no longer a nice-to-have; it's a necessity."
Which is the starting point for this work. Having a foot in both camps as a practising lawyer and advisor who also holds a joint law/computer science PhD, Dr Kuan Hon is as well placed as any to help bridge this divide. It's intended as a grounding in fundamental IT/ICT concepts for lawyers and "essentially any non-IT experts whose work involves technology systems, contracts or digital data."
While they have their commonalities, there are many fundamental differences between the businesses of tech and law. One famously likes to "move fast and break things"; the other is slow and deliberate. One delights in reinventing and repurposing, not least in language that morphs according to the demands of marketing; while the other insists on definitional precision.
"I've noticed IT and non-IT professionals often use the same words or phrases to mean different things, like 'data protection', or conversely different words or phrases to mean the same thing," Hon writes. "This can result in confusion, cross-purposes, even loggerheads."
In view of mismatches of pace, which can see some books on tech out-of-date as soon as they are published, Hon is careful to deal with computer science concepts rather than individual technologies. So encryption and hash tables but not blockchain; cloud, but not specific platforms or services.
She also avoids the temptation to dig into the details of the existing and evolving legislation (one suspects an act of will or a firm editorial hand here, as Hon clearly loves to get into the legal weeds). This is a book about tech for lawyers and professionals, not the other way round; and anyway, the result would be a work much longer than this one's already substantial 573 pages.
Subtitled, "The basics and beyond," the book is pitched in that tricky middle-ground: more detailed than a high-level overview, but stepping back from the sort of attention-swamping detail that would put it in the domain of subject matter experts - although there are examples, links and references aplenty for those who want to pull on any particular thread.
Chapters range from introductions to fundamental topics in hardware, software, programming, networking and security and their associated terminology, to more detailed analyses of security, communications and AI.
The themes of cybersecurity and data protection run strongly through all of these areas, as one would expect, both from the title and because this is one of the most common interfaces between technology and law.
Throughout, Hon (who, for disclosure, is one of the legal experts Computing journalists regularly turn to for comment) is not afraid to state her preferences and thoughts drawn from her experience as a counsel in Dentons Global Privacy and Cybersecurity team and an advisor to public bodies, including the ICO. This makes the book much more readable than the the density of the information packed into its pages might suggest.
On authentication, for example, after a discussion of the vulnerabilities of one-time passwords: "For 2FA/MFA, you'll understand why I prefer hardware security keys. Physical security keys are small, light, and accessibility-friendly (unlike authenticator apps on small mobile screens)."
This is accompanied (in a companion PDF sent with the review copy) by an analysis of the recent attack on the British Library, which was enabled by a lack of MFA on a system thought to be non-sensitive.
As someone who spends a lot of time on search engines trying to get to the fundamentals behind the jargon of the tech business, the clarity and succinctness of the language and the range of topics covered in Technology and Security for Lawyers and Other Professionals means I'll be keeping hold of my review copy as a time-saving kicking off point and explainer for a long time to come. Highly recommended.
Technology and Security for Lawyers and Other Professionals by Dr W Kuan Hon is published by Edward Elgar Publishing. The eBook version is priced from £20/$26 from eBook vendors, while in print the book can be ordered from Elgar's website.