Matrix + Element Case Study
Background
Reidel Law Firm, a Texas based, global law firm with practice areas in International Trade Law, Franchise Law, and Business Law was seeking a safe, secured, and data sovereign communication platform for our clients. The prevalent use of email in the business and legal world is sufficient for many types of communications by the Firm but the growing need to discuss confidential matters with our clients in an increasingly non-private world loomed large for us. As we expanded our business across borders and into legal matters such as sanctions compliance, anti-money laundering compliance, and defense from government investigations, it has been necessary to take additional steps to protect client confidential data from inadvertent disclosure.
In late 2020 we finally began documenting the needs of our firm and searching for an communication platform which would fit our criteria. Our firm considered these features as essential for the platform: (1) data sovereign, (2) platform agnostic/flexible integrations, (3) encrypted communications, (4) self-hosted, and (5) free/open source software. Having a platform which is data sovereign and self-hosted allows us to maintain control over our client’s confidential data and be able to certify our compliance with our ethical and legal requirements. Encrypted communications are an essential piece to allow for open, trusted discussions and frank counsel to our clients. Keeping flexibility to communicate with our clients within our system wherever they may be in their preferred platform was also an important factor to be able to reach as many clients as possible as convenient as possible. Lastly, software which espouses the Free Software Foundation and open source philosophies are important to the Firm as a commitment to using freedom respecting software and from a practical standpoint, preventing being locked into one system without choice.
Problem
As a law firm, we are privy to a multitude of client’s confidential data in a range of legal matters. Typical confidential data from clients would include private identification data (such as driver’s license numbers, visa numbers, social security numbers), confidential case details (including government investigations, lawsuits, proprietary trade data), and business trade secrets. It is exceptionally important for an attorney and a law firm to maintain confidential information in the utmost security as both an ethical and legal practice. Most clients will not mandate certain security parameters for their data but will expect any shared confidential data to be maintained as such. The risk facing attorneys has grown exponentially in the last decade as threats may come from hackers, malware, government actors, and even firm insiders. Any inadvertent disclosure of confidential data could, and often should, be the death knell for a law firm and its responsible attorneys. In the legal traditions of the west, there are few communications more privileged than that between an attorney and his client.
Besides the concerns for securing sensitive data communicated between the Firm and clients, another important factor in seeking a communications platform was the ability to unify our client’s various communications methods into a singular platform or at least into the most accessible platform available. Due to the global nature of our practice, certain countries have restrictions on communication platforms which influence the user base in that country to adopt alternatives. For instance, in Russia Telegram is officially blacklisted (though still regularly used) but in our experience the encryption function within Telegram for our clients in Russia has not worked often. In Saudi Arabia and United Arab Emirates there is a blanket ban on VOIP providers making it exceptionally difficult to hold Skype or Zoom calls within those countries. In China, many platforms are banned or throttled to be nearly unusable forcing many Chinese to rely on the state sanctioned WeChat platform.
Perhaps the most important consideration for an attorney or law firm in communicating with clients are the various ethical obligations imposed upon attorneys by the Disciplinary Rules of Professional Conduct. Many state bars have revised or interpreted these rules to require attorneys to be competent in the use of the technology for their clients. In Texas, the Supreme Court amended Paragraph 8 of the comment to Rule 1.01 of the Texas Disciplinary Rules of Professional Conduct, which addresses the duty of all Texas attorneys to be competent and conscientious in providing effective legal representation, now requires that practitioners also be aware of “the benefits and risks associated with relevant technology.” This is an obligation imposed on all attorneys in Texas that they become aware of, if not proficient in, using technology to best serve their clients.
Further, several opinions by the Professional Ethics Committee for the State Bar of Texas have emphasized that important confidential information should be treated and handled by attorneys as such. In particular, Opinion 648 states that a lawyer may generally communicate confidential information by email but that some circumstances may require an attorney to “to consider whether it is prudent to use encrypted email or another form of communication.” In Opinion 680, the Committee held that “a lawyer may use a cloud-based electronic data storage system or cloud-based software document preparation system to store client confidential information or prepare legal documents. However, lawyers must remain alert to the possibility of data breaches, unauthorized access, or disclosure of client confidential information and undertake reasonable precautions in using those cloud-based systems.” These Rules and Opinions underline the importance of securing your client communications and data as an ethical requirement for attorneys. Repercussions for ignoring and risking your client’s confidential data ultimately could be suspension and the loss of your law license.
Solution
After careful review of the available options, Reidel Law Firm chose to utilize a self-hosted Matrix server coupled with a self-hosted Element Web interface as the solution to our need for a safe, secured, and data sovereign communications platform. We chose the Matrix + Element platform because the platform met all of our required features which would allow us to maintain control of our data, offer a secured, encrypted communications channel to our clients, is highly extensible, and is an adherent to the Free Software philosophy. Accessibility and the ability to operate across a wide range of devices (for Web, Android, iOS, macOS, Windows & Linux) was also an important factor. But the absolute number one factor was privacy and security, our Firm didn’t want our clients, colleagues, and friends to be using someone else’s product or service. Keeping our client’s data and discussion under our own control and management was very important and an ethical requirement.
We spun up a separate VPS (virtual private server) from our existing website and other web services we host. This was done to segregate our client’s interactions and data away from our firm critical services we use internally everyday for better security and privacy. While installing and maintaining a Matrix server would be within our Firm’s general tech capabilities, because of the fast paced nature of our practice and the increasing specialization within the firm we retained the services of a etke.cc as our developer and maintainer to handle the install and ongoing maintenance for the Firm. This startup period only took about a week from install to bridges/integrations install, to testing and deployment. We retained the services of Etke.cc for these and can give a strong recommendation to other law firms or businesses who need a leg up on the startup and technical maintenance but are capable on other matters with running and using a chat server and client.
Once we had the server and Matrix+Element platform live, we needed to further define the internal structure of the Matrix service, essentially we needed to plan for where clients will land when they use our Matrix server and how will they be encouraged to use it. When clients sign up for using our Matrix server, we wanted every client to first be placed into our public, open lobby room and also our announcements room. The Lobby room is a is a public space for our clients, colleagues, and friends to chat about general topics in a cordial, professional setting. It is public and is not encrypted to have the most visibility to users and those outside of Matrix, is it not a place for any confidential information to be posted. The Announcements room is a room where the Firm will post important announcements about our Firm and our activities. Only the Firm has the permission to post in this room and it is public and not encrypted. We utilized the built-in RSS bot to link to our website so that any new posts on our website will automatically be posted to the announcements room.
Besides the auto-join Lobby and Announcements rooms, we also have several suggested rooms that our clients can join at their leisure. These include a Business News, Franchise News, and International Trade News rooms. These rooms are each running the RSS bot that pulls important news feeds for each of our primary practice areas. These rooms are public, not encrypted, and only the RSS bot has permission to make posts at this time. In the future if there is significant interest from our clients, we may decide to open these rooms for our clients to post as well although it is not an important need at this time. Clients are free to join and leave these rooms as they please and serve as a great resource for our Firm and clients to connect and discuss the latest news and activities in our practice areas.
When a client has decided to use our Matrix server to communicate with the Firm, it is simple as messaging one of our team members within Matrix+Element. Creating a chat within our server will create a private, encrypted room between the two users where our Clients can share confidential discussions and data. This allows our clients to have a secure space, where they can feel comfortable discussing and collaborating with their attorney, wherever they may be in the world and whatever their legal matters When necessary, we can utilize the built in video and voice chat capabilities to chat with our clients and hold meetings as well. As our team and clients use our Matrix server more often we also plan to utilize the Matrix platform for open public webinars and to connect with other FOSS organizations and others in the legal industry. Of course as a bonus to our clients and colleagues who utilize our Matrix server, they are free to create public, private, encrypted chat rooms on their own for their own organization – merely as a benefit of being a client of Reidel Law Firm.
Internally, we have designated a private space within our Matrix server to provide encrypted, private chat rooms and communications for the Reidel Law Firm team and others. The internal space is fully end to end encrypted and is used by the Reidel Law Firm as a dynamic space for designated and ad hoc rooms for internal collaboration with staff and others. As a private space it remains hidden from view from our clients and the public space. The video and voice chat capabilities keep our global team within easy reach at any time and keeps all of our internal communications on our own server, reducing our need to rely on other third party platforms to schedule our virtual meetings or video calls.
After we had our server deployed and live, we took the time to draft a walk-through and guide to using Matrix, Element, and the various bridges and integrations we utilized for our clients to take the maximum advantage of the platform. We explain what the Matrix protocol is, how to sign up on our Firm server, how to sign up on another server, and how to use Element as a client to our Firm server. We also explain the function and use of our bridges and bots we have installed. This guide will continually be updated as we add additional features and also receive feedback from our clients about their experience in using Matrix+Element. You can view the latest version of the Guide here.
Lastly, our choice of using a platform which is dedicated to Free Software philosophy has allowed the Firm to keep our costs in development and deployment of our Matrix server to a minimum while supporting Free Software use and awareness in the business and legal community.
Conclusion
Deploying and using our own self-hosted Matrix+Element instance has allowed our Firm to better serve and support our clients by offering a secured, encrypted communications platform that our clients can use both within the Firm and outside of the Firm. Bridging other communications platforms and channels to our Matrix server has allowed us to reach our clients wherever they are in the world through whatever platform they are able to access. Our Firm has seen an immediate reduction in cost and improvement in quality of our communications with clients. Matrix+Element has allowed our small law firm to remain competitive and on the cutting edge of technology. We anticipate even closer collaboration with our clients and colleagues using our Matrix platform and as the future of business communications moves away from email.
View the PDF case study here.