Modern Cyber with Jeremy Snyder - Episode
33

Jonathan Steele of Steele Fortress

In this episode of Modern Cyber, Jeremy speaks with Jonathan Steele, a family law attorney and cybersecurity expert, about the intersection of digital privacy, personal security, and legal disputes. Jonathan shares insights from his work at Steele Fortress, focusing on how common digital privacy concerns like shared passwords, iCloud accounts, and tracking devices can complicate family law cases, especially during divorces.

Watch Now
Jonathan Steele of Steele Fortress

Podcast Transcript

Jeremy Snyder (00:03.242)
All right, welcome back to another episode of Modern Cyber. We've got something a little bit different today that I think we're all really going to enjoy. Why? Because we're all individuals and we are all subject to the laws of the nation, states, municipalities, localities, whatever it is, wherever you live in the world. And so we've brought on somebody today to talk about the intersection of law and cybersecurity. It comes up a lot and I think we're going to get a lot out of today's conversation.

So with that, I'd really like to take the opportunity to welcome Jonathan Steele to Modern Cyber. Jonathan is a distinguished family law attorney and the founder of Steele Fortress, a leading privacy and cybersecurity consulting firm. As a partner at Beerman LLP in Chicago, Jonathan has a reputation for handling complex family law cases with innovative legal strategies. His dual expertise in law and cybersecurity uniquely positions him to provide invaluable insights into the intersection of these fields. And in addition to everything that I just said,

Jonathan has a ton of accomplishments and achievements both academically and in the community. For instance, just picking a few of them, Jonathan was previously recognized as a rising star by Illinois Super Lawyers Magazine and emerging lawyer by Leading Lawyers Magazine. He's been consistently acknowledged for his outstanding legal acumen. He's proficient in the Illinois Supreme Court rules. There's just, the list goes on and on. And in addition to all of that,

He's got a CompTIA Security Plus certification. How many lawyers do know that can say things like that? Jonathan, I don't know where you find the time to fit it all in, but thank you so much for making the time to join us on Modern Cyber today.

Jonathan Steele (01:34.593)
It's a pleasure, Jeremy. Thanks for having me.

Jeremy Snyder (01:37.63)
Like I said, we don't often get an opportunity to talk to somebody like you with this background. I'm not sure I've ever met somebody with this kind of unique, you know, overlap of skills in two areas that are super relevant in the modern digital space, law and cybersecurity. So I'm really curious to kind of hear from your perspective. Let's start by talking about where family law and cybersecurity intersect.

How do digital privacy concerns impact legal cases, especially in legal cases around family law?

Jonathan Steele (02:09.357)
There's a great deal of intersection. you know, at the infancy stage of a divorce case, for instance, a spouse might come in and they're feeling vulnerable. They're pretty sure that their spouse has access to, whether it's their devices or their data, or maybe they're sharing an iCloud account, or they're worried that their spouse has access to their location services.

you know, it's hard to assuage them of that fear without just being able to walk them through the process, walk them through their settings and help them navigate and sort of unplug all of the access that they've either intentionally or maybe even inadvertently given to their spouse throughout their relationship.

Jeremy Snyder (02:51.496)
Well, I didn't even think about it, but as you were going through that answer, I was like, yeah, I share my location with everybody in my family. I share an iCloud account with everybody in my family. I've got a password vault that has other members of my family as kind of members. with that kind of, I don't know what the right word kill switch maybe is the mechanism, certainly my spouse could get access to all of my passwords in case of a tragedy or something like that. And so.

I hear about things like, you know, stalkerware and these kind of tracking apps that are often kind of covertly installed on, on, you know, significant others devices, or I guess soon to be former significant others devices. But actually the concern it sounds like goes well beyond that even to just the basics that you might have granted access to other people over the course of a relationship, right?

Jonathan Steele (03:42.581)
Yeah, the spyware or the stalkerware, that's a more sophisticated threat. That's going to require someone that has a little bit more technical know -how to set that up. What I see more frequently is just the basics. You shared a photo album with your spouse. You shared your location access and the find my settings or,

Jeremy Snyder (03:47.42)
Okay.

Jeremy Snyder (04:04.091)
Yeah.

Jonathan Steele (04:05.237)
Maybe you even have your iMessages being replicated to another device in real time that your spouse has access to.

Jeremy Snyder (04:12.901)
Mm -hmm.

Jonathan Steele (04:13.417)
things like that and it's you know Apple has done a good job with their feature safety check that is designed specifically for like a domestic abuse situation that just walks you through in a real Apple friendly way of unplugging that access showing you what sort of permissions you've given and to who and asking you if you want to keep those permissions existing or to cancel them and that's a good place to start for a lot of people.

Jeremy Snyder (04:40.967)
And, you know, to the extent that you can estimate, in what percentage of cases, let's say divorce cases specifically, does this come up? Is it like 100 % of cases nowadays? Because that's just how our lives are now?

Jonathan Steele (04:54.977)
I wouldn't say it's 100 % but it's pretty common. A common one is email and email concerns me greatly because that's going to be one of the main ways that my office is going to communicate with clients and to preserve the attorney -client privilege is something that I'm hypervigilant about and so if I have a fear that the opposing party is reading emails between me and my client, I need to fix that as a high priority.

And so it involves changing passwords, buttoning up, two factor authentication. In your case, removing access to the password vault. Because if you change the password but the other person still has access to the vault, you haven't really solved the problem. So email is going to be crucial, text message, iMessage.

Jeremy Snyder (05:29.348)
Right?

Jonathan Steele (05:46.065)
signal message, however you're communicating with your lawyer, those are sort top priority tasks. But then just email is a treasure trove of information for someone that is trying to build a case against you. So cleaning that up is very high priority.

Jeremy Snyder (06:02.926)
You know, it's funny, mean, just kind of going back to what I said earlier, my mind immediately went to the case of kind of like, you know, infidelity or suspected infidelity. And I think about, well, I don't want this person to have access to my email because they might find out the bad things that I've been up to. But it's actually far more than that. It's even just, you know, maintaining private personal communications with somebody like a lawyer or a banker or an accountant, as you might be kind of disentangling two lives or something like that.

I wonder, you know, could you give us any examples? Obviously there's confidentiality and privilege and things like that, but maybe there's some public examples that you could share with us to try to make it a little bit more concrete about how this plays out and how information found through these digital means has really impacted a case.

Jonathan Steele (06:48.629)
You know, at least where I practice in Illinois, if you've gathered evidence in a way that, you shouldn't have, if, if your spouse did get access to your email and they found something damaging and they want to use that in their case, it's most likely going to be barred from an evidence perspective. It's fruit of the poisonous tree. but you're, even if you can't directly use the evidence, you're learning information about the person that you can use against them, whether you can use the evidence or not. And so, you know, an example might be.

In Illinois, if you are a maintenance or what's formerly known as alimony candidate and you are cohabitating with someone of the opposite sex while you're in the middle of your divorce case, you might lose your right to maintenance. You might lose your right to alimony. And so one way of finding out that you're cohabitating could be something like emails. You might have...

Expedia confirmation where you're traveling with a significant other or maybe you forgot to unplug your spouse's access to your

ring cameras or to your nest cameras. so they're seeing the person coming or going. or maybe you were smart enough to put your social media accounts on private, but you, and you pruned, a number of either acquaintances that you share with your spouse and certainly probably removed your spouse as a follower, but maybe you didn't prune all of them. And so maybe you have a mutual friend that's sort of passing along in real time photos that you're uploading to Instagram that show your vacancy.

Jeremy Snyder (08:21.899)
Yeah.

Jonathan Steele (08:22.547)
vacation, all these little things add up to a big picture, which is you are cohabitating. And so you might lose your right to maintenance. And on a similar vein, you know, in Illinois, if you are wasting money or spending money on something that's unrelated to the marriage, you might owe that back to your spouse. So if you're traveling the world with a significant other and you can tie that up through emails or through iMessages or through photos, you've done yourself a great disservice. And so it's very well advised to

Jeremy Snyder (08:28.331)
Yeah.

Jeremy Snyder (08:40.405)
Yeah.

Jonathan Steele (08:52.297)
clean that up as best you can. You you've got a digital footprint out there and you need to make it as small as possible and as inaccessible as possible.

Jeremy Snyder (09:02.43)
So just so I'm clear on it, all of the things that you just said would be effectively admissible. So if I've removed all these people from social media, but I forgot one who then shares a picture of me and a new significant other with my ex, that's admissible because I've posted on social media where that person didn't do anything nefarious to gain access to that content, to that photo, but then shares it. But.

If I change my password and use two factor authentication, but my spouse or my ex still somehow gains access, then they're going out of their way to kind of circumvent the protections that I put on my account. Is that a fair summary?

Jonathan Steele (09:44.181)
Yeah, in the latter case there, they did something wrong. So that should be inadmissible. But when you're just voluntarily putting your photos out there into the world, you're making a choice. You're doing that voluntarily. No one forced you to do that. Nobody did anything wrong. You put it out there in the public and somebody saw it. And that's your fault. That's going to be admissible. And that's going to end up getting used against you in that scenario.

Jeremy Snyder (09:48.649)
Okay.

Jeremy Snyder (10:10.846)
It's crazy. mean, I'm fortunately I'm not in a position where this is a real situation that I need to consider in my life. But these are things that I never would have thought of. And I imagine those who haven't gone through a separation process probably don't think about this as well. So this is a little bit eye opening for me. I'm when you talk to people through this other than let's say inadvertently sharing information. What are some of the other common mistakes that you see around digital privacy during these legal disputes? I know you mentioned things like

let's say forgetting to stop sharing a Ring camera or a Nest camera or maybe photo albums. Do you have like a checklist or how do you think about that with your clients?

Jonathan Steele (10:50.221)
You know I tried to encourage people to get off of social media and I realize nowadays that's like asking somebody to give up a limb and so I it's going nowhere that's a conversation that is tough to have with someone but getting them to clean up their friends list or their followers list can be an easier sell for people and so that that's a good starting point.

Jeremy Snyder (10:58.812)
Yeah.

Jonathan Steele (11:15.209)
And then, you know, I try to encourage people to try to compartmentalize different parts of their life as best as possible because that's going to help to mitigate damage in the event that your spouse has access to something.

And so, you know, if you have, for instance, you're using an email alias service, or you're using something like a mysudo or cloaked, those are, those are going to have a number of benefits associated with them. One of which is you're just segregating different parts of your life. And so if you have a pseudonym that's attributable or associated with like your online dating persona, for instance, and your spouse gets access to just your general email box, you know, they might get

your Amazon receipts, your DoorDash receipts, but they maybe don't get access to your dating life. And then, you know, that's going to pay dividends in other areas as well. You know, if you end up dating someone that turns into a stalker, it's pretty easy to cut that off because they really only had access to your pseudonym phone number, your pseudonym email address. And, you know, it really just does help to mitigate the damage that can come from either whether it's a data breach, a hack.

over intrusive spouse. So I try to push people towards my pseudo and then I try to encourage people to use as much as I can more secure communication methods. when with my clients I try to move everybody on to Signal because I think it's just a more secure platform. I think iMessage generally does a good job but Signal does better.

And then, you know, if I can get people off of, like a Gmail onto something like a proton mail or to a Tudor note, that too can be a hard sell. Gmail is just an easy, you know, everybody uses it kind of thing. and you know, best case scenario, usually I get people to create a second email address and they will communicate with me using their proton mail. it's hard to get people to just abandon their Gmail. So, you know, there's a number of different things that I try to triage.

Jeremy Snyder (13:01.761)
Yep. Yep.

Jonathan Steele (13:20.678)
First, if we're going to communicate using our mobile devices, let's get on signal. If we're going to send each other emails, let's try to use Proton. If we're going to send each other attachments, let's try to use like a secure file upload service as opposed to just sending email attachments because then if your spouse does get access to your email, what they have is a bunch of expired links as opposed to all the different attachments that we've exchanged during the course of your representation.

I know I gave you a lot there, that's, it's a checklist, I guess, that I do try to run through with clients to sort of keep their exposure limited.

Jeremy Snyder (13:46.582)
to... yeah!

Jeremy Snyder (13:56.207)
And for anybody who may unfortunately be going through this process right now, you can just kind of click back about two minutes and go through that section of the podcast episode again and get that checklist as well. I'm curious, know, that's, we're mostly talking about an adult to adult here, right? Who, for one reason or another, are deciding to end a relationship. What about the impact on the digital footprint of children?

Jonathan Steele (14:21.493)
That's a huge one because first of all there's the digital privacy and the security of the kids themselves.

You know, you put an iPad in the hand of a six year old and one minute they're watching Bluey and you come back an hour later, you took a shower, you worked out, whatever, you come back and they're watching something that's traumatizing. And so, you you need to put some belts and suspenders on these devices so that, you know, you're protecting your kids. That's the primary concern, but there's a secondary concern that I think is pretty often overlooked, which is that, you know, if I'm divorced and I give my child an iPhone,

now have the ability to track that iPhone. And so when my child is with my child's mother, I now probably have the ability to track my child's mother. And so my child is essentially then...

tracking device for my significant other. Or, know, lot of people now are, our parents are air tagging their kids and I think that's smart nowadays, but the same thing is applying when the child is with the other parent. And so, you know, it's a responsible thing to do if you are now assuming parenting time to know what devices your kids have, what access is given to the other parent. If you have the ability to turn that off, great.

Jeremy Snyder (15:12.15)
Proxy, yeah.

Jonathan Steele (15:41.533)
the ability to give your child a different device when they're with you than when they're with the other parent, great. But there's that dual concern there, one of which is just protecting the kid themself, and then there's protecting yourself because the child can be, like you said, a proxy for information to you.

Jeremy Snyder (15:59.761)
Yeah, and does the COPPA play into this at all? The Child Online Privacy Protection Act? Does that tend to get wrapped up in some of these family law cases?

Jonathan Steele (16:09.909)
It's still pretty new, but it does. It affects more of that first concern about how we're protecting the kids themselves. It does give the ability to have some accountability on websites that allow children access when they shouldn't be given access.

Jeremy Snyder (16:11.74)
Okay.

Jonathan Steele (16:31.379)
It basically attaches liability on companies so that they do a better job of protecting kids and put some of the onus on them as opposed to putting all of the onus on the parents. But, you know, even if we're putting some of the onus on the companies, I don't think parents should take their hands off the wheel. They still have that primary obligation of keeping their kids safe. And so it's important to do like, you know, network traffic protection, device level protection.

and really just keep monitoring to make sure that the kids are safe. There's a line there between privacy and security and you don't want to overstep and while you're teaching your child that it's important to...

respect other people's privacy if you're invading theirs, they're getting mixed messages from you. But it's important to just be open with the kids and say, you know, I'm giving you an iPhone, but it's my device and I'm going to take it and look through it when I want to and just be open with them about the fact that you are going to monitor what they're doing. And it's for their protection and it's to keep them safe.

Jeremy Snyder (17:33.307)
Yeah.

Jonathan Steele (17:35.679)
You know, that's your job as a parent. So I think it's a good start as far as regulations go to start putting some parameters around companies and have them accountable. But I think it's got a long way to go.

Jeremy Snyder (17:49.626)
Gotcha. And do you see disputes over digital assets at this point? Like, I mean, you know, I think about things like photo albums and obviously, you know, everybody can have a copy of a photo file or an image file, things like that. But I could also imagine scenarios where one party or the other doesn't want the other party to get to be able to keep access to, you know, certain memories or pictures or things like that. Does that become an issue very often?

Jonathan Steele (18:16.969)
It does. You know, there's, it takes various forms. You know, when you, when you mentioned digital assets, my mind goes to cryptocurrency. That's something that's pretty common nowadays. but I've also had fights over, iCloud albums and you know, I want duplicate copies of, know, pictures of the kids and that's a reasonable request. And it's something that's easy to do nowadays. so that comes up a lot and then more and more now we're seeing actually fights over, a domain name that may have.

Jeremy Snyder (18:24.419)
Yeah. Yeah.

Jonathan Steele (18:46.915)
some goodwill associated with it. a couple was, you know, they had a joint business venture and one of them has possession of the domain name, they may end up fighting over that. And that has a value associated with it. And then sort of related but a little bit more troubling is not so much a photo but video. Sometimes there may be...

video of a pornographic nature that comes out of a marriage and that becomes a hotly contested what happens to that video. You know, you don't want your spouse to have that anymore. You know, some people refer to that as revenge porn that it ends up being circulated. and you know, you can order that it be deleted, but you know, how do you put teeth to that? How do you really enforce that? How do you make sure there's not a backup of it? and so that one comes up pretty often and that's a hot button one because it's worrisome.

Jeremy Snyder (19:22.668)
Yeah.

Yeah, yeah.

Jeremy Snyder (19:33.963)
Yeah, super hard to enforce. Yeah.

Jonathan Steele (19:41.705)
So just be mindful of, you may be in a good place in your marriage right now and it may seem like a great idea, but keep some control over where that's being kept and whether it's good idea to record it in the first place.

Jeremy Snyder (19:41.803)
Yeah.

Jeremy Snyder (19:55.23)
Yeah, you know, to some extent, I once heard a piece of advice from somebody years ago, which is that basically, like, if you wouldn't want it on the public internet, don't create it. You know, just because so many people are bad at personal cybersecurity around things like iCloud passwords around two factor authentication, etc. And not that you or I are particularly the target or worth somebody's time to go into.

but when we know that people are really bad at reusing passwords and when there are automation scripts that can go test one password against any number of sites and there are common techniques like, well, let me just exploit you for even for, know, as an individual, it's for a couple of hundred dollars to threaten the release of some iCloud photos or whatnot, you know, that is something that I think is probably pretty sage advice. You know, if you.

don't think you'd be okay with it being public on the internet, you probably shouldn't take it. I certainly have followed that in terms of the photos and the videos that I've taken in my own life, but I do recognize that not everybody has. So I asked earlier about kind of stalkerware and you said that that's a more advanced kind of scenario that's not a very typical kind of thing and you deal with a lot of the basics. I'm curious, what are some of the other emerging threats that you're seeing in this space?

you know, whether it is something like a stock aware or whether it is other things around, let's say like the possession of cryptocurrency and people kind of going out of their way to hide assets from a loved one or things like that.

Jonathan Steele (21:30.667)
You know, just because it is more, sophisticated doesn't mean that clients don't come in, pretty certain that their spouse has spyware on their phone. And so, you know, I'll, I'll encourage people and I'll often give people a license to a product like IMAZING. I don't know if you're familiar with that software, but it has the ability to, scan a mobile device for spyware and it does a pretty good job of detecting spyware. can detect something that is a pretty sophisticated version all the way up to

Jeremy Snyder (21:48.062)
I'm not.

Jonathan Steele (22:00.631)
something like a Pegasus. And so that puts some clients minds at ease that it scans their phone and it tells them either there's spyware and it cleans it or it tells you that there is none and that puts some...

peace of mind for people. But as far as like a more common or an emerging one, I think is this air tagging. I'm seeing a lot more of that where, you know, it's like you're dropping an air tag in the other parent's car at a pickup or, you know, you're putting it in your kid's backpack and it just falling out of the other parent's home. And so you're using that air tag to keep tabs on, you know, your spouse or your ex -spouse. And maybe you haven't moved on. Maybe you still want to know what they're doing.

whether they've moved on. And so I'm seeing, you whether it's an air tag, whether it's a tile or something like that, those are getting misused a lot. and you know, there's not great law around, preventing that, know, people like Apple or companies like Apple are doing a better job with the air tags. you know, now if it's not your air tag and it's with you for an extended period of time, it'll start to beep or it'll, you'll get an alert on your phone saying an air tag is moving with you.

So I think they're doing a better job and think Google has something similar. But that is being pretty commonly misused and along with what I mentioned earlier about the surveillance cameras. I think both of those are pretty common right now.

Jeremy Snyder (23:27.697)
And are you finding cases of, let's say, surveillance cameras placed in somebody else's residence or dwelling on a pretty regular basis?

Jonathan Steele (23:37.805)
I haven't seen a ton of, know, I didn't install this camera and then I found it kind of scenarios. What I'm seeing more of is just, I was pretty sure that my spouse no longer had access to my nest account. And it turns out, and they may not, they may not tell you right away. They may just be collecting evidence for two, three years while a divorce case is pending. And then at the end of your divorce case, when you're exchanging exhibits, here's a hundred videos we're intending to use at trial. And then you find.

Jeremy Snyder (23:45.709)
Okay.

Jeremy Snyder (23:52.974)
They did.

Jonathan Steele (24:07.581)
out all of sudden that they had access to your Nest camera this whole time and they didn't do anything wrong and so they're not inadmissible because you shared access, you knew that their cameras were there, you knew that they were recording, you knew that they were recording video and audio so you you can't claim like eavesdropping or know fruit of the poisonous tree you're just sort of stuck. So it's important to really make sure that you have cut off access to those cameras or if you really want full peace of mind take them down by

Jeremy Snyder (24:15.416)
Yeah.

Jeremy Snyder (24:28.728)
Yeah.

Jonathan Steele (24:37.565)
different brand put up a different brand you know if you went with Nest then go with Arlo you know switch it rain

Jeremy Snyder (24:42.433)
ring or whatever. I want to go back. just just popped in my head that earlier you were talking about kind of let's say gathering evidence during a divorce proceeding of your you know your ex then cohabitating with somebody and you mentioned that this is the case when it's someone of the opposite sex. Is it only for cases of someone with the opposite of the opposite sex and is this a

case where kind of the law hasn't caught up to where society is regarding marriage equality.

Jonathan Steele (25:15.401)
Nowadays it can apply to the same sex, but it is a case of that. Illinois, that's somewhat recent that that change went into place, but now it does go both directions. That's just the case law or the law that interpreted the statutes hasn't caught up to the change in the statute so much. generally it's just...

Jeremy Snyder (25:19.106)
Okay.

Jeremy Snyder (25:30.56)
Okay.

Jeremy Snyder (25:40.022)
Gotcha.

Jonathan Steele (25:42.091)
cohabitating with an adult on a conjugal basis, which means you're having a sexual relationship.

Jeremy Snyder (25:47.709)
Yeah, and it's quite possibly the case that in other states, the law may not have caught up or or Yeah, okay. Because that that is on a state by state basis, as I understand it, right. Okay, it's so hard. think, you know, this is one of the areas where I think cybersecurity and kind of legal frameworks have some parallels, but then some differences, you know, for instance, Europe has GDPR that applies across all of the European Union.

Jonathan Steele (25:54.101)
Yeah, for sure.

Jonathan Steele (25:59.039)
It is, yeah.

Jeremy Snyder (26:13.92)
And then we have a patchwork of states here that have some standard around. I happen to live in Virginia and Virginia has a state standard around data privacy and California does as well. And I think maybe Colorado and Washington state and two or three others, but then there's probably 40 plus states that have nothing at all. And so, you know, on the cybersecurity side, when we look at, say data handling and whatnot, we tend to understand those regulations, but I would have no, I feel like it would be a nightmare trying to wade into the complexity of

you know, international federal state local laws for many of these things. How do you think about that as a lawyer? You only focus on the the jurisdictions that you practice in or do you kind of try to maintain awareness of where these differences are from a federal to state level?

Jonathan Steele (27:03.057)
for the most part, it's going to be state laws that are applying in my cases and the clients that I consult with. If there's a federal law that that's going to apply also. so, you know, being knowledgeable about that is important. but as far as like data privacy and cybersecurity, you know, there's not a whole ton of, federal legislation on it. There there's Illinois law, there's what's called BIPA, the biometric information privacy act. that, that was sort of a trail.

laser for our country that did a good job of you know not allowing companies to collect biometric data without like full disclosure. Right, for sure.

Jeremy Snyder (27:39.677)
but that's one specific piece of data. Yeah, yeah.

Jonathan Steele (27:44.201)
So, you know, it's, very slow to adopt the laws, very slow to move to change. and so, you know, being knowledgeable about the state that you're in, the state laws, but then also any sort of overarching federal law is also important. and so in the realm of what I do, you know, knowing, eavesdropping law is important and that's a state law knowing, you know, biometric data privacy. That's a, that's a federal, I'm sorry, that's a state law as well. and so.

So those are sort of the operative ones. It would be great if we had something like what California has as far as data removal and GDPR obviously is sort of the gold standard right now. That would be great if we had something along those lines in this country, but we're not quite there yet.

Jeremy Snyder (28:29.552)
Yep. Yeah. So I'm curious, you know, we've got all this stuff that you've laid out, all of which great advice, especially for people, unfortunately, going through a separation process. When you kind of wrap up working with a client on a case like this, do you find that their own cybersecurity practices generally have improved as a result of this? And and do you also give them some kind of parting advice like, hey, going forward, these are some good practices and you're just

personal data hygiene, personal cybersecurity approaches, and if so, what are some of those things that you share with them?

Jonathan Steele (29:05.781)
You know, the hope is that they learn something along the way. you know, it's, it's a mixed bag. Some, some clients are, you know, candidly, they're inconvenienced and you know, there's that inverse relationship between security and convenience, you know, two factor authentication is just one more friction point, right? But it, but it has, you know, immense gains in terms of security. So, you know, anytime that I tell a client, stop sending me email attachments and use this link.

It's just one more step for them. It's just they maybe they have to type in their email address and they have to wait for a code that sends to their email and they have to type that in and Some of them are annoyed, know, it's just I just want to send you an email attachment I just want to call you on the phone. I don't want to use signal or I just want to send you a text message but then there are the other side of that equation is the people that either didn't know and now they feel like their eyes are opened and they're full or there's some that did know and they're just

Jeremy Snyder (29:46.831)
Yeah.

Jeremy Snyder (30:02.073)
Yeah.

Jonathan Steele (30:05.635)
appreciative that I also know and that I'm caring about, you know, preserving their security and preserving their privacy. And so along the way, you know, a divorce case can take two, three years. And so they're picking up tips along the way about, you know, their surveillance cameras and their social media accounts and, you know, using secure email providers and using Signal and using secure file upload services and

While I'm pushing them in each of these directions, because I just have an interest in the topic in general, I'll explain to them along the way. I'll tell them, you know, while you're on a Proton mail, why don't you use Proton drive and stop using Google drive? And so the hope is that, you know, post divorce, I'm out of their life and now they're onto a more secure platform. They're using a more secure cloud storage, a more secure email, a more secure messenger. Maybe I've even got them to use a better privacy respecting browser.

So, you know, the hope is that they take some of those things with them and as you know, cybersecurity isn't a light switch. It's a continuum and it's evolving thing and so if they're doing little things, they're making themselves a little bit more secure than the person next to them and that's really all I can ask of clients.

Jeremy Snyder (31:13.588)
Nope. Yeah.

Jeremy Snyder (31:24.676)
And hopefully above all, they're using two factor on anything sensitive right along the way. think that one, you know, I've had a number of guests on the show who work in the authentication and identity fields and that always comes through as kind of, know, if you could tell individuals to do one thing, that seems to be the pretty consistent, unanimous number one. I'm curious about something else. How did you get started on this? What was the journey that kind of pulled you down this path? Because it sounds like you started with a law degree.

practicing family law, but now it sounds like you've gone pretty deep on understanding this intersection in the, you know, the digital privacy space and all of the implications. So what was the journey?

Jonathan Steele (32:04.352)
Yeah. So, you know, I've always been sort of privacy focused. I've been on like Signal and ProtonMail since, I don't know, 2016 around then. and those things have always appealed to me on a personal level. and you know, I've recognized the needs in clients that come in at, that vulnerable state and saying, you know, help me navigate this problem. And most lawyers in my position, you know, you mentioned this in your gracious introduction that good luck finding a lawyer that also wears a cybersecurity.

had it just doesn't happen and so most of the time you know like a lawyer will tell you I don't know go hire a private investigator and they'll do a sweep of your house for you know air tags or things like that and maybe that works and maybe it doesn't

you know, when COVID hit and people went down their various different rabbit holes of, either watching Tiger King or learning how to bake bread or whatever people did. I went down a different rabbit hole that I haven't found the bottom of quite yet. And it was this cybersecurity stuff. And so I did, you know, the security plus training I watched.

Jeremy Snyder (32:57.184)
Yeah.

Jonathan Steele (33:09.001)
hours and hours and hours of YouTubes and podcasts and read as much as I could get my hands on as far as like actual literature goes. and just tried to make myself as knowledgeable about it as possible so that I could be a resource to clients so that I could learn more for myself, for my family, for the kids. because I, you know, that's part of the job above, advising clients is, you know, keeping the kids safe, keeping the family safe. And it all just sort of played into each other.

Jeremy Snyder (33:34.226)
Yeah.

Yeah, awesome. By the way, I'll let you in on a secret that you probably already picked up on by now, but there is no end to the rabbit hole. Unfortunately, the deeper you go, you know, you can find a threat for pretty much any control and you can find a circumvention for pretty much any control. And there's definitely some truth in that, you know, when I make this statement and you'll hear it not only from me, but I'm and I wasn't the first person to say it by any means.

Anybody who has the time, determination and resources and really, really wants to hack you will be able to. The things that you can do are check the boxes on all the basics, practice good hygiene, practice good, you know, good basics, know, turn on two factor, especially for your personal email. It sounds like out of this conversation. So I'm curious. you, you, you went down that rabbit hole. You've learned a ton. It sounds like you do great work advising your clients from

everything that I've heard on the conversation today. What do you say to other law firms and other lawyers? Do you tell them, advise your clients the same? Or do you say like, hey, you should think about just doing better cybersecurity for yourself as a law firm? Or what are some of the things that you've kind of shared with your colleagues?

Jonathan Steele (34:49.579)
You know, I mentioned earlier that the law is slow to change, so I may never succeed in convincing anybody else to do this, but if I could get law firms to stop using Microsoft Teams and use Signal, if I could get law firms to stop using Office and start using ProtonMail, if I could get offices to stop using OneDrive and use ProtonDrive, or anything that's a little bit more security -focused, privacy -focused, I would consider myself a success in this field.

because there's a very common misconception that my emails in their inbox, they're encrypted and when I send them, they're encrypted in transit, so we're good to go. And what law firms aren't understanding is that they're encrypted in your mailbox and they're encrypted in transit, but you have the key and Microsoft has the key, or you have the key and Gmail has the key. So if they want to use that key, if they want to access your emails, they can. And as lawyers, we have a high obligation

to our clients. We have an attorney -client privilege that we need to maintain and so I think it's incumbent upon law firms to take whatever measures are appropriate or whatever measures are necessary to preserve that privilege and that's going to include using the most secure options available and those just are not Gmail, Outlook, Office.

teams. Those are convenient, but they're not the most secure. And so, you know, that would be the encouragement that I would give to other law firms is to consider some of these more privacy respecting options. And, you know, the transition doesn't have to be hard. doesn't have to be a lot of friction for the employees. You know, having proton mail as your back end could be seamless. may, your employees may not even notice that that's what's running in the background. So that would be my suggestion.

Jeremy Snyder (36:10.958)
Yahoo, yeah. Yep.

Jeremy Snyder (36:34.468)
Yep. Yep. Awesome. And what are your predictions? How do you think this field changes over the medium term? Because when I kind of look at it right now, all I see is more of the same. I don't see a mass movement to change away from the way things are generally working in most people's lives. if anything, I see more information going digital all the time. And in fact, you know, in

Many states nowadays we're seeing driver's license going digital and that's in your Apple wallet or your Google wallet now. So it seems to be kind of a one directional more more digital. What do you think about? What do you see coming down the line?

Jonathan Steele (37:13.429)
I don't have a very optimistic outlook. If anything, it's going to get worse. know, the prevalence or the frequency of phishing and, you know, business email compromise that's going up and that's going to continue to go up. know, to your point earlier about like, are we targetable? Maybe, but you know, that sometimes hackers are just looking for a soft target. They're not necessarily looking for the wealthiest target. You know, people don't think that they're

likely to be targeted and they're the next target and you know I like the data broker stuff is just getting worse and worse and so people's personal information is out there which is just making fishing all that much easier and I think that's going to continue to happen frankly until a

Jeremy Snyder (37:46.766)
Yeah.

Jonathan Steele (38:00.203)
person in Congress has their information released through a data broker, then something might change. But until that happens, that problem's going to continue to get worse. That's going to keep feeding into phishing. That's going to keep feeding into business email compromise. Things are going to get worse. And we're going to do things, innovation along the way, to try to keep pace. think pass keys is helpful for people that have terrible password hygiene. But the implementation or the rollout of that seems to be sort of stumbling along.

slowly. you know ideally those sort of innovations are going to keep pace with the increased prevalence of threats but it doesn't seem like that.

Jeremy Snyder (38:29.282)
Yeah.

Jeremy Snyder (38:39.785)
Yeah, it was interesting, know, PassKey's had a lot of momentum there for a minute and, you know, kind of five or six major services adopted them. And, you know, I've certainly switched over my Gmail to using PassKey's and I've got two factor turned on. And by the way, I also have a hardware authentication device for my Gmail as a backup option and required on new devices, first time authentication. But to your point, it seems to have kind of fizzled after that initial rollout across.

Granted, those were some big global services that were some of the first adopters and push them out, but it doesn't seem to have been the solution or not yet at least. So, you know, look, I think I agree with you and while I can confidently say that I speak for you that neither of us would encourage any data brokers to go after members of Congress or expose their data. I do think you're right that it's going to take something pretty big and to happen to somebody in a position of power to really.

initiate some change on that front. So Jonathan, just in the couple of minutes that we've got left here, you know, what are some of the things that you're working on? If people want to find your work, how can they how can they do that? We'll post the links in the show note of anything that you want to share with the audience.

Jonathan Steele (39:52.375)
the next thing on the horizon for me is another certification that I would like to obtain. That would be the certified ethical hacker certification. that's on the horizon. If I can make some time for that, that's what I would like to do. making time of course is difficult, but that's, that's the hope. to contact me, I've got a two websites that I could point your listeners to would be Steele fam law .com. That's got all my social media handles aggregated into one.

Jeremy Snyder (40:00.541)
Nice.

Jonathan Steele (40:22.137)
place or SteelFortress .com has more information about cybersecurity, privacy, I've got a blog there, it's got all my contact information as well. Either of those you'll end up in my inbox or my signal inbox and I'm happy to answer any questions for anybody that has them for me.

Jeremy Snyder (40:39.994)
Awesome, awesome, and we'll get both of those links posted in the show notes as I mentioned. Jonathan, thank you so much for taking the time. This has been a really interesting conversation. And like I said to everybody in our audience, I know it's a little bit of a, you know, off the beaten path for us to go into personal cybersecurity, but it is a very, very important topic. All of us are individuals, people in the real world, family, loved ones, connections. Some of the advice shared on the episode today, I think applies to pretty much everybody, whether you're in a family law situation or not.

So Jonathan Seale, thank you so much for taking the time to share your wealth of experience and knowledge on this subject and for joining us on Modern Cyber.

Jonathan Steele (41:16.129)
Thanks for having me.

Jeremy Snyder (41:17.774)
All right, to everybody in the audience, remember we will talk to you next time on the next episode. And if you know somebody else that you'd like to nominate to come on the show, please let us know, reach out anytime. For me, Jeremy and the whole FIERTYLE team, thanks for joining us on this episode of Modern Cyber. Bye bye.

Discover all of your APIs today

If you can't see it, you can't secure it. Let FireTail find and inventory all of the APIs across your organization. Start a free trial now.
Start Trial

This site uses cookies

By using this website, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

Got it!