Threat Profile: Lawyer, Notary or Politician
Professional secrecy, legal privilege, and targeted threats. What does this mean for your digital security as a lawyer, notary, or political official?
Threat Profile: Lawyer, Notary or Politician
This profile covers three groups with overlapping but different risks:
- Lawyers and notaries — professional secrecy, client privilege, and adversaries with an interest in your information
- Politicians and civil servants — public position, state actors, and the unique risks of a democratic mandate
Lawyers and notaries
Legal framework
Professional secrecy (attorney-client privilege) The duty of confidentiality for lawyers is extremely strong in most jurisdictions. What a client tells you cannot be shared — not in court, not with law enforcement (with narrow exceptions). This protects clients, but it also makes you a target for adversaries who want that information.
In the Netherlands, the NOvA (Dutch Bar Association) governs this right. Notaries are governed by the KNB and handle financial data, property transfers, and wills — valuable information for criminals and business adversaries.
Threat analysis
Adversaries in litigation Lawyers are sometimes targeted by opposing parties who want insight into defence strategy or prosecution plans. This doesn’t require a state actor — a well-motivated party in a civil case is sufficient motivation.
Organised crime Lawyers defending clients in serious criminal cases sometimes face pressure from criminal parties. This ranges from intimidation to targeted surveillance.
Data breaches and liability A leak of client data harms not only the client — it can lead to disciplinary action, damages claims, and reputational harm.
Checklist for lawyers and notaries
Communication with clients
- Regular email is not sufficient for privileged communication — use encrypted email (PGP) or a secure legal portal
- Signal for messaging with clients — enable disappearing messages
- Verify the identity of new contacts out-of-band before sharing sensitive information (call on a known number)
Files and storage
- Client files stored encrypted — VeraCrypt or encrypted cloud (Proton Drive, Tresorit)
- No client data on personal devices without encryption
- Restrict access rights: staff should only see files they’re involved with
Devices
- Full-disk encryption on all work devices
- Strong passwords — biometrics can be compelled under duress, a password cannot
- Lock screens when leaving the workspace — even briefly
- Be careful with printouts — paper leaks too
Politicians and civil servants
Threat level depends on your position
| Position | Primary threat | Profile to follow |
|---|---|---|
| Local council member | Doxxing, online harassment | Journalist/activist |
| Regional politician | Business conflicts of interest | Journalist/activist |
| National MP | State actors, foreign intelligence | Journalist/activist + this profile |
| Minister / secretary of state | Full state-level threat | High risk |
| Civil servant (sensitive policy) | Espionage, insider threat | This profile |
State actors in context
Intelligence services in multiple countries have warned about state actors targeting politicians:
- China (APT10, APT31): economic policy, technology transfer, positions on Tibet/Xinjiang
- Russia (APT28, APT29): geopolitical positioning, NATO, sanctions
- Iran: foreign policy, human rights activists in diaspora
You don’t need to sit on a committee dealing with Russia or China to fall within their sphere of interest. Trade policy, technology regulation, or a position on a relevant committee is enough.
The Dutch AIVD has specifically warned Dutch parliament members about these threats on multiple occasions.
Checklist for politicians and civil servants
Public presence
- Minimise personal information on public profiles — home address, family info, daily schedule
- Separate email addresses for public contact and internal work
- Be careful about publicly announcing travel schedules
Digital hygiene
- No sensitive work-related communication via personal accounts or devices
- Strict separation of personal/work — on your phone too
- Password manager with unique passwords per system
- Hardware security key (YubiKey) for accounts you cannot afford to lose
Travel
- In countries with high state actor threats: treat devices as potentially compromised after returning
- Consider a temporary device for foreign travel to high-risk regions
Digital harassment
- Document threats and hate messages — for reporting and pattern recognition
- Police have specific procedures for threats against public figures
- Civil liberties organisations offer legal advice on digital rights
Tools
| Purpose | Tool | Note |
|---|---|---|
| Messaging | Signal | For all sensitive communication |
| Email encryption | GnuPG + Thunderbird | For privileged communication |
| Password manager | Bitwarden / KeePassXC | Essential |
| Hardware 2FA | YubiKey | Phishing-resistant |
| Encrypted storage | VeraCrypt / Proton Drive | Files and sensitive documents |
| Secure phone | GrapheneOS on Pixel | For high-risk positions |
| Secure phone (alternative) | iPhone with maximum hardening | If GrapheneOS isn’t an option — see iPhone privacy settings |
See also:
- iPhone privacy settings — if GrapheneOS isn’t an option
- Android privacy without a custom ROM — hardening for regular Android
- Threat Profile: Journalist or Activist — similar threats, similar tools
- Threat Profile: High Risk — for ministers and senior officials
- PGP: Encrypted Communication — for privileged email
- YubiKey vs Nitrokey Review — hardware authentication
- Signal and Molly Review — secure messaging