GPSolo Magazine - December 2005
E-Mail Sleuthing and the Preservation of Confidentiality
The protection of information relating to the representation of a client is among the most significant obligations imposed on a lawyer. According to the preamble to the ABA Model Rules, preserving client confidences serves the public interest because people are more likely to seek legal advice, and thereby heed their legal obligations, when they know their communications will be private. The duty to preserve client confidences extends beyond information that is protected by the attorney-client privilege. It applies to disclosures by a lawyer that do not in themselves reveal protected information but could reasonably lead to discovery of such information by a third person. The ethical obligation to preserve confidentiality exists without regard to the source of the information or the fact that others share the information. Lawyers are required to make reasonable efforts to ensure that employees, associates, and others with whom the lawyer works will also safeguard client information.
Preserving client confidences can be particularly challenging when sending documents over the Internet. Transmitting information by electronic mail generally does not violate the rules on confidentiality. However, it is generally known that computer-generated documents often contain invisible information—called metadata—about the documents and their authors. Sending documents as e-mail attachments therefore can pose a threat to confidentiality. As a result, ethical obligations are imposed on lawyers sending electronic documents as e-mail attachments and on lawyers receiving them.
Metadata is generally understood to be information imbedded in a document’s electronic file that is automatically retained by the software used to create the document, even without the author’s intent or knowledge. This information can reveal the author of the document, the identity of other contributors, and edits and revisions to the document itself. Lawyers with computer capabilities or firms having IT professionals have a technological advantage in accessing these file properties.
There are innumerable ways invisible data find their way into a word processing document. For example, revising a document that has been “saved” does not necessarily mean the prior versions have been eliminated. The particular word-processing program could retain the original version while remembering where to make the changes. Some word-processing programs permit the user to track changes in the document. This “red-lined” feature is useful when parties are working together drafting the document, but it can pose a threat to confidentiality when the document is transmitted as an e-mail attachment to opposing counsel or to the public. The document may well retain the drafting history even when it is not visible on the final document or the printed copy. Technologically skilled lawyers and other professionals with the right tools can retrieve the document history and perhaps even recreate prior versions when the document is received via e-mail.
Because the risks to confidentiality posed by metadata are now known, several commentators have suggested that a lawyer has an affirmative duty to remove metadata whenever documents are exchanged with opposing counsel or disclosed to the public. According to the New York State Bar Association Committee on Professional Responsibility in Formal Opinion 782 (2004), a lawyer must exercise reasonable care to ensure that the client’s confidential information is not inadvertently disclosed in sending a document by e-mail. To act reasonably, the lawyer must assess the risks involved in using technology to determine if the mode of transmission is appropriate under the circumstances. Reasonable care may require that the lawyer stay abreast of technological advances and learn about the potential risks. In determining the necessary degree of care, the lawyer should consider the subject matter of the document, whether the document was based on a template used in another matter for another client, whether there have been multiple drafts of the document with comments from multiple sources, whether the client has commented on the document, and the identity of the intended recipients.
Removing metadata before sending the document electronically may be easier said than done. A great deal depends on the particular word-processing software used in creating the document. Techniques have been suggested for eliminating tracking changes and the editing history of a document. There are also propriety software programs that purport to “scrub” metadata from e-mail attachments. Several commentators, however, have suggested there is no foolproof way of removing metadata.
The primacy given to preserving confidentiality and protecting the client-lawyer relationship also imposes an ethical obligation on lawyer-recipients of electronically transmitted documents not to use computer technology to exploit the inadvertent or unauthorized transmission of client confidential information. The New York State Bar Association concluded in Formal Opinion 749 (2001) that the use of computer technology to examine and trace e-mail and other electronic documents constitutes “an impermissible intrusion on the attorney-client relationship in violation of the Code.” The New York State Bar Association Committee on Professional Responsibility reasoned that using technology to surreptitiously obtain information that may be privileged or may constitute attorney work product or a client “secret” would violate the letter and spirit of rules prohibiting lawyers from engaging in conduct involving dishonesty, fraud, deceit, or misrepresentation and conduct that is prejudicial to the administration of justice.
The impropriety of electronically sleuthing e-mail attachments to uncover metadata can be analogized to less sophisticated means of invading the client-lawyer relationship. There is a strong public policy against lawyers surreptitiously accessing another person’s confidential information. For example, contacting former employees of an adverse corporate party, although permitted, does not give the contacting lawyer license to induce or listen to disclosures by the former employees of attorney-client communications between the corporate party and its counsel. Courts take a dim view of an opposing lawyer gaining unfair advantage by review or use of confidential information from the other side. It would be impermissible, for example, to inspect an opposing counsel’s file or briefcase, or to look at another lawyer’s notes in a conference room or courtroom.
A lawyer who receives confidential materials under circumstances where it is clear the transmission was inadvertent has an obligation to promptly notify the sender. ABA Model Rule 4.4(b) states: “A lawyer who receives a document relating to the representation of a lawyer’s client and knows or reasonably should know that the document was inadvertently sent shall promptly notify the sender.” The rule and ethics opinions on “inadvertent disclosure” rely heavily on the strong public policy in favor of confidentiality, which generally outweighs competing principles of advocacy and zealous representation. Even where a lawyer receives unsolicited confidential information of an adverse party, the ABA requires that the lawyer notify the adverse party or the party’s lawyer about the receipt of this information. The lawyer must also await a definitive resolution of any dispute whether confidentiality has been waived before using the information.
This ethical norm does not mean that a lawyer-recipient must notify the sender or return electronically transmitted documents that contain metadata. However, absent circumstances to the contrary, it is implicit that the sending lawyer intends the receiving lawyer to view only the visible document and does not intend the lawyer to access hidden information about the author’s revisions or other confidential information. Using technology to access invisible information in a transmitted e-mail attachment requires the receiving lawyer to engage in affirmative conduct to uncover confidential information that is not simply the result of carelessness on the part of the sending lawyer.
Imposing an ethical obligation on the sending lawyer to take reasonable care to preserve confidentiality in transmitting electronically generated documents and on the receiving lawyer to refrain from using technology to obtain confidential information embedded in the document’s electronic file is consistent with the ethical norms of the legal profession. The commentary to ABA Model Rule 1.3 confirms that the duty of a lawyer to represent a client with zeal and advocacy does not require the lawyer to press for every advantage, nor does it preclude treating persons involved in the legal process with courtesy and respect. Both lawyers have an ethical obligation with respect to preserving confidentiality and the integrity of the client-lawyer relationship.
Mark L. Tuft is a partner with Cooper, White & Cooper, LLP, in San Francisco, where he specializes in representing attorneys and law firms on professional responsibility and liability matters. He is a vice chair of the California State Bar Commission for the Revision of the Rules of Professional Conduct and is an adjunct professor at the University of San Francisco School of Law, where he teaches legal ethics. He is also a co-author of the California Practice Guide on Professional Responsibility. He can be reached at firstname.lastname@example.org.