GPSOLO October/November 2010
Technology and Ethics: Tips and Traps
By Jeffrey Allen
Some of you may remember the television series, The Six Million Dollar Man. Every week, during the opening sequence, a disembodied voice talked about Steve Austin, an astronaut who was “barely alive” after the crash of a plane he flew as a test pilot. Another voice told us, “Gentlemen, we can rebuild him. We have the technology. We have the capability to build the world’s first bionic man. Steve Austin will be that man. Better than he was before. Better, stronger, faster.”
As with Steve Austin, the technology available to lawyers today can make them better, stronger, faster—not able to leap tall buildings in a single bound, but able to practice law more efficiently. This technology functions as a double-edged sword, however. While it can help make your life and practice easier, more effective, and more efficient, it can also place you at risk for ethical violations and expose you to malpractice liability.
Most lawyers want to use technology to assist them in their practice. Many have a reasonable concern about the risks of using technology, but many have blissfully embarked on the use of technology without a second thought about the associated risks. Although I will discuss the manner in which technology can turn on you and bite you in that portion of your anatomy often most difficult to see without the help of mirrors, I want to start with a completely different point and perspective.
I, too, look at technology as a double-edged sword. I see the risks and benefits of technology in the practice of law from a slightly different perspective, however. I want to start this discussion with that perspective.
The Obligation to Use Technology
I start from the position that one cannot properly practice law today without the use of appropriate technology. Whether you see technology as a boon or a bane, it has evolved to play an essential role in today’s practice of law. The ABA Model Rules of Professional Conduct require that we act competently as attorneys when we undertake representation of a client. As a practical matter, an attorney failing to make use of available technology violates, in all probability, one or more ethical obligations. Initially, the use of online legal research tools allows the attorney to get the most current information available respecting the decisions applicable to the case. Although those decisions may appear in advance sheets in several weeks, they appear online in several days, at the latest.
It is difficult to consider that a lawyer who fails to check for a decision that reinterprets a provision of the law relevant to the case and, therefore, misses that case, to the client’s detriment, to have competently represented the client. I don’t know how many of you have had the experience I have of being in a courtroom and watching a judge chide a lawyer for not knowing about the most recent decision on an important point in the case (one that was very recently decided and not yet in advance sheets, but that could be located online). I do not think that the jump from a judge criticizing a lawyer for not using available technology to a client suing for malpractice or the state bar finding an unethical failure to provide competent legal representation to the client represents a quantum leap. Rather, I see it as a short hop.
A lawyer levying unreasonable charges for services has ethical connotations as well. If the use of technology enables us to work faster and better but we do not use it, the consequences appear not only in the quality of the work turned out but also in the time required to do the work and, correspondingly, the charge to the client for the work, when the lawyer bills on an hourly basis. If a lawyer bills at a reasonable hourly rate and could accomplish a job using available technology in two hours but fails to use available technology so it takes a little longer, that may not likely prove a serious problem. But what if the failure to use available technology results in billing four or six hours at the same hourly rate for work that could have been completed in two using available technology? At some point the repetition of this billing practice can add up to an amount that one might reasonably conclude exceeded the scope of reasonableness.
Almost ten years ago I participated on a panel of attorneys for a CLE presentation in San Francisco. The panel included a well-known practitioner in San Francisco with a practice focusing on representing attorneys in ethical dilemmas or bar disciplinary matters. I asked him whether he thought the failure to use available technology violated ethical obligations. I found his response very interesting: Although he did not think we had yet reached that point, he could see it happening in the future. We since have traveled another decade on the technology express. If we have not yet reached that point, we have come some ten years closer to getting there; I do not think it is much farther down the road.
We want to use available technology to make ourselves better, faster, and more efficient lawyers. Perhaps equally importantly, the ethical obligations imposed on our conduct as lawyers may already compel us to use available technology in our practices—and, if not yet, they will likely do so soon.
Accordingly, we can safely assume that most lawyers either have started to make use of available technology in their practices or will do so soon. Similarly, we can anticipate that those who employ technology in their practices will increase its use in a steadily progressing trend.
The Risks of Using Technology
Recognizing that technology can serve as a double-edged sword, we need to explore the aspects of technology most likely to cause problems for lawyers when employed in their practice. We will focus on the ethical problems technology can create, not the business issues. That said, I would consider myself remiss if I did not at least mention the fact that any implementation of technology should start with an analysis of the function it will serve and whether it truly offers a benefit to the practice.
Improperly employed technology can create massive inefficiency. I have seen many people spend outrageous amounts of time in the interest of being more efficient through technology. Remember that improperly chosen technology and improperly implemented technology will not make you better, faster, stronger, or more efficient. It can, however, make you slower and far less efficient—technology can turn into a massive sinkhole for your time and your staff’s time.
Here are a few general tips to help you navigate these dangerous waters.
- Choose your technology wisely.
- Implement your technology carefully.
- Make a plan to implement your technology.
- Back up any data that the technology may affect.
- If you don’t have sufficient knowledge to do steps 1–4 yourself or with your staff, hire a good consultant to help you.
Lawyers will, of necessity, depend on newer technology to get an edge over (or sometimes just to keep up with) opposing counsel; so let’s explore some of the other dangers associated with the use of technology.
Data security. One of the best-known technological dangers relates to the security of our data. Loss of a computer through carelessness or theft poses the biggest threat to data security. We have all heard about hackers breaking into computers via the Internet and stealing data, or of malware taking over a computer, logging keystrokes, or sending data to third parties without notice to us or our approval. These risks exist, and lawyers, in particular, must guard against them owing to our ethical and legal obligations to protect the confidentiality of our clients’ information. Another aspect of data security concerns the loss of the data owing to computer malfunction (as opposed to loss of the computer or theft of the data by a hacker or scanner). Losing critical client information or work product owing to a failure to adopt and properly employ a reasonable and appropriate backup system would be difficult to defend as competent legal practice in today’s world.
As lawyers employ more and more mobile technology, the risks to data security increase. Most of us use laptop computers when we travel. That laptop undoubtedly has both personal and client data that we do not want to put at risk. Many of us have adopted the use of smart phones instead of mere mobile telephony devices. Smart phones provide many advantages and conveniences to us. They concurrently place information contained in the phone at risk. People lose computers to theft and sometimes just leave them someplace. Even more smart phones than computers get lost, left behind, or stolen. Additionally, once these devices have an active Internet or cellular connection, someone with sophisticated electronics could potentially read the data they contain even while the devices remain in your possession.
The problem of data security is exacerbated as more and more lawyers convert paper files to electronic files to replace or at least supplement the paper files. We generally keep these files on our computers, and as we adopt mobile technology, more and more of that data leave the office with us. By taking the data out of the office on a laptop or a handheld device, we increase the risk of loss of the data. To the extent that it contains client confidential information, the loss of that data can pose both practical and ethical problems for attorneys.
Here are some guidelines to follow to protect data security and integrity:
- Regularly back up your data.
- Check out your backup system by verifying that you can access and restore the data.
- Use a redundant backup structure, storing at least one copy of the data off-site.
- Encrypt your data to protect it in the event you are hacked.
- Select strong passwords (random numbers/letters/symbols work best).
- Never use unsecure networks, wired or wireless.
- Install—and regularly use—protective software on your computer to guard it against malware and viruses.
- Set your protective software to scan e-mail attachments and downloaded documents before allowing them to open on your computer.
- Disconnect from the Internet when you do not need to have a connection. If you use a wireless network, just turn the wireless off in your computer or smart phone. If you use a wired connection, disconnect it from your computer.
- Never let your devices out of your sight in a public location.
- Do not allow unauthorized persons to use your computers, smart phones, or other devices containing data.
- As mobile telephony and e-mail are not always secure, I recommend putting clients on notice of that fact and letting them choose whether they wish to convey information between you and them using such devices. I include a disclosure in my representation letter, advising of the risk and telling them it is their choice. You might also point out to them that choosing not to use such devices will likely result in slower communication of information. You can also let them know that they can and should consider securing e-mail through encryption.
Metadata. Hopefully, by now most of you know about metadata—the “hidden” information stored in an electronic file. Sometimes the information can help us do our work. Metadata enables a word processing program to let you undo changes and/or track changes in a document. In fact, vendors tout these features as benefits and, in many cases, they do help us do our work. On the other hand, if you can see all the changes that have been made in an electronic document, then so can others to whom you give the file. Because we may not want that history or other information about the file to go to a client or opposing counsel, metadata poses a threat to us as well as a benefit. Metadata can attach to virtually any electronic file, but word processing documents pose the most common and, therefore, the most serious threat.
Here are some tips to help protect you against metadata problems:
- Do not send out a document in a word processing format.
- Send the document out as a portable document format (PDF) file. Adobe Acrobat now allows collaborative work through the addition of comments and marked changes on a PDF file. Using the PDF increases the likelihood you retain control of the content of your document and also avoids the transmittal of the word processing file’s metadata.
- If you do plan to send out a document in a word processing format, notwithstanding tip number 1, then once you finish the document, copy it and open a new document and then paste the contents into the new document file. You can also use “metadata scrubbing” software to ensure that the file is clean.
The issue becomes important in advising your clients as well, because metadata will reside on their computers. If, during the course of litigation, electronic discovery processes require the production of information on the computer in its native form, then the electronic files will go to the opposing side with all the attendant metadata. Having the metadata makes their work somewhat easier as many document programs can read the metadata and use the information to populate some of the blanks in their database respecting the document, thereby saving time in recording the results of the production.
Software as a service. Recently, we have seen a change in the structure of how we deal with programs that help us in our practice. Historically, we would buy a program, install it on our computer, and proceed to use it. We might over time buy updates or new versions of the software to acquire new features or ensure compatibility with a new operating system. The software would run on our computers. The data generated would remain in our office computers. The publisher would generally provide some technical support, often at no cost for a period of time and with a charge thereafter.
The new evolution goes by the acronym SaaS (software as a service). The SaaS vendor provides software on its server, accessible to you via your browser from anywhere you have Internet access. You pay a subscription fee and get to access and use the vendor’s program and input and process your data. Generally, your data remains on the vendor’s server. Some software also facilitates backing up to your computer. Without access to the software, however, you might not have the ability to use the data in a reasonable and economically viable manner.
Vendors like SaaS for several reasons. It gives them a steady source of revenue without having to generate new sales of the original software or updates. You effectively pay a rental fee for the ability to use their program. The SaaS structure allows vendors to more easily (and perhaps less expensively) provide technical support for their program, as they only need to support the current version. Everyone will use the current version as they all access it online. When the vendor modifies or upgrades the program, all users must automatically adopt the change. This avoids the customer’s decision- making process entirely. Additionally, it often avoids the issue of platform specificity as browser access generally allows people on both the Mac and Windows OS to use it.
In the SaaS environment, the consumer generally needs less and may get better tech support. The consumer avoids the pain of having to decide whether to purchase or install a given upgrade. The consumer gets the most current version of the software. The cost savings on advertising and distribution in conjunction with the monthly subscription fees may encourage the vendor to continually improve the software.
On the other hand, the consumer often becomes the vendor’s captive. If the program stores the information in a proprietary structure, even if you can save a copy of your data to your storage device, you may not have the ability to access it without the vendor’s software. If you cancel your subscription, you face the task of trying to convert your data to another system. Additionally, even if the vendor allows you to make a copy of the data on your computer, a copy of the information resides on the vendor’s server. Information that resides on the vendor’s server is accessible by those who have or gain access to the server, whether or not they do so legitimately.
Here are a few tips to help you protect yourself in the SaaS world:
- Look closely at the vendor, its history, and financial stability. How likely is it that the vendor will continue in business?
- Even companies that appear large and stable can fail. Accordingly, the inclusion of a software escrow structure makes good sense.
- Look for the ability to retrieve data and store it in a usable format on your own storage devices.
- Determine whether the program converts data to a proprietary format that you cannot use with other software. Look for programs that do not do that.
- Does the vendor’s system provide secure connections? You should consider “secure sockets layer” (SSL) technology an essential. SSL provides a level of encryption protection for your data, even when transmitted over a public WiFi connection. Most likely, you will see some form of lock icon when you transmit over a SSL.
- Consider server security. Investigate what protective measures the vendor employs to lock out hackers. Remember that you have the obligation to ensure the security and confidentiality of your client’s information.
- Look at the server backup structure. Even if you can back up your data to your own storage devices, you will want a provider that practices reasonable, safe, redundant, and geographically dispersed backup of its server.
Cloud computing (storing information in cyberspace) raises many of the same ethical concerns, and you can protect yourself and your use of cloud computing by following the above-listed suggestions (particularly 1, 5, 6, and 7) with respect to the provider. On the other hand, the use of cloud computing can help protect data against falling into the wrong hands, particularly from the loss of a computer owing to carelessness or theft.
I want to leave you with a few thoughts respecting protecting yourself and your data with any program you may choose to use, whether SaaS or locally located:
- Regularly back up your data to your own storage devices. Use redundant systems for security, and make sure one copy of your data resides outside of your office. Be sure you know how to convert the data to a usable format.
- Use a reliable encryption program for your confidential data. Be sure to pick a strong and secure password. Random collections of numbers, letters, and symbols work best. Most of us find such a random collection difficult to remember, so pick something you can remember that includes numbers and letters and then add a symbol or two for good measure.
- Use good security software for your own computer (anti-malware and antivirus). Use it regularly to ensure that a hacker does not breach your own system security.
- Keep your network secure and your computer safe from intruders.
Jeffrey Allen is the principal in the small law firm of Graves & Allen in Oakland, California, with a general practice that, since 1973, has emphasized negotiation, structuring, and documentation of real estate acquisitions, loans, and other business transactions, receiverships, related litigation, and bankruptcy. He also works extensively as an arbitrator and a mediator. He serves as the editor of the Technology eReport and the Technology & Practice Guide issues of GPSolo magazine. He is also a member of the ABA Journal Board of Editors. He regularly presents at substantive law and technology-oriented programs for attorneys and writes for several legal trade magazines. In addition to being licensed as an attorney in California, he has been admitted as a Solicitor of the Supreme Court of England and Wales. He holds faculty positions at California State University of the East Bay and the University of Phoenix. You may contact him via e-mail at firstname.lastname@example.org . Jeffrey Allen blogs on technology and the practice of law at www.jallenlawtekblog.com .Copyright 2010