General Practice, Solo & Small Firm DivisionMagazine
Volume 17, Number 2
LEGAL ETHICS AND THE INTERNET ETHICAL CONSIDERATIONS IN ELECTRONIC COMMUNICATIONS BETWEEN ATTORNEYS AND CLIENTS
BY RONALD W. NELSON
Increasingly, lawyers and clients are relying on electronic mail and the Internet to communicate. However, these speedy, advanced modes of communication pose unique risks to the confidences exchanged between lawyers and clients. Today, a lawyer must not only be concerned with these interceptions of confidential materials, but also give special consideration to the nature of communications and the risk to client confidences posed by the way in which those confidences are transmitted.
Compromise of Electronic Communications. There are many ways in which confidential e-mail communications can be compromised including: compromise of lawyer e-mail account password; misdirected confidential communications by sending to wrong e-mail address; misdirected confidential communications by mistakenly sending e-mail to persons in addition to intended recipient; misdirected confidential communications by posting e-mail to a List Serve, bulletin board, or other similar mass messaging system; attachment of another client's confidential documents or communications to properly directed e-mail communications; interception of e-mail communications between the time sent by the lawyer to the client; and compromised confidentiality after communication is received by the client. Virtually any kind of communication with a client can be intercepted, if such is the intent of the interceptor and sufficient technical skills are possessed.
Interception of E-mail Com-munications and Misdirected Electronic Communications When there is direct communication between the computers of a lawyer and client, a wire communication has occurred and that communication is protected under the normal rules governing telephone communications. Although e-mail communications between computers generally take place over telephone lines and cables, e-mail is stored at one or more interim computers. E-mail at these points of storage are susceptible to interception either by the system administrator of that particular computer or by an outsider who has the ability and technical know-how to monitor and intercept communications traveling through that computer system. There are various other means by which one intent on intercepting private e-mail communications can invade systems providing electronic communications, whether private systems, network systems, government, commercial, or educational.
The Electronic Communications Privacy Act makes it a crime to intercept communications, including e-mail, and there is no waiver of the privilege merely because the communication is sent via the Internet. However, the fact that e-mail is subject to such protection is not a complete determiner that the attorney-client privilege is protected even though the manner by which such communications may be intercepted has been criminalized. Wigmore states the traditional rule that all involuntary disclosures, in particular, through the loss or theft of documents from the lawyer's possession, are not protected by the privilege on the principle that, since the law has granted secrecy so far as its own process goes, the client and lawyer must take measures to prevent being overheard by third persons. The client bears the risk of insufficient precautions. This principle applies equally to documents.
Courts applying the Wigmore rule have held that the attorney-client privilege is lost if otherwise confidential communications are overheard by an eavesdropper; if communications are forwarded, intentionally or otherwise, to an employee outside a privileged group within a corporation; or if communications between lawyer and client unexplainedly appear in the possession of a third party.
The fact that interception of attorney-client communications is illegal does not resolve the issue of whether use of e-mail is either allowed or advisable under the Model Rules of Professional Conduct. Although criminalization of activities may be considered in determining the reasonableness of a lawyer in relying on the general safety of a communication, the mere fact that an act is criminal does not relieve a lawyer of protecting against that unlawful interception if it would be reasonable to do so.
Probably the greatest danger to electronic communications between lawyers and clients has nothing to do with malicious breaches of security. The problem is simple negligence of the lawyer or client in quickly preparing or responding to e-mail communications and not checking or confirming the person to whom the communication is directed. Al-though this type of inadvertent disclosure of attorney-client communications is not unique to e-mail, the ability of e-mail to be irretrievably transported to the wrong person, or thousands of people, with the click of a button, makes this type of inadvertent disclosure more dangerous than with other types of communication.
Ethics Opinions Dealing with E-Mail Communications. The primary question involving e-mail communications over the past few years has been: "Is it ethical for an attorney to use e-mail as a means of communicating with a client when such communications may involve the disclosure of client confidences, privileged communications, or work product?"
The recent trend in state bar ethics opinions is to allow the use of e-mail communications by lawyers to clients without the necessity of encryption of all such communications. These later opinions have pointed out that the early opinions overlooked factors in deciding that e-mail was not a generally secure means of communication to be held on par with more traditional means of communication. All methods of transmission of information are subject to interception; a number of pre-1997 opinions on this subject overlooked the fact that while a message is actually traveling over the Internet, having been disassembled into a number of packets that may not travel in parallel routes, it is difficult to trap all of the relevant information packets and to reassemble them in a readable form; and as the law concerning telecommunications has developed, it is clear that interception of electronic transmissions over the Internet is illegal under the Electronic Communi-cations Privacy Act.
These later opinions have stressed that e-mail communications much more closely resemble wire-based telephone communications than cellular or cordless telephone communications. The most recent opinion on the propriety of e-mail communications between lawyers and clients has been issued by the American Bar Association Center for Professional Responsibility. The essence of the opinion is that a lawyer may transmit information relating to the representation of a client by unencrypted e-mail sent over the Internet without violating the Model Rules of Professional Conduct. The Center has determined that electronic communication affords a reasonable expectation of privacy from both a technological and legal standpoint. However, in using electronic communications a lawyer must consult with the client and follow the client's instructions regarding the mode of any communications that may contain highly sensitive information.
Suggested Protections of E-Mail Communications. The most common and easily avoided breach of e-mail security is disclosure of attorney-client communications by inadvertently sending an e-mail to the wrong recipient, the client, or another person not meant to receive the communication, or to an entire list of recipients. Such inadvertent disclosures can be avoided by simply checking the e-mail address to make sure it is correct and that only the person or persons intended to receive the e-mail are included on the "send," "copy," or "blind copy" line. Lawyers should be careful not to reflexively click the "reply" button without carefully checking the names and e-mail addresses of all those who will receive the message. It is recommended that any e-mail communication to a client contain a standard notice to recipient indicating: the confidential nature of the communication; that if the communication is not received by the intended recipient, the message should not be read and should be returned to the sender; and that e-mail communications may not be secure and that if any such unsecure message is sent, the contents may be viewed by anyone viewing the e-mail. The notice should be at the head of the e-mail.
Various methods of securing e-mail communications are available depending on the need for security and the level of security desired: encryption, which ensures that only the desired recipients can read the message; message integrity, which guarantees that the message sent is exactly the same one received; authentication, which guarantees that the originator of the message is really the person they purport to be; and nonrepudiation, a protocol by which a person may be proven to have sent an e-mail message although they claim they did not send the message.
Robert W. Nelson is a partner with the law partnership of Rose & Nelson in Overland Park, Kansas. Robert W. Nelson is a partner with the law partnership of Rose & Nelson in Overland Park, Kansas.
For more Information About the Family Law Section
- This article is an abridged and edited version of one that originally appeared on page 419 of Family Law Quarterly, Summer 1999 (33:2).
- For more information or to obtain a copy of the periodical in which the full article appears, please call the ABA Service Center at 800/285-2221.
- Website: www.abanet.org/family/.
- Periodicals: Family Advocate, 64-page quarterly magazine; Family Law Quarterly, quarterly journal.
- Books and Other Recent Publications: Child Sexual Abuse in Civil Cases; Assigning Retirement Benefits in Divorce, 2d ed.; Military Retirement Benefits in Divorce; Competing Interests in Family Law; 1040 Handbook, 3d ed.; Understanding Business Tax Returns; A Lawyer's Guide to Mediation; 101+ Practical Solutions for the Family Lawyer; The Joy of Settlement; Practical Solutions for Family Lawyers (audiotape).