GPSOLO December 2008
Some Limits on Evidence Gathering in the Digital Age
This article addresses two well-known ethical principles that limit the ability of lawyers to gather information and analyzes how they apply to two common issues concerning the Internet and e-mail. First, litigators know that they cannot engage in ex parte contacts with a party represented by counsel in a matter. Does that rule bar a lawyer from reviewing the web page of an opposing party? Second, litigators also know that they cannot use methods of obtaining evidence that violate the legal rights of a person. We’ll explore some ways that examining e-mail sent from or to an opposing party can violate that rule.
Web Pages and Ex Parte Contacts
No doubt, many thousands of lawyers have visited an opposing party’s web page to learn more about its business, its operations, or its financial circumstances. Web pages can provide very useful information in all sorts of contexts. A patent lawyer, for example, can look at a potentially infringing product and download pictures, specifications, and learn about how the product is marketed. At the same time, a transactional lawyer can look at the website of an opposing party in a negotiation to learn more about the background of its principal negotiators.
These passive contacts, in which the lawyer simply accesses information made available to the public by the website owner, do not constitute improper ex parte contacts, even if the information reviewed relates directly to the subject matter of the lawsuit or transaction. Reading a web page is, after all, no different from reading an advertisement or magazine article written by the opposing party and published to the world.
But limits have been placed on the ability of lawyers to use otherwise “public” information. Foremost, if the communication becomes interactive—say, for example, the lawyer “chats” or e-mails with someone employed by the opposing party through the web page—an improper ex partecontact could occur if the lawyer knows the person with whom he is communicating is “represented by counsel” in the matter. Although states vary widely on who is “represented by counsel” and, therefore, may not be contacted about the matter, if the employee has managerial authority or has authority over the subject matter of the dispute, then the lawyer should tread quite carefully.
E-mail, E-mail Everywhere, and Not a One to Read?
E-mail is known to be a rich source of evidence. For whatever reason, people will memorialize in an e-mail a thought they would never put in a formal memorandum. The impression that e-mail is ephemeral no doubt underlies that habit. Thus, if an opposing party turns over e-mail during discovery, it can often present a wealth of admissions and statements that the producing party will have to explain away.
Getting access to e-mail outside the scope of discovery, however, raises serious ethical issues. Most states, for example, make it unethical for a lawyer to use methods to obtain evidence that violate someone’s legal rights in the course of representing a client. Obviously, stealing an opposing party’s computer to take e-mail off of it is improper. But what if the opposing party is a former employee and the e-mail resides on a laptop that the employee had use of while employed? May the employer’s lawyer freely examine those e-mails, even those between the employee and his lawyer? What if a husband hands to his lawyer an e-mail written by his wife but on a computer owned by both husband and wife, and it relates to their pending divorce?
E-mail on Employer-Owned Computers
When a lawyer is presented with a computer containing e-mails sent or received by a former or current employee, the lawyer should not immediately peruse the mail folders to see what can be found. Instead, the lawyer must first investigate the facts surrounding the employee’s use of the computer to determine whether its use was accompanied by a reasonable expectation of privacy or confidentiality. Even though the employee was using the employer’s computer, and even if the employee had been warned that the employer would monitor e-mail, examination of the e-mail could be improper if the court weighs the factors in favor of the employee’s right to privacy. Put the other way, courts do not vitiate the reasonable expectation of privacy underlying the attorney-client privilege merely because the employer included a warning in an employment contract. Instead, they tend to look to four factors.
First, and most fundamentally, the courts examine whether the employer in fact maintained a policy banning personal use of the employee’s computer. If the employer did not have such a policy in place, it of course indicates that the employee believed he could use his computer for private, personal purposes.
Second, the courts examine whether, in fact, the employer did monitor employees’ use of e-mail. A paper policy is not enough: There must be proof that the employer actually did monitor e-mail on more than a sporadic basis.
Third, the courts examine whether third parties, such as vendors, had the right to access the computer. If the employee knew that third parties could gain access to the laptop, this shows that the employee knew that he could not expect the e-mail to be confidential.
Finally, the courts examine whether the employee was notified of the policy and monitoring. A policy on a shelf somewhere is not enough; a “splash screen” that warns the employee on each log-on that e-mail could be monitored has generally been held to be sufficient. Policy reminders that fall between these two examples often result in a balancing test by the court.
Though not all jurisdictions have adopted these four factors in analyzing the problem of employee expectations of privacy, the vast majority of courts that have addressed the issue approach the analysis in this manner, allowing employers whose notification practices are extensive and numerous to review e-mail. Thus, when presented with a pile of e-mail, a lawyer for an employer cannot simply look to see if there is a policy. Before looking, he must investigate the actual implementation of that policy in practice.
E-mail on a Spouse’s Computer or on the Spouses’ Computer
When one spouse accesses the other spouse’s electronic files or e-mail account that is protected by a password or encryption, any information obtained through the unauthorized access of the account will likely be illegal, and thus the lawyer should not assist the spouse in prying. Federal statutes protecting stored communications, as well as state wiretap statutes and computer theft statutes, likely criminalize that conduct. Depending on the state in which the offense occurs, the penalty for intrusion into an individual’s electronic communication can carry with it both criminal charges and a cause of action for the recovery of damages by the victim.
Although unauthorized access to protected files can result in criminal and civil liability, a gray area exists when a third party accesses unprotected files on a computer with open access. A New Jersey court recently held that a wife’s retrieval of saved e-mails from folders contained on the unrestricted family computer’s hard drive was not illegal. The court distinguished between the hard drive snooping performed by the wife and actively intercepting an e-mail at the time it is sent. The latter situation would no doubt result in a violation of New Jersey’s wiretap statute; however, the court reasoned that, because the New Jersey wiretap statute pertains only to “temporary, immediate storage of a wire or electronic communication incidental to the electronic transmission thereof,” e-mail communications saved on a hard drive are not protected so long as access to the hard drive is open to the interested party. Although this decision is binding only in New Jersey, the legality of a spouse’s intrusion into a third party’s e-mail seems to hinge on the question of authorized access.
Lessons to Learn Now
Obviously, care must be given before a lawyer accesses information stored on a computer used by an opposing party. Whether or not access is proper turns on state substantive law as well as the reasonable expectations of confidentiality of the user.
Less obvious, perhaps, is the lesson for employers. Employers who in fact do want to have the ability to access information on employee laptops need to make sure not only that they have a policy but that they enforce it and make the employee aware of its implementation. Otherwise, information on the company’s own equipment will remain off-limits to it.
When representing an employee, you should caution him or her against using the company laptop to communicate with you; the employer might review the e-mail despite the impropriety of doing so, or the employee might in fact have no reasonable expectation of privacy. Obviously, extreme care needs to be exercised when the employee is considering suing the employer, especially if the employee is interested in remaining employed.
Finally, when representing spouses contemplating divorces, you also need to discuss the legal and practical issues that your clients face. Even if it is illegal for a spouse to access the other’s e-mail account, spouses in divorce have been known to do far worse, and thus they may need to be warned about the issue regardless of the illegality of the conduct.
David Hricik is a professor of law at Mercer University School of Law; he may be reached at firstname.lastname@example.org. Chase Edward Scott is a 2009 J.D. candidate at Mercer University School of Law; he may be reached at email@example.com.