Similarly, attorneys have never been more accessible and now have a growing list of ways to communicate. Telephone, videoconference, facsimile, e-mail, text message, chat services, websites, online video, social media, blogs, digital message, electronic communications found within online games, as well as radio and TV are all communications modalities used by attorneys.
The way client information is stored today and the way attorneys now communicate raise new issues involving the old ethical challenges of confidentiality, privilege, and privacy.
Law Tech in the 19th and 20th Centuries
Until the early 1980s, an attorney’s primary tools had for the most part remained unchanged in the previous hundred years. Lawyers dictated correspondence and legal briefs using a dictation machine (originated by Alexander Graham Bell in 1881). Dictation was transcribed on a typewriter (introduced in its familiar form—with QWERTY keyboard—in 1873). Copies were made using carbon paper (dating back to the early 19th century). Consultations were performed either in office or over the telephone (an invention most commonly credited to Alexander Graham Bell in 1876).
The first 20th-century innovation occurred in 1959 with the introduction by Xerox of its Model 914, the first commercially successful plain paper photocopier. Photocopiers were not found in small offices, however, until the late 1970s. Word processing (first on stand-alone machines, later on personal computers such as the IBM Model 5150, introduced in 1981) and facsimiles (or faxes, first patented in 1843 but not commercially viable until Xerox introduced its LDX, or Long Distance Xerox, in 1964) did not become commonplace until the early 1980s. Cell phones (first introduced in Japan in 1979), networked computers (first connected intra-office, then connected via modem to the World Wide Web with the Mosaic browser, released in 1993), and e-mail (possible via ARPANET as early as the 1970s) were not commonly used in law offices until the 1990s. All the while, legal research remained a manual process requiring books and quite possibly a trip to a law library.
Confidentiality, Privilege, and Privacy in the 21st Century
Today, the increased speed and volume of communication, coupled with clients’ heightened expectation of responsiveness, have the potential to expose lawyers to new types of ethical violations and errors. Although the ethical obligations of attorneys have not changed, ethics and judicial opinions clarifying an attorney’s responsibilities when using new technologies develop slowly.
The ABA Standing Committee on Ethics and Professional Responsibility did not comment on attorneys’ use of e-mail until March 10, 1999, when it opined that attorneys could use unencrypted e-mail for client communication, as
the mode of transmission affords a reasonable expectation of privacy from a technological and legal standpoint. The same privacy accorded U.S. and commercial mail, landline telephonic transmissions, and facsimiles applies to Internet e-mail. A lawyer should consult with the client and follow her instructions, however, as to the mode of transmitting highly sensitive information relating to the client’s representation. (ABA Formal Opinion No. 99-413)
Since the turn of the millennium, states have enacted laws that speak to the confidentiality of electronic communications. For example, since 2002 there has been a presumption under California law that electronic attorney-client communications are privileged. See CA Evid. Code § 917 (presumption of privilege) and § 952 (information transmitted between client and attorney in the course of that relationship and in confidence and in a method that so far as the client is aware does not disclose the information to a third party is confidential); CA Civil Code § 1633.2 (providing a definition of electronic transmissions); and CA B & P Code § 6068(e) (attorney has duty to “maintain inviolate the confidence, and at every peril to himself or herself to preserve the secrets, of his or her client”).
Nevertheless, attorneys should be aware that even though electronic communications are presumed to be privileged, that presumption may be challenged. See Holmes v. Petrovich Development Company, LLC 191 Cal.App.4th 1047 (3rd Dist., Jan. 13, 2011) (attorney-client communications over work computer found neither confidential nor privileged); see also Scott v. Beth Isr. Md. Ctr., 847 NYS 2d 436 (Sup.Ct. 2007) (e-mail forwarded to counsel from employer e-mail found not confidential); Resilient Floor Covering Pension Fund v. Michael’s Floor Covering, Inc. (N.D. Cal. 2012) 2012 WL 3062294 (attorney-client privilege and work product protection waived when pre-litigation e-mail detailing the legal merits of a plaintiff’s potential claims originally sent from attorney to client were forwarded by client to an interested third party, who in turn forwarded it to others); compare Stengart v. Loving Care, 200 NJ 300 (2010) (e-mail sent from work computer using employee’s web mail to attorney is privileged).
In light of these rulings, attorneys should make every reasonable effort to educate their clients to ensure the privacy, confidentiality, and privilege of their communication. Consider adding “Do Not Forward” language to e-mails and their attachments.
Mobility and the Cloud
As technology continues to advance, it will continue to change the way we do business. Today’s attorney accesses files securely by way of a Virtual Private Network (VPN), pays third parties to maintain copies of client files, and accesses files on demand by way of the cloud. Although slow to respond, ethics boards have started to address the ethical challenges created by these new technologies.
On September 20, 2010, the New York State Bar Committee on Professional Ethics Opinion #842 determined that attorneys may use an online storage system to store client files provided the “lawyer takes reasonable care to ensure that confidentiality will be maintained in a manner consistent with the lawyer’s obligation under Rule 1.6.” The opinion continues, stating that lawyers must
stay abreast of technological advances to ensure that the storage system remains sufficiently advanced to protect the client’s information, and should monitor the changing law of privilege to ensure that storing the information online will not cause loss of waiver of any privilege.
ABA New Model Rule 1.6(c) requires that “A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.”
The State Bar of California Standing Committee on Professional Responsibility and Conduct in Formal Opinion No. 2010-179 opined that attorneys should take appropriate safeguards to ensure confidentiality, including “firewalls, secure username/password combinations, and encryption.”
How to Keep Safe
The Internet’s not written in pencil . . . it’s written in ink.—The Social Network (2010).
With digital security breaches affecting an ever-greater number of people (for a brief overview of the 15 worst data security breaches of the 21st century, see tinyurl.com/o743bte), attorneys likely need help maintaining a secure digital work environment. There are, however, a number of things attorneys can do to improve their personal digital security.
Every lawyer needs a basic knowledge of how the Internet, digital storage, and digital encryption work and must take steps to ensure the security of the confidential materials contained in the tools that they use. Every device with memory is an ethical violation waiting to happen. Memory is present in most of the devices we use today, including smartphones, tablets, laptop and desktop computers, external hard drives, and flash drives, as well as phone systems, photocopiers, printers, and fax machines.
Lawyers should encrypt all digital storage devices at the disk level. Mobile devices also should be equipped with kill switches—commands that “brick” or deactivate the device on connection to the Internet should they be lost or stolen. Steps should also be taken to fully erase a device’s memory before it is discarded. Should you need to transmit confidential data electronically, encrypt the data using “strong” passwords that combine letters, numbers, and symbols. Encrypt your home wireless network. For access to office networks, utilize modern two-factor authentication, a security process requiring entry of two forms of identification to access secure client data (some two-factor systems require a card and a password, others text a random password to a smartphone upon entry of a memorized password, with access granted upon entry of both passwords). Finally, see a competent IT professional should you have questions.