chevron-down Created with Sketch Beta.

Law Practice Today

January 2024

Navigating Modern Communication Tools as a Lawyer

Alexander Paykin


  • As an attorney, keeping track of all communications is key, but the question is what communications should and shouldn't you keep records of?
  • How secure should communications between lawyer and client be? 
  • Attorneys must create firm protocols for selecting secure, ephemeral, or mixed communication methods for different contexts as appropriate.
Navigating Modern Communication Tools as a Lawyer

Jump to:

As attorneys, we have an obligation to maintain thorough records of all client communications, as well as communications with third parties relevant to a client's case. We are also often tasked with obtaining past communications from clients, opponents, and other parties during the discovery process. While modern technology has enabled faster and simpler communication methods, it has also created complex record-keeping challenges.  Lawyers must balance utilization and duties around private correspondence.

I. What Communications Should We Keep Records Of?

The first question to consider is what records it is that we must maintain.  Whether or not we maintain everything in our records is a reasonable judgment call, so it is probably not important to keep every text message with a client discussing the logistics of where you’re meeting for lunch.  However, if the text messages turn into substantive matter discussions, you suddenly have a duty to log and preserve those communications.  While almost all of us have our standard business practices when it comes to traditional communications, such as scanning incoming paper (mail, couriers, et cetera), and many of us even have practices for scheduled telephone calls and other calendared events, in practice, we often have passing communications, whether with clients, opposing counsels, third parties or even our own coworkers, sometimes in person, sometimes on a quick phone call that breaks through on call waiting, via text message or an app like WhatsApp, which are actually communications that are substantive in nature and must be logged. 

This of course becomes difficult to do in a firm with a substantial (or even a small) staff, where attorneys and paralegals often communicate with clients through in-person meetings, telephone calls, text messages, social media apps, email, and secure communications apps.  However, difficult, but there are reasons why it must be done anyway.  First off, communications made in such a manner with one member of the firm will leave the rest of the firm’s staff in the dark as to whatever substantive directions may have changed.  Second, should they be forgotten, they become extremely difficult to find.  Third, should those communications, or rather their substance, become an issue, lack of clear records could make proving your position difficult, and after all, you have a duty, as the attorney, to preserve those records for the client’s benefit. 

Of note, while specific language varies from state to state, your general obligations will always be, to some degree, commonsensical.  You need to maintain records that are substantive and relevant to the client and case.  For example, the Pennsylvania Bar Assn. has broadly opined that, under the Pennsylvania Rules of Professional Conduct, an attorney “should retain records of those communications containing legal advice". See Pa. Bar Association, Ethics Comm., Formal Op. 2014-300.  Meanwhile, according to the New York State Bar Association, if an attorney utilizes social media to communicate with a client relating to legal representation, the attorney should retain records of those communications, just as he would if the communications were memorialized on paper.”  These opinions and their clear conformity to the spirit of our record-keeping obligations should surprise no one.

Finally, unlogged communications are usually also billed communications, so if for no other reason, attorneys should consider logging all of their communications so that their billable timesheets accurately reflect the time spent communicating on each matter.

II. How Secure Should Our Communications Be?

While not all communications are sensitive in nature, lawyers should certainly be using secure communication methods when sending confidential client information (trade secrets, personal info, etc.), for attorney-client privileged discussions, such as case strategy, and when corresponding with clients or third parties about sensitive matters (medical issues, employment disputes, etc.).

In practice, which means of secure communications one should be using may often depend on the use scenario.  For instance, while I could see a large set of documents being uploaded to my firm via a client portal if I am sitting at a settlement conference and need my client’s input on the offers and counteroffers flying across the table, WhatsApp or Telegram would probably get the job done more efficiently.  I may even want the messages to be ephemeral (to disappear after a single view), if we are discussing extremely sensitive topics and I might be worried that someone might have access to my device and see those messages later.  In fact, and you might agree with me here, I might actually just step out into a private area of the hall and make a telephone call to my client to discuss a settlement position more efficiently. 

When selecting which method I use, I will consider whether I have a need to log my communications, and if I do, whether I need to do so in a way that (a) is secure, (b) is clear and concise, (c) makes sure those who have a need to know in the firm will be easily aware, (d) if the communication might ever need to be relied on to prove its contents, in a way that is authenticatable, and (e) whether I should be making a time entry linked to that communication.

A. Client Portals Are the Gold Standard

Ideally, law firms would use encrypted client portals for all substantive communications and our clients would embrace the idea of downloading our little branded apps to communicate solely with us.  In fact, those of us who use practice management systems (which is a rather large percentage of the profession at this point), already have secure communications portals available to us.  Most practice management systems allow for the creation of a client login page, which would allow the clients (and for that matter other third parties that you set up as contacts in your system), to communicate with your office, and to upload and download documents, as needed.  Best of all, these portals would create a communications log and would be clear attorney-client communications, maintained on a data cloud within your control (via your practice management system provider).  If using the client portal, you do not need to worry further about record-keeping, encryption, or the like.

However, most portals involve cumbersome extra authentication steps that clients resist, resulting in most communications still occurring by email, SMS or other means convenient to the client. Additionally, lawyers themselves hesitate to solely rely on portals due to the often (perceived) inconvenience of using them, often requiring two-step authentication, and making simple daily communications a hassle.

B. Communications Outside the Client Portal

In a perfect world, after each communication, you will have a moment to log the communication in your practice management system (whether tagging the relevant email with your practice management system’s integration into your email client, or opening your practice management system and making an entry in the relevant matter’s communications log, or even uploading a screenshot of a WhatsApp message into your communications matter folder) and you will of course make the relevant time entries.  In less perfect worlds, you may find yourself scrolling through your phone logs, emails, and SMS/WhatsApp/Telegram/Signal threads at the end of the day (and hopefully just the day, and not the week or even month), trying to recall and recreate your time entries and communications logs.

From a purely law firm-centered perspective, we should be insisting that all substantive communications go solely through our practice management systems and be automatically logged.  However, for those of us trying to stay in business, taking the client-centered perspective is generally the accepted way to operate.  Clients may often insist on using SMS, or apps like WhatsApp for convenience or cost savings, especially international clients avoiding long-distance fees.  Some clients regard messaging apps as easier, quicker, and more secure than email (all of which may very well be true from the client’s perspective). 

Probably the most popular means of communication between lawyers and clients (and the outside world as a whole), is email.  However, email is not encrypted and is not all that secure.  While people often refer to “secure email” or “encrypted email”, there is really no such thing. Emails are sent in plain text and the content of a regular email is sent as plain readable text rather than encoded or scrambled (“encrypted”), so the text can be easily read by any server or network that handles the email transmission. Additionally, emails are relayed through multiple servers, where on their way from the sender to the recipient, an email gets handed off between multiple mail servers run by email providers, networks, etc. Each handoff point allows the email data to potentially be accessed or intercepted since it's in plaintext.  Even if the content was encrypted (e.g. you attached a thoroughly encrypted data file and did not put anything substantive in the body of the email), the email header that directs the transmission contains information about the sender, recipients, subject line, etc. in plain text. Major email services don't encrypt by default and major consumer email providers like Gmail, Outlook, Yahoo, etc. have opt-in encryption rather than on by default, so most emails sent are still plain text.  For encryption, the sender needs the recipient's public key and vice versa. Those keys need to be distributed manually outside the email, unlike something like HTTPS websites that have centralized certificate authorities.  When users refer to “secure email”, what they are really thinking of is a client portal, because what they are getting is an email that directs them to a website, where the HTTPS protocol and a secure login are then seen, with the substantive message in question being shown to the user in that web portal after authentication, never having traveled as part of the original email.

Unlike email, the various communications apps can also provide end-to-end encryption not available in email.  However, many encrypted apps allow limited message access, sender deletions, and conversation destruction with a few taps, and given our obligations attorneys, temporary messages, and easy deletion and editing after sending options pose risks.  Parties may delete relevant communications before and during litigation (sometimes inadvertently) if proper preservation steps aren’t taken beforehand and evidence spoliation can take place when messages auto-delete after some time.  Gone unrecorded, many modern communications become irretrievable. Even screenshots of disappearing messages can be impossible to authenticate later on.

i. SMS

Text messaging (SMS) was one of the first popular digital communication methods. Originally designed for sending short snippets of text, SMS has expanded over time to allow the transfer of low-resolution photos and videos (MMS).  The SMS/MMS platform itself provides a relatively secure way for messages to be transmitted directly between the sender and recipient's devices via their cellular provider. SMS records also remain available and retrievable even if the other party deletes the messages on their own device.  However, SMS does pose certain recordkeeping challenges. SMS messages are delivered to personal smartphones, so records become fragmented across individual devices rather than centralized firm systems.  If a client texts one attorney within a firm, other attorneys may easily miss that communication if he or she is not informed, and it is not logged timely and appropriately.  Additionally, SMS simply lacks more advanced features. There are character limits given its original text-only origins. Options for transferring documents and files are restricted to basic photos and videos. Numerous third-party solutions try addressing such issues, but none offer a complete fix.  While SMS offers security and message recovery advantages, it creates decentralized recordkeeping headaches, and ingrained aspects like size constraints and attachment limitations to just simple images and short low-resolution videos continue posing usage barriers.  SMS messages should be logged into your practice management system right away and for preservation of records and logs, firms may want to consider SMS systems built into practice management systems (albeit a costly option with some practice management systems), while solo attorneys may want to consider Google Voice.

a. Google Voice

Google Voice integrates SMS, calls, voicemail, and other messaging into one free (impressively low long-distance fees do apply to international calling) unified platform accessible on the web and via a simple mobile app that essentially looks like your phone and messaging app in one, which makes it a practical solo practitioner solution. 

Its key features include automated call/message logging, seamless email integration enabling voicemail transcript delivery, advanced spam tools, cheap long-distance, and the option to record calls with recipient notification. All SMS message threads are archived and stored in an encrypted manner and can easily be searched through and authenticated. 

However, unlike a shared firm system, Google Voice compartmentalizes communications to its unique number on an individual user’s account. While messages could manually be integrated with practice management software, the segmentation across attorney accounts poses headaches for message visibility among staff and co-counsel. As we are all aware, solitary reliance on manual message copying is unrealistic given most individual habits, so using Google Voice for each of multiple staff members and hoping that your practice management system will contain a complete log of all communications is simply unrealistic.  In essence, Google Voice resolves certain SMS limitations and integrates with legal workflows, making it a great solution for solos, but its unintegrated nature risks communication gaps compared to unified firm platforms.  Solos may find the benefits outweighing the cons but larger practices likely require alternative solutions. 

b.  Practice Management Systems with Built-In SMS

To that end, many practice management systems have baked SMS messaging directly into their platforms to unify legal communication. At first glance, this promises easier consolidation of client correspondence.  Central advantages include automatic logging of SMS records into associated client profiles and matters. All staff also share access by default.  However, as always, limitations abound.  Not only does the built-in SMS often only work for domestic numbers, but the services are not as robust as those from major telecoms or Google, meaning that spam filtering tends to be nonexistent compared to standalone apps.  Additionally, mobile functionality is often an afterthought, lacking native app features, while over-notification creates message overload since all staff receive client SMS alerts, which often need to only be seen by one person. Finally, cost is another barrier, with vendors often putting the SMS functionality behind a rather expensive paywall, or making it part of the next “tier” of the software, forcing firms to upgrade all of their users’ accounts, when perhaps only a few of the firm’s users needed SMS functionality.

Of course, SMS itself, whether in its original form, as Google Voice or as a practice management system integration, remains a barebones messaging medium in an age where clients increasingly expect multimedia capabilities and flexibility.  In essence, while integrated SMS aims to streamline law firm communication, lackluster mobile experience, cost, over-notification, and lingering platform constraints counter the benefits for many practices.  In the end, enhanced encrypted messaging solutions may offer greater long-term potential, albeit without the convenience of baked-in client records.

ii. Standalone Encrypted Communications Apps

WhatsApp, Telegram, and WeChat have become globally popular mobile messaging apps, offering advantages like unlimited media sharing, encryption, and low costs. While these apps provide (or at least claim to provide) end-to-end encryption for securely sharing confidential information, the terms of service vary wildly, as do the basic features of use.  While many features are incredibly useful, from multi-party video chat to unlimited secure data sharing, to any number of features that make the communications themselves extremely easy and feature-rich, some of the data manipulation and privacy features should give attorneys pause.

With some apps, any party can delete or edit messages post-sending, even after receipt and reading. As such, manual message logging into your practice management systems is recommended.  Some apps, like WhatsApp, offer a web version, that can be opened in your computer’s internet browser, at least making it easier to export communication threads.

For instance, Telegram allows any user to delete entire conversations after the fact, removing the transcript from all devices.  This of course not only makes record-keeping inside the app unreliable and impractical, forcing one to take screenshots or export communications threads.  Should those communications later need to be authenticated, it is questionable whether even the screenshot would hold up in court.  An even more terrifying feature is that these various apps often allow a message to be edited, even after it was read and responded to.  The possibilities for fraud here are limitless.  Meanwhile, WeChat is a highly featured Chinese app raising data privacy worries given potential government surveillance. American lawyers overwhelmingly avoid WeChat for confidential communications, while it is extremely popular in China for all communications, including highly confidential commercial messaging and data transfer.

Attorneys should also be careful not to have attorney-client or any form of confidential communications on built-in messaging on Facebook/LinkedIn and other social media sites, as such generally lacks encryption and grants the platform access to messages, compounding confidentiality issues.  

Modern messaging apps allow responsive attorney-client communications but introduce new confidentiality hazards. Following careful retention procedures can help balance utility and professional duties. Understanding limitations and crafting prudent usage policies remains vital.

III. Who Gets to Decide?

In the end, it is the client who is entitled to the privilege, and it is the client for whose benefit we keep our records and confidences in the first place.  Much like your engagement letter should have a clause that confirms that your client’s telephone is personal and private and that no other person can hear their voicemails or see their SMS messages, you should be updating your engagement letters (if you have not done so already), to have clients affirmatively consent to your firm’s communication policies and to opt into the communications method(s) of their choice. 

Your engagement letter should clearly note that you provide a secure client portal, and using it is the most protected way to communicate electronically. If email is used instead, advise it lacks encryption, has inherent risks for confidential data, and that the client consents to its use despite risks.  If your client wishes to use any third-party messaging apps, have the client confirm they reviewed and accept the platform's terms of service and won't delete or edit communications after sending. 

If you discover, upon being retained, that apps were used in the client’s substantive and discoverable communications with opposing parties/third parties, advise the client to immediately work with IT services to export and preserve those external records for potential evidence and discovery purposes.  Further consider litigation hold letters or other pre-litigation efforts, as appropriate, to prevent evidence destruction and spoliation.

IV. Key Takeaways

Establishing prudent controls tailored to specific tools creates a sound ethical foundation for communications.  Attorneys must create firm protocols for selecting secure, ephemeral, or mixed communication methods for different contexts as appropriate.  

For all communication platforms, attorneys should:

  • Review the terms of service for data ownership, privacy rules, and encryption standards.
  • When terms of service are updated, fully reassess rather than blindly accepting them.  (Vendors rarely change their terms of service for fun and often specifically to take over some data ownership)
  • Avoid non-encrypted apps for confidential data.
  • Use apps with no message retention guarantees only with immediate archiving protocols in place and with client opt-in.
  • Log messages promptly into records management systems to establish diligent maintenance.
  • Before litigation, attorneys must proactively identify external systems used by involved parties and preserve evidence through trusted IT experts.
  • When appropriate, attorneys should consider pre-suit subpoenas and litigation holds to prevent deletion.
  • Update engagement letters to detail policies, risks, expectations, and client duties regarding message apps.

Following reasonable practices around communication platform vetting, usage policies, timely logging, and proactive preservation through IT and legal measures can help balance leveraging modern technologies with upholding professional standards.