25 September 2011

Fear the Great Electronic Menace

Lately, I've noticed a lot of attempts to scare attorneys about the use of online resources. One form of this comes from "professionals" who make their living by telling attorneys how much danger they are in and how they can be saved. Telling someone not to tape their password to the monitor isn't exactly rocket surgery. I also like how they keep telling people to make their passwords longer and longer. Passwords are like padlocks. They keep the casual thief from getting in, but they aren't going to keep anyone serious out. They can accomplish that with six characters. If you're expanding your password to try and keep ahead of better and better password crackers you are going to be using a fifty character password in five years.

Another interesting point of fear mongering is coming from lawyers themselves. For instance, the ABA has come out with the following ethics opinion:
A lawyer sending or receiving substantive communications with a client via e-mail or other electronic means ordinarily must warn the client about the risk of sending or receiving electronic communications using a computer or other device, or e-mail account, where there is a significant risk that a third party may gain access. In the context of representing an employee, this obligation arises, at the very least, when the lawyer knows or reasonably should know that the client is likely to send or receive substantive client-lawyer communications via e-mail or other electronic means, using a business device or system under circumstances where there is a significant risk that the communications will be read by the employer or another third party.

Okay, the part about an employer communicating with his attorney thru his employer's computer or network is common sense and any attorney who knowingly did that might be beyond an ethical violation and into malpractice. However, the really disturbing part of this is the possibility of infinite expansion. What exactly is "significant" risk? The comment explains that this opinion can cover all sorts of situations.
The confidentiality of electronic communications between a lawyer and client may be jeopardized in other settings as well. Third parties may have access to attorney-client e-mails when the client receives or sends e-mails via a public computer, such as a library or hotel computer, or via a borrowed computer. Third parties also may be able to access confidential communications when the client uses a computer or other device available to others, such as when a client in a matrimonial dispute uses a home computer to which other family members have access.
I've also seen this sort of thing in CLE's. Earlier this year, I was at a CLE wherein the ethics discussion revolved around whether it was unethical to store files "in the cloud" (a trendy way of saying "on servers external from your work or residence"). One lawyer posited that you couldn't do it without giving the client notice and explaining possible problems.

This is a fear reaction because something is new. Lawyers hate and fear the new, Now, I know that none of this is really new, but lawyers are always behind the curve when it comes to thing like this. I know a number of lawyers who don't understand or use email and to whom storage of documents on the web is mind boggling. They don't greet such things with open arms. They ignore them and when forced to address them do so as little as possible. Fears such as this bring out lawyers with too much time on their hands who react as lawyers always try to: they rule it to death.

Think about it this way. How often do lawyers warn their clients that the law office has windows and doors which could be broken open and that their files are on paper. We don't do that because it is collateral to anything the attorney is supposed to be talking to the client about and it would be silly. Yes, someone could break into the office and burn or steal files, but it's remote enough of a possibility that if the attorney is taking reasonable precautions (locking the doors and windows of his office) no one is going to talk to the client about it. The same thing applies when storing client files online with a reputable company such as Amazon or Google, behind a password. In fact, those files are probably more secure than a paper file in a cabinet in the office. And yet, I find myself in CLE's being warned that I should tell a client about the dangers of online storage.

As for email communications, yes, in appropriate situations a warning to the client is appropriate. However, I think it is putting too fine a point on it to specifically point this out for email. It's true for any kind of communication in sensitive situations. Planning to sue your boss? Don't do any communications which can fall into the company's hands. This has always been true. The client shouldn't use the company phone or voice mail or talk to another employee about it or do anything in regards to the case at work. Are we getting ethics opinions about this sort of stuff? No, because it doesn't involve computers.

Use the same common sense with computers that are used everywhere else and you need not worry overmuch. I know the fear mongering won't stop, but don't listen to it too much.

No comments: