Communication in the
E-Mail Era: Deciphering the Risks and Fears
THE VIRTUES OF the adversarial system were drummed into us in law school. But the system has its limits. It is vital to agree on whether e-mailing a client over the Internet, without encryption, is a responsible thing to do, or so irresponsible that it might waive the attorney-client privilege. Since providing confidential advice is an attorney's business, secure communication with clients is a cornerstone of every legal practice. Many clients are clamoring for or already using Internet e-mail to consult attorneys; encryption is not yet in wide use; and there's no case law directly on point. It's important to clear up this e-mail issue.
But the few state ethics boards that have issued opinions on the subject do not agree with each other. In Iowa and South Carolina, an attorney must obtain a client's express consent before transmitting sensitive matter by unencrypted e-mail. But in Illinois, attorneys may freely communicate with clients by e-mail without encryption except in "unusual circumstances," when an ordinary telephone call would also be inappropriate.
All three ethics opinions are available at www.legalethics.com. England is considering rules similar to Iowa's, says Nick Critelli, a litigator in Des Moines who is also a barrister.
Since the Internet defies state boundaries, it is difficult to know how e-mail that is not purely local should be handled. Worse, the confusion seems to surround not only the technology, which is relatively new, but the attorney-client privilege itself, which is as old as the profession.
Here are a few guiding principles:
1. One hundred percent security is neither possible nor required to communicate with clients. To be protected from discovery under the attorney-client privilege, information conveyed to a lawyer must be communicated in confidence, and outside the presence of third parties. The privilege is the client's, but a lawyer may assert or waive it on behalf of the client. When investigating whether the privilege is breached, courts focus both on the precautions taken to preserve the confidentiality, and on the parties' reasonable expectation of privacy.
All methods of communication are vulnerable, as anyone knows who has ever overheard a telephone conversation, thumbed through a pile of faxes or lost an overnight mail envelope. Even face-to-face communication is imperfect. "Many people read lips," notes William Freivogel, an attorney with the Attorneys' Liability Assurance Society, or ALAS, an insurance company that insures law firms against malpractice.
In his definitive article, Communicating With Clients on the Internet: Legal, Ethical, and Liability Concerns, at www.legalethics.com/articles/freivogel.htm, Mr. Freivogel states that attorneys need not encrypt Internet e-mail to enjoy an expectation of privacy.
According to Albert Gidari, a partner in Internet law and electronic commerce at Seattle's Perkins Coie who lectures on privilege issues, ALAS has yet to hear a complaint about breach of privilege stemming from e-mail use.
2. E-mail does not endanger the privilege merely because it is accessible by third parties. Much of the justifiable caution (and unreasonable fear) surrounding e-mail arises from the fact that it travels over many computers and can reside on a server outside the client and far from the firm. It can also be lawfully read by Internet service providers during the course of maintaining the server.
But third-party access does not determine whether there is an expectation of privacy. Access by others to e-mail is no different from having your faxes delivered (or misdelivered) by high school students working at a firm's fax delivery service, or from cleaning personnel who dust your desk after you go home for the evening. It is of course not advisable to leave secret documents lying around in the open, or to be faxed, or to be e-mailed, but "secret" is different from "privileged." Unlawful access, be it by hackers or people dressed up as janitors, does not jeopardize the privilege.
There is so much confusion about third-party access that it is understandable, though not excusable, for attorneys to sigh, "Oh, forget about using the Internet for now," or "I won't bother to encrypt e-mail, because no one else does, and my clients don't like or know how to decrypt yet."
They should know that encrypted e-mail is the most secure means of communication today.
Also, David A. Hirsch, a civil litigator of Beckman & Hirsch in Burlington, Iowa, points out the dangers of remaining on the fence. "I'm not pleased with the Iowa [Ethics] opinion, but I can live with it," he says.
What bothers him is the obsession with the risks of Internet e-mail. "It's like talking only with air traffic controllers about risks--you'd never get on a plane," he says. "If people come to commonly believe that there is no privacy with Internet e-mail, I could see a judge saying, 'Everyone knows there's no expectation of privacy on the Internet.' It's important to speak up and say, 'This is just as secure as a fax or a telephone.' "
3. It is not appropriate to extend existing case law to e-mail. E-mail analogies abound: an e-mail is just like a fax. No, it's like a telephone call. But in its June 26 ruling on the Communications Decency Act, the Supreme Court, in ACLU v. Reno, 96-511, treated Internet communication differently from other media. Until there is case law directly on point, attempts to extrapolate e-mail principles from existing cases conjure up images of the blind men and the elephant: everyone sees things differently.
The closest decision thus far comes from a military court, which found a reasonable expectation of privacy in e-mail for Fourth Amendment search and seizure purposes. U.S. v. Maxwell, 42 M.J. 568 (U.S. Air Force Ct. Crim. App. 1995). But those e-mails were sent wholly within America Online's system, and thus distinguishable from e-mail sent over the nonproprietary Internet.
For a clear discussion of malpractice concerns and Internet e-mail, see the article by Joan C. Rogers of The Bureau of National Affairs, at www.bna.com/prodhome/bus/mopc_adnew2.html. For the ABA's Burgess Allison's strongly stated views, point your browser to www.abanet.org/lpm/magazine/tu963.html. Mr. Gidari's article, Privilege and Confidentiality in Cyberspace, is at www.perkinscoie.com/resource/ecomm/priv.htm.
This article is reprinted with permission from the August 4, 1997 edition of The National Law Journal. © 1997 NLP IP Company. LawNewsNetwork.com.