by Wendy R. Leibowitz and Angela Ward
(Published in June1, 2000 issue of Employment Law Weekly)
All the lawyers in the office may be buzzing about the damning findings of fact in the government's antitrust case against software giant Microsoft. Don't worry about whether the tech support for Windows will dry up just yet, but there is some wisdom in that case for the average law firmadministrator.
Do you know where the Department of Justice's lawyers got some of the most damaging information for that case? E-mail.
Do you know how many places the average e-mail is saved in a networked computer system? Four.
Does your firm or legal department have an e-mail policy yet? If not, it might be time to try to impose some type of regulation on the personal and professional use of office e-mail accounts.
Personal use ranges from the time-wasting but innocuous surfing and bidding on eBay auction items through e-mail to the standard discoverable "smoking gun" e-mail condemning an employee who then files a discrimination suit. Professional use may not need to be monitored for abuse, but at least some of it needs to be protected through encryption.
Postcard or Whisper?
You probably should not just hang your hat on the American Bar Association's opinion on encryption issued last year, either.
The 10 members of the ABA's Standing Committee on Ethics and Professional Responsibility found that "a lawyer may transmit information relating to the representation of a client by unencrypted e- mail" without violating the 1998 Model Rules of Professional Conduct. Plain, unencrypted e-mail "affords a reasonable expectation of privacy from a technological and legal standpoint," wrote the committee.
"I'm afraid that the opinion will be interpreted simply as saying that attorneys don't have to worry about the security of e-mail. This is not what the ABA opinion says at all," says Jerry Lawson, a legal technology consultant in Burke, Va.
The ABA committee did note that all forms of communication are vulnerable. But "snoops can and do take advantage of the vulnerability of e-mail in ways that harm lawyers and their clients, while making the existence of the attorney-client privilege a quaint irrelevancy," Lawson says. He recommends using even weak encryption products to be on the safe side.
About two dozen state bar associations have reached the same conclusion, but because of the ABA's size -- almost half of the nation's 900,000 lawyers are members -- its opinion may carry more weight with judges facing attorney-client privilege questions. There is still no case law directly on point.
Peter Krakaur, a San Francisco attorney who maintains a Web site at www.legalethics.com, says he is relieved that the ABA finally spoke to the issue. "The opinion will be a secondary resource that a court may follow," he says. "My worry was that a court would rely on an article saying 'an e-mail is like a postcard.' I've already heard judges quoting that expression in speeches."
A new metaphor can be found at www.mgovg.com. Charles Luce Jr., in an article titled, Lawyering on the Internet: Confidentiality, Solicitation, Ethics and Etiquette, writes that "unencrypted Internet e- mail is more analogous to a whispered conversation in Grand Central Station at rushhour."
Charles Merrill, head of the computer and high-tech practice group at Newark, N.J.'s McCarter & English, is an encryption advocate. He says it's important to note, as the New York and Pennsylvania ethics committees did, that technology changes over time, and thus so may ethical standards. The State Bar of California has not issued an opinion on e-mail encryption.
Ask the Client
Some newer encryption software have a "one-click to encrypt" option. The granddaddy of encryption, Pretty Good Privacy (PGP), is easier to use than ever, and still free in many cases, at www.pgpi.com.
Encryption goes beyond e-mail. NetDox Internet messaging provides secure digital delivery of "any file, any time." The United Parcel Service, at www.ups.com, delivers digitally, via UPS Document Exchange.
"Making a pronouncement without recognizing that tech standards may change is a little out of step" with reality, Merrill says, adding that there is an obligation to keep pace with technology. He points to The T.J. Hooper, a 1932 decision by the U.S. Court of Appeals for the Second Circuit that faulted a tugboat captain for not communicating using modern methods: He did not have a radio on board ship.
Failing to encrypt may appear negligent to a client, whose opinion matters more than the ABA's. "People have to educate themselves, as they did on the year-2000 issue," Merrill urges. Slides from his lectures on encryption are available at www.pkilaw.com.
The salient point in the ABA's opinion is: "A lawyer should consult with the client and follow her instructions ... as to the mode of transmitting highly sensitive information." How many lawyers who are not working on mega-mergers discuss their method of communication with clients?