Thank you for sharing!

Your article was successfully shared with the contacts you provided.
The setting: The State Bar of California’s 2000 annual meeting in San Diego. The topic: E-mail and security. “How many use e-mail to communicate with your clients?” asks the speaker. Every hand in the 150-lawyer audience goes up. “How many regularly encrypt e-mail?” A handful of lawyers respond affirmatively. “How many have experienced an e-mail confidentiality breach?” Just two lawyers raise their hands. “Was your e-mailed pirated?” No, the breaches were the result of mistyped addresses — human error only. A second panelist starts talking, but his voice is cut off immediately, replaced with the disembodied voice of someone not in the room. The speaker at the CLE program next door is wearing a remote microphone, and his voice is now booming through the room. The amplifier in our room is picking up his wireless microphone. For a moment, our e-mail encryption program is usurped by taxation law. I watch the audiences confusion turn to mirth as the program staff wrestles with the problem and audio order is finally restored. Our program had barely begun and, already, four important lessons were learned. One, lawyers use e-mail commonly. Two, e-mail confidentiality breaches do not appear to occur frequently in practice. Three, using wireless communication technology is risky. Four, lawyers have a sense of humor (don’t laugh!). The lawyers appreciated the irony of our impromptu technology demonstration. While few in the audience appeared to have a problem with e-mail security, our program theme, we have just shown them the real danger of wireless communication technology. MYTH OR REALITY? Is e-mail piracy a real world problem? This is a theoretical/real world tension that underpins and fuels the current debate on e-mail encryption. Some lawyers do not consider e-mail piracy to be a real problem, while others consider the piracy threat so real that they recommend an e-mail encryption requirement for lawyers. There is universal agreement that e-mail communications are not secure. Snooping and interception of Internet communications, as well as computer information, are realities of this technological age. Lawyers’ e-mail communications and computer data are not sacrosanct from such snooping or interception. The technological threat to e-mail confidentiality is real, not theoretical. However, it appears that in practice lawyers have had little, if any, trouble with intercepted e-mail, and that e-mail piracy problems are still more potential than manifest. I have seen no empirical study regarding lawyers’ intercepted e-mail. However, it is my anecdotal impression that the vast majority of lawyers using e-mail today do not perceive e-mail confidentiality to be a major issue, and do not encrypt their e-mail because they have had no practical problem in this area. ENCRYPTION RULE Given all this, should lawyers be required to encrypt their e-mail, as some recommend, to better protect the confidentiality of their e-mail communications? After all, encryption software is readily available and affordable. Lawyers have a fiduciary obligation, and an express duty under professional responsibility standards, to protect the confidentiality of client information. A rule mandating e-mail encryption would be consistent with this ethical duty of confidentiality, and would be appropriate given the known security risks regarding e-mail communications. As a former professional responsibility rule drafter, I argue against an encryption requirement. As mentioned above, I have seen no empirical study documenting a problem with pirated e-mail that would support the imposition of an encryption requirement at this time. It is by no means clear that requiring encryption would insure confidentiality. Encrypted messages can be broken. Encryption software becomes obsolete relatively quickly and must be upgraded. New encryption software is still not foolproof, and is often prone to problems and bugs. More importantly, encryption is not effective without client cooperation and sophistication; an attorney’s encrypted message is useless if the client cannot decipher it. It appears unfair to single out e-mail communications for special security treatment at this time. Other forms of attorney-client communication also present serious confidentiality issues. Attorney letters can be intercepted or inadvertently opened and read. Attorneys’ telephones, cell phones and portable phones can be intercepted (cordless telephones are particularly problematic, as demonstrated at our CLE program). Attorney’s faxes can be misdirected, or picked-up and read up by the wrong recipient. If attorneys are required to encrypt e-mail, should they not also be required to encrypt letters and faxes, and scramble telephone calls, because these other communication forms also present confidentiality problems? At the moment, American Bar Association and state bar opinions addressing e-mail encryption take the position that a lawyer is not required to encrypt e-mail communications. The opinions concur that e-mail affords a reasonable expectation of privacy that is consistent with the privacy expectation accorded mail and land-line telephonic transmissions, including facsimiles. When in doubt, a lawyer should consult with the client regarding the mode of transmitting highly sensitive information. (ABA Formal Opinion No. 99-413.) To learn more, a complete collection of state ethics opinions on e-mail confidentiality can be found at www.legalethics.com. A series of informative and insightful articles on e-mail confidentiality and technology can be found at www.llrx.com/email. KEEPING PERSPECTIVE I do not believe that the ethical duty of confidentiality should, or can, come down to a software product, a technological fix to a technological problem. A lawyer’s duty of confidentiality requires a broader view. While e-mail encryption may be completely appropriate and desirable in a given instance, in other instances information may be too sensitive for e-mail transmission, whether encrypted or not. A lawyer should consider the sensitivity and confidentiality of the information being transmitted, as well as the best communication medium to protect, if necessary, the confidentiality of that information. The lawyer should review his or her confidentiality systems, and attempt to create practice management processes that best guarantee the confidentiality of client information. As I have heard time and again, encryption software is only a good as its weakest links, which are the humans installing and using it. Lawyers should not stick their head in the sand regarding e-mail encryption, hoping that the issue will go away. Conversely, lawyers should not buy and install an encryption software package, and think their e-mail security problems are solved. A mandatory professional responsibility rule in this area could produce just this undesirable result. David M.M. Bell is the former director of professional competence at the State Bar of California. He is a partner at Langford & Bell in Walnut Creek, Calif., and the vice chair of the California Bar’s Law Practice Management and Technology section.

This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.

To view this content, please continue to their sites.

Not a Lexis Advance® Subscriber?
Subscribe Now

Not a Bloomberg Law Subscriber?
Subscribe Now

Why am I seeing this?

LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.

For questions call 1-877-256-2472 or contact us at [email protected]


ALM Legal Publication Newsletters

Sign Up Today and Never Miss Another Story.

As part of your digital membership, you can sign up for an unlimited number of a wide range of complimentary newsletters. Visit your My Account page to make your selections. Get the timely legal news and critical analysis you cannot afford to miss. Tailored just for you. In your inbox. Every day.

Copyright © 2021 ALM Media Properties, LLC. All Rights Reserved.