For many attorneys, international travel is a function of a modern and increasingly global law practice. Whether required as part of closing a foreign deal or representing a client in an international arbitration, trips abroad are becoming more common across various practices. With this rise in travel, however, comes an increased risk of violating the rules of professional conduct and potentially facing a malpractice claim as a result.
Airport security searches in particular may result in inadvertent or forced disclosure of documents and information that are protected by the attorney-client privilege and work product doctrine or are otherwise confidential in nature. Not only has the scope of these searches grown significantly since Sept. 11, 2001, but they remain subject to further expansion as policies on international travel become even more restrictive.
Upon reentering the United States, Customs and Border Protection (CPB) and Immigration and Customs Enforcement (ICE) agents may attempt to inspect attorneys’ laptop computers, cellphones and other mobile electronic devices. However, to the extent these devices contain privileged or confidential documents and data, permitting their inspection without objection may run afoul of Georgia Rule of Professional Conduct 1.6, which requires attorneys to “maintain in confidence all information gained in the professional relationship with a client, including information which the client has requested to be held inviolate or the disclosure of which would be embarrassing or would likely be detrimental to the client.”
All the more worrisome are scenarios in which customs agents may compel attorneys to disclose the contents of these devices. Indeed, as a result of growing concern within the profession that customs agents have been disregarding attorneys’ claims of legal privilege, the American Bar Association (ABA), in a May 5, 2017, letter to Department of Homeland Security (DHS) Secretary General John Kelly and Acting General Counsel Joseph Maher, explained how recent CBP and ICE directives have resulted in customs agents “exercising sweeping powers to search electronic devices at the border, with or without reasonable suspicion of any wrongdoing.”
Accordingly, the ABA has urged DHS to modify and clarify the relevant directives and to adopt “standards and procedures that CBP and ICE agents must follow before the contents of a lawyer’s electronic device can be searched or seized at the border.” In particular, the ABA advocates that the directives should prevent privileged or confidential information from being read, duplicated, seized, or shared without a subpoena based on reasonable suspicion or warrant supported by probable cause; provide a clearer standard for agents to follow prior to demanding a search or seizure of documents or files; delineate what actions agents must take when faced with a privilege assertion; and define specifically when agents must consult with CBP/ICE chief counsel or the U.S. Attorney’s Office in connection with a privilege claim or dispute.
Since the ABA letter (and in the absence of any resulting change officially implemented by DHS), some bar associations have proactively provided guidance to their members. The Professional Ethics Committee of the New York City Bar, for example, issued Formal Opinion 2017-5 in July. It sets forth an attorney’s ethical duties regarding U.S. border searches of electronic devices containing clients’ confidential information. The opinion provides that, before crossing the border, attorneys must take “reasonable efforts” to protect confidential information. In evaluating “reasonable efforts,” the following factors may be considered:
• Sensitivity of the information;
• Likelihood of disclosure if additional safeguards are not employed;
• Cost of employing additional safeguards;
• Difficulty of implementing the safeguards; and
• Extent to which the safeguards adversely affect the attorney’s ability to represent clients (e.g., by making a device or software excessively difficult to use).
The opinion further states that attorneys may disclose clients’ confidential information at the border only to the extent “reasonably necessary” to respond to a government agent’s claim of lawful authority. Generally, “disclosure of clients’ confidential information is not ‘reasonably necessary’ to comply with law or a court order if there are reasonable, lawful alternatives to disclosure.”
Even when disclosure is reasonably necessary, the opinion provides that attorneys must take reasonably available measures to limit the extent of disclosure. At the same time, “attorneys need not assume unreasonable burdens or suffer significant harms in seeking to test a law or court order.” If confidential information is ultimately disclosed during a border search, the opinion requires the attorney to promptly inform affected clients.
In light of the ABA letter, Formal Opinion 2017-5, and uncertainty surrounding border searches, what are attorneys to do when traveling abroad? Here are some tips.
Consider Leaving Electronic Devices at Home
Whenever possible, avoid taking laptops and other unnecessary electronic devices on international travel. This is the simplest way to ensure that client confidences are maintained and that no client information is unnecessarily disclosed to border agents.
Remove Privileged and Confidential Data
If leaving electronic devices behind proves infeasible, one option is to remove all privileged and confidential documents and information from the device. This data may instead be:
• Stored on the law firm’s secure site to be accessed from the foreign destination,
• Emailed to yourself, and/or
• Saved to a CD, USB drive, or other storage device and mailed to the foreign destination using a trusted courier.
Some law firms now disable email access on cell phones altogether on foreign travel and supply attorneys with “clean” laptops that connect to secure desktops while abroad. Whether such an approach is helpful may depend on the nature of the confidential information in the attorney’s possession.
If wiping electronic devices is impractical or spare laptops are not readily available, there are other protective measures to consider. For example, attorneys may encrypt the relevant files. Whether by enlisting the assistance of the IT department or purchasing an off-the-shelf product, encrypting data may provide a significant level of protection. In either case, a strong password is critical to ensuring that encrypted files remain protected.
Lodge Privilege Objection
If, despite best efforts, disclosure of privileged or confidential information appears imminent, the attorney may object to the search on the basis of privilege. In conveying the objection, the attorney can advise the border agent that the requested search is non-routine, instruct the agent not to read privileged documents and request that the agent consult chief counsel to determine whether a warrant or subpoena must be sought. These steps comport with Looper v. Morgan, Civ. No. H-92-0294, 1995 U.S. Dist. LEXIS 10241 (S.D. Tex. June 23, 1995), wherein the court held that a warrant or subpoena is required to conduct a non-routine search, which involves reading documents subject to a claim of privilege.
Notably, an objection based on privilege may not be appropriate or significant at the borders of other countries, including Canada.
Inform Affected Clients
If confidential information is ultimately disclosed (with or without a subpoena or warrant), the next step for most attorneys will be to promptly inform affected clients. When coupled with some of the efforts detailed above, prompt communication will help to minimize any collateral damage, including the likelihood of a malpractice claim or bar complaint.
Although the issue of border control is a sensitive and evolving issue, attorneys can take steps to balance their obligation to safeguard client confidences with state interests in reviewing electronic devices.