For lawyers working in Asia, the thought that someone might be listening on their communications is nothing new. But the thought that it might be the U.S. government instead of, say, the Chinese government has come as a surprise.
But that’s the clear implication of the Feb. 15 revelation in the New York Times that the U.S. National Security Agency, through allies in Australian intelligence, listened in on communications between an American law firm and its client in a trade dispute, the Indonesian government.
The issue is obviously a highly sensitive one for firms, as about two dozen contacted by The Asian Lawyer declined to comment for this story, even on a not-for-attribution basis.
A Beijing-based partner with a U.S. firm says foreign lawyers working in China already regularly take precautions against the presumed pervasive surveillance in that country.
“You travel, have in-person meetings,” he says “But even at the meeting, you take your cell phone out, take the batteries out. And you make sure the meeting is held where no one is given notice until the last minute. People just go to a place to meet so no one can set up surveillance equipment.”
But there was also an assumption that client meetings outside of China were on safer ground. “Now the fear is you’re being monitored by the U.S. government, so where do you go?” the Beijing partner says. “This is definitely a big concern for lawyers. I never thought the U.S. government would be listening to privileged conversation.”
The Times report was based on a top-secret document obtained by former NSA contractor Edward Snowden. That document did not name the law firm being monitored, but the Times noted that Mayer Brown was representing the Indonesian government in its trade dispute with the United States at the time.
The Australian Signals Directorate, according to the Times, alerted the NSA that the monitoring was underway, saying in the document that “information covered by attorney-client privilege may be included” in the surveillance. After discussions with the NSA’s general counsel to seek guidance on the spying, the Australians continued “to cover the talks, providing highly useful intelligence for interested U.S. customers,” according to the document.
In a statement, Mayer Brown said, in part, that “there is no indication, either in the media reports or from our internal systems and controls, that the alleged surveillance occurred at the firm. Nor has there been any suggestion that Mayer Brown was in any way the subject of the alleged scrutiny.”
A number of lawyers in the United States have expressed outrage.
“I honestly was shocked. Absolutely shocked,” says Carolyn Lamm, a Washington, D.C.–based international dispute resolution partner at White & Case and former American Bar Association president. “I think one of the tenets of our legal system, of course, is lawyer-client privilege and confidentiality. To have someone just eavesdropping is totally inappropriate.”
As sibling publication The National Law Journal reports, conservative watchdog group Freedom Watch is using the Times story to bolster a legal challenge to the NSA’s surveillance practices. The report, Freedom Watch founder Larry Klayman said in a Monday court filing, helps demonstrate that his attorney-client communications had been subject to government surveillance and that he should have standing to sue over the NSA’s practices.
But a number of lawyers in both Asia and the U.S. also expressed the view that the revelations were hardly surprising.
“The fact is, all of us have been aware for some time that there are a number of countries in the world renowned for their hacking ability, and it’s government- sanctioned,” says a partner with a major Australian firm. He points to China, Russia and France, and says there were always suspicions that the United States, Israel, Britain and Australia were doing the same thing. “That being the case, there is a level of awareness that you need to be very careful with what you say in [electronic] communications.”
Among the measures he says lawyers at his firm take are working mainly with hard copies of documents or using stand-alone computers not connected to the firm’s network. He also says it’s not uncommon for lawyers use special rooms that are specifically designed to foil high-tech listening devices.
But the Australian firm partner says lawyers can only do so much, especially against intelligence services backed by the resources of major governments. “If somebody really wants to get certain information, chances are they’ll find a way to get it,” he says. “You can only do your best, can’t you?”
Some lawyers in the region take it even more in stride.
“We expect phone calls and emails are being monitored, but it just doesn’t ever impinge on anything,” says one veteran U.S. lawyer in Beijing. “I haven’t been aware that it’s [ever] created a problem for a client in their commercial capabilities. And if it did, they never raised it with me.”
Government surveillance is “part of the furniture,” in his view. “That’s the environment in the U.S.,” he says. “I think we all have expected that’s the environment in China.”
Some industry observers noted positive aspects of the recent revelations.
Cybersecurity expert Richard Bejtlich, pointing to a post on security blog LawFare, said a few facts make the Australian agency’s actions more palatable: the fact that the surveillance doesn’t appear to have taken place within the U.S.; that the agency targeted Indonesian government officials engaged in trade talks with the U.S., not the law firm itself; and that Australia alerted the NSA that it was monitoring U.S. citizens.
“This is an example of the system working,” says Bejtlich, who serves as chief security strategist at cybersecurity company FireEye, which works with some large law firms. “It’s not this really nefarious thing,” he says.
Bejtlich notes that, unlike U.S. allies that follow protocol to omit citizens’ information when they can, countries like China and Russia do not give the same courtesies when snooping into American systems.
Last year, a blockbuster report by cybersecurity firm Mandiant Group linked hacking at 141 entities, mainly located in the United States, to a Chinese military unit based in Shanghai. Four of the targeted entities were law firms.
“Every domestic industry trade lawyer in Washington has had their systems hacked by the government of China,” says one Washington, D.C.–based Am Law 200 lawyer. “Those of us who work in this area try to take as much precaution as possible, but we’re all realistic that international communications—and even domestic communications—are simply not secure.”
Additional reporting by The Am Law Daily’s Sara Randazzo and Andrew Ramonas.