What is the standard for electronic client communications? Can lawyers freely use email, without a worry or care about encryption?
In “Odds & Ends – Safeguarding Client Information in a Digital World,” Oregon State Bar General Counsel Helen Hierschbiel sets us straight:
The first ethics opinions that addressed the use of electronic communications prohibited lawyers from using cell phones and unencrypted e-mail…. More recently, ethics authorities condone the practice, recognizing that the expectation of privacy in these modern methods of communication is comparable to and as reasonable as that of older methods of communication. For example, ABA Formal Ethics Op 99-413 (1999) states:
E-mail communications, including those sent unencrypted over the Internet, pose no greater risk of interception or disclosure than other modes of communication commonly relied upon as having a reasonable expectation of privacy… The risk of unauthorized interception and disclosure exists in every medium of communication, including e-mail. It is not, however, reasonable to require that a mode of communicating information must be avoided simply because interception is technologically possible, especially when unauthorized interception or dissemination of the information is a violation of [the law].
Does this mean lawyers get a free pass to use unencrypted email?
The answer is no, as Helen points out. Special precautions need to be taken if:
- The information to be transmitted is particularly sensitive
- The contents of the email are subject to a confidentiality agreement
- The client instructs the lawyer to avoid using email
Can a client waive the security risks associated with unencrypted email?
Yes. “If a client requests it, a lawyer may … be allowed to use … a particular type of electronic communication notwithstanding expectations of privacy in the communication method.”
What role does metadata play?
As Helen notes, metadata may be a bigger danger than unauthorized interception of email messages:
[C]ompetent representation requires that lawyers understand what information may be hidden in documents that they plan to send by e-mail so that appropriate steps can be taken to protect against inadvertent disclosure of what could be confidential or sensitive information. See, e.g., Arizona Ethics Op 07-03(2007) (lawyer must take “reasonable precautions” to prevent communication of metadata containing client information) and ABA Formal Op 06-442.
Since Helen’s article was published, Oregon has issued its own metadata opinion: Competency: Disclosure of Metadata, OSB Formal Opinion 2011-187.
Where does this leave us with encryption?
If your clients have consented to use of unencrypted email (or don’t care) and your messages are not particularly sensitive or subject to a confidentiality agreement, why should you give a whit about encryption? In a phrase: ease of use.
What used to be difficult is no longer.
In the article “Encryption So Easy a Lawyer Can Do It,” Bob Ambrogi discusses three incredibly simple solutions that allow lawyers to send encrypted messages. No more clunky interface requiring the sender to transmit keys before the recipient decrypts the message. No more need for both parties to use the same software. (Although a simple plug-in may be needed, depending on the software you choose.)
With secure cloud-based solutions like Enlocked, Virtru, or Delivery Trust from Identillect, Ambrogi concludes:
What all three programs have in common is that they make encryption as easy as the push of a button. If you use email to communicate with clients or colleagues about sensitive matters – and what lawyer does not? – you have no excuse not to encrypt.”
[All Rights Reserved 2015 Beverly Michaelis]