 |
Please visit this month's sponsor:
ETHICS SPOTLIGHT
Laura W. Morgan, Esquire
LAWYER-CLIENT CONFIDENTIALITY IN E-MAIL COMMUNICATIONS I. INTRODUCTION Just ten years ago, mention of the world-wide-web, the Internet, and cyberspace would have drawn blank stares from most attorneys. Today, however, most lawyers are on-line and many communicate with other attorneys and their clients by e-mail. This article will examine the attorney's duty to maintain lawyer-client confidentiality in this new method of communication, and how that confidentiality may be achieved by encryption such as PGP (Pretty Good Privacy). II. THE ETHICAL DUTY An attorney has a duty to communicate with his/her client to keep the client apprised of the status of the case and to solicit the client's opinion regarding the risks inherent in various courses of action. An attorney also had a duty under both the ABA Model Rules of Professional Conduct and the earlier ABA Model Code of Professional Responsibility to protect conversations with a client that may be covered by the evidentiary attorney-client privilege. The attorney must also protect "information relating to a client," and "confidences and secrets" of a client. Model Rule 1.6(c) (a lawyer shall not reveal information relating to representation of a client unless the client consents after consultation, except for disclosures that are impliedly authorized in order to carry out the representation, and except as stated in paragraph (b)); Model Code DR 4-101 (a lawyer shall not knowingly reveal a confidence or secret of the lawyer's client or use a confidence or secret of the client to the client's disadvantage or a third person's advantage). At least one court has stated that this principle of maintaining lawyer-client confidentiality stands as a bedrock principle of the Anglo-American legal system. Reardon v. Marlayne, Inc., ___ N.J. Super. ___, 395 A.2d 255, 257 (Law Div. 1978). III. THE ATTORNEY-CLIENT PRIVILEGE AND COMMUNICATIONS VIA COMPUTER If an attorney's computer and a client's computer communicate directly over normal telephone lines, a wire communication has occured, and under the normal rules governing telephone conversations between an attorney and a client, the conversation is protected. Katz v. United States, 389 U.S. 347 (1967); Restatement (Third) of the Law Governing Lawyers sec. 120 (Proposed Final Draft No. 1, 1996). The problem with e-mail arises because the attorney's computer usually does not talk directly to the client's computer. (Private e-mail systems operate through LANs (local area networks), minicomputers, and mainframes. E-mail sent between networks travels over the Internet.) When communicating via the Internet, one party's computer communication passes through one or more interim host computers, or gates, on its way to the other party's computer. While each link from computer to computer to computer is via normal telephone lines, th communication will reside in these interim computers and are subject to interception at each link. Thus, the question arises as to whether this greater possibility of interception eliminates the claim of attorney-client privilege. In other words, does the fact that messages sent via the Internet are subject to lawful review by persons operating the host or interim computers as part of the ordinary monitoring system waive the privilege? The commentators who have addressed this question have agreed that there is no waiver of privilege because the communication is sent via the Internet. The same type of monitoring system that takes place on the Internet also takes place for traditional telephone calls without any loss of privilege. See generally, Peter R. Jarvis, Bradley F. Tellam, Competence and Confidentiality in the Context of Cellular Telephone, Cordless Telephone, and E-Mail Communications, 33 Willamette Law Review 467 (1997); Jonathan Rose, E-Mail Security Risks: Taking Hacks at the Attorney-Client Privilege, 23 Rutgers Computer and Technology Law Journal 179 (1997); Todd H. Fleming, Internet E-Mail and the Attorney-Client Privilege, 85 Ill. Bar J. 183 (April 1997); Joan C. Rogers, Ethics, Malpractice Concerns Clout E-Mail, On-Line Advice, ABA/BNA Lawyers' Manual on Professional Conduct 59, 61 (1996). This analysis has been borne out by at least one opinion, State of Virginia ex rel. United States Fidelity and Guaranty Company v. Canady, ___ W. Va. ___, 460 S.E.2d 677 (1995). In that case, an attorney sent an e-mail message to one client that had as an attachment a letter from the attorney to another of his clients. The e-mail was sent not via an internal e-mail system but via the Internet. The court held that the means of transmission did not alter the nature of the protection afforded by the attorney-client privilege for the attached letter; therefore, the e-mail relating to the substance of the privileged letter was privileged as well. At least one ethics opinion has clouded the issue, however. South Carolina Ethics Advisory Committee Opinion No. 94-27 (1994) held that the attorney-client privilege was unavailable to communications between an attorney and client made via the Internet becuase the system operators of the on-line service may gain access to all communications that occur on the on-line service. IV. RECOMMENDATIONS Since there is law to suggest that the attorney-client privilege is waived if someone can peek at the message, the most obvious response a lawyer can make is to ensure that all communications are encrypted. See In re Horowitz, 482 F.2d 72, 82 (2d Cir. 1973) (it is not asking toomuch to insist that if a client wishes to preserve the attorney-client privilege, he must take some affirmative action to preserve confidentiality). An analogy can be made to sending attorney-client communications by post-card. If an attorney knows that by sending a post-card, the whole world can peek at the communication, the least the attorney can do is put the communication in an envelope. The PGP encryption program is simple yet effective. Indeed, it is so simple and so effective that the failure to use encryption may subject an attorney to a charge of breach of the duty of due care. PGP is the most popular method of e-mail encryption and is available for essentially all operating systems and platforms. Since it is so popular, there is a good chance that clients may already have PGP on their own computers. PGP is available as freeware for private use by individuals from http://web.mit.edu/network/pgp.html. Since PGP use by a law firm would be a commercial use, PGP for Business Security is available for $99 from http://www.pgp.com/products/business/pgp-biz-55.cgi. PGP uses a method of encryption known as public key encryption. That is, each PGP user has two keys, a public key to encrypt messages, and a private key to decrypt those messages. The public key can be published and distributed widely without compromising the security of the private key. Anyone can use the recipient's public key to encrypt messages to that person, and no one but that recipient can decrypt those messages, since no one else has the private key. Not even the sender who encrypted the message can decrypt it. PGP can also serve to authenticate an e-mail message. The sender's own private key can be used to "sign" a message, by inserting a small encrypted message at the end of the e-mail. The recipient uses the sender's public key to verify that signature, thus proving that the sender was the true originator the message and that has not been altered subsequently by anyone else, since only the sender has the private key that made the "signature." Forgery of a signed message is infeasible. (For additional information on PGP, an excellent resource is the PGP-Users Mailing List Home Page, http://pgp.rivertown.net.) Since both the sender and the recipient need keys, each must have PGP on their computers. Not all clients will be willing to install an additional program on their machines, and go through the process of creating public and private keys, just to receive messages from their attorneys. In addition, PGP is the gold standard of e-mail encryption, suitable for preserving corporate secrets or missile launch codes. It is the equivalent of sending a bombproof safe through the mail. If you just want to put your e-mail message in the electronic equivalent of an envelope (a tightly sealed one, though), you can use Norton Secret Stuff, available as freeware for Windows from Symantec, http://www.symantec.com/nss/fs_nss.html. Secret Stuff creates self-decrypting archives, which can be sent as e-mail attachments. The recipient saves the attachment to disk, double-clicks it, and enters a previously agreed-upon password. The recipient need not have Secret Stuff installed on his or her computer. Since Secret Stuff uses only 32-bit encryption, it is not as secure as PGP and will not stop a determined snoop, but it will suffice to keep prying eyes from seeing privileged communications. For those who use Macintosh, a comparable program is Enigma, available for $20 from The Next Wave Software, http://www.thenextwave.com/EnigmaHP-Mac.html. Laura W. Morgan is a Senior Attorney in Family Law at the National Legal Research Group, in Charlottesville, Virginia, a firm that writes memoranda and briefs for attorneys nationwide. Ms. Morgan is the author of "Child Support Guidelines: Interpretation and Application," and is currently Chair of the Child Support Committee of the American Bar Association Family Law Section. She can be reached at: goddess@supportguidelines.com, or phone 1-800-727-6574 or 1-804-977-5690
and LawTek Media Group, LLC all rights reserved No information or materials posted here are intended to constitute legal advice, nor can we guarantee the accuracy of posted information, especially as to each individual situation. LawTek does not independently check the information contained herein and does not refer or endorse any product, service, or firm. This site does not constitute an attorney-client relationship; local counsel should always be consulted.
FAM-LAW-LIT: A SURVEY OF CURRENT PERIODICAL LITERATURE ADDRESSING FAMILY LAW ISSUESFamily Law Advisor® HOME PAGE |