by Kevin Crews
With the development and increased use of e-mail, e-filing, e-service, and e-discovery, technology has become an important part of any modern law practice. Loving the latest iPhone app or abhorring technology’s ceaseless encroachment on daily life is a choice each lawyer can make. But no matter what, technology plays a role in the modern practice of law. Technology is everywhere and poses risks. Lawyers must understand technology in order to avoid its dangers.
The rules of professional conduct don’t change as technology changes. In 2000, The Florida Bar acknowledged the rules of professional conduct extend to uses associated with the Internet.1 Since then, with the increase in various forms of technology, risks have only multiplied.
For example, in Iowa, one attorney was disciplined in part for not responding to 35 text messages from a client — thereby not diligently representing the client.2 Text messaging is just one of the numerous applications of technology that could present risks. Misusing technology or not understanding it should not be excuses for improper conduct.
Further, lawyers still must protect client confidences, pursuant to Rule 4-1.6,3 despite the increasing risk of inadvertently breaching confidentiality when using modern electronic tools. Lawyers instinctively know not to talk about confidential information when someone else is listening. The same principles apply to protect confidences when using electronic tools. Unfortunately, it is more difficult — and not always as instinctive — to know when confidentiality is in jeopardy when using technology.
To minimize risk, lawyers need to learn about technology in order to understand when confidential information is in danger. The following investigates a few of the current areas of risk posed by technology.
Background: The Only Constant is Change
Lawyers tend to resist change, due in large part to ethical demands to protect client confidences and the danger posed by new tools. Modern skepticism toward technology may be similar to the feelings attorneys had when the telegraph came into existence in the 1850s. Telegrams could be intercepted if unauthorized people tapped the wire.4 Therefore, lawyers were reluctant to embrace the technology at first.5 Lawyers knew they needed to integrate technology, but approached it cautiously.6
In the modern world, lawyers still need to welcome technology in order to stay relevant. As long as lawyers embrace technology thoughtfully, they can embrace it thoroughly.
Risk Area: E-filing and E-service
No one wants to be the attorney in Maryland who failed to answer key requests because a “blizzard of electronic filings” caused the paralegal monitoring the system for new files to miss a key document.7 The court would not allow the attorney to cure a mistake caused by the “oversight” of the paralegal and the supervising attorney.8 Therefore, it is imperative for lawyers to ensure they have systems and operating procedures in place to minimize the risk of oversights.
E-filing is a fact of life.9 In 2012, The Florida Bar noted lawyers can provide their login credentials to “trusted” nonlawyer employees.10 These employees can file documents at the lawyer’s direction, just as nonlawyers have long been able to file paper documents with the clerk.11
Many lawyers are fearful of e-filing “because of many attorneys’ lack of computer knowledge.”12 But lack of knowledge cannot be an excuse. The best way to reduce anxiety is to gain comfort with the use of e-filing systems and develop a strong network of tech-savvy assistants or peers. This comfort level can be developed with education and support.13
Attorneys and staff should take advantage of any online training, such as the thorough training provided for e-filing in federal bankruptcy court.14 Also, the Florida Courts E-Filing Authority and Florida Bar website have numerous resources, manuals, and videos to help lawyers transition to mandatory e-filing procedures.15 Proper training and care during the e-filing process are the best ways to mitigate risk.
To manage the voluminous flow of electronic documents without making mistakes that would breach confidentiality, law firms need to have clearly assigned responsibilities to ensure nothing is missed and everything goes to the right audience. Sole practitioners without an assistant have even greater challenges and must create an efficient system to process electronic files.
All lawyers, particularly those in small practice, need to ensure their client database of record, whether it is a legal practice management software or customer relationship management (CRM) software, is properly configured and integrated with other programs for efficient use. For example, lawyers should make sure all integration capabilities with Microsoft Outlook and other computer software are enabled to allow documents to be quickly imported and properly filed from email to the database of record. This capability allows for the most efficient use of the software.
Risk Area: Email
In addition to now being the method to receive e-served documents, email is an extremely useful way to communicate. And like other written forms of communication, there is value in some situations to have a record of communication.
But there are numerous mistakes lawyers can make with email that would violate confidentiality, from sending an email to the wrong person, to attaching the wrong file. In 1999, the American Bar Association (ABA) stated that email can be used to communicate, because the chances of having messages intercepted is the same as other means of communications, such as phone calls.16 Since email is the standard means of communication in many instances, lawyers must take reasonable preventative steps to use email systems properly. Being moderately “tech-savvy” is a job requirement for the modern lawyer.
When using email, the ABA noted lawyers should not send emails to a client’s work email and should advise clients against emailing about personal legal matters from their place of work.17 Employers may be able to obtain email records from all employees.18 Also, even if a lawyer thinks he or she is emailing a client directly, the message could be received on a shared computer or via a shared email address, where multiple people in a home can access the messages.19 The email may also come to a phone or mobile device, so if someone borrowed the client’s device, they may be able to access the email, even without the password.
One situation from Ohio demonstrated the interplay and dangers of email and confidential information. A lawyer — chief legal counsel for the Ohio Department of Public Safety — correctly recognized that employees had no expectation of privacy with company email. But in trying to find the source of employees who were leaking information to the media, the lawyer had the IT department set up a filter to forward him all messages employees sent to media outlets. The filter captured some confidential emails that represented valid state investigatory business, so the Ohio Supreme Court suspended the lawyer for the confidentiality breach.20
Many small firms will not have these types of complex problems. But it is important for all attorneys to recognize the risks of ethical violations when using technology. In practical terms, the best way to mitigate risk is to ask the client which email address to use and question whether other people can access it. If something extremely sensitive needs to be conveyed, face-to-face meetings or phone calls might be a better option to ensure a message is directly and confidentially conveyed.
There also are numerous steps lawyers can take to help manage email volume and use the system efficiently, which in turn will help mitigate the risk of confidentiality breaches. There are numerous business resources available that lawyers should review for self-improvement. For example, the Harvard Business School’s “Working Knowledge” archive contains practical tips to manage emails:
• When copying lots of people, specifically state why each party should care.
• Edit forwarded messages to ensure nothing unwanted accidently goes to a wrong party.
• Use subjects to summarize, not describe.21
To address the problems caused by high volumes of emails, offices must have a comprehensive email filing system, which may be as simple as creating rules and folders to automatically sort and manage emails. There are numerous free resources to learn how to create rules that group messages based on subject, sender, word, etc.22 Lawyers can also designate staff to filter and follow up with email and create specific job responsibilities. Creating office procedures or setting up rules and subfolders can be painstaking, but it is essential. Doing nothing will result in being overwhelmed.
Risk Area: Public Wi-Fi
Accessing the Internet via free public Wi-Fi could create disaster because third parties could potentially intercept the transmission and prying eyes could read confidential data. Thus, lawyers should be fearful of using public Wi-Fi.
To avoid disaster, some sources recommend taking the following steps to ensure security on public networks:
• Avoid automatically connecting to hotspots, check the network’s name, and choose WPA2 if possible (but realize that some network names could be fraudulent).
• Only use sites that begin with “https” (not just “http”) whenever possible.
• Install and use a VPN (virtual private network) to create a secured connection.23
If in doubt about a particular network, attorneys should avoid performing sensitive work when connected to the network. If work must be done remotely, VPNs or mobile hot spots obtained from cellular phone carriers might provide a reasonable way to work securely. But lawyers must question their communications vendor and understand the security features of each service.
Risk Area: Cloud Computing
Many lawyers utilize “cloud-computing” software, which provides a convenient and useful way to access files from any computer and share files with others.24 This technology requires a third-party provider to host files on their servers.25 Therefore, it raises confidentiality issues because lawyers entrust confidential information with a third party.26
The Florida Bar Journal’s November 2011 issue discussed the benefits and risks of cloud computing.27 Since then, in early 2013, The Florida Bar Proposed Advisory Opinion 12-3 discussed concerns with cloud computing. The opinion stated lawyers can use cloud-computing software, but must take reasonable precautions to protect confidences.28 The opinion recommended lawyers make the following determinations to choose a service provider that will protect confidences:
• Whether the provider will notify the lawyer if served with process requiring the production of client information.
• Whether the provider retains the information after termination of the business relationship.
• Whether the provider gets “any proprietary or user rights” to the data.
• Whether the site is password protected or encrypted.
• Whether the lawyer can maintain a backup copy not on the provider’s servers.29
Addressing these factors when choosing a service provider is essential to mitigate risk. It takes time to perform this due diligence in picking a provider, but it is a requirement of the practice of law in the modern world.
Risk Area: Metadata
Metadata is “information about a particular data set which describes how, when, and by whom it was collected, created, accessed, modified and how it is formatted.” In general, metadata occurs within word processing, spreadsheet, and presentation programs.30 This information is saved invisibly in documents and can show who authored the document, when it was altered, etc. Thus, the document may reveal more than shows on the page, and lawyers must take care to avoid inadvertently revealing confidential information.
Attorneys should take steps to strip metadata before sending files; numerous user guides are available on Microsoft sites.31 Also, The Florida Bar Journal from October 2008 is a great reference guide because it contained essential recommendations and step-by-step instructions about how to monitor metadata and remove confidential information from files.32
Further, if information is received that inadvertently contains metadata, Florida Bar Ethics Opinion 06-2 states, “a lawyer receiving an electronic document should not try to obtain information from metadata that the lawyer knows or should know is not intended for the receiving lawyer. A lawyer who inadvertently receives information via metadata in an electronic document should notify the sender of the information’s receipt.”33 For example, if lawyers receive electronic documents from an opposing attorney, they should not look into the metadata or attempt to mine the data in any way to determine who wrote it or any other characteristics of the document.
Risk Area: Devices
Finally, technological devices themselves pose risks. When copying, scanning, faxing, or using CDs, flashdrives, cell phones, or other devices, the machine may retain a copy of the file on its internal memory. To reduce the risk of confidential data being inadvertently lost, The Florida Bar noted, “a lawyer has a duty to obtain adequate assurances that the [d]evice has been stripped of all confidential information before disposition of the [d]evice.”34 Additionally, lawyers must inventory devices and monitor use in order to ensure confidentiality is maintained.35 These steps will help ensure employees do not inadvertently breach technology.
Technology has the potential for destroying confidentiality, particularly if lawyers do not know the risks. Lawyers must use technology smartly; being moderately “tech-savvy” is a de facto job requirement for today’s lawyers. The best way to use technology properly is to understand it, which will allow lawyers to create thoughtful — and effective — policies and operating procedures to manage electronic files and messages.
1 Fla. Bar Ethics Op. 00-4 (2000).
2 Iowa Supreme Court Atty. Disciplinary Bd. v. Humphrey, 812 N.W.2d 659, 661 (Iowa 2012).
3 Fla. Rules of Prof’l Conduct R. 4-1.6.
4 Colleen L. Rest, Electronic Mail and Confidential Client-Attorney Communications: Risk Management, 48 Case W. Res. L. Rev. 309, 310 (1998).
7 Wilson v. John Crane, Inc., 385 Md. 185, 215 (Md. 2005).
9 See In re Amendments to Florida Rules of Civil Procedure, Florida Rules of Judicial Admin., Florida Rules of Criminal Procedure, Florida Probate Rules, Florida Small Claims Rules, Florida Rules of Juvenile Procedure, Florida Rules of Appellate Procedure, & Florida Family Law Rules of Procedure — Elec. Filing, 102 So. 3d 451 (Fla. 2012).
10 Fla. Bar Ethics Op. 12-2 (2012).
12 Marco B. Koshykar, E-Filing Court Documents: The Possibilities and Progress of E-Filing in New York State, 2004 Syracuse Sci. & Tech. L. Rep. 1 (2004).
14 PACER, Bankruptcy Cm/Ecf Computer-Based Training Modules, http://www.pacer.gov/ecfcbt/bk.
15 Florida Courts E-Filing Authority, http://www.flclerks.com/eFiling_authority.html.
16 ABA Formal Op. No. 99-413 (1999).
17 ABA Formal Op. No. 11-459 (2011).
20 Disciplinary Counsel v. Engel, 132 Ohio St. 3d 105, 107 (Ohio 2012).
21 Harvard Business School: Working Knowledge for Business Leaders, Tips for Mastering E-mail Overload, http://hbswk.hbs.edu/archive/4438.html.
22 Microsoft, Create a Rule, http://office.microsoft.com/en-us/outlook-help/create-a-rule-HP005242897.aspx.
23 Riva Richmond, Three Tips for Using Public Wi-Fi Safely, Entrepreneur (Dec. 2011), available at http://www.entrepreneur.com/article/222518.
24 Proposed Fla. Bar Ethics Op. 12-3 (2013) (Ethics Opinion On Cloud Computing).
27 Jonathan Baker, Flying in the Clouds: Practicing Law by Cloud Computing, 85 Fla. B. J. 57 (Nov. 2011), available at http://www.floridabar.org/DIVCOM/JN/JNJournal01.nsf/c0d731e03de9828d852574580042ae7a/b7cbd38d2cdb8636852579360050d069!OpenDocument&Highlight=0,cloud,computing*.
30 Nicole O’Neal, Metadata: The Future Impact of Invisible Data on E-discovery in Florida, 81 Fla. B. J. 20 (Dec. 2007), available at http://www.floridabar.org/DIVCOM/JN/JNJournal01.nsf/c0d731e03de9828d852574580042ae7a/29f99f1e8be8e8858525739f004b84be!OpenDocument&Highlight=0,*.
31 Microsoft, Find and Remove Metadata (Hidden Information) in your Legal Documents, http://office.microsoft.com/en-us/excel-help/find-and-remove-metadata-hidden-information-in-your-legal-documents-HA001077646.aspx .
32 David Hricik & Chase Edward Scott, Metadata: The Ghosts Haunting e-Documents, 82 Fla. B. J. 32 (Oct. 2008), available at http://www.floridabar.org/DIVCOM/JN/JNJournal01.nsf/c0d731e03de9828d852574580042ae7a/4cbebfe4c3c37ed7852574ce005ace92!OpenDocument&Highlight=0,metadata*.
33 Fla. Bar Ethics Op. 06-2 (2006).
34 Fla. Bar Ethics Op. 10-2 (2010).
Kevin Crews is the winner of the 2013 Law Student Essay Contest sponsored by Florida Lawyers Mutual Insurance Company, the Young Lawyers Division of The Florida Bar, the General Practice, Solo and Small Firm Section of The Florida Bar, and The Henry Latimer Center for Professionalism. The essay contest, which is in its third year, was created to raise law students’ awareness of practice risks surrounding current issues of concern to the legal profession and best practices to manage identified risks. This year’s judges included representatives of the sponsoring organizations and Ninth Judicial Circuit Judge Robert LeBlanc. Crews will receive a $750 cash award at The Florida Lawyers Mutual Insurance Company’s annual meeting to be held during The Florida Bar Annual Convention in June in Boca Raton.
This column is submitted on behalf of the Young Lawyers Division, Paige Adonna Greenlee, president.