Computers, Privacy & the Constitution

A Lawyer's Professional Responsibility Duty of Confidentiality in a World of Technology

-- By CoryNelson - 24 Mar 2013


Lawyers are increasingly practicing in a world of technology. While this undoubtedly provides conveniences for the lawyer and efficiency for the client, it also provides opportunity for the unethical disclosure of a client’s confidential information. Namely, client data can be accessed by third parties through unprotected wireless networks, computers, and remote servers such as “the Cloud.” Additionally, lawyer use of personal email, social media, and the way in which client data is disposed of provide opportunities for third party access of client information. Lawyers owe it to their clients to inform themselves of these opportunities, and to protect against them.

Confidentiality Duties

Lawyers have duties relating to the protection of a client’s information, consisting of the “attorney-client privilege” and additional ethical rules in respect of broader “confidential information.”

The attorney-client privilege has historically been defined as “[w]here legal advice of any kind is sought from a professional legal adviser in his capacity as such, the communications relating to that purpose, made in confidence by the client, are at his instance permanently protected from disclosure by himself or by the legal adviser, except the protection may be waived.”[1]

Additionally, state ethical rules impose additional duties of confidentiality with respect to additional information. Rule 1.6 of the Model Rules of Professional Conduct, titled “Confidentiality of Information,” states that:

(a) A lawyer shall not reveal information relating to the representation of a client unless the client gives informed consent, the disclosure is impliedly authorized in order to carry out the representation or the disclosure is permitted by paragraph (b).

(b) A lawyer may reveal information relating to the representation of a client to the extent the lawyer reasonably believes necessary [to meet specified exceptions].

(c) A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.

How can it be to your advantage to waste your space quoting text you can link to in the body of your own text?

Technological Threats to Client Confidentiality

Preventing Unwanted Data Accessing

Practicing law using computers as well as wireless services and technology provides lawyers with significant opportunities for inadvertent or negligent violation of their confidentiality duties. Computers can be remotely accessed by third parties through unprotected wireless networks, and unprotected client data on those computers viewed. Similarly, practice on “the Cloud,” which is essentially a remote server, has been heralded as the future of convenient practice but possesses the potential for third party access of client data as well. In addition to access by third parties via “hacking” or similar activity, lawyers frequently fail to protect such client information from warrantless governmental access, and also do not dispose of client data in a protective manner.

Protection against Hackers and other Observers

Lawyers frequently fail to sufficiently protect client data from hackers and other similar third parties. In a world of technology, such parties are able to access client information stored on the law firm’s computers through unprotected networks. Similarly, legal practice on a remote server such as “the Cloud” allows for the potential access of client information by third parties. While hackers may be able to “hack” the Cloud, additional threats exist from the providers of the Cloud service as well, who certainly would have access to such client information, as well as entities that would have authority over such service providers. To protect client information from these sorts of intrusions, the client’s lawyer should take steps to protect its computers and wireless networks, and should avoid using the Cloud or other similar remote servers. While certainly password protection for law firm computers and networks is a first step, such protection is not likely to protect against a determined hacker and thus the lawyer should also encrypt all client information.

Warrant Requirement Protection

The Lawyer should also structure its storage of client information so as to provide warrant protection from governmental access of such information.

The Fourth Amendment to the United States Constitution states that

"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause . . . “

This has been interpreted to require a warrant before allowing governmental search and seizure for items in one’s house (or law office), but not for data that is floating around “the net.” A lawyer can protect its client’s data by storing such data only in a hard drive in the firm’s office. If a lawyer does this, it will protect its client’s information against governmental access by invoking the Fourth Amendment, thereby requiring a governmental entity to obtain a warrant before accessing such client’s data. Because storage of information on the Cloud does not provide this “warrant protection,” it should be avoided.

Lawyer use of Personal Email and Social Media

The way in which a lawyer uses personal email and social media may also violate that lawyer’s confidentiality duties. Lawyers, like many members of the general population, frequently use such social media as Facebook, Linkedin, Twitter, and Blogger, and utilize such services as Gmail for personal email. Posting information relating to a client matter, even if not naming such client specifically, likely violates confidentiality rules. Additionally, use of such social media and personal email services is frequently tracked by the providers of such services. Consequently, use of such services to communicate client matters (e.g., Gmail or Facebook messages) likely violates a lawyer’s confidentiality duties. To protect against this, a lawyer should refrain from using such tracked services to communicate client matters.

Disposal of Data

The way in which lawyers and law firms dispose of data-containing items also implicates client confidentiality duties. Careless disposal of computers, scanners, or other technologies that store data can allow for third party access, in violation of client confidentiality duties. Consequently, lawyers should be sure to completely wipe all hard drives before disposing of old technology.

So you've basically taken a run-of-the-mill oldstyle legal newsletter piece, with its pre-Web practices of citation, like quoting rather than linking the text of a Model Rule or a Constitutional provision, and added two ideas we discussed in class.

This is a good enough jumping-off point, though we're pretty certain to change most everything on the way. In particular, you've done easy work (work I mostly did for you) in showing why self-storage of encrypted client data better achieves the goals of zealous representative and guardian of confidences. You haven't touched the real issue, the one billions of dollars in snake oil futures doesn't want anyone to touch: whether negligently taking the risks associated with using bad "cloud storage" models are violations of the rules. Keeping physical client papers in an unlocked self-storage warehouse, or one where the warehouse operator kept all the keys, would surely be a basis for a successful disciplinary complaint. Why not here too? Just because Google wants every lawyer to feel safe using Gmail, Google Docs and Google Calendar? Or for some better reasons?


Raymond L. Sweigard, Attorney-client privilege, Business Law Today, Vol. 17, Number 4, March/April 2008.

You are entitled to restrict access to your paper if you want to. But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable. To restrict access to your paper simply delete the "#" character on the next two lines:

Note: TWiki has strict formatting rules for preference declarations. Make sure you preserve the three spaces, asterisk, and extra space at the beginning of these lines. If you wish to give access to any other users simply add them to the comma separated ALLOWTOPICVIEW list.


Webs Webs

r3 - 14 Jan 2015 - 22:44:39 - IanSullivan
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM