All posts by Stuart

I am the "CLE Performer." I give entertaining and important CLE seminars on ethics issues and and critical lawyering skills. My goal is to help lawyers stay out of trouble.

The Hidden, but Fixable Danger with PDFs

Imagine this hypo: You’re working on a transaction for a client, and the lending institution needs to send money to your trust account on your client’s behalf.  

— Stay with me — this is not going where you think —  

The lender sends you a fillable PDF form where you’re supposed to provide your wiring information (routing number, account number, etc). You open the document, type all of the information in the fields as required, and email it to the lender.  Obviously there’s the danger of someone intercepting these types of messages so a host of precautionary measures have been put into place and you comply with each.  Let’s say that such precautions even include that the lending representatives call you after receiving the document and read back the wiring instructions to ensure that everything’s kosher.  Despite all of these efforts, you were still scammed — the money never made it to your trust account and no one knows why.  Here’s how it happened: 

Remember that I said the document was a “fillable” PDF? You opened the PDF on your computer, typed in the required information in the fields, then sent the file as a “document” to the lender.  Well, when you sent the document that way, you left all of those “fillable” sections as, well…”fillable.”  Those fields could still be changed by someone because you didn’t lock the document.  

So here’s what happened in the hypo above: after making the call to you and confirming the account information, someone in the bank opened the file, changed that account number/routing number and diverted the money into some other account.  They were able to do that because the document you filled out was a “fillable” PDF and you simply emailed it as a document to the other party.  By emailing it as a “document” the information in the fields could still be changed.  So even after all of the protocols at the lending institution were adhered to, there was still an opportunity for someone with access to the document to change the numbers on the PDF.

The good news? There is a way to avoid this.   

Instead of sending the form as a “document” you should have “flattened” the document. Flattening a document basically locks all of those fillable sections. There are a few ways you could do that.  First, if you get a drop down menu when you try to send the file you might have the option to mail the attachment as a “flattened” document. Another alternative is to save the document as flattened before you email it (you may have to “Print” the document to a PDF then save a “flattened” version of the form). Disclaimer: I’m no tech expert— my job is to point out the dangers, but I don’t claim to be an expert on how to fix them.  I think the procedures I outlined above are correct, but talk to your IT people to ensure that I’m right in that regard.  

Obviously this goes beyond just bank account information.  People can modify any fields in a fillable PDF if the document isn’t locked before transmitting.  That’s why every time you send a fillable PDF you need to flatten it or otherwise lock it to ensure that no one else can change it’s contents after emailing.  

This sort of knowledge is the type of thing that our ethics rules demand. Specifically, it’s about competence.  Rule 1.1 requires that lawyers have the, “legal knowledge, skill, thoroughness and preparation reasonably necessary for the representation.” The commentary to that rule explains that, “Competent handling of a particular matter includes…[the] use of methods and procedures meeting the standards of competent practitioners. Rule 1.1, Comment [5]. In addition, the new California Rule on Competence requires that lawyers apply the learning and skill that is reasonably necessary for the performance of the legal service. CA RPC 1.1(b) 

Is understanding the dangers of fillable PDFs considered to be part of the “methods and procedures,” or part of the skill that is “reasonably necessary for performance” of the legal services?  It is now. Maybe it wasn’t last year, but it is today. That’s because our duty of competence evolves. We are required to understand the ethical implications of technology as these new technologies become integrated with the practice. See, State Bar of California, Standing Committee on Professional Responsibility and Conduct, Formal Opinion 2015-193. I don’t think there’s any question that PDFs are integrated with the practice of law. Of course, if my opinion doesn’t convince you, also consider that the issue of fillable PDFs was recently part of a best practices update that was sent to attorneys who work for the federal government.  And you know what I always say about the government…if they’re thinking about it, you need to be thinking about it.  

Share

Lawyers Need to Stop Using Gmail Immediately

Lawyers need to stop using gmail for their practice right now.  An article in the Wall Street Journal made it very clear that lawyers who use the system are doing so at their ethical peril.

(Watch the video, or continue reading below)

To understand why I feel this way you need a slight history lesson. Go back to the 90s when email first became popular.  For those of use who are old enough to recall, lawyers couldn’t use email in their practice because it was unencrypted. Our duty to safeguard client confidences per Rules 1.1 and 1.6 prohibited us from using the tool.  The ABA and state bars across the country deemed that unencrypted email was too insecure and that lawyers who used it weren’t taking the necessary steps to fulfill their duty of protecting clients’ confidential information.  So what changed? Today email is generally still unencrypted, but lawyers use it every day (yes, there have been recent opinions which question whether we should continue to use unencrypted email, but it is permitted in a variety of instances). Here’s the change— Congress criminalized the interception of email.  

Once Congress made the interception of email a crime, the powers that be agreed that lawyers had a reasonable expectation of privacy in using the medium. The key phrase is a “reasonable expectation of privacy.”  The ABA issued a formal opinion in 1999 confirming that idea:

“The Committee believes that e-mail communications, including those sent unencrypted over the Internet, pose no greater risk of interception or disclosure than other modes of communication commonly relied upon as having a reasonable expectation of privacy. The level of legal protection accorded e-mail transmissions, like that accorded other modes of electronic communication, also supports the reasonableness of an expectation of privacy for unencrypted e-mail transmissions. The risk of unauthorized interception and disclosure exists in every medium of communication, including e-mail. It is not, however, reasonable to require that a mode of communicating information must be avoided simply because interception is technologically possible, especially when unauthorized interception or dissemination of the information is a violation of law. The Committee concludes, based upon current technology and law as we are informed of it, that a lawyer sending confidential client information by unencrypted e-mail does not violate Model Rule 1.6(a) in choosing that mode to communicate. This is principally because there is a reasonable expectation of privacy in its use.”

So what about the Gmail connection? Well, that standard — the reasonable expectation of privacy — was a key consideration for the New York State Bar Association when it opined about the permissibility of free email services like Gmail.  In its Opinion 820, the New York State Bar Association voiced concern about systems like Gmail because Google used advertising to keep the service free. In return for providing the email service, “the provider’s computers scan e-mails and send or display targeted advertising to the user of the service. The e-mail provider identifies the presumed interests of the service’s user by scanning for keywords in e-mails opened by the user. The provider’s computers then send advertising that reflects the keywords in the e-mail.”  The obvious problem is that if we’re using the email system for client work, then we’re allowing the provider to scan confidential information. 

The NY authorities, however, said that all of this was okay.  Even though the email messages are scanned humans don’t actually do the scanning.  Rather, only computers engage in that task.  Thus, they stated that “merely scanning the content of e-mails by computer to generate computer advertising…does not pose a threat to client confidentiality, because the practice does not increase the risk of others obtaining knowledge of the e-mails or access to the e-mails’ content.”  In other words, lawyers had a reasonable expectation of privacy when using the service.

Today there’s been a big change. 

Big.

On September 21, 2018 the Wall Street Journal reported that Google shares Gmail information with its app developers. But what’s important is the type of information that’s being shared and who view it (remember something— here we’re not worried about privacy issues related to data sharing…this is different…this is about the lawyer’s duty to protect confidential information).  The WSJ article revealed that:

Google Inc. told lawmakers it continues to allow other companies to scan and share data from Gmail accounts…the company allows app developers to scan Gmail accounts…outside app developers can access information about what products people buy, where they travel and which friends and colleagues they interact with the most. In some cases, employees at these app companies have read people’s actual emails in order to improve their software algorithms. [emphases added]

Did you get that last part? There are real human beings who are reading the contents of Gmail messages.  What we know from NY Opinion 780 is that if human beings are reading the lawyer emails, then lawyers no longer have a reasonable expectation of privacy in Gmail.  

Sure, we lack some specific data about which emails are read, but that doesn’t change the conclusion.  We might not know if lawyers’ messages in particular were included in the messages that were scanned.  But that’s sort of exactly the problem — we don’t know.  And we don’t have any way to control or restrict the app developers from reading anyone’s emails, including our practice-related emails.  Because of that reality I don’t think that lawyers have a reasonable expectation of privacy in using Gmail any more.  Our duty to protect client confidences set forth in Rule 1.6 precludes us from using the service.  I’ll tell you the truth, it actually looks like no one — lawyer or otherwise — has a reasonable expectation of privacy with the platform.  That’s why I think lawyers need to stop using Gmail for practice related matters immediately.

Share

I have no idea why they wrote this opinion…

In 2018 there as was opinion issued by the American Bar Association and — for the life of me — I don’t understand why they wrote this opinion.

Formal Opinion 481 entitled, “A Lawyer’s Duty to Inform a Current or Former Client of the Lawyer’s Material Error” was issued on April 17, 2018.

There’s nothing so earth shattering about requiring a lawyer to notify a client when there is material error. In fact, it’s obvious and basic. In fact, the drafters of this opinion go through a bunch of advisory opinions from across the country and confirm that the requirement has been around for a while. At one point they even admit that they’re really not presenting anything new.  In addressing those other opinions they state, “These opinions provide helpful guidance to lawyers, but they do not—just as we do not—purport to precisely define the scope of a lawyer’s disclosure obligations.” 

Um…okay. 

So why are you wasting this paper? 

The next sentence sorta tells us: “Still, the Committee believes that lawyers deserve more specific guidance in evaluating their duty to disclose errors to current clients than has previously been available.” ABA Op. 481 at 4

If there’s any value to the opinion, it’s in the definition of when an error is considered to be “material.”  They state, “…a lawyer must inform a current client of a material error committed by the lawyer in the representation. An error is material if a disinterested lawyer would conclude that it is (a) reasonably likely to harm or prejudice a client; or (b) of such a nature that it would reasonably cause a client to consider terminating the representation even in the absence of harm or prejudice.” ABA op. 481 at 4.

Oh, but this only applies if the client is a “current” client. That’s because even though a lawyer must inform a current client of a material error, “Rule 1.4 imposes no similar duty to former clients.” ABA Op. 481, at 7. 

Thanks for this guidance.  I think. 

Share

Wait, so you’re saying zealous is bad??

 

Believe it or not, but there are critics of our ethics rules. I know what you’re thinking, “How could that be? They are PERFECT.”  I’m sorry to burst your bubble, but there really are scholars who have taken shots at the code.

One of the biggest complaints is that the current code amounts to nothing more than a how-to manual.  How-to stay away from a grievance.  Surely you’re wondering how that can be a bad thing!  Well, staying away from grievances is good, but is that all our ethics code is really supposed to be about? The critics contend that the current code is harsh and devoid of the aspirational goals and the statements of morality that could be found in the predecessor codes. It’s a valid point, but I understand why the code is written that way.  To get a real picture for what I mean, you need consider Watergate.  Yup, the actual Watergate fiasco.

After the fallout from that disaster, the powers that be realized that many of the people implicated in the scandal were lawyers.  Plus, many of the lawyers implicated— and many of their colleagues across the country — really didn’t take the ethics rules seriously.  As a result, the authorities had to reform the code and I believe that’s why they created such a harsh set of rules.  I believe that they took out the aspirational elements from the disciplinary rules because they had to reinforce the idea that there really would be disciplinary action if you acted inappropriately.  The problem? In doing so, they removed all of the morality from the code.

The current code tells us how we “could” act.  It tell us when our actions are subject us to discipline.  it does not, however, tells us how we “should” behave.  

That’s an important distinction.  In other words, just because we “could” do something, does it mean we “should” be doing it?  Just because some action taken in the course of our practice won’t subject us to discipline, is it still “right” to take that action?  That disconnect is something the drafters have been considering since the publication of the modern code in 1983.  And over the years you’ve started to see a flurry of new “professionalism documents” being adopted across the country.  Basically, these professionalism codes are trying to reinforce the need to behave in a morally acceptable way.  Though they are the product of individual states, the all seem to share the same sentiment— they are talking about how we “should” be behaving.  

One word that you don’t see in many of these new professionalism documents is “zealous.”  The reason is clear.  The word zealous has been used by many lawyers to cover up all manner of sins (yes, that was a Watergate shout-out)  I shudder to think about how many ethical violations have been committed in the name of zealous advocacy.  I believe that the drafters have the same concern.  I believe they know that lawyers push the edge too far, and try to cover it up by claiming to be “zealous.” Well, I believe that lawyers need to start thinking about behaving in a morally acceptable manner.  We need to voluntarily aspire to behave better.  And that might not be compatible with the old school definition of zealous (just for the record— I am old school age.  But I’d like to think that I’m learning some new tricks).

I explore the relationship between what we “could” do and what we “should” do a little more in a CLE program I recorded called “The Dirtiest Word in Ethics, Zealous.”  In that program I also provide my version of the optimal lawyer attitude (sorry, no spoilers!)  You can find that program by clicking here.

Share

How are lawyers STILL making this mistake?

I watched an ethics violation unfold right next to me today. So, of course, I had to vlog about it.  Scroll below for the transcript if you don’t want to watch the video.

I’m on the road, minding my own business in my usual breakfast joint, enjoying my Spinach Feta Egg White Wrap and Grande Non-Fat Latte.  The breakfast of Champions.  Three guys sit down next to me and start to talk.  Here’s what I know: these guys are lawyers and they are involved in a suit about a particular kitchen accessory. The guy against the wall flew in from Washington DC this morning and he appears to be an expert or specialized legal counsel of some sort.

It appears that the expert (that’s what I’ll call him) is going to give testimony today and these guys are talking about the best approach.  They’ve talked about statistics and the design of the product at issue. The expert is laying out the various ways the team could approach the matter and he’s giving examples of testimony that’s been given in previous cases.

The reason I know the case is about a kitchen appliance [[arrow]]  is because one of the lawyers brought one into the coffee shop and it’s sitting on the table next to them. The expert keeps putting his hand on it and talking about it. You don’t have to be Sherlock Holes to figure this stuff out. I heard the name of one of the the Judges involved in the case, I heard that they’ve submitted mediation statements, and I heard a whole lot of substance that this expert is going to be addressing.

The reason I know all of this is because I COULD HEAR EVERYTHING THEY WERE SAYING. I wasn’t eavesdropping, I was just sitting about 24 inches away from them at the next table in a public coffee shop.

This, people, is why I continue to have a job.

The very first thing we teach in law school about confidentiality is that you shouldn’t be talking about your clients’ matters in public places. I mean, the hypos we use talk about actually include restaurants in the fact pattern.   It’s so basic, that if I were to mention this at the ethics program I’m delivering tomorrow, the lawyers in the firm would roll their eyes at me. “Who would be so stupid to do something like that?” they’d say.  “Come on- talk to us about a more sophisticated issue.” But this is real life.  And this happens all the time.  Most of us who get into trouble don’t do something outlandish like steal from a trust account or forge a document.  We make stupid mistakes because we let our guard down in every day situations.

Do you think those lawyers knew that they were sitting next to someone who investigates ethics grievances? Do you think they had any idea at all that I was sitting right next to them tearing them to ethical pieces? NO. Do you know why? Because they suffer from a malady that we all have at one time or another.  “Little old me” syndrome. Do you really think that someone is listening to what I have to say? Little old me? Who really cares about listening to little old me?

The answer is everyone is listening to everything you say and everything you write.  You have GOT to have a heightened state of awareness about these things.  There is no such thing as “little old me.” It’s BIG OLD YOU and you’re a constant target.

Even though I’m going on about this for a while, this entire escapade actually happened very quickly. And I was just going to leave well enough alone because it seemed as if they were going to leave.  But then, another guy showed up and he started speaking louder, which prompted one of the first guys to stand up and basically shout.

I couldn’t take it anymore.  I packed my bag up, threw on my jacket and as I walked out I tapped the standing guy on the shoulder and said, “Could I steal you for a minute?” We walked a few feet away from the tables and I said, “I teach professional responsibility for a living. Stop talking about your client’s files in a public place like this. Someone’s going to overhear you and you’re gonna get smacked for it.  I’m just trying to help you out.”  He replied, “Oh, fair point.” And I left.

Share

Shut Your Mouth on Twitter. It’s only going to cause problems for you and the firm

Every day this month I’m going to post a short message called, “Something Smart & Safe.” They’re short video messages that will give lawyers a drop of good direction. My first installment is begging lawyers to stop tweeting about politics — its got problems written all over it.

Want to see the rest of the Smart & Safe posts? Subscribe to my YouTube Channel here.

 

Share