Tag Archives: email

Lawyers Need to Stop Using Gmail Immediately

Lawyers need to stop using gmail for their practice right now.  An article in the Wall Street Journal made it very clear that lawyers who use the system are doing so at their ethical peril.

(Watch the video, or continue reading below)

To understand why I feel this way you need a slight history lesson. Go back to the 90s when email first became popular.  For those of use who are old enough to recall, lawyers couldn’t use email in their practice because it was unencrypted. Our duty to safeguard client confidences per Rules 1.1 and 1.6 prohibited us from using the tool.  The ABA and state bars across the country deemed that unencrypted email was too insecure and that lawyers who used it weren’t taking the necessary steps to fulfill their duty of protecting clients’ confidential information.  So what changed? Today email is generally still unencrypted, but lawyers use it every day (yes, there have been recent opinions which question whether we should continue to use unencrypted email, but it is permitted in a variety of instances). Here’s the change— Congress criminalized the interception of email.  

Once Congress made the interception of email a crime, the powers that be agreed that lawyers had a reasonable expectation of privacy in using the medium. The key phrase is a “reasonable expectation of privacy.”  The ABA issued a formal opinion in 1999 confirming that idea:

“The Committee believes that e-mail communications, including those sent unencrypted over the Internet, pose no greater risk of interception or disclosure than other modes of communication commonly relied upon as having a reasonable expectation of privacy. The level of legal protection accorded e-mail transmissions, like that accorded other modes of electronic communication, also supports the reasonableness of an expectation of privacy for unencrypted e-mail transmissions. The risk of unauthorized interception and disclosure exists in every medium of communication, including e-mail. It is not, however, reasonable to require that a mode of communicating information must be avoided simply because interception is technologically possible, especially when unauthorized interception or dissemination of the information is a violation of law. The Committee concludes, based upon current technology and law as we are informed of it, that a lawyer sending confidential client information by unencrypted e-mail does not violate Model Rule 1.6(a) in choosing that mode to communicate. This is principally because there is a reasonable expectation of privacy in its use.”

So what about the Gmail connection? Well, that standard — the reasonable expectation of privacy — was a key consideration for the New York State Bar Association when it opined about the permissibility of free email services like Gmail.  In its Opinion 820, the New York State Bar Association voiced concern about systems like Gmail because Google used advertising to keep the service free. In return for providing the email service, “the provider’s computers scan e-mails and send or display targeted advertising to the user of the service. The e-mail provider identifies the presumed interests of the service’s user by scanning for keywords in e-mails opened by the user. The provider’s computers then send advertising that reflects the keywords in the e-mail.”  The obvious problem is that if we’re using the email system for client work, then we’re allowing the provider to scan confidential information. 

The NY authorities, however, said that all of this was okay.  Even though the email messages are scanned humans don’t actually do the scanning.  Rather, only computers engage in that task.  Thus, they stated that “merely scanning the content of e-mails by computer to generate computer advertising…does not pose a threat to client confidentiality, because the practice does not increase the risk of others obtaining knowledge of the e-mails or access to the e-mails’ content.”  In other words, lawyers had a reasonable expectation of privacy when using the service.

Today there’s been a big change. 

Big.

On September 21, 2018 the Wall Street Journal reported that Google shares Gmail information with its app developers. But what’s important is the type of information that’s being shared and who view it (remember something— here we’re not worried about privacy issues related to data sharing…this is different…this is about the lawyer’s duty to protect confidential information).  The WSJ article revealed that:

Google Inc. told lawmakers it continues to allow other companies to scan and share data from Gmail accounts…the company allows app developers to scan Gmail accounts…outside app developers can access information about what products people buy, where they travel and which friends and colleagues they interact with the most. In some cases, employees at these app companies have read people’s actual emails in order to improve their software algorithms. [emphases added]

Did you get that last part? There are real human beings who are reading the contents of Gmail messages.  What we know from NY Opinion 780 is that if human beings are reading the lawyer emails, then lawyers no longer have a reasonable expectation of privacy in Gmail.  

Sure, we lack some specific data about which emails are read, but that doesn’t change the conclusion.  We might not know if lawyers’ messages in particular were included in the messages that were scanned.  But that’s sort of exactly the problem — we don’t know.  And we don’t have any way to control or restrict the app developers from reading anyone’s emails, including our practice-related emails.  Because of that reality I don’t think that lawyers have a reasonable expectation of privacy in using Gmail any more.  Our duty to protect client confidences set forth in Rule 1.6 precludes us from using the service.  I’ll tell you the truth, it actually looks like no one — lawyer or otherwise — has a reasonable expectation of privacy with the platform.  That’s why I think lawyers need to stop using Gmail for practice related matters immediately.

Share

The ABA is late to the tech party….again

Tech gurus around the country have been tweeting about the new ABA opinion like it’s some sort of revelation that was brought down from a mountain on stone tablets.  I don’t know why everyone is going up in arms about this.  Here’s what I think.  The ABA is (a) on point (as usual), and (b) 7 years too late (as usual).  The opinion is 11 pages of stuff that ethics professionals and various states have been shouting for almost a decade.  If you’re a lawyer and you didn’t know the contents of Opinion 477 already, you should be embarrassed.

After all 11 pages, it comes down to the last two sentences of the opinion.  They basically say that lawyers need to take special security precautions to protect  client information if you’re required to do so by agreement (really, you didn’t know that?), by law (someone needed to issue an opinion to tell you that you need to abide by the law?), or when the nature of the information requires a higher degree of security (teachers like me have been preaching that for YEARS). Opinion 477 at 11.

It takes everything in my being not to say, “…duh.”

Of course you need to consider the sensitivity of the information when determining how you communicate that information to your client.  The State of California told us that….in 2010 (go look at Formal Opinion 2010-179. And California did it in only 7 pages).  The ABA even told us that in their revised rules…in 2012.  But now, in 2017, they finally get around to writing this opinion?

All of the information in this opinion is important.  But it should have been issued years ago. “But wait,” you might protest, “Opinion 477 gives some factors to consider.”  Listen— if the seven precautionary recommendations that they list in this opinion are new to you, then here’s a newsflash: You haven’t been meeting your duty of competence for years.  Maybe in their next opinion they’ll give us some more useful tech advice like, “To rename a file, type the following command after the C:\…”  Seriously, this is all coming to us a bit late.

Here’s another helpful nugget from Op. 477:  It reminds us that the rules “may require a lawyer to discuss security safeguards with clients.” Opinion 477 at 5.  People, technology issues like that should be a part of every lawyer’s initial conversation with their client…and it should have been that way already for years.  If you haven’t been talking about it, then you’re in borderline malpractice territory. It also means that you haven’t been listening because every respectable ethics teacher has been shouting about that for almost a decade.

Here’s what I would have tweeted about this opinion (if I had more than 140 characters):

To the lawyers: If any of this is new to you, stop what you’re doing and (a) chastise yourself for being 10 years behind the curve and (b) read the opinion. My gut tells me that there will be a total of 3 lawyers who are surprised by the contents of Opinion 477.

To the ABA: Move quicker and talk less.  You’ll serve all lawyers better.

Share