Tag Archives: lawyer ethics

Lawyers Need to Stop Using Gmail Immediately

Lawyers need to stop using gmail for their practice right now.  An article in the Wall Street Journal made it very clear that lawyers who use the system are doing so at their ethical peril.

(Watch the video, or continue reading below)

To understand why I feel this way you need a slight history lesson. Go back to the 90s when email first became popular.  For those of use who are old enough to recall, lawyers couldn’t use email in their practice because it was unencrypted. Our duty to safeguard client confidences per Rules 1.1 and 1.6 prohibited us from using the tool.  The ABA and state bars across the country deemed that unencrypted email was too insecure and that lawyers who used it weren’t taking the necessary steps to fulfill their duty of protecting clients’ confidential information.  So what changed? Today email is generally still unencrypted, but lawyers use it every day (yes, there have been recent opinions which question whether we should continue to use unencrypted email, but it is permitted in a variety of instances). Here’s the change— Congress criminalized the interception of email.  

Once Congress made the interception of email a crime, the powers that be agreed that lawyers had a reasonable expectation of privacy in using the medium. The key phrase is a “reasonable expectation of privacy.”  The ABA issued a formal opinion in 1999 confirming that idea:

“The Committee believes that e-mail communications, including those sent unencrypted over the Internet, pose no greater risk of interception or disclosure than other modes of communication commonly relied upon as having a reasonable expectation of privacy. The level of legal protection accorded e-mail transmissions, like that accorded other modes of electronic communication, also supports the reasonableness of an expectation of privacy for unencrypted e-mail transmissions. The risk of unauthorized interception and disclosure exists in every medium of communication, including e-mail. It is not, however, reasonable to require that a mode of communicating information must be avoided simply because interception is technologically possible, especially when unauthorized interception or dissemination of the information is a violation of law. The Committee concludes, based upon current technology and law as we are informed of it, that a lawyer sending confidential client information by unencrypted e-mail does not violate Model Rule 1.6(a) in choosing that mode to communicate. This is principally because there is a reasonable expectation of privacy in its use.”

So what about the Gmail connection? Well, that standard — the reasonable expectation of privacy — was a key consideration for the New York State Bar Association when it opined about the permissibility of free email services like Gmail.  In its Opinion 820, the New York State Bar Association voiced concern about systems like Gmail because Google used advertising to keep the service free. In return for providing the email service, “the provider’s computers scan e-mails and send or display targeted advertising to the user of the service. The e-mail provider identifies the presumed interests of the service’s user by scanning for keywords in e-mails opened by the user. The provider’s computers then send advertising that reflects the keywords in the e-mail.”  The obvious problem is that if we’re using the email system for client work, then we’re allowing the provider to scan confidential information. 

The NY authorities, however, said that all of this was okay.  Even though the email messages are scanned humans don’t actually do the scanning.  Rather, only computers engage in that task.  Thus, they stated that “merely scanning the content of e-mails by computer to generate computer advertising…does not pose a threat to client confidentiality, because the practice does not increase the risk of others obtaining knowledge of the e-mails or access to the e-mails’ content.”  In other words, lawyers had a reasonable expectation of privacy when using the service.

Today there’s been a big change. 

Big.

On September 21, 2018 the Wall Street Journal reported that Google shares Gmail information with its app developers. But what’s important is the type of information that’s being shared and who view it (remember something— here we’re not worried about privacy issues related to data sharing…this is different…this is about the lawyer’s duty to protect confidential information).  The WSJ article revealed that:

Google Inc. told lawmakers it continues to allow other companies to scan and share data from Gmail accounts…the company allows app developers to scan Gmail accounts…outside app developers can access information about what products people buy, where they travel and which friends and colleagues they interact with the most. In some cases, employees at these app companies have read people’s actual emails in order to improve their software algorithms. [emphases added]

Did you get that last part? There are real human beings who are reading the contents of Gmail messages.  What we know from NY Opinion 780 is that if human beings are reading the lawyer emails, then lawyers no longer have a reasonable expectation of privacy in Gmail.  

Sure, we lack some specific data about which emails are read, but that doesn’t change the conclusion.  We might not know if lawyers’ messages in particular were included in the messages that were scanned.  But that’s sort of exactly the problem — we don’t know.  And we don’t have any way to control or restrict the app developers from reading anyone’s emails, including our practice-related emails.  Because of that reality I don’t think that lawyers have a reasonable expectation of privacy in using Gmail any more.  Our duty to protect client confidences set forth in Rule 1.6 precludes us from using the service.  I’ll tell you the truth, it actually looks like no one — lawyer or otherwise — has a reasonable expectation of privacy with the platform.  That’s why I think lawyers need to stop using Gmail for practice related matters immediately.

Share

The Ethical Danger of the Microsoft/LinkedIn Merger

This week it was announced that Microsoft is buying LinkedIn.  There are some hidden attorney ethics implications about which we all need to be aware.

A review of the recent news articles announcing the acquisition reveals that a key motivating factor in Microsoft’s purchase of LinkedIn was access to LinkedIn’s data.  Of course, sharing data is nothing new.  But when companies improve their ability to share our data across various platforms, my ears perk up. Not just because it’s creepy or because of obvious privacy implications. The type of data sharing they’re contemplating in the Microsoft/LinkedIn combination makes me worry about confidentiality (and other) issues.

Why they are merging:

According to the Wall Street Journal, Microsoft sees a critical synergy with LinkedIn:

“LinkedIn’s users are, arguably, Microsoft’s core demographic. They also offer Microsoft something it has long sought but never had—a network with which users identify. Microsoft needs to persuade LinkedIn users to adopt that identity, and use it across as many Microsoft products as possible.

Access to those users, as well as the enormous amounts of data they throw off, could yield insights and products within Microsoft that allow it to monetize its investment in LinkedIn in ways that the professional networking site might not be able to. [Microsoft CEO] Mr. Nadella already has mentioned a few of these, including going into a sales meeting armed with the bios of participants, and getting a feed of potential experts from LinkedIn whenever Office notices you’re working on a relevant task.“

In other words, Microsoft wants to have your Outlook and other Microsoft software products speak to your LinkedIn profile.  The intersection of that data is valuable — various sellers of products and services would be willing to pay for it.

It appears that Microsoft wants to be able to read through the work we do on their products like Word, review our upcoming appointments in our Outlook calendar, search for keywords in our emails, and then find connections with people with our LinkedIn connections.  That’s what they are searching for — connections they could monetize.

For instance, let’s say accountant X has an Outlook Calendar appointment which sets a meeting with “Charles McKenna of Account-Soft Corp.” Microsoft could then search LinkedIn and it would learn that McKenna works for a company that sells workflow management software.  Well, now Microsoft knows the accountant is in the market for workflow management software….and they could sell that knowledge to other software companies who would then direct solicitations in the accountant’s direction.  That’s an annoyance for an accountant, but a potential ethics disaster if he/she were a lawyer.

Basic issue, Confidentiality:

If Microsoft scours our Word documents and emails, then there could be Rule 1.6 confidentiality issues.  That’s so obvious that we don’t need to spend time talking about it now.  I think the more unusual issues come from the Calendar function…

If they leverage the data in our Calendar, it could reveal our client relationships:

The substance of what we learn from the client is confidential, but so is the very existence of the lawyer-client relationship.  Will the integration of these platforms make it easier for people to figure out who we represent?

Think about how much information Microsoft could piece together from our Calendar.  They might see a potential client introduction (which lists Pete Smith as present), a court appearance (which lists Pete Smith as present), and a meeting for settlement purposes (which lists Pete Smith as present). It’s not going to be too tough for the Microsoft bots to figure out that Pete Smith is your client.

If they leverage data in our Calendar, it could reveal key substantive information that could harm the client:

If Microsoft looks at our Calendar they can see that we’re heading to a particular locale.  They might then cross reference our LinkedIn connections and send a message to one of them that says something like, “Your connection Bruce Kramer is going to Chicago next week.  Why don’t you look him up?”

That heads-up might give someone the incentive to look into our movements a bit more…and who knows what they could find.  What if that info was given to a real estate agent that we know in Chicago…and maybe we are representing a successful land owner…and we’re clandestinely scouting a real estate purchase because we don’t want people to figure out that we’re there on behalf of our deep-pocketed client…because if they know, the purchaser will run up the price.  That LinkedIn message tipped off the real estate agent and it could cost the client a lot of money.

If they leverage data in our Calendar, it could end up revealing a misrepresentation:

Imagine that Client A asks you to accompany them to a meeting in Los Angeles. You tell her that you can’t go because you’ll be on vacation on the East Coast. That’s not true, however. The truth is that you’ve already scheduled a meeting with a potentially new client in Los Angeles. You didn’t want Client A to know that you’d be in town because you didn’t want to have to shuffle between clients- it would just be too much work.  You could have told Client A that you’d be in town but you didn’t have time to meet her, but you thought she’d be insulted.  It was just easier to say you’re far away and be done with it.

Later, Client A gets a LinkedIn message that says, “Your Connection Mary Smith is going to be in Los Angeles next weekend…send her a message and try to link up!”  Do you know what you are now? Busted. And not only do you have egg on your face, but you may also have committed an ethical violation.

Is the white lie that you told your client going to be considered a misrepresentation or deception per Rule 8.4(c)? That rule states: “It is professional misconduct for a lawyer to (c) engage in conduct involving dishonesty, fraud, deceit or misrepresentation…”

I know what you’re thinking…it was a half-truth.  No harm no foul. Well, I searched the ethics code, and I didn’t find the term “white lie” or “half-truth” anywhere in the code.  You should also note that Rule 8.4(c) does not require that the misrepresentation be “material.”  It doesn’t allow you to lie about inconsequential things and there’s no modifying language- it just says that you can’t lie or deceive.

These are just a few issues.  Some of these are clear ethics concerns, others are more akin to PR nightmares.  Are they so terrible that we all need to get off LinkedIn right away?  That might be a bit premature.  After all, they only just announced the merging of the platforms- they haven’t actually done anything yet.  I don’t know what dangers will actually be realized, or whether any dangers will be realized at all.  What I do know is that part of being a responsible attorney in this technological age is to be diligent in thinking about these issues.  As lawyers practicing in an ever-changing technological environment, we need to be aware of the potential problems.  Keep your eye on the news and stay abreast about the details regarding the integration of these two platforms.  Then, if you determine that you need to act, do so.  That way we are “keep[ing] abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology.” Comment [8], Rule 1.1

Share