Who else is in the room when you give your client legal advice over a remote communication platform? It’s a question you need to ask.
Burying your head in the sand could be pretty lucrative for a lawyer. Some lawyers over the years got pretty wealthy that way. They were the kind of lawyers who talked to a shady client and said things like, “I didn’t hear you say that,” or, “Don’t tell me anything. If you tell me I can’t continue to represent you, so I don’t want to know.”
Lawyers who are willing to put on earmuffs like that are pretty popular with a particular kind of client. Criminals.
Well, recently the ABA issued an ethics opinion that made it clear that the days where a lawyer could ignore a client’s bad deeds are a thing of the past. While the opinion contains an interesting ethics analysis, the reason it is truly notable is because it signals a paradigm shift. The opinion makes it clear that lawyers can’t bury our heads in the sand anymore.
ABA Formal Opinion #491 (April 2020) deals with a lawyer’s obligation to avoid counseling or assisting a client in the commission of a crime or fraud. This issue appears to have gained importance recently because of an increased risk to lawyers. Governments around the world are putting more pressure on terrorist groups and other nefarious actors. That pressure has created a greater need for the bad guys to try to conceal their financing, and that increases their need for elaborate money laundering transactions. Oftentimes those bad guys will need a lawyer to help them carry out their scheme, and that’s when the lawyer can have problems. That’s when a lawyer might be put in the position to assist that client in committing a crime.
There is no question that lawyers can not assist in their client’s illegal activities. Rule 1.2(d) explains that a lawyer “shall not counsel a client to engage, or assist a client, in conduct that the lawyer knows is criminal or fraudulent.” If a lawyer knows that’s happening, they need to withdraw, at the very least. But what if a lawyer isn’t sure? The client’s tactics might smell like money laundering — maybe they’re paying with large amount of cash or routing money through a jurisdiction where laundering is common. But in some situations there might not be much more evidence than that. In those cases there might not be enough evidence on the surface to confirm that the client’s objectives are fraudulent. The question the ABA is wrestling with in Opinion 491 is, does a lawyer have to dig deeper? Does a lawyer have a duty to ask the client whether the objectives that smell bad are actually bad? The answer is yes.
In explaining their reasoning, the opinion starts with the easy stuff. If the lawyer “knows” that they are getting involved in a client fraud — if the facts are so strong that the fraud is obvious — a lawyer has an obligation to talk to the client about it. That’s clear from Rule 1.2(d), and it’s been confirmed over the years. Both the rules and advisory opinions have established that lawyers aren’t allowed to avoid the obvious.
But the opinion went further. It explained that a lawyer has to make inquiry even if the facts aren’t so strong that the fraud is obvious. A lawyer is required to check into the matter if there’s a “high probability” that the client is engaging in fraudulent conduct. The opinion explained that, “When a lawyer deliberately or consciously avoids knowledge that a client is or may be using the lawyer’s services to further a crime or fraud, discipline is imposed.” Op. 491 at 5, citation omitted.
And the opinion didn’t stop there. Yes, a lawyer needs to inquire if she knows the client is pursuing a fraud. Yes, a lawyer also needs to inquire if there is a high probability that the client is pursuing a fraud. Well, the opinion further noted that some cases held that a lawyer should make an inquiry if there is a suspicion that the client’s actions might be fraudulent. And some jurisdictions have an even broader requirement. States like South Carolina require a lawyer to consult with a client if they “reasonably should know” that the client is getting the lawyer to assist in a crime or fraud. Op. 491 at 5.
All of that begs the question — when is a lawyer deemed to have a “suspicion” sufficient to require further inquiry? When can it be said that a lawyer “should have known”? The answer, as usual, is that it depends on the circumstances. Unfortunately the drafters don’t give us a clear explanation of when this duty to investigate is triggered. It seems like they’re saying, “if it smells bad, ask.” But while the trigger might be murky, there is one thing that’s clear. The lawyer’s obligation to inquire about whether a client is asking the lawyer to assist in a fraud exists. And Opinion 491 states clearly that a lawyer would be facing disciplinary action if an inquiry is required and they don’t do it.
Interestingly, I don’t think the unanswered questions here are so concerning. That’s because I don’t think this opinion is really about defining when a lawyer must make this inquiry. I think this opinion is really about sending a message.
Think about it— the actual ethics issue is pretty basic and not all that controversial. A lawyer can’t assist in a client’s fraud, they should talk to the client about whether they are engaging in a fraud, and if they learn the client is doing so the lawyer should withdraw. Not exactly earth shattering. But consider the “feel” of the opinion.
The opinion spends a tremendous amount of time establishing the ethical justifications for requiring the lawyer inquiry. They explain the nuances of Rule 1.2, they talk about criminal law, and they note a variety of other rules which can be read to require that a lawyer inquire further. That effort — which goes on for several pages — is extensive. They put a lot of effort into a pretty basic concept. It’s almost like the drafters are making their case. It seems as if they know that the audience will be skeptical. They know that lawyers will question whether this duty is real. Maybe the drafters realized that they would face resistance, so they felt the need to go to great lengths to make it abundantly clear that the duty to inquire exists. They nearly overdo it with the justifications. It’s as if they are saying, “let there be no mistake about it. This duty exists. It’s real.”
Why would they need such overkill? Maybe it’s because they are signaling a paradigm shift. The drafters seem to be saying that the game-playing days are over. The days where you could bury your head in the sand and remain willfully ignorant are a thing of the past.
Maybe they spent so much time talking about the duty to inquire because that’s the only way they can make it obvious that they want us to behave differently — they want us to shed the old ways. They’re saying, times have changed and we really mean it. Look. We put a lot of ink on the paper. That shows we’re serious. We gave you all of this research because we want to send a clear message. The old days are over. Get with the program. In today’s practice they expect more from you.
There are other opinions which confirm this shifting paradigm and they’ve got to do with enhanced obligations being put on lawyers because of international money laundering. But let’s talk about that on another day…
The short story: If you “like” a statement on social media you could be deemed to have made that statement. At least that’s what Indiana says. Here are the details…
It’s obvious that lawyers have to answer for the statements we make on social media. If you lie you could run afoul of a variety of rules: a misrepresentation in your marketing might be a violation of the advertising rules, if you lie in connection with your representation you might violate Rule 4.1, stuff like that. It also isn’t much of a surprise to say that a lawyer is going to be ethically responsible for statements that they recirculate. If you retweet a statement that you know is false, you are going to be considered to have made that statement and you’re going to have to deal with an ethics grievance if the statement violates the rules. You own the information you send out to the internet.
But I just read an extension of that concept that surprised me. A state is trying to affix ethical liability on a lawyer for statements they merely “like.”
The Indiana Supreme Court Disciplinary Commission issued Opinion #1-20 in July of 2020 entitled “Third Party Comments or Tags on a Lawyer’s Social Media.” In that opinion they stated:
An attorney who responds to or “likes” a third party’s comment that contains prohibited content could be deemed to have adopted the third-party comment. Such action could subject the attorney to a rule violation. The failure by the attorney to delete prohibited content could be considered acquiescence and expose the lawyer to discipline.
A lawyer should also be careful to adjust privacy settings to avoid being “tagged” to improper content which could show up on the lawyer’s page and thereby be deemed adopted by the lawyer.
This is an expansion of existing concepts. In the past, we owned whatever we shared. Now, we could own whatever we like. Let’s see how this might exist in the practice.
If someone makes a claim about your services that violates the rule and you like it, you would be deemed to have made that statement. Example: A prior client tweets, “Stuart Teicher got me out of a DUI and I’m sure he can do it for you too.” That probably violates the rules because it could “lead a reasonable person to form an unjustified expectation that the same results could be obtained for other clients in similar matters without reference to the specific factual and legal circumstances of each client’s case.” Rule 7.1, Comment . If you “like” that statement you are going to be deemed to have allowed it and you are going to get into trouble.
Same issue with tags. Example: A lawyer, who has been practicing for 6 months, has a client who writes this post on the client’s Facebook page and tags the lawyer: “Jane Smith has been at the law game for a decade. She’s awesome.” That’s not true and, depending on whether it also ends up showing up on your social media page, you might be deemed to have adopted the statement.
Of course, whether something is problematic ultimately depends in the circumstances. But you can see the expansion of the idea here. When social media started it was clear that if you said something you owned that statement. Then there came the day when you owned other people’s statements that you recirculated. Well, today you could own other people’s statements that you “like,” or that “tag” you.
If you check out the boilerplate language in your contract form, you’ll likely find a paragraph commonly known as the “force majeure” clause. That’s the clause that addresses occurrences that are considered to be beyond the parties’ control like acts of war, natural disasters, or strikes. It’s one of those sections that we include in the document, but often don’t focus on because…well, let’s face it…what are the chances of a revolution?
The last time I recall anyone giving serious thought to the content of these clauses was after 9/11. When the Twin Towers were struck, the legal world started focusing on those force majeure clauses because a lot of the standard language didn’t have a direct reference to disruptions caused by terrorism. But after 9/11 anyone who wasn’t already referencing terrorism in their force majeure clauses made sure to add it. Well, the corona virus is giving us a reason to focus on this paragraph again. And, obviously, instead of tweaking these paragraphs to account for terrorism we now need to account for epidemics and disease.
These changes are necessary because the ability of a client to perform pursuant to an agreement could be impacted or precluded because of some complication stemming from the corona virus. What if they are ordered to be quarantined, or their office is closed because of disease? They could be unable to travel, or travel to a particular area could be suspended. There are a variety of ways that your client could be prevented from performing, and if they don’t have a legal “out” they could be in trouble.
Your client might not be completely exposed right now— while your existing clause might not reference disease specifically, you likely do have some catch-all provision like “other unforeseen circumstances.” That might be enough to hang your hat on and the language could protect the client if the matter is litigated. But that’s a bit uncertain, and you know how fickle judges and juries could be. Certainty is often the wiser approach, so it’s probably a good idea to add more specific language to your agreements now.
Of course, even if you make this change to your form it’s not going to have any effect on existing contracts that have already been executed by the client and are currently in effect. But you can include the change in everything you draft going forward.
Not only is this a “best practice” move, but it’s also an ethical consideration. This is about competence. Our duty of competence under Rule 1.1 is a continuing duty and Comment  explains that “to maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice…” This is a change in the law that you need to consider.
As technology morphs, the lawyer’s obligation to protect client data becomes more difficult. With each new advancement there become new ways that client information could be revealed, and our duty to take reasonable steps to protect that data changes. It gets tougher and tougher to figure out what actually constitutes “reasonable steps” to protect the data as required by Rule 1.6(c). Today I believe that the question of whether a lawyer is taking “reasonable steps” to protect client data is being redefined once again. I believe that there is an evolving duty not to share information.
I’m not talking about the stupid kind of sharing like posting a comment on social media about a client matter. I’m talking about lawyers’ less obvious way sharing of information, and there are two ways that concern me in particular: sharing access to contacts and sharing access to our location.
Here’s how those two concerns appear in the practice. Some platforms we use ask us if we want to import our contacts, or provide that site “access” to our contact list. It’s most likely done because it allows the software we’re using to make communication more efficient. Or consider other instances where you share your location— not by checking in somewhere on Facebook— maybe it’s a fitness apps that runs constantly in the background and tracks your location. Other times, the app is not so obvious. In fact, most of us probably don’t even realize that certain apps are sharing our location. When I started looking into this issue I learned that I was allowing the app that updates the firmware on my headphones to track my location. I also inadvertently gave location-tracking permission to the app that helps me organize my reimbursable expenses. I even remember reading somewhere that crossword puzzle apps sometimes track your location.
My concern is that these sources of information can be put together by the bad guys to find out lots of stuff about our practices and our clients. That’s why I see contact lists and location information as puzzle pieces. We are revealing bits and pieces of our practice that, when put together, could end up revealing client relationships, the status of client matters, etc.
A bad guy with access to this information could learn a slew of things: when you were at your adversary’s office? How often did you go to your adversary’s office? Does that mean a deal is imminent? Did you accompany your client to a meeting with a bankruptcy attorney, or a white collar criminal lawyer? What if bad guys want to target a particular corporation, and they have focused on a particular corporate officer. They realize you’re the lawyer, so they hunt through your contact lists to see if you’re connected with that individual. You became the hard target…and you gave them another step toward the client. Now maybe the bad guys can find your client’s mobile number and track the client. Or maybe they learn a personal email address which allows them to send phishing emails, malware, or ransomeware to the client. Plus, there’s other information people can get from our contact list — what if the contact-sharing that you authorized also imports the notes that you keep in your contact’s entry? There could be information covered by the attorney-client privilege in those notes.
It’s true that we can’t say how this danger will actually manifest itself. We can’t say, “this is the specific app watch out for” or “stop using this particular platform.” We don’t know how or when the bad guys will put the puzzle together. But here’s something that we do know for sure— they are trying. That is a given. But, despite accepting that undeniable fact, we continue to voluntarily provide the puzzle pieces and that doesn’t seem to be reasonable.
Think about it — if we know that they are constantly and consistently trying put these pieces together, is it reasonable to think Hey these bad guys are scouring the internet trying to put these puzzle pieces together…so I need to keep giving them those pieces. No. It’s not. Our duty is to stop helping the bad guys. Lawyers need to reconsider whether we should continue sharing this type of data.
My concern gained a bit more credibility after I read an article in the Wall Street Journal recently (Note, that we live in a politically charged environment and I am not giving you this quote because the Trump Administration was involved, nor because it’s about immigration issues. This is about a tech concern.) According to the Wall Street Journal,
“The Trump administration has bought access to a commercial database that maps the movements of millions of cellphones in America and is using it for immigration and border enforcement…The location data is drawn from ordinary cellphone apps, including those for games, weather and e-commerce, for which the user has granted permission to log the phone’s location. The Department of Homeland Security has used the information to detect undocumented immigrants and others who may be entering the U.S. unlawfully, according to these people and documents.”
See what I mean? It’s not about the fact that the Trump Administration bought access to this commercial database. It’s about the fact that the commercial database exists at all and that anyone can purchase access to such a database. It’s a problem for lawyers because it means that people are collecting data that could reveal information about our practice and our client matters. Oh, and the kicker is that that information is being delivered by us— we are sharing it voluntarily and gifting it to the company that’s collecting it for their database.
Maybe, today, part of taking “reasonable measures” to protect client confidential information includes putting up a barrier….making it more difficult for people to gather our information…making it tougher for them to put the pieces together. Given what we know about the relentless efforts that people are making to gather and use that information, maybe we have a duty to take appropriate evasive tactics.
I think good analogy is “proper password selection.” We would all agree, I’m sure, that it’s not reasonable to have a password that is your birthday, or something common like the word, “Password.” Everyone would agree that it is not reasonable to use easily discoverable passwords, and that doing so is not taking “reasonable steps” to protect client information. But it wasn’t always like that. There was a time when no one considered the need for uncommon passwords. That was, of course, until people started getting hacked because of their weak passwords. Once the infiltration started, the standard changed. Today it’s simply expected the lawyers will have proper passwords. And that’s where we are headed with the duty not to share.
Up to today every lawyer has shared their contacts and location and we’ve never batted an eye. But times are changing. The danger of doing so is becoming apparent and it might be time that we stop giving away the puzzle pieces. That’s why I think we are witnessing the evolution of a lawyer’s duty not to share.
Chatbots are now being used in legal marketing to help lawyers find valuable clients. The technology is basically a computer program that is powered by artificial intelligence that simulates conversation with people. Potential clients who visit a firm’s site can type questions and comments into a chatbox and, when doing so, they think they are speaking with a real person. The bot collects contact info as well as other details about the potential client’s case, asks questions to the potential client, analyzes the data, and gives that information to the lawyer. The chatbot companies say that their AI sifts out the tire kickers and identifies valuable prospects for the firm, thereby improving conversion rates.
The chatbots are provided by tech vendors. A lawyer contracts with a vendor that offers the chatbot software, the vendor provides a bit of code that is inserted into the lawyer’s website, and a chat box becomes a part of the lawyer’s site. Someone coming to the website wouldn’t know that another vendor is involved at all— it simply looks like a chat box that is part of the lawyer’s website.
Using a chatbot isn’t necessarily off limits. What you need to be concerned about is the nature of the exchange between the bot and the potential client. It’s a problem, for instance, if a chat bot engages in conversation with a potential client and actually dispenses legal advice. But chatbots aren’t likely to be programmed to give advice. They are, however, programmed to engage in conversation. They talk to the potential client to learn about their case so they can weed out the garbage contacts from the good prospects. But it’s that conversation that could create problems.
During the conversation between the bot and the prospect, the prospect will be providing information about their case. What we need to worry about is the potential that people who visit the lawyer’s site and engage in a conversation with the chatbot end up being considered “prospective clients” under Rule 1.18. If they do attain that status, the lawyer could have conflict problems. To see what I mean, first understand how the rule works.
How Rule 1.18 Works
Rule 1.18 says that if a person “consults with a lawyer about the possibility of forming a client-lawyer relationship” they could be a prospective client. All they need to do is consult about the possibility of forming the lawyer client relationship. But why should a lawyer care if someone is technically considered a “prospective client?”
First, you can’t tell anyone about the information that the prospective client gave you. Rule 1.18(b) explains that “Even when no client-lawyer relationship ensues, a lawyer who has learned information from a prospective client shall not use or reveal that information…” Second, you might be conflicted out of representing someone else in the future. Even if you don’t take the prospective client and you never work on their matter, subsection (c) says that if you received information from the prospective client that could be significantly harmful to that person, and some time in the future a different person approaches you to represent that different person against the prospective client in the same matter, you might not be permitted to do so. You would be conflicted out of the representation.
That could be devastating. Think about it— if you have a consultation with someone about a lucrative matter and you decide not to take their case…but later you are approached by someone who wants you to represent them in that very case, you can’t take that other client. You could be forced to forego a lot of money in fees.
The problem with chatbots
When it comes to Rule 1.18, what’s important is the trigger for becoming a prospective client. As you saw in the rule above, that trigger is a consultation. The key question, of course, is, when does an interaction rise to the level of a consultation? The answer is that it depends on the circumstances. But the key circumstances to focus on are your website text and the content of the chatbot’s communications.
If your website just lists your contact information you’re going to be okay. If you simply put your information out there and someone sends you information about a case, that’s not going create a prospective client relationship. Comment  confirms that: “…a consultation does not occur if a person provides information to a lawyer in response to advertising that merely describes the lawyer’s education, experience, areas of practice, and contact information, or provides legal information of general interest.” Basically, that comment is saying that if you simply tell someone that you exist and that you are qualified, it’s not a “consultation.” If someone replies in that situation, the person “communicates information unilaterally to a lawyer, without any reasonable expectation that the lawyer is willing to discuss the possibility of forming a client-lawyer relationship.” That person, therefore, is not a prospective client.
However, you’re going to have a problem if your website encourages people to offer information and your chatbot follows up by engaging with that person. The comment explains that “…a consultation is likely to have occurred if a lawyer…through the lawyer’s advertising in any medium, specifically requests or invites the submission of information about a potential representation without clear and reasonably understandable warnings and cautionary statements that limit the lawyer’s obligations, and a person provides information in response.”
If your site specifically requests or invites a person to submit information about a potential representation, and your chat bot provides information in response, then you are risking the creation of a prospective client relationship. Obviously, the ethical danger is dependent upon the responsiveness of the chatbot because the rule says that you have to “provide information in response.” Well, the more lengthy, intense, and detailed the chatbot’s responses, the more likely there will be a problem.
Oh, and don’t get hung up on the fact that your chatbot is not a “person” under the rules. If the bot provides information I think a tribunal will see the software as an extension of the lawyer. Plus, if the AI software is doing its job correctly, the potential client should believe that they are actually communicating with a real person. For those reasons I wouldn’t be surprised if a tribunal concluded that the AI in the chatbot is the functional equivalent of a “person” for the purposes of the rule.
Of course, there is a huge get-out-of-trouble card. All you have to do is include the disclaimers set forth in the rule. If your site has “clear and reasonably understandable warnings and cautionary statements that limit the lawyer’s obligations” as stated in Comment , you’re probably ok. This, however, is a situation where you can win the ethical battle, but lose the overall war. Here’s what I mean: what if this issue isn’t raised in the context of an ethics grievance? What if it is, instead, raised in a disqualification motion? Consider this hypothetical…
Win the ethical battle, but lost the disqualification war
Let’s say you’re in a medium sized firm that handles a variety of different types of matters. Your firm represents Business X and you’ve been their counsel on nearly all of their legal matters for years. Your firm has a website that utilizes a chatbot to evaluate the strength of new, potential clients. You have language on the website that properly disclaims Rule 1.18. Someone visits your site and explains that they have a workplace discrimination claim. They provide details of the case to the chatbot. The bot inquiries further and the prospect provides more information, in fact, the client wants to make sure that the lawyer with whom they are chatting has a complete understanding of the case so they provide a lot of details.
The chatbot sends the info to the attorney at the firm responsible for reviewing prospect data, and that lawyer thinks that the prospect has a great case. After reviewing the information, t he attorney contacts the prospect and learns that the adverse party is Business X. However, the lawyer figures that the firm will probably be representing Business X in that matter because the firm does all of their work. As a result the firm doesn’t take the potential client.
The prospect finds another lawyer, and they file suit against Business X. As the lawyer anticipated, your firm is representing Business X. The prospect’s lawyer files a motion to disqualify you as counsel and you oppose it. You claim that there is no violation of the rule— the prospect never became a “prospective client” under Rule 1.18 because you had the proper disclaimer. And you’re probably right. But there is a good chance that a judge will disqualify you anyway.
That’s because the judge isn’t deciding whether discipline should be imposed — the judge is deciding whether you should be disqualified. They don’t necessarily care about the technicalities of the rules, they care about two things — the two things that are at the core of every conflict— loyalty and confidential information.
The critical question that the judge will ask was, during the interaction the firm had with the prospect, did you learn confidential information from the other party? And when the judge realizes that your chatbot gathered information that would ordinarily be considered confidential information and it was passed on to the lawyer in your firm for review, they’re going to say you have a conflict and kick you out of the case. You’re not going to be saved by the disclaimers because those disclaimers only helped you avoid discipline under Rule 1.18. In the disqualification context the court cares about loyalty and confidential information. And when it finds out that you were privy to a slew of details from the potential client’s case, they will disqualify you.
How to make chatbots safer
This doesn’t mean that chatbots are forbidden, they just need to be used carefully. What can you do to make the chatbot safer? Here are 4 ideas:
- Use disclaimers that comply with the rules.
- Make sure the bot is just gathering information and not giving any information. And if it does give information, make sure it’s super limited. Keep Comment  to Rule 1.18 in mind which states, “In order to avoid acquiring disqualifying information from a prospective client, a lawyer considering whether or not to undertake a new matter should limit the initial consultation to only such information as reasonably appears necessary for that purpose.”
- Go over Rule 1.18 with the vendor supplying your chatbot. Make sure they understand it. Also explain the disqualification issue. Remember, most tech vendors have no idea about the details rules like 1.18.
- Train the staff/lawyers in your office who are responsible for following up on the leads developed by the bot. Let them know about Rule 1.18 and the issue of disqualification.
- Create a process that limits the exposure of the lawyers who review the information provided by the chatbots. It is possible to screen those attorneys per 1.18(d)(2). Here’s what that section states, in part:
- (d) When the lawyer has received disqualifying information…representation is permissible if…(2) the lawyer who received the information took reasonable measures to avoid exposure to more disqualifying information than was reasonably necessary to determine whether to represent the prospective client; and (i) the disqualified lawyer is timely screened from any participation in the matter and is apportioned no part of the fee therefrom; and (ii) written notice is promptly given to the prospective client.
- (d) When the lawyer has received disqualifying information…representation is permissible if…(2) the lawyer who received the information took reasonable measures to avoid exposure to more disqualifying information than was reasonably necessary to determine whether to represent the prospective client; and (i) the disqualified lawyer is timely screened from any participation in the matter and is apportioned no part of the fee therefrom; and (ii) written notice is promptly given to the prospective client.
The ethics rules make it clear that lawyers have a continuing duty to understand the dangers associated with technology and that we need to take reasonable steps to avoid disclosing our client’s information. Comment  to Rule 1.1 reminds us that, “To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology…”; Rule 1.6(c) states that lawyers are required to “make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to” our client information, and; Rule 1.3 requires that we act with reasonable diligence in representing a client. Together those rules make it clear that lawyers need to constantly stay on top of changes in technology and take reasonable steps to protect client data. And that principle has ushered in a new responsibility —the duty to update our software.
The company that sells Norton anti-virus software explained recently that software updates are critical because they patch security flaws:
“Hackers love security flaws, also known as software vulnerabilities. A software vulnerability is a security hole or weakness found in a software program or operating system. Hackers can take advantage of the weakness by writing code to target the vulnerability. The code is packaged into malware — short for malicious software.
An exploit sometimes can infect your computer with no action on your part other than viewing a rogue website, opening a compromised message, or playing infected media.
What happens next? The malware can steal data saved on your device or allow the attacker to gain control over your computer and encrypt your files. Software updates often include software patches. They cover the security holes to keep hackers out.”
It should be pretty clear how this ties into a lawyer’s ethical duty. If we have a continuing duty to understand the dangers in technology and we need to take reasonable steps to avoid disclosing client information, then we must take steps that ensure that the computer systems and software programs we use remain secure. Our duties of competence, confidentiality, and diligence require us to promptly install updates that are designed to repair vulnerabilities in the software we use in the practice.
It’s this type of proactive effort that is so important to avoiding grievances in today’s dangerous technological age. Listen, chances are good that you’re going to get hacked. Chances are good that we are all going to get hacked. The bad guys and gals are simply trying too hard — the odds are against us. Many lawyers therefore wonder, If I’m going to get hacked, doesn’t that mean that I will get into ethical trouble? Not necessarily. You can save your ethical hide if you are proactive in taking steps to avoid the hack.
The disciplinary authorities aren’t likely to make a decision about someone’s ethical liability based solely on the consequences. They are likely to make a decision based on your actions. Remember that when it comes to attorney ethics, it’s all about your behavior. It’s all about whether you behaved reasonably. It’s all about whether you took reasonable steps to avoid the calamity. You will likely be judged not on whether you were hacked, rather whether you took reasonable steps to avoid that hack. If you took every reasonable step possible to protect your client data and avoid the disclosure, then it’s likely that you won’t be disciplined even if something terrible happens.
If you know the bad guys are trying to exploit vulnerabilities in our systems, and you know that software updates are specifically designed to fix those vulnerabilities, then it’s not reasonable to ignore those updates. It’s not reasonable to wait months before you install them. The reasonable effort is to diligently install those updates when they are released. Your duty to protect your client data means that you need to maintain the integrity of your computer systems, and that includes installing security updates promptly.
On the other hand, you might need to do the exact opposite when it comes to massive program upgrades
The duty to update that I discussed above applies to periodic updates that software manufacturers release to existing systems. But every once in a while those same programmers completely overhaul a system and release a major update that ushers in a new generation of their software. In those instances it’s probably reasonable for a lawyer to wait and delay installing that update. Though that seems to contradict everything I discussed above, the rationale is actually quite consistent.
New generations of software very often contain vulnerabilities that were not anticipated by the original programmers. Often hackers exploit those bugs right after the new software is released, thus exposing the problems. The manufacturers then rush to develop and issue updates that close the holes in their code. In those situations, then, prudent approach is probably for lawyers to delay installing updates that constitute massive overhauls or new generations of a software system. Wait until the bugs appear to be worked out, then update to the new generation of software.
Norton article can be found at: https://us.norton.com/internetsecurity-how-to-the-importance-of-general-software-updates-and-patches.html, last checked by the author on March 26, 2019.
A recent case about advance conflict waivers reveals that they are probably no longer viable, and here’s why. The issue revolves around the lawyer’s need to get informed consent.
The only way a lawyer can get around a conflict of interest is if (in addition to some other things) they get informed consent from the client. That phrase “informed consent” has a lot of depth and it is discussed in several places throughout the code. Much attention is given to the quality of the conversation between lawyer and client. A lawyer needs to discuss a bunch of specific items in order to be said to have obtained proper informed consent. Rule 1.0 requires that the lawyer communicate “adequate information,” provide an “explanation about the material risks” and talk about the “reasonably available alternatives to the proposed course of conduct.” Rule 1.7 requires that the communication include: a disclosure of the facts and circumstances giving rise to the situation, any explanation reasonably necessary to inform the client or other person of the material advantages and disadvantages of the proposed course of conduct, and a discussion of the client’s or other person’s options and alternatives.
So where do advance conflict waivers come into play? A law firm always has to get informed consent from the client in order to take a conflicting matter. The only question is whether the firm gets that informed consent during a contemporaneous consultation with the client once the conflict becomes apparent, or by advising the client of potential conflicts before they become apparent and obtaining that informed consent before the conflict even arises. That latter situation is essentially what an advance conflicts waiver is all about. You’re getting your client’s informed consent in advance. But you can probably sense the problem with that.
The inherent problem with blanket advance conflict waivers is that when you are negotiating the waiver, the future client is not yet known…which means that the exact risks that your client could face from the future conflicting representation are not yet known…which means that you can’t build those risks into the conversation you need to have with the client…which means that you can’t get proper informed consent because you can’t talk about all of the required details set forth in the rules. So it seems that there is just no way to have an advance conversation that contains the requisite specificity needed to obtain proper informed consent.
This issue came to a head in 2018 in a critical case out of California.
The law firm Sheppard Mullin was asked to represent a client (J-M) who was defending a large False Claims Act suit. FN1 There were 200 plaintiffs suing J-M in that matter. The problem was that one of those 200 plaintiffs was the City of South Tahoe, an entity that a Sheppard Mullin partner represented on and off for years. The firm had an advance conflict waiver in place with South Tahoe.
The firm took on the J-M case, despite the fact that it was already representing South Tahoe. The firm included a conflict waiver in the J-M fee agreement, but they did not disclose that they were representing South Tahoe in an unrelated matter. FN2 When South Tahoe found out about the conflict, they moved to disqualify the firm. FN3
It appears that the firm never notified either client about the conflict because the firm thought they were covered already. The new matter wasn’t related to the False Claims Act matter, and the firm also had an advance conflict waiver in place with both clients. According to a report, “Sheppard Mullin pointed to a provision in the engagement agreement that allowed the firm to engage in conflicting representations ‘provided the other matter is not substantially related to our representation of [J-M] and in the course of representing [J-M] we have not obtained confidential information of [J-M] material to representation of the other client.’” FN4 Regardless, the lower court invalidated the advance conflict waiver and disqualified the firm. The firm later sued J-M to collect the fees that were outstanding, but the client resisted and the court ultimately ruled in the client’s favor.
The court held that since Sheppard Mullin engaged in an impermissible conflict, their fee agreement was unenforceable because it was contrary to public policy. As a result, the firm couldn’t get the balance of their fee. The court further ordered that the firm had to return the portion of the fee that was paid by J-M as of the date that the impermissible conflict started. The court “made clear that when the conflict surfaced, Sheppard Mullin had a duty to tell the client and obtain its informed consent rather than relying on a broad advance waiver in its engagement agreement.” FN5 Finally, “The court rejected the firm’s reliance on that provision—or “boilerplate waiver,”…saying the firm’s argument ignored the reality that Rule 3-310(c)(3) requires truly informed consent from the client. ‘Written consent to all potential and actual conflicts in the absence of any knowledge about the existence of such conflicts cannot comply with the requirement of ‘informed written consent’ in Rule 3-310(C),’ the court said.” FN6
At the end of August in 2018, the California Supreme court upheld the lower court. While the case was remanded for an issue that doesn’t concern us here, they stated:
…“because Sheppard Mullin knew of” its conflicting interest with South Tahoe and failed to inform J-M about it, J-M’s advanced blanket conflict waiver was not supported by consent that was “informed” within the meaning of the Rules of Professional Conduct. Furthermore, since the consent was not informed, the entirety of the engagement agreement with J-M was unenforceable.
For a conflict waiver to be “informed,” the Court reasoned, “the client’s consent to dual representation must be based on disclosure of all material facts the attorney knows and can reveal.” The Court stated that “An attorney or law firm that knowingly withholds material information about a conflict has not earned the confidences and trust the rule is designed to protect.”
Applying this standard, the Court noted that the Sheppard Mullin advanced waiver to J-M “did not disclose any particular conflict, or even any area of potential conflict, and did not mention” the Firm’s concurrent representation of South Tahoe. Accordingly, the Firm’s advanced waiver was insufficient to inform J-M’s consent to the representation where, as here, the Firm was aware of a more specific and concrete conflict that already existed when the engagement agreement was executed. The representation of South Tahoe “was not merely a future possibility; it was a present reality.” Informed by this legal standard, the Court had no trouble concluding “the conflicts waiver here was inadequate.” FN7
Now, it’s true that the court said they were not invalidating all advance conflict waivers in this decision. Defenders of advance conflict waivers will further argue that the Supreme Court’s decision is tailored. They will argue that the decision only relates to that category of conflicts where the conflict is known to the parties when they enter into the representation. But I would not feel very comfortable relying on that narrow interpretation of the decision.
I think the reason the court didn’t invalidate advance conflict waivers in general is because they didn’t have to go that far, given the facts of the case. They took the typical appellate court approach— limit the opinion to the facts before you. I believe that the court narrowed their decision because of appellate court protocol, not because of the substance. In fact, if one looks at the substance, one can see that advance blanket conflict waivers are very much on life support.
This case is about a client feeling that they didn’t have adequate information about a conflict and that their advance waiver should be ineffective because of that lack of information. This case is about a client who lacked enough information to provide adequate informed consent. It is not going to be very difficult for a client in the future to extend the underlying logic in this decision from a case where the conflict is known at the time the representation commenced, to a case where a conflict is not known at the time the representation commenced. That’s because the heart of the decision is about informed consent.
Of course, one might think: But we’ve already had blanket waivers. They’ve been around forever. Why are they under attack now?
The answer is money.
I’m guessing that past cases where a client disputed the efficacy of an advance conflict waiver were settled. The lawyer and the client simply negotiated a settlement and they moved on with their lives. But this was very likely the first case where the fee was so high and the consequences of losing the case were so costly to both parties that there was no way for the parties to settle.
Here’s the takeaway: One day there is going to be a client who wants a lawyer out of a case really badly (and they’ll want to avoid paying the large legal fee, too). They are going to try to achieve their goal by arguing that the fee agreement with the lawyer should be void because of the firm’s failure to obtain genuine informed consent before entering into a blanket advance conflict waiver. They will argue that a blanket advance waiver can not, by definition, confer the informed consent required in the rules. Mark my words— they will win.
FN1 Unless otherwise cited, the synopsis of the case throughout this section is summarized from the article found at https://www.bna.com/advance-conflict-waiver-n57982067178/, last checked by the author on March 8. 2019.
FN2 https://biglawbusiness.com/sheppard-mullin-conflict-waiver-case-puts-4m-fee-at-stake, last checked nether author on March 8, 2019.
FN3 https://www.ipethicslaw.com/leaving-south-tahoe-will-your-advance-conflict-waiver-survive-sheppard-mullin-v-j-m-manufacturing/, last checked by the author on March 8, 2019.
FN4 https://www.bna.com/advance-conflict-waiver-n57982067178/, last checked by the author on March 8, 2019.
FN5 https://www.bna.com/advance-conflict-waiver-n57982067178/, last checked by the author on March 8, 2019.
FN6 https://www.bna.com/advance-conflict-waiver-n57982067178/, last checked by the author on March 8, 2019.
FN7 https://www.ipethicslaw.com/leaving-south-tahoe-will-your-advance-conflict-waiver-survive-sheppard-mullin-v-j-m-manufacturing/, last checked by the author on March 8, 2019.
You’re going to think I’m crazy when I write this, but there are amazing lessons that we can learn from celebrities. Right now I’m working on a program called “Everything I know about attorney ethics I learned from the Kardashians.” And while doing research for that program, I got a bonus— there was a connection to Johnny Depp…and attorney ethics. According to papers that were filed in a recent lawsuit, Johnny Depp paid $7,000 for a couch that appeared on the TV show, “Keeping up with the Kardashians.” FN1 But it’s not that couch that provides the ethics lesson— it’s Depp’s underlying litigation. And the lesson is about the perils of failing to adhere to the requirements for our fee agreements.
The Hollywood Reporter explained that Johnny Depp is suing his former management and legal team and he is seeking the return of some $30 million in fees paid to his lawyer over the years. FN2 The way he’s doing it is by attacking the fee agreement. And that’s sort of the problem. You see, there wasn’t any fee agreement. More precisely, there wasn’t any written fee agreement.
Apparently this is the sort of thing that happens in the entertainment industry. The article quoted an agent who explained that, “There is a culture of informality in this world.” In Depp’s case, he had an oral agreement with his lawyer that went back to 1999. The problem is that the judge in this case found that the agreement between Depp and his lawyer was a contingency agreement…and contingency agreements need to be in writing. The Hollywood Reporter stated,
…Judge Green found Depp’s deal is a contingency fee agreement because Bloom’s fees were “directly linked” to the actor’s success, which isn’t guaranteed. “That is the very definition of a performance-based incentive,” he wrote in his opinion…”This is a contingency fee agreement. There is nothing else it can be.”
Since the contingency agreement was not in writing, he ruled that the contract was voidable [Note: Even though the lawyer could still be entitled to a reasonable fee based on quantum meruit, that would mean that the court has to determine what is “reasonable.” Who knows how that will end up].
As you could imagine, this is causing a lot of lawyers to worry. The Hollywood Reporter quoted an entertainment litigator at a major firm who confirmed that, “Everybody’s concerned because most people have handshake deals.” It seems that lawyers in that industry are now wondering whether they should be seeking retroactive written fee agreements from their clients.
Granted, the litigation involving Depp is at the trial level and the ruling was issued by a lower level state court. So one might argue that the opinion might not have much impact outside of the geographical area and industry where it was decided. But I think the article contains a cautionary tale for all lawyers — the formalities required for fee agreements must be taken seriously. In that regard, let’s review the details of the relevant rule.
Rule 1.5(b) addresses the technical requirements of fee agreements. However, there is an important note here— that subsection applies to non-contingency cases. So if you charge a flat fee or an hourly fee, for instance, you’d need to comply with 1.5(b). That section requires…
Rule 1.5(b) The scope of the representation and the basis or rate of the fee and expenses for which the client will be responsible shall be communicated to the client, preferably in writing, before or within a reasonable time after commencing the representation, except when the lawyer will charge a regularly represented client on the same basis or rate. Any changes in the basis or rate of the fee or expenses shall also be communicated to the client.
Lawyers, therefore, have a mandate to communicate the fee and expenses and it must be done within a reasonable time after starting the representation. But does a flat fee or hourly fee need to be communicated “in writing”? If your jurisdiction follows the bargain struck in the ABA version of the rules, then no. It’s preferred, but not required. Of course, one should consult the rules in your jurisdiction because that’s been changed in many states and a writing is often required, not just preferred. Here’s my feeling: for the love of everything holy— do me a favor and put it in writing, okay? How else can you safely document that you communicated the necessary information?
The temporal requirement in 1.5(b) is also a dangerous formality. What exactly is a “reasonable” time after the relationship has commenced? That invokes the two most often used words in the ethics world— it depends. It depends on the circumstances of your individual lawyer/client relationship. Practice note: if it seems that there is a relatively long period between the commencement of your relationship and the communication of your fee, make sure to memorialize/document the reason for that delay. It might very well be a reasonable delay under the circumstances, but someone looking at the facts later might not appreciate why that’s so. A memo to the file would go a long way in justifying your actions.
The requirements of our fee agreements take on a whole new level of formality when we get to contingency agreements. There appears to be universal acceptance that a fee agreement in contingency matters must be in writing. The relevant rule is 1.5(c):
(c) A fee may be contingent on the outcome of the matter for which the service is rendered, except in a matter in which a contingent fee is prohibited by paragraph (d) or other law. A contingent fee agreement shall be in a writing signed by the client and shall state the method by which the fee is to be determined, including the percentage or percentages that shall accrue to the lawyer in the event of settlement, trial or appeal; litigation and other expenses to be deducted from the recovery; and whether such expenses are to be deducted before or after the contingent fee is calculated. The agreement must clearly notify the client of any expenses for which the client will be liable whether or not the client is the prevailing party. Upon conclusion of a contingent fee matter, the lawyer shall provide the client with a written statement stating the outcome of the matter and, if there is a recovery, showing the remittance to the client and the method of its determination.
Did you catch how 1.5(c) said that the fee agreement “shall” be in writing? You’ll recall that the earlier section we reviewed Rule 1.5(b) which states that our fee agreements in hourly billing circumstances should “preferably” be in writing. But in contingency matters, the agreement is required to be in writing. The reason? Conflicts.
A contingency agreement, at its heart, contains an inherent conflict of interest. The idea that a lawyer’s fee will be dependent upon the amount of the award received by the client pits the lawyer’s interest against that of the client. Sure, those interests could be aligned, but they aren’t always. A lawyer might be compelled to advise the client to make some tactical decision that is more likely to benefit the lawyer, rather than serving the best interest of the client. In that situation the lawyer’s loyalty to the client is compromised. And that’s the main issue in conflicts of interest. The drafters imposed more formalities on fee agreements in contingency situations specifically because of that danger.
Back to the Johnny Depp case…
The question you might have asked yourself earlier is, “How did the industry develop this culture of not getting a writing?” I’m sure there’s a complicated answer, but at least one motivating factor is clear. The Hollywood Reporter article quoted a top talent lawyer who said, “You sign the client and it’s an uncomfortable moment to thrust a legal agreement in front of them when you’re the person who’s supposed to be advising them on whether it’s appropriate to sign legal agreements…A lot of people make the decision it’s not worth the effort.” But that excuse isn’t going to cut it.
The fact that it might be uncomfortable to ask the client to sign a fee agreement does not absolve you of the responsibility to get that fee agreement in writing. And it doesn’t matter if that’s how it’s been done for generations. The common practice is in violation of the rules.
Of course, one might wonder— how did lawyers get away with doing it this way for so long? It’s simple — there was never a matter worth enough money to litigate. Usually what happens in these type of cases is that some “way of doing business” evolves in a particular area of law. That way of doing business doesn’t comply with the rules, but lawyers nonetheless continue to engage in that behavior because “it’s always been done that way.” The conflict between the behavior and the rules never gets tested because there’s usually not a case that’s worth enough to justify litigating. The reality is that whenever there is an argument between a lawyer and client that raises the troubling issue, the matter gets settled and the issue is never explored in court. As a result, the troubling behavior becomes part of the way of doing business. Lawyers get comfortable with the behavior and it becomes part of the culture of the industry. But then a case comes along that is worth enough money to justify litigation. The conflict between the behavior and the rules is then considered in court and that’s when we learn the lesson.
That’s what seems to have happened here. It appears that Johnny Depp is in some serious financial straits. He apparently made some very bad financial decisions and now he’s trying to recoup money wherever he can. In this case he’s making a $30 million claim against his former lawyer — and that’s a lot of money. He’s seeking so much money that there was no way the parties could settle…and that ensured that the legal issue would be explored in court. When the matter was, in fact, brought before the court, the age-old way of doing business was exposed for what it always was— behavior that violated the rules.
The lesson here is clear. Adhere to the technicalities of the rules. Forgo the temptation to comply with conventions in your industry that conflict with the rules. Because what we learn from Johnny Depp is that when the rules conflict with your culture, the rules will win.
- https://www.vanityfair.com/hollywood/2017/07/johnny-depp-kim-kardashian, last checked by the author on June 5, 2019.
- https://www.hollywoodreporter.com/thr-esq/johnny-depps-court-win-lawyers-question-handshake-contracts-1139459, last checked by the author on June 5, 2019.