Sometimes finding free Wi-Fi feels like finding buried treasure. A laptop user who finds free Wi-Fi in a coffee shop is comparable to a deep sea diver who finds a tank of oxygen. However there is a downside– many of those networks are unsecured and vulnerable to being compromised. That poses a problem for attorneys because our client’s confidential information may be exposed if we use an unsecured wireless network to perform work on their behalf. The question then becomes, are lawyers permitted to use unsecured wireless networks to do client work?
The issue of course, is confidentiality because an unsecured wireless network is easily accessed by hackers. The concept of competence is also in question because comments  and  of Rule 1.1 (“Competence”) remind lawyers that we must, “act competently to safeguard information…against …unauthorized disclosure” and that when transmitting a communication we must, “take reasonable precautions to prevent the information from coming into the hands of unintended recipients.” California tackled the question directly in Formal Opinion No. 2010-179.
The Committee said that lawyers should not use unsecured wireless connections when working on client matters. The opinion states,
“With regard to the use of a public wireless connection, the Committee believes that, due to the lack of security features provided in most public wireless access locations, Attorney risks violating his duties of confidentiality and competence in using the wireless connection at the coffee shop to work on Client’s matter unless he takes appropriate precautions, such as using a combination of file encryption, encryption of wireless transmissions and a personal firewall. [FN omitted] Depending on the sensitivity of the matter, Attorney may need to avoid using the public wireless connection entirely or notify Client of possible risks attendant to his use of the public wireless connection, including potential disclosure of confidential information and possible waiver of attorney-client privilege or work product protections, and seek her informed consent to do so. [FN omitted]
Finally, if Attorney’s personal wireless system has been configured with appropriate security features[FN omitted] the Committee does not believe that Attorney would violate his duties of confidentiality and competence by working on Client’s matter at home. Otherwise, Attorney may need to notify Client of the risks and seek her informed consent, as with the public wireless connection.”
The Takeaway: If your jurisdiction agrees with California, you can’t use wireless networks for client matters (unless you take the recommended precautions, none of which are practical/realistic). Even if your state hasn’t stated that they agree with California it’s probably a good idea to abide by their direction anyway. After all, the only way you’ll know your state’s position for sure is when the Bar finally acts, either because they were asked to opine on the subject or they are disciplining someone. The question I ask myself is…do I want to be that person who “makes the law” by being the first person to be disciplined?
I love this opinion for another reason—the opinion listed 6 factors that an attorney should consider when evaluating new technologies. Those factors could be helpful to attorneys everywhere when evaluating whether they could use new systems in the future. Here are the factors (but I encourage you to read the opinion because they’re explained more fully and it makes better sense after you read that text).
1- An attorney’s ability to assess the level of security afforded by the technology, including (i) how the technology differs from other media use (ii) whether reasonable restrictions may be taken when using the technology to increase the level of security and (iii) Limitations on who is permitted to monitor the use of the technology to what extend and on what grounds.
2- Legal ramifications to third parties of intercepting the information
3- The degree of sensitivity of the information
4- The possible impact on the client of an inadvertent disclosure
5- The urgency of the situation
6- Client instructions and circumstances
The Takeaway: As time goes by, lawyers will find themselves wondering whether they can ethically use new technologies and California’s Opinion will help provide that answer. The opinion provides these “technology permissibility factors” (my term) that a lawyer could use to evaluate the permissibility of those new technologies.
Granted, the California Opinion may not be binding in your jurisdiction, but it wouldn’t be such a bad idea to consider the factors when you find yourself in a pickle in the absence of a direct ruling from your home jurisdiction. Consider how a disciplinary board would react if you were faced with a new technology, but before using it you evaluated the California “technology permissibility factors” and wrote a memo to the file detailing your analysis. I would expect that a disciplinary board would look favorably upon you in a hearing situation.