Many attorneys, as with a large contingent of the general public, do not possess much, if any, technological savvy. Although the Committee does not believe that attorneys must develop a mastery of the security features and deficiencies of each technology available, the duties of confidentiality and competence that attorneys owe to their clients do require a basic understanding of the electronic protections afforded by the technology they use in their practice. If the attorney lacks the necessary competence to assess the security of the technology, he or she must seek additional information or consult with someone who possesses the necessary knowledge, such as an information technology consultant.
California State Bar Professional Responsibility and Conduct Formal Opinion No. 2010-179, page 5.
Some associate attorney went out for coffee and got a lot more than an espresso with a twist of lemon.
California attorneys now need to consider 6 factors before enjoying a mocha and sending work emails on a firm issued laptop while on a coffee shop’s WiFi service according to the California State Bar Professional Responsibility and Conduct Formal Opinion No. 2010-179.
The Opinion addressed whether an attorney violates their duties of confidentiality and competence when transmitting or storing confidential information that might be susceptible to third parties. Opinion No. 2010-179. In short, an associate attorney sending work emails from Starbucks on her laptop. And since the lawyer lives in the 21st Century with a monthly billable hour requirement, she takes her laptop home every night to do legal research on her cases using her wireless Internet connection.
The Opinion rationally discussed an attorney’s ethical duty to preserve client confidences. For example, if a lawyer is on an airplane and working on a computer, they should turn the screen, so the person sitting next to them cannot see it. Opinion No. 2010-179, fn 9.
Fear of hacking while on a wireless network is real. For example, Firefox can be hacked by the add-on Firesheep. This hacking add-on “adds a sidebar to Mozilla’s Firefox browser that shows when anyone on an open network — such as a coffee shop’s Wi-Fi network — visits an insecure site. ‘Double-click on someone [in the sidebar] and you’re instantly logged on as them.’” See, New Firefox add-on hijacks Facebook, Twitter sessions, Last Visited on 11/04/2010
As Opinion No. 2010-179 highlights, lawyers have an express duty to “[t]o maintain inviolate the confidence, and at every peril to himself or herself to preserve the secrets, of his or her client.” Opinion No. 2010-179, page 2, citing (Bus. & Prof. Code, § 6068, subd. (e)(1).)
Furthermore, California Rules of Professional Conduct, Rules 3-110(A) “prohibits the intentional, reckless or repeated failure to perform legal services with competence.” Opinion No. 2010-179, page 2.
Moreover, “’competence’ may apply to an attorney’s diligence and learning with respect to handling matters for clients.” Opinion No. 2010-179, page 2, citing Rules Prof. Conduct, rule 3-110(B).
The Opinion outlined the following six factors before using wireless communications:
1) The level of security attendant to the use of that technology, including whether reasonable precautions may be taken when using the technology to increase the level of security;
2) The legal ramifications to a third-party who intercepts, accesses or exceeds authorized use of the electronic information;
3) The degree of sensitivity of the information;
4) The possible impact on the client of an inadvertent disclosure of privileged or confidential information or work product;
5) The urgency of the situation; and
6) The client’s instructions and circumstances, such as access by others to the client’s devices and communications.
Opinion No. 2010-179, page 1.
The Committee ultimately found the following:
“[D]ue to the lack of security features provided in most public wireless access locations, Attorney risks violating his duties of confidentiality and competence in using the wireless connection at the coffee shop to work on Client’s matter unless he takes appropriate precautions, such as using a combination of file encryption, encryption of wireless transmissions and a personal firewall.”
Opinion No. 2010-179, page 7.
The Opinion stated that using a public wireless network might violate a lawyer’s ethical obligations, because of the “sensitivity” of the case. Id.
The Committee also stated that using a personal wireless network to work from home would not violate a lawyer’s ethical duties, provided the network is configured with “appropriate security features.” Id.
Translated: You might need your coffee to go, but working from home on the weekends should be ok.
Bow Tie Thoughts
People are used to having wireless technology, especially as we become more “App” and “Cloud” dependant. However, attorneys must always be aware of their ethical duties as they look to use new technologies.
Accessing email from a coffee shop is one thing, but there could be greater issues if an attorney is doing document review on a hosted review platform. While document review can be extremely painful and working at a coffee shop a welcome break, attorneys should be very mindful where they are accessing “stored confidential information” on a public wireless network to avoid discovery and attorney work product from being hacked.