In April 2000 the Law Society published a set of guidelines for the use of e-mail within the legal profession, Electronic Mail – Guidance for Solicitors.

Law firms using e-mail on a regular basis have implemented many of the recommendations, yet until now few firms had even considered one important aspect of e-mail: safe delivery of the document itself.

In its guidance, the Law Society recommends that firms should use encryption for all confidential client communications.

The guidance states: "Firms should not include confidential information in non-encrypted e-mail without the consent of clients, whether corporate or individual. In the case of individual clients, solicitors are advised to ensure that their clients fully appreciate the risks being described above."

Quite simply, a client should give permission for its law firm to send confidential material by non-encrypted e-mail, and they should be made aware that non-encrypted e-mails sent by the practice are easy prey for hackers.

But this is not happening in practice. A survey by Legal Director's sister title Legal IT found that, even among those firms that support encryption, only 1% of all mail was encrypted (see sidebar, above). Just imagine the uproar that could ensue if a sensitive and confidential e-mail was intercepted and the fact made public. How might this reflect on your business?

According to one report in The Guardian, "spying on e-mail is relatively easy to do, and some estimates put the number of intercepted e-mails as high as 10%".

Clearly, no solicitor would feel comfortable if one in 10 of their letters were opened and read before delivery to the intended recipient, yet e-mails are rarely protected in the same way as handwritten communications. Think of the last 50 external e-mails you sent. How would you feel if you knew that perhaps five of them had been read by the wrong people? More importantly, how would your clients feel?

Consider the ways in which documents are protected by traditional means of communication.

When a letter is sent by post it is sent through a trusted carrier with serious penalties for those who tamper with its delivery. If confirmation of delivery is required it can be sent by registered post and if the document is urgent it can be couriered or faxed.

The safest way to ensure that documents are delivered in a safe format by e-mail is encryption. Encryption turns a document into a code that cannot be read by anyone without the relevant 'decryption key'. Encryption technologies are now so advanced that it is all but impossible to break the code.

It is no use implementing a state-of-the-art
e-mail protection policy if the users ignore it. There are enough distractions in the legal workplace without IT adding to the burden. The best encryption packages require minimal user-intervention and simply 'plug in' to the firm's existing e-mail package, so that users familiar with one way of working do not have to spend valuable time learning another.

Encryption need not be expensive to implement. And a sensible encryption policy should encourage more e-mails, thereby cutting down on the number of documents sent by traditional means. A single-page letter sent by a firm costs a significant amount of money to send – the cost of the envelope, first class stamp and letterheaded paper means that a simple client care letter costs the practice more than 50p in supplies and postage alone. How much therefore does a 50-page contract sent by registered post cost?

E-mail encryption is often a fixed cost. A practice that sends more documents by encrypted e-mail than by expensive physical means may well find that their communications expenditure decreases with no compromise on security.

Clients have a right to expect their documents to be delivered safely. E-mail encryption is a sensible solution to the real problem of internet insecurity. It need not be a distraction to the practice and could ultimately save money and negative publicity. Why wait until it is too late?

The Law Society guidelines referred to in this article were initially published in 2000. The guidelines are currently being reviewed to bring them up to date with developments in legislation and technology – the revised guidelines will be published on the Law Society website (www.lawsociety.org.uk) in the course of 2002.

Lee Harris is UK sales manager for DeltaSeal Software, an e-mail security firm specialising in solutions for the legal profession.

The Survey
Despite Law Society guidance, law firms are divided about the merits of encryption, a survey of the UK's top 100 firms has found.

The survey by Legal Director's sister title Legal IT found that the more internationally-focused firms and those with a strong IT industry client base supported encryption – about 64% of the field. Of the remaining 36%, several said they wanted to support encryption, but complained that all the products currently available were unsuitable.

But even in those firms that supported encryption, less than 1% of all mail sent was encrypted. The head of IT at a national law firm said numerous campaigns promoting the use of encryption had failed.

In the words of another IT director, "[Lawyers] do not use it, mainly because the clients do not want it."

However, he added: "We are looking at this again and expect to implement a web-based encrypted e-mail system as we think that it is an essential service to offer." The most positive comment came from the IT director of one of the largest City firms.

He said: "E-mail encryption is an area where we are seeing an increasing level of demand from our clients. We use encryption and see the use continuing to grow in the future."

The survey's findings were based on e-mail responses from a representative cross section of 40 law firms within the UK's top 100.

Do you support encryption of e-mail communications with law firms? (contact Legal Director, [email protected])