Daniel J. Siegel.

Are lawyers stupid? Or, are lawyers lazy? Or, are lawyers competing to see who can keep his head in the sand the longest? What else can explain two recent events that should serve as warnings that we cannot continue to ignore our obligations to clients.

One event was a July 27 federal court ruling involving an attorney who failed to review the metadata (hopefully you know what that is) in electronic files produced by a client. The other “event” involves three attorneys who represent other attorneys with disciplinary and professional conduct concerns. Each revealed that lawyers are either stupid, too lazy to learn information necessary to practice in a world of technology, or merely ignore the warnings about the need to protect the confidentiality of client communications.

Regardless of the situation, each event should have served as a reminder that today's practice of law differs dramatically from how we practiced a decade ago. Just as advances in medical research and technology make it unacceptable for physicians not to know or use procedures that were not invented when they attended medical school, lawyers need to know about the relevant advances in technology.

Let's examine each situation. First, the practicing attorneys, then metadata.

Unsecure Email Accounts

Attorneys who represent other attorneys in ethical and professional responsibility matters should recognize the importance of assuring confidentiality in their client communications. For example, one Pittsburgh area attorney who represents attorneys, judges, and bar applicants explains on his website that he selected his office location for both its confidentiality and convenience, with confidentiality paramount. It is one of the reasons my office is in the suburbs and separate from other attorneys' offices; the location assures that attorney clients can meet with me confident that their colleagues will not accidentally see them.

That is why I was surprised, actually shocked, to learn that a few of my colleagues who represent attorneys in disciplinary and professional responsibility matters still use Gmail, AOL, Yahoo and other free services to communicate with and to send confidential and sensitive materials to clients. One would have expected that lawyers advising other lawyers about ethical matters would, at a minimum, recognize their obligations to maintain confidentiality, but apparently not.

The lack of privacy in these services isn't hidden. The Aug.13 issue of Bloomberg Businessweek, included a feature article, “Is Apple Really Your Privacy Hero?” The item discussed the dichotomy between Apple's statement that “Privacy is a human right” and the fact that Apple has same security issues facing other tech giants, including Facebook and Google.

What Apple does, the article explained, is leave the security of stored data to the independent developers that the create the products available in its App Store. For years, Apple has permitted iPhone app developers to store and sell data from users who allow the apps to access their contact lists, which could include the names and contact information of law firm clients. While Apple recently revised its rules regarding the storage and sale of such data, the article explained that company “does nothing to make it technically difficult for developers to harvest the information.”

Similar situations exist with Gmail, and numerous other email apps. For years, Gmail's privacy policy for its free services stated that it scanned a user's emails and other items, and that users gave Google an unfettered right to do almost anything the company wanted with the content. Although Google announced in 2017 that it would stop using consumer Gmail content for ad personalization, the company still collects a wide range of information, including the names of people with whom you communicate or share content, such as your clients.

Just this past week, Associated Press investigators discovered, and Princeton researchers confirmed, that many Google services on Android devices and iPhones store a user's location data even if the user used a privacy setting designed to prevent Google from doing so. Even worse, even when users turn off the location history feature, some Google apps automatically store time-stamped location data without asking.

Combine this with the insecurity of email, and it makes one wonder why attorneys still use these free services. Let's look at Gmail. Google “refreshed” Gmail this year, adding multiple new features designed to make sorting through a user's inbox more convenient. These features also mean that Google's artificial intelligence automatically sifts through a user's messages.

Oath, the successor to both AOL and Yahoo, has a new email privacy policy, which states: “Oath analyzes and stores all communications content, including email content from incoming and outgoing mail. This allows us to deliver, personalize and develop relevant features, content, advertising and services.”

Thus, attorneys who use these free services do so knowing (or they should know) that these free services scan and score highly sensitive confidential information that their clients, whether they are attorneys or nonattorneys, have never permitted them to reveal to others, including giant corporations intent on analyzing and selling that data.

Those attorneys are also failing to comply with their obligations to protect client data, including email communications, an issue that is far from new. In formal opinion 2011-200, issued seven years ago, the Pennsylvania Bar Association legal ethics committee explained that the use of web-based email such as AOL, Hotmail, Gmail, and Yahoo “carries with it risks that attorneys should be aware of and mitigate in order to stay in compliance with their ethical obligations.” The opinion noted that “reasonable care in transmitting and storing client information through webmail is appropriate [and that] attorneys may use [web-based] email but must, under appropriate circumstances, take additional precautions to assure client confidentiality.”

For attorneys facing potential disciplinary charges, what could be more sensitive than information relating to those proceedings? Yet some attorneys who represent attorneys are either oblivious to or do not care about this ethical obligation. What message does that send to their attorney clients? And what message does it send to clients in general when attorneys use these free services when virtually every news outlet is reporting how the data flows from these products like a leaky dam.

So, What Is Metadata and Why Does It Matter?

If you don't know the answer to this question, you have not been paying attention. Metadata is information about an electronic file such as a Word document, an Excel spreadsheet, or a photograph. Consider attorney Jason Leventhal, who apparently was not paying attention.

Leventhal filed a civil rights action on behalf of Angela Lawrence, in which the client alleged that New York Police officers entered Lawrence's home without a warrant, pushed her to the floor, damaged her property and stole more than $1,000 in cash. Lawrence provided Leventhal with photos that she claimed depicted the condition of her apartment several days after the incident. He saved the pictures, converted them to PDF files, Bates-stamped them, and produced them to the defendants. He was unfamiliar with “electronically stored metadata,” however.

During her depositions, Lawrence provided conflicting accounts of who took the photos, as well as varying explanations of when they were taken. Although his client provided conflicting testimony, Leventhal did not believe she was testifying falsely. Because of the conflicting testimony, the defendants requested the smartphones used to take the pictures. Leventhal eventually produced the photographs in their native (original) format, including the metadata.

When the defendants examined the photos' metadata, they learned that 67 of the 70 pictures were taken in September 2016, two years after the incident and just before the client provided them to Leventhal. Thereafter, Leventhal moved to withdraw as counsel based upon the information discovered about the photos and “other events.” The defendants then filed a motion for sanctions against Leventhal and his now-former client.

Although the court declined to sanction Leventhal, the July 27 opinion of Judge William Pauley, III raises interesting questions that should make every attorney think carefully:

• Do you know what metadata is?
• Do you review the metadata from electronic files received from clients, or from opposing counsel?
• Do you have an obligation under the applicable procedural rules to review such metadata?
• Do you have an ethical obligation under the Rules of Professional Conduct to review such metadata?
• Are you providing competent representation if you do not review the metadata in files whether received from your client or from opposing counsel?

If you don't know what metadata is, then you should review Formal Opinion 2009-100 from the Pennsylvania Bar Association's Legal Ethics Committee, which discusses an attorney's obligations relating to metadata. In the opinion, the committee concludes that: “An attorney has an obligation to avoid sending electronic materials containing metadata, where the disclosure of such metadata would harm the client's interests. In addition, an attorney who receives such inadvertently transmitted information from opposing counsel may generally examine and use the metadata for the client's benefit without violating the Rules of Professional Conduct.”

Alternatively, you could feign ignorance and hope that, should the circumstances arise, you will be treated as leniently as attorney Jason Leventhal was.

Daniel J. Siegel, principal of the Law Offices of Daniel J. Siegel, provides ethical guidance and Disciplinary Board representation for attorneys and law firms; he is the editor of “Fee Agreements in Pennsylvania” (6^th Edition) and author of “Leaving a Law Practice: Practical and Ethical Issues for Lawyers and Law Firms” (Second Edition), published by the Pennsylvania Bar Institute. He can be reached at [email protected].