When Will Lawyers Ever Learn? From Email Security to Metadata Confusion
Are lawyers stupid? Or, are lawyers lazy? Or, are lawyers competing to see who can keep his head in the sand the longest? What else can explain two recent events that should serve as warnings that we cannot continue to ignore our obligations to clients.
August 23, 2018 at 02:53 PM
9 minute read
Are lawyers stupid? Or, are lawyers lazy? Or, are lawyers competing to see who can keep his head in the sand the longest? What else can explain two recent events that should serve as warnings that we cannot continue to ignore our obligations to clients.
One event was a July 27 federal court ruling involving an attorney who failed to review the metadata (hopefully you know what that is) in electronic files produced by a client. The other “event” involves three attorneys who represent other attorneys with disciplinary and professional conduct concerns. Each revealed that lawyers are either stupid, too lazy to learn information necessary to practice in a world of technology, or merely ignore the warnings about the need to protect the confidentiality of client communications.
Regardless of the situation, each event should have served as a reminder that today's practice of law differs dramatically from how we practiced a decade ago. Just as advances in medical research and technology make it unacceptable for physicians not to know or use procedures that were not invented when they attended medical school, lawyers need to know about the relevant advances in technology.
Let's examine each situation. First, the practicing attorneys, then metadata.
|Unsecure Email Accounts
Attorneys who represent other attorneys in ethical and professional responsibility matters should recognize the importance of assuring confidentiality in their client communications. For example, one Pittsburgh area attorney who represents attorneys, judges, and bar applicants explains on his website that he selected his office location for both its confidentiality and convenience, with confidentiality paramount. It is one of the reasons my office is in the suburbs and separate from other attorneys' offices; the location assures that attorney clients can meet with me confident that their colleagues will not accidentally see them.
That is why I was surprised, actually shocked, to learn that a few of my colleagues who represent attorneys in disciplinary and professional responsibility matters still use Gmail, AOL, Yahoo and other free services to communicate with and to send confidential and sensitive materials to clients. One would have expected that lawyers advising other lawyers about ethical matters would, at a minimum, recognize their obligations to maintain confidentiality, but apparently not.
The lack of privacy in these services isn't hidden. The Aug.13 issue of Bloomberg Businessweek, included a feature article, “Is Apple Really Your Privacy Hero?” The item discussed the dichotomy between Apple's statement that “Privacy is a human right” and the fact that Apple has same security issues facing other tech giants, including Facebook and Google.
What Apple does, the article explained, is leave the security of stored data to the independent developers that the create the products available in its App Store. For years, Apple has permitted iPhone app developers to store and sell data from users who allow the apps to access their contact lists, which could include the names and contact information of law firm clients. While Apple recently revised its rules regarding the storage and sale of such data, the article explained that company “does nothing to make it technically difficult for developers to harvest the information.”
Similar situations exist with Gmail, and numerous other email apps. For years, Gmail's privacy policy for its free services stated that it scanned a user's emails and other items, and that users gave Google an unfettered right to do almost anything the company wanted with the content. Although Google announced in 2017 that it would stop using consumer Gmail content for ad personalization, the company still collects a wide range of information, including the names of people with whom you communicate or share content, such as your clients.
Just this past week, Associated Press investigators discovered, and Princeton researchers confirmed, that many Google services on Android devices and iPhones store a user's location data even if the user used a privacy setting designed to prevent Google from doing so. Even worse, even when users turn off the location history feature, some Google apps automatically store time-stamped location data without asking.
Combine this with the insecurity of email, and it makes one wonder why attorneys still use these free services. Let's look at Gmail. Google “refreshed” Gmail this year, adding multiple new features designed to make sorting through a user's inbox more convenient. These features also mean that Google's artificial intelligence automatically sifts through a user's messages.
Oath, the successor to both AOL and Yahoo, has a new email privacy policy, which states: “Oath analyzes and stores all communications content, including email content from incoming and outgoing mail. This allows us to deliver, personalize and develop relevant features, content, advertising and services.”
Thus, attorneys who use these free services do so knowing (or they should know) that these free services scan and score highly sensitive confidential information that their clients, whether they are attorneys or nonattorneys, have never permitted them to reveal to others, including giant corporations intent on analyzing and selling that data.
Those attorneys are also failing to comply with their obligations to protect client data, including email communications, an issue that is far from new. In formal opinion 2011-200, issued seven years ago, the Pennsylvania Bar Association legal ethics committee explained that the use of web-based email such as AOL, Hotmail, Gmail, and Yahoo “carries with it risks that attorneys should be aware of and mitigate in order to stay in compliance with their ethical obligations.” The opinion noted that “reasonable care in transmitting and storing client information through webmail is appropriate [and that] attorneys may use [web-based] email but must, under appropriate circumstances, take additional precautions to assure client confidentiality.”
For attorneys facing potential disciplinary charges, what could be more sensitive than information relating to those proceedings? Yet some attorneys who represent attorneys are either oblivious to or do not care about this ethical obligation. What message does that send to their attorney clients? And what message does it send to clients in general when attorneys use these free services when virtually every news outlet is reporting how the data flows from these products like a leaky dam.
|So, What Is Metadata and Why Does It Matter?
If you don't know the answer to this question, you have not been paying attention. Metadata is information about an electronic file such as a Word document, an Excel spreadsheet, or a photograph. Consider attorney Jason Leventhal, who apparently was not paying attention.
Leventhal filed a civil rights action on behalf of Angela Lawrence, in which the client alleged that New York Police officers entered Lawrence's home without a warrant, pushed her to the floor, damaged her property and stole more than $1,000 in cash. Lawrence provided Leventhal with photos that she claimed depicted the condition of her apartment several days after the incident. He saved the pictures, converted them to PDF files, Bates-stamped them, and produced them to the defendants. He was unfamiliar with “electronically stored metadata,” however.
During her depositions, Lawrence provided conflicting accounts of who took the photos, as well as varying explanations of when they were taken. Although his client provided conflicting testimony, Leventhal did not believe she was testifying falsely. Because of the conflicting testimony, the defendants requested the smartphones used to take the pictures. Leventhal eventually produced the photographs in their native (original) format, including the metadata.
When the defendants examined the photos' metadata, they learned that 67 of the 70 pictures were taken in September 2016, two years after the incident and just before the client provided them to Leventhal. Thereafter, Leventhal moved to withdraw as counsel based upon the information discovered about the photos and “other events.” The defendants then filed a motion for sanctions against Leventhal and his now-former client.
Although the court declined to sanction Leventhal, the July 27 opinion of Judge William Pauley, III raises interesting questions that should make every attorney think carefully:
- Do you know what metadata is?
- Do you review the metadata from electronic files received from clients, or from opposing counsel?
- Do you have an obligation under the applicable procedural rules to review such metadata?
- Do you have an ethical obligation under the Rules of Professional Conduct to review such metadata?
- Are you providing competent representation if you do not review the metadata in files whether received from your client or from opposing counsel?
If you don't know what metadata is, then you should review Formal Opinion 2009-100 from the Pennsylvania Bar Association's Legal Ethics Committee, which discusses an attorney's obligations relating to metadata. In the opinion, the committee concludes that: “An attorney has an obligation to avoid sending electronic materials containing metadata, where the disclosure of such metadata would harm the client's interests. In addition, an attorney who receives such inadvertently transmitted information from opposing counsel may generally examine and use the metadata for the client's benefit without violating the Rules of Professional Conduct.”
Alternatively, you could feign ignorance and hope that, should the circumstances arise, you will be treated as leniently as attorney Jason Leventhal was.
Daniel J. Siegel, principal of the Law Offices of Daniel J. Siegel, provides ethical guidance and Disciplinary Board representation for attorneys and law firms; he is the editor of “Fee Agreements in Pennsylvania” (6th Edition) and author of “Leaving a Law Practice: Practical and Ethical Issues for Lawyers and Law Firms” (Second Edition), published by the Pennsylvania Bar Institute. He can be reached at [email protected].
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllMatt's Corner: Pa.R.D.E. 217—Obligations of a Formerly Admitted Attorney
2 minute readPa. High Court's Revision of Rule 7.1 Tightens Previous Guidance on Firm Names
6 minute readIf You Are Too 'Busy' to Communicate With Your Client, You Better Think Again
5 minute readTrending Stories
- 1Ben Brafman Defending Celebrity Rabbi in Lawsuit by Miami Hotel
- 2People in the News—Dec. 23, 2024—Barley Snyder, Marshall Dennehey
- 3How I Made Office Managing Partner: 'Be a Lawyer First, Foremost and Always,' Says Matthew McLaughlin of Venable
- 4Bar Report - Dec. 23
- 5Recent Decisions Regarding the Telephone Consumer Protection Act
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250