Lawyers, as a group, just don't seem to “get it.” Some do, others try, but many lawyers still seem oblivious to the ever-changing swirls of ethics and technology that apply to our profession. Based on the feedback from this column, I can only conclude that many lawyers still do not recognize, or do not want to recognize, the extent to which technology and ethics intersect every aspect of their lives (both professional and personal), and how their failure to address these issues can impact their clients and their practices.

With that in mind, here's my top-eight wish list of techno-ethics matters for which I hope lawyers will finally “get religion” in 2019.

|

Metadata

Recently, I received a document from opposing counsel containing a draft of a proposed agreement. Sent in Microsoft Word format, the agreement seemed reasonable, but I wondered if it would be beneficial to add some additional language more favorable to my client. Finding that language was easy; in fact, opposing counsel provided it to me.

How? He had failed to scrub the document of metadata, that is, “information about data” contained in electronic materials not ordinarily visible to those viewing the information. Most commonly found in documents created in Microsoft Word, metadata is also present in other formats, including spreadsheets, PowerPoint presentations and Corel WordPerfect documents.

Although metadata generally contains seemingly harmless information such as spelling or punctuation changes, it may also contain privileged and confidential information, such as previously deleted text, notes and tracked changes, which may provide information about legal issues, legal theories and other information presumably not intended to be disclosed to opposing counsel.

In this instance, I opened my metadata scrubber software, told it to analyze the document and—voila—I could review information removed by opposing counsel from the version of the document visible to him when he sent the document.

The issue of metadata isn't new. 2019 marks one decade since the Pennsylvania Bar Committee on Legal Ethics and Professional Responsibility issued Formal Opinion 2009-100, which concluded that an attorney sending electronic documents that may contain metadata has a duty of reasonable care to remove unwanted metadata before sending them to another party or counsel. While the opinion states that an attorney receiving a document with metadata should disclose the information if he believes the disclosure was inadvertent, the time has long since passed for the “inadvertent defense” to be viable.

Although 2009 was a long time ago. It was the year Michael Jackson died, the top movie was “Harry Potter and the Half-Blood Prince,” and President Barack Obama was beginning his first term. The ensuing 10 years were certainly sufficient time for lawyers to learn about their ethical obligation to remove metadata from electronically transmitted documents.

|

Social Media—Privacy and Ignorance

Social media is “social,” which means that its goal is to share information, ideas, messages, photos and lots of personal information. As a result, clients use social media, including everyone from corporations to individuals. Social media is also rife with information that can serve as ammunition for a well-armed opponent in litigation of all types, not just the personal injury cases that receive most of the publicity.

Despite the realities that would be part of a Social Media 101 class, many lawyers claim that because they don't use social media, and “never will,” they do not have to address it in their practices. This is akin to saying that a doctor doesn't have to know the latest medical techniques because they weren't invented when she was in medical school. Plus, lawyers forget that even if they are not using social media, clients and others can leave reviews of the attorneys, many of which are less than flattering.

As a result, lawyers need to recognize the importance of discussing social media with clients, and then confirming that discussion in the fee agreements and engagement letters. They also need to recognize that social media is a potential source of information in all types of matters, and take steps to either learn how to mine it, or to have staff who can.

In addition, lawyers must be mindful that even if a client believes their social media accounts are “private,” if such a setting is really possible, their accounts and their personal information are far more public than they want to admit. Just read the front page of the New York Times, which reported on Dec. 19, that “Facebook Offered Users Privacy Wall, Then Let Tech Giants Around It.”

|

Law Firms Can Survive Without Technology

It is not uncommon the hear lawyers, particularly more “seasoned” ones, lament that they miss the days when secretaries took shorthand, and the arrival of the mailman was the highlight of the day. Those days are long gone. And they are not coming back, nor are other relics like carbon paper, onionskin paper, or IBM Selectric typewriters, which were discontinued in 1986.

Instead, we now have smartphones, that is, cellphones more technologically advanced than the Apollo rocket. In fact, you can read the surprisingly entertaining code for the Apollo rocket https://github.com/chrislgarry/Apollo-11.

Law firms must recognize that they too must advance and understand technology, not just for ethical reasons. Yes, as discussed elsewhere in this column, state Supreme Courts are now including technological competence as a component of the Rules of Professional Conduct, and some states are mandating that lawyers take technology-focused CLEs as part of their CLE requirements. But more importantly, technology improves the delivery of client services, allowing lawyers and staff to accomplish more in less time.

Despite what some naysayers preach, technology need not replace the personal touch. My office uses cutting edge technology from client intake to document assembly to matter management and for trial, yet clients meet with us at an old mahogany conference table in an old home that was converted into office space, where we take notes on paper. Why? The technology we use enables our office to complete its work more efficiently but does not convert our client interaction into an impersonal experience.

|

Email Privacy

Email is one of the least private forms of communication, a fact evidenced by the repeated headlines highlighting the email hacking of the rich and famous. As nolo.com explains, “Email might feel like a private, one-to-one conversation safe from prying eyes, but email is about as confidential as whispering at the White House. Your messages can be intercepted and read anywhere in transit, or reconstructed and read off of backup devices, for a potentially infinite period of time.”

Yet lawyers continue to attach confidential and sensitive information to emails, never considering how easily the information can get into the wrong hands. The American Bar Association warned attorneys in 2017 in Formal Opinion 477r (“Securing Communication of Protected Client Information”) that “a lawyer may be required to take special security precautions to protect against the inadvertent or unauthorized disclosure of client information when required by an agreement with the client or by law, or when the nature of the information requires a higher degree of security.” In other words, lawyers should not attach confidential and sensitive information to emails unless they take reasonable steps, such as encrypting the data (for example, password-protecting the file).

This common-sense advice is lost on many attorneys. Would they leave confidential information in their office lobby or allow anyone to rummage through the cabinets housing their clients' files? Of course not, yet they seem unconcerned with the disclosure of information in email.

The duty to protect confidential information is highlighted by the Pennsylvania Supreme Court's implementation in 2018 of a Public Access Policy, which requires attorneys and litigants to redact confidential information from court filings and to file confidential documents separately so that the public, that is, the “nosy neighbor” and others, cannot view information, such as tax returns, Social Security numbers, and medical records in court-filed documents.

|

Carbon Copies

So, do you know the difference between a carbon copy and a blind carbon copy (bcc) of an email? Do you know that a person who receives a blind carbon copy can “Reply to All” and that the reply is sent to everyone who was emailed or copied on the prior email?

Apparently, many lawyers and their support staff do not know this presumably basic piece of email procedure. Recently, there has been a surge in situations where persons who were blind carbon-copied replied to all, arguably waiving attorney-client privilege, and potentially disclosing their email address and other information to opposing counsel. As a result, state ethics committees are drafting opinions focused on whether it is permissible to carbon copy or bcc a client on email with opposing counsel, and if so, does such action waive confidentiality?

It seems that this problem can be eliminated if lawyers and staff would receive basic email training. (See Item 10.)

|

Advertising

The American Bar Association has adopted a revision to the Model Rules of Professional Conduct that would eliminate most of the ethics rules relating to advertising. Under the proposal approved by the House of Delegates in 2018, Model Rule 7.1 (“Communications Concerning a Lawyer's Services”) would state: “A lawyer shall not make a false or misleading communication about the lawyer or the lawyer's services. A communication is false or misleading if it contains a material misrepresentation of fact or law, or omits a fact necessary to make the statement considered as a whole not materially misleading.”

Although the Pennsylvania Supreme Court has not adopted this proposed revision, or changes to other advertising rules, it is time for the court to recognize that Disciplinary Counsel will not enforce any ethics rules about advertising. Consequently, the court should decide whether it should adopt this revision with the knowledge that, as with the current rules, not one lawyer is likely to be disciplined for a violation, or eliminate all such rules.

|

Training

It has been nearly six years since the Pennsylvania Supreme Court amended the Comment to Rule of Professional 1.1 to clarify that “competence” includes understanding “the benefits and risks associated with relevant technology.” While this comment often is considered in light of cybersecurity dangers, the court did not limit it in scope. Lawyers must take 12 hours of continuing legal education courses annually, for example. They must also use technology in every practice regardless of age, practice area, etc. Yet many know little or nothing about how to use basic technology such as Microsoft Outlook or Adobe Acrobat or other programs used in most law firms. Worse yet, they don't require that their staff learn how to use the tools essential to performing their daily activities.

In December 2018, North Carolina became the second state to require lawyers to take a CLE in technology, mandating one hour per year of CLE devoted to technology training. A recommendation for a similar provision is currently pending before the Pennsylvania Supreme Court. The North Carolina Supreme Court defined “technology training” as “a program, or a segment of a program, devoted to education on information technology (IT) or cybersecurity …  including education on an information technology product, device, platform, application or other tool, process, or methodology.” Hopefully, the Pennsylvania Supreme Court will follow suit.

|

Cybersecurity

Law firms, like other businesses, are targets and victims of hacking. Our files contain the types of sensitive information that cybercriminals covet. In addition, there has been a recent increase in “spear phishing” attacks, in which emails are sent to clients, which look exactly like the ones they receive from their attorneys, instructing them to wire funds for payment of taxes, fees, etc., except that the emails are bogus and those who follow the instructions will be transferring their money to generally untrackable criminals.

The technology that drives law firms and other businesses can be vulnerable, and lawyers must take reasonable precautions to protect office technology and the mobile technology that we often take for granted. One common vulnerable situation is the type of free Wi-Fi available at many businesses. Norton, one of the world's most respected security software companies, notes that users of free Wi-Fi are particularly at risk for man-in-the-middle attacks (where a hacker accesses the information you send over the internet from one device to another location), malware (software that exploits holes or weaknesses in your devices) and more.

To avoid these and other dangers, Norton recommends using a virtual private network (VPN), which secures your connections. VPN programs are inexpensive, work seamlessly in most circumstances, and eliminate the risks of public Wi-Fi.

Cybersecurity is a danger for every law firm. Hopefully, in 2019, more attorneys will recognize and prepare to prevent the risks inherent to technology.

These items are just a few of the techno-ethical areas where lawyers can improve their delivery of services and reduce the risks attendant with technology, while also assuring that confidential and sensitive information stays that way.

Daniel J. Siegel, principal of the Law Offices of Daniel J. Siegel, provides ethical guidance and Disciplinary Board representation for attorneys and law firms; he is the editor of “Fee Agreements in Pennsylvania (6th Edition)” and author of “Leaving a Law Practice: Practical and Ethical Issues for Lawyers and Law Firms (Second Edition),” published by the Pennsylvania Bar Institute. He can be reached at [email protected].