The mission of the ISBA Standing Committee on Legal Technology shall be to advise ISBA members on the implementation of technology in their law practices; to advise other ISBA sections and committees on proposed projects; to advise other legal entities on the development of programs and systems to better circulate information to the public and expedite the practice of law on all levels; to develop a communications network for use of ISBA members, with membership on the system available upon membership in the ISBA; to serve as a clearinghouse for technical information; and to serve as a liaison between the ISBA and other bar associations, as well as non-legal entities which address technology issues.
Welcome from the ISBA Committee on Legal Technology (“COLT”). As you can see from our mission statement, our committee has a broad purview when it comes to issues regarding technology for the ISBA, its members, and the public. Frankly, we’re here to help and we really mean that. Whether it is providing input on proposed legislation, educating members regarding useful technology for the office, addressing potential malpractice and other pitfalls brought on by the rapid changes of new technologies, or providing continuing legal education, our committee is instrumental throughout the ISBA.
For those of you who believe that Microsoft Word and Excel were created by a sadist in Redmond, Washington, keep your eyes open for our Boot Camp training on Microsoft Word and Excel. This training was specifically created for lawyers by COLT and covers both basic and intermediate training for the use of these products in the law office. These sessions also include tips and tricks to make your use of these products more productive and useful. Our committee was also responsible for the technology track for the Second Annual Solo & Small Firm Conference in St. Charles, Illinois. With a wide range of state and national speakers covering a variety of topics from what technology to buy, use of Adobe Acrobat in the law office and steps you need to take to prevent a digital disaster, there was something for all knowledge levels.
In the upcoming year, we look to provide more continuing legal education including electronic data discovery and provide information on where the committee believes the “sweet spot” is for various technology purchases such as computers, monitors, printers and software.
In looking back at 2006, it has been another interesting year for lawyers and technology. We’ve seen major new software releases including new versions of Time Matters and Billing Matters software, Tabs3 and Practice Master, and Amicus Attorney. CaseSoft, the maker of products such as CaseMap, TimeMap, and NoteMap, was purchased by LEXISNEXIS. Microsoft has delayed release of its latest operating system Vista and continues to face challenges from Apple Computer and the Linux Open source movement. We continue to be faced with online scams, viruses and security issues with software on an almost daily basis. It seems every time companies come up with a new defense the bad guys are already working on a new method of attack. As users, this means that we must always be on our guard and vigilant against the cyber barbarians that are waiting to breach our defenses. Instances of computer stuffs containing confidential information, losses by credit card companies of customer data were a regular occurrence in 2006 and only reinforce the need for attorneys to safeguard their clients confidential data. This isn’t an impossible task, but it does require positive action by attorneys and their staff. We’ve seen the advent of easier to use security products as well as backup methods and hardware. Companies continue to improve their products. Further, the promise of technology allowing us to do more in a shorter period of time easier continues to entice all of us and actually matches expectations with reality most of the time.
Speech recognition technology is actually working and is a consideration for many attorneys in preparing documents and correspondence. In fact, this article has been prepared using Dragon Naturally Speaking Version 9 speech recognition software from Nuance Corporation.
Hardware manufacturers are creating more efficient central processing units with more capability at slower clock speeds, lower temperatures and reduced prices. Prices continue to drop on LCD flat-panel monitors as well as faster and larger hard drives providing digital storage at rock-bottom prices. Corel Corporation has released WordPerfect Office X3 which includes numerous enhancements and proving that rumors of its demise are premature. We’ve seen the release of new search technologies as well as the maturing of Voice over Internet Protocol (VOIP) telephony with such services as Vonage and Skype. The Internet continues to grow and the technologies and services available on the Internet become more widespread end-user friendly everyday.
The year ahead will bring many challenges and promises even more improvements in the technology that we use. His attorneys we need to embrace technology and use it to not only improve delivery of services to clients but also improve our quality of life.
It would be fair to say that the field of legal ethics is increasingly concerned with issues raised by new kinds of information and communication technology. Conversely, it would be fair to say that practicing lawyers need to be concerned about the ethical issues involved in their choices about law office technology.
The problem is not that there has been any significant change in a lawyer’s essential ethical duties. Rather, the problem is that technology has proven to be a double-edged sword—a tool and a source of risk—in the fulfillment of those ethical duties. Recent examples abound. They include Google Desktop, metadata and inadvertent transmissions of confidential information.
—Ben Cowgill on Legal Ethics <http://tinyurl.com/hbqwp>
Illinois Rule of Professional Conduct 1.6 provides that an attorney shall not reveal a confidence or secret of the client known to the lawyer unless the client consents after disclosure. In the old days when communication was strictly by word of mouth or written, compliance with the rule was easy. With the advent of all the technological advancements of the past decade inadvertent disclosure is likely to occur if proper security measures are not taken. Such disclosures could lead to serious damage to your client’s case and obviously a possible malpractice suit.
E-mail security:
In 1997 the ISBA issued Advisory Opinion 96-10.
In summary, the Committee concludes that because (1) the expectation of privacy for electronic mail is no less reasonable than the expectation of privacy for ordinary telephone calls, and (2) the unauthorized interception of an electronic message subject to the ECPA is illegal, a lawyer does not violate Rule 1.6 by communicating with a client using electronic mail services, including the Internet, without encryption. Nor is it necessary, as some commentators have suggested, to seek specific client consent to the use of unencrypted e-mail. The committee recognizes that there may be unusual circumstances involving an extraordinarily sensitive matter that might require enhanced security measures like encryption. These situations would, however, be of the nature that ordinary telephones and other normal means of communication would also be deemed inadequate.
Is the statement still correct today? Possibly not. With the changes in technology and discovery rules, do lawyers need to take extra precautions? In a word “Yes.”
E-mail programs like Microsoft Outlook can create hundreds of pieces of metadata information (see below for explanation of metadata), such as folders where messages are stored, whether messages were forwarded, whether recipients opened a message, all recipients of the e-mail (including bcc’s), and the actual e-mail addresses of each (not just the “friendly” or group distribution name). Great care needs to be taken when forwarding e-mails both in and outside of the office. A third party software metadata scrubber should always be used at the time of document creation.
As noted in the above referenced ISBA Advisory Opinion, there has always been a debate as to whether or not e-mail encryption was necessary. The argument in favor of encryption is getting stronger with each new disclosure of the government infringing upon privacy rights under various pretenses. It has been known for a long time that the FBI monitors every e-mail traveling through American Internet channels using a keyword screener. Recent disclosures have revealed security agency attempts to obtain information regarding e-mails from Internet service providers. Once a lawyer is aware of these matters, does 1.6 require that the lawyers take necessary action, such as encryption, to minimize intrusion into e-mails and other online communications concerning their clients and their cases?
Security of Client Files in the Office and Using Online Repositories:
Today, Internet technology is being used to eliminate the costs of travel, heavy mail use, and software purchases. Programs such as West’s Firm Workshare claim to provide “a secure, online collaborative workspace that enables you and your clients to easily organize and share information at any time, from anywhere.” How does the average lawyer know or understand the true security level? Likewise, what about the use of an application service provider (ASP) that is offering the use of a particular software application which requires your files to be stored on the ASP’s server? The need for ASPs evolved from the increasing costs of specialized software that have far exceeded the price range of small to medium sized businesses. In addition, the issues of upgrading have been eliminated from the end-firm by placing the onus on the ASP to maintain up-to-date service. On the negative side, however, what happens to your client’s property if the files cannot be accessed because of a dispute or the ASP going out of business?
I am not arguing for an avoidance of such programs, rather I raise the issue so that you will use utmost precaution and be sure you obtain full disclosure and explanation, hopefully with the guidance of an IT specialist.
Another area of concern is the rising costs of network maintenance. As a way of reducing those costs many service providers are installing programs on the law firm server which enable the provider to remotely access in order to perform maintenance and troubleshooting. Does this violate the lawyer’s ethical standards? The ABA Center for Professional Responsibility provides this opinion:
Question: A law firm is considering purchasing a new computer network. Office files would be stored in a central computer at the firm; all members of the firm would have access to the computer from terminals at their desks.
In order to reduce maintenance costs, the computer company that has installed the system proposes to install a terminal at its place of business so that it can have access to the firm’s main computer database (including client files) and software at its location. In this way, the computer company can troubleshoot and maintain the firm’s system at its location rather that having to come to the firm every time there is a problem. Can the firm agree to such an arrangement? What if any safeguards must it have in place to protect client confidences?
Response: ABA Formal Opinion 95-398 (1995) addresses this issue. The opinion states that lawyers in the firm must take steps to ensure that the computer company protects the firm’s client’s confidences. The computer technicians would be considered to be non-lawyer assistants under Model Rule 5.3. Rule 5.3 states that lawyers have an obligation to ensure that the conduct of the non-lawyer employees they employ, retain or become associated with is compatible with the professional obligations of the lawyer. The opinion stated further that should a significant breach of confidentiality occur, the lawyer may be obligated to disclose it to the client.
Metadata
Metadata is a component of files that contains the who, what, when and how of an electronic document. Metadata can tell the story about a particular file’s origin, including each date and time that a file is created, accessed, and modified. An integral part of a file, rather than a separate document, Metadata is created without the user doing anything special to create it. That’s why it can be so dangerous or useful depending upon the situation. There is no enterprise system for dealing with it. It is the responsibility of every attorney and support staff member to clean their own files on their workstation or laptop.
What is in Metadata?
Metadata will vary based on the file type. More recent versions of Microsoft programs allow automatic storage of the details of each individual change that was made to a file. For example, a Microsoft Word, Excel or PowerPoint file includes the following:
• The file size, type and location
• When the file was originally created, last modified, last accessed, and last printed
• The file’s original author (based on the user logged on at that time)
• Who last saved the file (again, based on the user logged on at that time)
• The number of revisions that file has experienced
• The total elapsed time that the file has been edited/opened
• Which users have rights to access the file
• Identifying data of e-mail recipients of the file
Microsoft has quietly released a tool to scrub leaky metadata from documents edited with its software. The Remove Hidden Data Add-In will permanently remove hidden and collaboration data, such as change tracking and comments, from MS Word, MS Excel, and MS PowerPoint files. It can be found at <http://tinyurl.com/zjsyd>. But beware, this tool is for Office 2003/XP only. Users of earlier versions will have to use a third party metadata scrubber.
WordPerfect documents did not retain the type of sensitive material Word did but still contained some possible damaging information. WordPerfect X3 contains a metadata removal tool which permits the user to designate items he/she wants to omit. Choices include:
Comments; Hidden Text; Annotations; Undo/Redo History; Document Summary; Headers/Footers; Hyperlinks; OLE Object Information; Routing Slip;
Neither the Illinois Bar nor the Supreme Court has yet addressed the ethical issues for lawyers. The applicable Rule of Professional Conduct relating to outgoing material is 1.6 - Confidentiality of Information. But what about a lawyer that receives a document from opposing counsel that has not been scrubbed? At this time, we can only look to other states for guidance.
The New York Bar Association has issued Opinion 749 (2001), which concluded that attorneys may not ethically use computer software applications to surreptitiously “mine” documents or to trace e-mail. New York Ethics Opinion 782 (2004), further concluded that New York lawyers have a duty to use reasonable care when transmitting documents by e-mail to prevent the disclosure of metadata containing client confidences or secrets.
Legal commentators have published articles about ethical issues involving metadata. David Hricik and Robert B. Jueneman, “The Transmission and Receipt of Invisible Confidential Information,” 15 The Professional Lawyer No. 1, p. 18 (Spring 2004). See also, Brian D. Zall, Metadata: Hidden Information in Microsoft Work Documents and its Ethical Implications, 33 Colo. Lawyer No.10, p. 53 (Oct. 2004).
In Florida the Board of Governors of The Florida Bar passed a resolution that metadata mining is something lawyers should not do. “I have no doubt that anyone who receives a document and mines it . . . is unethical, unprofessional, and un-everything else,” said board member Jake Schickel, who made the motion that the board express its disapproval of the practice.
A perfect example of the dangers of not following security measures came from then President-elect Hank Coxe. He said a senior partner in his firm was working on a brief which was requested by another firm for a case it was working on. When the partner finished the brief, he offered to fax it, but the other firm asked that it be e-mailed. That firm then mined it for metadata. What they got, Coxe said, was a history showing every change that had been made to the document, as well as who had worked on it. At one point, the client had been e-mailed for input and the client had replied by e-mail. Both had been attached to the document as it was being prepared and later deleted; and both communications were recovered by the other law firm.
In response to the Board of Governors, the Ethics Committee of The Florida Bar issued the following opinion:
In order to maintain confidentiality under Rule 4-1.6(a), Florida lawyers must take reasonable steps to protect client confidences in all types of documents and information that leave the lawyers’ offices, including electronic documents and electronic communications with other lawyers and third parties. The duties of a lawyer when sending an electronic document to another lawyer and when receiving an electronic document from another lawyer are as follows:
(1) It is the sending lawyer’s obligation to take reasonable steps to safeguard the confidentiality of all communications sent by electronic means to other lawyers and third parties and to protect from other lawyers and third parties all confidential information, including information contained in metadata, that may be included in such electronic communications.
(2) It is the recipient lawyer’s concomitant obligation, upon receiving an electronic communication or document from another lawyer, not to try to obtain from metadata information relating to the representation of the sender’s client where the recipient knows or should know that the information is not intended for the recipient. Any such metadata is to be considered by the receiving lawyer as confidential information which the sending lawyer did not intend to transmit. See, Ethics Opinion 93-3 and Rule 4-4.4(b), Florida Rules of Professional Conduct, effective May 22, 2006.”
Use of Internet to Disseminate Information
Many lawyers are using the Internet for marketing purposes and to disseminate information to clients and potential clients. Illinois Rules of Professional Conduct 7.1, 7.2, 7.3 and 7.4 are the most relevant to such activity. Use of Web sites, blogs, RSS feeds, etc present a set of problems that at first glance would seem to indicate the necessity of new ethical rules. Many states, however, have concluded that existing rules relating to attorney-client relationships and marketing/advertising can be applied to the use of technology.
One of the key issues in these types of scenarios is whether or not an attorney-client relationship is formed. If it has, the Rules of Professional Conduct are fully applicable. If not, many of those rules do not apply. “One of the problems with trying to establish clarity, however, is that the existence of the attorney-client relationship is in the eye of the beholder. The fundamental test of the existence of the relationship is whether the recipient of the services believes there is the relationship and whether, considering all of the circumstances, that belief is reasonable.” (Hornsby, William, This Way be Dragons: Malpractice and Ethics Issues in and E-Lawyering World, A presentation for ABA Techshow, 2006, P.3).
Hornsby suggests that the question to ask yourself is, “Are you providing only legal information and not legal advice?” Legal information is usually deemed to be that which is general information, such as that which can be found in a book, while legal advice is that which is fact-specific. Hornsby relates a standard to govern the dichotomy proposed by technology consultant Richard Zorza that asks “Can two lawyers can give two different answers to the same question and neither one be committing malpractice?” If so, it is legal advice. If they are unable to do so, and there is a single (factual) reply, it is legal information.
Disclaimers:
Disclaimers also have an important place when a delivery mechanism seeks to avoid the establishment of an attorney-client relationship. Since the individual’s belief that the relationship exists must be a reasonable one, clearly informing the individual the services do not arise to the level of a relationship should negate a claim that they do. However, the services need to be limited as well. A disclaimer is not likely to be effective if the service provider then does that which it is disclaiming. This is why the information-advice dichotomy is important.
If a law firm can be disqualified because it received information from a prospective client during a face-to-face meeting or phone call, can it likewise be disqualified if it reviews the same information sent by e-mail from a client seeking in good faith to hire the firm?
As one commentator posited: Suppose an online visitor submits an inquiry to an attorney along with the requisite information, and, before responding, the attorney determines that a partner or other member of the firm already represents the opposing party. The attorney is now in receipt of information that could create an impermissible conflict such that the online visitor making the inquiry can attempt to force a withdrawal of representation of opposing party. Unfortunately, this scenario has actually occurred many times.
A visit to most law firms’ Web sites reveals that lawyers are posting many different kinds of contractual terms of use there—terms that are often called “disclaimers.” Many firms post disclaimers on their sites that state, essentially, that any information sent by e-mail before the firm agrees to represent the transmitting party will not be held to be confidential by the firm. Others say that no attorney-client relationship will be formed by submitting the information.
If the lawyer has a Web site and is required to negate an intent to form an attorney-client relationship, there are right and wrong ways to do so. Simply relying, as many firms do, on passive “terms of use” accessible through a “disclaimer” or “legal notices” link on the bottom of their homepage probably does not create an enforceable agreement. A basic principle of contract law defeats such disclaimers.
Where is the assent by the prospective client? The courts in addressing web-contracts are holding that terms which are merely somewhere on a Web site are not part of a contract formed by a Web site user. Instead, only terms that are affirmatively “clicked” and agreed to are part of the agreement. Thus, those firms with a “disclaimer” or “terms of use” link on their homepage that links to a page that contains the term of use regarding the confidentiality of e-mail sent by prospective clients likely have not done enough to create an enforceable agreement with any prospective client. In my opinion, click wraps are an absolute necessity to to prove to a court that the prospective client manifested assent to the terms. Without manifested assent, the terms are not binding on the prospective client. When creating your Web site set it up so that a click on “Contact Us” takes the person to the disclaimer terms and that in order to proceed to transmit a message to you the person must affirmatively click on an assent button.
E-mails emanating from an attorney should have a claim of privilege clearly stated in the e-mail. The typical language is:
Confidential Communication Prepared by an attorney; Privilege review required
This e-mail (including attachments) is covered by the Electronic Communications Privacy Act, 18 U.S.C. 2510 - 2521, is privileged and confidential under the attorney/client privilege and/or attorney work product privilege. If you are not the intended recipient of this communication, you are hereby notified that any retention, dissemination, distribution or copying of this communication is strictly prohibited. Please reply to the sender either by e-mail or telephone (xxx-xxx-xxxx) that you have received this communication in error; then please delete this e-mail without disclosing its contents to anyone.
Many law firms, particularly those not practicing in the area of tax, include the following disclaimer on both their e-mails and their Web site. This is done because of the fear of the effect of IRS Circular 230 <http://www.irs.gov/pub/irs-pdf/pcir230.pdf>. I do not know if such a disclaimer is truly necessary, nor if the example is legally sufficient. I know of no cases where it has been tested yet.
IRS CIRCULAR 230 NOTICE: To ensure compliance with requirements imposed by the IRS, we inform you that any U.S. tax advice contained in this communication (or in any attachment) is not intended or written to be used, and cannot be used, for the purpose of (i) avoiding penalties under the Internal Revenue Code or (ii) promoting, marketing or recommending to another party any transaction or matter addressed in this communication (or in any attachment).
__________
Resources:
1. Redacting With Confidence: How to Safely Publish Sanitized Reports Converted from Word to PDF, by Information Assurance Directorate - National Security Agency, Dec. 2005 <http://www.fas.org/sgp/othergov/dod/nsa-redact.pdf>.
2. The Mysterious World of Metadata by Dennis Kennedy, Jan. 2005, <http://www.denniskennedy.com/archives/000891.html>.
3. Metadata (and other things that go bump in the night) Catherine Sanders Reach, Director, ABA Legal Technology Resource Center, July 2006 <http://www.abanet.org/tech/ltrc/presentations/neumillermetadata.pdf>.
4. Managing the Security and Privacy of Electronic Data in a Law Office by Lawyers’ Professional Indemnity Company. <http://www.practicepro.ca/practice/PDF/ManagingSecurityPrivacy.pdf>.
5. Directions For Enabling Security Features On Wireless Access Points by Dan Pinnington, Jan. 2005. <http://www.practicepro.ca/practice/pdf/EnablingSecurityFeaturesonWirelessRouter.pdf>.
6. Enhancing Mobile Security by Jeff Beard, Law Office Computing Mar. 2006. <http://www.lawtechguru.com/files/Enhancing%20Mobile%20Security%20-%20LOC%20Feb-March%202006.pdf>
7. Securing Your Computer, Applications, Systems & Records - ABA Legal Technology Resource Center, May 2006. <http://www.abanet.org/tech/ltrc/presentations/apisecurity.pdf>.