You are at the helm of the Starship Enterprise, and are boldly going where no one has gone before.
Suddenly on the viewscreen a shining and twirling object that you can’t quite make out appears and is approaching the ship at warp speed. You only have seconds to decide your next move. You turn to your trusted science officer who raises one eyebrow and who calmly, without emotion explains:
“Obviously this is an alien phishing expedition that is seeking to compromise and enter our computer network to assess our strategic vulnerabilities. I have reset our computer password to incorporate all known password protections. I have also isolated several weaknesses otherwise known as “back doors” in our computer system and have installed appropriate security protocols or “patches” as we call them on our home planet.”
He pauses and then says, “Captain, using your birthdate and the numbers 123 as a password was illogical and inadvisable.
He looks at you briefly, and you sense the faintest expression of a wink (or is it perhaps annoyance??) but you are never quite sure which. He then turns his attention back to his science station…
Competence
The advent of widespread use of technology continues to affect the way that law is practiced, the ethical ramifications of which continue to be the subject of constant study by the legal profession. By way of example, at this year’s ABA Center for Professional Responsibility’s National Conference on Professional Responsibility held in Denver, five of fourteen panels held at the conference discussed the implications of technological developments on a lawyer’s ethical duties. A listing of these panel discussions and links to the accompanying materials are available here.
At the core of these duties is the requirement that lawyers exercise competence under Rule 1.1 Competence when using such technologies. This competence requirement is being rapidly redefined to require higher level abilities and greater technological sophistication as ethics committees struggle to define what it means to be competent in law-related technology. See, the May 2014 Tip of the Month, Competence: Acquire it or Hire it.
Competence is frequently cited as an ethical obligation that mandates specific knowledge and awareness of the implications brought on by the use of technology.
This emphasis was manifested in 2012 when pursuant to the ABA Ethics 20/20 Commission’s recommendations the ABA Amended the Comment to Model Rule 1.1 as follows:
Passwords; email security
Examples of areas where a basic understanding of technology is required is the proper use of passwords and the use of email. (See the February, 2013 ETHICSearch Tip of the Month How Ethical is Your Password? and last month’s Eye on Ethics column titled, Encryption conniption.
E-mail and password security have come under scrutiny in the divorce and employment law contexts because email privacy may already be compromised. In the employment context, employers generally own the email system and control how it is used within the company. In situations leading up to divorce, one spouse may have access to the other’s e-mail account. Spouses often share passwords at least at one time or another and if the partner’s password is not known often the general approach to a password selection is familiar to the other party. Depending on the circumstances, sharing the email password could be regarded as giving consent to access. Depending on just how the spouse gained access to the account, one spouse may be deemed to have waived his right to privacy – this is a legal as opposed to ethical question. See, e.g. Parnes v. Parnes, 80 A.D.3d 948, 915 N.Y.S.2d 345 (2011).
Privacy laws are complex and a side trip of litigation into this area based on the flow of information between now divorcing spouses or clients with an employment claim does not serve anyone well. It is important that a lawyer in this area advise the client early in the process to change passwords and to limit use of public and employers’ computers for communications with the lawyer. See USA Today Divorcing? 5 things to do online now.
In ABA Formal Opinion 11-459 (August 4, 2011) the ABA Standing Committee on Ethics and Professional Responsibility addressed password security and the duty of the lawyer to be sensitive to situations where privacy is not adequate and the lawyer’s duty under Rule 1.1 to warn the client of risks involved is settings where email privacy has the potential to be compromised.
The headnote of the opinion states:
See Also North Carolina Ethics Opinion 2012-5, (2012) (lawyer should warn client against using employer’s computer to communicate with lawyer); Washington Informal Ethics Op. 2217 (lawyer must warn client against sending confidential information on unsecured device).
In the past, email has generally been viewed as a form of communication that has a reasonable expectation of privacy. However, recently ethics experts and at some state bar ethics committees are warning against banking on this assumption. See, e.g. last month’s Eye on Ethics column Encryption conniption that discussed among other things State Bar of Texas Ethics Committee Opinion 648 (2015). The Texas opinion warned about sending highly sensitive information through unencrypted accounts, sending to shared email accounts, email accounts where a spouse of family member knows the password, or an employer’s computer, public computers or insecure networks, devices that are not password protected and situations where the lawyer is “concerned that the NSA or other law enforcement agency may read the lawyer’s email communication, with or without a warrant.”
Social Media guidelines
In just the last four months ethics opinions issued by major state bar‘s ethics committees have applied the competence obligation to technological abilities and decided that lawyers must be conversant with their pros and cons in order to meet their ethical obligations particularly when advising clients about what to post or remove from their social media websites. See, the February, 2015 Tip of the Month, Privacy Settings and Postings on Social Media: Etched in Plastic or Carved in Stone? Recently, the California State Bar Comm. on Prof’l Responsibility & Conduct, set out requirements for lawyers dealing with e-discovery and required ability and understanding of the issues inherent in e-discovery, including proper handling of electronically stored information (ESI)in Formal Opinion 2015-193 (2015). In June, the New York State Bar Association issued updated guidelines to assist lawyers in understanding the ethical challenges of social media.” See, The Social Media Ethics Guidelines of The Commercial and Federal Litigation Section of the New York State Bar Association www.nysba.org/socialmedi…. These Guidelines set a considerable standard of expertise for lawyer’s use of social media with Guideline No. 1 titled “Attorneys’ Social MediaCompetence that states as follows:
Beware of Internet Scams
In Opinion 2015-3, the New York City Bar Association Ethics Committee found that lawyers have an obligation to investigate and evaluate Internet schemes that offer lucrative legal business and end up draining the lawyer’s trust account. For further information, see the July Tip of the Month, Beware of would-be “Clients” Bearing Bogus Gifts.
When navigating the emerging and ever changing world of technology that is now in use in the law practice universe, it may be necessary from time to time to doff your science officer’s cap. Have a basic understanding of how the technologies you use works and the attendant risks they may pose to your practice. If you don’t have such an understanding, consult with someone who does.
As always, check the local rules of professional conduct, ethics opinions and case law of the jurisdiction. Your state or local bar association may also be able to help.
— Peter Geraghty, ETHICSearch Director and
Susan Michmerhuizen, ETHICSearch Counsel
