Some time ago, I wrote a couple of articles on the ethics of electronic communications (faxes, cell phones, email, and voice mail). Recently, I have read several articles on email that indicate the ethical considerations for this form of communication have changed. Attorneys and their staffs have an obligation to protect confidential client information from inadvertent disclosure. As mentioned in my previous article, although encrypted email provides an extra degree of protection, many encryption programs don’t communicate with each other, necessitating that the sender and recipient have the same encryption program. The ABA has determined that even unencrypted email communications sent over the Internet have no greater risk of being intercepted or disclosed than other methods of communication. There is also a reasonable expectation of privacy with email. In addition, although interception of email is possible, it is not something that the average person could do without special skills and equipment. Further, recent federal court decisions (including the 5th Circuit) have also found that the attorney-client and work product privileges applied to email communications.
Direct email is email carried over a modem. A modem uses a regular phone line to transmit information it has converted into digital information. By using your computer modem to dial your client’s modem, then sending the email over regular phone lines, your are sending information the same way a fax is sent. As with a fax, the information cannot easily be intercepted because although regular phone lines are easily tapped, this information is in a digital form and a person cannot just eavesdrop on a conversation. Because of the difficulty in intercepting direct email, there is a reasonable expectation of privacy.
Private email systems include internal company email systems (intranet), as well as extranet systems in which one internal system directly dials another private system. The primary drawback of these systems is the possibility of messages unintentionally being sent throughout a law firm or to unintended persons in the client’s company. However, private email systems use regular phone lines and are not accessible by the public so they are as secure as direct email.
On-line service providers are third-party providers of email. Users must have a password to read and send their email However, OSPs provide email boxes for many other users which provides the possibility of misdirected email, although this is easily avoided The primary danger is that an OSP’s security measures which limit access by those outside the system, will be breached. The primary security of email provided through an OSP is the required password. An additional concern is the inspection of users’ email by the system administrators of the OSP. Federal law restricts the ability of OSP administrators to inspect users’ email to that which is necessary for the rendering of services or the protection of property or rights. In addition, the disclosure of the contents of the email inspected by the OSP system administrator is prohibited other than for the purposes outlined in the statute.
Internet email does not rely on specific on-line service providers for transmission. Internet email is transmitted over regular phone lines, although it is also routed through the software of various Internet service providers (ISPs) that serve as routers. The risk to confidentiality is from the ISPs and illegal hackers. ISPs have a legal right to inspect email passing through their networks. However, their rights are limited just as those are of the OSPs. Random monitoring of email can only be conducted for mechanical or service quality control. Internet email may be illegally intercepted by an outside hacker, or by an ISP that is not following the statute regarding their rights to monitor email, both of which are illegal. Although interception is possible, it is difficult. Most email is split up during transmission so interception would only result in the retrieval of part of a message. In addition, routes of transmission are random and there is a large volume of email, making it difficult for anyone to purposely intercept messages from or to a particular person. Despite the possibility of interception, there is a reasonable expectation of privacy with Internet email transmission, just as the risk of someone tapping your phone lines does not diminish the reasonable expectation of privacy for phone conversations.
Lawyers and their staff still must evaluate the sensitivity of the confidential information being transmitted, consult with their clients and follow their clients’ instructions regarding the best method for transmitting and protecting that information.
Ellen Lockwood, CLAS, is the Chair of the Professional Ethics Committee of the Legal Assistants Division, a position she has held since 1997. She is Treasurer of LAD and a past president of the Alamo Area Professional Legal Assistants in San Antonio.