By Michael L. Graham, Esq.
Your law firm email is secure, right? If it were not, you would have issues with your state’s ethical rules requiring you to keep client confidences. As a summary and guide for the multiple state ethical rules, ABA Model Rule of Professional Conduct §1.6(a) provides:
A lawyer shall not reveal information relating to the representation of a client unless the client gives informed consent, the disclosure is impliedly authorized in order to carry out the representation or the disclosure is permitted by paragraph (b).
Carrying this focus further, §1.6(c), provides:
A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.
First, are your laptop and desktop computers password protected, do they have locators on them so that they can be tracked if lost, and do they contain remotely activated erase software so that one can remotely erase the hard drive if someone tries to connect a stolen laptop to the internet? Is this important? ABA Formal Opinion 477R (revised May 22, 2017) tells us:
A lawyer generally may transmit information relating to the representation of a client over the internet without violating the Model Rules of Professional Conduct where the lawyer has undertaken reasonable efforts to prevent inadvertent or unauthorized access.
Before moving to the main focus of this short piece, let me recommend that each of the readers click on the hyperlink above and actually read Formal Opinion 477R. It is great reading, including a thoughtful focus upon what we can and cannot do to protect our client’s confidential information.
The truth is, your email, sent and received, is read numerous times by strangers, or programs designed by strangers, and we are all grateful for that. How else does an email system know whether an email is spam, or when an email contains a virus? One of the great advances in email has been for the filtering to be done at the provider level to identify spam and virus laden email. You want it done at that level. After all, who has the most up to date knowledge on how to identify and block such emails, coming at you at a breathtaking pace? But of course, this means that you have knowingly and intentionally given Microsoft Exchange, Google Business, Yahoo, AOL and other email providers permission that you may or may not have read.
And perhaps the right response is, “So What?” Who cares if a machine, a computer somewhere, reads my email and decides whether it contains spam. But the point is, you have intentionally given complete access to an entity having no ethical duty to maintain your client confidences. Have you done your due diligence and read the EULA (End User License Agreement) for your email provider? To what have you agreed? Do you know if the Terms of Service for a standard gmail account ([email protected]) and a Google Business Services account have the same restrictions and grants of rights? One is a free service, one is a paid service. What do you get in terms of assurances?
Two major players in the business world are Google Business and Microsoft Exchange. Even though our emails may read [email protected], they wind their way across, and are hosted, sorted, and stored on usually a Microsoft Exchange server or Google email server farm, either inside or outside the US.
Our automated systems analyze your content (including emails) to provide you personally relevant product features, such as customized search results, tailored advertising, and spam and malware detection. This analysis occurs as the content is sent, received, and when it is stored.
Ah, but you may say, well sure. I knew about the spam and malware detection. But I am not sure I like it reading my email to direct my future search results. Aren’t email and internet searches separate? Of course not.
When you upload, submit, store, send or receive content to or through our Services, you give Google (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content.
In context, provisions like this allow Google to provide services like instant language translation. However, read out of context, one has given Google a license to publish, publicly display, (Google choses to omit the Oxford comma) and distribute such content. Out of context, they are truly troubling.
It is hard for any ethics committee to apply and even grasp the constant refinement and sophistication of artificial intelligence (AI) as applied to email. As one example, Texas Opinion 648, considers the use of email and the lawyer’s ethical duty to protect client confidences. However, the rationale of the opinion is that email is not inherently more revealing that standard US Postal mail. Of course it is. Much more open, and much more revealing.
Equally interesting, I challenge each of you to go look carefully at your state’s ethics opinions. You may find that the opinions relating to the use of email equate the chance of unauthorized use and reading of email with the possibility that a commercial copy machine operator will read the documents you are giving them to copy. Perhaps, but it is different, since you don’t give copy machine operators express permission to read and analyze your documents.
We could end on that note. And I will give you a hint, that reading the Terms of Service of Google’s Business Service email is far more comforting than the Terms of Service for a free Gmail account. However, it is worth considering that the level of AI being applied to email is constantly ramping up and becoming more and more sophisticated.
Google Business Service (the Google version of Microsoft Exchange and Microsoft Office) now suggest answers to emails that I receive. Yes, it reads the email and suggests answers. I believe it is beginning to mimic my style of writing in suggesting those answers. It reads my incoming email, and then suggests several answers in little circles at the bottom so that I won’t have to take the time to type an answer to the email requesting a meeting at such and such time. It suggests answers now such as “fine, see you then” or “I cannot do that.” If it is not already doing so, it will soon be reading my calendar automatically to see if I have a conflict. The point is that while this is incredibly helpful, it comes at a price in terms of perceived privacy and confidentiality.
Back to the original question. Are we protecting client confidences, as required in ABA Model Rules of Professional Conduct §1.6? Are we reading the EULA, seeing if there are differences in a free Yahoo or Gmail account versus a paid account service such as Microsoft Exchange or Google Business Services? Should our engagement letters contain an express consent by the client for us to use email for correspondence and specify the email the client has authorized for use?
Michael L. Graham, CEO & Co-Author of Wealth Transfer Planning™
I believe the work we are doing at InterActive Legal will last beyond my lifetime. Steve Jobs is quoted as saying that he wanted to "make a dent in the universe." While InterActive Legal may not be Apple (yet), I understand Jobs' desire to make a lasting impact.
We are at the threshold of massive change in almost every aspect of the practice of law. Technology, artificial intelligence, big data, and intelligence assistance are our daily fare. We understand our client's need for a flexible, intuitive platform with absolute excellence in function and design. Our partnership with IBM Watson, and our development of an IBM Watson application for seniors, gives us a unique perspective on the future of the practice of law and it is thrilling.
Our commitment is to serve and is evident in everything we do. From personalized online training to specialized CLE to annual symposiums with blockbuster lineups, we serve those who serve. This commitment was established by our founder, Jonathan Blattmachr, and continues today at each and every level of our company.
Now I would like to add a bit of provenance to this biography. I have been continuously Board Certified in Estate Planning and Probate by the Texas Board of Legal Specialization for 40 years. At the tender age of 30, I became a full partner in one of the largest, most respected law firms in the US, Baker & Botts. I was honored by the invitation to become a Fellow of the American College of Trust and Estate Counsel at age 34, and later to have been chosen to be an Academician of the International Academy of Trust and Estate Lawyers. I strongly believe that every lawyer must give back to the practice of law. I have served as Chair of the Texas Bar Association's Real Property, Probate and Trust Law Section, the Houston Bar Association's Probate Section, and the Dallas Bar Association's Probate Section. Other professional contributions include Supervisory Council Member of the American Bar Association's Real Property, Probate and Trust Law Section and President of the Texas Academy of Probate and Trust Lawyers.
It is my personal mission to provide excellence in the practice of law and best practices for other attorneys. I am fortunate to have the opportunity to work at and achieve these goals through my practice at Graham Law Firm and at InterActive Legal. This calling, involving my personal practice of faith through the recognition, respect, and love of others, is my heritage and passion. In my current law practice, which coexists with my service to InterActive Legal, I limit my focus to matters involving business and estate planning, administration of estates and trusts, and fiduciary based litigation. I have practiced at both large, international firms and small boutique firms over the last 44 years. I received my J.D., cum laude, from Baylor School of Law (1972), and my BBA from Baylor University (1971). I loved law school, and I love the law.