Professional Responsibility and
Confidentiality Considerations
When Using the Internet
Mary Frances Lapidus, P.C.
© 1997 Mary Frances Lapidus
September 1997
All rights reserved.
TABLE OF CONTENTS
I. The Nature of Internet Communications
- A. Overview of Internet
- B. Security Issues
II. Ethical, Privilege and Malpractice Implications
- A. Use of Internet E-mail to Communicate With or About Clients
- 1. The Attorney-Client Privilege
- 2. The Ethical Duty to Maintain Client Confidences
- 3. Common Sense Approach
- B. Lawyer/Law Firm Web Sites
- 1. Texas Advertising Rules Apply to Internet Web Pages
- a.Key Texas Advertising Rules
- i. Specialization Disclaimers
- ii. Jurisdictional Limitations
- iii. Publication of Name of Lawyer Responsible for Content
- iv. Disclosure of Geographic Location by City of the Firm's Principal Office
- v. Derivative Pages
- vi. Maintenance of Records
- 2. Compliance with Other State's Advertising Rules
- 3. Unexpected Implications
- C. Participation in Lawyer Referral Services
- D. Giving On-Line Legal Advice
- 1. General Ethical and Malpractice Implications
- 2. Specific Ethical Considerations and Opinions
- 3. Key Texas Solicitation Rules
- E. Caveat
Professional Responsibility and
Confidentiality Considerations
When Using the Internet
Part 1
In this computer age, lawyers are finding it increasingly necessary to use Internet electronic mail ("e-mail") to respond to clients' needs with reasonable promptness and diligence. Lawyers are also beginning to realize the Internet's great potential for aiding in research, information exchange, and practice development. Many lawyers and law firms now maintain web sites on the Internet's World Wide Web ("the web"). Some lawyers even enjoy participating in on-line discussions with other users, writing articles on legal topics and posting them on the web, or even answering legal questions posted on-line by non-lawyers. A lawyer's use of the Internet, however, raises ethical, privilege, and malpractice concerns which, unfortunately, have not yet been resolved by courts and bar associations. In fact, few courts and ethics committees have dealt with issues regarding the Internet and e-mail, and even fewer have attempted to analyze the ethical and legal implications of its use by lawyers.[N.1]
I. The Nature of Internet Communications
A. Overview of Internet
In order to properly analyze the ethical, privilege, and malpractice issues raised by the lawyer's use of the Internet, it is necessary to consider the nature of Internet communications. Unfortunately, a proliferation of misconceptions exists regarding the true nature of the Internet and e-mail, and the relative security of this method of communication.
The Internet is composed of a series of interconnected networks of computers which are linked by and accessed through the telecommunications infrastructure.[N.2] In other words, the phone lines and exchanges throughout the world connect the Internet.[N.3] Thus, Internet communications are not broadcast over the airwaves, like a cellular telephone call. Instead, Internet communication are confined largely to wire and fiberoptic cables, much like a landline call.[N.4]
Unlike landline telephone communications, however, an Internet communication is not instantaneous and may pass momentarily through dozens of computers owned and operated by disparate public and private entities on its way to its final destination. [N.5] The Internet communications are temporarily resident on each of those computers and could be stored on any of them. [N.6] However, although some Internet transmissions always follow the same path, many do not. [N.7] In the latter case, packets (pieces of messages) move all over the Internet in different directions for final assembly at their ultimate destination, and no one intermediate point will handle all of them. [N.8] Essentially, any one interception point may have only a garbled collection of information, if that. [N.9]Indeed, a given point may not see any of the sought-after packets.[N.10]
B. Security Issues
Many businesses or law firms are looking at connecting to the Internet, but are concerned about the risk of being broken into by hackers, industrial spies, or other electronic miscreants. [N.11] Interestingly, however, many of these same businesses have internal networks with remote dial-in access without thinking twice about a "hacker" or "cracker" obtaining access to their business records through dial-up access. Some of these same businesses also have lax security measures with respect to physical entry to their offices and the enforcement of log-out procedures. Although connecting to public networks does increase the risk of attack, an organization without adequate security measures could still very easily be attacked via a variety of other methods including use of an unattended but logged-on computer, dial-up access to an internal network, social engineering, dumpster diving, or PBX/toll fraud. [N.12] In short, Internet security should simply be approached as part of an overall security program.
With regard to specific security measures which can be taken to reduce the risk of attack, software is available which can monitor for suspicious activity or security vulnerabilities. Security Administrator Tool for Analyzing Networks (SATAN) is one such tool which is available for probing for security vulnerabilities. SATAN not only analyzes the remote computer's weak points, but it also provides extensive documentation on the vulnerabilities identified and how to repair them.[N.13]
Another commonly used security method is a firewall. Although there are numerous types of firewalls, a firewall should generally be thought of as a gap between two networks, filled with something that lets only a few selected forms of traffic through. [N.14] Firewalls, like most security systems, are not perfect, and there is usually a trade-off between ease of use and security. When choosing a firewall do not fail to consider its effect on the users. If the firewall causes too much interruption, users will attempt to bypass the firewall and likewise compromise the firewall's effectiveness.[N.15]
If an organization desires to maintain an Internet connection but does not have the technical expertise to develop and implement these security measures, or perhaps would just prefer not to devote time to these tasks, consultants are readily available that can analyze an organization's security needs and implement a comprehensive security program. Alternatively, some organizations prefer simply to have their Internet web site maintained separate and apart from their network, and often offsite at a service provider's facility.
Finally, it is important to recognize that, at the same time an organization implements a security program that continues to use the most modern technological advances available to increase the security of the organization and its communications, methods for surreptitiously obtaining access to such communications will also continue to gain in sophistication. [N.16] Moreover, despite the security measures implemented by an organization at its Internet connection, if an organization communicates over the Internet, further security concerns arise that are, for the most part, not within the organization's control. Because Internet communications may pass through dozens of computers, are temporarily resident on each of those computers, and can be stored on any of them, each computer through which a communication passes may be a source of exposure. [N.17]
Although the sender of an Internet communication may attempt to lower the risk of exposure by choosing a reputable Internet service provider, the sender still has little control over its "route" or the security of the other computers through which the communication passes once it leaves the Internet service provider. [N.18]
Each of the system administrators along the communication's path typically has easy access to all communications transmitted through their computer networks. [N.19] Moreover, "sniffer" programs are also commonly available that allow other knowledgeable persons to capture e-mail and other information as it passes through a computer or computer network. [N.20] These programs, once installed, will accept data passing through the computer regardless of the address to which the information is addressed. [N.21] The sniffer software can be programmed to select data coming from, or intended for, a specific machine or machines. [N.22] Once the data is received, it is downloaded onto the sniffer's hard drive and is available in its original form. [N.23] Perhaps the most frightening thing about sniffer software is that no password is required to steal the transmitted data. [N.24] Additionally, the sender may never know when or where sniffing has occurred. [N.25]
Fortunately, the use of "sniffer" programs is generally confined to those who are technologically advanced. [N.26] Moreover, the sniffer software has to be operating at the proper time and place to capture transmitted data. Because the data in transit may be present in the sniffer's computer for only microseconds, it may prove difficult to obtain the information using sniffer software. [N.27] In addition, encryption software is available which uses an electronic lock and key technology that scrambles messages so that, theoretically, messages are unreadable to the sniffer, or anyone else, except the intended recipient of the message.
Another potential method in which data transmitted over the Internet can be surreptitiously obtained, and possibly altered or even deleted, is referred to as "spoofing." [N.28] When data is sent via the Internet, it is preceded by a header which contains the address of the sender, the recipient, as well as other information required to keep the communications organized and reliable. [N.29] Spoofing involves using the recipient's address and the header in order to configure the spoofing machine to emulate the recipient's machine. [N.30] Thus, when data comes along the network that is intended for the actual recipient, the spoofer receives it and automatically sends a packet to the sender which makes the sender believe that the message was properly received. [N.31] In fact, the spoofer can read the e-mail, concoct a reply, and send it back to the unsuspecting sender who is unaware he is communicating with an impostor. [N.32] Additionally, the spoofer can alter the original e-mail and relay it on to the intended recipient without evidence of its alteration. [N.33]
Fortunately, spoofing requires even greater technical expertise than sniffing, and a significant investment of time and energy. Moreover, some encryption software has the capability of electronically "signing" e-mail messages so that the signature is authenticable. [N.34] This signing technique provides substantial certainty that any message received was transmitted by the individual purporting to have sent it. [N.35] Further, some encryption software can scramble the packet header information so that it is impractical to spoof the message at all. [N.36]
Despite the fact that each computer through which the e-mail passes could be a potential source of exposure from hackers, sniffers, spoofers or other electronic miscreants, it is important to remember that each of these computers may handle thousands (even millions) of messages per day among thousands of different persons and entities. [N.37] Moreover, any one interception point may have only a garbled collection of information. [N.38] As stated by Attorneys Liability Assurance Society (ALAS), a Chicago insurer of major law firms, "[t]o identify one of the relevant computers over which an e-mail message will pass and then locate, isolate, and capture a particular message would take a substantial investment in time and money -- not to mention personnel who are both technically proficient and willing to violate the law." [N.39]
Unknown to many, Title 18 of the United States Code now makes it a federal crime to intercept Internet and other wireless communications -- including e-mail while in transit, when stored, or after receipt. [N.40] Moreover, it is illegal to intercept e-mail under Texas state law as well. [N.41]
Although the interception of Internet communications is now a crime, lawyers, courts, and ethics committees are still struggling with the implications of a lawyer's use of this modern, efficient, but arguably less secure method of communication.
II. Ethical, Privilege and Malpractice Implications
A. Use of Internet E-mail to Communicate With or About Clients
1. The Attorney-Client Privilege
One of the most frequently raised concerns implicated by a lawyer's use of e-mail is whether e-mail communications between attorneys and clients are protected by the attorney-client privilege. As is well known, the disclosure of an attorney-client communication to a third person, or the presence of a third person when an attorney-client communication takes place, may indicate that the communication was not intended to be truly confidential and may waive the attorney-client privilege. Thus, the question becomes whether the attorney-client privilege has been waived when information between the attorney and client is obtained by a third person over the Internet either inadvertently, or through illegal means.
At the time of this writing, no cases could be located that discuss whether the unauthorized interception of an e-mail communication between an attorney and client constitutes a waiver of the attorney-client privilege. A military court, however, recently held that the sender of e-mail messages had a limited expectation of privacy with regard to messages to other subscribers of a private on-line service, America On-Line, and at least one ethics committee has relied in part on this decision to find a reasonable expectation of privacy in e-mail communications. [N.42] The military court compared an e-mail transmission to a letter providing the sender with a reasonable expectation of privacy that the initial transmission would not be intercepted by the police. [N.43] Furthermore, the court noted that the fact that an unauthorized "hacker" might intercept an e-mail message does not diminish the legitimate expectation of privacy in any way. [N.44]
However, the court also noted that while a user of an e-mail network might enjoy a reasonable expectation that his or her e-mail will not be revealed to police, there is the risk that an employee or other person with direct access to the network service will access the e-mail, despite any company policies to the contrary. [N.45] According to the court, "one always bears the risk that a recipient of an e-mail message will redistribute the e-mail or an employee of the company will read e-mail against company policy." [N.46]
The court ultimately held that expectations of privacy in e-mail transmissions depend in large part on the type of e-mail involved and the intended recipient. [N.47] Not surprisingly, messages sent to the public at large in a chat room were held to lose their privacy. However, the court also found e-mail that is "forwarded" from correspondent to correspondent "loses any semblance of privacy". [N.48] According to the court, once the transmissions are sent out to more and more subscribers, the subsequent expectation of privacy incrementally diminishes.
Because the case involved a private on-line service and e-mail messages that had already arrived at their destination, rather than Internet e-mail that was in transit, it may be distinguishable on its facts. Moreover, the facts may prove to be particularly important in light of the court's analysis regarding the diminishing expectations of privacy.
Although this court compared e-mail to a letter, the temptation to inappropriately compare e-mail to portable telephone communications may prove irresistible to other courts or ethics committees, despite the substantial and significant differences in the communications mediums. Should courts begin to analogize e-mail communications to portable telephone conversations, the results are unpredictable.
In the past, a number of courts held that communications conducted through cordless telephones were not subject to a reasonable expectation of privacy for Fourth Amendment purposes. [N.49] These decisions were premised in part upon the arguably greater likelihood such calls might be intercepted when compared to traditional telephone calls and in part upon the lack of statutory prohibitions against the interception of such calls. [N.50] Similarly, at least one court found no reasonable expectation of privacy in cellular telephone conversations, although again, the interception of cellular telephone conversations was not a crime at the time of the interception at issue. [N.51]
There have been contrary judicial decisions, however. [N.52] Significantly, even before federal law was amended to prohibit the interception of cordless telephone calls, the Fifth Circuit held that the expectation of privacy was still relevant to the Fourth Amendment analysis of an intercepted cordless telephone call. [N.53] The Fifth Circuit recognized that, with improved technology, there now may be a reasonable expectation of privacy in cordless telephone conversations. According to the Fifth Circuit, "[c]ourts should bear in mind that the issue is not whether it is conceivable that someone could eavesdrop on a conversation but whether it is reasonable to expect privacy." [N.54]
Despite the diversity of opinions regarding the expectation of privacy in portable telephone calls and the lack of authority with regard to the expectation of privacy in e-mail communications, contemporary ethics committees and commentators opine that because federal law now makes it a crime to intercept portable telephone calls and e-mail, the interception of such communications should not result in a waiver of the attorney-client privilege. [N.55] Some argue that federal law itself provides the conclusive answer in that Congress specifically provided "[n]o otherwise privileged wire, oral or electronic communication intercepted in accordance with, or in violation of, the provisions of this chapter shall lose its privileged character." [N.56] Moreover, federal law also provides that intentionally intercepted cordless telephone calls cannot be introduced in evidence even if they are not otherwise subject to any claim of privilege. [N.57] At least one state bar association has proposed legislation that would make it clear that privileged communications transmitted electronically would not lose their privileged character. [N.58]
Other commentators believe the answer to the privilege issue may depend, at least in part, on whether the disclosure is viewed as "intentional" or "inadvertent." [N.59] At least one case supports the argument that disclosures through the interception of portable telephone calls, and probably e-mail, would be inadvertent. [N.60] Although courts disagree to some extent, an inadvertent disclosure often does not result in the waiver of the attorney-client privilege. [N.61]
Texas and the Fifth Circuit follow the majority of jurisdictions which consider the circumstances surrounding the disclosure and determine on a case-by-case basis whether an inadvertent disclosure waives the attorney-client privilege. [N.62] One of the factors the courts consider is how careful the client and the lawyer were in attempting to preserve the confidentiality of the communication. [N.63] No one knows whether a court will consider the use of a portable telephone or unencrypted e-mail as indicative of a lack of the requisite care.
2. The Ethical Duty to Maintain Client Confidences
The most frequently-raised ethical implication of a lawyer's use of modern methods of communication, such as the Internet and e-mail, is the lawyer's duty to maintain client confidences. Model Rule of Professional Conduct 1.6 precludes a lawyer from disclosing "information relating to representation of a client unless the client consents after consultation." DR 4-101 of the Model Code of Professional Responsibility prohibits the lawyer from "knowingly" revealing information protected by the attorney-client privilege and other information gained in the professional relationship that might embarrass or be detrimental to the client or that the client wants to remain secret.
Similarly, Texas Disciplinary Rule of Professional Conduct 1.05 dictates that a lawyer shall not "knowingly" reveal privileged information or any information relating to a client or furnished by a client, without the client's express authorization, except to the client, the client's representatives, or the members, associates, and employees of the lawyer's firm. Unprivileged client information may also be revealed by the lawyer when impliedly authorized in order to carry out the representation, or when the lawyer has reason to believe it is necessary to do so in order to carry out the representation effectively.
The general duty of confidentiality described above arises even before the actual employment of the lawyer. Confidential information disclosed to the lawyer by a potential client in discussions before any actual employment is nonetheless protected by the ethical obligation. [N.64] Further, unless the client specifies otherwise, the lawyer may properly discuss the client's affairs with co-counsel. [N.65] The lawyer also may make disclosures to support staff as reasonably required. [N.66] Limited information may even be given to persons outside the firm if it reasonably required for purposes of the representation and the client does not object. Although those duties seem relatively clear, their application to the Internet and e-mail communication is not yet certain.
Do lawyers violate these rules by communicating with or about clients by e-mail? Neither the Texas Bar Association nor the American Bar Association have issued any ethics opinions addressing the implications of a lawyer's use of electronic mediums to communicate with or about clients.
In fact, only a handful of bar ethics committees have issued opinions addressing the ethical implications of a lawyer's use of e-mail to communicate with or about clients and their opinions vary significantly. [N.67] Last year, the Iowa Bar Association issued an opinion regarding an Iowa firm's use of e-mail. Initially, it advised that all e-mail to clients involving "sensitive material" should be encrypted. [N.68] After reconsideration, however, the bar association advised that, when counsel transmits sensitive material via e-mail, counsel must first obtain written acknowledgment from the client of the risk of the revelations of confidences in violation of the ethical rules and the client's consent to communicate via the Internet or non-secure Intranet or other forms of proprietary networks. [N.69] Otherwise, the communication must be encrypted or protected by a password, firewall, or other generally accepted equivalent security system. [N.70]
Another ethics opinion issued by the North Carolina Bar Association analogized e-mail to portable telephone communications. [N.71] The North Carolina Bar opinion required that lawyers take the same precautions required to protect client confidentiality when communicating via a cellular or cordless telephone. [N.72] Specifically, the lawyer communicating with or about a client via e-mail must first select the mode of communications that, in light of the exigencies of the existing circumstances, would best maintain any confidential information that might be conveyed in the communication. [N.73] Second, the lawyer must advise the other parties to the communication of the risk of interception and the potential for confidentiality to be lost. [N.74]
Fortunately, several more recent ethics opinions provide that lawyers may ethically communicate with clients via unencrypted e-mail. [N.75] The Illinois Bar Association recently issued a most encouraging ethics opinion which correctly distinguished between e-mail and portable telephone communications. [N.76] The Illinois opinion unequivocally concluded that a lawyer does not violate the ethical duty to maintain client confidentiality by communicating with a client using unencrypted e-mail because (1) the expectation of privacy for e-mail is no less reasonable than the expectation of privacy for ordinary telephone calls; and (2) the unauthorized interception of e-mail is illegal. [N.77] The Illinois opinion also concluded that it is not necessary for the lawyer to seek specific client consent to the use of unencrypted e-mail. [N.78] The Illinois opinion recognized that there may be unusual circumstances involving an extraordinarily sensitive matter that might require enhanced security measures like encryption. [N.79] According to the Illinois opinion, however, these situations would be of the nature that ordinary telephones and other normal means of communication would also be deemed inadequate. [N.80]
The South Carolina Bar Association, which had initially cautioned lawyers that, "unless certainty can be obtained regarding the confidentiality of communications via electronic media, [ ] representation of a client, or communication with a client, via electronic media, may violate Rule 1.6, absent an express waiver by the client," recently revisited the issue. [N.81] The new South Carolina opinion clarifies that the "certainty" required is only a reasonable expectation of privacy. [N.82] According to the new South Carolina opinion, there now exists a reasonable expectation of privacy in e-mail communications, created by improvements in technology and changes in the law. [N.83] The new South Carolina opinion cites the Illinois opinion and, for the same reasons (expectation of privacy and illegality of interception), concludes that the use of e-mail is proper under Rule 1.6. [N.84] However, the South Carolina opinion still notes that a lawyer should discuss with a client such options as encryption in order to safeguard against even inadvertent disclosure of sensitive or privileged information when using e-mail. [N.85] Similarly, a recent Vermont ethics opinion concurs with the Illinois opinion and adopts its reasoning and sources. [N.86]
Finally, even though the Arizona State Bar Association opined that lawyers may ethically communicate with clients via unencrypted e-mail, the Arizona opinion still suggested that it is preferable to protect attorney-client communications to the extent practical, noting that lawyers may want to have e-mail encrypted. [N.87]
3. Common Sense Approach
In light of the lack of authority and the ethical uncertainties regarding an attorney's use of Internet e-mail to communicate with and about clients, a lawyer should simply use good common sense. Even though ALAS has opined that lawyers may ethically communicate with or about clients on portable telephones and on the Internet without encryption, and that an unauthorized interception of such communications should not trigger a waiver of the attorney-client privilege, ALAS still urged lawyers to exercise caution and warn clients of the potential risks. [N.88] However, ALAS warned that courts and ethics committees that have not yet considered Internet communications may be "tempted to bypass a careful analysis and simply hold that unencrypted Internet messages either violate ethics rules on confidentiality or waive the privilege." [N.89] According to ALAS, such a court ruling or ethics opinion, however inappropriate, could lead to malpractice liability. [N.90]
In fact, in the short time since ALAS issued its opinion on Internet communications a handful of ethics opinions which vary significantly in their conclusions have already been rendered. [N.91] Therefore, a lawyer would be wise to follow ALAS' advice and warn clients of the potential risks, including the risk a court or ethics committee could hold that unencrypted Internet messages or portable telephone communications violate either ethics rules on confidentiality or waive the attorney-client privilege. Preferably, the client's informed consent to the use of unencrypted e-mail should be obtained and acknowledged in a letter.
In addition to warning clients of the potential risks, the lawyer may consider using encryption and discuss this with the client. If lawyers use an encryption program like PGP (Pretty Good Privacy), or its commercial equivalent, e-mail which is already relatively secure, becomes even more secure. Many believe only a "Kremlin cryptologist" could read encrypted e-mail, should it be intercepted or misdirected. [N.92] Whether encryption is necessary, however, should be a business decision based upon common-sense, rather than one based on fear of losing the privilege or fear that "someone, somewhere" will intercept the communication otherwise. [N.93] Remember, not even landline telephone calls are completely secure.
Because the risk of interception of e-mail is relatively low, unencrypted Internet e-mail is probably secure enough for the vast majority of messages most attorneys will send or receive. [N.94] On the other hand, some matters are so important or sensitive that any threat of interception must be avoided. [N.95] Accordingly, depending upon the nature of the communication and the circumstances of a particular case, the use of PGP or a similar encryption program may be desirable to secure sensitive e-mail messages.
Although encryption technology is readily available, it is not widely used at this time. Currently, its use adds some inconvenience to sending an e-mail message and only a few clients of unusual technical sophistication will be comfortable with its use. However, technology is rapidly advancing. E-mail client programs have been developed which have built-in encryption. [N.96] In addition, standards are being developed which will allow for the exchange of encrypted e-mail regardless of the computer, operating system or applications being used by the communicating parties. [N.97] At some point in the not-so-distant future, a lawyer who does not use encryption may be deemed not to have tried to preserve the client's confidences and, consequently, not protected the client's interests. [N.98] As part of becoming more computer literate, lawyers and their clients should learn how to use encryption software, and use it where appropriate.
NOTES:
N.1: See United States v. Maxwell, 45 M.J. 406 (U.S. Ct. App. for the Armed Forces 1996); Ill. State Bar Ass'n Op. No. 96-10 (May 16, 1997); Ariz. Advisory Op. 97-04 (April 7, 1997); Iowa Ethics Op. 96-1 (Aug. 29, 1996); N.C. RPC No. 215 (April 13, 1995); S.C. Ethics Op. 97-08 (June 1997); Tenn. Ethics Op. 95-A-570 (1995)(unpublished); Vt. Ethics Op. 97-5 (1997). [Return to text]
N.2: Albert Gidari, Privilege and Confidentiality in Cyberspace (available on the Internet at (http://www.perkinscoie.com/pracarca/internet/priv.htm).[Return to text]
N.3: Id. [Return to text]
N.4: Interview with Michael Batchelder, Systems Administrator, Earth, Atmospheric & Planetary Sciences Department of Massachusetts Institute of Technology, Cambridge, Massachusetts (July 1996). See also Gidari, supra note 2; Jones, Client Confidentiality: A Lawyers Duties with Regard to Internet E-Mail (August 16, 1995)(available onthe Internet at http://www.kueslerlaw.com/netethics/bjones.htm). [Return to text]
N.5: Id.; see also Freivogel, Communicating with or About Clients on the Internet: Legal, Ethical, and Liability Concerns, ALAS Loss Prevention J. 17, 18 (Jan. 1996). [Return to text]
N.6: Batchelder, supra note 4. See also Gidari, supra note 2; Jones, supra note 4. [Return to text]
N.7: Freivogel, Internet Communications - Part II: A Larger Perspective, ALAS Loss Prevention J. 2, 3 (Jan. 1997)(hereinafter "Freivogel II"). [Return to text]
N.8: Id. [Return to text]
N.9: Id. [Return to text]
N.10: Id. [Return to text]
N.11: Marcus J. Ranum, How to pick an Internet Firewall (available on the Internet at http://www.v-one.com/newpages/fwpick.html). [Return to text]
N.12: Id. [Return to text]
N.13: See Jones, supra note 4 for a more detailed discussion of SATAN. [Return to text]
N.14: See Ranum, supra note 11 for a more detailed discussion of firewalls. [Return to text]
N.15: Id. [Return to text]
N.16: See Ariz. Ethics Op. No. 95-11 (Dec. 6, 1995); N.Y.C. Ass'n B. Comm. Prof. Jud. Eth., Formal Op. No. 1994-11 (Oct. 21, 1994). [Return to text]
N.17: But see text accompanying notes 7-10, supra.
[Return to text]
N.18: Batchelder, supra note 4; but see text accompanying notes 7-10, supra. [Return to text]
N.19: Id. See also Jones, supra note 4; Gidari, supra note 2. [Return to text]
N.20: Jones, supra note 4. [Return to text]
N.21: Id. [Return to text]
N.22: Id. [Return to text]
N.23: Id. [Return to text]
N.24: Id. [Return to text]
N.25: Id. [Return to text]
N.26: Id. [Return to text]
N.27: See Id. [Return to text]
N.28: Id. [Return to text]
N.29: Jones, supra note 4. [Return to text]
N.30: Id. [Return to text]
N.31: Id. [Return to text]
N.32: Id. [Return to text]
N.33: Id. [Return to text]
N.34: Id. [Return to text]
N.35: Id. [Return to text]
N.36: Id. [Return to text]
N.37: Freivogel, ALAS Loss Prevention J. at 18. [Return to text]
N.38: Freivogel II, supra note 7. [Return to text]
N.39: Freivogel, ALAS Loss Prevention J. at 18. [Return to text]
N.40: 18 U.S.C. §§ 2511(1)(a)(c); 2701(a)(1)(2). Congress extended the federal prohibition against interception to computer networks and cellular telephones in 1986 when it enacted the Electronic Communication Privacy Act, which amended the Wiretap Act, and further extended the federal prohibition to cover cordless telephones in 1994. 18 U.S.C. §2701(a)(1)(2). [Return to text]
N.41: See Tex. Crim. Proc. Code Ann. § 18.20(1), (2), (3), (15)(a), (b) (Vernon Supp. 1996); Tex. Penal Code Ann. §16.02(b)(1) (Vernon 1994). [Return to text]
N.42: United States v. Maxwell, 45 M.J. 406 (U.S. Ct. App. for the Armed Forces 1996); S.C. Ethics Op. 97-08 (June 1997). [Return to text]
N.43: United States v. Maxwell, 45 M.J. at 406.
[Return to text]
N.44: Id. [Return to text]
N.45: Id. [Return to text]
N.46: Id. [Return to text]
N.47: Id. [Return to text]
N.48: Id. [Return to text]
N.49: See, e.g., In re Askin, 47 F.3d 100, 103-04 (4th Cir. 1995); McKarney v. Roach, 55 F.2d 1236, 1238-39 (6th Cir. 1995); Tyler v. Berodt, 877 F.2d 705, 706 (8th Cir. 1989), cert. denied 493 U.S. 1022 (1990); State v. Carston, 891 P.2d 1366, rev. granted, 321 Or. 396 (Or. 1995); State v. DeJaurier, 488 A.2d 688, 694 (R.I. 1985); State v. Smith, 438 N.W.2d 571, 575-76 (Wis. 1989). [Return to text]
N.50: Id. [Return to text]
N.51: Edwards v. Bardwell, 632 F. Supp. 584 (M.D. La. 1986). [Return to text]
N.52:See, e.g., United States v. Smith, 978 F.2d 171, 180 (5th Cir. 1992), cert. denied, 113 S. Ct. 1620 (1993) (with improved technology, there may now be reasonable expectation of privacy for Fourth Amendment purposes); People v. Stevens, 40 Cal. Rptr 2d 92, 96 (Cal. Ct. App. 1995) (upholding, against challenge based on claim of federal pre-emption, criminal conviction of defendant who intentionally intercepted cordless telephone conversations); State v. McVeigh, 620 A.2d 133 (Conn. 1993) (upholding state law prohibition against unlawful interception of cordless telephone conversations and suppressing cordless telephone conversations); State v. Mozo, 655 So. 2d 1115 (Fla. 1995)(same); State v. Bidinost, 644 N.E.2d 318 (Ohio 1994) (upholding, in dicta, state law prohibition against unlawful interception of cordless telephone conversations but finding harmless error); State v. Baford, 910 P.2d 447 (Wash. 1996) (excluding, under state law, evidence obtained by policy as result of private citizen's illegal monitoring of cordless telephone calls). [Return to text]
N.53: United States v. Smith, 978 F.2d at 80.[Return to text]
N.54: Id. at 179.[Return to text]
N.55: Ariz. Ethics Op. No. 95-11 (Dec. 6, 1995); N.Y.C. Ass'n B. Comm. Prof. Jud. Eth. Formal Op. No. 1994-11 (October 21, 1994); Freivogel, Cellular and Cordless Telephones -- Privilege Confidentially and Liability, ALAS Loss Prevention J. 7 (May 1997) (hereinafter "Freivogel III"); Rogers, Ethics, Malpractice Concerns Cloud E-Mail, On-Line Advice, 12 Law. Man. Prof. Conduct 59, 61 (1996); Staib, How to Avoid Cellular Malpractice, Vol. 20, No. 5, ABA Litigation Section Litigation News at 9 (1995). See also Washington State Bar Ass'n Op. 91-1; In re Askin, 47 F.3d 100 (4th Cir. 1995) (holding that warrantless interception of cordless telephone conversations did not violate federal wiretap statute or Fourth Amendment, but noting that wiretap statute had been amended subsequently to safeguard privacy of such conversations). see also Ill. State Bar Ass'n Op. No. 96-10 (May 16, 1997)(finding that Congress intended that Internet messages should be considered privileged communications, but curiously distinguishing portable telephone transmissions which are also covered by the wiretap statute implying that while portable telephone communications may be privileged a lawyer may not ethically communicate using portable telephones without advising the client of the risk of interception); S.C. Ethics Op. 97-08 (1997)(unclear whether portable telephone communications are privileged or whether a lawyer may ethically communicate via portable telephone). [Return to text]
N.56: Gidari, supra note 2, citing 18 U.S.C. § 2517(4) (Supp. 1996). [Return to text]
N.57: Gidari, supra note 2, citing 18 U.S.C.§ 2515 (1970). [Return to text]
N.58: New York State Bar Ass'n, CPLR 4547 (Jan. 24, 1997). [Return to text]
N.59: Rogers, supra note 55, at 61. [Return to text]
N.60: See Schubert v. Metrophone (3d Cir. 1990)(holding in a different context that the act of transmitting cellular phone messages was not an intentional divulgence of the communications' content). [Return to text]
N.61: Rogers, supra note 55, at 61, citing ABA Formal Ethics Op. 92-368, Law. Man. Prof. Conduct 1001:155 (1992). [Return to text]
N.62: Alldread v. City of Grenada, 988 F.2d 1425 (5th Cir. 1993); Granada Corp. v. First Court of Appeals, 844 S.W.2d 223 (Tex. 1992). [Return to text]
N.63: Alldread, 988 F.2 at 1433-34; Granada Corp., 844 S.W.2d at 221; Rogers, supra note 55, at 61. See also Bank Brussels Lambert v. Credit Lymnais (Suisse) S.A., 160 F.R.D. 437 (S.D.N.Y. 1995) (discussion of circumstances under which waiver should or should not be implied from the inadvertent disclosure of otherwise privileged material). [Return to text]
N.64: Model Code of Professional Responsibility EC 4-1 (1981). [Return to text]
N.65: Model Rules of Professional Conduct Rule 1.6 cmt (1983). [Return to text]
N.66: Id. [Return to text]
N.67: Vt. Ethics Op. 97-5 (1997); S.C. Ethics Op. 97-08 (June 1997); Ill. State Bar Ass'n Op. No. 96-10 (May 16, 1997); Ariz. Advisory Op. 97-04 (April 7, 1997); Iowa Ethics Op. 96-1 (Aug. 29, 1996); N.C. RPC No. 215 (April 13, 1995). [Return to text]
N.68: Iowa Ethics Op.95-30 (May 16, 1996). [Return to text]
N.69: Iowa Ethics Op. 96-1 (Aug. 29, 1996).
[Return to text]
N.70: Id. [Return to text]
N.71: N.C. RPC No. 215 (April 13, 1995). [Return to text]
N.72: Id. [Return to text]
N.73: Id. [Return to text]
N.74: Id. [Return to text]
N.75: Vt. Ethics Op. 97-5 (1997); S.C. Ethics Op. 97-08 (June 1997). Ill. State Bar Ass'n Op. No. 96-10 (May 16, 1997); Ariz. Advisory Op. 97-04 (April 7, 1997). [Return to text]
N.76: Ill. State Bar Assın Op. No. 96-10 (May 16, 1997). [Return to text]
N.77: Id. [Return to text]
N.78: Id. [Return to text]
N.79: Id. [Return to text]
N.80: Id. [Return to text]
N.81: S. C. Ethics Op. 94-27, 11 Law. Man. Prof. Conduct 67 (1995)(emphasis added); S.C. Ethics Op. 97-08 (June 1997). [Return to text]
N.82: S.C. Ethics Op. 97-08 (June 1997). [Return to text]
N.83: Id. [Return to text]
N.84: Id. [Return to text]
N.85: Id. [Return to text]
N.86: Vt. Ethics Op. 97-5 (1997). [Return to text]
N.87: Ariz. Advisory Op. 97-04 (April 7, 1997). [Return to text]
N.88: Freivogel, ALAS Loss Prevention J., at 19; Freivogel III, at 7. [Return to text]
N.89: Freivogel, ALAS Loss Prevention J., at 19. [Return to text]
N.90: Id. [Return to text]
N.91: See Vt. Ethics Op. 97-5 (1997); S.C. Ethics Op. 97-08 (June 1997); Ill. State Bar Ass'n Op. No. 96-10 (May 16, 1997); Ariz. Advisory Op. 97-04 (April 7, 1997); Iowa Ethics Op. 96-1 (Aug. 29, 1996); N.C. RPC No. 215 (April 13, 1995) [Return to text]
N.92: 12 Law. Man. Prof. Conduct 198 (quoting Peter B. Bensinger, Jr. of Barlit, Beck, Herman, Pafennar & Scott, Chicago, speaker at ABA 22nd National Conference on Professional Responsibility). [Return to text]
N.93: See Gidari, supra note 2. [Return to text]
N.94: See Lawson, An Encryption Preview for Attorneys, included in Lawyers on Line: A Guide to Using the Internet, a 1995 Virginia CLE publication; Interview with Michael Batchelder, supra note 4.
[Return to text]
N.95: Freivogel, ALAS Loss Prevention J. at 19. [Return to text]
N.96: For example, PGP, Inc., makers of Pretty Good Privacy encryption software, have recently teamed together with Qualcomm, makers of the popular e-mail program Eudora, to create an e-mail client program that allows for simple point-and-click encryption. See press release available at PGP's web site: http://www.pgp.com. See also the e-mail client program included in Netscape Communicator 4.0. [Return to text]
N.97: There are several competing standards in use at this time, one of which is PGP/MIME, which Eudora uses. Several incompatible versions of the S/MIME are in use, one by Netscape's Communication 4.0. However, the Internet Engineering Task Force ("IETF") has not yet sanctioned any of the S/MIME versions. [Return to text]
N.98: See Rogers, supra note 55, at 63 (quoting Charles Merrill, a partner with McCarter & English, Newark, N.J.). [Return to text]
|
