April 26, 2012
Please answer this one question!
Hint: If you think you need to ask IT, the answer is no.
Earlier this week I got into a bit of a tiff with another writer about whether lawyers should be to encrypting their email to meet their ethical obligations. The writer works for Zix Corporation, an encryption service company, and his article was published by Attorney at Work, who often publishes information about new technologies provided by the vendors. But this article wasn’t clearly pitching Zix’s services, it was cautionary tale about the security requirements lawyers should be using to meet ethical requirements. A colleague even called the article to my attention because she was concerned that she wasn’t encrypting her email – she missed the author’s bio at the end.
While the Zix article posits that lawyers risk ethical violations by sending unencrypted email, my reading of the few related ethics opinions doesn’t go so far. In fact, while two states, California and North Carolina, bring up that encryption might be something lawyers should consider using, they fall very short of stating that unencrypted email is dangerously insecure and that lawyers must encrypt. In fact, the ABA hasn’t changed its opinion from 1999 which is that there is a reasonable expectation of privacy in unencrypted email.
On the other hand, the ILTSO, the International Legal Technical Standards Organization, has definite opinions on technical security and they not only say that encryption is required for client data being communicated through the public internet, but they recommend encryption bit thresholds, verification by unexpired third party certificates and making sure that encryption is truly end-to-end.
In this action packed week, I went to a CLE program this morning put on by a prominent Denver law firm entitled “Privilege and Preservation in the Corporate Setting; Practical Tips for Avoiding Communication Pitfalls in the Digital Age.” Fantastic, I thought. I’ll find out what the latest law really is on this subject. When it became clear that the speaker wasn’t going to address encryption in her talk, I asked the question: “Should email be encrypted to preserve the attorney-client privilege?” I didn’t mean to throw the speaker but I did. She said she didn’t know of any court using it to declare whether a communication was privileged or not but didn’t believe a court would invalidate the privilege because a lawyer failed to encrypt an email (and I would trust Zix to point out those cases if there were any). Then I asked whether she knew if many lawyers encrypted their email and she didn’t.
But, I would still like to know! I invite you to comment. Please answer the following questions:
- Do you regularly send or receive encrypted email to your clients or outside counsel?
- If you do not, have you considered it and why did you decide not to?
- If you do, what do your clients think about it?
Promise: If you say no, I will not send your contact data to any ethical committees or encryption providers.