- 0 Comments
By Nicole Black
Regular communication with clients is one key to effective legal representation. Clients have to be regularly apprised of the status of their cases, and lawyers have an ethical obligation to do so.
Of course, as is the case with most aspects of practicing law, technology has necessarily impacted the means and methods of client communication. Confidential conversations have shifted over the years from letters and phone calls to emails and texts.
At first, this transition was met with resistance by ethics committees. But over time, as electronic communication became commonplace, that changed. And in the mid-1990s, bar association ethics committees across the country began to approve the use of unencrypted email when communicating with clients.
Even so, many of the first ethics opinions on this topic wisely recognized that technology would change over time. Thus, an elastic standard governing the use of email for confidential client communications was established, with ethics committees acknowledging that accepted security standards would likely change as technology advanced and more secure options became available.
A NEW ETHICS STANDARD
In 2018, that time has come. Technology has improved greatly, and more secure electronic communication methods have emerged. This has rendered unencrypted email insufficient for certain types of client communication, as the ABA acknowledged in 2017 in Formal Opinion 477. In this opinion, the Standing Committee on Ethics and Professional Responsibility concluded that unencrypted email may not always be sufficient for client communication, and it advised lawyers to assess the sensitivity of information on a case-by-case basis and then choose the most appropriate and sufficiently secure method of communicating and collaborating with clients.
What does this mean for law firms that regularly handle particularly sensitive information or who will handle such information on occasion for certain cases? The short answer: You’ll have to incorporate more secure electronic communication methods into your law firm’s technology arsenal.
Not sure where to start? Here are a few options for you to consider.
NEW GMAIL AND OUTLOOK SECURITY FEATURES
If you do nothing else, you can fall back on the email encryption features built into many web-based email platforms. There are varying degrees of encryption available for web-based email messages, with HTTPS encryption being the most basic level of encryption provided by default by many popular email providers, such as Gmail and Yahoo. However, although HTTPS will prevent others on the network from reading your emails, when you use this type of encryption, your email provider still retains an unencrypted copy of your communication, which may be accessible by law enforcement via a warrant.
Another option is to implement the new security features that were rolled out earlier this year for Gmail and Outlook. If your firm uses Gmail, there are a number of new features that provide more control over the emails sent.
First, there’s “confidential mode,” which allows the sender to create a passcode generated via SMS to protect the email. An expiration date also can be generated for sent emails, and features can be activated that will give the sender more control over what the recipient can do with a specific email. For example, the sender can prevent the recipient from forwarding, copying, downloading or printing emails. Of course, screenshots can still be taken of the emails, so it’s important to keep that in mind.
Lawyers who use Outlook.com for email also have new security features available to them. For example, for those who use Office 365, individual emails, or all emails, can be encrypted.
Another new feature provides the capability to share password links that will allow clients, co-counsels and others to access sensitive documents stored in OneDrive. Last but not least, like Gmail users, those sending emails via Outlook.com can prevent email recipients from forwarding or copying emails sent to them.
PGP EMAIL ENCRYPTION
A further level of email security is added by using PGP encryption, an option used by some lawyers seeking more secure communication methods. This method encrypts your email while in transit and at rest. Unfortunately, it’s not an ideal solution for a number of reasons. For starters, earlier this year, European researchers discovered major vulnerabilities in the PGP email encryption standard typically used to encrypt email and recommended that the use of encrypted email cease until such issues were addressed—something that has not yet occurred.
Another problem with encrypted email is that it still exposes metadata to prying eyes, including the subject of your email, who you are communicating with, and when you’re doing so.
If you choose to use PGP encrypted email, understand that it’s not easy to set up properly, often requiring the services of a technology consultant. That being said, if you’d like to try to set it up on your own, you can find detailed guides that will assist you (provided by the Electronic Frontier Foundation) for Apple Mac, Microsoft Windows and Linux users.
You also can consider email encryption software, an option that, because of its price point, tends to be better suited for larger firms. Many choices are available, but the following are a good places to start: AppRiver, DataMotion and Mimecast.
SECURE CLIENT PORTALS
Last but not least are encrypted online portals, which often are built into other software programs such as legal practice management software. These portals provide end-to-end encrypted communication in one central, secure online location. All communications happen within the portal, meaning that once you log in to the portal, all activities occurring therein, along with your communications, are encrypted from prying eyes.
In addition to providing built-in encrypted communication, these portals allow you to share case-related information with clients, all in one convenient location, making the cumbersome back-and-forth process of unsecure, threaded emails a thing of the past.
Of course, as is the case with any encrypted communications solution, client portals require a buy-in from your clients. However, in light of the new ABA electronic communication guidelines, the time saved by avoiding the required case-by-case analysis regarding the sensitivity of client data and the security gained by using encrypted email or client portals will likely outweigh pushback from clients.
Rest assured, encrypted communication is the wave of the future. Regardless of which path you take to protect confidential client data, the time to choose is now. After all, it’s better to be ahead of the curve than behind it.
Nicole Black is a lawyer and the Legal Technology Evangelist at MyCase.
This article was originally published in the ABA Journal.