United States: Internet Basics For The Washington Attorney: Special Issues And The World Wide Web

Of course, once you are schooled in the world of Internet based research, communication and commerce, and you are comfortable with the Web tools and techniques that will help you enhance your practice, it is critical that you be aware of the possible security, privacy, and ethical risks that use of the Internet may present to you as a practicing attorney. I will briefly address some of the most important of these.

A. Security And Privacy Issues

Security: One sense of the term "security" in the computer context is the integrity of the computer system itself. Any computer system, theoretically, is vulnerable to a hacker who knows what he's doing-especially if he has inside information. Technology to protect computer systems from break-ins is available, but is still the province of Information Services professionals who install it on a network-wide basis. Most security and firewall softwares are beyond the ken of the ordinary individual home or office user. It's important to remember that unauthorized access to a computer system is a crime and should be reported to federal law enforcement authorities. There are several federal statutes that criminalize unauthorized surveillance of computer systems, or even the mere disruption of a system.

Another sense of the term "security" is the integrity and verifiability of documents sent by a computer system. Electronic document verification is now a reality, thanks largely to the new federal E-sign law, as well as numerous states' digital signature acts. These are laws that set forth the standards whereby a verifiable signature can be encoded and decoded for verification by means of third-party escrow.

Often confused with document verification is the issue of document safety. This issue involves not the question "Is this document what it purports to be?" but rather "Are the contents of this document safe from being seen and copied by others?" Electronic messages and documents containing users credit card numbers are the subject of much concern for document safety. The best means of ensuring that document contents may not be viewed by anyone other than the party to whom they were addressed is encryption. Again, most encryption systems are beyond the ken of the average computer user, and are too complex and time-consuming to be used to protect any but the most critical of documents. However, several Web entrepreneurs are working to make rapid encryption and decryption available to the casual computer user at the click of a button. This will likely be one of the more important technological developments of the coming year.

Privacy issues arise on the Internet in several ways.

The first, which has been largely forgotten in the recent furor over the others, is the traditional violation of privacy: using someone's picture, or discussing or disclosing their personal affairs, without permission. This can be as simple as using online a photo for which you have not obtained permission or a release form from the persons shown in the photo. It can also include revealing or speculating about private facts about another person in an email, on a bulletin board, or in online chat. Or it can be as dramatic as displaying photographs and videos taken by hidden cameras-an increasingly common practice that has given rise to a proliferation of "voyeur" Web sites.

But most of the time, when people talk about Internet privacy, they are talking not about violations of the privacy of third parties, but of the privacy of the computer user herself-usually in her capacity as a consumer engaged in taking advantage of e-commerce by shopping for goods and services online. We have seen a rapid growth of technology enabling online merchants to track the identity, personal information, preferences, choices, and online habits of personas who access their Web sites. Collecting such information can be a valuable marketing tool for merchants and a great source of convenience and economy for consumers who are repeat-shoppers on certain Web sites and who want to be notified of opportunities they are likely to be interested in.

What information may be gathered, and how may it be used? What permission, if any, is required from the consumer herself? The European Community has strict laws and policies answering this question. The United States, as a matter of policy, has been reluctant to apply governmental regulation to this area, except in the specific area of protection of children. The Clinton Administration repeatedly pressured the e-commerce industry to self-regulate privacy issues by adopting and observing industry standards. But so far most U.S. e-commerce merchants have preferred to provide no notice at all, or to provide broad notice to which the consumer is deemed to have consented by virtue of clicking a Terms and Conditions Statement. This disparity between US and European consumer privacy policy has become the source of tension over the future of global e-commerce.

Whether you are a browser accessing the Web site of another, or a browsee whose site is being accessed, it is a good idea to keep in mind the three principles of an acceptable privacy policy: notice, choice, and access. A Web site operator should give user's notice as to what information is being captured and how it will be used. It should give the user the choice to approve or disapprove these uses. And it should provide the user with reasonable access to the user's personal information that has been retained by the Web site. Users should be wary of dealing with Web sites whose operators do not live up to these principles.

B. Advertising Guidelines And Unauthorized Practice Of Law

Because the US has a dual system of government, federal and state, with a solid body of rights vested in the states, lawyers are admitted to practice before the bar of a specific state, not throughout the nation as a whole. While in practice-especially now-lawyers routinely advise clients from all across the country, we have to stay cautious about advising them on matters that may vary from state to state. Copyright and patent are exclusively federal, so a lawyer may practice with confidence in those areas. But, for example, contract law, employment law, trade secret law, rights of publicity, common law unfair competition, defamation-to name a few-are bodies of law that vary a little or a lot from state to state, and practitioners admitted in one state may be committing malpractice if they venture to counsel clients in a different state on such issues.

In addition, each state bar has its own rules of practice and its own rules of professional conduct. While certain elements of these rules are uniform, others vary from state to state. One that varies significantly is the degree and manner in which lawyers and law firms may advertise their services and use media to seek to attract (or compete for) clients. Some states (such as Texas) have very strict rules governing this.

Consequently, practicing law via Internet is a dicey proposition in the US, both because it might cause the lawyer or firm to be perceived as holding itself out to have expertise or admission in a particular state when it does not, and because it might be perceived as a kind of advertising that would not comport with the rules of some states.

For these reasons, US law firm Web sites tend to be content-specific, emphasizing areas of expertise, published articles, CLEs, and research resources, as well as biographical information on the firm's lawyers, while emphatically NOT promoting the firm's services or seeking or encouraging an influx of clients. Most lawyers and firms would prefer that their Web sites be a destination for other lawyers, who might be sources of referrals, rather than for prospective clients, who might expect more than the firm can legally provide.

Another concern over the online practice of law in the US is the question of when an attorney-client relationship attaches. At a minimum, it is important to post some kind of disclaimer on the Web site notifying the client that there is NO attorney-client relationship until, for example, an engagement is expressly agreed on. Otherwise, a lawyer or firm may find itself in all sorts of disqualifying conflict situations without ever having intended to. You will frequently see disclaimers on firms' Web sites declaring that nothing on the site is to be construed as legal advice, or giving rise to an attorney-client relationship.

Tips:

• Know and observe your state's limitations on lawyer advertising.
• Practice (and advertise) only where you are admitted.
• Your Web site should be content-based, not promotional.

C. Ethical Use Of Email And Attorney-Client Privileges

Communicating over the Internet is no more nor less secure than communicating over the phone or sending a fax. Indeed, some would argue that it is more secure because individual communications are broken down into smaller packets and routed through a host of intermediary computers only re-assembling upon delivery to the intended recipient.

Nonetheless, there are valid security concerns uniquely associated with email. For example, the recent case of "Brad the Cad" is sufficient to illustrate that nothing except the integrity of the recipient can prevent an email intended for one person's eyes only from being "exploded" across the Internet to millions. Thus, even if you take maximum precautions on your end, and even use encryption, there is always risk associated with use of email.

Not just embarrassing intimacies, as in Brad the Cad's case, but also valuable confidential information-client confidences, trade secrets, intellectual property-can more easily be sent out across the Internet, intentionally or otherwise, than they can be carried out the door in a briefcase.

Perhaps the biggest misconception about email and other computer generated or stored documents is that a document can be deleted permanently. So-called deleted files, or partial files, can be retrieved from a variety of points in a network. Moreover, emails deleted from your local hard drive may continue to reside on your email server indefinitely.

So use appropriate privacy and confidentiality disclaimers, and don't send that email at all if it contains something that could compromise you, your firm, or a client. If you do send email to clients and colleagues, or if you post comments to a listserv or a bulletin board, keep the following in mind:

Treat every email as you would a letter. Remember, once a communication is posted to the Internet, you have no control over its subsequent re-use. It can stay available forever.

In communicating with prospective clients, avoid establishing an attorney-client relationship until you know more. Find out who the opposing parties are. Determine where the other party is and whether state law issues apply. Make sure the other party understands that anything you say is not legal advice and no attorney-client relationship attaches, until you have entered into an engagement agreement.

In communicating with existing clients, use a confidentiality disclaimer, just as you would on a fax. Make sure the client is comfortable communicating by email.

In communicating with listservs and bulletin boards, remember that you never know who might see your posting. Keep "hypotheticals" general. Don't mention specific clients or the facts of a specific situation. State academic opinions academically.

In communicating with other lawyers, employ the same standards of professional courtesy that you would in a signed, hard-copy letter intended for a permanent file.

If you send demands to opposing parties by email-and there is no reason you shouldn't-stay aware that these may (and often are) posted to the Web. Say nothing you can't defend or don't want others to see.

Attorney-Client Privilege

The Internet has become a valuable tool for communication between lawyer and client. But concerns arise regarding whether the Internet is "secure" enough for such use to preserve the attorney-client privilege and to sustain the attorney's ethical obligation to preserve a client's confidences and secrets.

Some early ethics opinions took a conservative approach and limited the extent to which lawyers may ethically communicate with clients. Iowa Supreme Court Board of Professional Ethics and Conduct Opinion 96-1, dated August 29, 1996, concluded that before sending "sensitive material" over the Internet, a lawyer must either encrypt the communication or obtain written acknowledgment of the risks of doing so from the client. The Ethics Advisory Committee of the South Carolina Bar, in Advisory Opinion 94-27, dated January 1995, implied that a disabled lawyer could not ethically communicate online because "system operators … may gain access to all communications that occur." In North Carolina State Bar Opinion 215 (July 21, 1995), it was specifically found that when "using email, or any other technological means of communication that is not secure, an attorney must exercise precautions to protect client confidentiality."

More recent state legal ethics opinions have looked in a direction more permissive of the use of new media. Vermont Ethics Opinion 97-5 holds that use of unencrypted attorney-client email and advertising by means of a "home page" do not violate the state's disciplinary rules (although the Opinion notes that advertising questions remain with respect to use of "push" technology, listservs, chat rooms, and newsgroups. South Carolina revisited the email encryption issue and held, in Ethics Opinion 97-08, that users have a reasonable expectation of privacy in e-mail and use of attorney-client email will not presumptively waive client confidentiality. New York County Ethics Opinion 921 held that attorneys may participate in an Internet attorney directory without running afoul of the local bar's rules regarding lawyer advertising.

No Washington ethics opinions or cases specifically address the issue of Internet communications. However, in a 1991 Ethics Opinion, the Washington State Bar Association opined that RPC 1.6 requires attorneys to advise clients that conversations on a cordless phone may not be confidential. WSBA Ethics Opinion 90-44 (May 24, 1991). The Association of the Bar of the City of New York has admonished its members to "exercise caution when engaging in conversations containing client confidences by cellular or cordless phones readily capable of interception."

It is unlawful to intercept a wire or electronic communication under both state and federal law. Federal law specifically provides that "[n]o otherwise privileged wire, oral or electronic communication intercepted in accordance with, or in violation of, [the Wiretap Act] shall lose its privileged character." 18 U.S.C. § 2517(4). Here again, the practical point is that modern technology may make communication easier and may protect, as a matter of law, its privileged character. But some risk of disclosure remains with every manner and medium of communication. Therefore, both lawyers and clients should take prudent steps to ensure the security of their communications where appropriate.

The loss prevention lawyers at the Attorneys' Liability Assurance Society (ALAS) have opined "that lawyers may ethically communicate with or about clients on the Internet." ALAS offers this caveat to its opinion, which makes eminent sense:

Misdelivery, inadvertent disclosure or unlawful interception are not the only risks of communicating on the Internet. One attorney recently was engaging in an online "chat" with several other attorneys and expressed some personal views about a particular legal issue. The emails contained the law firm name and the position taken was adverse to the firm's client in pending litigation. Opposing counsel had access to the "chat" line as did other interested lawyers. That embarrassing situation underscores the need for caution when communicating online.

Tips:

Know the relative risks of disclosure before you communicate.

Have a firm policy on the appropriate use of communications media.