Stetson Law -- Student Paper: ATTORNEY/CLIENT PRIVILEGE AND E-MAIL

ATTORNEY/CLIENT PRIVILEGE AND E-MAIL:
IS THIS THE FAST LANE TO MALPRACTICE
ON THE INFORMATION SUPER-HIGHWAY?

The explosion of technology within the last two decades has begun an evolution of a new area of law. With the daily expansion of the Internet [1] and the availability of the cheap computers, many difficult and new questions of the law are emerging. One particularly troubling area for attorneys is the widespread use of electronic mail (e-mail). Many questions as to its use arise from ethical and evidentiary standpoints.

E-mail is extremely easy to use, exceptionally fast and easily accessible to almost all individuals throughout the world. With these characteristics it seems like this would be the perfect medium for attorneys and others to use to communicate to each other. However, the e-mail messages which are sent on the Internet have the ability to be intercepted with more ease then a wiretap on a conventional telephone line. If vital information is communicated between an attorney and client which is then intercepted, can this be used against that party in court? Will using a medium which is interceptable automatically waive privilege between an attorney and a client? Can the attorney be disciplined for sending the material over a "unsafe" medium?

There are two different bodies of law which are implicated when discussing privilege and confidentiality through e-mail. The first body of law concerns discovery and evidence procedure. Does privilege apply to an e-mail message in discovery or an e-mail message which is sought to be admitted as evidence in court? The second body of law deals with ethical considerations and the rules of professional responsibility. Even though an attorney may win in court and keep the privileged information out of the proceeding, that attorney may still be able to be disciplined by the state bar. Can an attorney be disciplined for sending e-mail messages because it may violate the confidential relationship between the attorney and the client? Both of these need to be considered in order to have an accurate perspective on e-mail and the attorney's privilege.

Federal Rule of Civil Procedure 26(b) [2] sets out the protection for attorney/client privileged documents for discovery purposes. However, the Rules of Civil Procedure allow parties to obtain documents even though they may not be admissible at trial. [3] This means that it is much more likely that opposing counsel will be able to obtain privileged documents in discovery rather then an attorney being faced with the documents at trial. The Rules of Civil Procedure used in conjunction with the Rules of Evidence can be a very effective bar against the use of privileged material.

The Florida Rules of Evidence and Federal Rules of Evidence are not worded similarly with regard to privileged communications. The Federal Rules of Evidence leave the privilege question up to the common law in criminal cases and for the state law in civil cases. [4] Without going into the case law for federal jurisdictions, it has been established that there is an attorney/client privilege in criminal cases. In federal court in Florida there is also an attorney/client privilege because the Florida Evidence Code establishes this privilege in all cases [5].

Now that the privilege is established, for both pre-trial and trial [6], how does e-mail communications between lawyers and their clients factor in? The doctrine of attorney/client privilege within the evidence code is "to be strictly confined within the narrowest possible limits consistent with the logic of its principle." [7] With this in mind courts have been more apt to err on the side of allowing potential privileged material to be admitted than keeping it out. In order for privilege to apply there are four general elements which need to be satisfied:

(1) the asserted holder of the privilege is or has sought to become a client; (2) the person to whom the communication was made (a) is a member of the bar of a court, or his subordinate and (b) in connection with this communication is acting as a lawyer; (3) the communication relates to a fact of which the attorney was informed (a) by his client (b) without the presence of strangers (c) for the purposes of securing primarily either (i) an opinion on law or (ii) legal services or (iii) assistance in some legal proceeding, and not (d) for the purpose of committing a crime or tort; and (4) the privilege has been (a) claimed and (b) not waived by the client. [8]

The most important elements for the purposes of e-mail and an attorney are (3)(b) and (4)(b). In Castano v. American Tobacco Co. [9] certain documents were held to be public domain simply because they were accessible on the Internet. The plaintiffs sued the defendants claiming control and manipulation of addictive nicotine in cigarettes. They used documents which were found on the Internet. These documents were "never intended to see the light of day" [10] and were supposedly taken from the defendants without their knowledge and provided to a professor at the University of California at San Francisco Medical School. [11] The professor made the documents available to the library, published them on the Internet and is planning to make them available on CD-ROM. [12] The court held that because the material had been available and is so readily available on the Internet, it is public domain and there should be no protective order, which the defendants sought. [13]

The fact that documents are published on the Internet may well waive all privileges with regard to their use in court. It should be clearly understood that the court did not address the issue of whether these documents were indeed privileged. [14] Rather, the court only held that documents available on the Internet are public domain and can be used accordingly. [15] Therefore, this case may well signify that any document taken from an attorney and published on the Internet, even though privileged, may be admissible. [16] Since sending e-mail on the Internet is readily accessible, it may seem reasonable to believe that privileged information sent via e-mail, if intercepted and published, would be deemed public domain and all privileges lost.

Many courts have failed to see that e-mail is any different from any other medium for evidentiary purposes. For example, in the United States Fidelity and Guaranty Company v. Canady [17] the court said, "Both the electronic mail message and the facsimile transmission similarly seem to be protected by the attorney-client privilege." [18] In this case the court did not even question whether e-mail was a secure medium and who else may have seen or read the document (i.e. a systems administrator). [19]

Does the sending of e-mail automatically waive privilege because of the ease of interception? Is e-mail deemed to be made in the presence of strangers? No court has directly addressed the issue of whether this is true, but a military court in United States v. Maxwell [20] recognized a reasonable expectation of privacy in e-mail messages for Fourth Amendment search and seizure issues. [21] The court applied a two-prong test in making this determination. [22] First, the person must exhibit an actual expectation of privacy. [23] Second, the person must show that the expectation of privacy is one that society is prepared to consider reasonable. [24] The court found that both of these prongs were met when e-mail was sent to a particular individual. [25] The Supreme Court offered support to this proposition when it said:

For the Fourth Amendment protects people, not places. What a person knowingly exposes to the public, even in his own home or office is not subject of Fourth Amendment protection. . . . But what he seeks to preserve as private, even in an area accessible to the public, may be constitutionally protected. [26] (emphasis added).

Most individuals, and attorneys, who send e-mail do not intend to have the message contents revealed to the public. This case may show that attorney/client privilege is not automatically waived if e-mail is sent by an attorney to a client because there is a reasonable expectation of privacy. This, used in combination with the Omnibus Crime Control Act of 1967 [27] and the Electronic Communications Privacy Act of 1986 [28], establish a good foot hold for an attorney to believe e-mail is a private communications medium.

Many people have attempted to analogize e-mail to other forms of communication because the courts have not yet ruled on this topic. They have compared it to cellular telephones and cordless telephones. However, for evidentiary standards this analogy is fruitless. According to the federal wiretap [29] statute, any eavesdropping is illegal unless it falls within an exception. The use of e-mail usually entails the use of telephone lines on either end of the connection so the act should have application. [30] Illegal material is inadmissible as evidence in a court of law [31], therefore these analogies are more appropriately discussed in the ethical section.

There are some people [32] who feel that Title III of the Omnibus Crime Control and Safe Streets Act of 1967, (Title III), will not apply to e-mail because it does not satisfy the law's requirements. Unfortunately, this criticism misses the plain language of Title III. The act was specifically amended to deal with the problem of e-mail and other electronic communication. "Interception" means the aural or other acquisition of the contents of any wire, electronic, or oral communication through the use of any electronic, mechanical, or other device." [33] (emphasis added). Furthermore, the act was amended to read, "Except as otherwise provided in this chapter any person who-- intentionally intercepts, or endeavors to intercept, or procures any other person to intercept or endeavor to intercept, any wire, oral, or electronic communication. . . shall be punished. . . ." [34] These amendments take care of the criticisms raised about Title III not applying to e-mail and, in conjunction with the Electronic Communications Privacy Act of 1986 (ECPA), will provide greater protection to the privacy of e-mail. The amendments to the Act make the arguments against its application [35] moot. Although it may take the courts some time to fully apply this, they eventually will.

The ECPA's was intended to cover unauthorized interception of electronic communications. It was also aimed at stopping the interception of stored e-mail messages on a computer system. [36] This prohibition requires that two elements be satisfied, the means and result elements. [37] The means element is met when there is intentional access without authorization or when the access goes beyond the authorization given. [38] The result element is met when there is access, alteration, or prevention of authorized access to a wire or electronic communication while it is in electronic storage. [39] These elements help to establish an expectation of privacy for e-mail messages which are stored on a system.

However, there are two problems with the ECPA protection of stored e-mail messages. First, the unlawful access prohibition does not extend to the service providers, only to third parties. [40] Second, the protection only applies to services "to the public", [41] therefore it would have no effect on private systems. [42] There is a debate, however, that simply having a company's private e-mail system connected to the Internet makes that system subject to the ECPA. This theory has never been tested and may or may not be supported depending on the facts of the case.

In conjunction with the ECPA many states have privacy legislation which covers the same areas. These state statutes regulate unauthorized access to computers and make them criminal mischief in the third degree [43], class C felonies [44], punishable by five years imprisonment or $5,000 fine [45], or even up to a felony punishable by 10 years or a $125,000 fine [46]. [47] Depending on the statutes of the particular state in question, this will also aid the user in the presumption that e-mail is meant to be private, and this privacy is protected by state and federal laws.

This means that for an attorney wanting to maintain privilege with a client, e-mail appears to be a safe medium for communication. There will be an objective and subjective presumption of privacy when using e-mail. This means that e-mail will satisfy the previous definition and elements of privilege. It also means the attorney will not have made statements in the presence of others simply by using e-mail.

If e-mail is sent to the wrong person or legally intercepted, it will probably not be held to waive privilege. One of the key facts as to whether this is true is if the disclosure was inadvertent or intentional. One court has held that the transmission of material over a cellular phone is not an intentional disclosure and does not waive privilege. [48] Many courts apply waiver of privilege on a case by case basis depending on the facts. [49] If the disclosure is deemed inadvertent it does not waive privilege. [50] The basic concept behind not allowing an inadvertent waiver is that the two terms are inherently contradictory. [51] As long as the attorney and the client take basic steps to protect the confidentiality of the material, courts will uphold the privilege. In order for an inadvertent disclosure to be deemed a waiver, the circumstances must contain extreme or gross negligence. [52]

If the disclosure is not inadvertent then the privilege will be deemed to be waived. This can occur, for example, if the client discloses the information to a third party. This is an intentional disclosure and no court will uphold the privilege after this has occurred. Additionally, if there is a third party present at the time the confidential information is exchanged courts will interpret this as meaning that the information was not intentionally meant to be confidential. [53] This applies to element (3)(b) of the privilege test.

One other area the attorney needs to be cautious about is sending e-mail to a corporation where his client is using a corporate account to communicate. It is common knowledge that many corporations monitor their employee's e-mail. In general, system administrators will often monitor message traffic and store e-mail as a permanent electronic record, and in some cases make and store printed copies. [54] If it can be shown that the attorney or client had some knowledge that their e-mail communications may be monitored then it might be deemed a waiver because it was made in the presence of strangers.

New York has attempted to answer the question of confidentiality and e-mail by proposing a statute on this issue. The legislature was concerned with service providers having access to e-mail and the wide spread use of e-mail by attorneys to communicate with their clients. The New York SBA executive committee approved the proposed statute on January 24, 1997. The policy states:

No communication otherwise privileged under this article shall lose its privileged character for the sole reason that it is communicated by electronic means or because persons necessary for the delivery or facilitation of such electronic communication may have access to the communication. [55]

This proposed statute removes any doubt whatsoever about the use of e-mail and the waiver of privilege by an attorney. As time progresses, it appears likely that more states will pass similar legislation dealing with the e-mail and privilege question. Additionally, it is inevitable that the Federal Rules of Evidence will address this issue and probably include a comment about this topic.

In summary, it is likely that the courts will hold that e-mail is just like any other communication medium and should be afforded the same evidentiary standards. Privilege will apply to unencrypted messages which are sent on the Internet unless they are intentionally disclosed to third parties. The Omnibus Crime Control and Safe Streets Act and the ECPA should provide a basis for a reasonable expectation of privacy by a user, as should certain state statutes. Additionally, inadvertent disclosure of e-mail messages will only allow for a waiver in extremely or grossly negligent situations.

The next area that e-mail should concern an attorney is in his/her professional conduct. It is possible for an item to be considered privileged for evidentiary purposes but not for the rules of professional conduct. Simply because an attorney wins in court upholding the privilege does not mean he will likewise win if brought before a disciplinary board. What this means for an attorney is that his potential risk for malpractice may be increased by using e-mail negligently or recklessly.

The particular rule which is applicable in this situation is Model Rules of Professional Conduct 1.6. [56] Similar to this rule but not as broad is the ABA Model Code of Professional Responsibility DR 4-101 [57]. The difference is the scope of information received and when it is received, but both would be applicable for hypothetical e-mail privilege questions.

Attorneys usually give out their e-mail addresses because of ease in communication and contact between themselves and clients. However each client should be informed as to the dangers of using e-mail to communicate sensitive material. This should at least occur after the attorney has been retained by the client but more preferably when the client receives the e-mail address to begin with. Once the client realizes and is informed of the potential dangers of disclosure then the attorney has acted according to his/her duty to inform the client. [58] In addition, the attorney should consider using encryption to protect communications.

An attorney should also be concerned about where he/she is communicating with his/her client. If the client is using their own access through a paid service provider at home, then the attorney does not have too much to be concerned about. However, if the client is using the corporation e-mail system and the client is not one of the upper management personnel, then it is likely that that person's e-mail is being monitored by the corporation. This could cause the attorney malpractice problems depending on the level of his/her knowledge about corporate monitoring practices.

As far as ethical guidance in this matter there is very little. In 1986 the ABA published a report which told a lawyer that he/she should not use e-mail unless the bar had approved the system or that the attorney was convinced that the system administrator could keep confidences. [59] This report went on to say that the attorney must be sure that the system administrator had some security and a process in place to prevent inadvertent disclosures or interception. [60] Times have changed since this report was issued and it would be nearly impossible for an attorney to research a service provider about these topics and probably even more difficult for the attorney to understand what the administrator was saying.

Many people have attempted to analogize e-mail to cellular telephones. This analogy seems plausible at first because of the ease of interception and it is not as safe as a direct wire communication. In applying these analogies various jurisdictions have issued ethics opinions dealing with cellular telephones.

In Massachusetts the cellular telephone opinion is much stronger than some other jurisdictions. The committee effectively states that an attorney should not discuss confidential matters with a client over a cordless or cellular telephone without first gaining the consent of the client. [61] The committee said a lawyer should not use a cellular phone if there is a risk that a third party may overhear the conversation. If the content of the conversation is considered "nontrivial," and the lawyer should resolve any doubt about the degree of risk in favor of protecting the confidentiality. [62] The committee did recommend that attorneys should investigate the possibility of using a scrambling device but the attorney must judge the effectiveness of the device. [63] If an attorney were to use the analogy of e-mail to a cellular phone then it appears that there should be no unencrypted messages sent to the client. It also appears that the encryption program that the attorney would use to encrypt the e-mail messages should be virtually unbreakable or the attorney may risk violating the ethical rules.

New Hampshire also came down strong like Massachusetts in their view of attorneys using cellular telephones to communicate with clients. In this opinion the committee urged all attorneys to avoid using cordless or cellular telephones when discussing material with a client. [64] The committee did recognize that the use of a scrambler or other such device for these communications would be sufficient to allow the attorney to escape liability under the ethical rules. [65] With this last caveat in the New Hampshire ethical opinion it would appear that an attorney could send e-mail as long as the e-mail were encrypted. Without any encryption, the attorney would be running the risk of violating the rules of ethics.

The Bar Association of New York City issued a formal ethics opinion on the question of whether a lawyer can carry on conversations concerning confidential client matters by cellular or cordless telephones in 1994. [66] In this opinion they cited numerous cases where there was no expectation of privacy for any cellular or cordless telephone conversations because they were readily interceptable. After considering the convenience of the telephones and the danger in being intercepted the association came to the conclusion that lawyers "should exercise caution when engaging in conversations containing or concerning client confidences or secrets by cellular or cordless telephones or other communication devices readily capable of interception, and should consider taking steps sufficient to ensure the security of such conversations." [67] (emphasis added). The opinion also stated that the lawyer should warn the party that confidential material cannot be discussed. [68] This opinion seems to make a strong argument that it would be improper for a lawyer to engage in the sending of unencrypted e-mail and that lawyer would violate rule 1.6 in doing so. It even goes as far as saying that a lawyer should include a warning about discussing confidential material via e-mail.

Illinois [69] and Washington [70] have also issued ethical opinions in which they state that an attorney has a duty to warn his/her clients when using cellular or cordless telephones. The lawyer must inform the party on the other end of the telephone, before the conversation begins, that the conversation is taking place on a cellular or cordless phone. [71] The lawyer must also state that the confidentiality of the conversation may not be maintained and attorney/client privilege may not apply to that conversation. [72] Additionally, an attorney should provide the client with the option of discussing the confidential material at a different time and place where the conversation can be secure. [73] This opinion suggests that e-mail may be sent, unencrypted, as long as the first paragraph of the e-mail message contains a warning that the material may not be confidential.

This analogy has been criticized in the fact that e-mail is much safer than cordless telephones and cellular telephones. When it comes down to the basics, these phones are nothing more then radio transmitters broadcasting on a specific channel. The speech from one of these units is broadcast in all directions until it reaches a tower or antenna and then is run through the conventional telephone lines to the recipient. These communications are easily interceptable with everything from baby monitors to radio receivers in automobiles. [74] All of the devices that can be used to intercept are cheap and readily available to the public. On the other hand the hardware required to intercept an e-mail message requires more money, significantly more expertise and training, and is not readily available. [75] These facts make e-mail more of a hybrid between the telephone and the cellular phone.

Some jurisdictions have addressed the issue of e-mail directly and have done so by still using the analogies of the cellular telephones. In addition to this some jurisdictions have even suggested or passed legislation to deal with the sending of unencrypted e-mail messages.

Colorado has issued an ethics opinion which is somewhat on point. Although the opinion was mainly to address the issues of cover-letters on facsimile transmissions, the Colorado committee gave advice which would be applicable to e-mail transmissions as well. The committee emphasized the fact that the attorney should exercise reasonable care whenever communicating confidential material. [76] The attorney must use reasonable care to ensure that the e-mail or message was sent to the correct address or number, and that only the intended recipient has access to it. [77] This seems to suggest that encryption for e-mail purposes would be the only acceptable means of ensuring that the desired recipient receive the material.

The South Carolina State Bar addressed the issue of e-mail and confidentiality when a disabled attorney wished to begin a virtual office on the Internet so he could have contact with his clients or potential clients. [78] The attorney asked what ethical issues might arise with this endeavor, and the committee raised the concern of confidentiality. [79] The committee's main concern was not interception by unauthorized persons but rather the interception by the system administrator who is maintaining the service. [80] The committee also analogized e-mail to cellular phones and held "unless certainty can be obtained regarding the confidentiality of communications via electronic media, that representation of a client, or communication with a client, via electronic media, may violate Rule 1.6, absent an express waiver by the client." [81] This appears to go as far as saying that no communication should occur via e-mail, even if encrypted, because it would be virtually impossible to obtain absolute certainty of the confidentiality of the communication.

In Iowa, a firm requested an opinion on what the implications of having a web site or firm home page. [82] The Iowa Board responded to many issues including the e-mail and confidentiality issue. The Board said, ". . . sensitive material must be encrypted to avoid violation of DR 4-101 and pertinent EC's and related formal opinions of the board." [83] This clear and explicit opinion states that it is definitely a violation of the Iowa Code of Professional Responsibility to send confidential, unencrypted e-mail to a client.

Iowa also issued another formal opinion, following the previous opinion, on the subject of e-mail. [84] In this opinion the Board was asked to reconsider its finding that e-mail needed to be encrypted according to opinion 95-30. The Board expressed concern over the lack of security on the Internet. In particular the board cited ACLU v. Reno [85] which told that Mastercard and Visa did not consider the Internet safe enough to verify a credit card number. [86] Additionally, in the concurring opinion, Judge Buckwalter stated that "current technology is inadequate to provide a safe harbor to most speakers on the Internet." [87] Because of this, the Iowa Board refused to rescind its prior formal opinion and re-affirmed its decision that all sensitive e-mail needed to be encrypted. [88]

The North Carolina State Bar addressed both cellular telephones and e-mail in a 1995 published opinion. [89] Again, this association recognized the ease in interception of cellular and cordless telephone calls. The recommendation was first, that the attorney use reasonable care in selecting the form of communication which will best maintain the confidences under the current circumstances. [90] Second, the lawyer must advise the client of the potential of the particular medium to be intercepted and the potential loss of confidentiality. [91] With regard to e-mail the State Bar said, "In using e-mail, or any other technological means of communication that is not secure, the same precautions must be taken to protect client confidentiality. . . ." [92] It appears that sending unencrypted e-mail within the state of North Carolina would be in violation of the rules of ethics. However, encrypted e-mail would probably allow a lawyer to escape liability and be in compliance with the rules of ethics.

In an informal, non-binding opinion by Arizona, it was suggested that if an attorney followed through with the recommendations similar to those of North Carolina they would be in compliance with the rules of ethics. [93] However, the opinion did not definitively say this and made reference to another Arizona opinion [94] dealing with cellular telephones. In that Arizona opinion, the committee said that the mere use of a cordless or cellular phone to communicate with opposing counsel or the client, without a scrambling device or warning at the beginning of the call, does not constitute an ethical breach. [95] The committee went on to warn attorneys to be cautious about communicating sensitive material over these mediums because it could adversely affect the client. [96] This appears to suggest that an attorney would not be automatically in violation of the ethical rules by sending unencrypted e-mail, as the attorney would be in Iowa. But, as long as there was a warning at the beginning of the e-mail this would be acceptable.

In summary, as far as the ethical ramifications for an attorney using e-mail, it appears that any use of e-mail without encryption would be a violation of the rules of ethics. The only exception appears in Arizona, however, that the ethics opinion was informal and non-binding. The safest route would be for an attorney to check with the Bar in the state in which they practice. They would be able to advise an attorney in accordance with the ethical rules which is proper for that state. No matter what, however, an attorney should inform their client of the possible problems with e-mail, and should use encryption to protect their messages.

An attorney could probably be found to have broken the attorney client privilege, in some states, if he/she was negligent. Basically, what negligence boils down to is whether you, as an attorney, had a duty which was breached, that caused damages to the individual suing. [97] What is an attorney's duty with regard to confidential information? An attorney has a duty to act as a reasonable and prudent person under like or similar circumstances. [98] For e-mail situations an attorney should take care to have the confidential information remain confidential when communicated. Whether the attorney breached the duty of confidentiality is usually a question of fact left to the jury. [99] However, for e-mail and confidentiality of information situation, the breach will be obvious. [100] Finally, there needs to be damages caused, in fact and proximately, by the breach of duty. [101]

The most difficult item in the negligence scheme would be what damages can be proven. It does not seem likely that an attorney could ever be sued civilly on a negligence theory for using e-mail and not encrypting. The damages would be virtually impossible to prove. However, even though an attorney is likely to lose no money on this issue, the loss of reputation and credibility alone should be enough to make an attorney think carefully about the consequences. Even if an attorney did absolutely nothing wrong in sending the message, the mere fact that the information was intercepted and is available to other third parties may not instill trust with that attorney.

Causation is also an element of a negligence suit. There needs to be causation in fact and proximately. Causation in fact is relatively straight forward with e-mail, because there is only one person whose actions have caused harm, the attorney's. With only one bad actor you would apply the "but for" test which is: but for the defendant's action, the damage would not have occurred. Or in an e-mail situation, but for the attorney sending unencrypted e-mail over the Internet the confidentiality would not have been breached.

The second type of causation which also must be satisfied is the proximate causation. There are three different tests for this: the directness test [102], forseeability test [103], and the duty and unforeseeable plaintiff test [104].

For the directness test liability is relatively easy. In the Polemis Arbitration a ship full of flammable material exploded when a crew member [105] dropped a board into the hold. [106] The court held that once an act was deemed to be negligent, the actor would be liable for all following damages. [107] In other words, an individual would become liable for all damages caused by their actions whether foreseeable or not.

The next test is the foreseeability test which was illustrated in the Wagon Mound case. In that case the defendants were repairing their boat which was docked. They accidentally started oil, covering the water, on fire which not only burned down the dock that their boat was moored at, but also the plaintiff's dock about 600 feet away. [108] The court held that the damage to the second dock was not foreseeable by the defendants, therefore they should not be allowed to recover.

The final test is the duty and unforeseen plaintiff test found in the Palsgraf case. In that case the plaintiff was standing on a platform at the defendant's railroad terminal. [109] A passenger was attempting to board a moving train with the help of some employees when a package containing fireworks, that the passenger was carrying, fell and exploded. [110] The explosion caused scales to fall on the plaintiff who was many feet away from the whole incident. [111] The majority opinion held that duty only extended to a certain group of people who were considered to be in a zone of duty. [112] If someone in the zone was injured, they could sue but if they were outside the zone then there was no basis for a suit. Once again the duty only extended to those people who were foreseeable to the defendants.

With awareness of the dangers of technology and its security on the rise, an attorney's client easily falls within the zone of duty and is foreseeable as a possible plaintiff. In fact, using any of the three tests, which were briefly summarized above, would always include the client as a plaintiff. The client, to an attorney, is always within a zone of duty because of the foreseeable nature that anything an attorney does could affect his or her client. A client will also almost always be directly affected by an attorney's actions bringing liability under the Polemis test.

Another standard for negligence was set forth in the United States v. Carroll Towing Co. [113]. In this case Judge Hand applied the B<PL formula to determine if there was any negligence. If the burden of using some sort of prevention, (B), is less than the probability that the accident would occur, (P), multiplied by the amount of severity of the accident, (L), then there is negligence. For e-mail the B would probably be encryption or some other similar device. The P would depend on whether the e-mail was sent over the Internet and what type of service provider was used. Finally, the L could be loss of candor or trust in an attorney or defamation or liable damages. With encryption becoming easier and easier to use, if a court used the B<PL formula in a case against an attorney for inadvertent disclosure the attorney would certainly lose.

If other states follow New York's example by passing statutes dealing with e-mail and privilege, and, if these new statutes prohibit transmission without encryption, an attorney may be found negligent per se for failing to use encryption. In order for an individual to be found negligent per se there has to be a statute and the individual must breach the statute. [114] As more and more state legislatures address the problem of e-mail and privacy, this may give rise to attorneys being found civilly liable for a failure to protect the contents of e-mail messages.

With the threat of a possible violation of the rules of professional ethics, inadvertent waiver of privilege for discovery and evidentiary purposes, and possible civil liability there is a way for attorneys to safeguard their reputation, integrity, employment and pocket book. The best available solution is encryption. Already in use by numerous law firms and lawyers, its use should continue to grow more and more widespread throughout the Internet world. Encryption shows the courts, for evidentiary and discovery purposes, that the attorney meant to keep the material confidential and that no one else was intended to have access to it. Encryption shows the state bars that the attorneys are aware of the possible interception but that their client's confidentiality comes first.

Encryption seems to be a relatively inexpensive and somewhat simple tool to use. Most of the ethical opinions, statutes, and case law were addressing the problems of unencrypted e-mail messages. The mention of unencrypted e-mail by the courts, legislatures, and state bars suggests a solution immediately. It is doubtful that any court would hold that there is no expectation of privacy with an encrypted e-mail message. It is even more doubtful that an attorney would be reprimanded for having an encrypted e-mail message sent over the Internet.

Additionally, the Attorney's Liability Assurance Society (ALAS), a captive insurance company that insures large law firms for malpractice [115], recommends that encryption should be done to messages which contain information so important that any threat of interception must be avoided. [116] However, the author of this article also stated that lawyers may ethically communicate with or about clients on the Internet without encryption and that unauthorized disclosure does not act as a waiver. [117] The main reasoning behind the ALAS article is that the only people who will read an intercepted e-mail message are the hackers that obtain it. The conduct of a hacker is illegal therefore the information obtained by the hacker would not waive the privilege of the information. This theory is also supported by other authors. [118]

However, this theory overlooks two major concerns. The first concern is with e-mail and the simplicity of inadvertent disclosures. Rather than having a hacker steal the message, what is the result if a message is sent to the wrong address or if a system administrator views the message? The administrator is not a hacker, for all practical purposes, but is merely monitoring the system. Both questions have been addressed by ethical opinions and by the rules of evidence. [119] The second issue which is not covered by any theory, is the reputation and character of the attorney as perceived by the public. In order to encourage clients to disclose information to their attorneys, the clients must have faith in the confidentiality between themselves and their attorneys. If an unencrypted e-mail was intercepted by a hacker and the material was made public the criminal theory would not reprimand the lawyer. The material would be inadmissible at trial and some state bars would not reprimand the lawyer. However, the mere fact that the sensitive information was disclosed to an outside source is enough to disturb the confidence of some clients. Again, this possibility has also been covered, however slightly or inadvertently, in the ethical opinions, discovery rulings, and evidentiary rulings.

Another possible solution is using disclaimers and warnings like those that are used for facsimile transmissions. However, this use of warnings may defeat the purpose of privilege. If a hacker has obtained the information they will disregard the warning. If a system administrator views the warning chances are they would view the material anyway claiming that it was their job. The only person who might be affected by the disclaimer would be an unintended recipient. However, if a suit arose over the contents of an unencrypted e-mail message containing a warning chances are that the attorney asserting the privilege would lose. [120] The fact that the attorney has placed a warning at the beginning of the e-mail message shows that they are aware that the message can be intercepted and that e-mail is not a secure means to be communicating confidential information. [121], [122]

The main conclusion for an attorney using e-mail is that she/he needs to be aware that it is not as safe as picking up the telephone and talking to the client. If an attorney is going to use unencrypted e-mail at all, she/he should attempt to use unencrypted e-mail like she/he would use a cellular telephone. Attorneys should inform their clients that the e-mail system is not a secure system and extremely sensitive information should only be discussed with encryption or over a different medium. An attorney should always assume that her/his e-mail messages are being read by the system administrator. Even with the previous assumption, an attorney may also assume that there is a sense of privacy attached to e-mail as shown by the courts, state laws and federal laws. This should make the attorney more comfortable using e-mail to communicate with his or her clients.

If an attorney has to use e-mail to communicate confidential material, that attorney should take steps to prevent any sort of disclosure. The safest and simplest way would be to use an encryption program [123]. No matter what type of message an attorney is sending, it cannot hurt to use encryption. Using encryption will allow only the intended party to read the message thus avoiding any inadvertent disclosure. Encryption can frustrate most hackers and prevents system administrators from viewing the contents. Encryption prevents an attorney from being reprimanded by the state bar for failing to keep client confidences. Finally, encryption may even give the client confidence that everything discussed will remain secret. This confidence will aid an attorney's reputation and status as viewed by her/his clients and peers.

Footnotes

[1] The Internet is growing at a phenomenal rate of 13 to 20 percent each month. Robert Jones, Client Confidentiality: A Lawyer's Duties with Regard to Internet E-Mail, (last modified Aug. 16, 1995) http://www.computerbar.org/netehtics/bjones.htm.

[2] Rule 26(b)(5) provides in full:When a party withholds information otherwise discoverable under these rules by claiming that it is privileged or subject to protection as trial preparation material, the party shall make the claim expressly and shall describe the nature of the documents, communications, or things not produced or disclosed in a manner that, without revealing information itself privileged or protected, will enable other parties to assess the applicability of the privilege or protection. Fed. R. Civ. P. 26(b)(5).

[3] Rule 26(b)(1) provides in part, "The information sought need not be admissible at the trial if the information sought appears reasonably calculated to lead to the discovery of admissible evidence." Fed. R. Civ. P. 26(b)(1).

[4] Federal Rule of Evidence 501 provides in full:Except as otherwise required by the Constitution of the United States or provided by Act of Congress or in the rules prescribed by the Supreme Court pursuant to statutory authority, the privilege of a witness, person, government, State, or political subdivision thereof shall be governed by the principles of the common law as they may be interpreted by the courts of the United States in the light of reason and experience. However, in civil actions and proceedings, with respect to an element of a claim or defense as to which State law supplies the rule of decision, the privilege of a witness, person, government, State, or political subdivision thereof shall be determined in accordance with State law.Fed. R. Evid. 501.

[7] In re Horowitz, 482 F.2d 72, 81 (2d Cir. 1973), cert. denied, 414 U.S. 867 (1973).

[8] United States v. Jones, 696 F.2d 1069 ( US App. Ct. 4th Cir. 1982). See also, United States v. United Shoe Machinery Corp., 89 F. Supp. 357, 358-59 (D. Mass. 1950).

[15] The court made clear that if the trial court determined that some documents did indeed have privileged information contained within them, then a protective order may be appropriate. However, the mere fact that documents are not intended to see the light of day is not enough to support the issuance of an order. Id.

[16] It should be noted that the court in Castano did also make reference to the fact that the documents which were privileged had extreme value to the public. The public interest outweighed the privilege asserted and therefore the documents should not be sealed. Id. at 595.

[19] See also, National Employment Service Corporation v. Liberty Mutual Insurance Company, 3 Mass.L.Rptr. 221 (1994) (where the court held thirty-two e-mail messages fell within privilege by looking at their content not the communication system); International Business Machines Corporation v. Comdisco, Inc., 1992 WL 52143 (Del.Super. 1992) (holding that certain material within an e-mail message may be protected and certain other material may not without even looking at the system used for the transmission of e-mail); Stopka v. Alliance of American Insurers (1996 WL 204323 (N.D.Ill. 1996) (holding e-mail communications between attorney and client to be privileged with no attention given to the system used for transmission).

[21] But see, Smyth v. Pillsbury Co., 914 F. Supp. 97 (E. PA 1996) (holding that an employee did not have a reasonable expectation of privacy in using the company e-mail system).

[30] I must admit that the technical aspects of connection to the Internet are not my strong point. Possible exceptions to this may include ISDN lines and the Internet televisions.

[32] See William P. Mathews, Encoded Confidences: Electronic Mail, The Internet, and The Attorney-Client Privilege, 45 U. Kan. L. Rev. 273, (Nov. 1996).

[37] Henry H. Perritt, Law and the Information Superhighway 109 (Wiley Law Publications 1996).

[49] Bank Brussels Lambert v. Credit Lyonnais (Suisse) S.A., 160 F.R.D. 437 (SNY 1995) (Some facts which should be examined include 1) the reasonableness of the precautions taken to prevent inadvertent disclosure, 2) the time taken to rectify any error, 3) the scope of discovery, 4) the extent of the disclosure, and 5) overriding issues of fairness. Id. at 443.).

[50] See Georgetown Manor, Inc. v. Ethan Allen, Inc., 753 F. Supp. 936, 938 (S.D. Fla. 1991); Helman v. Murry's Steaks, Inc., 728 F. Supp. 1099, 1104 (D.Del. 1990); In re Sealed Case, 120 F.R.D. 66, 72 (N.D. Ill. 1988); Mendenhall v. Barber-Greene Co., 531 F. Supp. 951, 954 (N.D. Ill. 1982).

[52] Federal Deposit Insurance Corp. v. Marine Midland Realty Corp., 138 F.R.D. 479, 482 (E.D. Va. 1991).

[54] Laurie Thomas Lee, Watch Your E-Mail! Employee E-Mail Monitoring and Privacy Law in the Age of the "Electronic Sweatshop", 28 J. Marshall L. Rev. 139 (Fall 1994).

(a) A lawyer shall not reveal information relating to representation of a client unless the client consents after consultation, except for disclosures that are impliedly authorized in order to carry out the representation, and except as stated in paragraph (b).

(b) A lawyer may reveal such information to the extent the lawyer reasonably believes necessary:

1) to prevent the client from committing a criminal act that the lawyers believes is likely to result in imminent death or substantial bodily harm; or

2) to establish a claim or defense on behalf of the lawyer in a controversy between the lawyer and the client, to establish a defense to a criminal charge or civil claim against the lawyer based upon conduct in which the client was involved, or to respond to allegations in any proceeding concerning the lawyer's representation of the client.

(A) "Confidence refers to information protected by the attorney-client privilege under applicable law, and "secret" refers to other information gained in the professional relationship that the client has requested be held inviolate or the disclosure of which would be embarrassing or would be likely to be detrimental to the client.

(3) Use a confidence or secret of his client for the advantage of himself or of a third person, unless the client consents after full disclosure.

(1) Confidences or secrets with the consent of the client or clients affected, but only after a full disclosure to them.

(2) Confidences or secrets when permitted under Disciplinary Rules or required by law or court order.

(3) The intention of his client to commit a crime and the information necessary to prevent the crime.

(4) Confidences or secrets necessary to establish or collect his fee or to defend himself or his employees or associates against an accusation of wrongful conduct.

(D) A lawyer shall exercise reasonable care to prevent his employees, associates, and others whose services are utilized by him from disclosing or using confidences or secrets of a client, except that a lawyer may reveal the information allowed by DR 4-101(C) through an employee.

[59] Standing Committee on Lawyer's Responsibility for Client Protection, Lawyers on Line: Ethical Perspectives in the Use of Telecomputer Communication (1986) at 67.

[66] The Association of the Bar of the City of New York, Ethics Formal Op. 1994-11 (Oct. 21, 1994).

[82] Iowa Supreme Court Board of Professional Ethics and Conduct, Formal Ethics Op. 95-30 (May 16, 1996).

[84] Iowa Supreme Court Board of Professional Ethics and Conduct, Formal Ethics Op. 96-1 (August 29, 1996).

[86] Id. at 846. The opinion also stated that "unlike postal mail, simple e-mail generally is not 'sealed' or secure, and can be accessed or viewed on intermediate computers between the sender and recipient (unless the message is encrypted.)" Id. at 834.

[89] Modern Communications Technology and the Duty of Confidentiality, RPC 215, (1995 WL 853887 (N.C. St. Bar.)).

[97] Lecture by Professor Peter Lake, Torts I, Stetson University College of Law (Oct. 9, 1995).

[100] If someone unintended has learned about the information then there will be a breach.

[102] In re Arbitration Between Polemis and Furness, Withy & Co., Limited, 3 K.B. 560 (C.A. 1921).

[103] Overseas Tankship (U.K.) Limited v. Morts Dock & Engineering Co., Limited (The Wagon Mound), [1961] A.C. 388 (Privy Council 1961).

[105] Actually, it was not a crew member but rather a stevedore. This was a person who worked on the docks loading and unloading ships.

[115] ABA and Bureau of National Affairs Inc., Lawyer's Manual on Professional Conduct no. 170 p. 22 (October 30, 1996).

[116] Id. (quoting Communicating with or About Clients on the Internet: Legal, Ethical, and Liability Concerns, ALAS Loss Prevention J. 17 (Jan. 1996)).

[119] Although the answers have not been fully and completely given, these bodies of law offer more direction then the criminal code.

[122] This is a kind of Catch-22. Ins some states an attorney would be required to put an information statement on the front of the e-mail telling them it is not safe. Failure to do this could result in disciplinary action. However, putting the disclaimer on an e-mail message show that the attorney is aware that e-mail is unsafe but communicated anyway. Using e-mail with a disclaimer may result in disciplinary action because of the attorney's awareness.

[123] For a short discussion of encryption as well as links to more in depth articles on encryption and links to encryption file transfer sites see Robert Jones, Client Confidentiality: A Lawyer's Duties with Regard to Internet E-Mail endnotes 19 through 27 (Last modified August 16, 1995) http://www.computerbar.org/netethics/bjones.htm.

[124] Other sources which were not specifically sighted but which the author found useful are:

Susan B. Ross, E-mail: How Attorneys are Changing the Way They Communicate (Last modified July 19, 1996) http://www.collegehill.com/ilp-news/ross-email.html; Arthur L. Smith, E-mail and the Attorney-Client Privilege (Last visited Feb. 26, 1997) http://www.abelaw.com/bamsl/lpm/email.htm; David Beckman and Hirsch, Rules of the Road: Legal Ethics May Be Speed Bumps on the Internet Superhighway, 82-SEP A.B.A. J. 86 (1996).