Newspaper Articles

This collection of articles was published in the Detroit Legal News from 1995-1997. All were written in the infancy of the modern Internet, before the landscape surrounding Internet legal and business issues began to develop. Access to the Internet largely consisted of dial-up connections on a 14.4 kbs modem or slower. Both the technology and state of the law have evolved considerably since these were first published.

Encryption Important for Attorney-Client Privilege

Originally published February 7, 1996

As e-mail and on-line communications become more prevalent in the practice of law, attorneys should be cognizant of the professional obligations surrounding their use of those technical innovations. Two issues that merit careful consideration are ethical duties of confidentiality and the doctrine of attorney/client privilege.

Under both the Model Code of Professional Conduct and the Model Rules of Professional Conduct, attorneys have a duty to protect and maintain client confidences.

The doctrine of attorney/client privilege - the oldest, confidentiality privilege recognized at common law - prevents admission of certain client communications into evidence at trial. For the privilege to be available, the communication must be made outside of the presence of strangers.

Courts consistently have found that traditional mail and standard telephone communications between clients and counsel are confidential and potentially subject to privilege.

On the other hand, while there is not clear consensus, it widely is believed that unencrypted cellular phone messages are not confidential.

The jury is still out on online and Internet-based communications. Technically, online communications are something of a hybrid between telephone and unencrypted cell phone communications.

Cellular telephone transmissions are broadcast via multidirectional radio waves. Widely available consumer scanners can intercept cellular phone transmissions. As such, it is questionable whether there is a reasonable expectation of privacy in cellular communications.

Standard telephone communications involve wire cable, fiber optics and microwave (tight directional signal) transmissions in a limited party environment. There is no question that most telephone communications are considered private. Laws regarding wiretap prohibitions have been on the books for years.

Direct party-to-party modem links are similar to telephone communications, particularly when accompanied by reasonable internal controls and security precautions. Electronic Data Interchange on a direct basis is a common commercial practice. While not always a reality, user confidentiality is certainly an expectation.

Internet-based communications utilize hardware similar to telephones. However, unlike telephones, the communications are transmitted via a widespread international network of computers. Capturing an unencrypted email message is likely easier than placing a wire tap on a phone but considerably more difficult than purchasing a scanning receiver.

There are several identifiable areas where on-line or Internet security can be compromised. For example, system administrators generally have access to e-mail and files to facilitate transmission, detect and prevent unauthorized access, and in some cases monitor content. There
is the potential for miscreant administrators to casually or deliberately view messages.
" Crackers" are criminal users with at least above average technical capabilities who break into computers to view, copy or delete files. The activity is a felony under the Electronic Communications Privacy Act. As the technology improves and the number of users of on-line services expand, the relative percentage of crackers dramatically will diminish.

On-line transmissions can be captured en route. "Sniffing" software (again highly illegal) can intercept and copy information transmitted over the network intended for or coming from a particular recipient.

Finally, lack of password security or more basic internal security measures can lead to the compromising of messages, even if the sender and recipient intend (and expect) the transmission to be confidential. For example, the practice of "spoofing" involves data transmission by an imposter, such as when a fabricated message is sent from a particular user's computer. Spoofing can be accomplished using sophisticated software.

A casual observer might conclude that using Internet e-mail to communicate with clients on anything but the most trivial issues is fraught with potential pitfalls. However, recent developments in encryption and scrambling technology make illegal interception increasingly difficult.

For example, many widely available web browsers and e-mail programs are incorporating Paul Zimmerman's PGP (pretty good privacy). To give you an idea of PGP's effectiveness, the government only recently dismissed charges against Zimmerman for unlawful exportation of encryption technology.

Developments in encryption technology are moving at such a rapid pace that the security of the Internet and on-line services should become inexpensive, user-friendly and effective. As encryption technology becomes more common, the confidentiality of on-line communications incorporating encryption should be respected.

On the other hand, failure to use encryption technology might constitute a violation of confidentiality obligations and be grounds for waiver of the attorney-client privilege.

As encryption technology progresses, unintentional or misdirected faxes (or e-mail) will pose greater security and confidentiality risks than document transmission via direct modem link up or the Internet.

For the time being, if you are not using encryption, avoid using the Internet to transmit sensitive documents. While the risks of interception may be somewhat remote given the large volume of network traffic, the consequences of interception of a sensitive message can be devastating.

Also, be sure to advise clients of the risks of transmission of unencrypted documents in their business and legal dealings, particularly if they desire to capitalize on the potential cost savings associated with the Internet.