Consider this scenario: a client has retained your domestic law firm to help her plan for a future separation from her spouse. When you meet, the client makes clear that her spouse does not know of the separation plans and she does not want him to find it out. She makes it clear that she does not even want her spouse to know that she is talking with an attorney.
Suppose events arise that now require you to call the client. You place a call to the client’s phone or cell phone but there is no answer. Two days later, your client calls you and she is extremely agitated; it appears that her husband now knows that your client has been speaking with a domestic attorney. Ask yourself, what went wrong? Is there anything that you or your firm did to tip off your prospective adversary? If your name or number shows up when you call from your firm or cell phone you may have given the information to the opposing party that would let him deduce his wife’s relationship with your firm.
When considering what information you may be giving away by not shielding your phone number consider: “Rule 1.6 Confidentiality of Information. (a) A lawyer shall not reveal information acquired during the professional relationship with a client unless the client gives informed consent…(c) A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.”
The above scenario is just one of many where an attorney may inadvertently disclose information in violation of his duty to preserve his client’s information. With this article I will assist you with identifying weaknesses in your mobile security and offer solutions. Malware, Trojan, key-logger and encryption are scary terms; however, these are terms and ideas that are beyond the scope of this article.
These days everyone owns a smart phone and you, as a wise and ethical attorney, probably use the client’s cell phone when you believe that calling the house may cause a problem. With this procedure you only start your precautionary efforts. First, counsel your client to restrict all access to her phone with a password. If she already has a password, have her change the password. Remind the client not to use a password that his or her spouse might guess (no birthdates, dog names, anniversary, address or favorite item). Second, make sure that your client has virus and malware protection on her mobile device. Lastly, have your client send her cell phone bill to a newly established secure email.
In some offices, and in many homes, corded telephones have faded from use. Every cordless phone is subject to interception. Digital phones, frequently referred to as DECT phones, are more difficult to intercept but articles online note that even these phones have been hacked with specialized equipment. Non-digital cordless phones may be intercepted with inexpensive and commonly found equipment. In NC RPC 215 you will find the following language: “…, a lawyer must take steps to minimize the risks that confidential information may be disclosed in a communication via a cellular or cordless telephone. First, the lawyer must use reasonable care to select a mode of communication that, in light of the exigencies of the existing circumstances, will best maintain any confidential information that might be conveyed in the communication. Second, if the lawyer knows or has reason to believe that the communication is over a telecommunication device that is susceptible to interception, the lawyer must advise the other parties to the communication of the risks of interception and the potential for confidentiality to be lost.”
State Bar Associations around the country are all struggling with how lawyers need to deal with the security of digital and analog communications. Several have ruled that sensitive written digital communications needs to be encrypted when sending “sensitive data.” The State Bar of CaliforniaOpinion 2010-179 weighed in on the issue. A digest of this ethics opinion, as it appears in the ABA/BNA Lawyers’ Manual on Professional Conduct states as follows:
Because the protection of confidentiality is an element of competent lawyering, a lawyer should not use any particular mode of technology to store or transmit confidential information before considering how secure it is and whether reasonable precautions such as firewalls, encryption or password-protection could make it more secure. The lawyer should also consider the sensitivity of the information, the urgency of the situation, the possible effect of an inadvertent disclosure or an unauthorized interception, and the client’s instructions and circumstances, e.g., can others access the client’s devices. A lawyer may use a laptop computer at home for client matters and email if the lawyer’s personal wireless system has been configured with appropriate security features. However, if using a public wireless connection—for example in a coffee shop—the lawyer may need to add safeguards such as encryption and firewalls.
RECOMMENDATION: First, in order to protect client privacy consider blocking your name and phone number on all mobile devices, wherever located, used for office business. Second, advise all clients of the vulnerability of cordless telephones and have the client acknowledge the notification. Third, train all office staff on the vulnerabilities inherent in digital and mobile communications. Fourth, when sending emails advise your client to set up a new email with a new password for all legal communications and have your client place new password protection on all smart devices.
About the Author
Daniel T. Coleman
Daniel T. Coleman is an attorney with the law firm of Devay & Coleman, a small general practice law firm in North Raleigh. Practice areas include: family law, real estate and bankruptcy.