Approaches to E-mail Security for Law Firms
|
| Approach | Advantages | Disadvantages | Comments | |
| A | "Consult with the client" and do not use unencrypted e-mail for transmitting "highly sensitive information relating to the client's representation" | A "low tech," simple approach. No purchase or training are necessary. | 1. Lawyers or clients may not
take warning seriously, thus leading to harm when communications are
intercepted and used outside the courtroom.
2. Can be difficult to determine what is and what is not "highly sensitive." 3. Disputes could arise as to what the lawyer and the client agreed to. |
This is the minimum safeguard
recommended by ABA Formal Opinion No. 99-413 (March 10, 1999),
"Protecting the Confidentiality of Unencrypted E-Mail," http://www.abanet.org/cpr/fo99-413.html.
The bright line rule established in the ABA opinion may have the unintended effect of making legal problems for lawyers whose messages go astray more likely, not less likely. Every client/plaintiff in such a case can be expected to plead that the message in question was "highly sensitive." |
| B | Same as A, except get written waiver from client. | 1. Again, a low tech
approach.
2. Lessens possibility of misunderstanding between client and lawyer. 3. By stressing the insecurity of e-mail more formally, may reduce the possibility of inappropriate reliance on e-mail by client or lawyer. |
Same disadvantages as 1 and 2 above. | Analysis is similar to that
above, except lawyer is in a slightly better legal position due to
reduced possibility of misunderstanding.
Inserting such a provision into the law firm's standard retainer agreement could be a painless method of gaining the benefits of this approach. If client and lawyer are certain never to exchange anything that could hurt either of them by e-mail, this approach may be best. |
| C | Provide warning and obtain waiver as discussed in previous two blocks, but include all sensitive information as binary files (like WordPefect attachments) instead of plain text. | Easy method of providing limited protection against "data mining" attacks that rely on the ease scanning ordinary plain text e-mail. | 1. The protection from this
method is very limited.
2. The biggest drawback may be that reliance on this method may induce an unjustified overconfidence, thus causing lawyers or clients to use e-mail inappropriately. |
This method absolutely will
not stop a determined snoop that is focusing on a particular
target.
However, by preventing snoops from using the simplest types of automated e-mail analysis software, it can deter some snoops by increasing the labor costs involved in reading e-mail. For example, this approach could make snooping less attractive to some foreign intelligence agencies that engage in corporate espionage on U.S. companies. |
| D | Provide warning and obtain waiver as discussed in first two blocks, but combine this with offer to encrypt e-mail on client request. Specific methods of encryption are explained in a separate chart entitled Encryption Techniques. | 1. Depending on the method of
encryption chosen, and how well it is implemented, this approach offers
a much higher level of security than any of the alternatives
above.
2. Giving sophisticated clients choices is smart marketing. |
Small amount of extra work for law firm. | This approach
combines the best balance of security and day to day ease of
implementation.
Experience has shown that most clients will seldom, if ever, want or need encrypted e-mail, but offering them the option is a way of demonstrating your firm's sensitivity to client confidentiality, and making your firm stand out from other law firms. |
| E | Insist on use of encryption for all e-mail, or certain categories of e-mail as a condition of the representation. | May be necessary if client is unsophisticated and at heavy risk of snooping. | Heavy risk of offending client. | Will rarely be appropriate, but might be the best approach if client is at heavy risk of snooping (like M&A client) and does not appreciate it. |
See related chart Encryption Techniques.
This is the first iteration of this chart. I welcome comments and suggestions, sent to the Webmaster.
Jerry Lawson
This page last revised: January 01, 2002.
| |||||||||