(Approved March 9, 2000)
Issue: What are the ethical obligations of a lawyer to protect client confidentiality in the use of Internet e-mail communications?
Opinion: A lawyer may, in ordinary circumstances, use unencrypted Internet e-mail to transmit client confidential information without violating the Utah Rules of Professional Conduct.
Analysis: Utah Rules of Professional Conduct 1.6 imposes a duty on the lawyer to protect confidential information against unauthorized use or disclosure.1 Opinions that have addressed this issue in the area of electronic communication have characterized the obligation of the lawyer to use a means of communication that has a “reasonable expectation” that the information will remain confidential.2
With respect to land-line telephone, fax machine and ordinary mail, a reasonable expectation of privacy has been deemed to exist, and a lawyer can use these means of communication to transmit confidential client information. It is recognized that a reasonable expectation of privacy does not mean certainty of privacy. Land-line telephone conversations can be intercepted, and the means to prevent interception are available through scrambling technology. Faxes can also be encrypted, and mail can be hand-delivered. This level of security, however, is not normally required, although circumstances can arise that require increased security in client communications by a lawyer.
State bar associations that have considered this issue have concluded, with few exceptions, that a reasonable expectation of privacy exists in the use of Internet e-mail and a lawyer may use this form of communication to transmit confidential client information.3
The American Bar Association has also concluded in a recent formal opinion that the use of Internet e-mail does not violate any Rule of Professional Conduct. In Formal Opinion No. 99-413, the ABA concluded that: “A lawyer sending confidential client information by unencrypted e-mail does not violate Model Rule 1.6(a) in choosing that mode to communicate. This is principally because there is a reasonable expectation of privacy in its use.”
Analyzing the characteristics of e-mail, ABA Opinion 99-413 concludes that e-mail is virtually indistinguishable from the process of sending a fax. The opinion states that there is a reasonable expectation of privacy, in part, because of the difficulty of intercepting direct e-mail, the current huge volume of e-mail traffic, and the fact that interception of e-mail is a criminal act.4
There is little evidence that unencrypted e-mails pose any greater risk of unauthorized disclosure than other forms of communication commonly used, such as telephone and facsimile.5The fact that Internet service provider (ISP) administrators or hackers are capable of intercepting e-mail (in violation of federal law) does not render the expectation of privacy unreasonable, any more than the risk of an illegal telephone tap removes the reasonable expectation of privacy in a land-line telephone call.6
Where the client information is particularly sensitive or the lawyer has reason to believe that the risk of interception of the communication is higher, he may want to use a means of communication with higher security. The lawyer should abide by any policy of the client regarding the use of e-mail (or any other means of communication) for its confidential information. A lawyer may wish to advise a client at the time he is retained that the lawyer intends to use unencrypted e-mail as one of the methods of communication with the client.
1.Rule 1.6(a) provides: “A lawyer shall not reveal information relating to representation of a client except as stated in paragraph (b), unless the client consents after consultation.”
2.ABA Comm. on Ethics and Professional Responsibility, Formal Op. 99-413; S.C. Bar Ethics Advisory Comm. Op. 97-08, www.scbar.org; Ill. State Bar Ass’n Op. 96-10, www.illinoisbar.org; N.Y. State Bar Ass’n Comm. on Prof. Ethics Op. 709 (1998) www.nysba.org/opinions.
3.See cases at n.2, supra. Contra, Penn. Bar Ass’n Comm. on Legal Ethics Op. 97-130 (absent the client’s consent after consultation, lawyer should not use unencrypted e-mail to communicate information concerning the representation where interception would be damaging to the client); Iowa Bar Ass’n Op. 1997-1; State Bar of Ariz. Advisory Op. 97-04, www.azbar.org.
4.Electronics Communications Privacy Act, 18 U.S.C. §§ 2510 et seq. (1994).
5.N.Y. State Bar Ass’n Op. 709; Ill. State Bar Ass’n Op. 96-10.
6.ABA Op. 99-413; Alaska Bar Ass’n Op. 98-2; D.C. Bar Op. 281 (1998), www.dcbar.org; Ky. Bar Ass’n Ethics Comm. Advisory Op. E-403 (1998), www.uky.edu; N.Y. State Bar Ass’n Op. 709 (1998).