Can – and should – lawyers share confidential information via email?
By Nicole Black, Lawyer and Legal Technology Expert
In early 2016, there were reports of a new hacker scheme targeting lawyers’ confidential client emails. This new type of fraud occurs when hackers intercept emails between real estate attorneys and their clients and then use the information obtained from the emails to steal closing funds. Once the hackers intercept an email, the fraudulent plot is underway and the hackers use the stolen information to mimic the real email addresses of buyers, sellers, counsel, and real estate companies and then direct those involved in real estate closings to transmit funds to bank accounts controlled by the hackers.
In other words, the hackers take advantage of the fact that email is inherently unsecure and unencrypted. Because emails are akin to sending postcards written in pencil through the post office, it’s incredibly easy for those who have the know how – such as the hackers described above – to intercept emails and read them.
Since lawyers often share confidential information with their clients via email, this particular hacking scheme is particularly disturbing. As it stands, communicating with clients using email remains ethical, since email communication received the green light from most bar associations in the late 1990s. This was because email was becoming a widely used business tool and more secure methods of communication were unavailable at the time.
Emailing Confidential Information
Times have changed. There are more secure alternatives for client communication than email – something bar associations have recently begun to acknowledge. In fact, some have issued opinions requiring lawyers to balance the sensitivity of the information being discussed with the security offered by the specific technology being used. (See, for example, ABA Formal Opinion 11-459  and Texas Ethics Opinion 648.)
Issued in April 2015, the Texas Opinion considers whether lawyers can share confidential information via email. The Committee concluded that “considering the present state of technology and email usage, a lawyer may generally communicate confidential information by email. Some circumstances may, however, cause a lawyer to have a duty to advise a client regarding risks incident to the sending or receiving of emails arising from those circumstances and to consider whether it is prudent to use encrypted email or another form of communication.”
The Committee listed six different situations where lawyers might consider a more secure communication method than email, including sending an email:
1) that communicates highly sensitive or confidential information via unencrypted email connections;
2) to or from an account that the email sender or recipient shares with others;
3) to a client when it is possible that a third person (such as a spouse in a divorce case) knows the password to the email account, or to an individual client at that client’s work email account, especially if the email relates to a client’s employment dispute with his employer;
4) from a public or a borrowed computer or where the lawyer knows that the emails may be read on a public or borrowed computer or on an unsecure network;
5) if the lawyer knows that the recipient may access it on devices that are potentially accessible to third persons or are not protected by a password;
6) if the lawyer is concerned that the NSA or other law enforcement agency may read the email, with or without a warrant.
For many lawyers, most email communications sent to clients will fall under one of the above categories. That’s why, whether it’s due to ethical issues or the rising threat of hackers, unencrypted email is becoming an increasingly undesirable option for client communications. The good news is that there are better, more secure methods available for discussing confidential matters with clients.
Safer Alternatives to Email
Web-based client portals are one of the most popular alternatives to email because they allow lawyers to securely share case-related information with their clients, all in one convenient location. This replaces the cumbersome back-and-forth process of unsecure, threaded emails with the ability to securely communicate in an encrypted, controlled online environment.
That’s why, according to the 2015 ABA Legal Technology Survey Report, the number of lawyers communicating and collaborating with clients online increased every year from 9% in 2011 to 33% in 2014.
While no technology is 100% secure, online communication portals are increasing in use because they provide lawyers with a more secure way to communicate than unencrypted email.
Nicole Black is a Rochester, New York attorney and the Legal Technology Evangelist at MyCase, a law practice management software company. She is the author of Cloud Computing for Lawyers (2012) and co-author of Social Media for Lawyers: The Next Frontier (2010), both published by the American Bar Association. www.MyCase.com
More from Family Lawyer Magazine