Category Archives: Scope

Duties, eDiscovery California, Education, eMail, Implementation, Law Practice Management, Privilege, Scope, Security, Strategy, Technology

e-Discovery California: Proposed Formal Opinion Interim No. 10-0003 (VLO) is the Right Answer to the Wrong Question

42.  (That's for those of you who picked up on the 'Hitchhiker's Guide to the Galaxy' reference).

I usually don't feel it necessary to refer you to my disclaimer but, because this is a State Bar of California opinion – and I'm Vice-Chair of their Law Practice Management & Technology Section Executive Committee (LPMT) – I want to remind you that:

MP900442177
"This blog site is published by and reflects the personal views of Perry L. Segal, in his individual capacity.  Any views expressed herein have not been adopted by the California State Bar's Board of Governors or overall membership, nor are they to be construed as representing the position of the State Bar of California."

The LPMT Executive Committee may publish its own, 'official' comments, to which I may also contribute.  That being said…

Technology is an extremely logic-based discipline, in its purest form; or it should be, at least.  Indeed, like the practice of law, success or failure is predicated upon compiling and understanding a particular set of facts, then realistically acting upon those facts.  Note my emphasis on the word, 'realistically'.  If I wish to suspend disbelief and begin with a set of unrealistic criteria, I may be equally able to formulate a reasonable solution, assuming it's possible to locate someone – or something – that fits the original, unrealistic premise.

This is my assessment of Formal Opinion Interim No. 10-0003 (Virtual Law Office).  It's actually a very well-crafted opinion, but it's based on a 'Statement of Facts' that, to me, are an unrealistic portrayal of how an attorney practices – or would practice – law.

First, there's no reason for me to re-invent the wheel.  For another excellent nuts & bolts assessment of the opinion, please see Stephanie Kimbro's post on her Virtual Law Practice blog.  She's an authority on the Virtual Law Office and is also cited as a resource on page one of the opinion itself.

From a pure cloud security standpoint, this is an excellent document and a perfect complement to opinion 2010-179 on wireless networks.  In fact, I would recommend that practitioners ignore the hypotheticals for a moment (especially if they're pressed for time) and proceed to the Discussion heading, Section 1 ("Duties"), which is what I'm doing for the purposes of this post.

Section 1 examines confidentiality issues of employing a cloud-based system with a 3rd-party vendor and provides a five-point list of due diligence factors that includes, but isn't necessarily limited to:

  1. The Credentials of the Vendor
  2. Data Security (Well, that's not very helpful, but it goes on to refer the reader to California, New York and ABA opinions for guidance)
  3. Vendor's Transmission of Client Info in the Cloud Across Jurisdictional Boundaries or Other 3rd-Party Servers (You've heard – or read, I suppose – me pontificate on that one; the "digital roach motel" and "know where your data is")
  4. Attorney's Ability to Supervise the Vendor (As I've reminded you often, you may hire competence, but not delegate this duty)
  5. Terms of Service of Contract with the Vendor (This is huge where the cloud is concerned.  For example, many provider contracts contain language to the effect that, "Once you transfer it to us, it becomes our property.", a major no-no for attorneys)

It also points out the security environment must be periodically reassessed, which is terrific advice.  I usually refer to it as "fire drills".  Finally, it points out that none of this may take place without proper disclosure to the client, who may, by the way, have no idea how any of this works.

Section 2 examines competence issues as follows:

  1. Proper management of attorney's intake system to determine one of the basics; "Who is the client?"
  2. Determining whether attorney may perform the requested services
  3. Determining that the client comprehends the services being performed (This document also refers to comprehension issues due to a language barrier)
  4. Keeping the client reasonably informed
  5. Determining that the client understands technology (When I read #3 above, it immediately triggered the thought that technology is another language both attorney and client must understand…)
  6. Determining when to decline to represent a client via a VLO, and whether representation may continue through traditional means

This section also re-raises the supervisory issue, but this time it's in terms of the attorney supervising other attorneys and/or non-attorneys.

Ok, so you know what I like, now let's get into what I don't like.  The hypothetical describes the VLO as a password-protected and encrypted portal that sits on a 3rd-party cloud.  So far, so good.  But then, it goes on to say that the attorney plans not to communicate with clients by phone, email or in person, but will limit communication solely to the portal.

Yeah, that covers a lot of us, doesn't it? 

I understand that it's possible for attorneys to communicate this way, but is it probable?  Does this opinion realistically apply to most attorneys; now and even into the future?  I'm not trying to be snarky here, but you can't blame me for being a tech guy.  Immediately, my mind wanders to what would likely happen in this scenario.  A technology or communication issue arises and the frustrated attorney – or client – resorts to email or a phone call.

And what about secrecy?  No, I'm not alluding to some nefarious purpose.  There are legitimate reasons why attorney and/or client might not want to document ideas or discussions – electronically or otherwise – in the short-term (what comes to mind is a nervous potential client who has invented a new product, but doesn't want to provide a lot of written detail to attorneys, while soliciting the representation of several of them, for fear that the inventor's intellectual property will be revealed).

The second thing that bothers me is the "Issue" statement that opens the opinion.  It states, verbatim:

"May an attorney maintain a virtual law office practice ("VLO") and still comply with her ethical obligations, if the communication with the client, and storage of and access to all information about the client's matter, are all conducted solely through the internet using the secure computer servers of a third-party vendor (i.e., "cloud computing")."  [Italics/bold added.  It's posed as a question, but in the text, the paragraph ends with a period – not sure if it's a typo that will be corrected in a later version].

What's the danger here?  Hello?  Facebook is the cloud!  Google is the cloud!  Email is the cloud!  A lot of communication is taking place – right now – through means not anticipated in this opinion.  What I'm saying is, if one removes the term, "VLO", from this document, it could just as easily apply to methods attorneys use to communicate with their clients on a daily basis, while at the same time, being completely unaware that many of these products are in the cloud.

It also fails to anticipate one other factor; what will happen the day these measures apply to all cloud-based technology (that day is coming, and in some cases, is already here).  As it stands today, if most attorneys attempted to comply with these security measures, law practice as we know it would grind to a halt.

Better start preparing now…

Education, Implementation, Law Practice Management, Scope, Strategy, Technology

Century City Executive Counsel Exchange – Summary

MP900382650Alec Baldwin’s Twitter rant?  So last year…(that’s why I created a ‘Twit List’).

BP accused of spoliation?  I’ve never heard that, before…

This week, I actually saw an article warning people to be careful what they post on social media, ‘because it might come back to haunt you, someday.’…

Folks, it’s almost 2012!  If any of the above headlines surprise you, you’re either new to this game or you’ve been hiding in a cave (or you haven’t been reading e-Discovery Insights the past three years…).  So, let me tell you about something more substantive – the annual Executive Counsel Exchange that was held this past Monday and Tuesday at the Hyatt in Century City, California.

I’m not aware of any other conference that operates the way this one does it.  It’s a roundtable, free-form discussion over a period of a day-and-a-half.  Two old pros were moderating this year, Robert Brownstone of Fenwick & West LLP and Browning Marean of DLA Piper (if you don’t recognize either of these names, we may have to have the ‘cave’ discussion again).  The moderators cover a series of relevant topics and the attendees are encouraged to participate.  Everything is memorialized and the attendees receive a copy.

Another thing I really appreciate is that, although it’s a sponsored conference, the vendors are highly respectful about not bombarding us with sales pitches during their contributions to the program.

If you want to know what’s happening right now, this is the place to be, because you’re hearing it exactly as it is, from people covering all parts of the spectrum who do this every day (vendors, technology, inside and outside counsel, executive, etc).  Over the next several months, The Exchange (as its called) will be in four more cities across the country.  Unfortunately, I was only able to attend Monday’s session this time, but I encourage you to check it out if you have the opportunity.

Admissibility, Constitution, Criminal Liability, Scope, Security, Technology

License to Pry

GR-RRR!Back to the future.  All-of-a-sudden, the term "1984" has become quite popular in the news, on TV and on a certain blog & Twitter feed you may be reading at the moment.  It started with the U.S. v. Jones case regarding warrantless GPS tracking.

But 'Jones' is child's play compared to what the District of Columbia is doing on a daily basis.  At least in Jones, the issue revolves around the government tracking specific vehicles for specific purposes.  In DC, they track the license plates of all of the vehicles, all of the time.  Not only that, they retain the database, sometimes for years.

I don't know whether to be in awe or appalled!  As a techno-weenie, I can't help but be fascinated by technology that can accomplish this; but that doesn't mean I lose sight of the obvious risks to privacy.  Examples?

The Good:  A crime is committed, a witness jots down a license plate and the authorities are able to input said plate into the database and locate the perpetrator.

The Bad:  A husband calls police to report his wife missing.  They input her license plate into the database, locate her vehicle in front of an apartment building – and discover she's having an affair.

The Ugly:  Talk amongst yourselves…

As has been the case so many times before, this capability may be used for good, evil, or with good intent that becomes inherently evil.

Of course, the same could be said of chocolate cake.  In moderation, it's great; but eat too much and you can make yourself sick.  The question is, who's going to be responsible for making sure we don't overindulge?

Admissibility, Cases of Interest, Constitution, Cost, Criminal Liability, Judges, Law, Scope

…After the Horse has Escaped. #PDA and the #5thAmendment


 

I closed my last post with this line; "Now comes the more difficult argument; explaining how a password is exactly the same as a key…"

In my view, the law is a password.  For example, right or wrong, a police officer may perform a search because he or she believes the law permits it.  A judge is another interface who decides whether to grant or deny access to information.  There's one major difference between a police officer, a judge and a computer, of course.  An officer or judge will make decisions based on several factors, whereas a computer – in proper working order – will decide based on pass/fail.  Nevertheless, like our friend, Maxwell Smart, the law is just another door in a series that parties must pass through.

So, what if we have a person under arrest who has password-protected their PDA and refuses to divulge it to the government?  Do they have 5th Amendment protection?  For starters, here's an excellent, big-picture view of the issue and emerging case law (I linked to this on Twitter a few days ago).

I think I get a bad rap sometimes.  My views may appear to be pro-defense versus pro-government.  However, if you've read my bio, you know that I've worked with the District Attorneys office.  I've also served as criminal defense counsel (this is not an unusual situation, by any means).  For me, the issues are simple.  Individuals on either side of the law have rights and responsibilities and it's important to know what they are (assuming any one of us can keep up with the rapid changes).

Also, the game has changed in another major way.  I understand that a lot of criminals use cellular devices to facilitate their behavior, but a majority of law-abiding citizens do not.  If one such citizen is arrested for, say, disturbing the peace, should the government have a right to search through all of the data on that person's Blackberry?  What if he or she is the Vice President of a major corporation and the device is issued by said corporation – and contains privileged communications?

Do I have the answer?  At the moment, it depends on what jurisdiction I happen to be standing in when you ask me. 

Which do you think is a better scenario from an individual-rights standpoint: 1) Spending time and funds (possibly while defendant is incarcerated) arguing that a search was illegal, or 2) Preventing the search from occurring in the first place?

I tweeted another story that produced this quote from a University criminal law professor:

"We're seeing a whole generation for whom privacy is not important."

I can't say that I agree with that assessment.  In most cases, people still don't grasp the concept that what they post online can be seen by anyone.  They only figure it out when their privacy has already been breached and it's too late to do anything about it.

You know what they say; nobody likes a cop until they need one…

Admissibility, Cases of Interest, Constitution, Criminal Liability, Judges, Law, Scope

Closing the Barn Door… #PDA, #GPS & the #4thAmendment

MP900385971If you’ve been following my Tweets lately (I made it easier to do last week by adding a Twitter module to the sidebar), you know I’ve been spending a lot of time linking you to what I feel are some of the best analyses available on the developing area of how 4th Amendment searches & seizures pertain to new technology.

All eyes are on the Supreme Court again, as they prepare to hear arguments this coming Monday in U.S. v. Jones.  Jones pertains to the use of GPS tracking devices and goes directly to the core issues; 1) What is a reasonable expectation of privacy, and 2) When is a warrant required?  For one such analysis, here’s a link to Erwin Chemerinsky’s view.

We also have the emerging issue with cellphones and PDAs.  This morning, I read a great analogy by Lee Tien, a senior staff attorney at the Electronic Frontier Foundation, who – correctly, in my view – likens PDAs to “…a key to your house. When you have someone’s key, you don’t just have a physical object, you have a way to investigate his life in ways you otherwise wouldn’t have.”  [italics/bold added]

You also need a warrant before you enter.

As an IT representative, I had the most trouble explaining this to laymen.  People who are familiar with technology better understand that the information is everywhere and nowhere.  People with less experience tend to think of information in dimensional terms, or not as the string, but as the cans on either end (what we used to refer to as ‘guzinta/guzouda’).

A good example of this was when I was asked by a representative of the Los Angeles County District Attorney’s Office to examine their pilot program for helping parents protect their kids from predators.  One of the suggestions was to make sure that the family PC was in an open area of the house so that parents would always be able to know what their kids were doing.  They visualized the PC as if it were a telephone, e.g. I call your home number and it rings in your home on one of your physical devices.  They couldn’t grasp that if the child was up to something they didn’t want their parents to know about, they’d likely be doing it at a friend’s house, at school or at the library.  In essence, a person could access their information anywhere, not just on the home PC.

Another example was an instruction to parents to demand that their kids provide them with their email accounts.  Again, under 18 or not, if a child is hiding something, they’ll set up a free email account – and they won’t be telling you about it.

Keep in mind, the above examples are pre-texting and pre-PDA.  Of course, now that we have PDAs, texting, etc., non-tech-savvy-people have a much easier time understanding the transitory nature of information.

Sometimes, though, I envision judges as those same parents.  I guess if I were appearing in front of the Supreme Court, I’d tell them that searching someone’s PDA is akin to searching a 4-drawer file cabinet, but with one thing in common between the two; if the owner locked the cabinet (password-protected the PDA), the government would need a warrant

Now comes the more difficult argument; explaining how a password is exactly the same as a key…

Implementation, International, Law, Miscellaneous, Scope

#ABA Seeking Comments Re: Loosening Restrictions to Cross-Border Practice

MP900443352 The ABA has cited a deadline of November 30th, 2011 for comments on several proposals to make it easier for attorneys to practice across multi-jurisdictional lines.  The proposals may be viewed on the ABA's "Ethics 20/20" Commission web page, however, comments may only be submitted via email.

These proposals should be of particular interest to eDiscovery professionals, especially now that cross-border issues are more prevalent than ever with the explosion of cloud computing and other technological advances.

As a Consultant and Attorney, I'm constantly bending over backward to make sure potential clients understand that I'm licensed in California, while at the same time I'm free to consult anywhere.  The tension arises when an out-of-state project or case begins with a consulting agreement, then is in danger of meandering into law practice.  Clients can't always tell the difference; but I can, and it means having a further conversation to clarify my role.

Heck, the disclaimer on this blawg exists for the same reason!

Any modification to the Rules that would ease this burden would be highly beneficial to eDiscovery professionals.  Of course, in my case, I must still defer to the California Rules, but you gotta start somewhere…

Let your voice be heard.  Send your comments to the ABA by November 30th, 2011.

Admissibility, Cases of Interest, Constitution, Criminal Liability, Judges, Law, Scope

Case Got Your Tongue? I Plead the Fourth!

MP910220941 If things continue like this, we're not going to know what the 4th Amendment stands for, anymore.  In my neck of the woods, a three-judge panel from the 6th District Court of Appeals for California extended the authority that SCOTUS granted in Diaz.  In People v. Nottoli (H035902) [warning: link opens 38-page pdf], the Court summoned the previous 'container' argument and ruled that during an inventory search incident to a lawful arrest, a cellular device (in this case, a Blackberry) found in a glove compartment was fair game for a warrantless search.

What result if Nottoli had password-protected his device?

While California appears to be loosening 4th Amendment protections further, other jurisdictions are tightening them.  In United States v. Musgrove, 2011 WL 4356521 (E.D.Wis. 2011) (Joseph, M.J.), the mere movement of a mouse/touching of a keyboard was enough to trigger an illegal search ruling.  How?  Defendant's PC's screen-saver was enabled.  Nothing was visible to officers who responded to D's home to investigate the possibility of criminal behavior.  By either touching the mouse or keyboard, an officer brought the device out of screen-saver mode, revealing a Facebook wall containing incriminating evidence, resulting in D's arrest.

Citing the 'Plain View' exception, the Court reasoned that, had the Facebook wall been visible, no violation would have occurred.  However, once the officer manipulated the mouse or keyboard to reveal the page, this constituted an illegal search.

What result if Musgrove had password-protected his device?

The dichotomy between these two cases is that the former was a search incident to a lawful arrest and the latter was a search resulting in a lawful arrest (according to facts, I'm giving the officers the benefit of the doubt because only the search was ruled unlawful, not the arrest – yet).

Why does this interest me?  Anyone who has used a Blackberry knows that, under normal circumstances, the device goes into sleep mode and one must manipulate a key, the trackball or the trackpad to bring it out of that mode.

I suspect that plenty more fact-specific arguments are on the horizon…

Cases of Interest, Cost, Criminal Liability, International, Management, Media, Sanctions, Scope, Technology

Cascades: Good for Mountains, Bad for News Orgs

MP900438949 First things first.  My beloved Cubs rewarded my visit with a 13-3 loss to the Marlins, marking this as the most lopsided score over the 15+ years I’ve been making this journey.  Now, firmly ensconced in San Francisco – and with my state bar duties dispensed with for the week – we can return to more pressing matters…

How many of the execs swallowed up in the News of the World Scandal thought they’d ever be arrested in their lifetimes?  None.  In fact, a high percentage of the general public would agree with them.  But people-who-you-normally-wouldn’t-expect-to-be-arrested are arrested.  And some of them eventually go to jail.

While you watch the slow and painful erosion of the Murdoch empire – and the collateral damage causally connected to it – I hope you consider one ingredient to add to your schadenfreude; you’re watching a large-scale version of how your criminal or civil matter will unfold if you don’t deal with it when it’s manageable.

Of course, yours won’t likely be this big or this public – or this expensive – but this is how it’ll start; a molehill that, over time, grows into a mountain.  Or, in this case, a mountain range.  eDiscovery rules & regulations, litigation readiness programs and early case assessment are all designed to staunch the bleeding and, if instituted early enough, prevent the wound altogether.

You have to be willing to take the pain.  Like they always say, the first cut is the deepest.

Admissibility, Cases of Interest, Constitution, Criminal Liability, eMail, Law, Privilege, Sanctions, Scope, Technology

The 6th Amendment, the Blackstone Ratio & #eDiscovery

GOOBF Card

"Better that ten guilty persons escape than that one innocent suffer."

– William Blackstone, 1783

"’tis much more Prudence to acquit two Persons, tho’ actually guilty, than to pass Sentence of Condemnation on one that is virtuous and innocent."

– Voltaire, 1749

Whether you agree with the passages above (or a similarly-stated quote by Benjamin Franklin, circa 1785), one thing is certain; they form the basis of criminal jurisprudence in the United States.  At least, they used to…I think that claim would be up for strenuous debate these days.

But that's why I wanted to bring you this particular case for our examination.  It doesn't matter what I think; what matters is, familiarize yourself with these issues because there's a high likelihood you'll see them – or something like them – in civil or criminal court.  After all, attorney-client privilege is attorney-client privilege – it just so happens the venue in this example is criminal court, and the argument is Constitutionality in theory; the 6th Amendment Right to Counsel.

One thing that distinguishes a criminal complaint from a civil one is, when the government discovers and/or seizes evidence (whether due to reasonable suspicion, probable cause or a formal warrant) in many instances, the target does not enjoy the benefit of attorney representation (hey, it might be torture for you, but I'd say my company is enjoyable…).

Such is the case with defendant.  The government seized certain computer records, and among those records were emails from defendant to his wife – which were subsequently forwarded to defendant's attorney.  Defendant was convicted, but upon appeal, it was determined that the emails were subject to attorney-client privilege and the prosecutor's review of same was deemed a violation of defendant's 6th Amendment rights.

What am I telling you?  First, you won't always have control over what data is turned over to the other side (do I hear "clawback agreements", anyone?) and second, if you find yourself in a situation like this, somebody on your side had better examine each and every shred of data in the possession of your adversary.

Again, this isn't a judgment on the validity/invalidity of overturning a conviction based on a technicality (I'll leave it to followers of the Casey Anthony trial to argue their perception of what's fair or unfair about the current judicial system).  We have a job to do, our clients depend on us and we are to zealously represent – and protect – their interests.

File this one under Segal's Ratio: "For your client's sake, where electronic evidence is concerned, endeavor to know what you don't know."