Attorneys, please take note: The State Bar of California Proposed Formal Opinion Interim No. 10-0003 (Virtual Law Office) has been adopted as Formal Opinion CAL 2012-184 (link opens 7-page pdf). If you missed it the first go-round, I highly recommend that you familiarize yourselves with this opinion.
I can lead you to the water (but I can't force you to make the Kool-Aid).
OK; all of my chapters for the California State Bar book are submitted, I've returned from my trip to San Francisco for the Section Leadership Conference, and you all know what that means!
[Somebody, please tell me what it means…]
In theory, what I *think* it means is that I'll be able to resume posting relevant content two to three times per week. In practice? Stay tuned…
If you're a follower of the Supreme Court, and you're also someone who is very interested in rulings that affect privacy, and depending on which side you're on, then this week, you are either:
It all depends on the facts. In the Jones case, aka, the "GPS" case, the court decided that a physical intrusion onto private property to attach a GPS tracking device to a vehicle was a search as defined under the 4th Amendment. Note the word, "physical". If only it were that simple…
What about tracking a GPS-enabled device? That issue wasn't addressed, here (except for comments on it in concurring opinions). If one enables GPS to drive to a location, is that a voluntary disclosure? That'll be the next frontier.
In a lower-court decision, a federal judge in Colorado ordered a defendant in a criminal case to decrypt her laptop, stating that she was not afforded 5th Amendment protection against self-incrimination, setting off another round of debate – and an examination of conflicting rulings – that will likely meander its way to the Supreme Court.
The logic is of the kind that only law afficionados may appreciate; defendant doesn't technically have to give up her password because she only has to enter it into the system without divulging it to anyone.
In other words, "Don't give up your password…just give us access to everything the password protects." That, along with the "All Writs Act" of 1789, should afford you some interesting reading on the case.
An interesting week for the Bill of Rights and privacy, indeed…
42. (That's for those of you who picked up on the 'Hitchhiker's Guide to the Galaxy' reference).
I usually don't feel it necessary to refer you to my disclaimer but, because this is a State Bar of California opinion – and I'm Vice-Chair of their Law Practice Management & Technology Section Executive Committee (LPMT) – I want to remind you that:
"This blog site is published by and reflects the personal views of Perry L. Segal, in his individual capacity. Any views expressed herein have not been adopted by the California State Bar's Board of Governors or overall membership, nor are they to be construed as representing the position of the State Bar of California."
The LPMT Executive Committee may publish its own, 'official' comments, to which I may also contribute. That being said…
Technology is an extremely logic-based discipline, in its purest form; or it should be, at least. Indeed, like the practice of law, success or failure is predicated upon compiling and understanding a particular set of facts, then realistically acting upon those facts. Note my emphasis on the word, 'realistically'. If I wish to suspend disbelief and begin with a set of unrealistic criteria, I may be equally able to formulate a reasonable solution, assuming it's possible to locate someone – or something – that fits the original, unrealistic premise.
This is my assessment of Formal Opinion Interim No. 10-0003 (Virtual Law Office). It's actually a very well-crafted opinion, but it's based on a 'Statement of Facts' that, to me, are an unrealistic portrayal of how an attorney practices – or would practice – law.
First, there's no reason for me to re-invent the wheel. For another excellent nuts & bolts assessment of the opinion, please see Stephanie Kimbro's post on her Virtual Law Practice blog. She's an authority on the Virtual Law Office and is also cited as a resource on page one of the opinion itself.
From a pure cloud security standpoint, this is an excellent document and a perfect complement to opinion 2010-179 on wireless networks. In fact, I would recommend that practitioners ignore the hypotheticals for a moment (especially if they're pressed for time) and proceed to the Discussion heading, Section 1 ("Duties"), which is what I'm doing for the purposes of this post.
Section 1 examines confidentiality issues of employing a cloud-based system with a 3rd-party vendor and provides a five-point list of due diligence factors that includes, but isn't necessarily limited to:
It also points out the security environment must be periodically reassessed, which is terrific advice. I usually refer to it as "fire drills". Finally, it points out that none of this may take place without proper disclosure to the client, who may, by the way, have no idea how any of this works.
Section 2 examines competence issues as follows:
This section also re-raises the supervisory issue, but this time it's in terms of the attorney supervising other attorneys and/or non-attorneys.
Ok, so you know what I like, now let's get into what I don't like. The hypothetical describes the VLO as a password-protected and encrypted portal that sits on a 3rd-party cloud. So far, so good. But then, it goes on to say that the attorney plans not to communicate with clients by phone, email or in person, but will limit communication solely to the portal.
Yeah, that covers a lot of us, doesn't it?
I understand that it's possible for attorneys to communicate this way, but is it probable? Does this opinion realistically apply to most attorneys; now and even into the future? I'm not trying to be snarky here, but you can't blame me for being a tech guy. Immediately, my mind wanders to what would likely happen in this scenario. A technology or communication issue arises and the frustrated attorney – or client – resorts to email or a phone call.
And what about secrecy? No, I'm not alluding to some nefarious purpose. There are legitimate reasons why attorney and/or client might not want to document ideas or discussions – electronically or otherwise – in the short-term (what comes to mind is a nervous potential client who has invented a new product, but doesn't want to provide a lot of written detail to attorneys, while soliciting the representation of several of them, for fear that the inventor's intellectual property will be revealed).
The second thing that bothers me is the "Issue" statement that opens the opinion. It states, verbatim:
"May an attorney maintain a virtual law office practice ("VLO") and still comply with her ethical obligations, if the communication with the client, and storage of and access to all information about the client's matter, are all conducted solely through the internet using the secure computer servers of a third-party vendor (i.e., "cloud computing")." [Italics/bold added. It's posed as a question, but in the text, the paragraph ends with a period – not sure if it's a typo that will be corrected in a later version].
What's the danger here? Hello? Facebook is the cloud! Google is the cloud! Email is the cloud! A lot of communication is taking place – right now – through means not anticipated in this opinion. What I'm saying is, if one removes the term, "VLO", from this document, it could just as easily apply to methods attorneys use to communicate with their clients on a daily basis, while at the same time, being completely unaware that many of these products are in the cloud.
It also fails to anticipate one other factor; what will happen the day these measures apply to all cloud-based technology (that day is coming, and in some cases, is already here). As it stands today, if most attorneys attempted to comply with these security measures, law practice as we know it would grind to a halt.
Better start preparing now…
You can be held liable for telling the truth. That’s right. As counter-intuitive as it sounds, it’s (for lack of a better word) true. I mention this because, once again, I’m hearing that someone – a blogger, in this case – was held liable for reporting the truth – and everyone gets into a lather. How can this be? It’s a travesty of justice!
Well, technically, they’re right. The pure definition of defamation includes a false something. But this sometimes clashes with other laws, such as the right to privacy, also referred to as “the right to be let alone”. After all, some truths are private.
We could argue all day about a court’s right/wrong decisions, but taking the above case as an example, they seemed to be looking at the totality of the conduct of the defendant – and the results of that conduct.
Ultimately, as the post’s author explains, this case came down to contract law. They got the defendant on tortious interference. We’ll see what happens on appeal.
Something to think about prior to that next gossip session at the water cooler.
"Better that ten guilty persons escape than that one innocent suffer."
– William Blackstone, 1783
"’tis much more Prudence to acquit two Persons, tho’ actually guilty, than to pass Sentence of Condemnation on one that is virtuous and innocent."
– Voltaire, 1749
Whether you agree with the passages above (or a similarly-stated quote by Benjamin Franklin, circa 1785), one thing is certain; they form the basis of criminal jurisprudence in the United States. At least, they used to…I think that claim would be up for strenuous debate these days.
But that's why I wanted to bring you this particular case for our examination. It doesn't matter what I think; what matters is, familiarize yourself with these issues because there's a high likelihood you'll see them – or something like them – in civil or criminal court. After all, attorney-client privilege is attorney-client privilege – it just so happens the venue in this example is criminal court, and the argument is Constitutionality in theory; the 6th Amendment Right to Counsel.
One thing that distinguishes a criminal complaint from a civil one is, when the government discovers and/or seizes evidence (whether due to reasonable suspicion, probable cause or a formal warrant) in many instances, the target does not enjoy the benefit of attorney representation (hey, it might be torture for you, but I'd say my company is enjoyable…).
Such is the case with defendant. The government seized certain computer records, and among those records were emails from defendant to his wife – which were subsequently forwarded to defendant's attorney. Defendant was convicted, but upon appeal, it was determined that the emails were subject to attorney-client privilege and the prosecutor's review of same was deemed a violation of defendant's 6th Amendment rights.
What am I telling you? First, you won't always have control over what data is turned over to the other side (do I hear "clawback agreements", anyone?) and second, if you find yourself in a situation like this, somebody on your side had better examine each and every shred of data in the possession of your adversary.
Again, this isn't a judgment on the validity/invalidity of overturning a conviction based on a technicality (I'll leave it to followers of the Casey Anthony trial to argue their perception of what's fair or unfair about the current judicial system). We have a job to do, our clients depend on us and we are to zealously represent – and protect – their interests.
File this one under Segal's Ratio: "For your client's sake, where electronic evidence is concerned, endeavor to know what you don't know."
If you're not familiar with Diaz, begin here. In a nutshell, the Supreme Court of California ruled that if arrested, the government may search your cellular device – without a warrant. Now the California legislature is getting in on the act.
State Senator Mark Leno (D-SF) has introduced SB 914 (which has already passed in the senate), seeking to overturn that decision and require the government to do things the old-fashioned way; procure a warrant based on probable cause.
I've previously said that the current ruling has the potential to lead us down a dangerous path. As far as the state of California is concerned, this is a very important piece of 4th Amendment legislation.
Regardless of how this turns out, you already know my advice; set a password for your PDA – and keep it!
Another example of closing the barn door after the horse has escaped…
…with deference to Mark Twain…
Recently-former-Senator John Ensign's (R-NV) affair and alleged attempts to cover it up would normally be fodder for the press – and I'd take little notice of it. However, with the release of the Senate Ethics Committee Panel report, we find this:
"The report also accuses Ensign of deleting documents and files the committee was likely to request. The senator deleted the contents of a personal email account after the investigation was launched, it says." [italics added]
And this:
"The committee's report describes Cynthia Hampton as running up $1,000 in phone bills by texting Ensign while he was traveling in Iraq with a congressional delegation."
I want to distinguish between the first quote and the second. The former is clearly in the realm of relevance (save for an attempted-but-likely-futile privilege argument against access to his personal email account), but the latter is an example of how 'beside-the-point' ESI becomes relevant. The affair may be morally wrong, but texts between the two players are private – or at least they would be, except for the likelihood that access to them might lead to relevant evidence that would tend to prove or disprove a material fact. Examples? Did they conspire to cover up the affair through means that would be deemed improper? Plus, who paid the phone bill?
This is how your personal cell, PDA or email account ends up in the hands of your adversaries. You're not immune.
What do you think the odds are that Sen. Ensign knew, or should have known that destroying evidence after learning of an investigation is at best sanctionable conduct and at worst, a crime?
This is how destruction turns into obstruction. Time to call "Aunt Judy"…or Judge Judy…
A very 'California' kind of breach, but with serious implications. Confidential health records of 12,000 current and former porn stars have apparently been leaked by the site, Pornwikileaks.com.
So, my PDA was working fine this morning…then it wasn't. A total and complete software crash. I traced it down to an offending app, but it completely hosed (thank you, Canada) the O/S. And of course, I'm out of town! So, I located my carrier's nearby retail outlet and headed on over. They couldn't repair it, even with their "push" software. However, due to my predicament (out of town and desperate), they were able to swap me over to a new device. Awesome!
How did I reward them for their excellent customer service? By hounding the poor tech, first by insisting that he had to wipe my prior device clean and second, by insisting that he show me how he was going to do it, then let me watch. The store was full, they were busy and I caught a person or two rolling their eyes at my request, but I persevered.
Quite frankly, the tech understood when I explained that as an attorney, there was confidential client info on the device and our ethics rules compel us to protect it (that, or he thought I was just making it all up so he would delete porn, or something…hey, as long as I get it done, let him imagine whatever he wants!) But take note; I protected client information – as I'm obligated to do – and, I had a recent backup available on my laptop, so I lost virtually nothing. Good for me; good for my clients!
Sadly, this is the eDiscovery equivalent of voyeurism.
e-Voyeurism? Nahhhh…