Tag Archives: Facebook

EDISCOVERY CALIFORNIA: FORMAL OPINION NO. 2016-196 – ATTORNEY BLOGGING

Disclaimer:  This is a State Bar of California Opinion, and I’m Vice-Chair of the Council of California State Bar Sections (CSBS).  I want to remind you, “This blog site is published by and reflects the personal views of Perry L. Segal, in his individual capacity.  Any views expressed herein have not been adopted by the State Bar of California’s Board of Trustees or overall membership, nor are they to be construed as representing the position of the State Bar of California.”

To put it simply, the premise of CAL 2016-196 is to address when:  1) A blog post becomes a “communication”, as defined under the RPC and the State Bar Act, and 2) If it is deemed a communication, is it “attorney advertising”?

First of all, what constitutes a blog (or, as I prefer to call legal blogs, a “blawg”)?  Hmmm.  Well, if you call it a blawg, that’s probably a big hint that it’ll be legal in nature, but that’s not really what I’m getting at here.  Are your scribbles on Facebook, Twitter and Instagram “blogging”, for the purposes of this opinion?

You bet (if those scribbles are legal in nature and/or purport to advertise your services).  You may not be aware of it, but products like Twitter are referred to as “micro-blogs”.

I think the continuing problem with a lot of these opinions is that they cause people to lose their minds worrying about them as if they’re something new.  The reality is, technically, a blog post is no different than if it were an article in a magazine that had a little blurb at the end that includes your contact information.  You’ll be subject to regulation for attorney advertising (California’s Rule of Professional Conduct, rule 1-400 – Advertising & Solicitation).

The real differences?

  • Someone has to subscribe to the magazine, receive it for free or pick it up in the dentist’s office office or a friend’s home.  However, if your blog is public, you need to understand, that means public; available to anyone, anywhere in the world at any time who has access to the internet.
  • The jurisdiction in which someone reads it may not authorize attorney blogging.

I bet many of you see where I’m going with the second point.  Could this trigger an accusation of improper advertising?  What about an in-depth article including opinion on a particular law?  Could that be unauthorized practice of law?

Yes and yes.  So what do you do?  For starters, click on the link above and read the opinion.  It’s only eight pages, and you’ll quickly see that a lot of it triggers opinions you’ve seen before, such as CAL 2012-186.  Two, disclaim, Disclaim, DISCLAIM.  Many a problem is eliminated if you simply inform your readers of your audience.

Of course, you can’t do that on Twitter.  So you might link to your disclaimer, or state briefly, “All opinions are my own.”

Oh, and there’s this last bugaboo:  You must be able to reproduce each and every post you’ve made for the past two years (while you’re gasping, keep in mind, it’s three years in New York).

Did Netflix CEO Violate Regulation “FB”?

MP900422415If you've already seen the headlines, you know that Reed Hastings, CEO of Netflix, has received a Wells Notice from the SEC.  They're considering taking action on a violation of Regulation FD due to an alleged 'material' disclosure on Facebook that Hastings posted to his 200,000+ subscribers back in July 2012.

The gist of the issue?  The SEC claims that those subscribers received an unfair advantage because they had access to the information in advance of the general public; and presumably traded based on that information.  Naturally, Hastings' view is contra.

Is it a violation?  I dunno.  We're going to see more of these issues arise as social media continues to wend its way into the corporate mainstream.

Calbar’s LPMT Section is Now on Twitter & Facebook @calbarlpmt

LPMT SealThis is a bit of a coup for us, folks.  Only a select few of the State Bar of California’s Executive Committees have been awarded proprietary social media accounts, and LPMT is fortunate to be one of them.  So, if you’d like access to another source of up-to-date news and information about Law Practice Management and Technology – directly from your representatives at the California Bar – please ‘like’ us on Facebook and/or ‘follow’ us on Twitter.

You don’t need to be a member of LPMT – or even a member of the Bar!  All are welcome, so we encourage you to join us and take a peek at our offerings as we’re adding new benefits all of the time.

Clowns to the Left of Me, Jokers to the Right…and Girls Around Me

MP900442709

Well I don't know why I came here tonight,
I got the feeling that something ain't right…

Stealers Wheel

At many of my presentations, I say, "Finally, I'm able to exploit my cynicism and paranoia as an excellent career choice!"  I did one such presentation at LACBA Tax Night a couple of weeks back with my LPMT colleague, Gideon Grunfeld.  We have some fun with the subject matter by playing the attorney version of good cop/bad cop.  I terrify the attendees just a bit, then Gideon illustrates why they shouldn't go overboard with worry.

He's right, of course.  There's just one problem.  So am I.  I'm proud of my paranoia; it's what my clients expect of me.  Heck; someone has to play Chicken Little and accurately assess the risk.  After all, sometimes, the sky really is falling!  What's the most important determining factor?  Context.  A product or service can be of benefit and detriment at the same time.

Gideon used the example of accidentally locking his keys in his car.  He didn't have the availability of one of those, call-us-and-we-unlock-the-door-remotely services, so he had to have someone respond.  When he was ready to provide the location, he was told, "That's ok, you left your cell phone on in the vehicle and we know exactly where your car is."  File that under, benefit.

Take a look at this article on the short-lived app, Girls Around Me.  I bet several of you who thought I was over the top when I advised major caution in revealing your constant whereabouts on Twitter, Foursquare and/or Facebook, might think differently now.  File that under, detriment.

As to what to worry about – and how much – that's up to you; as individuals, technologists, and especially, attorneys.

Three Things Matter in #Cyberspace: Location, Location, Location!

(The video feed that accompanies this post isn't resolving properly on some systems. Here's a direct link if you'd like to launch it, manually)

This seemed like an appropriate subject to cover today, in light of Google's new privacy policies kicking-in in a few hours…

First off, I've never really understood the obsession some people have with disclosing trivial details about themselves. Of course, that opens a can of worms, doesn't it? One person's trivia is another person's 'absolutely-positively-need-to-know-this-very-minute!' piece of information, after all. Who am I to judge? Disclose what you want on Facebook. Leave GPS enabled 24-hours a day. Knock yourself out!

But…have you thought about who else is watching…and why? Twitter has inked a deal to sell two-years' history of your tweets; location included. What's so important about location, anyway?

Even I can see some value in disclosing your location, under certain circumstances. For example:

LIST A

  1. A minor who goes missing,
  2. The family pet runs away,
  3. A vehicle veers off the road and crashes into a tree in an isolated area, and the driver's unconscious or is trapped and can't reach their phone,
  4. A bunch of friends plan to get together and, rather than having to contact each other, they simply home in on the organizer's location.

I could go on, of course. And obviously, some of these items are critical, while others are simply convenient. The problem is, all kinds of other people have an interest in knowing your patterns:

LIST B

  1. Advertisers, so they can tailor-make their ads to bring you goods and services in your vicinity,
  2. Insurance providers,
  3. Law enforcement,
  4. The burgler who's waiting to break into your home,
  5. Your boss,
  6. That pesky process-server,
  7. Your significant other(s),
  8. Your stalker.

Lately, in my market, Flo from Progressive Insurance has been touting their Snapshot Discount (by the way, am I the only one who is – in California vernacular – totally freaked out by Flo?) It's a device you plug into your vehicle, and it monitors your driving habits, such as how hard you brake.

Of course, it also monitored how hard the driver from List A was braking just before s/he crashed into that tree. And now we have several people from List B who are interested; the insurance carrier (noted), law enforcement (obviously), the boss (if it's a company car), a significant other (because you were supposed to be on your way to the corner store, but you were 15 miles from home) and of course, that pesky process-server (when the tree sues a few months later).

This is an over-the-top example to make a point. I'm not picking on Progressive. I could just as easily cite Onstar, et al. Besides, many newer vehicles already monitor the driver's habits through their own black boxes.

You think you're giving out information for one purpose; but others are taking it for a completely different purpose. You can either act accordingly, or go with the Flo…

Why #Smartphones & #Tablets Don’t Come with Seat Belts & Airbags

MP900308899This weekend, I was mulling over the question of how responsible we are – individually – for our online privacy.  That's not an easy question to answer on a global basis.  Coincidentally, I came across a couple of recent articles on the subject.  What makes them interesting – and perhaps a bit distinctive – is that each addresses how much fault should be apportioned to the end-user.

Information Week comes right out and says so in their article, "Google's Privacy Invasion: It's Your Fault".  The New York Times Bits Blog is more subtle in their take, "Disruptions: And the Privacy Gaps Just Keep On Coming."  At least they spread the blame around, somewhat.

I waded into the issue myself about three weeks ago with my, "Beware the Ides of Google" post, when I pointed out that these companies give us all this free stuff for a reason.

However, they don't exactly fall all over themselves to clearly explain to the general public why they give us all this free stuff, either.  I bet if I asked the average person, "How does Google (or Yahoo, or Facebook, or…) make money?", they wouldn't be able to articulate it very well (save for possibly being able to say that they make their money through 'advertising', whatever that means to them).  The better question to ponder is, how these companies use your information to make money.

Everyone's screaming for 'the government' to regulate these matters; and 'the government' has responded with clunky, well-meaning and/or self-serving attempts like SOPA.  No doubt, to a certain extent, the end-user is responsible for their own security, but I really like the way the NYT article attempts to equate the issue to how government, safety advocates (Ralph Nader, anyone?) and the general public drove (pun intended) the automobile industry toward seat belts, air bags and center tail lights.

I don't agree with it, but I really like it.

In my opinion, the reason this type of equivalency doesn't work is that the general public understood seat belts, air bags and tail lights.  They could easily envision a head-on collision (in fact, they didn't have to envision it, since car crashes are reported in gory detail nightly on the evening news).  On the other hand, they don't have a clue to life how their information is lifted from their devices and deposited in the hands of others; nor how, in a technical sense, to stop it.

In other words, the general public wants security protection, but they don't really know how to ask for it.  Even if they install software or hardware that tells them they're more secure, they have no idea how to confirm that it's true (and many times, it's not, either because the stuff just doesn't work, or through lack of understanding, they either fail to complete the set-up process or complete it incorrectly).  Ask me how many times I see unsecured wireless routers in range that are named LinkSys or Belkin.  The purchaser plugged the thing in and went on their merry way, oblivious to the fact that it must be configured.  But, they sleep better at night because they think they're secure.

To one extreme, the opinion is that the responsibility falls squarely on the end-user.  To the other, the opinion is that Google, Facebook, et al, are techno-heroin.  They hook the public, then when everyone's an addict, they siphon off private information.  When the public inevitably complains, they retort, "You don't like it?  Stop taking heroin!"

Maybe the solution is A.A. for the Internet…

#Security Questions that AREN’T SECURE, DAMMIT!!!

MP900438619

/Rant ON

Note to the people who create security questions for our online accounts; the whole point of providing this service is to let us select questions that nobody else knowsor may easily discover!!!  With this in mind, please refrain from creating questions that require as answers:

My mother’s/father’s middle names
My mother’s maiden name
Any of my grandparents’ names
The names of any of my pets
My siblings’ first names
My siblings’ middle names
The cities in which any of my family members were born
The schools I attended
My favorite sports team(s)
My favorite sports team(s) as a child
My best friend, growing up
My favorite…anything!

You’re a bank, for Pete’s sake, and you can’t figure out that most of this information may be gleaned from a simple Google search, a Twitter, Facebook, LinkedIn or other social media posting (for those of you who over-share), friends & family members and/or public records!?!?!?

Right, then. Please handle by c.o.b., Friday. Thanks for your anticipated cooperation.

/Rant OFF

e-Discovery California: Proposed Formal Opinion Interim No. 10-0003 (VLO) is the Right Answer to the Wrong Question

42.  (That's for those of you who picked up on the 'Hitchhiker's Guide to the Galaxy' reference).

I usually don't feel it necessary to refer you to my disclaimer but, because this is a State Bar of California opinion – and I'm Vice-Chair of their Law Practice Management & Technology Section Executive Committee (LPMT) – I want to remind you that:

MP900442177
"This blog site is published by and reflects the personal views of Perry L. Segal, in his individual capacity.  Any views expressed herein have not been adopted by the California State Bar's Board of Governors or overall membership, nor are they to be construed as representing the position of the State Bar of California."

The LPMT Executive Committee may publish its own, 'official' comments, to which I may also contribute.  That being said…

Technology is an extremely logic-based discipline, in its purest form; or it should be, at least.  Indeed, like the practice of law, success or failure is predicated upon compiling and understanding a particular set of facts, then realistically acting upon those facts.  Note my emphasis on the word, 'realistically'.  If I wish to suspend disbelief and begin with a set of unrealistic criteria, I may be equally able to formulate a reasonable solution, assuming it's possible to locate someone – or something – that fits the original, unrealistic premise.

This is my assessment of Formal Opinion Interim No. 10-0003 (Virtual Law Office).  It's actually a very well-crafted opinion, but it's based on a 'Statement of Facts' that, to me, are an unrealistic portrayal of how an attorney practices – or would practice – law.

First, there's no reason for me to re-invent the wheel.  For another excellent nuts & bolts assessment of the opinion, please see Stephanie Kimbro's post on her Virtual Law Practice blog.  She's an authority on the Virtual Law Office and is also cited as a resource on page one of the opinion itself.

From a pure cloud security standpoint, this is an excellent document and a perfect complement to opinion 2010-179 on wireless networks.  In fact, I would recommend that practitioners ignore the hypotheticals for a moment (especially if they're pressed for time) and proceed to the Discussion heading, Section 1 ("Duties"), which is what I'm doing for the purposes of this post.

Section 1 examines confidentiality issues of employing a cloud-based system with a 3rd-party vendor and provides a five-point list of due diligence factors that includes, but isn't necessarily limited to:

  1. The Credentials of the Vendor
  2. Data Security (Well, that's not very helpful, but it goes on to refer the reader to California, New York and ABA opinions for guidance)
  3. Vendor's Transmission of Client Info in the Cloud Across Jurisdictional Boundaries or Other 3rd-Party Servers (You've heard – or read, I suppose – me pontificate on that one; the "digital roach motel" and "know where your data is")
  4. Attorney's Ability to Supervise the Vendor (As I've reminded you often, you may hire competence, but not delegate this duty)
  5. Terms of Service of Contract with the Vendor (This is huge where the cloud is concerned.  For example, many provider contracts contain language to the effect that, "Once you transfer it to us, it becomes our property.", a major no-no for attorneys)

It also points out the security environment must be periodically reassessed, which is terrific advice.  I usually refer to it as "fire drills".  Finally, it points out that none of this may take place without proper disclosure to the client, who may, by the way, have no idea how any of this works.

Section 2 examines competence issues as follows:

  1. Proper management of attorney's intake system to determine one of the basics; "Who is the client?"
  2. Determining whether attorney may perform the requested services
  3. Determining that the client comprehends the services being performed (This document also refers to comprehension issues due to a language barrier)
  4. Keeping the client reasonably informed
  5. Determining that the client understands technology (When I read #3 above, it immediately triggered the thought that technology is another language both attorney and client must understand…)
  6. Determining when to decline to represent a client via a VLO, and whether representation may continue through traditional means

This section also re-raises the supervisory issue, but this time it's in terms of the attorney supervising other attorneys and/or non-attorneys.

Ok, so you know what I like, now let's get into what I don't like.  The hypothetical describes the VLO as a password-protected and encrypted portal that sits on a 3rd-party cloud.  So far, so good.  But then, it goes on to say that the attorney plans not to communicate with clients by phone, email or in person, but will limit communication solely to the portal.

Yeah, that covers a lot of us, doesn't it? 

I understand that it's possible for attorneys to communicate this way, but is it probable?  Does this opinion realistically apply to most attorneys; now and even into the future?  I'm not trying to be snarky here, but you can't blame me for being a tech guy.  Immediately, my mind wanders to what would likely happen in this scenario.  A technology or communication issue arises and the frustrated attorney – or client – resorts to email or a phone call.

And what about secrecy?  No, I'm not alluding to some nefarious purpose.  There are legitimate reasons why attorney and/or client might not want to document ideas or discussions – electronically or otherwise – in the short-term (what comes to mind is a nervous potential client who has invented a new product, but doesn't want to provide a lot of written detail to attorneys, while soliciting the representation of several of them, for fear that the inventor's intellectual property will be revealed).

The second thing that bothers me is the "Issue" statement that opens the opinion.  It states, verbatim:

"May an attorney maintain a virtual law office practice ("VLO") and still comply with her ethical obligations, if the communication with the client, and storage of and access to all information about the client's matter, are all conducted solely through the internet using the secure computer servers of a third-party vendor (i.e., "cloud computing")."  [Italics/bold added.  It's posed as a question, but in the text, the paragraph ends with a period – not sure if it's a typo that will be corrected in a later version].

What's the danger here?  Hello?  Facebook is the cloud!  Google is the cloud!  Email is the cloud!  A lot of communication is taking place – right now – through means not anticipated in this opinion.  What I'm saying is, if one removes the term, "VLO", from this document, it could just as easily apply to methods attorneys use to communicate with their clients on a daily basis, while at the same time, being completely unaware that many of these products are in the cloud.

It also fails to anticipate one other factor; what will happen the day these measures apply to all cloud-based technology (that day is coming, and in some cases, is already here).  As it stands today, if most attorneys attempted to comply with these security measures, law practice as we know it would grind to a halt.

Better start preparing now…

v-Discovery Insights: #Facebook – An Arm of the #CIA

Well, this is my wrap-up post for 2011.  I'm about halfway through writing my assessment of CalBar's Proposed Formal Opinion Interim No. 10-0003 (Virtual Law Office) and should have it up by early next week.

And no, I'm not finished with my sections of the Calbar book, yet…

I see all of the year-end predictions and top-ten lists out there, but I'm closing out 2011 with this video from The Onion News Network.  I'm laughing, but not too much…

 

Happy New Year!

Case Got Your Tongue? I Plead the Fourth!

MP910220941 If things continue like this, we're not going to know what the 4th Amendment stands for, anymore.  In my neck of the woods, a three-judge panel from the 6th District Court of Appeals for California extended the authority that SCOTUS granted in Diaz.  In People v. Nottoli (H035902) [warning: link opens 38-page pdf], the Court summoned the previous 'container' argument and ruled that during an inventory search incident to a lawful arrest, a cellular device (in this case, a Blackberry) found in a glove compartment was fair game for a warrantless search.

What result if Nottoli had password-protected his device?

While California appears to be loosening 4th Amendment protections further, other jurisdictions are tightening them.  In United States v. Musgrove, 2011 WL 4356521 (E.D.Wis. 2011) (Joseph, M.J.), the mere movement of a mouse/touching of a keyboard was enough to trigger an illegal search ruling.  How?  Defendant's PC's screen-saver was enabled.  Nothing was visible to officers who responded to D's home to investigate the possibility of criminal behavior.  By either touching the mouse or keyboard, an officer brought the device out of screen-saver mode, revealing a Facebook wall containing incriminating evidence, resulting in D's arrest.

Citing the 'Plain View' exception, the Court reasoned that, had the Facebook wall been visible, no violation would have occurred.  However, once the officer manipulated the mouse or keyboard to reveal the page, this constituted an illegal search.

What result if Musgrove had password-protected his device?

The dichotomy between these two cases is that the former was a search incident to a lawful arrest and the latter was a search resulting in a lawful arrest (according to facts, I'm giving the officers the benefit of the doubt because only the search was ruled unlawful, not the arrest – yet).

Why does this interest me?  Anyone who has used a Blackberry knows that, under normal circumstances, the device goes into sleep mode and one must manipulate a key, the trackball or the trackpad to bring it out of that mode.

I suspect that plenty more fact-specific arguments are on the horizon…